openbolt 5.0.0.rc1

data/lib/bolt/shell/bash.rb

@@ -0,0 +1,516 @@
+# frozen_string_literal: true
+
+require_relative 'bash/tmpdir'
+require 'shellwords'
+
+module Bolt
+  class Shell
+    class Bash < Shell
+      CHUNK_SIZE = 4096
+
+      def initialize(target, conn)
+        super
+
+        @run_as = nil
+        @sudo_id = SecureRandom.uuid
+        @sudo_password = @target.options['sudo-password'] || @target.password
+      end
+
+      def provided_features
+        ['shell']
+      end
+
+      def run_command(command, options = {}, position = [])
+        running_as(options[:run_as]) do
+          output = execute(command, environment: options[:env_vars], sudoable: true)
+          Bolt::Result.for_command(target,
+                                   output.to_h,
+                                   'command',
+                                   command,
+                                   position)
+        end
+      end
+
+      def upload(source, destination, options = {})
+        running_as(options[:run_as]) do
+          with_tmpdir do |dir|
+            basename = File.basename(source)
+            tmpfile = File.join(dir.to_s, basename)
+            conn.upload_file(source, tmpfile)
+            # pass over file ownership if we're using run-as to be a different user
+            dir.chown(run_as)
+            result = execute(['mv', '-f', tmpfile, destination], sudoable: true)
+            if result.exit_code != 0
+              message = "Could not move temporary file '#{tmpfile}' to #{destination}: #{result.stderr.string}"
+              raise Bolt::Node::FileError.new(message, 'MV_ERROR')
+            end
+          end
+          Bolt::Result.for_upload(target, source, destination)
+        end
+      end
+
+      def download(source, destination, options = {})
+        running_as(options[:run_as]) do
+          download = File.join(destination, Bolt::Util.unix_basename(source))
+
+          # If using run-as, the file is copied to a tmpdir and chowned to the
+          # connecting user. This is a workaround for limitations in net-ssh that
+          # only allow for downloading files as the connecting user, which is a
+          # problem for users who cannot connect to targets as the root user.
+          # This temporary copy should *always* be deleted.
+          if run_as
+            with_tmpdir(force_cleanup: true) do |dir|
+              tmpfile = File.join(dir.to_s, Bolt::Util.unix_basename(source))
+
+              result = execute(['cp', '-r', source, dir.to_s], sudoable: true)
+
+              if result.exit_code != 0
+                message = "Could not copy file '#{source}' to temporary directory '#{dir}': #{result.stderr.string}"
+                raise Bolt::Node::FileError.new(message, 'CP_ERROR')
+              end
+
+              # We need to force the chown, otherwise this will just return
+              # without doing anything since the chown user is the same as the
+              # connecting user.
+              dir.chown(conn.user, force: true)
+
+              conn.download_file(tmpfile, destination, download)
+            end
+          # If not using run-as, we can skip creating a temporary copy and just
+          # download the file directly.
+          else
+            conn.download_file(source, destination, download)
+          end
+
+          Bolt::Result.for_download(target, source, destination, download)
+        end
+      end
+
+      def run_script(script, arguments, options = {}, position = [])
+        # unpack any Sensitive data
+        arguments = unwrap_sensitive_args(arguments)
+
+        running_as(options[:run_as]) do
+          with_tmpdir do |dir|
+            path = write_executable(dir.to_s, script)
+            dir.chown(run_as)
+
+            exec_args   = [path, *arguments]
+            interpreter = select_interpreter(script, target.options['interpreters'])
+
+            # Only use interpreter if script_interpreter config is enabled
+            if options[:script_interpreter] && interpreter
+              exec_args.unshift(interpreter).flatten!
