Project

General

Profile

Actions

Bug #10715

closed

escaping ${SSH_ORIGINAL_COMMAND} in GUI - sshKeyDistribution/3.0

Added by Ferenc Ulrich over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
-
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
36
Name check:
Fix check:
Regression:

Description

Hi,

How do i escape string ${SSH_ORIGINAL_COMMAND} in GUI, so that it won't be interpreted as a cf-engine variable?
i tried ${const.dollar}{SSH_ORIGINAL_COMMAND}, \${const.dollar}{SSH_ORIGINAL_COMMAND}, $\{SSH_ORIGINAL_COMMAND}, ${const.dollar}\{SSH_ORIGINAL_COMMAND}.
None of them worked.

Thanks,
Ferenc Ulrich


Related issues 1 (1 open0 closed)

Related to Rudder - Architecture #10747: regextract cannot extract values that contains ${TEXT} if TEXT is not a variableNewActions
Actions #1

Updated by Ferenc Ulrich over 7 years ago

Please handle this issue as a real BUG.

Actions #2

Updated by Vincent MEMBRÉ over 7 years ago

In which field do you want to insert that string ?

Actions #3

Updated by François ARMAND over 7 years ago

To be clearer, we need to better understand what you are trying to do exactly, what you would expect to get (in the generated file), and what you are actually getting.
That would help better understand the problem. Thanks for the help!

Actions #4

Updated by Janos Mattyasovszky over 7 years ago

The usecase is to have options prepended to the authorized_keys, which include shell environment variables, like example:

from="host.fqdn",command="sudo $SSH_ORIGINAL_COMMAND" ssh-rsa.... 

Actions #5

Updated by Ferenc Ulrich over 7 years ago

example:

from="host.fqdn",command="sudo ${SSH_ORIGINAL_COMMAND}" ssh-rsa....

Actions #6

Updated by François ARMAND over 7 years ago

  • Target version set to 3.1.20
  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 36
Actions #7

Updated by Nicolas CHARLES over 7 years ago

  • Assignee set to Nicolas CHARLES
Actions #8

Updated by Nicolas CHARLES over 7 years ago

First result: somehow, regextract doesn't evaluate ${keyspec}, even if k${keyspec} can be read correctly, when it contains ${SSH_ORIGINAL_COMMAND}

Actions #9

Updated by Nicolas CHARLES over 7 years ago

Hard codding values in regextract doesn't solve the issue.
However, using $SSH_ORIGINAL_COMMAND (without {}) does work

We need to find a replacement for regextract to make the technique work

Actions #10

Updated by Nicolas CHARLES over 7 years ago

  • Related to Architecture #10747: regextract cannot extract values that contains ${TEXT} if TEXT is not a variable added
Actions #11

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from New to In progress
Actions #12

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1143
Actions #13

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #14

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Actions

Also available in: Atom PDF