version 1.13, 2017/05/30 08:52:19 |
version 1.14, 2018/01/08 15:18:46 |
|
|
#include <errno.h> |
#include <errno.h> |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "buffer.h" |
#include "sshbuf.h" |
#include "log.h" |
#include "log.h" |
#include "misc.h" |
#include "misc.h" |
#include "key.h" |
#include "sshkey.h" |
#include "authfd.h" |
#include "authfd.h" |
#include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
|
#include "ssherr.h" |
|
|
/* borrows code from sftp-server and ssh-agent */ |
/* borrows code from sftp-server and ssh-agent */ |
|
|
|
|
|
|
#define MAX_MSG_LENGTH 10240 /*XXX*/ |
#define MAX_MSG_LENGTH 10240 /*XXX*/ |
|
|
/* helper */ |
|
#define get_int() buffer_get_int(&iqueue); |
|
#define get_string(lenp) buffer_get_string(&iqueue, lenp); |
|
|
|
/* input and output queue */ |
/* input and output queue */ |
Buffer iqueue; |
struct sshbuf *iqueue; |
Buffer oqueue; |
struct sshbuf *oqueue; |
|
|
static void |
static void |
add_key(struct sshkey *k, char *name) |
add_key(struct sshkey *k, char *name) |
|
|
if (!strcmp(ki->providername, name)) { |
if (!strcmp(ki->providername, name)) { |
TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
free(ki->providername); |
free(ki->providername); |
key_free(ki->key); |
sshkey_free(ki->key); |
free(ki); |
free(ki); |
} |
} |
} |
} |
|
|
|
|
TAILQ_FOREACH(ki, &pkcs11_keylist, next) { |
TAILQ_FOREACH(ki, &pkcs11_keylist, next) { |
debug("check %p %s", ki, ki->providername); |
debug("check %p %s", ki, ki->providername); |
if (key_equal(k, ki->key)) |
if (sshkey_equal(k, ki->key)) |
return (ki->key); |
return (ki->key); |
} |
} |
return (NULL); |
return (NULL); |
} |
} |
|
|
static void |
static void |
send_msg(Buffer *m) |
send_msg(struct sshbuf *m) |
{ |
{ |
int mlen = buffer_len(m); |
int r; |
|
|
buffer_put_int(&oqueue, mlen); |
if ((r = sshbuf_put_stringb(oqueue, m)) != 0) |
buffer_append(&oqueue, buffer_ptr(m), mlen); |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
buffer_consume(m, mlen); |
|
} |
} |
|
|
static void |
static void |
|
|
{ |
{ |
char *name, *pin; |
char *name, *pin; |
struct sshkey **keys; |
struct sshkey **keys; |
int i, nkeys; |
int r, i, nkeys; |
u_char *blob; |
u_char *blob; |
u_int blen; |
size_t blen; |
Buffer msg; |
struct sshbuf *msg; |
|
|
buffer_init(&msg); |
if ((msg = sshbuf_new()) == NULL) |
name = get_string(NULL); |
fatal("%s: sshbuf_new failed", __func__); |
pin = get_string(NULL); |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
|
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { |
if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { |
buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER); |
if ((r = sshbuf_put_u8(msg, |
buffer_put_int(&msg, nkeys); |
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
|
(r = sshbuf_put_u32(msg, nkeys)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
for (i = 0; i < nkeys; i++) { |
for (i = 0; i < nkeys; i++) { |
if (key_to_blob(keys[i], &blob, &blen) == 0) |
if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { |
|
debug("%s: sshkey_to_blob: %s", |
|
__func__, ssh_err(r)); |
continue; |
continue; |
buffer_put_string(&msg, blob, blen); |
} |
buffer_put_cstring(&msg, name); |
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || |
|
(r = sshbuf_put_cstring(msg, name)) != 0) |
|
fatal("%s: buffer error: %s", |
|
__func__, ssh_err(r)); |
free(blob); |
free(blob); |
add_key(keys[i], name); |
add_key(keys[i], name); |
} |
} |
free(keys); |
free(keys); |
} else { |
} else { |
buffer_put_char(&msg, SSH_AGENT_FAILURE); |
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} |
} |
free(pin); |
free(pin); |
free(name); |
free(name); |
send_msg(&msg); |
send_msg(msg); |
buffer_free(&msg); |
sshbuf_free(msg); |
} |
} |
|
|
static void |
static void |