+              logger.trace("Running '#{script}' using '#{interpreter}' interpreter")
+            end
+
+            output = execute(exec_args, environment: options[:env_vars], sudoable: true)
+            Bolt::Result.for_command(target,
+                                     output.to_h,
+                                     'script',
+                                     script,
+                                     position)
+          end
+        end
+      end
+
+      def run_task(task, arguments, options = {}, position = [])
+        implementation = select_implementation(target, task)
+        executable = implementation['path']
+        input_method = implementation['input_method']
+        extra_files = implementation['files']
+
+        running_as(options[:run_as]) do
+          stdin, output = nil
+          execute_options = {}
+          execute_options[:interpreter] = select_interpreter(executable, target.options['interpreters'])
+          interpreter_debug = if execute_options[:interpreter]
+                                " using '#{execute_options[:interpreter]}' interpreter"
+                              end
+          # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
+          logger.trace("Running '#{executable}' with #{arguments.to_json}#{interpreter_debug}")
+          # unpack any Sensitive data
+          arguments = unwrap_sensitive_args(arguments)
+
+          with_tmpdir do |dir|
+            if extra_files.empty?
+              task_dir = dir
+            else
+              # TODO: optimize upload of directories
+              arguments['_installdir'] = dir.to_s
+              task_dir = File.join(dir.to_s, task.tasks_dir)
+              dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
+              extra_files.each do |file|
+                conn.upload_file(file['path'], File.join(dir.to_s, file['name']))
+              end
+            end
+
+            if Bolt::Task::STDIN_METHODS.include?(input_method)
+              stdin = JSON.dump(arguments)
+            end
+
+            if Bolt::Task::ENVIRONMENT_METHODS.include?(input_method)
+              execute_options[:environment] = envify_params(arguments)
+            end
+
+            remote_task_path = write_executable(task_dir, executable)
+
+            execute_options[:stdin] = stdin
+
+            # Avoid the horrors of passing data on stdin via a tty on multiple platforms
+            # by writing a wrapper script that directs stdin to the task.
+            if stdin && target.options['tty']
+              wrapper = make_wrapper_stringio(remote_task_path, stdin, execute_options[:interpreter])
+              # Wrapper script handles interpreter and stdin. Delete these execute options
+              execute_options.delete(:interpreter)
+              execute_options.delete(:stdin)
+              execute_options[:wrapper] = true
+              remote_task_path = write_executable(dir, wrapper, 'wrapper.sh')
+            end
+
+            dir.chown(run_as)
+
+            execute_options[:sudoable] = true if run_as
+            output = execute(remote_task_path, **execute_options)
+          end
+          Bolt::Result.for_task(target, output.stdout.string,
+                                output.stderr.string,
+                                output.exit_code,
+                                task.name,
+                                position)
+        end
+      end
+
+      # If prompted for sudo password, send password to stdin and return an
+      # empty string. Otherwise, check for sudo errors and raise Bolt error.
+      # If sudo_id is detected, that means the task needs to have stdin written.
+      # If error is not sudo-related, return the stderr string to be added to
+      # node output
+      def handle_sudo(stdin, err, sudo_stdin)
+        if err.include?(sudo_prompt)
+          # A wild sudo prompt has appeared!
+          if @sudo_password
+            stdin.write("#{@sudo_password}\n")
+            ''
+          else
+            raise Bolt::Node::EscalateError.new(
+              "Sudo password for user #{conn.user} was not provided for #{target}",
+              'NO_PASSWORD'
+            )
+          end
+        elsif err =~ /^#{@sudo_id}/
+          if sudo_stdin
+            begin
+              stdin.write("#{sudo_stdin}\n")
+              stdin.close
+            # If a task has stdin as an input_method but doesn't actually read
+            # from stdin, the task may return and close the input stream before
+            # we finish writing
+            rescue Errno::EPIPE
+            end
+          end
+          ''
+        else
+          handle_sudo_errors(err)
+        end
+      end
+
+      # See if there's a sudo prompt in the output
