djm@openbsd.org | 9a14c64 | 2019-10-31 21:23:19 +0000 | [diff] [blame] | 1 | /* $OpenBSD: ssh-agent.c,v 1.239 2019/10/31 21:23:19 djm Exp $ */ |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 2 | /* |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 6 | * The authentication agent program. |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 7 | * |
Damien Miller | e4340be | 2000-09-16 13:29:08 +1100 | [diff] [blame] | 8 | * As far as I am concerned, the code I have written for this software |
| 9 | * can be used freely for any purpose. Any derived versions of this |
| 10 | * software must be clearly marked as such, and if the derived work is |
| 11 | * incompatible with the protocol description in the RFC file, it must be |
| 12 | * called by a name other than "ssh" or "Secure Shell". |
| 13 | * |
Ben Lindstrom | 4469723 | 2001-07-04 03:32:30 +0000 | [diff] [blame] | 14 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
Damien Miller | e4340be | 2000-09-16 13:29:08 +1100 | [diff] [blame] | 15 | * |
| 16 | * Redistribution and use in source and binary forms, with or without |
| 17 | * modification, are permitted provided that the following conditions |
| 18 | * are met: |
| 19 | * 1. Redistributions of source code must retain the above copyright |
| 20 | * notice, this list of conditions and the following disclaimer. |
| 21 | * 2. Redistributions in binary form must reproduce the above copyright |
| 22 | * notice, this list of conditions and the following disclaimer in the |
| 23 | * documentation and/or other materials provided with the distribution. |
| 24 | * |
| 25 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 26 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 27 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 28 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 29 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 30 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 31 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 32 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 33 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 35 | */ |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 36 | |
| 37 | #include "includes.h" |
Damien Miller | 574c41f | 2006-03-15 11:40:10 +1100 | [diff] [blame] | 38 | |
| 39 | #include <sys/types.h> |
Damien Miller | 8dbffe7 | 2006-08-05 11:02:17 +1000 | [diff] [blame] | 40 | #include <sys/param.h> |
| 41 | #include <sys/resource.h> |
Damien Miller | 42fb068 | 2006-03-15 14:03:06 +1100 | [diff] [blame] | 42 | #include <sys/stat.h> |
Damien Miller | e3b60b5 | 2006-07-10 21:08:03 +1000 | [diff] [blame] | 43 | #include <sys/socket.h> |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 44 | #include <sys/wait.h> |
Damien Miller | 9aec919 | 2006-08-05 10:57:45 +1000 | [diff] [blame] | 45 | #ifdef HAVE_SYS_TIME_H |
| 46 | # include <sys/time.h> |
| 47 | #endif |
Damien Miller | 574c41f | 2006-03-15 11:40:10 +1100 | [diff] [blame] | 48 | #ifdef HAVE_SYS_UN_H |
| 49 | # include <sys/un.h> |
| 50 | #endif |
Damien Miller | 9b48151 | 2002-09-12 10:43:29 +1000 | [diff] [blame] | 51 | #include "openbsd-compat/sys-queue.h" |
Damien Miller | e3b60b5 | 2006-07-10 21:08:03 +1000 | [diff] [blame] | 52 | |
Damien Miller | 1f0311c | 2014-05-15 14:24:09 +1000 | [diff] [blame] | 53 | #ifdef WITH_OPENSSL |
Damien Miller | e3476ed | 2006-07-24 14:13:33 +1000 | [diff] [blame] | 54 | #include <openssl/evp.h> |
Darren Tucker | bfaaf96 | 2008-02-28 19:13:52 +1100 | [diff] [blame] | 55 | #include "openbsd-compat/openssl-compat.h" |
Damien Miller | 1f0311c | 2014-05-15 14:24:09 +1000 | [diff] [blame] | 56 | #endif |
Damien Miller | e3476ed | 2006-07-24 14:13:33 +1000 | [diff] [blame] | 57 | |
Darren Tucker | 3997249 | 2006-07-12 22:22:46 +1000 | [diff] [blame] | 58 | #include <errno.h> |
Damien Miller | 57cf638 | 2006-07-10 21:13:46 +1000 | [diff] [blame] | 59 | #include <fcntl.h> |
deraadt@openbsd.org | 2ae4f33 | 2015-01-16 06:40:12 +0000 | [diff] [blame] | 60 | #include <limits.h> |
Damien Miller | 03e2003 | 2006-03-15 11:16:59 +1100 | [diff] [blame] | 61 | #ifdef HAVE_PATHS_H |
Damien Miller | a9263d0 | 2006-03-15 11:18:26 +1100 | [diff] [blame] | 62 | # include <paths.h> |
Damien Miller | 03e2003 | 2006-03-15 11:16:59 +1100 | [diff] [blame] | 63 | #endif |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 64 | #ifdef HAVE_POLL_H |
| 65 | # include <poll.h> |
| 66 | #endif |
Damien Miller | 6ff3cad | 2006-03-15 11:52:09 +1100 | [diff] [blame] | 67 | #include <signal.h> |
Damien Miller | ded319c | 2006-09-01 15:38:36 +1000 | [diff] [blame] | 68 | #include <stdarg.h> |
Damien Miller | a7a73ee | 2006-08-05 11:37:59 +1000 | [diff] [blame] | 69 | #include <stdio.h> |
Damien Miller | e7a1e5c | 2006-08-05 11:34:19 +1000 | [diff] [blame] | 70 | #include <stdlib.h> |
Damien Miller | 5598b4f | 2006-07-24 14:09:40 +1000 | [diff] [blame] | 71 | #include <time.h> |
Damien Miller | e3476ed | 2006-07-24 14:13:33 +1000 | [diff] [blame] | 72 | #include <string.h> |
Damien Miller | e6b3b61 | 2006-07-24 14:01:23 +1000 | [diff] [blame] | 73 | #include <unistd.h> |
Damien Miller | e97201f | 2015-05-21 17:55:15 +1000 | [diff] [blame] | 74 | #ifdef HAVE_UTIL_H |
| 75 | # include <util.h> |
| 76 | #endif |
Damien Miller | 6ff3cad | 2006-03-15 11:52:09 +1100 | [diff] [blame] | 77 | |
Damien Miller | d783435 | 2006-08-05 12:39:39 +1000 | [diff] [blame] | 78 | #include "xmalloc.h" |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 79 | #include "ssh.h" |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 80 | #include "sshbuf.h" |
| 81 | #include "sshkey.h" |
Damien Miller | 994cf14 | 2000-07-21 10:19:44 +1000 | [diff] [blame] | 82 | #include "authfd.h" |
Damien Miller | 62cee00 | 2000-09-23 17:15:56 +1100 | [diff] [blame] | 83 | #include "compat.h" |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 84 | #include "log.h" |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 85 | #include "misc.h" |
Damien Miller | 4a1c7aa | 2014-02-04 11:03:36 +1100 | [diff] [blame] | 86 | #include "digest.h" |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 87 | #include "ssherr.h" |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 88 | #include "match.h" |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 89 | #include "msg.h" |
| 90 | #include "pathnames.h" |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 91 | #include "ssh-pkcs11.h" |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 92 | #include "ssh-sk.h" |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 93 | |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 94 | #ifndef DEFAULT_PROVIDER_WHITELIST |
| 95 | # define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 96 | #endif |
| 97 | |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 98 | /* Maximum accepted message length */ |
| 99 | #define AGENT_MAX_LEN (256*1024) |
djm@openbsd.org | d691588 | 2019-01-22 22:58:50 +0000 | [diff] [blame] | 100 | /* Maximum bytes to read from client socket */ |
| 101 | #define AGENT_RBUF_LEN (4096) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 102 | |
Ben Lindstrom | 65366a8 | 2001-12-06 16:32:47 +0000 | [diff] [blame] | 103 | typedef enum { |
| 104 | AUTH_UNUSED, |
| 105 | AUTH_SOCKET, |
| 106 | AUTH_CONNECTION |
| 107 | } sock_type; |
| 108 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 109 | typedef struct { |
| 110 | int fd; |
Ben Lindstrom | 65366a8 | 2001-12-06 16:32:47 +0000 | [diff] [blame] | 111 | sock_type type; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 112 | struct sshbuf *input; |
| 113 | struct sshbuf *output; |
| 114 | struct sshbuf *request; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 115 | } SocketEntry; |
| 116 | |
Ben Lindstrom | 46c1622 | 2000-12-22 01:43:59 +0000 | [diff] [blame] | 117 | u_int sockets_alloc = 0; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 118 | SocketEntry *sockets = NULL; |
| 119 | |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 120 | typedef struct identity { |
| 121 | TAILQ_ENTRY(identity) next; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 122 | struct sshkey *key; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 123 | char *comment; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 124 | char *provider; |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 125 | time_t death; |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 126 | u_int confirm; |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 127 | char *sk_provider; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 128 | } Identity; |
| 129 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 130 | struct idtable { |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 131 | int nentries; |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 132 | TAILQ_HEAD(idqueue, identity) idlist; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 133 | }; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 134 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 135 | /* private key table */ |
| 136 | struct idtable *idtab; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 137 | |
| 138 | int max_fd = 0; |
| 139 | |
| 140 | /* pid of shell == parent of agent */ |
Damien Miller | 166fca8 | 2000-04-20 07:42:21 +1000 | [diff] [blame] | 141 | pid_t parent_pid = -1; |
Darren Tucker | 073f795 | 2013-06-02 23:47:11 +1000 | [diff] [blame] | 142 | time_t parent_alive_interval = 0; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 143 | |
Damien Miller | b1e967c | 2014-07-03 21:22:40 +1000 | [diff] [blame] | 144 | /* pid of process for which cleanup_socket is applicable */ |
| 145 | pid_t cleanup_pid = 0; |
| 146 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 147 | /* pathname and directory for AUTH_SOCKET */ |
deraadt@openbsd.org | 2ae4f33 | 2015-01-16 06:40:12 +0000 | [diff] [blame] | 148 | char socket_name[PATH_MAX]; |
| 149 | char socket_dir[PATH_MAX]; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 150 | |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 151 | /* PKCS#11/Security key path whitelist */ |
| 152 | static char *provider_whitelist; |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 153 | |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 154 | /* locking */ |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 155 | #define LOCK_SIZE 32 |
| 156 | #define LOCK_SALT_SIZE 16 |
| 157 | #define LOCK_ROUNDS 1 |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 158 | int locked = 0; |
djm@openbsd.org | 1a31d02 | 2016-05-02 08:49:03 +0000 | [diff] [blame] | 159 | u_char lock_pwhash[LOCK_SIZE]; |
| 160 | u_char lock_salt[LOCK_SALT_SIZE]; |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 161 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 162 | extern char *__progname; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 163 | |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 164 | /* Default lifetime in seconds (0 == forever) */ |
| 165 | static long lifetime = 0; |
Damien Miller | 53d8148 | 2003-01-22 11:47:19 +1100 | [diff] [blame] | 166 | |
