blob: 8a69b1d088166f2b8afdbdb317f0ea2bd3db5602 [file] [log] [blame]
Damien Miller62ab38a2000-01-03 23:41:05 +11001/* $OpenBSD: ssh-agent.c,v 1.25 2000/01/02 21:51:03 markus Exp $ */
Damien Miller792c5111999-10-29 09:47:09 +10002
Damien Millerd4a8b7e1999-10-27 13:42:43 +10003/*
Damien Miller95def091999-11-25 00:26:21 +11004 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
7 * Created: Wed Mar 29 03:46:59 1995 ylo
8 * The authentication agent program.
9 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100010
11#include "includes.h"
Damien Miller62ab38a2000-01-03 23:41:05 +110012RCSID("$OpenBSD: ssh-agent.c,v 1.25 2000/01/02 21:51:03 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "ssh.h"
15#include "rsa.h"
16#include "authfd.h"
17#include "buffer.h"
18#include "bufaux.h"
19#include "xmalloc.h"
20#include "packet.h"
21#include "getput.h"
22#include "mpaux.h"
23
Damien Miller7f6ea021999-10-28 13:25:17 +100024#ifdef HAVE_OPENSSL
Damien Millerd4a8b7e1999-10-27 13:42:43 +100025#include <openssl/md5.h>
Damien Miller7f6ea021999-10-28 13:25:17 +100026#endif
27#ifdef HAVE_SSL
28#include <ssl/md5.h>
29#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +100030
Damien Miller95def091999-11-25 00:26:21 +110031typedef struct {
32 int fd;
33 enum {
34 AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION
35 } type;
36 Buffer input;
37 Buffer output;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100038} SocketEntry;
39
40unsigned int sockets_alloc = 0;
41SocketEntry *sockets = NULL;
42
Damien Miller95def091999-11-25 00:26:21 +110043typedef struct {
44 RSA *key;
45 char *comment;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100046} Identity;
47
48unsigned int num_identities = 0;
49Identity *identities = NULL;
50
51int max_fd = 0;
52
53/* pid of shell == parent of agent */
54int parent_pid = -1;
55
56/* pathname and directory for AUTH_SOCKET */
57char socket_name[1024];
58char socket_dir[1024];
59
Damien Miller95def091999-11-25 00:26:21 +110060#ifdef HAVE___PROGNAME
61extern char *__progname;
62#else /* HAVE___PROGNAME */
63const char *__progname = "ssh-agent";
64#endif /* HAVE___PROGNAME */
65
Damien Millerd4a8b7e1999-10-27 13:42:43 +100066void
67process_request_identity(SocketEntry *e)
68{
Damien Miller95def091999-11-25 00:26:21 +110069 Buffer msg;
70 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100071
Damien Miller95def091999-11-25 00:26:21 +110072 buffer_init(&msg);
73 buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
74 buffer_put_int(&msg, num_identities);
75 for (i = 0; i < num_identities; i++) {
76 buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
77 buffer_put_bignum(&msg, identities[i].key->e);
78 buffer_put_bignum(&msg, identities[i].key->n);
79 buffer_put_string(&msg, identities[i].comment,
80 strlen(identities[i].comment));
81 }
82 buffer_put_int(&e->output, buffer_len(&msg));
83 buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
84 buffer_free(&msg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100085}
86
87void
88process_authentication_challenge(SocketEntry *e)
89{
Damien Miller95def091999-11-25 00:26:21 +110090 int i, pub_bits, len;
91 BIGNUM *pub_e, *pub_n, *challenge;
92 Buffer msg;
93 MD5_CTX md;
94 unsigned char buf[32], mdbuf[16], session_id[16];
95 unsigned int response_type;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100096
Damien Miller95def091999-11-25 00:26:21 +110097 buffer_init(&msg);
98 pub_e = BN_new();
99 pub_n = BN_new();
100 challenge = BN_new();
101 pub_bits = buffer_get_int(&e->input);
102 buffer_get_bignum(&e->input, pub_e);
103 buffer_get_bignum(&e->input, pub_n);
104 buffer_get_bignum(&e->input, challenge);
105 if (buffer_len(&e->input) == 0) {
