From 9cc7ed5e5dc5d5047ed616a065e30a5a7c86c7f7 Mon Sep 17 00:00:00 2001 From: xin liang Date: Mon, 25 Sep 2023 14:30:14 +0800 Subject: [PATCH 1/4] Fix: utils: Add 'sudo' only when there is a sudoer(bsc#1215549) --- crmsh/utils.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crmsh/utils.py b/crmsh/utils.py index 978eeac4e3..ee6d87808d 100644 --- a/crmsh/utils.py +++ b/crmsh/utils.py @@ -184,7 +184,9 @@ def _get_user_of_host_from_config(host): def _guess_user_for_ssh(host: str) -> typing.Tuple[str, str]: args = ['ssh'] args.extend(constants.SSH_OPTION_ARGS) - args.extend(['-o', 'BatchMode=yes', host, 'sudo', 'true']) + sudo_str = 'sudo ' if userdir.get_sudoer() else '' + cmd_str = f"-o BatchMode=yes {host} {sudo_str}true" + args.extend(shlex.split(cmd_str)) rc = subprocess.call( args, stdin=subprocess.DEVNULL, From dcb8b48013cba18ef2c89226837dac1a730de32e Mon Sep 17 00:00:00 2001 From: xin liang Date: Tue, 26 Sep 2023 10:48:34 +0800 Subject: [PATCH 2/4] Dev: report: Redirect warning and error from remote node into stderr --- crmsh/report/utillib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crmsh/report/utillib.py b/crmsh/report/utillib.py index e66049d711..b006ffb15a 100644 --- a/crmsh/report/utillib.py +++ b/crmsh/report/utillib.py @@ -1373,7 +1373,7 @@ def start_slave_collector(node, arg_str): logger.warning(err) break if err: - print(err) + print(err, file=sys.stderr) if out == '': # if we couldn't get anything return From e7758ea61c60fe715c8fd2041e837c9358dedfda Mon Sep 17 00:00:00 2001 From: xin liang Date: Tue, 26 Sep 2023 11:37:12 +0800 Subject: [PATCH 3/4] Dev: behave: Move path setting into background --- test/features/cluster_api.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/features/cluster_api.feature b/test/features/cluster_api.feature index cea6350404..61140699b5 100644 --- a/test/features/cluster_api.feature +++ b/test/features/cluster_api.feature @@ -18,11 +18,11 @@ Feature: Functional test to cover SAP clusterAPI And Wait "3" seconds Then Resource "d" type "Dummy" is "Started" And Show cluster status on "hanode1" + When Run "echo 'export PATH=$PATH:/usr/sbin/' > ~hacluster/.bashrc" on "hanode1" + When Run "echo 'export PATH=$PATH:/usr/sbin/' > ~hacluster/.bashrc" on "hanode2" @clean Scenario: Start and stop resource by hacluster - When Run "echo 'export PATH=$PATH:/usr/sbin/' >> ~hacluster/.bashrc" on "hanode1" - When Run "echo 'export PATH=$PATH:/usr/sbin/' >> ~hacluster/.bashrc" on "hanode2" When Run "su - hacluster -c 'crm resource stop d'" on "hanode1" Then Expected return code is "0" When Wait "3" seconds From eb6a2ddae35e13c4ffa6cd43f4fe17f5173cd307 Mon Sep 17 00:00:00 2001 From: xin liang Date: Wed, 29 Nov 2023 17:51:42 +0800 Subject: [PATCH 4/4] Dev: utils: To prevent shell injection, manipulate the argument array instead of the command line string --- crmsh/utils.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crmsh/utils.py b/crmsh/utils.py index ee6d87808d..d48acf10b6 100644 --- a/crmsh/utils.py +++ b/crmsh/utils.py @@ -184,9 +184,10 @@ def _get_user_of_host_from_config(host): def _guess_user_for_ssh(host: str) -> typing.Tuple[str, str]: args = ['ssh'] args.extend(constants.SSH_OPTION_ARGS) - sudo_str = 'sudo ' if userdir.get_sudoer() else '' - cmd_str = f"-o BatchMode=yes {host} {sudo_str}true" - args.extend(shlex.split(cmd_str)) + if userdir.get_sudoer(): + args.extend(['-o', 'BatchMode=yes', host, 'sudo', 'true']) + else: + args.extend(['-o', 'BatchMode=yes', host, 'true']) rc = subprocess.call( args, stdin=subprocess.DEVNULL,