fix: regression introduced by 932e72e for stealth stdout in ssh

Before 932e72e, plugin-scoped stealthStdout was ignored, which was fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh stealthStdout option. This fix ensures stealthStdout is honored for both plugins and egress ssh.
ovh · Sep 25, 2024 · 3ee9a5d · 3ee9a5d
1 parent a0ec3ff
commit 3ee9a5d
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm
@@ -1081,19 +1081,25 @@ sub get_passfile {
         msg => "Unable to find (or read) a password file in context '$context' and name '$nameHint'");
 }
 
+# build the ttyrec cmdline in one shot if our caller has all the required info
 sub build_ttyrec_cmdline {
     my %params = @_;
     my $fnret  = build_ttyrec_cmdline_part1of2(%params);
     $fnret or return $fnret;
 
-    # for this simple version, use global timeout values if not specified in %params
+    # for this simple version, use global idle*Timeout values if not specified in %params
     return build_ttyrec_cmdline_part2of2(
         input           => $fnret->value,
         idleLockTimeout => ($params{'idleLockTimeout'} // OVH::Bastion::config("idleLockTimeout")->value),
-        idleKillTimeout => ($params{'idleKillTimeout'} // OVH::Bastion::config("idleKillTimeout")->value)
+        idleKillTimeout => ($params{'idleKillTimeout'} // OVH::Bastion::config("idleKillTimeout")->value),
+        stealth_stdout  => ($params{'stealth_stdout'}),
+        stealth_stderr  => ($params{'stealth_stderr'}),
     );
 }
 
+# if our caller doesn't have all the required info to build the entire cmdline,
+# they can do it in two times, part1of2 does return the saveFile that they might
+# need before calling part2of2
 sub build_ttyrec_cmdline_part1of2 {
     my %params = @_;
 
@@ -1150,8 +1156,6 @@ sub build_ttyrec_cmdline_part1of2 {
     push @ttyrec, '-v' if $params{'debug'};
     push @ttyrec, '-T', 'always' if $params{'tty'};
     push @ttyrec, '-T', 'never'  if $params{'notty'};
-    push @ttyrec, '--stealth-stdout' if $params{'stealth_stdout'};
-    push @ttyrec, '--stealth-stderr' if $params{'stealth_stderr'};
 
     my $fnret = OVH::Bastion::account_config(
         account => $params{'account'},
@@ -1203,6 +1207,10 @@ sub build_ttyrec_cmdline_part2of2 {
         }
     }
 
+    # do it here because we have this info at a late stage (i.e. not during part1of2)
+    push @cmd, '--stealth-stdout' if $params{'stealth_stdout'};
+    push @cmd, '--stealth-stderr' if $params{'stealth_stderr'};
+
     my $ttyrecAdditionalParameters = OVH::Bastion::config('ttyrecAdditionalParameters')->value;
     push @cmd, @$ttyrecAdditionalParameters if @$ttyrecAdditionalParameters;
 

diff --git a/tests/unit/run.pl b/tests/unit/run.pl
@@ -67,12 +67,13 @@
 my $fnret;
 
 $fnret = OVH::Bastion::build_ttyrec_cmdline(
-    ip      => "127.0.0.1",
-    port    => 7979,
-    user    => "randomuser",
-    account => "bastionuser",
-    uniqid  => 'cafed00dcafe',
-    home    => "/home/randomuser",
+    ip             => "127.0.0.1",
+    port           => 7979,
+    user           => "randomuser",
+    account        => "bastionuser",
+    uniqid         => 'cafed00dcafe',
+    home           => "/home/randomuser",
+    stealth_stdout => 1,
 );
 cmp_deeply(
     $fnret->value->{'saveFile'},
@@ -95,6 +96,7 @@
         "To unlock, use '--osh unlock' from another console",
         '-k',
         29,
+        '--stealth-stdout',
     ],
     "build_ttyrec_cmdline cmd"
 );
@@ -129,6 +131,7 @@
     input           => $fnret->value,
     idleKillTimeout => 88,
     idleLockTimeout => 99,
+    stealth_stderr  => 1,
 );
 cmp_deeply(
     $fnret->value->{'saveFile'},
@@ -151,6 +154,7 @@
         "To unlock, use '--osh unlock' from another console",
         '-k',
         88,
+        '--stealth-stderr',
     ],
     "build_ttyrec_cmdline_part2of2 cmd"
 );