[BACK]Return to ssh-agent.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/ssh-agent.c, Revision 1.222

1.222   ! djm         1: /* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */
1.1       deraadt     2: /*
1.22      deraadt     3:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      4:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      5:  *                    All rights reserved
                      6:  * The authentication agent program.
1.33      markus      7:  *
1.35      deraadt     8:  * As far as I am concerned, the code I have written for this software
                      9:  * can be used freely for any purpose.  Any derived versions of this
                     10:  * software must be clearly marked as such, and if the derived work is
                     11:  * incompatible with the protocol description in the RFC file, it must be
                     12:  * called by a name other than "ssh" or "Secure Shell".
                     13:  *
1.56      markus     14:  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
1.35      deraadt    15:  *
                     16:  * Redistribution and use in source and binary forms, with or without
                     17:  * modification, are permitted provided that the following conditions
                     18:  * are met:
                     19:  * 1. Redistributions of source code must retain the above copyright
                     20:  *    notice, this list of conditions and the following disclaimer.
                     21:  * 2. Redistributions in binary form must reproduce the above copyright
                     22:  *    notice, this list of conditions and the following disclaimer in the
                     23:  *    documentation and/or other materials provided with the distribution.
                     24:  *
                     25:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     26:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     27:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     28:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     29:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     30:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     31:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     32:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     33:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     34:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.22      deraadt    35:  */
1.1       deraadt    36:
1.151     deraadt    37: #include <sys/types.h>
1.153     djm        38: #include <sys/time.h>
1.78      provos     39: #include <sys/queue.h>
1.127     stevesk    40: #include <sys/resource.h>
1.141     stevesk    41: #include <sys/socket.h>
1.189     djm        42: #include <sys/stat.h>
1.128     stevesk    43: #include <sys/un.h>
1.126     stevesk    44:
1.185     markus     45: #ifdef WITH_OPENSSL
1.146     stevesk    46: #include <openssl/evp.h>
1.185     markus     47: #endif
1.146     stevesk    48:
1.143     stevesk    49: #include <errno.h>
1.142     stevesk    50: #include <fcntl.h>
1.126     stevesk    51: #include <paths.h>
1.129     stevesk    52: #include <signal.h>
1.149     stevesk    53: #include <stdlib.h>
1.150     stevesk    54: #include <stdio.h>
1.146     stevesk    55: #include <string.h>
1.196     deraadt    56: #include <limits.h>
1.145     stevesk    57: #include <time.h>
1.144     stevesk    58: #include <unistd.h>
1.203     dtucker    59: #include <util.h>
1.194     markus     60:
1.151     deraadt    61: #include "xmalloc.h"
1.1       deraadt    62: #include "ssh.h"
1.194     markus     63: #include "sshbuf.h"
                     64: #include "sshkey.h"
1.32      markus     65: #include "authfd.h"
1.37      markus     66: #include "compat.h"
1.47      markus     67: #include "log.h"
1.107     markus     68: #include "misc.h"
1.182     markus     69: #include "digest.h"
1.194     markus     70: #include "ssherr.h"
1.215     djm        71: #include "match.h"
1.7       deraadt    72:
1.163     markus     73: #ifdef ENABLE_PKCS11
                     74: #include "ssh-pkcs11.h"
1.71      jakob      75: #endif
1.59      markus     76:
1.215     djm        77: #ifndef DEFAULT_PKCS11_WHITELIST
1.216     djm        78: # define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
1.215     djm        79: #endif
                     80:
1.73      stevesk    81: typedef enum {
                     82:        AUTH_UNUSED,
                     83:        AUTH_SOCKET,
                     84:        AUTH_CONNECTION
                     85: } sock_type;
                     86:
1.21      markus     87: typedef struct {
                     88:        int fd;
1.73      stevesk    89:        sock_type type;
1.194     markus     90:        struct sshbuf *input;
                     91:        struct sshbuf *output;
                     92:        struct sshbuf *request;
1.1       deraadt    93: } SocketEntry;
                     94:
1.45      markus     95: u_int sockets_alloc = 0;
1.1       deraadt    96: SocketEntry *sockets = NULL;
                     97:
1.78      provos     98: typedef struct identity {
                     99:        TAILQ_ENTRY(identity) next;
1.194     markus    100:        struct sshkey *key;
1.21      markus    101:        char *comment;
1.163     markus    102:        char *provider;
1.174     dtucker   103:        time_t death;
1.107     markus    104:        u_int confirm;
1.1       deraadt   105: } Identity;
                    106:
1.221     djm       107: struct idtable {
1.33      markus    108:        int nentries;
1.78      provos    109:        TAILQ_HEAD(idqueue, identity) idlist;
1.221     djm       110: };
1.33      markus    111:
1.221     djm       112: /* private key table */
                    113: struct idtable *idtab;
1.1       deraadt   114:
                    115: int max_fd = 0;
                    116:
1.11      markus    117: /* pid of shell == parent of agent */
1.29      deraadt   118: pid_t parent_pid = -1;
1.176     dtucker   119: time_t parent_alive_interval = 0;
1.10      markus    120:
1.187     djm       121: /* pid of process for which cleanup_socket is applicable */
                    122: pid_t cleanup_pid = 0;
                    123:
1.10      markus    124: /* pathname and directory for AUTH_SOCKET */
1.196     deraadt   125: char socket_name[PATH_MAX];
                    126: char socket_dir[PATH_MAX];
1.10      markus    127:
1.215     djm       128: /* PKCS#11 path whitelist */
                    129: static char *pkcs11_whitelist;
                    130:
1.88      markus    131: /* locking */
1.203     dtucker   132: #define LOCK_SIZE      32
                    133: #define LOCK_SALT_SIZE 16
                    134: #define LOCK_ROUNDS    1
1.88      markus    135: int locked = 0;
1.213     djm       136: u_char lock_pwhash[LOCK_SIZE];
                    137: u_char lock_salt[LOCK_SALT_SIZE];
1.88      markus    138:
1.20      markus    139: extern char *__progname;
                    140:
1.174     dtucker   141: /* Default lifetime in seconds (0 == forever) */
                    142: static long lifetime = 0;
1.106     marc      143:
1.192     djm       144: static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
                    145:
1.55      itojun    146: static void
1.101     stevesk   147: close_socket(SocketEntry *e)
                    148: {
                    149:        close(e->fd);
                    150:        e->fd = -1;
                    151:        e->type = AUTH_UNUSED;
1.194     markus    152:        sshbuf_free(e->input);
                    153:        sshbuf_free(e->output);
                    154:        sshbuf_free(e->request);
1.101     stevesk   155: }
                    156:
                    157: static void
1.33      markus    158: idtab_init(void)
1.1       deraadt   159: {
1.221     djm       160:        idtab = xcalloc(1, sizeof(*idtab));
                    161:        TAILQ_INIT(&idtab->idlist);
                    162:        idtab->nentries = 0;
1.33      markus    163: }
                    164:
1.89      markus    165: static void
                    166: free_identity(Identity *id)
                    167: {
1.194     markus    168:        sshkey_free(id->key);
1.173     djm       169:        free(id->provider);
                    170:        free(id->comment);
                    171:        free(id);
1.89      markus    172: }
                    173:
1.33      markus    174: /* return matching private key for given public key */
1.78      provos    175: static Identity *
1.221     djm       176: lookup_identity(struct sshkey *key)
1.33      markus    177: {
1.78      provos    178:        Identity *id;
                    179:
1.221     djm       180:        TAILQ_FOREACH(id, &idtab->idlist, next) {
1.194     markus    181:                if (sshkey_equal(key, id->key))
1.78      provos    182:                        return (id);
1.33      markus    183:        }
1.78      provos    184:        return (NULL);
                    185: }
                    186:
1.107     markus    187: /* Check confirmation of keysign request */
                    188: static int
                    189: confirm_key(Identity *id)
                    190: {
1.122     djm       191:        char *p;
1.107     markus    192:        int ret = -1;
                    193:
1.194     markus    194:        p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
1.197     djm       195:        if (p != NULL &&
                    196:            ask_permission("Allow use of key %s?\nKey fingerprint %s.",
1.122     djm       197:            id->comment, p))
                    198:                ret = 0;
1.173     djm       199:        free(p);
1.122     djm       200:
1.107     markus    201:        return (ret);
                    202: }
                    203:
1.194     markus    204: static void
                    205: send_status(SocketEntry *e, int success)
                    206: {
                    207:        int r;
                    208:
                    209:        if ((r = sshbuf_put_u32(e->output, 1)) != 0 ||
                    210:            (r = sshbuf_put_u8(e->output, success ?
