smart_proxy_remote_execution_ssh 0.11.5 → 0.11.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ead6302544ae91969998c23632555b663222db89f47373124bb9be26a22e6f03
-  data.tar.gz: f84f4e02c28df57599852178c8d614a787d912c07480bf575642ab4d059767ee
+  metadata.gz: 946788d46f25e8418f94cc49bef39dbfe926007ab4ff3e267715dd8050f3d09e
+  data.tar.gz: 512b5546a2b45adde95543bf3cd34149115e0ae3782958a7de6d2c6e695557e8
 SHA512:
-  metadata.gz: 8951dd6d776ac92b65f0b63fc74f91aa903ec7f535186b82a073c8746ed50f749b393c441464fa31e565b5d4cce86b071c0e203d23de1a6cf9f08251f812ce2a
-  data.tar.gz: 42d4665bf10a47ed64052349530d87b747589c2beee1d7b64ca11b26e43abcc4094b4b2f5ce77207390387df3ecec57b190898c0ee8d2430da78aaea569ac8ec
+  metadata.gz: 01f22953e94eb55a52d96e91e49889a26708e3a0d2d6b4020ab8d3ee2a8924b5936e78c3d4b6d031e68fb02099de9bcdc03be4bf5c627a876915b5e8f8791bbe
+  data.tar.gz: b905fb0c16e1bc6708e242be564dfd70289d6f0ab20fdc78affa64edd1e099070a449367e55151dd11a099ec80d9c91893aac78c6fdb0a797cd3fb0191437d9b

data/lib/smart_proxy_remote_execution_ssh/runners/script_runner.rb

@@ -168,6 +168,7 @@ module Proxy::RemoteExecution::Ssh::Runners
         error: 'Failed to execute script on remote machine, exit code: %{exit_code}.'
       )
       unless @user_method.is_a? NoopUserMethod
+        ensure_effective_user_access(script)
         ensure_remote_command("#{@user_method.cli_command_prefix} #{script}",
                               error: 'Failed to change to effective user, exit code: %{exit_code}',
                               tty: true,
@@ -206,8 +207,11 @@ module Proxy::RemoteExecution::Ssh::Runners
       SCRIPT
       @remote_script_wrapper = upload_data(
         wrapper,
-        File.join(File.dirname(@remote_script), 'script-wrapper'),
-        555)
+        File.join(File.dirname(@remote_script), 'script-wrapper'))
+      ensure_effective_user_access(@remote_script_wrapper, @remote_script)
+      upload_data('', @output_path, 600)
+      ensure_effective_user_access(@output_path, mode: 'rw')
+      @remote_script_wrapper
     end
 
     # the script that initiates the execution
@@ -354,10 +358,10 @@ module Proxy::RemoteExecution::Ssh::Runners
     def cp_script_to_remote(script = @script, name = 'script')
       path = remote_command_file(name)
       @logger.debug("copying script to #{path}:\n#{indent_multiline(script)}")
-      upload_data(sanitize_script(script), path, 555)
+      upload_data(sanitize_script(script), path)
     end
 
-    def upload_data(data, path, permissions = 555)
+    def upload_data(data, path, permissions = 500)
       ensure_remote_directory File.dirname(path)
       # We use tee here to pipe stdin coming from ssh to a file at $path, while silencing its output
       # This is used to write to $path with elevated permissions, solutions using cat and output redirection
@@ -414,5 +418,11 @@ module Proxy::RemoteExecution::Ssh::Runners
         @expecting_disconnect = true
       end
     end
+
+    def ensure_effective_user_access(*paths, mode: 'rx')
+      unless @user_method.is_a? NoopUserMethod
+        ensure_remote_command("setfacl -m u:#{@user_method.effective_user}:#{mode} #{paths.join(' ')}")
+      end
+    end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/version.rb

@@ -1,7 +1,7 @@
 module Proxy
   module RemoteExecution
     module Ssh
-      VERSION = '0.11.5'
+      VERSION = '0.11.7'
     end
   end
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_remote_execution_ssh
 version: !ruby/object:Gem::Version
-  version: 0.11.5
+  version: 0.11.7
 platform: ruby
 authors:
 - Ivan Nečas
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-18 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -94,6 +93,46 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.82.0
+- !ruby/object:Gem::Dependency
+  name: ed25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt_pbkdf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: smart_proxy_dynflow
   requirement: !ruby/object:Gem::Requirement
@@ -148,8 +187,8 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files:
-- README.md
 - LICENSE
+- README.md
 files:
 - LICENSE
 - README.md
@@ -183,7 +222,6 @@ homepage: https://github.com/theforeman/smart_proxy_remote_execution_ssh
 licenses:
 - GPL-3.0-only
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -198,8 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.27
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Ssh remote execution provider for Foreman Smart-Proxy
 test_files: []