6 files changed, 190 insertions, 77 deletions

diff --git a/pkg/adapter/client.go b/pkg/adapter/client.go
index 01914834f..69aa3220a 100644
--- a/pkg/adapter/client.go
+++ b/pkg/adapter/client.go
@@ -6,42 +6,52 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/containers/libpod/cmd/podman/remoteclientconfig"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/varlink/go/varlink"
 )
 
 var remoteEndpoint *Endpoint
 
 func (r RemoteRuntime) RemoteEndpoint() (remoteEndpoint *Endpoint, err error) {
-	if remoteEndpoint == nil {
-		remoteEndpoint = &Endpoint{Unknown, ""}
-	} else {
-		return remoteEndpoint, nil
-	}
+	remoteConfigConnections, _ := remoteclientconfig.ReadRemoteConfig(r.config)
 
-	// I'm leaving this here for now as a document of the birdge format.  It can be removed later once the bridge
-	// function is more flushed out.
-	// bridge := `ssh -T root@192.168.122.1 "/usr/bin/varlink -A '/usr/bin/podman varlink \$VARLINK_ADDRESS' bridge"`
-	if len(r.cmd.RemoteHost) > 0 {
-		// The user has provided a remote host endpoint
+	// If the user defines an env variable for podman_varlink_bridge
+	// we use that as passed.
+	if bridge := os.Getenv("PODMAN_VARLINK_BRIDGE"); bridge != "" {
+		logrus.Debug("creating a varlink bridge based on env variable")
+		remoteEndpoint, err = newBridgeConnection(bridge, nil, r.cmd.LogLevel)
+		// if an environment variable for podman_varlink_address is defined,
+		// we used that as passed
+	} else if address := os.Getenv("PODMAN_VARLINK_ADDRESS"); address != "" {
+		logrus.Debug("creating a varlink address based on env variable: %s", address)
+		remoteEndpoint, err = newSocketConnection(address)
+		//	if the user provides a remote host, we use it to configure a bridge connection
+	} else if len(r.cmd.RemoteHost) > 0 {
+		logrus.Debug("creating a varlink bridge based on user input")
 		if len(r.cmd.RemoteUserName) < 1 {
 			return nil, errors.New("you must provide a username when providing a remote host name")
 		}
-		remoteEndpoint.Type = BridgeConnection
-		remoteEndpoint.Connection = fmt.Sprintf(
-			`ssh -T %s@%s /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`,
-			r.cmd.RemoteUserName, r.cmd.RemoteHost, r.cmd.LogLevel)
-
-	} else if bridge := os.Getenv("PODMAN_VARLINK_BRIDGE"); bridge != "" {
-		remoteEndpoint.Type = BridgeConnection
-		remoteEndpoint.Connection = bridge
-	} else {
-		address := os.Getenv("PODMAN_VARLINK_ADDRESS")
-		if address == "" {
-			address = DefaultAddress
+		rc := remoteclientconfig.RemoteConnection{r.cmd.RemoteHost, r.cmd.RemoteUserName, false}
+		remoteEndpoint, err = newBridgeConnection("", &rc, r.cmd.LogLevel)
+		//  if the user has a config file with connections in it
+	} else if len(remoteConfigConnections.Connections) > 0 {
+		logrus.Debug("creating a varlink bridge based configuration file")
+		var rc *remoteclientconfig.RemoteConnection
+		if len(r.cmd.ConnectionName) > 0 {
+			rc, err = remoteConfigConnections.GetRemoteConnection(r.cmd.ConnectionName)
+		} else {
+			rc, err = remoteConfigConnections.GetDefault()
+		}
+		if err != nil {
+			return nil, err
 		}
-		remoteEndpoint.Type = DirectConnection
-		remoteEndpoint.Connection = address
+		remoteEndpoint, err = newBridgeConnection("", rc, r.cmd.LogLevel)
+		//	last resort is to make a socket connection with the default varlink address for root user
+	} else {
+		logrus.Debug("creating a varlink address based default root address")
+		remoteEndpoint, err = newSocketConnection(DefaultAddress)
 	}
 	return
 }
@@ -72,3 +82,12 @@ func (r RemoteRuntime) RefreshConnection() error {
 	r.Conn = newConn
 	return nil
 }
+
+// newSocketConnection returns an endpoint for a uds based connection
+func newSocketConnection(address string) (*Endpoint, error) {
+	endpoint := Endpoint{
+		Type:       DirectConnection,
+		Connection: address,
+	}
+	return &endpoint, nil
+}
diff --git a/pkg/adapter/client_unix.go b/pkg/adapter/client_unix.go
new file mode 100644
index 000000000..e0406567c
--- /dev/null
+++ b/pkg/adapter/client_unix.go
@@ -0,0 +1,30 @@
+// +build linux darwin
+// +build remoteclient
+
+package adapter
+
+import (
+	"fmt"
+
+	"github.com/containers/libpod/cmd/podman/remoteclientconfig"
+	"github.com/pkg/errors"
+)
+
+// newBridgeConnection creates a bridge type endpoint with username, destination, and log-level
+func newBridgeConnection(formattedBridge string, remoteConn *remoteclientconfig.RemoteConnection, logLevel string) (*Endpoint, error) {
+	endpoint := Endpoint{
+		Type: BridgeConnection,
+	}
+
+	if len(formattedBridge) < 1 && remoteConn == nil {
+		return nil, errors.New("bridge connections must either be created by string or remoteconnection")
+	}
+	if len(formattedBridge) > 0 {
+		endpoint.Connection = formattedBridge
+		return &endpoint, nil
+	}
+	endpoint.Connection = fmt.Sprintf(
+		`ssh -T %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`,
+		remoteConn.Username, remoteConn.Destination, logLevel)
+	return &endpoint, nil
+}
diff --git a/pkg/adapter/client_windows.go b/pkg/adapter/client_windows.go
new file mode 100644
index 000000000..088550667
--- /dev/null
+++ b/pkg/adapter/client_windows.go
@@ -0,0 +1,15 @@
+// +build remoteclient
+
+package adapter
+
+import (
+	"github.com/containers/libpod/cmd/podman/remoteclientconfig"
+	"github.com/containers/libpod/libpod"
+)
+
+func newBridgeConnection(formattedBridge string, remoteConn *remoteclientconfig.RemoteConnection, logLevel string) (*Endpoint, error) {
+	// TODO
+	// Unix and Windows appear to quote their ssh implementations differently therefore once we figure out what
+	// windows ssh is doing here, we can then get the format correct.
+	return nil, libpod.ErrNotImplemented
+}
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index e0c0898bd..a1d358f68 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -20,6 +20,7 @@ import (
 	"github.com/containers/image/docker/reference"
 	"github.com/containers/image/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
+	"github.com/containers/libpod/cmd/podman/remoteclientconfig"
 	"github.com/containers/libpod/cmd/podman/varlink"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/events"
@@ -40,6 +41,7 @@ type RemoteRuntime struct {
 	Conn   *varlink.Connection
 	Remote bool
 	cmd    cliconfig.MainFlags
+	config io.Reader
 }
 