                    211:            SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
                    212:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    213: }
                    214:
1.33      markus    215: /* send list of supported public keys to 'client' */
1.55      itojun    216: static void
1.221     djm       217: process_request_identities(SocketEntry *e)
1.33      markus    218: {
1.96      deraadt   219:        Identity *id;
1.194     markus    220:        struct sshbuf *msg;
                    221:        int r;
1.1       deraadt   222:
1.194     markus    223:        if ((msg = sshbuf_new()) == NULL)
                    224:                fatal("%s: sshbuf_new failed", __func__);
1.221     djm       225:        if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
                    226:            (r = sshbuf_put_u32(msg, idtab->nentries)) != 0)
                    227:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    228:        TAILQ_FOREACH(id, &idtab->idlist, next) {
                    229:                if ((r = sshkey_puts(id->key, msg)) != 0 ||
                    230:                    (r = sshbuf_put_cstring(msg, id->comment)) != 0) {
                    231:                        error("%s: put key/comment: %s", __func__,
1.220     djm       232:                            ssh_err(r));
                    233:                        continue;
1.33      markus    234:                }
1.21      markus    235:        }
1.194     markus    236:        if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
                    237:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    238:        sshbuf_free(msg);
1.1       deraadt   239: }
                    240:
1.33      markus    241:
1.208     markus    242: static char *
                    243: agent_decode_alg(struct sshkey *key, u_int flags)
                    244: {
                    245:        if (key->type == KEY_RSA) {
                    246:                if (flags & SSH_AGENT_RSA_SHA2_256)
                    247:                        return "rsa-sha2-256";
                    248:                else if (flags & SSH_AGENT_RSA_SHA2_512)
                    249:                        return "rsa-sha2-512";
                    250:        }
                    251:        return NULL;
                    252: }
                    253:
1.33      markus    254: /* ssh2 only */
1.55      itojun    255: static void
1.33      markus    256: process_sign_request2(SocketEntry *e)
                    257: {
1.221     djm       258:        const u_char *data;
                    259:        u_char *signature = NULL;
                    260:        size_t dlen, slen = 0;
1.194     markus    261:        u_int compat = 0, flags;
                    262:        int r, ok = -1;
                    263:        struct sshbuf *msg;
1.221     djm       264:        struct sshkey *key = NULL;
1.195     djm       265:        struct identity *id;
1.194     markus    266:
1.195     djm       267:        if ((msg = sshbuf_new()) == NULL)
                    268:                fatal("%s: sshbuf_new failed", __func__);
1.221     djm       269:        if ((r = sshkey_froms(e->request, &key)) != 0 ||
                    270:            (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
1.194     markus    271:            (r = sshbuf_get_u32(e->request, &flags)) != 0)
                    272:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.37      markus    273:        if (flags & SSH_AGENT_OLD_SIGNATURE)
1.194     markus    274:                compat = SSH_BUG_SIGBLOB;
1.221     djm       275:        if ((id = lookup_identity(key)) == NULL) {
1.195     djm       276:                verbose("%s: %s key not found", __func__, sshkey_type(key));
                    277:                goto send;
                    278:        }
                    279:        if (id->confirm && confirm_key(id) != 0) {
                    280:                verbose("%s: user refused key", __func__);
                    281:                goto send;
                    282:        }
                    283:        if ((r = sshkey_sign(id->key, &signature, &slen,
1.208     markus    284:            data, dlen, agent_decode_alg(key, flags), compat)) != 0) {
1.209     djm       285:                error("%s: sshkey_sign: %s", __func__, ssh_err(r));
1.195     djm       286:                goto send;
1.33      markus    287:        }
1.195     djm       288:        /* Success */
                    289:        ok = 0;
                    290:  send:
                    291:        sshkey_free(key);
1.33      markus    292:        if (ok == 0) {
1.194     markus    293:                if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
                    294:                    (r = sshbuf_put_string(msg, signature, slen)) != 0)
                    295:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    296:        } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
                    297:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    298:
                    299:        if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
                    300:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    301:
                    302:        sshbuf_free(msg);
1.173     djm       303:        free(signature);
1.1       deraadt   304: }
                    305:
1.33      markus    306: /* shared */
1.55      itojun    307: static void
1.221     djm       308: process_remove_identity(SocketEntry *e)
1.1       deraadt   309: {
1.194     markus    310:        int r, success = 0;
                    311:        struct sshkey *key = NULL;
1.221     djm       312:        Identity *id;
1.21      markus    313:
1.221     djm       314:        if ((r = sshkey_froms(e->request, &key)) != 0) {
                    315:                error("%s: get key: %s", __func__, ssh_err(r));
                    316:                goto done;
                    317:        }
                    318:        if ((id = lookup_identity(key)) == NULL) {
                    319:                debug("%s: key not found", __func__);
                    320:                goto done;
                    321:        }
                    322:        /* We have this key, free it. */
                    323:        if (idtab->nentries < 1)
                    324:                fatal("%s: internal error: nentries %d",
                    325:                    __func__, idtab->nentries);
                    326:        TAILQ_REMOVE(&idtab->idlist, id, next);
                    327:        free_identity(id);
                    328:        idtab->nentries--;
                    329:        sshkey_free(key);
                    330:        success = 1;
                    331:  done:
1.194     markus    332:        send_status(e, success);
1.1       deraadt   333: }
                    334:
1.55      itojun    335: static void
1.221     djm       336: process_remove_all_identities(SocketEntry *e)
1.1       deraadt   337: {
1.78      provos    338:        Identity *id;
1.21      markus    339:
                    340:        /* Loop over all identities and clear the keys. */
1.221     djm       341:        for (id = TAILQ_FIRST(&idtab->idlist); id;
                    342:            id = TAILQ_FIRST(&idtab->idlist)) {
                    343:                TAILQ_REMOVE(&idtab->idlist, id, next);
1.78      provos    344:                free_identity(id);
1.21      markus    345:        }
                    346:
                    347:        /* Mark that there are no identities. */
1.221     djm       348:        idtab->nentries = 0;
1.21      markus    349:
                    350:        /* Send success. */
1.194     markus    351:        send_status(e, 1);
1.1       deraadt   352: }
                    353:
1.155     dtucker   354: /* removes expired keys and returns number of seconds until the next expiry */
1.174     dtucker   355: static time_t
1.89      markus    356: reaper(void)
                    357: {
1.175     dtucker   358:        time_t deadline = 0, now = monotime();
1.89      markus    359:        Identity *id, *nxt;
                    360:
1.221     djm       361:        for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
                    362:                nxt = TAILQ_NEXT(id, next);
                    363:                if (id->death == 0)
