nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity
884a7df94b
putty-source/unix/uxpgnt.c

1176 lines
35 KiB
C
Raw Normal View History

Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
/*
* Unix Pageant, more or less similar to ssh-agent.
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <assert.h>
#include <signal.h>
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
#include <ctype.h>
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
#include <sys/types.h>
#include <sys/wait.h>
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
#include <fcntl.h>
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
#include <unistd.h>
#define PUTTY_DO_GLOBALS /* actually _define_ globals */
#include "putty.h"
#include "ssh.h"
#include "misc.h"
#include "pageant.h"
Get rid of lots of implicit pointer types. All the main backend structures - Ssh, Telnet, Pty, Serial etc - now describe structure types themselves rather than pointers to them. The same goes for the codebase-wide trait types Socket and Plug, and the supporting types SockAddr and Pinger. All those things that were typedefed as pointers are older types; the newer ones have the explicit * at the point of use, because that's what I now seem to be preferring. But whichever one of those is better, inconsistently using a mixture of the two styles is worse, so let's make everything consistent. A few types are still implicitly pointers, such as Bignum and some of the GSSAPI types; generally this is either because they have to be void *, or because they're typedefed differently on different platforms and aren't always pointers at all. Can't be helped. But I've got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
SockAddr *unix_sock_addr(const char *path);
Socket *new_unix_listener(SockAddr *listenaddr, Plug *plug);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
Giant const-correctness patch of doom! Having found a lot of unfixed constness issues in recent development, I thought perhaps it was time to get proactive, so I compiled the whole codebase with -Wwrite-strings. That turned up a huge load of const problems, which I've fixed in this commit: the Unix build now goes cleanly through with -Wwrite-strings, and the Windows build is as close as I could get it (there are some lingering issues due to occasional Windows API functions like AcquireCredentialsHandle not having the right constness). Notable fallout beyond the purely mechanical changing of types: - the stuff saved by cmdline_save_param() is now explicitly dupstr()ed, and freed in cmdline_run_saved. - I couldn't make both string arguments to cmdline_process_param() const, because it intentionally writes to one of them in the case where it's the argument to -pw (in the vain hope of being at least slightly friendly to 'ps'), so elsewhere I had to temporarily dupstr() something for the sake of passing it to that function - I had to invent a silly parallel version of const_cmp() so I could pass const string literals in to lookup functions. - stripslashes() in pscp.c and psftp.c has the annoying strchr nature
2015-05-15 10:15:42 +00:00
void modalfatalbox(const char *p, ...)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
va_start(ap, p);
vfprintf(stderr, p, ap);
va_end(ap);
fputc('\n', stderr);
exit(1);
}
Giant const-correctness patch of doom! Having found a lot of unfixed constness issues in recent development, I thought perhaps it was time to get proactive, so I compiled the whole codebase with -Wwrite-strings. That turned up a huge load of const problems, which I've fixed in this commit: the Unix build now goes cleanly through with -Wwrite-strings, and the Windows build is as close as I could get it (there are some lingering issues due to occasional Windows API functions like AcquireCredentialsHandle not having the right constness). Notable fallout beyond the purely mechanical changing of types: - the stuff saved by cmdline_save_param() is now explicitly dupstr()ed, and freed in cmdline_run_saved. - I couldn't make both string arguments to cmdline_process_param() const, because it intentionally writes to one of them in the case where it's the argument to -pw (in the vain hope of being at least slightly friendly to 'ps'), so elsewhere I had to temporarily dupstr() something for the sake of passing it to that function - I had to invent a silly parallel version of const_cmp() so I could pass const string literals in to lookup functions. - stripslashes() in pscp.c and psftp.c has the annoying strchr nature
2015-05-15 10:15:42 +00:00
void nonfatal(const char *p, ...)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
va_list ap;
fprintf(stderr, "ERROR: ");
va_start(ap, p);
vfprintf(stderr, p, ap);
va_end(ap);
fputc('\n', stderr);
}
Introduce a typedef for frontend handles. This is another major source of unexplained 'void *' parameters throughout the code. In particular, the currently unused testback.c actually gave the wrong pointer type to its internal store of the frontend handle - it cast the input void * to a Terminal *, from which it got implicitly cast back again when calling from_backend, and nobody noticed. Now it uses the right type internally as well as externally.
2018-09-12 08:10:51 +00:00
void connection_fatal(Frontend *frontend, const char *p, ...)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
va_start(ap, p);
vfprintf(stderr, p, ap);
va_end(ap);
fputc('\n', stderr);
exit(1);
}
Giant const-correctness patch of doom! Having found a lot of unfixed constness issues in recent development, I thought perhaps it was time to get proactive, so I compiled the whole codebase with -Wwrite-strings. That turned up a huge load of const problems, which I've fixed in this commit: the Unix build now goes cleanly through with -Wwrite-strings, and the Windows build is as close as I could get it (there are some lingering issues due to occasional Windows API functions like AcquireCredentialsHandle not having the right constness). Notable fallout beyond the purely mechanical changing of types: - the stuff saved by cmdline_save_param() is now explicitly dupstr()ed, and freed in cmdline_run_saved. - I couldn't make both string arguments to cmdline_process_param() const, because it intentionally writes to one of them in the case where it's the argument to -pw (in the vain hope of being at least slightly friendly to 'ps'), so elsewhere I had to temporarily dupstr() something for the sake of passing it to that function - I had to invent a silly parallel version of const_cmp() so I could pass const string literals in to lookup functions. - stripslashes() in pscp.c and psftp.c has the annoying strchr nature
2015-05-15 10:15:42 +00:00
void cmdline_error(const char *p, ...)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
va_list ap;
fprintf(stderr, "pageant: ");
va_start(ap, p);
vfprintf(stderr, p, ap);
va_end(ap);
fputc('\n', stderr);
exit(1);
}
Put proper logging into Pageant. Now it actually logs all its requests and responses, the fingerprints of keys mentioned in all messages, and so on. I've also added the -v option, which causes Pageant in any mode to direct that logging information to standard error. In --debug mode, however, the logging output goes to standard output instead (because when debugging, that information changes from a side effect to the thing you actually wanted in the first place :-). An internal tweak: the logging functions now take a va_list rather than an actual variadic argument list, so that I can pass it through several functions.
