diff options
Diffstat (limited to '0001-ssh-agent-add-systemd-socket-based-activation.patch')
-rw-r--r-- | 0001-ssh-agent-add-systemd-socket-based-activation.patch | 48 |
1 files changed, 36 insertions, 12 deletions
diff --git a/0001-ssh-agent-add-systemd-socket-based-activation.patch b/0001-ssh-agent-add-systemd-socket-based-activation.patch index 3d9ae7f86efb..2013f6f20774 100644 --- a/0001-ssh-agent-add-systemd-socket-based-activation.patch +++ b/0001-ssh-agent-add-systemd-socket-based-activation.patch @@ -1,13 +1,13 @@ -From 0e9c9f779c31d51206db84783130ca3f6a0d44f7 Mon Sep 17 00:00:00 2001 +From 60132e12267ecb4e53d8f7311eb34d3aae46b55b Mon Sep 17 00:00:00 2001 From: Ronan Pigott <ronan@rjp.ie> Date: Thu, 15 Jun 2023 13:03:38 -0700 Subject: [PATCH] ssh-agent: add systemd socket-based activation --- Makefile.in | 3 ++- - configure.ac | 25 +++++++++++++++++++++++++ - ssh-agent.c | 44 +++++++++++++++++++++++++++++++++++--------- - 3 files changed, 62 insertions(+), 10 deletions(-) + configure.ac | 25 ++++++++++++++++++++++++ + ssh-agent.c | 54 +++++++++++++++++++++++++++++++++++++++++++--------- + 3 files changed, 72 insertions(+), 10 deletions(-) diff --git a/Makefile.in b/Makefile.in index 70287f51fb81..9bace646fecf 100644 @@ -81,7 +81,7 @@ index 07893e870659..d12b6e9c0588 100644 echo "" diff --git a/ssh-agent.c b/ssh-agent.c -index c72518ba3537..0c31609742d3 100644 +index c72518ba3537..eb3a8b022590 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -69,6 +69,9 @@ @@ -94,7 +94,30 @@ index c72518ba3537..0c31609742d3 100644 #include <unistd.h> #ifdef HAVE_UTIL_H # include <util.h> -@@ -2000,7 +2003,7 @@ int +@@ -166,6 +169,11 @@ pid_t cleanup_pid = 0; + char socket_name[PATH_MAX]; + char socket_dir[PATH_MAX]; + ++#ifdef WITH_SYSTEMD ++/* tracks whether the active AUTH_SOCKET was passed to us by a third party */ ++int external_socket = 0; ++#endif ++ + /* Pattern-list of allowed PKCS#11/Security key paths */ + static char *allowed_providers; + +@@ -1946,6 +1954,10 @@ cleanup_socket(void) + { + if (cleanup_pid != 0 && getpid() != cleanup_pid) + return; ++#ifdef WITH_SYSTEMD ++ if (external_socket) ++ return; ++#endif + debug_f("cleanup"); + if (socket_name[0]) + unlink(socket_name); +@@ -2000,7 +2012,7 @@ int main(int ac, char **av) { int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; @@ -103,7 +126,7 @@ index c72518ba3537..0c31609742d3 100644 char *shell, *format, *pidstr, *agentsocket = NULL; #ifdef HAVE_SETRLIMIT struct rlimit rlim; -@@ -2015,6 +2018,9 @@ main(int ac, char **av) +@@ -2015,6 +2027,9 @@ main(int ac, char **av) struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; @@ -113,18 +136,19 @@ index c72518ba3537..0c31609742d3 100644 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -2142,6 +2148,24 @@ main(int ac, char **av) +@@ -2142,6 +2157,25 @@ main(int ac, char **av) parent_pid = getpid(); +#ifdef WITH_SYSTEMD + nfds = sd_listen_fds(1); + if (nfds > 0) { ++ sock = SD_LISTEN_FDS_START; + if (agentsocket == NULL) { + fprintf(stderr, "%s not set, cannot use socket-activation", + SSH_AUTHSOCKET_ENV_NAME); + exit(1); -+ } else if (sd_is_socket_unix(SD_LISTEN_FDS_START, SOCK_STREAM, 1, agentsocket, 0) <= 0) { ++ } else if (sd_is_socket_unix(sock, SOCK_STREAM, 1, agentsocket, 0) <= 0) { + fprintf(stderr, "Unexpected auth sock received from systemd. Expected %s\n", agentsocket); + exit(1); + } else if (nfds > 1) { @@ -132,13 +156,13 @@ index c72518ba3537..0c31609742d3 100644 + exit(1); + } + strlcpy(socket_name, agentsocket, sizeof socket_name); -+ sock = SD_LISTEN_FDS_START; ++ external_socket = 1; + } +#endif if (agentsocket == NULL) { /* Create private directory for agent socket */ mktemp_proto(socket_dir, sizeof(socket_dir)); -@@ -2150,7 +2174,7 @@ main(int ac, char **av) +@@ -2150,7 +2184,7 @@ main(int ac, char **av) exit(1); } snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, @@ -147,7 +171,7 @@ index c72518ba3537..0c31609742d3 100644 } else { /* Try to use specified agent socket */ socket_dir[0] = '\0'; -@@ -2161,14 +2185,16 @@ main(int ac, char **av) +@@ -2161,14 +2195,16 @@ main(int ac, char **av) * Create socket early so it will exist before command gets run from * the parent. */ |