From aeb0132dcb66b11485a5205b271eebaf7a6e62e0 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 23 Jul 2013 13:07:57 -0700 Subject: [PATCH] Discover and set SSH_AUTH_SOCK on sudo with forward agent [GH-1307] --- CHANGELOG.md | 3 +++ plugins/communicators/ssh/communicator.rb | 25 +++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48d470123..1c1d8bfc7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,9 @@ BUG FIXES: - Retry SSH on ENETUNREACH error. [GH-1732] - NFS is silently ignored on Windows. [GH-1748] - Validation so that private network static IP does not end in ".1" [GH-1750] + - With forward agent enabled and sudo being used, Vagrant will automatically + discover and set `SSH_AUTH_SOCK` remotely so that forward agent + works properly despite misconfigured sudoers. [GH-1307] ## 1.2.4 (July 16, 2013) diff --git a/plugins/communicators/ssh/communicator.rb b/plugins/communicators/ssh/communicator.rb index 8ca9f1b0f..c0b7c7321 100644 --- a/plugins/communicators/ssh/communicator.rb +++ b/plugins/communicators/ssh/communicator.rb @@ -306,6 +306,31 @@ module VagrantPlugins # Set the terminal ch2.send_data "export TERM=vt100\n" + # Set SSH_AUTH_SOCK if we are in sudo and forwarding agent. + # This is to work around often misconfigured boxes where + # the SSH_AUTH_SOCK env var is not preserved. + if @machine.ssh_info[:forward_agent] && sudo + auth_socket = "" + execute("echo; printf $SSH_AUTH_SOCK") do |type, data| + if type == :stdout + auth_socket += data + end + end + + if auth_socket != "" + # Make sure we only read the last line which should be + # the $SSH_AUTH_SOCK env var we printed. + auth_socket = auth_socket.split("\n").last.chomp + end + + if auth_socket == "" + @logger.warn("No SSH_AUTH_SOCK found despite forward_agent being set.") + else + @logger.info("Setting SSH_AUTH_SOCK remotely: #{auth_socket}") + ch2.send_data "export SSH_AUTH_SOCK=#{auth_socket}\n" + end + end + # Output the command ch2.send_data "#{command}\n"