5 files changed, 58 insertions, 8 deletions

diff --git a/readconf.c b/readconf.c
index b348c9683..26436b3ac 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.252 2016/04/15 00:30:19 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.253 2016/05/04 12:21:53 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -147,7 +147,7 @@ typedef enum {
         oPasswordAuthentication, oRSAAuthentication,
         oChallengeResponseAuthentication, oXAuthLocation,
         oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
-        oCertificateFile, oAddKeysToAgent,
+        oCertificateFile, oAddKeysToAgent, oIdentityAgent,
         oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
@@ -217,6 +217,7 @@ static struct {
         { "identitiesonly", oIdentitiesOnly },
         { "certificatefile", oCertificateFile },
         { "addkeystoagent", oAddKeysToAgent },
+        { "identityagent", oIdentityAgent },
         { "hostname", oHostName },
         { "hostkeyalias", oHostKeyAlias },
         { "proxycommand", oProxyCommand },
@@ -1636,6 +1637,10 @@ parse_keytypes:
                 multistate_ptr = multistate_yesnoaskconfirm;
                 goto parse_multistate;
 
+        case oIdentityAgent:
+                charptr = &options->identity_agent;
+                goto parse_string;
+
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
@@ -1814,6 +1819,7 @@ initialize_options(Options * options)
         options->local_command = NULL;
         options->permit_local_command = -1;
         options->add_keys_to_agent = -1;
+        options->identity_agent = NULL;
         options->visual_host_key = -1;
         options->ip_qos_interactive = -1;
         options->ip_qos_bulk = -1;
@@ -2463,6 +2469,7 @@ dump_client_config(Options *o, const char *host)
         dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
         dump_cfg_string(oHostKeyAlias, o->host_key_alias);
         dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
+        dump_cfg_string(oIdentityAgent, o->identity_agent);
         dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
         dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
         dump_cfg_string(oLocalCommand, o->local_command);
diff --git a/readconf.h b/readconf.h
index 5f4451066..f0e498ea2 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.114 2016/04/15 00:30:19 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.115 2016/05/04 12:21:53 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -101,6 +101,7 @@ typedef struct {
         struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
 
         int     add_keys_to_agent;
+        char   *identity_agent;         /* Optional path to ssh-agent socket */
 
         /* Local TCP/IP forward requests. */
         int     num_local_forwards;
diff --git a/ssh.1 b/ssh.1
index 85309ecc4..9ed5a5662 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.370 2016/04/15 00:30:19 djm Exp $
-.Dd $Mdocdate: April 15 2016 $
+.\" $OpenBSD: ssh.1,v 1.371 2016/05/04 12:21:53 markus Exp $
+.Dd $Mdocdate: May 4 2016 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -501,6 +501,7 @@ For full details of the options listed below, and their possible values, see
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It HostName
+.It IdentityAgent
 .It IdentityFile
 .It IdentitiesOnly
 .It Include
diff --git a/ssh.c b/ssh.c
index a881ba14c..ea52bbf5d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.438 2016/04/29 08:07:53 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.439 2016/05/04 12:21:53 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1335,6 +1335,22 @@ main(int ac, char **av)
         /* load options.identity_files */
         load_public_identity_files();
 
+        /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
+        if (options.identity_agent) {
+                if (strcmp(options.identity_agent, "none") == 0) {
+                        unsetenv(SSH_AUTHSOCKET_ENV_NAME);
+                } else {
+                        p = tilde_expand_filename(options.identity_agent,
+                            original_real_uid);
+                        cp = percent_expand(p, "d", pw->pw_dir,
+                            "u", pw->pw_name, "l", thishost, "h", host,
+                            "r", options.user, (char *)NULL);
+                        setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
+                        free(cp);
+                        free(p);
+                }
+        }
+
         /* Expand ~ in known host file names. */
         tilde_expand_paths(options.system_hostfiles,
             options.num_system_hostfiles);
diff --git a/ssh_config.5 b/ssh_config.5
index 10650e1bc..be790114a 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.230 2016/04/17 14:34:46 jmc Exp $
-.Dd $Mdocdate: April 17 2016 $
+.\" $OpenBSD: ssh_config.5,v 1.231 2016/05/04 12:21:53 markus Exp $
+.Dd $Mdocdate: May 4 2016 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -952,6 +952,31 @@ This option is intended for situations where ssh-agent
 offers many different identities.
 The default is
 .Dq no .
+.It Cm IdentityAgent
+Specifies the
+.Ux Ns -domain
+socket used to communicate with the authentication agent.
+.Pp
+This option overrides the
+.Dq SSH_AUTH_SOCK
+environment variable and can be used to select a specific agent.
+Setting the socket name to
+.Dq none
+disables the use of an authentication agent.
+.Pp
+The socket name may use the tilde
+syntax to refer to a user's home directory or one of the following
+escape characters:
+.Ql %d
+(local user's home directory),
+.Ql %u
+(local user name),
+.Ql %l
+(local host name),
+.Ql %h
+(remote host name) or
+.Ql %r
+(remote user name).
 .It Cm IdentityFile
 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
 identity is read.