Blame - ssh-agent.c - platform/external/openssh

blob: 8aa25b30d22f6856150c4bdf40e8612a07ce9b65 [file] [log] [blame]

djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	1	/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	2	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	* All rights reserved
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	6	* The authentication agent program.
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	7	*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	8	* As far as I am concerned, the code I have written for this software
				9	* can be used freely for any purpose. Any derived versions of this
				10	* software must be clearly marked as such, and if the derived work is
				11	* incompatible with the protocol description in the RFC file, it must be
				12	* called by a name other than "ssh" or "Secure Shell".
				13	*
Ben Lindstrom	4469723	2001-07-04 03:32:30 +0000	[diff] [blame]	14	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	15	*
				16	* Redistribution and use in source and binary forms, with or without
				17	* modification, are permitted provided that the following conditions
				18	* are met:
				19	* 1. Redistributions of source code must retain the above copyright
				20	* notice, this list of conditions and the following disclaimer.
				21	* 2. Redistributions in binary form must reproduce the above copyright
				22	* notice, this list of conditions and the following disclaimer in the
				23	* documentation and/or other materials provided with the distribution.
				24	*
				25	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				26	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				27	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				28	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				29	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				30	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				31	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				32	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				33	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				34	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	35	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	36
				37	#include "includes.h"
Damien Miller	574c41f	2006-03-15 11:40:10 +1100	[diff] [blame]	38
deraadt@openbsd.org	2ae4f33	2015-01-16 06:40:12 +0000	[diff] [blame]	39	#include <sys/param.h> /* MIN MAX */
Damien Miller	574c41f	2006-03-15 11:40:10 +1100	[diff] [blame]	40	#include <sys/types.h>
Damien Miller	8dbffe7	2006-08-05 11:02:17 +1000	[diff] [blame]	41	#include <sys/param.h>
				42	#include <sys/resource.h>
Damien Miller	42fb068	2006-03-15 14:03:06 +1100	[diff] [blame]	43	#include <sys/stat.h>
Damien Miller	e3b60b5	2006-07-10 21:08:03 +1000	[diff] [blame]	44	#include <sys/socket.h>
Damien Miller	9aec919	2006-08-05 10:57:45 +1000	[diff] [blame]	45	#ifdef HAVE_SYS_TIME_H
				46	# include <sys/time.h>
				47	#endif
Damien Miller	574c41f	2006-03-15 11:40:10 +1100	[diff] [blame]	48	#ifdef HAVE_SYS_UN_H
				49	# include <sys/un.h>
				50	#endif
Damien Miller	9b48151	2002-09-12 10:43:29 +1000	[diff] [blame]	51	#include "openbsd-compat/sys-queue.h"
Damien Miller	e3b60b5	2006-07-10 21:08:03 +1000	[diff] [blame]	52
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	53	#ifdef WITH_OPENSSL
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	54	#include <openssl/evp.h>
Darren Tucker	bfaaf96	2008-02-28 19:13:52 +1100	[diff] [blame]	55	#include "openbsd-compat/openssl-compat.h"
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	56	#endif
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	57
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	58	#include <errno.h>
Damien Miller	57cf638	2006-07-10 21:13:46 +1000	[diff] [blame]	59	#include <fcntl.h>
deraadt@openbsd.org	2ae4f33	2015-01-16 06:40:12 +0000	[diff] [blame]	60	#include <limits.h>
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	61	#ifdef HAVE_PATHS_H
Damien Miller	a9263d0	2006-03-15 11:18:26 +1100	[diff] [blame]	62	# include <paths.h>
Damien Miller	03e2003	2006-03-15 11:16:59 +1100	[diff] [blame]	63	#endif
Damien Miller	6ff3cad	2006-03-15 11:52:09 +1100	[diff] [blame]	64	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	65	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	66	#include <stdio.h>
Damien Miller	e7a1e5c	2006-08-05 11:34:19 +1000	[diff] [blame]	67	#include <stdlib.h>
Damien Miller	5598b4f	2006-07-24 14:09:40 +1000	[diff] [blame]	68	#include <time.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	69	#include <string.h>
Damien Miller	e6b3b61	2006-07-24 14:01:23 +1000	[diff] [blame]	70	#include <unistd.h>
Damien Miller	e97201f	2015-05-21 17:55:15 +1000	[diff] [blame]	71	#ifdef HAVE_UTIL_H
				72	# include <util.h>
				73	#endif
Damien Miller	6ff3cad	2006-03-15 11:52:09 +1100	[diff] [blame]	74
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	75	#include "xmalloc.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	76	#include "ssh.h"
				77	#include "rsa.h"
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	78	#include "sshbuf.h"
				79	#include "sshkey.h"
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	80	#include "authfd.h"
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	81	#include "compat.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	82	#include "log.h"
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	83	#include "misc.h"
Damien Miller	4a1c7aa	2014-02-04 11:03:36 +1100	[diff] [blame]	84	#include "digest.h"
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	85	#include "ssherr.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	86
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	87	#ifdef ENABLE_PKCS11
				88	#include "ssh-pkcs11.h"
Ben Lindstrom	bcc1808	2001-08-06 21:59:25 +0000	[diff] [blame]	89	#endif
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	90
Damien Miller	6c4914a	2004-03-03 11:08:59 +1100	[diff] [blame]	91	#if defined(HAVE_SYS_PRCTL_H)
				92	#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
				93	#endif
				94
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	95	typedef enum {
				96	AUTH_UNUSED,
				97	AUTH_SOCKET,
				98	AUTH_CONNECTION
				99	} sock_type;
				100
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	101	typedef struct {
				102	int fd;
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	103	sock_type type;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	104	struct sshbuf *input;
				105	struct sshbuf *output;
				106	struct sshbuf *request;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	107	} SocketEntry;
				108
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	109	u_int sockets_alloc = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	110	SocketEntry *sockets = NULL;
				111
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	112	typedef struct identity {
				113	TAILQ_ENTRY(identity) next;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	114	struct sshkey *key;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	115	char *comment;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	116	char *provider;
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	117	time_t death;
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	118	u_int confirm;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	119	} Identity;
				120
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	121	typedef struct {
				122	int nentries;
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	123	TAILQ_HEAD(idqueue, identity) idlist;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	124	} Idtab;
				125
				126	/* private key table, one per protocol version */
				127	Idtab idtable[3];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	128
				129	int max_fd = 0;
				130
				131	/* pid of shell == parent of agent */
Damien Miller	166fca8	2000-04-20 07:42:21 +1000	[diff] [blame]	132	pid_t parent_pid = -1;
Darren Tucker	073f795	2013-06-02 23:47:11 +1000	[diff] [blame]	133	time_t parent_alive_interval = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	134
Damien Miller	b1e967c	2014-07-03 21:22:40 +1000	[diff] [blame]	135	/* pid of process for which cleanup_socket is applicable */
				136	pid_t cleanup_pid = 0;
				137
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	138	/* pathname and directory for AUTH_SOCKET */
deraadt@openbsd.org	2ae4f33	2015-01-16 06:40:12 +0000	[diff] [blame]	139	char socket_name[PATH_MAX];
				140	char socket_dir[PATH_MAX];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	141
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	142	/* locking */
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	143	#define LOCK_SIZE 32
				144	#define LOCK_SALT_SIZE 16
				145	#define LOCK_ROUNDS 1
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	146	int locked = 0;
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	147	u_char lock_pwhash[LOCK_SIZE];
				148	u_char lock_salt[LOCK_SALT_SIZE];
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	149
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	150	extern char *__progname;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	151
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	152	/* Default lifetime in seconds (0 == forever) */
				153	static long lifetime = 0;
Damien Miller	53d8148	2003-01-22 11:47:19 +1100	[diff] [blame]	154
djm@openbsd.org	56d1c83	2014-12-21 22:27:55 +0000	[diff] [blame]	155	static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
				156
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	157	static void
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	158	close_socket(SocketEntry *e)
				159	{
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	160	close(e->fd);
				161	e->fd = -1;
				162	e->type = AUTH_UNUSED;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	163	sshbuf_free(e->input);
				164	sshbuf_free(e->output);
				165	sshbuf_free(e->request);
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	166	}
				167
				168	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	169	idtab_init(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	170	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	171	int i;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	172
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	173	for (i = 0; i <=2; i++) {
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	174	TAILQ_INIT(&idtable[i].idlist);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	175	idtable[i].nentries = 0;
				176	}
				177	}
				178
				179	/* return private key table for requested protocol version */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	180	static Idtab *
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	181	idtab_lookup(int version)
				182	{
				183	if (version < 1 \|\| version > 2)
				184	fatal("internal error, bad protocol version %d", version);
				185	return &idtable[version];
				186	}
				187
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	188	static void
				189	free_identity(Identity *id)
				190	{
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	191	sshkey_free(id->key);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	192	free(id->provider);
				193	free(id->comment);
				194	free(id);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	195	}
				196
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	197	/* return matching private key for given public key */
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	198	static Identity *
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	199	lookup_identity(struct sshkey *key, int version)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	200	{
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	201	Identity *id;
				202
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	203	Idtab *tab = idtab_lookup(version);
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	204	TAILQ_FOREACH(id, &tab->idlist, next) {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	205	if (sshkey_equal(key, id->key))
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	206	return (id);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	207	}
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	208	return (NULL);
				209	}
				210
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	211	/* Check confirmation of keysign request */
				212	static int
				213	confirm_key(Identity *id)
				214	{
Darren Tucker	ce327b6	2004-11-05 20:38:03 +1100	[diff] [blame]	215	char *p;
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	216	int ret = -1;
				217
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	218	p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
djm@openbsd.org	9ce86c9	2015-01-28 22:36:00 +0000	[diff] [blame]	219	if (p != NULL &&
				220	ask_permission("Allow use of key %s?\nKey fingerprint %s.",
Darren Tucker	ce327b6	2004-11-05 20:38:03 +1100	[diff] [blame]	221	id->comment, p))
				222	ret = 0;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	223	free(p);
Darren Tucker	ce327b6	2004-11-05 20:38:03 +1100	[diff] [blame]	224
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	225	return (ret);
				226	}
				227
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	228	static void
				229	send_status(SocketEntry *e, int success)
				230	{
				231	int r;
				232
				233	if ((r = sshbuf_put_u32(e->output, 1)) != 0 \|\|
				234	(r = sshbuf_put_u8(e->output, success ?
