diff options
| -rw-r--r-- | Makefile | 6 | ||||
| -rwxr-xr-x | afssh | 2 | ||||
| -rw-r--r-- | changelog | 43 | ||||
| -rw-r--r-- | ssh-agent-filter.C | 19 | ||||
| -rw-r--r-- | ssh-agent-filter.help2man | 12 | ||||
| -rw-r--r-- | ssh-askpass-noinput.1.md | 2 | ||||
| -rw-r--r-- | version.h | 2 |
7 files changed, 74 insertions, 12 deletions
@@ -1,4 +1,4 @@ -# Copyright (C) 2013,2015 Timo Weingärtner <timo@tiwe.de> +# Copyright (C) 2013-2016 Timo Weingärtner <timo@tiwe.de> # # This file is part of ssh-agent-filter. # @@ -27,8 +27,8 @@ all: ssh-agent-filter.1 afssh.1 ssh-askpass-noinput.1 %.1: %.1.md pandoc -s -w man $< -o $@ -ssh-agent-filter.1: ssh-agent-filter - help2man -n $< -o $@ -N ./$< +%.1: %.help2man % + help2man -i $< -o $@ -N -L C.UTF-8 $(*D)/$(*F) ssh-agent-filter: ssh-agent-filter.o @@ -28,7 +28,7 @@ usage () { echo "$SAF" --help echo - ssh --help + ssh exit } @@ -1,4 +1,45 @@ -commit 6bf9113ea96a99a5eb1b8f832497dd9e24857468 +commit 7152b927e22ef602011f8acf865c3cafc113c502 +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2016-08-27 22:47:48 +0200 + + update copyright + +commit bfa8ac40e032d4d204ab6a9202531198cee9706e +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2016-08-27 21:44:17 +0200 + + exploit more help2man features + + use an include file for explanatory text + add environment, author and bug report information to the program's output + +commit dc582af6e7a1e645402f333e200b8ff718de1b48 +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2016-08-23 22:03:43 +0200 + + clear O_NONBLOCK on client sockets + + on *BSD client sockets inherit flags from the listening socket + +commit af7125b71663fafb61fb2e097a34695bab895b01 +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2016-02-10 11:18:03 +0100 + + fix lintian spelling-error-in-manpage ssh-askpass-noinput.1.gz acutally actually + +commit edcfe36b273de11d04cd0e77e31bc5e8c0b1337b +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2015-10-05 19:13:17 +0200 + + s/Invocation:/Usage:/ to make help2man recognize SYNOPSIS + +commit a448de907b70e9d6b2532f1e820e5c70b11dcc70 +Author: Timo Weingärtner <timo@tiwe.de> +Date: 2015-09-08 14:36:07 +0200 + + afssh: call ssh without arguments for usage + +commit c9dfa57b7a06c5b0770e11d210e02ace54518644 (tag: 0.4.1) Author: Timo Weingärtner <timo@tiwe.de> Date: 2015-09-06 16:41:22 +0200 diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 4d9b2ba..2878678 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -1,7 +1,7 @@ /* * ssh-agent-filter.C -- filtering proxy for ssh-agent meant to be forwarded to untrusted servers * - * Copyright (C) 2013-2015 Timo Weingärtner <timo@tiwe.de> + * Copyright (C) 2013-2016 Timo Weingärtner <timo@tiwe.de> * * This file is part of ssh-agent-filter. * @@ -192,7 +192,7 @@ int make_listen_sock () { } void parse_cmdline (int const argc, char const * const * const argv) { - po::options_description opts{"OPTIONS"}; + po::options_description opts{"Options"}; opts.add_options() ("all-confirmed,A", po::bool_switch(&all_confirmed),"allow all other keys with confirmation") ("comment,c", po::value(&allowed_comment), "key specified by comment") @@ -211,13 +211,19 @@ void parse_cmdline (int const argc, char const * const * const argv) { notify(config); if (config.count("help")) { - cout << "Invocation: ssh-agent-filter [ OPTIONS ]" << endl; - cout << opts << endl; + cout << "Usage: ssh-agent-filter [ OPTIONS ]\n"; + cout << opts; + cout << "Environment:\n"; + cout << " SSH_AUTH_SOCK socket of upstream ssh-agent\n"; + cout << " SSH_ASKPASS command to run for confirmation questions\n"; exit(EX_OK); } if (config.count("version")) { - cout << SSH_AGENT_FILTER_VERSION << endl; + cout << SSH_AGENT_FILTER_VERSION "\n"; + cout << "Written by Timo Weingärtner.\n"; + cout << "Report bugs to the Debian BTS at https://bugs.debian.org/\n"; + cout << "or by mail to timo@tiwe.de.\n"; exit(EX_OK); } @@ -497,6 +503,9 @@ rfc4251::string handle_request (rfc4251::string const & r) { } void handle_client (int const sock) try { + if (fcntl(sock, F_SETFL, fcntl(sock, F_GETFL) & ~O_NONBLOCK)) + throw system_error(errno, system_category(), "fcntl"); + io::stream<io::file_descriptor> client{sock, io::close_handle}; arm(client); diff --git a/ssh-agent-filter.help2man b/ssh-agent-filter.help2man new file mode 100644 index 0000000..e546c9e --- /dev/null +++ b/ssh-agent-filter.help2man @@ -0,0 +1,12 @@ +[NAME] +ssh\-agent\-filter \- filtering proxy for ssh\-agent meant to be forwarded to untrusted servers +[DESCRIPTION] +ssh\-agent\-filter provides the unix domain socket interface of an ssh\-agent. +By default it forks and outputs shell code setting SSH_AUTH_SOCK and SSH_AGENT_PID, just like ssh\-agent does. + +It filters each request according to its command line options. +No crypto operations are done by ssh\-agent\-filter; they are delegated to the upstream ssh\-agent. + +ssh\-agent\-filter is not meant to be used directly, but through afssh. +[SEE ALSO] +afssh(1), ssh(1), ssh\-agent(1) diff --git a/ssh-askpass-noinput.1.md b/ssh-askpass-noinput.1.md index 7b103ed..36251a4 100644 --- a/ssh-askpass-noinput.1.md +++ b/ssh-askpass-noinput.1.md @@ -13,7 +13,7 @@ ssh-askpass-noinput - an `ssh-askpass` implementation for asking allow/deny ques # DESCRIPTION *ssh-askpass-noinput* is an implementation of *ssh-askpass*, which does not -acutally ask for a password; instead, it only asks a binary (allow/deny) +actually ask for a password; instead, it only asks a binary (allow/deny) question and exits with 0 for allow and 1 for deny. It is not intended as a general replacement for *ssh-askpass*, but for special @@ -1 +1 @@ -#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4.1" +#define SSH_AGENT_FILTER_VERSION "ssh-agent-filter 0.4.2" |