opendev/gerrit
Code Issues Proposed changes

Allow suexec to run any command as any user

Browse Source 
The suexec command can only be run by a peer daemon, and permits
the daemon to execute another command as a specific user identity.

This is the foundation of allowing writes to be proxied from a
slave server into the master, the slave just needs to SSH into the
master and use suexec in front of the user supplied command line
to perform an action on their behalf on the master.

Unfortunately this means we have to trust the slave process, as it
can become anyone, including an administrator.  A better approach
would be to use agent authentication and authenticate back through
the slave to the user's agent process, but not every user connection
may be using an agent.  In particular batch jobs might be using an
unencrypted key and no agent to authenticate.

Change-Id: Icb8ddb16959f01189a6c0bdfc8fec45cdd99659b
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2010-01-16 14:27:28 -08:00
parent 1fc80a6eba
commit 2f8b9bc3b7
15 changed files with 411 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java
View File

@@ -33,6 +33,7 @@ import com.google.gerrit.sshd.args4j.AccountGroupIdHandler;
import com.google.gerrit.sshd.args4j.AccountIdHandler;
import com.google.gerrit.sshd.args4j.PatchSetIdHandler;
import com.google.gerrit.sshd.args4j.ProjectControlHandler;
import com.google.gerrit.sshd.args4j.SocketAddressHandler;
import com.google.gerrit.sshd.commands.DefaultCommandModule;
import com.google.gerrit.sshd.commands.QueryShell;
import com.google.gerrit.util.cli.CmdLineParser;
@@ -53,8 +54,6 @@ import java.net.SocketAddress;
/** Configures standard dependencies for {@link SshDaemon}. */
public class SshModule extends FactoryModule {
private static final String NAME = "Gerrit Code Review";
@Override
protected void configure() {
bindScope(RequestScoped.class, SshScope.REQUEST);
@@ -70,7 +69,7 @@ public class SshModule extends FactoryModule {
factory(PeerDaemonUser.Factory.class);
bind(DispatchCommandProvider.class).annotatedWith(Commands.CMD_ROOT)
.toInstance(new DispatchCommandProvider(NAME, Commands.CMD_ROOT));
.toInstance(new DispatchCommandProvider("", Commands.CMD_ROOT));
bind(CommandFactoryProvider.class);
bind(CommandFactory.class).toProvider(CommandFactoryProvider.class);
@@ -115,6 +114,7 @@ public class SshModule extends FactoryModule {
registerOptionHandler(AccountGroup.Id.class, AccountGroupIdHandler.class);
registerOptionHandler(PatchSet.Id.class, PatchSetIdHandler.class);
registerOptionHandler(ProjectControl.class, ProjectControlHandler.class);
registerOptionHandler(SocketAddress.class, SocketAddressHandler.class);
}
private <T> void registerOptionHandler(Class<T> type,