1*1c188a7fSPeter Avalos /* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ 218de8d7fSPeter Avalos /* 318de8d7fSPeter Avalos * Author: Tatu Ylonen <ylo@cs.hut.fi> 418de8d7fSPeter Avalos * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 518de8d7fSPeter Avalos * All rights reserved 618de8d7fSPeter Avalos * The authentication agent program. 718de8d7fSPeter Avalos * 818de8d7fSPeter Avalos * As far as I am concerned, the code I have written for this software 918de8d7fSPeter Avalos * can be used freely for any purpose. Any derived versions of this 1018de8d7fSPeter Avalos * software must be clearly marked as such, and if the derived work is 1118de8d7fSPeter Avalos * incompatible with the protocol description in the RFC file, it must be 1218de8d7fSPeter Avalos * called by a name other than "ssh" or "Secure Shell". 1318de8d7fSPeter Avalos * 1418de8d7fSPeter Avalos * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 1518de8d7fSPeter Avalos * 1618de8d7fSPeter Avalos * Redistribution and use in source and binary forms, with or without 1718de8d7fSPeter Avalos * modification, are permitted provided that the following conditions 1818de8d7fSPeter Avalos * are met: 1918de8d7fSPeter Avalos * 1. Redistributions of source code must retain the above copyright 2018de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer. 2118de8d7fSPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright 2218de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer in the 2318de8d7fSPeter Avalos * documentation and/or other materials provided with the distribution. 2418de8d7fSPeter Avalos * 2518de8d7fSPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2618de8d7fSPeter Avalos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2718de8d7fSPeter Avalos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2818de8d7fSPeter Avalos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2918de8d7fSPeter Avalos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 3018de8d7fSPeter Avalos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 3118de8d7fSPeter Avalos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 3218de8d7fSPeter Avalos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3318de8d7fSPeter Avalos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 3418de8d7fSPeter Avalos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3518de8d7fSPeter Avalos */ 3618de8d7fSPeter Avalos 3718de8d7fSPeter Avalos #include "includes.h" 3818de8d7fSPeter Avalos 3918de8d7fSPeter Avalos #include <sys/types.h> 4018de8d7fSPeter Avalos #include <sys/param.h> 4118de8d7fSPeter Avalos #include <sys/resource.h> 4218de8d7fSPeter Avalos #include <sys/stat.h> 4318de8d7fSPeter Avalos #include <sys/socket.h> 4418de8d7fSPeter Avalos #ifdef HAVE_SYS_TIME_H 4518de8d7fSPeter Avalos # include <sys/time.h> 4618de8d7fSPeter Avalos #endif 4718de8d7fSPeter Avalos #ifdef HAVE_SYS_UN_H 4818de8d7fSPeter Avalos # include <sys/un.h> 4918de8d7fSPeter Avalos #endif 5018de8d7fSPeter Avalos #include "openbsd-compat/sys-queue.h" 5118de8d7fSPeter Avalos 5218de8d7fSPeter Avalos #include <openssl/evp.h> 5318de8d7fSPeter Avalos #include <openssl/md5.h> 5418de8d7fSPeter Avalos #include "openbsd-compat/openssl-compat.h" 5518de8d7fSPeter Avalos 5618de8d7fSPeter Avalos #include <errno.h> 5718de8d7fSPeter Avalos #include <fcntl.h> 5818de8d7fSPeter Avalos #ifdef HAVE_PATHS_H 5918de8d7fSPeter Avalos # include <paths.h> 6018de8d7fSPeter Avalos #endif 6118de8d7fSPeter Avalos #include <signal.h> 6218de8d7fSPeter Avalos #include <stdarg.h> 6318de8d7fSPeter Avalos #include <stdio.h> 6418de8d7fSPeter Avalos #include <stdlib.h> 6518de8d7fSPeter Avalos #include <time.h> 6618de8d7fSPeter Avalos #include <string.h> 6718de8d7fSPeter Avalos #include <unistd.h> 6818de8d7fSPeter Avalos 6918de8d7fSPeter Avalos #include "xmalloc.h" 7018de8d7fSPeter Avalos #include "ssh.h" 7118de8d7fSPeter Avalos #include "rsa.h" 7218de8d7fSPeter Avalos #include "buffer.h" 7318de8d7fSPeter Avalos #include "key.h" 7418de8d7fSPeter Avalos #include "authfd.h" 7518de8d7fSPeter Avalos #include "compat.h" 7618de8d7fSPeter Avalos #include "log.h" 7718de8d7fSPeter Avalos #include "misc.h" 7818de8d7fSPeter Avalos 79856ea928SPeter Avalos #ifdef ENABLE_PKCS11 80856ea928SPeter Avalos #include "ssh-pkcs11.h" 8118de8d7fSPeter Avalos #endif 8218de8d7fSPeter Avalos 8318de8d7fSPeter Avalos #if defined(HAVE_SYS_PRCTL_H) 8418de8d7fSPeter Avalos #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ 8518de8d7fSPeter Avalos #endif 8618de8d7fSPeter Avalos 8718de8d7fSPeter Avalos typedef enum { 8818de8d7fSPeter Avalos AUTH_UNUSED, 8918de8d7fSPeter Avalos AUTH_SOCKET, 9018de8d7fSPeter Avalos AUTH_CONNECTION 9118de8d7fSPeter Avalos } sock_type; 9218de8d7fSPeter Avalos 9318de8d7fSPeter Avalos typedef struct { 9418de8d7fSPeter Avalos int fd; 9518de8d7fSPeter Avalos sock_type type; 9618de8d7fSPeter Avalos Buffer input; 9718de8d7fSPeter Avalos Buffer output; 9818de8d7fSPeter Avalos Buffer request; 9918de8d7fSPeter Avalos } SocketEntry; 10018de8d7fSPeter Avalos 10118de8d7fSPeter Avalos u_int sockets_alloc = 0; 10218de8d7fSPeter Avalos SocketEntry *sockets = NULL; 10318de8d7fSPeter Avalos 10418de8d7fSPeter Avalos typedef struct identity { 10518de8d7fSPeter Avalos TAILQ_ENTRY(identity) next; 10618de8d7fSPeter Avalos Key *key; 10718de8d7fSPeter Avalos char *comment; 108856ea928SPeter Avalos char *provider; 10918de8d7fSPeter Avalos u_int death; 11018de8d7fSPeter Avalos u_int confirm; 11118de8d7fSPeter Avalos } Identity; 11218de8d7fSPeter Avalos 11318de8d7fSPeter Avalos typedef struct { 11418de8d7fSPeter Avalos int nentries; 11518de8d7fSPeter Avalos TAILQ_HEAD(idqueue, identity) idlist; 11618de8d7fSPeter Avalos } Idtab; 11718de8d7fSPeter Avalos 11818de8d7fSPeter Avalos /* private key table, one per protocol version */ 11918de8d7fSPeter Avalos Idtab idtable[3]; 12018de8d7fSPeter Avalos 12118de8d7fSPeter Avalos int max_fd = 0; 12218de8d7fSPeter Avalos 12318de8d7fSPeter Avalos /* pid of shell == parent of agent */ 12418de8d7fSPeter Avalos pid_t parent_pid = -1; 12518de8d7fSPeter Avalos u_int parent_alive_interval = 0; 12618de8d7fSPeter Avalos 12718de8d7fSPeter Avalos /* pathname and directory for AUTH_SOCKET */ 12818de8d7fSPeter Avalos char socket_name[MAXPATHLEN]; 12918de8d7fSPeter Avalos char socket_dir[MAXPATHLEN]; 13018de8d7fSPeter Avalos 13118de8d7fSPeter Avalos /* locking */ 13218de8d7fSPeter Avalos int locked = 0; 13318de8d7fSPeter Avalos char *lock_passwd = NULL; 13418de8d7fSPeter Avalos 13518de8d7fSPeter Avalos extern char *__progname; 13618de8d7fSPeter Avalos 13718de8d7fSPeter Avalos /* Default lifetime (0 == forever) */ 13818de8d7fSPeter Avalos static int lifetime = 0; 13918de8d7fSPeter Avalos 14018de8d7fSPeter Avalos static void 14118de8d7fSPeter Avalos close_socket(SocketEntry *e) 14218de8d7fSPeter Avalos { 14318de8d7fSPeter Avalos close(e->fd); 14418de8d7fSPeter Avalos e->fd = -1; 14518de8d7fSPeter Avalos e->type = AUTH_UNUSED; 14618de8d7fSPeter Avalos buffer_free(&e->input); 14718de8d7fSPeter Avalos buffer_free(&e->output); 14818de8d7fSPeter Avalos buffer_free(&e->request); 14918de8d7fSPeter Avalos } 15018de8d7fSPeter Avalos 15118de8d7fSPeter Avalos static void 15218de8d7fSPeter Avalos idtab_init(void) 15318de8d7fSPeter Avalos { 15418de8d7fSPeter Avalos int i; 15518de8d7fSPeter Avalos 15618de8d7fSPeter Avalos for (i = 0; i <=2; i++) { 15718de8d7fSPeter Avalos TAILQ_INIT(&idtable[i].idlist); 15818de8d7fSPeter Avalos idtable[i].nentries = 0; 15918de8d7fSPeter Avalos } 16018de8d7fSPeter Avalos } 16118de8d7fSPeter Avalos 16218de8d7fSPeter Avalos /* return private key table for requested protocol version */ 16318de8d7fSPeter Avalos static Idtab * 16418de8d7fSPeter Avalos idtab_lookup(int version) 16518de8d7fSPeter Avalos { 16618de8d7fSPeter Avalos if (version < 1 || version > 2) 16718de8d7fSPeter Avalos fatal("internal error, bad protocol version %d", version); 16818de8d7fSPeter Avalos return &idtable[version]; 16918de8d7fSPeter Avalos } 17018de8d7fSPeter Avalos 17118de8d7fSPeter Avalos static void 17218de8d7fSPeter Avalos free_identity(Identity *id) 17318de8d7fSPeter Avalos { 17418de8d7fSPeter Avalos key_free(id->key); 175856ea928SPeter Avalos if (id->provider != NULL) 176856ea928SPeter Avalos xfree(id->provider); 17718de8d7fSPeter Avalos xfree(id->comment); 17818de8d7fSPeter