2015-05-06 18:32:26 +00:00
FILE *pageant_logfp = NULL;
void pageant_log(void *ctx, const char *fmt, va_list ap)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
Put proper logging into Pageant. Now it actually logs all its requests and responses, the fingerprints of keys mentioned in all messages, and so on. I've also added the -v option, which causes Pageant in any mode to direct that logging information to standard error. In --debug mode, however, the logging output goes to standard output instead (because when debugging, that information changes from a side effect to the thing you actually wanted in the first place :-). An internal tweak: the logging functions now take a va_list rather than an actual variadic argument list, so that I can pass it through several functions.
2015-05-06 18:32:26 +00:00
if (!pageant_logfp)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
return;
Put proper logging into Pageant. Now it actually logs all its requests and responses, the fingerprints of keys mentioned in all messages, and so on. I've also added the -v option, which causes Pageant in any mode to direct that logging information to standard error. In --debug mode, however, the logging output goes to standard output instead (because when debugging, that information changes from a side effect to the thing you actually wanted in the first place :-). An internal tweak: the logging functions now take a va_list rather than an actual variadic argument list, so that I can pass it through several functions.
2015-05-06 18:32:26 +00:00
fprintf(pageant_logfp, "pageant: ");
vfprintf(pageant_logfp, fmt, ap);
fprintf(pageant_logfp, "\n");
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
}
/*
* In Pageant our selects are synchronous, so these functions are
* empty stubs.
*/
Change uxsel_input_add's return type from int to pointer. In case a front end needs to store more than an integer id to be returned to uxsel_input_remove, we now return a pointer to a frontend-defined structure.
2015-08-16 11:50:46 +00:00
uxsel_id *uxsel_input_add(int fd, int rwx) { return NULL; }
void uxsel_input_remove(uxsel_id *id) { }
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
/*
* More stubs.
*/
void random_save_seed(void) {}
void random_destroy_seed(void) {}
void noise_ultralight(unsigned long data) {}
char *platform_default_s(const char *name) { return NULL; }
int platform_default_i(const char *name, int def) { return def; }
FontSpec *platform_default_fontspec(const char *name) { return fontspec_new(""); }
Filename *platform_default_filename(const char *name) { return filename_from_str(""); }
char *x_get_default(const char *key) { return NULL; }
Make 'LogContext' a typedef visible throughout the code. Same principle again - the more of these structures have globally visible tags (even if the structure contents are still opaque in most places), the fewer of them I can mistake for each other.
2018-09-11 14:17:16 +00:00
void log_eventlog(LogContext *logctx, const char *event) {}
Introduce a typedef for frontend handles. This is another major source of unexplained 'void *' parameters throughout the code. In particular, the currently unused testback.c actually gave the wrong pointer type to its internal store of the frontend handle - it cast the input void * to a Terminal *, from which it got implicitly cast back again when calling from_backend, and nobody noticed. Now it uses the right type internally as well as externally.
2018-09-12 08:10:51 +00:00
int from_backend(Frontend *fe, int is_stderr, const void *data, int datalen)
Option to log proxy setup diagnostics to the terminal. It has three settings: on, off, and 'only until session starts'. The idea of the last one is that if you use something like 'ssh -v' as your proxy command, you probably wanted to see the initial SSH connection-setup messages while you were waiting to see if the connection would be set up successfully at all, but probably _didn't_ want a slew of diagnostics from rekeys disrupting your terminal in mid-emacs once the session had got properly under way. Default is off, to avoid startling people used to the old behaviour. I wonder if I should have set it more aggressively, though.
2015-11-22 14:33:28 +00:00
{ assert(!"only here to satisfy notional call from backend_socket_log"); }
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
/*
* Short description of parameters.
*/
static void usage(void)
{
printf("Pageant: SSH agent\n");
printf("%s\n", ver);
Unix Pageant: man page and online help. I think Unix Pageant is now more or less usable, though of course I wouldn't blame anyone for sticking with other SSH agent solutions.
2015-05-19 17:24:04 +00:00
printf("Usage: pageant <lifetime> [key files]\n");
printf(" pageant [key files] --exec <command> [args]\n");
printf(" pageant -a [key files]\n");
printf(" pageant -d [key identifiers]\n");
printf(" pageant --public [key identifiers]\n");
Unix Pageant: add alias '-L' for '--private-openssh'. Matches the -L option in Unix PuTTYgen, and is much easier to type.
2018-06-03 14:38:57 +00:00
printf(" pageant ( --public-openssh | -L ) [key identifiers]\n");
Unix Pageant: man page and online help. I think Unix Pageant is now more or less usable, though of course I wouldn't blame anyone for sticking with other SSH agent solutions.
2015-05-19 17:24:04 +00:00
printf(" pageant -l\n");
printf(" pageant -D\n");
printf("Lifetime options, for running Pageant as an agent:\n");
printf(" -X run with the lifetime of the X server\n");
printf(" -T run with the lifetime of the controlling tty\n");
printf(" --permanent run permanently\n");
printf(" --debug run in debugging mode, without forking\n");
printf(" --exec <command> run with the lifetime of that command\n");
printf("Client options, for talking to an existing agent:\n");
printf(" -a add key(s) to the existing agent\n");
printf(" -l list currently loaded key fingerprints and comments\n");
printf(" --public print public keys in RFC 4716 format\n");
Unix Pageant: add alias '-L' for '--private-openssh'. Matches the -L option in Unix PuTTYgen, and is much easier to type.
2018-06-03 14:38:57 +00:00
printf(" --public-openssh, -L print public keys in OpenSSH format\n");
Unix Pageant: man page and online help. I think Unix Pageant is now more or less usable, though of course I wouldn't blame anyone for sticking with other SSH agent solutions.
2015-05-19 17:24:04 +00:00
printf(" -d delete key(s) from the agent\n");
printf(" -D delete all keys from the agent\n");
printf("Other options:\n");
printf(" -v verbose mode (in agent mode)\n");
Add -c/-s to Unix 'pageant --help'.
2017-02-11 22:12:33 +00:00
printf(" -s -c force POSIX or C shell syntax (in agent mode)\n");
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
printf(" --tty-prompt force tty-based passphrase prompt (in -a mode)\n");
printf(" --gui-prompt force GUI-based passphrase prompt (in -a mode)\n");
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
printf(" --askpass <prompt> behave like a standalone askpass program\n");
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
exit(1);
}
static void version(void)
{
Include 'build info' in all --version text and About boxes. This shows the build platform (32- vs 64-bit in particular, and also whether Unix GTK builds were compiled with or without the X11 pieces), what compiler was used to build the binary, and any interesting build options that might have been set on the make command line (especially, but not limited to, the security-damaging ones like NO_SECURITY or UNPROTECT). This will probably be useful all over the place, but in particular it should allow the different Windows binaries to be told apart! Commits 21101c739 and 2eb952ca3 laid the groundwork for this, by allowing the various About boxes to contain free text and also ensuring they could be copied and pasted easily as part of a bug report.
