1 /* $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $ */
4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 * Created: Wed Mar 29 03:46:59 1995 ylo
8 * The authentication agent program.
12 RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");
25 #include <openssl/md5.h>
34 AUTH_UNUSED, AUTH_SOCKET, AUTH_CONNECTION
40 unsigned int sockets_alloc = 0;
41 SocketEntry *sockets = NULL;
48 unsigned int num_identities = 0;
49 Identity *identities = NULL;
53 /* pid of shell == parent of agent */
56 /* pathname and directory for AUTH_SOCKET */
57 char socket_name[1024];
58 char socket_dir[1024];
60 #ifdef HAVE___PROGNAME
61 extern char *__progname;
62 #else /* HAVE___PROGNAME */
63 const char *__progname = "ssh-agent";
64 #endif /* HAVE___PROGNAME */
67 process_request_identity(SocketEntry *e)
73 buffer_put_char(&msg, SSH_AGENT_RSA_IDENTITIES_ANSWER);
74 buffer_put_int(&msg, num_identities);
75 for (i = 0; i < num_identities; i++) {
76 buffer_put_int(&msg, BN_num_bits(identities[i].key->n));
77 buffer_put_bignum(&msg, identities[i].key->e);
78 buffer_put_bignum(&msg, identities[i].key->n);
79 buffer_put_string(&msg, identities[i].comment,
80 strlen(identities[i].comment));
82 buffer_put_int(&e->output, buffer_len(&msg));
83 buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
88 process_authentication_challenge(SocketEntry *e)
91 BIGNUM *pub_e, *pub_n, *challenge;
94 unsigned char buf[32], mdbuf[16], session_id[16];
95 unsigned int response_type;
100 challenge = BN_new();
101 pub_bits = buffer_get_int(&e->input);
102 buffer_get_bignum(&e->input, pub_e);
103 buffer_get_bignum(&e->input, pub_n);
104 buffer_get_bignum(&e->input, challenge);
105 if (buffer_len(&e->input) == 0) {
106 /* Compatibility code for old servers. */
107 memset(session_id, 0, 16);
111 buffer_get(&e->input, (char *) session_id, 16);
112 response_type = buffer_get_int(&e->input);
114 for (i = 0; i < num_identities; i++)
115 if (pub_bits == BN_num_bits(identities[i].key->n) &&
116 BN_cmp(pub_e, identities[i].key->e) == 0 &&
117 BN_cmp(pub_n, identities[i].key->n) == 0) {
118 /* Decrypt the challenge using the private key. */
119 rsa_private_decrypt(challenge, challenge, identities[i].key);
121 /* Compute the desired response. */
122 switch (response_type) {
123 case 0:/* As of protocol 1.0 */
124 /* This response type is no longer supported. */
125 log("Compatibility with ssh protocol 1.0 no longer supported.");
126 buffer_put_char(&msg, SSH_AGENT_FAILURE);
129 case 1:/* As of protocol 1.1 */
130 /* The response is MD5 of decrypted challenge plus session id. */
131 len = BN_num_bytes(challenge);
133 if (len <= 0 || len > 32) {
134 fatal("process_authentication_challenge: "
135 "bad challenge length %d", len);
138 BN_bn2bin(challenge, buf + 32 - len);
140 MD5_Update(&md, buf, 32);
141 MD5_Update(&md, session_id, 16);
142 MD5_Final(mdbuf, &md);
146 fatal("process_authentication_challenge: bad response_type %d",
151 /* Send the response. */
152 buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
153 for (i = 0; i < 16; i++)
154 buffer_put_char(&msg, mdbuf[i]);
158 /* Unknown identity. Send failure. */
159 buffer_put_char(&msg, SSH_AGENT_FAILURE);
161 buffer_put_int(&e->output, buffer_len(&msg));
162 buffer_append(&e->output, buffer_ptr(&msg),
165 BN_clear_free(pub_e);
166 BN_clear_free(pub_n);
167 BN_clear_free(challenge);
171 process_remove_identity(SocketEntry *e)
180 /* Get the key from the packet. */
181 bits = buffer_get_int(&e->input);
182 buffer_get_bignum(&e->input, dummy);
183 buffer_get_bignum(&e->input, n);
185 if (bits != BN_num_bits(n))
186 error("Warning: identity keysize mismatch: actual %d, announced %d",
187 BN_num_bits(n), bits);
189 /* Check if we have the key. */
190 for (i = 0; i < num_identities; i++)
191 if (BN_cmp(identities[i].key->n, n) == 0) {
193 * We have this key. Free the old key. Since we
194 * don\'t want to leave empty slots in the middle of
195 * the array, we actually free the key there and copy
196 * data from the last entry.
