Add use-private-ssh-agent config option.

Instead of trying to be clever about exactly which set of conditions
should cause an automatic private-agent re-exec, just let the user
configure it explicitly.

cfg-lex.l

@@ -72,6 +72,8 @@ decimal [-]?(\.[0-9]+|[0-9]+(\.[0-9]*)?)
 "reconnect-max-interval"        return KW_RECONMAXINT;
 "reconnect-max-tries"           return KW_RECONMAXTRIES;
 
+"use-private-ssh-agent"         return KW_USEPRIVATEAGENT;
+
 "master"                        return KW_MASTER;
 "remote"                        return KW_REMOTE;
 "topology"                      return KW_TOPOLOGY;

cfg-parse.y

@@ -87,6 +87,7 @@ static struct remote* new_uninit_remote(void)
 %token KW_IDENTITYFILE KW_PARAM KW_SHOWFOCUS KW_DIMINACTIVE KW_FLASHACTIVE
 %token KW_NONE KW_MOUSESWITCH KW_MULTITAP KW_SHOWNULLSWITCH KW_HOTKEYONLY KW_QUIT
 %token KW_PREVIOUS KW_RECONMAXINT KW_RECONMAXTRIES KW_CLEARCLIPBOARD
+%token KW_USEPRIVATEAGENT
 
 %token KW_USER KW_HOSTNAME KW_PORT KW_REMOTECMD
 
@@ -111,7 +112,7 @@ static struct remote* new_uninit_remote(void)
 %type <d> loglevel
 %type <logfile> logfile
 
-%type <i> port_setting fade_steps show_nullswitch
+%type <i> port_setting fade_steps show_nullswitch yesno_bool
 %type <str> bindaddr_setting user_setting remotecmd_setting remoteshell_setting
 %type <str> identityfile_setting
 
@@ -161,6 +162,9 @@ master_opts: EMPTY
 realnum: INTEGER { $$ = (double)$1; }
 | DECIMAL { $$ = $1; };
 
+yesno_bool: KW_YES { $$ = 1; }
+| KW_NO { $$ = 0; };
+
 port_setting: KW_PORT EQ INTEGER {
 	$$ = $3;
 	if ($$ < 1 || $$ > USHRT_MAX)
@@ -288,6 +292,9 @@ master_opt: remoteshell_setting {
 | KW_RECONMAXINT EQ realnum {
 	st->cfg->reconnect.max_interval = (uint64_t)($3 * 1000000);
 }
+| KW_USEPRIVATEAGENT EQ yesno_bool {
+	st->cfg->use_private_ssh_agent = $3;
+}
 | KW_LOGFILE EQ logfile {
 	st->cfg->log.file = $3;
 }

example.conf

@@ -68,6 +68,17 @@ master "fred" {
 	#
 	# reconnect-max-interval = 10
 
+	# use-private-ssh-agent: whether or not enthrall should run
+	# under its own private ssh-agent (useful for maintaining
+	# strict control over which ssh keys are managed by which
+	# agent process).  Can be set to 'yes' or 'no'.  Note that
+	# enthrall will use *an* ssh-agent unconditionally; even if
+	# this is set to 'no', if enthrall is unable to contact a
+	# running ssh-agent it will override this setting and re-start
+	# itself under its own private agent anyway.  Default is 'no'.
+	#
+	# use-private-ssh-agent = yes
+
 	# show-focus: selects one of the following modes of providing
 	# a visual hint of which node is focused (default is none):
 	#

main.c

@@ -1257,6 +1257,8 @@ static void ssh_agent_reexec(void)
 		argv[i+1] = orig_argv[i];
 	argv[orig_argc+1] = NULL;
 
+	initerr("re-execing under private ssh-agent\n");
+
 	execvp("ssh-agent", argv);
 
 	perror("ssh-agent");
@@ -1306,15 +1308,17 @@ static void ssh_pubkey_setup(void)
 	int i;
 	struct remote* rmt;
 	char** agentkeys = get_agent_keylist();
+	int under_private_agent = !!getenv(ENTHRALL_AGENT_ENV_VAR);
 
-	if (!agentkeys) {
-		if (!getenv(ENTHRALL_AGENT_ENV_VAR)) {
-			initerr("re-execing under private ssh-agent\n");
+	if (under_private_agent && !agentkeys) {
+		initerr("get_agent_keylist() failed under private ssh-agent??\n");
+		exit(1);
+	} else if (!under_private_agent) {
+		if (!agentkeys && !config->use_private_ssh_agent)
+			initerr("unable to contact ssh-agent, overriding "
+			        "use-private-ssh-agent=no\n");
+		if (!agentkeys || config->use_private_ssh_agent)
 			ssh_agent_reexec();
-		} else {
-			initerr("get_agent_keylist() failed under private ssh-agent??\n");
-			exit(1);
-		}
 	}
 
 	if (config->ssh_defaults.identityfile)

types.h

@@ -270,6 +270,7 @@ struct config {
 
 	/* default SSH settings, optionally overridden per-remote */
 	struct ssh_config ssh_defaults;
+	int use_private_ssh_agent;
 
 	struct node master;
 };