djm@openbsd.org | 56d1c83 | 2014-12-21 22:27:55 +0000 | [diff] [blame] | 167 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 168 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 169 | static void |
Damien Miller | 58f3486 | 2002-09-04 16:31:21 +1000 | [diff] [blame] | 170 | close_socket(SocketEntry *e) |
| 171 | { |
Damien Miller | 58f3486 | 2002-09-04 16:31:21 +1000 | [diff] [blame] | 172 | close(e->fd); |
| 173 | e->fd = -1; |
| 174 | e->type = AUTH_UNUSED; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 175 | sshbuf_free(e->input); |
| 176 | sshbuf_free(e->output); |
| 177 | sshbuf_free(e->request); |
Damien Miller | 58f3486 | 2002-09-04 16:31:21 +1000 | [diff] [blame] | 178 | } |
| 179 | |
| 180 | static void |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 181 | idtab_init(void) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 182 | { |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 183 | idtab = xcalloc(1, sizeof(*idtab)); |
| 184 | TAILQ_INIT(&idtab->idlist); |
| 185 | idtab->nentries = 0; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 186 | } |
| 187 | |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 188 | static void |
| 189 | free_identity(Identity *id) |
| 190 | { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 191 | sshkey_free(id->key); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 192 | free(id->provider); |
| 193 | free(id->comment); |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 194 | free(id->sk_provider); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 195 | free(id); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 196 | } |
| 197 | |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 198 | /* return matching private key for given public key */ |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 199 | static Identity * |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 200 | lookup_identity(struct sshkey *key) |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 201 | { |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 202 | Identity *id; |
| 203 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 204 | TAILQ_FOREACH(id, &idtab->idlist, next) { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 205 | if (sshkey_equal(key, id->key)) |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 206 | return (id); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 207 | } |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 208 | return (NULL); |
| 209 | } |
| 210 | |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 211 | /* Check confirmation of keysign request */ |
| 212 | static int |
| 213 | confirm_key(Identity *id) |
| 214 | { |
Darren Tucker | ce327b6 | 2004-11-05 20:38:03 +1100 | [diff] [blame] | 215 | char *p; |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 216 | int ret = -1; |
| 217 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 218 | p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT); |
djm@openbsd.org | 9ce86c9 | 2015-01-28 22:36:00 +0000 | [diff] [blame] | 219 | if (p != NULL && |
| 220 | ask_permission("Allow use of key %s?\nKey fingerprint %s.", |
Darren Tucker | ce327b6 | 2004-11-05 20:38:03 +1100 | [diff] [blame] | 221 | id->comment, p)) |
| 222 | ret = 0; |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 223 | free(p); |
Darren Tucker | ce327b6 | 2004-11-05 20:38:03 +1100 | [diff] [blame] | 224 | |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 225 | return (ret); |
| 226 | } |
| 227 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 228 | static void |
| 229 | send_status(SocketEntry *e, int success) |
| 230 | { |
| 231 | int r; |
| 232 | |
| 233 | if ((r = sshbuf_put_u32(e->output, 1)) != 0 || |
| 234 | (r = sshbuf_put_u8(e->output, success ? |
| 235 | SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) |
| 236 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 237 | } |
| 238 | |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 239 | /* send list of supported public keys to 'client' */ |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 240 | static void |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 241 | process_request_identities(SocketEntry *e) |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 242 | { |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 243 | Identity *id; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 244 | struct sshbuf *msg; |
| 245 | int r; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 246 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 247 | if ((msg = sshbuf_new()) == NULL) |
| 248 | fatal("%s: sshbuf_new failed", __func__); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 249 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
| 250 | (r = sshbuf_put_u32(msg, idtab->nentries)) != 0) |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 251 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 252 | TAILQ_FOREACH(id, &idtab->idlist, next) { |
markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame] | 253 | if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO)) |
| 254 | != 0 || |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 255 | (r = sshbuf_put_cstring(msg, id->comment)) != 0) { |
| 256 | error("%s: put key/comment: %s", __func__, |
djm@openbsd.org | 873d3e7 | 2017-04-30 23:18:44 +0000 | [diff] [blame] | 257 | ssh_err(r)); |
| 258 | continue; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 259 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 260 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 261 | if ((r = sshbuf_put_stringb(e->output, msg)) != 0) |
| 262 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 263 | sshbuf_free(msg); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 264 | } |
| 265 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 266 | |
markus@openbsd.org | 76c9fbb | 2015-12-04 16:41:28 +0000 | [diff] [blame] | 267 | static char * |
| 268 | agent_decode_alg(struct sshkey *key, u_int flags) |
| 269 | { |
| 270 | if (key->type == KEY_RSA) { |
| 271 | if (flags & SSH_AGENT_RSA_SHA2_256) |
| 272 | return "rsa-sha2-256"; |
| 273 | else if (flags & SSH_AGENT_RSA_SHA2_512) |
| 274 | return "rsa-sha2-512"; |
djm@openbsd.org | 2317ce4 | 2019-06-14 03:51:47 +0000 | [diff] [blame] | 275 | } else if (key->type == KEY_RSA_CERT) { |
| 276 | if (flags & SSH_AGENT_RSA_SHA2_256) |
| 277 | return "rsa-sha2-256-cert-v01@openssh.com"; |
| 278 | else if (flags & SSH_AGENT_RSA_SHA2_512) |
| 279 | return "rsa-sha2-512-cert-v01@openssh.com"; |
markus@openbsd.org | 76c9fbb | 2015-12-04 16:41:28 +0000 | [diff] [blame] | 280 | } |
| 281 | return NULL; |
| 282 | } |
| 283 | |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 284 | static int |
| 285 | provider_sign(const char *provider, struct sshkey *key, |
| 286 | u_char **sigp, size_t *lenp, |
| 287 | const u_char *data, size_t datalen, |
| 288 | const char *alg, u_int compat) |
| 289 | { |
| 290 | int status, pair[2], r = SSH_ERR_INTERNAL_ERROR; |
| 291 | pid_t pid; |
| 292 | char *helper, *verbosity = NULL; |
| 293 | struct sshbuf *kbuf, *req, *resp; |
| 294 | u_char version; |
| 295 | |
| 296 | debug3("%s: start for provider %s", __func__, provider); |
| 297 | |
| 298 | *sigp = NULL; |
| 299 | *lenp = 0; |
| 300 | |
| 301 | helper = getenv("SSH_SK_HELPER"); |
| 302 | if (helper == NULL || strlen(helper) == 0) |
| 303 | helper = _PATH_SSH_SK_HELPER; |
| 304 | if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) |
| 305 | verbosity = "-vvv"; |
| 306 | |
| 307 | /* Start helper */ |
| 308 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { |
| 309 | error("socketpair: %s", strerror(errno)); |
| 310 | return SSH_ERR_SYSTEM_ERROR; |
| 311 | } |
| 312 | if ((pid = fork()) == -1) { |
| 313 | error("fork: %s", strerror(errno)); |
| 314 | close(pair[0]); |
| 315 | close(pair[1]); |
| 316 | return SSH_ERR_SYSTEM_ERROR; |
| 317 | } |
| 318 | if (pid == 0) { |
| 319 | if ((dup2(pair[1], STDIN_FILENO) == -1) || |
| 320 | (dup2(pair[1], STDOUT_FILENO) == -1)) |
| 321 | fatal("%s: dup2: %s", __func__, ssh_err(r)); |
| 322 | close(pair[0]); |
| 323 | close(pair[1]); |
| 324 | closefrom(STDERR_FILENO + 1); |
| 325 | debug("%s: starting %s %s", __func__, helper, |
| 326 | verbosity == NULL ? "" : verbosity); |
| 327 | execlp(helper, helper, verbosity, (char *)NULL); |
| 328 | fatal("%s: execlp: %s", __func__, strerror(errno)); |
| 329 | } |
| 330 | close(pair[1]); |
| 331 | |
| 332 | if ((kbuf = sshbuf_new()) == NULL || |
| 333 | (req = sshbuf_new()) == NULL || |
| 334 | (resp = sshbuf_new()) == NULL) |
| 335 | fatal("%s: sshbuf_new failed", __func__); |
| 336 | |
| 337 | if ((r = sshkey_private_serialize(key, kbuf)) != 0 || |
| 338 | (r = sshbuf_put_stringb(req, kbuf)) != 0 || |
| 339 | (r = sshbuf_put_cstring(req, provider)) != 0 || |
| 340 | (r = sshbuf_put_string(req, data, datalen)) != 0 || |
| 341 | (r = sshbuf_put_u32(req, compat)) != 0) |
| 342 | fatal("%s: compose: %s", __func__, ssh_err(r)); |
| 343 | if ((r = ssh_msg_send(pair[0], SSH_SK_HELPER_VERSION, req)) != 0) { |
| 344 | error("%s: send: %s", __func__, ssh_err(r)); |
| 345 | goto out; |
| 346 | } |
| 347 | if ((r = ssh_msg_recv(pair[0], resp)) != 0) { |
| 348 | error("%s: receive: %s", __func__, ssh_err(r)); |
| 349 | goto out; |
| 350 | } |
| 351 | if ((r = sshbuf_get_u8(resp, &version)) != 0) { |
| 352 | error("%s: parse version: %s", __func__, ssh_err(r)); |
| 353 | goto out; |
| 354 | } |
| 355 | if (version != SSH_SK_HELPER_VERSION) { |
| 356 | error("%s: unsupported version: got %u, expected %u", |
| 357 | __func__, version, SSH_SK_HELPER_VERSION); |
| 358 | r = SSH_ERR_INVALID_FORMAT; |
| 359 | goto out; |
| 360 | } |
| 361 | if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) { |
| 362 | error("%s: parse signature: %s", __func__, ssh_err(r)); |
| 363 | r = SSH_ERR_INVALID_FORMAT; |
| 364 | goto out; |
| 365 | } |
| 366 | if (sshbuf_len(resp) != 0) { |
| 367 | error("%s: trailing data in response", __func__); |
| 368 | r = SSH_ERR_INVALID_FORMAT; |
| 369 | goto out; |
| 370 | } |
| 371 | /* success */ |
| 372 | r = 0; |
| 373 | out: |
| 374 | while (waitpid(pid, &status, 0) == -1) { |
| 375 | if (errno != EINTR) |
| 376 | fatal("%s: waitpid: %s", __func__, ssh_err(r)); |
| 377 | } |
| 378 | if (!WIFEXITED(status)) { |
| 379 | error("%s: helper %s exited abnormally", __func__, helper); |
| 380 | if (r == 0) |
| 381 | r = SSH_ERR_SYSTEM_ERROR; |
| 382 | } else if (WEXITSTATUS(status) != 0) { |
| 383 | error("%s: helper %s exited with non-zero exit status", |
| 384 | __func__, helper); |
| 385 | if (r == 0) |
| 386 | r = SSH_ERR_SYSTEM_ERROR; |
| 387 | } |
| 388 | if (r != 0) { |
| 389 | freezero(*sigp, *lenp); |
| 390 | *sigp = NULL; |
| 391 | *lenp = 0; |
| 392 | } |
| 393 | sshbuf_free(kbuf); |
| 394 | sshbuf_free(req); |
| 395 | sshbuf_free(resp); |
| 396 | return r; |
| 397 | } |
| 398 | |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 399 | /* ssh2 only */ |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 400 | static void |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 401 | process_sign_request2(SocketEntry *e) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 402 | { |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 403 | const u_char *data; |