2017-01-21 14:55:53 +00:00
char *buildinfo_text = buildinfo("\n");
printf("pageant: %s\n%s\n", ver, buildinfo_text);
sfree(buildinfo_text);
Return zero when reporting our version. When called with -V to ask for our version, return 0 rather than 1. This is the usual behaviour observed by ssh(1) and other Unix commands. Also use exit() rather than cleanup_exit() in pscp.c and psftp.c ; at this point we have nothing to cleanup!
2017-02-15 19:50:14 +00:00
exit(0);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
}
void keylist_update(void)
{
/* Nothing needs doing in Unix Pageant */
}
#define PAGEANT_DIR_PREFIX "/tmp/pageant"
const char *const appname = "Pageant";
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
static int time_to_die = FALSE;
/* Stub functions to permit linking against x11fwd.c. These never get
* used, because in LIFE_X11 mode we connect to the X server using a
* straightforward Socket and don't try to create an ersatz SSH
* forwarding too. */
Replace enum+union of local channel types with a vtable. There's now an interface called 'Channel', which handles the local side of an SSH connection-layer channel, in terms of knowing where to send incoming channel data to, whether to close the channel, etc. Channel and the previous 'struct ssh_channel' mutually refer. The latter contains all the SSH-specific parts, and as much of the common logic as possible: in particular, Channel doesn't have to know anything about SSH packet formats, or which SSH protocol version is in use, or deal with all the fiddly stuff about window sizes - with the exception that x11fwd.c's implementation of it does have to be able to ask for a small fixed initial window size for the bodgy system that distinguishes upstream from downstream X forwardings. I've taken the opportunity to move the code implementing the detailed behaviour of agent forwarding out of ssh.c, now that all of it is on the far side of a uniform interface. (This also means that if I later implement agent forwarding directly to a Unix socket as an alternative, it'll be a matter of changing just the one call to agentf_new() that makes the Channel to plug into a forwarding.)
2018-09-12 14:03:47 +00:00
void chan_remotely_opened_confirmation(Channel *chan) { }
void chan_remotely_opened_failure(Channel *chan, const char *err) { }
int chan_no_eager_close(Channel *chan, int s, int r) { return FALSE; }
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
/*
* These functions are part of the plug for our connection to the X
* display, so they do get called. They needn't actually do anything,
* except that x11_closing has to signal back to the main loop that
* it's time to terminate.
*/
Get rid of lots of implicit pointer types. All the main backend structures - Ssh, Telnet, Pty, Serial etc - now describe structure types themselves rather than pointers to them. The same goes for the codebase-wide trait types Socket and Plug, and the supporting types SockAddr and Pinger. All those things that were typedefed as pointers are older types; the newer ones have the explicit * at the point of use, because that's what I now seem to be preferring. But whichever one of those is better, inconsistently using a mixture of the two styles is worse, so let's make everything consistent. A few types are still implicitly pointers, such as Bignum and some of the GSSAPI types; generally this is either because they have to be void *, or because they're typedefed differently on different platforms and aren't always pointers at all. Can't be helped. But I've got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
static void x11_log(Plug *p, int type, SockAddr *addr, int port,
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
const char *error_msg, int error_code) {}
Get rid of lots of implicit pointer types. All the main backend structures - Ssh, Telnet, Pty, Serial etc - now describe structure types themselves rather than pointers to them. The same goes for the codebase-wide trait types Socket and Plug, and the supporting types SockAddr and Pinger. All those things that were typedefed as pointers are older types; the newer ones have the explicit * at the point of use, because that's what I now seem to be preferring. But whichever one of those is better, inconsistently using a mixture of the two styles is worse, so let's make everything consistent. A few types are still implicitly pointers, such as Bignum and some of the GSSAPI types; generally this is either because they have to be void *, or because they're typedefed differently on different platforms and aren't always pointers at all. Can't be helped. But I've got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
static void x11_receive(Plug *plug, int urgent, char *data, int len) {}
static void x11_sent(Plug *plug, int bufsize) {}
static void x11_closing(Plug *plug, const char *error_msg, int error_code,
Make plug receive and closing functions return void instead of int. Nothing was paying attention to their return values any more anyway.
2016-06-02 22:03:24 +00:00
int calling_back)
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
{
time_to_die = TRUE;
}
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
struct X11Connection {
Make Socket and Plug into structs. I think that means that _every_ one of my traitoids is now a struct containing a vtable pointer as one of its fields (albeit sometimes the only field), and never just a bare pointer.
2018-10-05 06:24:16 +00:00
Plug plug;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
};
char *socketname;
Support sh/csh syntax switching for Unix Pageant.
2016-03-25 16:43:59 +00:00
static enum { SHELL_AUTO, SHELL_SH, SHELL_CSH } shell_type = SHELL_AUTO;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
void pageant_print_env(int pid)
{
Support sh/csh syntax switching for Unix Pageant.
2016-03-25 16:43:59 +00:00
if (shell_type == SHELL_AUTO) {
/* Same policy as OpenSSH: if $SHELL ends in "csh" then assume
* it's csh-shaped. */
const char *shell = getenv("SHELL");
if (shell && strlen(shell) >= 3 &&
!strcmp(shell + strlen(shell) - 3, "csh"))
shell_type = SHELL_CSH;
else
shell_type = SHELL_SH;
}
/*
* These shell snippets could usefully pay some attention to
* escaping of interesting characters. I don't think it causes a
* problem at the moment, because the pathnames we use are so
* utterly boring, but it's a lurking bug waiting to happen once
* a bit more flexibility turns up.
*/
switch (shell_type) {
case SHELL_SH:
printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n"
"SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n",
socketname, pid);
break;
case SHELL_CSH:
printf("setenv SSH_AUTH_SOCK %s;\n"
"setenv SSH_AGENT_PID %d;\n",
socketname, pid);
break;
case SHELL_AUTO:
assert(0 && "Can't get here");
break;
}
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
}
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
void pageant_fork_and_print_env(int retain_tty)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
pid_t pid = fork();
if (pid == -1) {
perror("fork");
exit(1);
} else if (pid != 0) {
pageant_print_env(pid);
exit(0);
}
/*
* Having forked off, we now daemonise ourselves as best we can.
