lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-09-10 02:09:25 +03:00
Code Activity

add support for identityagent ssh_config option

Browse Source 
This commit adds an `agent_socket` field to the session options
and connects the config parser to that option.

`SSH_OPTIONS_IDENTITY_AGENT` is added to allow applications to
set this option for themselves.

agent.c is updated to take the `agent_socket` value in preference
to the `SSH_AUTH_SOCK` environment variable.

Signed-off-by: Wez Furlong <wez@fb.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Wez Furlong
2021-07-20 17:50:44 -07:00
committed by Andreas Schneider
parent 899ec9e519
commit 51a53cc6d4
7 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/config.h
View File

@@ -61,6 +61,7 @@ enum ssh_config_opcode_e {
SOC_PUBKEYAUTHENTICATION, SOC_PUBKEYAUTHENTICATION,
SOC_PUBKEYACCEPTEDKEYTYPES, SOC_PUBKEYACCEPTEDKEYTYPES,
SOC_REKEYLIMIT, SOC_REKEYLIMIT,
SOC_IDENTITYAGENT,
SOC_MAX /* Keep this one last in the list */ SOC_MAX /* Keep this one last in the list */
}; };

1
include/libssh/libssh.h
View File

@@ -407,6 +407,7 @@ enum ssh_options_e {
SSH_OPTIONS_REKEY_DATA, SSH_OPTIONS_REKEY_DATA,
SSH_OPTIONS_REKEY_TIME, SSH_OPTIONS_REKEY_TIME,
SSH_OPTIONS_RSA_MIN_SIZE, SSH_OPTIONS_RSA_MIN_SIZE,
SSH_OPTIONS_IDENTITY_AGENT,
}; };
enum { enum {

1
include/libssh/session.h
View File

@@ -219,6 +219,7 @@ struct ssh_session_struct {
char *ProxyCommand; char *ProxyCommand;
char *custombanner; char *custombanner;
char *moduli_file; char *moduli_file;
char *agent_socket;
unsigned long timeout; /* seconds */ unsigned long timeout; /* seconds */
unsigned long timeout_usec; unsigned long timeout_usec;
unsigned int port; unsigned int port;

3
src/agent.c
View File

@@ -220,7 +220,8 @@ static int agent_connect(ssh_session session) {
if (session->agent->channel != NULL) if (session->agent->channel != NULL)
return 0; return 0;
auth_sock = getenv("SSH_AUTH_SOCK"); auth_sock = session->opts.agent_socket ?
session->opts.agent_socket : getenv("SSH_AUTH_SOCK");
if (auth_sock && *auth_sock) { if (auth_sock && *auth_sock) {
if (ssh_socket_unix(session->agent->sock, auth_sock) < 0) { if (ssh_socket_unix(session->agent->sock, auth_sock) < 0) {

8
src/config.c
View File

@@ -104,7 +104,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "hostbasedacceptedalgorithms", SOC_UNSUPPORTED}, { "hostbasedacceptedalgorithms", SOC_UNSUPPORTED},
{ "hostkeyalias", SOC_UNSUPPORTED}, { "hostkeyalias", SOC_UNSUPPORTED},
{ "identitiesonly", SOC_UNSUPPORTED}, { "identitiesonly", SOC_UNSUPPORTED},
{ "identityagent", SOC_UNSUPPORTED}, { "identityagent", SOC_IDENTITYAGENT},
{ "ipqos", SOC_UNSUPPORTED}, { "ipqos", SOC_UNSUPPORTED},
{ "kbdinteractivedevices", SOC_UNSUPPORTED}, { "kbdinteractivedevices", SOC_UNSUPPORTED},
{ "nohostauthenticationforlocalhost", SOC_UNSUPPORTED}, { "nohostauthenticationforlocalhost", SOC_UNSUPPORTED},
@@ -1161,6 +1161,12 @@ ssh_config_parse_line(ssh_session session,
SSH_LOG(SSH_LOG_INFO, "Unknown option: %s, line: %d", SSH_LOG(SSH_LOG_INFO, "Unknown option: %s, line: %d",
keyword, count); keyword, count);
break; break;
case SOC_IDENTITYAGENT:
p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) {
ssh_options_set(session, SSH_OPTIONS_IDENTITY_AGENT, p);
}
break;
default: default:
ssh_set_error(session, SSH_FATAL, "ERROR - unimplemented opcode: %d", ssh_set_error(session, SSH_FATAL, "ERROR - unimplemented opcode: %d",
opcode); opcode);

21
src/options.c
View File

@@ -476,6 +476,11 @@ int ssh_options_set_algo(ssh_session session,
* Setting 0 will revert the value to defaults. * Setting 0 will revert the value to defaults.
* Default is 1024 bits or 2048 bits in FIPS mode. * Default is 1024 bits or 2048 bits in FIPS mode.
* (int *) * (int *)
* - SSH_OPTIONS_IDENTITY_AGENT
* Set the path to the SSH agent socket. If unset, the
* SSH_AUTH_SOCK environment is consulted.
* (const char *)
* *
* @param value The value to set. This is a generic pointer and the * @param value The value to set. This is a generic pointer and the
* datatype which is used should be set according to the * datatype which is used should be set according to the
@@ -1056,6 +1061,22 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
session->opts.rsa_min_size = *x; session->opts.rsa_min_size = *x;
} }
break; break;
case SSH_OPTIONS_IDENTITY_AGENT:
v = value;
SAFE_FREE(session->opts.agent_socket);
if (v == NULL) {
/* The default value will be set by the ssh_options_apply() */
} else if (v[0] == '\0') {
ssh_set_error_invalid(session);
return -1;
} else {
session->opts.agent_socket = ssh_path_expand_tilde(v);
if (session->opts.agent_socket == NULL) {
ssh_set_error_oom(session);
return -1;
}
}
break;
default: default:
ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type); ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
return -1; return -1;

3
src/socket.c
View File

@@ -445,7 +445,8 @@ int ssh_socket_unix(ssh_socket s, const char *path)
#endif #endif
if (connect(fd, (struct sockaddr *) &sunaddr, sizeof(sunaddr)) < 0) { if (connect(fd, (struct sockaddr *) &sunaddr, sizeof(sunaddr)) < 0) {
ssh_set_error(s->session, SSH_FATAL, "Error from connect(): %s", ssh_set_error(s->session, SSH_FATAL, "Error from connect(%s): %s",
path,
strerror(errno)); strerror(errno));
CLOSE_SOCKET(fd); CLOSE_SOCKET(fd);
return -1; return -1;