                    364:                        continue;
                    365:                if (now >= id->death) {
                    366:                        debug("expiring key '%s'", id->comment);
                    367:                        TAILQ_REMOVE(&idtab->idlist, id, next);
                    368:                        free_identity(id);
                    369:                        idtab->nentries--;
                    370:                } else
                    371:                        deadline = (deadline == 0) ? id->death :
                    372:                            MINIMUM(deadline, id->death);
1.89      markus    373:        }
1.155     dtucker   374:        if (deadline == 0 || deadline <= now)
                    375:                return 0;
                    376:        else
                    377:                return (deadline - now);
1.89      markus    378: }
                    379:
                    380: static void
1.221     djm       381: process_add_identity(SocketEntry *e)
1.1       deraadt   382: {
1.157     canacar   383:        Identity *id;
1.194     markus    384:        int success = 0, confirm = 0;
                    385:        u_int seconds;
                    386:        char *comment = NULL;
1.174     dtucker   387:        time_t death = 0;
1.194     markus    388:        struct sshkey *k = NULL;
                    389:        u_char ctype;
                    390:        int r = SSH_ERR_INTERNAL_ERROR;
1.33      markus    391:
1.221     djm       392:        if ((r = sshkey_private_deserialize(e->request, &k)) != 0 ||
                    393:            k == NULL ||
1.194     markus    394:            (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) {
                    395:                error("%s: decode private key: %s", __func__, ssh_err(r));
                    396:                goto err;
                    397:        }
1.186     djm       398:
1.194     markus    399:        while (sshbuf_len(e->request)) {
                    400:                if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
                    401:                        error("%s: buffer error: %s", __func__, ssh_err(r));
                    402:                        goto err;
                    403:                }
                    404:                switch (ctype) {
1.94      markus    405:                case SSH_AGENT_CONSTRAIN_LIFETIME:
1.194     markus    406:                        if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
                    407:                                error("%s: bad lifetime constraint: %s",
                    408:                                    __func__, ssh_err(r));
                    409:                                goto err;
                    410:                        }
                    411:                        death = monotime() + seconds;
1.94      markus    412:                        break;
1.107     markus    413:                case SSH_AGENT_CONSTRAIN_CONFIRM:
                    414:                        confirm = 1;
                    415:                        break;
1.94      markus    416:                default:
1.194     markus    417:                        error("%s: Unknown constraint %d", __func__, ctype);
                    418:  err:
                    419:                        sshbuf_reset(e->request);
1.173     djm       420:                        free(comment);
1.194     markus    421:                        sshkey_free(k);
1.158     djm       422:                        goto send;
1.94      markus    423:                }
                    424:        }
1.194     markus    425:
1.158     djm       426:        success = 1;
1.106     marc      427:        if (lifetime && !death)
1.175     dtucker   428:                death = monotime() + lifetime;
1.221     djm       429:        if ((id = lookup_identity(k)) == NULL) {
1.163     markus    430:                id = xcalloc(1, sizeof(Identity));
1.78      provos    431:                id->key = k;
1.221     djm       432:                TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
1.33      markus    433:                /* Increment the number of identities. */
1.221     djm       434:                idtab->nentries++;
1.33      markus    435:        } else {
1.194     markus    436:                sshkey_free(k);
1.173     djm       437:                free(id->comment);
1.33      markus    438:        }
1.157     canacar   439:        id->comment = comment;
                    440:        id->death = death;
                    441:        id->confirm = confirm;
1.33      markus    442: send:
1.194     markus    443:        send_status(e, success);
1.1       deraadt   444: }
                    445:
1.88      markus    446: /* XXX todo: encrypt sensitive data with passphrase */
                    447: static void
                    448: process_lock_agent(SocketEntry *e, int lock)
                    449: {
1.203     dtucker   450:        int r, success = 0, delay;
1.213     djm       451:        char *passwd;
                    452:        u_char passwdhash[LOCK_SIZE];
1.203     dtucker   453:        static u_int fail_count = 0;
                    454:        size_t pwlen;
                    455:
                    456:        if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
                    457:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    458:        if (pwlen == 0) {
                    459:                debug("empty password not supported");
                    460:        } else if (locked && !lock) {
                    461:                if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
                    462:                    passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
                    463:                        fatal("bcrypt_pbkdf");
1.213     djm       464:                if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) {
1.203     dtucker   465:                        debug("agent unlocked");
                    466:                        locked = 0;
                    467:                        fail_count = 0;
1.213     djm       468:                        explicit_bzero(lock_pwhash, sizeof(lock_pwhash));
1.203     dtucker   469:                        success = 1;
                    470:                } else {
                    471:                        /* delay in 0.1s increments up to 10s */
                    472:                        if (fail_count < 100)
                    473:                                fail_count++;
                    474:                        delay = 100000 * fail_count;
                    475:                        debug("unlock failed, delaying %0.1lf seconds",
                    476:                            (double)delay/1000000);
                    477:                        usleep(delay);
                    478:                }
                    479:                explicit_bzero(passwdhash, sizeof(passwdhash));
1.88      markus    480:        } else if (!locked && lock) {
1.203     dtucker   481:                debug("agent locked");
1.88      markus    482:                locked = 1;
1.203     dtucker   483:                arc4random_buf(lock_salt, sizeof(lock_salt));
                    484:                if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
1.213     djm       485:                    lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0)
1.203     dtucker   486:                        fatal("bcrypt_pbkdf");
1.88      markus    487:                success = 1;
                    488:        }
1.203     dtucker   489:        explicit_bzero(passwd, pwlen);
1.173     djm       490:        free(passwd);
1.194     markus    491:        send_status(e, success);
1.88      markus    492: }
                    493:
                    494: static void
1.221     djm       495: no_identities(SocketEntry *e)
1.88      markus    496: {
1.194     markus    497:        struct sshbuf *msg;
                    498:        int r;
1.88      markus    499:
1.194     markus    500:        if ((msg = sshbuf_new()) == NULL)
                    501:                fatal("%s: sshbuf_new failed", __func__);
1.221     djm       502:        if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
1.194     markus    503:            (r = sshbuf_put_u32(msg, 0)) != 0 ||
