From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12163 invoked by alias); 21 Dec 2017 22:27:57 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 42155 Received: (qmail 1803 invoked by uid 1010); 21 Dec 2017 22:27:57 -0000 X-Qmail-Scanner-Diagnostics: from mail-io0-f169.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1. Clear:RC:0(209.85.223.169):SA:0(-1.9/5.0):. Processed in 5.850713 secs); 21 Dec 2017 22:27:57 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, SPF_PASS,T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1 X-Envelope-From: dana@dana.is X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dana-is.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=saWgpBFC7tEPc+BNzGh7cRYXeHo4KDD7vMH0yZKo1BQ=; b=YHBd/tYZnXrxuNZeEyyq1UQNgBb4NerBrAHu5JXIyHLh+jezDUQhPHAwb18ubaJjK6 PeV+YP2Oezp3QO2EK4DB7BeJ4xPq2o2lWSg8zM1xGaytwyXxvm8qjPDOWj2oyfCOVQGr 29+HUg6aJrFWY0tqXMztON0Trxp03ClMFuGABCzy8PHd5t+clLGK5kq3aqIjxu5Q7VIR sgvYFTLESkSM8eSiKFSUAiaJ9d92bKWMfxQVySg/CbiqYvUOJrTpajx6Ocqah5vWVu+H FuqNvulTIK8DWdzV2I8Wc3mRchudTdqNgniRe4VCMv0pDk73kLblQ9FMzz/6obFeKHLl 6xtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=saWgpBFC7tEPc+BNzGh7cRYXeHo4KDD7vMH0yZKo1BQ=; b=csROoD92Xeg0eatg3AnplcytfWoPbZoMfnNu9tlsqp778gRVQOP/htNI5Sq7lkIuG5 IfKSrTI1zpsRGQQ9fPdtwJqK81feAhLPnyt/pvcRiB7SkmuM5ei54QpIrCUfPb3vc4bj pBVHBuXLw0dQOzKk0OKdSyRSm9KmevB0s9Ak7w+uf3S1DJGsLCnV3klMNeywYW5SRvpR QVgCoiVNIbsmQQv75SwIegQ5fKTYQp/p2Mgz1h562TTMMe37Bz9F6uufNpFseUthg7pf LMHZvJcYmMFYrF72v29g3y8BHIjgQxZKfqrOfrGJX9ORkd0c6/lpjvKacMb2Fe95Er7z TqzQ== X-Gm-Message-State: AKGB3mKc5vHw1cTyvzQsOe6iEs5V/iROp/jKxUW8LsFsvw5RDGIw9bcR l9se4p4Y+QaENsvA8W9Pc0W9m9qb0kc= X-Google-Smtp-Source: ACJfBovSPa2T00H5u8y6v1OrJODvp2AIU4VjpUKElXC/9wpZSP6K4X+pKRggnhjQ8DEtSWqExy3gmg== X-Received: by 10.107.20.129 with SMTP id 123mr15261227iou.36.1513895267843; Thu, 21 Dec 2017 14:27:47 -0800 (PST) From: dana Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: [PATCH] OpenSSH completion improvements Message-Id: <77FA315C-7795-422E-B172-C14CA6C03C16@dana.is> Date: Thu, 21 Dec 2017 16:27:46 -0600 To: zsh-workers@zsh.org X-Mailer: Apple Mail (2.3273) Some miscellaneous improvements to OpenSSH completion: - Add Apple's key-chain options to ssh-add - Add missing options to ssh-agent - Fix error in description of -l transfer option (the limit is in = kibiBITS per second, not kibibytes; i thought about just changing it to 'Kib/s', = but this seems like a rare and thus confusing usage, so i've kept the wording = from the official documentation) - Fix missing optarg for `sftp -s` - Fix missing description for `ssh-copy-id -i` - Fix one or two verb-inflection inconsistencies - Consistently support optargs in the same argument as the option (-o+) - Define -E hash-algorithm option at the top (it's used three times now) - Fix leaked variable There were also a few minor white-space inconsistencies that i fixed. I = wasn't sure of the policy on stuff like that, and i was able to isolate them to = a separate patch, so i've done that. dana diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh index 984c96e93..562563f90 100644 --- a/Completion/Unix/Command/_ssh +++ b/Completion/Unix/Command/_ssh @@ -4,7 +4,7 @@ =20 _ssh () { local curcontext=3D"$curcontext" state line expl suf ret=3D1 - local args common tmp p1 file cmn cmds sdesc + local args common common_transfer algopt tmp p1 file cmn cmds sdesc typeset -A opt_args =20 common=3D( @@ -20,7 +20,7 @@ _ssh () { '*-o+[specify extra options]:option string:->option' ) common_transfer=3D( - '-l[limit used bandwidth]:bandwidth in KiB/s:' + '-l+[limit used bandwidth]:bandwidth in Kbit/s:' '-P+[specify port on remote host]:port number on remote host' '-p[preserve modification times, access times and modes]' '-q[disable progress meter and warnings]' @@ -28,16 +28,17 @@ _ssh () { '-S+[specify ssh program]:path to ssh:_command_names -e' \ '-v[verbose mode]' ) + algopt=3D'-E+[specify hash algorithm for fingerprints]:algorithm:(md5 = sha256)' =20 case "$service" in ssh) _arguments -C -s \ - '(-a)-A[enables forwarding of the authentication agent = connection]' \ + '(-a)-A[enable forwarding of the authentication agent = connection]' \ '(-A)-a[disable forwarding of authentication agent connection]' \ '(-P)-b+[specify interface to transmit on]:bind = address:_bind_addresses' \ '-D+[specify a dynamic port forwarding]:dynamic port = forwarding:->dynforward' \ '-e+[set escape character]:escape character (or `none'\''):' \ - '-E[append log output to file instead of stderr]:_files' \ + '-E+[append log output to file instead of stderr]:_files' \ '(-n)-f[go to background]' \ '-g[allow remote hosts to connect to local forwarded ports]' \ '-G[output configuration and exit]' \ @@ -45,26 +46,26 @@ _ssh () { '-J+[connect via a jump host]: :->userhost' \ '-K[enable GSSAPI-based authentication and forwarding]' \ '-k[disable forwarding of GSSAPI credentials]' \ - '*-L[specify local port forwarding]:local port = forwarding:->forward' \ + '*-L+[specify local port forwarding]:local port = forwarding:->forward' \ '-l+[specify login name]:login name:_ssh_users' \ '-M[master mode for connection sharing]' \ '(-1)-m+[specify mac algorithms]:mac spec:->macs' \ '(-1)-N[do not execute a remote command (protocol version 2 = only)]' \ '-n[redirect stdin from /dev/null]' \ - '-O[control an active connection multiplexing master = process]:multiplex control command:((check\:"check master process is = running" exit\:"request the master to exit" forward\:"request forward = without command execution" stop\:"request the master to stop accepting = further multiplexing requests" cancel\:"cancel existing forwardings with = -L and/or -R" proxy))' \ + '-O+[control an active connection multiplexing master = process]:multiplex control command:((check\:"check master process is = running" exit\:"request the master to exit" forward\:"request forward = without command execution" stop\:"request the master to stop accepting = further multiplexing requests" cancel\:"cancel existing forwardings with = -L and/or -R" proxy))' \ '-P[use non privileged port]' \ '-p+[specify port on remote host]:port number on remote host' \ '(-v)*-q[quiet operation]' \ - '*-R[specify remote port forwarding]:remote port = forwarding:->forward' \ + '*-R+[specify remote port forwarding]:remote port = forwarding:->forward' \ '-S+[specify location of control socket for connection = sharing]:path to control socket:_files' \ - '-Q[query parameters]:parameter type:((cipher\:"supported = symmetric ciphers" cipher-auth\:"supported symmetric ciphers that = support authenticated encryption" mac\:"supported message integrity = codes" kex\:"key exchange algorithms" key\:"key types" = protocol-version\:"supported SSH protocol versions"))' \ + '-Q+[query parameters]:parameter type:((cipher\:"supported = symmetric ciphers" cipher-auth\:"supported symmetric ciphers that = support authenticated encryption" mac\:"supported message integrity = codes" kex\:"key exchange algorithms" key\:"key types" = protocol-version\:"supported SSH protocol versions"))' \ '(-1)-s[invoke subsystem]' \ '(-1 -t)-T[disable pseudo-tty allocation (protocol version 2 = only)]' \ '(-T)-t[force pseudo-tty allocation]' \ '-V[show version number]' \ '(-q)*-v[verbose mode (multiple increase verbosity, up to 3)]' \ - '-W[forward standard input and output to host]:stdinout = forward:->hostport' \ - '-w[request tunnel device forwarding]:local_tun[\:remote_tun] = (integer or "any"):' \ + '-W+[forward standard input and output to host]:stdinout = forward:->hostport' \ + '-w+[request tunnel device forwarding]:local_tun[\:remote_tun] = (integer or "any"):' \ '(-x -Y)-X[enable (untrusted) X11 forwarding]' \ '(-X -Y)-x[disable X11 forwarding]' \ '(-x -X)-Y[enable trusted X11 forwarding]' \ @@ -79,17 +80,21 @@ _ssh () { '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=3D0 ;; ssh-add) - _arguments -s \ + [[ $OSTYPE =3D=3D darwin* ]] && args=3D( + '-A[add identities from keychain]' + '-K[update keychain when adding/removing identities]' + ) + _arguments -s : $args \ '-c[identity is subject to confirmation via SSH_ASKPASS]' \ '-D[delete all identities]' \ '-d[remove identity]' \ - '-E[specify hash algorithm for