* It's good practice in general to setsid() ourself out of any
* process group we didn't want to be part of, and to chdir("/")
* to avoid holding any directories open that we don't need in
* case someone wants to umount them; also, we should definitely
* close standard output (because it will very likely be pointing
* at a pipe from which some parent process is trying to read our
* environment variable dump, so if we hold open another copy of
* it then that process will never finish reading). We close
* standard input too on general principles, but not standard
* error, since we might need to shout a panicky error message
* down that one.
*/
if (chdir("/") < 0) {
/* should there be an error condition, nothing we can do about
* it anyway */
}
close(0);
close(1);
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
if (retain_tty) {
/* Get out of our previous process group, to avoid being
* blasted by passing signals. But keep our controlling tty,
* so we can keep checking to see if we still have one. */
setpgrp();
} else {
/* Do that, but also leave our entire session and detach from
* the controlling tty (if any). */
setsid();
}
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
}
int signalpipe[2];
void sigchld(int signum)
{
if (write(signalpipe[1], "x", 1) <= 0)
/* not much we can do about it */;
}
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
#define TTY_LIFE_POLL_INTERVAL (TICKSPERSEC * 30)
void *dummy_timer_ctx;
static void tty_life_timer(void *ctx, unsigned long now)
{
schedule_timer(TTY_LIFE_POLL_INTERVAL, tty_life_timer, &dummy_timer_ctx);
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
typedef enum {
KEYACT_AGENT_LOAD,
KEYACT_CLIENT_ADD,
KEYACT_CLIENT_DEL,
KEYACT_CLIENT_DEL_ALL,
KEYACT_CLIENT_LIST,
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
KEYACT_CLIENT_PUBLIC_OPENSSH,
KEYACT_CLIENT_PUBLIC
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
} keyact;
struct cmdline_key_action {
struct cmdline_key_action *next;
keyact action;
const char *filename;
};
int is_agent_action(keyact action)
{
return action == KEYACT_AGENT_LOAD;
}
struct cmdline_key_action *keyact_head = NULL, *keyact_tail = NULL;
void add_keyact(keyact action, const char *filename)
{
struct cmdline_key_action *a = snew(struct cmdline_key_action);
a->action = action;
a->filename = filename;
a->next = NULL;
if (keyact_tail)
keyact_tail->next = a;
else
keyact_head = a;
keyact_tail = a;
}
Unix Pageant: factor out have_controlling_tty(). I'm going to want to reuse it when deciding on a passphrase-prompting strategy.
2015-05-13 12:54:15 +00:00
int have_controlling_tty(void)
{
int fd = open("/dev/tty", O_RDONLY);
if (fd < 0) {
if (errno != ENXIO) {
perror("/dev/tty: open");
exit(1);
}
return FALSE;
} else {
close(fd);
return TRUE;
}
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
char **exec_args = NULL;
enum {
LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC
} life = LIFE_UNSPEC;
const char *display = NULL;
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
enum {
PROMPT_UNSPEC, PROMPT_TTY, PROMPT_GUI
} prompt_type = PROMPT_UNSPEC;
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
static char *askpass_tty(const char *prompt)
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
{
int ret;
prompts_t *p = new_prompts(NULL);
p->to_server = FALSE;
p->name = dupstr("Pageant passphrase prompt");
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
add_prompt(p, dupcat(prompt, ": ", (const char *)NULL), FALSE);
Remove unused params from console_get_userpass_input. NFC: this is a preliminary refactoring, intended to make my life easier when I start changing around the APIs used to pass user keyboard input around. The fewer functions even _have_ such an API, the less I'll have to do at that point.
2018-05-18 06:22:56 +00:00
ret = console_get_userpass_input(p);
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
assert(ret >= 0);
if (!ret) {
perror("pageant: unable to read passphrase");
free_prompts(p);
return NULL;
} else {
char *passphrase = dupstr(p->prompts[0]->result);
free_prompts(p);
return passphrase;
}
}
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
static char *askpass_gui(const char *prompt)
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
{
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
char *passphrase;
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
int success;
/* in gtkask.c */
char *gtk_askpass_main(const char *display, const char *wintitle,
const char *prompt, int *success);
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
passphrase = gtk_askpass_main(
display, "Pageant passphrase prompt", prompt, &success);
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
if (!success) {
/* return value is error message */
fprintf(stderr, "%s\n", passphrase);
sfree(passphrase);
passphrase = NULL;
}
return passphrase;
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
static char *askpass(const char *prompt)
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
{
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
if (prompt_type == PROMPT_TTY) {
if (!have_controlling_tty()) {
fprintf(stderr, "no controlling terminal available "
"for passphrase prompt\n");
Unix Pageant: implement GUI passphrase prompting. I've written my own analogue of OpenSSH's ssh-askpass. At the moment, it's contained inside Pageant proper, though it could easily be compiled into a standalone binary as well or instead. Unlike OpenSSH's version, I don't use a GTK edit box; instead I just process key events myself and append them to a buffer. The big advantage of doing this is that I can arrange for ^W and ^U to function as they do in terminal line editing, i.e. delete a word or delete the whole line. ^W in particular is really valuable when typing a multiple-word passphrase unseen. If you feel yourself making the kind of typo in which you're not sure if you pressed six keys or just five, you can hit ^W and restart just that word, without either having to go right back to the beginning or carry on and see if you feel lucky. A delete-word function would of course be an information leak in even an obscured edit box (displaying a blob per character), so instead I give a visual acknowledgment of keypresses by a more ad-hoc means: I display three lights in the box, and every meaningful keypress turns off the currently active one and instead turns on a randomly selected one of the others. (So the lit light doesn't even indicate _mod 3_ how many keys have been pressed.)
