New issue
Advanced search Search tips

Issue 776106 link

Starred by 1 user
Status: Fixed
Owner:
vapier@chromium.org
Closed: Dec 28
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

nassh: Cookieless auth for emergency relays

Project Member Reported by varz@google.com, Oct 18 2017 
The new emergency SSH relays use the following procedure for authentication:

 - Send an XHR for <relay>/challenge?u=<username> (returns XSSI-prefixed JSON)
 - Sign the challenge using the SSH Agent (undocumented API, supported only by gnubbyd)
 - Make a websocket request to <relay>/?ssh-fe-challenge=<challenge>&ssh-fe-signature=<signature>&...

There's an additional pair of query parameters currently being added to specify the destination hostname and IP address. I haven't got the names as of yet. b/67952203

In order to make this all work we need to make the username and ssh-agent connection available to the GoogleRelay impl, and vapier@ noted that some currently synchronous code may need to be refactored to be async.

More concrete details coming as I have them.

Comment 1 by vapier@chromium.org, Oct 18 2017

Summary: nassh: Cookieless auth for emergency relays (was: Cookieless auth for emergency relays)
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 25 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/14103fb1494844a81556116a0fe42ee6c9ebeb22

commit 14103fb1494844a81556116a0fe42ee6c9ebeb22
Author: Mike Frysinger <vapier@chromium.org>
Date: Wed Jul 25 05:12:00 2018

nassh: make connectToArgString fully async

The connectToArgString function is a mix of async and sync exit logic.
For errors that be diagnosed immediately, we return false directly and
let the caller exit.  For all other errors, the failing code will exit
itself.  This causes a mix of UI error paths for the user.

It can call 4 funcs: mountProfile, connectToProfile, mountDestination,
and connectToDestination.  The first two always return true.  The other
two return false only if the destination fails to parse.  Once we push
that check down, they too always return true.

Once we remove all the true return code paths, it allows us to simplify
the callers and make it so we get consistent behavior regardless of why
the sub-command failed.  It also gives us a bit more flexibility with
these functions to add more async behavior.  We aren't doing that here,
but we probably need to for some relay changes.

Bug:  776106 
Change-Id: I9eece4b50fed76da1b3919b45b86b549131b9a65
Reviewed-on: https://chromium-review.googlesource.com/1137976
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/14103fb1494844a81556116a0fe42ee6c9ebeb22/nassh/js/nassh_command_instance.js
[modify] https://crrev.com/14103fb1494844a81556116a0fe42ee6c9ebeb22/nassh/js/nassh_sftp_fsp.js
Project Member

Comment 3 by bugdroid1@chromium.org, Dec 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/59874f5acc1967039d2eb98d49916e582329d4b7

commit 59874f5acc1967039d2eb98d49916e582329d4b7
Author: Mike Frysinger <vapier@chromium.org>
Date: Tue Dec 04 07:03:28 2018

nassh: rename relay-options to nassh-options

The relay options field was expanded long ago to contain general
nassh options beyond just relay settings.  Rename the field to
match the current reality.

We add some migration logic to deal with renaming relay-options
in existing user profiles to the new nassh-options.

Bug:  776106 
Change-Id: Ic351e4674b2ad3af75eaf938b08024b49e9cf34a
Reviewed-on: https://chromium-review.googlesource.com/c/1352931
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/js/nassh_connect_dialog.js
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/de/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/uk/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/js/nassh_preference_manager.js
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/id/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/sv/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/sl/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ca/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/es/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/hr/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/sw/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/fr/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ta/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/lv/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/mr/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/js/nassh_command_instance.js
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/am/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/pl/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/zh_TW/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/gu/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/fi/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ja/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/en/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/no/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/es_419/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ar/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/th/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ru/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/tr/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ml/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/html/nassh_connect_dialog.html
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ms/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/sr/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/zh_CN/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/lt/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/kn/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ro/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/bn/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/fa/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/he/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/it/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/bg/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/nl/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/vi/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/ko/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/en_GB/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/pt_PT/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/et/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/hu/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/js/nassh_command_instance_tests.js
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/hi/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/el/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/sk/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/te/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/fil/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/da/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/cs/messages.json
[modify] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/_locales/pt_BR/messages.json
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/c2b4786a46aae4285cd852118aae43c009554b2c

commit c2b4786a46aae4285cd852118aae43c009554b2c
Author: Mike Frysinger <vapier@chromium.org>
Date: Tue Dec 04 07:03:40 2018

nassh: rip option parsing out of nassh.GoogleRelay

This has been a long standing TODO -- the relay-options field started
out as just relay options, but then it grew more things unrelated to
relays, but we never ripped the logic out of the relay object.  Do it
now in preparation for adding even more logic unrelated to relays.

