Revision 216728d0
Added by Sam Kottler over 11 years ago
- ID 216728d09495fe5a2940760df702910642853bca
| lib/proxy/puppet.rb | ||
|---|---|---|
|
|
||
|
|
||
|
class << self
|
||
|
require 'open3'
|
||
|
def run *hosts
|
||
|
# Search in /opt/ for puppet enterprise users
|
||
|
default_path = ["/usr/sbin", "/usr/bin", "/opt/puppet/bin"]
|
||
| ... | ... | |
|
logger.warn "sudo or puppetrun binary was not found - aborting"
|
||
|
return false
|
||
|
end
|
||
|
# Append kick to the puppet command if we are not using the old puppetca command
|
||
|
puppetrun << " kick" unless puppetrun.include?('puppetrun')
|
||
|
|
||
|
command = %x[#{sudo} #{puppetrun} --host #{hosts.join(" --host ")}]
|
||
|
unless command =~ /finished with exit code 0/
|
||
|
logger.warn command
|
||
|
return false
|
||
|
puppet_cmd = [puppetrun]
|
||
|
puppet_cmd += ["kick"] unless puppetrun.include?('puppetrun')
|
||
|
|
||
|
# Add a --host argument for each client where a run was requested.
|
||
|
hosts.map { |h| puppet_cmd += ["--host", escape_for_shell(h)] }
|
||
|
|
||
|
# Returns a boolean with whether or not the command executed successfully.
|
||
|
Open3.popen3(*puppet_cmd) do |stdin, stdout, stderr|
|
||
|
stdrout = stdout.read
|
||
|
if stdrout =~ /finished with exit code 0/
|
||
|
return true
|
||
|
else
|
||
|
logger.warn "The attempted puppetrun failed: \n#{stderr.read}\n#{stdrout}"
|
||
|
return false
|
||
|
end
|
||
|
end
|
||
|
return true
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| lib/proxy/util.rb | ||
|---|---|---|
|
require 'open3'
|
||
|
require 'shellwords'
|
||
|
|
||
|
module Proxy::Util
|
||
|
|
||
| ... | ... | |
|
logger.warn e
|
||
|
return false
|
||
|
end
|
||
|
|
||
|
def self.escape_for_shell(command)
|
||
|
# This is a backport for using the core Shellwords#escape that's in 1.9.2
|
||
|
# when using 1.8.7.
|
||
|
if RUBY_VERSION < '1.9.2'
|
||
|
return command.shellescape if command.respond_to? :shellescape
|
||
|
|
||
|
# An empty argument will be skipped, so return empty quotes.
|
||
|
return "''" if command.empty?
|
||
|
command = command.dup
|
||
|
|
||
|
# Process as a single byte sequence because not all shell
|
||
|
# implementations are multibyte aware.
|
||
|
command.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1")
|
||
|
command.gsub!(/\n/, "'\n'")
|
||
|
|
||
|
return command
|
||
|
else
|
||
|
Shellwords.escape(command)
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| test/util_test.rb | ||
|---|---|---|
|
assert Proxy::Util.instance_methods.include? RUBY_VERSION >= '1.9.3' ? :which : "which"
|
||
|
end
|
||
|
|
||
|
def test_util_shell_escape
|
||
|
assert Proxy::Util.methods.include? RUBY_VERSION >= '1.9.3' ? :escape_for_shell : "escape_for_shell"
|
||
|
assert_equal Proxy::Util.escape_for_shell("; rm -rf"), '\;\ rm\ -rf'
|
||
|
assert_equal Proxy::Util.escape_for_shell("vm.test.com,physical.test.com"), "vm.test.com,physical.test.com"
|
||
|
assert_equal Proxy::Util.escape_for_shell("vm.test.com physical.test.com"), 'vm.test.com\ physical.test.com'
|
||
|
end
|
||
|
|
||
|
def test_commandtask_with_echo_exec
|
||
|
t = Proxy::Util::CommandTask.new('echo test')
|
||
|
# ruby 1.9 seems to return nil for $? in open3
|
||
Also available in: Unified diff
Fixed CVE-2013-0210 and added test for new escape method