				235	SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
				236	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				237	}
				238
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	239	/* send list of supported public keys to 'client' */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	240	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	241	process_request_identities(SocketEntry *e, int version)
				242	{
				243	Idtab *tab = idtab_lookup(version);
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	244	Identity *id;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	245	struct sshbuf *msg;
				246	int r;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	247
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	248	if ((msg = sshbuf_new()) == NULL)
				249	fatal("%s: sshbuf_new failed", __func__);
				250	if ((r = sshbuf_put_u8(msg, (version == 1) ?
				251	SSH_AGENT_RSA_IDENTITIES_ANSWER :
				252	SSH2_AGENT_IDENTITIES_ANSWER)) != 0 \|\|
				253	(r = sshbuf_put_u32(msg, tab->nentries)) != 0)
				254	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	255	TAILQ_FOREACH(id, &tab->idlist, next) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	256	if (id->key->type == KEY_RSA1) {
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	257	#ifdef WITH_SSH1
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	258	if ((r = sshbuf_put_u32(msg,
				259	BN_num_bits(id->key->rsa->n))) != 0 \|\|
				260	(r = sshbuf_put_bignum1(msg,
				261	id->key->rsa->e)) != 0 \|\|
				262	(r = sshbuf_put_bignum1(msg,
				263	id->key->rsa->n)) != 0)
				264	fatal("%s: buffer error: %s",
				265	__func__, ssh_err(r));
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	266	#endif
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	267	} else {
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	268	u_char *blob;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	269	size_t blen;
				270
				271	if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) {
				272	error("%s: sshkey_to_blob: %s", __func__,
				273	ssh_err(r));
				274	continue;
				275	}
				276	if ((r = sshbuf_put_string(msg, blob, blen)) != 0)
				277	fatal("%s: buffer error: %s",
				278	__func__, ssh_err(r));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	279	free(blob);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	280	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	281	if ((r = sshbuf_put_cstring(msg, id->comment)) != 0)
				282	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	283	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	284	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
				285	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				286	sshbuf_free(msg);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	287	}
				288
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	289	#ifdef WITH_SSH1
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	290	/* ssh1 only */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	291	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	292	process_authentication_challenge1(SocketEntry *e)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	293	{
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	294	u_char buf[32], mdbuf[16], session_id[16];
				295	u_int response_type;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	296	BIGNUM *challenge;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	297	Identity *id;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	298	int r, len;
				299	struct sshbuf *msg;
Damien Miller	4a1c7aa	2014-02-04 11:03:36 +1100	[diff] [blame]	300	struct ssh_digest_ctx *md;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	301	struct sshkey *key;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	302
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	303	if ((msg = sshbuf_new()) == NULL)
				304	fatal("%s: sshbuf_new failed", __func__);
				305	if ((key = sshkey_new(KEY_RSA1)) == NULL)
				306	fatal("%s: sshkey_new failed", __func__);
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	307	if ((challenge = BN_new()) == NULL)
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	308	fatal("%s: BN_new failed", __func__);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	309
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	310	if ((r = sshbuf_get_u32(e->request, NULL)) != 0 \|\| /* ignored */
				311	(r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 \|\|
				312	(r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0 \|\|
				313	(r = sshbuf_get_bignum1(e->request, challenge)))
				314	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	315
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	316	/* Only protocol 1.1 is supported */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	317	if (sshbuf_len(e->request) == 0)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	318	goto failure;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	319	if ((r = sshbuf_get(e->request, session_id, sizeof(session_id))) != 0 \|\|
				320	(r = sshbuf_get_u32(e->request, &response_type)) != 0)
				321	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	322	if (response_type != 1)
				323	goto failure;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	324
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	325	id = lookup_identity(key, 1);
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	326	if (id != NULL && (!id->confirm \|\| confirm_key(id) == 0)) {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	327	struct sshkey *private = id->key;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	328	/* Decrypt the challenge using the private key. */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	329	if ((r = rsa_private_decrypt(challenge, challenge,
				330	private->rsa) != 0)) {
				331	fatal("%s: rsa_public_encrypt: %s", __func__,
				332	ssh_err(r));
				333	goto failure; /* XXX ? */
				334	}
Damien Miller	fd7c911	1999-11-08 16:15:55 +1100	[diff] [blame]	335
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	336	/* The response is MD5 of decrypted challenge plus session id */
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	337	len = BN_num_bytes(challenge);
				338	if (len <= 0 \|\| len > 32) {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	339	logit("%s: bad challenge length %d", __func__, len);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	340	goto failure;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	341	}
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	342	memset(buf, 0, 32);
				343	BN_bn2bin(challenge, buf + 32 - len);
Damien Miller	4a1c7aa	2014-02-04 11:03:36 +1100	[diff] [blame]	344	if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL \|\|
				345	ssh_digest_update(md, buf, 32) < 0 \|\|
				346	ssh_digest_update(md, session_id, 16) < 0 \|\|
				347	ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0)
				348	fatal("%s: md5 failed", __func__);
				349	ssh_digest_free(md);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	350
				351	/* Send the response. */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	352	if ((r = sshbuf_put_u8(msg, SSH_AGENT_RSA_RESPONSE)) != 0 \|\|
				353	(r = sshbuf_put(msg, mdbuf, sizeof(mdbuf))) != 0)
				354	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	355	goto send;
				356	}
				357
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	358	failure:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	359	/* Unknown identity or protocol error. Send failure. */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	360	if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
				361	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				362	send:
				363	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
				364	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				365	sshkey_free(key);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	366	BN_clear_free(challenge);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	367	sshbuf_free(msg);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	368	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	369	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	370
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	371	static char *
				372	agent_decode_alg(struct sshkey *key, u_int flags)
				373	{
				374	if (key->type == KEY_RSA) {
				375	if (flags & SSH_AGENT_RSA_SHA2_256)
				376	return "rsa-sha2-256";
				377	else if (flags & SSH_AGENT_RSA_SHA2_512)
				378	return "rsa-sha2-512";
				379	}
				380	return NULL;
				381	}
				382
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	383	/* ssh2 only */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	384	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	385	process_sign_request2(SocketEntry *e)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	386	{
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	387	u_char blob, data, *signature = NULL;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	388	size_t blen, dlen, slen = 0;
				389	u_int compat = 0, flags;
				390	int r, ok = -1;
				391	struct sshbuf *msg;
				392	struct sshkey *key;
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	393	struct identity *id;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	394
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	395	if ((msg = sshbuf_new()) == NULL)
				396	fatal("%s: sshbuf_new failed", __func__);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	397	if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0 \|\|
				398	(r = sshbuf_get_string(e->request, &data, &dlen)) != 0 \|\|
				399	(r = sshbuf_get_u32(e->request, &flags)) != 0)
				400	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	401	if (flags & SSH_AGENT_OLD_SIGNATURE)
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	402	compat = SSH_BUG_SIGBLOB;
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	403	if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
djm@openbsd.org	39736be	2015-12-11 02:20:28 +0000	[diff] [blame]	404	error("%s: cannot parse key blob: %s", __func__, ssh_err(r));
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	405	goto send;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	406	}
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	407	if ((id = lookup_identity(key, 2)) == NULL) {
				408	verbose("%s: %s key not found", __func__, sshkey_type(key));
				409	goto send;
				410	}
				411	if (id->confirm && confirm_key(id) != 0) {
