1*36e94dc5SPeter Avalos /* $OpenBSD: ssh-agent.c,v 1.190 2014/07/25 21:22:03 dtucker Exp $ */ 218de8d7fSPeter Avalos /* 318de8d7fSPeter Avalos * Author: Tatu Ylonen <ylo@cs.hut.fi> 418de8d7fSPeter Avalos * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 518de8d7fSPeter Avalos * All rights reserved 618de8d7fSPeter Avalos * The authentication agent program. 718de8d7fSPeter Avalos * 818de8d7fSPeter Avalos * As far as I am concerned, the code I have written for this software 918de8d7fSPeter Avalos * can be used freely for any purpose. Any derived versions of this 1018de8d7fSPeter Avalos * software must be clearly marked as such, and if the derived work is 1118de8d7fSPeter Avalos * incompatible with the protocol description in the RFC file, it must be 1218de8d7fSPeter Avalos * called by a name other than "ssh" or "Secure Shell". 1318de8d7fSPeter Avalos * 1418de8d7fSPeter Avalos * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 1518de8d7fSPeter Avalos * 1618de8d7fSPeter Avalos * Redistribution and use in source and binary forms, with or without 1718de8d7fSPeter Avalos * modification, are permitted provided that the following conditions 1818de8d7fSPeter Avalos * are met: 1918de8d7fSPeter Avalos * 1. Redistributions of source code must retain the above copyright 2018de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer. 2118de8d7fSPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright 2218de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer in the 2318de8d7fSPeter Avalos * documentation and/or other materials provided with the distribution. 2418de8d7fSPeter Avalos * 2518de8d7fSPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2618de8d7fSPeter Avalos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2718de8d7fSPeter Avalos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2818de8d7fSPeter Avalos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2918de8d7fSPeter Avalos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 3018de8d7fSPeter Avalos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 3118de8d7fSPeter Avalos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 3218de8d7fSPeter Avalos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3318de8d7fSPeter Avalos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 3418de8d7fSPeter Avalos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3518de8d7fSPeter Avalos */ 3618de8d7fSPeter Avalos 3718de8d7fSPeter Avalos #include "includes.h" 3818de8d7fSPeter Avalos 3918de8d7fSPeter Avalos #include <sys/types.h> 4018de8d7fSPeter Avalos #include <sys/param.h> 4118de8d7fSPeter Avalos #include <sys/resource.h> 4218de8d7fSPeter Avalos #include <sys/stat.h> 4318de8d7fSPeter Avalos #include <sys/socket.h> 4418de8d7fSPeter Avalos #ifdef HAVE_SYS_TIME_H 4518de8d7fSPeter Avalos # include <sys/time.h> 4618de8d7fSPeter Avalos #endif 4718de8d7fSPeter Avalos #ifdef HAVE_SYS_UN_H 4818de8d7fSPeter Avalos # include <sys/un.h> 4918de8d7fSPeter Avalos #endif 5018de8d7fSPeter Avalos #include "openbsd-compat/sys-queue.h" 5118de8d7fSPeter Avalos 52*36e94dc5SPeter Avalos #ifdef WITH_OPENSSL 5318de8d7fSPeter Avalos #include <openssl/evp.h> 5418de8d7fSPeter Avalos #include "openbsd-compat/openssl-compat.h" 55*36e94dc5SPeter Avalos #endif 5618de8d7fSPeter Avalos 5718de8d7fSPeter Avalos #include <errno.h> 5818de8d7fSPeter Avalos #include <fcntl.h> 5918de8d7fSPeter Avalos #ifdef HAVE_PATHS_H 6018de8d7fSPeter Avalos # include <paths.h> 6118de8d7fSPeter Avalos #endif 6218de8d7fSPeter Avalos #include <signal.h> 6318de8d7fSPeter Avalos #include <stdarg.h> 6418de8d7fSPeter Avalos #include <stdio.h> 6518de8d7fSPeter Avalos #include <stdlib.h> 6618de8d7fSPeter Avalos #include <time.h> 6718de8d7fSPeter Avalos #include <string.h> 6818de8d7fSPeter Avalos #include <unistd.h> 6918de8d7fSPeter Avalos 7018de8d7fSPeter Avalos #include "xmalloc.h" 7118de8d7fSPeter Avalos #include "ssh.h" 7218de8d7fSPeter Avalos #include "rsa.h" 7318de8d7fSPeter Avalos #include "buffer.h" 7418de8d7fSPeter Avalos #include "key.h" 7518de8d7fSPeter Avalos #include "authfd.h" 7618de8d7fSPeter Avalos #include "compat.h" 7718de8d7fSPeter Avalos #include "log.h" 7818de8d7fSPeter Avalos #include "misc.h" 79*36e94dc5SPeter Avalos #include "digest.h" 8018de8d7fSPeter Avalos 81856ea928SPeter Avalos #ifdef ENABLE_PKCS11 82856ea928SPeter Avalos #include "ssh-pkcs11.h" 8318de8d7fSPeter Avalos #endif 8418de8d7fSPeter Avalos 8518de8d7fSPeter Avalos #if defined(HAVE_SYS_PRCTL_H) 8618de8d7fSPeter Avalos #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ 8718de8d7fSPeter Avalos #endif 8818de8d7fSPeter Avalos 8918de8d7fSPeter Avalos typedef enum { 9018de8d7fSPeter Avalos AUTH_UNUSED, 9118de8d7fSPeter Avalos AUTH_SOCKET, 9218de8d7fSPeter Avalos AUTH_CONNECTION 9318de8d7fSPeter Avalos } sock_type; 9418de8d7fSPeter Avalos 9518de8d7fSPeter Avalos typedef struct { 9618de8d7fSPeter Avalos int fd; 9718de8d7fSPeter Avalos sock_type type; 9818de8d7fSPeter Avalos Buffer input; 9918de8d7fSPeter Avalos Buffer output; 10018de8d7fSPeter Avalos Buffer request; 10118de8d7fSPeter Avalos } SocketEntry; 10218de8d7fSPeter Avalos 10318de8d7fSPeter Avalos u_int sockets_alloc = 0; 10418de8d7fSPeter Avalos SocketEntry *sockets = NULL; 10518de8d7fSPeter Avalos 10618de8d7fSPeter Avalos typedef struct identity { 10718de8d7fSPeter Avalos TAILQ_ENTRY(identity) next; 10818de8d7fSPeter Avalos Key *key; 10918de8d7fSPeter Avalos char *comment; 110856ea928SPeter Avalos char *provider; 111*36e94dc5SPeter Avalos time_t death; 11218de8d7fSPeter Avalos u_int confirm; 11318de8d7fSPeter Avalos } Identity; 11418de8d7fSPeter Avalos 11518de8d7fSPeter Avalos typedef struct { 11618de8d7fSPeter Avalos int nentries; 11718de8d7fSPeter Avalos TAILQ_HEAD(idqueue, identity) idlist; 11818de8d7fSPeter Avalos } Idtab; 11918de8d7fSPeter Avalos 12018de8d7fSPeter Avalos /* private key table, one per protocol version */ 12118de8d7fSPeter Avalos Idtab idtable[3]; 12218de8d7fSPeter Avalos 12318de8d7fSPeter Avalos int max_fd = 0; 12418de8d7fSPeter Avalos 12518de8d7fSPeter Avalos /* pid of shell == parent of agent */ 12618de8d7fSPeter Avalos pid_t parent_pid = -1; 127*36e94dc5SPeter Avalos time_t parent_alive_interval = 0; 128*36e94dc5SPeter Avalos 129*36e94dc5SPeter Avalos /* pid of process for which cleanup_socket is applicable */ 130*36e94dc5SPeter Avalos pid_t cleanup_pid = 0; 13118de8d7fSPeter Avalos 13218de8d7fSPeter Avalos /* pathname and directory for AUTH_SOCKET */ 13318de8d7fSPeter Avalos char socket_name[MAXPATHLEN]; 13418de8d7fSPeter Avalos char socket_dir[MAXPATHLEN]; 13518de8d7fSPeter Avalos 13618de8d7fSPeter Avalos /* locking */ 13718de8d7fSPeter Avalos int locked = 0; 13818de8d7fSPeter Avalos char *lock_passwd = NULL; 13918de8d7fSPeter Avalos 14018de8d7fSPeter Avalos extern char *__progname; 14118de8d7fSPeter Avalos 142*36e94dc5SPeter Avalos /* Default lifetime in seconds (0 == forever) */ 143*36e94dc5SPeter Avalos static long lifetime = 0; 14418de8d7fSPeter Avalos 14518de8d7fSPeter Avalos static void 14618de8d7fSPeter Avalos close_socket(SocketEntry *e) 14718de8d7fSPeter Avalos { 14818de8d7fSPeter Avalos close(e->fd); 14918de8d7fSPeter Avalos e->fd = -1; 15018de8d7fSPeter Avalos e->type = AUTH_UNUSED; 15118de8d7fSPeter Avalos buffer_free(&e->input); 15218de8d7fSPeter Avalos buffer_free(&e->output); 15318de8d7fSPeter Avalos buffer_free(&e->request); 15418de8d7fSPeter Avalos } 15518de8d7fSPeter Avalos 15618de8d7fSPeter Avalos static void 15718de8d7fSPeter Avalos idtab_init(void) 15818de8d7fSPeter Avalos { 15918de8d7fSPeter Avalos int i; 16018de8d7fSPeter Avalos 