The sshaskpass is not only a mercurial extension, but also a script that
runs separately, in which case it cannot import mercurial modules. So let's
fallback to os.environ.
Summary:
test-check-code.t was updated in core mercurial so we have to fix it in
fb-hgext
Test Plan: arc unit
Reviewers: #sourcecontrol, quark
Reviewed By: quark
Subscribers: quark, mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D4377208
Signature: t1:4377208:1483451688:bc382cdab07c6d6127d67c902458a2ccfa1373d1
Summary:
The current `sshaskpass` implementation relies on `stdin` and `stderr` being
TTYs. That can not be guaranteed if pager is used. With chg enabled, the chg
client will call `attachio` when starting the pager, and it which will override
both `stdin` and `stderr` to the pipes created by the chg pager logic. This
causes failures when a paged command (like `hg diff`) needs interactive ssh
authentication (happens when remotefilelog cache misses).
This patch fixes it by backing up TTY fds inside the `sshaskpass` module. With
chg enabled, the first `attachio` (before starting pager) can provide TTY fds,
where we just back them up. The second `attachio` (after pager started) will
override `ui.fin/fout`, `sys.stdin/stdout` to non-tty fds but it does not matter
since we have backups.
Test Plan:
Run the following command in a remotefilelog repo:
```
rm /tmp/chg$UID /tmp/r -rf; chg diff --config remotefilelog.cachepath=/tmp/r --debug --pager=on
```
And confirm password prompt works as expected.
Reviewers: rmcelroy, #sourcecontrol, durham
Reviewed By: durham
Subscribers: mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D4032236
Signature: t1:4032236:1476755400:80fc6007b6fb2f9fe83cf6570d80a2b431fc069f
Summary:
While on Linux, `ssh` prompts `username's password:`, the OS X uses
`Password:`. Change `_shoulddisableecho` to include that case.
Test Plan:
Run `chg push ssh://localhost//tmp/foo` on an OS X system and check echo
is disabled for the password prompt.
Reviewers: #mercurial, ttung, durham
Reviewed By: durham
Subscribers: durham, mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3841947
Signature: t1:3841947:1473440175:ea2c171a4bfda9d00b4de8c7c51bb00d0b7194f1
Summary:
The sshaskpass code is both an hg extension and a standalone python script.
In the latter case, it does not need to import mercurial packages (and
doing that may cause `ImportError` if `mercurial` is not in python path).
Test Plan:
Manually make the change in a Mac Mini device and check `chg pull` works
with ssh password authentication.
Reviewers: #mercurial, ttung, durham
Reviewed By: durham
Subscribers: mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3799653
Signature: t1:3799653:1472675282:9f7e9f4f29281db239f33cf396057ea12ff21773
Summary:
Before this patch, sshaskpass has a hardcoded tmp directory, which, if being
abused, can break sshaskpass from working. This diff fixes the issue by
using tempfile.mkdtemp.
Test Plan:
Run `chg push -r . ssh://root@localhost//tmp/foo -f --allow-ano` and make
sure ssh password prompt works. Also run the sshaskpass test.
Reviewers: #mercurial, ttung, rmcelroy
Reviewed By: rmcelroy
Subscribers: mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3705674
Signature: t1:3705674:1471373405:aec54ac685b060efb616307552cebcccee5cebe8
Summary:
This diff makes the prompt similar to what systemd does. See the screenshot:
{F62774663}
It solves an issue that with echo disabled, the user won't know whether they
have pressed ENTER or not - the cursor won't move. Now it explicitly prints
"AUTHENTICATION COMPLETE".
Test Plan: As the screenshot, and also run the sshaskpass test.
Reviewers: #mercurial, ttung, rmcelroy
Reviewed By: rmcelroy
Subscribers: rmcelroy, mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3705703
Signature: t1:3705703:1471008095:863ff9820b87ea3f4631295b10472802fb5e459f
Summary:
Before this patch, sshaskpass will set SSH_ASKPASS to itself, aka. `__file__`.
This won't work if sshaskpass.py gets installed by setup.py because setup.py
will remove its `+x` bit.
Test Plan:
Run `chg push -r . ssh://root@localhost//tmp/foo -f --allow-ano` and make
sure ssh password prompt works.
Reviewers: #mercurial, ttung, rmcelroy
Reviewed By: rmcelroy
Subscribers: mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3705657
Signature: t1:3705657:1471008122:9cfa3adf078e4bbe8f6b6ba05d1fb6be513d3e71
Summary:
We need to get the `.py` file name from `__file__`, which could be `.pyc`
and `.pyo`. Previously only `.pyc` is handled. This diff handles `.pyo`
as well.
Test Plan: Run existing tests
Reviewers: ttung, mjpieters, #mercurial, simonfar
Reviewed By: simonfar
Subscribers: simonfar, mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3627929
Signature: t1:3627929:1469625182:1c0f5f720fe7eb4cbe3e6abd8e9407ced617d2a0
Summary:
During chg pull or push over ssh, ssh is started by chgserver which does not
have a controlling tty. Therefore the ssh process won't be able to ask for
passwords interactively.
This is actually a hard issue because an unprivileged process without a ctty
cannot attach to a ctty of another process.
The discussion at upstream tends to make it clear it's part of limitations
of chg. Therefore if we decide to workaround it, it has to live outside core,
thus fb-hgext.
GUI ssh-askpass is actually a good and clean choice. See D3510178 and D3515604.
However, they are for OS X but not Linux.
This diff is a very hacky solution to make ssh-askpass works in terminal.
It starts a "tty server" providing tty I/O fds and set `SSH_ASKPASS` to use a
custom script talking to the "tty server".
Test Plan:
Run the new test. Start a sshd locally and try:
```
$ hg push ssh://root@localhost/tmp
pushing to ssh://root@localhost/tmp
root@localhost's password:
remote: Permission denied (publickey,password).
abort: no suitable response from remote hg!
$ chg push ssh://root@localhost/tmp
pushing to ssh://root@localhost/tmp
==== SSH Authenticating ====
root@localhost's password:
remote: Permission denied (publickey,password).
abort: no suitable response from remote hg!
```
Reviewers: #mercurial, ttung, mpm
Reviewed By: mpm
Subscribers: durham, mpm, mjpieters
Differential Revision: https://phabricator.intern.facebook.com/D3577509
Tasks: 12029680
Signature: t1:3577509:1469467700:cd93565bd47e535bb4cb41fcdaa39e45dddfae28