				412	verbose("%s: user refused key", __func__);
				413	goto send;
				414	}
				415	if ((r = sshkey_sign(id->key, &signature, &slen,
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	416	data, dlen, agent_decode_alg(key, flags), compat)) != 0) {
djm@openbsd.org	39736be	2015-12-11 02:20:28 +0000	[diff] [blame]	417	error("%s: sshkey_sign: %s", __func__, ssh_err(r));
djm@openbsd.org	0088c57	2015-01-14 19:33:41 +0000	[diff] [blame]	418	goto send;
				419	}
				420	/* Success */
				421	ok = 0;
				422	send:
				423	sshkey_free(key);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	424	if (ok == 0) {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	425	if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 \|\|
				426	(r = sshbuf_put_string(msg, signature, slen)) != 0)
				427	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				428	} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
				429	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				430
				431	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
				432	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				433
				434	sshbuf_free(msg);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	435	free(data);
				436	free(blob);
				437	free(signature);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	438	}
				439
				440	/* shared */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	441	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	442	process_remove_identity(SocketEntry *e, int version)
				443	{
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	444	size_t blen;
				445	int r, success = 0;
				446	struct sshkey *key = NULL;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	447	u_char *blob;
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	448	#ifdef WITH_SSH1
				449	u_int bits;
				450	#endif /* WITH_SSH1 */
Damien Miller	7e8e820	1999-11-16 13:37:16 +1100	[diff] [blame]	451
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	452	switch (version) {
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	453	#ifdef WITH_SSH1
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	454	case 1:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	455	if ((key = sshkey_new(KEY_RSA1)) == NULL) {
				456	error("%s: sshkey_new failed", __func__);
				457	return;
				458	}
				459	if ((r = sshbuf_get_u32(e->request, &bits)) != 0 \|\|
				460	(r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 \|\|
				461	(r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0)
				462	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	463
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	464	if (bits != sshkey_size(key))
				465	logit("Warning: identity keysize mismatch: "
				466	"actual %u, announced %u",
				467	sshkey_size(key), bits);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	468	break;
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	469	#endif /* WITH_SSH1 */
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	470	case 2:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	471	if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0)
				472	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				473	if ((r = sshkey_from_blob(blob, blen, &key)) != 0)
				474	error("%s: sshkey_from_blob failed: %s",
				475	__func__, ssh_err(r));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	476	free(blob);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	477	break;
				478	}
				479	if (key != NULL) {
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	480	Identity *id = lookup_identity(key, version);
				481	if (id != NULL) {
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	482	/*
				483	* We have this key. Free the old key. Since we
Damien Miller	788f212	2005-11-05 15:14:59 +1100	[diff] [blame]	484	* don't want to leave empty slots in the middle of
Ben Lindstrom	1492029	2000-11-21 21:24:55 +0000	[diff] [blame]	485	* the array, we actually free the key there and move
				486	* all the entries between the empty slot and the end
				487	* of the array.
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	488	*/
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	489	Idtab *tab = idtab_lookup(version);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	490	if (tab->nentries < 1)
				491	fatal("process_remove_identity: "
				492	"internal error: tab->nentries %d",
				493	tab->nentries);
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	494	TAILQ_REMOVE(&tab->idlist, id, next);
				495	free_identity(id);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	496	tab->nentries--;
				497	success = 1;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	498	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	499	sshkey_free(key);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	500	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	501	send_status(e, success);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	502	}
				503
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	504	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	505	process_remove_all_identities(SocketEntry *e, int version)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	506	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	507	Idtab *tab = idtab_lookup(version);
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	508	Identity *id;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	509
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	510	/* Loop over all identities and clear the keys. */
Damien Miller	1a534ae	2002-01-22 23:26:13 +1100	[diff] [blame]	511	for (id = TAILQ_FIRST(&tab->idlist); id;
				512	id = TAILQ_FIRST(&tab->idlist)) {
				513	TAILQ_REMOVE(&tab->idlist, id, next);
				514	free_identity(id);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	515	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	516
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	517	/* Mark that there are no identities. */
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	518	tab->nentries = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	519
				520	/* Send success. */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	521	send_status(e, 1);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	522	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	523
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	524	/* removes expired keys and returns number of seconds until the next expiry */
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	525	static time_t
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	526	reaper(void)
				527	{
Darren Tucker	b759c9c	2013-06-02 07:46:16 +1000	[diff] [blame]	528	time_t deadline = 0, now = monotime();
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	529	Identity id, nxt;
				530	int version;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	531	Idtab *tab;
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	532
				533	for (version = 1; version < 3; version++) {
				534	tab = idtab_lookup(version);
				535	for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
				536	nxt = TAILQ_NEXT(id, next);
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	537	if (id->death == 0)
				538	continue;
				539	if (now >= id->death) {
Darren Tucker	cf0d2db	2007-02-28 21:19:58 +1100	[diff] [blame]	540	debug("expiring key '%s'", id->comment);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	541	TAILQ_REMOVE(&tab->idlist, id, next);
				542	free_identity(id);
				543	tab->nentries--;
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	544	} else
				545	deadline = (deadline == 0) ? id->death :
				546	MIN(deadline, id->death);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	547	}
				548	}
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	549	if (deadline == 0 \|\| deadline <= now)
				550	return 0;
				551	else
				552	return (deadline - now);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	553	}
				554
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	555	/*
				556	* XXX this and the corresponding serialisation function probably belongs
				557	* in key.c
				558	*/
djm@openbsd.org	111dfb2	2015-03-03 21:21:13 +0000	[diff] [blame]	559	#ifdef WITH_SSH1
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	560	static int
				561	agent_decode_rsa1(struct sshbuf m, struct sshkey *kp)
				562	{
				563	struct sshkey *k = NULL;
				564	int r = SSH_ERR_INTERNAL_ERROR;
				565
				566	*kp = NULL;
				567	if ((k = sshkey_new_private(KEY_RSA1)) == NULL)
				568	return SSH_ERR_ALLOC_FAIL;
				569
				570	if ((r = sshbuf_get_u32(m, NULL)) != 0 \|\| /* ignored */
				571	(r = sshbuf_get_bignum1(m, k->rsa->n)) != 0 \|\|
				572	(r = sshbuf_get_bignum1(m, k->rsa->e)) != 0 \|\|
				573	(r = sshbuf_get_bignum1(m, k->rsa->d)) != 0 \|\|
				574	(r = sshbuf_get_bignum1(m, k->rsa->iqmp)) != 0 \|\|
				575	/* SSH1 and SSL have p and q swapped */
				576	(r = sshbuf_get_bignum1(m, k->rsa->q)) != 0 \|\| /* p */
				577	(r = sshbuf_get_bignum1(m, k->rsa->p)) != 0) /* q */
				578	goto out;
				579
				580	/* Generate additional parameters */
				581	if ((r = rsa_generate_additional_parameters(k->rsa)) != 0)
				582	goto out;
				583	/* enable blinding */
				584	if (RSA_blinding_on(k->rsa, NULL) != 1) {
				585	r = SSH_ERR_LIBCRYPTO_ERROR;
				586	goto out;
				587	}
				588
				589	r = 0; /* success */
				590	out:
				591	if (r == 0)
				592	*kp = k;
				593	else
				594	sshkey_free(k);
				595	return r;
				596	}
Damien Miller	6c20392	2015-03-03 13:48:48 -0800	[diff] [blame]	597	#endif /* WITH_SSH1 */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	598
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	599	static void
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	600	process_add_identity(SocketEntry *e, int version)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	601	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	602	Idtab *tab = idtab_lookup(version);
Damien Miller	4c7728c	2007-10-26 14:25:31 +1000	[diff] [blame]	603	Identity *id;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	604	int success = 0, confirm = 0;
				605	u_int seconds;
				606	char *comment = NULL;
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	607	time_t death = 0;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	608	struct sshkey *k = NULL;
				609	u_char ctype;
				610	int r = SSH_ERR_INTERNAL_ERROR;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	611
