blob: e8383b5dfbab669be7dca507c0172affeefde9bc [file] [log] [blame]
Damien Miller994cf142000-07-21 10:19:44 +10001/* $OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $ */
Damien Miller792c5111999-10-29 09:47:09 +10002
Damien Millerd4a8b7e1999-10-27 13:42:43 +10003/*
Damien Miller95def091999-11-25 00:26:21 +11004 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
7 * Created: Wed Mar 29 03:46:59 1995 ylo
8 * The authentication agent program.
9 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100010
11#include "includes.h"
Damien Miller994cf142000-07-21 10:19:44 +100012RCSID("$OpenBSD: ssh-agent.c,v 1.32 2000/07/16 08:27:21 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "ssh.h"
15#include "rsa.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100016#include "buffer.h"
17#include "bufaux.h"
18#include "xmalloc.h"
19#include "packet.h"
20#include "getput.h"
21#include "mpaux.h"
22
23#include <openssl/md5.h>
Damien Miller994cf142000-07-21 10:19:44 +100024#include <openssl/dsa.h>
25#include <openssl/rsa.h>
26#include "key.h"
27#include "authfd.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100028
Damien Miller95def091999-11-25 00:26:21 +110029typedef struct {
30 int fd;
31 enum {
32 AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION
33 } type;
34 Buffer input;
35 Buffer output;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100036} SocketEntry;
37
38unsigned int sockets_alloc = 0;
39SocketEntry *sockets = NULL;
40
Damien Miller95def091999-11-25 00:26:21 +110041typedef struct {
42 RSA *key;
43 char *comment;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100044} Identity;
45
46unsigned int num_identities = 0;
47Identity *identities = NULL;
48
49int max_fd = 0;
50
51/* pid of shell == parent of agent */
Damien Miller166fca82000-04-20 07:42:21 +100052pid_t parent_pid = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100053
54/* pathname and directory for AUTH_SOCKET */
55char socket_name[1024];
56char socket_dir[1024];
57
Damien Miller95def091999-11-25 00:26:21 +110058#ifdef HAVE___PROGNAME
59extern char *__progname;
60#else /* HAVE___PROGNAME */
Damien Miller70fb6712000-05-01 20:59:50 +100061static const char *__progname = "ssh-agent";
Damien Miller95def091999-11-25 00:26:21 +110062#endif /* HAVE___PROGNAME */
63
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064void
65process_request_identity(SocketEntry *e)
66{
Damien Miller95def091999-11-25 00:26:21 +110067 Buffer msg;
68 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100069
Damien Miller95def091999-11-25 00:26:21 +110070 buffer_init(&msg);
71 buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
72 buffer_put_int(&msg, num_identities);
73 for (i = 0; i < num_identities; i++) {
74 buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
75 buffer_put_bignum(&msg, identities[i].key->e);
76 buffer_put_bignum(&msg, identities[i].key->n);
77 buffer_put_string(&msg, identities[i].comment,
78 strlen(identities[i].comment));
79 }
80 buffer_put_int(&e->output, buffer_len(&msg));
81 buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
82 buffer_free(&msg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100083}
84
85void
86process_authentication_challenge(SocketEntry *e)
87{
Damien Miller95def091999-11-25 00:26:21 +110088 int i, pub_bits, len;
89 BIGNUM *pub_e, *pub_n, *challenge;
90 Buffer msg;
91 MD5_CTX md;
92 unsigned char buf[32], mdbuf[16], session_id[16];
93 unsigned int response_type;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100094
Damien Miller95def091999-11-25 00:26:21 +110095 buffer_init(&msg);
96 pub_e = BN_new();
97 pub_n = BN_new();
98 challenge = BN_new();
99 pub_bits = buffer_get_int(&e->input);
100 buffer_get_bignum(&e->input, pub_e);
101 buffer_get_bignum(&e->input, pub_n);
102 buffer_get_bignum(&e->input, challenge);
103 if (buffer_len(&e->input) == 0) {
104 /* Compatibility code for old servers. */
105 memset(session_id, 0, 16);
106 response_type = 0;
107 } else {
108 /* New code. */
109 buffer_get(&e->input, (char *) session_id, 16);
110 response_type = buffer_get_int(&e->input);
111 }
112 for (i = 0; i < num_identities; i++)
113 if (pub_bits == BN_num_bits(identities[i].key->n) &&