2015-05-13 12:55:08 +00:00
return NULL;
}
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
return askpass_tty(prompt);
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
}
if (prompt_type == PROMPT_GUI) {
if (!display) {
fprintf(stderr, "no graphical display available "
"for passphrase prompt\n");
return NULL;
Unix Pageant: implement GUI passphrase prompting. I've written my own analogue of OpenSSH's ssh-askpass. At the moment, it's contained inside Pageant proper, though it could easily be compiled into a standalone binary as well or instead. Unlike OpenSSH's version, I don't use a GTK edit box; instead I just process key events myself and append them to a buffer. The big advantage of doing this is that I can arrange for ^W and ^U to function as they do in terminal line editing, i.e. delete a word or delete the whole line. ^W in particular is really valuable when typing a multiple-word passphrase unseen. If you feel yourself making the kind of typo in which you're not sure if you pressed six keys or just five, you can hit ^W and restart just that word, without either having to go right back to the beginning or carry on and see if you feel lucky. A delete-word function would of course be an information leak in even an obscured edit box (displaying a blob per character), so instead I give a visual acknowledgment of keypresses by a more ad-hoc means: I display three lights in the box, and every meaningful keypress turns off the currently active one and instead turns on a randomly selected one of the others. (So the lit light doesn't even indicate _mod 3_ how many keys have been pressed.)
2015-05-13 12:55:08 +00:00
}
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
return askpass_gui(prompt);
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
}
if (have_controlling_tty()) {
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
return askpass_tty(prompt);
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
} else if (display) {
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
return askpass_gui(prompt);
Unix Pageant: implement GUI passphrase prompting. I've written my own analogue of OpenSSH's ssh-askpass. At the moment, it's contained inside Pageant proper, though it could easily be compiled into a standalone binary as well or instead. Unlike OpenSSH's version, I don't use a GTK edit box; instead I just process key events myself and append them to a buffer. The big advantage of doing this is that I can arrange for ^W and ^U to function as they do in terminal line editing, i.e. delete a word or delete the whole line. ^W in particular is really valuable when typing a multiple-word passphrase unseen. If you feel yourself making the kind of typo in which you're not sure if you pressed six keys or just five, you can hit ^W and restart just that word, without either having to go right back to the beginning or carry on and see if you feel lucky. A delete-word function would of course be an information leak in even an obscured edit box (displaying a blob per character), so instead I give a visual acknowledgment of keypresses by a more ad-hoc means: I display three lights in the box, and every meaningful keypress turns off the currently active one and instead turns on a randomly selected one of the others. (So the lit light doesn't even indicate _mod 3_ how many keys have been pressed.)
2015-05-13 12:55:08 +00:00
} else {
fprintf(stderr, "no way to read a passphrase without tty or "
"X display\n");
return NULL;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
}
}
static int unix_add_keyfile(const char *filename_str)
{
Filename *filename = filename_from_str(filename_str);
int status, ret;
char *err;
ret = TRUE;
/*
* Try without a passphrase.
*/
status = pageant_add_keyfile(filename, NULL, &err);
if (status == PAGEANT_ACTION_OK) {
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
ret = FALSE;
goto cleanup;
}
/*
* And now try prompting for a passphrase.
*/
while (1) {
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
char *prompt = dupprintf(
"Enter passphrase to load key '%s'", err);
char *passphrase = askpass(prompt);
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
sfree(err);
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
sfree(prompt);
Unix Pageant: fix a double-free when adding keys. I had freed the comment string coming back from pageant_add_keyfile, but not NULLed out the pointer, so that the cleanup code at the end of the function would have freed it again.
2015-05-13 12:22:44 +00:00
err = NULL;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
if (!passphrase)
break;
status = pageant_add_keyfile(filename, passphrase, &err);
smemclr(passphrase, strlen(passphrase));
sfree(passphrase);
passphrase = NULL;
if (status == PAGEANT_ACTION_OK) {
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
ret = FALSE;
goto cleanup;
}
}
cleanup:
sfree(err);
filename_free(filename);
return ret;
}
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
void key_list_callback(void *ctx, const char *fingerprint,
const char *comment, struct pageant_pubkey *key)
Unix Pageant: first draft of -l key list option. It doesn't look very pretty at the moment, but it lists the keys and gets the fingerprints right.
2015-05-11 17:34:45 +00:00
{
printf("%s %s\n", fingerprint, comment);
}
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
struct key_find_ctx {
const char *string;
int match_fp, match_comment;
struct pageant_pubkey *found;
int nfound;
};
int match_fingerprint_string(const char *string, const char *fingerprint)
{
const char *hash;
/* Find the hash in the fingerprint string. It'll be the word at the end. */
hash = strrchr(fingerprint, ' ');
assert(hash);
hash++;
/* Now see if the search string is a prefix of the full hash,
* neglecting colons and case differences. */
while (1) {
while (*string == ':') string++;
while (*hash == ':') hash++;
if (!*string)
return TRUE;
if (tolower((unsigned char)*string) != tolower((unsigned char)*hash))
return FALSE;
string++;
hash++;
}
}
void key_find_callback(void *vctx, const char *fingerprint,
const char *comment, struct pageant_pubkey *key)
{
struct key_find_ctx *ctx = (struct key_find_ctx *)vctx;
if ((ctx->match_comment && !strcmp(ctx->string, comment)) ||
(ctx->match_fp && match_fingerprint_string(ctx->string, fingerprint)))
{
if (!ctx->found)
ctx->found = pageant_pubkey_copy(key);
ctx->nfound++;
}
}
struct pageant_pubkey *find_key(const char *string, char **retstr)
{
struct key_find_ctx actx, *ctx = &actx;
struct pageant_pubkey key_in, *key_ret;
int try_file = TRUE, try_fp = TRUE, try_comment = TRUE;
int file_errors = FALSE;
/*
* Trim off disambiguating prefixes telling us how to interpret
* the provided string.
*/
if (!strncmp(string, "file:", 5)) {
string += 5;
try_fp = try_comment = FALSE;
file_errors = TRUE; /* also report failure to load the file */
} else if (!strncmp(string, "comment:", 8)) {
string += 8;
try_file = try_fp = FALSE;
} else if (!strncmp(string, "fp:", 3)) {
string += 3;
try_file = try_comment = FALSE;
} else if (!strncmp(string, "fingerprint:", 12)) {
string += 12;
try_file = try_comment = FALSE;
}
/*
* Try interpreting the string as a key file name.
*/
if (try_file) {
Filename *fn = filename_from_str(string);
int keytype = key_type(fn);
if (keytype == SSH_KEYTYPE_SSH1 ||
keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
const char *error;
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
key_in.blob = strbuf_new();
if (!rsa_ssh1_loadpub(fn, BinarySink_UPCAST(key_in.blob),
Clean up the crufty old SSH-1 RSA API. Lots of functions had really generic names (like 'makekey'), or names that missed out an important concept (like 'rsakey_pubblob', which loads a public blob from a _file_ and doesn't generate it from an in-memory representation at all). Also, the opaque 'int order' that distinguishes the two formats of public key blob is now a mnemonic enumeration, and while I'm at it, rsa_ssh1_public_blob takes one of those as an extra argument.
