Details
-
Story
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
Description
Attachments
Issue Links
- depends on
-
JENKINS-41765 groovy CLI command cannot be used with stdin via SSH
-
- Resolved
-
- is blocked by
-
-
- Open
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- is related to
-
JENKINS-26463 Split CLI out of core
-
- Open
-
- relates to
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
JENKINS-27026 Log/notify SSH CLI authentication
-
- Resolved
-
-
JENKINS-32488 Misleading message reported by the Help Command when permission is denied.
-
- Open
-
-
-
- Resolved
-
-
-
- Resolved
-
- links to
Activity
| Field | Original Value | New Value |
|---|---|---|
| Epic Link |
|
| Link | This issue is related to JENKINS-26463 [ JENKINS-26463 ] |
| Assignee | Jesse Glick [ jglick ] |
| Link |
This issue relates to |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Link | This issue relates to SECURITY-463 [ SECURITY-463 ] |
| Link | This issue relates to JENKINS-22177 [ JENKINS-22177 ] |
| Link |
This issue relates to |
| Link |
This issue relates to |
| Link | This issue relates to JENKINS-20333 [ JENKINS-20333 ] |
| Link |
This issue relates to |
| Link | This issue relates to JENKINS-38623 [ JENKINS-38623 ] |
| Link | This issue relates to JENKINS-7052 [ JENKINS-7052 ] |
| Link | This issue relates to JENKINS-20709 [ JENKINS-20709 ] |
| Link | This issue relates to JENKINS-15657 [ JENKINS-15657 ] |
| Link | This issue relates to JENKINS-11560 [ JENKINS-11560 ] |
| Link | This issue relates to JENKINS-12310 [ JENKINS-12310 ] |
| Link | This issue relates to JENKINS-32488 [ JENKINS-32488 ] |
| Link | This issue relates to JENKINS-16126 [ JENKINS-16126 ] |
| Link | This issue relates to JENKINS-18301 [ JENKINS-18301 ] |
| Link | This issue relates to JENKINS-16531 [ JENKINS-16531 ] |
| Link | This issue relates to JENKINS-20667 [ JENKINS-20667 ] |
| Link | This issue relates to JENKINS-31194 [ JENKINS-31194 ] |
Linking any issues I could find that might be related, affected, or obsoleted.
| Remote Link | This issue links to "PR 2795 (Web Link)" [ 15659 ] |
| Link |
This issue depends on |
| Link |
This issue relates to |
| Labels | security |
| Link | This issue relates to SECURITY-466 [ SECURITY-466 ] |
| Remote Link | This issue links to "sshd-module PR 10 (Web Link)" [ 15712 ] |
| Description |
Followup to the November 2016 security fix. We need ideas for making the CLI less (not?) vulnerable to that kind of exploit. https://groups.google.com/d/msg/jenkinsci-dev/ijnIr8LhBG0/tM4Jc39cDgAJ (public) https://groups.google.com/d/msg/jenkinsci-cert/3dnPu7x88a8/7JwwMKj7BgAJ (Jenkins CERT private) |
Followup to the November 2016 security fix. We need ideas for making the CLI less (not?) vulnerable to that kind of exploit. [https://groups.google.com/d/msg/jenkinsci-dev/ijnIr8LhBG0/tM4Jc39cDgAJ] |
| Remote Link | This issue links to "Formal proposal (Web Link)" [ 15719 ] |
| Description |