Avalos xfree(id); 17918de8d7fSPeter Avalos } 18018de8d7fSPeter Avalos 18118de8d7fSPeter Avalos /* return matching private key for given public key */ 18218de8d7fSPeter Avalos static Identity * 18318de8d7fSPeter Avalos lookup_identity(Key *key, int version) 18418de8d7fSPeter Avalos { 18518de8d7fSPeter Avalos Identity *id; 18618de8d7fSPeter Avalos 18718de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 18818de8d7fSPeter Avalos TAILQ_FOREACH(id, &tab->idlist, next) { 18918de8d7fSPeter Avalos if (key_equal(key, id->key)) 19018de8d7fSPeter Avalos return (id); 19118de8d7fSPeter Avalos } 19218de8d7fSPeter Avalos return (NULL); 19318de8d7fSPeter Avalos } 19418de8d7fSPeter Avalos 19518de8d7fSPeter Avalos /* Check confirmation of keysign request */ 19618de8d7fSPeter Avalos static int 19718de8d7fSPeter Avalos confirm_key(Identity *id) 19818de8d7fSPeter Avalos { 19918de8d7fSPeter Avalos char *p; 20018de8d7fSPeter Avalos int ret = -1; 20118de8d7fSPeter Avalos 20218de8d7fSPeter Avalos p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); 20318de8d7fSPeter Avalos if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", 20418de8d7fSPeter Avalos id->comment, p)) 20518de8d7fSPeter Avalos ret = 0; 20618de8d7fSPeter Avalos xfree(p); 20718de8d7fSPeter Avalos 20818de8d7fSPeter Avalos return (ret); 20918de8d7fSPeter Avalos } 21018de8d7fSPeter Avalos 21118de8d7fSPeter Avalos /* send list of supported public keys to 'client' */ 21218de8d7fSPeter Avalos static void 21318de8d7fSPeter Avalos process_request_identities(SocketEntry *e, int version) 21418de8d7fSPeter Avalos { 21518de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 21618de8d7fSPeter Avalos Identity *id; 21718de8d7fSPeter Avalos Buffer msg; 21818de8d7fSPeter Avalos 21918de8d7fSPeter Avalos buffer_init(&msg); 22018de8d7fSPeter Avalos buffer_put_char(&msg, (version == 1) ? 22118de8d7fSPeter Avalos SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER); 22218de8d7fSPeter Avalos buffer_put_int(&msg, tab->nentries); 22318de8d7fSPeter Avalos TAILQ_FOREACH(id, &tab->idlist, next) { 22418de8d7fSPeter Avalos if (id->key->type == KEY_RSA1) { 22518de8d7fSPeter Avalos buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); 22618de8d7fSPeter Avalos buffer_put_bignum(&msg, id->key->rsa->e); 22718de8d7fSPeter Avalos buffer_put_bignum(&msg, id->key->rsa->n); 22818de8d7fSPeter Avalos } else { 22918de8d7fSPeter Avalos u_char *blob; 23018de8d7fSPeter Avalos u_int blen; 23118de8d7fSPeter Avalos key_to_blob(id->key, &blob, &blen); 23218de8d7fSPeter Avalos buffer_put_string(&msg, blob, blen); 23318de8d7fSPeter Avalos xfree(blob); 23418de8d7fSPeter Avalos } 23518de8d7fSPeter Avalos buffer_put_cstring(&msg, id->comment); 23618de8d7fSPeter Avalos } 23718de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 23818de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 23918de8d7fSPeter Avalos buffer_free(&msg); 24018de8d7fSPeter Avalos } 24118de8d7fSPeter Avalos 24218de8d7fSPeter Avalos /* ssh1 only */ 24318de8d7fSPeter Avalos static void 24418de8d7fSPeter Avalos process_authentication_challenge1(SocketEntry *e) 24518de8d7fSPeter Avalos { 24618de8d7fSPeter Avalos u_char buf[32], mdbuf[16], session_id[16]; 24718de8d7fSPeter Avalos u_int response_type; 24818de8d7fSPeter Avalos BIGNUM *challenge; 24918de8d7fSPeter Avalos Identity *id; 25018de8d7fSPeter Avalos int i, len; 25118de8d7fSPeter Avalos Buffer msg; 25218de8d7fSPeter Avalos MD5_CTX md; 25318de8d7fSPeter Avalos Key *key; 25418de8d7fSPeter Avalos 25518de8d7fSPeter Avalos buffer_init(&msg); 25618de8d7fSPeter Avalos key = key_new(KEY_RSA1); 25718de8d7fSPeter Avalos if ((challenge = BN_new()) == NULL) 25818de8d7fSPeter Avalos fatal("process_authentication_challenge1: BN_new failed"); 25918de8d7fSPeter Avalos 26018de8d7fSPeter Avalos (void) buffer_get_int(&e->request); /* ignored */ 26118de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->e); 26218de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->n); 26318de8d7fSPeter Avalos buffer_get_bignum(&e->request, challenge); 26418de8d7fSPeter Avalos 26518de8d7fSPeter Avalos /* Only protocol 1.1 is supported */ 26618de8d7fSPeter Avalos if (buffer_len(&e->request) == 0) 26718de8d7fSPeter Avalos goto failure; 26818de8d7fSPeter Avalos buffer_get(&e->request, session_id, 16); 26918de8d7fSPeter Avalos response_type = buffer_get_int(&e->request); 27018de8d7fSPeter Avalos if (response_type != 1) 27118de8d7fSPeter Avalos goto failure; 27218de8d7fSPeter Avalos 27318de8d7fSPeter Avalos id = lookup_identity(key, 1); 27418de8d7fSPeter Avalos if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { 27518de8d7fSPeter Avalos Key *private = id->key; 27618de8d7fSPeter Avalos /* Decrypt the challenge using the private key. */ 27718de8d7fSPeter Avalos if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) 27818de8d7fSPeter Avalos goto failure; 27918de8d7fSPeter Avalos 28018de8d7fSPeter Avalos /* The response is MD5 of decrypted challenge plus session id. */ 28118de8d7fSPeter Avalos len = BN_num_bytes(challenge); 28218de8d7fSPeter Avalos if (len <= 0 || len > 32) { 28318de8d7fSPeter Avalos logit("process_authentication_challenge: bad challenge length %d", len); 28418de8d7fSPeter Avalos goto failure; 28518de8d7fSPeter Avalos } 28618de8d7fSPeter Avalos memset(buf, 0, 32); 28718de8d7fSPeter Avalos BN_bn2bin(challenge, buf + 32 - len); 28818de8d7fSPeter Avalos MD5_Init(&md); 28918de8d7fSPeter Avalos MD5_Update(&md, buf, 32); 29018de8d7fSPeter Avalos MD5_Update(&md, session_id, 16); 29118de8d7fSPeter Avalos MD5_Final(mdbuf, &md); 29218de8d7fSPeter Avalos 29318de8d7fSPeter Avalos /* Send the response. */ 29418de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); 29518de8d7fSPeter Avalos for (i = 0; i < 16; i++) 29618de8d7fSPeter Avalos buffer_put_char(&msg, mdbuf[i]); 29718de8d7fSPeter Avalos goto send; 29818de8d7fSPeter Avalos } 29918de8d7fSPeter Avalos 30018de8d7fSPeter Avalos failure: 30118de8d7fSPeter Avalos /* Unknown identity or protocol error. Send failure. */ 30218de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_FAILURE); 30318de8d7fSPeter Avalos send: 30418de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 30518de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 30618de8d7fSPeter Avalos key_free(key); 30718de8d7fSPeter Avalos BN_clear_free(challenge); 30818de8d7fSPeter Avalos buffer_free(&msg); 30918de8d7fSPeter Avalos } 31018de8d7fSPeter Avalos 31118de8d7fSPeter Avalos /* ssh2 only */ 31218de8d7fSPeter Avalos static void 31318de8d7fSPeter Avalos process_sign_request2(SocketEntry *e) 31418de8d7fSPeter Avalos { 31518de8d7fSPeter Avalos u_char *blob, *data, *signature = NULL; 31618de8d7fSPeter Avalos u_int blen, dlen, slen = 0; 31718de8d7fSPeter Avalos extern int datafellows; 31818de8d7fSPeter Avalos int odatafellows; 31918de8d7fSPeter Avalos int ok = -1, flags; 32018de8d7fSPeter Avalos Buffer msg; 32118de8d7fSPeter Avalos Key *key; 32218de8d7fSPeter Avalos 32318de8d7fSPeter Avalos datafellows = 0; 32418de8d7fSPeter Avalos 32518de8d7fSPeter Avalos blob = buffer_get_string(&e->request, &blen); 32618de8d7fSPeter Avalos data = buffer_get_string(&e->request, &dlen); 32718de8d7fSPeter Avalos 32818de8d7fSPeter Avalos flags = buffer_get_int(&e->request); 32918de8d7fSPeter Avalos odatafellows = datafellows; 33018de8d7fSPeter Avalos if (flags & SSH_AGENT_OLD_SIGNATURE) 33118de8d7fSPeter Avalos datafellows = SSH_BUG_SIGBLOB; 33218de8d7fSPeter Avalos 33318de8d7fSPeter Avalos key = key_from_blob(blob, blen); 33418de8d7fSPeter Avalos if (key != NULL) { 33518de8d7fSPeter Avalos Identity *id = lookup_identity(key, 2); 33618de8d7fSPeter Avalos if (id != NULL && (!id->confirm || confirm_key(id) == 0)) 33718de8d7fSPeter Avalos ok = key_sign(id->key, &signature, &slen, data, dlen); 33818de8d7fSPeter Avalos key_free(key); 33918de8d7fSPeter Avalos } 34018de8d7fSPeter Avalos buffer_init(&msg); 34118de8d7fSPeter Avalos if (ok == 0) { 34218de8d7fSPeter Avalos buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); 34318de8d7fSPeter Avalos buffer_put_string(&msg, signature, slen); 34418de8d7fSPeter Avalos } else { 34518de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_FAILURE); 34618de8d7fSPeter Avalos } 34718de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 34818de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), 