Bug #10715
closed
escaping ${SSH_ORIGINAL_COMMAND} in GUI - sshKeyDistribution/3.0
Description
Hi,
How do i escape string ${SSH_ORIGINAL_COMMAND} in GUI, so that it won't be interpreted as a cf-engine variable?
i tried ${const.dollar}{SSH_ORIGINAL_COMMAND}, \${const.dollar}{SSH_ORIGINAL_COMMAND}, $\{SSH_ORIGINAL_COMMAND}, ${const.dollar}\{SSH_ORIGINAL_COMMAND}.
None of them worked.
Thanks,
Ferenc Ulrich
Updated by Ferenc Ulrich over 8 years ago
Please handle this issue as a real BUG.
Updated by Vincent MEMBRÉ over 8 years ago
In which field do you want to insert that string ?
Updated by François ARMAND over 8 years ago
To be clearer, we need to better understand what you are trying to do exactly, what you would expect to get (in the generated file), and what you are actually getting.
That would help better understand the problem. Thanks for the help!
Updated by Janos Mattyasovszky over 8 years ago
The usecase is to have options prepended to the authorized_keys, which include shell environment variables, like example:
from="host.fqdn",command="sudo $SSH_ORIGINAL_COMMAND" ssh-rsa....
Updated by Ferenc Ulrich over 8 years ago
example:
from="host.fqdn",command="sudo ${SSH_ORIGINAL_COMMAND}" ssh-rsa....
Updated by François ARMAND over 8 years ago
- Target version set to 3.1.20
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 36
Updated by Nicolas CHARLES over 8 years ago
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES over 8 years ago
First result: somehow, regextract doesn't evaluate ${keyspec}, even if k${keyspec} can be read correctly, when it contains ${SSH_ORIGINAL_COMMAND}
Updated by Nicolas CHARLES over 8 years ago
Hard codding values in regextract doesn't solve the issue.
However, using $SSH_ORIGINAL_COMMAND (without {}) does work
We need to find a replacement for regextract to make the technique work
Updated by Nicolas CHARLES over 8 years ago
- Related to Architecture #10747: regextract cannot extract values that contains ${TEXT} if TEXT is not a variable added
Updated by Nicolas CHARLES over 8 years ago
- Status changed from New to In progress
Updated by Nicolas CHARLES over 8 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1143
Updated by Nicolas CHARLES over 8 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|aca28c73c02a8afdcc35fe0dbd8be2debdc2dd84.