- markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
diff --git a/ChangeLog b/ChangeLog
index 288783a..3f127b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -102,6 +102,10 @@
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
+ - markus@cvs.openbsd.org 2002/06/05 16:08:07
+ [ssh-agent.1 ssh-agent.c]
+ '-a bind_address' binds the agent to user-specified unix-domain
+ socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
20020604
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -786,4 +790,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2171 2002/06/06 21:46:07 mouring Exp $
+$Id: ChangeLog,v 1.2172 2002/06/06 21:46:57 mouring Exp $
diff --git a/ssh-add.1 b/ssh-add.1
index 41d5def..163fc45 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.30 2002/02/04 20:41:16 stevesk Exp $
+.\" $OpenBSD: ssh-add.1,v 1.31 2002/06/05 16:35:45 markus Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -129,6 +129,9 @@
may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
+.It Ev SSH_AUTH_SOCK
+Identifies the path of a unix-domain socket used to communicate with the
+agent.
.El
.Sh DIAGNOSTICS
Exit status is 0 on success, 1 if the specified command fails,
diff --git a/ssh-agent.1 b/ssh-agent.1
index 9909ef5..5f498b7 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.31 2002/02/04 20:41:16 stevesk Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.32 2002/06/05 16:08:07 markus Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,6 +42,7 @@
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
+.Op Fl a Ar bind_address
.Op Fl c Li | Fl s
.Op Fl d
.Op Ar command Op Ar args ...
@@ -64,6 +65,11 @@
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl a Ar bind_address
+Bind the agent to the unix-domain socket
+.Ar bind_address .
+The default is
+.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
.It Fl c
Generate C-shell commands on
.Dv stdout .
@@ -135,7 +141,6 @@
This way, private keys are not exposed to clients using the agent.
.Pp
A unix-domain socket is created
-.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
diff --git a/ssh-agent.c b/ssh-agent.c
index 33596c4..d332147 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.85 2002/04/02 11:49:39 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.86 2002/06/05 16:08:07 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@@ -803,6 +803,7 @@
fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n");
fprintf(stderr, " -k Kill the current agent.\n");
fprintf(stderr, " -d Debug mode.\n");
+ fprintf(stderr, " -a socket Bind agent socket to given name.\n");
exit(1);
}
@@ -819,6 +820,7 @@
#endif
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
+ char *agentsocket = NULL;
extern int optind;
fd_set *readsetp = NULL, *writesetp = NULL;
@@ -829,9 +831,9 @@
seed_rng();
#ifdef __GNU_LIBRARY__
- while ((ch = getopt(ac, av, "+cdks")) != -1) {
+ while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
#else /* __GNU_LIBRARY__ */
- while ((ch = getopt(ac, av, "cdks")) != -1) {
+ while ((ch = getopt(ac, av, "cdksa:")) != -1) {
#endif /* __GNU_LIBRARY__ */
switch (ch) {
case 'c':
@@ -852,6 +854,9 @@
usage();
d_flag++;
break;
+ case 'a':
+ agentsocket = optarg;
+ break;
default:
usage();
}
@@ -892,14 +897,20 @@
}
parent_pid = getpid();
- /* Create private directory for agent socket */
- strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
- if (mkdtemp(socket_dir) == NULL) {
- perror("mkdtemp: private socket dir");
- exit(1);
+ if (agentsocket == NULL) {
+ /* Create private directory for agent socket */
+ strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
+ if (mkdtemp(socket_dir) == NULL) {
+ perror("mkdtemp: private socket dir");
+ exit(1);
+ }
+ snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
+ parent_pid);
+ } else {
+ /* Try to use specified agent socket */
+ socket_dir[0] = '\0';
+ strlcpy(socket_name, agentsocket, sizeof socket_name);
}
- snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
- parent_pid);
/*
* Create socket early so it will exist before command gets run from