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	612	switch (version) {
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	613	#ifdef WITH_SSH1
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	614	case 1:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	615	r = agent_decode_rsa1(e->request, &k);
Damien Miller	c51d073	2003-03-15 11:37:09 +1100	[diff] [blame]	616	break;
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	617	#endif /* WITH_SSH1 */
Damien Miller	f0e9060	2013-12-07 10:40:26 +1100	[diff] [blame]	618	case 2:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	619	r = sshkey_private_deserialize(e->request, &k);
Damien Miller	f0e9060	2013-12-07 10:40:26 +1100	[diff] [blame]	620	break;
Damien Miller	c51d073	2003-03-15 11:37:09 +1100	[diff] [blame]	621	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	622	if (r != 0 \|\| k == NULL \|\|
				623	(r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) {
				624	error("%s: decode private key: %s", __func__, ssh_err(r));
				625	goto err;
				626	}
Damien Miller	8668706	2014-07-02 15:28:02 +1000	[diff] [blame]	627
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	628	while (sshbuf_len(e->request)) {
				629	if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
				630	error("%s: buffer error: %s", __func__, ssh_err(r));
				631	goto err;
				632	}
				633	switch (ctype) {
Ben Lindstrom	c90f8a9	2002-06-21 00:06:54 +0000	[diff] [blame]	634	case SSH_AGENT_CONSTRAIN_LIFETIME:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	635	if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
				636	error("%s: bad lifetime constraint: %s",
				637	__func__, ssh_err(r));
				638	goto err;
				639	}
				640	death = monotime() + seconds;
Ben Lindstrom	4eb4c4e	2002-06-21 00:04:48 +0000	[diff] [blame]	641	break;
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	642	case SSH_AGENT_CONSTRAIN_CONFIRM:
				643	confirm = 1;
				644	break;
Ben Lindstrom	4eb4c4e	2002-06-21 00:04:48 +0000	[diff] [blame]	645	default:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	646	error("%s: Unknown constraint %d", __func__, ctype);
				647	err:
				648	sshbuf_reset(e->request);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	649	free(comment);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	650	sshkey_free(k);
Damien Miller	1cfadab	2008-06-30 00:05:21 +1000	[diff] [blame]	651	goto send;
Ben Lindstrom	4eb4c4e	2002-06-21 00:04:48 +0000	[diff] [blame]	652	}
				653	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	654
Damien Miller	1cfadab	2008-06-30 00:05:21 +1000	[diff] [blame]	655	success = 1;
Damien Miller	53d8148	2003-01-22 11:47:19 +1100	[diff] [blame]	656	if (lifetime && !death)
Darren Tucker	b759c9c	2013-06-02 07:46:16 +1000	[diff] [blame]	657	death = monotime() + lifetime;
Damien Miller	4c7728c	2007-10-26 14:25:31 +1000	[diff] [blame]	658	if ((id = lookup_identity(k, version)) == NULL) {
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	659	id = xcalloc(1, sizeof(Identity));
Ben Lindstrom	2b266b7	2002-06-21 00:08:39 +0000	[diff] [blame]	660	id->key = k;
Ben Lindstrom	2b266b7	2002-06-21 00:08:39 +0000	[diff] [blame]	661	TAILQ_INSERT_TAIL(&tab->idlist, id, next);
				662	/* Increment the number of identities. */
				663	tab->nentries++;
				664	} else {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	665	sshkey_free(k);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	666	free(id->comment);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	667	}
Damien Miller	4c7728c	2007-10-26 14:25:31 +1000	[diff] [blame]	668	id->comment = comment;
				669	id->death = death;
				670	id->confirm = confirm;
Ben Lindstrom	2b266b7	2002-06-21 00:08:39 +0000	[diff] [blame]	671	send:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	672	send_status(e, success);
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	673	}
				674
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	675	/* XXX todo: encrypt sensitive data with passphrase */
				676	static void
				677	process_lock_agent(SocketEntry *e, int lock)
				678	{
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	679	int r, success = 0, delay;
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	680	char *passwd;
				681	u_char passwdhash[LOCK_SIZE];
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	682	static u_int fail_count = 0;
				683	size_t pwlen;
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	684
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	685	if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	686	fatal("%s: buffer error: %s", __func__, ssh_err(r));
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	687	if (pwlen == 0) {
				688	debug("empty password not supported");
				689	} else if (locked && !lock) {
				690	if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
				691	passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
				692	fatal("bcrypt_pbkdf");
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	693	if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) {
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	694	debug("agent unlocked");
				695	locked = 0;
				696	fail_count = 0;
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	697	explicit_bzero(lock_pwhash, sizeof(lock_pwhash));
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	698	success = 1;
				699	} else {
				700	/* delay in 0.1s increments up to 10s */
				701	if (fail_count < 100)
				702	fail_count++;
				703	delay = 100000 * fail_count;
				704	debug("unlock failed, delaying %0.1lf seconds",
				705	(double)delay/1000000);
				706	usleep(delay);
				707	}
				708	explicit_bzero(passwdhash, sizeof(passwdhash));
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	709	} else if (!locked && lock) {
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	710	debug("agent locked");
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	711	locked = 1;
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	712	arc4random_buf(lock_salt, sizeof(lock_salt));
				713	if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	714	lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0)
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	715	fatal("bcrypt_pbkdf");
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	716	success = 1;
				717	}
dtucker@openbsd.org	9173d0f	2015-05-15 05:44:21 +0000	[diff] [blame]	718	explicit_bzero(passwd, pwlen);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	719	free(passwd);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	720	send_status(e, success);
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	721	}
				722
				723	static void
				724	no_identities(SocketEntry *e, u_int type)
				725	{
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	726	struct sshbuf *msg;
				727	int r;
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	728
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	729	if ((msg = sshbuf_new()) == NULL)
				730	fatal("%s: sshbuf_new failed", __func__);
				731	if ((r = sshbuf_put_u8(msg,
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	732	(type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ?
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	733	SSH_AGENT_RSA_IDENTITIES_ANSWER :
				734	SSH2_AGENT_IDENTITIES_ANSWER)) != 0 \|\|
				735	(r = sshbuf_put_u32(msg, 0)) != 0 \|\|
				736	(r = sshbuf_put_stringb(e->output, msg)) != 0)
				737	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				738	sshbuf_free(msg);
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	739	}
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	740
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	741	#ifdef ENABLE_PKCS11
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	742	static void
Damien Miller	1cfadab	2008-06-30 00:05:21 +1000	[diff] [blame]	743	process_add_smartcard_key(SocketEntry *e)
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	744	{
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	745	char provider = NULL, pin;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	746	int r, i, version, count = 0, success = 0, confirm = 0;
				747	u_int seconds;
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	748	time_t death = 0;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	749	u_char type;
				750	struct sshkey *keys = NULL, k;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	751	Identity *id;
				752	Idtab *tab;
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	753
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	754	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 \|\|
				755	(r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
				756	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	757
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	758	while (sshbuf_len(e->request)) {
				759	if ((r = sshbuf_get_u8(e->request, &type)) != 0)
				760	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				761	switch (type) {
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	762	case SSH_AGENT_CONSTRAIN_LIFETIME:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	763	if ((r = sshbuf_get_u32(e->request, &seconds)) != 0)
				764	fatal("%s: buffer error: %s",
				765	__func__, ssh_err(r));
				766	death = monotime() + seconds;
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	767	break;
				768	case SSH_AGENT_CONSTRAIN_CONFIRM:
				769	confirm = 1;
				770	break;
				771	default:
Damien Miller	1cfadab	2008-06-30 00:05:21 +1000	[diff] [blame]	772	error("process_add_smartcard_key: "
				773	"Unknown constraint type %d", type);
Damien Miller	1cfadab	2008-06-30 00:05:21 +1000	[diff] [blame]	774	goto send;
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	775	}
				776	}
				777	if (lifetime && !death)
Darren Tucker	b759c9c	2013-06-02 07:46:16 +1000	[diff] [blame]	778	death = monotime() + lifetime;
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	779
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	780	count = pkcs11_add_provider(provider, pin, &keys);
				781	for (i = 0; i < count; i++) {
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	782	k = keys[i];
				783	version = k->type == KEY_RSA1 ? 1 : 2;
				784	tab = idtab_lookup(version);
				785	if (lookup_identity(k, version) == NULL) {
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	786	id = xcalloc(1, sizeof(Identity));
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	787	id->key = k;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	788	id->provider = xstrdup(provider);