                    504:            (r = sshbuf_put_stringb(e->output, msg)) != 0)
                    505:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    506:        sshbuf_free(msg);
1.88      markus    507: }
1.59      markus    508:
1.163     markus    509: #ifdef ENABLE_PKCS11
1.59      markus    510: static void
1.158     djm       511: process_add_smartcard_key(SocketEntry *e)
1.59      markus    512: {
1.215     djm       513:        char *provider = NULL, *pin, canonical_provider[PATH_MAX];
1.221     djm       514:        int r, i, count = 0, success = 0, confirm = 0;
1.194     markus    515:        u_int seconds;
1.174     dtucker   516:        time_t death = 0;
1.194     markus    517:        u_char type;
                    518:        struct sshkey **keys = NULL, *k;
1.84      markus    519:        Identity *id;
1.75      deraadt   520:
1.194     markus    521:        if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
                    522:            (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
                    523:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    524:
                    525:        while (sshbuf_len(e->request)) {
                    526:                if ((r = sshbuf_get_u8(e->request, &type)) != 0)
                    527:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    528:                switch (type) {
1.110     djm       529:                case SSH_AGENT_CONSTRAIN_LIFETIME:
1.194     markus    530:                        if ((r = sshbuf_get_u32(e->request, &seconds)) != 0)
                    531:                                fatal("%s: buffer error: %s",
                    532:                                    __func__, ssh_err(r));
                    533:                        death = monotime() + seconds;
1.110     djm       534:                        break;
                    535:                case SSH_AGENT_CONSTRAIN_CONFIRM:
                    536:                        confirm = 1;
                    537:                        break;
                    538:                default:
1.221     djm       539:                        error("%s: Unknown constraint type %d", __func__, type);
1.158     djm       540:                        goto send;
1.110     djm       541:                }
                    542:        }
1.215     djm       543:        if (realpath(provider, canonical_provider) == NULL) {
                    544:                verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
                    545:                    provider, strerror(errno));
                    546:                goto send;
                    547:        }
                    548:        if (match_pattern_list(canonical_provider, pkcs11_whitelist, 0) != 1) {
                    549:                verbose("refusing PKCS#11 add of \"%.100s\": "
                    550:                    "provider not whitelisted", canonical_provider);
                    551:                goto send;
                    552:        }
                    553:        debug("%s: add %.100s", __func__, canonical_provider);
1.110     djm       554:        if (lifetime && !death)
1.175     dtucker   555:                death = monotime() + lifetime;
1.110     djm       556:
1.215     djm       557:        count = pkcs11_add_provider(canonical_provider, pin, &keys);
1.163     markus    558:        for (i = 0; i < count; i++) {
1.84      markus    559:                k = keys[i];
1.221     djm       560:                if (lookup_identity(k) == NULL) {
1.163     markus    561:                        id = xcalloc(1, sizeof(Identity));
1.84      markus    562:                        id->key = k;
1.215     djm       563:                        id->provider = xstrdup(canonical_provider);
                    564:                        id->comment = xstrdup(canonical_provider); /* XXX */
1.110     djm       565:                        id->death = death;
                    566:                        id->confirm = confirm;
1.221     djm       567:                        TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
                    568:                        idtab->nentries++;
1.84      markus    569:                        success = 1;
                    570:                } else {
1.194     markus    571:                        sshkey_free(k);
1.84      markus    572:                }
                    573:                keys[i] = NULL;
1.59      markus    574:        }
                    575: send:
1.173     djm       576:        free(pin);
                    577:        free(provider);
                    578:        free(keys);
1.194     markus    579:        send_status(e, success);
1.59      markus    580: }
                    581:
                    582: static void
                    583: process_remove_smartcard_key(SocketEntry *e)
                    584: {
1.217     djm       585:        char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
1.221     djm       586:        int r, success = 0;
1.163     markus    587:        Identity *id, *nxt;
1.59      markus    588:
1.194     markus    589:        if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
                    590:            (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
                    591:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.173     djm       592:        free(pin);
1.59      markus    593:
1.217     djm       594:        if (realpath(provider, canonical_provider) == NULL) {
                    595:                verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
                    596:                    provider, strerror(errno));
                    597:                goto send;
                    598:        }
                    599:
                    600:        debug("%s: remove %.100s", __func__, canonical_provider);
1.221     djm       601:        for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
                    602:                nxt = TAILQ_NEXT(id, next);
                    603:                /* Skip file--based keys */
                    604:                if (id->provider == NULL)
                    605:                        continue;
                    606:                if (!strcmp(canonical_provider, id->provider)) {
                    607:                        TAILQ_REMOVE(&idtab->idlist, id, next);
                    608:                        free_identity(id);
                    609:                        idtab->nentries--;
1.59      markus    610:                }
                    611:        }
1.217     djm       612:        if (pkcs11_del_provider(canonical_provider) == 0)
1.163     markus    613:                success = 1;
                    614:        else
1.221     djm       615:                error("%s: pkcs11_del_provider failed", __func__);
1.218     deraadt   616: send:
1.173     djm       617:        free(provider);
1.194     markus    618:        send_status(e, success);
1.59      markus    619: }
1.163     markus    620: #endif /* ENABLE_PKCS11 */
1.59      markus    621:
1.33      markus    622: /* dispatch incoming messages */
                    623:
1.55      itojun    624: static void
1.2       provos    625: process_message(SocketEntry *e)
1.1       deraadt   626: {
1.194     markus    627:        u_int msg_len;
                    628:        u_char type;
                    629:        const u_char *cp;
                    630:        int r;
1.89      markus    631:
1.194     markus    632:        if (sshbuf_len(e->input) < 5)
1.21      markus    633:                return;         /* Incomplete message. */
1.194     markus    634:        cp = sshbuf_ptr(e->input);
                    635:        msg_len = PEEK_U32(cp);
1.21      markus    636:        if (msg_len > 256 * 1024) {
1.101     stevesk   637:                close_socket(e);
1.21      markus    638:                return;
                    639:        }
1.194     markus    640:        if (sshbuf_len(e->input) < msg_len + 4)
1.21      markus    641:                return;
1.87      markus    642:
                    643:        /* move the current input to e->request */
1.194     markus    644:        sshbuf_reset(e->request);
                    645:        if ((r = sshbuf_get_stringb(e->input, e->request)) != 0 ||
                    646:            (r = sshbuf_get_u8(e->request, &type)) != 0)