| 404 | u_char *signature = NULL; |
| 405 | size_t dlen, slen = 0; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 406 | u_int compat = 0, flags; |
| 407 | int r, ok = -1; |
| 408 | struct sshbuf *msg; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 409 | struct sshkey *key = NULL; |
djm@openbsd.org | 0088c57 | 2015-01-14 19:33:41 +0000 | [diff] [blame] | 410 | struct identity *id; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 411 | |
djm@openbsd.org | 0088c57 | 2015-01-14 19:33:41 +0000 | [diff] [blame] | 412 | if ((msg = sshbuf_new()) == NULL) |
| 413 | fatal("%s: sshbuf_new failed", __func__); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 414 | if ((r = sshkey_froms(e->request, &key)) != 0 || |
| 415 | (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 || |
djm@openbsd.org@openbsd.org | 93c68a8 | 2017-11-15 00:13:40 +0000 | [diff] [blame] | 416 | (r = sshbuf_get_u32(e->request, &flags)) != 0) { |
| 417 | error("%s: couldn't parse request: %s", __func__, ssh_err(r)); |
| 418 | goto send; |
| 419 | } |
| 420 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 421 | if ((id = lookup_identity(key)) == NULL) { |
djm@openbsd.org | 0088c57 | 2015-01-14 19:33:41 +0000 | [diff] [blame] | 422 | verbose("%s: %s key not found", __func__, sshkey_type(key)); |
| 423 | goto send; |
| 424 | } |
| 425 | if (id->confirm && confirm_key(id) != 0) { |
| 426 | verbose("%s: user refused key", __func__); |
| 427 | goto send; |
| 428 | } |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 429 | if (id->sk_provider != NULL) { |
| 430 | if ((r = provider_sign(id->sk_provider, id->key, &signature, |
| 431 | &slen, data, dlen, agent_decode_alg(key, flags), |
| 432 | compat)) != 0) { |
djm@openbsd.org | 9a14c64 | 2019-10-31 21:23:19 +0000 | [diff] [blame] | 433 | error("%s: sign: %s", __func__, ssh_err(r)); |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 434 | goto send; |
| 435 | } |
| 436 | } else { |
| 437 | if ((r = sshkey_sign(id->key, &signature, &slen, |
djm@openbsd.org | 9a14c64 | 2019-10-31 21:23:19 +0000 | [diff] [blame] | 438 | data, dlen, agent_decode_alg(key, flags), |
| 439 | NULL, compat)) != 0) { |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 440 | error("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
| 441 | goto send; |
| 442 | } |
djm@openbsd.org | 0088c57 | 2015-01-14 19:33:41 +0000 | [diff] [blame] | 443 | } |
| 444 | /* Success */ |
| 445 | ok = 0; |
| 446 | send: |
| 447 | sshkey_free(key); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 448 | if (ok == 0) { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 449 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || |
| 450 | (r = sshbuf_put_string(msg, signature, slen)) != 0) |
| 451 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 452 | } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) |
| 453 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 454 | |
| 455 | if ((r = sshbuf_put_stringb(e->output, msg)) != 0) |
| 456 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 457 | |
| 458 | sshbuf_free(msg); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 459 | free(signature); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 460 | } |
| 461 | |
| 462 | /* shared */ |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 463 | static void |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 464 | process_remove_identity(SocketEntry *e) |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 465 | { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 466 | int r, success = 0; |
| 467 | struct sshkey *key = NULL; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 468 | Identity *id; |
Damien Miller | 7e8e820 | 1999-11-16 13:37:16 +1100 | [diff] [blame] | 469 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 470 | if ((r = sshkey_froms(e->request, &key)) != 0) { |
| 471 | error("%s: get key: %s", __func__, ssh_err(r)); |
| 472 | goto done; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 473 | } |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 474 | if ((id = lookup_identity(key)) == NULL) { |
| 475 | debug("%s: key not found", __func__); |
| 476 | goto done; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 477 | } |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 478 | /* We have this key, free it. */ |
| 479 | if (idtab->nentries < 1) |
| 480 | fatal("%s: internal error: nentries %d", |
| 481 | __func__, idtab->nentries); |
| 482 | TAILQ_REMOVE(&idtab->idlist, id, next); |
| 483 | free_identity(id); |
| 484 | idtab->nentries--; |
| 485 | sshkey_free(key); |
| 486 | success = 1; |
| 487 | done: |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 488 | send_status(e, success); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 489 | } |
| 490 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 491 | static void |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 492 | process_remove_all_identities(SocketEntry *e) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 493 | { |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 494 | Identity *id; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 495 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 496 | /* Loop over all identities and clear the keys. */ |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 497 | for (id = TAILQ_FIRST(&idtab->idlist); id; |
| 498 | id = TAILQ_FIRST(&idtab->idlist)) { |
| 499 | TAILQ_REMOVE(&idtab->idlist, id, next); |
Damien Miller | 1a534ae | 2002-01-22 23:26:13 +1100 | [diff] [blame] | 500 | free_identity(id); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 501 | } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 502 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 503 | /* Mark that there are no identities. */ |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 504 | idtab->nentries = 0; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 505 | |
| 506 | /* Send success. */ |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 507 | send_status(e, 1); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 508 | } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 509 | |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 510 | /* removes expired keys and returns number of seconds until the next expiry */ |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 511 | static time_t |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 512 | reaper(void) |
| 513 | { |
Darren Tucker | b759c9c | 2013-06-02 07:46:16 +1000 | [diff] [blame] | 514 | time_t deadline = 0, now = monotime(); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 515 | Identity *id, *nxt; |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 516 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 517 | for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) { |
| 518 | nxt = TAILQ_NEXT(id, next); |
| 519 | if (id->death == 0) |
| 520 | continue; |
| 521 | if (now >= id->death) { |
| 522 | debug("expiring key '%s'", id->comment); |
| 523 | TAILQ_REMOVE(&idtab->idlist, id, next); |
| 524 | free_identity(id); |
| 525 | idtab->nentries--; |
| 526 | } else |
| 527 | deadline = (deadline == 0) ? id->death : |
| 528 | MINIMUM(deadline, id->death); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 529 | } |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 530 | if (deadline == 0 || deadline <= now) |
| 531 | return 0; |
| 532 | else |
| 533 | return (deadline - now); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 534 | } |
| 535 | |
| 536 | static void |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 537 | process_add_identity(SocketEntry *e) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 538 | { |
Damien Miller | 4c7728c | 2007-10-26 14:25:31 +1000 | [diff] [blame] | 539 | Identity *id; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 540 | int success = 0, confirm = 0; |
markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame] | 541 | u_int seconds, maxsign; |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 542 | char *fp, *comment = NULL, *ext_name = NULL, *sk_provider = NULL; |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 543 | time_t death = 0; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 544 | struct sshkey *k = NULL; |
| 545 | u_char ctype; |
| 546 | int r = SSH_ERR_INTERNAL_ERROR; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 547 | |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 548 | if ((r = sshkey_private_deserialize(e->request, &k)) != 0 || |
| 549 | k == NULL || |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 550 | (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) { |
| 551 | error("%s: decode private key: %s", __func__, ssh_err(r)); |
| 552 | goto err; |
| 553 | } |
djm@openbsd.org | 4f7a56d | 2019-06-21 04:21:04 +0000 | [diff] [blame] | 554 | if ((r = sshkey_shield_private(k)) != 0) { |
| 555 | error("%s: shield private key: %s", __func__, ssh_err(r)); |
| 556 | goto err; |
| 557 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 558 | while (sshbuf_len(e->request)) { |
| 559 | if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { |
| 560 | error("%s: buffer error: %s", __func__, ssh_err(r)); |
| 561 | goto err; |
| 562 | } |
| 563 | switch (ctype) { |
Ben Lindstrom | c90f8a9 | 2002-06-21 00:06:54 +0000 | [diff] [blame] | 564 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 565 | if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { |
| 566 | error("%s: bad lifetime constraint: %s", |
| 567 | __func__, ssh_err(r)); |
| 568 | goto err; |
| 569 | } |
| 570 | death = monotime() + seconds; |
Ben Lindstrom | 4eb4c4e | 2002-06-21 00:04:48 +0000 | [diff] [blame] | 571 | break; |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 572 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
| 573 | confirm = 1; |
| 574 | break; |
markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame] | 575 | case SSH_AGENT_CONSTRAIN_MAXSIGN: |
| 576 | if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) { |
| 577 | error("%s: bad maxsign constraint: %s", |
| 578 | __func__, ssh_err(r)); |
| 579 | goto err; |
| 580 | } |
| 581 | if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) { |
| 582 | error("%s: cannot enable maxsign: %s", |
| 583 | __func__, ssh_err(r)); |
| 584 | goto err; |
| 585 | } |
| 586 | break; |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 587 | case SSH_AGENT_CONSTRAIN_EXTENSION: |
| 588 | if ((r = sshbuf_get_cstring(e->request, |
| 589 | &ext_name, NULL)) != 0) { |
| 590 | error("%s: cannot parse extension: %s", |
| 591 | __func__, ssh_err(r)); |
| 592 | goto err; |
| 593 | } |
| 594 | debug("%s: constraint ext %s", __func__, ext_name); |
| 595 | if (strcmp(ext_name, "sk-provider@openssh.com") == 0) { |
| 596 | if (sk_provider != NULL) { |
| 597 | error("%s already set", ext_name); |
| 598 | goto err; |
| 599 | } |
| 600 | if ((r = sshbuf_get_cstring(e->request, |
| 601 | &sk_provider, NULL)) != 0) { |
| 602 | error("%s: cannot parse %s: %s", |