				789	id->comment = xstrdup(provider); /* XXX */
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	790	id->death = death;
				791	id->confirm = confirm;
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	792	TAILQ_INSERT_TAIL(&tab->idlist, id, next);
				793	tab->nentries++;
				794	success = 1;
				795	} else {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	796	sshkey_free(k);
Ben Lindstrom	0936a5b	2002-03-26 03:17:42 +0000	[diff] [blame]	797	}
				798	keys[i] = NULL;
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	799	}
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	800	send:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	801	free(pin);
				802	free(provider);
				803	free(keys);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	804	send_status(e, success);
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	805	}
				806
				807	static void
				808	process_remove_smartcard_key(SocketEntry *e)
				809	{
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	810	char provider = NULL, pin = NULL;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	811	int r, version, success = 0;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	812	Identity id, nxt;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	813	Idtab *tab;
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	814
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	815	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 \|\|
				816	(r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
				817	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	818	free(pin);
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	819
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	820	for (version = 1; version < 3; version++) {
				821	tab = idtab_lookup(version);
				822	for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
				823	nxt = TAILQ_NEXT(id, next);
Damien Miller	0b36c83	2013-12-29 17:45:51 +1100	[diff] [blame]	824	/* Skip file--based keys */
				825	if (id->provider == NULL)
				826	continue;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	827	if (!strcmp(provider, id->provider)) {
				828	TAILQ_REMOVE(&tab->idlist, id, next);
				829	free_identity(id);
				830	tab->nentries--;
				831	}
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	832	}
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	833	}
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	834	if (pkcs11_del_provider(provider) == 0)
				835	success = 1;
				836	else
				837	error("process_remove_smartcard_key:"
				838	" pkcs11_del_provider failed");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	839	free(provider);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	840	send_status(e, success);
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	841	}
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	842	#endif /* ENABLE_PKCS11 */
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	843
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	844	/* dispatch incoming messages */
				845
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	846	static void
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	847	process_message(SocketEntry *e)
				848	{
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	849	u_int msg_len;
				850	u_char type;
				851	const u_char *cp;
				852	int r;
Ben Lindstrom	61d328a	2002-06-06 21:54:57 +0000	[diff] [blame]	853
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	854	if (sshbuf_len(e->input) < 5)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	855	return; /* Incomplete message. */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	856	cp = sshbuf_ptr(e->input);
				857	msg_len = PEEK_U32(cp);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	858	if (msg_len > 256 * 1024) {
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	859	close_socket(e);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	860	return;
				861	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	862	if (sshbuf_len(e->input) < msg_len + 4)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	863	return;
Ben Lindstrom	21d1ed8	2002-06-06 21:48:57 +0000	[diff] [blame]	864
				865	/* move the current input to e->request */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	866	sshbuf_reset(e->request);
				867	if ((r = sshbuf_get_stringb(e->input, e->request)) != 0 \|\|
				868	(r = sshbuf_get_u8(e->request, &type)) != 0)
				869	fatal("%s: buffer error: %s", __func__, ssh_err(r));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	870
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	871	/* check wheter agent is locked */
				872	if (locked && type != SSH_AGENTC_UNLOCK) {
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	873	sshbuf_reset(e->request);
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	874	switch (type) {
				875	case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
				876	case SSH2_AGENTC_REQUEST_IDENTITIES:
				877	/* send empty lists */
				878	no_identities(e, type);
				879	break;
				880	default:
				881	/* send a fail message for all other request types */
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	882	send_status(e, 0);
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	883	}
				884	return;
				885	}
				886
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	887	debug("type %d", type);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	888	switch (type) {
Ben Lindstrom	2f71704	2002-06-06 21:52:03 +0000	[diff] [blame]	889	case SSH_AGENTC_LOCK:
				890	case SSH_AGENTC_UNLOCK:
				891	process_lock_agent(e, type == SSH_AGENTC_LOCK);
				892	break;
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	893	#ifdef WITH_SSH1
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	894	/* ssh1 */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	895	case SSH_AGENTC_RSA_CHALLENGE:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	896	process_authentication_challenge1(e);
				897	break;
				898	case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
				899	process_request_identities(e, 1);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	900	break;
				901	case SSH_AGENTC_ADD_RSA_IDENTITY:
Ben Lindstrom	2b266b7	2002-06-21 00:08:39 +0000	[diff] [blame]	902	case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	903	process_add_identity(e, 1);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	904	break;
				905	case SSH_AGENTC_REMOVE_RSA_IDENTITY:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	906	process_remove_identity(e, 1);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	907	break;
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	908	#endif
djm@openbsd.org	2f04af9	2015-03-04 21:12:59 +0000	[diff] [blame]	909	case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
				910	process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */
				911	break;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	912	/* ssh2 */
				913	case SSH2_AGENTC_SIGN_REQUEST:
				914	process_sign_request2(e);
				915	break;
				916	case SSH2_AGENTC_REQUEST_IDENTITIES:
				917	process_request_identities(e, 2);
				918	break;
				919	case SSH2_AGENTC_ADD_IDENTITY:
Ben Lindstrom	2b266b7	2002-06-21 00:08:39 +0000	[diff] [blame]	920	case SSH2_AGENTC_ADD_ID_CONSTRAINED:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	921	process_add_identity(e, 2);
				922	break;
				923	case SSH2_AGENTC_REMOVE_IDENTITY:
				924	process_remove_identity(e, 2);
				925	break;
				926	case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
				927	process_remove_all_identities(e, 2);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	928	break;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	929	#ifdef ENABLE_PKCS11
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	930	case SSH_AGENTC_ADD_SMARTCARD_KEY:
Damien Miller	d94f20d	2003-06-11 22:06:33 +1000	[diff] [blame]	931	case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	932	process_add_smartcard_key(e);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	933	break;
Ben Lindstrom	3f47163	2001-07-04 03:53:15 +0000	[diff] [blame]	934	case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
				935	process_remove_smartcard_key(e);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	936	break;
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	937	#endif /* ENABLE_PKCS11 */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	938	default:
				939	/* Unknown message. Respond with failure. */
				940	error("Unknown message %d", type);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	941	sshbuf_reset(e->request);
				942	send_status(e, 0);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	943	break;
				944	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	945	}
				946
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	947	static void
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	948	new_socket(sock_type type, int fd)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	949	{
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	950	u_int i, old_alloc, new_alloc;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	951
Damien Miller	232711f	2004-06-15 10:35:30 +1000	[diff] [blame]	952	set_nonblock(fd);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	953
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	954	if (fd > max_fd)
				955	max_fd = fd;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	956
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	957	for (i = 0; i < sockets_alloc; i++)
				958	if (sockets[i].type == AUTH_UNUSED) {
				959	sockets[i].fd = fd;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	960	if ((sockets[i].input = sshbuf_new()) == NULL)
				961	fatal("%s: sshbuf_new failed", __func__);
				962	if ((sockets[i].output = sshbuf_new()) == NULL)
				963	fatal("%s: sshbuf_new failed", __func__);
				964	if ((sockets[i].request = sshbuf_new()) == NULL)
				965	fatal("%s: sshbuf_new failed", __func__);
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	966	sockets[i].type = type;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	967	return;
				968	}
				969	old_alloc = sockets_alloc;
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	970	new_alloc = sockets_alloc + 10;
deraadt@openbsd.org	657a5fb	2015-04-24 01:36:00 +0000	[diff] [blame]	971	sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0]));