                    647:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.21      markus    648:
1.88      markus    649:        /* check wheter agent is locked */
                    650:        if (locked && type != SSH_AGENTC_UNLOCK) {
1.194     markus    651:                sshbuf_reset(e->request);
1.88      markus    652:                switch (type) {
                    653:                case SSH2_AGENTC_REQUEST_IDENTITIES:
                    654:                        /* send empty lists */
1.221     djm       655:                        no_identities(e);
1.88      markus    656:                        break;
                    657:                default:
                    658:                        /* send a fail message for all other request types */
1.194     markus    659:                        send_status(e, 0);
1.88      markus    660:                }
                    661:                return;
                    662:        }
                    663:
1.59      markus    664:        debug("type %d", type);
1.21      markus    665:        switch (type) {
1.88      markus    666:        case SSH_AGENTC_LOCK:
                    667:        case SSH_AGENTC_UNLOCK:
                    668:                process_lock_agent(e, type == SSH_AGENTC_LOCK);
                    669:                break;
1.21      markus    670:        case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
1.221     djm       671:                process_remove_all_identities(e); /* safe for !WITH_SSH1 */
1.33      markus    672:                break;
                    673:        /* ssh2 */
                    674:        case SSH2_AGENTC_SIGN_REQUEST:
                    675:                process_sign_request2(e);
                    676:                break;
                    677:        case SSH2_AGENTC_REQUEST_IDENTITIES:
1.221     djm       678:                process_request_identities(e);
1.33      markus    679:                break;
                    680:        case SSH2_AGENTC_ADD_IDENTITY:
1.94      markus    681:        case SSH2_AGENTC_ADD_ID_CONSTRAINED:
1.221     djm       682:                process_add_identity(e);
1.33      markus    683:                break;
                    684:        case SSH2_AGENTC_REMOVE_IDENTITY:
1.221     djm       685:                process_remove_identity(e);
1.33      markus    686:                break;
                    687:        case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
1.221     djm       688:                process_remove_all_identities(e);
1.21      markus    689:                break;
1.163     markus    690: #ifdef ENABLE_PKCS11
1.59      markus    691:        case SSH_AGENTC_ADD_SMARTCARD_KEY:
1.110     djm       692:        case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
1.59      markus    693:                process_add_smartcard_key(e);
1.75      deraadt   694:                break;
1.59      markus    695:        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
                    696:                process_remove_smartcard_key(e);
1.75      deraadt   697:                break;
1.163     markus    698: #endif /* ENABLE_PKCS11 */
1.21      markus    699:        default:
                    700:                /* Unknown message.  Respond with failure. */
                    701:                error("Unknown message %d", type);
1.194     markus    702:                sshbuf_reset(e->request);
                    703:                send_status(e, 0);
1.21      markus    704:                break;
                    705:        }
1.1       deraadt   706: }
                    707:
1.55      itojun    708: static void
1.73      stevesk   709: new_socket(sock_type type, int fd)
1.1       deraadt   710: {
1.112     markus    711:        u_int i, old_alloc, new_alloc;
1.96      deraadt   712:
1.119     djm       713:        set_nonblock(fd);
1.21      markus    714:
                    715:        if (fd > max_fd)
                    716:                max_fd = fd;
                    717:
                    718:        for (i = 0; i < sockets_alloc; i++)
                    719:                if (sockets[i].type == AUTH_UNUSED) {
                    720:                        sockets[i].fd = fd;
1.194     markus    721:                        if ((sockets[i].input = sshbuf_new()) == NULL)
                    722:                                fatal("%s: sshbuf_new failed", __func__);
                    723:                        if ((sockets[i].output = sshbuf_new()) == NULL)
                    724:                                fatal("%s: sshbuf_new failed", __func__);
                    725:                        if ((sockets[i].request = sshbuf_new()) == NULL)
                    726:                                fatal("%s: sshbuf_new failed", __func__);
1.112     markus    727:                        sockets[i].type = type;
1.21      markus    728:                        return;
                    729:                }
                    730:        old_alloc = sockets_alloc;
1.112     markus    731:        new_alloc = sockets_alloc + 10;
1.200     deraadt   732:        sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0]));
1.112     markus    733:        for (i = old_alloc; i < new_alloc; i++)
1.21      markus    734:                sockets[i].type = AUTH_UNUSED;
1.112     markus    735:        sockets_alloc = new_alloc;
1.21      markus    736:        sockets[old_alloc].fd = fd;
1.194     markus    737:        if ((sockets[old_alloc].input = sshbuf_new()) == NULL)
                    738:                fatal("%s: sshbuf_new failed", __func__);
                    739:        if ((sockets[old_alloc].output = sshbuf_new()) == NULL)
                    740:                fatal("%s: sshbuf_new failed", __func__);
                    741:        if ((sockets[old_alloc].request = sshbuf_new()) == NULL)
                    742:                fatal("%s: sshbuf_new failed", __func__);
1.112     markus    743:        sockets[old_alloc].type = type;
1.1       deraadt   744: }
                    745:
1.55      itojun    746: static int
1.155     dtucker   747: prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
                    748:     struct timeval **tvpp)
1.1       deraadt   749: {
1.174     dtucker   750:        u_int i, sz;
1.46      markus    751:        int n = 0;
1.155     dtucker   752:        static struct timeval tv;
1.174     dtucker   753:        time_t deadline;
1.46      markus    754:
                    755:        for (i = 0; i < sockets_alloc; i++) {
1.21      markus    756:                switch (sockets[i].type) {
                    757:                case AUTH_SOCKET:
                    758:                case AUTH_CONNECTION:
1.214     deraadt   759:                        n = MAXIMUM(n, sockets[i].fd);
1.21      markus    760:                        break;
                    761:                case AUTH_UNUSED:
                    762:                        break;
                    763:                default:
                    764:                        fatal("Unknown socket type %d", sockets[i].type);
                    765:                        break;
                    766:                }
1.46      markus    767:        }
                    768:
                    769:        sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
1.66      markus    770:        if (*fdrp == NULL || sz > *nallocp) {
1.173     djm       771:                free(*fdrp);
                    772:                free(*fdwp);
1.46      markus    773:                *fdrp = xmalloc(sz);
                    774:                *fdwp = xmalloc(sz);
1.66      markus    775:                *nallocp = sz;
1.46      markus    776:        }
1.66      markus    777:        if (n < *fdl)
                    778:                debug("XXX shrink: %d < %d", n, *fdl);
                    779:        *fdl = n;
1.46      markus    780:        memset(*fdrp, 0, sz);
                    781:        memset(*fdwp, 0, sz);
                    782:
                    783:        for (i = 0; i < sockets_alloc; i++) {
                    784:                switch (sockets[i].type) {
                    785:                case AUTH_SOCKET:
                    786:                case AUTH_CONNECTION:
                    787:                        FD_SET(sockets[i].fd, *fdrp);
1.194     markus    788:                        if (sshbuf_len(sockets[i].output) > 0)
