From patchwork Wed Feb 19 12:52:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Lars-Dominik Braun X-Patchwork-Id: 20316 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BC56A27BBEA; Wed, 19 Feb 2020 12:53:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 47FD527BBE4 for ; Wed, 19 Feb 2020 12:53:11 +0000 (GMT) Received: from localhost ([::1]:51908 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j4Oqk-0003UD-NF for patchwork@mira.cbaines.net; Wed, 19 Feb 2020 07:53:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:58293) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j4Oqd-0003S3-26 for guix-patches@gnu.org; Wed, 19 Feb 2020 07:53:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j4Oqb-0007Ug-TZ for guix-patches@gnu.org; Wed, 19 Feb 2020 07:53:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:35771) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1j4Oqb-0007UU-Py for guix-patches@gnu.org; Wed, 19 Feb 2020 07:53:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1j4Oqb-0006YN-OO for guix-patches@gnu.org; Wed, 19 Feb 2020 07:53:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#38541] [PATCH] ssh: Add Kerberos-support to ssh:// daemon URLs Resent-From: Lars-Dominik Braun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 19 Feb 2020 12:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38541 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?utf-8?q?Court=C3=A8s?= Cc: 38541@debbugs.gnu.org Received: via spool by 38541-submit@debbugs.gnu.org id=B38541.158211677525179 (code B ref 38541); Wed, 19 Feb 2020 12:53:01 +0000 Received: (at 38541) by debbugs.gnu.org; 19 Feb 2020 12:52:55 +0000 Received: from localhost ([127.0.0.1]:41744 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j4OqU-0006Y3-Jw for submit@debbugs.gnu.org; Wed, 19 Feb 2020 07:52:54 -0500 Received: from mail-wr1-f43.google.com ([209.85.221.43]:38937) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j4OqS-0006Xn-2j for 38541@debbugs.gnu.org; Wed, 19 Feb 2020 07:52:53 -0500 Received: by mail-wr1-f43.google.com with SMTP id y11so391404wrt.6 for <38541@debbugs.gnu.org>; Wed, 19 Feb 2020 04:52:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leibniz-psychology-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=dLdbu+J2OPbcVaaKmJO5lvXjO53sGftRDZeNu+nu8CA=; b=pw3psZP18bAnaiQlfLzyCgzkt3HkowGGDXBvimUSatSw0vwWjFlzV94JB2qouaAVP4 L/xP4B2iOPLmOieXkDkA6TeCfVNlnYkj/jgTdDdW/CngHLg5GijIhMCYr9qXdLPDlHBl uYSOT29onLv17RT0o6FnHfNpdeTDosqcg23BkB7Ss2mmTzhleNFF4/bYQPmSgfjk0+iU /v65rRsqk4KSzeK+c7Ghu1wMGQ8WnY6B78W40Ro47WRn+LMAjR5VOYOHX3CPkovrLayt XtBcfrw11d4HlevzIgLHPMR5nFKb6yYq9n+44BAKWU0jCQ1WYL26zzoUK10HNcKECtFp DNdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=dLdbu+J2OPbcVaaKmJO5lvXjO53sGftRDZeNu+nu8CA=; b=ltMl+uR0RGVq2mF5fnaVtFWlLQ1DfFflacnN9+7aN5I8Dbq4+fngPXBIQp4CnOlDj2 TIe/gDRS/hH69pGShElhuUzRZd2Pg93pAwRGWZnO6whPmeCN//OJ1fnWdXfe87vyBozy JXalhuUiCRHtuXuQYMaHdbRRi5Hq9iwx/svdZW5gFi2HXq6gpkKbaODd6fnQ1n6jVX44 jD1TMp40RKWj+mXjbt18RUPv2YTd3ozIgKDEvavGqbtsSHzhlJ9JJeSQxrUxPMN/1hPQ 8HLgfmRrgVrlTSw7uf0ElRqKHknGwJhuMFbUn8HxMXGxFgCaq6naRYxiSXDgRPVlQhxW oEqA== X-Gm-Message-State: APjAAAUlGNIz49wExUdobAq4wHzdv6dNi0XSUD+y2tVxp6bMUWSeb1Sf sbe8QLn7sDxsy+zeKAQ3L+sAuD/3A1YytW+8twBnvmVlVBd1mflV1iAdoK5R/2qbZ8i3lgMIa4D CQYZT0XoCR0+E9jGjt8AsSJ3GTpQ/QNsvXCGIsV07cBNOOwA8+IeoE+ypyy5TPJ7exr0i6HgkTX 35Id0= X-Google-Smtp-Source: APXvYqy8MhGbnscjOr1VDUVY415/dIARj+AgR10aOztKkTneThBw9zXTVG3VvBHe9HJFVS6yV7TnHw== X-Received: by 2002:adf:f349:: with SMTP id e9mr13229776wrp.394.1582116766051; Wed, 19 Feb 2020 04:52:46 -0800 (PST) Received: from localhost (zpidlx9.uni-trier.de. [136.199.85.49]) by smtp.gmail.com with ESMTPSA id a22sm2967348wmd.20.2020.02.19.04.52.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Feb 2020 04:52:44 -0800 (PST) Date: Wed, 19 Feb 2020 13:52:51 +0100 From: Lars-Dominik Braun Message-ID: <20200219125251.GC2938@zpidnp36> References: <20191209083737.GA10190@zpidnp36> <87a77uwkh1.fsf@gnu.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <87a77uwkh1.fsf@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Hey, now that guile-ssh 0.12.0 has landed in guix (commit 38655d7b88ae9d82208e5750480c9b91dd9dda8b), I’ve update the patch, see attached files. Lars From 8c5246eb6e38cfb97a1580876fe484e1a038fef6 Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Wed, 19 Feb 2020 11:13:54 +0100 Subject: [PATCH 2/2] ssh: Add Kerberos-support to ssh:// daemon URLs * guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work --- doc/guix.texi | 5 +++-- guix/ssh.scm | 15 ++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index afb70d5378..f1ca285a25 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6811,8 +6811,9 @@ instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over -SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}. -A typical URL might look like this: +SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working +@code{guile} binary in @code{PATH} on the destination machine. It supports +public key and GSSAPI authentication. A typical URL might look like this: @example ssh://charlie@@guix.example.org:22 diff --git a/guix/ssh.scm b/guix/ssh.scm index 291ce20b61..56b49b177f 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -157,11 +157,16 @@ server at '~a': ~a") (session-set! session 'timeout timeout) session) (x - (disconnect! session) - (raise (condition - (&message - (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") - host (get-error session))))))))) + (match (userauth-gssapi! session) + ('success + (session-set! session 'timeout timeout) + session) + (x + (disconnect! session) + (raise (condition + (&message + (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") + host (get-error session))))))))))) (x ;; Connection failed or timeout expired. (raise (condition -- 2.20.1