Skip to content

Commit

Permalink
Merge pull request #75 from scrapli/improve-escalate-auth-handling
Browse files Browse the repository at this point in the history 
improve escalate auth handling, redact passwords from channel log
  • Loading branch information
@carlmontanari
carlmontanari authored May 6, 2022
2 parents 60c60d9 + f851cca commit befdd99
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 4 deletions.
4 changes: 3 additions & 1 deletion channel/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ const (
passphraseSeenMax = 2
// MaxTimeout maximum allowable timeout value -- one day.
MaxTimeout = 86_400

redactedLog = "REDACTED"
)

// Channel struct representing the channel object.
Expand Down Expand Up @@ -66,7 +68,7 @@ type channelResult struct {
func (c *Channel) Write(channelInput []byte, redacted bool) error {
logOutput := string(channelInput)
if redacted {
logOutput = "REDACTED"
logOutput = redactedLog
}

logging.LogDebug(c.FormatLogMessage("write", fmt.Sprintf("write: %s", logOutput)))
Expand Down
7 changes: 6 additions & 1 deletion channel/sendinteractive.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,17 @@ func (c *Channel) sendInteractive(

hideInput := event.HideInput

logChannelInput := string(channelInput)
if hideInput {
logChannelInput = redactedLog
}

logging.LogDebug(
c.FormatLogMessage(
"info",
fmt.Sprintf(
"\"sending interactive input: %s; expecting: %s; hidden input: %v",
channelInput,
logChannelInput,
channelResponse,
hideInput,
),
Expand Down
11 changes: 10 additions & 1 deletion driver/network/privilege.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,16 @@ func (d *Driver) escalate(escalatePriv string) error {
HideInput: true,
},
}
_, err = d.Channel.SendInteractive(events, []string{d.PrivilegeLevels[escalatePriv].Pattern}, -1)
_, err = d.Channel.SendInteractive(
events,
[]string{
// check for the current (previous priv) and escalate (desired priv) patterns,
// either would indicate we are "good to go".
d.PrivilegeLevels[d.PrivilegeLevels[escalatePriv].PreviousPriv].Pattern,
d.PrivilegeLevels[escalatePriv].Pattern,
},
-1,
)
}

return err
Expand Down
1 change: 1 addition & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ require (
github.com/google/go-cmp v0.5.6
github.com/sirikothe/gotextfsm v1.0.1-0.20200816110946-6aa2cfd355e4
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 // indirect
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
)
3 changes: 2 additions & 1 deletion go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@ github.com/sirikothe/gotextfsm v1.0.1-0.20200816110946-6aa2cfd355e4/go.mod h1:CJ
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg=
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60=
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
Expand Down

0 comments on commit befdd99

Please sign in to comment.