114 BN_cmp(pub_e, identities[i].key->e) == 0 &&
115 BN_cmp(pub_n, identities[i].key->n) == 0) {
116 /* Decrypt the challenge using the private key. */
117 rsa_private_decrypt(challenge, challenge, identities[i].key);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000118
Damien Miller95def091999-11-25 00:26:21 +1100119 /* Compute the desired response. */
120 switch (response_type) {
121 case 0:/* As of protocol 1.0 */
122 /* This response type is no longer supported. */
123 log("Compatibility with ssh protocol 1.0 no longer supported.");
124 buffer_put_char(&msg, SSH_AGENT_FAILURE);
125 goto send;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000126
Damien Miller95def091999-11-25 00:26:21 +1100127 case 1:/* As of protocol 1.1 */
128 /* The response is MD5 of decrypted challenge plus session id. */
129 len = BN_num_bytes(challenge);
Damien Millerfd7c9111999-11-08 16:15:55 +1100130
Damien Miller95def091999-11-25 00:26:21 +1100131 if (len <= 0 || len > 32) {
132 fatal("process_authentication_challenge: "
133 "bad challenge length %d", len);
134 }
135 memset(buf, 0, 32);
136 BN_bn2bin(challenge, buf + 32 - len);
137 MD5_Init(&md);
138 MD5_Update(&md, buf, 32);
139 MD5_Update(&md, session_id, 16);
140 MD5_Final(mdbuf, &md);
141 break;
Damien Millerfd7c9111999-11-08 16:15:55 +1100142
Damien Miller95def091999-11-25 00:26:21 +1100143 default:
144 fatal("process_authentication_challenge: bad response_type %d",
145 response_type);
146 break;
147 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000148
Damien Miller95def091999-11-25 00:26:21 +1100149 /* Send the response. */
150 buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
151 for (i = 0; i < 16; i++)
152 buffer_put_char(&msg, mdbuf[i]);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000153
Damien Miller95def091999-11-25 00:26:21 +1100154 goto send;
155 }
156 /* Unknown identity. Send failure. */
157 buffer_put_char(&msg, SSH_AGENT_FAILURE);
158send:
159 buffer_put_int(&e->output, buffer_len(&msg));
160 buffer_append(&e->output, buffer_ptr(&msg),
161 buffer_len(&msg));
162 buffer_free(&msg);
163 BN_clear_free(pub_e);
164 BN_clear_free(pub_n);
165 BN_clear_free(challenge);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000166}
167
168void
169process_remove_identity(SocketEntry *e)
170{
Damien Miller95def091999-11-25 00:26:21 +1100171 unsigned int bits;
172 unsigned int i;
173 BIGNUM *dummy, *n;
Damien Miller7e8e8201999-11-16 13:37:16 +1100174
Damien Miller95def091999-11-25 00:26:21 +1100175 dummy = BN_new();
176 n = BN_new();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000177
Damien Miller95def091999-11-25 00:26:21 +1100178 /* Get the key from the packet. */
179 bits = buffer_get_int(&e->input);
180 buffer_get_bignum(&e->input, dummy);
181 buffer_get_bignum(&e->input, n);
182
183 if (bits != BN_num_bits(n))
Damien Millerbd483e72000-04-30 10:00:53 +1000184 log("Warning: identity keysize mismatch: actual %d, announced %d",
Damien Miller95def091999-11-25 00:26:21 +1100185 BN_num_bits(n), bits);
186
187 /* Check if we have the key. */
188 for (i = 0; i < num_identities; i++)
189 if (BN_cmp(identities[i].key->n, n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100190 /*
191 * We have this key. Free the old key. Since we
192 * don\'t want to leave empty slots in the middle of
193 * the array, we actually free the key there and copy
194 * data from the last entry.
195 */
Damien Miller95def091999-11-25 00:26:21 +1100196 RSA_free(identities[i].key);
197 xfree(identities[i].comment);
198 if (i < num_identities - 1)
199 identities[i] = identities[num_identities - 1];
200 num_identities--;
201 BN_clear_free(dummy);
202 BN_clear_free(n);
203
204 /* Send success. */
205 buffer_put_int(&e->output, 1);
206 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
207 return;
208 }
209 /* We did not have the key. */
210 BN_clear(dummy);
211 BN_clear(n);
212
213 /* Send failure. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000214 buffer_put_int(&e->output, 1);
Damien Miller95def091999-11-25 00:26:21 +1100215 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000216}
217
Damien Miller95def091999-11-25 00:26:21 +1100218/*
219 * Removes all identities from the agent.
