[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 7e4ef09aa0: Adapt Tramp password prompts for sudo-like methods
From: |
Michael Albinus |
Subject: |
master 7e4ef09aa0: Adapt Tramp password prompts for sudo-like methods |
Date: |
Sat, 19 Feb 2022 12:38:25 -0500 (EST) |
branch: master
commit 7e4ef09aa0d9587677d44284af72ceb3f44061b7
Author: Michael Albinus <michael.albinus@gmx.de>
Commit: Michael Albinus <michael.albinus@gmx.de>
Adapt Tramp password prompts for sudo-like methods
* doc/misc/tramp.texi (Password handling): Explain entries for
doas, sudo and sudoedit.
* etc/NEWS (Tramp): Document changed password prompts.
* lisp/net/tramp-sh.el (tramp-methods) <sudo, doas>:
Add `tramp-password-previous-hop'.
(tramp-maybe-open-connection): Modify `previous-hop' if needed.
* lisp/net/tramp-sudoedit.el (tramp-methods) <sudoedit>:
Add `tramp-password-previous-hop'.
(tramp-sudoedit-null-hop): New defconst.
(tramp-sudoedit-send-command): Use it.
* lisp/net/tramp.el (tramp-methods): Adapt docstring.
(tramp-null-hop): New defconst.
(tramp-get-remote-null-device): Use it.
---
doc/misc/tramp.texi | 14 ++++++++++++++
etc/NEWS | 11 +++++++++--
lisp/net/tramp-sh.el | 20 +++++++++++++-------
lisp/net/tramp-sudoedit.el | 10 +++++++++-
lisp/net/tramp.el | 21 ++++++++++++++++-----
5 files changed, 61 insertions(+), 15 deletions(-)
diff --git a/doc/misc/tramp.texi b/doc/misc/tramp.texi
index ec9f07dc9e..25ff2796bd 100644
--- a/doc/misc/tramp.texi
+++ b/doc/misc/tramp.texi
@@ -1986,6 +1986,20 @@ file name syntax, must be appended to the machine and
login items:
machine melancholia#4711 port davs login daniel%BIZARRE password geheim
@end example
+For the methods @option{doas}, @option{sudo} and @option{sudoedit} the
+password of the user requesting the connection is needed, and not the
+password of the target user. If these connections happen on the local
+host, an entry with the local user and local host is used:
+
+@example
+machine @var{HOST} port sudo login @var{USER} password secret
+@end example
+
+@var{USER} and @var{HOST} are the strings returned by
+@code{(user-login-name)} and @code{(system-name)}. If one of these
+methods is connected via a multi hop (@pxref{Multi-hops}), the
+credentials of the previous hop are used.
+
@vindex auth-source-save-behavior
If no proper entry exists, the password is read
interactively. After successful login (verification of the password),
diff --git a/etc/NEWS b/etc/NEWS
index 5c5684e1d1..dd9e822871 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -73,7 +73,7 @@ and Broadway. We do not recommend that you use this
configuration,
unless you are running a window system that's supported by GDK other
than X. Running this configuration on X is known to have problems,
such as undesirable frame positioning and various issues with keyboard
-input of sequences such as "C-;" and "C-S-u".
+input of sequences such as 'C-;' and 'C-S-u'.
---
** The docstrings of preloaded files are not in "etc/DOC" any more.
@@ -523,7 +523,7 @@ This uses the Tai Tham script, whose support has been
enhanced.
---
** 'savehist.el' can now truncate variables that are too long.
An element of 'savehist-additional-variables' can now be of the form
-(VARIABLE . MAX-ELTS), which means to truncate the VARIABLE's value to
+'(VARIABLE . MAX-ELTS)', which means to truncate the VARIABLE's value to
at most MAX-ELTS elements (if the value is a list) before saving the
value.
@@ -962,6 +962,13 @@ When set to non-nil, Tramp does not copy files between two
remote
hosts via a local copy in its temporary directory, but let the 'scp'
command do this job.
++++
+*** Proper password prompts for methods "doas", "sudo" and "sudoedit".
+The password prompts for these methods reflect now the credentials of
+the user requesting such a connection, and not of the user who is the
+target. This has always been needed, just the password prompt and the
+related 'auth-sources' entry were wrong.
+
** Browse URL
---
diff --git a/lisp/net/tramp-sh.el b/lisp/net/tramp-sh.el
index 40ddf106c9..3c28463515 100644
--- a/lisp/net/tramp-sh.el
+++ b/lisp/net/tramp-sh.el
@@ -301,7 +301,8 @@ The string is used in `tramp-methods'.")
(tramp-remote-shell-login ("-l"))
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)
- (tramp-session-timeout 300)))
+ (tramp-session-timeout 300)
+ (tramp-password-previous-hop t)))
(add-to-list 'tramp-methods
`("doas"
(tramp-login-program "doas")
@@ -309,7 +310,8 @@ The string is used in `tramp-methods'.")
(tramp-remote-shell ,tramp-default-remote-shell)
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)
- (tramp-session-timeout 300)))
+ (tramp-session-timeout 300)
+ (tramp-password-previous-hop t)))
(add-to-list 'tramp-methods
`("ksu"
(tramp-login-program "ksu")
@@ -5005,8 +5007,7 @@ connection if a previous connection has died for some
reason."