+      # If not, return the output
+      def check_sudo(out, inp, stdin)
+        buffer = out.readpartial(CHUNK_SIZE)
+        # Split on newlines, including the newline
+        lines = buffer.split(/(?<=\n)/)
+        # handle_sudo will return the line if it is not a sudo prompt or error
+        lines.map! { |line| handle_sudo(inp, line, stdin) }
+        lines.join
+      # If stream has reached EOF, no password prompt is expected
+      # return an empty string
+      rescue EOFError
+        ''
+      end
+
+      def handle_sudo_errors(err)
+        case err
+        when /^#{conn.user} is not in the sudoers file\./
+          @logger.trace { err }
+          raise Bolt::Node::EscalateError.new(
+            "User #{conn.user} does not have sudo permission on #{target}",
+            'SUDO_DENIED'
+          )
+        when /^Sorry, try again\./
+          @logger.trace { err }
+          raise Bolt::Node::EscalateError.new(
+            "Sudo password for user #{conn.user} not recognized on #{target}",
+            'BAD_PASSWORD'
+          )
+        else
+          # No need to raise an error - just return the string
+          err
+        end
+      end
+
+      def make_wrapper_stringio(task_path, stdin, interpreter = nil)
+        if interpreter
+          StringIO.new(<<~SCRIPT)
+            #!/bin/sh
+            #{Array(interpreter).map { |word| "'#{word}'" }.join(' ')} '#{task_path}' <<'EOF'
+            #{stdin}
+            EOF
+          SCRIPT
+        else
+          StringIO.new(<<~SCRIPT)
+            #!/bin/sh
+            '#{task_path}' <<'EOF'
+            #{stdin}
+            EOF
+          SCRIPT
+        end
+      end
+
+      # This method allows the @run_as variable to be used as a per-operation
+      # override for the user to run as. When @run_as is unset, the user
+      # specified on the target will be used.
+      def run_as
+        @run_as || target.options['run-as']
+      end
+
+      # Run as the specified user for the duration of the block.
+      def running_as(user)
+        @run_as = user
+        yield
+      ensure
+        @run_as = nil
+      end
+
+      def make_executable(path)
+        result = execute(['chmod', 'u+x', path])
+        if result.exit_code != 0
+          message = "Could not make file '#{path}' executable: #{result.stderr.string}"
+          raise Bolt::Node::FileError.new(message, 'CHMOD_ERROR')
+        end
+      end
+
+      def make_tmpdir
+        tmpdir = @target.options.fetch('tmpdir', '/tmp')
+        script_dir = @target.options.fetch('script-dir', SecureRandom.uuid)
+        tmppath = File.join(tmpdir, script_dir)
+        command = ['mkdir', '-m', 700, tmppath]
+
+        result = execute(command)
+        if result.exit_code != 0
+          raise Bolt::Node::FileError.new("Could not make tmpdir: #{result.stderr.string}", 'TMPDIR_ERROR')
+        end
+        path = tmppath || result.stdout.string.chomp
+        Bolt::Shell::Bash::Tmpdir.new(self, path)
+      end
+
+      def write_executable(dir, file, filename = nil)
+        filename ||= File.basename(file)
+        remote_path = File.join(dir.to_s, filename)
+        conn.upload_file(file, remote_path)
+        make_executable(remote_path)
+        remote_path
+      end
+
+      # A helper to create and delete a tmpdir on the remote system. Yields the
+      # directory name.
+      def with_tmpdir(force_cleanup: false)
+        dir = make_tmpdir
+        yield dir
+      ensure
+        if dir
+          if target.options['cleanup'] || force_cleanup
+            dir.delete
+          else
+            Bolt::Logger.warn("skip_cleanup", "Skipping cleanup of tmpdir #{dir}")
+          end
+        end
+      end
+
+      def sudo_success(sudo_id)
+        "echo #{sudo_id} 1>&2"
+      end
+
+      # Returns string with the interpreter conditionally prepended
+      def inject_interpreter(interpreter, command)
+        if interpreter
+          command = Array(command).unshift(interpreter).flatten
+        end
+
+        command.is_a?(String) ? command : Shellwords.shelljoin(command)
+      end
+
+      def execute(command, sudoable: false, **options)
+        run_as = options[:run_as] || self.run_as
+        escalate = sudoable && run_as && conn.user != run_as
+        use_sudo = escalate && @target.options['run-as-command'].nil?
+
+        # Depending on the transport, whether we're using sudo and whether
+        # there are environment variables to set, we may need to stitch
+        # together multiple commands into a single sh invocation
+        commands = [inject_interpreter(options[:interpreter], command)]
+
+        # Let the transport handle adding environment variables if it's custom.
