[feature] ssh-agent: new -A option (like -a) that overwrites existing sockets
Most of the code is already there; it's basically just adding a new flag.
Happy to hear your feedback!
---
diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1
index 6815eb834d3..731a1cf913d 100644
--- a/usr.bin/ssh/ssh-agent.1
+++ b/usr.bin/ssh/ssh-agent.1
@@ -76,6 +76,10 @@ socket
.Ar bind_address .
The default is
.Pa $TMPDIR/ssh-XX/agent.\*(Ltppid\*(Gt .
+.It Fl A Ar bind_address
+Same as the
+.Fl a
+option but overwrites the socket if it already exists.
.It Fl c
Generate C-shell commands on
.Dv stdout .
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 0b2ee971226..5e9c3affec8 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -2003,7 +2003,7 @@ usage(void)
int
main(int ac, char **av)
{
- int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
+ int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag =
0, overwrite_agentsocket = 0;
int sock, ch, result, saved_errno;
char *shell, *format, *pidstr, *agentsocket = NULL;
struct rlimit rlim;
@@ -2032,7 +2032,7 @@ main(int ac, char **av)
OpenSSL_add_all_algorithms();
#endif
- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
+ while ((ch = getopt(ac, av, "cDdksE:a:A:O:P:t:")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -2075,6 +2075,8 @@ main(int ac, char **av)
usage();
D_flag++;
break;
+ case 'A':
+ overwrite_agentsocket = 1;
case 'a':
agentsocket = optarg;
break;
@@ -2163,7 +2165,7 @@ main(int ac, char **av)
* the parent.
*/
prev_mask = umask(0177);
- sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
+ sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG,
overwrite_agentsocket);
if (sock < 0) {
/* XXX - unix_listener() calls error() not perror() */
*socket_name = '\0'; /* Don't unlink any existing file */
Re: [feature] ssh-agent: new -A option (like -a) that overwrites existing sockets
On 2023/09/13 15:08:40 +0200, Moritz Fain wrote:
> Most of the code is already there; it's basically just adding a new flag.
>
> Happy to hear your feedback!
can't comment on the diff itself, but the patch was mangled and so it
doesn't apply.
> --- a/usr.bin/ssh/ssh-agent.c
> +++ b/usr.bin/ssh/ssh-agent.c
> @@ -2003,7 +2003,7 @@ usage(void)
> int
> main(int ac, char **av)
> {
> - int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
> + int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag =
> 0, overwrite_agentsocket = 0;
> int sock, ch, result, saved_errno;
> char *shell, *format, *pidstr, *agentsocket = NULL;
> struct rlimit rlim;
>[...]
> @@ -2163,7 +2165,7 @@ main(int ac, char **av)
> * the parent.
> */
> prev_mask = umask(0177);
> - sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
> + sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG,
> overwrite_agentsocket);
> if (sock < 0) {
> /* XXX - unix_listener() calls error() not perror() */
> *socket_name = '\0'; /* Don't unlink any existing file */
Re: [feature] ssh-agent: new -A option (like -a) that overwrites existing sockets
On Wed, Sep 13, 2023 at 03:08:40PM +0200, Moritz Fain wrote:
> Most of the code is already there; it's basically just adding a new flag.
>
> Happy to hear your feedback!
My initial reaction is that it's easy to run "rm -f" before starting
the agent with the existing "-a" option.
The code seems to use a new variable that should be called "A_flag" if
it's to follow the existing naming scheme.
>
> ---
> diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1
> index 6815eb834d3..731a1cf913d 100644
> --- a/usr.bin/ssh/ssh-agent.1
> +++ b/usr.bin/ssh/ssh-agent.1
> @@ -76,6 +76,10 @@ socket
> .Ar bind_address .
> The default is
> .Pa $TMPDIR/ssh-XX/agent.\*(Ltppid\*(Gt .
> +.It Fl A Ar bind_address
> +Same as the
> +.Fl a
> +option but overwrites the socket if it already exists.
> .It Fl c
> Generate C-shell commands on
> .Dv stdout .
> diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
> index 0b2ee971226..5e9c3affec8 100644
> --- a/usr.bin/ssh/ssh-agent.c
> +++ b/usr.bin/ssh/ssh-agent.c
> @@ -2003,7 +2003,7 @@ usage(void)
> int
> main(int ac, char **av)
> {
> - int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
> + int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag =
> 0, overwrite_agentsocket = 0;
> int sock, ch, result, saved_errno;
> char *shell, *format, *pidstr, *agentsocket = NULL;
> struct rlimit rlim;
> @@ -2032,7 +2032,7 @@ main(int ac, char **av)
> OpenSSL_add_all_algorithms();
> #endif
>
> - while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
> + while ((ch = getopt(ac, av, "cDdksE:a:A:O:P:t:")) != -1) {
> switch (ch) {
> case 'E':
> fingerprint_hash = ssh_digest_alg_by_name(optarg);
> @@ -2075,6 +2075,8 @@ main(int ac, char **av)
> usage();
> D_flag++;
> break;
> + case 'A':
> + overwrite_agentsocket = 1;
> case 'a':
> agentsocket = optarg;
> break;
> @@ -2163,7 +2165,7 @@ main(int ac, char **av)
> * the parent.
