From: Michael Albinus Date: Sat, 11 May 2024 08:03:45 +0000 (+0200) Subject: New Tramp method "run0" X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=74ecd60bf4a2823fb665be90c62eb32c54380734;p=emacs.git New Tramp method "run0" * doc/misc/tramp.texi (Quick Start Guide, Inline methods) (Password handling, Predefined connection information) (Ad-hoc multi-hops): Add "run0". (Remote processes): Mention tramp-use-connection-share. * etc/NEWS: New Tramp method "run0". * lisp/net/tramp.el (tramp-completion-dissect-file-name): * lisp/net/tramp-cmds.el (tramp-list-remote-buffers): * lisp/net/tramp-smb.el (tramp-smb-handle-insert-directory): Use `tramp-compat-keep-seq'. * lisp/net/tramp-cmds.el (tramp-file-name-with-method): Add "run0". * lisp/net/tramp-sh.el (tramp-enable-run0-method): New defun. (tramp-sh-handle-expand-file-name): Add "run0". (tramp-maybe-open-connection): Simplify setting timeout. (cherry picked from commit b43c31d2f50dc71680dfd62412ce9b9afb6c65a4) --- diff --git a/doc/misc/tramp.texi b/doc/misc/tramp.texi index 76d8136d196..7ec9746eb8b 100644 --- a/doc/misc/tramp.texi +++ b/doc/misc/tramp.texi @@ -489,14 +489,16 @@ an @command{ssh} server: @file{@trampfn{plink,user@@host,/path/to/file}}. -@anchor{Quick Start Guide su, sudo, doas, androidsu and sg methods} -@section Using @option{su}, @option{sudo}, @option{doas}, @option{androidsu} and @option{sg} +@anchor{Quick Start Guide su, sudo, doas, run0, androidsu and sg methods} +@section Using @option{su}, @option{sudo}, @option{doas}, @option{run0}, @option{androidsu} and @option{sg} @cindex method @option{su} @cindex @option{su} method @cindex method @option{sudo} @cindex @option{sudo} method @cindex method @option{doas} @cindex @option{doas} method +@cindex method @option{run0} +@cindex @option{run0} method @cindex method @option{androidsu} @cindex @option{androidsu} method @cindex method @option{sg} @@ -504,9 +506,11 @@ an @command{ssh} server: Sometimes, it is necessary to work on your local host under different permissions. For this, you can use the @option{su} or @option{sudo} -connection method. On OpenBSD systems, the @option{doas} connection -method offers the same functionality. If your local system is -Android, use the method @option{androidsu} instead of @option{su}. +connection method. If your system is @code{systemd}-based, there is +the @option{run0} connection method. On OpenBSD systems, the +@option{doas} connection method offers the same functionality. If +your local system is Android, use the method @option{androidsu} +instead of @option{su}. These methods use @samp{root} as default user name and the return value of @code{(system-name)} as default host name. Therefore, it is @@ -516,8 +520,8 @@ The method @option{sg} stands for ``switch group''; here the user name is used as the group to change to. The default host name is the same. -@anchor{Quick Start Guide Combining ssh, plink, su, sudo and doas methods} -@section Combining @option{ssh} or @option{plink} with @option{su}, @option{sudo} or @option{doas} +@anchor{Quick Start Guide Combining ssh, plink, su, sudo, doas and run0 methods} +@section Combining @option{ssh} or @option{plink} with @option{su}, @option{sudo}, @option{doas} or @option{run0} @cindex method @option{ssh} @cindex @option{ssh} method @cindex method @option{plink} @@ -528,13 +532,15 @@ is used as the group to change to. The default host name is the same. @cindex @option{sudo} method @cindex method @option{doas} @cindex @option{doas} method - -If the @option{su}, @option{sudo} or @option{doas} option should be -performed on another host, it can be combined with a leading -@option{ssh} or @option{plink} option. That means that @value{tramp} -connects first to the other host with non-administrative credentials, -and changes to administrative credentials on that host afterwards. In -a simple case, the syntax looks like +@cindex method @option{run0} +@cindex @option{run0} method + +If the @option{su}, @option{sudo}, @option{doas} or @option{run0} +method should be performed on another host, it can be combined with a +leading @option{ssh} or @option{plink} method. That means that +@value{tramp} connects first to the other host with non-administrative +credentials, and changes to administrative credentials