blob: 30d99b95500e976c164565fe73e5a133070a7fda [file] [log] [blame]
Damien Millerbd483e72000-04-30 10:00:53 +10001/* $OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $ */
Damien Miller792c5111999-10-29 09:47:09 +10002
Damien Millerd4a8b7e1999-10-27 13:42:43 +10003/*
Damien Miller95def091999-11-25 00:26:21 +11004 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
7 * Created: Wed Mar 29 03:46:59 1995 ylo
8 * The authentication agent program.
9 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100010
11#include "includes.h"
Damien Millerbd483e72000-04-30 10:00:53 +100012RCSID("$OpenBSD: ssh-agent.c,v 1.31 2000/04/29 18:11:52 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "ssh.h"
15#include "rsa.h"
16#include "authfd.h"
17#include "buffer.h"
18#include "bufaux.h"
19#include "xmalloc.h"
20#include "packet.h"
21#include "getput.h"
22#include "mpaux.h"
23
24#include <openssl/md5.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100025
Damien Miller95def091999-11-25 00:26:21 +110026typedef struct {
27 int fd;
28 enum {
29 AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION
30 } type;
31 Buffer input;
32 Buffer output;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100033} SocketEntry;
34
35unsigned int sockets_alloc = 0;
36SocketEntry *sockets = NULL;
37
Damien Miller95def091999-11-25 00:26:21 +110038typedef struct {
39 RSA *key;
40 char *comment;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100041} Identity;
42
43unsigned int num_identities = 0;
44Identity *identities = NULL;
45
46int max_fd = 0;
47
48/* pid of shell == parent of agent */
Damien Miller166fca82000-04-20 07:42:21 +100049pid_t parent_pid = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100050
51/* pathname and directory for AUTH_SOCKET */
52char socket_name[1024];
53char socket_dir[1024];
54
Damien Miller95def091999-11-25 00:26:21 +110055#ifdef HAVE___PROGNAME
56extern char *__progname;
57#else /* HAVE___PROGNAME */
Damien Miller70fb6712000-05-01 20:59:50 +100058static const char *__progname = "ssh-agent";
Damien Miller95def091999-11-25 00:26:21 +110059#endif /* HAVE___PROGNAME */
60
Damien Millerd4a8b7e1999-10-27 13:42:43 +100061void
62process_request_identity(SocketEntry *e)
63{
Damien Miller95def091999-11-25 00:26:21 +110064 Buffer msg;
65 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100066
Damien Miller95def091999-11-25 00:26:21 +110067 buffer_init(&msg);
68 buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
69 buffer_put_int(&msg, num_identities);
70 for (i = 0; i < num_identities; i++) {
71 buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
72 buffer_put_bignum(&msg, identities[i].key->e);
73 buffer_put_bignum(&msg, identities[i].key->n);
74 buffer_put_string(&msg, identities[i].comment,
75 strlen(identities[i].comment));
76 }
77 buffer_put_int(&e->output, buffer_len(&msg));
78 buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
79 buffer_free(&msg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100080}
81
82void
83process_authentication_challenge(SocketEntry *e)
84{
Damien Miller95def091999-11-25 00:26:21 +110085 int i, pub_bits, len;
86 BIGNUM *pub_e, *pub_n, *challenge;
87 Buffer msg;
88 MD5_CTX md;
89 unsigned char buf[32], mdbuf[16], session_id[16];
90 unsigned int response_type;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100091
Damien Miller95def091999-11-25 00:26:21 +110092 buffer_init(&msg);
93 pub_e = BN_new();
94 pub_n = BN_new();
95 challenge = BN_new();
96 pub_bits = buffer_get_int(&e->input);
97 buffer_get_bignum(&e->input, pub_e);
98 buffer_get_bignum(&e->input, pub_n);
99 buffer_get_bignum(&e->input, challenge);
100 if (buffer_len(&e->input) == 0) {
101 /* Compatibility code for old servers. */
102 memset(session_id, 0, 16);
103 response_type = 0;
104 } else {
105 /* New code. */
106 buffer_get(&e->input, (char *) session_id, 16);
107 response_type = buffer_get_int(&e->input);
108 }
109 for (i = 0; i < num_identities; i++)
110 if (pub_bits == BN_num_bits(identities[i].key->n) &&
111 BN_cmp(pub_e, identities[i].key->e) == 0 &&
112 BN_cmp(pub_n, identities[i].key->n) == 0) {
