Different behavior in Sudo vs default ssh executor vs docs
According to the docs: https://docs.rundeck.com/docs/manual/projects/node-execution/ssh.html#secondary-sudo-password-authentication
The sudo password prompt should try to match a regex that defaults to ^.*password.*. It can also be a user-provided regex pattern.
Change was made in rundeck/docs#850 and rundeck/docs#852
sudo prompt detection in SSHJ
sudo-prompt-pattern - a regular expression to detect the password prompt for the Sudo authentication. The default pattern is ^.*password.*
Constants are here:
|
public static final String DEFAULT_SUDO_PROMPT_PATTERN = "[sudo] password for"; |
|
public static final String DEFAULT_SSH_PASSWORD_OPTION = "option.sshPassword"; |
|
public static final String DEFAULT_SUDO_COMMAND_PATTERN = "^sudo\\s.*"; |
This part in the runSudoCommand method:
|
expect.expect(contains(sudoPromptPattern)); |
|
expect.sendLine(sudoPassword); |
tries to match a plain substring.
sudo prompt detection in default ssh executor
The corresponding constants for the default (JSch) node executor are:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L124-L125
As we can see, it tries to match against ^\\[sudo\\] password for .+: .*
Discrepancy with docs again ?
is sudo command, in SSHJ
sudo-command-pattern - a regular expression to detect when a command execution should expect to require Sudo authentication. Default pattern is ^sudo$.
SSJ tries to match the entire command to execute, see
|
if (this.getSshjConnection().isSudoEnabled() && this.getSshjConnection().matchesCommandPattern(command)) { |
|
final Session.Shell shell = session.startShell(); |
is sudo command, in default ssh executor
The command pattern is detected in the mainline ssh executor with these constants:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L128-L129
It tries here:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L394
to match the regex against the first word command[0]
Different behavior in Sudo vs default ssh executor vs docs
According to the docs: https://docs.rundeck.com/docs/manual/projects/node-execution/ssh.html#secondary-sudo-password-authentication
The sudo password prompt should try to match a regex that defaults to
^.*password.*. It can also be a user-provided regex pattern.Change was made in rundeck/docs#850 and rundeck/docs#852
sudo prompt detection in SSHJ
Constants are here:
sshj-plugin/src/main/java/com/plugin/sshjplugin/SSHJNodeExecutorPlugin.java
Lines 89 to 91 in bb4bd9e
This part in the runSudoCommand method:
sshj-plugin/src/main/java/com/plugin/sshjplugin/sudo/SudoCommand.java
Lines 90 to 91 in bb4bd9e
tries to match a plain substring.
sudo prompt detection in default ssh executor
The corresponding constants for the default (JSch) node executor are:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L124-L125
As we can see, it tries to match against
^\\[sudo\\] password for .+: .*Discrepancy with docs again ?
is sudo command, in SSHJ
SSJ tries to match the entire command to execute, see
sshj-plugin/src/main/java/com/plugin/sshjplugin/model/SSHJExec.java
Lines 74 to 75 in bb4bd9e
is sudo command, in default ssh executor
The command pattern is detected in the mainline ssh executor with these constants:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L128-L129
It tries here:
https://github.com/rundeck/rundeck/blob/b173b38948b1112d71211af06e0219f46e955fc6/core/src/main/java/com/dtolabs/rundeck/core/execution/impl/jsch/JschNodeExecutor.java#L394
to match the regex against the first word
command[0]