1.46      markus    789:                                FD_SET(sockets[i].fd, *fdwp);
                    790:                        break;
                    791:                default:
                    792:                        break;
                    793:                }
                    794:        }
1.155     dtucker   795:        deadline = reaper();
                    796:        if (parent_alive_interval != 0)
                    797:                deadline = (deadline == 0) ? parent_alive_interval :
1.214     deraadt   798:                    MINIMUM(deadline, parent_alive_interval);
1.155     dtucker   799:        if (deadline == 0) {
                    800:                *tvpp = NULL;
                    801:        } else {
                    802:                tv.tv_sec = deadline;
                    803:                tv.tv_usec = 0;
                    804:                *tvpp = &tv;
                    805:        }
1.46      markus    806:        return (1);
1.21      markus    807: }
                    808:
1.55      itojun    809: static void
1.21      markus    810: after_select(fd_set *readset, fd_set *writeset)
                    811: {
1.96      deraadt   812:        struct sockaddr_un sunaddr;
1.26      markus    813:        socklen_t slen;
1.21      markus    814:        char buf[1024];
1.194     markus    815:        int len, sock, r;
1.162     djm       816:        u_int i, orig_alloc;
1.103     markus    817:        uid_t euid;
                    818:        gid_t egid;
1.21      markus    819:
1.162     djm       820:        for (i = 0, orig_alloc = sockets_alloc; i < orig_alloc; i++)
1.21      markus    821:                switch (sockets[i].type) {
                    822:                case AUTH_UNUSED:
                    823:                        break;
                    824:                case AUTH_SOCKET:
                    825:                        if (FD_ISSET(sockets[i].fd, readset)) {
1.26      markus    826:                                slen = sizeof(sunaddr);
1.46      markus    827:                                sock = accept(sockets[i].fd,
1.131     deraadt   828:                                    (struct sockaddr *)&sunaddr, &slen);
1.21      markus    829:                                if (sock < 0) {
1.81      stevesk   830:                                        error("accept from AUTH_SOCKET: %s",
                    831:                                            strerror(errno));
1.103     markus    832:                                        break;
                    833:                                }
                    834:                                if (getpeereid(sock, &euid, &egid) < 0) {
                    835:                                        error("getpeereid %d failed: %s",
                    836:                                            sock, strerror(errno));
                    837:                                        close(sock);
                    838:                                        break;
                    839:                                }
1.105     markus    840:                                if ((euid != 0) && (getuid() != euid)) {
1.103     markus    841:                                        error("uid mismatch: "
1.104     stevesk   842:                                            "peer euid %u != uid %u",
                    843:                                            (u_int) euid, (u_int) getuid());
1.103     markus    844:                                        close(sock);
1.21      markus    845:                                        break;
                    846:                                }
                    847:                                new_socket(AUTH_CONNECTION, sock);
                    848:                        }
                    849:                        break;
                    850:                case AUTH_CONNECTION:
1.194     markus    851:                        if (sshbuf_len(sockets[i].output) > 0 &&
1.21      markus    852:                            FD_ISSET(sockets[i].fd, writeset)) {
1.162     djm       853:                                len = write(sockets[i].fd,
1.194     markus    854:                                    sshbuf_ptr(sockets[i].output),
                    855:                                    sshbuf_len(sockets[i].output));
1.162     djm       856:                                if (len == -1 && (errno == EAGAIN ||
                    857:                                    errno == EINTR))
                    858:                                        continue;
1.21      markus    859:                                if (len <= 0) {
1.101     stevesk   860:                                        close_socket(&sockets[i]);
1.21      markus    861:                                        break;
                    862:                                }
1.194     markus    863:                                if ((r = sshbuf_consume(sockets[i].output,
                    864:                                    len)) != 0)
                    865:                                        fatal("%s: buffer error: %s",
                    866:                                            __func__, ssh_err(r));
1.21      markus    867:                        }
                    868:                        if (FD_ISSET(sockets[i].fd, readset)) {
1.162     djm       869:                                len = read(sockets[i].fd, buf, sizeof(buf));
                    870:                                if (len == -1 && (errno == EAGAIN ||
                    871:                                    errno == EINTR))
                    872:                                        continue;
1.21      markus    873:                                if (len <= 0) {
1.101     stevesk   874:                                        close_socket(&sockets[i]);
1.21      markus    875:                                        break;
                    876:                                }
1.194     markus    877:                                if ((r = sshbuf_put(sockets[i].input,
                    878:                                    buf, len)) != 0)
                    879:                                        fatal("%s: buffer error: %s",
                    880:                                            __func__, ssh_err(r));
1.190     dtucker   881:                                explicit_bzero(buf, sizeof(buf));
1.21      markus    882:                                process_message(&sockets[i]);
                    883:                        }
                    884:                        break;
                    885:                default:
                    886:                        fatal("Unknown type %d", sockets[i].type);
                    887:                }
1.1       deraadt   888: }
                    889:
1.55      itojun    890: static void
1.113     markus    891: cleanup_socket(void)
1.15      markus    892: {
1.187     djm       893:        if (cleanup_pid != 0 && getpid() != cleanup_pid)
                    894:                return;
                    895:        debug("%s: cleanup", __func__);
1.48      deraadt   896:        if (socket_name[0])
                    897:                unlink(socket_name);
                    898:        if (socket_dir[0])
                    899:                rmdir(socket_dir);
1.10      markus    900: }
                    901:
1.114     markus    902: void
1.15      markus    903: cleanup_exit(int i)
                    904: {
1.113     markus    905:        cleanup_socket();
                    906:        _exit(i);
1.15      markus    907: }
                    908:
1.135     deraadt   909: /*ARGSUSED*/
1.55      itojun    910: static void
1.48      deraadt   911: cleanup_handler(int sig)
                    912: {
1.113     markus    913:        cleanup_socket();
1.163     markus    914: #ifdef ENABLE_PKCS11
                    915:        pkcs11_terminate();
                    916: #endif
1.48      deraadt   917:        _exit(2);
1.113     markus    918: }
                    919:
1.68      markus    920: static void
1.155     dtucker   921: check_parent_exists(void)
1.68      markus    922: {
1.172     dtucker   923:        /*
                    924:         * If our parent has exited then getppid() will return (pid_t)1,
                    925:         * so testing for that should be safe.