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	972	for (i = old_alloc; i < new_alloc; i++)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	973	sockets[i].type = AUTH_UNUSED;
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	974	sockets_alloc = new_alloc;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	975	sockets[old_alloc].fd = fd;
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	976	if ((sockets[old_alloc].input = sshbuf_new()) == NULL)
				977	fatal("%s: sshbuf_new failed", __func__);
				978	if ((sockets[old_alloc].output = sshbuf_new()) == NULL)
				979	fatal("%s: sshbuf_new failed", __func__);
				980	if ((sockets[old_alloc].request = sshbuf_new()) == NULL)
				981	fatal("%s: sshbuf_new failed", __func__);
Darren Tucker	fb16b24	2003-09-22 21:04:23 +1000	[diff] [blame]	982	sockets[old_alloc].type = type;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	983	}
				984
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	985	static int
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	986	prepare_select(fd_set fdrp, fd_set fdwp, int fdl, u_int nallocp,
				987	struct timeval **tvpp)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	988	{
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	989	u_int i, sz;
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	990	int n = 0;
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	991	static struct timeval tv;
Darren Tucker	5511925	2013-06-02 07:43:59 +1000	[diff] [blame]	992	time_t deadline;
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	993
				994	for (i = 0; i < sockets_alloc; i++) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	995	switch (sockets[i].type) {
				996	case AUTH_SOCKET:
				997	case AUTH_CONNECTION:
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	998	n = MAX(n, sockets[i].fd);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	999	break;
				1000	case AUTH_UNUSED:
				1001	break;
				1002	default:
				1003	fatal("Unknown socket type %d", sockets[i].type);
				1004	break;
				1005	}
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1006	}
				1007
				1008	sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
Ben Lindstrom	a3d5a4c	2001-07-18 15:58:08 +0000	[diff] [blame]	1009	if (fdrp == NULL \|\| sz > nallocp) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1010	free(*fdrp);
				1011	free(*fdwp);
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1012	*fdrp = xmalloc(sz);
				1013	*fdwp = xmalloc(sz);
Ben Lindstrom	a3d5a4c	2001-07-18 15:58:08 +0000	[diff] [blame]	1014	*nallocp = sz;
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1015	}
Ben Lindstrom	a3d5a4c	2001-07-18 15:58:08 +0000	[diff] [blame]	1016	if (n < *fdl)
				1017	debug("XXX shrink: %d < %d", n, *fdl);
				1018	*fdl = n;
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1019	memset(*fdrp, 0, sz);
				1020	memset(*fdwp, 0, sz);
				1021
				1022	for (i = 0; i < sockets_alloc; i++) {
				1023	switch (sockets[i].type) {
				1024	case AUTH_SOCKET:
				1025	case AUTH_CONNECTION:
				1026	FD_SET(sockets[i].fd, *fdrp);
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1027	if (sshbuf_len(sockets[i].output) > 0)
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1028	FD_SET(sockets[i].fd, *fdwp);
				1029	break;
				1030	default:
				1031	break;
				1032	}
				1033	}
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1034	deadline = reaper();
				1035	if (parent_alive_interval != 0)
				1036	deadline = (deadline == 0) ? parent_alive_interval :
				1037	MIN(deadline, parent_alive_interval);
				1038	if (deadline == 0) {
				1039	*tvpp = NULL;
				1040	} else {
				1041	tv.tv_sec = deadline;
				1042	tv.tv_usec = 0;
				1043	*tvpp = &tv;
				1044	}
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1045	return (1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1046	}
				1047
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1048	static void
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1049	after_select(fd_set readset, fd_set writeset)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1050	{
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1051	struct sockaddr_un sunaddr;
Damien Miller	7684ee1	2000-03-17 23:40:15 +1100	[diff] [blame]	1052	socklen_t slen;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1053	char buf[1024];
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1054	int len, sock, r;
Darren Tucker	72473c6	2009-10-07 09:01:03 +1100	[diff] [blame]	1055	u_int i, orig_alloc;
Damien Miller	538f181	2002-09-12 09:51:10 +1000	[diff] [blame]	1056	uid_t euid;
				1057	gid_t egid;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1058
Darren Tucker	72473c6	2009-10-07 09:01:03 +1100	[diff] [blame]	1059	for (i = 0, orig_alloc = sockets_alloc; i < orig_alloc; i++)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1060	switch (sockets[i].type) {
				1061	case AUTH_UNUSED:
				1062	break;
				1063	case AUTH_SOCKET:
				1064	if (FD_ISSET(sockets[i].fd, readset)) {
Damien Miller	7684ee1	2000-03-17 23:40:15 +1100	[diff] [blame]	1065	slen = sizeof(sunaddr);
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1066	sock = accept(sockets[i].fd,
Damien Miller	9096740	2006-03-26 14:07:26 +1100	[diff] [blame]	1067	(struct sockaddr *)&sunaddr, &slen);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1068	if (sock < 0) {
Damien Miller	c653b89	2002-02-08 22:05:41 +1100	[diff] [blame]	1069	error("accept from AUTH_SOCKET: %s",
				1070	strerror(errno));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1071	break;
				1072	}
Damien Miller	538f181	2002-09-12 09:51:10 +1000	[diff] [blame]	1073	if (getpeereid(sock, &euid, &egid) < 0) {
				1074	error("getpeereid %d failed: %s",
				1075	sock, strerror(errno));
				1076	close(sock);
				1077	break;
				1078	}
Damien Miller	af9de38	2002-10-03 11:54:35 +1000	[diff] [blame]	1079	if ((euid != 0) && (getuid() != euid)) {
Damien Miller	538f181	2002-09-12 09:51:10 +1000	[diff] [blame]	1080	error("uid mismatch: "
Damien Miller	db30b12	2002-09-19 11:46:58 +1000	[diff] [blame]	1081	"peer euid %u != uid %u",
				1082	(u_int) euid, (u_int) getuid());
Damien Miller	538f181	2002-09-12 09:51:10 +1000	[diff] [blame]	1083	close(sock);
				1084	break;
				1085	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1086	new_socket(AUTH_CONNECTION, sock);
				1087	}
				1088	break;
				1089	case AUTH_CONNECTION:
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1090	if (sshbuf_len(sockets[i].output) > 0 &&
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1091	FD_ISSET(sockets[i].fd, writeset)) {
Darren Tucker	72473c6	2009-10-07 09:01:03 +1100	[diff] [blame]	1092	len = write(sockets[i].fd,
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1093	sshbuf_ptr(sockets[i].output),
				1094	sshbuf_len(sockets[i].output));
Darren Tucker	72473c6	2009-10-07 09:01:03 +1100	[diff] [blame]	1095	if (len == -1 && (errno == EAGAIN \|\|
				1096	errno == EWOULDBLOCK \|\|
				1097	errno == EINTR))
				1098	continue;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1099	if (len <= 0) {
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	1100	close_socket(&sockets[i]);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1101	break;
				1102	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1103	if ((r = sshbuf_consume(sockets[i].output,
				1104	len)) != 0)
				1105	fatal("%s: buffer error: %s",
				1106	__func__, ssh_err(r));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1107	}
				1108	if (FD_ISSET(sockets[i].fd, readset)) {
Darren Tucker	72473c6	2009-10-07 09:01:03 +1100	[diff] [blame]	1109	len = read(sockets[i].fd, buf, sizeof(buf));
				1110	if (len == -1 && (errno == EAGAIN \|\|
				1111	errno == EWOULDBLOCK \|\|
				1112	errno == EINTR))
				1113	continue;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1114	if (len <= 0) {
Damien Miller	58f3486	2002-09-04 16:31:21 +1000	[diff] [blame]	1115	close_socket(&sockets[i]);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1116	break;
				1117	}
markus@openbsd.org	139ca81	2015-01-14 13:09:09 +0000	[diff] [blame]	1118	if ((r = sshbuf_put(sockets[i].input,
				1119	buf, len)) != 0)
				1120	fatal("%s: buffer error: %s",
				1121	__func__, ssh_err(r));
Damien Miller	f497794	2014-07-30 12:32:46 +1000	[diff] [blame]	1122	explicit_bzero(buf, sizeof(buf));
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1123	process_message(&sockets[i]);
				1124	}
				1125	break;
				1126	default:
				1127	fatal("Unknown type %d", sockets[i].type);
				1128	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1129	}
				1130
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1131	static void
Darren Tucker	6fa8abd	2003-09-22 21:10:21 +1000	[diff] [blame]	1132	cleanup_socket(void)
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1133	{
Damien Miller	b1e967c	2014-07-03 21:22:40 +1000	[diff] [blame]	1134	if (cleanup_pid != 0 && getpid() != cleanup_pid)
				1135	return;
				1136	debug("%s: cleanup", __func__);
Ben Lindstrom	77808ab	2001-01-26 05:10:34 +0000	[diff] [blame]	1137	if (socket_name[0])
				1138	unlink(socket_name);
				1139	if (socket_dir[0])
				1140	rmdir(socket_dir);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1141	}
				1142
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	1143	void
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1144	cleanup_exit(int i)
				1145	{
Darren Tucker	6fa8abd	2003-09-22 21:10:21 +1000	[diff] [blame]	1146	cleanup_socket();
				1147	_exit(i);
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1148	}
				1149
Damien Miller	1c13bd8	2006-03-26 14:28:14 +1100	[diff] [blame]	1150	/ARGSUSED/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1151	static void
Ben Lindstrom	77808ab	2001-01-26 05:10:34 +0000	[diff] [blame]	1152	cleanup_handler(int sig)
				1153	{
Darren Tucker	6fa8abd	2003-09-22 21:10:21 +1000	[diff] [blame]	1154	cleanup_socket();
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1155	#ifdef ENABLE_PKCS11
				1156	pkcs11_terminate();
				1157	#endif
Ben Lindstrom	77808ab	2001-01-26 05:10:34 +0000	[diff] [blame]	1158	_exit(2);
				1159	}
				1160
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1161	static void
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1162	check_parent_exists(void)
Ben Lindstrom	0250da0	2001-07-22 20:44:00 +0000	[diff] [blame]	1163	{
Darren Tucker	3e78a51	2011-06-03 14:14:16 +1000	[diff] [blame]	1164	/*
				1165	* If our parent has exited then getppid() will return (pid_t)1,
				1166	* so testing for that should be safe.