2018-05-24 07:22:44 +00:00
NULL, &error)) {
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
strbuf_free(key_in.blob);
key_in.blob = NULL;
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
if (file_errors) {
*retstr = dupprintf("unable to load file '%s': %s",
string, error);
filename_free(fn);
return NULL;
}
uxpgnt: correct control flow in find_key(). If we try to interpret a string argument as the name of a key file, sometimes we it's in circumstances where we _know_ it's a key file, so we must print an error message and return failure if the file can't be loaded. Other times it's not, and we just fall back to interpreting the argument in some other way (e.g. as a pattern match against the comment or fingerprint of a key already in the agent). My code dealing with failure returns from the public-key loading functions were mishandling the latter case, if they identified a file as existing and looking more or less like some kind of key file but then it turned out to have a format error; they would try to copy and return a public key that they didn't actually have. Even if pageant_pubkey_copy avoided crashing as a result, this would still inhibit the fallback to treating the input string as some other kind of pattern match.
2017-02-15 05:31:30 +00:00
} else {
/*
* If we've successfully loaded the file, stop here - we
* already have a key blob and need not go to the agent to
* list things.
*/
key_in.ssh_version = 1;
key_in.comment = NULL;
key_ret = pageant_pubkey_copy(&key_in);
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
strbuf_free(key_in.blob);
key_in.blob = NULL;
uxpgnt: correct control flow in find_key(). If we try to interpret a string argument as the name of a key file, sometimes we it's in circumstances where we _know_ it's a key file, so we must print an error message and return failure if the file can't be loaded. Other times it's not, and we just fall back to interpreting the argument in some other way (e.g. as a pattern match against the comment or fingerprint of a key already in the agent). My code dealing with failure returns from the public-key loading functions were mishandling the latter case, if they identified a file as existing and looking more or less like some kind of key file but then it turned out to have a format error; they would try to copy and return a public key that they didn't actually have. Even if pageant_pubkey_copy avoided crashing as a result, this would still inhibit the fallback to treating the input string as some other kind of pattern match.
2017-02-15 05:31:30 +00:00
filename_free(fn);
return key_ret;
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
}
} else if (keytype == SSH_KEYTYPE_SSH2 ||
keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
const char *error;
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
key_in.blob = strbuf_new();
if (!ssh2_userkey_loadpub(fn, NULL, BinarySink_UPCAST(key_in.blob),
NULL, &error)) {
strbuf_free(key_in.blob);
key_in.blob = NULL;
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
if (file_errors) {
*retstr = dupprintf("unable to load file '%s': %s",
string, error);
filename_free(fn);
return NULL;
}
uxpgnt: correct control flow in find_key(). If we try to interpret a string argument as the name of a key file, sometimes we it's in circumstances where we _know_ it's a key file, so we must print an error message and return failure if the file can't be loaded. Other times it's not, and we just fall back to interpreting the argument in some other way (e.g. as a pattern match against the comment or fingerprint of a key already in the agent). My code dealing with failure returns from the public-key loading functions were mishandling the latter case, if they identified a file as existing and looking more or less like some kind of key file but then it turned out to have a format error; they would try to copy and return a public key that they didn't actually have. Even if pageant_pubkey_copy avoided crashing as a result, this would still inhibit the fallback to treating the input string as some other kind of pattern match.
2017-02-15 05:31:30 +00:00
} else {
/*
* If we've successfully loaded the file, stop here - we
* already have a key blob and need not go to the agent to
* list things.
*/
key_in.ssh_version = 2;
key_in.comment = NULL;
key_ret = pageant_pubkey_copy(&key_in);
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
strbuf_free(key_in.blob);
key_in.blob = NULL;
uxpgnt: correct control flow in find_key(). If we try to interpret a string argument as the name of a key file, sometimes we it's in circumstances where we _know_ it's a key file, so we must print an error message and return failure if the file can't be loaded. Other times it's not, and we just fall back to interpreting the argument in some other way (e.g. as a pattern match against the comment or fingerprint of a key already in the agent). My code dealing with failure returns from the public-key loading functions were mishandling the latter case, if they identified a file as existing and looking more or less like some kind of key file but then it turned out to have a format error; they would try to copy and return a public key that they didn't actually have. Even if pageant_pubkey_copy avoided crashing as a result, this would still inhibit the fallback to treating the input string as some other kind of pattern match.
2017-02-15 05:31:30 +00:00
filename_free(fn);
return key_ret;
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
}
} else {
if (file_errors) {
*retstr = dupprintf("unable to load key file '%s': %s",
string, key_type_to_str(keytype));
filename_free(fn);
return NULL;
}
}
filename_free(fn);
}
/*
* Failing that, go through the keys in the agent, and match
* against fingerprints and comments as appropriate.
*/
ctx->string = string;
ctx->match_fp = try_fp;
ctx->match_comment = try_comment;
ctx->found = NULL;
ctx->nfound = 0;
if (pageant_enum_keys(key_find_callback, ctx, retstr) ==
PAGEANT_ACTION_FAILURE)
return NULL;
if (ctx->nfound == 0) {
*retstr = dupstr("no key matched");
assert(!ctx->found);
return NULL;
} else if (ctx->nfound > 1) {
*retstr = dupstr("multiple keys matched");
assert(ctx->found);
pageant_pubkey_free(ctx->found);
return NULL;
}
assert(ctx->found);
return ctx->found;
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
void run_client(void)
{
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
const struct cmdline_key_action *act;
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
struct pageant_pubkey *key;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
int errors = FALSE;
Unix Pageant: first draft of -l key list option. It doesn't look very pretty at the moment, but it lists the keys and gets the fingerprints right.
2015-05-11 17:34:45 +00:00
char *retstr;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
Unix Pageant: link in uxagentc.c and uxcons.c. This brings in the code we'll need to request passphrases from the terminal, and to talk to an existing SSH agent as a client. Adding uxcons.c required adjusting the set of stub functions in uxpgnt.c: uxcons.c removed the need for several, but added one of its own (log_eventlog). A net win, though.