+        if options[:environment]
+          if defined? conn.add_env_vars
+            conn.add_env_vars(options[:environment])
+          else
+            env_decl = '/usr/bin/env ' + options[:environment].map do |env, val|
+              "#{env}=#{Shellwords.shellescape(val)}"
+            end.join(' ')
+          end
+        end
+
+        if escalate
+          sudo_str = if use_sudo
+                       sudo_exec = target.options['sudo-executable'] || "sudo"
+                       sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
+                       Shellwords.shelljoin(sudo_flags)
+                     else
+                       Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
+                     end
+          commands.unshift('cd') if conn.reset_cwd?
+          commands.unshift(sudo_success(@sudo_id)) if options[:stdin] && !options[:wrapper]
+        end
+
+        command_str = if sudo_str || env_decl
+                        "sh -c #{Shellwords.shellescape(commands.join('; '))}"
+                      else
+                        commands.last
+                      end
+
+        command_str = [sudo_str, env_decl, command_str].compact.join(' ')
+
+        @logger.trace { "Executing `#{command_str}`" }
+
+        in_buffer = if !use_sudo && options[:stdin]
+                      String.new(options[:stdin], encoding: 'binary')
+                    else
+                      String.new(encoding: 'binary')
+                    end
+        # Chunks of this size will be read in one iteration
+        index = 0
+        timeout = 0.1
+        result_output = Bolt::Node::Output.new
+
+        inp, out, err, t = conn.execute(command_str)
+        read_streams = { out => String.new,
+                         err => String.new }
+        write_stream = in_buffer.empty? ? [] : [inp]
+
+        # See if there's a sudo prompt
+        if use_sudo
+          ready_read = select([err], nil, nil, timeout * 5)
+          to_print = check_sudo(err, inp, options[:stdin]) if ready_read
+          unless to_print.nil?
+            log_stream(to_print, 'err')
+            read_streams[err]           << to_print
+            result_output.merged_output << to_print
+          end
+        end
+
+        # True while the process is running or waiting for IO input
+        while t.alive?
+          # See if we can read from out or err, or write to in
+          ready_read, ready_write, = select(read_streams.keys, write_stream, nil, timeout)
+
+          ready_read&.each do |stream|
+            stream_name = stream == out ? 'out' : 'err'
+            # Check for sudo prompt
+            to_print = if use_sudo
+                         check_sudo(stream, inp, options[:stdin])
+                       else
+                         stream.readpartial(CHUNK_SIZE)
+                       end
+            log_stream(to_print, stream_name)
+            read_streams[stream]        << to_print
+            result_output.merged_output << to_print
+          rescue EOFError
+          end
+
+          # select will either return an empty array if there are no
+          # writable streams or nil if no IO object is available before the
+          # timeout is reached.
+          writable = if ready_write.respond_to?(:empty?)
+                       !ready_write.empty?
+                     else
+                       !ready_write.nil?
+                     end
+
+          begin
+            if writable && index < in_buffer.length
+              to_print = in_buffer[index..-1]
+              # On Windows, select marks the input stream as writable even if
+              # it's full. We need to check whether we received wait_writable
+              # and treat that as not having written anything.
+              written = inp.write_nonblock(to_print, exception: false)
+              index += written unless written == :wait_writable
+
+              if index >= in_buffer.length && !write_stream.empty?
+                inp.close
+                write_stream = []
+              end
+            end
+          # If a task has stdin as an input_method but doesn't actually read
+          # from stdin, the task may return and close the input stream before
+          # we finish writing
+          rescue Errno::EPIPE
+            write_stream = []
+          end
+        end
+        # Read any remaining data in the pipe. Do not wait for
+        # EOF in case the pipe is inherited by a child process.
