diff --git a/channel/base.go b/channel/base.go index 3a10973..6d9e252 100644 --- a/channel/base.go +++ b/channel/base.go @@ -37,6 +37,8 @@ const ( passphraseSeenMax = 2 // MaxTimeout maximum allowable timeout value -- one day. MaxTimeout = 86_400 + + redactedLog = "REDACTED" ) // Channel struct representing the channel object. @@ -66,7 +68,7 @@ type channelResult struct { func (c *Channel) Write(channelInput []byte, redacted bool) error { logOutput := string(channelInput) if redacted { - logOutput = "REDACTED" + logOutput = redactedLog } logging.LogDebug(c.FormatLogMessage("write", fmt.Sprintf("write: %s", logOutput))) diff --git a/channel/sendinteractive.go b/channel/sendinteractive.go index e55e6f0..37bcd4e 100644 --- a/channel/sendinteractive.go +++ b/channel/sendinteractive.go @@ -38,12 +38,17 @@ func (c *Channel) sendInteractive( hideInput := event.HideInput + logChannelInput := string(channelInput) + if hideInput { + logChannelInput = redactedLog + } + logging.LogDebug( c.FormatLogMessage( "info", fmt.Sprintf( "\"sending interactive input: %s; expecting: %s; hidden input: %v", - channelInput, + logChannelInput, channelResponse, hideInput, ), diff --git a/driver/network/privilege.go b/driver/network/privilege.go index c3bde6e..acea36c 100644 --- a/driver/network/privilege.go +++ b/driver/network/privilege.go @@ -58,7 +58,16 @@ func (d *Driver) escalate(escalatePriv string) error { HideInput: true, }, } - _, err = d.Channel.SendInteractive(events, []string{d.PrivilegeLevels[escalatePriv].Pattern}, -1) + _, err = d.Channel.SendInteractive( + events, + []string{ + // check for the current (previous priv) and escalate (desired priv) patterns, + // either would indicate we are "good to go". + d.PrivilegeLevels[d.PrivilegeLevels[escalatePriv].PreviousPriv].Pattern, + d.PrivilegeLevels[escalatePriv].Pattern, + }, + -1, + ) } return err diff --git a/go.mod b/go.mod index e7682a9..b2ba243 100644 --- a/go.mod +++ b/go.mod @@ -8,5 +8,6 @@ require ( github.com/google/go-cmp v0.5.6 github.com/sirikothe/gotextfsm v1.0.1-0.20200816110946-6aa2cfd355e4 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b + golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 // indirect golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 ) diff --git a/go.sum b/go.sum index 87677ab..61b1644 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,9 @@ github.com/sirikothe/gotextfsm v1.0.1-0.20200816110946-6aa2cfd355e4/go.mod h1:CJ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=