113 /* Decrypt the challenge using the private key. */
114 rsa_private_decrypt(challenge, challenge, identities[i].key);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000115
Damien Miller95def091999-11-25 00:26:21 +1100116 /* Compute the desired response. */
117 switch (response_type) {
118 case 0:/* As of protocol 1.0 */
119 /* This response type is no longer supported. */
120 log("Compatibility with ssh protocol 1.0 no longer supported.");
121 buffer_put_char(&msg, SSH_AGENT_FAILURE);
122 goto send;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000123
Damien Miller95def091999-11-25 00:26:21 +1100124 case 1:/* As of protocol 1.1 */
125 /* The response is MD5 of decrypted challenge plus session id. */
126 len = BN_num_bytes(challenge);
Damien Millerfd7c9111999-11-08 16:15:55 +1100127
Damien Miller95def091999-11-25 00:26:21 +1100128 if (len <= 0 || len > 32) {
129 fatal("process_authentication_challenge: "
130 "bad challenge length %d", len);
131 }
132 memset(buf, 0, 32);
133 BN_bn2bin(challenge, buf + 32 - len);
134 MD5_Init(&md);
135 MD5_Update(&md, buf, 32);
136 MD5_Update(&md, session_id, 16);
137 MD5_Final(mdbuf, &md);
138 break;
Damien Millerfd7c9111999-11-08 16:15:55 +1100139
Damien Miller95def091999-11-25 00:26:21 +1100140 default:
141 fatal("process_authentication_challenge: bad response_type %d",
142 response_type);
143 break;
144 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000145
Damien Miller95def091999-11-25 00:26:21 +1100146 /* Send the response. */
147 buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
148 for (i = 0; i < 16; i++)
149 buffer_put_char(&msg, mdbuf[i]);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000150
Damien Miller95def091999-11-25 00:26:21 +1100151 goto send;
152 }
153 /* Unknown identity. Send failure. */
154 buffer_put_char(&msg, SSH_AGENT_FAILURE);
155send:
156 buffer_put_int(&e->output, buffer_len(&msg));
157 buffer_append(&e->output, buffer_ptr(&msg),
158 buffer_len(&msg));
159 buffer_free(&msg);
160 BN_clear_free(pub_e);
161 BN_clear_free(pub_n);
162 BN_clear_free(challenge);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000163}
164
165void
166process_remove_identity(SocketEntry *e)
167{
Damien Miller95def091999-11-25 00:26:21 +1100168 unsigned int bits;
169 unsigned int i;
170 BIGNUM *dummy, *n;
Damien Miller7e8e8201999-11-16 13:37:16 +1100171
Damien Miller95def091999-11-25 00:26:21 +1100172 dummy = BN_new();
173 n = BN_new();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000174
Damien Miller95def091999-11-25 00:26:21 +1100175 /* Get the key from the packet. */
176 bits = buffer_get_int(&e->input);
177 buffer_get_bignum(&e->input, dummy);
178 buffer_get_bignum(&e->input, n);
179
180 if (bits != BN_num_bits(n))
Damien Millerbd483e72000-04-30 10:00:53 +1000181 log("Warning: identity keysize mismatch: actual %d, announced %d",
Damien Miller95def091999-11-25 00:26:21 +1100182 BN_num_bits(n), bits);
183
184 /* Check if we have the key. */
185 for (i = 0; i < num_identities; i++)
186 if (BN_cmp(identities[i].key->n, n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100187 /*
188 * We have this key. Free the old key. Since we
189 * don\'t want to leave empty slots in the middle of
190 * the array, we actually free the key there and copy
191 * data from the last entry.
192 */
Damien Miller95def091999-11-25 00:26:21 +1100193 RSA_free(identities[i].key);
194 xfree(identities[i].comment);
195 if (i < num_identities - 1)
196 identities[i] = identities[num_identities - 1];
197 num_identities--;
198 BN_clear_free(dummy);
199 BN_clear_free(n);
200
201 /* Send success. */
202 buffer_put_int(&e->output, 1);
203 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
204 return;
205 }
206 /* We did not have the key. */
207 BN_clear(dummy);
208 BN_clear(n);
209
210 /* Send failure. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000211 buffer_put_int(&e->output, 1);
Damien Miller95def091999-11-25 00:26:21 +1100212 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000213}
214
Damien Miller95def091999-11-25 00:26:21 +1100215/*
216 * Removes all identities from the agent.
