Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix various issues with SSH receivers

Summary:
  - Original command is in SSH_ORIGINAL_COMMAND, not normal argv.
  - Use PhutilShellLexer to parse it.
  - Fix a protocol encoding issue with ConduitSSHWorkflow. I think I'm going to make this protocol accept multiple commands anyway because SSH pipes are crazy expensive to build (even locally, they're ~300ms).

Test Plan: With other changes, successfully executed "arc list --conduit-uri=ssh://localhost:2222".

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T550

Differential Revision: https://secure.phabricator.com/D4232
  • Loading branch information...
commit 6dd01698732ff2020d46f390d8693cc48dd64e77 1 parent e788989
@epriestley epriestley authored
View
49 scripts/ssh/ssh-auth.php
@@ -6,29 +6,36 @@
$cert = file_get_contents('php://stdin');
-$user = null;
-if ($cert) {
- $user_dao = new PhabricatorUser();
- $ssh_dao = new PhabricatorUserSSHKey();
- $conn = $user_dao->establishConnection('r');
-
- list($type, $body) = array_merge(
- explode(' ', $cert),
- array('', ''));
-
- $row = queryfx_one(
- $conn,
- 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
- WHERE ssh.keyBody = %s AND ssh.keyType = %s',
- $user_dao->getTableName(),
- $ssh_dao->getTableName(),
- $body,
- $type);
- if ($row) {
- $user = idx($row, 'userName');
- }
+if (!$cert) {
+ exit(1);
+}
+
+$parts = preg_split('/\s+/', $cert);
+if (count($parts) < 2) {
+ exit(1);
}
+list($type, $body) = $parts;
+
+$user_dao = new PhabricatorUser();
+$ssh_dao = new PhabricatorUserSSHKey();
+$conn_r = $user_dao->establishConnection('r');
+
+$row = queryfx_one(
+ $conn_r,
+ 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
+ WHERE ssh.keyType = %s AND ssh.keyBody = %s',
+ $user_dao->getTableName(),
+ $ssh_dao->getTableName(),
+ $type,
+ $body);
+
+if (!$row) {
+ exit(1);
+}
+
+$user = idx($row, 'userName');
+
if (!$user) {
exit(1);
}
View
6 scripts/ssh/ssh-exec.php
@@ -4,6 +4,10 @@
$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';
+$original_command = getenv('SSH_ORIGINAL_COMMAND');
+$original_argv = id(new PhutilShellLexer())->splitArguments($original_command);
+$argv = array_merge($argv, $original_argv);
+
$args = new PhutilArgumentParser($argv);
$args->setTagline('receive SSH requests');
$args->setSynopsis(<<<EOSYNOPSIS
@@ -50,7 +54,7 @@
// concise/relevant exceptions when the client is a remote SSH.
$remain = $args->getUnconsumedArgumentVector();
if (empty($remain)) {
- throw new Exception("No command.");
+ throw new Exception("No interactive logins.");
} else {
$command = head($remain);
$workflow_names = mpull($workflows, 'getName', 'getName');
View
5 src/applications/conduit/ssh/ConduitSSHWorkflow.php
@@ -31,9 +31,10 @@ public function execute(PhutilArgumentParser $args) {
throw new Exception("Invalid JSON input.");
}
- $params = $raw_params;
+ $params = idx($raw_params, 'params', array());
+ $params = json_decode($params, true);
+ $metadata = idx($params, '__conduit__', array());
unset($params['__conduit__']);
- $metadata = idx($raw_params, '__conduit__', array());
$call = null;
$error_code = null;
Please sign in to comment.
Something went wrong with that request. Please try again.