| 603 | __func__, ext_name, ssh_err(r)); |
| 604 | goto err; |
| 605 | } |
| 606 | } else { |
| 607 | error("%s: unsupported constraint \"%s\"", |
| 608 | __func__, ext_name); |
| 609 | goto err; |
| 610 | } |
| 611 | free(ext_name); |
| 612 | break; |
Ben Lindstrom | 4eb4c4e | 2002-06-21 00:04:48 +0000 | [diff] [blame] | 613 | default: |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 614 | error("%s: Unknown constraint %d", __func__, ctype); |
| 615 | err: |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 616 | free(sk_provider); |
| 617 | free(ext_name); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 618 | sshbuf_reset(e->request); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 619 | free(comment); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 620 | sshkey_free(k); |
Damien Miller | 1cfadab | 2008-06-30 00:05:21 +1000 | [diff] [blame] | 621 | goto send; |
Ben Lindstrom | 4eb4c4e | 2002-06-21 00:04:48 +0000 | [diff] [blame] | 622 | } |
| 623 | } |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 624 | if (sk_provider != NULL) { |
| 625 | if (sshkey_type_plain(k->type) != KEY_ECDSA_SK) { |
| 626 | error("Cannot add provider: %s is not a security key", |
| 627 | sshkey_type(k)); |
| 628 | free(sk_provider); |
| 629 | goto send; |
| 630 | } |
| 631 | if (match_pattern_list(sk_provider, |
| 632 | provider_whitelist, 0) != 1) { |
| 633 | error("Refusing add key: provider %s not whitelisted", |
| 634 | sk_provider); |
| 635 | free(sk_provider); |
| 636 | goto send; |
| 637 | } |
| 638 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 639 | |
Damien Miller | 1cfadab | 2008-06-30 00:05:21 +1000 | [diff] [blame] | 640 | success = 1; |
Damien Miller | 53d8148 | 2003-01-22 11:47:19 +1100 | [diff] [blame] | 641 | if (lifetime && !death) |
Darren Tucker | b759c9c | 2013-06-02 07:46:16 +1000 | [diff] [blame] | 642 | death = monotime() + lifetime; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 643 | if ((id = lookup_identity(k)) == NULL) { |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 644 | id = xcalloc(1, sizeof(Identity)); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 645 | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); |
Ben Lindstrom | 2b266b7 | 2002-06-21 00:08:39 +0000 | [diff] [blame] | 646 | /* Increment the number of identities. */ |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 647 | idtab->nentries++; |
Ben Lindstrom | 2b266b7 | 2002-06-21 00:08:39 +0000 | [diff] [blame] | 648 | } else { |
markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame] | 649 | /* key state might have been updated */ |
| 650 | sshkey_free(id->key); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 651 | free(id->comment); |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 652 | free(id->sk_provider); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 653 | } |
markus@openbsd.org | 1b11ea7 | 2018-02-23 15:58:37 +0000 | [diff] [blame] | 654 | id->key = k; |
Damien Miller | 4c7728c | 2007-10-26 14:25:31 +1000 | [diff] [blame] | 655 | id->comment = comment; |
| 656 | id->death = death; |
| 657 | id->confirm = confirm; |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 658 | id->sk_provider = sk_provider; |
| 659 | |
| 660 | if ((fp = sshkey_fingerprint(k, SSH_FP_HASH_DEFAULT, |
| 661 | SSH_FP_DEFAULT)) == NULL) |
| 662 | fatal("%s: sshkey_fingerprint failed", __func__); |
| 663 | debug("%s: add %s %s \"%.100s\" (life: %u) (confirm: %u) " |
| 664 | "(provider: %s)", __func__, sshkey_ssh_name(k), fp, comment, |
| 665 | seconds, confirm, sk_provider == NULL ? "none" : sk_provider); |
| 666 | free(fp); |
Ben Lindstrom | 2b266b7 | 2002-06-21 00:08:39 +0000 | [diff] [blame] | 667 | send: |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 668 | send_status(e, success); |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 669 | } |
| 670 | |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 671 | /* XXX todo: encrypt sensitive data with passphrase */ |
| 672 | static void |
| 673 | process_lock_agent(SocketEntry *e, int lock) |
| 674 | { |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 675 | int r, success = 0, delay; |
djm@openbsd.org | 1a31d02 | 2016-05-02 08:49:03 +0000 | [diff] [blame] | 676 | char *passwd; |
| 677 | u_char passwdhash[LOCK_SIZE]; |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 678 | static u_int fail_count = 0; |
| 679 | size_t pwlen; |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 680 | |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 681 | /* |
| 682 | * This is deliberately fatal: the user has requested that we lock, |
| 683 | * but we can't parse their request properly. The only safe thing to |
| 684 | * do is abort. |
| 685 | */ |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 686 | if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0) |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 687 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 688 | if (pwlen == 0) { |
| 689 | debug("empty password not supported"); |
| 690 | } else if (locked && !lock) { |
| 691 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
| 692 | passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) |
| 693 | fatal("bcrypt_pbkdf"); |
djm@openbsd.org | 1a31d02 | 2016-05-02 08:49:03 +0000 | [diff] [blame] | 694 | if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 695 | debug("agent unlocked"); |
| 696 | locked = 0; |
| 697 | fail_count = 0; |
djm@openbsd.org | 1a31d02 | 2016-05-02 08:49:03 +0000 | [diff] [blame] | 698 | explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 699 | success = 1; |
| 700 | } else { |
| 701 | /* delay in 0.1s increments up to 10s */ |
| 702 | if (fail_count < 100) |
| 703 | fail_count++; |
| 704 | delay = 100000 * fail_count; |
| 705 | debug("unlock failed, delaying %0.1lf seconds", |
| 706 | (double)delay/1000000); |
| 707 | usleep(delay); |
| 708 | } |
| 709 | explicit_bzero(passwdhash, sizeof(passwdhash)); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 710 | } else if (!locked && lock) { |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 711 | debug("agent locked"); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 712 | locked = 1; |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 713 | arc4random_buf(lock_salt, sizeof(lock_salt)); |
| 714 | if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), |
djm@openbsd.org | 1a31d02 | 2016-05-02 08:49:03 +0000 | [diff] [blame] | 715 | lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 716 | fatal("bcrypt_pbkdf"); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 717 | success = 1; |
| 718 | } |
dtucker@openbsd.org | 9173d0f | 2015-05-15 05:44:21 +0000 | [diff] [blame] | 719 | explicit_bzero(passwd, pwlen); |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 720 | free(passwd); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 721 | send_status(e, success); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 722 | } |
| 723 | |
| 724 | static void |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 725 | no_identities(SocketEntry *e) |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 726 | { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 727 | struct sshbuf *msg; |
| 728 | int r; |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 729 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 730 | if ((msg = sshbuf_new()) == NULL) |
| 731 | fatal("%s: sshbuf_new failed", __func__); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 732 | if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 733 | (r = sshbuf_put_u32(msg, 0)) != 0 || |
| 734 | (r = sshbuf_put_stringb(e->output, msg)) != 0) |
| 735 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 736 | sshbuf_free(msg); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 737 | } |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 738 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 739 | #ifdef ENABLE_PKCS11 |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 740 | static void |
Damien Miller | 1cfadab | 2008-06-30 00:05:21 +1000 | [diff] [blame] | 741 | process_add_smartcard_key(SocketEntry *e) |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 742 | { |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 743 | char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 744 | int r, i, count = 0, success = 0, confirm = 0; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 745 | u_int seconds; |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 746 | time_t death = 0; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 747 | u_char type; |
| 748 | struct sshkey **keys = NULL, *k; |
Ben Lindstrom | 822b634 | 2002-06-23 21:38:49 +0000 | [diff] [blame] | 749 | Identity *id; |
Damien Miller | 9f0f5c6 | 2001-12-21 14:45:46 +1100 | [diff] [blame] | 750 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 751 | if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 752 | (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { |
| 753 | error("%s: buffer error: %s", __func__, ssh_err(r)); |
| 754 | goto send; |
| 755 | } |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 756 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 757 | while (sshbuf_len(e->request)) { |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 758 | if ((r = sshbuf_get_u8(e->request, &type)) != 0) { |
| 759 | error("%s: buffer error: %s", __func__, ssh_err(r)); |
| 760 | goto send; |
| 761 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 762 | switch (type) { |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 763 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 764 | if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { |
| 765 | error("%s: buffer error: %s", |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 766 | __func__, ssh_err(r)); |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 767 | goto send; |
| 768 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 769 | death = monotime() + seconds; |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 770 | break; |
| 771 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
| 772 | confirm = 1; |
| 773 | break; |
| 774 | default: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 775 | error("%s: Unknown constraint type %d", __func__, type); |
Damien Miller | 1cfadab | 2008-06-30 00:05:21 +1000 | [diff] [blame] | 776 | goto send; |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 777 | } |
| 778 | } |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 779 | if (realpath(provider, canonical_provider) == NULL) { |
| 780 | verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", |
| 781 | provider, strerror(errno)); |
| 782 | goto send; |
| 783 | } |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 784 | if (match_pattern_list(canonical_provider, provider_whitelist, 0) != 1) { |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 785 | verbose("refusing PKCS#11 add of \"%.100s\": " |
| 786 | "provider not whitelisted", canonical_provider); |
| 787 | goto send; |
| 788 | } |