> */
> prev_mask = umask(0177);
> - sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
> + sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG,
> overwrite_agentsocket);
> if (sock < 0) {
> /* XXX - unix_listener() calls error() not perror() */
> *socket_name = '\0'; /* Don't unlink any existing file */
--
Andreas (Kusalananda) Kähäri
Uppsala, Sweden
.
Re: [feature] ssh-agent: new -A option (like -a) that overwrites existing sockets
Andreas Kähäri wrote in : |On Wed, Sep 13, 2023 at 03:08:40PM +0200, Moritz Fain wrote: |> Most of the code is already there; it's basically just adding a new flag. |> |> Happy to hear your feedback! | |My initial reaction is that it's easy to run "rm -f" before starting |the agent with the existing "-a" option. a bit off-topic but i had to go a long way with a thing of mine +/* Unfortunately pre v0.8 versions had an undocumented problem: in case the + * server socket was already existing upon startup (server did have not chance + * to perform cleanup), no server would ever have been started, and missing + * policy server would cause postfix to refuse acting. A "rm -f PG-SOCKET" in + * a pre-postfix-startup-script avoids this, but it was never announced to be + * necessary. v0.8 added a "reassurance" lock file to automatize this */ And heck! what a complicated thing with file-locking (aka "ADDRINUSE with taken write lock means former server was not properly shutdown") and all that. It is -- in my opinion -- a deficit of UNIX-domain sockets that they continue to exist if the server is gone, as you cannot bind() to it again, no?, it is nothing bad a dead and useless corpse without soul. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [OpenSMTPD] Setting personal mailserver
Hello, I would like to contribute here and add a patch which in case of failed s2s connection digs the SRV records and tries on other port. Can a dev working on OpenSMTPD please show me the logic and part and file on which I could add code on? Thanking you Sagar Acharya https://humaaraartha.in/selfdost/selfdost.html 10 Sept 2023, 15:40 by s...@spacehopper.org: > On 2023/09/09 13:49, Sagar Acharya wrote: > >> Thanks Peter, your comments were very helpful and I made some progress >> >> I have currently hosted server at 587. I have also set >> >> _submission._tcp.humaaraartha.in. SRV >> >> records which point to 587. However, I think such a thing is not implemented >> by default to be detected by mailservers, perhaps, SMTPD. >> >> Is such a check on other ports in case 25 connection is not established >> implemented? >> > > *nobody* does this. > > There was an opportunity to change how port lookups were done for email > when MTA-STS was implemented reasonably recently (it would only help for > the small number of senders actually using this, but it would still have > been something) - but that just continued to use port 25. > > If you think about the scope of changes that would be involved across > the internet, it's really just not possible to get everyone to change > this, so you would still need to list a port 25 receiver at least as a > backup MX (and honestly if you can do that, you might as well funnel > all mail through that machine). > > Changes like: > - everyone would need software that such a lookup > - some firewalls would need changing (it would be reasonable to only > permit an MTA to connect to random internet machines on ports needed > for email/DNS) > > I would suggest getting a VPS or hosted server somewhere, and either > bave that handle SMTP relay, or have a tunnel to your real mail server > so that incoming connections are passed across directly. >
sed(1): a,i,c text escape leading whitespace
Hello,
I've noticed a bug with whitespace indentation in sed.
Summary: For a,i,c `text` the leading whitespace that is intended to
stay in output should be escaped, or else be ignored. The latter is
not the case for sed(1) - it includes leading whitespace of `text`
in the output, even if it is not escaped.
Test behavior with:
```
1a\
foo\
\ bar\
\baz
```
Actual out:
```
foo
bar
baz
```
Expected out:
```
foo
bar
baz
```
Details: in sed command files, whitespace may be inserted before a sed
command. This is useful for indenting sed code, e.g. commands in a {
function list }. A question arises for a,i,c commands which have a
`text` argument. Should the leading whitespace of text be ignored
(just for style), or be part of text?
This dilemma was solved in the 1979 article mentioned in the sed(1)
manpage:
> Note: Within the text put in the output by these functions,
> leading blanks and tabs will disappear, as always in sed commands. To
> get leading blanks and tabs into the output, precede the first
> desired blank or tab by a backslash; the backslash will not appear
> in the output.
This note of McMahon describes an implementation that gives the
ability of indenting the output (necessary), while still allowing
for a complicated sed file to be indented for readability & style.
In the current implementation, the "leading blanks and tabs" will
NOT disappear, thus taking away the ability to indent the sed command
file as desired.
What should be done?
Specification IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/sed.html
> The argument text shall consist of one or more lines. Each embedded
> in the text shall be preceded by a . Other
> characters in text shall be removed, and the following
> character shall be treated literally.
...mentions backslashes as though the user would put them in `text`
out of boredom. It doesn't make sense to have to unnecessarily
backslash a backslash if you lost the ability to indent your code -
that's why the complication arose.
Maybe nothing should be done, maybe the few sed files in OpenBSD
source should have backslashes added in a,i,c functions.
Luka
