sshkit-sudo-next 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: eaf0ceec3960adf1b245082ce6c353db05abf9e5a8941ed267454eb0a6b9683f
+  data.tar.gz: 64d65fd50dc8624827c2479c898f4c4a294bbb26814c204c613dfe5fb5d2d9cf
+SHA512:
+  metadata.gz: 061ddb73088198fd52acabba6a3db5d66ee7d965f8d34eaf1aef29af62e45bc41ef41a10565dca26cf85d132112da400534c22c507764f0dd315626190f6cf5f
+  data.tar.gz: a09448741593b69288b0f32cb1428eafd25e009063f651f8759f8614eb31b1ddd3b0267aa21a5cdd4a119bac250e75e5a28b463ec584fd44944faecf4b16056f

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sshkit-sudo-next.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright for portions of project ssh-sudo-next are held by Kentaro Imai, 2015 as part of project Bar. All other copyright for project Foo are held by Saverio Miroddi, 2021.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,10 @@
+# SSHKit::Sudo ("next" version)
+
+Fork of the [SSHKit::Sudo](https://github.com/kentaroi/sshkit-sudo.git) project, with significant cleanups and some improvements.
+
+As the original project, this gem allows:
+
+- sudo commands with password support;
+- perform all the tasks of a given session (eg. a whole deploy) as a specified user.
+
+We're in the process of preparing and releasing thorough documentation (estimated time: beginning of May/2021).

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/sshkit/sudo.rb

@@ -0,0 +1,5 @@
+require "sshkit/sudo/version"
+
+require 'sshkit/sudo/command'
+require 'sshkit/sudo/password_sending_interaction_handler'
+require 'sshkit/sudo/sudo_netssh'

data/lib/sshkit/sudo/command.rb

@@ -0,0 +1,14 @@
+require 'sshkit'
+
+# This is cosmetic, although it considerably improves the output. See  https://github.com/capistrano/sshkit/issues/490.
+#
+module SSHKit
+  class Command
+    def with(&_block)
+      return yield if options[:user]
+      env_string = environment_string
+      return yield if env_string.empty?
+      "( export #{env_string} ; #{yield} )"
+    end
+  end
+end

data/lib/sshkit/sudo/password_sending_interaction_handler.rb

@@ -0,0 +1,28 @@
+module SSHKit
+  module Sudo
+    # Slightly simplified version of the original:
+    #
+    # - assumed that there is a password
+    # - assumes the same pwd for the hosts
+    # - replaced the class/dead methods with constants
+    # - removed the InteractionHandler subclass
+    #
+    class PasswordSendingInteractionHandler
+      WRONG_PASSWORD_MESSAGE_REGEX = /Sorry.*\stry\sagain/
+      PASSWORD_PROMPT_REGEX = /[Pp]assword.*:/
+
+      def initialize(servers_password)
+        @servers_password = servers_password
+      end
+
+      def on_data(command, stream_name, data, channel)
+        raise "Wrong password!" if data =~ WRONG_PASSWORD_MESSAGE_REGEX
+
+        if data =~ PASSWORD_PROMPT_REGEX
+          pass = @servers_password
+          channel.send_data(pass)
+        end
+      end
+    end
+  end
+end