217 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000218void
219process_remove_all_identities(SocketEntry *e)
220{
Damien Miller95def091999-11-25 00:26:21 +1100221 unsigned int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000222
Damien Miller95def091999-11-25 00:26:21 +1100223 /* Loop over all identities and clear the keys. */
224 for (i = 0; i < num_identities; i++) {
225 RSA_free(identities[i].key);
226 xfree(identities[i].comment);
227 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000228
Damien Miller95def091999-11-25 00:26:21 +1100229 /* Mark that there are no identities. */
230 num_identities = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000231
232 /* Send success. */
233 buffer_put_int(&e->output, 1);
234 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
235 return;
Damien Miller95def091999-11-25 00:26:21 +1100236}
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000237
Damien Miller95def091999-11-25 00:26:21 +1100238/*
239 * Adds an identity to the agent.
240 */
241void
242process_add_identity(SocketEntry *e)
243{
244 RSA *k;
245 int i;
246 BIGNUM *aux;
247 BN_CTX *ctx;
248
249 if (num_identities == 0)
250 identities = xmalloc(sizeof(Identity));
251 else
252 identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
253
254 identities[num_identities].key = RSA_new();
255 k = identities[num_identities].key;
256 buffer_get_int(&e->input); /* bits */
257 k->n = BN_new();
258 buffer_get_bignum(&e->input, k->n);
259 k->e = BN_new();
260 buffer_get_bignum(&e->input, k->e);
261 k->d = BN_new();
262 buffer_get_bignum(&e->input, k->d);
263 k->iqmp = BN_new();
264 buffer_get_bignum(&e->input, k->iqmp);
265 /* SSH and SSL have p and q swapped */
266 k->q = BN_new();
267 buffer_get_bignum(&e->input, k->q); /* p */
268 k->p = BN_new();
269 buffer_get_bignum(&e->input, k->p); /* q */
270
271 /* Generate additional parameters */
272 aux = BN_new();
273 ctx = BN_CTX_new();
274
275 BN_sub(aux, k->q, BN_value_one());
276 k->dmq1 = BN_new();
277 BN_mod(k->dmq1, k->d, aux, ctx);
278
279 BN_sub(aux, k->p, BN_value_one());
280 k->dmp1 = BN_new();
281 BN_mod(k->dmp1, k->d, aux, ctx);
282
283 BN_clear_free(aux);
284 BN_CTX_free(ctx);
285
286 identities[num_identities].comment = buffer_get_string(&e->input, NULL);
287
288 /* Check if we already have the key. */
289 for (i = 0; i < num_identities; i++)
290 if (BN_cmp(identities[i].key->n, k->n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100291 /*
292 * We already have this key. Clear and free the new
293 * data and return success.
