Page MenuHomestyx hydra
Files F570891

No OneTemporary
Actions

View Options

diff --git a/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php b/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
index ab0dd94e3e..4e015afab0 100644
--- a/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
+++ b/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
@@ -1,52 +1,57 @@
<?php
final class DrydockSSHCommandInterface extends DrydockCommandInterface {
+ private $passphraseSSHKey;
+
+ private function openCredentialsIfNotOpen() {
+ if ($this->passphraseSSHKey !== null) {
+ return;
+ }
+
+ $credential = id(new PassphraseCredentialQuery())
+ ->setViewer(PhabricatorUser::getOmnipotentUser())
+ ->withIDs(array($this->getConfig('credential')))
+ ->needSecrets(true)
+ ->executeOne();
+
+ if ($credential->getProvidesType() !==
+ PassphraseCredentialTypeSSHPrivateKey::PROVIDES_TYPE) {
+ throw new Exception("Only private key credentials are supported.");
+ }
+
+ $this->passphraseSSHKey = PassphraseSSHKey::loadFromPHID(
+ $credential->getPHID(),
+ PhabricatorUser::getOmnipotentUser());
+ }
+
public function getExecFuture($command) {
+ $this->openCredentialsIfNotOpen();
+
$argv = func_get_args();
// This assumes there's a UNIX shell living at the other
// end of the connection, which isn't the case for Windows machines.
if ($this->getConfig('platform') !== 'windows') {
$argv = $this->applyWorkingDirectoryToArgv($argv);
}
$full_command = call_user_func_array('csprintf', $argv);
if ($this->getConfig('platform') === 'windows') {
// On Windows platforms we need to execute cmd.exe explicitly since
// most commands are not really executables.
$full_command = 'C:\\Windows\\system32\\cmd.exe /C '.$full_command;
}
// NOTE: The "-t -t" is for psuedo-tty allocation so we can "sudo" on some
// systems, but maybe more trouble than it's worth?
-
- $credential = id(new PassphraseCredentialQuery())
- ->setViewer(PhabricatorUser::getOmnipotentUser())
- ->withIDs(array($this->getConfig('credential')))
- ->needSecrets(true)
- ->executeOne();
-
- // FIXME: We can't use text-based SSH files here because the TempFile goes
- // out of scope after this function ends and thus the file gets removed
- // before it can be used.
- if ($credential->getCredentialType() !==
- PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE) {
- throw new Exception("Only private key file credentials are supported.");
- }
-
- $ssh_key = PassphraseSSHKey::loadFromPHID(
- $credential->getPHID(),
- PhabricatorUser::getOmnipotentUser());
-
return new ExecFuture(
- 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s',
+ 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %P %P@%s -- %s',
$this->getConfig('port'),
- $ssh_key->getKeyfileEnvelope()->openEnvelope(),
- $credential->getUsername(),
+ $this->passphraseSSHKey->getKeyfileEnvelope(),
+ $this->passphraseSSHKey->getUsernameEnvelope(),
$this->getConfig('host'),
$full_command);
}
-
}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Sep 20, 3:12 AM (7 h, 3 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
241384
Default Alt Text
(3 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)