process_del(void) |
process_del(void) |
{ |
{ |
char *name, *pin; |
char *name, *pin; |
Buffer msg; |
struct sshbuf *msg; |
|
int r; |
|
|
buffer_init(&msg); |
if ((msg = sshbuf_new()) == NULL) |
name = get_string(NULL); |
fatal("%s: sshbuf_new failed", __func__); |
pin = get_string(NULL); |
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || |
|
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
del_keys_by_name(name); |
del_keys_by_name(name); |
if (pkcs11_del_provider(name) == 0) |
if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? |
buffer_put_char(&msg, SSH_AGENT_SUCCESS); |
SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) |
else |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
buffer_put_char(&msg, SSH_AGENT_FAILURE); |
|
free(pin); |
free(pin); |
free(name); |
free(name); |
send_msg(&msg); |
send_msg(msg); |
buffer_free(&msg); |
sshbuf_free(msg); |
} |
} |
|
|
static void |
static void |
process_sign(void) |
process_sign(void) |
{ |
{ |
u_char *blob, *data, *signature = NULL; |
u_char *blob, *data, *signature = NULL; |
u_int blen, dlen, slen = 0; |
size_t blen, dlen, slen = 0; |
int ok = -1; |
int r, ok = -1; |
struct sshkey *key, *found; |
struct sshkey *key, *found; |
Buffer msg; |
struct sshbuf *msg; |
|
|
blob = get_string(&blen); |
/* XXX support SHA2 signature flags */ |
data = get_string(&dlen); |
if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || |
(void)get_int(); /* XXX ignore flags */ |
(r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || |
|
(r = sshbuf_get_u32(iqueue, NULL)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
|
|
if ((key = key_from_blob(blob, blen)) != NULL) { |
if ((r = sshkey_from_blob(blob, blen, &key)) != 0) |
|
error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); |
|
else { |
if ((found = lookup_key(key)) != NULL) { |
if ((found = lookup_key(key)) != NULL) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
int ret; |
int ret; |
|
|
} |
} |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
} |
} |
key_free(key); |
sshkey_free(key); |
} |
} |
buffer_init(&msg); |
if ((msg = sshbuf_new()) == NULL) |
|
fatal("%s: sshbuf_new failed", __func__); |
if (ok == 0) { |
if (ok == 0) { |
buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
buffer_put_string(&msg, signature, slen); |
(r = sshbuf_put_string(msg, signature, slen)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} else { |
} else { |
buffer_put_char(&msg, SSH_AGENT_FAILURE); |
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} |
} |
free(data); |
free(data); |
free(blob); |
free(blob); |
free(signature); |
free(signature); |
send_msg(&msg); |
send_msg(msg); |
buffer_free(&msg); |
sshbuf_free(msg); |
} |
} |
|
|
static void |
static void |
|
|
u_int msg_len; |
u_int msg_len; |
u_int buf_len; |
u_int buf_len; |
u_int consumed; |
u_int consumed; |
u_int type; |
u_char type; |
u_char *cp; |
const u_char *cp; |
|
int r; |
|
|
buf_len = buffer_len(&iqueue); |
buf_len = sshbuf_len(iqueue); |
if (buf_len < 5) |
if (buf_len < 5) |
return; /* Incomplete message. */ |
return; /* Incomplete message. */ |
cp = buffer_ptr(&iqueue); |
cp = sshbuf_ptr(iqueue); |
msg_len = get_u32(cp); |
msg_len = get_u32(cp); |
if (msg_len > MAX_MSG_LENGTH) { |
if (msg_len > MAX_MSG_LENGTH) { |
error("bad message len %d", msg_len); |
error("bad message len %d", msg_len); |
|
|
} |
} |
if (buf_len < msg_len + 4) |
if (buf_len < msg_len + 4) |
return; |
return; |
buffer_consume(&iqueue, 4); |
if ((r = sshbuf_consume(iqueue, 4)) != 0 || |
|
(r = sshbuf_get_u8(iqueue, &type)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
buf_len -= 4; |
buf_len -= 4; |
type = buffer_get_char(&iqueue); |
|
switch (type) { |
switch (type) { |
case SSH_AGENTC_ADD_SMARTCARD_KEY: |
case SSH_AGENTC_ADD_SMARTCARD_KEY: |