+        read_streams.each do |stream, _|
+          stream_name = stream == out ? 'out' : 'err'
+          loop {
+            to_print = stream.read_nonblock(CHUNK_SIZE)
+            log_stream(to_print, stream_name)
+            read_streams[stream]        << to_print
+            result_output.merged_output << to_print
+          }
+        rescue Errno::EAGAIN, EOFError
+        ensure
+          stream.close
+        end
+        inp.close
+        result_output.stdout << read_streams[out]
+        result_output.stderr << read_streams[err]
+        result_output.exit_code = t.value.respond_to?(:exitstatus) ? t.value.exitstatus : t.value
+
+        case result_output.exit_code
+        when 0
+          @logger.trace { "Command `#{command_str}` returned successfully" }
+        when 126
+          msg = "\n\nThis might be caused by the default tmpdir being mounted "\
+            "using 'noexec'. See http://pup.pt/task-failure for details and workarounds."
+          result_output.stderr        << msg
+          result_output.merged_output << msg
+          @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
+        else
+          @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
+        end
+        result_output
+      rescue StandardError
+        # Ensure we close stdin and kill the child process
+        inp.close unless inp.nil? || inp.closed?
+        t&.terminate if t&.alive?
+        @logger.trace { "Command aborted" }
+        raise
+      end
+
+      def sudo_prompt
+        '[sudo] Bolt needs to run as another user, password: '
+      end
+
+      private def log_stream(to_print, stream_name)
+        if !to_print.chomp.empty? && @stream_logger
+          formatted = to_print.lines.map do |msg|
+            "[#{@target.safe_name}] #{stream_name}: #{msg.chomp}"
+          end.join("\n")
+          @stream_logger.warn(formatted)
+        end
+      end
+    end
+  end
+end

data/lib/bolt/shell/powershell/snippets.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+module Bolt
+  class Shell
+    class Powershell < Shell
+      module Snippets
+        class << self
+          def execute_process(command)
+            <<~PS
+            if ([Console]::InputEncoding -eq [System.Text.Encoding]::UTF8) {
+              [Console]::InputEncoding = New-Object System.Text.UTF8Encoding $False
+            }
+            if ([Console]::OutputEncoding -eq [System.Text.Encoding]::UTF8) {
+              [Console]::OutputEncoding = New-Object System.Text.UTF8Encoding $False
+            }
+            $OutputEncoding = [Console]::OutputEncoding
+            #{command}
+            if (-not $? -and ($LASTEXITCODE -eq $null)) { exit 1 }
+            exit $LASTEXITCODE
+            PS
+          end
+
+          def exit_with_code(command)
+            <<~PS
+            #{command}
+            if (-not $? -and ($LASTEXITCODE -eq $null)) { exit 1 }
+            exit $LASTEXITCODE
+            PS
+          end
+
+          def make_tmpdir(parent)
+            <<~PS
+            $parent = #{parent}
+            $name = [System.IO.Path]::GetRandomFileName()
+            $path = Join-Path $parent $name -ErrorAction Stop
+            New-Item -ItemType Directory -Path $path -ErrorAction Stop | Out-Null
+            $path
+            PS
+          end
+
+          def rmdir(dir)
+            <<~PS
+            Remove-Item -Force -Recurse -Path "#{dir}"
+            PS
+          end
+
+          def run_script(arguments, script_path)
+            build_arg_list = arguments.map do |a|
+              "$invokeArgs.ArgumentList += @'\n#{a}\n'@"
+            end.join("\n")
+            <<~PS
+            $invokeArgs = @{
+              ScriptBlock = (Get-Command "#{script_path}").ScriptBlock
+              ArgumentList = @()
+            }
+            #{build_arg_list}
+
+            try
+            {
+              switch -regex ( Get-ExecutionPolicy )
+              {
+                '^AllSigned'
+                {
+                  if ((Get-AuthenticodeSignature -File "#{script_path}").Status -ne 'Valid') {
+                    $Host.UI.WriteErrorLine("Error: Target host Powershell ExecutionPolicy is set to ${_} and script '#{script_path}' does not contain a valid signature.")
+                    exit 1;
+                  }
+                }
+                '^Restricted'
+                {
+                  $Host.UI.WriteErrorLine("Error: Target host Powershell ExecutionPolicy is set to ${_} which denies running any scripts on the target.")