34918de8d7fSPeter Avalos buffer_len(&msg)); 35018de8d7fSPeter Avalos buffer_free(&msg); 35118de8d7fSPeter Avalos xfree(data); 35218de8d7fSPeter Avalos xfree(blob); 35318de8d7fSPeter Avalos if (signature != NULL) 35418de8d7fSPeter Avalos xfree(signature); 35518de8d7fSPeter Avalos datafellows = odatafellows; 35618de8d7fSPeter Avalos } 35718de8d7fSPeter Avalos 35818de8d7fSPeter Avalos /* shared */ 35918de8d7fSPeter Avalos static void 36018de8d7fSPeter Avalos process_remove_identity(SocketEntry *e, int version) 36118de8d7fSPeter Avalos { 36218de8d7fSPeter Avalos u_int blen, bits; 36318de8d7fSPeter Avalos int success = 0; 36418de8d7fSPeter Avalos Key *key = NULL; 36518de8d7fSPeter Avalos u_char *blob; 36618de8d7fSPeter Avalos 36718de8d7fSPeter Avalos switch (version) { 36818de8d7fSPeter Avalos case 1: 36918de8d7fSPeter Avalos key = key_new(KEY_RSA1); 37018de8d7fSPeter Avalos bits = buffer_get_int(&e->request); 37118de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->e); 37218de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->n); 37318de8d7fSPeter Avalos 37418de8d7fSPeter Avalos if (bits != key_size(key)) 37518de8d7fSPeter Avalos logit("Warning: identity keysize mismatch: actual %u, announced %u", 37618de8d7fSPeter Avalos key_size(key), bits); 37718de8d7fSPeter Avalos break; 37818de8d7fSPeter Avalos case 2: 37918de8d7fSPeter Avalos blob = buffer_get_string(&e->request, &blen); 38018de8d7fSPeter Avalos key = key_from_blob(blob, blen); 38118de8d7fSPeter Avalos xfree(blob); 38218de8d7fSPeter Avalos break; 38318de8d7fSPeter Avalos } 38418de8d7fSPeter Avalos if (key != NULL) { 38518de8d7fSPeter Avalos Identity *id = lookup_identity(key, version); 38618de8d7fSPeter Avalos if (id != NULL) { 38718de8d7fSPeter Avalos /* 38818de8d7fSPeter Avalos * We have this key. Free the old key. Since we 38918de8d7fSPeter Avalos * don't want to leave empty slots in the middle of 39018de8d7fSPeter Avalos * the array, we actually free the key there and move 39118de8d7fSPeter Avalos * all the entries between the empty slot and the end 39218de8d7fSPeter Avalos * of the array. 39318de8d7fSPeter Avalos */ 39418de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 39518de8d7fSPeter Avalos if (tab->nentries < 1) 39618de8d7fSPeter Avalos fatal("process_remove_identity: " 39718de8d7fSPeter Avalos "internal error: tab->nentries %d", 39818de8d7fSPeter Avalos tab->nentries); 39918de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 40018de8d7fSPeter Avalos free_identity(id); 40118de8d7fSPeter Avalos tab->nentries--; 40218de8d7fSPeter Avalos success = 1; 40318de8d7fSPeter Avalos } 40418de8d7fSPeter Avalos key_free(key); 40518de8d7fSPeter Avalos } 40618de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 40718de8d7fSPeter Avalos buffer_put_char(&e->output, 40818de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 40918de8d7fSPeter Avalos } 41018de8d7fSPeter Avalos 41118de8d7fSPeter Avalos static void 41218de8d7fSPeter Avalos process_remove_all_identities(SocketEntry *e, int version) 41318de8d7fSPeter Avalos { 41418de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 41518de8d7fSPeter Avalos Identity *id; 41618de8d7fSPeter Avalos 41718de8d7fSPeter Avalos /* Loop over all identities and clear the keys. */ 41818de8d7fSPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; 41918de8d7fSPeter Avalos id = TAILQ_FIRST(&tab->idlist)) { 42018de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 42118de8d7fSPeter Avalos free_identity(id); 42218de8d7fSPeter Avalos } 42318de8d7fSPeter Avalos 42418de8d7fSPeter Avalos /* Mark that there are no identities. */ 42518de8d7fSPeter Avalos tab->nentries = 0; 42618de8d7fSPeter Avalos 42718de8d7fSPeter Avalos /* Send success. */ 42818de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 42918de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_SUCCESS); 43018de8d7fSPeter Avalos } 43118de8d7fSPeter Avalos 43218de8d7fSPeter Avalos /* removes expired keys and returns number of seconds until the next expiry */ 43318de8d7fSPeter Avalos static u_int 43418de8d7fSPeter Avalos reaper(void) 43518de8d7fSPeter Avalos { 43618de8d7fSPeter Avalos u_int deadline = 0, now = time(NULL); 43718de8d7fSPeter Avalos Identity *id, *nxt; 43818de8d7fSPeter Avalos int version; 43918de8d7fSPeter Avalos Idtab *tab; 44018de8d7fSPeter Avalos 44118de8d7fSPeter Avalos for (version = 1; version < 3; version++) { 44218de8d7fSPeter Avalos tab = idtab_lookup(version); 44318de8d7fSPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 44418de8d7fSPeter Avalos nxt = TAILQ_NEXT(id, next); 44518de8d7fSPeter Avalos if (id->death == 0) 44618de8d7fSPeter Avalos continue; 44718de8d7fSPeter Avalos if (now >= id->death) { 44818de8d7fSPeter Avalos debug("expiring key '%s'", id->comment); 44918de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 45018de8d7fSPeter Avalos free_identity(id); 45118de8d7fSPeter Avalos tab->nentries--; 45218de8d7fSPeter Avalos } else 45318de8d7fSPeter Avalos deadline = (deadline == 0) ? id->death : 45418de8d7fSPeter Avalos MIN(deadline, id->death); 45518de8d7fSPeter Avalos } 45618de8d7fSPeter Avalos } 45718de8d7fSPeter Avalos if (deadline == 0 || deadline <= now) 45818de8d7fSPeter Avalos return 0; 45918de8d7fSPeter Avalos else 46018de8d7fSPeter Avalos return (deadline - now); 46118de8d7fSPeter Avalos } 46218de8d7fSPeter Avalos 46318de8d7fSPeter Avalos static void 46418de8d7fSPeter Avalos process_add_identity(SocketEntry *e, int version) 46518de8d7fSPeter Avalos { 46618de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 46718de8d7fSPeter Avalos Identity *id; 46818de8d7fSPeter Avalos int type, success = 0, death = 0, confirm = 0; 46918de8d7fSPeter Avalos char *type_name, *comment; 47018de8d7fSPeter Avalos Key *k = NULL; 4719f304aafSPeter Avalos #ifdef OPENSSL_HAS_ECC 4729f304aafSPeter Avalos BIGNUM *exponent; 4739f304aafSPeter Avalos EC_POINT *q; 4749f304aafSPeter Avalos char *curve; 4759f304aafSPeter Avalos #endif 476856ea928SPeter Avalos u_char *cert; 477856ea928SPeter Avalos u_int len; 47818de8d7fSPeter Avalos 47918de8d7fSPeter Avalos switch (version) { 48018de8d7fSPeter Avalos case 1: 48118de8d7fSPeter Avalos k = key_new_private(KEY_RSA1); 48218de8d7fSPeter Avalos (void) buffer_get_int(&e->request); /* ignored */ 48318de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->n); 48418de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->e); 48518de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->d); 48618de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->iqmp); 48718de8d7fSPeter Avalos 48818de8d7fSPeter Avalos /* SSH and SSL have p and q swapped */ 48918de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->q); /* p */ 49018de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->p); /* q */ 49118de8d7fSPeter Avalos 49218de8d7fSPeter Avalos /* Generate additional parameters */ 49318de8d7fSPeter Avalos rsa_generate_additional_parameters(k->rsa); 49418de8d7fSPeter Avalos break; 49518de8d7fSPeter Avalos case 2: 49618de8d7fSPeter Avalos type_name = buffer_get_string(&e->request, NULL); 49718de8d7fSPeter Avalos type = key_type_from_name(type_name); 49818de8d7fSPeter Avalos switch (type) { 49918de8d7fSPeter Avalos case KEY_DSA: 50018de8d7fSPeter Avalos k = key_new_private(type); 50118de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->dsa->p); 50218de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->dsa->q); 50318de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->dsa->g); 50418de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->dsa->pub_key); 50518de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->dsa->priv_key); 50618de8d7fSPeter Avalos break; 507856ea928SPeter Avalos case KEY_DSA_CERT_V00: 508856ea928SPeter Avalos case KEY_DSA_CERT: 509856ea928SPeter Avalos cert = buffer_get_string(&e->request, &len); 510856ea928SPeter Avalos if ((k = key_from_blob(cert, len)) == NULL) 511856ea928SPeter Avalos fatal("Certificate parse failed"); 512856ea928SPeter Avalos xfree(cert); 513856ea928SPeter Avalos key_add_private(k); 514856ea928SPeter Avalos buffer_get_bignum2(&e->request, k->dsa->priv_key); 515856ea928SPeter Avalos break; 5169f304aafSPeter Avalos #ifdef OPENSSL_HAS_ECC 5179f304aafSPeter Avalos case KEY_ECDSA: 5189f304aafSPeter Avalos k = key_new_private(type); 5199f304aafSPeter Avalos