Annotation of src/usr.bin/ssh/ssh-agent.c, Revision 1.16
1.16 ! markus 1: /* $OpenBSD: ssh-agent.c,v 1.15 1999/10/28 08:43:10 markus Exp $ */
1.15 markus 2:
1.1 deraadt 3: /*
4:
5: ssh-agent.c
6:
7: Author: Tatu Ylonen <ylo@cs.hut.fi>
8:
9: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10: All rights reserved
11:
12: Created: Wed Mar 29 03:46:59 1995 ylo
13:
14: The authentication agent program.
15:
16: */
17:
18: #include "includes.h"
1.16 ! markus 19: RCSID("$OpenBSD: ssh-agent.c,v 1.15 1999/10/28 08:43:10 markus Exp $");
1.1 deraadt 20:
21: #include "ssh.h"
22: #include "rsa.h"
23: #include "authfd.h"
24: #include "buffer.h"
25: #include "bufaux.h"
26: #include "xmalloc.h"
27: #include "packet.h"
28: #include "getput.h"
29: #include "mpaux.h"
30:
1.13 deraadt 31: #include <ssl/md5.h>
1.7 deraadt 32:
1.1 deraadt 33: typedef struct
34: {
35: int fd;
1.12 markus 36: enum { AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION } type;
1.1 deraadt 37: Buffer input;
38: Buffer output;
39: } SocketEntry;
40:
41: unsigned int sockets_alloc = 0;
42: SocketEntry *sockets = NULL;
43:
44: typedef struct
45: {
1.2 provos 46: RSA *key;
1.1 deraadt 47: char *comment;
48: } Identity;
49:
50: unsigned int num_identities = 0;
51: Identity *identities = NULL;
52:
53: int max_fd = 0;
54:
1.11 markus 55: /* pid of shell == parent of agent */
1.10 markus 56: int parent_pid = -1;
57:
58: /* pathname and directory for AUTH_SOCKET */
59: char socket_name[1024];
60: char socket_dir[1024];
61:
1.2 provos 62: void
63: process_request_identity(SocketEntry *e)
1.1 deraadt 64: {
65: Buffer msg;
66: int i;
67:
68: buffer_init(&msg);
69: buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
70: buffer_put_int(&msg, num_identities);
71: for (i = 0; i < num_identities; i++)
72: {
1.2 provos 73: buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
74: buffer_put_bignum(&msg, identities[i].key->e);
75: buffer_put_bignum(&msg, identities[i].key->n);
1.1 deraadt 76: buffer_put_string(&msg, identities[i].comment,
77: strlen(identities[i].comment));
78: }
79: buffer_put_int(&e->output, buffer_len(&msg));
80: buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
81: buffer_free(&msg);
82: }
83:
1.2 provos 84: void
85: process_authentication_challenge(SocketEntry *e)
1.1 deraadt 86: {
1.2 provos 87: int i, pub_bits, len;
88: BIGNUM *pub_e, *pub_n, *challenge;
1.1 deraadt 89: Buffer msg;
1.7 deraadt 90: MD5_CTX md;
1.1 deraadt 91: unsigned char buf[32], mdbuf[16], session_id[16];
92: unsigned int response_type;
93:
94: buffer_init(&msg);
1.2 provos 95: pub_e = BN_new();
96: pub_n = BN_new();
97: challenge = BN_new();
1.1 deraadt 98: pub_bits = buffer_get_int(&e->input);
1.2 provos 99: buffer_get_bignum(&e->input, pub_e);
100: buffer_get_bignum(&e->input, pub_n);
101: buffer_get_bignum(&e->input, challenge);
1.1 deraadt 102: if (buffer_len(&e->input) == 0)
103: {
104: /* Compatibility code for old servers. */
105: memset(session_id, 0, 16);
106: response_type = 0;
107: }
108: else
109: {
110: /* New code. */
111: buffer_get(&e->input, (char *)session_id, 16);
112: response_type = buffer_get_int(&e->input);
113: }
114: for (i = 0; i < num_identities; i++)
1.2 provos 115: if (pub_bits == BN_num_bits(identities[i].key->n) &&
116: BN_cmp(pub_e, identities[i].key->e) == 0 &&
117: BN_cmp(pub_n, identities[i].key->n) == 0)
1.1 deraadt 118: {
119: /* Decrypt the challenge using the private key. */
1.2 provos 120: rsa_private_decrypt(challenge, challenge, identities[i].key);
1.1 deraadt 121:
122: /* Compute the desired response. */
123: switch (response_type)
124: {
125: case 0: /* As of protocol 1.0 */
126: /* This response type is no longer supported. */
127: log("Compatibility with ssh protocol 1.0 no longer supported.");
128: buffer_put_char(&msg, SSH_AGENT_FAILURE);
129: goto send;
130:
131: case 1: /* As of protocol 1.1 */
132: /* The response is MD5 of decrypted challenge plus session id. */
1.2 provos 133: len = BN_num_bytes(challenge);
134: assert(len <= 32 && len);
135: memset(buf, 0, 32);
136: BN_bn2bin(challenge, buf + 32 - len);
1.13 deraadt 137: MD5_Init(&md);
138: MD5_Update(&md, buf, 32);
139: MD5_Update(&md, session_id, 16);
140: MD5_Final(mdbuf, &md);
1.1 deraadt 141: break;
142:
143: default:
144: fatal("process_authentication_challenge: bad response_type %d",
145: response_type);
146: break;
147: }
148:
149: /* Send the response. */
150: buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
151: for (i = 0; i < 16; i++)
152: buffer_put_char(&msg, mdbuf[i]);
153:
154: goto send;
155: }
156: /* Unknown identity. Send failure. */
157: buffer_put_char(&msg, SSH_AGENT_FAILURE);
158: send:
159: buffer_put_int(&e->output, buffer_len(&msg));
160: buffer_append(&e->output, buffer_ptr(&msg),
161: buffer_len(&msg));
162: buffer_free(&msg);
1.2 provos 163: BN_clear_free(pub_e);
164: BN_clear_free(pub_n);
165: BN_clear_free(challenge);
1.1 deraadt 166: }
167:
1.2 provos 168: void
169: process_remove_identity(SocketEntry *e)
1.1 deraadt 170: {
171: unsigned int bits;
172: unsigned int i;
1.2 provos 173: BIGNUM *dummy, *n;
1.1 deraadt 174:
1.2 provos 175: dummy = BN_new();
176: n = BN_new();
1.1 deraadt 177:
178: /* Get the key from the packet. */
179: bits = buffer_get_int(&e->input);
1.2 provos 180: buffer_get_bignum(&e->input, dummy);
181: buffer_get_bignum(&e->input, n);
1.1 deraadt 182:
183: /* Check if we have the key. */
184: for (i = 0; i < num_identities; i++)
1.2 provos 185: if (BN_cmp(identities[i].key->n, n) == 0)
1.1 deraadt 186: {
187: /* We have this key. Free the old key. Since we don\'t want to leave
188: empty slots in the middle of the array, we actually free the
189: key there and copy data from the last entry. */
1.2 provos 190: RSA_free(identities[i].key);
1.1 deraadt 191: xfree(identities[i].comment);
192: if (i < num_identities - 1)
193: identities[i] = identities[num_identities - 1];
194: num_identities--;
1.2 provos 195: BN_clear_free(dummy);
196: BN_clear_free(n);
1.1 deraadt 197:
198: /* Send success. */
199: buffer_put_int(&e->output, 1);
200: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
201: return;
202: }
203: /* We did not have the key. */
1.2 provos 204: BN_clear(dummy);
205: BN_clear(n);
1.1 deraadt 206:
207: /* Send failure. */
208: buffer_put_int(&e->output, 1);
209: buffer_put_char(&e->output, SSH_AGENT_FAILURE);
210: }
211:
212: /* Removes all identities from the agent. */
213:
1.2 provos 214: void
215: process_remove_all_identities(SocketEntry *e)
1.1 deraadt 216: {
217: unsigned int i;
218:
219: /* Loop over all identities and clear the keys. */
220: for (i = 0; i < num_identities; i++)
221: {
1.2 provos 222: RSA_free(identities[i].key);
1.1 deraadt 223: xfree(identities[i].comment);
224: }
225:
226: /* Mark that there are no identities. */
227: num_identities = 0;
228:
229: /* Send success. */
230: buffer_put_int(&e->output, 1);
231: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
232: return;
233: }
234:
235: /* Adds an identity to the agent. */
236:
1.2 provos 237: void
238: process_add_identity(SocketEntry *e)
1.1 deraadt 239: {
1.2 provos 240: RSA *k;
1.1 deraadt 241: int i;
1.2 provos 242: BIGNUM *aux;
243: BN_CTX *ctx;
244:
1.1 deraadt 245: if (num_identities == 0)
246: identities = xmalloc(sizeof(Identity));
247: else
248: identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
1.2 provos 249:
250: identities[num_identities].key = RSA_new();
251: k = identities[num_identities].key;
252: buffer_get_int(&e->input); /* bits */
253: k->n = BN_new();
254: buffer_get_bignum(&e->input, k->n);
255: k->e = BN_new();
256: buffer_get_bignum(&e->input, k->e);
257: k->d = BN_new();