294 */
Damien Miller95def091999-11-25 00:26:21 +1100295 RSA_free(k);
296 xfree(identities[num_identities].comment);
297
298 /* Send success. */
299 buffer_put_int(&e->output, 1);
300 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
301 return;
302 }
303 /* Increment the number of identities. */
304 num_identities++;
305
306 /* Send a success message. */
307 buffer_put_int(&e->output, 1);
308 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000309}
310
311void
312process_message(SocketEntry *e)
313{
Damien Miller95def091999-11-25 00:26:21 +1100314 unsigned int msg_len;
315 unsigned int type;
316 unsigned char *cp;
317 if (buffer_len(&e->input) < 5)
318 return; /* Incomplete message. */
319 cp = (unsigned char *) buffer_ptr(&e->input);
320 msg_len = GET_32BIT(cp);
321 if (msg_len > 256 * 1024) {
322 shutdown(e->fd, SHUT_RDWR);
323 close(e->fd);
324 e->type = AUTH_UNUSED;
325 return;
326 }
327 if (buffer_len(&e->input) < msg_len + 4)
328 return;
329 buffer_consume(&e->input, 4);
330 type = buffer_get_char(&e->input);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000331
Damien Miller95def091999-11-25 00:26:21 +1100332 switch (type) {
333 case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
334 process_request_identity(e);
335 break;
336 case SSH_AGENTC_RSA_CHALLENGE:
337 process_authentication_challenge(e);
338 break;
339 case SSH_AGENTC_ADD_RSA_IDENTITY:
340 process_add_identity(e);
341 break;
342 case SSH_AGENTC_REMOVE_RSA_IDENTITY:
343 process_remove_identity(e);
344 break;
345 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
346 process_remove_all_identities(e);
347 break;
348 default:
349 /* Unknown message. Respond with failure. */
350 error("Unknown message %d", type);
351 buffer_clear(&e->input);
352 buffer_put_int(&e->output, 1);
353 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
354 break;
355 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000356}
357
358void
359new_socket(int type, int fd)
360{
Damien Miller95def091999-11-25 00:26:21 +1100361 unsigned int i, old_alloc;
362 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
363 error("fcntl O_NONBLOCK: %s", strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000364
Damien Miller95def091999-11-25 00:26:21 +1100365 if (fd > max_fd)
366 max_fd = fd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000367
Damien Miller95def091999-11-25 00:26:21 +1100368 for (i = 0; i < sockets_alloc; i++)
369 if (sockets[i].type == AUTH_UNUSED) {
370 sockets[i].fd = fd;
371 sockets[i].type = type;
372 buffer_init(&sockets[i].input);
373 buffer_init(&sockets[i].output);
374 return;
375 }
376 old_alloc = sockets_alloc;
377 sockets_alloc += 10;
378 if (sockets)
379 sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
380 else
381 sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
382 for (i = old_alloc; i < sockets_alloc; i++)
383 sockets[i].type = AUTH_UNUSED;
384 sockets[old_alloc].type = type;
385 sockets[old_alloc].fd = fd;
386 buffer_init(&sockets[old_alloc].input);
387 buffer_init(&sockets[old_alloc].output);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000388}
389
390void
391prepare_select(fd_set *readset, fd_set *writeset)
392{
Damien Miller95def091999-11-25 00:26:21 +1100393 unsigned int i;
394 for (i = 0; i < sockets_alloc; i++)
395 switch (sockets[i].type) {
396 case AUTH_SOCKET:
397 case AUTH_CONNECTION:
398 FD_SET(sockets[i].fd, readset);
399 if (buffer_len(&sockets[i].output) > 0)
400 FD_SET(sockets[i].fd, writeset);
401 break;
402 case AUTH_UNUSED:
403 break;
404 default:
405 fatal("Unknown socket type %d", sockets[i].type);
406 break;
407 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000408}
409
Damien Miller4af51302000-04-16 11:18:38 +1000410void
Damien Miller95def091999-11-25 00:26:21 +1100411after_select(fd_set *readset, fd_set *writeset)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000412{
Damien Miller95def091999-11-25 00:26:21 +1100413 unsigned int i;
414 int len, sock;
Damien Miller7684ee12000-03-17 23:40:15 +1100415 socklen_t slen;
Damien Miller95def091999-11-25 00:26:21 +1100416 char buf[1024];
417 struct sockaddr_un sunaddr;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000418
Damien Miller95def091999-11-25 00:26:21 +1100419 for (i = 0; i < sockets_alloc; i++)