k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); 5209f304aafSPeter Avalos curve = buffer_get_string(&e->request, NULL); 5219f304aafSPeter Avalos if (k->ecdsa_nid != key_curve_name_to_nid(curve)) 5229f304aafSPeter Avalos fatal("%s: curve names mismatch", __func__); 5239f304aafSPeter Avalos xfree(curve); 5249f304aafSPeter Avalos k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); 5259f304aafSPeter Avalos if (k->ecdsa == NULL) 5269f304aafSPeter Avalos fatal("%s: EC_KEY_new_by_curve_name failed", 5279f304aafSPeter Avalos __func__); 5289f304aafSPeter Avalos q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); 5299f304aafSPeter Avalos if (q == NULL) 5309f304aafSPeter Avalos fatal("%s: BN_new failed", __func__); 5319f304aafSPeter Avalos if ((exponent = BN_new()) == NULL) 5329f304aafSPeter Avalos fatal("%s: BN_new failed", __func__); 5339f304aafSPeter Avalos buffer_get_ecpoint(&e->request, 5349f304aafSPeter Avalos EC_KEY_get0_group(k->ecdsa), q); 5359f304aafSPeter Avalos buffer_get_bignum2(&e->request, exponent); 5369f304aafSPeter Avalos if (EC_KEY_set_public_key(k->ecdsa, q) != 1) 5379f304aafSPeter Avalos fatal("%s: EC_KEY_set_public_key failed", 5389f304aafSPeter Avalos __func__); 5399f304aafSPeter Avalos if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) 5409f304aafSPeter Avalos fatal("%s: EC_KEY_set_private_key failed", 5419f304aafSPeter Avalos __func__); 5429f304aafSPeter Avalos if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), 5439f304aafSPeter Avalos EC_KEY_get0_public_key(k->ecdsa)) != 0) 5449f304aafSPeter Avalos fatal("%s: bad ECDSA public key", __func__); 5459f304aafSPeter Avalos if (key_ec_validate_private(k->ecdsa) != 0) 5469f304aafSPeter Avalos fatal("%s: bad ECDSA private key", __func__); 5479f304aafSPeter Avalos BN_clear_free(exponent); 5489f304aafSPeter Avalos EC_POINT_free(q); 5499f304aafSPeter Avalos break; 5509f304aafSPeter Avalos case KEY_ECDSA_CERT: 5519f304aafSPeter Avalos cert = buffer_get_string(&e->request, &len); 5529f304aafSPeter Avalos if ((k = key_from_blob(cert, len)) == NULL) 5539f304aafSPeter Avalos fatal("Certificate parse failed"); 5549f304aafSPeter Avalos xfree(cert); 5559f304aafSPeter Avalos key_add_private(k); 5569f304aafSPeter Avalos if ((exponent = BN_new()) == NULL) 5579f304aafSPeter Avalos fatal("%s: BN_new failed", __func__); 5589f304aafSPeter Avalos buffer_get_bignum2(&e->request, exponent); 5599f304aafSPeter Avalos if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) 5609f304aafSPeter Avalos fatal("%s: EC_KEY_set_private_key failed", 5619f304aafSPeter Avalos __func__); 5629f304aafSPeter Avalos if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), 5639f304aafSPeter Avalos EC_KEY_get0_public_key(k->ecdsa)) != 0 || 5649f304aafSPeter Avalos key_ec_validate_private(k->ecdsa) != 0) 5659f304aafSPeter Avalos fatal("%s: bad ECDSA key", __func__); 5669f304aafSPeter Avalos BN_clear_free(exponent); 5679f304aafSPeter Avalos break; 5689f304aafSPeter Avalos #endif /* OPENSSL_HAS_ECC */ 56918de8d7fSPeter Avalos case KEY_RSA: 57018de8d7fSPeter Avalos k = key_new_private(type); 57118de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->n); 57218de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->e); 57318de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->d); 57418de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->iqmp); 57518de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->p); 57618de8d7fSPeter Avalos buffer_get_bignum2(&e->request, k->rsa->q); 57718de8d7fSPeter Avalos 57818de8d7fSPeter Avalos /* Generate additional parameters */ 57918de8d7fSPeter Avalos rsa_generate_additional_parameters(k->rsa); 58018de8d7fSPeter Avalos break; 581856ea928SPeter Avalos case KEY_RSA_CERT_V00: 582856ea928SPeter Avalos case KEY_RSA_CERT: 583856ea928SPeter Avalos cert = buffer_get_string(&e->request, &len); 584856ea928SPeter Avalos if ((k = key_from_blob(cert, len)) == NULL) 585856ea928SPeter Avalos fatal("Certificate parse failed"); 586856ea928SPeter Avalos xfree(cert); 587856ea928SPeter Avalos key_add_private(k); 588856ea928SPeter Avalos buffer_get_bignum2(&e->request, k->rsa->d); 589856ea928SPeter Avalos buffer_get_bignum2(&e->request, k->rsa->iqmp); 590856ea928SPeter Avalos buffer_get_bignum2(&e->request, k->rsa->p); 591856ea928SPeter Avalos buffer_get_bignum2(&e->request, k->rsa->q); 592856ea928SPeter Avalos break; 59318de8d7fSPeter Avalos default: 5949f304aafSPeter Avalos xfree(type_name); 59518de8d7fSPeter Avalos buffer_clear(&e->request); 59618de8d7fSPeter Avalos goto send; 59718de8d7fSPeter Avalos } 5989f304aafSPeter Avalos xfree(type_name); 59918de8d7fSPeter Avalos break; 60018de8d7fSPeter Avalos } 60118de8d7fSPeter Avalos /* enable blinding */ 60218de8d7fSPeter Avalos switch (k->type) { 60318de8d7fSPeter Avalos case KEY_RSA: 604856ea928SPeter Avalos case KEY_RSA_CERT_V00: 605856ea928SPeter Avalos case KEY_RSA_CERT: 60618de8d7fSPeter Avalos case KEY_RSA1: 60718de8d7fSPeter Avalos if (RSA_blinding_on(k->rsa, NULL) != 1) { 60818de8d7fSPeter Avalos error("process_add_identity: RSA_blinding_on failed"); 60918de8d7fSPeter Avalos key_free(k); 61018de8d7fSPeter Avalos goto send; 61118de8d7fSPeter Avalos } 61218de8d7fSPeter Avalos break; 61318de8d7fSPeter Avalos } 61418de8d7fSPeter Avalos comment = buffer_get_string(&e->request, NULL); 61518de8d7fSPeter Avalos if (k == NULL) { 61618de8d7fSPeter Avalos xfree(comment); 61718de8d7fSPeter Avalos goto send; 61818de8d7fSPeter Avalos } 61918de8d7fSPeter Avalos while (buffer_len(&e->request)) { 62018de8d7fSPeter Avalos switch ((type = buffer_get_char(&e->request))) { 62118de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_LIFETIME: 62218de8d7fSPeter Avalos death = time(NULL) + buffer_get_int(&e->request); 62318de8d7fSPeter Avalos break; 62418de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_CONFIRM: 62518de8d7fSPeter Avalos confirm = 1; 62618de8d7fSPeter Avalos break; 62718de8d7fSPeter Avalos default: 62818de8d7fSPeter Avalos error("process_add_identity: " 62918de8d7fSPeter Avalos "Unknown constraint type %d", type); 63018de8d7fSPeter Avalos xfree(comment); 63118de8d7fSPeter Avalos key_free(k); 63218de8d7fSPeter Avalos goto send; 63318de8d7fSPeter Avalos } 63418de8d7fSPeter Avalos } 63518de8d7fSPeter Avalos success = 1; 63618de8d7fSPeter Avalos if (lifetime && !death) 63718de8d7fSPeter Avalos death = time(NULL) + lifetime; 63818de8d7fSPeter Avalos if ((id = lookup_identity(k, version)) == NULL) { 639856ea928SPeter Avalos id = xcalloc(1, sizeof(Identity)); 64018de8d7fSPeter Avalos id->key = k; 64118de8d7fSPeter Avalos TAILQ_INSERT_TAIL(&tab->idlist, id, next); 64218de8d7fSPeter Avalos /* Increment the number of identities. */ 64318de8d7fSPeter Avalos tab->nentries++; 64418de8d7fSPeter Avalos } else { 64518de8d7fSPeter Avalos key_free(k); 64618de8d7fSPeter Avalos xfree(id->comment); 64718de8d7fSPeter Avalos } 64818de8d7fSPeter Avalos id->comment = comment; 64918de8d7fSPeter Avalos id->death = death; 65018de8d7fSPeter Avalos id->confirm = confirm; 65118de8d7fSPeter Avalos send: 65218de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 65318de8d7fSPeter Avalos buffer_put_char(&e->output, 65418de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 65518de8d7fSPeter Avalos } 65618de8d7fSPeter Avalos 65718de8d7fSPeter Avalos /* XXX todo: encrypt sensitive data with passphrase */ 65818de8d7fSPeter Avalos static void 65918de8d7fSPeter Avalos process_lock_agent(SocketEntry *e, int lock) 66018de8d7fSPeter Avalos { 66118de8d7fSPeter Avalos int success = 0; 66218de8d7fSPeter Avalos char *passwd; 66318de8d7fSPeter Avalos 66418de8d7fSPeter Avalos passwd = buffer_get_string(&e->request, NULL); 66518de8d7fSPeter Avalos if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { 66618de8d7fSPeter Avalos locked = 0; 66718de8d7fSPeter Avalos memset(lock_passwd, 0, strlen(lock_passwd)); 66818de8d7fSPeter Avalos xfree(lock_passwd); 66918de8d7fSPeter Avalos lock_passwd = NULL; 67018de8d7fSPeter Avalos success = 1; 67118de8d7fSPeter Avalos } else if (!locked && lock) { 67218de8d7fSPeter Avalos locked = 1; 67318de8d7fSPeter Avalos lock_passwd = xstrdup(passwd); 67418de8d7fSPeter Avalos success = 1; 67518de8d7fSPeter Avalos } 67618de8d7fSPeter Avalos memset(passwd, 0, strlen(passwd)); 67718de8d7fSPeter Avalos xfree(passwd); 67818de8d7fSPeter Avalos 67918de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 68018de8d7fSPeter Avalos buffer_put_char(&e->output, 68118de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 68218de8d7fSPeter Avalos } 68318de8d7fSPeter Avalos 68418de8d7fSPeter Avalos static void 68518de8d7fSPeter Avalos no_identities(SocketEntry *e, u_int type) 68618de8d7fSPeter Avalos { 68718de8d7fSPeter Avalos Buffer msg; 68818de8d7fSPeter Avalos 68918de8d7fSPeter Avalos buffer_init(&msg); 69018de8d7fSPeter Avalos buffer_put_char(&msg, 69118de8d7fSPeter Avalos (type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ? 