16118de8d7fSPeter Avalos for (i = 0; i <=2; i++) { 16218de8d7fSPeter Avalos TAILQ_INIT(&idtable[i].idlist); 16318de8d7fSPeter Avalos idtable[i].nentries = 0; 16418de8d7fSPeter Avalos } 16518de8d7fSPeter Avalos } 16618de8d7fSPeter Avalos 16718de8d7fSPeter Avalos /* return private key table for requested protocol version */ 16818de8d7fSPeter Avalos static Idtab * 16918de8d7fSPeter Avalos idtab_lookup(int version) 17018de8d7fSPeter Avalos { 17118de8d7fSPeter Avalos if (version < 1 || version > 2) 17218de8d7fSPeter Avalos fatal("internal error, bad protocol version %d", version); 17318de8d7fSPeter Avalos return &idtable[version]; 17418de8d7fSPeter Avalos } 17518de8d7fSPeter Avalos 17618de8d7fSPeter Avalos static void 17718de8d7fSPeter Avalos free_identity(Identity *id) 17818de8d7fSPeter Avalos { 17918de8d7fSPeter Avalos key_free(id->key); 180*36e94dc5SPeter Avalos free(id->provider); 181*36e94dc5SPeter Avalos free(id->comment); 182*36e94dc5SPeter Avalos free(id); 18318de8d7fSPeter Avalos } 18418de8d7fSPeter Avalos 18518de8d7fSPeter Avalos /* return matching private key for given public key */ 18618de8d7fSPeter Avalos static Identity * 18718de8d7fSPeter Avalos lookup_identity(Key *key, int version) 18818de8d7fSPeter Avalos { 18918de8d7fSPeter Avalos Identity *id; 19018de8d7fSPeter Avalos 19118de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 19218de8d7fSPeter Avalos TAILQ_FOREACH(id, &tab->idlist, next) { 19318de8d7fSPeter Avalos if (key_equal(key, id->key)) 19418de8d7fSPeter Avalos return (id); 19518de8d7fSPeter Avalos } 19618de8d7fSPeter Avalos return (NULL); 19718de8d7fSPeter Avalos } 19818de8d7fSPeter Avalos 19918de8d7fSPeter Avalos /* Check confirmation of keysign request */ 20018de8d7fSPeter Avalos static int 20118de8d7fSPeter Avalos confirm_key(Identity *id) 20218de8d7fSPeter Avalos { 20318de8d7fSPeter Avalos char *p; 20418de8d7fSPeter Avalos int ret = -1; 20518de8d7fSPeter Avalos 20618de8d7fSPeter Avalos p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); 20718de8d7fSPeter Avalos if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", 20818de8d7fSPeter Avalos id->comment, p)) 20918de8d7fSPeter Avalos ret = 0; 210*36e94dc5SPeter Avalos free(p); 21118de8d7fSPeter Avalos 21218de8d7fSPeter Avalos return (ret); 21318de8d7fSPeter Avalos } 21418de8d7fSPeter Avalos 21518de8d7fSPeter Avalos /* send list of supported public keys to 'client' */ 21618de8d7fSPeter Avalos static void 21718de8d7fSPeter Avalos process_request_identities(SocketEntry *e, int version) 21818de8d7fSPeter Avalos { 21918de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 22018de8d7fSPeter Avalos Identity *id; 22118de8d7fSPeter Avalos Buffer msg; 22218de8d7fSPeter Avalos 22318de8d7fSPeter Avalos buffer_init(&msg); 22418de8d7fSPeter Avalos buffer_put_char(&msg, (version == 1) ? 22518de8d7fSPeter Avalos SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER); 22618de8d7fSPeter Avalos buffer_put_int(&msg, tab->nentries); 22718de8d7fSPeter Avalos TAILQ_FOREACH(id, &tab->idlist, next) { 22818de8d7fSPeter Avalos if (id->key->type == KEY_RSA1) { 229*36e94dc5SPeter Avalos #ifdef WITH_SSH1 23018de8d7fSPeter Avalos buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); 23118de8d7fSPeter Avalos buffer_put_bignum(&msg, id->key->rsa->e); 23218de8d7fSPeter Avalos buffer_put_bignum(&msg, id->key->rsa->n); 233*36e94dc5SPeter Avalos #endif 23418de8d7fSPeter Avalos } else { 23518de8d7fSPeter Avalos u_char *blob; 23618de8d7fSPeter Avalos u_int blen; 23718de8d7fSPeter Avalos key_to_blob(id->key, &blob, &blen); 23818de8d7fSPeter Avalos buffer_put_string(&msg, blob, blen); 239*36e94dc5SPeter Avalos free(blob); 24018de8d7fSPeter Avalos } 24118de8d7fSPeter Avalos buffer_put_cstring(&msg, id->comment); 24218de8d7fSPeter Avalos } 24318de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 24418de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 24518de8d7fSPeter Avalos buffer_free(&msg); 24618de8d7fSPeter Avalos } 24718de8d7fSPeter Avalos 248*36e94dc5SPeter Avalos #ifdef WITH_SSH1 24918de8d7fSPeter Avalos /* ssh1 only */ 25018de8d7fSPeter Avalos static void 25118de8d7fSPeter Avalos process_authentication_challenge1(SocketEntry *e) 25218de8d7fSPeter Avalos { 25318de8d7fSPeter Avalos u_char buf[32], mdbuf[16], session_id[16]; 25418de8d7fSPeter Avalos u_int response_type; 25518de8d7fSPeter Avalos BIGNUM *challenge; 25618de8d7fSPeter Avalos Identity *id; 25718de8d7fSPeter Avalos int i, len; 25818de8d7fSPeter Avalos Buffer msg; 259*36e94dc5SPeter Avalos struct ssh_digest_ctx *md; 26018de8d7fSPeter Avalos Key *key; 26118de8d7fSPeter Avalos 26218de8d7fSPeter Avalos buffer_init(&msg); 26318de8d7fSPeter Avalos key = key_new(KEY_RSA1); 26418de8d7fSPeter Avalos if ((challenge = BN_new()) == NULL) 26518de8d7fSPeter Avalos fatal("process_authentication_challenge1: BN_new failed"); 26618de8d7fSPeter Avalos 26718de8d7fSPeter Avalos (void) buffer_get_int(&e->request); /* ignored */ 26818de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->e); 26918de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->n); 27018de8d7fSPeter Avalos buffer_get_bignum(&e->request, challenge); 27118de8d7fSPeter Avalos 27218de8d7fSPeter Avalos /* Only protocol 1.1 is supported */ 27318de8d7fSPeter Avalos if (buffer_len(&e->request) == 0) 27418de8d7fSPeter Avalos goto failure; 27518de8d7fSPeter Avalos buffer_get(&e->request, session_id, 16); 27618de8d7fSPeter Avalos response_type = buffer_get_int(&e->request); 27718de8d7fSPeter Avalos if (response_type != 1) 27818de8d7fSPeter Avalos goto failure; 27918de8d7fSPeter Avalos 28018de8d7fSPeter Avalos id = lookup_identity(key, 1); 28118de8d7fSPeter Avalos if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { 28218de8d7fSPeter Avalos Key *private = id->key; 28318de8d7fSPeter Avalos /* Decrypt the challenge using the private key. */ 284*36e94dc5SPeter Avalos if (rsa_private_decrypt(challenge, challenge, private->rsa) != 0) 28518de8d7fSPeter Avalos goto failure; 28618de8d7fSPeter Avalos 28718de8d7fSPeter Avalos /* The response is MD5 of decrypted challenge plus session id. */ 28818de8d7fSPeter Avalos len = BN_num_bytes(challenge); 28918de8d7fSPeter Avalos if (len <= 0 || len > 32) { 29018de8d7fSPeter Avalos logit("process_authentication_challenge: bad challenge length %d", len); 29118de8d7fSPeter Avalos goto failure; 29218de8d7fSPeter Avalos } 29318de8d7fSPeter Avalos memset(buf, 0, 32); 29418de8d7fSPeter Avalos BN_bn2bin(challenge, buf + 32 - len); 295*36e94dc5SPeter Avalos if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || 296*36e94dc5SPeter Avalos ssh_digest_update(md, buf, 32) < 0 || 297*36e94dc5SPeter Avalos ssh_digest_update(md, session_id, 16) < 0 || 298*36e94dc5SPeter Avalos ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) 299*36e94dc5SPeter Avalos fatal("%s: md5 failed", __func__); 300*36e94dc5SPeter Avalos ssh_digest_free(md); 30118de8d7fSPeter Avalos 30218de8d7fSPeter Avalos /* Send the response. */ 30318de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE); 30418de8d7fSPeter Avalos for (i = 0; i < 16; i++) 30518de8d7fSPeter Avalos buffer_put_char(&msg, mdbuf[i]); 30618de8d7fSPeter Avalos goto send; 30718de8d7fSPeter Avalos } 30818de8d7fSPeter Avalos 30918de8d7fSPeter Avalos failure: 31018de8d7fSPeter Avalos /* Unknown identity or protocol error. Send failure. */ 31118de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_FAILURE); 31218de8d7fSPeter Avalos send: 31318de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 31418de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 31518de8d7fSPeter Avalos