From 3ee9a5d8967dc1c7b1aaa9f57611b814a56f9838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 25 Sep 2024 08:20:33 +0000 Subject: [PATCH] fix: regression introduced by 932e72e for stealth stdout in ssh Before 932e72e, plugin-scoped stealthStdout was ignored, which was fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh stealthStdout option. This fix ensures stealthStdout is honored for both plugins and egress ssh. --- lib/perl/OVH/Bastion.pm | 16 ++++++++++++---- tests/unit/run.pl | 16 ++++++++++------ 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index 49678b52b..37d1e8ca0 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -1081,19 +1081,25 @@ sub get_passfile { msg => "Unable to find (or read) a password file in context '$context' and name '$nameHint'"); } +# build the ttyrec cmdline in one shot if our caller has all the required info sub build_ttyrec_cmdline { my %params = @_; my $fnret = build_ttyrec_cmdline_part1of2(%params); $fnret or return $fnret; - # for this simple version, use global timeout values if not specified in %params + # for this simple version, use global idle*Timeout values if not specified in %params return build_ttyrec_cmdline_part2of2( input => $fnret->value, idleLockTimeout => ($params{'idleLockTimeout'} // OVH::Bastion::config("idleLockTimeout")->value), - idleKillTimeout => ($params{'idleKillTimeout'} // OVH::Bastion::config("idleKillTimeout")->value) + idleKillTimeout => ($params{'idleKillTimeout'} // OVH::Bastion::config("idleKillTimeout")->value), + stealth_stdout => ($params{'stealth_stdout'}), + stealth_stderr => ($params{'stealth_stderr'}), ); } +# if our caller doesn't have all the required info to build the entire cmdline, +# they can do it in two times, part1of2 does return the saveFile that they might +# need before calling part2of2 sub build_ttyrec_cmdline_part1of2 { my %params = @_; @@ -1150,8 +1156,6 @@ sub build_ttyrec_cmdline_part1of2 { push @ttyrec, '-v' if $params{'debug'}; push @ttyrec, '-T', 'always' if $params{'tty'}; push @ttyrec, '-T', 'never' if $params{'notty'}; - push @ttyrec, '--stealth-stdout' if $params{'stealth_stdout'}; - push @ttyrec, '--stealth-stderr' if $params{'stealth_stderr'}; my $fnret = OVH::Bastion::account_config( account => $params{'account'}, @@ -1203,6 +1207,10 @@ sub build_ttyrec_cmdline_part2of2 { } } + # do it here because we have this info at a late stage (i.e. not during part1of2) + push @cmd, '--stealth-stdout' if $params{'stealth_stdout'}; + push @cmd, '--stealth-stderr' if $params{'stealth_stderr'}; + my $ttyrecAdditionalParameters = OVH::Bastion::config('ttyrecAdditionalParameters')->value; push @cmd, @$ttyrecAdditionalParameters if @$ttyrecAdditionalParameters; diff --git a/tests/unit/run.pl b/tests/unit/run.pl index 54b847381..0483d123c 100755 --- a/tests/unit/run.pl +++ b/tests/unit/run.pl @@ -67,12 +67,13 @@ my $fnret; $fnret = OVH::Bastion::build_ttyrec_cmdline( - ip => "127.0.0.1", - port => 7979, - user => "randomuser", - account => "bastionuser", - uniqid => 'cafed00dcafe', - home => "/home/randomuser", + ip => "127.0.0.1", + port => 7979, + user => "randomuser", + account => "bastionuser", + uniqid => 'cafed00dcafe', + home => "/home/randomuser", + stealth_stdout => 1, ); cmp_deeply( $fnret->value->{'saveFile'}, @@ -95,6 +96,7 @@ "To unlock, use '--osh unlock' from another console", '-k', 29, + '--stealth-stdout', ], "build_ttyrec_cmdline cmd" ); @@ -129,6 +131,7 @@ input => $fnret->value, idleKillTimeout => 88, idleLockTimeout => 99, + stealth_stderr => 1, ); cmp_deeply( $fnret->value->{'saveFile'}, @@ -151,6 +154,7 @@ "To unlock, use '--osh unlock' from another console", '-k', 88, + '--stealth-stderr', ], "build_ttyrec_cmdline_part2of2 cmd" );