sshd: handle "IdentityAgent SSH_AUTH_SOCK" in ssh config

OpenSSH has (for legacy reasons?) the option of specifying the default
environment variable directly, instead of using ${SSH_AUTH_SOCK}. Make
sure the plain variable name is not taken as a relative path name.

Bug: 577053
Change-Id: If8f550dffc43887254f71aa0b487c50fa14d0627
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

diff --git a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java
index 3d95bdb51c2c41005692e7725cb04ee4cb6e5346..52cf5f22f2c57281ec34616c30b24bd6829f11c6 100644 (file)
--- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java
+++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/Sockets.java
@@ -23,11 +23,6 @@ public final class Sockets {
                // No instantiation
        }
 
-       /**
-        * Default SSH agent socket environment variable name.
-        */
-       public static final String ENV_SSH_AUTH_SOCK = "SSH_AUTH_SOCK"; //$NON-NLS-1$
-
        /**
         * Domain for Unix domain sockets.
         */

diff --git a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java
index 3b75f3a7da0bf55a798d14d6215d77d9c3bce523..95ac34f940680229769675a9e6ab6ee1a7a7ad5a 100644 (file)
--- a/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java
+++ b/org.eclipse.jgit.ssh.apache.agent/src/org/eclipse/jgit/internal/transport/sshd/agent/connector/UnixDomainSocketConnector.java
@@ -11,10 +11,10 @@ package org.eclipse.jgit.internal.transport.sshd.agent.connector;
 
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.AF_UNIX;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.DEFAULT_PROTOCOL;
-import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.ENV_SSH_AUTH_SOCK;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.Sockets.SOCK_STREAM;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.FD_CLOEXEC;
 import static org.eclipse.jgit.internal.transport.sshd.agent.connector.UnixSockets.F_SETFD;
+import static org.eclipse.jgit.transport.SshConstants.ENV_SSH_AUTH_SOCKET;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -46,7 +46,7 @@ public class UnixDomainSocketConnector extends AbstractConnector {
 
                @Override
                public String getIdentityAgent() {
-                       return ENV_SSH_AUTH_SOCK;
+                       return ENV_SSH_AUTH_SOCKET;
                }
 
                @Override
@@ -91,8 +91,9 @@ public class UnixDomainSocketConnector extends AbstractConnector {
        public UnixDomainSocketConnector(String socketFile) {
                super();
                String file = socketFile;
-               if (StringUtils.isEmptyOrNull(file)) {
-                       file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCK);
+               if (StringUtils.isEmptyOrNull(file)
+                               || ENV_SSH_AUTH_SOCKET.equals(file)) {
+                       file = SystemReader.getInstance().getenv(ENV_SSH_AUTH_SOCKET);
                }
                this.socketFile = file;
        }

diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java
index 9c5cd16f9977e655f4b5f17f1d835f96c22ad651..876a9999a2ad34f80d5639c84d299c73e12a507f 100644 (file)
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFileTest.java
@@ -570,6 +570,14 @@ public class OpenSshConfigFileTest extends RepositoryTestCase {
                                h.getValue(SshConstants.IDENTITY_AGENT));
        }
 
+       @Test
+       public void testIdentityAgentSshAuthSock() throws Exception {
+               config("Host orcz\nIdentityAgent SSH_AUTH_SOCK\n");
+               HostConfig h = lookup("orcz");
+               assertEquals(SshConstants.ENV_SSH_AUTH_SOCKET,
+                               h.getValue(SshConstants.IDENTITY_AGENT));
+       }
+
        @Test
        public void testNegativeMatch() throws Exception {
                config("Host foo.bar !foobar.baz *.baz\n" + "Port 29418\n");

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java
index 4e8048baa806592250846bc9ded31a579dc1bffa..cf966a528e75d945947d48e08f5ce1cd6daabf9d 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/transport/ssh/OpenSshConfigFile.java
@@ -871,7 +871,8 @@ public class OpenSshConfigFile implements SshConfigStore {
                        if (options != null) {
                                // HOSTNAME already done above
                                String value = options.get(SshConstants.IDENTITY_AGENT);
-                               if (value != null && !SshConstants.NONE.equals(value)) {
+                               if (value != null && !SshConstants.NONE.equals(value)
+                                               && !SshConstants.ENV_SSH_AUTH_SOCKET.equals(value)) {
                                        value = r.substitute(value, Replacer.DEFAULT_TOKENS, true);
                                        value = toFile(value, home).getPath();
                                        options.put(SshConstants.IDENTITY_AGENT, value);

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
index 212a4e46c18f2561c50121084afebfff20963b67..698982e1ae85be2e01887d8af85fea7849821072 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -229,4 +229,12 @@ public final class SshConstants {
        public static final String[] DEFAULT_IDENTITIES = { //
                        ID_RSA, ID_DSA, ID_ECDSA, ID_ED25519
        };
+
+       /**
+        * Name of the environment variable holding the Unix domain socket for
+        * communication with an SSH agent.
+        *
+        * @since 6.1
+        */
+       public static final String ENV_SSH_AUTH_SOCKET = "SSH_AUTH_SOCK";
 }