openssh-portable/files/patch-ssh-agent.c

--- UTC
r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines

Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.

r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines

Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.

--- ssh-agent.c.orig    2017-10-02 12:34:26.000000000 -0700
+++ ssh-agent.c 2017-10-12 11:31:40.908737000 -0700
@@ -162,15 +162,34 @@ static long lifetime = 0;
 
 static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 
+/*
+ * Client connection count; incremented in new_socket() and decremented in
+ * close_socket().  When it reaches 0, ssh-agent will exit.  Since it is
+ * normally initialized to 1, it will never reach 0.  However, if the -x
+ * option is specified, it is initialized to 0 in main(); in that case,
+ * ssh-agent will exit as soon as it has had at least one client but no
+ * longer has any.
+ */
+static int xcount = 1;
+
 static void
 close_socket(SocketEntry *e)
 {
+       int last = 0;
+
+       if (e->type == AUTH_CONNECTION) {
+               debug("xcount %d -> %d", xcount, xcount - 1);
+               if (--xcount == 0)
+                       last = 1;
+       }
        close(e->fd);
        e->fd = -1;
        e->type = AUTH_UNUSED;
        sshbuf_free(e->input);
        sshbuf_free(e->output);
        sshbuf_free(e->request);
+       if (last)
+               cleanup_exit(0);
 }
 
 static void
@@ -745,6 +764,10 @@ new_socket(sock_type type, int fd)
 {
        u_int i, old_alloc, new_alloc;
 
+       if (type == AUTH_CONNECTION) {
+               debug("xcount %d -> %d", xcount, xcount + 1);
+               ++xcount;
+       }
        set_nonblock(fd);
 
        if (fd > max_fd)
@@ -1007,7 +1030,7 @@ static void
 usage(void)
 {
        fprintf(stderr,
-           "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
+           "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
            "                 [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n"
            "       ssh-agent [-c | -s] -k\n");
        exit(1);
@@ -1039,6 +1062,7 @@ main(int ac, char **av)
        /* drop */
        setegid(getgid());
        setgid(getgid());
+       setuid(geteuid());
 
        platform_disable_tracing(0);    /* strict=no */
 
@@ -1049,7 +1073,7 @@ main(int ac, char **av)
        __progname = ssh_get_progname(av[0]);
        seed_rng();
 
-       while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
+       while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) {
                switch (ch) {
                case 'E':
                        fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -1092,6 +1116,9 @@ main(int ac, char **av)
                                fprintf(stderr, "Invalid lifetime\n");
                                usage();
                        }
+                       break;
+               case 'x':
+                       xcount = 0;
                        break;
                default:
                        usage();
Revision:	24804
Committed:	Fri Jan 18 20:36:16 2019 UTC (5 years, 3 months ago) by laffer1
Content type:	text/plain
File size:	2584 byte(s)
Log Message:	update openssh port to 7.9p1
#	Content
1	--- UTC
2	r110506 \| des \| 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) \| 4 lines
3
4	Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
5
6	r226103 \| des \| 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) \| 5 lines
7
8	Add a -x option that causes ssh-agent(1) to exit when all clients have
9	disconnected.
10
11	--- ssh-agent.c.orig 2017-10-02 12:34:26.000000000 -0700
12	+++ ssh-agent.c 2017-10-12 11:31:40.908737000 -0700
13	@@ -162,15 +162,34 @@ static long lifetime = 0;
14
15	static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
16
17	+/*
18	+ * Client connection count; incremented in new_socket() and decremented in
19	+ * close_socket(). When it reaches 0, ssh-agent will exit. Since it is
20	+ * normally initialized to 1, it will never reach 0. However, if the -x
21	+ * option is specified, it is initialized to 0 in main(); in that case,
22	+ * ssh-agent will exit as soon as it has had at least one client but no
23	+ * longer has any.
24	+ */
25	+static int xcount = 1;
26	+
27	static void
28	close_socket(SocketEntry *e)
29	{
30	+ int last = 0;
31	+
32	+ if (e->type == AUTH_CONNECTION) {
33	+ debug("xcount %d -> %d", xcount, xcount - 1);
34	+ if (--xcount == 0)
35	+ last = 1;
36	+ }
37	close(e->fd);
38	e->fd = -1;
39	e->type = AUTH_UNUSED;
40	sshbuf_free(e->input);
41	sshbuf_free(e->output);
42	sshbuf_free(e->request);
43	+ if (last)
44	+ cleanup_exit(0);
45	}
46
47	static void
48	@@ -745,6 +764,10 @@ new_socket(sock_type type, int fd)
49	{
50	u_int i, old_alloc, new_alloc;
51
52	+ if (type == AUTH_CONNECTION) {
53	+ debug("xcount %d -> %d", xcount, xcount + 1);
54	+ ++xcount;
55	+ }
56	set_nonblock(fd);
57
58	if (fd > max_fd)
59	@@ -1007,7 +1030,7 @@ static void
60	usage(void)
61	{
62	fprintf(stderr,
63	- "usage: ssh-agent [-c \| -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
64	+ "usage: ssh-agent [-c \| -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
65	" [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n"
66	" ssh-agent [-c \| -s] -k\n");
67	exit(1);
68	@@ -1039,6 +1062,7 @@ main(int ac, char **av)
69	/* drop */
70	setegid(getgid());
71	setgid(getgid());
72	+ setuid(geteuid());
73
74	platform_disable_tracing(0); /* strict=no */
75
76	@@ -1049,7 +1073,7 @@ main(int ac, char **av)
77	__progname = ssh_get_progname(av[0]);
78	seed_rng();
79
80	- while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
81	+ while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) {
82	switch (ch) {
83	case 'E':
84	fingerprint_hash = ssh_digest_alg_by_name(optarg);
85	@@ -1092,6 +1116,9 @@ main(int ac, char **av)
86	fprintf(stderr, "Invalid lifetime\n");
87	usage();
88	}
89	+ break;
90	+ case 'x':
91	+ xcount = 0;
92	break;
93	default:
94	usage();