220 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000221void
222process_remove_all_identities(SocketEntry *e)
223{
Damien Miller95def091999-11-25 00:26:21 +1100224 unsigned int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000225
Damien Miller95def091999-11-25 00:26:21 +1100226 /* Loop over all identities and clear the keys. */
227 for (i = 0; i < num_identities; i++) {
228 RSA_free(identities[i].key);
229 xfree(identities[i].comment);
230 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000231
Damien Miller95def091999-11-25 00:26:21 +1100232 /* Mark that there are no identities. */
233 num_identities = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000234
235 /* Send success. */
236 buffer_put_int(&e->output, 1);
237 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
238 return;
Damien Miller95def091999-11-25 00:26:21 +1100239}
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000240
Damien Miller95def091999-11-25 00:26:21 +1100241/*
242 * Adds an identity to the agent.
243 */
244void
245process_add_identity(SocketEntry *e)
246{
247 RSA *k;
248 int i;
249 BIGNUM *aux;
250 BN_CTX *ctx;
251
252 if (num_identities == 0)
253 identities = xmalloc(sizeof(Identity));
254 else
255 identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
256
257 identities[num_identities].key = RSA_new();
258 k = identities[num_identities].key;
259 buffer_get_int(&e->input); /* bits */
260 k->n = BN_new();
261 buffer_get_bignum(&e->input, k->n);
262 k->e = BN_new();
263 buffer_get_bignum(&e->input, k->e);
264 k->d = BN_new();
265 buffer_get_bignum(&e->input, k->d);
266 k->iqmp = BN_new();
267 buffer_get_bignum(&e->input, k->iqmp);
268 /* SSH and SSL have p and q swapped */
269 k->q = BN_new();
270 buffer_get_bignum(&e->input, k->q); /* p */
271 k->p = BN_new();
272 buffer_get_bignum(&e->input, k->p); /* q */
273
274 /* Generate additional parameters */
275 aux = BN_new();
276 ctx = BN_CTX_new();
277
278 BN_sub(aux, k->q, BN_value_one());
279 k->dmq1 = BN_new();
280 BN_mod(k->dmq1, k->d, aux, ctx);
281
282 BN_sub(aux, k->p, BN_value_one());
283 k->dmp1 = BN_new();
284 BN_mod(k->dmp1, k->d, aux, ctx);
285
286 BN_clear_free(aux);
287 BN_CTX_free(ctx);
288
289 identities[num_identities].comment = buffer_get_string(&e->input, NULL);
290
291 /* Check if we already have the key. */
292 for (i = 0; i < num_identities; i++)
293 if (BN_cmp(identities[i].key->n, k->n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100294 /*
295 * We already have this key. Clear and free the new
296 * data and return success.