This largely just moves it out of nassh.GoogleRelay and to the common
nassh.CommandInstance code, but we also drop the "known options" check
and let the higher levels blindly tokenize everything.  This makes it
easier to pass relay-specific options down without having the higher
levels care.  We still do validation in the html code, so this ends up
being a bit redundant.

Bug:  776106 
Change-Id: Ibb5c90b1bb13589d4a2d53f61b787dd168b26910
Reviewed-on: https://chromium-review.googlesource.com/c/1352932
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/c2b4786a46aae4285cd852118aae43c009554b2c/nassh/html/nassh_test.html
[modify] https://crrev.com/c2b4786a46aae4285cd852118aae43c009554b2c/nassh/js/nassh_command_instance_tests.js
[modify] https://crrev.com/c2b4786a46aae4285cd852118aae43c009554b2c/nassh/js/nassh_command_instance.js
[modify] https://crrev.com/c2b4786a46aae4285cd852118aae43c009554b2c/nassh/js/nassh_google_relay.js
[delete] https://crrev.com/59874f5acc1967039d2eb98d49916e582329d4b7/nassh/js/nassh_google_relay_tests.js
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 12 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/f498a981730baa1a2c46a57dd91dc4a05b02cca3

commit f498a981730baa1a2c46a57dd91dc4a05b02cca3
Author: Mike Frysinger <vapier@chromium.org>
Date: Wed Dec 12 21:09:07 2018

nassh: unify duplicate base64url handling

We had two independent implementations of base64<->base64url
converters.  Unify them in a single place and add some tests.

Bug:  776106 
Change-Id: I2b60eeacb105d9e1b2f16dd0d3d7e55c02e1cf95
Reviewed-on: https://chromium-review.googlesource.com/c/1372775
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/f498a981730baa1a2c46a57dd91dc4a05b02cca3/nassh/js/nassh_tests.js
[modify] https://crrev.com/f498a981730baa1a2c46a57dd91dc4a05b02cca3/nassh/js/nassh_stream_google_relay.js
[modify] https://crrev.com/f498a981730baa1a2c46a57dd91dc4a05b02cca3/nassh/html/nassh_google_relay.html
[modify] https://crrev.com/f498a981730baa1a2c46a57dd91dc4a05b02cca3/nassh/js/nassh.js
[modify] https://crrev.com/f498a981730baa1a2c46a57dd91dc4a05b02cca3/nassh/js/nassh_google_relay_html.js
Project Member

Comment 6 by bugdroid1@chromium.org, Dec 15 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/bb0091f3fe01ecd80716cde9dc3ba5a8a5c804a8

commit bb0091f3fe01ecd80716cde9dc3ba5a8a5c804a8
Author: Mike Frysinger <vapier@chromium.org>
Date: Sat Dec 15 19:27:02 2018

nassh: GoogleRelayWS: use DataView to get/set uint32 length

Should be slightly faster.  It's certainly cleaner looking.
It also fixes a minor error where we tested a uint32 as if
it were an int32.

Bug:  776106 
Change-Id: Ie28e3150a1927359357cf425dc582e15d52b9925
Reviewed-on: https://chromium-review.googlesource.com/c/1375380
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>

[modify] https://crrev.com/bb0091f3fe01ecd80716cde9dc3ba5a8a5c804a8/nassh/js/nassh_stream_google_relay.js
Project Member

Comment 7 by bugdroid1@chromium.org, Dec 24 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/4ac92e61cb9764b936569e0b9afb0b802c2aca0b

commit 4ac92e61cb9764b936569e0b9afb0b802c2aca0b
Author: Mike Frysinger <vapier@chromium.org>
Date: Mon Dec 24 07:18:27 2018

nassh: document the current relay server protocol properly

The docs in the nassh_google_relay.js file are a bit outdated and
under-specifies the protocol we use.  Pull that text out into a new
document and fully expand it to cover everything we have today.

