Re: SSH Tunneling Patch

Well this is sooner than expected...

The good news is, that today I cannot recreate the crash I saw
previously in either debug or release builds on Mac. I'm guessing
something must have been messed up in my environment previously, but
it seems stable now. A couple of final review issues I have picked up
however:

- I had to manually add -lz to LDFLAGS to get the code to compile on
Mac. The configure tests seem to correctly detect that it is needed,
but it never gets added to the linker flags.

- The new code that has been added to acinclude.m4 is a mess. I
realise that has come from the libssh2 code though, so I don't expect
we want to try to rewrite it, but I do think it should be moved into
an external file where it can be maintained/updated standalone. Maybe
acinclude-ssh2.m4 ?

- The textbox used for the identity file name on the server dialogue
is badly aligned on Mac.

- PG_SSL needs to be defined in the VC++ project files.

From what I can see, once these and the issues I raised in my previous
email are resolved, it's good to commit. I'm planning on cutting an
alpha to ship with PG 9.3b1 tomorrow afternoon my time, so if you can
get me a usable patch by then, so much the better. I think we need the
following for alpha:

- Properties display
- Localhost for the local tunnel end
- -lz linker issue
- PG_SSL definition
- acinclude.m4 cleanup

The rest can be fixed for beta.

Thanks!

On Wed, May 1, 2013 at 3:46 PM, Dave Page <dpage@pgadmin.org> wrote:
> Some feedback based on this version:
>
> - On the first connection attempt, if I get the SSH password wrong,
> the entire Server dialogue is dismissed, losing all the connection
> details I entered. I would expect the dialogue to be re-displayed so I
> could correct the error and try again.

>
> - Incorrect ownership/permissions on the identity file result in a
> mysterious "Authentication by identity file failed with error code
> -16" error. I think this needs to be improved - if that error code
> relates purely to being unable to read the file, then we can
> special-case it.
>
> - When browsing for the identity file, you cannot browse to a "dot"
> directory, e.g. I can't use /home/dpage/.ssh/id_rsa as my identity
> file, without manually editing ~/.pgadmin3
>
> - We seem to read/write a setting called PublicKeyFile, but from what
> I can see, it's always empty and it's not something we request from
> the user. Is it needed?

>
> - SSH Tunnel options are not displayed on the Properties list for the server.
>
> - On a Linux VM on my laptop, SSH tunnelling fails:
>
> 2013-03-15 04:03:34 INFO   : Attempting to create a connection object...
> 2013-03-15 04:03:34 STATUS : Connecting to database...
> 2013-03-15 04:03:35 INFO   : getaddrinfo failed with error code: -2
> 2013-03-15 04:03:35 STATUS : Connecting to database... (1.37 secs)
> 2013-03-15 04:03:35 INFO   : pgServer object didn't initialise because
> the user aborted.
> 2013-03-15 04:03:35 ERROR  : SSH error: Unable to resolve host:
> viper-centos6.ox.uk.enterprisedb.com
>
> I was connecting to a host that I shall call foo.enterprisedb.com,
> using an SSH tunnel to bar.enterprisedb.com. The hostname shown in the
> error message is the hostname my VM is configured with in
> /etc/sysconfig/network, but it is *not* in either /etc/hosts or DNS. I
> would expect it to be using "localhost" to connect to the local
> machine. Hard-coding the hostname that way (around line 204 in
> sshTunnel.cpp) seems to resolve the issue.
>
> So, overall, nothing seems to be serious wrong on Windows or Linux
> from what I can see. Now to look at Mac...
>
> On Wed, May 1, 2013 at 2:56 PM, Dave Page <dpage@pgadmin.org> wrote:
>> And this time, a patch containing the right bits...
>>
>> On Wed, May 1, 2013 at 2:19 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> Attached is an update to Akshay's SSH tunnelling patch. Aside from a
>>> couple of minor tweaks to messages, this fixes the build on Windows
>>> which bit-rotted horribly when I committed the new debugger code.
>>>
>>> At this stage, the patch seems to work nicely on Windows. I'm going to
>>> test some more on Linux, and Akshay is working on a couple of issues
>>> we've seen on Mac.
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EnterpriseDB UK: http://www.enterprisedb.com
>>> The Enterprise PostgreSQL Company
>>
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company