297 */
Damien Miller95def091999-11-25 00:26:21 +1100298 RSA_free(k);
299 xfree(identities[num_identities].comment);
300
301 /* Send success. */
302 buffer_put_int(&e->output, 1);
303 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
304 return;
305 }
306 /* Increment the number of identities. */
307 num_identities++;
308
309 /* Send a success message. */
310 buffer_put_int(&e->output, 1);
311 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000312}
313
314void
315process_message(SocketEntry *e)
316{
Damien Miller95def091999-11-25 00:26:21 +1100317 unsigned int msg_len;
318 unsigned int type;
319 unsigned char *cp;
320 if (buffer_len(&e->input) < 5)
321 return; /* Incomplete message. */
322 cp = (unsigned char *) buffer_ptr(&e->input);
323 msg_len = GET_32BIT(cp);
324 if (msg_len > 256 * 1024) {
325 shutdown(e->fd, SHUT_RDWR);
326 close(e->fd);
327 e->type = AUTH_UNUSED;
328 return;
329 }
330 if (buffer_len(&e->input) < msg_len + 4)
331 return;
332 buffer_consume(&e->input, 4);
333 type = buffer_get_char(&e->input);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000334
Damien Miller95def091999-11-25 00:26:21 +1100335 switch (type) {
336 case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
337 process_request_identity(e);
338 break;
339 case SSH_AGENTC_RSA_CHALLENGE:
340 process_authentication_challenge(e);
341 break;
342 case SSH_AGENTC_ADD_RSA_IDENTITY:
343 process_add_identity(e);
344 break;
345 case SSH_AGENTC_REMOVE_RSA_IDENTITY:
346 process_remove_identity(e);
347 break;
348 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
349 process_remove_all_identities(e);
350 break;
351 default:
352 /* Unknown message. Respond with failure. */
353 error("Unknown message %d", type);
354 buffer_clear(&e->input);
355 buffer_put_int(&e->output, 1);
356 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
357 break;
358 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000359}
360
361void
362new_socket(int type, int fd)
363{
Damien Miller95def091999-11-25 00:26:21 +1100364 unsigned int i, old_alloc;
365 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
366 error("fcntl O_NONBLOCK: %s", strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000367
Damien Miller95def091999-11-25 00:26:21 +1100368 if (fd > max_fd)
369 max_fd = fd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000370
Damien Miller95def091999-11-25 00:26:21 +1100371 for (i = 0; i < sockets_alloc; i++)
372 if (sockets[i].type == AUTH_UNUSED) {
373 sockets[i].fd = fd;
374 sockets[i].type = type;
375 buffer_init(&sockets[i].input);
376 buffer_init(&sockets[i].output);
377 return;
378 }
379 old_alloc = sockets_alloc;
380 sockets_alloc += 10;
381 if (sockets)
382 sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
383 else
384 sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
385 for (i = old_alloc; i < sockets_alloc; i++)
386 sockets[i].type = AUTH_UNUSED;
387 sockets[old_alloc].type = type;
388 sockets[old_alloc].fd = fd;
389 buffer_init(&sockets[old_alloc].input);
390 buffer_init(&sockets[old_alloc].output);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000391}
392
393void
394prepare_select(fd_set *readset, fd_set *writeset)
395{
Damien Miller95def091999-11-25 00:26:21 +1100396 unsigned int i;
397 for (i = 0; i < sockets_alloc; i++)
398 switch (sockets[i].type) {
399 case AUTH_SOCKET:
400 case AUTH_CONNECTION:
401 FD_SET(sockets[i].fd, readset);
402 if (buffer_len(&sockets[i].output) > 0)
403 FD_SET(sockets[i].fd, writeset);
404 break;
405 case AUTH_UNUSED:
406 break;
407 default:
408 fatal("Unknown socket type %d", sockets[i].type);
409 break;
410 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000411}
412
Damien Miller4af51302000-04-16 11:18:38 +1000413void
Damien Miller95def091999-11-25 00:26:21 +1100414after_select(fd_set *readset, fd_set *writeset)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000415{
Damien Miller95def091999-11-25 00:26:21 +1100416 unsigned int i;
417 int len, sock;
Damien Miller7684ee12000-03-17 23:40:15 +1100418 socklen_t slen;
Damien Miller95def091999-11-25 00:26:21 +1100419 char buf[1024];
420 struct sockaddr_un sunaddr;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000421
Damien Miller95def091999-11-25 00:26:21 +1100422 for (i = 0; i < sockets_alloc; i++)
423 switch (sockets[i].type) {
424 case AUTH_UNUSED:
425 break;