258: buffer_get_bignum(&e->input, k->d);
259: k->iqmp = BN_new();
260: buffer_get_bignum(&e->input, k->iqmp);
261: /* SSH and SSL have p and q swapped */
262: k->q = BN_new();
263: buffer_get_bignum(&e->input, k->q); /* p */
264: k->p = BN_new();
265: buffer_get_bignum(&e->input, k->p); /* q */
266:
267: /* Generate additional parameters */
268: aux = BN_new();
269: ctx = BN_CTX_new();
270:
271: BN_sub(aux, k->q, BN_value_one());
272: k->dmq1 = BN_new();
273: BN_mod(k->dmq1, k->d, aux, ctx);
274:
275: BN_sub(aux, k->p, BN_value_one());
276: k->dmp1 = BN_new();
277: BN_mod(k->dmp1, k->d, aux, ctx);
278:
279: BN_clear_free(aux);
280: BN_CTX_free(ctx);
281:
1.1 deraadt 282: identities[num_identities].comment = buffer_get_string(&e->input, NULL);
283:
284: /* Check if we already have the key. */
285: for (i = 0; i < num_identities; i++)
1.2 provos 286: if (BN_cmp(identities[i].key->n, k->n) == 0)
1.1 deraadt 287: {
288: /* We already have this key. Clear and free the new data and
289: return success. */
1.2 provos 290: RSA_free(k);
1.1 deraadt 291: xfree(identities[num_identities].comment);
292:
293: /* Send success. */
294: buffer_put_int(&e->output, 1);
295: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
296: return;
297: }
298:
299: /* Increment the number of identities. */
300: num_identities++;
301:
302: /* Send a success message. */
303: buffer_put_int(&e->output, 1);
304: buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
305: }
306:
1.2 provos 307: void
308: process_message(SocketEntry *e)
1.1 deraadt 309: {
310: unsigned int msg_len;
311: unsigned int type;
312: unsigned char *cp;
313: if (buffer_len(&e->input) < 5)
314: return; /* Incomplete message. */
315: cp = (unsigned char *)buffer_ptr(&e->input);
316: msg_len = GET_32BIT(cp);
317: if (msg_len > 256 * 1024)
318: {
1.8 deraadt 319: shutdown(e->fd, SHUT_RDWR);
1.1 deraadt 320: close(e->fd);
321: e->type = AUTH_UNUSED;
322: return;
323: }
324: if (buffer_len(&e->input) < msg_len + 4)
325: return;
326: buffer_consume(&e->input, 4);
327: type = buffer_get_char(&e->input);
1.12 markus 328:
1.1 deraadt 329: switch (type)
330: {
331: case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
332: process_request_identity(e);
333: break;
334: case SSH_AGENTC_RSA_CHALLENGE:
335: process_authentication_challenge(e);
336: break;
337: case SSH_AGENTC_ADD_RSA_IDENTITY:
338: process_add_identity(e);
339: break;
340: case SSH_AGENTC_REMOVE_RSA_IDENTITY:
341: process_remove_identity(e);
342: break;
343: case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
344: process_remove_all_identities(e);
345: break;
346: default:
347: /* Unknown message. Respond with failure. */
348: error("Unknown message %d", type);
349: buffer_clear(&e->input);
350: buffer_put_int(&e->output, 1);
351: buffer_put_char(&e->output, SSH_AGENT_FAILURE);
352: break;
353: }
354: }
355:
1.2 provos 356: void
357: new_socket(int type, int fd)
1.1 deraadt 358: {
359: unsigned int i, old_alloc;
360: if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
361: error("fcntl O_NONBLOCK: %s", strerror(errno));
362:
363: if (fd > max_fd)
364: max_fd = fd;
365:
366: for (i = 0; i < sockets_alloc; i++)
367: if (sockets[i].type == AUTH_UNUSED)
368: {
369: sockets[i].fd = fd;
370: sockets[i].type = type;
371: buffer_init(&sockets[i].input);
372: buffer_init(&sockets[i].output);
373: return;
374: }
375: old_alloc = sockets_alloc;
376: sockets_alloc += 10;
377: if (sockets)
378: sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
379: else
380: sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
381: for (i = old_alloc; i < sockets_alloc; i++)
382: sockets[i].type = AUTH_UNUSED;
383: sockets[old_alloc].type = type;
384: sockets[old_alloc].fd = fd;
385: buffer_init(&sockets[old_alloc].input);
386: buffer_init(&sockets[old_alloc].output);
387: }
388:
1.2 provos 389: void
390: prepare_select(fd_set *readset, fd_set *writeset)
1.1 deraadt 391: {
392: unsigned int i;
393: for (i = 0; i < sockets_alloc; i++)
394: switch (sockets[i].type)
395: {
1.12 markus 396: case AUTH_SOCKET:
1.1 deraadt 397: case AUTH_CONNECTION:
398: FD_SET(sockets[i].fd, readset);
399: if (buffer_len(&sockets[i].output) > 0)
400: FD_SET(sockets[i].fd, writeset);
401: break;
402: case AUTH_UNUSED:
403: break;
404: default:
405: fatal("Unknown socket type %d", sockets[i].type);
406: break;
407: }
408: }
409:
410: void after_select(fd_set *readset, fd_set *writeset)
411: {
412: unsigned int i;
1.12 markus 413: int len, sock;
1.1 deraadt 414: char buf[1024];
415: struct sockaddr_un sunaddr;
416:
417: for (i = 0; i < sockets_alloc; i++)
418: switch (sockets[i].type)
419: {
420: case AUTH_UNUSED:
421: break;
422: case AUTH_SOCKET:
423: if (FD_ISSET(sockets[i].fd, readset))
424: {
425: len = sizeof(sunaddr);
426: sock = accept(sockets[i].fd, (struct sockaddr *)&sunaddr, &len);
427: if (sock < 0)
428: {
429: perror("accept from AUTH_SOCKET");
430: break;
431: }
1.12 markus 432: new_socket(AUTH_CONNECTION, sock);
1.1 deraadt 433: }
434: break;
435: case AUTH_CONNECTION:
436: if (buffer_len(&sockets[i].output) > 0 &&
437: FD_ISSET(sockets[i].fd, writeset))
438: {
439: len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
440: buffer_len(&sockets[i].output));
441: if (len <= 0)
442: {
1.8 deraadt 443: shutdown(sockets[i].fd, SHUT_RDWR);
1.1 deraadt 444: close(sockets[i].fd);
445: sockets[i].type = AUTH_UNUSED;
446: break;
447: }
448: buffer_consume(&sockets[i].output, len);
449: }
450: if (FD_ISSET(sockets[i].fd, readset))
451: {
452: len = read(sockets[i].fd, buf, sizeof(buf));
453: if (len <= 0)
454: {
1.8 deraadt 455: shutdown(sockets[i].fd, SHUT_RDWR);
1.1 deraadt 456: close(sockets[i].fd);
457: sockets[i].type = AUTH_UNUSED;
458: break;
459: }
460: buffer_append(&sockets[i].input, buf, len);
461: process_message(&sockets[i]);
462: }
463: break;
464: default:
465: fatal("Unknown type %d", sockets[i].type);
466: }
467: }
468:
1.6 deraadt 469: void
1.2 provos 470: check_parent_exists(int sig)
1.1 deraadt 471: {
472: if (kill(parent_pid, 0) < 0)
473: {
474: /* printf("Parent has died - Authentication agent exiting.\n"); */
475: exit(1);
476: }
477: signal(SIGALRM, check_parent_exists);
478: alarm(10);
479: }
480:
1.15 markus 481: void
482: cleanup_socket(void)
483: {
1.10 markus 484: remove(socket_name);
485: rmdir(socket_dir);
486: }
487:
1.15 markus 488: void
489: cleanup_exit(int i)
490: {
491: cleanup_socket();
492: exit(i);
493: }
494:
495: void
496: usage()
497: {
498: extern char *__progname;
499:
500: fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
501: fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
502: __progname);
503: exit(1);
504: }
505:
1.2 provos 506: int
507: main(int ac, char **av)
1.1 deraadt 508: {
509: fd_set readset, writeset;
1.15 markus 510: int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
1.1 deraadt 511: struct sockaddr_un sunaddr;
1.15 markus 512: pid_t pid;
513: char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
1.1 deraadt 514:
1.3 deraadt 515: /* check if RSA support exists */
516: if (rsa_alive() == 0) {
517: extern char *__progname;
518: fprintf(stderr,
519: "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
520: __progname);
521: exit(1);
522: }
1.1 deraadt 523:
1.15 markus 524: while ((ch = getopt(ac, av, "cks")) != -1)
525: {
526: switch (ch)
527: {
528: case 'c':
529: if (s_flag)
530: usage();
531: c_flag++;
532: break;
533: case 'k':
534: k_flag++;
535: break;
536: case 's':
537: if (c_flag)
538: usage();
539: s_flag++;
540: break;
541: default:
542: usage();
543: }
544: }
545: ac -= optind;
546: av += optind;
547:
548: if (ac > 0 && (c_flag || k_flag || s_flag))
549: usage();