Followup to the November 2016 security fix. We need ideas for making the CLI less (not?) vulnerable to that kind of exploit. [https://groups.google.com/d/msg/jenkinsci-dev/ijnIr8LhBG0/tM4Jc39cDgAJ] |
[Proposal|https://gist.github.com/jglick/9721427da892a9b2f75dc5bc09f8e6b3] |
| Link |
This issue relates to |
Tasks not tracked in core PR:
- offer a support-core-plugin patch
- check acceptance-test-harness
Â
| Remote Link | This issue links to "support-core PR 110 (Web Link)" [ 15901 ] |
| Remote Link | This issue links to "sshd-module PR 11 (Web Link)" [ 15902 ] |
| Remote Link | This issue links to "jenkins.io PR 802 (Web Link)" [ 15903 ] |
| Remote Link | This issue links to "SECURITY-218 page PR 8 (Web Link)" [ 15904 ] |
| Status | In Progress [ 3 ] | In Review [ 10005 ] |
Code changed in jenkins
User: Steven Christou
Path:
src/main/java/com/cloudbees/jenkins/support/SupportCommand.java
http://jenkins-ci.org/commit/support-core-plugin/9b3442585e6394e0b0f119817d6752a8cf913641
Log:
Merge pull request #110 from jglick/CLI-JENKINS-41745
JENKINS-41745 Allow SupportCommand to work without a Remoting channel
Compare: https://github.com/jenkinsci/support-core-plugin/compare/17ac51588ad9...9b3442585e63
Code changed in jenkins
User: Jesse Glick
Path:
cli/pom.xml
cli/src/main/java/hudson/cli/CLI.java
cli/src/main/java/hudson/util/QuotedStringTokenizer.java
cli/src/main/resources/hudson/cli/client/Messages.properties
core/src/main/java/hudson/util/QuotedStringTokenizer.java
test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
http://jenkins-ci.org/commit/jenkins/492dbbed10cbf524f01f165e3c50b0ccfe1ea134
Log:
JENKINS-41745 Make jenkins-cli.jar connect to the SSH port by default.
Code changed in jenkins
User: Jesse Glick
Path:
test/src/test/java/hudson/cli/CLIActionTest.java
http://jenkins-ci.org/commit/jenkins/c2a5d8512356aca5532be83a5444b2f941e72510
Log:
Establishing baseline behavior of JENKINS-12543: no workaround when using Remoting transport other than SSH authentication.
(Verifying that this affects only @Argument in CLICommand, not @CLIMethod.)
With the new HTTP protocol in JENKINS-41745, API tokens may be used to set a transport authentication.
| Resolution | Fixed [ 1 ] | |
| Status | In Review [ 10005 ] | Resolved [ 5 ] |
Code changed in jenkins
User: Jesse Glick
Path:
content/doc/book/managing/cli.adoc
http://jenkins-ci.org/commit/jenkins.io/9c8f1c743245095069feb0dc1e7bc70505acb5bb
Log:
JENKINS-41745 Updating CLI documentation for non-Remoting modes
Code changed in jenkins
User: Daniel Beck
Path:
content/doc/book/managing/cli.adoc
http://jenkins-ci.org/commit/jenkins.io/b1b7dd91e4243efde4906333c9707696607244f3
Log:
Merge pull request #802 from jglick/patch-1
JENKINS-41745 Updating CLI documentation for non-Remoting modes
Compare: https://github.com/jenkins-infra/jenkins.io/compare/3359e99eaef7...b1b7dd91e424
| Link |
This issue is blocked by |
| Link | This issue is blocked by JENKINS-43517 [ JENKINS-43517 ] |
Whoever brought up this issue on the changelog community feedback, please file a new issue and link it. Thanks!
