martin/emacs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Let Tramp sudo sessions expire after a timeout

Browse Source 
* doc/misc/tramp.texi (Inline methods) <sudo, doas>: Both methods expire
the underlying session per default.
(Predefined connection information): Explain "session-timeout".

* etc/NEWS: Mention Tramp session expiration.

* lisp/net/tramp-sh.el (tramp-methods) <sudo, doas>:
Add `tramp-session-timeout'.
(tramp-timeout-session): New defun.
(tramp-maybe-open-connection): Handle session timeout.

* lisp/net/tramp.el (tramp-methods): Adapt docstring.
(tramp-equal-remote): Extend.
This commit is contained in:
Michael Albinus
2018-11-21 13:23:01 +01:00
parent 166f6274b4
commit fb200f3e57
4 changed files with 84 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
doc/misc/tramp.texi
View File

@@ -721,11 +721,17 @@ the host returned by the function @command{(system-name)}. See
Similar to @option{su} method, @option{sudo} uses @command{sudo}.
@command{sudo} must have sufficient rights to start a shell.
Due to security reasons, a @option{sudo} connection is disabled after
a predefined timeout (5 minutes per default). This can be changed,
see @ref{Predefined connection information}.
@item @option{doas}
@cindex method @option{doas}
@cindex @option{doas} method
This method is used on OpenBSD like the @command{sudo} command.
This method is used on OpenBSD like the @command{sudo} command. Like
the @option{sudo} method, a @option{sudo} connection is disabled after
a predefined timeout.
@item @option{sg}
@cindex method @option{sg}
@@ -1826,6 +1832,24 @@ The parameters @code{tramp-remote-shell} and
@code{tramp-remote-shell-login} in @code{tramp-methods} now have new
values for the remote host.
A common use case is to override the session timeout of a connection,
that is the time (in seconds) after a connection is disabled, and must
be reestablished. This can be set for any connection; for the
@option{sudo} and @option{doas} methods there exist predefined values.
A value of @code{nil} disables this feature. For example:
@lisp
@group
(add-to-list 'tramp-connection-properties
(list (regexp-quote "@trampfn{sudo,root@@system-name,}")
"session-timeout" 30))
@end group
@end lisp
@noindent
@samp{system-name} stands here for the host returned by the function
@command{(system-name)}.
@var{property} could also be any property found in
@code{tramp-persistency-file-name}.

5
etc/NEWS
View File

@@ -832,6 +832,11 @@ Tramp for some look-alike remote file names.
*** For some connection methods, like "su" or "sudo", the host name in
ad-hoc multi-hop file names must match the previous hop.
+++
*** For the connection methods "sudo" and "doas" there exists a
timeout, after which the underlying session is disabled. This is for
security reasons.
** Rcirc
---