106 /* Compatibility code for old servers. */
107 memset(session_id, 0, 16);
108 response_type = 0;
109 } else {
110 /* New code. */
111 buffer_get(&e->input, (char *) session_id, 16);
112 response_type = buffer_get_int(&e->input);
113 }
114 for (i = 0; i < num_identities; i++)
115 if (pub_bits == BN_num_bits(identities[i].key->n) &&
116 BN_cmp(pub_e, identities[i].key->e) == 0 &&
117 BN_cmp(pub_n, identities[i].key->n) == 0) {
118 /* Decrypt the challenge using the private key. */
119 rsa_private_decrypt(challenge, challenge, identities[i].key);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000120
Damien Miller95def091999-11-25 00:26:21 +1100121 /* Compute the desired response. */
122 switch (response_type) {
123 case 0:/* As of protocol 1.0 */
124 /* This response type is no longer supported. */
125 log("Compatibility with ssh protocol 1.0 no longer supported.");
126 buffer_put_char(&msg, SSH_AGENT_FAILURE);
127 goto send;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000128
Damien Miller95def091999-11-25 00:26:21 +1100129 case 1:/* As of protocol 1.1 */
130 /* The response is MD5 of decrypted challenge plus session id. */
131 len = BN_num_bytes(challenge);
Damien Millerfd7c9111999-11-08 16:15:55 +1100132
Damien Miller95def091999-11-25 00:26:21 +1100133 if (len <= 0 || len > 32) {
134 fatal("process_authentication_challenge: "
135 "bad challenge length %d", len);
136 }
137 memset(buf, 0, 32);
138 BN_bn2bin(challenge, buf + 32 - len);
139 MD5_Init(&md);
140 MD5_Update(&md, buf, 32);
141 MD5_Update(&md, session_id, 16);
142 MD5_Final(mdbuf, &md);
143 break;
Damien Millerfd7c9111999-11-08 16:15:55 +1100144
Damien Miller95def091999-11-25 00:26:21 +1100145 default:
146 fatal("process_authentication_challenge: bad response_type %d",
147 response_type);
148 break;
149 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000150
Damien Miller95def091999-11-25 00:26:21 +1100151 /* Send the response. */
152 buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
153 for (i = 0; i < 16; i++)
154 buffer_put_char(&msg, mdbuf[i]);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000155
Damien Miller95def091999-11-25 00:26:21 +1100156 goto send;
157 }
158 /* Unknown identity. Send failure. */
159 buffer_put_char(&msg, SSH_AGENT_FAILURE);
160send:
161 buffer_put_int(&e->output, buffer_len(&msg));
162 buffer_append(&e->output, buffer_ptr(&msg),
163 buffer_len(&msg));
164 buffer_free(&msg);
165 BN_clear_free(pub_e);
166 BN_clear_free(pub_n);
167 BN_clear_free(challenge);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000168}
169
170void
171process_remove_identity(SocketEntry *e)
172{
Damien Miller95def091999-11-25 00:26:21 +1100173 unsigned int bits;
174 unsigned int i;
175 BIGNUM *dummy, *n;
Damien Miller7e8e8201999-11-16 13:37:16 +1100176
Damien Miller95def091999-11-25 00:26:21 +1100177 dummy = BN_new();
178 n = BN_new();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000179
Damien Miller95def091999-11-25 00:26:21 +1100180 /* Get the key from the packet. */
181 bits = buffer_get_int(&e->input);
182 buffer_get_bignum(&e->input, dummy);
183 buffer_get_bignum(&e->input, n);
184
185 if (bits != BN_num_bits(n))
Damien Miller5e7c10e1999-12-16 13:18:04 +1100186 error("Warning: identity keysize mismatch: actual %d, announced %d",
Damien Miller95def091999-11-25 00:26:21 +1100187 BN_num_bits(n), bits);
188
189 /* Check if we have the key. */
190 for (i = 0; i < num_identities; i++)
191 if (BN_cmp(identities[i].key->n, n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100192 /*
193 * We have this key. Free the old key. Since we
194 * don\'t want to leave empty slots in the middle of
195 * the array, we actually free the key there and copy
196 * data from the last entry.
