Bugzilla – Attachment 2730 Details for
Bug 2480
Support a list of sockets on SSH_AUTH_SOCK
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Support a list of sockets on SSH_AUTH_SOCK (v3)
0001-Support-a-list-of-sockets-on-SSH_AUTH_SOCK.patch (text/plain), 3.47 KB, created by
Fabiano Fidêncio
on 2015-10-21 00:35:03 AEDT
(
hide
)
Description:
Support a list of sockets on SSH_AUTH_SOCK (v3)
Filename:
MIME Type:
Creator:
Fabiano Fidêncio
Created:
2015-10-21 00:35:03 AEDT
Size:
3.47 KB
patch
obsolete
>From 4d74c2d275339729c0641b01213c57967c433858 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com> >Date: Fri, 25 Sep 2015 22:25:20 +0200 >Subject: [PATCH] Support a list of sockets on SSH_AUTH_SOCK >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >The idea behind this change is to add support for having different >"ssh-agents" in order to provide a chain of fallback agents. It does not >change the current behaviour of ssh-agent (which will set SSH_AUTH_SOCK >just for itself). Neither does change the definition of SSH_AGENT_PID >(which still supports only one pid). >The new implementation will go through the list of sockets (which are >separated by a colon (:)), and will return the very first functional >one. An example of the new supported syntax is: >SSH_AUTH_SOCK=/run/user/1000/spice/ssh:/tmp/ssh-hHomdONwQus6/agent.6907 > >The idea has been discussed a little in this e-mail thread: >http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034381.html > >Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> >--- > authfd.c | 40 ++++++++++++++++++++++++++++------------ > ssh-add.1 | 2 ++ > ssh.1 | 2 ++ > 3 files changed, 32 insertions(+), 12 deletions(-) > >diff --git a/authfd.c b/authfd.c >index 12bf125..20fcba2 100644 >--- a/authfd.c >+++ b/authfd.c >@@ -83,21 +83,12 @@ decode_reply(u_char type) > return SSH_ERR_INVALID_FORMAT; > } > >-/* Returns the number of the authentication fd, or -1 if there is none. */ >-int >-ssh_get_authentication_socket(int *fdp) >+static int >+get_authentication_socket(const char *authsocket, int *fdp) > { >- const char *authsocket; > int sock, oerrno; > struct sockaddr_un sunaddr; > >- if (fdp != NULL) >- *fdp = -1; >- >- authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); >- if (!authsocket) >- return SSH_ERR_AGENT_NOT_PRESENT; >- > memset(&sunaddr, 0, sizeof(sunaddr)); > sunaddr.sun_family = AF_UNIX; > strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); >@@ -117,7 +108,32 @@ ssh_get_authentication_socket(int *fdp) > *fdp = sock; > else > close(sock); >- return 0; >+ return SSH_ERR_SUCCESS; >+} >+ >+/* Returns the number of the authentication fd, or -1 if there is none. */ >+int >+ssh_get_authentication_socket(int *fdp) >+{ >+ const char *authsocketlist; >+ const char *authsocket; >+ int rc; >+ >+ if (fdp != NULL) >+ *fdp = -1; >+ >+ authsocketlist = getenv(SSH_AUTHSOCKET_ENV_NAME); >+ if (!authsocketlist) >+ return SSH_ERR_AGENT_NOT_PRESENT; >+ >+ authsocket = strtok((char *)authsocketlist, ":"); >+ >+ do { >+ rc = get_authentication_socket(authsocket, fdp); >+ authsocket = strtok(NULL, ":"); >+ } while (rc != SSH_ERR_SUCCESS && authsocket != NULL); >+ >+ return rc; > } > > /* Communicate with agent: send request and read reply */ >diff --git a/ssh-add.1 b/ssh-add.1 >index f02b595..86e95b1 100644 >--- a/ssh-add.1 >+++ b/ssh-add.1 >@@ -171,6 +171,8 @@ to make this work.) > Identifies the path of a > .Ux Ns -domain > socket used to communicate with the agent. >+If the variable contains a list of sockets separated by colon (:), >+the first functional socket will be used. > .El > .Sh FILES > .Bl -tag -width Ds >diff --git a/ssh.1 b/ssh.1 >index 4dd4c3b..6066ac5 100644 >--- a/ssh.1 >+++ b/ssh.1 >@@ -1389,6 +1389,8 @@ to make this work.) > Identifies the path of a > .Ux Ns -domain > socket used to communicate with the agent. >+If the variable contains a list of sockets separated by colon (:), >+the first functional socket will be used. > .It Ev SSH_CONNECTION > Identifies the client and server ends of the connection. > The variable contains >-- >2.4.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2730">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2480
:
2727
|
2729
| 2730