From 68bd2c146239b87d355ed6169ca0ec227a69995d Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Tue, 28 Dec 2021 18:07:21 +0100 Subject: [PATCH] sshd: handle "IdentityAgent SSH_AUTH_SOCK" in ssh config OpenSSH has (for legacy reasons?) the option of specifying the default environment variable directly, instead of using ${SSH_AUTH_SOCK}. Make sure the plain variable name is not taken as a relative path name. Bug: 577053 Change-Id: If8f550dffc43887254f71aa0b487c50fa14d0627 Signed-off-by: Thomas Wolf --- .../transport/sshd/agent/connector/Sockets.java | 5 ----- .../agent/connector/UnixDomainSocketConnector.java | 9 +++++---- .../internal/transport/ssh/OpenSshConfigFileTest.java | 8 ++++++++ .../jgit/internal/transport/ssh/OpenSshConfigFile.java | 3 ++- .../src/org/eclipse/jgit/transport/SshConstants.java | 10 +++++++++- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java index 3d95bdb51..52cf5f22f 100644 --- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java +++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java @@ -23,11 +23,6 @@ private Sockets() { // No instantiation } - /** - * Default SSH agent socket environment variable name. - */ - public static final String ENV_SSH_AUTH_SOCK = "SSH_AUTH_SOCK"; //$NON-NLS-1$ - /** * Domain for Unix domain sockets. */ diff --git a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java index 3b75f3a7d..95ac34f94 100644 --- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java +++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java @@ -11,10 +11,10 @@ import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.AF_UNIX; import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.DEFAULT_PROTOCOL; -import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.ENV_SSH_AUTH_SOCK; import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.SOCK_STREAM; import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.FD_CLOEXEC; import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.F_SETFD; +import static org.eclipse.jgit.transport.SshConstants.ENV_SSH_AUTH_SOCKET; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -46,7 +46,7 @@ public class UnixDomainSocketConnector extends AbstractConnector { @Override public String getIdentityAgent() { - return ENV_SSH_AUTH_SOCK; + return ENV_SSH_AUTH_SOCKET; } @Override @@ -91,8 +91,9 @@ private static synchronized UnixSockets getLibrary() { public UnixDomainSocketConnector(String socketFile) { super(); String file = socketFile; - if (StringUtils.isEmptyOrNull(file)) { - file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCK); + if (StringUtils.isEmptyOrNull(file) + || ENV_SSH_AUTH_SOCKET.equals(file)) { + file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCKET); } this.socketFile = file; } diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java index 9c5cd16f9..876a9999a 100644 --- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java @@ -570,6 +570,14 @@ public void testIdentityAgentNone() throws Exception { h.getValue(SshConstants.IDENTITY_AGENT)); } + @Test + public void testIdentityAgentSshAuthSock() throws Exception { + config("Host orcz\nIdentityAgent SSH_AUTH_SOCK\n"); + HostConfig h = lookup("orcz"); + assertEquals(SshConstants.ENV_SSH_AUTH_SOCKET, + h.getValue(SshConstants.IDENTITY_AGENT)); + } + @Test public void testNegativeMatch() throws Exception { config("Host foo.bar !foobar.baz *.baz\n" + "Port 29418\n"); diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java index 4e8048baa..cf966a528 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java @@ -871,7 +871,8 @@ void substitute(String originalHostName, int port, String userName, if (options != null) { // HOSTNAME already done above String value = options.get(SshConstants.IDENTITY_AGENT); - if (value != null && !SshConstants.NONE.equals(value)) { + if (value != null && !SshConstants.NONE.equals(value) + && !SshConstants.ENV_SSH_AUTH_SOCKET.equals(value)) { value = r.substitute(value, Replacer.DEFAULT_TOKENS, true); value = toFile(value, home).getPath(); options.put(SshConstants.IDENTITY_AGENT, value); diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java index 212a4e46c..698982e1a 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018, 2020 Thomas Wolf and others + * Copyright (C) 2018, 2021 Thomas Wolf and others * * This program and the accompanying materials are made available under the * terms of the Eclipse Distribution License v. 1.0 which is available at @@ -229,4 +229,12 @@ private SshConstants() { public static final String[] DEFAULT_IDENTITIES = { // ID_RSA, ID_DSA, ID_ECDSA, ID_ED25519 }; + + /** + * Name of the environment variable holding the Unix domain socket for + * communication with an SSH agent. + * + * @since 6.1 + */ + public static final String ENV_SSH_AUTH_SOCKET = "SSH_AUTH_SOCK"; }