197 */
Damien Miller95def091999-11-25 00:26:21 +1100198 RSA_free(identities[i].key);
199 xfree(identities[i].comment);
200 if (i < num_identities - 1)
201 identities[i] = identities[num_identities - 1];
202 num_identities--;
203 BN_clear_free(dummy);
204 BN_clear_free(n);
205
206 /* Send success. */
207 buffer_put_int(&e->output, 1);
208 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
209 return;
210 }
211 /* We did not have the key. */
212 BN_clear(dummy);
213 BN_clear(n);
214
215 /* Send failure. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000216 buffer_put_int(&e->output, 1);
Damien Miller95def091999-11-25 00:26:21 +1100217 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000218}
219
Damien Miller95def091999-11-25 00:26:21 +1100220/*
221 * Removes all identities from the agent.
222 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000223void
224process_remove_all_identities(SocketEntry *e)
225{
Damien Miller95def091999-11-25 00:26:21 +1100226 unsigned int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000227
Damien Miller95def091999-11-25 00:26:21 +1100228 /* Loop over all identities and clear the keys. */
229 for (i = 0; i < num_identities; i++) {
230 RSA_free(identities[i].key);
231 xfree(identities[i].comment);
232 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000233
Damien Miller95def091999-11-25 00:26:21 +1100234 /* Mark that there are no identities. */
235 num_identities = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000236
237 /* Send success. */
238 buffer_put_int(&e->output, 1);
239 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
240 return;
Damien Miller95def091999-11-25 00:26:21 +1100241}
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000242
Damien Miller95def091999-11-25 00:26:21 +1100243/*
244 * Adds an identity to the agent.
245 */
246void
247process_add_identity(SocketEntry *e)
248{
249 RSA *k;
250 int i;
251 BIGNUM *aux;
252 BN_CTX *ctx;
253
254 if (num_identities == 0)
255 identities = xmalloc(sizeof(Identity));
256 else
257 identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
258
259 identities[num_identities].key = RSA_new();
260 k = identities[num_identities].key;
261 buffer_get_int(&e->input); /* bits */
262 k->n = BN_new();
263 buffer_get_bignum(&e->input, k->n);
264 k->e = BN_new();
265 buffer_get_bignum(&e->input, k->e);
266 k->d = BN_new();
267 buffer_get_bignum(&e->input, k->d);
268 k->iqmp = BN_new();
269 buffer_get_bignum(&e->input, k->iqmp);
270 /* SSH and SSL have p and q swapped */
271 k->q = BN_new();
272 buffer_get_bignum(&e->input, k->q); /* p */
273 k->p = BN_new();
274 buffer_get_bignum(&e->input, k->p); /* q */
275
276 /* Generate additional parameters */
277 aux = BN_new();
278 ctx = BN_CTX_new();
279
280 BN_sub(aux, k->q, BN_value_one());
281 k->dmq1 = BN_new();
282 BN_mod(k->dmq1, k->d, aux, ctx);
283
284 BN_sub(aux, k->p, BN_value_one());
285 k->dmp1 = BN_new();
286 BN_mod(k->dmp1, k->d, aux, ctx);
287
288 BN_clear_free(aux);
289 BN_CTX_free(ctx);
290
291 identities[num_identities].comment = buffer_get_string(&e->input, NULL);
292
293 /* Check if we already have the key. */
294 for (i = 0; i < num_identities; i++)
295 if (BN_cmp(identities[i].key->n, k->n) == 0) {
Damien Miller5428f641999-11-25 11:54:57 +1100296 /*
297 * We already have this key. Clear and free the new
298 * data and return success.
