Merge pull request #1277 from nicholasyang2022/bsc_1217279_20221124

[crmsh-4.5] Fix: bootstrap: fix the owner and permission of file authorized_keys(bsc#1217279)

Author: liangxin1300

crmsh/bootstrap.py

@@ -988,8 +988,12 @@ def configure_ssh_key(user):
         utils.su_get_stdout_or_raise_error(cmd, user=user)
 
     if not utils.detect_file(authorized_file):
-        cmd = "touch {}".format(authorized_file)
+        cmd = "touch {file} && chmod 0600 {file}".format(file=authorized_file)
         utils.su_get_stdout_or_raise_error(cmd, user=user)
+    else:
+        # bsc#1217279: ~hacluster/.ssh/authorized_keys created by old versions may have root:root 0600
+        cmd = "chown {user}: {file} && chmod 0600 {file}".format(user=user, file=authorized_file)
+        utils.get_stdout_or_raise_error(cmd)
 
     append_unique(public_key, authorized_file, user)
 
@@ -1059,9 +1063,12 @@ def export_ssh_key_non_interactive(local_user_to_export, remote_user_to_swap, re
     with open(os.path.expanduser('~{}/.ssh/id_rsa.pub'.format(local_user_to_export)), 'r', encoding='utf-8') as f:
         public_key = f.read()
     # FIXME: prevent duplicated entries in authorized_keys
-    cmd = '''mkdir -p ~{user}/.ssh && chown {user} ~{user}/.ssh && chmod 0700 ~{user}/.ssh && cat >> ~{user}/.ssh/authorized_keys << "EOF"
+    cmd = '''mkdir -p ~{user}/.ssh \\
+&& chown {user}: ~{user}/.ssh && chmod 0700 ~{user}/.ssh \\
+&& cat >> ~{user}/.ssh/authorized_keys << "EOF"
 {key}
 EOF
+chown {user}: ~{user}/.ssh/authorized_keys && chmod 0600 ~{user}/.ssh/authorized_keys
 '''.format(user=remote_user_to_swap, key=public_key)
     result = utils.su_subprocess_run(
         local_sudoer,
@@ -1081,7 +1088,9 @@ def import_ssh_key(local_user, remote_user, local_sudoer, remote_node, remote_su
     remote_key_content = remote_public_key_from(remote_user, local_sudoer, remote_node, remote_sudoer)
     _, _, local_authorized_file = key_files(local_user).values()
     if not utils.check_text_included(remote_key_content, local_authorized_file, remote=None):
-        cmd = "echo '{}' >> {}".format(remote_key_content, local_authorized_file)
+        cmd = """echo '{content}' >> {file}
+chown '{user}': {file} && chmod 0600 {file}
+""".format(content=remote_key_content, file=local_authorized_file, user=local_user)
         utils.get_stdout_or_raise_error(cmd, remote=None)
 
 def append_to_remote_file(fromfile, user, remote_node, tofile):
@@ -1724,6 +1733,12 @@ def swap_public_ssh_key(
     if add:
         public_key = generate_ssh_key_pair_on_remote(local_sudoer, remote_node, remote_sudoer, remote_user_to_swap)
         _, _, local_authorized_file = key_files(local_user_to_swap).values()
+        # bsc#1217279: ~hacluster/.ssh/authorized_keys created by old versions may have root:root 0600,
+        # sed running as hacluster will not be able to read it
+        utils.get_stdout_or_raise_error("chown '{user}': '{file}' && chmod 0600 '{file}'".format(
+            user=local_user_to_swap,
+            file=local_authorized_file,
+        ))
         utils.su_get_stdout_or_raise_error("sed -i '$a {}' '{}'".format(public_key, local_authorized_file), local_user_to_swap)
         return public_key
     else:

crmsh/prun/prun.py

@@ -96,29 +96,39 @@ def prun_multimap(
 
 
 def _build_run_task(remote: str, cmdline: str) -> Task:
-    local_sudoer, remote_sudoer = crmsh.utils.UserOfHost.instance().user_pair_for_ssh(remote)
     if _is_local_host(remote):
         if 0 == os.geteuid():
             args = ['/bin/sh']
-        elif local_sudoer == crmsh.userdir.getuser():
-            args = ['sudo', '/bin/sh']
+            remote_sudoer = 'root'
         else:
-            raise AssertionError('trying to run sudo as a non-root user')
+            remote_sudoer = crmsh.userdir.get_sudoer()
+            if remote_sudoer == crmsh.userdir.getuser():
+                args = ['sudo', '/bin/sh']
+            else:
+                raise AssertionError('trying to run sudo as a non-root user')
+        return Task(
+            args,
+            cmdline.encode('utf-8'),
+            stdout=Task.Capture,
+            stderr=Task.Capture,
+            context={"host": remote, "ssh_user": remote_sudoer},
+        )
     else:
+        local_sudoer, remote_sudoer = crmsh.utils.UserOfHost.instance().user_pair_for_ssh(remote)
         shell = 'ssh {} {}@{} sudo -H /bin/sh'.format(crmsh.constants.SSH_OPTION, remote_sudoer, remote)
         if local_sudoer == crmsh.userdir.getuser():
             args = ['/bin/sh', '-c', shell]
         elif os.geteuid() == 0:
             args = ['su', local_sudoer, '--login', '-c', shell]
         else:
             raise AssertionError('trying to run su as a non-root user')
-    return Task(
-        args,
-        cmdline.encode('utf-8'),
-        stdout=Task.Capture,
-        stderr=Task.Capture,
-        context={"host": remote, "ssh_user": remote_sudoer},
-    )
+        return Task(
+            args,
+            cmdline.encode('utf-8'),
+            stdout=Task.Capture,
+            stderr=Task.Capture,
+            context={"host": remote, "ssh_user": remote_sudoer},
+        )
 
