[RFC][PATCH] Support a list of sockets on SSH_AUTH_SOCKET

Fabiano Fidêncio fidencio at redhat.com
Sat Sep 26 07:12:11 AEST 2015


The idea behind this change is to add support for different "ssh-agents"
being able to run at the same time. It does not change the current
behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for
itself). Neither does it change the behaviour of SSH_AGENT_PID (which
still supports only one pid).
The new implementation will go through the list of sockets (which are
separated by a colon (:)), and will return the very first functional
one. An example of the new supported syntax is:
SSH_AUTH_SOCK=/run/user/1000/spice/ssh:/tmp/ssh-hHomdONwQus6/agent.6907

The idea has been discussed a little in this e-mail thread:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-September/034381.html

Signed-off-by: Fabiano Fidêncio <fidencio at redhat.com>
---
 authfd.c | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/authfd.c b/authfd.c
index 12bf125..20fcba2 100644
--- a/authfd.c
+++ b/authfd.c
@@ -83,21 +83,12 @@ decode_reply(u_char type)
 		return SSH_ERR_INVALID_FORMAT;
 }
 
-/* Returns the number of the authentication fd, or -1 if there is none. */
-int
-ssh_get_authentication_socket(int *fdp)
+static int
+get_authentication_socket(const char *authsocket, int *fdp)
 {
-	const char *authsocket;
 	int sock, oerrno;
 	struct sockaddr_un sunaddr;
 
-	if (fdp != NULL)
-		*fdp = -1;
-
-	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
-	if (!authsocket)
-		return SSH_ERR_AGENT_NOT_PRESENT;
-
 	memset(&sunaddr, 0, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
 	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@@ -117,7 +108,32 @@ ssh_get_authentication_socket(int *fdp)
 		*fdp = sock;
 	else
 		close(sock);
-	return 0;
+	return SSH_ERR_SUCCESS;
+}
+
+/* Returns the number of the authentication fd, or -1 if there is none. */
+int
+ssh_get_authentication_socket(int *fdp)
+{
+	const char *authsocketlist;
+	const char *authsocket;
+	int rc;
+
+	if (fdp != NULL)
+		*fdp = -1;
+
+	authsocketlist = getenv(SSH_AUTHSOCKET_ENV_NAME);
+	if (!authsocketlist)
+		return SSH_ERR_AGENT_NOT_PRESENT;
+
+	authsocket = strtok((char *)authsocketlist, ":");
+
+	do {
+		rc = get_authentication_socket(authsocket, fdp);
+		authsocket = strtok(NULL, ":");
+	} while (rc != SSH_ERR_SUCCESS && authsocket != NULL);
+
+	return rc;
 }
 
 /* Communicate with agent: send request and read reply */
-- 
2.4.3



More information about the openssh-unix-dev mailing list