From 7cf37a10fd9c4899164fb72c8631118b252acd74 Mon Sep 17 00:00:00 2001 From: Oleksii Kliukin Date: Thu, 18 Jun 2020 23:36:42 +0200 Subject: [PATCH 1/2] Allow uploading files even when permissions cannot be set. By default, the "file" function uses sftp to upload the target file to the server. During the upload, the Net::SFTP::Foreign runs chmod unconditionally, failing if the target file is not owned by the ssh user, unless that user is a root. This commit changes that behavior by passing an optional "best_effort" flag that instructs sftp to continue even if setting permissions has failed. As a result, an unprivileged user will be able to use Rex scenarios that call the "file" function without getting permission denied errors. --- lib/Rex/Interface/Fs/OpenSSH.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Rex/Interface/Fs/OpenSSH.pm b/lib/Rex/Interface/Fs/OpenSSH.pm index 01eea6652..b9ddaa849 100644 --- a/lib/Rex/Interface/Fs/OpenSSH.pm +++ b/lib/Rex/Interface/Fs/OpenSSH.pm @@ -142,7 +142,7 @@ sub upload { Rex::Commands::profiler()->start("upload: $source -> $target"); my $sftp = Rex::get_sftp(); - unless ( $sftp->put( $source, $target ) ) { + unless ( $sftp->put( $source, $target, best_effort => 1) ) { Rex::Logger::debug("upload: $target is not writable"); Rex::Commands::profiler()->end("upload: $source -> $target"); From 1935065ea0005c63fe2b4c19c5184ac61a0c7c7a Mon Sep 17 00:00:00 2001 From: Chris Traverswq Date: Wed, 15 Jul 2020 09:51:10 +0200 Subject: [PATCH 2/2] Only apply best effort option if sudo is not available. This ensures the current behavior continues for ops but best effort for writeable files allows other teams to apply changes. Also began some initial POD for the OpenSSH module in functions touched. --- lib/Rex/Interface/Fs/OpenSSH.pm | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/Rex/Interface/Fs/OpenSSH.pm b/lib/Rex/Interface/Fs/OpenSSH.pm index b9ddaa849..80784e302 100644 --- a/lib/Rex/Interface/Fs/OpenSSH.pm +++ b/lib/Rex/Interface/Fs/OpenSSH.pm @@ -136,13 +136,32 @@ sub stat { return %ret; } +=pod + +=head3 OpenSSH->upload($source, $target) + +Uploads an item from source to target. + +If sudo is enabled for the connection will set permissions etc too. +Otherwise will only attempt to set permissions, and continue successfully +if not. + +=cut + sub upload { my ( $self, $source, $target ) = @_; Rex::Commands::profiler()->start("upload: $source -> $target"); my $sftp = Rex::get_sftp(); - unless ( $sftp->put( $source, $target, best_effort => 1) ) { + + # If we are not sudo, we need to fall back to best effort on + # file upload. The %best_effort hash will evaluate be expanded + # to best_effort => 1 if and and only if is_sudo returns false. + + my %best_effort = (); + $best_effort{best_effort} = 1 unless Rex::is_sudo(); + unless ( $sftp->put( $source, $target, %best_effort) ) { Rex::Logger::debug("upload: $target is not writable"); Rex::Commands::profiler()->end("upload: $source -> $target");