				1167	*/
				1168	if (parent_pid != -1 && getppid() != parent_pid) {
Ben Lindstrom	0250da0	2001-07-22 20:44:00 +0000	[diff] [blame]	1169	/* printf("Parent has died - Authentication agent exiting.\n"); */
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1170	cleanup_socket();
				1171	_exit(2);
Ben Lindstrom	0250da0	2001-07-22 20:44:00 +0000	[diff] [blame]	1172	}
Ben Lindstrom	0250da0	2001-07-22 20:44:00 +0000	[diff] [blame]	1173	}
				1174
				1175	static void
Ben Lindstrom	28072eb	2001-02-10 23:13:41 +0000	[diff] [blame]	1176	usage(void)
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1177	{
Damien Miller	f0858de	2014-04-20 13:01:30 +1000	[diff] [blame]	1178	fprintf(stderr,
jmc@openbsd.org	b7ca276	2015-04-24 06:26:49 +0000	[diff] [blame]	1179	"usage: ssh-agent [-c \| -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
jmc@openbsd.org	a5375cc	2014-12-21 23:35:14 +0000	[diff] [blame]	1180	" [-t life] [command [arg ...]]\n"
Damien Miller	f0858de	2014-04-20 13:01:30 +1000	[diff] [blame]	1181	" ssh-agent [-c \| -s] -k\n");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1182	exit(1);
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1183	}
				1184
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1185	int
				1186	main(int ac, char **av)
				1187	{
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1188	int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
Darren Tucker	cf0d2db	2007-02-28 21:19:58 +1100	[diff] [blame]	1189	int sock, fd, ch, result, saved_errno;
Darren Tucker	c7a6fc4	2004-08-13 21:18:00 +1000	[diff] [blame]	1190	u_int nalloc;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1191	char shell, format, pidstr, agentsocket = NULL;
				1192	fd_set readsetp = NULL, writesetp = NULL;
Ben Lindstrom	2c467a2	2000-12-27 04:57:41 +0000	[diff] [blame]	1193	#ifdef HAVE_SETRLIMIT
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1194	struct rlimit rlim;
Ben Lindstrom	2c467a2	2000-12-27 04:57:41 +0000	[diff] [blame]	1195	#endif
Damien Miller	615f939	2000-05-17 22:53:33 +1000	[diff] [blame]	1196	extern int optind;
Ben Lindstrom	883844d	2002-06-23 00:20:50 +0000	[diff] [blame]	1197	extern char *optarg;
Ben Lindstrom	822b634	2002-06-23 21:38:49 +0000	[diff] [blame]	1198	pid_t pid;
				1199	char pidstrbuf[1 + 3 * sizeof pid];
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1200	struct timeval *tvp = NULL;
Darren Tucker	9013323	2009-06-21 17:50:15 +1000	[diff] [blame]	1201	size_t len;
Damien Miller	ab2ec58	2014-07-18 15:04:47 +1000	[diff] [blame]	1202	mode_t prev_mask;
Kevin Steves	de41bc6	2000-12-14 00:04:08 +0000	[diff] [blame]	1203
dtucker@openbsd.org	ffb1e7e	2016-02-15 09:47:49 +0000	[diff] [blame]	1204	ssh_malloc_init(); /* must be called before any mallocs */
Darren Tucker	ce321d8	2005-10-03 18:11:24 +1000	[diff] [blame]	1205	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
				1206	sanitise_stdfd();
				1207
Damien Miller	6cffb9a	2002-09-04 16:20:26 +1000	[diff] [blame]	1208	/* drop */
				1209	setegid(getgid());
				1210	setgid(getgid());
				1211
Damien Miller	6c4914a	2004-03-03 11:08:59 +1100	[diff] [blame]	1212	#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
				1213	/* Disable ptrace on Linux without sgid bit */
				1214	prctl(PR_SET_DUMPABLE, 0);
				1215	#endif
				1216
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1217	#ifdef WITH_OPENSSL
Damien Miller	4314c2b	2010-09-10 11:12:09 +1000	[diff] [blame]	1218	OpenSSL_add_all_algorithms();
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	1219	#endif
Ben Lindstrom	d09fcf5	2001-03-29 00:29:54 +0000	[diff] [blame]	1220
Damien Miller	59d3d5b	2003-08-22 09:34:41 +1000	[diff] [blame]	1221	__progname = ssh_get_progname(av[0]);
Damien Miller	60bc517	2001-03-19 09:38:15 +1100	[diff] [blame]	1222	seed_rng();
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1223
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1224	while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1225	switch (ch) {
djm@openbsd.org	56d1c83	2014-12-21 22:27:55 +0000	[diff] [blame]	1226	case 'E':
				1227	fingerprint_hash = ssh_digest_alg_by_name(optarg);
				1228	if (fingerprint_hash == -1)
				1229	fatal("Invalid hash algorithm \"%s\"", optarg);
				1230	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1231	case 'c':
				1232	if (s_flag)
				1233	usage();
				1234	c_flag++;
				1235	break;
				1236	case 'k':
				1237	k_flag++;
				1238	break;
				1239	case 's':
				1240	if (c_flag)
				1241	usage();
				1242	s_flag++;
				1243	break;
Ben Lindstrom	d94580c	2001-07-04 03:48:02 +0000	[diff] [blame]	1244	case 'd':
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1245	if (d_flag \|\| D_flag)
Ben Lindstrom	d94580c	2001-07-04 03:48:02 +0000	[diff] [blame]	1246	usage();
				1247	d_flag++;
				1248	break;
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1249	case 'D':
				1250	if (d_flag \|\| D_flag)
				1251	usage();
				1252	D_flag++;
				1253	break;
Ben Lindstrom	b7788f3	2002-06-06 21:46:08 +0000	[diff] [blame]	1254	case 'a':
				1255	agentsocket = optarg;
				1256	break;
Damien Miller	53d8148	2003-01-22 11:47:19 +1100	[diff] [blame]	1257	case 't':
				1258	if ((lifetime = convtime(optarg)) == -1) {
				1259	fprintf(stderr, "Invalid lifetime\n");
				1260	usage();
				1261	}
				1262	break;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1263	default:
				1264	usage();
				1265	}
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1266	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1267	ac -= optind;
				1268	av += optind;
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1269
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1270	if (ac > 0 && (c_flag \|\| k_flag \|\| s_flag \|\| d_flag \|\| D_flag))
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1271	usage();
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1272
Ben Lindstrom	eecdf23	2002-04-02 21:03:51 +0000	[diff] [blame]	1273	if (ac == 0 && !c_flag && !s_flag) {
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1274	shell = getenv("SHELL");
Darren Tucker	9013323	2009-06-21 17:50:15 +1000	[diff] [blame]	1275	if (shell != NULL && (len = strlen(shell)) > 2 &&
				1276	strncmp(shell + len - 3, "csh", 3) == 0)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1277	c_flag = 1;
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1278	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1279	if (k_flag) {
Damien Miller	89c3fe4	2006-03-31 23:11:28 +1100	[diff] [blame]	1280	const char *errstr = NULL;
				1281
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1282	pidstr = getenv(SSH_AGENTPID_ENV_NAME);
				1283	if (pidstr == NULL) {
				1284	fprintf(stderr, "%s not set, cannot kill agent\n",
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1285	SSH_AGENTPID_ENV_NAME);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1286	exit(1);
				1287	}
Damien Miller	89c3fe4	2006-03-31 23:11:28 +1100	[diff] [blame]	1288	pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr);
				1289	if (errstr) {
				1290	fprintf(stderr,
				1291	"%s=\"%s\", which is not a good PID: %s\n",
				1292	SSH_AGENTPID_ENV_NAME, pidstr, errstr);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1293	exit(1);
				1294	}
				1295	if (kill(pid, SIGTERM) == -1) {
				1296	perror("kill");
				1297	exit(1);
				1298	}
				1299	format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
				1300	printf(format, SSH_AUTHSOCKET_ENV_NAME);
				1301	printf(format, SSH_AGENTPID_ENV_NAME);
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1302	printf("echo Agent pid %ld killed;\n", (long)pid);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1303	exit(0);
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1304	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1305	parent_pid = getpid();
				1306
Ben Lindstrom	b7788f3	2002-06-06 21:46:08 +0000	[diff] [blame]	1307	if (agentsocket == NULL) {
				1308	/* Create private directory for agent socket */
Damien Miller	2cd6293	2010-12-01 11:50:35 +1100	[diff] [blame]	1309	mktemp_proto(socket_dir, sizeof(socket_dir));
Ben Lindstrom	b7788f3	2002-06-06 21:46:08 +0000	[diff] [blame]	1310	if (mkdtemp(socket_dir) == NULL) {
				1311	perror("mkdtemp: private socket dir");
				1312	exit(1);
				1313	}
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1314	snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir,
				1315	(long)parent_pid);
Ben Lindstrom	b7788f3	2002-06-06 21:46:08 +0000	[diff] [blame]	1316	} else {
				1317	/* Try to use specified agent socket */
				1318	socket_dir[0] = '\0';
				1319	strlcpy(socket_name, agentsocket, sizeof socket_name);
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1320	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1321
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1322	/*
				1323	* Create socket early so it will exist before command gets run from
				1324	* the parent.
