[Summary view] [Print] [Text view]

   1  #!/usr/bin/env php
   2  <?php
   3  
   4  $ssh_start_time = microtime(true);
   5  
   6  $root = dirname(dirname(dirname(__FILE__)));
   7  require_once $root.'/scripts/__init_script__.php';
   8  
   9  $ssh_log = PhabricatorSSHLog::getLog();
  10  
  11  // First, figure out the authenticated user.
  12  $args = new PhutilArgumentParser($argv);
  13  $args->setTagline('receive SSH requests');
  14  $args->setSynopsis(<<<EOSYNOPSIS
  15  **ssh-exec** --phabricator-ssh-user __user__ [--ssh-command __commmand__]
  16      Receive SSH requests.
  17  EOSYNOPSIS
  18  );
  19  
  20  $args->parse(
  21    array(
  22      array(
  23        'name'  => 'phabricator-ssh-user',
  24        'param' => 'username',
  25      ),
  26      array(
  27        'name' => 'ssh-command',
  28        'param' => 'command',
  29      ),
  30    ));
  31  
  32  try {
  33    $user_name = $args->getArg('phabricator-ssh-user');
  34    if (!strlen($user_name)) {
  35      throw new Exception('No username.');
  36    }
  37  
  38    $user = id(new PhabricatorUser())->loadOneWhere(
  39      'userName = %s',
  40      $user_name);
  41    if (!$user) {
  42      throw new Exception('Invalid username.');
  43    }
  44  
  45    $ssh_log->setData(
  46      array(
  47        'u' => $user->getUsername(),
  48        'P' => $user->getPHID(),
  49      ));
  50  
  51    if (!$user->isUserActivated()) {
  52      throw new Exception(pht('Your account is not activated.'));
  53    }
  54  
  55    if ($args->getArg('ssh-command')) {
  56      $original_command = $args->getArg('ssh-command');
  57    } else {
  58      $original_command = getenv('SSH_ORIGINAL_COMMAND');
  59    }
  60  
  61    $workflows = id(new PhutilSymbolLoader())
  62      ->setAncestorClass('PhabricatorSSHWorkflow')
  63      ->loadObjects();
  64  
  65    $workflow_names = mpull($workflows, 'getName', 'getName');
  66  
  67    // Now, rebuild the original command.
  68    $original_argv = id(new PhutilShellLexer())
  69      ->splitArguments($original_command);
  70    if (!$original_argv) {
  71      throw new Exception(
  72        pht(
  73          "Welcome to Phabricator.\n\n".
  74          "You are logged in as %s.\n\n".
  75          "You haven't specified a command to run. This means you're requesting ".
  76          "an interactive shell, but Phabricator does not provide an ".
  77          "interactive shell over SSH.\n\n".
  78          "Usually, you should run a command like `git clone` or `hg push` ".
  79          "rather than connecting directly with SSH.\n\n".
  80          "Supported commands are: %s.",
  81          $user->getUsername(),
  82          implode(', ', $workflow_names)));
  83    }
  84  
  85    $log_argv = implode(' ', array_slice($original_argv, 1));
  86    $log_argv = id(new PhutilUTF8StringTruncator())
  87      ->setMaximumCodepoints(128)
  88      ->truncateString($log_argv);
  89  
  90    $ssh_log->setData(
  91      array(
  92        'C' => $original_argv[0],
  93        'U' => $log_argv,
  94      ));
  95  
  96    $command = head($original_argv);
  97    array_unshift($original_argv, 'phabricator-ssh-exec');
  98  
  99    $original_args = new PhutilArgumentParser($original_argv);
 100  
 101    if (empty($workflow_names[$command])) {
 102      throw new Exception('Invalid command.');
 103    }
 104  
 105    $workflow = $original_args->parseWorkflows($workflows);
 106    $workflow->setUser($user);
 107  
 108    $sock_stdin = fopen('php://stdin', 'r');
 109    if (!$sock_stdin) {
 110      throw new Exception('Unable to open stdin.');
 111    }
 112  
 113    $sock_stdout = fopen('php://stdout', 'w');
 114    if (!$sock_stdout) {
 115      throw new Exception('Unable to open stdout.');
 116    }
 117  
 118    $sock_stderr = fopen('php://stderr', 'w');
 119    if (!$sock_stderr) {
 120      throw new Exception('Unable to open stderr.');
 121    }
 122  
 123    $socket_channel = new PhutilSocketChannel(
 124      $sock_stdin,
 125      $sock_stdout);
 126    $error_channel = new PhutilSocketChannel(null, $sock_stderr);
 127    $metrics_channel = new PhutilMetricsChannel($socket_channel);
 128    $workflow->setIOChannel($metrics_channel);
 129    $workflow->setErrorChannel($error_channel);
 130  
 131    $rethrow = null;
 132    try {
 133      $err = $workflow->execute($original_args);
 134  
 135      $metrics_channel->flush();
 136      $error_channel->flush();
 137    } catch (Exception $ex) {
 138      $rethrow = $ex;
 139    }
 140  
 141    // Always write this if we got as far as building a metrics channel.
 142    $ssh_log->setData(
 143      array(
 144        'i' => $metrics_channel->getBytesRead(),
 145        'o' => $metrics_channel->getBytesWritten(),
 146      ));
 147  
 148    if ($rethrow) {
 149      throw $rethrow;
 150    }
 151  } catch (Exception $ex) {
 152    fwrite(STDERR, "phabricator-ssh-exec: ".$ex->getMessage()."\n");
 153    $err = 1;
 154  }
 155  
 156  $ssh_log->setData(
 157    array(
 158      'c' => $err,
 159      'T' => (int)(1000000 * (microtime(true) - $ssh_start_time)),
 160    ));
 161  
 162  exit($err);