search for: ssh_authsocket_env_nam

...9.9.2 retrieving revision 2.9.9.2.0.1 diff -pu -r2.9.9.2 -r2.9.9.2.0.1 --- ssh-agent.c 2001/08/06 22:06:35 2.9.9.2 +++ ssh-agent.c 2001/09/28 18:37:50 2.9.9.2.0.1 @@ -912,7 +912,7 @@ main(int ac, char **av) format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; printf(format, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME); - printf("echo Agent pid %d killed;\n", pid); + printf("echo Agent pid %ld killed;\n", (long)pid); exit(0); } parent_pid = getpid(); @@ -965,7 +965,7 @@ main(int ac, char **av) format = c_flag ? "setenv %s %s;\n"...

...ill %d: %s", - s->pid, strerror(errno)); + error("session_close_by_channel: kill %ld: %s", + (long)s->pid, strerror(errno)); } } Index: ssh-agent.c @@ -796,7 +796,7 @@ format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; printf(format, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME); - printf("echo Agent pid %d killed;\n", pid); + printf("echo Agent pid %ld killed;\n", (long)pid); exit(0); } parent_pid = getpid(); @@ -849,7 +849,7 @@ SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NA...

...ying on implicit newline flushing with TTYs and flush-on-exit with the forking mode. Not subscribed, so please CC me on any replies. --- ssh-agent.c.orig 2011-08-01 20:42:08.890134187 -0700 +++ ssh-agent.c 2011-08-01 21:13:08.995357974 -0700 @@ -1281,6 +1281,7 @@ printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf("echo Agent pid %ld;\n", (long)parent_pid); + fflush(stdout); goto skip; } pid = fork();

...hentication fd, or -1 if there is none. */ -int -ssh_get_authentication_socket(int *fdp) +static int +get_authentication_socket(const char *authsocket, int *fdp) { - const char *authsocket; int sock, oerrno; struct sockaddr_un sunaddr; - if (fdp != NULL) - *fdp = -1; - - authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); - if (!authsocket) - return SSH_ERR_AGENT_NOT_PRESENT; - memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); @@ -117,7 +108,32 @@ ssh_get_authentication_socket(int *fdp) *fdp = sock; else close(so...

...6 09:32:57 -0000 @@ -844,6 +844,9 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif +#ifdef BSD_AUTH + bsdauth_child_set_env(&env, &envsize); +#endif if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); ###################################### Solution 2: ###################################### This one saves the current environment and lets auth_close() do the changes on an empty environment. All setenv requests are honored, unsetenv requests are lost. In...

...nix sockets, which I have missed for a long time. Would any of these approaches be acceptable? Any other ideas? Thanks, Andrew --- session.c.orig 2013-08-03 13:22:10.354171156 -0700 +++ session.c 2013-08-05 09:58:00.017397667 -0700 @@ -1307,6 +1307,17 @@ child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); + char name[256]; + u_int n = 0; + for (i = 0; i < 100; i++) { + Channel *c = channel_by_id(i); + if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) + continue; + snprintf(name, sizeof name, "SSH_REMOTE_FORWARD_PORT_%d", n); + snprintf(buf, siz...

...s the authentication agent. */ if (d_flag) { - log_init(__progname, SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 1); + log_init(__progname, SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 1, NULL); format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); @@ -1108,7 +1108,7 @@ exit(1); } /* child */ - log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); + log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0, NULL); if (setsid() == -1) { error("setsid: %s"...

...ring this message exchange, pseudo @@ -1300,6 +1325,8 @@ do_pam_environment(&env, &envsize); #endif /* USE_PAM */ + if (xauthfile) + child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); @@ -2039,6 +2066,7 @@ session_setup_x11fwd(Session *s) { struct stat st; + int fd; if (no_x11_forwarding_flag) { packet_send_debug("X11 forwarding disabled in user configuration file."); @@ -2067,6 +2095,28 @@ debug("x11_create_displ...

...itise_stdfd(); @@ -2142,6 +2157,25 @@ main(int ac, char **av) parent_pid = getpid(); +#ifdef WITH_SYSTEMD + nfds = sd_listen_fds(1); + if (nfds > 0) { + sock = SD_LISTEN_FDS_START; + if (agentsocket == NULL) { + fprintf(stderr, "%s not set, cannot use socket-activation", + SSH_AUTHSOCKET_ENV_NAME); + exit(1); + } else if (sd_is_socket_unix(sock, SOCK_STREAM, 1, agentsocket, 0) <= 0) { + fprintf(stderr, "Unexpected auth sock received from systemd. Expected %s\n", agentsocket); + exit(1); + } else if (nfds > 1) { + fprintf(stderr, "too many fds received from sy...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.

...rt_compression(compression_level); } +#endif } } @@ -912,9 +932,11 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif +#ifdef WITH_AGENTFWD if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); +#endif /* read $HOME/.ssh/environment. */ if (!options.use_login) { @@ -1326,6 +1348,7 @@ return success; } +#ifdef WITH_X11FWD static int session_x11_req(Session *s) { @@ -1346,6 +1369,7 @@ } return success; } +#endif static int session_...

...etenv("KRB5CCNAME")) != NULL) + child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc); + } + #ifdef KRB4 { extern char *ticket; *************** *** 2348,2353 **** --- 2395,2402 ---- if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); + + read_environment_file(&env,&envsize,"/etc/environment"); /* read $HOME/.ssh/environment. */ if (!options.use_login) { -- Matt Richards