				1325	*/
Damien Miller	ab2ec58	2014-07-18 15:04:47 +1000	[diff] [blame]	1326	prev_mask = umask(0177);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1327	sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1328	if (sock < 0) {
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1329	/* XXX - unix_listener() calls error() not perror() */
Darren Tucker	1dee868	2004-11-05 20:26:49 +1100	[diff] [blame]	1330	socket_name = '\0'; / Don't unlink any existing file */
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1331	cleanup_exit(1);
Damien Miller	792c511	1999-10-29 09:47:09 +1000	[diff] [blame]	1332	}
Damien Miller	ab2ec58	2014-07-18 15:04:47 +1000	[diff] [blame]	1333	umask(prev_mask);
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1334
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	1335	/*
				1336	* Fork, and have the parent execute the command, if any, or present
				1337	* the socket data. The child continues as the authentication agent.
				1338	*/
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1339	if (D_flag \|\| d_flag) {
				1340	log_init(__progname,
				1341	d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
				1342	SYSLOG_FACILITY_AUTH, 1);
Ben Lindstrom	d94580c	2001-07-04 03:48:02 +0000	[diff] [blame]	1343	format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
				1344	printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
				1345	SSH_AUTHSOCKET_ENV_NAME);
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1346	printf("echo Agent pid %ld;\n", (long)parent_pid);
dtucker@openbsd.org	79394ed	2015-12-11 02:29:03 +0000	[diff] [blame]	1347	fflush(stdout);
Ben Lindstrom	d94580c	2001-07-04 03:48:02 +0000	[diff] [blame]	1348	goto skip;
				1349	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1350	pid = fork();
				1351	if (pid == -1) {
				1352	perror("fork");
Damien Miller	c653b89	2002-02-08 22:05:41 +1100	[diff] [blame]	1353	cleanup_exit(1);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1354	}
				1355	if (pid != 0) { /* Parent - execute the given command. */
				1356	close(sock);
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1357	snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1358	if (ac == 0) {
				1359	format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
				1360	printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1361	SSH_AUTHSOCKET_ENV_NAME);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1362	printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	1363	SSH_AGENTPID_ENV_NAME);
Ben Lindstrom	ce0f634	2002-06-11 16:42:49 +0000	[diff] [blame]	1364	printf("echo Agent pid %ld;\n", (long)pid);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1365	exit(0);
				1366	}
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	1367	if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 \|\|
				1368	setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) {
				1369	perror("setenv");
				1370	exit(1);
				1371	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1372	execvp(av[0], av);
				1373	perror(av[0]);
				1374	exit(1);
				1375	}
Damien Miller	c653b89	2002-02-08 22:05:41 +1100	[diff] [blame]	1376	/* child */
				1377	log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
Ben Lindstrom	3fdf876	2001-07-22 20:40:24 +0000	[diff] [blame]	1378
				1379	if (setsid() == -1) {
Damien Miller	c653b89	2002-02-08 22:05:41 +1100	[diff] [blame]	1380	error("setsid: %s", strerror(errno));
Ben Lindstrom	3fdf876	2001-07-22 20:40:24 +0000	[diff] [blame]	1381	cleanup_exit(1);
				1382	}
				1383
				1384	(void)chdir("/");
Damien Miller	6c71179	2003-01-24 11:36:23 +1100	[diff] [blame]	1385	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
				1386	/* XXX might close listen socket */
				1387	(void)dup2(fd, STDIN_FILENO);
				1388	(void)dup2(fd, STDOUT_FILENO);
				1389	(void)dup2(fd, STDERR_FILENO);
				1390	if (fd > 2)
				1391	close(fd);
				1392	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1393
Ben Lindstrom	2c467a2	2000-12-27 04:57:41 +0000	[diff] [blame]	1394	#ifdef HAVE_SETRLIMIT
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1395	/* deny core dumps, since memory contains unencrypted private keys */
				1396	rlim.rlim_cur = rlim.rlim_max = 0;
				1397	if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
Damien Miller	c653b89	2002-02-08 22:05:41 +1100	[diff] [blame]	1398	error("setrlimit RLIMIT_CORE: %s", strerror(errno));
Ben Lindstrom	c72745a	2000-12-02 19:03:54 +0000	[diff] [blame]	1399	cleanup_exit(1);
				1400	}
Ben Lindstrom	2c467a2	2000-12-27 04:57:41 +0000	[diff] [blame]	1401	#endif
Ben Lindstrom	d94580c	2001-07-04 03:48:02 +0000	[diff] [blame]	1402
				1403	skip:
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1404
Damien Miller	b1e967c	2014-07-03 21:22:40 +1000	[diff] [blame]	1405	cleanup_pid = getpid();
				1406
Damien Miller	7ea845e	2010-02-12 09:21:02 +1100	[diff] [blame]	1407	#ifdef ENABLE_PKCS11
				1408	pkcs11_init(0);
				1409	#endif
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1410	new_socket(AUTH_SOCKET, sock);
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1411	if (ac > 0)
				1412	parent_alive_interval = 10;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1413	idtab_init();
Damien Miller	48bfa9c	2001-07-14 12:12:55 +1000	[diff] [blame]	1414	signal(SIGPIPE, SIG_IGN);
djm@openbsd.org	2ea9746	2015-04-24 05:26:44 +0000	[diff] [blame]	1415	signal(SIGINT, (d_flag \| D_flag) ? cleanup_handler : SIG_IGN);
Ben Lindstrom	77808ab	2001-01-26 05:10:34 +0000	[diff] [blame]	1416	signal(SIGHUP, cleanup_handler);
				1417	signal(SIGTERM, cleanup_handler);
Ben Lindstrom	a3d5a4c	2001-07-18 15:58:08 +0000	[diff] [blame]	1418	nalloc = 0;
				1419
doug@openbsd.org	43849a4	2015-12-11 17:41:37 +0000	[diff] [blame]	1420	if (pledge("stdio cpath unix id proc exec", NULL) == -1)
djm@openbsd.org	d952162	2015-12-01 23:29:24 +0000	[diff] [blame]	1421	fatal("%s: pledge: %s", __progname, strerror(errno));
Damien Miller	4626cba	2016-01-08 14:24:56 +1100	[diff] [blame]	1422	platform_pledge_agent();
djm@openbsd.org	d952162	2015-12-01 23:29:24 +0000	[diff] [blame]	1423
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1424	while (1) {
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1425	prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
				1426	result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
Darren Tucker	cf0d2db	2007-02-28 21:19:58 +1100	[diff] [blame]	1427	saved_errno = errno;
Darren Tucker	2812dc9	2007-03-21 20:45:06 +1100	[diff] [blame]	1428	if (parent_alive_interval != 0)
				1429	check_parent_exists();
				1430	(void) reaper(); /* remove expired keys */
Darren Tucker	cf0d2db	2007-02-28 21:19:58 +1100	[diff] [blame]	1431	if (result < 0) {
				1432	if (saved_errno == EINTR)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1433	continue;
Darren Tucker	cf0d2db	2007-02-28 21:19:58 +1100	[diff] [blame]	1434	fatal("select: %s", strerror(saved_errno));
				1435	} else if (result > 0)
				1436	after_select(readsetp, writesetp);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	1437	}
				1438	/* NOTREACHED */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1439	}