Bug:  776106 
Change-Id: Ic6667524d2453602a5b3cc095b8a5576ea775964
Reviewed-on: https://chromium-review.googlesource.com/c/1370766
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>

[modify] https://crrev.com/4ac92e61cb9764b936569e0b9afb0b802c2aca0b/nassh/doc/FAQ.md
[add] https://crrev.com/4ac92e61cb9764b936569e0b9afb0b802c2aca0b/nassh/doc/relay-protocol.md
[modify] https://crrev.com/4ac92e61cb9764b936569e0b9afb0b802c2aca0b/nassh/js/nassh_google_relay.js
Project Member

Comment 8 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/5f53328e3fb4be0836d1fbfaf88f5f319e9a0c29

commit 5f53328e3fb4be0836d1fbfaf88f5f319e9a0c29
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:01:20 2018

libdot: codec: new module for binary/UTF8/UTF16 helpers

We have a few helpers for dealing with converting between different
encodings spread across the projects.  Some have better names than
others, and some (like lib.utf8) would be replaced entirely by newer
web standards.

Lets start a new home for all the helpers that'd still exist when
we drop lib.utf8, and lets aim for clearer names from the start.

This seeds the module with funcs from nassh.Stream.  We leave the
base64 logic in nassh.Stream as that largely exists only for the JS
and ppapi plugin to communicate, and ideally we'll convert all of
that to arrays at some point.

Bug:  776106 
Change-Id: I8f16cdf4c79e18a48b21cb3d95d978c8ba0296c5
Reviewed-on: https://chromium-review.googlesource.com/c/1391808
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/5f53328e3fb4be0836d1fbfaf88f5f319e9a0c29/libdot/js/lib_codec_tests.js
[modify] https://crrev.com/5f53328e3fb4be0836d1fbfaf88f5f319e9a0c29/libdot/html/lib_test.html
[add] https://crrev.com/5f53328e3fb4be0836d1fbfaf88f5f319e9a0c29/libdot/js/lib_codec.js
Project Member

Comment 9 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/c12bb7a9c4a28fc25e4389b8693291ece96f9d16

commit c12bb7a9c4a28fc25e4389b8693291ece96f9d16
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:01:21 2018

nassh: switch to new lib.codec module

We can simplify the nassh.Stream implementation.

Bug:  776106 
Change-Id: Ib3b02f5ac42ec05088e39bd1612a9d896efa63c2
Reviewed-on: https://chromium-review.googlesource.com/c/1391809
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/c12bb7a9c4a28fc25e4389b8693291ece96f9d16/nassh/js/nassh_stream.js
[modify] https://crrev.com/c12bb7a9c4a28fc25e4389b8693291ece96f9d16/nassh/concat/nassh_deps.concat
Project Member

Comment 10 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/677f99c02880bb8bde260baf869ed605fd357146

commit 677f99c02880bb8bde260baf869ed605fd357146
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:01:35 2018

libdot: speed up codec helpers

Annoyingly, using the Array builtins, while more succinct, are not
actually faster than doing the string walk logic ourselves.  String
concatenation vs Array.join appears to be a known thing across the
internet, although I couldn't find Array.split threads.

This also has the advantage of not requiring the input to be of an
Array type exactly.  They now work on typed arrays too.

Bug:  776106 
Url: https://stackoverflow.com/questions/7299010
Change-Id: I2d0cd44020f76a4b1c64a7cc4fa51f1e396fc50a
Reviewed-on: https://chromium-review.googlesource.com/c/1391810
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/677f99c02880bb8bde260baf869ed605fd357146/libdot/js/lib_codec_tests.js
[modify] https://crrev.com/677f99c02880bb8bde260baf869ed605fd357146/libdot/js/lib_codec.js
Project Member

Comment 11 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/8d99036326d0b50e9d0a4b5c03f2bbf5dce73aae

commit 8d99036326d0b50e9d0a4b5c03f2bbf5dce73aae
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:02:31 2018

nassh: split connectTo up a bit

The top half of the func handles option parsing and some connection
sanity checks, as well as processing relay options.  The bottom half
is called once the relay setup has completed.  This allows us to more
cleanly integrate different relay systems.

