Merge branch 'hans/ssh/execfix18/OTP-14881' into maint-18

* hans/ssh/execfix18/OTP-14881: ssh: Fix cli ssh: Test for disabled shell
author: Erlang/OTP <otp@erlang.org> 2018-03-02 12:40:23 +0100
committer: Erlang/OTP <otp@erlang.org> 2018-03-02 12:40:23 +0100
commit: 5105992b03757bd0f4ee47b7852da19766a009e3 (patch)
tree: f778e356fc895ad20dd0cb47cb317b089200cc2c
parent: 8c3a10c0049fb197f438fef5380a85d7e1c53396 (diff)
parent: 7d44b20a3346132d3f2800a567c2130820732f32 (diff)
download: erlang-5105992b03757bd0f4ee47b7852da19766a009e3.tar.gz
4 files changed, 99 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 54f94acbdc..96a51bcefc 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -134,7 +134,7 @@ daemon(Port, Options) ->
 daemon(HostAddr, Port, Options0) ->
     Options1 = case proplists:get_value(shell, Options0) of
 		   undefined ->
-		       [{shell, {shell, start, []}}  | Options0];
+		       [{shell, ?DEFAULT_SHELL}  | Options0];
 		   _ ->
 		       Options0
 	       end,
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index b27e91213d..7ac861096e 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -33,6 +33,12 @@
 -define(REKEY_DATA_TIMOUT, 60000).
 -define(DEFAULT_PROFILE, default).
 
+-define(DEFAULT_TRANSPORT,  {tcp, gen_tcp, tcp_closed} ).
+
+-define(DEFAULT_SHELL, {shell, start, []} ).
+
+-define(MAX_RND_PADDING_LEN, 15).
+
 -define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password").
 -define(SUPPORTED_USER_KEYS, ['ssh-rsa','ssh-dss','ecdsa-sha2-nistp256','ecdsa-sha2-nistp384','ecdsa-sha2-nistp521']).
 
diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl
index 71f62a960e..6bb2f17e88 100644
--- a/lib/ssh/src/ssh_cli.erl
+++ b/lib/ssh/src/ssh_cli.erl
@@ -112,7 +112,8 @@ handle_ssh_msg({ssh_cm, ConnectionHandler,
 			cm = ConnectionHandler}};
 
 handle_ssh_msg({ssh_cm, ConnectionHandler,
-		{exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined} = State) ->
+		{exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined,
+                                                           shell=?DEFAULT_SHELL} = State) ->
     {Reply, Status} = exec(Cmd),
     write_chars(ConnectionHandler,
 		ChannelId, io_lib:format("~p\n", [Reply])),
@@ -121,6 +122,15 @@ handle_ssh_msg({ssh_cm, ConnectionHandler,
     ssh_connection:exit_status(ConnectionHandler, ChannelId, Status),
     ssh_connection:send_eof(ConnectionHandler, ChannelId),
     {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}};
+
+handle_ssh_msg({ssh_cm, ConnectionHandler,
+		{exec, ChannelId, WantReply, _Cmd}}, #state{exec = undefined} = State) ->
+    write_chars(ConnectionHandler, ChannelId, 1, "Prohibited.\n"),
+    ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId),
+    ssh_connection:exit_status(ConnectionHandler, ChannelId, 255),
+    ssh_connection:send_eof(ConnectionHandler, ChannelId),
+    {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}};
+
 handle_ssh_msg({ssh_cm, ConnectionHandler,
 		{exec, ChannelId, WantReply, Cmd}}, State) ->
     NewState = start_shell(ConnectionHandler, Cmd, State),
@@ -431,12 +441,15 @@ move_cursor(From, To, #ssh_pty{width=Width, term=Type}) ->
 %% %%% make sure that there is data to send
 %% %%% before calling ssh_connection:send
 write_chars(ConnectionHandler, ChannelId, Chars) ->
+    write_chars(ConnectionHandler, ChannelId, ?SSH_EXTENDED_DATA_DEFAULT, Chars).
+
+write_chars(ConnectionHandler, ChannelId, Type, Chars) ->
     case erlang:iolist_size(Chars) of
-	0 ->
+        0 ->
 	    ok;
-       _ ->
+        _ ->
 	    ssh_connection:send(ConnectionHandler, ChannelId,
-				?SSH_EXTENDED_DATA_DEFAULT, Chars)
+				Type, Chars)
     end.
 
 %%% tail, works with empty lists
diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl
index 6e90faf0e8..a37c086303 100644
--- a/lib/ssh/test/ssh_connection_SUITE.erl
+++ b/lib/ssh/test/ssh_connection_SUITE.erl
@@ -43,6 +43,8 @@ all() ->
     [
      {group, openssh},
      interrupted_send,
+     exec_erlang_term,
+     exec_erlang_term_non_default_shell,
      start_shell,
      start_shell_exec,
      start_shell_exec_fun,
@@ -424,6 +426,79 @@ start_shell_exec(Config) when is_list(Config) ->
     ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
+exec_erlang_term(Config) when is_list(Config) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = proplists:get_value(data_dir, Config),
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
+					     {password, "morot"}
+                                            ]),
+
+    ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+						      {user, "foo"},
+						      {password, "morot"},
+						      {user_interaction, true},
+						      {user_dir, UserDir}]),
+
+    {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
+
+    success = ssh_connection:exec(ConnectionRef, ChannelId0,
+				  "1+2.", infinity),
+    TestResult =
+        receive
+            {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"3",_/binary>>}} = R ->
+                ct:log("Got expected ~p",[R]);
+            Other ->
+                ct:log("Got unexpected ~p",[Other])
+        after 5000 ->
+                {fail,"Exec Timeout"}
+        end,
+
+    ssh:close(ConnectionRef),
+    ssh:stop_daemon(Pid),
+    TestResult.
+
+%%--------------------------------------------------------------------
+exec_erlang_term_non_default_shell(Config) when is_list(Config) ->
+    PrivDir = proplists:get_value(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = proplists:get_value(data_dir, Config),
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
+					     {password, "morot"},
+                                             {shell, fun(U, H) -> start_our_shell(U, H) end}
+                                            ]),
+
+    ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+						      {user, "foo"},
+						      {password, "morot"},
+						      {user_interaction, true},
+						      {user_dir, UserDir}
+                                                     ]),
+
+    {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
+
+    success = ssh_connection:exec(ConnectionRef, ChannelId0,
+				  "1+2.", infinity),
+    TestResult =
+        receive
+            {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"3",_/binary>>}} = R ->
+                ct:log("Got unexpected ~p",[R]),
+                {fail,"Could exec erlang term although non-erlang shell"};
+            Other ->
+                ct:log("Got expected ~p",[Other])
+        after 5000 ->
+                {fail, "Exec Timeout"}
+        end,
+
+    ssh:close(ConnectionRef),
+    ssh:stop_daemon(Pid),
+    TestResult.
+
+%%--------------------------------------------------------------------
 start_shell_exec_fun() ->
     [{doc, "start shell to exec command"}].
author	Erlang/OTP <otp@erlang.org>	2018-03-02 12:40:23 +0100
committer	Erlang/OTP <otp@erlang.org>	2018-03-02 12:40:23 +0100
commit	5105992b03757bd0f4ee47b7852da19766a009e3 (patch)
tree	f778e356fc895ad20dd0cb47cb317b089200cc2c
parent	8c3a10c0049fb197f438fef5380a85d7e1c53396 (diff)
parent	7d44b20a3346132d3f2800a567c2130820732f32 (diff)
download	erlang-5105992b03757bd0f4ee47b7852da19766a009e3.tar.gz