198 RSA_free(identities[i].key);
199 xfree(identities[i].comment);
200 if (i < num_identities - 1)
201 identities[i] = identities[num_identities - 1];
203 BN_clear_free(dummy);
207 buffer_put_int(&e->output, 1);
208 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
211 /* We did not have the key. */
216 buffer_put_int(&e->output, 1);
217 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
221 * Removes all identities from the agent.
224 process_remove_all_identities(SocketEntry *e)
228 /* Loop over all identities and clear the keys. */
229 for (i = 0; i < num_identities; i++) {
230 RSA_free(identities[i].key);
231 xfree(identities[i].comment);
234 /* Mark that there are no identities. */
238 buffer_put_int(&e->output, 1);
239 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
244 * Adds an identity to the agent.
247 process_add_identity(SocketEntry *e)
254 if (num_identities == 0)
255 identities = xmalloc(sizeof(Identity));
257 identities = xrealloc(identities, (num_identities + 1) * sizeof(Identity));
259 identities[num_identities].key = RSA_new();
260 k = identities[num_identities].key;
261 buffer_get_int(&e->input); /* bits */
263 buffer_get_bignum(&e->input, k->n);
265 buffer_get_bignum(&e->input, k->e);
267 buffer_get_bignum(&e->input, k->d);
269 buffer_get_bignum(&e->input, k->iqmp);
270 /* SSH and SSL have p and q swapped */
272 buffer_get_bignum(&e->input, k->q); /* p */
274 buffer_get_bignum(&e->input, k->p); /* q */
276 /* Generate additional parameters */
280 BN_sub(aux, k->q, BN_value_one());
282 BN_mod(k->dmq1, k->d, aux, ctx);
284 BN_sub(aux, k->p, BN_value_one());
286 BN_mod(k->dmp1, k->d, aux, ctx);
291 identities[num_identities].comment = buffer_get_string(&e->input, NULL);
293 /* Check if we already have the key. */
294 for (i = 0; i < num_identities; i++)
295 if (BN_cmp(identities[i].key->n, k->n) == 0) {
297 * We already have this key. Clear and free the new
298 * data and return success.
301 xfree(identities[num_identities].comment);
304 buffer_put_int(&e->output, 1);
305 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
308 /* Increment the number of identities. */
311 /* Send a success message. */
312 buffer_put_int(&e->output, 1);
313 buffer_put_char(&e->output, SSH_AGENT_SUCCESS);
317 process_message(SocketEntry *e)
319 unsigned int msg_len;
322 if (buffer_len(&e->input) < 5)
323 return; /* Incomplete message. */
324 cp = (unsigned char *) buffer_ptr(&e->input);
325 msg_len = GET_32BIT(cp);
326 if (msg_len > 256 * 1024) {
327 shutdown(e->fd, SHUT_RDWR);
329 e->type = AUTH_UNUSED;
332 if (buffer_len(&e->input) < msg_len + 4)
334 buffer_consume(&e->input, 4);
335 type = buffer_get_char(&e->input);
338 case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
339 process_request_identity(e);
341 case SSH_AGENTC_RSA_CHALLENGE:
342 process_authentication_challenge(e);
344 case SSH_AGENTC_ADD_RSA_IDENTITY:
345 process_add_identity(e);
347 case SSH_AGENTC_REMOVE_RSA_IDENTITY:
348 process_remove_identity(e);
350 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
351 process_remove_all_identities(e);
354 /* Unknown message. Respond with failure. */
355 error("Unknown message %d", type);
356 buffer_clear(&e->input);
357 buffer_put_int(&e->output, 1);
358 buffer_put_char(&e->output, SSH_AGENT_FAILURE);
364 new_socket(int type, int fd)
366 unsigned int i, old_alloc;
367 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
368 error("fcntl O_NONBLOCK: %s", strerror(errno));
373 for (i = 0; i < sockets_alloc; i++)
374 if (sockets[i].type == AUTH_UNUSED) {
376 sockets[i].type = type;
377 buffer_init(&sockets[i].input);
378 buffer_init(&sockets[i].output);
381 old_alloc = sockets_alloc;
384 sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
386 sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
387 for (i = old_alloc; i < sockets_alloc; i++)
388 sockets[i].type = AUTH_UNUSED;
389 sockets[old_alloc].type = type;
390 sockets[old_alloc].fd = fd;
391 buffer_init(&sockets[old_alloc].input);
392 buffer_init(&sockets[old_alloc].output);
396 prepare_select(fd_set *readset, fd_set *writeset)
399 for (i = 0; i < sockets_alloc; i++)
400 switch (sockets[i].type) {
402 case AUTH_CONNECTION:
403 FD_SET(sockets[i].fd, readset);
404 if (buffer_len(&sockets[i].output) > 0)
