1 |
--- UTC |
2 |
r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines |
3 |
|
4 |
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh. |
5 |
|
6 |
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines |
7 |
|
8 |
Add a -x option that causes ssh-agent(1) to exit when all clients have |
9 |
disconnected. |
10 |
|
11 |
--- ssh-agent.c.orig 2017-10-02 12:34:26.000000000 -0700 |
12 |
+++ ssh-agent.c 2017-10-12 11:31:40.908737000 -0700 |
13 |
@@ -162,15 +162,34 @@ static long lifetime = 0; |
14 |
|
15 |
static int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
16 |
|
17 |
+/* |
18 |
+ * Client connection count; incremented in new_socket() and decremented in |
19 |
+ * close_socket(). When it reaches 0, ssh-agent will exit. Since it is |
20 |
+ * normally initialized to 1, it will never reach 0. However, if the -x |
21 |
+ * option is specified, it is initialized to 0 in main(); in that case, |
22 |
+ * ssh-agent will exit as soon as it has had at least one client but no |
23 |
+ * longer has any. |
24 |
+ */ |
25 |
+static int xcount = 1; |
26 |
+ |
27 |
static void |
28 |
close_socket(SocketEntry *e) |
29 |
{ |
30 |
+ int last = 0; |
31 |
+ |
32 |
+ if (e->type == AUTH_CONNECTION) { |
33 |
+ debug("xcount %d -> %d", xcount, xcount - 1); |
34 |
+ if (--xcount == 0) |
35 |
+ last = 1; |
36 |
+ } |
37 |
close(e->fd); |
38 |
e->fd = -1; |
39 |
e->type = AUTH_UNUSED; |
40 |
sshbuf_free(e->input); |
41 |
sshbuf_free(e->output); |
42 |
sshbuf_free(e->request); |
43 |
+ if (last) |
44 |
+ cleanup_exit(0); |
45 |
} |
46 |
|
47 |
static void |
48 |
@@ -745,6 +764,10 @@ new_socket(sock_type type, int fd) |
49 |
{ |
50 |
u_int i, old_alloc, new_alloc; |
51 |
|
52 |
+ if (type == AUTH_CONNECTION) { |
53 |
+ debug("xcount %d -> %d", xcount, xcount + 1); |
54 |
+ ++xcount; |
55 |
+ } |
56 |
set_nonblock(fd); |
57 |
|
58 |
if (fd > max_fd) |
59 |
@@ -1007,7 +1030,7 @@ static void |
60 |
usage(void) |
61 |
{ |
62 |
fprintf(stderr, |
63 |
- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
64 |
+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" |
65 |
" [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" |
66 |
" ssh-agent [-c | -s] -k\n"); |
67 |
exit(1); |
68 |
@@ -1039,6 +1062,7 @@ main(int ac, char **av) |
69 |
/* drop */ |
70 |
setegid(getgid()); |
71 |
setgid(getgid()); |
72 |
+ setuid(geteuid()); |
73 |
|
74 |
platform_disable_tracing(0); /* strict=no */ |
75 |
|
76 |
@@ -1049,7 +1073,7 @@ main(int ac, char **av) |
77 |
__progname = ssh_get_progname(av[0]); |
78 |
seed_rng(); |
79 |
|
80 |
- while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { |
81 |
+ while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) { |
82 |
switch (ch) { |
83 |
case 'E': |
84 |
fingerprint_hash = ssh_digest_alg_by_name(optarg); |
85 |
@@ -1092,6 +1116,9 @@ main(int ac, char **av) |
86 |
fprintf(stderr, "Invalid lifetime\n"); |
87 |
usage(); |
88 |
} |
89 |
+ break; |
90 |
+ case 'x': |
91 |
+ xcount = 0; |
92 |
break; |
93 |
default: |
94 |
usage(); |