key_free(key); 31618de8d7fSPeter Avalos BN_clear_free(challenge); 31718de8d7fSPeter Avalos buffer_free(&msg); 31818de8d7fSPeter Avalos } 319*36e94dc5SPeter Avalos #endif 32018de8d7fSPeter Avalos 32118de8d7fSPeter Avalos /* ssh2 only */ 32218de8d7fSPeter Avalos static void 32318de8d7fSPeter Avalos process_sign_request2(SocketEntry *e) 32418de8d7fSPeter Avalos { 32518de8d7fSPeter Avalos u_char *blob, *data, *signature = NULL; 32618de8d7fSPeter Avalos u_int blen, dlen, slen = 0; 32718de8d7fSPeter Avalos extern int datafellows; 32818de8d7fSPeter Avalos int odatafellows; 32918de8d7fSPeter Avalos int ok = -1, flags; 33018de8d7fSPeter Avalos Buffer msg; 33118de8d7fSPeter Avalos Key *key; 33218de8d7fSPeter Avalos 33318de8d7fSPeter Avalos datafellows = 0; 33418de8d7fSPeter Avalos 33518de8d7fSPeter Avalos blob = buffer_get_string(&e->request, &blen); 33618de8d7fSPeter Avalos data = buffer_get_string(&e->request, &dlen); 33718de8d7fSPeter Avalos 33818de8d7fSPeter Avalos flags = buffer_get_int(&e->request); 33918de8d7fSPeter Avalos odatafellows = datafellows; 34018de8d7fSPeter Avalos if (flags & SSH_AGENT_OLD_SIGNATURE) 34118de8d7fSPeter Avalos datafellows = SSH_BUG_SIGBLOB; 34218de8d7fSPeter Avalos 34318de8d7fSPeter Avalos key = key_from_blob(blob, blen); 34418de8d7fSPeter Avalos if (key != NULL) { 34518de8d7fSPeter Avalos Identity *id = lookup_identity(key, 2); 34618de8d7fSPeter Avalos if (id != NULL && (!id->confirm || confirm_key(id) == 0)) 34718de8d7fSPeter Avalos ok = key_sign(id->key, &signature, &slen, data, dlen); 34818de8d7fSPeter Avalos key_free(key); 34918de8d7fSPeter Avalos } 35018de8d7fSPeter Avalos buffer_init(&msg); 35118de8d7fSPeter Avalos if (ok == 0) { 35218de8d7fSPeter Avalos buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); 35318de8d7fSPeter Avalos buffer_put_string(&msg, signature, slen); 35418de8d7fSPeter Avalos } else { 35518de8d7fSPeter Avalos buffer_put_char(&msg, SSH_AGENT_FAILURE); 35618de8d7fSPeter Avalos } 35718de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 35818de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), 35918de8d7fSPeter Avalos buffer_len(&msg)); 36018de8d7fSPeter Avalos buffer_free(&msg); 361*36e94dc5SPeter Avalos free(data); 362*36e94dc5SPeter Avalos free(blob); 363*36e94dc5SPeter Avalos free(signature); 36418de8d7fSPeter Avalos datafellows = odatafellows; 36518de8d7fSPeter Avalos } 36618de8d7fSPeter Avalos 36718de8d7fSPeter Avalos /* shared */ 36818de8d7fSPeter Avalos static void 36918de8d7fSPeter Avalos process_remove_identity(SocketEntry *e, int version) 37018de8d7fSPeter Avalos { 371*36e94dc5SPeter Avalos u_int blen; 37218de8d7fSPeter Avalos int success = 0; 37318de8d7fSPeter Avalos Key *key = NULL; 37418de8d7fSPeter Avalos u_char *blob; 375*36e94dc5SPeter Avalos #ifdef WITH_SSH1 376*36e94dc5SPeter Avalos u_int bits; 377*36e94dc5SPeter Avalos #endif /* WITH_SSH1 */ 37818de8d7fSPeter Avalos 37918de8d7fSPeter Avalos switch (version) { 380*36e94dc5SPeter Avalos #ifdef WITH_SSH1 38118de8d7fSPeter Avalos case 1: 38218de8d7fSPeter Avalos key = key_new(KEY_RSA1); 38318de8d7fSPeter Avalos bits = buffer_get_int(&e->request); 38418de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->e); 38518de8d7fSPeter Avalos buffer_get_bignum(&e->request, key->rsa->n); 38618de8d7fSPeter Avalos 38718de8d7fSPeter Avalos if (bits != key_size(key)) 38818de8d7fSPeter Avalos logit("Warning: identity keysize mismatch: actual %u, announced %u", 38918de8d7fSPeter Avalos key_size(key), bits); 39018de8d7fSPeter Avalos break; 391*36e94dc5SPeter Avalos #endif /* WITH_SSH1 */ 39218de8d7fSPeter Avalos case 2: 39318de8d7fSPeter Avalos blob = buffer_get_string(&e->request, &blen); 39418de8d7fSPeter Avalos key = key_from_blob(blob, blen); 395*36e94dc5SPeter Avalos free(blob); 39618de8d7fSPeter Avalos break; 39718de8d7fSPeter Avalos } 39818de8d7fSPeter Avalos if (key != NULL) { 39918de8d7fSPeter Avalos Identity *id = lookup_identity(key, version); 40018de8d7fSPeter Avalos if (id != NULL) { 40118de8d7fSPeter Avalos /* 40218de8d7fSPeter Avalos * We have this key. Free the old key. Since we 40318de8d7fSPeter Avalos * don't want to leave empty slots in the middle of 40418de8d7fSPeter Avalos * the array, we actually free the key there and move 40518de8d7fSPeter Avalos * all the entries between the empty slot and the end 40618de8d7fSPeter Avalos * of the array. 40718de8d7fSPeter Avalos */ 40818de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 40918de8d7fSPeter Avalos if (tab->nentries < 1) 41018de8d7fSPeter Avalos fatal("process_remove_identity: " 41118de8d7fSPeter Avalos "internal error: tab->nentries %d", 41218de8d7fSPeter Avalos tab->nentries); 41318de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 41418de8d7fSPeter Avalos free_identity(id); 41518de8d7fSPeter Avalos tab->nentries--; 41618de8d7fSPeter Avalos success = 1; 41718de8d7fSPeter Avalos } 41818de8d7fSPeter Avalos key_free(key); 41918de8d7fSPeter Avalos } 42018de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 42118de8d7fSPeter Avalos buffer_put_char(&e->output, 42218de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 42318de8d7fSPeter Avalos } 42418de8d7fSPeter Avalos 42518de8d7fSPeter Avalos static void 42618de8d7fSPeter Avalos process_remove_all_identities(SocketEntry *e, int version) 42718de8d7fSPeter Avalos { 42818de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 42918de8d7fSPeter Avalos Identity *id; 43018de8d7fSPeter Avalos 43118de8d7fSPeter Avalos /* Loop over all identities and clear the keys. */ 43218de8d7fSPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; 43318de8d7fSPeter Avalos id = TAILQ_FIRST(&tab->idlist)) { 43418de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 43518de8d7fSPeter Avalos free_identity(id); 43618de8d7fSPeter Avalos } 43718de8d7fSPeter Avalos 43818de8d7fSPeter Avalos /* Mark that there are no identities. */ 43918de8d7fSPeter Avalos tab->nentries = 0; 44018de8d7fSPeter Avalos 44118de8d7fSPeter Avalos /* Send success. */ 44218de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 44318de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_SUCCESS); 44418de8d7fSPeter Avalos } 44518de8d7fSPeter Avalos 44618de8d7fSPeter Avalos /* removes expired keys and returns number of seconds until the next expiry */ 447*36e94dc5SPeter Avalos static time_t 44818de8d7fSPeter Avalos reaper(void) 44918de8d7fSPeter Avalos { 450*36e94dc5SPeter Avalos time_t deadline = 0, now = monotime(); 45118de8d7fSPeter Avalos Identity *id, *nxt; 45218de8d7fSPeter Avalos int version; 45318de8d7fSPeter Avalos Idtab *tab; 45418de8d7fSPeter Avalos 45518de8d7fSPeter Avalos for (version = 1; version < 3; version++) { 45618de8d7fSPeter Avalos tab = idtab_lookup(version); 45718de8d7fSPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 45818de8d7fSPeter Avalos nxt = TAILQ_NEXT(id, next); 45918de8d7fSPeter Avalos if (id->death == 0) 46018de8d7fSPeter Avalos continue; 46118de8d7fSPeter Avalos if (now >= id->death) { 46218de8d7fSPeter Avalos debug("expiring key '%s'", id->comment); 46318de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 46418de8d7fSPeter Avalos free_identity(id); 46518de8d7fSPeter Avalos tab->nentries--; 46618de8d7fSPeter Avalos } else 46718de8d7fSPeter Avalos deadline = (deadline == 0) ? id->death : 46818de8d7fSPeter Avalos MIN(deadline, id->death); 46918de8d7fSPeter Avalos } 47018de8d7fSPeter Avalos } 47118de8d7fSPeter Avalos if (deadline == 0 || deadline <= now) 47218de8d7fSPeter Avalos return 0; 47318de8d7fSPeter Avalos else 47418de8d7fSPeter Avalos return (deadline - now); 47518de8d7fSPeter