| 789 | debug("%s: add %.100s", __func__, canonical_provider); |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 790 | if (lifetime && !death) |
Darren Tucker | b759c9c | 2013-06-02 07:46:16 +1000 | [diff] [blame] | 791 | death = monotime() + lifetime; |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 792 | |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 793 | count = pkcs11_add_provider(canonical_provider, pin, &keys); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 794 | for (i = 0; i < count; i++) { |
Ben Lindstrom | 0936a5b | 2002-03-26 03:17:42 +0000 | [diff] [blame] | 795 | k = keys[i]; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 796 | if (lookup_identity(k) == NULL) { |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 797 | id = xcalloc(1, sizeof(Identity)); |
Ben Lindstrom | 0936a5b | 2002-03-26 03:17:42 +0000 | [diff] [blame] | 798 | id->key = k; |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 799 | id->provider = xstrdup(canonical_provider); |
| 800 | id->comment = xstrdup(canonical_provider); /* XXX */ |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 801 | id->death = death; |
| 802 | id->confirm = confirm; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 803 | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); |
| 804 | idtab->nentries++; |
Ben Lindstrom | 0936a5b | 2002-03-26 03:17:42 +0000 | [diff] [blame] | 805 | success = 1; |
| 806 | } else { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 807 | sshkey_free(k); |
Ben Lindstrom | 0936a5b | 2002-03-26 03:17:42 +0000 | [diff] [blame] | 808 | } |
| 809 | keys[i] = NULL; |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 810 | } |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 811 | send: |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 812 | free(pin); |
| 813 | free(provider); |
| 814 | free(keys); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 815 | send_status(e, success); |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 816 | } |
| 817 | |
| 818 | static void |
| 819 | process_remove_smartcard_key(SocketEntry *e) |
| 820 | { |
djm@openbsd.org | 25f8376 | 2017-03-15 02:25:09 +0000 | [diff] [blame] | 821 | char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 822 | int r, success = 0; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 823 | Identity *id, *nxt; |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 824 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 825 | if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || |
djm@openbsd.org@openbsd.org | 83a1e5d | 2017-11-15 02:10:16 +0000 | [diff] [blame] | 826 | (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { |
| 827 | error("%s: buffer error: %s", __func__, ssh_err(r)); |
| 828 | goto send; |
| 829 | } |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 830 | free(pin); |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 831 | |
djm@openbsd.org | 25f8376 | 2017-03-15 02:25:09 +0000 | [diff] [blame] | 832 | if (realpath(provider, canonical_provider) == NULL) { |
| 833 | verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", |
| 834 | provider, strerror(errno)); |
| 835 | goto send; |
| 836 | } |
| 837 | |
| 838 | debug("%s: remove %.100s", __func__, canonical_provider); |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 839 | for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) { |
| 840 | nxt = TAILQ_NEXT(id, next); |
| 841 | /* Skip file--based keys */ |
| 842 | if (id->provider == NULL) |
| 843 | continue; |
| 844 | if (!strcmp(canonical_provider, id->provider)) { |
| 845 | TAILQ_REMOVE(&idtab->idlist, id, next); |
| 846 | free_identity(id); |
| 847 | idtab->nentries--; |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 848 | } |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 849 | } |
djm@openbsd.org | 25f8376 | 2017-03-15 02:25:09 +0000 | [diff] [blame] | 850 | if (pkcs11_del_provider(canonical_provider) == 0) |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 851 | success = 1; |
| 852 | else |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 853 | error("%s: pkcs11_del_provider failed", __func__); |
deraadt@openbsd.org | 1a321bf | 2017-03-15 03:52:30 +0000 | [diff] [blame] | 854 | send: |
Darren Tucker | a627d42 | 2013-06-02 07:31:17 +1000 | [diff] [blame] | 855 | free(provider); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 856 | send_status(e, success); |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 857 | } |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 858 | #endif /* ENABLE_PKCS11 */ |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 859 | |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 860 | /* dispatch incoming messages */ |
| 861 | |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 862 | static int |
| 863 | process_message(u_int socknum) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 864 | { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 865 | u_int msg_len; |
| 866 | u_char type; |
| 867 | const u_char *cp; |
| 868 | int r; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 869 | SocketEntry *e; |
| 870 | |
| 871 | if (socknum >= sockets_alloc) { |
| 872 | fatal("%s: socket number %u >= allocated %u", |
| 873 | __func__, socknum, sockets_alloc); |
| 874 | } |
| 875 | e = &sockets[socknum]; |
Ben Lindstrom | 61d328a | 2002-06-06 21:54:57 +0000 | [diff] [blame] | 876 | |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 877 | if (sshbuf_len(e->input) < 5) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 878 | return 0; /* Incomplete message header. */ |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 879 | cp = sshbuf_ptr(e->input); |
| 880 | msg_len = PEEK_U32(cp); |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 881 | if (msg_len > AGENT_MAX_LEN) { |
| 882 | debug("%s: socket %u (fd=%d) message too long %u > %u", |
| 883 | __func__, socknum, e->fd, msg_len, AGENT_MAX_LEN); |
| 884 | return -1; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 885 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 886 | if (sshbuf_len(e->input) < msg_len + 4) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 887 | return 0; /* Incomplete message body. */ |
Ben Lindstrom | 21d1ed8 | 2002-06-06 21:48:57 +0000 | [diff] [blame] | 888 | |
| 889 | /* move the current input to e->request */ |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 890 | sshbuf_reset(e->request); |
| 891 | if ((r = sshbuf_get_stringb(e->input, e->request)) != 0 || |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 892 | (r = sshbuf_get_u8(e->request, &type)) != 0) { |
| 893 | if (r == SSH_ERR_MESSAGE_INCOMPLETE || |
| 894 | r == SSH_ERR_STRING_TOO_LARGE) { |
| 895 | debug("%s: buffer error: %s", __func__, ssh_err(r)); |
| 896 | return -1; |
| 897 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 898 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 899 | } |
| 900 | |
| 901 | debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 902 | |
djm@openbsd.org | 001aa55 | 2018-04-10 00:10:49 +0000 | [diff] [blame] | 903 | /* check whether agent is locked */ |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 904 | if (locked && type != SSH_AGENTC_UNLOCK) { |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 905 | sshbuf_reset(e->request); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 906 | switch (type) { |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 907 | case SSH2_AGENTC_REQUEST_IDENTITIES: |
| 908 | /* send empty lists */ |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 909 | no_identities(e); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 910 | break; |
| 911 | default: |
| 912 | /* send a fail message for all other request types */ |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 913 | send_status(e, 0); |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 914 | } |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 915 | return 0; |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 916 | } |
| 917 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 918 | switch (type) { |
Ben Lindstrom | 2f71704 | 2002-06-06 21:52:03 +0000 | [diff] [blame] | 919 | case SSH_AGENTC_LOCK: |
| 920 | case SSH_AGENTC_UNLOCK: |
| 921 | process_lock_agent(e, type == SSH_AGENTC_LOCK); |
| 922 | break; |
djm@openbsd.org | 2f04af9 | 2015-03-04 21:12:59 +0000 | [diff] [blame] | 923 | case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 924 | process_remove_all_identities(e); /* safe for !WITH_SSH1 */ |
djm@openbsd.org | 2f04af9 | 2015-03-04 21:12:59 +0000 | [diff] [blame] | 925 | break; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 926 | /* ssh2 */ |
| 927 | case SSH2_AGENTC_SIGN_REQUEST: |
| 928 | process_sign_request2(e); |
| 929 | break; |
| 930 | case SSH2_AGENTC_REQUEST_IDENTITIES: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 931 | process_request_identities(e); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 932 | break; |
| 933 | case SSH2_AGENTC_ADD_IDENTITY: |
Ben Lindstrom | 2b266b7 | 2002-06-21 00:08:39 +0000 | [diff] [blame] | 934 | case SSH2_AGENTC_ADD_ID_CONSTRAINED: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 935 | process_add_identity(e); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 936 | break; |
| 937 | case SSH2_AGENTC_REMOVE_IDENTITY: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 938 | process_remove_identity(e); |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 939 | break; |
| 940 | case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: |
djm@openbsd.org | f4a6a88 | 2017-04-30 23:29:10 +0000 | [diff] [blame] | 941 | process_remove_all_identities(e); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 942 | break; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 943 | #ifdef ENABLE_PKCS11 |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 944 | case SSH_AGENTC_ADD_SMARTCARD_KEY: |
Damien Miller | d94f20d | 2003-06-11 22:06:33 +1000 | [diff] [blame] | 945 | case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED: |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 946 | process_add_smartcard_key(e); |
Damien Miller | 9f0f5c6 | 2001-12-21 14:45:46 +1100 | [diff] [blame] | 947 | break; |
Ben Lindstrom | 3f47163 | 2001-07-04 03:53:15 +0000 | [diff] [blame] | 948 | case SSH_AGENTC_REMOVE_SMARTCARD_KEY: |
| 949 | process_remove_smartcard_key(e); |
Damien Miller | 9f0f5c6 | 2001-12-21 14:45:46 +1100 | [diff] [blame] | 950 | break; |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 951 | #endif /* ENABLE_PKCS11 */ |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 952 | default: |
| 953 | /* Unknown message. Respond with failure. */ |
| 954 | error("Unknown message %d", type); |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 955 | sshbuf_reset(e->request); |
| 956 | send_status(e, 0); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 957 | break; |
| 958 | } |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 959 | return 0; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 960 | } |
| 961 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 962 | static void |