 // LocalRuntime describes a typical libpod runtime
@@ -49,10 +51,35 @@ type LocalRuntime struct {
 
 // GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
 func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
+	var (
+		customConfig bool
+		err          error
+		f            *os.File
+	)
 	runtime := RemoteRuntime{
 		Remote: true,
 		cmd:    c.GlobalFlags,
 	}
+	configPath := remoteclientconfig.GetConfigFilePath()
+	if len(c.GlobalFlags.RemoteConfigFilePath) > 0 {
+		configPath = c.GlobalFlags.RemoteConfigFilePath
+		customConfig = true
+	}
+
+	f, err = os.Open(configPath)
+	if err != nil {
+		// If user does not explicitly provide a configuration file path and we cannot
+		// find a default, no error should occur.
+		if os.IsNotExist(err) && !customConfig {
+			logrus.Debugf("unable to load configuration file at %s", configPath)
+			runtime.config = nil
+		} else {
+			return nil, errors.Wrapf(err, "unable to load configuration file at %s", configPath)
+		}
+	} else {
+		// create the io reader for the remote client
+		runtime.config = bufio.NewReader(f)
+	}
 	conn, err := runtime.Connect()
 	if err != nil {
 		return nil, err
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index a2425c83e..eb62d55e9 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -489,6 +489,7 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
   char **argv;
   int pid;
   char *cwd = getcwd (NULL, 0);
+  sigset_t sigset, oldsigset;
 
   if (cwd == NULL)
     {
@@ -522,6 +523,22 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
       return pid;
     }
 