Avalos } 47618de8d7fSPeter Avalos 47718de8d7fSPeter Avalos static void 47818de8d7fSPeter Avalos process_add_identity(SocketEntry *e, int version) 47918de8d7fSPeter Avalos { 48018de8d7fSPeter Avalos Idtab *tab = idtab_lookup(version); 48118de8d7fSPeter Avalos Identity *id; 482*36e94dc5SPeter Avalos int type, success = 0, confirm = 0; 483*36e94dc5SPeter Avalos char *comment; 484*36e94dc5SPeter Avalos time_t death = 0; 48518de8d7fSPeter Avalos Key *k = NULL; 48618de8d7fSPeter Avalos 48718de8d7fSPeter Avalos switch (version) { 488*36e94dc5SPeter Avalos #ifdef WITH_SSH1 48918de8d7fSPeter Avalos case 1: 49018de8d7fSPeter Avalos k = key_new_private(KEY_RSA1); 49118de8d7fSPeter Avalos (void) buffer_get_int(&e->request); /* ignored */ 49218de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->n); 49318de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->e); 49418de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->d); 49518de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->iqmp); 49618de8d7fSPeter Avalos 49718de8d7fSPeter Avalos /* SSH and SSL have p and q swapped */ 49818de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->q); /* p */ 49918de8d7fSPeter Avalos buffer_get_bignum(&e->request, k->rsa->p); /* q */ 50018de8d7fSPeter Avalos 50118de8d7fSPeter Avalos /* Generate additional parameters */ 502*36e94dc5SPeter Avalos if (rsa_generate_additional_parameters(k->rsa) != 0) 503*36e94dc5SPeter Avalos fatal("%s: rsa_generate_additional_parameters " 504*36e94dc5SPeter Avalos "error", __func__); 50518de8d7fSPeter Avalos 50618de8d7fSPeter Avalos /* enable blinding */ 50718de8d7fSPeter Avalos if (RSA_blinding_on(k->rsa, NULL) != 1) { 50818de8d7fSPeter Avalos error("process_add_identity: RSA_blinding_on failed"); 50918de8d7fSPeter Avalos key_free(k); 51018de8d7fSPeter Avalos goto send; 51118de8d7fSPeter Avalos } 51218de8d7fSPeter Avalos break; 513*36e94dc5SPeter Avalos #endif /* WITH_SSH1 */ 514*36e94dc5SPeter Avalos case 2: 515*36e94dc5SPeter Avalos k = key_private_deserialize(&e->request); 51618de8d7fSPeter Avalos if (k == NULL) { 517*36e94dc5SPeter Avalos buffer_clear(&e->request); 51818de8d7fSPeter Avalos goto send; 51918de8d7fSPeter Avalos } 520*36e94dc5SPeter Avalos break; 521*36e94dc5SPeter Avalos } 522*36e94dc5SPeter Avalos if (k == NULL) 523*36e94dc5SPeter Avalos goto send; 524*36e94dc5SPeter Avalos comment = buffer_get_string(&e->request, NULL); 525*36e94dc5SPeter Avalos 52618de8d7fSPeter Avalos while (buffer_len(&e->request)) { 52718de8d7fSPeter Avalos switch ((type = buffer_get_char(&e->request))) { 52818de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_LIFETIME: 529*36e94dc5SPeter Avalos death = monotime() + buffer_get_int(&e->request); 53018de8d7fSPeter Avalos break; 53118de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_CONFIRM: 53218de8d7fSPeter Avalos confirm = 1; 53318de8d7fSPeter Avalos break; 53418de8d7fSPeter Avalos default: 53518de8d7fSPeter Avalos error("process_add_identity: " 53618de8d7fSPeter Avalos "Unknown constraint type %d", type); 537*36e94dc5SPeter Avalos free(comment); 53818de8d7fSPeter Avalos key_free(k); 53918de8d7fSPeter Avalos goto send; 54018de8d7fSPeter Avalos } 54118de8d7fSPeter Avalos } 54218de8d7fSPeter Avalos success = 1; 54318de8d7fSPeter Avalos if (lifetime && !death) 544*36e94dc5SPeter Avalos death = monotime() + lifetime; 54518de8d7fSPeter Avalos if ((id = lookup_identity(k, version)) == NULL) { 546856ea928SPeter Avalos id = xcalloc(1, sizeof(Identity)); 54718de8d7fSPeter Avalos id->key = k; 54818de8d7fSPeter Avalos TAILQ_INSERT_TAIL(&tab->idlist, id, next); 54918de8d7fSPeter Avalos /* Increment the number of identities. */ 55018de8d7fSPeter Avalos tab->nentries++; 55118de8d7fSPeter Avalos } else { 55218de8d7fSPeter Avalos key_free(k); 553*36e94dc5SPeter Avalos free(id->comment); 55418de8d7fSPeter Avalos } 55518de8d7fSPeter Avalos id->comment = comment; 55618de8d7fSPeter Avalos id->death = death; 55718de8d7fSPeter Avalos id->confirm = confirm; 55818de8d7fSPeter Avalos send: 55918de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 56018de8d7fSPeter Avalos buffer_put_char(&e->output, 56118de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 56218de8d7fSPeter Avalos } 56318de8d7fSPeter Avalos 56418de8d7fSPeter Avalos /* XXX todo: encrypt sensitive data with passphrase */ 56518de8d7fSPeter Avalos static void 56618de8d7fSPeter Avalos process_lock_agent(SocketEntry *e, int lock) 56718de8d7fSPeter Avalos { 56818de8d7fSPeter Avalos int success = 0; 56918de8d7fSPeter Avalos char *passwd; 57018de8d7fSPeter Avalos 57118de8d7fSPeter Avalos passwd = buffer_get_string(&e->request, NULL); 57218de8d7fSPeter Avalos if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { 57318de8d7fSPeter Avalos locked = 0; 574*36e94dc5SPeter Avalos explicit_bzero(lock_passwd, strlen(lock_passwd)); 575*36e94dc5SPeter Avalos free(lock_passwd); 57618de8d7fSPeter Avalos lock_passwd = NULL; 57718de8d7fSPeter Avalos success = 1; 57818de8d7fSPeter Avalos } else if (!locked && lock) { 57918de8d7fSPeter Avalos locked = 1; 58018de8d7fSPeter Avalos lock_passwd = xstrdup(passwd); 58118de8d7fSPeter Avalos success = 1; 58218de8d7fSPeter Avalos } 583*36e94dc5SPeter Avalos explicit_bzero(passwd, strlen(passwd)); 584*36e94dc5SPeter Avalos free(passwd); 58518de8d7fSPeter Avalos 58618de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 58718de8d7fSPeter Avalos buffer_put_char(&e->output, 58818de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 58918de8d7fSPeter Avalos } 59018de8d7fSPeter Avalos 59118de8d7fSPeter Avalos static void 59218de8d7fSPeter Avalos no_identities(SocketEntry *e, u_int type) 59318de8d7fSPeter Avalos { 59418de8d7fSPeter Avalos Buffer msg; 59518de8d7fSPeter Avalos 59618de8d7fSPeter Avalos buffer_init(&msg); 59718de8d7fSPeter Avalos buffer_put_char(&msg, 59818de8d7fSPeter Avalos (type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ? 59918de8d7fSPeter Avalos SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER); 60018de8d7fSPeter Avalos buffer_put_int(&msg, 0); 60118de8d7fSPeter Avalos buffer_put_int(&e->output, buffer_len(&msg)); 60218de8d7fSPeter Avalos buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg)); 60318de8d7fSPeter Avalos buffer_free(&msg); 60418de8d7fSPeter Avalos } 60518de8d7fSPeter Avalos 606856ea928SPeter Avalos #ifdef ENABLE_PKCS11 60718de8d7fSPeter Avalos static void 60818de8d7fSPeter Avalos process_add_smartcard_key(SocketEntry *e) 60918de8d7fSPeter Avalos { 610856ea928SPeter Avalos char *provider = NULL, *pin; 611*36e94dc5SPeter Avalos int i, type, version, count = 0, success = 0, confirm = 0; 612*36e94dc5SPeter Avalos time_t death = 0; 613856ea928SPeter Avalos Key **keys = NULL, *k; 61418de8d7fSPeter Avalos Identity *id; 61518de8d7fSPeter Avalos Idtab *tab; 61618de8d7fSPeter Avalos 617856ea928SPeter Avalos provider = buffer_get_string(&e->request, NULL); 61818de8d7fSPeter Avalos pin = buffer_get_string(&e->request, NULL); 61918de8d7fSPeter Avalos 62018de8d7fSPeter Avalos while (buffer_len(&e->request)) { 62118de8d7fSPeter Avalos switch ((type = buffer_get_char(&e->request))) { 62218de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_LIFETIME: 623*36e94dc5SPeter Avalos death = monotime() + buffer_get_int(&e->request); 62418de8d7fSPeter Avalos break; 62518de8d7fSPeter Avalos case SSH_AGENT_CONSTRAIN_CONFIRM: 62618de8d7fSPeter Avalos confirm = 1; 62718de8d7fSPeter Avalos break; 62818de8d7fSPeter Avalos default: 62918de8d7fSPeter Avalos error("process_add_smartcard_key: " 63018de8d7fSPeter Avalos "Unknown constraint type %d", type); 63118de8d7fSPeter Avalos goto send; 63218de8d7fSPeter Avalos } 63318de8d7fSPeter Avalos } 63418de8d7fSPeter Avalos if (lifetime && !death) 635*36e94dc5SPeter Avalos death = monotime() + lifetime; 63618de8d7fSPeter Avalos 637856ea928SPeter Avalos count = pkcs11_add_provider(provider, pin, &keys); 638856ea928SPeter Avalos for (i = 0; i < count; i++) { 63918de8d7fSPeter Avalos k = keys[i]; 64018de8d7fSPeter Avalos version = k->type == KEY_RSA1 ? 