data/lib/sshkit/sudo/sudo_netssh.rb

@@ -0,0 +1,155 @@
+require 'sshkit'
+require_relative 'password_sending_interaction_handler'
+require_relative 'command'
+
+module SSHKit
+  module Backend
+    # Values that are static, like the filtered logging patterns, or the name of the env variables,
+    # can be implemented, if needed, as Configuration attributes.
+    #
+    class SudoNetssh < Netssh
+      PASSWORD_PROMPT_REGEX = /\[sudo\] password for \S+\:/
+
+      SKIP_STDOUT_LOGGING_PATTERNS = [
+        /^\r\n$/,
+        PASSWORD_PROMPT_REGEX, # Skipping this removes context from the wrong password prompt, but it's
+                               # still understandable.
+      ]
+
+      class << self
+        # `pool` is a class-level instance variable, so we can't use the superclass' attr_accessor.
+        # The attribute is only read though, so we don't need to handle assignments.
+        #
+        def pool
+          self.superclass.pool
+        end
+
+        # It's not possible to send a custom configuration class, so we need to create a custom one.
+        # The :owner could be an instance variable, but it's a bit ugly to use a different setting
+        # strategy.
+        #
+        def config
+          @config ||= Class.new(Netssh::Configuration) do
+            attr_accessor :owner, :servers_password, :commands_log
+          end.new
+        end
+      end
+
+      def initialize(*args, &block)
+        super
+
+        @interaction_handler = SSHKit::Sudo::PasswordSendingInteractionHandler.new(self.class.config.servers_password + "\n")
+      end
+
+      def capture(*args)
+        # To ensure that we clean out the sudo part when the results are returned,
+        # otherwise the commands will be corrupt.
+        #
+        super.gsub(PASSWORD_PROMPT_REGEX, '')
+      end
+
+      # Required because the uploaded file is owned by the SSH user, not the owner.
+      #
+      def upload!(local, remote, options = {})
+        super
+
+        # We can't check the user inside the :as block, because @user is root.
+        #
+        target_user = @user || self.class.config.owner
+
+        as :root do
+          execute :chown, target_user, remote
+        end
+      end
+
+      private
+
+      def command(args, options)
+        options[:interaction_handler] ||= @interaction_handler
+
+        env = (@env || {})
+
+        user = @user || self.class.config.owner
+
+        # As general Linux practice, switching user is not enough - some variables need to be updated
+        # as well.
+        # For an explanation, see https://saveriomiroddi.github.io/Chef-properly-run-a-resource-as-alternate-user.
+        #
+        user_home = user == 'root' ? '/root' : "/home/#{user}"
+        env = env.merge(user: user, home: user_home)
+
+        # Sshkit::Command#user runs commands in a non-login shell, so that variables are not inherited.
+        # We can workaround this by setting them in the env, which is `export`ed, however, only the
+        # specified ones are. Since `RAILS_ENV` is common, we pass it.
+        #
+        env = env.merge(rails_env: fetch(:rails_env))
+
+        SSHKit::Command.new(*args, options.merge(
+          {
+            in: pwd_path,
+            env: env,
+            host: @host,
+            user: user,
+            group: @group,
+          }
+        ))
+      end
+
+      def execute_command(cmd)
+        output.log_command_start(cmd)
+        cmd.started = true
+        exit_status = nil
+        with_ssh do |ssh|
+          ssh.open_channel do |chan|
+            chan.request_pty
+            prepared_command = cmd.to_command
+
+            if self.class.config.commands_log
+              IO.write(self.class.config.commands_log, prepared_command + "\n", mode: 'a')
+            end
+
+            chan.exec prepared_command do |_ch, _success|
+              chan.on_data do |ch, data|
+                cmd.on_stdout(ch, data)
+                skip_stdout_logging = SKIP_STDOUT_LOGGING_PATTERNS.any? { |pattern| data =~ pattern }
+                output.log_command_data(cmd, :stdout, data) unless skip_stdout_logging
+              end
+              chan.on_extended_data do |ch, _type, data|
+                cmd.on_stderr(ch, data)
+                output.log_command_data(cmd, :stderr, data)
+              end
+              chan.on_request("exit-status") do |_ch, data|
+                exit_status = data.read_long
+              end
+              #chan.on_request("exit-signal") do |ch, data|
+              #  # TODO: This gets called if the program is killed by a signal
+              #  # might also be a worthwhile thing to report
+              #  exit_signal = data.read_string.to_i
+              #  warn ">>> " + exit_signal.inspect
+              #  output.log_command_killed(cmd, exit_signal)
+              #end
+              chan.on_open_failed do |_ch|
+                # TODO: What do do here?
+                # I think we should raise something
+              end
+              chan.on_process do |_ch|
+                # TODO: I don't know if this is useful
+              end
+              chan.on_eof do |_ch|
+                # TODO: chan sends EOF before the exit status has been
+                # writtend
+              end
+            end
+            chan.wait
+          end
+          ssh.loop
+        end
+        # Set exit_status and log the result upon completion
+        if exit_status
+          cmd.exit_status = exit_status
+          output.log_command_exit(cmd)
+        end
+      end
+    end # class SudoNetssh
+  end # module Backend
+end # module SSHKit

data/lib/sshkit/sudo/version.rb

@@ -0,0 +1,5 @@
+module SSHKit
+  module Sudo
+    VERSION = "0.2.0"
+  end
+end

data/sshkit-sudo-next.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sshkit/sudo/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "sshkit-sudo-next"
+  spec.version       = SSHKit::Sudo::VERSION
+  spec.authors       = ["Saverio Miroddi"]
+  spec.email         = ["saverio.pub2@gmail.com"]
+  spec.summary       = %q{SSHKit extension, for sudo operation with password input.}
+  spec.description   = %q{SSHKit extension, for sudo operation with password input.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = ">= 1.9.3"
+
+  spec.add_dependency "sshkit", "~> 1.20.0"
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: sshkit-sudo-next
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Saverio Miroddi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-04-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sshkit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.20.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.20.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: SSHKit extension, for sudo operation with password input.
+email:
+- saverio.pub2@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/sshkit/sudo.rb
+- lib/sshkit/sudo/command.rb
+- lib/sshkit/sudo/password_sending_interaction_handler.rb
+- lib/sshkit/sudo/sudo_netssh.rb
+- lib/sshkit/sudo/version.rb
+- sshkit-sudo-next.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: SSHKit extension, for sudo operation with password input.
+test_files: []