+                  exit 1;
+                }
+              }
+            }
+            catch {}
+
+            if([string]::IsNullOrEmpty($invokeArgs.ScriptBlock)){
+              $Host.UI.WriteErrorLine("Error: Failed to obtain scriptblock from '#{script_path}'. Running scripts might be disabled on this system. For more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170");
+              exit 1;
+            }
+
+            try
+            {
+              Invoke-Command @invokeArgs
+            }
+            catch
+            {
+              $Host.UI.WriteErrorLine("[$($_.FullyQualifiedErrorId)] Exception $($_.InvocationInfo.PositionMessage).`n$($_.Exception.Message)");
+              exit 1;
+            }
+            PS
+          end
+
+          def append_ps_module_path(directory)
+            <<~PS
+            $env:PSModulePath += ";#{directory}"
+            PS
+          end
+
+          def ps_task(path, arguments)
+            <<~PS
+            $private:tempArgs = Get-ContentAsJson (
+              [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('#{Base64.encode64(JSON.dump(arguments))}'))
+            )
+            $allowedArgs = (Get-Command "#{path}").Parameters.Keys
+            $private:taskArgs = @{}
+            $private:tempArgs.Keys | ? { $allowedArgs -contains $_ } | % { $private:taskArgs[$_] = $private:tempArgs[$_] }
+            try {
+              & "#{path}" @taskArgs
+            } catch {
+              $Host.UI.WriteErrorLine("[$($_.FullyQualifiedErrorId)] Exception $($_.InvocationInfo.PositionMessage).`n$($_.Exception.Message)");
+              exit 1;
+            }
+            PS
+          end
+
+          def try_catch(command)
+            %(try { & "#{command}" } catch { Write-Error $_.Exception; exit 1 })
+          end
+
+          def shell_init
+            <<~PS
+            $installRegKey = Get-ItemProperty -Path "HKLM:\\Software\\Puppet Labs\\Puppet" -ErrorAction 0
+            if(![string]::IsNullOrEmpty($installRegKey.RememberedInstallDir64)){
+              $boltBaseDir = $installRegKey.RememberedInstallDir64
+            }elseif(![string]::IsNullOrEmpty($installRegKey.RememberedInstallDir)){
+              $boltBaseDir = $installRegKey.RememberedInstallDir
+            }else{
+              $boltBaseDir = "${ENV:ProgramFiles}\\Puppet Labs\\Puppet"
+            }
+
+            $ENV:PATH += ";${boltBaseDir}\\bin\\;" +
+            "${boltBaseDir}\\puppet\\bin;" +
+            "${boltBaseDir}\\sys\\ruby\\bin\\"
+            $ENV:RUBYLIB = "${boltBaseDir}\\puppet\\lib;" +
+            "${boltBaseDir}\\facter\\lib;" +
+            "${boltBaseDir}\\hiera\\lib;" +
+            $ENV:RUBYLIB
+
+            function ConvertFrom-PSCustomObject
+            {
+            PARAM([Parameter(ValueFromPipeline = $true)] $InputObject)
+            PROCESS {
+              if ($null -eq $InputObject) { return $null }
+              if ($InputObject -is [System.Collections.IEnumerable] -and $InputObject -isnot [string]) {
+                $collection = @(
+                  foreach ($object in $InputObject) { ConvertFrom-PSCustomObject $object }
+                )
+
+                $collection
+              } elseif ($InputObject -is [System.Management.Automation.PSCustomObject]) {
+                $hash = @{}
+                foreach ($property in $InputObject.PSObject.Properties) {
+                  $hash[$property.Name] = ConvertFrom-PSCustomObject $property.Value
+                }
+
+                $hash
+              } else {
+                $InputObject
+              }
+            }
+            }
+
+            function Get-ContentAsJson
+            {
+            [CmdletBinding()]
+            PARAM(
+              [Parameter(Mandatory = $true)] $Text,
+              [Parameter(Mandatory = $false)] [Text.Encoding] $Encoding = [Text.Encoding]::UTF8
+            )
+
+            $Text | ConvertFrom-Json | ConvertFrom-PSCustomObject
+            }
+            PS
+          end
+        end
+      end
+    end
+  end
+end