resilien
/
nebula
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix single command ssh exec (#483)

This commit is contained in:
Nate Brown 2021-06-07 17:06:59 -05:00 committed by GitHub
parent d13f4b5948
commit c726d20578
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -7,10 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Added
- SSH `print-cert` has a new `-raw` flag to get the PEM representation of a certificate. (#483)
### Fixed ### Fixed
- Valid recv_error packets were incorrectly marked as "spoofing" and ignored. (#482) - Valid recv_error packets were incorrectly marked as "spoofing" and ignored. (#482)
- SSH server handles single `exec` requests correctly. (#483)
## [1.4.0] - 2021-05-11 ## [1.4.0] - 2021-05-11
### Added ### Added

12
ssh.go
View File

@ -26,6 +26,7 @@ type sshListHostMapFlags struct {
type sshPrintCertFlags struct { type sshPrintCertFlags struct {
Json bool Json bool
Pretty bool Pretty bool
Raw bool
} }
type sshPrintTunnelFlags struct { type sshPrintTunnelFlags struct {
@ -266,6 +267,7 @@ func attachCommands(l *logrus.Logger, ssh *sshd.SSHServer, hostMap *HostMap, pen
s := sshPrintCertFlags{} s := sshPrintCertFlags{}
fl.BoolVar(&s.Json, "json", false, "outputs as json") fl.BoolVar(&s.Json, "json", false, "outputs as json")
fl.BoolVar(&s.Pretty, "pretty", false, "pretty prints json, assumes -json") fl.BoolVar(&s.Pretty, "pretty", false, "pretty prints json, assumes -json")
fl.BoolVar(&s.Raw, "raw", false, "raw prints the PEM encoded certificate, not compatible with -json or -pretty")
return fl, &s return fl, &s
}, },
Callback: func(fs interface{}, a []string, w sshd.StringWriter) error { Callback: func(fs interface{}, a []string, w sshd.StringWriter) error {
@ -711,6 +713,16 @@ func sshPrintCert(ifce *Interface, fs interface{}, a []string, w sshd.StringWrit
return w.WriteBytes(b) return w.WriteBytes(b)
} }
if args.Raw {
b, err := cert.MarshalToPEM()
if err != nil {
//TODO: handle it
return nil
}
return w.WriteBytes(b)
}
return w.WriteLine(cert.String()) return w.WriteLine(cert.String())
} }

15
sshd/session.go
View File

@ -81,11 +81,18 @@ func (s *session) handleRequests(in <-chan *ssh.Request, channel ssh.Channel) {
case "exec": case "exec":
var payload = struct{ Value string }{} var payload = struct{ Value string }{}
cErr := ssh.Unmarshal(req.Payload, &payload) cErr := ssh.Unmarshal(req.Payload, &payload)
if cErr == nil { if cErr != nil {
s.dispatchCommand(payload.Value, &stringWriter{channel}) req.Reply(false, nil)
} else { return
//TODO: log it
} }
req.Reply(true, nil)
s.dispatchCommand(payload.Value, &stringWriter{channel})
//TODO: Fix error handling and report the proper status back
status := struct{ Status uint32 }{uint32(0)}
//TODO: I think this is how we shut down a shell as well?
channel.SendRequest("exit-status", false, ssh.Marshal(status))
channel.Close() channel.Close()
return return