69218de8d7fSPeter Avalos SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER); 69318de8d7fSPeter Avalos buffer_put_int(&msg, 0); 69418de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 69518de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 69618de8d7fSPeter Avalos buffer_free(&msg); 69718de8d7fSPeter Avalos } 69818de8d7fSPeter Avalos 699856ea928SPeter Avalos #ifdef ENABLE_PKCS11 70018de8d7fSPeter Avalos static void 70118de8d7fSPeter Avalos process_add_smartcard_key(SocketEntry *e) 70218de8d7fSPeter Avalos { 703856ea928SPeter Avalos char *provider = NULL, *pin; 704856ea928SPeter Avalos int i, type, version, count = 0, success = 0, death = 0, confirm = 0; 705856ea928SPeter Avalos Key **keys = NULL, *k; 70618de8d7fSPeter Avalos Identity *id; 70718de8d7fSPeter Avalos Idtab *tab; 70818de8d7fSPeter Avalos 709856ea928SPeter Avalos provider = buffer_get_string(&e->request, NULL); 71018de8d7fSPeter Avalos pin = buffer_get_string(&e->request, NULL); 71118de8d7fSPeter Avalos 71218de8d7fSPeter Avalos while (buffer_len(&e->request)) { 71318de8d7fSPeter Avalos switch ((type = buffer_get_char(&e->request))) { 71418de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_LIFETIME: 71518de8d7fSPeter Avalos death = time(NULL) + buffer_get_int(&e->request); 71618de8d7fSPeter Avalos break; 71718de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_CONFIRM: 71818de8d7fSPeter Avalos confirm = 1; 71918de8d7fSPeter Avalos break; 72018de8d7fSPeter Avalos default: 72118de8d7fSPeter Avalos error("process_add_smartcard_key: " 72218de8d7fSPeter Avalos "Unknown constraint type %d", type); 72318de8d7fSPeter Avalos goto send; 72418de8d7fSPeter Avalos } 72518de8d7fSPeter Avalos } 72618de8d7fSPeter Avalos if (lifetime && !death) 72718de8d7fSPeter Avalos death = time(NULL) + lifetime; 72818de8d7fSPeter Avalos 729856ea928SPeter Avalos count = pkcs11_add_provider(provider, pin, &keys); 730856ea928SPeter Avalos for (i = 0; i < count; i++) { 73118de8d7fSPeter Avalos k = keys[i]; 73218de8d7fSPeter Avalos version = k->type == KEY_RSA1 ? 1 : 2; 73318de8d7fSPeter Avalos tab = idtab_lookup(version); 73418de8d7fSPeter Avalos if (lookup_identity(k, version) == NULL) { 735856ea928SPeter Avalos id = xcalloc(1, sizeof(Identity)); 73618de8d7fSPeter Avalos id->key = k; 737856ea928SPeter Avalos id->provider = xstrdup(provider); 738856ea928SPeter Avalos id->comment = xstrdup(provider); /* XXX */ 73918de8d7fSPeter Avalos id->death = death; 74018de8d7fSPeter Avalos id->confirm = confirm; 74118de8d7fSPeter Avalos TAILQ_INSERT_TAIL(&tab->idlist, id, next); 74218de8d7fSPeter Avalos tab->nentries++; 74318de8d7fSPeter Avalos success = 1; 74418de8d7fSPeter Avalos } else { 74518de8d7fSPeter Avalos key_free(k); 74618de8d7fSPeter Avalos } 74718de8d7fSPeter Avalos keys[i] = NULL; 74818de8d7fSPeter Avalos } 74918de8d7fSPeter Avalos send: 750856ea928SPeter Avalos if (pin) 751856ea928SPeter Avalos xfree(pin); 752856ea928SPeter Avalos if (provider) 753856ea928SPeter Avalos xfree(provider); 754856ea928SPeter Avalos if (keys) 755856ea928SPeter Avalos xfree(keys); 75618de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 75718de8d7fSPeter Avalos buffer_put_char(&e->output, 75818de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 75918de8d7fSPeter Avalos } 76018de8d7fSPeter Avalos 76118de8d7fSPeter Avalos static void 76218de8d7fSPeter Avalos process_remove_smartcard_key(SocketEntry *e) 76318de8d7fSPeter Avalos { 764856ea928SPeter Avalos char *provider = NULL, *pin = NULL; 765856ea928SPeter Avalos int version, success = 0; 766856ea928SPeter Avalos Identity *id, *nxt; 76718de8d7fSPeter Avalos Idtab *tab; 76818de8d7fSPeter Avalos 769856ea928SPeter Avalos provider = buffer_get_string(&e->request, NULL); 77018de8d7fSPeter Avalos pin = buffer_get_string(&e->request, NULL); 77118de8d7fSPeter Avalos xfree(pin); 77218de8d7fSPeter Avalos 773856ea928SPeter Avalos for (version = 1; version < 3; version++) { 77418de8d7fSPeter Avalos tab = idtab_lookup(version); 775856ea928SPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 776856ea928SPeter Avalos nxt = TAILQ_NEXT(id, next); 777856ea928SPeter Avalos if (!strcmp(provider, id->provider)) { 77818de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 77918de8d7fSPeter Avalos free_identity(id); 780856ea928SPeter Avalos tab->nentries--; 781856ea928SPeter Avalos } 782856ea928SPeter Avalos } 783856ea928SPeter Avalos } 784856ea928SPeter Avalos if (pkcs11_del_provider(provider) == 0) 78518de8d7fSPeter Avalos success = 1; 786856ea928SPeter Avalos else 787856ea928SPeter Avalos error("process_remove_smartcard_key:" 788856ea928SPeter Avalos " pkcs11_del_provider failed"); 789856ea928SPeter Avalos xfree(provider); 79018de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 79118de8d7fSPeter Avalos buffer_put_char(&e->output, 79218de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 79318de8d7fSPeter Avalos } 794856ea928SPeter Avalos #endif /* ENABLE_PKCS11 */ 79518de8d7fSPeter Avalos 79618de8d7fSPeter Avalos /* dispatch incoming messages */ 79718de8d7fSPeter Avalos 79818de8d7fSPeter Avalos static void 79918de8d7fSPeter Avalos process_message(SocketEntry *e) 80018de8d7fSPeter Avalos { 80118de8d7fSPeter Avalos u_int msg_len, type; 80218de8d7fSPeter Avalos u_char *cp; 80318de8d7fSPeter Avalos 80418de8d7fSPeter Avalos if (buffer_len(&e->input) < 5) 80518de8d7fSPeter Avalos return; /* Incomplete message. */ 80618de8d7fSPeter Avalos cp = buffer_ptr(&e->input); 80718de8d7fSPeter Avalos msg_len = get_u32(cp); 80818de8d7fSPeter Avalos if (msg_len > 256 * 1024) { 80918de8d7fSPeter Avalos close_socket(e); 81018de8d7fSPeter Avalos return; 81118de8d7fSPeter Avalos } 81218de8d7fSPeter Avalos if (buffer_len(&e->input) < msg_len + 4) 81318de8d7fSPeter Avalos return; 81418de8d7fSPeter Avalos 81518de8d7fSPeter Avalos /* move the current input to e->request */ 81618de8d7fSPeter Avalos buffer_consume(&e->input, 4); 81718de8d7fSPeter Avalos buffer_clear(&e->request); 81818de8d7fSPeter Avalos buffer_append(&e->request, buffer_ptr(&e->input), msg_len); 81918de8d7fSPeter Avalos buffer_consume(&e->input, msg_len); 82018de8d7fSPeter Avalos type = buffer_get_char(&e->request); 82118de8d7fSPeter Avalos 82218de8d7fSPeter Avalos /* check wheter agent is locked */ 82318de8d7fSPeter Avalos if (locked && type != SSH_AGENTC_UNLOCK) { 82418de8d7fSPeter Avalos buffer_clear(&e->request); 82518de8d7fSPeter Avalos switch (type) { 82618de8d7fSPeter Avalos case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 82718de8d7fSPeter Avalos case SSH2_AGENTC_REQUEST_IDENTITIES: 82818de8d7fSPeter Avalos /* send empty lists */ 82918de8d7fSPeter Avalos no_identities(e, type); 83018de8d7fSPeter Avalos break; 83118de8d7fSPeter Avalos default: 83218de8d7fSPeter Avalos /* send a fail message for all other request types */ 83318de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 83418de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_FAILURE); 83518de8d7fSPeter Avalos } 83618de8d7fSPeter Avalos return; 83718de8d7fSPeter Avalos } 83818de8d7fSPeter Avalos 83918de8d7fSPeter Avalos debug("type %d", type); 84018de8d7fSPeter Avalos switch (type) { 84118de8d7fSPeter Avalos case SSH_AGENTC_LOCK: 84218de8d7fSPeter Avalos case SSH_AGENTC_UNLOCK: 84318de8d7fSPeter Avalos process_lock_agent(e, type == SSH_AGENTC_LOCK); 84418de8d7fSPeter Avalos break; 84518de8d7fSPeter Avalos /* ssh1 */ 84618de8d7fSPeter Avalos case SSH_AGENTC_RSA_CHALLENGE: 84718de8d7fSPeter Avalos process_authentication_challenge1(e); 84818de8d7fSPeter Avalos break; 84918de8d7fSPeter Avalos case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 85018de8d7fSPeter Avalos process_request_identities(e, 1); 85118de8d7fSPeter Avalos break; 85218de8d7fSPeter Avalos case