420 switch (sockets[i].type) {
421 case AUTH_UNUSED:
422 break;
423 case AUTH_SOCKET:
424 if (FD_ISSET(sockets[i].fd, readset)) {
Damien Miller7684ee12000-03-17 23:40:15 +1100425 slen = sizeof(sunaddr);
426 sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
Damien Miller95def091999-11-25 00:26:21 +1100427 if (sock < 0) {
428 perror("accept from AUTH_SOCKET");
429 break;
430 }
431 new_socket(AUTH_CONNECTION, sock);
432 }
433 break;
434 case AUTH_CONNECTION:
435 if (buffer_len(&sockets[i].output) > 0 &&
436 FD_ISSET(sockets[i].fd, writeset)) {
437 len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
438 buffer_len(&sockets[i].output));
439 if (len <= 0) {
440 shutdown(sockets[i].fd, SHUT_RDWR);
441 close(sockets[i].fd);
442 sockets[i].type = AUTH_UNUSED;
Damien Millera552faf2000-04-21 15:55:20 +1000443 buffer_free(&sockets[i].input);
444 buffer_free(&sockets[i].output);
Damien Miller95def091999-11-25 00:26:21 +1100445 break;
446 }
447 buffer_consume(&sockets[i].output, len);
448 }
449 if (FD_ISSET(sockets[i].fd, readset)) {
450 len = read(sockets[i].fd, buf, sizeof(buf));
451 if (len <= 0) {
452 shutdown(sockets[i].fd, SHUT_RDWR);
453 close(sockets[i].fd);
454 sockets[i].type = AUTH_UNUSED;
Damien Millera552faf2000-04-21 15:55:20 +1000455 buffer_free(&sockets[i].input);
456 buffer_free(&sockets[i].output);
Damien Miller95def091999-11-25 00:26:21 +1100457 break;
458 }
459 buffer_append(&sockets[i].input, buf, len);
460 process_message(&sockets[i]);
461 }
462 break;
463 default:
464 fatal("Unknown type %d", sockets[i].type);
465 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000466}
467
468void
469check_parent_exists(int sig)
470{
Damien Miller166fca82000-04-20 07:42:21 +1000471 if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
Damien Miller95def091999-11-25 00:26:21 +1100472 /* printf("Parent has died - Authentication agent exiting.\n"); */
473 exit(1);
474 }
475 signal(SIGALRM, check_parent_exists);
476 alarm(10);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000477}
478
Damien Miller792c5111999-10-29 09:47:09 +1000479void
480cleanup_socket(void)
481{
Damien Miller95def091999-11-25 00:26:21 +1100482 remove(socket_name);
483 rmdir(socket_dir);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000484}
485
Damien Miller792c5111999-10-29 09:47:09 +1000486void
487cleanup_exit(int i)
488{
Damien Miller95def091999-11-25 00:26:21 +1100489 cleanup_socket();
490 exit(i);
Damien Miller792c5111999-10-29 09:47:09 +1000491}
492
493void
494usage()
495{
Damien Miller95def091999-11-25 00:26:21 +1100496 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
497 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
498 __progname);
499 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000500}
501
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000502int
503main(int ac, char **av)
504{
Damien Miller95def091999-11-25 00:26:21 +1100505 fd_set readset, writeset;
506 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
507 struct sockaddr_un sunaddr;
508 pid_t pid;
509 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000510
Damien Miller95def091999-11-25 00:26:21 +1100511 /* check if RSA support exists */
512 if (rsa_alive() == 0) {
513 fprintf(stderr,
514 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
515 __progname);
516 exit(1);
517 }
Damien Millerd0cff3e2000-04-20 23:12:58 +1000518#ifdef __GNU_LIBRARY__
519 while ((ch = getopt(ac, av, "+cks")) != -1) {
520#else /* __GNU_LIBRARY__ */
Damien Miller95def091999-11-25 00:26:21 +1100521 while ((ch = getopt(ac, av, "cks")) != -1) {
Damien Millerd0cff3e2000-04-20 23:12:58 +1000522#endif /* __GNU_LIBRARY__ */
Damien Miller95def091999-11-25 00:26:21 +1100523 switch (ch) {
524 case 'c':
525 if (s_flag)
526 usage();
527 c_flag++;
528 break;
529 case 'k':
530 k_flag++;
531 break;
532 case 's':
533 if (c_flag)
534 usage();
535 s_flag++;
536 break;
537 default:
538 usage();
539 }
Damien Miller792c5111999-10-29 09:47:09 +1000540 }
Damien Miller95def091999-11-25 00:26:21 +1100541 ac -= optind;
542 av += optind;
Damien Miller792c5111999-10-29 09:47:09 +1000543
Damien Miller95def091999-11-25 00:26:21 +1100544 if (ac > 0 && (c_flag || k_flag || s_flag))
545 usage();
Damien Miller792c5111999-10-29 09:47:09 +1000546