Ben Lindstrom | 65366a8 | 2001-12-06 16:32:47 +0000 | [diff] [blame] | 963 | new_socket(sock_type type, int fd) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 964 | { |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 965 | u_int i, old_alloc, new_alloc; |
Ben Lindstrom | 822b634 | 2002-06-23 21:38:49 +0000 | [diff] [blame] | 966 | |
Damien Miller | 232711f | 2004-06-15 10:35:30 +1000 | [diff] [blame] | 967 | set_nonblock(fd); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 968 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 969 | if (fd > max_fd) |
| 970 | max_fd = fd; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 971 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 972 | for (i = 0; i < sockets_alloc; i++) |
| 973 | if (sockets[i].type == AUTH_UNUSED) { |
| 974 | sockets[i].fd = fd; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 975 | if ((sockets[i].input = sshbuf_new()) == NULL) |
| 976 | fatal("%s: sshbuf_new failed", __func__); |
| 977 | if ((sockets[i].output = sshbuf_new()) == NULL) |
| 978 | fatal("%s: sshbuf_new failed", __func__); |
| 979 | if ((sockets[i].request = sshbuf_new()) == NULL) |
| 980 | fatal("%s: sshbuf_new failed", __func__); |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 981 | sockets[i].type = type; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 982 | return; |
| 983 | } |
| 984 | old_alloc = sockets_alloc; |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 985 | new_alloc = sockets_alloc + 10; |
deraadt@openbsd.org | 657a5fb | 2015-04-24 01:36:00 +0000 | [diff] [blame] | 986 | sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0])); |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 987 | for (i = old_alloc; i < new_alloc; i++) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 988 | sockets[i].type = AUTH_UNUSED; |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 989 | sockets_alloc = new_alloc; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 990 | sockets[old_alloc].fd = fd; |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 991 | if ((sockets[old_alloc].input = sshbuf_new()) == NULL) |
| 992 | fatal("%s: sshbuf_new failed", __func__); |
| 993 | if ((sockets[old_alloc].output = sshbuf_new()) == NULL) |
| 994 | fatal("%s: sshbuf_new failed", __func__); |
| 995 | if ((sockets[old_alloc].request = sshbuf_new()) == NULL) |
| 996 | fatal("%s: sshbuf_new failed", __func__); |
Darren Tucker | fb16b24 | 2003-09-22 21:04:23 +1000 | [diff] [blame] | 997 | sockets[old_alloc].type = type; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 998 | } |
| 999 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 1000 | static int |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1001 | handle_socket_read(u_int socknum) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1002 | { |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1003 | struct sockaddr_un sunaddr; |
| 1004 | socklen_t slen; |
| 1005 | uid_t euid; |
| 1006 | gid_t egid; |
| 1007 | int fd; |
| 1008 | |
| 1009 | slen = sizeof(sunaddr); |
| 1010 | fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen); |
deraadt@openbsd.org | 4d28fa7 | 2019-06-28 13:35:04 +0000 | [diff] [blame] | 1011 | if (fd == -1) { |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1012 | error("accept from AUTH_SOCKET: %s", strerror(errno)); |
| 1013 | return -1; |
| 1014 | } |
deraadt@openbsd.org | 4d28fa7 | 2019-06-28 13:35:04 +0000 | [diff] [blame] | 1015 | if (getpeereid(fd, &euid, &egid) == -1) { |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1016 | error("getpeereid %d failed: %s", fd, strerror(errno)); |
| 1017 | close(fd); |
| 1018 | return -1; |
| 1019 | } |
| 1020 | if ((euid != 0) && (getuid() != euid)) { |
| 1021 | error("uid mismatch: peer euid %u != uid %u", |
| 1022 | (u_int) euid, (u_int) getuid()); |
| 1023 | close(fd); |
| 1024 | return -1; |
| 1025 | } |
| 1026 | new_socket(AUTH_CONNECTION, fd); |
| 1027 | return 0; |
| 1028 | } |
| 1029 | |
| 1030 | static int |
| 1031 | handle_conn_read(u_int socknum) |
| 1032 | { |
djm@openbsd.org | d691588 | 2019-01-22 22:58:50 +0000 | [diff] [blame] | 1033 | char buf[AGENT_RBUF_LEN]; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1034 | ssize_t len; |
| 1035 | int r; |
| 1036 | |
| 1037 | if ((len = read(sockets[socknum].fd, buf, sizeof(buf))) <= 0) { |
| 1038 | if (len == -1) { |
| 1039 | if (errno == EAGAIN || errno == EINTR) |
| 1040 | return 0; |
| 1041 | error("%s: read error on socket %u (fd %d): %s", |
| 1042 | __func__, socknum, sockets[socknum].fd, |
| 1043 | strerror(errno)); |
| 1044 | } |
| 1045 | return -1; |
| 1046 | } |
| 1047 | if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0) |
| 1048 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 1049 | explicit_bzero(buf, sizeof(buf)); |
| 1050 | process_message(socknum); |
| 1051 | return 0; |
| 1052 | } |
| 1053 | |
| 1054 | static int |
| 1055 | handle_conn_write(u_int socknum) |
| 1056 | { |
| 1057 | ssize_t len; |
| 1058 | int r; |
| 1059 | |
| 1060 | if (sshbuf_len(sockets[socknum].output) == 0) |
| 1061 | return 0; /* shouldn't happen */ |
| 1062 | if ((len = write(sockets[socknum].fd, |
| 1063 | sshbuf_ptr(sockets[socknum].output), |
| 1064 | sshbuf_len(sockets[socknum].output))) <= 0) { |
| 1065 | if (len == -1) { |
| 1066 | if (errno == EAGAIN || errno == EINTR) |
| 1067 | return 0; |
| 1068 | error("%s: read error on socket %u (fd %d): %s", |
| 1069 | __func__, socknum, sockets[socknum].fd, |
| 1070 | strerror(errno)); |
| 1071 | } |
| 1072 | return -1; |
| 1073 | } |
| 1074 | if ((r = sshbuf_consume(sockets[socknum].output, len)) != 0) |
| 1075 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 1076 | return 0; |
| 1077 | } |
| 1078 | |
| 1079 | static void |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1080 | after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1081 | { |
| 1082 | size_t i; |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1083 | u_int socknum, activefds = npfd; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1084 | |
| 1085 | for (i = 0; i < npfd; i++) { |
| 1086 | if (pfd[i].revents == 0) |
| 1087 | continue; |
| 1088 | /* Find sockets entry */ |
| 1089 | for (socknum = 0; socknum < sockets_alloc; socknum++) { |
| 1090 | if (sockets[socknum].type != AUTH_SOCKET && |
| 1091 | sockets[socknum].type != AUTH_CONNECTION) |
| 1092 | continue; |
| 1093 | if (pfd[i].fd == sockets[socknum].fd) |
| 1094 | break; |
| 1095 | } |
| 1096 | if (socknum >= sockets_alloc) { |
| 1097 | error("%s: no socket for fd %d", __func__, pfd[i].fd); |
| 1098 | continue; |
| 1099 | } |
| 1100 | /* Process events */ |
| 1101 | switch (sockets[socknum].type) { |
| 1102 | case AUTH_SOCKET: |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1103 | if ((pfd[i].revents & (POLLIN|POLLERR)) == 0) |
| 1104 | break; |
| 1105 | if (npfd > maxfds) { |
| 1106 | debug3("out of fds (active %u >= limit %u); " |
| 1107 | "skipping accept", activefds, maxfds); |
| 1108 | break; |
| 1109 | } |
| 1110 | if (handle_socket_read(socknum) == 0) |
| 1111 | activefds++; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1112 | break; |
| 1113 | case AUTH_CONNECTION: |
| 1114 | if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 && |
| 1115 | handle_conn_read(socknum) != 0) { |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1116 | goto close_sock; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1117 | } |
| 1118 | if ((pfd[i].revents & (POLLOUT|POLLHUP)) != 0 && |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1119 | handle_conn_write(socknum) != 0) { |
| 1120 | close_sock: |
| 1121 | if (activefds == 0) |
| 1122 | fatal("activefds == 0 at close_sock"); |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1123 | close_socket(&sockets[socknum]); |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1124 | activefds--; |
| 1125 | break; |
| 1126 | } |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1127 | break; |
| 1128 | default: |
| 1129 | break; |
| 1130 | } |
| 1131 | } |
| 1132 | } |
| 1133 | |
| 1134 | static int |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1135 | prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1136 | { |
| 1137 | struct pollfd *pfd = *pfdp; |
| 1138 | size_t i, j, npfd = 0; |
Darren Tucker | 5511925 | 2013-06-02 07:43:59 +1000 | [diff] [blame] | 1139 | time_t deadline; |
djm@openbsd.org | d691588 | 2019-01-22 22:58:50 +0000 | [diff] [blame] | 1140 | int r; |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1141 | |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1142 | /* Count active sockets */ |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1143 | for (i = 0; i < sockets_alloc; i++) { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1144 | switch (sockets[i].type) { |
| 1145 | case AUTH_SOCKET: |
| 1146 | case AUTH_CONNECTION: |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1147 | npfd++; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1148 | break; |
| 1149 | case AUTH_UNUSED: |
| 1150 | break; |
| 1151 | default: |
| 1152 | fatal("Unknown socket type %d", sockets[i].type); |
| 1153 | break; |
| 1154 | } |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1155 | } |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1156 | if (npfd != *npfdp && |
| 1157 | (pfd = recallocarray(pfd, *npfdp, npfd, sizeof(*pfd))) == NULL) |
| 1158 | fatal("%s: recallocarray failed", __func__); |
| 1159 | *pfdp = pfd; |
| 1160 | *npfdp = npfd; |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1161 | |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1162 | for (i = j = 0; i < sockets_alloc; i++) { |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1163 | switch (sockets[i].type) { |
| 1164 | case AUTH_SOCKET: |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1165 | if (npfd > maxfds) { |
| 1166 | debug3("out of fds (active %zu >= limit %u); " |
| 1167 | "skipping arming listener", npfd, maxfds); |
| 1168 | break; |
| 1169 | } |
| 1170 | pfd[j].fd = sockets[i].fd; |
| 1171 | pfd[j].revents = 0; |
| 1172 | pfd[j].events = POLLIN; |
| 1173 | j++; |
| 1174 | break; |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1175 | case AUTH_CONNECTION: |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1176 | pfd[j].fd = sockets[i].fd; |
| 1177 | pfd[j].revents = 0; |
djm@openbsd.org | d691588 | 2019-01-22 22:58:50 +0000 | [diff] [blame] | 1178 | /* |
| 1179 | * Only prepare to read if we can handle a full-size |
| 1180 | * input read buffer and enqueue a max size reply.. |
| 1181 | */ |
| 1182 | if ((r = sshbuf_check_reserve(sockets[i].input, |
| 1183 | AGENT_RBUF_LEN)) == 0 && |
| 1184 | (r = sshbuf_check_reserve(sockets[i].output, |
| 1185 | AGENT_MAX_LEN)) == 0) |
| 1186 | pfd[j].events = POLLIN; |
| 1187 | else if (r != SSH_ERR_NO_BUFFER_SPACE) { |
| 1188 | fatal("%s: buffer error: %s", |
| 1189 | __func__, ssh_err(r)); |
| 1190 | } |
markus@openbsd.org | 139ca81 | 2015-01-14 13:09:09 +0000 | [diff] [blame] | 1191 | if (sshbuf_len(sockets[i].output) > 0) |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1192 | pfd[j].events |= POLLOUT; |
| 1193 | j++; |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1194 | break; |
| 1195 | default: |