debug("process_add"); |
debug("process_add"); |
|
|
break; |
break; |
} |
} |
/* discard the remaining bytes from the current packet */ |
/* discard the remaining bytes from the current packet */ |
if (buf_len < buffer_len(&iqueue)) { |
if (buf_len < sshbuf_len(iqueue)) { |
error("iqueue grew unexpectedly"); |
error("iqueue grew unexpectedly"); |
cleanup_exit(255); |
cleanup_exit(255); |
} |
} |
consumed = buf_len - buffer_len(&iqueue); |
consumed = buf_len - sshbuf_len(iqueue); |
if (msg_len < consumed) { |
if (msg_len < consumed) { |
error("msg_len %d < consumed %d", msg_len, consumed); |
error("msg_len %d < consumed %d", msg_len, consumed); |
cleanup_exit(255); |
cleanup_exit(255); |
} |
} |
if (msg_len > consumed) |
if (msg_len > consumed) { |
buffer_consume(&iqueue, msg_len - consumed); |
if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
|
} |
} |
} |
|
|
void |
void |
|
|
main(int argc, char **argv) |
main(int argc, char **argv) |
{ |
{ |
fd_set *rset, *wset; |
fd_set *rset, *wset; |
int in, out, max, log_stderr = 0; |
int r, in, out, max, log_stderr = 0; |
ssize_t len, olen, set_size; |
ssize_t len, olen, set_size; |
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; |
LogLevel log_level = SYSLOG_LEVEL_ERROR; |
LogLevel log_level = SYSLOG_LEVEL_ERROR; |
|
|
if (out > max) |
if (out > max) |
max = out; |
max = out; |
|
|
buffer_init(&iqueue); |
if ((iqueue = sshbuf_new()) == NULL) |
buffer_init(&oqueue); |
fatal("%s: sshbuf_new failed", __func__); |
|
if ((oqueue = sshbuf_new()) == NULL) |
|
fatal("%s: sshbuf_new failed", __func__); |
|
|
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); |
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); |
rset = xmalloc(set_size); |
rset = xmalloc(set_size); |
|
|
* the worst-case length packet it can generate, |
* the worst-case length packet it can generate, |
* otherwise apply backpressure by stopping reads. |
* otherwise apply backpressure by stopping reads. |
*/ |
*/ |
if (buffer_check_alloc(&iqueue, sizeof(buf)) && |
if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 && |
buffer_check_alloc(&oqueue, MAX_MSG_LENGTH)) |
(r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
FD_SET(in, rset); |
FD_SET(in, rset); |
|
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
|
|
olen = buffer_len(&oqueue); |
olen = sshbuf_len(oqueue); |
if (olen > 0) |
if (olen > 0) |
FD_SET(out, wset); |
FD_SET(out, wset); |
|
|
|
|
} else if (len < 0) { |
} else if (len < 0) { |
error("read: %s", strerror(errno)); |
error("read: %s", strerror(errno)); |
cleanup_exit(1); |
cleanup_exit(1); |
} else { |
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { |
buffer_append(&iqueue, buf, len); |
fatal("%s: buffer error: %s", |
|
__func__, ssh_err(r)); |
} |
} |
} |
} |
/* send oqueue to stdout */ |
/* send oqueue to stdout */ |
if (FD_ISSET(out, wset)) { |
if (FD_ISSET(out, wset)) { |
len = write(out, buffer_ptr(&oqueue), olen); |
len = write(out, sshbuf_ptr(oqueue), olen); |
if (len < 0) { |
if (len < 0) { |
error("write: %s", strerror(errno)); |
error("write: %s", strerror(errno)); |
cleanup_exit(1); |
cleanup_exit(1); |
} else { |
} else if ((r = sshbuf_consume(oqueue, len)) != 0) { |
buffer_consume(&oqueue, len); |
fatal("%s: buffer error: %s", |
|
__func__, ssh_err(r)); |
} |
} |
} |
} |
|
|
|
|
* into the output buffer, otherwise stop processing input |
* into the output buffer, otherwise stop processing input |
* and let the output queue drain. |
* and let the output queue drain. |
*/ |
*/ |
if (buffer_check_alloc(&oqueue, MAX_MSG_LENGTH)) |
if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) |
process(); |
process(); |
|
else if (r != SSH_ERR_NO_BUFFER_SPACE) |
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
} |
} |
} |
} |