SSH_AGENTC_ADD_RSA_IDENTITY: 85318de8d7fSPeter Avalos case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: 85418de8d7fSPeter Avalos process_add_identity(e, 1); 85518de8d7fSPeter Avalos break; 85618de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_RSA_IDENTITY: 85718de8d7fSPeter Avalos process_remove_identity(e, 1); 85818de8d7fSPeter Avalos break; 85918de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: 86018de8d7fSPeter Avalos process_remove_all_identities(e, 1); 86118de8d7fSPeter Avalos break; 86218de8d7fSPeter Avalos /* ssh2 */ 86318de8d7fSPeter Avalos case SSH2_AGENTC_SIGN_REQUEST: 86418de8d7fSPeter Avalos process_sign_request2(e); 86518de8d7fSPeter Avalos break; 86618de8d7fSPeter Avalos case SSH2_AGENTC_REQUEST_IDENTITIES: 86718de8d7fSPeter Avalos process_request_identities(e, 2); 86818de8d7fSPeter Avalos break; 86918de8d7fSPeter Avalos case SSH2_AGENTC_ADD_IDENTITY: 87018de8d7fSPeter Avalos case SSH2_AGENTC_ADD_ID_CONSTRAINED: 87118de8d7fSPeter Avalos process_add_identity(e, 2); 87218de8d7fSPeter Avalos break; 87318de8d7fSPeter Avalos case SSH2_AGENTC_REMOVE_IDENTITY: 87418de8d7fSPeter Avalos process_remove_identity(e, 2); 87518de8d7fSPeter Avalos break; 87618de8d7fSPeter Avalos case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: 87718de8d7fSPeter Avalos process_remove_all_identities(e, 2); 87818de8d7fSPeter Avalos break; 879856ea928SPeter Avalos #ifdef ENABLE_PKCS11 88018de8d7fSPeter Avalos case SSH_AGENTC_ADD_SMARTCARD_KEY: 88118de8d7fSPeter Avalos case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED: 88218de8d7fSPeter Avalos process_add_smartcard_key(e); 88318de8d7fSPeter Avalos break; 88418de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_SMARTCARD_KEY: 88518de8d7fSPeter Avalos process_remove_smartcard_key(e); 88618de8d7fSPeter Avalos break; 887856ea928SPeter Avalos #endif /* ENABLE_PKCS11 */ 88818de8d7fSPeter Avalos default: 88918de8d7fSPeter Avalos /* Unknown message. Respond with failure. */ 89018de8d7fSPeter Avalos error("Unknown message %d", type); 89118de8d7fSPeter Avalos buffer_clear(&e->request); 89218de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 89318de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_FAILURE); 89418de8d7fSPeter Avalos break; 89518de8d7fSPeter Avalos } 89618de8d7fSPeter Avalos } 89718de8d7fSPeter Avalos 89818de8d7fSPeter Avalos static void 89918de8d7fSPeter Avalos new_socket(sock_type type, int fd) 90018de8d7fSPeter Avalos { 90118de8d7fSPeter Avalos u_int i, old_alloc, new_alloc; 90218de8d7fSPeter Avalos 90318de8d7fSPeter Avalos set_nonblock(fd); 90418de8d7fSPeter Avalos 90518de8d7fSPeter Avalos if (fd > max_fd) 90618de8d7fSPeter Avalos max_fd = fd; 90718de8d7fSPeter Avalos 90818de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) 90918de8d7fSPeter Avalos if (sockets[i].type == AUTH_UNUSED) { 91018de8d7fSPeter Avalos sockets[i].fd = fd; 91118de8d7fSPeter Avalos buffer_init(&sockets[i].input); 91218de8d7fSPeter Avalos buffer_init(&sockets[i].output); 91318de8d7fSPeter Avalos buffer_init(&sockets[i].request); 91418de8d7fSPeter Avalos sockets[i].type = type; 91518de8d7fSPeter Avalos return; 91618de8d7fSPeter Avalos } 91718de8d7fSPeter Avalos old_alloc = sockets_alloc; 91818de8d7fSPeter Avalos new_alloc = sockets_alloc + 10; 91918de8d7fSPeter Avalos sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0])); 92018de8d7fSPeter Avalos for (i = old_alloc; i < new_alloc; i++) 92118de8d7fSPeter Avalos sockets[i].type = AUTH_UNUSED; 92218de8d7fSPeter Avalos sockets_alloc = new_alloc; 92318de8d7fSPeter Avalos sockets[old_alloc].fd = fd; 92418de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].input); 92518de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].output); 92618de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].request); 92718de8d7fSPeter Avalos sockets[old_alloc].type = type; 92818de8d7fSPeter Avalos } 92918de8d7fSPeter Avalos 93018de8d7fSPeter Avalos static int 93118de8d7fSPeter Avalos prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, 93218de8d7fSPeter Avalos struct timeval **tvpp) 93318de8d7fSPeter Avalos { 93418de8d7fSPeter Avalos u_int i, sz, deadline; 93518de8d7fSPeter Avalos int n = 0; 93618de8d7fSPeter Avalos static struct timeval tv; 93718de8d7fSPeter Avalos 93818de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) { 93918de8d7fSPeter Avalos switch (sockets[i].type) { 94018de8d7fSPeter Avalos case AUTH_SOCKET: 94118de8d7fSPeter Avalos case AUTH_CONNECTION: 94218de8d7fSPeter Avalos n = MAX(n, sockets[i].fd); 94318de8d7fSPeter Avalos break; 94418de8d7fSPeter Avalos case AUTH_UNUSED: 94518de8d7fSPeter Avalos break; 94618de8d7fSPeter Avalos default: 94718de8d7fSPeter Avalos fatal("Unknown socket type %d", sockets[i].type); 94818de8d7fSPeter Avalos break; 94918de8d7fSPeter Avalos } 95018de8d7fSPeter Avalos } 95118de8d7fSPeter Avalos 95218de8d7fSPeter Avalos sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); 95318de8d7fSPeter Avalos if (*fdrp == NULL || sz > *nallocp) { 95418de8d7fSPeter Avalos if (*fdrp) 95518de8d7fSPeter Avalos xfree(*fdrp); 95618de8d7fSPeter Avalos if (*fdwp) 95718de8d7fSPeter Avalos xfree(*fdwp); 95818de8d7fSPeter Avalos *fdrp = xmalloc(sz); 95918de8d7fSPeter Avalos *fdwp = xmalloc(sz); 96018de8d7fSPeter Avalos *nallocp = sz; 96118de8d7fSPeter Avalos } 96218de8d7fSPeter Avalos if (n < *fdl) 96318de8d7fSPeter Avalos debug("XXX shrink: %d < %d", n, *fdl); 96418de8d7fSPeter Avalos *fdl = n; 96518de8d7fSPeter Avalos memset(*fdrp, 0, sz); 96618de8d7fSPeter Avalos memset(*fdwp, 0, sz); 96718de8d7fSPeter Avalos 96818de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) { 96918de8d7fSPeter Avalos switch (sockets[i].type) { 97018de8d7fSPeter Avalos case AUTH_SOCKET: 97118de8d7fSPeter Avalos case AUTH_CONNECTION: 97218de8d7fSPeter Avalos FD_SET(sockets[i].fd, *fdrp); 97318de8d7fSPeter Avalos if (buffer_len(&sockets[i].output) > 0) 97418de8d7fSPeter Avalos FD_SET(sockets[i].fd, *fdwp); 97518de8d7fSPeter Avalos break; 97618de8d7fSPeter Avalos default: 97718de8d7fSPeter Avalos break; 97818de8d7fSPeter Avalos } 97918de8d7fSPeter Avalos } 98018de8d7fSPeter Avalos deadline = reaper(); 98118de8d7fSPeter Avalos if (parent_alive_interval != 0) 98218de8d7fSPeter Avalos deadline = (deadline == 0) ? parent_alive_interval : 98318de8d7fSPeter Avalos MIN(deadline, parent_alive_interval); 98418de8d7fSPeter Avalos if (deadline == 0) { 98518de8d7fSPeter Avalos *tvpp = NULL; 98618de8d7fSPeter Avalos } else { 98718de8d7fSPeter Avalos tv.tv_sec = deadline; 98818de8d7fSPeter Avalos tv.tv_usec = 0; 98918de8d7fSPeter Avalos *tvpp = &tv; 99018de8d7fSPeter Avalos } 99118de8d7fSPeter Avalos return (1); 99218de8d7fSPeter Avalos } 99318de8d7fSPeter Avalos 99418de8d7fSPeter Avalos static void 99518de8d7fSPeter Avalos after_select(fd_set *readset, fd_set *writeset) 99618de8d7fSPeter Avalos { 99718de8d7fSPeter Avalos struct sockaddr_un sunaddr; 99818de8d7fSPeter Avalos socklen_t slen; 99918de8d7fSPeter Avalos char buf[1024]; 100018de8d7fSPeter Avalos int len, sock; 1001856ea928SPeter Avalos u_int i, orig_alloc; 100218de8d7fSPeter Avalos uid_t euid; 100318de8d7fSPeter Avalos gid_t egid; 100418de8d7fSPeter Avalos 1005856ea928SPeter Avalos for (i = 0, orig_alloc = sockets_alloc; i < orig_alloc; i++) 100618de8d7fSPeter Avalos switch (sockets[i].type) { 100718de8d7fSPeter Avalos case AUTH_UNUSED: 100818de8d7fSPeter Avalos break; 100918de8d7fSPeter Avalos case AUTH_SOCKET: 101018de8d7fSPeter Avalos if (FD_ISSET(sockets[i].fd, readset)) { 101118de8d7fSPeter Avalos slen = sizeof(sunaddr); 101218de8d7fSPeter Avalos sock = accept(sockets[i].fd, 101318de8d7fSPeter Avalos (struct sockaddr *)&sunaddr, &slen); 101418de8d7fSPeter Avalos if (sock < 0) { 101518de8d7fSPeter Avalos error("accept from AUTH_SOCKET: %s", 101618de8d7fSPeter Avalos strerror(errno)); 101718de8d7fSPeter Avalos break; 101818de8d7fSPeter Avalos } 101918de8d7fSPeter Avalos if (getpeereid(sock, &euid, &egid) < 0) { 102018de8d7fSPeter Avalos error("getpeereid %d failed: %s", 102118de8d7fSPeter Avalos sock, strerror(errno)); 102218de8d7fSPeter Avalos close(sock); 102318de8d7fSPeter Avalos break; 102418de8d7fSPeter Avalos } 102518de8d7fSPeter Avalos if ((euid != 0) && (getuid() != euid)) { 102618de8d7fSPeter Avalos error("uid mismatch: " 102718de8d7fSPeter Avalos "peer euid %u != uid %u", 