| 1196 | break; |
| 1197 | } |
| 1198 | } |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1199 | deadline = reaper(); |
| 1200 | if (parent_alive_interval != 0) |
| 1201 | deadline = (deadline == 0) ? parent_alive_interval : |
deraadt@openbsd.org | 9136ec1 | 2016-09-12 01:22:38 +0000 | [diff] [blame] | 1202 | MINIMUM(deadline, parent_alive_interval); |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1203 | if (deadline == 0) { |
djm@openbsd.org | 9f0e44e | 2017-07-24 04:34:28 +0000 | [diff] [blame] | 1204 | *timeoutp = -1; /* INFTIM */ |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1205 | } else { |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1206 | if (deadline > INT_MAX / 1000) |
| 1207 | *timeoutp = INT_MAX / 1000; |
| 1208 | else |
| 1209 | *timeoutp = deadline * 1000; |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1210 | } |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1211 | return (1); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1212 | } |
| 1213 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 1214 | static void |
Darren Tucker | 6fa8abd | 2003-09-22 21:10:21 +1000 | [diff] [blame] | 1215 | cleanup_socket(void) |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1216 | { |
Damien Miller | b1e967c | 2014-07-03 21:22:40 +1000 | [diff] [blame] | 1217 | if (cleanup_pid != 0 && getpid() != cleanup_pid) |
| 1218 | return; |
| 1219 | debug("%s: cleanup", __func__); |
Ben Lindstrom | 77808ab | 2001-01-26 05:10:34 +0000 | [diff] [blame] | 1220 | if (socket_name[0]) |
| 1221 | unlink(socket_name); |
| 1222 | if (socket_dir[0]) |
| 1223 | rmdir(socket_dir); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1224 | } |
| 1225 | |
Darren Tucker | 3e33cec | 2003-10-02 16:12:36 +1000 | [diff] [blame] | 1226 | void |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1227 | cleanup_exit(int i) |
| 1228 | { |
Darren Tucker | 6fa8abd | 2003-09-22 21:10:21 +1000 | [diff] [blame] | 1229 | cleanup_socket(); |
| 1230 | _exit(i); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1231 | } |
| 1232 | |
Damien Miller | 1c13bd8 | 2006-03-26 14:28:14 +1100 | [diff] [blame] | 1233 | /*ARGSUSED*/ |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 1234 | static void |
Ben Lindstrom | 77808ab | 2001-01-26 05:10:34 +0000 | [diff] [blame] | 1235 | cleanup_handler(int sig) |
| 1236 | { |
Darren Tucker | 6fa8abd | 2003-09-22 21:10:21 +1000 | [diff] [blame] | 1237 | cleanup_socket(); |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 1238 | #ifdef ENABLE_PKCS11 |
| 1239 | pkcs11_terminate(); |
| 1240 | #endif |
Ben Lindstrom | 77808ab | 2001-01-26 05:10:34 +0000 | [diff] [blame] | 1241 | _exit(2); |
| 1242 | } |
| 1243 | |
Ben Lindstrom | bba8121 | 2001-06-25 05:01:22 +0000 | [diff] [blame] | 1244 | static void |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1245 | check_parent_exists(void) |
Ben Lindstrom | 0250da0 | 2001-07-22 20:44:00 +0000 | [diff] [blame] | 1246 | { |
Darren Tucker | 3e78a51 | 2011-06-03 14:14:16 +1000 | [diff] [blame] | 1247 | /* |
| 1248 | * If our parent has exited then getppid() will return (pid_t)1, |
| 1249 | * so testing for that should be safe. |
| 1250 | */ |
| 1251 | if (parent_pid != -1 && getppid() != parent_pid) { |
Ben Lindstrom | 0250da0 | 2001-07-22 20:44:00 +0000 | [diff] [blame] | 1252 | /* printf("Parent has died - Authentication agent exiting.\n"); */ |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1253 | cleanup_socket(); |
| 1254 | _exit(2); |
Ben Lindstrom | 0250da0 | 2001-07-22 20:44:00 +0000 | [diff] [blame] | 1255 | } |
Ben Lindstrom | 0250da0 | 2001-07-22 20:44:00 +0000 | [diff] [blame] | 1256 | } |
| 1257 | |
| 1258 | static void |
Ben Lindstrom | 28072eb | 2001-02-10 23:13:41 +0000 | [diff] [blame] | 1259 | usage(void) |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1260 | { |
Damien Miller | f0858de | 2014-04-20 13:01:30 +1000 | [diff] [blame] | 1261 | fprintf(stderr, |
jmc@openbsd.org | b7ca276 | 2015-04-24 06:26:49 +0000 | [diff] [blame] | 1262 | "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 1263 | " [-P provider_whitelist] [-t life] [command [arg ...]]\n" |
Damien Miller | f0858de | 2014-04-20 13:01:30 +1000 | [diff] [blame] | 1264 | " ssh-agent [-c | -s] -k\n"); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1265 | exit(1); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1266 | } |
| 1267 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1268 | int |
| 1269 | main(int ac, char **av) |
| 1270 | { |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1271 | int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; |
Darren Tucker | cf0d2db | 2007-02-28 21:19:58 +1100 | [diff] [blame] | 1272 | int sock, fd, ch, result, saved_errno; |
Ben Lindstrom | 822b634 | 2002-06-23 21:38:49 +0000 | [diff] [blame] | 1273 | char *shell, *format, *pidstr, *agentsocket = NULL; |
Ben Lindstrom | 2c467a2 | 2000-12-27 04:57:41 +0000 | [diff] [blame] | 1274 | #ifdef HAVE_SETRLIMIT |
Ben Lindstrom | c72745a | 2000-12-02 19:03:54 +0000 | [diff] [blame] | 1275 | struct rlimit rlim; |
Ben Lindstrom | 2c467a2 | 2000-12-27 04:57:41 +0000 | [diff] [blame] | 1276 | #endif |
Damien Miller | 615f939 | 2000-05-17 22:53:33 +1000 | [diff] [blame] | 1277 | extern int optind; |
Ben Lindstrom | 883844d | 2002-06-23 00:20:50 +0000 | [diff] [blame] | 1278 | extern char *optarg; |
Ben Lindstrom | 822b634 | 2002-06-23 21:38:49 +0000 | [diff] [blame] | 1279 | pid_t pid; |
| 1280 | char pidstrbuf[1 + 3 * sizeof pid]; |
Darren Tucker | 9013323 | 2009-06-21 17:50:15 +1000 | [diff] [blame] | 1281 | size_t len; |
Damien Miller | ab2ec58 | 2014-07-18 15:04:47 +1000 | [diff] [blame] | 1282 | mode_t prev_mask; |
djm@openbsd.org | 9f0e44e | 2017-07-24 04:34:28 +0000 | [diff] [blame] | 1283 | int timeout = -1; /* INFTIM */ |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1284 | struct pollfd *pfd = NULL; |
| 1285 | size_t npfd = 0; |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1286 | u_int maxfds; |
Kevin Steves | de41bc6 | 2000-12-14 00:04:08 +0000 | [diff] [blame] | 1287 | |
Darren Tucker | ce321d8 | 2005-10-03 18:11:24 +1000 | [diff] [blame] | 1288 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| 1289 | sanitise_stdfd(); |
| 1290 | |
Damien Miller | 6cffb9a | 2002-09-04 16:20:26 +1000 | [diff] [blame] | 1291 | /* drop */ |
| 1292 | setegid(getgid()); |
| 1293 | setgid(getgid()); |
| 1294 | |
Darren Tucker | 0fb7f59 | 2016-06-09 16:23:07 +1000 | [diff] [blame] | 1295 | platform_disable_tracing(0); /* strict=no */ |
Damien Miller | 6c4914a | 2004-03-03 11:08:59 +1100 | [diff] [blame] | 1296 | |
Darren Tucker | 7694e9d | 2019-10-28 17:05:36 +1100 | [diff] [blame] | 1297 | #ifdef RLIMIT_NOFILE |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1298 | if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) |
| 1299 | fatal("%s: getrlimit: %s", __progname, strerror(errno)); |
Darren Tucker | 7694e9d | 2019-10-28 17:05:36 +1100 | [diff] [blame] | 1300 | #endif |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1301 | |
Damien Miller | 59d3d5b | 2003-08-22 09:34:41 +1000 | [diff] [blame] | 1302 | __progname = ssh_get_progname(av[0]); |
Damien Miller | 60bc517 | 2001-03-19 09:38:15 +1100 | [diff] [blame] | 1303 | seed_rng(); |
Kevin Steves | ef4eea9 | 2001-02-05 12:42:17 +0000 | [diff] [blame] | 1304 | |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1305 | while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1306 | switch (ch) { |
djm@openbsd.org | 56d1c83 | 2014-12-21 22:27:55 +0000 | [diff] [blame] | 1307 | case 'E': |
| 1308 | fingerprint_hash = ssh_digest_alg_by_name(optarg); |
| 1309 | if (fingerprint_hash == -1) |
| 1310 | fatal("Invalid hash algorithm \"%s\"", optarg); |
| 1311 | break; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1312 | case 'c': |
| 1313 | if (s_flag) |
| 1314 | usage(); |
| 1315 | c_flag++; |
| 1316 | break; |
| 1317 | case 'k': |
| 1318 | k_flag++; |
| 1319 | break; |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1320 | case 'P': |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 1321 | if (provider_whitelist != NULL) |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1322 | fatal("-P option already specified"); |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 1323 | provider_whitelist = xstrdup(optarg); |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1324 | break; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1325 | case 's': |
| 1326 | if (c_flag) |
| 1327 | usage(); |
| 1328 | s_flag++; |
| 1329 | break; |
Ben Lindstrom | d94580c | 2001-07-04 03:48:02 +0000 | [diff] [blame] | 1330 | case 'd': |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1331 | if (d_flag || D_flag) |
Ben Lindstrom | d94580c | 2001-07-04 03:48:02 +0000 | [diff] [blame] | 1332 | usage(); |
| 1333 | d_flag++; |
| 1334 | break; |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1335 | case 'D': |
| 1336 | if (d_flag || D_flag) |
| 1337 | usage(); |
| 1338 | D_flag++; |
| 1339 | break; |
Ben Lindstrom | b7788f3 | 2002-06-06 21:46:08 +0000 | [diff] [blame] | 1340 | case 'a': |
| 1341 | agentsocket = optarg; |
| 1342 | break; |
Damien Miller | 53d8148 | 2003-01-22 11:47:19 +1100 | [diff] [blame] | 1343 | case 't': |
| 1344 | if ((lifetime = convtime(optarg)) == -1) { |
| 1345 | fprintf(stderr, "Invalid lifetime\n"); |
| 1346 | usage(); |
| 1347 | } |
| 1348 | break; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1349 | default: |
| 1350 | usage(); |
| 1351 | } |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1352 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1353 | ac -= optind; |
| 1354 | av += optind; |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1355 | |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1356 | if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1357 | usage(); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1358 | |
djm@openbsd.org | 07da39f | 2019-10-31 21:22:01 +0000 | [diff] [blame] | 1359 | if (provider_whitelist == NULL) |
| 1360 | provider_whitelist = xstrdup(DEFAULT_PROVIDER_WHITELIST); |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1361 | |
Ben Lindstrom | eecdf23 | 2002-04-02 21:03:51 +0000 | [diff] [blame] | 1362 | if (ac == 0 && !c_flag && !s_flag) { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1363 | shell = getenv("SHELL"); |
Darren Tucker | 9013323 | 2009-06-21 17:50:15 +1000 | [diff] [blame] | 1364 | if (shell != NULL && (len = strlen(shell)) > 2 && |
| 1365 | strncmp(shell + len - 3, "csh", 3) == 0) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1366 | c_flag = 1; |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1367 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1368 | if (k_flag) { |
Damien Miller | 89c3fe4 | 2006-03-31 23:11:28 +1100 | [diff] [blame] | 1369 | const char *errstr = NULL; |
| 1370 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1371 | pidstr = getenv(SSH_AGENTPID_ENV_NAME); |
| 1372 | if (pidstr == NULL) { |
| 1373 | fprintf(stderr, "%s not set, cannot kill agent\n", |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1374 | SSH_AGENTPID_ENV_NAME); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1375 | exit(1); |