405 FD_SET(sockets[i].fd, writeset);
410 fatal("Unknown socket type %d", sockets[i].type);
416 after_select(fd_set *readset, fd_set *writeset)
422 struct sockaddr_un sunaddr;
424 for (i = 0; i < sockets_alloc; i++)
425 switch (sockets[i].type) {
429 if (FD_ISSET(sockets[i].fd, readset)) {
430 slen = sizeof(sunaddr);
431 sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
433 perror("accept from AUTH_SOCKET");
436 new_socket(AUTH_CONNECTION, sock);
439 case AUTH_CONNECTION:
440 if (buffer_len(&sockets[i].output) > 0 &&
441 FD_ISSET(sockets[i].fd, writeset)) {
442 len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
443 buffer_len(&sockets[i].output));
445 shutdown(sockets[i].fd, SHUT_RDWR);
446 close(sockets[i].fd);
447 sockets[i].type = AUTH_UNUSED;
450 buffer_consume(&sockets[i].output, len);
452 if (FD_ISSET(sockets[i].fd, readset)) {
453 len = read(sockets[i].fd, buf, sizeof(buf));
455 shutdown(sockets[i].fd, SHUT_RDWR);
456 close(sockets[i].fd);
457 sockets[i].type = AUTH_UNUSED;
460 buffer_append(&sockets[i].input, buf, len);
461 process_message(&sockets[i]);
465 fatal("Unknown type %d", sockets[i].type);
470 check_parent_exists(int sig)
472 if (kill(parent_pid, 0) < 0) {
473 /* printf("Parent has died - Authentication agent exiting.\n"); */
476 signal(SIGALRM, check_parent_exists);
497 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
498 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
504 main(int ac, char **av)
506 fd_set readset, writeset;
507 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
508 struct sockaddr_un sunaddr;
510 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
512 /* check if RSA support exists */
513 if (rsa_alive() == 0) {
515 "%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
519 while ((ch = getopt(ac, av, "cks")) != -1) {
541 if (ac > 0 && (c_flag || k_flag || s_flag))
544 if (ac == 0 && !c_flag && !k_flag && !s_flag) {
545 shell = getenv("SHELL");
546 if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
550 pidstr = getenv(SSH_AGENTPID_ENV_NAME);
551 if (pidstr == NULL) {
552 fprintf(stderr, "%s not set, cannot kill agent\n",
553 SSH_AGENTPID_ENV_NAME);
557 if (pid < 1) { /* XXX PID_MAX check too */
558 fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
559 SSH_AGENTPID_ENV_NAME, pidstr);
562 if (kill(pid, SIGTERM) == -1) {
566 format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
567 printf(format, SSH_AUTHSOCKET_ENV_NAME);
568 printf(format, SSH_AGENTPID_ENV_NAME);
569 printf("echo Agent pid %d killed;\n", pid);
572 parent_pid = getpid();
574 /* Create private directory for agent socket */
575 strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
576 if (mkdtemp(socket_dir) == NULL) {
577 perror("mkdtemp: private socket dir");
580 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
584 * Create socket early so it will exist before command gets run from
587 sock = socket(AF_UNIX, SOCK_STREAM, 0);
592 memset(&sunaddr, 0, sizeof(sunaddr));
593 sunaddr.sun_family = AF_UNIX;
594 strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
595 if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
599 if (listen(sock, 5) < 0) {
604 * Fork, and have the parent execute the command, if any, or present
605 * the socket data. The child continues as the authentication agent.
612 if (pid != 0) { /* Parent - execute the given command. */
614 snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
616 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
617 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
618 SSH_AUTHSOCKET_ENV_NAME);
619 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
620 SSH_AGENTPID_ENV_NAME);
621 printf("echo Agent pid %d;\n", pid);
624 setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1);
625 setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1);
634 if (setsid() == -1) {
638 if (atexit(cleanup_socket) < 0) {
642 new_socket(AUTH_SOCKET, sock);
644 signal(SIGALRM, check_parent_exists);
647 signal(SIGINT, SIG_IGN);
648 signal(SIGPIPE, SIG_IGN);
649 signal(SIGHUP, cleanup_exit);
650 signal(SIGTERM, cleanup_exit);
654 prepare_select(&readset, &writeset);
655 if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
660 after_select(&readset, &writeset);