426 case AUTH_SOCKET:
427 if (FD_ISSET(sockets[i].fd, readset)) {
Damien Miller7684ee12000-03-17 23:40:15 +1100428 slen = sizeof(sunaddr);
429 sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
Damien Miller95def091999-11-25 00:26:21 +1100430 if (sock < 0) {
431 perror("accept from AUTH_SOCKET");
432 break;
433 }
434 new_socket(AUTH_CONNECTION, sock);
435 }
436 break;
437 case AUTH_CONNECTION:
438 if (buffer_len(&sockets[i].output) > 0 &&
439 FD_ISSET(sockets[i].fd, writeset)) {
440 len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
441 buffer_len(&sockets[i].output));
442 if (len <= 0) {
443 shutdown(sockets[i].fd, SHUT_RDWR);
444 close(sockets[i].fd);
445 sockets[i].type = AUTH_UNUSED;
Damien Millera552faf2000-04-21 15:55:20 +1000446 buffer_free(&sockets[i].input);
447 buffer_free(&sockets[i].output);
Damien Miller95def091999-11-25 00:26:21 +1100448 break;
449 }
450 buffer_consume(&sockets[i].output, len);
451 }
452 if (FD_ISSET(sockets[i].fd, readset)) {
453 len = read(sockets[i].fd, buf, sizeof(buf));
454 if (len <= 0) {
455 shutdown(sockets[i].fd, SHUT_RDWR);
456 close(sockets[i].fd);
457 sockets[i].type = AUTH_UNUSED;
Damien Millera552faf2000-04-21 15:55:20 +1000458 buffer_free(&sockets[i].input);
459 buffer_free(&sockets[i].output);
Damien Miller95def091999-11-25 00:26:21 +1100460 break;
461 }
462 buffer_append(&sockets[i].input, buf, len);
463 process_message(&sockets[i]);
464 }
465 break;
466 default:
467 fatal("Unknown type %d", sockets[i].type);
468 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000469}
470
471void
472check_parent_exists(int sig)
473{
Damien Miller166fca82000-04-20 07:42:21 +1000474 if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
Damien Miller95def091999-11-25 00:26:21 +1100475 /* printf("Parent has died - Authentication agent exiting.\n"); */
476 exit(1);
477 }
478 signal(SIGALRM, check_parent_exists);
479 alarm(10);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000480}
481
Damien Miller792c5111999-10-29 09:47:09 +1000482void
483cleanup_socket(void)
484{
Damien Miller95def091999-11-25 00:26:21 +1100485 remove(socket_name);
486 rmdir(socket_dir);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000487}
488
Damien Miller792c5111999-10-29 09:47:09 +1000489void
490cleanup_exit(int i)
491{
Damien Miller95def091999-11-25 00:26:21 +1100492 cleanup_socket();
493 exit(i);
Damien Miller792c5111999-10-29 09:47:09 +1000494}
495
496void
497usage()
498{
Damien Miller95def091999-11-25 00:26:21 +1100499 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
500 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
501 __progname);
502 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000503}
504
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000505int
506main(int ac, char **av)
507{
Damien Miller95def091999-11-25 00:26:21 +1100508 fd_set readset, writeset;
509 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
510 struct sockaddr_un sunaddr;
511 pid_t pid;
512 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
Damien Miller615f9392000-05-17 22:53:33 +1000513 extern int optind;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000514
Damien Millerf9b625c2000-07-09 22:42:32 +1000515 init_rng();
516
Damien Miller95def091999-11-25 00:26:21 +1100517 /* check if RSA support exists */
518 if (rsa_alive() == 0) {
519 fprintf(stderr,
520 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
521 __progname);
522 exit(1);
523 }
Damien Millerd0cff3e2000-04-20 23:12:58 +1000524#ifdef __GNU_LIBRARY__
525 while ((ch = getopt(ac, av, "+cks")) != -1) {
526#else /* __GNU_LIBRARY__ */
Damien Miller95def091999-11-25 00:26:21 +1100527 while ((ch = getopt(ac, av, "cks")) != -1) {
Damien Millerd0cff3e2000-04-20 23:12:58 +1000528#endif /* __GNU_LIBRARY__ */
Damien Miller95def091999-11-25 00:26:21 +1100529 switch (ch) {
530 case 'c':
531 if (s_flag)
532 usage();
533 c_flag++;
534 break;
535 case 'k':
536 k_flag++;
537 break;
538 case 's':
539 if (c_flag)
540 usage();
541 s_flag++;
542 break;
543 default:
544 usage();
545 }
Damien Miller792c5111999-10-29 09:47:09 +1000546 }
Damien Miller95def091999-11-25 00:26:21 +1100547 ac -= optind;
548 av += optind;
Damien Miller792c5111999-10-29 09:47:09 +1000549
Damien Miller95def091999-11-25 00:26:21 +1100550 if (ac > 0 && (c_flag || k_flag || s_flag))
551 usage();
