public static function getLog()
{
if (!self::$log) {
$path = PhabricatorEnv::getEnvConfig('log.ssh.path');
$format = PhabricatorEnv::getEnvConfig('log.ssh.format');
$format = nonempty($format, "[%D]\t%p\t%h\t%r\t%s\t%S\t%u\t%C\t%U\t%c\t%T\t%i\t%o");
// NOTE: Path may be null. We still create the log, it just won't write
// anywhere.
$data = array('D' => date('r'), 'h' => php_uname('n'), 'p' => getmypid(), 'e' => time());
$sudo_user = PhabricatorEnv::getEnvConfig('phd.user');
if (strlen($sudo_user)) {
$data['S'] = $sudo_user;
}
if (function_exists('posix_geteuid')) {
$system_uid = posix_geteuid();
$system_info = posix_getpwuid($system_uid);
$data['s'] = idx($system_info, 'name');
}
$client = getenv('SSH_CLIENT');
if (strlen($client)) {
$remote_address = head(explode(' ', $client));
$data['r'] = $remote_address;
}
$log = id(new PhutilDeferredLog($path, $format))->setFailQuietly(true)->setData($data);
self::$log = $log;
}
return self::$log;
}
#!/usr/bin/env php
<?php
$ssh_start_time = microtime(true);
$root = dirname(dirname(dirname(__FILE__)));
require_once $root . '/scripts/__init_script__.php';
$ssh_log = PhabricatorSSHLog::getLog();
$args = new PhutilArgumentParser($argv);
$args->setTagline(pht('execute SSH requests'));
$args->setSynopsis(<<<EOSYNOPSIS
**ssh-exec** --phabricator-ssh-user __user__ [--ssh-command __commmand__]
**ssh-exec** --phabricator-ssh-device __device__ [--ssh-command __commmand__]
Execute authenticated SSH requests. This script is normally invoked
via SSHD, but can be invoked manually for testing.
EOSYNOPSIS
);
$args->parseStandardArguments();
$args->parse(array(array('name' => 'phabricator-ssh-user', 'param' => 'username', 'help' => pht('If the request authenticated with a user key, the name of the ' . 'user.')), array('name' => 'phabricator-ssh-device', 'param' => 'name', 'help' => pht('If the request authenticated with a device key, the name of the ' . 'device.')), array('name' => 'phabricator-ssh-key', 'param' => 'id', 'help' => pht('The ID of the SSH key which authenticated this request. This is ' . 'used to allow logs to report when specific keys were used, to make ' . 'it easier to manage credentials.')), array('name' => 'ssh-command', 'param' => 'command', 'help' => pht('Provide a command to execute. This makes testing this script ' . 'easier. When running normally, the command is read from the ' . 'environment (%s), which is populated by sshd.', 'SSH_ORIGINAL_COMMAND'))));
try {
$remote_address = null;
$ssh_client = getenv('SSH_CLIENT');
if ($ssh_client) {
// This has the format "<ip> <remote-port> <local-port>". Grab the IP.
$remote_address = head(explode(' ', $ssh_client));
$ssh_log->setData(array('r' => $remote_address));
}
$key_id = $args->getArg('phabricator-ssh-key');
if ($key_id) {
$ssh_log->setData(array('k' => $key_id));
}
$user_name = $args->getArg('phabricator-ssh-user');