54
lisp/net/tramp-sh.el
View File

@@ -271,14 +271,13 @@ The string is used in `tramp-methods'.")
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)))
;;;###tramp-autoload
(add-to-list
'tramp-methods
'("sg"
(tramp-login-program "sg")
(tramp-login-args (("-") ("%u")))
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)))
(add-to-list 'tramp-methods
'("sg"
(tramp-login-program "sg")
(tramp-login-args (("-") ("%u")))
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)))
;;;###tramp-autoload
(add-to-list 'tramp-methods
'("sudo"
@@ -292,7 +291,8 @@ The string is used in `tramp-methods'.")
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-login ("-l"))
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)))
(tramp-connection-timeout 10)
(tramp-session-timeout 300)))
;;;###tramp-autoload
(add-to-list 'tramp-methods
'("doas"
@@ -300,7 +300,8 @@ The string is used in `tramp-methods'.")
(tramp-login-args (("-u" "%u") ("-s")))
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-args ("-c"))
(tramp-connection-timeout 10)))
(tramp-connection-timeout 10)
(tramp-session-timeout 300)))
;;;###tramp-autoload
(add-to-list 'tramp-methods
'("ksu"
@@ -4371,16 +4372,14 @@ Goes through the list `tramp-local-coding-commands' and
vec 5 "Checking local encoding function `%s'" loc-enc)
(tramp-message
vec 5 "Checking local encoding command `%s' for sanity" loc-enc)
(unless (zerop (tramp-call-local-coding-command
loc-enc nil nil))
(unless (zerop (tramp-call-local-coding-command loc-enc nil nil))
(throw 'wont-work-local nil)))
(if (not (stringp loc-dec))
(tramp-message
vec 5 "Checking local decoding function `%s'" loc-dec)
(tramp-message
vec 5 "Checking local decoding command `%s' for sanity" loc-dec)
(unless (zerop (tramp-call-local-coding-command
loc-dec nil nil))
(unless (zerop (tramp-call-local-coding-command loc-dec nil nil))
(throw 'wont-work-local nil)))
;; Search for remote coding commands with the same format
(while (and remote-commands (not found))
@@ -4702,6 +4701,19 @@ Goes through the list `tramp-inline-compress-commands'."
" -o ControlPersist=no")))))))))
tramp-ssh-controlmaster-options)))
(defun tramp-timeout-session (vec)
"Close the connection VEC after a session timeout.
If there is just some editing, retry it after 5 seconds."
(if (and tramp-locked tramp-locker
(tramp-equal-remote vec tramp-current-connection))
(progn
(tramp-message
vec 5 "Cannot timeout session, trying it again in %s seconds." 5)
(run-at-time 5 nil 'tramp-timeout-session vec))
(tramp-message
vec 3 "Timeout session %s" (tramp-make-tramp-file-name vec 'localname))
(tramp-cleanup-connection vec 'keep-debug)))
(defun tramp-maybe-open-connection (vec)
"Maybe open a connection VEC.
Does not do anything if a connection is already open, but re-opens the
@@ -4878,6 +4890,14 @@ connection if a previous connection has died for some reason."
:method l-method :user l-user :domain l-domain
:host l-host :port l-port))
;; Set session timeout.
(when (tramp-get-method-parameter
hop 'tramp-session-timeout)
(tramp-set-connection-property
p "session-timeout"
(tramp-get-method-parameter
hop 'tramp-session-timeout)))
;; Add login environment.
(when login-env
(setq
@@ -4941,6 +4961,12 @@ connection if a previous connection has died for some reason."
;; Set connection-local variables.
(tramp-set-connection-local-variables vec)
;; Activate session timeout.
(when (tramp-get-connection-property p "session-timeout" nil)
(run-at-time
(tramp-get-connection-property p "session-timeout" nil) nil
'tramp-timeout-session vec))
;; Make initial shell settings.
(tramp-open-connection-setup-interactive-shell p vec)

18
lisp/net/tramp.el
View File

@@ -248,6 +248,10 @@ pair of the form (KEY VALUE). The following KEYs are defined:
In general, the global default value shall be used, but for
some methods, like \"su\" or \"sudo\", a shorter timeout
might be desirable.
* `tramp-session-timeout'
How long a Tramp connection keeps open before being disconnected.
This is useful for methods like \"su\" or \"sudo\", which
shouldn't run an open connection in the background forever.
* `tramp-case-insensitive'
Whether the remote file system handles file names case insensitive.
Only a non-nil value counts, the default value nil means to
@@ -4074,10 +4078,16 @@ Example:
would yield t. On the other hand, the following check results in nil:
(tramp-equal-remote \"/sudo::/etc\" \"/su::/etc\")"
(and (tramp-tramp-file-p file1)
(tramp-tramp-file-p file2)
(string-equal (file-remote-p file1) (file-remote-p file2))))
(tramp-equal-remote \"/sudo::/etc\" \"/su::/etc\")
FILE1 and FILE2 could also be Tramp vectors."
(or (and (tramp-tramp-file-p file1)
(tramp-tramp-file-p file2)
(string-equal (file-remote-p file1) (file-remote-p file2)))
(and (tramp-file-name-p file1)
(tramp-file-name-p file2)
(string-equal (tramp-make-tramp-file-name file1 'localname)
(tramp-make-tramp-file-name file2 'localname)))))
;;;###tramp-autoload
(defun tramp-mode-string-to-int (mode-string)