diff options
| -rw-r--r-- | Annex/Ssh.hs | 15 | ||||
| -rw-r--r-- | CmdLine/GitAnnex.hs | 10 | ||||
| -rw-r--r-- | doc/design/assistant/sshpassword.mdwn | 2 |
3 files changed, 22 insertions, 5 deletions
diff --git a/Annex/Ssh.hs b/Annex/Ssh.hs index 159480121..21bb83e28 100644 --- a/Annex/Ssh.hs +++ b/Annex/Ssh.hs @@ -16,6 +16,8 @@ module Annex.Ssh ( sshCachingTo, inRepoWithSshCachingTo, runSshCaching, + sshAskPassEnv, + runSshAskPass ) where import qualified Data.Map as M @@ -230,7 +232,7 @@ sshReadPort params = (port, reverse args) {- When this env var is set, git-annex runs ssh with parameters - to use the socket file that the env var contains. - - - This is a workaround for GiT_SSH not being able to contain + - This is a workaround for GIT_SSH not being able to contain - additional parameters to pass to ssh. -} sshCachingEnv :: String sshCachingEnv = "GIT_ANNEX_SSHCACHING" @@ -268,8 +270,17 @@ sshCachingTo remote g where uncached = return g -runSshCaching :: [String] -> String -> IO () +runSshCaching :: [String] -> FilePath -> IO () runSshCaching args sockfile = do let args' = toCommand (sshConnectionCachingParams sockfile) ++ args let p = proc "ssh" args' exitWith =<< waitForProcess . processHandle =<< createProcess p + +{- When this env var is set, git-annex is being used as a ssh-askpass + - program, and should read the password from the specified location, + - and output it for ssh to read. -} +sshAskPassEnv :: String +sshAskPassEnv = "GIT_ANNEX_SSHASKPASS" + +runSshAskPass :: FilePath -> IO () +runSshAskPass passfile = putStrLn =<< readFile passfile diff --git a/CmdLine/GitAnnex.hs b/CmdLine/GitAnnex.hs index c37e44a2d..e4dd29b67 100644 --- a/CmdLine/GitAnnex.hs +++ b/CmdLine/GitAnnex.hs @@ -199,5 +199,11 @@ run args = do #ifdef WITH_EKG _ <- forkServer "localhost" 4242 #endif - maybe (dispatch True args cmds gitAnnexOptions [] header Git.CurrentRepo.get) - (runSshCaching args) =<< getEnv sshCachingEnv + go envmodes + where + go [] = dispatch True args cmds gitAnnexOptions [] header Git.CurrentRepo.get + go ((v, a):rest) = maybe (go rest) a =<< getEnv v + envmodes = + [ (sshCachingEnv, runSshCaching args) + , (sshAskPassEnv, runSshAskPass) + ] diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn index c44259865..0113144c5 100644 --- a/doc/design/assistant/sshpassword.mdwn +++ b/doc/design/assistant/sshpassword.mdwn @@ -41,7 +41,7 @@ which gets the password from the webapp, and outputs it to stdout. Seems to call for the webapp and program to communicate over a local socket (locked down so only user can access) or environment. Environment is not as secure (easily snooped by root). -Local socket probably won't work on Windows. +Local socket probably won't work on Windows. Could just use a temp file. Note that the webapp can probe to see if ssh needs a password, and can prompt the user for it before running ssh and the ssh-askpass shim. |