2015-05-11 16:56:51 +00:00
if (!agent_exists()) {
fprintf(stderr, "pageant: no agent running to talk to\n");
exit(1);
}
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
for (act = keyact_head; act; act = act->next) {
switch (act->action) {
case KEYACT_CLIENT_ADD:
if (!unix_add_keyfile(act->filename))
errors = TRUE;
break;
Unix Pageant: first draft of -l key list option. It doesn't look very pretty at the moment, but it lists the keys and gets the fingerprints right.
2015-05-11 17:34:45 +00:00
case KEYACT_CLIENT_LIST:
if (pageant_enum_keys(key_list_callback, NULL, &retstr) ==
PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: listing keys: %s\n", retstr);
sfree(retstr);
errors = TRUE;
}
break;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
case KEYACT_CLIENT_DEL:
Unix Pageant: support -d, to delete a key from the agent. Unlike ssh-add, we can identify the key by its comment or by a prefix of its fingerprint as well as using a public key file on disk. The string given as an argument to -d is interpreted as whichever of those things matches; disambiguating prefixes are available if needed.
2015-05-12 12:27:33 +00:00
key = NULL;
if (!(key = find_key(act->filename, &retstr)) ||
pageant_delete_key(key, &retstr) == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: deleting key '%s': %s\n",
act->filename, retstr);
sfree(retstr);
errors = TRUE;
}
if (key)
pageant_pubkey_free(key);
break;
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
case KEYACT_CLIENT_PUBLIC_OPENSSH:
case KEYACT_CLIENT_PUBLIC:
key = NULL;
if (!(key = find_key(act->filename, &retstr))) {
fprintf(stderr, "pageant: finding key '%s': %s\n",
act->filename, retstr);
sfree(retstr);
errors = TRUE;
} else {
FILE *fp = stdout; /* FIXME: add a -o option? */
if (key->ssh_version == 1) {
Remove obsolete functions. There are several old functions that the previous commits have removed all, or nearly all, of the references to. match_ssh_id is superseded by ptrlen_eq_string; get_ssh_{string,uint32} is yet another replicated set of decode functions (this time _partly_ centralised into misc.c); the old APIs for the SSH-1 RSA decode functions are gone (together with their last couple of holdout clients), as are ssh{1,2}_{read,write}_bignum and ssh{1,2}_bignum_length. Particularly odd was the use of ssh1_{read,write}_bignum in the SSH-2 Diffie-Hellman implementation. I'd completely forgotten I did that! Now replaced with a raw bignum_from_bytes, which is simpler anyway.
2018-05-29 19:36:21 +00:00
BinarySource src[1];
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
struct RSAKey rkey;
Remove obsolete functions. There are several old functions that the previous commits have removed all, or nearly all, of the references to. match_ssh_id is superseded by ptrlen_eq_string; get_ssh_{string,uint32} is yet another replicated set of decode functions (this time _partly_ centralised into misc.c); the old APIs for the SSH-1 RSA decode functions are gone (together with their last couple of holdout clients), as are ssh{1,2}_{read,write}_bignum and ssh{1,2}_bignum_length. Particularly odd was the use of ssh1_{read,write}_bignum in the SSH-2 Diffie-Hellman implementation. I'd completely forgotten I did that! Now replaced with a raw bignum_from_bytes, which is simpler anyway.
2018-05-29 19:36:21 +00:00
BinarySource_BARE_INIT(src, key->blob->u, key->blob->len);
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
memset(&rkey, 0, sizeof(rkey));
rkey.comment = dupstr(key->comment);
Remove 'keystr' parameter in get_rsa_ssh1_pub. This parameter returned a substring of the input, which was used for two purposes. Firstly, it was used to hash the host and server keys during the initial SSH-1 key setup phase; secondly, it was used to check the keys in Pageant against the public key blob of a key specified on the command line. Unfortunately, those two purposes didn't agree! The first one needs just the bare key modulus bytes (without even the SSH-1 mpint length header); the second needs the entire key blob. So, actually, it seems to have never worked in SSH-1 to say 'putty -i keyfile' and have PuTTY find that key in Pageant and not have to ask for the passphrase to decrypt the version on disk. Fixed by removing that parameter completely, which simplifies all the _other_ call sites, and replacing it by custom code in those two places that each does the actually right thing.
2018-06-03 07:23:07 +00:00
get_rsa_ssh1_pub(src, &rkey, RSA_SSH1_EXPONENT_FIRST);
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
ssh1_write_pubkey(fp, &rkey);
freersakey(&rkey);
} else {
Change ssh.h crypto APIs to output to BinarySink. This affects all the functions that generate public and private key and signature blobs of all kinds, plus ssh_ecdhkex_getpublic. Instead of returning a bare block of memory and taking an extra 'int *length' parameter, all these functions now write to a BinarySink, and it's the caller's job to have prepared an appropriate one where they want the output to go (usually a strbuf). The main value of this change is that those blob-generation functions were chock full of ad-hoc length-counting and data marshalling. You have only to look at rsa2_{public,private}_blob, for example, to see the kind of thing I was keen to get rid of!
2018-05-24 09:59:39 +00:00
ssh2_write_pubkey(fp, key->comment,
key->blob->u,
key->blob->len,
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
(act->action == KEYACT_CLIENT_PUBLIC ?
SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 :
SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH));
}
pageant_pubkey_free(key);
}
break;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
case KEYACT_CLIENT_DEL_ALL:
Unix Pageant: support -D, to delete all keys.
2015-05-12 13:55:44 +00:00
if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: deleting all keys: %s\n", retstr);
sfree(retstr);
errors = TRUE;
}
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
break;
default:
assert(0 && "Invalid client action found");
}
}
if (errors)
exit(1);
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
}
Name vtable structure types more consistently. Now they're all called FooVtable, instead of a mixture of that and Foo_vtable.
2018-10-05 06:03:46 +00:00
static const PlugVtable X11Connection_plugvt = {
Modernise the Socket/Plug vtable system. Now I've got FROMFIELD, I can rework it so that structures providing an implementation of the Socket or Plug trait no longer have to have the vtable pointer as the very first thing in the structure. In particular, this means that the ProxySocket structure can now directly implement _both_ the Socket and Plug traits, which is always _logically_ how it's worked, but previously it had to be implemented via two separate structs linked to each other.
