Fix various issues with SSH receivers
Summary: - Original command is in SSH_ORIGINAL_COMMAND, not normal argv. - Use PhutilShellLexer to parse it. - Fix a protocol encoding issue with ConduitSSHWorkflow. I think I'm going to make this protocol accept multiple commands anyway because SSH pipes are crazy expensive to build (even locally, they're ~300ms). Test Plan: With other changes, successfully executed "arc list --conduit-uri=ssh://localhost:2222". Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran Maniphest Tasks: T550 Differential Revision: https://secure.phabricator.com/D4232
This commit is contained in:
		| @@ -6,29 +6,36 @@ require_once $root.'/scripts/__init_script__.php'; | ||||
|  | ||||
| $cert = file_get_contents('php://stdin'); | ||||
|  | ||||
| $user = null; | ||||
| if ($cert) { | ||||
|   $user_dao = new PhabricatorUser(); | ||||
|   $ssh_dao = new PhabricatorUserSSHKey(); | ||||
|   $conn = $user_dao->establishConnection('r'); | ||||
| if (!$cert) { | ||||
|   exit(1); | ||||
| } | ||||
|  | ||||
|   list($type, $body) = array_merge( | ||||
|     explode(' ', $cert), | ||||
|     array('', '')); | ||||
| $parts = preg_split('/\s+/', $cert); | ||||
| if (count($parts) < 2) { | ||||
|   exit(1); | ||||
| } | ||||
|  | ||||
|   $row = queryfx_one( | ||||
|     $conn, | ||||
| list($type, $body) = $parts; | ||||
|  | ||||
| $user_dao = new PhabricatorUser(); | ||||
| $ssh_dao = new PhabricatorUserSSHKey(); | ||||
| $conn_r = $user_dao->establishConnection('r'); | ||||
|  | ||||
| $row = queryfx_one( | ||||
|   $conn_r, | ||||
|   'SELECT userName FROM %T u JOIN %T ssh ON u.phid = ssh.userPHID | ||||
|       WHERE ssh.keyBody = %s AND ssh.keyType = %s', | ||||
|     WHERE ssh.keyType = %s AND ssh.keyBody = %s', | ||||
|   $user_dao->getTableName(), | ||||
|   $ssh_dao->getTableName(), | ||||
|     $body, | ||||
|     $type); | ||||
|   if ($row) { | ||||
|     $user = idx($row, 'userName'); | ||||
|   } | ||||
|   $type, | ||||
|   $body); | ||||
|  | ||||
| if (!$row) { | ||||
|   exit(1); | ||||
| } | ||||
|  | ||||
| $user = idx($row, 'userName'); | ||||
|  | ||||
| if (!$user) { | ||||
|   exit(1); | ||||
| } | ||||
|   | ||||
| @@ -4,6 +4,10 @@ | ||||
| $root = dirname(dirname(dirname(__FILE__))); | ||||
| require_once $root.'/scripts/__init_script__.php'; | ||||
|  | ||||
| $original_command = getenv('SSH_ORIGINAL_COMMAND'); | ||||
| $original_argv = id(new PhutilShellLexer())->splitArguments($original_command); | ||||
| $argv = array_merge($argv, $original_argv); | ||||
|  | ||||
| $args = new PhutilArgumentParser($argv); | ||||
| $args->setTagline('receive SSH requests'); | ||||
| $args->setSynopsis(<<<EOSYNOPSIS | ||||
| @@ -50,7 +54,7 @@ try { | ||||
|   // concise/relevant exceptions when the client is a remote SSH. | ||||
|   $remain = $args->getUnconsumedArgumentVector(); | ||||
|   if (empty($remain)) { | ||||
|     throw new Exception("No command."); | ||||
|     throw new Exception("No interactive logins."); | ||||
|   } else { | ||||
|     $command = head($remain); | ||||
|     $workflow_names = mpull($workflows, 'getName', 'getName'); | ||||
|   | ||||
| @@ -31,9 +31,10 @@ final class ConduitSSHWorkflow extends PhabricatorSSHWorkflow { | ||||
|       throw new Exception("Invalid JSON input."); | ||||
|     } | ||||
|  | ||||
|     $params = $raw_params; | ||||
|     $params = idx($raw_params, 'params', array()); | ||||
|     $params = json_decode($params, true); | ||||
|     $metadata = idx($params, '__conduit__', array()); | ||||
|     unset($params['__conduit__']); | ||||
|     $metadata = idx($raw_params, '__conduit__', array()); | ||||
|  | ||||
|     $call = null; | ||||
|     $error_code = null; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 epriestley
					epriestley