-/* $OpenBSD: ssh-agent.c,v 1.78 2002/01/13 17:27:07 provos Exp $ */
-
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
#include "includes.h"
-#include <sys/queue.h>
-RCSID("$OpenBSD: ssh-agent.c,v 1.78 2002/01/13 17:27:07 provos Exp $");
+#include "openbsd-compat/fake-queue.h"
+RCSID("$OpenBSD: ssh-agent.c,v 1.85 2002/04/02 11:49:39 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "buffer.h"
#include "bufaux.h"
#include "xmalloc.h"
-#include "packet.h"
#include "getput.h"
-#include "mpaux.h"
#include "key.h"
#include "authfd.h"
-#include "cipher.h"
-#include "kex.h"
#include "compat.h"
#include "log.h"
#ifdef SMARTCARD
-#include <openssl/engine.h>
#include "scard.h"
#endif
/* Only protocol 1.1 is supported */
if (buffer_len(&e->input) == 0)
goto failure;
- buffer_get(&e->input, (char *) session_id, 16);
+ buffer_get(&e->input, session_id, 16);
response_type = buffer_get_int(&e->input);
if (response_type != 1)
goto failure;
static void
process_add_smartcard_key (SocketEntry *e)
{
+ Identity *id;
Idtab *tab;
- Key *n = NULL, *k = NULL;
- char *sc_reader_id = NULL;
- int success = 0;
+ Key **keys, *k;
+ char *sc_reader_id = NULL, *pin;
+ int i, version, success = 0;
sc_reader_id = buffer_get_string(&e->input, NULL);
- k = sc_get_key(sc_reader_id);
+ pin = buffer_get_string(&e->input, NULL);
+ keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id);
+ xfree(pin);
- if (k == NULL) {
- error("sc_get_pubkey failed");
+ if (keys == NULL || keys[0] == NULL) {
+ error("sc_get_keys failed");
goto send;
}
- success = 1;
-
- tab = idtab_lookup(1);
- k->type = KEY_RSA1;
- if (lookup_identity(k, 1) == NULL) {
- Identity *id = xmalloc(sizeof(Identity));
- n = key_new(KEY_RSA1);
- BN_copy(n->rsa->n, k->rsa->n);
- BN_copy(n->rsa->e, k->rsa->e);
- RSA_set_method(n->rsa, sc_get_engine());
- id->key = n;
- id->comment = xstrdup("rsa1 smartcard");
- TAILQ_INSERT_TAIL(&tab->idlist, id, next);
- tab->nentries++;
- }
- k->type = KEY_RSA;
- tab = idtab_lookup(2);
- if (lookup_identity(k, 2) == NULL) {
- Identity *id = xmalloc(sizeof(Identity));
- n = key_new(KEY_RSA);
- BN_copy(n->rsa->n, k->rsa->n);
- BN_copy(n->rsa->e, k->rsa->e);
- RSA_set_method(n->rsa, sc_get_engine());
- id->key = n;
- id->comment = xstrdup("rsa smartcard");
- TAILQ_INSERT_TAIL(&tab->idlist, id, next);
- tab->nentries++;
+ for (i = 0; keys[i] != NULL; i++) {
+ k = keys[i];
+ version = k->type == KEY_RSA1 ? 1 : 2;
+ tab = idtab_lookup(version);
+ if (lookup_identity(k, version) == NULL) {
+ id = xmalloc(sizeof(Identity));
+ id->key = k;
+ id->comment = xstrdup("smartcard key");
+ TAILQ_INSERT_TAIL(&tab->idlist, id, next);
+ tab->nentries++;
+ success = 1;
+ } else {
+ key_free(k);
+ }
+ keys[i] = NULL;
}
- key_free(k);
+ xfree(keys);
send:
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
static void
process_remove_smartcard_key(SocketEntry *e)
{
- Key *k = NULL;
- int success = 0;
- char *sc_reader_id = NULL;
+ Identity *id;
+ Idtab *tab;
+ Key **keys, *k = NULL;
+ char *sc_reader_id = NULL, *pin;
+ int i, version, success = 0;
sc_reader_id = buffer_get_string(&e->input, NULL);
- k = sc_get_key(sc_reader_id);
+ pin = buffer_get_string(&e->input, NULL);
+ keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id);
+ xfree(pin);
- if (k == NULL) {
- error("sc_get_pubkey failed");
- } else {
- Identity *id;
- k->type = KEY_RSA1;
- id = lookup_identity(k, 1);
- if (id != NULL) {
- Idtab *tab = idtab_lookup(1);
- TAILQ_REMOVE(&tab->idlist, id, next);
- free_identity(id);
+ if (keys == NULL || keys[0] == NULL) {
+ error("sc_get_keys failed");
+ goto send;
+ }
+ for (i = 0; keys[i] != NULL; i++) {
+ k = keys[i];
+ version = k->type == KEY_RSA1 ? 1 : 2;
+ if ((id = lookup_identity(k, version)) != NULL) {
+ tab = idtab_lookup(version);
+ TAILQ_REMOVE(&tab->idlist, id, next);
tab->nentries--;
- success = 1;
- }
- k->type = KEY_RSA;
- id = lookup_identity(k, 2);
- if (id != NULL) {
- Idtab *tab = idtab_lookup(2);
- TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
- tab->nentries--;
success = 1;
}
key_free(k);
+ keys[i] = NULL;
}
-
+ xfree(keys);
+send:
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
sock = accept(sockets[i].fd,
(struct sockaddr *) &sunaddr, &slen);
if (sock < 0) {
- perror("accept from AUTH_SOCKET");
+ error("accept from AUTH_SOCKET: %s",
+ strerror(errno));
break;
}
new_socket(AUTH_CONNECTION, sock);
}
static void
-cleanup_socket(void)
+cleanup_socket(void *p)
{
if (socket_name[0])
unlink(socket_name);
static void
cleanup_exit(int i)
{
- cleanup_socket();
+ cleanup_socket(NULL);
exit(i);
}
static void
cleanup_handler(int sig)
{
- cleanup_socket();
+ cleanup_socket(NULL);
_exit(2);
}
if (ac > 0 && (c_flag || k_flag || s_flag || d_flag))
usage();
- if (ac == 0 && !c_flag && !k_flag && !s_flag && !d_flag) {
+ if (ac == 0 && !c_flag && !s_flag) {
shell = getenv("SHELL");
if (shell != NULL && strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
c_flag = 1;
pid = fork();
if (pid == -1) {
perror("fork");
- exit(1);
+ cleanup_exit(1);
}
if (pid != 0) { /* Parent - execute the given command. */
close(sock);
perror(av[0]);
exit(1);
}
+ /* child */
+ log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
if (setsid() == -1) {
- perror("setsid");
+ error("setsid: %s", strerror(errno));
cleanup_exit(1);
}
/* deny core dumps, since memory contains unencrypted private keys */
rlim.rlim_cur = rlim.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
- perror("setrlimit rlimit_core failed");
+ error("setrlimit RLIMIT_CORE: %s", strerror(errno));
cleanup_exit(1);
}
#endif
skip:
- if (atexit(cleanup_socket) < 0) {
- perror("atexit");
- cleanup_exit(1);
- }
+ fatal_add_cleanup(cleanup_socket, NULL);
new_socket(AUTH_SOCKET, sock);
if (ac > 0) {
signal(SIGALRM, check_parent_exists);
if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
- exit(1);
+ fatal("select: %s", strerror(errno));
}
after_select(readsetp, writesetp);
}