1 : 2; 64118de8d7fSPeter Avalos tab = idtab_lookup(version); 64218de8d7fSPeter Avalos if (lookup_identity(k, version) == NULL) { 643856ea928SPeter Avalos id = xcalloc(1, sizeof(Identity)); 64418de8d7fSPeter Avalos id->key = k; 645856ea928SPeter Avalos id->provider = xstrdup(provider); 646856ea928SPeter Avalos id->comment = xstrdup(provider); /* XXX */ 64718de8d7fSPeter Avalos id->death = death; 64818de8d7fSPeter Avalos id->confirm = confirm; 64918de8d7fSPeter Avalos TAILQ_INSERT_TAIL(&tab->idlist, id, next); 65018de8d7fSPeter Avalos tab->nentries++; 65118de8d7fSPeter Avalos success = 1; 65218de8d7fSPeter Avalos } else { 65318de8d7fSPeter Avalos key_free(k); 65418de8d7fSPeter Avalos } 65518de8d7fSPeter Avalos keys[i] = NULL; 65618de8d7fSPeter Avalos } 65718de8d7fSPeter Avalos send: 658*36e94dc5SPeter Avalos free(pin); 659*36e94dc5SPeter Avalos free(provider); 660*36e94dc5SPeter Avalos free(keys); 66118de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 66218de8d7fSPeter Avalos buffer_put_char(&e->output, 66318de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 66418de8d7fSPeter Avalos } 66518de8d7fSPeter Avalos 66618de8d7fSPeter Avalos static void 66718de8d7fSPeter Avalos process_remove_smartcard_key(SocketEntry *e) 66818de8d7fSPeter Avalos { 669856ea928SPeter Avalos char *provider = NULL, *pin = NULL; 670856ea928SPeter Avalos int version, success = 0; 671856ea928SPeter Avalos Identity *id, *nxt; 67218de8d7fSPeter Avalos Idtab *tab; 67318de8d7fSPeter Avalos 674856ea928SPeter Avalos provider = buffer_get_string(&e->request, NULL); 67518de8d7fSPeter Avalos pin = buffer_get_string(&e->request, NULL); 676*36e94dc5SPeter Avalos free(pin); 67718de8d7fSPeter Avalos 678856ea928SPeter Avalos for (version = 1; version < 3; version++) { 67918de8d7fSPeter Avalos tab = idtab_lookup(version); 680856ea928SPeter Avalos for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 681856ea928SPeter Avalos nxt = TAILQ_NEXT(id, next); 682*36e94dc5SPeter Avalos /* Skip file--based keys */ 683*36e94dc5SPeter Avalos if (id->provider == NULL) 684*36e94dc5SPeter Avalos continue; 685856ea928SPeter Avalos if (!strcmp(provider, id->provider)) { 68618de8d7fSPeter Avalos TAILQ_REMOVE(&tab->idlist, id, next); 68718de8d7fSPeter Avalos free_identity(id); 688856ea928SPeter Avalos tab->nentries--; 689856ea928SPeter Avalos } 690856ea928SPeter Avalos } 691856ea928SPeter Avalos } 692856ea928SPeter Avalos if (pkcs11_del_provider(provider) == 0) 69318de8d7fSPeter Avalos success = 1; 694856ea928SPeter Avalos else 695856ea928SPeter Avalos error("process_remove_smartcard_key:" 696856ea928SPeter Avalos " pkcs11_del_provider failed"); 697*36e94dc5SPeter Avalos free(provider); 69818de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 69918de8d7fSPeter Avalos buffer_put_char(&e->output, 70018de8d7fSPeter Avalos success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); 70118de8d7fSPeter Avalos } 702856ea928SPeter Avalos #endif /* ENABLE_PKCS11 */ 70318de8d7fSPeter Avalos 70418de8d7fSPeter Avalos /* dispatch incoming messages */ 70518de8d7fSPeter Avalos 70618de8d7fSPeter Avalos static void 70718de8d7fSPeter Avalos process_message(SocketEntry *e) 70818de8d7fSPeter Avalos { 70918de8d7fSPeter Avalos u_int msg_len, type; 71018de8d7fSPeter Avalos u_char *cp; 71118de8d7fSPeter Avalos 71218de8d7fSPeter Avalos if (buffer_len(&e->input) < 5) 71318de8d7fSPeter Avalos return; /* Incomplete message. */ 71418de8d7fSPeter Avalos cp = buffer_ptr(&e->input); 71518de8d7fSPeter Avalos msg_len = get_u32(cp); 71618de8d7fSPeter Avalos if (msg_len > 256 * 1024) { 71718de8d7fSPeter Avalos close_socket(e); 71818de8d7fSPeter Avalos return; 71918de8d7fSPeter Avalos } 72018de8d7fSPeter Avalos if (buffer_len(&e->input) < msg_len + 4) 72118de8d7fSPeter Avalos return; 72218de8d7fSPeter Avalos 72318de8d7fSPeter Avalos /* move the current input to e->request */ 72418de8d7fSPeter Avalos buffer_consume(&e->input, 4); 72518de8d7fSPeter Avalos buffer_clear(&e->request); 72618de8d7fSPeter Avalos buffer_append(&e->request, buffer_ptr(&e->input), msg_len); 72718de8d7fSPeter Avalos buffer_consume(&e->input, msg_len); 72818de8d7fSPeter Avalos type = buffer_get_char(&e->request); 72918de8d7fSPeter Avalos 73018de8d7fSPeter Avalos /* check wheter agent is locked */ 73118de8d7fSPeter Avalos if (locked && type != SSH_AGENTC_UNLOCK) { 73218de8d7fSPeter Avalos buffer_clear(&e->request); 73318de8d7fSPeter Avalos switch (type) { 73418de8d7fSPeter Avalos case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 73518de8d7fSPeter Avalos case SSH2_AGENTC_REQUEST_IDENTITIES: 73618de8d7fSPeter Avalos /* send empty lists */ 73718de8d7fSPeter Avalos no_identities(e, type); 73818de8d7fSPeter Avalos break; 73918de8d7fSPeter Avalos default: 74018de8d7fSPeter Avalos /* send a fail message for all other request types */ 74118de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 74218de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_FAILURE); 74318de8d7fSPeter Avalos } 74418de8d7fSPeter Avalos return; 74518de8d7fSPeter Avalos } 74618de8d7fSPeter Avalos 74718de8d7fSPeter Avalos debug("type %d", type); 74818de8d7fSPeter Avalos switch (type) { 74918de8d7fSPeter Avalos case SSH_AGENTC_LOCK: 75018de8d7fSPeter Avalos case SSH_AGENTC_UNLOCK: 75118de8d7fSPeter Avalos process_lock_agent(e, type == SSH_AGENTC_LOCK); 75218de8d7fSPeter Avalos break; 753*36e94dc5SPeter Avalos #ifdef WITH_SSH1 75418de8d7fSPeter Avalos /* ssh1 */ 75518de8d7fSPeter Avalos case SSH_AGENTC_RSA_CHALLENGE: 75618de8d7fSPeter Avalos process_authentication_challenge1(e); 75718de8d7fSPeter Avalos break; 75818de8d7fSPeter Avalos case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 75918de8d7fSPeter Avalos process_request_identities(e, 1); 76018de8d7fSPeter Avalos break; 76118de8d7fSPeter Avalos case SSH_AGENTC_ADD_RSA_IDENTITY: 76218de8d7fSPeter Avalos case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: 76318de8d7fSPeter Avalos process_add_identity(e, 1); 76418de8d7fSPeter Avalos break; 76518de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_RSA_IDENTITY: 76618de8d7fSPeter Avalos process_remove_identity(e, 1); 76718de8d7fSPeter Avalos break; 76818de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: 76918de8d7fSPeter Avalos process_remove_all_identities(e, 1); 77018de8d7fSPeter Avalos break; 771*36e94dc5SPeter Avalos #endif 77218de8d7fSPeter Avalos /* ssh2 */ 77318de8d7fSPeter Avalos case SSH2_AGENTC_SIGN_REQUEST: 77418de8d7fSPeter Avalos process_sign_request2(e); 77518de8d7fSPeter Avalos break; 77618de8d7fSPeter Avalos case SSH2_AGENTC_REQUEST_IDENTITIES: 77718de8d7fSPeter Avalos process_request_identities(e, 2); 77818de8d7fSPeter Avalos break; 77918de8d7fSPeter Avalos case SSH2_AGENTC_ADD_IDENTITY: 78018de8d7fSPeter Avalos case SSH2_AGENTC_ADD_ID_CONSTRAINED: 78118de8d7fSPeter Avalos process_add_identity(e, 2); 78218de8d7fSPeter Avalos break; 78318de8d7fSPeter Avalos case SSH2_AGENTC_REMOVE_IDENTITY: 78418de8d7fSPeter Avalos process_remove_identity(e, 2); 78518de8d7fSPeter Avalos break; 78618de8d7fSPeter Avalos case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: 78718de8d7fSPeter Avalos