-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agent: Add support for Windows OpenSSH agent #517
Conversation
cae4ba6
to
61161b2
Compare
I think this is on a technical level ready to merge now. Please let me know if you want me to clean up anything either code wise or commit wise. |
Rebased on master and added support for partial transfers following #510. |
I hate to be that guy, but I would like some forward movement with this sooner rather than later. |
Wouldn't these commits be better squashed into a single one for readability and easier review? It makes it hard to review when the 5 subsequent commits change things in previous commits. I don't know Windows specific things so I cannot comment on those specifics. In general this seems fine and @yodaldevoid says he's tested it. There should be very little risk. |
I've squashed all commits as requested other than the one disabling overlapped IO. I feel that one commit should be left separate. |
Once again being that guy. I have resolved the issues brought up so far and there have been no further issues brought up within the past ~2 weeks. Would you folks be ok with merging this as-is or would you rather have a third party who knows Windows to take a look at it? |
It looks OK to me at first glance, but I don't have a Windows box to test it with. It would be great if more Windows users would take a look at it. |
I'm going to have to throw in the towel on finding someone else to test or review these changes. I've poked around off and on for the past month or so on various communities where I think I might find people who would be interested to help out, but I haven't gotten any bites. I'd rather not leave this PR to languish, but if we want to get more testing before it is merged, I don't see any good way forward. |
I'd like to test this, and have an existing project that uses SSH agent and builds binary packages on Windows to test with. I lack a Windows 10 machine to do the testing on at the moment, but should have some time this weekend to setup a VM for it. |
@pkittenis Do you need any help making the changes required to test this or with setting up the test environment? |
Hi, I have similar, possibly cleaner change that I've written from scratch. master...gim913:openssh-windows P.S. It does not support async io, as I think neither existing unix agent nor putty's pageant code support them. P.S.2 It would be nice to have it included in any form, as libgit has dependency on libssh2... |
@gim913 Would it be possible for you to test my set of patches using your docker method? Did you use any specific docker container? I would prefer to get my set of patches merged, partially because they are more complete and partially because of how long I've waited to get these approved. That said, I don't see anything wrong with your patches, and as long as some sort of support for the Windows OpenSSH agent is added, I don't really care which set of patches are merged. |
@yodaldevoid sure, will try to do this either tomorrow or this week 👍 |
@yodaldevoid I've rebased your branch on top of master and I've made following test: I'm using image that is generated for test purposes via Dockerfile in
It just so happens, that Fire up the image in detatched mode:
Add ssh-key to running agent:
Fire up example:
|
I have put some time into creating a test ensuring that we can authenticate using a key stored in an agent. I have found that it is more complicated than it looks at first blush (at least for me). Long story short, I don't think it is currently feasible to create a test that would work across platforms for authenticating using an agent. I could add a test that just attempts to connect to an agent, but I'm not sure of the value of that. The first problem is adding (and removing) a key to the agent. We can call commands from C easily enough so adding keys should be easy. All OpenSSH implementations work more or less the same and generally use a program named The second problem then revolves around key file permissions. At least on Windows, there is a good chance that when the repo is checked out, the SSH private keys will be readable by too many users, thus causing Other than those two issues, the test runs without a problem. I have not pushed the code up due to the issues I have just listed and because the Windows CI seems to not be running the tests anyway so that needs to be resolved first. I will keep the code around for a future PR. @willco007 @bagder @mback2k @vszakats |
@willco007 @bagder @mback2k @vszakats I see two options: block this on adding an ssh-agent test that can run on all platforms or merge it as is. As I think can be understood, I am partial to merging as is. That said if you, the maintainers, want to block this on some sort of automated test, I'd like to know that now so I can work towards that. To be clear, adding an automated test for this includes not only adding a cross-platform test (or a set of tests that are selected based on platform) but also fixing Windows tests in the CI runner as right now tests are not being run there. Please provide some sort of direction forward. I have seen all but @mback2k voice some level of support for the code as is, and seeing as they are marked as "busy" I can understand why they have not chimed in. |
At this point, short of writing Windows unit tests (and there are a lack of Windows devs on here), I think we should just take it. Any objections? |
I've rebased on top of the current master. Not that it was needed since there were not merge conflicts, I just felt like making this merge as smoothly as possible. |
It looks like a bunch of Linux tests failed due to Docker Hub rate-limiting. Not sure what to do with that. |
I will try to test this during this week. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Except the structural code change suggested above (to make it easier to identify the code taken from another project) this looks good to me and I was successfully able to test this with the libssh2 example ssh2_agent. Thanks a lot!
a55eb77
to
fdc7eef
Compare
The implementation was partially taken and modified from that found in the Portable OpenSSH port to Win32 by the PowerShell team, but mostly based on the existing Unix OpenSSH agent support. https://github.com/PowerShell/openssh-portable Regarding the partial transfer support implementation: partial transfers are easy to deal with, but you need to track additional state when non-blocking IO enters the picture. A tracker of how many bytes have been transfered has been placed in the transfer context struct as that's where it makes most sense. This tracker isn't placed behind a WIN32 #ifdef as it will probably be useful for other agent implementations.
Non-blocking IO is not currently supported by the surrounding agent code, despite a lot of the code having everything set up to handle it.
I believe I have resolved all currently requested changes. Let me know if there is anything else that should be looked at. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, looks good to me. Thanks a lot! I also verified that it still works after the structural changes.
Breaks Cygwin build in snapshots since 20210512 see issue #597. |
I guess we need to add some Cygwin CI builds then. |
I am away for the next week and (probably) won't be able to work on this until then. |
I will try to work on it this weekend. |
Thanks for looking at this.
where
I've hacked up the production Cygwin libssh2.cygport to allow me to manually specify snapshots to check those builds, but the date expression should normally be used, as it compensates for time zones to download the latest available snapshot, commented out to download release tarballs, or further tweaked to use git repos as sources. |
We should probably keep further discussion of the cygwin issue in #597 or a new issue. |
I threw this together over a few days loosely based on the corresponding code in OpenSSH.
Things left to clean up:
git@github.com
with just libssh2 and another program that clones a repo from Github over ssh using libgit2 (which uses libssh2). I don't see a way to run automated tests against the Windows OpenSSH agent currently as it has a hard-coded pipe path making it impossible to run two agents at the same time.Support async IOFixes #501