                    926:         */
                    927:        if (parent_pid != -1 && getppid() != parent_pid) {
1.68      markus    928:                /* printf("Parent has died - Authentication agent exiting.\n"); */
1.155     dtucker   929:                cleanup_socket();
                    930:                _exit(2);
1.68      markus    931:        }
1.48      deraadt   932: }
                    933:
1.55      itojun    934: static void
1.50      itojun    935: usage(void)
1.15      markus    936: {
1.184     deraadt   937:        fprintf(stderr,
1.202     jmc       938:            "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
1.215     djm       939:            "                 [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n"
1.184     deraadt   940:            "       ssh-agent [-c | -s] -k\n");
1.21      markus    941:        exit(1);
1.15      markus    942: }
                    943:
1.2       provos    944: int
                    945: main(int ac, char **av)
1.1       deraadt   946: {
1.201     djm       947:        int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
1.154     dtucker   948:        int sock, fd, ch, result, saved_errno;
1.120     avsm      949:        u_int nalloc;
1.96      deraadt   950:        char *shell, *format, *pidstr, *agentsocket = NULL;
                    951:        fd_set *readsetp = NULL, *writesetp = NULL;
1.41      markus    952:        struct rlimit rlim;
1.96      deraadt   953:        extern int optind;
1.98      stevesk   954:        extern char *optarg;
1.21      markus    955:        pid_t pid;
1.96      deraadt   956:        char pidstrbuf[1 + 3 * sizeof pid];
1.155     dtucker   957:        struct timeval *tvp = NULL;
1.161     tobias    958:        size_t len;
1.189     djm       959:        mode_t prev_mask;
1.123     djm       960:
1.212     dtucker   961:        ssh_malloc_init();      /* must be called before any mallocs */
1.123     djm       962:        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
                    963:        sanitise_stdfd();
1.99      markus    964:
                    965:        /* drop */
                    966:        setegid(getgid());
                    967:        setgid(getgid());
1.53      markus    968:
1.185     markus    969: #ifdef WITH_OPENSSL
1.170     djm       970:        OpenSSL_add_all_algorithms();
1.185     markus    971: #endif
1.21      markus    972:
1.215     djm       973:        while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
1.21      markus    974:                switch (ch) {
1.192     djm       975:                case 'E':
                    976:                        fingerprint_hash = ssh_digest_alg_by_name(optarg);
                    977:                        if (fingerprint_hash == -1)
                    978:                                fatal("Invalid hash algorithm \"%s\"", optarg);
                    979:                        break;
1.21      markus    980:                case 'c':
                    981:                        if (s_flag)
                    982:                                usage();
                    983:                        c_flag++;
                    984:                        break;
                    985:                case 'k':
                    986:                        k_flag++;
                    987:                        break;
1.215     djm       988:                case 'P':
                    989:                        if (pkcs11_whitelist != NULL)
                    990:                                fatal("-P option already specified");
                    991:                        pkcs11_whitelist = xstrdup(optarg);
                    992:                        break;
1.21      markus    993:                case 's':
                    994:                        if (c_flag)
                    995:                                usage();
                    996:                        s_flag++;
                    997:                        break;
1.57      markus    998:                case 'd':
1.201     djm       999:                        if (d_flag || D_flag)
1.57      markus   1000:                                usage();
                   1001:                        d_flag++;
                   1002:                        break;
1.201     djm      1003:                case 'D':
                   1004:                        if (d_flag || D_flag)
                   1005:                                usage();
                   1006:                        D_flag++;
                   1007:                        break;
1.86      markus   1008:                case 'a':
                   1009:                        agentsocket = optarg;
1.106     marc     1010:                        break;
                   1011:                case 't':
                   1012:                        if ((lifetime = convtime(optarg)) == -1) {
                   1013:                                fprintf(stderr, "Invalid lifetime\n");
                   1014:                                usage();
                   1015:                        }
1.86      markus   1016:                        break;
1.21      markus   1017:                default:
                   1018:                        usage();
                   1019:                }
                   1020:        }
                   1021:        ac -= optind;
                   1022:        av += optind;
                   1023:
1.201     djm      1024:        if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag))
1.21      markus   1025:                usage();
                   1026:
1.215     djm      1027:        if (pkcs11_whitelist == NULL)
                   1028:                pkcs11_whitelist = xstrdup(DEFAULT_PKCS11_WHITELIST);
                   1029:
1.85      markus   1030:        if (ac == 0 && !c_flag && !s_flag) {
1.21      markus   1031:                shell = getenv("SHELL");
1.161     tobias   1032:                if (shell != NULL && (len = strlen(shell)) > 2 &&
                   1033:                    strncmp(shell + len - 3, "csh", 3) == 0)
1.21      markus   1034:                        c_flag = 1;
                   1035:        }
                   1036:        if (k_flag) {
1.136     deraadt  1037:                const char *errstr = NULL;
                   1038:
1.21      markus   1039:                pidstr = getenv(SSH_AGENTPID_ENV_NAME);
                   1040:                if (pidstr == NULL) {
                   1041:                        fprintf(stderr, "%s not set, cannot kill agent\n",
1.46      markus   1042:                            SSH_AGENTPID_ENV_NAME);
1.21      markus   1043:                        exit(1);
                   1044:                }
1.136     deraadt  1045:                pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr);
                   1046:                if (errstr) {
                   1047:                        fprintf(stderr,
                   1048:                            "%s=\"%s\", which is not a good PID: %s\n",
                   1049:                            SSH_AGENTPID_ENV_NAME, pidstr, errstr);
1.21      markus   1050:                        exit(1);
                   1051:                }
                   1052:                if (kill(pid, SIGTERM) == -1) {
                   1053:                        perror("kill");
                   1054:                        exit(1);
                   1055:                }
                   1056:                format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
1.140     djm      1057:                printf(format, SSH_AUTHSOCKET_ENV_NAME);
                   1058:                printf(format, SSH_AGENTPID_ENV_NAME);
1.91      mpech    1059:                printf("echo Agent pid %ld killed;\n", (long)pid);
1.21      markus   1060:                exit(0);
                   1061:        }
                   1062:        parent_pid = getpid();
                   1063:
1.86      markus   1064:        if (agentsocket == NULL) {
                   1065:                /* Create private directory for agent socket */
1.171     djm      1066:                mktemp_proto(socket_dir, sizeof(socket_dir));
1.86      markus   1067:                if (mkdtemp(socket_dir) == NULL) {
                   1068:                        perror("mkdtemp: private socket dir");
                   1069:                        exit(1);
                   1070:                }
1.91      mpech    1071:                snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir,
                   1072:                    (long)parent_pid);
1.86      markus   1073:        } else {
                   1074:                /* Try to use specified agent socket */
                   1075:                socket_dir[0] = '\0';
                   1076:                strlcpy(socket_name, agentsocket, sizeof socket_name);
1.21      markus   1077:        }
                   1078:
1.23      markus   1079:        /*
                   1080:         * Create socket early so it will exist before command gets run from
                   1081:         * the parent.