+  if (sigfillset (&sigset) < 0)
+    {
+      fprintf (stderr, "cannot fill sigset: %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+    }
+  if (sigdelset (&sigset, SIGCHLD) < 0)
+    {
+      fprintf (stderr, "cannot sigdelset(SIGCHLD): %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+    }
+  if (sigprocmask (SIG_BLOCK, &sigset, &oldsigset) < 0)
+    {
+      fprintf (stderr, "cannot block signals: %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+    }
+
   setenv ("_CONTAINERS_USERNS_CONFIGURED", "init", 1);
   setenv ("_CONTAINERS_ROOTLESS_UID", uid, 1);
   setenv ("_CONTAINERS_ROOTLESS_GID", gid, 1);
@@ -570,6 +587,11 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
       /* We ignore errors here as we didn't create the namespace anyway.  */
       create_pause_process (pause_pid_file_path, argv);
     }
+  if (sigprocmask (SIG_SETMASK, &oldsigset, NULL) < 0)
+    {
+      fprintf (stderr, "cannot block signals: %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+    }
 
   execvp (argv[0], argv);
 
diff --git a/pkg/varlinkapi/virtwriter/virtwriter.go b/pkg/varlinkapi/virtwriter/virtwriter.go
index 3adaf6e17..e747984c7 100644
--- a/pkg/varlinkapi/virtwriter/virtwriter.go
+++ b/pkg/varlinkapi/virtwriter/virtwriter.go
@@ -91,65 +91,65 @@ func (v VirtWriteCloser) Write(input []byte) (int, error) {
 
 // Reader decodes the content that comes over the wire and directs it to the proper destination.
 func Reader(r *bufio.Reader, output, errput *os.File, input *io.PipeWriter, resize chan remotecommand.TerminalSize) error {
-	var saveb []byte
-	var eom int
+	var messageSize int64
+	headerBytes := make([]byte, 8)
+
 	for {
-		readb := make([]byte, 32*1024)
-		n, err := r.Read(readb)
-		// TODO, later may be worth checking in len of the read is 0
+		n, err := io.ReadFull(r, headerBytes)
 		if err != nil {
 			return err
 		}
-		b := append(saveb, readb[0:n]...)
-		// no sense in reading less than the header len
-		for len(b) > 7 {
-			eom = int(binary.BigEndian.Uint32(b[4:8])) + 8
-			// The message and header are togther
-			if len(b) >= eom {
-				out := append([]byte{}, b[8:eom]...)
-
-				switch IntToSocketDest(int(b[0])) {
-				case ToStdout:
-					n, err := output.Write(out)
-					if err != nil {
-						return err
-					}
-					if n < len(out) {
-						return errors.New("short write error occurred on stdout")
-					}
-				case ToStderr:
-					n, err := errput.Write(out)
-					if err != nil {
-						return err
-					}
-					if n < len(out) {
-						return errors.New("short write error occurred on stderr")
-					}
-				case ToStdin:
-					n, err := input.Write(out)
-					if err != nil {
-						return err
-					}
-					if n < len(out) {
-						return errors.New("short write error occurred on stdin")
-					}
-				case TerminalResize:
-					// Resize events come over in bytes, need to be reserialized
-					resizeEvent := remotecommand.TerminalSize{}
-					if err := json.Unmarshal(out, &resizeEvent); err != nil {
-						return err
-					}
-					resize <- resizeEvent
-				case Quit:
-					return nil
+		if n < 8 {
+			return errors.New("short read and no full header read")
+		}
+
+		messageSize = int64(binary.BigEndian.Uint32(headerBytes[4:8]))
+
+		switch IntToSocketDest(int(headerBytes[0])) {
+		case ToStdout:
+			_, err := io.CopyN(output, r, messageSize)
+			if err != nil {
+				return err
+			}
+		case ToStderr:
+			_, err := io.CopyN(errput, r, messageSize)
+			if err != nil {
+				return err
+			}
+		case ToStdin:
+			_, err := io.CopyN(input, r, messageSize)
+			if err != nil {
+				return err
+			}
+		case TerminalResize:
+			out := make([]byte, messageSize)
+			if messageSize > 0 {
+				_, err = io.ReadFull(r, out)
+
+				if err != nil {
+					return err
 				}
-				b = b[eom:]
-			} else {
-				//	We do not have the header and full message, need to slurp again
-				saveb = b
-				break
 			}
+			// Resize events come over in bytes, need to be reserialized
+			resizeEvent := remotecommand.TerminalSize{}
+			if err := json.Unmarshal(out, &resizeEvent); err != nil {
+				return err
+			}
+			resize <- resizeEvent
+		case Quit:
+			out := make([]byte, messageSize)
+			if messageSize > 0 {
+				_, err = io.ReadFull(r, out)
+
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+
+		default:
+			// Something really went wrong
+			return errors.New("Unknown multiplex destination")
 		}
 	}
-	return nil
 }