Damien Miller95def091999-11-25 00:26:21 +1100547 if (ac == 0 && !c_flag && !k_flag && !s_flag) {
548 shell = getenv("SHELL");
549 if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
550 c_flag = 1;
Damien Miller792c5111999-10-29 09:47:09 +1000551 }
Damien Miller95def091999-11-25 00:26:21 +1100552 if (k_flag) {
553 pidstr = getenv(SSH_AGENTPID_ENV_NAME);
554 if (pidstr == NULL) {
555 fprintf(stderr, "%s not set, cannot kill agent\n",
556 SSH_AGENTPID_ENV_NAME);
557 exit(1);
558 }
559 pid = atoi(pidstr);
560 if (pid < 1) { /* XXX PID_MAX check too */
Damien Miller166fca82000-04-20 07:42:21 +1000561 /* Yes, PID_MAX check please */
Damien Miller95def091999-11-25 00:26:21 +1100562 fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
563 SSH_AGENTPID_ENV_NAME, pidstr);
564 exit(1);
565 }
566 if (kill(pid, SIGTERM) == -1) {
567 perror("kill");
568 exit(1);
569 }
570 format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
571 printf(format, SSH_AUTHSOCKET_ENV_NAME);
572 printf(format, SSH_AGENTPID_ENV_NAME);
573 printf("echo Agent pid %d killed;\n", pid);
574 exit(0);
Damien Miller792c5111999-10-29 09:47:09 +1000575 }
Damien Miller95def091999-11-25 00:26:21 +1100576 parent_pid = getpid();
577
578 /* Create private directory for agent socket */
579 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
580 if (mkdtemp(socket_dir) == NULL) {
581 perror("mkdtemp: private socket dir");
582 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000583 }
Damien Miller95def091999-11-25 00:26:21 +1100584 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
585 parent_pid);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000586
Damien Miller5428f641999-11-25 11:54:57 +1100587 /*
588 * Create socket early so it will exist before command gets run from
589 * the parent.
590 */
Damien Miller95def091999-11-25 00:26:21 +1100591 sock = socket(AF_UNIX, SOCK_STREAM, 0);
592 if (sock < 0) {
593 perror("socket");
594 cleanup_exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000595 }
Damien Miller95def091999-11-25 00:26:21 +1100596 memset(&sunaddr, 0, sizeof(sunaddr));
597 sunaddr.sun_family = AF_UNIX;
598 strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
599 if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
600 perror("bind");
601 cleanup_exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000602 }
Damien Miller95def091999-11-25 00:26:21 +1100603 if (listen(sock, 5) < 0) {
604 perror("listen");
605 cleanup_exit(1);
606 }
Damien Miller5428f641999-11-25 11:54:57 +1100607 /*
608 * Fork, and have the parent execute the command, if any, or present
609 * the socket data. The child continues as the authentication agent.
610 */
Damien Miller95def091999-11-25 00:26:21 +1100611 pid = fork();
612 if (pid == -1) {
613 perror("fork");
614 exit(1);
615 }
616 if (pid != 0) { /* Parent - execute the given command. */
617 close(sock);
618 snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
619 if (ac == 0) {
620 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
621 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
622 SSH_AUTHSOCKET_ENV_NAME);
623 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
624 SSH_AGENTPID_ENV_NAME);
625 printf("echo Agent pid %d;\n", pid);
626 exit(0);
627 }
628 setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
629 setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
630 execvp(av[0], av);
631 perror(av[0]);
632 exit(1);
633 }
634 close(0);
635 close(1);
636 close(2);
637
638 if (setsid() == -1) {
639 perror("setsid");
640 cleanup_exit(1);
641 }
642 if (atexit(cleanup_socket) < 0) {
643 perror("atexit");
644 cleanup_exit(1);
645 }
646 new_socket(AUTH_SOCKET, sock);
647 if (ac > 0) {
648 signal(SIGALRM, check_parent_exists);
649 alarm(10);
650 }
651 signal(SIGINT, SIG_IGN);
652 signal(SIGPIPE, SIG_IGN);
Damien Miller4af51302000-04-16 11:18:38 +1000653 signal(SIGHUP, cleanup_exit);
654 signal(SIGTERM, cleanup_exit);
Damien Miller95def091999-11-25 00:26:21 +1100655 while (1) {
656 FD_ZERO(&readset);
657 FD_ZERO(&writeset);
658 prepare_select(&readset, &writeset);
659 if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
660 if (errno == EINTR)
661 continue;
662 exit(1);
663 }
664 after_select(&readset, &writeset);
665 }
666 /* NOTREACHED */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000667}