diff options
| author | Stan Hu <stanhu@gmail.com> | 2021-11-10 12:31:58 -0800 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2021-11-10 16:48:26 -0800 |
| commit | 672013e702cb44c3bc1b46807703295448dc0afc (patch) | |
| tree | 01195d4a7b4e1415d22cb09e41a6feee182dd4d6 /cmd/gitlab-shell/command/command_test.go | |
| parent | 5cccb38df60b9ecef744e8bf1cbdff68066e9d5e (diff) | |
| download | gitlab-shell-672013e702cb44c3bc1b46807703295448dc0afc.tar.gz | |
Relax key and username matching for sshdsh-improve-key-matching-sshd
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:
```
/path/to/gitlab-shell -c key-id
```
However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:
```
Failed to get username: who='' is invalid
```
This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:
```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```
While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
Diffstat (limited to 'cmd/gitlab-shell/command/command_test.go')
| -rw-r--r-- | cmd/gitlab-shell/command/command_test.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/cmd/gitlab-shell/command/command_test.go b/cmd/gitlab-shell/command/command_test.go index 2aeee59..ba0db7d 100644 --- a/cmd/gitlab-shell/command/command_test.go +++ b/cmd/gitlab-shell/command/command_test.go @@ -170,6 +170,27 @@ func TestParseSuccess(t *testing.T) { expectedArgs: &commandargs.Shell{Arguments: []string{"hello", "username-key-123"}, SshArgs: []string{}, CommandType: commandargs.Discover, GitlabUsername: "key-123", Env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}}, }, { + desc: "It finds the key id if the key is listed as the last argument", + executable: &executable.Executable{Name: executable.GitlabShell}, + env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}, + arguments: []string{"hello", "gitlab-shell -c key-123"}, + expectedArgs: &commandargs.Shell{Arguments: []string{"hello", "gitlab-shell -c key-123"}, SshArgs: []string{}, CommandType: commandargs.Discover, GitlabKeyId: "123", Env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}}, + }, + { + desc: "It finds the username if the username is listed as the last argument", + executable: &executable.Executable{Name: executable.GitlabShell}, + env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}, + arguments: []string{"hello", "gitlab-shell -c username-jane-doe"}, + expectedArgs: &commandargs.Shell{Arguments: []string{"hello", "gitlab-shell -c username-jane-doe"}, SshArgs: []string{}, CommandType: commandargs.Discover, GitlabUsername: "jane-doe", Env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}}, + }, + { + desc: "It finds the key id only if the last argument is of <key-id> format", + executable: &executable.Executable{Name: executable.GitlabShell}, + env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}, + arguments: []string{"hello", "gitlab-shell -c username-key-123"}, + expectedArgs: &commandargs.Shell{Arguments: []string{"hello", "gitlab-shell -c username-key-123"}, SshArgs: []string{}, CommandType: commandargs.Discover, GitlabUsername: "key-123", Env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}}, + }, + { desc: "It finds the username in any passed arguments", executable: &executable.Executable{Name: executable.GitlabShell}, env: sshenv.Env{IsSSHConnection: true, RemoteAddr: "1"}, |