Re: SSH Tunneling Patch

Hi

I committed the patch a little while back after testing successfully
on Linux, Windows and Mac and adding some docs. Unfortunately, since
then I've seen the following issues:

- On OS X Tiger 10.4 (the EDB machine Tanaka), I got a compile failure:

utils/sshTunnel.cpp:46: error: invalid conversion from 'const char*
(*)(int, const void*, char*, size_t)' to 'const char* (*)(int, const
void*, char*, socklen_t)'
gcc -DHAVE_CONFIG_H -I. -I.. -I../pgadmin/include/libssh2
-I../pgadmin/include   -I/usr/local/pgsql-9.2/include
-I/usr/local/pgsql-9.2/include/server -I/usr/local/pgsql-9.2/include
-DPG_SSL -DHAVE_CONNINFO_PARSE
-I/usr/local/lib/wx/include/mac-unicode-release-static-2.8
-I/usr/local/include/wx-2.8 -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES
-D__WXMAC__ -DEMBED_XRC  -arch i386 -arch ppc
-I/usr/local/include/libxml2 -I/usr/local/include
-I/usr/local/include/libxml2 -DHAVE_OPENSSL_CRYPTO  -O2 -c -o
libssh2/packet.o libssh2/packet.c
utils/sshTunnel.cpp:46: error: invalid conversion from 'const char*
(*)(int, const void*, char*, size_t)' to 'const char* (*)(int, const
void*, char*, socklen_t)'
lipo: can't figure out the architecture type of: /var/tmp//cceIHDrK.out

Note that this was with a multi-arch build, configured with
"./configure --enable-appbundle --with-pgsql=/usr/local/pgsql-9.2
--with-arch-ppc --with-arch-i386 --disable-dependency-tracking". I
also tried a build with "./configure --enable-appbundle
--with-pgsql=/usr/local/pgsql-9.2 --with-arch-i386" and that failed
similarly

- The pgAdmin Jenkins build failed at the bootstrap step -
http://developer.pgadmin.org:8080/job/pgAdmin%20master%20branch/69/console.
This machine is a Debian Squeeze box. Installing Gettext (per a
comment you made earlier in the development of this patch) fixed the
problem, but I find it odd that that is required.

Remaining tidy-ups required during beta are:

-  "Authentication by identity file failed with error code -16" error cleanup.

- Ability to browse for the identity file in hidden (dot) directories.

- The alignment of the Identity File textbox is still a little wonky on Mac.

Thanks!!