102818de8d7fSPeter Avalos (u_int) euid, (u_int) getuid()); 102918de8d7fSPeter Avalos close(sock); 103018de8d7fSPeter Avalos break; 103118de8d7fSPeter Avalos } 103218de8d7fSPeter Avalos new_socket(AUTH_CONNECTION, sock); 103318de8d7fSPeter Avalos } 103418de8d7fSPeter Avalos break; 103518de8d7fSPeter Avalos case AUTH_CONNECTION: 103618de8d7fSPeter Avalos if (buffer_len(&sockets[i].output) > 0 && 103718de8d7fSPeter Avalos FD_ISSET(sockets[i].fd, writeset)) { 103818de8d7fSPeter Avalos len = write(sockets[i].fd, 103918de8d7fSPeter Avalos buffer_ptr(&sockets[i].output), 104018de8d7fSPeter Avalos buffer_len(&sockets[i].output)); 104118de8d7fSPeter Avalos if (len == -1 && (errno == EAGAIN || 1042856ea928SPeter Avalos errno == EWOULDBLOCK || 1043856ea928SPeter Avalos errno == EINTR)) 104418de8d7fSPeter Avalos continue; 104518de8d7fSPeter Avalos if (len <= 0) { 104618de8d7fSPeter Avalos close_socket(&sockets[i]); 104718de8d7fSPeter Avalos break; 104818de8d7fSPeter Avalos } 104918de8d7fSPeter Avalos buffer_consume(&sockets[i].output, len); 105018de8d7fSPeter Avalos } 105118de8d7fSPeter Avalos if (FD_ISSET(sockets[i].fd, readset)) { 105218de8d7fSPeter Avalos len = read(sockets[i].fd, buf, sizeof(buf)); 105318de8d7fSPeter Avalos if (len == -1 && (errno == EAGAIN || 1054856ea928SPeter Avalos errno == EWOULDBLOCK || 1055856ea928SPeter Avalos errno == EINTR)) 105618de8d7fSPeter Avalos continue; 105718de8d7fSPeter Avalos if (len <= 0) { 105818de8d7fSPeter Avalos close_socket(&sockets[i]); 105918de8d7fSPeter Avalos break; 106018de8d7fSPeter Avalos } 106118de8d7fSPeter Avalos buffer_append(&sockets[i].input, buf, len); 106218de8d7fSPeter Avalos process_message(&sockets[i]); 106318de8d7fSPeter Avalos } 106418de8d7fSPeter Avalos break; 106518de8d7fSPeter Avalos default: 106618de8d7fSPeter Avalos fatal("Unknown type %d", sockets[i].type); 106718de8d7fSPeter Avalos } 106818de8d7fSPeter Avalos } 106918de8d7fSPeter Avalos 107018de8d7fSPeter Avalos static void 107118de8d7fSPeter Avalos cleanup_socket(void) 107218de8d7fSPeter Avalos { 107318de8d7fSPeter Avalos if (socket_name[0]) 107418de8d7fSPeter Avalos unlink(socket_name); 107518de8d7fSPeter Avalos if (socket_dir[0]) 107618de8d7fSPeter Avalos rmdir(socket_dir); 107718de8d7fSPeter Avalos } 107818de8d7fSPeter Avalos 107918de8d7fSPeter Avalos void 108018de8d7fSPeter Avalos cleanup_exit(int i) 108118de8d7fSPeter Avalos { 108218de8d7fSPeter Avalos cleanup_socket(); 108318de8d7fSPeter Avalos _exit(i); 108418de8d7fSPeter Avalos } 108518de8d7fSPeter Avalos 108618de8d7fSPeter Avalos /*ARGSUSED*/ 108718de8d7fSPeter Avalos static void 108818de8d7fSPeter Avalos cleanup_handler(int sig) 108918de8d7fSPeter Avalos { 109018de8d7fSPeter Avalos cleanup_socket(); 1091856ea928SPeter Avalos #ifdef ENABLE_PKCS11 1092856ea928SPeter Avalos pkcs11_terminate(); 1093856ea928SPeter Avalos #endif 109418de8d7fSPeter Avalos _exit(2); 109518de8d7fSPeter Avalos } 109618de8d7fSPeter Avalos 109718de8d7fSPeter Avalos static void 109818de8d7fSPeter Avalos check_parent_exists(void) 109918de8d7fSPeter Avalos { 1100*1c188a7fSPeter Avalos /* 1101*1c188a7fSPeter Avalos * If our parent has exited then getppid() will return (pid_t)1, 1102*1c188a7fSPeter Avalos * so testing for that should be safe. 1103*1c188a7fSPeter Avalos */ 1104*1c188a7fSPeter Avalos if (parent_pid != -1 && getppid() != parent_pid) { 110518de8d7fSPeter Avalos /* printf("Parent has died - Authentication agent exiting.\n"); */ 110618de8d7fSPeter Avalos cleanup_socket(); 110718de8d7fSPeter Avalos _exit(2); 110818de8d7fSPeter Avalos } 110918de8d7fSPeter Avalos } 111018de8d7fSPeter Avalos 111118de8d7fSPeter Avalos static void 111218de8d7fSPeter Avalos usage(void) 111318de8d7fSPeter Avalos { 111418de8d7fSPeter Avalos fprintf(stderr, "usage: %s [options] [command [arg ...]]\n", 111518de8d7fSPeter Avalos __progname); 111618de8d7fSPeter Avalos fprintf(stderr, "Options:\n"); 111718de8d7fSPeter Avalos fprintf(stderr, " -c Generate C-shell commands on stdout.\n"); 111818de8d7fSPeter Avalos fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n"); 111918de8d7fSPeter Avalos fprintf(stderr, " -k Kill the current agent.\n"); 112018de8d7fSPeter Avalos fprintf(stderr, " -d Debug mode.\n"); 112118de8d7fSPeter Avalos fprintf(stderr, " -a socket Bind agent socket to given name.\n"); 112218de8d7fSPeter Avalos fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); 112318de8d7fSPeter Avalos exit(1); 112418de8d7fSPeter Avalos } 112518de8d7fSPeter Avalos 112618de8d7fSPeter Avalos int 112718de8d7fSPeter Avalos main(int ac, char **av) 112818de8d7fSPeter Avalos { 112918de8d7fSPeter Avalos int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; 113018de8d7fSPeter Avalos int sock, fd, ch, result, saved_errno; 113118de8d7fSPeter Avalos u_int nalloc; 113218de8d7fSPeter Avalos char *shell, *format, *pidstr, *agentsocket = NULL; 113318de8d7fSPeter Avalos fd_set *readsetp = NULL, *writesetp = NULL; 113418de8d7fSPeter Avalos struct sockaddr_un sunaddr; 113518de8d7fSPeter Avalos #ifdef HAVE_SETRLIMIT 113618de8d7fSPeter Avalos struct rlimit rlim; 113718de8d7fSPeter Avalos #endif 113818de8d7fSPeter Avalos int prev_mask; 113918de8d7fSPeter Avalos extern int optind; 114018de8d7fSPeter Avalos extern char *optarg; 114118de8d7fSPeter Avalos pid_t pid; 114218de8d7fSPeter Avalos char pidstrbuf[1 + 3 * sizeof pid]; 114318de8d7fSPeter Avalos struct timeval *tvp = NULL; 114440c002afSPeter Avalos size_t len; 114518de8d7fSPeter Avalos 114618de8d7fSPeter Avalos /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 114718de8d7fSPeter Avalos sanitise_stdfd(); 114818de8d7fSPeter Avalos 114918de8d7fSPeter Avalos /* drop */ 115018de8d7fSPeter Avalos setegid(getgid()); 115118de8d7fSPeter Avalos setgid(getgid()); 115218de8d7fSPeter Avalos 115318de8d7fSPeter Avalos #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 115418de8d7fSPeter Avalos /* Disable ptrace on Linux without sgid bit */ 115518de8d7fSPeter Avalos prctl(PR_SET_DUMPABLE, 0); 115618de8d7fSPeter Avalos #endif 115718de8d7fSPeter Avalos 11589f304aafSPeter Avalos OpenSSL_add_all_algorithms(); 115918de8d7fSPeter Avalos 116018de8d7fSPeter Avalos __progname = ssh_get_progname(av[0]); 116118de8d7fSPeter Avalos seed_rng(); 116218de8d7fSPeter Avalos 116318de8d7fSPeter Avalos while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { 116418de8d7fSPeter Avalos switch (ch) { 116518de8d7fSPeter Avalos case 'c': 116618de8d7fSPeter Avalos if (s_flag) 116718de8d7fSPeter Avalos usage(); 116818de8d7fSPeter Avalos c_flag++; 116918de8d7fSPeter Avalos break; 117018de8d7fSPeter Avalos case 'k': 117118de8d7fSPeter Avalos k_flag++; 117218de8d7fSPeter Avalos break; 117318de8d7fSPeter Avalos case 's': 117418de8d7fSPeter Avalos if (c_flag) 117518de8d7fSPeter Avalos usage(); 117618de8d7fSPeter Avalos s_flag++; 117718de8d7fSPeter Avalos break; 117818de8d7fSPeter Avalos case 'd': 117918de8d7fSPeter Avalos if (d_flag) 118018de8d7fSPeter Avalos usage(); 118118de8d7fSPeter Avalos d_flag++; 118218de8d7fSPeter Avalos break; 118318de8d7fSPeter Avalos case 'a': 118418de8d7fSPeter Avalos agentsocket = optarg; 118518de8d7fSPeter Avalos break; 118618de8d7fSPeter Avalos case 't': 118718de8d7fSPeter Avalos if ((lifetime = convtime(optarg)) == -1) { 118818de8d7fSPeter Avalos fprintf(stderr, "Invalid lifetime\n"); 118918de8d7fSPeter Avalos usage(); 119018de8d7fSPeter Avalos } 119118de8d7fSPeter Avalos break; 119218de8d7fSPeter Avalos default: 119318de8d7fSPeter Avalos usage(); 119418de8d7fSPeter Avalos } 119518de8d7fSPeter Avalos } 119618de8d7fSPeter Avalos ac -= optind; 119718de8d7fSPeter Avalos av += optind; 119818de8d7fSPeter Avalos 119918de8d7fSPeter Avalos if (ac > 0 && (c_flag || k_flag || s_flag || d_flag)) 120018de8d7fSPeter Avalos usage(); 120118de8d7fSPeter Avalos 120218de8d7fSPeter Avalos if (ac == 0 && !c_flag && !s_flag) { 120318de8d7fSPeter Avalos shell = getenv("SHELL"); 120440c002afSPeter Avalos if (shell != NULL && (len = strlen(shell)) > 2 && 120540c002afSPeter Avalos strncmp(shell + len - 3, "csh", 3) == 0) 120618de8d7fSPeter Avalos c_flag = 1; 120718de8d7fSPeter Avalos } 120818de8d7fSPeter Avalos if (k_flag) { 120918de8d7fSPeter Avalos const char *errstr = NULL; 121018de8d7fSPeter Avalos 121118de8d7fSPeter Avalos pidstr = getenv(SSH_AGENTPID_ENV_NAME); 121218de8d7fSPeter Avalos if (pidstr == NULL) { 