unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Lars-Dominik Braun <ldb@leibniz-psychology.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 38541@debbugs.gnu.org
Subject: [bug#38541] [PATCH] ssh: Add Kerberos-support to ssh:// daemon URLs
Date: Wed, 19 Feb 2020 13:52:51 +0100	[thread overview]
Message-ID: <20200219125251.GC2938@zpidnp36> (raw)
In-Reply-To: <87a77uwkh1.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 154 bytes --]

Hey,

now that guile-ssh 0.12.0 has landed in guix (commit
38655d7b88ae9d82208e5750480c9b91dd9dda8b), I’ve update the patch, see attached
files.

Lars


[-- Attachment #2: 0001-gnu-Add-Kerberos-support-to-libssh.patch --]
[-- Type: text/x-diff, Size: 928 bytes --]

From 5609c51e623b21aead73d29c555400f256a77a5e Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <ldb@leibniz-psychology.org>
Date: Wed, 19 Feb 2020 11:13:15 +0100
Subject: [PATCH 1/2] gnu: Add Kerberos support to libssh

* gnu/packages/ssh.scm (libssh)[inputs]: Depend on mit-krb5
---
 gnu/packages/ssh.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 72b7c745f9..fdb3450e01 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -90,7 +90,8 @@
        ;; TODO: Add 'CMockery' and '-DWITH_TESTING=ON' for the test suite.
        #:tests? #f))
     (inputs `(("zlib" ,zlib)
-              ("libgcrypt" ,libgcrypt)))
+              ("libgcrypt" ,libgcrypt)
+              ("mit-krb5" ,mit-krb5)))
     (synopsis "SSH client library")
     (description
      "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client
-- 
2.20.1


[-- Attachment #3: 0002-ssh-Add-Kerberos-support-to-ssh-daemon-URLs.patch --]
[-- Type: text/x-diff, Size: 2165 bytes --]

From 8c5246eb6e38cfb97a1580876fe484e1a038fef6 Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <ldb@leibniz-psychology.org>
Date: Wed, 19 Feb 2020 11:13:54 +0100
Subject: [PATCH 2/2] ssh: Add Kerberos-support to ssh:// daemon URLs

* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key
authentication does not work
---
 doc/guix.texi |  5 +++--
 guix/ssh.scm  | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index afb70d5378..f1ca285a25 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6811,8 +6811,9 @@ instruct it to listen for TCP connections (@pxref{Invoking guix-daemon,
 @item ssh
 @cindex SSH access to build daemons
 These URIs allow you to connect to a remote daemon over
-SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}.
-A typical URL might look like this:
+SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working
+@code{guile} binary in @code{PATH} on the destination machine. It supports
+public key and GSSAPI authentication. A typical URL might look like this:
 
 @example
 ssh://charlie@@guix.example.org:22
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 291ce20b61..56b49b177f 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -157,11 +157,16 @@ server at '~a': ~a")
           (session-set! session 'timeout timeout)
           session)
          (x
-          (disconnect! session)
-          (raise (condition
-                  (&message
-                   (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
-                                    host (get-error session)))))))))
+          (match (userauth-gssapi! session)
+            ('success
+             (session-set! session 'timeout timeout)
+             session)
+            (x
+             (disconnect! session)
+             (raise (condition
+                     (&message
+                      (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
+                                       host (get-error session)))))))))))
       (x
        ;; Connection failed or timeout expired.
        (raise (condition
-- 
2.20.1


  parent reply	other threads:[~2020-02-19 12:53 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-09  8:37 [bug#38541] [PATCH] ssh: Add Kerberos-support to ssh:// daemon URLs Lars-Dominik Braun
2019-12-14 23:33 ` Ludovic Courtès
2019-12-16  7:15   ` Lars-Dominik Braun
2019-12-16 10:12     ` Ludovic Courtès
2019-12-16 10:17     ` [bug#38541] Guile-SSH release? Ludovic Courtès
2019-12-17 17:42       ` Artyom Poptsov
2019-12-18 14:50         ` Ludovic Courtès
2020-02-19 12:52   ` Lars-Dominik Braun [this message]
2020-02-20 10:23     ` bug#38541: [PATCH] ssh: Add Kerberos-support to ssh:// daemon URLs Ludovic Courtès
2020-02-20 11:39       ` [bug#38541] " Lars-Dominik Braun
2020-02-21 23:37         ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200219125251.GC2938@zpidnp36 \
    --to=ldb@leibniz-psychology.org \
    --cc=38541@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).