299 */
Damien Miller95def091999-11-25 00:26:21 +1100300 RSA_free(k);
301 xfree(identities[num_identities].comment);
302
303 /* Send success. */
304 buffer_put_int(&e->output, 1);
305 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
306 return;
307 }
308 /* Increment the number of identities. */
309 num_identities++;
310
311 /* Send a success message. */
312 buffer_put_int(&e->output, 1);
313 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000314}
315
316void
317process_message(SocketEntry *e)
318{
Damien Miller95def091999-11-25 00:26:21 +1100319 unsigned int msg_len;
320 unsigned int type;
321 unsigned char *cp;
322 if (buffer_len(&e->input) < 5)
323 return; /* Incomplete message. */
324 cp = (unsigned char *) buffer_ptr(&e->input);
325 msg_len = GET_32BIT(cp);
326 if (msg_len > 256 * 1024) {
327 shutdown(e->fd, SHUT_RDWR);
328 close(e->fd);
329 e->type = AUTH_UNUSED;
330 return;
331 }
332 if (buffer_len(&e->input) < msg_len + 4)
333 return;
334 buffer_consume(&e->input, 4);
335 type = buffer_get_char(&e->input);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000336
Damien Miller95def091999-11-25 00:26:21 +1100337 switch (type) {
338 case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
339 process_request_identity(e);
340 break;
341 case SSH_AGENTC_RSA_CHALLENGE:
342 process_authentication_challenge(e);
343 break;
344 case SSH_AGENTC_ADD_RSA_IDENTITY:
345 process_add_identity(e);
346 break;
347 case SSH_AGENTC_REMOVE_RSA_IDENTITY:
348 process_remove_identity(e);
349 break;
350 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
351 process_remove_all_identities(e);
352 break;
353 default:
354 /* Unknown message. Respond with failure. */
355 error("Unknown message %d", type);
356 buffer_clear(&e->input);
357 buffer_put_int(&e->output, 1);
358 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
359 break;
360 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000361}
362
363void
364new_socket(int type, int fd)
365{
Damien Miller95def091999-11-25 00:26:21 +1100366 unsigned int i, old_alloc;
367 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
368 error("fcntl O_NONBLOCK: %s", strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000369
Damien Miller95def091999-11-25 00:26:21 +1100370 if (fd > max_fd)
371 max_fd = fd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000372
Damien Miller95def091999-11-25 00:26:21 +1100373 for (i = 0; i < sockets_alloc; i++)
374 if (sockets[i].type == AUTH_UNUSED) {
375 sockets[i].fd = fd;
376 sockets[i].type = type;
377 buffer_init(&sockets[i].input);
378 buffer_init(&sockets[i].output);
379 return;
380 }
381 old_alloc = sockets_alloc;
382 sockets_alloc += 10;
383 if (sockets)
384 sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
385 else
386 sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
387 for (i = old_alloc; i < sockets_alloc; i++)
388 sockets[i].type = AUTH_UNUSED;
389 sockets[old_alloc].type = type;
390 sockets[old_alloc].fd = fd;
391 buffer_init(&sockets[old_alloc].input);
392 buffer_init(&sockets[old_alloc].output);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000393}
394
395void
396prepare_select(fd_set *readset, fd_set *writeset)
397{
Damien Miller95def091999-11-25 00:26:21 +1100398 unsigned int i;
399 for (i = 0; i < sockets_alloc; i++)
400 switch (sockets[i].type) {
401 case AUTH_SOCKET:
402 case AUTH_CONNECTION:
403 FD_SET(sockets[i].fd, readset);
404 if (buffer_len(&sockets[i].output) > 0)
405 FD_SET(sockets[i].fd, writeset);
406 break;
407 case AUTH_UNUSED:
408 break;
409 default:
410 fatal("Unknown socket type %d", sockets[i].type);
411 break;
412 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000413}
414
Damien Miller95def091999-11-25 00:26:21 +1100415void
416after_select(fd_set *readset, fd_set *writeset)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000417{
Damien Miller95def091999-11-25 00:26:21 +1100418 unsigned int i;
419 int len, sock;
420 char buf[1024];
