[erlang-bugs] standard ssh to erlang sshd gives default shell, not the one specified in ssh:daemon/3
Niclas Eklund
nick@REDACTED
Wed Aug 4 10:40:21 CEST 2010
Hello!
#1 It will be documented when it's supported.
#2 Will be considered.
#3 Use the following trace to confirm that your callback module is called:
dbg:tracer().
dbg:p(all, [call]).
dbg:tpl(group,start, [{'_',[],[{return_trace}]}]).
dbg:tpl(group,start_shell1, [{'_',[],[{return_trace}]}]).
If Exec == {shell, start, ["foo"]} and you run 'ssh -p 9999 localhost bar'
you should see:
(<0.68.0>) call group:start_shell1(shell,start,["foo","bar"])
#4 The exec option will perhaps be extended with similar options that
shell accepts.
Best regards,
Niclas @ Erlang/OTP
On Tue, 3 Aug 2010, andrei zavada wrote:
> Hi Niclas & all,
>
> I gave it a try, and have a few things to note.
>
> 1. The exec option is not documented; it would be nice if it was.
>
> 2. Execution of command passed on ssh commandline is indeed suppressed if
> ssh:daemon is started with an {exec, {M,F,A}} option. Plugging an empty
> function as "F" could be a simple solution for the folks recently (rightly)
> raising this as a security issue.
>
> 3. However, {exec, {M,F,A}} doesn't seem to work. Following your example, I
> couldn't get my fun called. Looking into the sources in ssh_cli.erl, it
> appears in this branch of handle_ssh_msg:
>
> handle_ssh_msg({ssh_cm, ConnectionManager,
> {exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined} = State) -> {Reply, Status} =
> exec(Cmd), write_chars(ConnectionManager,
> ChannelId, io_lib:format("~p\n", [Reply])),
> ssh_connection:reply_request(ConnectionManager, WantReply,
> success, ChannelId),
> ssh_connection:exit_status(ConnectionManager, ChannelId, Status),
> ssh_connection:send_eof(ConnectionManager, ChannelId),
> {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionManager}};
>
> handle_ssh_msg({ssh_cm, ConnectionManager,
> {exec, ChannelId, WantReply, Cmd}}, State) ->
> NewState = start_shell(ConnectionManager, Cmd, State),
> ssh_connection:reply_request(ConnectionManager, WantReply,
> success, ChannelId),
> {ok, NewState#state{channel = ChannelId,
> cm = ConnectionManager}};
>
> the second one, which is supposed to take effect when the user has supplied
> an {exec, {M, F, A}} option, seems to never be reachable.
>
> 3. Down in start_shell and below, there is a call starting a group, similarly
> to the way this is done for the regular, interactive shell. IMHO, if all I
> need is connect via ssh, exec my command and return, a simple function call
> will suffice.
>
> 4. In the context of the project I am fitting ssh into, I need to know who is
> the user wanting to exec a command via ssh <host> <command>; hence, the
> solution you pointed out with {exec, {M,F,A}}, isn't suitable. Even before, I
> have prepared a patch (attached) for otp-13B04 to do exactly this. This
> patch will, likely with some fuzz, apply to otp-14A as well.
>
> With my patch, you would call ssh:daemon/3 with something like this in the
> Options parameter:
>
> Exec4User = fun(User, Cmd) -> do_something(User, Cmd), "Done" end,
> ssh:daemon(Port, Address, {{exec4user, Exec4User} | OtherOptions}),
>
> 5. The solution I am proposing is of a "works-for-me" kind; someone has to
> look into why the {exec, {M,F,A}} fails. In other words, there is little
> sense for both exec and exec4user to coexist: let upstream decide.
>
> Cheers,
> Andrei Zavada
>
>
> On Mon, 2 Aug 2010 14:22:09 +0200 (CEST)
> Niclas Eklund <nick@REDACTED> wrote:
>
>>
>> Hello!
>>
>> Try something like:
>>
>> Exec = {Module, Function, ArgList},
>> ssh:daemon({0,0,0,0}, <PORT>, [{exec, Exec}|Options]).
>>
>> Best regards,
>>
>> Niclas @ Erlang/OTP
>>
>> On Mon, 26 Jul 2010, andrei zavada wrote:
>>
>>> Hi,
>>>
>>> Consider the case of starting ssh:daemon/3 with bespoke shell supplied as
>>> {shell, {Module, Function, Args}} in the proplist as its third parameter.
>>>
>>> Everything works as expected if I just do (using openssh-5.5_p1, the
>>> current version in Gentoo per this writing)
>>>
>>> $ ssh -p<port> localhost
>>>
>>> My shell is now invoked and is happily serving commands. Once I try the
>>> same with a command-line parameter, i.e.,
>>>
>>> $ ssh -p<port> localhost fafa
>>>
>>> (expecting "fafa" to be passed to my shell function), the server hands
>>> "fafa" over to the Erlang standard shell, which prints:
>>>
>>> {error,{1,erl_parse,["syntax error before: ",[]]}}
>>>
>>> And, logically, appending a dot to "fafa" makes it a valid Erlang
>>> expression, which gets me a nice
>>>
>>> fafa
>>>
>>> The expected behaviour is that sshd accept the command and feed it to the
>>> custom shell the user specified in the Options proplist.
>>>
>>> This misbehaviour is verified in otp-12B-5, otp-13B04, as well as in
>>> otp-14A. All systems were tested on a Gentoo box (~amd64 arch), built
>>> from unpatched sources from erlang.org.
>>>
>>> Is this a bug, as I suppose it is?
>>>
>>> Regards
>>> Andrei Zavada
>>>
>>> ________________________________________________________________
>>> erlang-bugs (at) erlang.org mailing list.
>>> See http://www.erlang.org/faq.html
>>> To unsubscribe; mailto:erlang-bugs-unsubscribe@REDACTED
>>>
>>
>>
>
>
More information about the erlang-bugs
mailing list