Damien Miller792c5111999-10-29 09:47:09 +1000552
Damien Miller95def091999-11-25 00:26:21 +1100553 if (ac == 0 && !c_flag && !k_flag && !s_flag) {
554 shell = getenv("SHELL");
555 if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
556 c_flag = 1;
Damien Miller792c5111999-10-29 09:47:09 +1000557 }
Damien Miller95def091999-11-25 00:26:21 +1100558 if (k_flag) {
559 pidstr = getenv(SSH_AGENTPID_ENV_NAME);
560 if (pidstr == NULL) {
561 fprintf(stderr, "%s not set, cannot kill agent\n",
562 SSH_AGENTPID_ENV_NAME);
563 exit(1);
564 }
565 pid = atoi(pidstr);
566 if (pid < 1) { /* XXX PID_MAX check too */
Damien Miller166fca82000-04-20 07:42:21 +1000567 /* Yes, PID_MAX check please */
Damien Miller95def091999-11-25 00:26:21 +1100568 fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
569 SSH_AGENTPID_ENV_NAME, pidstr);
570 exit(1);
571 }
572 if (kill(pid, SIGTERM) == -1) {
573 perror("kill");
574 exit(1);
575 }
576 format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
577 printf(format, SSH_AUTHSOCKET_ENV_NAME);
578 printf(format, SSH_AGENTPID_ENV_NAME);
579 printf("echo Agent pid %d killed;\n", pid);
580 exit(0);
Damien Miller792c5111999-10-29 09:47:09 +1000581 }
Damien Miller95def091999-11-25 00:26:21 +1100582 parent_pid = getpid();
583
584 /* Create private directory for agent socket */
585 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
586 if (mkdtemp(socket_dir) == NULL) {
587 perror("mkdtemp: private socket dir");
588 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000589 }
Damien Miller95def091999-11-25 00:26:21 +1100590 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
591 parent_pid);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000592
Damien Miller5428f641999-11-25 11:54:57 +1100593 /*
594 * Create socket early so it will exist before command gets run from
595 * the parent.
596 */
Damien Miller95def091999-11-25 00:26:21 +1100597 sock = socket(AF_UNIX, SOCK_STREAM, 0);
598 if (sock < 0) {
599 perror("socket");
600 cleanup_exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000601 }
Damien Miller95def091999-11-25 00:26:21 +1100602 memset(&sunaddr, 0, sizeof(sunaddr));
603 sunaddr.sun_family = AF_UNIX;
604 strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
605 if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
606 perror("bind");
607 cleanup_exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000608 }
Damien Miller95def091999-11-25 00:26:21 +1100609 if (listen(sock, 5) < 0) {
610 perror("listen");
611 cleanup_exit(1);
612 }
Damien Miller5428f641999-11-25 11:54:57 +1100613 /*
614 * Fork, and have the parent execute the command, if any, or present
615 * the socket data. The child continues as the authentication agent.
616 */
Damien Miller95def091999-11-25 00:26:21 +1100617 pid = fork();
618 if (pid == -1) {
619 perror("fork");
620 exit(1);
621 }
622 if (pid != 0) { /* Parent - execute the given command. */
623 close(sock);
624 snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
625 if (ac == 0) {
626 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
627 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
628 SSH_AUTHSOCKET_ENV_NAME);
629 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
630 SSH_AGENTPID_ENV_NAME);
631 printf("echo Agent pid %d;\n", pid);
632 exit(0);
633 }
634 setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
635 setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
636 execvp(av[0], av);
637 perror(av[0]);
638 exit(1);
639 }
640 close(0);
641 close(1);
642 close(2);
643
644 if (setsid() == -1) {
645 perror("setsid");
646 cleanup_exit(1);
647 }
648 if (atexit(cleanup_socket) < 0) {
649 perror("atexit");
650 cleanup_exit(1);
651 }
652 new_socket(AUTH_SOCKET, sock);
653 if (ac > 0) {
654 signal(SIGALRM, check_parent_exists);
655 alarm(10);
656 }
657 signal(SIGINT, SIG_IGN);
658 signal(SIGPIPE, SIG_IGN);
Damien Miller4af51302000-04-16 11:18:38 +1000659 signal(SIGHUP, cleanup_exit);
660 signal(SIGTERM, cleanup_exit);
Damien Miller95def091999-11-25 00:26:21 +1100661 while (1) {
662 FD_ZERO(&readset);
663 FD_ZERO(&writeset);
664 prepare_select(&readset, &writeset);
665 if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
666 if (errno == EINTR)
667 continue;
668 exit(1);
669 }
670 after_select(&readset, &writeset);
671 }
672 /* NOTREACHED */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000673}