Re: [feature] ssh-agent: new -A option (like -a) that overwrites existing sockets

[Andreas Kähäri]

On Wed, Sep 13, 2023 at 03:08:40PM +0200, Moritz Fain wrote:
> Most of the code is already there; it's basically just adding a new flag.
> 
> Happy to hear your feedback!

My initial reaction is that it's easy to run "rm -f" before starting
the agent with the existing "-a" option.

The code seems to use a new variable that should be called "A_flag" if
it's to follow the existing naming scheme.

> 
> ---------------
> diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1
> index 6815eb834d3..731a1cf913d 100644
> --- a/usr.bin/ssh/ssh-agent.1
> +++ b/usr.bin/ssh/ssh-agent.1
> @@ -76,6 +76,10 @@ socket
>  .Ar bind_address .
>  The default is
>  .Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .
> +.It Fl A Ar bind_address
> +Same as the
> +.Fl a
> +option but overwrites the socket if it already exists.
>  .It Fl c
>  Generate C-shell commands on
>  .Dv stdout .
> diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
> index 0b2ee971226..5e9c3affec8 100644
> --- a/usr.bin/ssh/ssh-agent.c
> +++ b/usr.bin/ssh/ssh-agent.c
> @@ -2003,7 +2003,7 @@ usage(void)
>  int
>  main(int ac, char **av)
>  {
> -       int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
> +       int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag =
> 0, overwrite_agentsocket = 0;
>         int sock, ch, result, saved_errno;
>         char *shell, *format, *pidstr, *agentsocket = NULL;
>         struct rlimit rlim;
> @@ -2032,7 +2032,7 @@ main(int ac, char **av)
>         OpenSSL_add_all_algorithms();
>  #endif
> 
> -       while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
> +       while ((ch = getopt(ac, av, "cDdksE:a:A:O:P:t:")) != -1) {
>                 switch (ch) {
>                 case 'E':
>                         fingerprint_hash = ssh_digest_alg_by_name(optarg);
> @@ -2075,6 +2075,8 @@ main(int ac, char **av)
>                                 usage();
>                         D_flag++;
>                         break;
> +               case 'A':
> +                       overwrite_agentsocket = 1;
>                 case 'a':
>                         agentsocket = optarg;
>                         break;
> @@ -2163,7 +2165,7 @@ main(int ac, char **av)
>          * the parent.
>          */
>         prev_mask = umask(0177);
> -       sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
> +       sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG,
> overwrite_agentsocket);
>         if (sock < 0) {
>                 /* XXX - unix_listener() calls error() not perror() */
>                 *socket_name = '\0'; /* Don't unlink any existing file */

-- 
Andreas (Kusalananda) Kähäri
Uppsala, Sweden

.