From 6dd01698732ff2020d46f390d8693cc48dd64e77 Mon Sep 17 00:00:00 2001 From: epriestley Date: Wed, 19 Dec 2012 11:11:32 -0800 Subject: [PATCH] Fix various issues with SSH receivers Summary: - Original command is in SSH_ORIGINAL_COMMAND, not normal argv. - Use PhutilShellLexer to parse it. - Fix a protocol encoding issue with ConduitSSHWorkflow. I think I'm going to make this protocol accept multiple commands anyway because SSH pipes are crazy expensive to build (even locally, they're ~300ms). Test Plan: With other changes, successfully executed "arc list --conduit-uri=ssh://localhost:2222". Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran Maniphest Tasks: T550 Differential Revision: https://secure.phabricator.com/D4232 --- scripts/ssh/ssh-auth.php | 49 +++++++++++-------- scripts/ssh/ssh-exec.php | 6 ++- .../conduit/ssh/ConduitSSHWorkflow.php | 5 +- 3 files changed, 36 insertions(+), 24 deletions(-) diff --git a/scripts/ssh/ssh-auth.php b/scripts/ssh/ssh-auth.php index b1fdb246aa..96e6ef389b 100755 --- a/scripts/ssh/ssh-auth.php +++ b/scripts/ssh/ssh-auth.php @@ -6,29 +6,36 @@ require_once $root.'/scripts/__init_script__.php'; $cert = file_get_contents('php://stdin'); -$user = null; -if ($cert) { - $user_dao = new PhabricatorUser(); - $ssh_dao = new PhabricatorUserSSHKey(); - $conn = $user_dao->establishConnection('r'); - - list($type, $body) = array_merge( - explode(' ', $cert), - array('', '')); - - $row = queryfx_one( - $conn, - 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID - WHERE ssh.keyBody = %s AND ssh.keyType = %s', - $user_dao->getTableName(), - $ssh_dao->getTableName(), - $body, - $type); - if ($row) { - $user = idx($row, 'userName'); - } +if (!$cert) { + exit(1); } +$parts = preg_split('/\s+/', $cert); +if (count($parts) < 2) { + exit(1); +} + +list($type, $body) = $parts; + +$user_dao = new PhabricatorUser(); +$ssh_dao = new PhabricatorUserSSHKey(); +$conn_r = $user_dao->establishConnection('r'); + +$row = queryfx_one( + $conn_r, + 'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID + WHERE ssh.keyType = %s AND ssh.keyBody = %s', + $user_dao->getTableName(), + $ssh_dao->getTableName(), + $type, + $body); + +if (!$row) { + exit(1); +} + +$user = idx($row, 'userName'); + if (!$user) { exit(1); } diff --git a/scripts/ssh/ssh-exec.php b/scripts/ssh/ssh-exec.php index 47e35632c2..a9c639f75d 100755 --- a/scripts/ssh/ssh-exec.php +++ b/scripts/ssh/ssh-exec.php @@ -4,6 +4,10 @@ $root = dirname(dirname(dirname(__FILE__))); require_once $root.'/scripts/__init_script__.php'; +$original_command = getenv('SSH_ORIGINAL_COMMAND'); +$original_argv = id(new PhutilShellLexer())->splitArguments($original_command); +$argv = array_merge($argv, $original_argv); + $args = new PhutilArgumentParser($argv); $args->setTagline('receive SSH requests'); $args->setSynopsis(<<getUnconsumedArgumentVector(); if (empty($remain)) { - throw new Exception("No command."); + throw new Exception("No interactive logins."); } else { $command = head($remain); $workflow_names = mpull($workflows, 'getName', 'getName'); diff --git a/src/applications/conduit/ssh/ConduitSSHWorkflow.php b/src/applications/conduit/ssh/ConduitSSHWorkflow.php index a7eb4ba916..79345d683a 100644 --- a/src/applications/conduit/ssh/ConduitSSHWorkflow.php +++ b/src/applications/conduit/ssh/ConduitSSHWorkflow.php @@ -31,9 +31,10 @@ final class ConduitSSHWorkflow extends PhabricatorSSHWorkflow { throw new Exception("Invalid JSON input."); } - $params = $raw_params; + $params = idx($raw_params, 'params', array()); + $params = json_decode($params, true); + $metadata = idx($params, '__conduit__', array()); unset($params['__conduit__']); - $metadata = idx($raw_params, '__conduit__', array()); $call = null; $error_code = null;