sshd: handle "IdentityAgent SSH_AUTH_SOCK" in ssh config

OpenSSH has (for legacy reasons?) the option of specifying the default environment variable directly, instead of using ${SSH_AUTH_SOCK}. Make sure the plain variable name is not taken as a relative path name. Bug: 577053 Change-Id: If8f550dffc43887254f71aa0b487c50fa14d0627 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2021-12-28 18:07:21 +01:00 · 2021-12-28 18:07:21 +01:00 · 68bd2c1462
parent e0281c5adb
commit 68bd2c1462
5 changed files with 24 additions and 11 deletions
--- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java
+++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java
@ -23,11 +23,6 @@ private Sockets() {
 		// No instantiation
 	}

-	/**
-	 * Default SSH agent socket environment variable name.
-	 */
-	public static final String ENV_SSH_AUTH_SOCK = "SSH_AUTH_SOCK"; //$NON-NLS-1$
-
 	/**
 	 * Domain for Unix domain sockets.
 	 */
--- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java
+++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java
@ -11,10 +11,10 @@

 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.AF_UNIX;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.DEFAULT_PROTOCOL;
-import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.ENV_SSH_AUTH_SOCK;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.SOCK_STREAM;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.FD_CLOEXEC;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.F_SETFD;
+import static org.eclipse.jgit.transport.SshConstants.ENV_SSH_AUTH_SOCKET;

 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@ -46,7 +46,7 @@ public class UnixDomainSocketConnector extends AbstractConnector {

 		@Override
 		public String getIdentityAgent() {
-			return ENV_SSH_AUTH_SOCK;
+			return ENV_SSH_AUTH_SOCKET;
 		}

 		@Override
@ -91,8 +91,9 @@ private static synchronized UnixSockets getLibrary() {
 	public UnixDomainSocketConnector(String socketFile) {
 		super();
 		String file = socketFile;
-		if (StringUtils.isEmptyOrNull(file)) {
-			file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCK);
+		if (StringUtils.isEmptyOrNull(file)
+				|| ENV_SSH_AUTH_SOCKET.equals(file)) {
+			file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCKET);
 		}
 		this.socketFile = file;
 	}
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java
@ -570,6 +570,14 @@ public void testIdentityAgentNone() throws Exception {
 				h.getValue(SshConstants.IDENTITY_AGENT));
 	}

+	@Test
+	public void testIdentityAgentSshAuthSock() throws Exception {
+		config("Host orcz\nIdentityAgent SSH_AUTH_SOCK\n");
+		HostConfig h = lookup("orcz");
+		assertEquals(SshConstants.ENV_SSH_AUTH_SOCKET,
+				h.getValue(SshConstants.IDENTITY_AGENT));
+	}
+
 	@Test
 	public void testNegativeMatch() throws Exception {
 		config("Host foo.bar !foobar.baz *.baz\n" + "Port 29418\n");
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java
@ -871,7 +871,8 @@ void substitute(String originalHostName, int port, String userName,
 			if (options != null) {
 				// HOSTNAME already done above
 				String value = options.get(SshConstants.IDENTITY_AGENT);
-				if (value != null && !SshConstants.NONE.equals(value)) {
+				if (value != null && !SshConstants.NONE.equals(value)
+						&& !SshConstants.ENV_SSH_AUTH_SOCKET.equals(value)) {
 					value = r.substitute(value, Replacer.DEFAULT_TOKENS, true);
 					value = toFile(value, home).getPath();
 					options.put(SshConstants.IDENTITY_AGENT, value);
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0 which is available at
@ -229,4 +229,12 @@ private SshConstants() {
 	public static final String[] DEFAULT_IDENTITIES = { //
 			ID_RSA, ID_DSA, ID_ECDSA, ID_ED25519
 	};
+
+	/**
+	 * Name of the environment variable holding the Unix domain socket for
+	 * communication with an SSH agent.
+	 *
+	 * @since 6.1
+	 */
+	public static final String ENV_SSH_AUTH_SOCKET = "SSH_AUTH_SOCK";
 }