121318de8d7fSPeter Avalos fprintf(stderr, "%s not set, cannot kill agent\n", 121418de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME); 121518de8d7fSPeter Avalos exit(1); 121618de8d7fSPeter Avalos } 121718de8d7fSPeter Avalos pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); 121818de8d7fSPeter Avalos if (errstr) { 121918de8d7fSPeter Avalos fprintf(stderr, 122018de8d7fSPeter Avalos "%s=\"%s\", which is not a good PID: %s\n", 122118de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME, pidstr, errstr); 122218de8d7fSPeter Avalos exit(1); 122318de8d7fSPeter Avalos } 122418de8d7fSPeter Avalos if (kill(pid, SIGTERM) == -1) { 122518de8d7fSPeter Avalos perror("kill"); 122618de8d7fSPeter Avalos exit(1); 122718de8d7fSPeter Avalos } 122818de8d7fSPeter Avalos format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; 122918de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME); 123018de8d7fSPeter Avalos printf(format, SSH_AGENTPID_ENV_NAME); 123118de8d7fSPeter Avalos printf("echo Agent pid %ld killed;\n", (long)pid); 123218de8d7fSPeter Avalos exit(0); 123318de8d7fSPeter Avalos } 123418de8d7fSPeter Avalos parent_pid = getpid(); 123518de8d7fSPeter Avalos 123618de8d7fSPeter Avalos if (agentsocket == NULL) { 123718de8d7fSPeter Avalos /* Create private directory for agent socket */ 12389f304aafSPeter Avalos mktemp_proto(socket_dir, sizeof(socket_dir)); 123918de8d7fSPeter Avalos if (mkdtemp(socket_dir) == NULL) { 124018de8d7fSPeter Avalos perror("mkdtemp: private socket dir"); 124118de8d7fSPeter Avalos exit(1); 124218de8d7fSPeter Avalos } 124318de8d7fSPeter Avalos snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, 124418de8d7fSPeter Avalos (long)parent_pid); 124518de8d7fSPeter Avalos } else { 124618de8d7fSPeter Avalos /* Try to use specified agent socket */ 124718de8d7fSPeter Avalos socket_dir[0] = '\0'; 124818de8d7fSPeter Avalos strlcpy(socket_name, agentsocket, sizeof socket_name); 124918de8d7fSPeter Avalos } 125018de8d7fSPeter Avalos 125118de8d7fSPeter Avalos /* 125218de8d7fSPeter Avalos * Create socket early so it will exist before command gets run from 125318de8d7fSPeter Avalos * the parent. 125418de8d7fSPeter Avalos */ 125518de8d7fSPeter Avalos sock = socket(AF_UNIX, SOCK_STREAM, 0); 125618de8d7fSPeter Avalos if (sock < 0) { 125718de8d7fSPeter Avalos perror("socket"); 125818de8d7fSPeter Avalos *socket_name = '\0'; /* Don't unlink any existing file */ 125918de8d7fSPeter Avalos cleanup_exit(1); 126018de8d7fSPeter Avalos } 126118de8d7fSPeter Avalos memset(&sunaddr, 0, sizeof(sunaddr)); 126218de8d7fSPeter Avalos sunaddr.sun_family = AF_UNIX; 126318de8d7fSPeter Avalos strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); 126418de8d7fSPeter Avalos prev_mask = umask(0177); 126518de8d7fSPeter Avalos if (bind(sock, (struct sockaddr *) &sunaddr, sizeof(sunaddr)) < 0) { 126618de8d7fSPeter Avalos perror("bind"); 126718de8d7fSPeter Avalos *socket_name = '\0'; /* Don't unlink any existing file */ 126818de8d7fSPeter Avalos umask(prev_mask); 126918de8d7fSPeter Avalos cleanup_exit(1); 127018de8d7fSPeter Avalos } 127118de8d7fSPeter Avalos umask(prev_mask); 127218de8d7fSPeter Avalos if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 127318de8d7fSPeter Avalos perror("listen"); 127418de8d7fSPeter Avalos cleanup_exit(1); 127518de8d7fSPeter Avalos } 127618de8d7fSPeter Avalos 127718de8d7fSPeter Avalos /* 127818de8d7fSPeter Avalos * Fork, and have the parent execute the command, if any, or present 127918de8d7fSPeter Avalos * the socket data. The child continues as the authentication agent. 128018de8d7fSPeter Avalos */ 128118de8d7fSPeter Avalos if (d_flag) { 128218de8d7fSPeter Avalos log_init(__progname, SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 1); 128318de8d7fSPeter Avalos format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 128418de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 128518de8d7fSPeter Avalos SSH_AUTHSOCKET_ENV_NAME); 128618de8d7fSPeter Avalos printf("echo Agent pid %ld;\n", (long)parent_pid); 128718de8d7fSPeter Avalos goto skip; 128818de8d7fSPeter Avalos } 128918de8d7fSPeter Avalos pid = fork(); 129018de8d7fSPeter Avalos if (pid == -1) { 129118de8d7fSPeter Avalos perror("fork"); 129218de8d7fSPeter Avalos cleanup_exit(1); 129318de8d7fSPeter Avalos } 129418de8d7fSPeter Avalos if (pid != 0) { /* Parent - execute the given command. */ 129518de8d7fSPeter Avalos close(sock); 129618de8d7fSPeter Avalos snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid); 129718de8d7fSPeter Avalos if (ac == 0) { 129818de8d7fSPeter Avalos format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 129918de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 130018de8d7fSPeter Avalos SSH_AUTHSOCKET_ENV_NAME); 130118de8d7fSPeter Avalos printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, 130218de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME); 130318de8d7fSPeter Avalos printf("echo Agent pid %ld;\n", (long)pid); 130418de8d7fSPeter Avalos exit(0); 130518de8d7fSPeter Avalos } 130618de8d7fSPeter Avalos if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || 130718de8d7fSPeter Avalos setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { 130818de8d7fSPeter Avalos perror("setenv"); 130918de8d7fSPeter Avalos exit(1); 131018de8d7fSPeter Avalos } 131118de8d7fSPeter Avalos execvp(av[0], av); 131218de8d7fSPeter Avalos perror(av[0]); 131318de8d7fSPeter Avalos exit(1); 131418de8d7fSPeter Avalos } 131518de8d7fSPeter Avalos /* child */ 131618de8d7fSPeter Avalos log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); 131718de8d7fSPeter Avalos 131818de8d7fSPeter Avalos if (setsid() == -1) { 131918de8d7fSPeter Avalos error("setsid: %s", strerror(errno)); 132018de8d7fSPeter Avalos cleanup_exit(1); 132118de8d7fSPeter Avalos } 132218de8d7fSPeter Avalos 132318de8d7fSPeter Avalos (void)chdir("/"); 132418de8d7fSPeter Avalos if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { 132518de8d7fSPeter Avalos /* XXX might close listen socket */ 132618de8d7fSPeter Avalos (void)dup2(fd, STDIN_FILENO); 132718de8d7fSPeter Avalos (void)dup2(fd, STDOUT_FILENO); 132818de8d7fSPeter Avalos (void)dup2(fd, STDERR_FILENO); 132918de8d7fSPeter Avalos if (fd > 2) 133018de8d7fSPeter Avalos close(fd); 133118de8d7fSPeter Avalos } 133218de8d7fSPeter Avalos 133318de8d7fSPeter Avalos #ifdef HAVE_SETRLIMIT 133418de8d7fSPeter Avalos /* deny core dumps, since memory contains unencrypted private keys */ 133518de8d7fSPeter Avalos rlim.rlim_cur = rlim.rlim_max = 0; 133618de8d7fSPeter Avalos if (setrlimit(RLIMIT_CORE, &rlim) < 0) { 133718de8d7fSPeter Avalos error("setrlimit RLIMIT_CORE: %s", strerror(errno)); 133818de8d7fSPeter Avalos cleanup_exit(1); 133918de8d7fSPeter Avalos } 134018de8d7fSPeter Avalos #endif 134118de8d7fSPeter Avalos 134218de8d7fSPeter Avalos skip: 1343856ea928SPeter Avalos 1344856ea928SPeter Avalos #ifdef ENABLE_PKCS11 1345856ea928SPeter Avalos pkcs11_init(0); 1346856ea928SPeter Avalos #endif 134718de8d7fSPeter Avalos new_socket(AUTH_SOCKET, sock); 134818de8d7fSPeter Avalos if (ac > 0) 134918de8d7fSPeter Avalos parent_alive_interval = 10; 135018de8d7fSPeter Avalos idtab_init(); 135118de8d7fSPeter Avalos if (!d_flag) 135218de8d7fSPeter Avalos signal(SIGINT, SIG_IGN); 135318de8d7fSPeter Avalos signal(SIGPIPE, SIG_IGN); 135418de8d7fSPeter Avalos signal(SIGHUP, cleanup_handler); 135518de8d7fSPeter Avalos signal(SIGTERM, cleanup_handler); 135618de8d7fSPeter Avalos nalloc = 0; 135718de8d7fSPeter Avalos 135818de8d7fSPeter Avalos while (1) { 135918de8d7fSPeter Avalos prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); 136018de8d7fSPeter Avalos result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); 136118de8d7fSPeter Avalos saved_errno = errno; 136218de8d7fSPeter Avalos if (parent_alive_interval != 0) 136318de8d7fSPeter Avalos check_parent_exists(); 136418de8d7fSPeter Avalos (void) reaper(); /* remove expired keys */ 136518de8d7fSPeter Avalos if (result < 0) { 136618de8d7fSPeter Avalos if (saved_errno == EINTR) 136718de8d7fSPeter Avalos continue; 136818de8d7fSPeter Avalos fatal("select: %s", strerror(saved_errno)); 136918de8d7fSPeter Avalos } else if (result > 0) 137018de8d7fSPeter Avalos after_select(readsetp, writesetp); 137118de8d7fSPeter Avalos } 137218de8d7fSPeter Avalos /* NOTREACHED */ 137318de8d7fSPeter Avalos } 1374