Skip to content

Commit

Permalink
fix: wrap all commands in a shell
Browse files Browse the repository at this point in the history
SSH always wraps commands in a shell before executing them.
  • Loading branch information
smlx committed Dec 5, 2022
1 parent f493507 commit d72abf1
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
4 changes: 0 additions & 4 deletions internal/k8s/exec.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,10 +168,6 @@ func (c *Client) getExecutor(ctx context.Context, namespace, deployment,
if container == "" {
container = firstContainer
}
// check the command. if there isn't one, give the user a shell.
if len(command) == 0 {
command = []string{"sh"}
}
// construct the request
req := c.clientset.CoreV1().RESTClient().Post().Namespace(namespace).
Resource("pods").Name(firstPod).SubResource("exec")
Expand Down
20 changes: 17 additions & 3 deletions internal/sshserver/sessionhandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package sshserver

import (
"fmt"
"strings"

"github.com/gliderlabs/ssh"
"github.com/prometheus/client_golang/prometheus"
Expand All @@ -17,6 +18,21 @@ var (
})
)

func sshifyCommand(sftp bool, cmd []string) []string {
// if this is an sftp session we ignore any commands
if sftp {
return []string{"sftp-server", "-u", "0002"}
}
// if there is no command, assume the user wants a shell
if len(cmd) == 0 {
return []string{"sh"}
}
// if there is a command, wrap it in a shell the way openssh does
// https://github.com/openssh/openssh-portable/blob/
// 73dcca12115aa12ed0d123b914d473c384e52651/session.c#L1705-L1713
return []string{"sh", "-c", strings.Join(cmd, " ")}
}

// sessionHandler returns a ssh.Handler which connects the ssh session to the
// requested container.
//
Expand All @@ -41,9 +57,7 @@ func sessionHandler(log *zap.Logger, c *k8s.Client, sftp bool) ssh.Handler {
)
// parse the command line arguments to extract any service or container args
service, container, cmd := parseConnectionParams(s.Command())
if sftp {
cmd = []string{"sftp-server", "-u", "0002"}
}
cmd = sshifyCommand(sftp, cmd)
// validate the service and container
if err := k8s.ValidateLabelValue(service); err != nil {
log.Debug("invalid service name",
Expand Down

0 comments on commit d72abf1

Please sign in to comment.