 
 def _handle_run_result(task: Task, interceptor: PRunInterceptor = PRunInterceptor()):

test/features/bootstrap_bugs.feature

@@ -200,3 +200,38 @@ Feature: Regression test for bootstrap bugs
     And     Run "mv /root/.config/crm/crm.conf{.bak,}" on "hanode1"
     And     Run "mv /root/.ssh{,.bak}" on "hanode1"
     Then    Run "crm status" OK on "hanode1"
+    And     Run "rm -rf /root/.ssh && mv /root/.ssh{.bak,}" OK on "hanode1"
+
+  # skip non-root as behave_agent is not able to run commands interactively with non-root sudoer
+  @skip_non_root
+  @clean
+  Scenario: Owner and permssion of file authorized_keys (bsc#1217279)
+    Given   Cluster service is "stopped" on "hanode1"
+    And     Cluster service is "stopped" on "hanode2"
+    # in a newly created cluster
+    When    Run "crm cluster init -y" on "hanode1"
+    And     Run "crm cluster join -c hanode1 -y" on "hanode2"
+    Then    Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode1"
+    And     Expected "hacluster:haclient" in stdout
+    And     Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode2"
+    And     Expected "hacluster:haclient" in stdout
+    # in an upgraded cluster in which ~hacluster/.ssh/authorized_keys exists
+    When    Run "chown root:root ~hacluster/.ssh/authorized_keys && chmod 0600 ~hacluster/.ssh/authorized_keys" on "hanode1"
+    And     Run "chown root:root ~hacluster/.ssh/authorized_keys && chmod 0600 ~hacluster/.ssh/authorized_keys" on "hanode2"
+    And     Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode1"
+    And     Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode2"
+    And     Run "crm status" on "hanode1"
+    Then    Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode1"
+    And     Expected "hacluster:haclient" in stdout
+    Then    Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode2"
+    And     Expected "hacluster:haclient" in stdout
+    # in an upgraded cluster in which ~hacluster/.ssh/authorized_keys does not exist
+    When    Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh/" on "hanode1"
+    And     Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh/" on "hanode2"
+    And     Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode1"
+    And     Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode2"
+    And     Run "crm status" on "hanode1"
+    Then    Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode1"
+    And     Expected "hacluster:haclient" in stdout
+    Then    Run "stat -c '%U:%G' ~hacluster/.ssh/authorized_keys" OK on "hanode2"
+    And     Expected "hacluster:haclient" in stdout

test/unittests/test_bootstrap.py

@@ -533,7 +533,7 @@ def test_configure_ssh_key(self, mock_change_shell, mock_key_files, mock_detect,
             mock.call("/test/.ssh/authorized_keys")
             ])
         mock_append_unique.assert_called_once_with("/test/.ssh/id_rsa.pub", "/test/.ssh/authorized_keys", "test")
-        mock_su.assert_called_once_with('touch /test/.ssh/authorized_keys', user="test")
+        mock_su.assert_called_once_with('touch /test/.ssh/authorized_keys && chmod 0600 /test/.ssh/authorized_keys', user="test")
 
     @mock.patch('crmsh.bootstrap.append_to_remote_file')
     @mock.patch('crmsh.utils.check_file_content_included')

test/unittests/test_prun.py

@@ -108,6 +108,43 @@ def test_prun_root(
         self.assertTrue(isinstance(results, typing.Dict))
         self.assertSetEqual({"host1", "host2"}, set(results.keys()))
 
+    @mock.patch("os.geteuid")
+    @mock.patch("crmsh.userdir.getuser")
+    @mock.patch("crmsh.prun.prun._is_local_host")
+    @mock.patch("crmsh.utils.UserOfHost.user_pair_for_ssh")
+    @mock.patch("crmsh.prun.runner.Runner.run")
+    @mock.patch("crmsh.prun.runner.Runner.add_task")
+    def test_prun_localhost(
+            self,
+            mock_runner_add_task: mock.MagicMock,
+            mock_runner_run: mock.MagicMock,
+            mock_user_pair_for_ssh: mock.MagicMock,
+            mock_is_local_host: mock.MagicMock,
+            mock_getuser: mock.MagicMock,
+            mock_geteuid: mock.MagicMock,
+    ):
+        host_cmdline = {"host1": "foo"}
+        #mock_user_pair_for_ssh.return_value = "alice", "bob"
+        mock_is_local_host.return_value = True
+        mock_getuser.return_value = 'root'
+        mock_geteuid.return_value = 0
+        results = crmsh.prun.prun.prun(host_cmdline)
+        mock_user_pair_for_ssh.assert_not_called()
+        mock_is_local_host.assert_called_once_with('host1')
+        mock_runner_add_task.assert_called_once_with(
+            TaskArgumentsEq(
+                ['/bin/sh'],
+                b'foo',
+                stdout=crmsh.prun.runner.Task.Capture,
+                stderr=crmsh.prun.runner.Task.Capture,
+                context={"host": 'host1', "ssh_user": 'root'},
+            )
+        )
+        mock_user_pair_for_ssh.assert_not_called()
+        mock_runner_run.assert_called_once()
+        self.assertTrue(isinstance(results, typing.Dict))
+        self.assertSetEqual({"host1"}, set(results.keys()))
+
 
 class TaskArgumentsEq(crmsh.prun.runner.Task):
     def __eq__(self, other):