                   1082:         */
1.189     djm      1083:        prev_mask = umask(0177);
1.188     millert  1084:        sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
1.21      markus   1085:        if (sock < 0) {
1.188     millert  1086:                /* XXX - unix_listener() calls error() not perror() */
1.121     djm      1087:                *socket_name = '\0'; /* Don't unlink any existing file */
1.21      markus   1088:                cleanup_exit(1);
                   1089:        }
1.189     djm      1090:        umask(prev_mask);
1.46      markus   1091:
1.23      markus   1092:        /*
                   1093:         * Fork, and have the parent execute the command, if any, or present
                   1094:         * the socket data.  The child continues as the authentication agent.
                   1095:         */
1.201     djm      1096:        if (D_flag || d_flag) {
                   1097:                log_init(__progname,
                   1098:                    d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
                   1099:                    SYSLOG_FACILITY_AUTH, 1);
1.57      markus   1100:                format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
                   1101:                printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
                   1102:                    SSH_AUTHSOCKET_ENV_NAME);
1.91      mpech    1103:                printf("echo Agent pid %ld;\n", (long)parent_pid);
1.210     dtucker  1104:                fflush(stdout);
1.57      markus   1105:                goto skip;
                   1106:        }
1.21      markus   1107:        pid = fork();
                   1108:        if (pid == -1) {
                   1109:                perror("fork");
1.81      stevesk  1110:                cleanup_exit(1);
1.21      markus   1111:        }
                   1112:        if (pid != 0) {         /* Parent - execute the given command. */
                   1113:                close(sock);
1.91      mpech    1114:                snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid);
1.21      markus   1115:                if (ac == 0) {
                   1116:                        format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
                   1117:                        printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
1.46      markus   1118:                            SSH_AUTHSOCKET_ENV_NAME);
1.21      markus   1119:                        printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
1.46      markus   1120:                            SSH_AGENTPID_ENV_NAME);
1.91      mpech    1121:                        printf("echo Agent pid %ld;\n", (long)pid);
1.21      markus   1122:                        exit(0);
                   1123:                }
1.36      deraadt  1124:                if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 ||
                   1125:                    setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) {
                   1126:                        perror("setenv");
                   1127:                        exit(1);
                   1128:                }
1.21      markus   1129:                execvp(av[0], av);
                   1130:                perror(av[0]);
                   1131:                exit(1);
                   1132:        }
1.81      stevesk  1133:        /* child */
                   1134:        log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
1.67      stevesk  1135:
                   1136:        if (setsid() == -1) {
1.81      stevesk  1137:                error("setsid: %s", strerror(errno));
1.67      stevesk  1138:                cleanup_exit(1);
                   1139:        }
                   1140:
                   1141:        (void)chdir("/");
1.107     markus   1142:        if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
                   1143:                /* XXX might close listen socket */
                   1144:                (void)dup2(fd, STDIN_FILENO);
                   1145:                (void)dup2(fd, STDOUT_FILENO);
                   1146:                (void)dup2(fd, STDERR_FILENO);
                   1147:                if (fd > 2)
                   1148:                        close(fd);
                   1149:        }
1.21      markus   1150:
1.41      markus   1151:        /* deny core dumps, since memory contains unencrypted private keys */
                   1152:        rlim.rlim_cur = rlim.rlim_max = 0;
                   1153:        if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
1.81      stevesk  1154:                error("setrlimit RLIMIT_CORE: %s", strerror(errno));
1.21      markus   1155:                cleanup_exit(1);
                   1156:        }
1.57      markus   1157:
                   1158: skip:
1.187     djm      1159:
                   1160:        cleanup_pid = getpid();
1.163     markus   1161:
                   1162: #ifdef ENABLE_PKCS11
                   1163:        pkcs11_init(0);
                   1164: #endif
1.21      markus   1165:        new_socket(AUTH_SOCKET, sock);
1.155     dtucker  1166:        if (ac > 0)
                   1167:                parent_alive_interval = 10;
1.33      markus   1168:        idtab_init();
1.61      markus   1169:        signal(SIGPIPE, SIG_IGN);
1.201     djm      1170:        signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
1.48      deraadt  1171:        signal(SIGHUP, cleanup_handler);
                   1172:        signal(SIGTERM, cleanup_handler);
1.66      markus   1173:        nalloc = 0;
1.205     djm      1174:
1.215     djm      1175:        if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
1.205     djm      1176:                fatal("%s: pledge: %s", __progname, strerror(errno));
1.66      markus   1177:
1.21      markus   1178:        while (1) {
1.155     dtucker  1179:                prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
                   1180:                result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
1.154     dtucker  1181:                saved_errno = errno;
1.155     dtucker  1182:                if (parent_alive_interval != 0)
                   1183:                        check_parent_exists();
                   1184:                (void) reaper();        /* remove expired keys */
1.154     dtucker  1185:                if (result < 0) {
                   1186:                        if (saved_errno == EINTR)
1.21      markus   1187:                                continue;
1.154     dtucker  1188:                        fatal("select: %s", strerror(saved_errno));
                   1189:                } else if (result > 0)
                   1190:                        after_select(readsetp, writesetp);
1.15      markus   1191:        }
1.21      markus   1192:        /* NOTREACHED */
1.1       deraadt  1193: }