Bug:  776106 
Change-Id: Ib775e9500cc1416b26cb28942e37ea6e24796328
Reviewed-on: https://chromium-review.googlesource.com/c/1390222
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/8d99036326d0b50e9d0a4b5c03f2bbf5dce73aae/nassh/js/nassh_command_instance.js
Project Member

Comment 12 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/b809f132cebf7ee28da28361ed10de9b00947721

commit b809f132cebf7ee28da28361ed10de9b00947721
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:20:24 2018

nassh: add a --proxy-mode option

This allows for selecting different proxy/relay backends so we can
support multiple versions simultaneously.

We don't adapt the ssh:// URI format yet, so any proxy settings set
there still only go to the existing format.

Bug:  776106 
Change-Id: I0b431a275a66c77d4d4b05681442b4f1f40452a5
Reviewed-on: https://chromium-review.googlesource.com/c/1390223
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>

[modify] https://crrev.com/b809f132cebf7ee28da28361ed10de9b00947721/nassh/js/nassh_command_instance.js
[modify] https://crrev.com/b809f132cebf7ee28da28361ed10de9b00947721/nassh/html/nassh_connect_dialog.html
[modify] https://crrev.com/b809f132cebf7ee28da28361ed10de9b00947721/nassh/doc/relay-protocol.md
[modify] https://crrev.com/b809f132cebf7ee28da28361ed10de9b00947721/nassh/doc/options.md
Project Member

Comment 13 by bugdroid1@chromium.org, Dec 27 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/12ba86e46dfd8f4692287a8013d19e1811656dac

commit 12ba86e46dfd8f4692287a8013d19e1811656dac
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Dec 27 23:21:24 2018

nassh: streams: stop passing stream to onOpen callback

Every onOpen callback only checks for the success status.  None of
them expect another argument like the stream object.  Drop it here
to stop confusing the API.

Bug:  776106 
Change-Id: Ie4079eb448a17e67a733ff39fe595d86486efb1b
Reviewed-on: https://chromium-review.googlesource.com/c/1390224
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>
Tested-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/12ba86e46dfd8f4692287a8013d19e1811656dac/nassh/js/nassh_stream_set.js
Project Member

Comment 15 by bugdroid1@chromium.org, Dec 28 

The following revision refers to this bug:
  https://chromium.googlesource.com/apps/libapps/+/134f910ed066c8e88b4f5446e79d3f418ff3dd5d

commit 134f910ed066c8e88b4f5446e79d3f418ff3dd5d
Author: Mike Frysinger <vapier@chromium.org>
Date: Fri Dec 28 19:25:23 2018

nassh: add SSH-FE relay support

This is a bit rough, but largely works.

The nassh.Agent logic needs reworking, but that module needs a lot of
rework to better use typed arrays, so we won't get into that here.

Documentation is missing, but we'll add that once things settle.

The ssh key selection relies upon Google-specific agent messages which
means it's limited to gnubbies currently which is unfortunate.

The ACK protocol is an artifact of the frontend proxies, and is the
same as implemented in nassh_stream_google_relay.js, although the
implementations are independent currently.  It'd be nice to unify
them somehow.

Along those lines, we don't support connection resumption.  But the
current SSH-FE servers don't either, so it's not like we've lost any
functionality.

Bug:  776106 
Change-Id: Ifc74e3ce4f1d3636b55dfb9a7d2d8468cde20997
Reviewed-on: https://chromium-review.googlesource.com/c/1390226
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Vitaliy Shipitsyn <vsh@google.com>

[add] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/js/nassh_stream_relay_sshfe.js
[add] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/js/nassh_relay_sshfe.js
[modify] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/html/nassh.html
[modify] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/doc/options.md
[modify] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/doc/relay-protocol.md
[add] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/js/nassh_relay.js
[modify] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/js/nassh_command_instance.js
[modify] https://crrev.com/134f910ed066c8e88b4f5446e79d3f418ff3dd5d/nassh/js/nassh_agent_message_types.js

Comment 16 by vapier@chromium.org, Dec 28

Labels: -Restrict-View-Google
Owner: vapier@chromium.org
Status: Fixed (was: Available)
should be in the 0.11 release

Sign in to add a comment