process_remove_all_identities(e, 2); 78818de8d7fSPeter Avalos break; 789856ea928SPeter Avalos #ifdef ENABLE_PKCS11 79018de8d7fSPeter Avalos case SSH_AGENTC_ADD_SMARTCARD_KEY: 79118de8d7fSPeter Avalos case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED: 79218de8d7fSPeter Avalos process_add_smartcard_key(e); 79318de8d7fSPeter Avalos break; 79418de8d7fSPeter Avalos case SSH_AGENTC_REMOVE_SMARTCARD_KEY: 79518de8d7fSPeter Avalos process_remove_smartcard_key(e); 79618de8d7fSPeter Avalos break; 797856ea928SPeter Avalos #endif /* ENABLE_PKCS11 */ 79818de8d7fSPeter Avalos default: 79918de8d7fSPeter Avalos /* Unknown message. Respond with failure. */ 80018de8d7fSPeter Avalos error("Unknown message %d", type); 80118de8d7fSPeter Avalos buffer_clear(&e->request); 80218de8d7fSPeter Avalos buffer_put_int(&e->output, 1); 80318de8d7fSPeter Avalos buffer_put_char(&e->output, SSH_AGENT_FAILURE); 80418de8d7fSPeter Avalos break; 80518de8d7fSPeter Avalos } 80618de8d7fSPeter Avalos } 80718de8d7fSPeter Avalos 80818de8d7fSPeter Avalos static void 80918de8d7fSPeter Avalos new_socket(sock_type type, int fd) 81018de8d7fSPeter Avalos { 81118de8d7fSPeter Avalos u_int i, old_alloc, new_alloc; 81218de8d7fSPeter Avalos 81318de8d7fSPeter Avalos set_nonblock(fd); 81418de8d7fSPeter Avalos 81518de8d7fSPeter Avalos if (fd > max_fd) 81618de8d7fSPeter Avalos max_fd = fd; 81718de8d7fSPeter Avalos 81818de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) 81918de8d7fSPeter Avalos if (sockets[i].type == AUTH_UNUSED) { 82018de8d7fSPeter Avalos sockets[i].fd = fd; 82118de8d7fSPeter Avalos buffer_init(&sockets[i].input); 82218de8d7fSPeter Avalos buffer_init(&sockets[i].output); 82318de8d7fSPeter Avalos buffer_init(&sockets[i].request); 82418de8d7fSPeter Avalos sockets[i].type = type; 82518de8d7fSPeter Avalos return; 82618de8d7fSPeter Avalos } 82718de8d7fSPeter Avalos old_alloc = sockets_alloc; 82818de8d7fSPeter Avalos new_alloc = sockets_alloc + 10; 82918de8d7fSPeter Avalos sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0])); 83018de8d7fSPeter Avalos for (i = old_alloc; i < new_alloc; i++) 83118de8d7fSPeter Avalos sockets[i].type = AUTH_UNUSED; 83218de8d7fSPeter Avalos sockets_alloc = new_alloc; 83318de8d7fSPeter Avalos sockets[old_alloc].fd = fd; 83418de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].input); 83518de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].output); 83618de8d7fSPeter Avalos buffer_init(&sockets[old_alloc].request); 83718de8d7fSPeter Avalos sockets[old_alloc].type = type; 83818de8d7fSPeter Avalos } 83918de8d7fSPeter Avalos 84018de8d7fSPeter Avalos static int 84118de8d7fSPeter Avalos prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, 84218de8d7fSPeter Avalos struct timeval **tvpp) 84318de8d7fSPeter Avalos { 844*36e94dc5SPeter Avalos u_int i, sz; 84518de8d7fSPeter Avalos int n = 0; 84618de8d7fSPeter Avalos static struct timeval tv; 847*36e94dc5SPeter Avalos time_t deadline; 84818de8d7fSPeter Avalos 84918de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) { 85018de8d7fSPeter Avalos switch (sockets[i].type) { 85118de8d7fSPeter Avalos case AUTH_SOCKET: 85218de8d7fSPeter Avalos case AUTH_CONNECTION: 85318de8d7fSPeter Avalos n = MAX(n, sockets[i].fd); 85418de8d7fSPeter Avalos break; 85518de8d7fSPeter Avalos case AUTH_UNUSED: 85618de8d7fSPeter Avalos break; 85718de8d7fSPeter Avalos default: 85818de8d7fSPeter Avalos fatal("Unknown socket type %d", sockets[i].type); 85918de8d7fSPeter Avalos break; 86018de8d7fSPeter Avalos } 86118de8d7fSPeter Avalos } 86218de8d7fSPeter Avalos 86318de8d7fSPeter Avalos sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); 86418de8d7fSPeter Avalos if (*fdrp == NULL || sz > *nallocp) { 865*36e94dc5SPeter Avalos free(*fdrp); 866*36e94dc5SPeter Avalos free(*fdwp); 86718de8d7fSPeter Avalos *fdrp = xmalloc(sz); 86818de8d7fSPeter Avalos *fdwp = xmalloc(sz); 86918de8d7fSPeter Avalos *nallocp = sz; 87018de8d7fSPeter Avalos } 87118de8d7fSPeter Avalos if (n < *fdl) 87218de8d7fSPeter Avalos debug("XXX shrink: %d < %d", n, *fdl); 87318de8d7fSPeter Avalos *fdl = n; 87418de8d7fSPeter Avalos memset(*fdrp, 0, sz); 87518de8d7fSPeter Avalos memset(*fdwp, 0, sz); 87618de8d7fSPeter Avalos 87718de8d7fSPeter Avalos for (i = 0; i < sockets_alloc; i++) { 87818de8d7fSPeter Avalos switch (sockets[i].type) { 87918de8d7fSPeter Avalos case AUTH_SOCKET: 88018de8d7fSPeter Avalos case AUTH_CONNECTION: 88118de8d7fSPeter Avalos FD_SET(sockets[i].fd, *fdrp); 88218de8d7fSPeter Avalos if (buffer_len(&sockets[i].output) > 0) 88318de8d7fSPeter Avalos FD_SET(sockets[i].fd, *fdwp); 88418de8d7fSPeter Avalos break; 88518de8d7fSPeter Avalos default: 88618de8d7fSPeter Avalos break; 88718de8d7fSPeter Avalos } 88818de8d7fSPeter Avalos } 88918de8d7fSPeter Avalos deadline = reaper(); 89018de8d7fSPeter Avalos if (parent_alive_interval != 0) 89118de8d7fSPeter Avalos deadline = (deadline == 0) ? parent_alive_interval : 89218de8d7fSPeter Avalos MIN(deadline, parent_alive_interval); 89318de8d7fSPeter Avalos if (deadline == 0) { 89418de8d7fSPeter Avalos *tvpp = NULL; 89518de8d7fSPeter Avalos } else { 89618de8d7fSPeter Avalos tv.tv_sec = deadline; 89718de8d7fSPeter Avalos tv.tv_usec = 0; 89818de8d7fSPeter Avalos *tvpp = &tv; 89918de8d7fSPeter Avalos } 90018de8d7fSPeter Avalos return (1); 90118de8d7fSPeter Avalos } 90218de8d7fSPeter Avalos 90318de8d7fSPeter Avalos static void 90418de8d7fSPeter Avalos after_select(fd_set *readset, fd_set *writeset) 90518de8d7fSPeter Avalos { 90618de8d7fSPeter Avalos struct sockaddr_un sunaddr; 90718de8d7fSPeter Avalos socklen_t slen; 90818de8d7fSPeter Avalos char buf[1024]; 90918de8d7fSPeter Avalos int len, sock; 910856ea928SPeter Avalos u_int i, orig_alloc; 91118de8d7fSPeter Avalos uid_t euid; 91218de8d7fSPeter Avalos gid_t egid; 91318de8d7fSPeter Avalos 914856ea928SPeter Avalos for (i = 0, orig_alloc = sockets_alloc; i < orig_alloc; i++) 91518de8d7fSPeter Avalos switch (sockets[i].type) { 91618de8d7fSPeter Avalos case AUTH_UNUSED: 91718de8d7fSPeter Avalos break; 91818de8d7fSPeter Avalos case AUTH_SOCKET: 91918de8d7fSPeter Avalos if (FD_ISSET(sockets[i].fd, readset)) { 92018de8d7fSPeter Avalos slen = sizeof(sunaddr); 92118de8d7fSPeter Avalos sock = accept(sockets[i].fd, 92218de8d7fSPeter Avalos (struct sockaddr *)&sunaddr, &slen); 92318de8d7fSPeter Avalos if (sock < 0) { 92418de8d7fSPeter Avalos error("accept from AUTH_SOCKET: %s", 92518de8d7fSPeter Avalos strerror(errno)); 92618de8d7fSPeter Avalos break; 92718de8d7fSPeter Avalos } 92818de8d7fSPeter Avalos if (getpeereid(sock, &euid, &egid) < 0) { 92918de8d7fSPeter Avalos error("getpeereid %d failed: %s", 93018de8d7fSPeter Avalos sock, strerror(errno)); 93118de8d7fSPeter Avalos close(sock); 93218de8d7fSPeter Avalos break; 93318de8d7fSPeter Avalos } 93418de8d7fSPeter Avalos if ((euid != 0) && (getuid() != euid)) { 93518de8d7fSPeter Avalos error("uid mismatch: " 93618de8d7fSPeter Avalos "peer euid %u != uid %u", 93718de8d7fSPeter Avalos (u_int) euid, (u_int) getuid()); 93818de8d7fSPeter Avalos close(sock); 93918de8d7fSPeter Avalos break; 94018de8d7fSPeter Avalos } 94118de8d7fSPeter Avalos new_socket(AUTH_CONNECTION, sock); 94218de8d7fSPeter Avalos } 94318de8d7fSPeter Avalos break; 94418de8d7fSPeter Avalos case AUTH_CONNECTION: 94518de8d7fSPeter Avalos if (buffer_len(&sockets[i].output) > 0 && 94618de8d7fSPeter Avalos FD_ISSET(sockets[i].fd, writeset)) { 94718de8d7fSPeter Avalos len = write(sockets[i].fd, 94818de8d7fSPeter Avalos buffer_ptr(&sockets[i].output), 94918de8d7fSPeter Avalos buffer_len(&sockets[i].output)); 95018de8d7fSPeter Avalos if (len == -1 && (errno == EAGAIN || 951856ea928SPeter Avalos errno == EWOULDBLOCK || 952856ea928SPeter Avalos errno == EINTR)) 95318de8d7fSPeter Avalos continue; 95418de8d7fSPeter Avalos if (len <= 0) { 95518de8d7fSPeter Avalos close_socket(&sockets[i]); 95618de8d7fSPeter Avalos break; 95718de8d7fSPeter Avalos } 95818de8d7fSPeter Avalos buffer_consume(&sockets[i].output, len); 95918de8d7fSPeter Avalos } 96018de8d7fSPeter Avalos if (FD_ISSET(sockets[i].fd, readset)) { 96118de8d7fSPeter Avalos len = read(sockets[i].fd, buf, sizeof(buf)); 96218de8d7fSPeter Avalos if (len == -1 && (errno == EAGAIN || 963856ea928SPeter Avalos errno == EWOULDBLOCK || 964856ea928SPeter Avalos errno == EINTR)) 96518de8d7fSPeter Avalos continue; 96618de8d7fSPeter Avalos if (len <= 0) { 96718de8d7fSPeter Avalos close_socket(&sockets[i]); 96818de8d7fSPeter Avalos break; 96918de8d7fSPeter Avalos } 97018de8d7fSPeter Avalos buffer_append(&sockets[i].input, buf, len); 971*36e94dc5SPeter Avalos explicit_bzero(buf, sizeof(buf)); 97218de8d7fSPeter Avalos process_message(&sockets[i]); 97318de8d7fSPeter Avalos } 97418de8d7fSPeter Avalos break; 97518de8d7fSPeter Avalos default: 97618de8d7fSPeter Avalos fatal("Unknown type %d", sockets[i].type); 97718de8d7fSPeter Avalos } 97818de8d7fSPeter Avalos } 97918de8d7fSPeter Avalos 98018de8d7fSPeter Avalos static void 98118de8d7fSPeter Avalos cleanup_socket(void) 98218de8d7fSPeter Avalos { 983*36e94dc5SPeter Avalos if (cleanup_pid != 0 && getpid() != cleanup_pid) 984*36e94dc5SPeter Avalos return; 985*36e94dc5SPeter Avalos debug("%s: cleanup", __func__); 98618de8d7fSPeter Avalos if (socket_name[0]) 98718de8d7fSPeter Avalos unlink(socket_name); 98818de8d7fSPeter Avalos if (socket_dir[0]) 98918de8d7fSPeter Avalos rmdir(socket_dir); 99018de8d7fSPeter Avalos } 99118de8d7fSPeter Avalos 99218de8d7fSPeter Avalos void 99318de8d7fSPeter Avalos cleanup_exit(int i) 99418de8d7fSPeter Avalos { 99518de8d7fSPeter Avalos cleanup_socket(); 99618de8d7fSPeter Avalos _exit(i); 99718de8d7fSPeter Avalos } 99818de8d7fSPeter Avalos 99918de8d7fSPeter Avalos /*ARGSUSED*/ 100018de8d7fSPeter Avalos static void 100118de8d7fSPeter Avalos cleanup_handler(int sig) 100218de8d7fSPeter Avalos { 100318de8d7fSPeter Avalos cleanup_socket(); 1004856ea928SPeter Avalos #ifdef ENABLE_PKCS11 1005856ea928SPeter Avalos pkcs11_terminate(); 1006856ea928SPeter Avalos #endif 100718de8d7fSPeter Avalos _exit(2); 100818de8d7fSPeter Avalos } 100918de8d7fSPeter Avalos 101018de8d7fSPeter Avalos static void 101118de8d7fSPeter Avalos check_parent_exists(void) 101218de8d7fSPeter Avalos { 10131c188a7fSPeter Avalos /* 10141c188a7fSPeter Avalos * If our parent has exited then getppid() will return (pid_t)1, 10151c188a7fSPeter Avalos * so testing for that should be safe. 10161c188a7fSPeter Avalos */ 10171c188a7fSPeter Avalos if (parent_pid != -1 && getppid() != parent_pid) { 101818de8d7fSPeter Avalos /* printf("Parent has died - Authentication agent exiting.\n"); */ 101918de8d7fSPeter Avalos cleanup_socket(); 102018de8d7fSPeter Avalos _exit(2); 102118de8d7fSPeter Avalos } 102218de8d7fSPeter Avalos } 102318de8d7fSPeter Avalos 102418de8d7fSPeter Avalos static void 102518de8d7fSPeter Avalos usage(void) 102618de8d7fSPeter Avalos { 1027*36e94dc5SPeter Avalos fprintf(stderr, 1028*36e94dc5SPeter Avalos "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n" 1029*36e94dc5SPeter Avalos " [command [arg ...]]\n" 1030*36e94dc5SPeter Avalos " ssh-agent [-c | -s] -k\n"); 103118de8d7fSPeter Avalos exit(1); 103218de8d7fSPeter Avalos } 103318de8d7fSPeter Avalos 103418de8d7fSPeter Avalos int 103518de8d7fSPeter Avalos main(int ac, char **av) 103618de8d7fSPeter Avalos { 103718de8d7fSPeter Avalos int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0; 103818de8d7fSPeter Avalos int sock, fd, ch, result, saved_errno; 103918de8d7fSPeter Avalos u_int nalloc; 104018de8d7fSPeter Avalos char *shell, *format, *pidstr, *agentsocket = NULL; 104118de8d7fSPeter Avalos fd_set *readsetp = NULL, *writesetp = NULL; 104218de8d7fSPeter Avalos #ifdef HAVE_SETRLIMIT 104318de8d7fSPeter Avalos struct rlimit rlim; 104418de8d7fSPeter Avalos #endif 104518de8d7fSPeter Avalos extern int optind; 104618de8d7fSPeter Avalos extern char *optarg; 104718de8d7fSPeter Avalos pid_t pid; 104818de8d7fSPeter Avalos char pidstrbuf[1 + 3 * sizeof pid]; 104918de8d7fSPeter Avalos struct timeval *tvp = NULL; 105040c002afSPeter Avalos size_t len; 1051*36e94dc5SPeter Avalos mode_t prev_mask; 105218de8d7fSPeter Avalos 105318de8d7fSPeter Avalos /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 105418de8d7fSPeter Avalos sanitise_stdfd(); 105518de8d7fSPeter Avalos 105618de8d7fSPeter Avalos /* drop */ 105718de8d7fSPeter Avalos setegid(getgid()); 105818de8d7fSPeter Avalos setgid(getgid()); 105918de8d7fSPeter Avalos 106018de8d7fSPeter Avalos #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 106118de8d7fSPeter Avalos /* Disable ptrace on Linux without sgid bit */ 106218de8d7fSPeter Avalos prctl(PR_SET_DUMPABLE, 0); 106318de8d7fSPeter Avalos #endif 106418de8d7fSPeter Avalos 1065*36e94dc5SPeter Avalos #ifdef WITH_OPENSSL 10669f304aafSPeter Avalos OpenSSL_add_all_algorithms(); 1067*36e94dc5SPeter Avalos #endif 106818de8d7fSPeter Avalos 106918de8d7fSPeter Avalos __progname = ssh_get_progname(av[0]); 107018de8d7fSPeter Avalos seed_rng(); 107118de8d7fSPeter Avalos 107218de8d7fSPeter Avalos while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { 107318de8d7fSPeter Avalos switch (ch) { 107418de8d7fSPeter Avalos case 'c': 107518de8d7fSPeter Avalos if (s_flag) 107618de8d7fSPeter Avalos usage(); 107718de8d7fSPeter Avalos c_flag++; 107818de8d7fSPeter Avalos break; 107918de8d7fSPeter Avalos case 'k': 108018de8d7fSPeter Avalos k_flag++; 108118de8d7fSPeter Avalos break; 108218de8d7fSPeter Avalos case 's': 108318de8d7fSPeter Avalos if (c_flag) 108418de8d7fSPeter Avalos usage(); 108518de8d7fSPeter Avalos s_flag++; 108618de8d7fSPeter Avalos break; 108718de8d7fSPeter Avalos case 'd': 108818de8d7fSPeter Avalos if (d_flag) 108918de8d7fSPeter Avalos usage(); 109018de8d7fSPeter Avalos d_flag++; 109118de8d7fSPeter Avalos break; 109218de8d7fSPeter Avalos case 'a': 109318de8d7fSPeter Avalos agentsocket = optarg; 109418de8d7fSPeter Avalos break; 109518de8d7fSPeter Avalos case 't': 109618de8d7fSPeter Avalos if ((lifetime = convtime(optarg)) == -1) { 109718de8d7fSPeter Avalos fprintf(stderr, "Invalid lifetime\n"); 109818de8d7fSPeter Avalos usage(); 109918de8d7fSPeter Avalos } 110018de8d7fSPeter Avalos break; 110118de8d7fSPeter Avalos default: 110218de8d7fSPeter Avalos usage(); 110318de8d7fSPeter Avalos } 110418de8d7fSPeter Avalos } 110518de8d7fSPeter Avalos ac -= optind; 110618de8d7fSPeter Avalos av += optind; 110718de8d7fSPeter Avalos 110818de8d7fSPeter Avalos if (ac > 0 && (c_flag || k_flag || s_flag || d_flag)) 110918de8d7fSPeter Avalos usage(); 111018de8d7fSPeter Avalos 111118de8d7fSPeter Avalos if (ac == 0 && !c_flag && !s_flag) { 111218de8d7fSPeter Avalos shell = getenv("SHELL"); 111340c002afSPeter Avalos if (shell != NULL && (len = strlen(shell)) > 2 && 111440c002afSPeter Avalos strncmp(shell + len - 3, "csh", 3) == 0) 111518de8d7fSPeter Avalos c_flag = 1; 111618de8d7fSPeter Avalos } 111718de8d7fSPeter Avalos if (k_flag) { 111818de8d7fSPeter Avalos const char *errstr = NULL; 111918de8d7fSPeter Avalos 112018de8d7fSPeter Avalos pidstr = getenv(SSH_AGENTPID_ENV_NAME); 112118de8d7fSPeter Avalos if (pidstr == NULL) { 112218de8d7fSPeter Avalos fprintf(stderr, "%s not set, cannot kill agent\n", 112318de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME); 