fingerprints]:algorithm:(md5 = sha256)' \ - '-e[remove keys provided by the PKCS#11 shared = library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ + $algopt \ + '-e+[remove keys provided by the PKCS#11 shared = library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ '-k[load plain private keys only and skip certificates]' \ - '-L[lists public key parameters of all identities in the agent]'\ + '-L[list public key parameters of all identities in the agent]'\ '-l[list all identities]' \ - '-s[add keys provided by the PKCS#11 shared = library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ - '-t[set maximum lifetime for identity]:maximum lifetime (in = seconds or time format):' \ + '-s+[add keys provided by the PKCS#11 shared = library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ + '-t+[set maximum lifetime for identity]:maximum lifetime (in = seconds or time format):' \ '-X[unlock the agent]' \ '-x[lock the agent with a password]' \ '*:SSH identity file:_files' @@ -97,10 +102,13 @@ _ssh () { ;; ssh-agent) _arguments -s \ - '(-k)-a[UNIX-domain socket to bind agent to]:UNIX-domain = socket:_files' \ + '(-k)-a+[UNIX-domain socket to bind agent to]:UNIX-domain = socket:_files' \ '(-k -s)-c[force csh-style shell]' \ '(-k)-d[debug mode]' \ + '(-k)-D[foreground mode]' \ + "(-k)$algopt" \ '-k[kill current agent]' \ + '(-k)-P[specify PKCS#11 shared library whitelist]:PKCS#11 library = whitelist pattern' \ '(-k -c)-s[force sh-style shell]' \ '-t[set default maximum lifetime for identities]:maximum lifetime = (in seconds or time format):' \ '*::command: _normal' @@ -125,12 +133,12 @@ _ssh () { cmn=3D( -b -P -N -C -m -v ) # options common to many basic commands = (except -f which is common to most) cms=3D( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u ) # = options specific to one basic command _arguments -s $args \ - "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b[specify number = of bits in key]:bits in key" \ - "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P[provide old = passphrase]:old passphrase" \ - "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N[provide new = passphrase]:new passphrase" \ - "(${${(@)cmds:#-c}} -m -v $cms)-C[provide new comment]:new = comment" \ - "(-D -G -M -S -I -h -n -O -V -A)-f[$file file]:$file file:_files" = \ - "$p1(${${(@)cmds:#-[ie]}})-m[specify conversion = format]:format:(PEM PKCS7 RFC4716)" \ + "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b+[specify number = of bits in key]:bits in key" \ + "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P+[provide old = passphrase]:old passphrase" \ + "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N+[provide new = passphrase]:new passphrase" \ + "(${${(@)cmds:#-c}} -m -v $cms)-C+[provide new comment]:new = comment" \ + "(-D -G -M -S -I -h -n -O -V -A)-f+[$file file]:$file = file:_files" \ + "$p1(${${(@)cmds:#-[ie]}})-m+[specify conversion = format]:format:(PEM PKCS7 RFC4716)" \ "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" = \ - '(commands)' \ "(-b -P -C -v)-p[change passphrase of private key file]" \ @@ -139,39 +147,39 @@ _ssh () { "($cmn)-y[get public key from private key]" \ '(-b -N -m -v)-c[change comment in private and public key files]' = \ "($cmn)-B[show the bubblebabble digest of key]" \ - "(-)-D[download key stored in smartcard reader]:reader" \ + "(-)-D+[download key stored in smartcard reader]:reader" \ "($cmn)-H[hash names in known_hosts file]" \ - "($cmn)-R[remove host from known_hosts file]:host:_ssh_hosts" \ + "($cmn)-R+[remove host from known_hosts file]:host:_ssh_hosts" \ "($cmn)-L[print the contents of a certificate]" \ "(-)-A[generate host keys for all key types]" \ "($cmn)-Q[test whether keys have been revoked in a KRL]" \ - finger \ "($cmn)-l[show fingerprint of key file]" \ - "$p1($cmn)-E[specify hash algorithm for displayed = fingerprints]:hash algorithim:(md5 sha256)" \ + "$p1($cmn)$algopt" \ - create \ '(-P -m)-q[silence ssh-keygen]' \ - "(-P -m)-t[specify the type of the key to create]:key type:(rsa = dsa ecdsa ed25519)" \ + "(-P -m)-t+[specify the type of the key to