on that host +afterwards. In a simple case, the syntax looks like @file{@trampfn{ssh@value{postfixhop}user@@host|sudo,,/path/to/file}}. @xref{Ad-hoc multi-hops}. @@ -882,6 +888,16 @@ This method is used on OpenBSD like the @command{sudo} command. Like the @option{sudo} method, a @option{doas} connection is disabled after a predefined timeout. +@item @option{run0} +@cindex method @option{run0} +@cindex @option{run0} method + +This method is used on @code{systemd}-based hosts. Internally, it +uses the @code{systemd-run} command. A @option{run0} connection is +disabled after a predefined timeout as well. + +This is an optional method, @ref{Optional methods}. + @item @option{sg} @cindex method @option{sg} @cindex @option{sg} method @@ -2104,8 +2120,9 @@ machine melancholia#4711 port davs login daniel%BIZARRE password geheim For the methods @option{doas}, @option{sudo} and @option{sudoedit} the password of the user requesting the connection is needed, and not the -password of the target user. If these connections happen on the local -host, an entry with the local user and local host is used: +password of the target user@footnote{On the local host, @code{run0} +uses a graphical password agent.}. If these connections happen on the +local host, an entry with the local user and local host is used: @example machine @var{host} port sudo login @var{user} password secret @@ -2278,8 +2295,8 @@ All @file{tramp-sh.el} based methods accept the property @t{"session-timeout"}. This is the time (in seconds) after a connection is disabled for security reasons, and must be reestablished. A value of @code{nil} disables this feature. Most of -the methods do not set this property except the @option{sudo} and -@option{doas} methods, which use predefined values. +the methods do not set this property except the @option{sudo}, +@option{doas} and @option{run0} methods, which use predefined values. @item @t{"~"}@* @t{"~user"} @@ -3815,7 +3832,7 @@ The buffer must either visit a file, or a directory @defopt tramp-file-name-with-method The method @code{tramp-revert-buffer-with-sudo} shows an alternate buffer. It defaults to @code{sudo}, other valid methods are -@code{su}, @code{doas}, and @code{ksu}. +@code{su}, @code{doas}, @code{run0}, and @code{ksu}. @lisp (customize-set-variable 'tramp-file-name-with-method "doas") @@ -4056,7 +4073,9 @@ here will not work as expected. @vindex ForwardX11Trusted@r{, ssh option} An alternate approach is specify @option{ForwardX11 yes} or @option{ForwardX11Trusted yes} in @file{~/.ssh/config} on the local -host. +host. Furthermore, set @code{tramp-use-connection-share} to +@code{nil} (@pxref{Using ssh connection sharing}), in order to avoid +unwanted side effects. @subsection Running @code{shell} on a remote host diff --git a/etc/NEWS b/etc/NEWS index df335f80e8d..c1827b3d19a 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1167,6 +1167,11 @@ This provides access to system files with elevated privileges granted by the idiosyncratic 'su' implementations and system utilities customary on Android. ++++ +*** New optional connection method "run0". +This connection method is similar to "sudo", but it uses the +'systemd-run' program internally. + +++ *** New connection methods "dockercp" and "podmancp". These are the external methods counterparts of "docker" and "podman". diff --git a/lisp/net/tramp-cmds.el b/lisp/net/tramp-cmds.el index f381c2e9ff0..6cd856c10e5 100644 --- a/lisp/net/tramp-cmds.el +++ b/lisp/net/tramp-cmds.el @@ -70,12 +70,10 @@ SYNTAX can be one of the symbols `default' (default), ;;;###tramp-autoload (defun tramp-list-remote-buffers () "Return a list of all buffers with remote `default-directory'." - (delq - nil - (mapcar - (lambda (x) - (when (tramp-tramp-file-p (tramp-get-default-directory x)) x)) - (buffer-list)))) + (tramp-compat-seq-keep + (lambda (x) + (when (tramp-tramp-file-p (tramp-get-default-directory x)) x)) + (buffer-list))) ;;; Cleanup @@ -567,6 +565,7 @@ For details, see `tramp-rename-files'." :type '(choice (const "su") (const "sudo") (const "doas") + (const "run0") (const "ksu"))) (defun tramp-file-name-with-sudo (filename) diff --git a/lisp/net/tramp-sh.el b/lisp/net/tramp-sh.el index 4347bf93ac2..7b7eca19316 100644 --- a/lisp/net/tramp-sh.el +++ b/lisp/net/tramp-sh.el @@ -501,6 +501,24 @@ The string is used in `tramp-methods'.") (tramp-set-completion-function "nc" tramp-completion-function-alist-telnet)) +;;;###tramp-autoload +(defun tramp-enable-run0-method () + "Enable \"run0\" method." + (add-to-list 'tramp-methods + `("run0" + (tramp-login-program "systemd-run") + (tramp-login-args (("--uid" "%u") ("-t") ("%l"))) + (tramp-remote-shell ,tramp-default-remote-shell) + (tramp-remote-shell-args ("-c")) + (tramp-connection-timeout 10) + (tramp-session-timeout 300) + (tramp-password-previous-hop t))) + + (add-to-list 'tramp-default-user-alist + `(,(rx bos "run0" eos) nil ,tramp-root-id-string)) + + (tramp-set-completion-function "run0" tramp-completion-function-alist-su)) + ;;;###tramp-autoload (defun tramp-enable-ksu-method () "Enable \"ksu\" method." @@ -2911,7 +2929,7 @@ the result will be a local, non-Tramp, file name." ;; use a user name from the config file. (when (and (tramp-string-empty-or-nil-p uname) (string-match-p - (rx bos (| "su" "sudo" "doas" "ksu") eos) method)) + (rx bos (| "su" "sudo" "doas" "run0" "ksu") eos) method)) (setq uname user)) (when (setq hname (tramp-get-home-directory v uname)) (setq localname (concat hname fname))))) @@ -5386,12 +5404,11 @@ connection if a previous connection has died for some reason." :host l-host :port l-port))) ;; Set session timeout. - (when (tramp-get-method-parameter - hop 'tramp-session-timeout) + (when-let ((timeout + (tramp-get-method-parameter + hop 'tramp-session-timeout))) (tramp-set-connection-property - p "session-timeout" - (tramp-get-method-parameter - hop 'tramp-session-timeout))) + p "session-timeout" timeout)) ;; Replace `login-args' place holders. (setq diff --git a/lisp/net/tramp-smb.el b/lisp/net/tramp-smb.el index 3616cad2fb3..a51b2b904ec 100644 --- a/lisp/net/tramp-smb.el +++ b/lisp/net/tramp-smb.el @@ -1068,17 +1068,15 @@ PRESERVE-UID-GID and PRESERVE-EXTENDED-ATTRIBUTES are completely ignored." ;; Filter entries. (setq entries - (delq - nil (if (or wildcard (string-empty-p base)) ;; Check for matching entries. - (mapcar + (tramp-compat-seq-keep (lambda (x) (when (string-match-p (rx bol (literal base)) (nth 0 x)) x)) entries) ;; We just need the only and only entry FILENAME. - (list (assoc base entries))))) + (list (assoc base entries)))) ;; Sort entries. (setq entries diff --git a/lisp/net/tramp.el b/lisp/net/tramp.el index c0c83464ee8..ffef051cbe3 100644 --- a/lisp/net/tramp.el +++ b/lisp/net/tramp.el @@ -2968,17 +2968,15 @@ They are collected by `tramp-completion-dissect-file-name1'." (regexp tramp-prefix-ipv6-regexp) (group (? (regexp tramp-ipv6-regexp))) eol) 1 2 3 nil))) - (delq - nil - (mapcar - (lambda (structure) (tramp-completion-dissect-file-name1 structure name)) - (list - tramp-completion-file-name-structure1 - tramp-completion-file-name-structure2 - tramp-completion-file-name-structure3 - tramp-completion-file-name-structure4 - tramp-completion-file-name-structure5 - tramp-completion-file-name-structure6))))) + (tramp-compat-seq-keep + (lambda (structure) (tramp-completion-dissect-file-name1 structure name)) + (list + tramp-completion-file-name-structure1 + tramp-completion-file-name-structure2 + tramp-completion-file-name-structure3 + tramp-completion-file-name-structure4 + tramp-completion-file-name-structure5 + tramp-completion-file-name-structure6)))) (defun tramp-completion-dissect-file-name1 (structure name) "Return a `tramp-file-name' structure for NAME matching STRUCTURE. @@ -4767,10 +4765,10 @@ Do not set it manually, it is used buffer-local in `tramp-get-lock-pid'.") vec "Method `%s' is not supported for multi-hops" (tramp-file-name-method item))))) - ;; Some methods ("su", "sg", "sudo", "doas", "ksu") do not use the - ;; host name in their command template. In this case, the remote - ;; file name must use either a local host name (first hop), or a - ;; host name matching the previous hop. + ;; Some methods ("su", "sg", "sudo", "doas", "run0", "ksu") do not + ;; use the host name in their command template. In this case, the + ;; remote file name must use either a local host name (first hop), + ;; or a host name matching the previous hop. (let ((previous-host (or tramp-local-host-regexp ""))) (setq choices target-alist) (while (setq item (pop choices))