550:
551: if (ac == 0 && !c_flag && !k_flag && !s_flag)
552: {
553: shell = getenv("SHELL");
554: if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
555: c_flag = 1;
556: }
557:
558: if (k_flag)
1.1 deraadt 559: {
1.15 markus 560: pidstr = getenv(SSH_AGENTPID_ENV_NAME);
561: if (pidstr == NULL)
562: {
563: fprintf(stderr, "%s not set, cannot kill agent\n",
564: SSH_AGENTPID_ENV_NAME);
565: exit(1);
566: }
567: pid = atoi(pidstr);
568: if (pid < 1) /* XXX PID_MAX check too */
569: {
570: fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
571: SSH_AGENTPID_ENV_NAME, pidstr);
572: exit(1);
573: }
574: if (kill(pid, SIGTERM) == -1)
575: {
576: perror("kill");
577: exit(1);
578: }
579: format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
580: printf(format, SSH_AUTHSOCKET_ENV_NAME);
581: printf(format, SSH_AGENTPID_ENV_NAME);
582: printf("echo Agent pid %d killed;\n", pid);
583: exit(0);
1.1 deraadt 584: }
585:
1.9 markus 586: parent_pid = getpid();
1.10 markus 587:
588: /* Create private directory for agent socket */
589: strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
590: if (mkdtemp(socket_dir) == NULL) {
591: perror("mkdtemp: private socket dir");
592: exit(1);
593: }
1.15 markus 594: snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
595: parent_pid);
1.10 markus 596:
1.15 markus 597: /* Create socket early so it will exist before command gets run from
598: the parent. */
1.9 markus 599: sock = socket(AF_UNIX, SOCK_STREAM, 0);
600: if (sock < 0)
1.1 deraadt 601: {
1.9 markus 602: perror("socket");
1.15 markus 603: cleanup_exit(1);
1.9 markus 604: }
605: memset(&sunaddr, 0, sizeof(sunaddr));
606: sunaddr.sun_family = AF_UNIX;
607: strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
608: if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
609: {
610: perror("bind");
1.15 markus 611: cleanup_exit(1);
1.9 markus 612: }
613: if (listen(sock, 5) < 0)
614: {
615: perror("listen");
1.15 markus 616: cleanup_exit(1);
617: }
618:
619: /* Fork, and have the parent execute the command, if any, or present the
620: socket data. The child continues as the authentication agent. */
621: pid = fork();
622: if (pid == -1)
623: {
624: perror("fork");
625: exit(1);
626: }
627: if (pid != 0)
628: { /* Parent - execute the given command. */
629: close(sock);
630: snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
631: if (ac == 0)
632: {
633: format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
634: printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
635: SSH_AUTHSOCKET_ENV_NAME);
636: printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
637: SSH_AGENTPID_ENV_NAME);
638: printf("echo Agent pid %d;\n", pid);
639: exit(0);
640: }
641:
642: setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
643: setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
644: execvp(av[0], av);
645: perror(av[0]);
1.9 markus 646: exit(1);
1.1 deraadt 647: }
1.15 markus 648:
649: close(0);
650: close(1);
651: close(2);
652:
1.16 ! markus 653: if (setsid() == -1)
! 654: {
! 655: perror("setsid");
! 656: cleanup_exit(1);
! 657: }
1.15 markus 658:
659: if (atexit(cleanup_socket) < 0)
1.16 ! markus 660: {
! 661: perror("atexit");
! 662: cleanup_exit(1);
! 663: }
1.15 markus 664:
1.9 markus 665: new_socket(AUTH_SOCKET, sock);
1.15 markus 666: if (ac > 0)
667: {
668: signal(SIGALRM, check_parent_exists);
669: alarm(10);
670: }
1.1 deraadt 671:
672: signal(SIGINT, SIG_IGN);
1.15 markus 673: signal(SIGPIPE, SIG_IGN);
1.1 deraadt 674: while (1)
675: {
676: FD_ZERO(&readset);
677: FD_ZERO(&writeset);
678: prepare_select(&readset, &writeset);
679: if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0)
680: {
681: if (errno == EINTR)
682: continue;
683: exit(1);
684: }
685: after_select(&readset, &writeset);
686: }
687: /*NOTREACHED*/
688: }