421 struct sockaddr_un sunaddr;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000422
Damien Miller95def091999-11-25 00:26:21 +1100423 for (i = 0; i < sockets_alloc; i++)
424 switch (sockets[i].type) {
425 case AUTH_UNUSED:
426 break;
427 case AUTH_SOCKET:
428 if (FD_ISSET(sockets[i].fd, readset)) {
429 len = sizeof(sunaddr);
430 sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &len);
431 if (sock < 0) {
432 perror("accept from AUTH_SOCKET");
433 break;
434 }
435 new_socket(AUTH_CONNECTION, sock);
436 }
437 break;
438 case AUTH_CONNECTION:
439 if (buffer_len(&sockets[i].output) > 0 &&
440 FD_ISSET(sockets[i].fd, writeset)) {
441 len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
442 buffer_len(&sockets[i].output));
443 if (len <= 0) {
444 shutdown(sockets[i].fd, SHUT_RDWR);
445 close(sockets[i].fd);
446 sockets[i].type = AUTH_UNUSED;
447 break;
448 }
449 buffer_consume(&sockets[i].output, len);
450 }
451 if (FD_ISSET(sockets[i].fd, readset)) {
452 len = read(sockets[i].fd, buf, sizeof(buf));
453 if (len <= 0) {
454 shutdown(sockets[i].fd, SHUT_RDWR);
455 close(sockets[i].fd);
456 sockets[i].type = AUTH_UNUSED;
457 break;
458 }
459 buffer_append(&sockets[i].input, buf, len);
460 process_message(&sockets[i]);
461 }
462 break;
463 default:
464 fatal("Unknown type %d", sockets[i].type);
465 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000466}
467
468void
469check_parent_exists(int sig)
470{
Damien Miller95def091999-11-25 00:26:21 +1100471 if (kill(parent_pid, 0) < 0) {
472 /* printf("Parent has died - Authentication agent exiting.\n"); */
473 exit(1);
474 }
475 signal(SIGALRM, check_parent_exists);
476 alarm(10);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000477}
478
Damien Miller792c5111999-10-29 09:47:09 +1000479void
480cleanup_socket(void)
481{
Damien Miller95def091999-11-25 00:26:21 +1100482 remove(socket_name);
483 rmdir(socket_dir);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000484}
485
Damien Miller792c5111999-10-29 09:47:09 +1000486void
487cleanup_exit(int i)
488{
Damien Miller95def091999-11-25 00:26:21 +1100489 cleanup_socket();
490 exit(i);
Damien Miller792c5111999-10-29 09:47:09 +1000491}
492
493void
494usage()
495{
Damien Miller95def091999-11-25 00:26:21 +1100496 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
497 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
498 __progname);
499 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000500}
501
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000502int
503main(int ac, char **av)
504{
Damien Miller95def091999-11-25 00:26:21 +1100505 fd_set readset, writeset;
506 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
507 struct sockaddr_un sunaddr;
508 pid_t pid;
509 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000510
Damien Miller95def091999-11-25 00:26:21 +1100511 /* check if RSA support exists */
512 if (rsa_alive() == 0) {
513 fprintf(stderr,
514 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
515 __progname);
516 exit(1);
517 }
Damien Miller95def091999-11-25 00:26:21 +1100518 while ((ch = getopt(ac, av, "cks")) != -1) {
Damien Miller95def091999-11-25 00:26:21 +1100519 switch (ch) {
520 case 'c':
521 if (s_flag)
522 usage();
523 c_flag++;
524 break;
525 case 'k':
526 k_flag++;
527 break;
528 case 's':
529 if (c_flag)
530 usage();
531 s_flag++;
532 break;
533 default:
534 usage();
535 }
Damien Miller792c5111999-10-29 09:47:09 +1000536 }
Damien Miller95def091999-11-25 00:26:21 +1100537 ac -= optind;
538 av += optind;
Damien Miller792c5111999-10-29 09:47:09 +1000539
Damien Miller95def091999-11-25 00:26:21 +1100540 if (ac > 0 && (c_flag || k_flag || s_flag))
541 usage();
Damien Miller792c5111999-10-29 09:47:09 +1000542
Damien Miller95def091999-11-25 00:26:21 +1100543 if (ac == 0 && !c_flag && !k_flag && !s_flag) {
544 shell = getenv("SHELL");
545 if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
546 c_flag = 1;
Damien Miller792c5111999-10-29 09:47:09 +1000547 }