112418de8d7fSPeter Avalos exit(1); 112518de8d7fSPeter Avalos } 112618de8d7fSPeter Avalos pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); 112718de8d7fSPeter Avalos if (errstr) { 112818de8d7fSPeter Avalos fprintf(stderr, 112918de8d7fSPeter Avalos "%s=\"%s\", which is not a good PID: %s\n", 113018de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME, pidstr, errstr); 113118de8d7fSPeter Avalos exit(1); 113218de8d7fSPeter Avalos } 113318de8d7fSPeter Avalos if (kill(pid, SIGTERM) == -1) { 113418de8d7fSPeter Avalos perror("kill"); 113518de8d7fSPeter Avalos exit(1); 113618de8d7fSPeter Avalos } 113718de8d7fSPeter Avalos format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; 113818de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME); 113918de8d7fSPeter Avalos printf(format, SSH_AGENTPID_ENV_NAME); 114018de8d7fSPeter Avalos printf("echo Agent pid %ld killed;\n", (long)pid); 114118de8d7fSPeter Avalos exit(0); 114218de8d7fSPeter Avalos } 114318de8d7fSPeter Avalos parent_pid = getpid(); 114418de8d7fSPeter Avalos 114518de8d7fSPeter Avalos if (agentsocket == NULL) { 114618de8d7fSPeter Avalos /* Create private directory for agent socket */ 11479f304aafSPeter Avalos mktemp_proto(socket_dir, sizeof(socket_dir)); 114818de8d7fSPeter Avalos if (mkdtemp(socket_dir) == NULL) { 114918de8d7fSPeter Avalos perror("mkdtemp: private socket dir"); 115018de8d7fSPeter Avalos exit(1); 115118de8d7fSPeter Avalos } 115218de8d7fSPeter Avalos snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, 115318de8d7fSPeter Avalos (long)parent_pid); 115418de8d7fSPeter Avalos } else { 115518de8d7fSPeter Avalos /* Try to use specified agent socket */ 115618de8d7fSPeter Avalos socket_dir[0] = '\0'; 115718de8d7fSPeter Avalos strlcpy(socket_name, agentsocket, sizeof socket_name); 115818de8d7fSPeter Avalos } 115918de8d7fSPeter Avalos 116018de8d7fSPeter Avalos /* 116118de8d7fSPeter Avalos * Create socket early so it will exist before command gets run from 116218de8d7fSPeter Avalos * the parent. 116318de8d7fSPeter Avalos */ 116418de8d7fSPeter Avalos prev_mask = umask(0177); 1165*36e94dc5SPeter Avalos sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); 1166*36e94dc5SPeter Avalos if (sock < 0) { 1167*36e94dc5SPeter Avalos /* XXX - unix_listener() calls error() not perror() */ 116818de8d7fSPeter Avalos *socket_name = '\0'; /* Don't unlink any existing file */ 116918de8d7fSPeter Avalos cleanup_exit(1); 117018de8d7fSPeter Avalos } 117118de8d7fSPeter Avalos umask(prev_mask); 117218de8d7fSPeter Avalos 117318de8d7fSPeter Avalos /* 117418de8d7fSPeter Avalos * Fork, and have the parent execute the command, if any, or present 117518de8d7fSPeter Avalos * the socket data. The child continues as the authentication agent. 117618de8d7fSPeter Avalos */ 117718de8d7fSPeter Avalos if (d_flag) { 117818de8d7fSPeter Avalos log_init(__progname, SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 1); 117918de8d7fSPeter Avalos format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 118018de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 118118de8d7fSPeter Avalos SSH_AUTHSOCKET_ENV_NAME); 118218de8d7fSPeter Avalos printf("echo Agent pid %ld;\n", (long)parent_pid); 118318de8d7fSPeter Avalos goto skip; 118418de8d7fSPeter Avalos } 118518de8d7fSPeter Avalos pid = fork(); 118618de8d7fSPeter Avalos if (pid == -1) { 118718de8d7fSPeter Avalos perror("fork"); 118818de8d7fSPeter Avalos cleanup_exit(1); 118918de8d7fSPeter Avalos } 119018de8d7fSPeter Avalos if (pid != 0) { /* Parent - execute the given command. */ 119118de8d7fSPeter Avalos close(sock); 119218de8d7fSPeter Avalos snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid); 119318de8d7fSPeter Avalos if (ac == 0) { 119418de8d7fSPeter Avalos format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 119518de8d7fSPeter Avalos printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 119618de8d7fSPeter Avalos SSH_AUTHSOCKET_ENV_NAME); 119718de8d7fSPeter Avalos printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, 119818de8d7fSPeter Avalos SSH_AGENTPID_ENV_NAME); 119918de8d7fSPeter Avalos printf("echo Agent pid %ld;\n", (long)pid); 120018de8d7fSPeter Avalos exit(0); 120118de8d7fSPeter Avalos } 120218de8d7fSPeter Avalos if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || 120318de8d7fSPeter Avalos setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { 120418de8d7fSPeter Avalos perror("setenv"); 120518de8d7fSPeter Avalos exit(1); 120618de8d7fSPeter Avalos } 120718de8d7fSPeter Avalos execvp(av[0], av); 120818de8d7fSPeter Avalos perror(av[0]); 120918de8d7fSPeter Avalos exit(1); 121018de8d7fSPeter Avalos } 121118de8d7fSPeter Avalos /* child */ 121218de8d7fSPeter Avalos log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); 121318de8d7fSPeter Avalos 121418de8d7fSPeter Avalos if (setsid() == -1) { 121518de8d7fSPeter Avalos error("setsid: %s", strerror(errno)); 121618de8d7fSPeter Avalos cleanup_exit(1); 121718de8d7fSPeter Avalos } 121818de8d7fSPeter Avalos 121918de8d7fSPeter Avalos (void)chdir("/"); 122018de8d7fSPeter Avalos if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { 122118de8d7fSPeter Avalos /* XXX might close listen socket */ 122218de8d7fSPeter Avalos (void)dup2(fd, STDIN_FILENO); 122318de8d7fSPeter Avalos (void)dup2(fd, STDOUT_FILENO); 122418de8d7fSPeter Avalos (void)dup2(fd, STDERR_FILENO); 122518de8d7fSPeter Avalos if (fd > 2) 122618de8d7fSPeter Avalos close(fd); 122718de8d7fSPeter Avalos } 122818de8d7fSPeter Avalos 122918de8d7fSPeter Avalos #ifdef HAVE_SETRLIMIT 123018de8d7fSPeter Avalos /* deny core dumps, since memory contains unencrypted private keys */ 123118de8d7fSPeter Avalos rlim.rlim_cur = rlim.rlim_max = 0; 123218de8d7fSPeter Avalos if (setrlimit(RLIMIT_CORE, &rlim) < 0) { 123318de8d7fSPeter Avalos error("setrlimit RLIMIT_CORE: %s", strerror(errno)); 123418de8d7fSPeter Avalos cleanup_exit(1); 123518de8d7fSPeter Avalos } 123618de8d7fSPeter Avalos #endif 123718de8d7fSPeter Avalos 123818de8d7fSPeter Avalos skip: 1239856ea928SPeter Avalos 1240*36e94dc5SPeter Avalos cleanup_pid = getpid(); 1241*36e94dc5SPeter Avalos 1242856ea928SPeter Avalos #ifdef ENABLE_PKCS11 1243856ea928SPeter Avalos pkcs11_init(0); 1244856ea928SPeter Avalos #endif 124518de8d7fSPeter Avalos new_socket(AUTH_SOCKET, sock); 124618de8d7fSPeter Avalos if (ac > 0) 124718de8d7fSPeter Avalos parent_alive_interval = 10; 124818de8d7fSPeter Avalos idtab_init(); 124918de8d7fSPeter Avalos signal(SIGPIPE, SIG_IGN); 1250*36e94dc5SPeter Avalos signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN); 125118de8d7fSPeter Avalos signal(SIGHUP, cleanup_handler); 125218de8d7fSPeter Avalos signal(SIGTERM, cleanup_handler); 125318de8d7fSPeter Avalos nalloc = 0; 125418de8d7fSPeter Avalos 125518de8d7fSPeter Avalos while (1) { 125618de8d7fSPeter Avalos prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); 125718de8d7fSPeter Avalos result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); 125818de8d7fSPeter Avalos saved_errno = errno; 125918de8d7fSPeter Avalos if (parent_alive_interval != 0) 126018de8d7fSPeter Avalos check_parent_exists(); 126118de8d7fSPeter Avalos (void) reaper(); /* remove expired keys */ 126218de8d7fSPeter Avalos if (result < 0) { 126318de8d7fSPeter Avalos if (saved_errno == EINTR) 126418de8d7fSPeter Avalos continue; 126518de8d7fSPeter Avalos fatal("select: %s", strerror(saved_errno)); 126618de8d7fSPeter Avalos } else if (result > 0) 126718de8d7fSPeter Avalos after_select(readsetp, writesetp); 126818de8d7fSPeter Avalos } 126918de8d7fSPeter Avalos /* NOTREACHED */ 127018de8d7fSPeter Avalos } 1271