(tramp-error vec 'file-error "`tramp-encoding-shell' not set"))
(let* ((current-host tramp-system-name)
(target-alist (tramp-compute-multi-hops vec))
- ;; Needed for `tramp-get-remote-null-device'.
- (previous-hop nil)
+ (previous-hop tramp-null-hop)
;; We will apply `tramp-ssh-controlmaster-options'
;; only for the first hop.
(options (tramp-ssh-controlmaster-options vec))
@@ -5091,9 +5092,14 @@ connection if a previous connection has died for some
reason."
;; Set password prompt vector.
(tramp-set-connection-property
p "password-vector"
- (make-tramp-file-name
- :method l-method :user l-user :domain l-domain
- :host l-host :port l-port))
+ (if (tramp-get-method-parameter
+ hop 'tramp-password-previous-hop)
+ (let ((pv (copy-tramp-file-name previous-hop)))
+ (setf (tramp-file-name-method pv) l-method)
+ pv)
+ (make-tramp-file-name
+ :method l-method :user l-user :domain l-domain
+ :host l-host :port l-port)))
;; Set session timeout.
(when (tramp-get-method-parameter
diff --git a/lisp/net/tramp-sudoedit.el b/lisp/net/tramp-sudoedit.el
index 797804dfd4..a35f9391a1 100644
--- a/lisp/net/tramp-sudoedit.el
+++ b/lisp/net/tramp-sudoedit.el
@@ -45,7 +45,8 @@
(add-to-list 'tramp-methods
`(,tramp-sudoedit-method
(tramp-sudo-login (("sudo") ("-u" "%u") ("-S") ("-H")
- ("-p" "Password:") ("--")))))
+ ("-p" "Password:") ("--")))
+ (tramp-password-previous-hop t)))
(add-to-list 'tramp-default-user-alist '("\\`sudoedit\\'" nil "root"))
@@ -168,6 +169,12 @@ arguments to pass to the OPERATION."
(tramp-register-foreign-file-name-handler
#'tramp-sudoedit-file-name-p #'tramp-sudoedit-file-name-handler))
+;; Needed for `tramp-read-passwd'.
+(defconst tramp-sudoedit-null-hop
+ (make-tramp-file-name
+ :method tramp-sudoedit-method :user (user-login-name) :host
tramp-system-name)
+"Connection hop which identifies the virtual hop before the first one.")
+
;; File name primitives.
@@ -825,6 +832,7 @@ in case of error, t otherwise."
(process-put p 'vector vec)
(process-put p 'adjust-window-size-function #'ignore)
(set-process-query-on-exit-flag p nil)
+ (tramp-set-connection-property p "password-vector"
tramp-sudoedit-null-hop)
(tramp-process-actions p vec nil tramp-sudoedit-sudo-actions)
(tramp-message vec 6 "%s\n%s" (process-exit-status p) (buffer-string))
(prog1
diff --git a/lisp/net/tramp.el b/lisp/net/tramp.el
index 0ffaeb0ce9..7b558aec11 100644
--- a/lisp/net/tramp.el
+++ b/lisp/net/tramp.el
@@ -315,14 +315,20 @@ pair of the form (KEY VALUE). The following KEYs are
defined:
* `tramp-connection-timeout'
This is the maximum time to be spent for establishing a connection.
In general, the global default value shall be used, but for
- some methods, like \"su\" or \"sudo\", a shorter timeout
- might be desirable.
+ some methods, like \"doas\", \"su\" or \"sudo\", a shorter
+ timeout might be desirable.
* `tramp-session-timeout'
How long a Tramp connection keeps open before being disconnected.
- This is useful for methods like \"su\" or \"sudo\", which
+ This is useful for methods like \"doas\" or \"sudo\", which
shouldn't run an open connection in the background forever.
+ * `tramp-password-previous-hop'
+ The password for this connection is the same like the
+ password for the previous hop. If there is no previous hop,
+ the password of the local user is applied. This is needed
+ for methods like \"doas\", \"sudo\" or \"sudoedit\".
+
* `tramp-case-insensitive'
Whether the remote file system handles file names case insensitive.
Only a non-nil value counts, the default value nil means to
@@ -1427,6 +1433,11 @@ calling HANDLER.")
(put #'tramp-file-name-localname 'tramp-suppress-trace t)
(put #'tramp-file-name-hop 'tramp-suppress-trace t)
+;; Needed for `tramp-read-passwd' and `tramp-get-remote-null-device'.
+(defconst tramp-null-hop
+ (make-tramp-file-name :user (user-login-name) :host tramp-system-name)
+"Connection hop which identifies the virtual hop before the first one.")
+
(defun tramp-file-name-user-domain (vec)
"Return user and domain components of VEC."
(when (or (tramp-file-name-user vec) (tramp-file-name-domain vec))
@@ -5938,8 +5949,8 @@ name of a process or buffer, or nil to default to the
current buffer."
(defun tramp-get-remote-null-device (vec)
"Return null device on the remote host identified by VEC.
-If VEC is nil, return local null device."
- (if (null vec)
+If VEC is nil or `tramp-null-hop', return local null device."
+ (if (or (null vec) (equal vec tramp-null-hop))
null-device
(with-tramp-connection-property vec "null-device"
(let ((default-directory (tramp-make-tramp-file-name vec)))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- master 7e4ef09aa0: Adapt Tramp password prompts for sudo-like methods,
Michael Albinus <=