Damien Miller95def091999-11-25 00:26:21 +1100548 if (k_flag) {
549 pidstr = getenv(SSH_AGENTPID_ENV_NAME);
550 if (pidstr == NULL) {
551 fprintf(stderr, "%s not set, cannot kill agent\n",
552 SSH_AGENTPID_ENV_NAME);
553 exit(1);
554 }
555 pid = atoi(pidstr);
556 if (pid < 1) { /* XXX PID_MAX check too */
557 fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
558 SSH_AGENTPID_ENV_NAME, pidstr);
559 exit(1);
560 }
561 if (kill(pid, SIGTERM) == -1) {
562 perror("kill");
563 exit(1);
564 }
565 format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
566 printf(format, SSH_AUTHSOCKET_ENV_NAME);
567 printf(format, SSH_AGENTPID_ENV_NAME);
568 printf("echo Agent pid %d killed;\n", pid);
569 exit(0);
Damien Miller792c5111999-10-29 09:47:09 +1000570 }
Damien Miller95def091999-11-25 00:26:21 +1100571 parent_pid = getpid();
572
573 /* Create private directory for agent socket */
574 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
575 if (mkdtemp(socket_dir) == NULL) {
576 perror("mkdtemp: private socket dir");
577 exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000578 }
Damien Miller95def091999-11-25 00:26:21 +1100579 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
580 parent_pid);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000581
Damien Miller5428f641999-11-25 11:54:57 +1100582 /*
583 * Create socket early so it will exist before command gets run from
584 * the parent.
585 */
Damien Miller95def091999-11-25 00:26:21 +1100586 sock = socket(AF_UNIX, SOCK_STREAM, 0);
587 if (sock < 0) {
588 perror("socket");
589 cleanup_exit(1);
Damien Miller792c5111999-10-29 09:47:09 +1000590 }
Damien Miller95def091999-11-25 00:26:21 +1100591 memset(&sunaddr, 0, sizeof(sunaddr));
592 sunaddr.sun_family = AF_UNIX;
593 strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
594 if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
595 perror("bind");
596 cleanup_exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000597 }
Damien Miller95def091999-11-25 00:26:21 +1100598 if (listen(sock, 5) < 0) {
599 perror("listen");
600 cleanup_exit(1);
601 }
Damien Miller5428f641999-11-25 11:54:57 +1100602 /*
603 * Fork, and have the parent execute the command, if any, or present
604 * the socket data. The child continues as the authentication agent.
605 */
Damien Miller95def091999-11-25 00:26:21 +1100606 pid = fork();
607 if (pid == -1) {
608 perror("fork");
609 exit(1);
610 }
611 if (pid != 0) { /* Parent - execute the given command. */
612 close(sock);
613 snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
614 if (ac == 0) {
615 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
616 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
617 SSH_AUTHSOCKET_ENV_NAME);
618 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
619 SSH_AGENTPID_ENV_NAME);
620 printf("echo Agent pid %d;\n", pid);
621 exit(0);
622 }
623 setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
624 setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
625 execvp(av[0], av);
626 perror(av[0]);
627 exit(1);
628 }
629 close(0);
630 close(1);
631 close(2);
632
633 if (setsid() == -1) {
634 perror("setsid");
635 cleanup_exit(1);
636 }
637 if (atexit(cleanup_socket) < 0) {
638 perror("atexit");
639 cleanup_exit(1);
640 }
641 new_socket(AUTH_SOCKET, sock);
642 if (ac > 0) {
643 signal(SIGALRM, check_parent_exists);
644 alarm(10);
645 }
646 signal(SIGINT, SIG_IGN);
647 signal(SIGPIPE, SIG_IGN);
Damien Miller62ab38a2000-01-03 23:41:05 +1100648 signal(SIGHUP, cleanup_exit);
649 signal(SIGTERM, cleanup_exit);
Damien Miller95def091999-11-25 00:26:21 +1100650 while (1) {
651 FD_ZERO(&readset);
652 FD_ZERO(&writeset);
653 prepare_select(&readset, &writeset);
654 if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
655 if (errno == EINTR)
656 continue;
657 exit(1);
658 }
659 after_select(&readset, &writeset);
660 }
661 /* NOTREACHED */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000662}