Project

General

Profile

Bug #10715

escaping ${SSH_ORIGINAL_COMMAND} in GUI - sshKeyDistribution/3.0

Added by Ferenc Ulrich 5 months ago. Updated 4 months ago.

Status:
Released
Priority:
N/A
Category:
-
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
36
Tags: Quick and important

Description

Hi,

How do i escape string ${SSH_ORIGINAL_COMMAND} in GUI, so that it won't be interpreted as a cf-engine variable?
i tried ${const.dollar}{SSH_ORIGINAL_COMMAND}, \${const.dollar}{SSH_ORIGINAL_COMMAND}, $\{SSH_ORIGINAL_COMMAND}, ${const.dollar}\{SSH_ORIGINAL_COMMAND}.
None of them worked.

Thanks,
Ferenc Ulrich


Related issues

Related to Rudder - Architecture #10747: regextract cannot extract values that contains ${TEXT} if TEXT is not a variable New

Associated revisions

Revision aca28c73
Added by Nicolas CHARLES 4 months ago

Fixes #10715: escaping ${SSH_ORIGINAL_COMMAND} in GUI - sshKeyDistribution/3.0

History

#1 Updated by Ferenc Ulrich 4 months ago

Please handle this issue as a real BUG.

#2 Updated by Vincent MEMBRÉ 4 months ago

In which field do you want to insert that string ?

#3 Updated by François ARMAND 4 months ago

To be clearer, we need to better understand what you are trying to do exactly, what you would expect to get (in the generated file), and what you are actually getting.
That would help better understand the problem. Thanks for the help!

#4 Updated by Janos Mattyasovszky 4 months ago

The usecase is to have options prepended to the authorized_keys, which include shell environment variables, like example:

from="host.fqdn",command="sudo $SSH_ORIGINAL_COMMAND" ssh-rsa.... 

#5 Updated by Ferenc Ulrich 4 months ago

example:

from="host.fqdn",command="sudo ${SSH_ORIGINAL_COMMAND}" ssh-rsa....

#6 Updated by François ARMAND 4 months ago

  • Target version set to 3.1.20
  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 36

#7 Updated by Nicolas CHARLES 4 months ago

  • Assignee set to Nicolas CHARLES

#8 Updated by Nicolas CHARLES 4 months ago

First result: somehow, regextract doesn't evaluate ${keyspec}, even if k${keyspec} can be read correctly, when it contains ${SSH_ORIGINAL_COMMAND}

#9 Updated by Nicolas CHARLES 4 months ago

Hard codding values in regextract doesn't solve the issue.
However, using $SSH_ORIGINAL_COMMAND (without {}) does work

We need to find a replacement for regextract to make the technique work

#10 Updated by Nicolas CHARLES 4 months ago

  • Related to Architecture #10747: regextract cannot extract values that contains ${TEXT} if TEXT is not a variable added

#11 Updated by Nicolas CHARLES 4 months ago

  • Status changed from New to In progress

#12 Updated by Nicolas CHARLES 4 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1143

#13 Updated by Nicolas CHARLES 4 months ago

  • Status changed from Pending technical review to Pending release

#14 Updated by Vincent MEMBRÉ 4 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Also available in: Atom PDF