Code changed in jenkins
User: Jesse Glick
Path:
cli/pom.xml
cli/src/main/java/hudson/cli/CLI.java
cli/src/main/java/hudson/cli/CLIConnectionFactory.java
cli/src/main/java/hudson/cli/CliEntryPoint.java
cli/src/main/java/hudson/cli/CliPort.java
cli/src/main/java/hudson/cli/Connection.java
cli/src/main/java/hudson/cli/DiagnosedStreamCorruptionException.java
cli/src/main/java/hudson/cli/FlightRecorderInputStream.java
cli/src/main/java/hudson/cli/FullDuplexHttpStream.java
cli/src/main/java/hudson/cli/HexDump.java
cli/src/main/java/hudson/cli/PlainCLIProtocol.java
cli/src/main/java/hudson/cli/SSHCLI.java
cli/src/main/java/hudson/cli/SequenceOutputStream.java
cli/src/main/java/hudson/util/QuotedStringTokenizer.java
cli/src/main/resources/hudson/cli/client/Messages.properties
cli/src/test/java/hudson/cli/PlainCLIProtocolTest.java
cli/src/test/java/hudson/cli/PrivateKeyProviderTest.java
core/pom.xml
core/src/main/java/hudson/cli/CLIAction.java
core/src/main/java/hudson/cli/CLICommand.java
core/src/main/java/hudson/cli/CliManagerImpl.java
core/src/main/java/hudson/cli/CliProtocol.java
core/src/main/java/hudson/cli/CliProtocol2.java
core/src/main/java/hudson/cli/CliTransportAuthenticator.java
core/src/main/java/hudson/cli/ClientAuthenticationCache.java
core/src/main/java/hudson/cli/CommandDuringBuild.java
core/src/main/java/hudson/cli/ConsoleCommand.java
core/src/main/java/hudson/cli/HelpCommand.java
core/src/main/java/hudson/cli/InstallPluginCommand.java
core/src/main/java/hudson/cli/InstallToolCommand.java
core/src/main/java/hudson/cli/LoginCommand.java
core/src/main/java/hudson/cli/LogoutCommand.java
core/src/main/java/hudson/cli/SetBuildParameterCommand.java
core/src/main/java/hudson/cli/SetBuildResultCommand.java
core/src/main/java/hudson/cli/util/ScriptLoader.java
core/src/main/java/hudson/model/FileParameterDefinition.java
core/src/main/java/hudson/model/FullDuplexHttpChannel.java
core/src/main/java/hudson/model/ParameterDefinition.java
core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
core/src/main/java/hudson/security/CliAuthenticator.java
core/src/main/java/hudson/security/SecurityRealm.java
core/src/main/java/hudson/util/QuotedStringTokenizer.java
core/src/main/java/jenkins/CLI.java
core/src/main/java/jenkins/install/SetupWizard.java
core/src/main/java/jenkins/util/FullDuplexHttpService.java
core/src/main/resources/hudson/cli/Messages.properties
core/src/main/resources/jenkins/CLI/WarnWhenEnabled/message.jelly
core/src/main/resources/jenkins/CLI/WarnWhenEnabled/message.properties
core/src/main/resources/jenkins/CLI/config.jelly
core/src/main/resources/jenkins/CLI/help-enabled.html
pom.xml
test/pom.xml
test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
test/src/test/java/hudson/cli/BuildCommand2Test.java
test/src/test/java/hudson/cli/CLIActionTest.java
test/src/test/java/hudson/cli/CLITest.java
test/src/test/java/hudson/cli/GetJobCommandTest.java
test/src/test/java/hudson/cli/InstallPluginCommandTest.java
test/src/test/java/hudson/model/ComputerSetTest.java
test/src/test/java/hudson/model/listeners/ItemListenerTest.java
test/src/test/java/hudson/security/CliAuthenticationTest.java
test/src/test/java/jenkins/CLITest.java
test/src/test/java/jenkins/security/Security218BlackBoxTest.java
test/src/test/java/jenkins/security/Security218CliTest.java
test/src/test/java/jenkins/security/Security232Test.java
test/src/test/resources/hudson/cli/id_rsa
test/src/test/resources/hudson/cli/id_rsa.pub
war/pom.xml
war/src/main/webapp/help/parameter/file.html
http://jenkins-ci.org/commit/jenkins/de629fc0a0d6b96b0d3ca89c59e8416f64afc4d7
Log:
[FIXED JENKINS-41745] Merged #2795: non-Remoting-based CLI.
(cherry picked from commit 729016989e13632bc980957d05060510efddf41f)
| Link |
This issue is blocked by |
| Link |
This issue is blocked by |
| Link |
This issue relates to |
First experiments in https://github.com/daniel-beck/jenkins-ssh-cli to see whether a pure SSH CLI could work.