Merge branch 'hans/ssh/execfix19/OTP-14881' into maint-19

* hans/ssh/execfix19/OTP-14881: ssh: Fix cli ssh: Test for disabled shell
author: Erlang/OTP <[email protected]> 2018-02-28 12:13:43 +0100
committer: Erlang/OTP <[email protected]> 2018-02-28 12:13:43 +0100
commit: 5814acb88d84fd13573bc04de2acbe64398eb749 (patch)
tree: 44ad13d2433d5f1c2b0de56bfdf567f6a68fe6dc
parent: 2e7160f3c28d495a8b798c5f8b484b1b977cee8e (diff)
parent: ca0582834661c54018d82e1f5b1abe6824053963 (diff)
download: otp-5814acb88d84fd13573bc04de2acbe64398eb749.tar.gz
otp-5814acb88d84fd13573bc04de2acbe64398eb749.tar.bz2
otp-5814acb88d84fd13573bc04de2acbe64398eb749.zip
4 files changed, 97 insertions, 3 deletions
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 290525cec0..ecdb184db3 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -289,7 +289,7 @@ is_tcp_socket(Socket) ->
 daemon_shell_opt(Options) ->
      case proplists:get_value(shell, Options) of
 	 undefined ->
-	     [{shell, {shell, start, []}}  | Options];
+	     [{shell, ?DEFAULT_SHELL}  | Options];
 	 _ ->
 	     Options
      end.
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index 4cd91177f6..9d119f4f42 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -33,6 +33,12 @@
 -define(REKEY_DATA_TIMOUT, 60000).
 -define(DEFAULT_PROFILE, default).
 
+-define(DEFAULT_TRANSPORT,  {tcp, gen_tcp, tcp_closed} ).
+
+-define(DEFAULT_SHELL, {shell, start, []} ).
+
+-define(MAX_RND_PADDING_LEN, 15).
+
 -define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password").
 -define(SUPPORTED_USER_KEYS, ['ssh-rsa','ssh-dss','ecdsa-sha2-nistp256','ecdsa-sha2-nistp384','ecdsa-sha2-nistp521']).
 
diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl
index 7c7b9e7922..94d1275e7b 100644
--- a/lib/ssh/src/ssh_cli.erl
+++ b/lib/ssh/src/ssh_cli.erl
@@ -127,7 +127,8 @@ handle_ssh_msg({ssh_cm, ConnectionHandler,
 			cm = ConnectionHandler}};
 
 handle_ssh_msg({ssh_cm, ConnectionHandler,
-		{exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined} = State) ->
+		{exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined,
+                                                           shell=?DEFAULT_SHELL} = State) ->
     {Reply, Status} = exec(Cmd),
     write_chars(ConnectionHandler,
 		ChannelId, io_lib:format("~p\n", [Reply])),
@@ -136,6 +137,15 @@ handle_ssh_msg({ssh_cm, ConnectionHandler,
     ssh_connection:exit_status(ConnectionHandler, ChannelId, Status),
     ssh_connection:send_eof(ConnectionHandler, ChannelId),
     {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}};
+
+handle_ssh_msg({ssh_cm, ConnectionHandler,
+		{exec, ChannelId, WantReply, _Cmd}}, #state{exec = undefined} = State) ->
+    write_chars(ConnectionHandler, ChannelId, 1, "Prohibited.\n"),
+    ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId),
+    ssh_connection:exit_status(ConnectionHandler, ChannelId, 255),
+    ssh_connection:send_eof(ConnectionHandler, ChannelId),
+    {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}};
+
 handle_ssh_msg({ssh_cm, ConnectionHandler,
 		{exec, ChannelId, WantReply, Cmd}}, State) ->
     NewState = start_shell(ConnectionHandler, Cmd, State),
@@ -453,11 +463,14 @@ move_cursor(From, To, #ssh_pty{width=Width, term=Type}) ->
 %% %%% make sure that there is data to send
 %% %%% before calling ssh_connection:send
 write_chars(ConnectionHandler, ChannelId, Chars) ->
+    write_chars(ConnectionHandler, ChannelId, ?SSH_EXTENDED_DATA_DEFAULT, Chars).
+
+write_chars(ConnectionHandler, ChannelId, Type, Chars) ->
     case has_chars(Chars) of
         false -> ok;
         true -> ssh_connection:send(ConnectionHandler,
                                     ChannelId,
-                                    ?SSH_EXTENDED_DATA_DEFAULT,
+                                    Type,
                                     Chars)
     end.
 
diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl
index 2819a4dbd9..952fb8da99 100644
--- a/lib/ssh/test/ssh_connection_SUITE.erl
+++ b/lib/ssh/test/ssh_connection_SUITE.erl
@@ -45,6 +45,8 @@ all() ->
      {group, openssh},
      small_interrupted_send,
      interrupted_send,
+     exec_erlang_term,
+     exec_erlang_term_non_default_shell,
      start_shell,
      start_shell_exec,
      start_shell_exec_fun,
@@ -542,6 +544,79 @@ start_shell_exec(Config) when is_list(Config) ->
     ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
+exec_erlang_term(Config) when is_list(Config) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = proplists:get_value(data_dir, Config),
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
+					     {password, "morot"}
+                                            ]),
+
+    ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+						      {user, "foo"},
+						      {password, "morot"},
+						      {user_interaction, true},
+						      {user_dir, UserDir}]),
+
+    {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
+
+    success = ssh_connection:exec(ConnectionRef, ChannelId0,
+				  "1+2.", infinity),
+    TestResult =
+        receive
+            {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"3",_/binary>>}} = R ->
+                ct:log("Got expected ~p",[R]);
+            Other ->
+                ct:log("Got unexpected ~p",[Other])
+        after 5000 ->
+                {fail,"Exec Timeout"}
+        end,
+
+    ssh:close(ConnectionRef),
+    ssh:stop_daemon(Pid),
+    TestResult.
+
+%%--------------------------------------------------------------------
+exec_erlang_term_non_default_shell(Config) when is_list(Config) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = proplists:get_value(data_dir, Config),
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
+					     {password, "morot"},
+                                             {shell, fun(U, H) -> start_our_shell(U, H) end}
+                                            ]),
+
+    ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+						      {user, "foo"},
+						      {password, "morot"},
+						      {user_interaction, true},
+						      {user_dir, UserDir}
+                                                     ]),
+
+    {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
+
+    success = ssh_connection:exec(ConnectionRef, ChannelId0,
+				  "1+2.", infinity),
+    TestResult =
+        receive
+            {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"3",_/binary>>}} = R ->
+                ct:log("Got unexpected ~p",[R]),
+                {fail,"Could exec erlang term although non-erlang shell"};
+            Other ->
+                ct:log("Got expected ~p",[Other])
+        after 5000 ->
+                {fail, "Exec Timeout"}
+        end,
+
+    ssh:close(ConnectionRef),
+    ssh:stop_daemon(Pid),
+    TestResult.
+
+%%--------------------------------------------------------------------
 start_shell_exec_fun() ->
     [{doc, "start shell to exec command"}].
author	Erlang/OTP <[email protected]>	2018-02-28 12:13:43 +0100
committer	Erlang/OTP <[email protected]>	2018-02-28 12:13:43 +0100
commit	5814acb88d84fd13573bc04de2acbe64398eb749 (patch)
tree	44ad13d2433d5f1c2b0de56bfdf567f6a68fe6dc
parent	2e7160f3c28d495a8b798c5f8b484b1b977cee8e (diff)
parent	ca0582834661c54018d82e1f5b1abe6824053963 (diff)
download	otp-5814acb88d84fd13573bc04de2acbe64398eb749.tar.gz otp-5814acb88d84fd13573bc04de2acbe64398eb749.tar.bz2 otp-5814acb88d84fd13573bc04de2acbe64398eb749.zip