[openssh-commits] [openssh] 03/03: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu May 5 00:02:13 AEST 2016
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81
Author: markus at openbsd.org <markus at openbsd.org>
Date: Wed May 4 12:21:53 2016 +0000
upstream commit
IdentityAgent for specifying specific agent sockets; ok
djm@
Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
---
readconf.c | 11 +++++++++--
readconf.h | 3 ++-
ssh.1 | 5 +++--
ssh.c | 18 +++++++++++++++++-
ssh_config.5 | 29 +++++++++++++++++++++++++++--
5 files changed, 58 insertions(+), 8 deletions(-)
diff --git a/readconf.c b/readconf.c
index b348c96..26436b3 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.252 2016/04/15 00:30:19 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.253 2016/05/04 12:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -147,7 +147,7 @@ typedef enum {
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
- oCertificateFile, oAddKeysToAgent,
+ oCertificateFile, oAddKeysToAgent, oIdentityAgent,
oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
@@ -217,6 +217,7 @@ static struct {
{ "identitiesonly", oIdentitiesOnly },
{ "certificatefile", oCertificateFile },
{ "addkeystoagent", oAddKeysToAgent },
+ { "identityagent", oIdentityAgent },
{ "hostname", oHostName },
{ "hostkeyalias", oHostKeyAlias },
{ "proxycommand", oProxyCommand },
@@ -1636,6 +1637,10 @@ parse_keytypes:
multistate_ptr = multistate_yesnoaskconfirm;
goto parse_multistate;
+ case oIdentityAgent:
+ charptr = &options->identity_agent;
+ goto parse_string;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@@ -1814,6 +1819,7 @@ initialize_options(Options * options)
options->local_command = NULL;
options->permit_local_command = -1;
options->add_keys_to_agent = -1;
+ options->identity_agent = NULL;
options->visual_host_key = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
@@ -2463,6 +2469,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
dump_cfg_string(oHostKeyAlias, o->host_key_alias);
dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
+ dump_cfg_string(oIdentityAgent, o->identity_agent);
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
dump_cfg_string(oLocalCommand, o->local_command);
diff --git a/readconf.h b/readconf.h
index 5f44510..f0e498e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.114 2016/04/15 00:30:19 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.115 2016/05/04 12:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -101,6 +101,7 @@ typedef struct {
struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
int add_keys_to_agent;
+ char *identity_agent; /* Optional path to ssh-agent socket */
/* Local TCP/IP forward requests. */
int num_local_forwards;
diff --git a/ssh.1 b/ssh.1
index 85309ec..9ed5a56 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.370 2016/04/15 00:30:19 djm Exp $
-.Dd $Mdocdate: April 15 2016 $
+.\" $OpenBSD: ssh.1,v 1.371 2016/05/04 12:21:53 markus Exp $
+.Dd $Mdocdate: May 4 2016 $
.Dt SSH 1
.Os
.Sh NAME
@@ -501,6 +501,7 @@ For full details of the options listed below, and their possible values, see
.It HostKeyAlgorithms
.It HostKeyAlias
.It HostName
+.It IdentityAgent
.It IdentityFile
.It IdentitiesOnly
.It Include
diff --git a/ssh.c b/ssh.c
index a881ba1..ea52bbf 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.438 2016/04/29 08:07:53 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.439 2016/05/04 12:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1335,6 +1335,22 @@ main(int ac, char **av)
/* load options.identity_files */
load_public_identity_files();
+ /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
+ if (options.identity_agent) {
+ if (strcmp(options.identity_agent, "none") == 0) {
+ unsetenv(SSH_AUTHSOCKET_ENV_NAME);
+ } else {
+ p = tilde_expand_filename(options.identity_agent,
+ original_real_uid);
+ cp = percent_expand(p, "d", pw->pw_dir,
+ "u", pw->pw_name, "l", thishost, "h", host,
+ "r", options.user, (char *)NULL);
+ setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
+ free(cp);
+ free(p);
+ }
+ }
+
/* Expand ~ in known host file names. */
tilde_expand_paths(options.system_hostfiles,
options.num_system_hostfiles);
diff --git a/ssh_config.5 b/ssh_config.5
index 10650e1..be79011 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.230 2016/04/17 14:34:46 jmc Exp $
-.Dd $Mdocdate: April 17 2016 $
+.\" $OpenBSD: ssh_config.5,v 1.231 2016/05/04 12:21:53 markus Exp $
+.Dd $Mdocdate: May 4 2016 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -952,6 +952,31 @@ This option is intended for situations where ssh-agent
offers many different identities.
The default is
.Dq no .
+.It Cm IdentityAgent
+Specifies the
+.Ux Ns -domain
+socket used to communicate with the authentication agent.
+.Pp
+This option overrides the
+.Dq SSH_AUTH_SOCK
+environment variable and can be used to select a specific agent.
+Setting the socket name to
+.Dq none
+disables the use of an authentication agent.
+.Pp
+The socket name may use the tilde
+syntax to refer to a user's home directory or one of the following
+escape characters:
+.Ql %d
+(local user's home directory),
+.Ql %u
+(local user name),
+.Ql %l
+(local host name),
+.Ql %h
+(remote host name) or
+.Ql %r
+(remote user name).
.It Cm IdentityFile
Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
identity is read.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list