create]:key type:(rsa = dsa ecdsa ed25519)" \ - dns \ "($cmn)-r[print DNS resource record]:hostname:_hosts" \ "$p1($cmn)-g[use generic DNS format]" \ - primes \ "(-P -N -C -m -f)-G[generate candidates for DH-GEX moduli]" \ - "$p1(-P -N -C -m -f)-M[specify amount of memory to use for = generating DH-GEX moduli]:memory (MB)" \ - "$p1(-P -N -C -m -f)-S[specify start point]:start point (hex)" \ + "$p1(-P -N -C -m -f)-M+[specify amount of memory to use for = generating DH-GEX moduli]:memory (MB)" \ + "$p1(-P -N -C -m -f)-S+[specify start point]:start point (hex)" \ - screen \ - "(${${(@)cmn:#-v}})-T[screen candidates for DH-GEX moduli]:output = file:_files" \ - "${p1}(${${(@)cmn:#-v}})-a[specify number of rounds]:rounds" \ + "(${${(@)cmn:#-v}})-T+[screen candidates for DH-GEX = moduli]:output file:_files" \ + "${p1}(${${(@)cmn:#-v}})-a+[specify number of rounds]:rounds" \ "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number = of lines]" \ - "${p1}(${${(@)cmn:#-v}})-j[start screening at the specified line = number]:line number" \ - "${p1}(${${(@)cmn:#-v}})-K[write the last line processed to = file]:file:_files" \ + "${p1}(${${(@)cmn:#-v}})-j+[start screening at the specified line = number]:line number" \ + "${p1}(${${(@)cmn:#-v}})-K+[write the last line processed to = file]:file:_files" \ "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" = \ - certify \ "($cmn)-s[$sdesc]:CA key:_files" \ - "$p1($cmn -f -u)-I[specify key identifier to include in = certificate]:key id" \ + "$p1($cmn -f -u)-I+[specify key identifier to include in = certificate]:key id" \ "$p1($cmn -f -u)-h[generate host certificate instead of a user = certificate]" \ - "$p1($cmn -f -u)-n[specify user/host principal names to include = in certificate]:principals" \ - "$p1($cmn -f -u)-O[specify a certificate option]:option" \ - "$p1($cmn -f -u)-V[specify certificate validity = interval]:interval" \ + "$p1($cmn -f -u)-n+[specify user/host principal names to include = in certificate]:principals" \ + "$p1($cmn -f -u)-O+[specify a certificate option]:option" \ + "$p1($cmn -f -u)-V+[specify certificate validity = interval]:interval" \ "($cmn -I -h -n -O -V)-k[generate a KRL file]" \ "$p1($cmn -I -h -n -O -V)-u[update a KRL]" return @@ -181,15 +189,15 @@ _ssh () { '-a[attempt to continue interrupted transfers]' \ '-B+[specify buffer size]:buffer size (bytes) [32768]' \ '-b+[specify batch file to read]:batch file:_files' \ - '-D[connect directly to a local sftp server]:sftp server path' \ + '-D+[connect directly to a local sftp server]:sftp server path' \ '-f[request that files be flushed immediately after transfer]' \ - '-R[specify number of outstanding requests]:number of requests = [64]' \ - '-s[SSH2 subsystem or path to sftp server on the remote host]' \ + '-R+[specify number of outstanding requests]:number of requests = [64]' \ + '-s+[SSH2 subsystem or path to sftp server on the remote = host]:subsystem/path' \ '1:file:->rfile' '*:file:->file' "$common[@]" = "$common_transfer[@]" && ret=3D0 ;; (ssh-copy-id) _arguments \ - '-i:SSH identity file:_files' \ + '-i+[select identity file]:SSH identity file:_files' \ ':remote host name:->userhost' \ ;; esac diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh index 984c96e93..562563f90 100644 --- a/Completion/Unix/Command/_ssh +++ b/Completion/Unix/Command/_ssh @@ -454,7 +454,7 @@ _ssh () { # old options are after the empty "\"-line _wanted values expl 'configure file option' \ compadd -M 'm:{a-z}=3D{A-Z}' -q -S '=3D' - \ - AddKeysToAgent \ + AddKeysToAgent \ AddressFamily \ BatchMode \ BindAddress \ @@ -463,7 +463,7 @@ _ssh () { CanonicalizeHostname \ CanonicalizeMaxDots \ CanonicalizePermittedCNAMEs \ - CertificateFile \ + CertificateFile \ ChallengeResponseAuthentication \ CheckHostIP \ Cipher \ @@ -498,7 +498,7 @@ _ssh () { HostKeyAlias \ HostName \ IdentitiesOnly \ - IdentityAgent \ + IdentityAgent \ IdentityFile \ IgnoreUnknown \ IPQoS \ @@ -518,7 +518,7 @@ _ssh () { PreferredAuthentications \ Protocol \ ProxyCommand \ - ProxyJump \ + ProxyJump \ ProxyUseFdpass \ PubkeyAcceptedKeyTypes \ PubkeyAuthentication \