Fabiano FidĂȘncio
2015-Sep-25 21:12 UTC
[RFC][PATCH] Support a list of sockets on SSH_AUTH_SOCKET
The idea behind this change is to add support for different
"ssh-agents"
being able to run at the same time. It does not change the current
behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for
itself). Neither does it change the behaviour of SSH_AGENT_PID (which
still supports only one pid).
The new implementation will go through the list of sockets (which are
separated by a colon (:)), and will return the very first functional
one. An example of the new supported syntax is:
SSH_AUTH_SOCK=/run/user/1000/spice/ssh:/tmp/ssh-hHomdONwQus6/agent.6907
The idea has been discussed a little in this e-mail thread:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034381.html
Signed-off-by: Fabiano Fid?ncio <fidencio at redhat.com>
---
authfd.c | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)
diff --git a/authfd.c b/authfd.c
index 12bf125..20fcba2 100644
--- a/authfd.c
+++ b/authfd.c
@@ -83,21 +83,12 @@ decode_reply(u_char type)
return SSH_ERR_INVALID_FORMAT;
}
-/* Returns the number of the authentication fd, or -1 if there is none. */
-int
-ssh_get_authentication_socket(int *fdp)
+static int
+get_authentication_socket(const char *authsocket, int *fdp)
{
- const char *authsocket;
int sock, oerrno;
struct sockaddr_un sunaddr;
- if (fdp != NULL)
- *fdp = -1;
-
- authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
- if (!authsocket)
- return SSH_ERR_AGENT_NOT_PRESENT;
-
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@@ -117,7 +108,32 @@ ssh_get_authentication_socket(int *fdp)
*fdp = sock;
else
close(sock);
- return 0;
+ return SSH_ERR_SUCCESS;
+}
+
+/* Returns the number of the authentication fd, or -1 if there is none. */
+int
+ssh_get_authentication_socket(int *fdp)
+{
+ const char *authsocketlist;
+ const char *authsocket;
+ int rc;
+
+ if (fdp != NULL)
+ *fdp = -1;
+
+ authsocketlist = getenv(SSH_AUTHSOCKET_ENV_NAME);
+ if (!authsocketlist)
+ return SSH_ERR_AGENT_NOT_PRESENT;
+
+ authsocket = strtok((char *)authsocketlist, ":");
+
+ do {
+ rc = get_authentication_socket(authsocket, fdp);
+ authsocket = strtok(NULL, ":");
+ } while (rc != SSH_ERR_SUCCESS && authsocket != NULL);
+
+ return rc;
}
/* Communicate with agent: send request and read reply */
--
2.4.3