Merge pull request #13 from FortnoxAB/bugfix/multiple-stuff

Fix multiple stuff

Author: jonaz

pkg/admin/bootstrap.go

@@ -61,7 +61,6 @@ func (a *Admin) Bootstrap(ctx context.Context, hosts []string) error {
 		if err != nil {
 			return err
 		}
-
 	}
 	return nil
 }
@@ -125,14 +124,15 @@ func runOverSSH(ctx context.Context, client *ssh.Client, cmd string) error {
 	}
 	// session.Stdout = os.Stdout
 	defer session.Close()
-	buf := &bytes.Buffer{}
-	buf2 := &bytes.Buffer{}
-	session.Stdout = buf
-	session.Stderr = buf2
+	// buf := &bytes.Buffer{} // TODO do we want io.MultiWriter aswell?
+	// buf2 := &bytes.Buffer{}
+	session.Stdout = os.Stdout
+	session.Stderr = os.Stderr
 	session.Stdin = os.Stdin
 	err = session.Start(cmd)
 	if err != nil {
-		return fmt.Errorf("%w stdout: %s stderr: %s", err, buf.String(), buf2.String())
+		return fmt.Errorf("ssh: error running command %s error: %w", cmd, err)
+		// return fmt.Errorf("%w stdout: %s stderr: %s", err, buf.String(), buf2.String())
 	}
 
 	exit := make(chan struct{}, 1)
@@ -144,7 +144,7 @@ func runOverSSH(ctx context.Context, client *ssh.Client, cmd string) error {
 		select {
 		case <-ctx.Done():
 			if ctx.Err() != nil {
-				fmt.Println("stdout", buf.String(), "stderr", buf2.String())
+				// fmt.Println("stdout", buf.String(), "stderr", buf2.String())
 				session.Signal(ssh.SIGINT)
 				session.Close()
 			}
@@ -154,7 +154,8 @@ func runOverSSH(ctx context.Context, client *ssh.Client, cmd string) error {
 
 	err = session.Wait()
 	if err != nil {
-		return fmt.Errorf("%w stdout: %s stderr: %s", err, buf.String(), buf2.String())
+		// return fmt.Errorf("%w stdout: %s stderr: %s", err, buf.String(), buf2.String())
+		return fmt.Errorf("ssh: error waiting for command %s error: %w", cmd, err)
 	}
 
 	return nil

pkg/agent/agent.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -130,13 +131,24 @@ func (a *Agent) run(pCtx context.Context) error {
 			if err != nil {
 				logrus.Error(err)
 				cancel()
+				time.Sleep(1 * time.Second)
 				continue
 			}
 
 			err = a.client.ConnectContext(ctx, u, headers)
 			if err != nil {
 				logrus.Error(err)
 				cancel()
+
+				if errors.Is(err, websocket.ErrUnauthorized) {
+					logrus.Errorf("error asdf")
+
+					// remove token in runtime if we get auth error. Then the machine will have to be accepted again.
+					a.mutex.Lock()
+					a.config.Token = ""
+					a.mutex.Unlock()
+				}
+				time.Sleep(1 * time.Second)
 				continue
 			}
 

pkg/agent/reconciliation/files.go

@@ -62,14 +62,14 @@ func assertSameOwner(file os.FileInfo, fileSpec *types.File) (bool, error) {
 	if fileSpec.User == "" && fileSpec.Group == "" {
 		return false, nil
 	}
-	var fileUid string
-	var fileGid string
+	var existingFileUid int
+	var existingFileGid int
 	stat, ok := file.Sys().(*syscall.Stat_t)
 	if !ok {
 		return false, fmt.Errorf("not syscall.Stat_t")
 	}
-	fileUid = strconv.Itoa(int(stat.Uid))
-	fileGid = strconv.Itoa(int(stat.Gid))
+	existingFileUid = (int(stat.Uid))
+	existingFileGid = (int(stat.Gid))
 	u, err := user.Lookup(fileSpec.User)
 	if err != nil {
 		return false, err
@@ -79,11 +79,14 @@ func assertSameOwner(file os.FileInfo, fileSpec *types.File) (bool, error) {
 		return false, err
 	}
 
-	if fileUid == u.Uid && fileGid == g.Gid {
+	newUid, _ := strconv.Atoi(u.Uid)
+	newGid, _ := strconv.Atoi(g.Gid)
+
+	if existingFileUid == newUid && existingFileGid == newGid {
 		return false, nil
 	}
 
-	return true, os.Chown(file.Name(), int(stat.Uid), int(stat.Gid))
+	return true, os.Chown(fileSpec.Path, newUid, newGid)
 }
 func chown(file *os.File, userName, group string) error {
 	if userName == "" && group == "" {

pkg/api/v1/types/types.go

@@ -105,7 +105,7 @@ type File struct {
 
 func (f File) FileMode() (os.FileMode, error) {
 	if f.Mode == "" {
-		return os.FileMode(0700), nil // default to this
+		return os.FileMode(0600), nil // default to this
 	}
 	u, err := strconv.ParseUint(f.Mode, 8, 32)
 	return os.FileMode(u), err

pkg/master/webserver/webserver.go

@@ -179,6 +179,12 @@ func (ws *Webserver) approveMachine(c *gin.Context) error {
 func (ws *Webserver) listPendingMachines(c *gin.Context) error {
 	t := `<!DOCTYPE html>
 <html lang="en">
+<head>
+	<style>
+		td {padding-right: 25px;}
+		tr {text-align: left;}
+	</style>
+</head>
 <body>
 <script>
 const acceptHost = (hostname) =>  {
@@ -290,7 +296,7 @@ func (ws *Webserver) hostList() (map[string]*host, error) {
 
 func (ws *Webserver) initWS(router *gin.Engine) {
 	router.GET("/api/websocket-v1", func(c *gin.Context) {
-		keys := make(map[string]interface{})
+		keys := make(map[string]any)
 		keys["allowed"] = false
 		keys["admin"] = false
 		keys["ip"] = c.ClientIP()

pkg/websocket/websocketclient.go

@@ -91,20 +91,35 @@ func (ws *websocketClient) getOnConnect() func() {
 	return ws.onConnect
 }
 
+var ErrUnauthorized = fmt.Errorf("websocket: error status 401 Unauthorized")
+
 func (ws *websocketClient) ConnectContext(ctx context.Context, addr string, headers http.Header) error {
 	var err error
 	var c *websocket.Conn
+	var resp *http.Response
 	logrus.Debugf("websocket: connecting to %s", addr)
 	if ws.tlsClientConfig != nil {
 		dialer := &websocket.Dialer{
 			Proxy:            http.ProxyFromEnvironment,
 			HandshakeTimeout: 10 * time.Second,
 			TLSClientConfig:  ws.tlsClientConfig,
 		}
-		c, _, err = dialer.DialContext(ctx, addr, headers)
+		c, resp, err = dialer.DialContext(ctx, addr, headers)
 	} else {
-		c, _, err = websocket.DefaultDialer.DialContext(ctx, addr, headers)
+		c, resp, err = websocket.DefaultDialer.DialContext(ctx, addr, headers)
+	}
+
+	if resp.StatusCode != 101 {
+
+		if resp.StatusCode == 401 {
+			ws.wasDisconnected(err)
+			return ErrUnauthorized
+		}
+
+		ws.wasDisconnected(err)
+		return fmt.Errorf("websocket: error from server got status code: %d", resp.StatusCode)
 	}
+
 	if err != nil {
 		ws.wasDisconnected(err)
 		return err