| 1376 | } |
Damien Miller | 89c3fe4 | 2006-03-31 23:11:28 +1100 | [diff] [blame] | 1377 | pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); |
| 1378 | if (errstr) { |
| 1379 | fprintf(stderr, |
| 1380 | "%s=\"%s\", which is not a good PID: %s\n", |
| 1381 | SSH_AGENTPID_ENV_NAME, pidstr, errstr); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1382 | exit(1); |
| 1383 | } |
| 1384 | if (kill(pid, SIGTERM) == -1) { |
| 1385 | perror("kill"); |
| 1386 | exit(1); |
| 1387 | } |
| 1388 | format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; |
| 1389 | printf(format, SSH_AUTHSOCKET_ENV_NAME); |
| 1390 | printf(format, SSH_AGENTPID_ENV_NAME); |
Ben Lindstrom | ce0f634 | 2002-06-11 16:42:49 +0000 | [diff] [blame] | 1391 | printf("echo Agent pid %ld killed;\n", (long)pid); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1392 | exit(0); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1393 | } |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1394 | |
| 1395 | /* |
| 1396 | * Minimum file descriptors: |
| 1397 | * stdio (3) + listener (1) + syslog (1 maybe) + connection (1) + |
| 1398 | * a few spare for libc / stack protectors / sanitisers, etc. |
| 1399 | */ |
| 1400 | #define SSH_AGENT_MIN_FDS (3+1+1+1+4) |
| 1401 | if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) |
djm@openbsd.org | 960e7c6 | 2018-11-09 02:57:58 +0000 | [diff] [blame] | 1402 | fatal("%s: file descriptor rlimit %lld too low (minimum %u)", |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1403 | __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); |
| 1404 | maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; |
| 1405 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1406 | parent_pid = getpid(); |
| 1407 | |
Ben Lindstrom | b7788f3 | 2002-06-06 21:46:08 +0000 | [diff] [blame] | 1408 | if (agentsocket == NULL) { |
| 1409 | /* Create private directory for agent socket */ |
Damien Miller | 2cd6293 | 2010-12-01 11:50:35 +1100 | [diff] [blame] | 1410 | mktemp_proto(socket_dir, sizeof(socket_dir)); |
Ben Lindstrom | b7788f3 | 2002-06-06 21:46:08 +0000 | [diff] [blame] | 1411 | if (mkdtemp(socket_dir) == NULL) { |
| 1412 | perror("mkdtemp: private socket dir"); |
| 1413 | exit(1); |
| 1414 | } |
Ben Lindstrom | ce0f634 | 2002-06-11 16:42:49 +0000 | [diff] [blame] | 1415 | snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, |
| 1416 | (long)parent_pid); |
Ben Lindstrom | b7788f3 | 2002-06-06 21:46:08 +0000 | [diff] [blame] | 1417 | } else { |
| 1418 | /* Try to use specified agent socket */ |
| 1419 | socket_dir[0] = '\0'; |
| 1420 | strlcpy(socket_name, agentsocket, sizeof socket_name); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1421 | } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1422 | |
Damien Miller | 5428f64 | 1999-11-25 11:54:57 +1100 | [diff] [blame] | 1423 | /* |
| 1424 | * Create socket early so it will exist before command gets run from |
| 1425 | * the parent. |
| 1426 | */ |
Damien Miller | ab2ec58 | 2014-07-18 15:04:47 +1000 | [diff] [blame] | 1427 | prev_mask = umask(0177); |
Damien Miller | 7acefbb | 2014-07-18 14:11:24 +1000 | [diff] [blame] | 1428 | sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1429 | if (sock < 0) { |
Damien Miller | 7acefbb | 2014-07-18 14:11:24 +1000 | [diff] [blame] | 1430 | /* XXX - unix_listener() calls error() not perror() */ |
Darren Tucker | 1dee868 | 2004-11-05 20:26:49 +1100 | [diff] [blame] | 1431 | *socket_name = '\0'; /* Don't unlink any existing file */ |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1432 | cleanup_exit(1); |
Damien Miller | 792c511 | 1999-10-29 09:47:09 +1000 | [diff] [blame] | 1433 | } |
Damien Miller | ab2ec58 | 2014-07-18 15:04:47 +1000 | [diff] [blame] | 1434 | umask(prev_mask); |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1435 | |
Damien Miller | 5428f64 | 1999-11-25 11:54:57 +1100 | [diff] [blame] | 1436 | /* |
| 1437 | * Fork, and have the parent execute the command, if any, or present |
| 1438 | * the socket data. The child continues as the authentication agent. |
| 1439 | */ |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1440 | if (D_flag || d_flag) { |
| 1441 | log_init(__progname, |
| 1442 | d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, |
| 1443 | SYSLOG_FACILITY_AUTH, 1); |
Ben Lindstrom | d94580c | 2001-07-04 03:48:02 +0000 | [diff] [blame] | 1444 | format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; |
| 1445 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
| 1446 | SSH_AUTHSOCKET_ENV_NAME); |
Ben Lindstrom | ce0f634 | 2002-06-11 16:42:49 +0000 | [diff] [blame] | 1447 | printf("echo Agent pid %ld;\n", (long)parent_pid); |
dtucker@openbsd.org | 79394ed | 2015-12-11 02:29:03 +0000 | [diff] [blame] | 1448 | fflush(stdout); |
Ben Lindstrom | d94580c | 2001-07-04 03:48:02 +0000 | [diff] [blame] | 1449 | goto skip; |
| 1450 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1451 | pid = fork(); |
| 1452 | if (pid == -1) { |
| 1453 | perror("fork"); |
Damien Miller | c653b89 | 2002-02-08 22:05:41 +1100 | [diff] [blame] | 1454 | cleanup_exit(1); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1455 | } |
| 1456 | if (pid != 0) { /* Parent - execute the given command. */ |
| 1457 | close(sock); |
Ben Lindstrom | ce0f634 | 2002-06-11 16:42:49 +0000 | [diff] [blame] | 1458 | snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1459 | if (ac == 0) { |
| 1460 | format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; |
| 1461 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1462 | SSH_AUTHSOCKET_ENV_NAME); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1463 | printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 1464 | SSH_AGENTPID_ENV_NAME); |
Ben Lindstrom | ce0f634 | 2002-06-11 16:42:49 +0000 | [diff] [blame] | 1465 | printf("echo Agent pid %ld;\n", (long)pid); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1466 | exit(0); |
| 1467 | } |
Damien Miller | e4340be | 2000-09-16 13:29:08 +1100 | [diff] [blame] | 1468 | if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || |
| 1469 | setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { |
| 1470 | perror("setenv"); |
| 1471 | exit(1); |
| 1472 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1473 | execvp(av[0], av); |
| 1474 | perror(av[0]); |
| 1475 | exit(1); |
| 1476 | } |
Damien Miller | c653b89 | 2002-02-08 22:05:41 +1100 | [diff] [blame] | 1477 | /* child */ |
| 1478 | log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); |
Ben Lindstrom | 3fdf876 | 2001-07-22 20:40:24 +0000 | [diff] [blame] | 1479 | |
| 1480 | if (setsid() == -1) { |
Damien Miller | c653b89 | 2002-02-08 22:05:41 +1100 | [diff] [blame] | 1481 | error("setsid: %s", strerror(errno)); |
Ben Lindstrom | 3fdf876 | 2001-07-22 20:40:24 +0000 | [diff] [blame] | 1482 | cleanup_exit(1); |
| 1483 | } |
| 1484 | |
| 1485 | (void)chdir("/"); |
Damien Miller | 6c71179 | 2003-01-24 11:36:23 +1100 | [diff] [blame] | 1486 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { |
| 1487 | /* XXX might close listen socket */ |
| 1488 | (void)dup2(fd, STDIN_FILENO); |
| 1489 | (void)dup2(fd, STDOUT_FILENO); |
| 1490 | (void)dup2(fd, STDERR_FILENO); |
| 1491 | if (fd > 2) |
| 1492 | close(fd); |
| 1493 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1494 | |
Ben Lindstrom | 2c467a2 | 2000-12-27 04:57:41 +0000 | [diff] [blame] | 1495 | #ifdef HAVE_SETRLIMIT |
Ben Lindstrom | c72745a | 2000-12-02 19:03:54 +0000 | [diff] [blame] | 1496 | /* deny core dumps, since memory contains unencrypted private keys */ |
| 1497 | rlim.rlim_cur = rlim.rlim_max = 0; |
deraadt@openbsd.org | 4d28fa7 | 2019-06-28 13:35:04 +0000 | [diff] [blame] | 1498 | if (setrlimit(RLIMIT_CORE, &rlim) == -1) { |
Damien Miller | c653b89 | 2002-02-08 22:05:41 +1100 | [diff] [blame] | 1499 | error("setrlimit RLIMIT_CORE: %s", strerror(errno)); |
Ben Lindstrom | c72745a | 2000-12-02 19:03:54 +0000 | [diff] [blame] | 1500 | cleanup_exit(1); |
| 1501 | } |
Ben Lindstrom | 2c467a2 | 2000-12-27 04:57:41 +0000 | [diff] [blame] | 1502 | #endif |
Ben Lindstrom | d94580c | 2001-07-04 03:48:02 +0000 | [diff] [blame] | 1503 | |
| 1504 | skip: |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 1505 | |
Damien Miller | b1e967c | 2014-07-03 21:22:40 +1000 | [diff] [blame] | 1506 | cleanup_pid = getpid(); |
| 1507 | |
Damien Miller | 7ea845e | 2010-02-12 09:21:02 +1100 | [diff] [blame] | 1508 | #ifdef ENABLE_PKCS11 |
| 1509 | pkcs11_init(0); |
| 1510 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1511 | new_socket(AUTH_SOCKET, sock); |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1512 | if (ac > 0) |
| 1513 | parent_alive_interval = 10; |
Damien Miller | ad833b3 | 2000-08-23 10:46:23 +1000 | [diff] [blame] | 1514 | idtab_init(); |
Damien Miller | 48bfa9c | 2001-07-14 12:12:55 +1000 | [diff] [blame] | 1515 | signal(SIGPIPE, SIG_IGN); |
djm@openbsd.org | 2ea9746 | 2015-04-24 05:26:44 +0000 | [diff] [blame] | 1516 | signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); |
Ben Lindstrom | 77808ab | 2001-01-26 05:10:34 +0000 | [diff] [blame] | 1517 | signal(SIGHUP, cleanup_handler); |
| 1518 | signal(SIGTERM, cleanup_handler); |
Ben Lindstrom | a3d5a4c | 2001-07-18 15:58:08 +0000 | [diff] [blame] | 1519 | |
djm@openbsd.org | 786d599 | 2016-11-30 03:07:37 +0000 | [diff] [blame] | 1520 | if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) |
djm@openbsd.org | d952162 | 2015-12-01 23:29:24 +0000 | [diff] [blame] | 1521 | fatal("%s: pledge: %s", __progname, strerror(errno)); |
Damien Miller | 4626cba | 2016-01-08 14:24:56 +1100 | [diff] [blame] | 1522 | platform_pledge_agent(); |
djm@openbsd.org | d952162 | 2015-12-01 23:29:24 +0000 | [diff] [blame] | 1523 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1524 | while (1) { |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1525 | prepare_poll(&pfd, &npfd, &timeout, maxfds); |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1526 | result = poll(pfd, npfd, timeout); |
Darren Tucker | cf0d2db | 2007-02-28 21:19:58 +1100 | [diff] [blame] | 1527 | saved_errno = errno; |
Darren Tucker | 2812dc9 | 2007-03-21 20:45:06 +1100 | [diff] [blame] | 1528 | if (parent_alive_interval != 0) |
| 1529 | check_parent_exists(); |
| 1530 | (void) reaper(); /* remove expired keys */ |
deraadt@openbsd.org | 4d28fa7 | 2019-06-28 13:35:04 +0000 | [diff] [blame] | 1531 | if (result == -1) { |
Darren Tucker | cf0d2db | 2007-02-28 21:19:58 +1100 | [diff] [blame] | 1532 | if (saved_errno == EINTR) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1533 | continue; |
djm@openbsd.org | fd0e8fa | 2017-07-19 01:15:02 +0000 | [diff] [blame] | 1534 | fatal("poll: %s", strerror(saved_errno)); |
Darren Tucker | cf0d2db | 2007-02-28 21:19:58 +1100 | [diff] [blame] | 1535 | } else if (result > 0) |
djm@openbsd.org | b2140a7 | 2018-05-11 03:38:51 +0000 | [diff] [blame] | 1536 | after_poll(pfd, npfd, maxfds); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 1537 | } |
| 1538 | /* NOTREACHED */ |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1539 | } |