On Thu, May 2, 2013 at 2:09 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi Dave
>
>
> On Wed, May 1, 2013 at 8:59 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> Well this is sooner than expected...
>>
>> The good news is, that today I cannot recreate the crash I saw
>> previously in either debug or release builds on Mac. I'm guessing
>> something must have been messed up in my environment previously, but
>> it seems stable now. A couple of final review issues I have picked up
>> however:
>>
>> - I had to manually add -lz to LDFLAGS to get the code to compile on
>> Mac. The configure tests seem to correctly detect that it is needed,
>> but it never gets added to the linker flags.
>>
>> - The new code that has been added to acinclude.m4 is a mess. I
>> realise that has come from the libssh2 code though, so I don't expect
>> we want to try to rewrite it, but I do think it should be moved into
>> an external file where it can be maintained/updated standalone. Maybe
>> acinclude-ssh2.m4 ?
>>
>> - The textbox used for the identity file name on the server dialogue
>> is badly aligned on Mac.
>>
>> - PG_SSL needs to be defined in the VC++ project files.
>>
>> From what I can see, once these and the issues I raised in my previous
>> email are resolved, it's good to commit. I'm planning on cutting an
>> alpha to ship with PG 9.3b1 tomorrow afternoon my time, so if you can
>> get me a usable patch by then, so much the better. I think we need the
>> following for alpha:
>>
>> - Properties display
>> - Localhost for the local tunnel end
>> - -lz linker issue
>> - PG_SSL definition
>> - acinclude.m4 cleanup
>
>
>    I have finished all the above mentioned task. Attached is the updated
> patch. I have tested it on Windows and Linux, it is working fine, not able
> to test it on MAC due to some problem on my machine.
>>
>>
>> The rest can be fixed for beta.
>>
>> Thanks!
>>
>>
>> On Wed, May 1, 2013 at 3:46 PM, Dave Page <dpage@pgadmin.org> wrote:
>> > Some feedback based on this version:
>> >
>> > - On the first connection attempt, if I get the SSH password wrong,
>> > the entire Server dialogue is dismissed, losing all the connection
>> > details I entered. I would expect the dialogue to be re-displayed so I
>> > could correct the error and try again.
>
>
>    Fixed.
>>
>> >
>> > - Incorrect ownership/permissions on the identity file result in a
>> > mysterious "Authentication by identity file failed with error code
>> > -16" error. I think this needs to be improved - if that error code
>> > relates purely to being unable to read the file, then we can
>> > special-case it.
>> >
>> > - When browsing for the identity file, you cannot browse to a "dot"
>> > directory, e.g. I can't use /home/dpage/.ssh/id_rsa as my identity
>> > file, without manually editing ~/.pgadmin3
>> >
>> > - We seem to read/write a setting called PublicKeyFile, but from what
>> > I can see, it's always empty and it's not something we request from
>> > the user. Is it needed?
>
>
>    When we use libgcrypt instead of libssl/libcrypto then we will have to
> get public key file from the user, without getting public key file SSH
> tunneling won't work. With current implementation control for the public key
> file will be visible when we use libgcrypt instead of libssl/libcrypto. So
> that it is needed.
>
>>
>> >
>> > - SSH Tunnel options are not displayed on the Properties list for the
>> > server.
>> >
>> > - On a Linux VM on my laptop, SSH tunnelling fails:
>> >
>> > 2013-03-15 04:03:34 INFO   : Attempting to create a connection object...
>> > 2013-03-15 04:03:34 STATUS : Connecting to database...
>> > 2013-03-15 04:03:35 INFO   : getaddrinfo failed with error code: -2
>> > 2013-03-15 04:03:35 STATUS : Connecting to database... (1.37 secs)
>> > 2013-03-15 04:03:35 INFO   : pgServer object didn't initialise because
>> > the user aborted.
>> > 2013-03-15 04:03:35 ERROR  : SSH error: Unable to resolve host:
>> > viper-centos6.ox.uk.enterprisedb.com
>> >
>> > I was connecting to a host that I shall call foo.enterprisedb.com,
>> > using an SSH tunnel to bar.enterprisedb.com. The hostname shown in the
>> > error message is the hostname my VM is configured with in
>> > /etc/sysconfig/network, but it is *not* in either /etc/hosts or DNS. I
>> > would expect it to be using "localhost" to connect to the local
>> > machine. Hard-coding the hostname that way (around line 204 in
>> > sshTunnel.cpp) seems to resolve the issue.
>> >
>> > So, overall, nothing seems to be serious wrong on Windows or Linux
>> > from what I can see. Now to look at Mac...
>> >
>> > On Wed, May 1, 2013 at 2:56 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >> And this time, a patch containing the right bits...
>> >>
>> >> On Wed, May 1, 2013 at 2:19 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >>> Attached is an update to Akshay's SSH tunnelling patch. Aside from a
>> >>> couple of minor tweaks to messages, this fixes the build on Windows
>> >>> which bit-rotted horribly when I committed the new debugger code.
>> >>>
>> >>> At this stage, the patch seems to work nicely on Windows. I'm going to
>> >>> test some more on Linux, and Akshay is working on a couple of issues
>> >>> we've seen on Mac.
>> >>>
>> >>> --
>> >>> Dave Page
>> >>> Blog: http://pgsnake.blogspot.com
>> >>> Twitter: @pgsnake
>> >>>
>> >>> EnterpriseDB UK: http://www.enterprisedb.com
>> >>> The Enterprise PostgreSQL Company
>> >>
>> >>
>> >>
>> >> --
>> >> Dave Page
>> >> Blog: http://pgsnake.blogspot.com
>> >> Twitter: @pgsnake
>> >>
>> >> EnterpriseDB UK: http://www.enterprisedb.com
>> >> The Enterprise PostgreSQL Company
>> >
>> >
>> >
>> > --
>> > Dave Page
>> > Blog: http://pgsnake.blogspot.com
>> > Twitter: @pgsnake
>> >
>> > EnterpriseDB UK: http://www.enterprisedb.com
>> > The Enterprise PostgreSQL Company
>>
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>
>
>
> --
> Akshay Joshi
> Senior Software Engineer
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company
> Phone: +91 20-3058-9522
> Mobile: +91 976-788-8246



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company