diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-05-23 13:19:46 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-05-23 16:55:07 -0700 |
commit | b914693a33ffcf0764ea9bc87bcc573e5ddf9943 (patch) | |
tree | a5f1451810cf940d03aa33d0761aa82b050e819e /src/connection/sudo.lisp | |
parent | e4bda1ac845991cb79e6f3ad21db1d54ee36ddd2 (diff) | |
download | consfigurator-b914693a33ffcf0764ea9bc87bcc573e5ddf9943.tar.gz |
convert CONNECTION slots to connattrs & fix finding homedirs
HOME does not take into account /etc/passwd inside the chroot, even when
starting a login shell with, e.g., "chroot /chroot sh -lc 'echo $HOME'" -- we
would need something which emulates login(1), like su(1), but the -c argument
to su(1) is not portable. getent(1) is not POSIX. So use tilde expansion.
Additionally, avoid having UPLOAD-ALL-PREREQUISITE-DATA store values for the
remote UID, remote homedir etc. from *before* the chroot/setuid operation.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection/sudo.lisp')
-rw-r--r-- | src/connection/sudo.lisp | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/connection/sudo.lisp b/src/connection/sudo.lisp index 5ff326d..7896761 100644 --- a/src/connection/sudo.lisp +++ b/src/connection/sudo.lisp @@ -43,7 +43,7 @@ (declare (ignore remaining)) (informat 1 "~&Establishing sudo connection to ~A" user) (make-instance 'sudo-connection - :user user + :connattrs `(:remote-user ,user) ;; we'll send the password followed by ^M, then the real ;; stdin. use CODE-CHAR in this way so that we can be sure ;; ASCII ^M is what will get emitted. @@ -53,10 +53,7 @@ (string (code-char 13))))))) (defclass sudo-connection (shell-wrap-connection) - ((user - :initarg :user) - (password - :initarg :password))) + ((password :initarg :password))) (defmethod get-sudo-password ((connection sudo-connection)) (let ((value (slot-value connection 'password))) @@ -66,7 +63,7 @@ ;; wrap in sh -c so that it is more likely we are either asked for a ;; password for all our commands or not asked for one for any (format nil "sudo -HkS --prompt=\"\" --user=~A sh -c ~A" - (slot-value connection 'user) (escape-sh-token cmd))) + (connection-connattr connection :remote-user) (escape-sh-token cmd))) (defmethod connection-run ((c sudo-connection) cmd (input null)) (call-next-method c cmd (get-sudo-password c))) |