mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 14:52:41 +01:00
Fix various issues with SSH receivers
Summary: - Original command is in SSH_ORIGINAL_COMMAND, not normal argv. - Use PhutilShellLexer to parse it. - Fix a protocol encoding issue with ConduitSSHWorkflow. I think I'm going to make this protocol accept multiple commands anyway because SSH pipes are crazy expensive to build (even locally, they're ~300ms). Test Plan: With other changes, successfully executed "arc list --conduit-uri=ssh://localhost:2222". Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran Maniphest Tasks: T550 Differential Revision: https://secure.phabricator.com/D4232
This commit is contained in:
parent
e78898970a
commit
6dd0169873
3 changed files with 36 additions and 24 deletions
|
@ -6,29 +6,36 @@ require_once $root.'/scripts/__init_script__.php';
|
|||
|
||||
$cert = file_get_contents('php://stdin');
|
||||
|
||||
$user = null;
|
||||
if ($cert) {
|
||||
$user_dao = new PhabricatorUser();
|
||||
$ssh_dao = new PhabricatorUserSSHKey();
|
||||
$conn = $user_dao->establishConnection('r');
|
||||
|
||||
list($type, $body) = array_merge(
|
||||
explode(' ', $cert),
|
||||
array('', ''));
|
||||
|
||||
$row = queryfx_one(
|
||||
$conn,
|
||||
'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
|
||||
WHERE ssh.keyBody = %s AND ssh.keyType = %s',
|
||||
$user_dao->getTableName(),
|
||||
$ssh_dao->getTableName(),
|
||||
$body,
|
||||
$type);
|
||||
if ($row) {
|
||||
$user = idx($row, 'userName');
|
||||
}
|
||||
if (!$cert) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$parts = preg_split('/\s+/', $cert);
|
||||
if (count($parts) < 2) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
list($type, $body) = $parts;
|
||||
|
||||
$user_dao = new PhabricatorUser();
|
||||
$ssh_dao = new PhabricatorUserSSHKey();
|
||||
$conn_r = $user_dao->establishConnection('r');
|
||||
|
||||
$row = queryfx_one(
|
||||
$conn_r,
|
||||
'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID
|
||||
WHERE ssh.keyType = %s AND ssh.keyBody = %s',
|
||||
$user_dao->getTableName(),
|
||||
$ssh_dao->getTableName(),
|
||||
$type,
|
||||
$body);
|
||||
|
||||
if (!$row) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$user = idx($row, 'userName');
|
||||
|
||||
if (!$user) {
|
||||
exit(1);
|
||||
}
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
$root = dirname(dirname(dirname(__FILE__)));
|
||||
require_once $root.'/scripts/__init_script__.php';
|
||||
|
||||
$original_command = getenv('SSH_ORIGINAL_COMMAND');
|
||||
$original_argv = id(new PhutilShellLexer())->splitArguments($original_command);
|
||||
$argv = array_merge($argv, $original_argv);
|
||||
|
||||
$args = new PhutilArgumentParser($argv);
|
||||
$args->setTagline('receive SSH requests');
|
||||
$args->setSynopsis(<<<EOSYNOPSIS
|
||||
|
@ -50,7 +54,7 @@ try {
|
|||
// concise/relevant exceptions when the client is a remote SSH.
|
||||
$remain = $args->getUnconsumedArgumentVector();
|
||||
if (empty($remain)) {
|
||||
throw new Exception("No command.");
|
||||
throw new Exception("No interactive logins.");
|
||||
} else {
|
||||
$command = head($remain);
|
||||
$workflow_names = mpull($workflows, 'getName', 'getName');
|
||||
|
|
|
@ -31,9 +31,10 @@ final class ConduitSSHWorkflow extends PhabricatorSSHWorkflow {
|
|||
throw new Exception("Invalid JSON input.");
|
||||
}
|
||||
|
||||
$params = $raw_params;
|
||||
$params = idx($raw_params, 'params', array());
|
||||
$params = json_decode($params, true);
|
||||
$metadata = idx($params, '__conduit__', array());
|
||||
unset($params['__conduit__']);
|
||||
$metadata = idx($raw_params, '__conduit__', array());
|
||||
|
||||
$call = null;
|
||||
$error_code = null;
|
||||
|
|
Loading…
Reference in a new issue