2018-05-27 08:29:33 +00:00
x11_log,
x11_closing,
x11_receive,
x11_sent,
NULL
};
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
void run_agent(void)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
{
const char *err;
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
char *username, *socketdir;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
struct pageant_listen_state *pl;
Get rid of lots of implicit pointer types. All the main backend structures - Ssh, Telnet, Pty, Serial etc - now describe structure types themselves rather than pointers to them. The same goes for the codebase-wide trait types Socket and Plug, and the supporting types SockAddr and Pinger. All those things that were typedefed as pointers are older types; the newer ones have the explicit * at the point of use, because that's what I now seem to be preferring. But whichever one of those is better, inconsistently using a mixture of the two styles is worse, so let's make everything consistent. A few types are still implicitly pointers, such as Bignum and some of the GSSAPI types; generally this is either because they have to be void *, or because they're typedefed differently on different platforms and aren't always pointers at all. Can't be helped. But I've got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
Plug *pl_plug;
Socket *sock;
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
unsigned long now;
int *fdlist;
int fd;
int i, fdcount, fdsize, fdstate;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
int termination_pid = -1;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
int errors = FALSE;
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
Conf *conf;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
const struct cmdline_key_action *act;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
fdlist = NULL;
fdcount = fdsize = 0;
Unix Pageant: support loading keys. You can now load keys at Pageant init time, by putting the key file names as bare arguments on the command line, e.g. 'pageant -T key.ppk' or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk' behaves more or less like ssh-add, contacting an existing agent to add the key. The askpass() function currently supports terminal-based prompting only. X11 askpass is yet to be implemented.
2015-05-11 16:58:55 +00:00
pageant_init();
/*
* Start by loading any keys provided on the command line.
*/
for (act = keyact_head; act; act = act->next) {
assert(act->action == KEYACT_AGENT_LOAD);
if (!unix_add_keyfile(act->filename))
errors = TRUE;
}
if (errors)
exit(1);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
/*
* Set up a listening socket and run Pageant on it.
*/
username = get_username();
socketdir = dupprintf("%s.%s", PAGEANT_DIR_PREFIX, username);
sfree(username);
assert(*socketdir == '/');
if ((err = make_dir_and_check_ours(socketdir)) != NULL) {
fprintf(stderr, "pageant: %s: %s\n", socketdir, err);
exit(1);
}
socketname = dupprintf("%s/pageant.%d", socketdir, (int)getpid());
Modernise the Socket/Plug vtable system. Now I've got FROMFIELD, I can rework it so that structures providing an implementation of the Socket or Plug trait no longer have to have the vtable pointer as the very first thing in the structure. In particular, this means that the ProxySocket structure can now directly implement _both_ the Socket and Plug traits, which is always _logically_ how it's worked, but previously it had to be implemented via two separate structs linked to each other.
2018-05-27 08:29:33 +00:00
pl = pageant_listener_new(&pl_plug);
sock = new_unix_listener(unix_sock_addr(socketname), pl_plug);
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
if ((err = sk_socket_error(sock)) != NULL) {
fprintf(stderr, "pageant: %s: %s\n", socketname, err);
exit(1);
}
pageant_listener_got_socket(pl, sock);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
conf = conf_new();
conf_set_int(conf, CONF_proxy_type, PROXY_NONE);
/*
* Lifetime preparations.
*/
signalpipe[0] = signalpipe[1] = -1;
if (life == LIFE_X11) {
struct X11Display *disp;
void *greeting;
int greetinglen;
Get rid of lots of implicit pointer types. All the main backend structures - Ssh, Telnet, Pty, Serial etc - now describe structure types themselves rather than pointers to them. The same goes for the codebase-wide trait types Socket and Plug, and the supporting types SockAddr and Pinger. All those things that were typedefed as pointers are older types; the newer ones have the explicit * at the point of use, because that's what I now seem to be preferring. But whichever one of those is better, inconsistently using a mixture of the two styles is worse, so let's make everything consistent. A few types are still implicitly pointers, such as Bignum and some of the GSSAPI types; generally this is either because they have to be void *, or because they're typedefed differently on different platforms and aren't always pointers at all. Can't be helped. But I've got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
Socket *s;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
struct X11Connection *conn;
if (!display) {
fprintf(stderr, "pageant: no DISPLAY for -X mode\n");
exit(1);
}
disp = x11_setup_display(display, conf);
conn = snew(struct X11Connection);
Make Socket and Plug into structs. I think that means that _every_ one of my traitoids is now a struct containing a vtable pointer as one of its fields (albeit sometimes the only field), and never just a bare pointer.
2018-10-05 06:24:16 +00:00
conn->plug.vt = &X11Connection_plugvt;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
s = new_connection(sk_addr_dup(disp->addr),
disp->realhost, disp->port,
Make Socket and Plug into structs. I think that means that _every_ one of my traitoids is now a struct containing a vtable pointer as one of its fields (albeit sometimes the only field), and never just a bare pointer.
2018-10-05 06:24:16 +00:00
0, 1, 0, 0, &conn->plug, conf);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
if ((err = sk_socket_error(s)) != NULL) {
fprintf(stderr, "pageant: unable to connect to X server: %s", err);
exit(1);
}
greeting = x11_make_greeting('B', 11, 0, disp->localauthproto,
disp->localauthdata,
disp->localauthdatalen,
NULL, 0, &greetinglen);
sk_write(s, greeting, greetinglen);
smemclr(greeting, greetinglen);
sfree(greeting);
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
pageant_fork_and_print_env(FALSE);
} else if (life == LIFE_TTY) {
schedule_timer(TTY_LIFE_POLL_INTERVAL,
tty_life_timer, &dummy_timer_ctx);
pageant_fork_and_print_env(TRUE);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
} else if (life == LIFE_PERM) {
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
pageant_fork_and_print_env(FALSE);
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
} else if (life == LIFE_DEBUG) {
pageant_print_env(getpid());
Put proper logging into Pageant. Now it actually logs all its requests and responses, the fingerprints of keys mentioned in all messages, and so on. I've also added the -v option, which causes Pageant in any mode to direct that logging information to standard error. In --debug mode, however, the logging output goes to standard output instead (because when debugging, that information changes from a side effect to the thing you actually wanted in the first place :-). An internal tweak: the logging functions now take a va_list rather than an actual variadic argument list, so that I can pass it through several functions.
2015-05-06 18:32:26 +00:00
pageant_logfp = stdout;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
} else if (life == LIFE_EXEC) {
pid_t agentpid, pid;
agentpid = getpid();
/*
* Set up the pipe we'll use to tell us about SIGCHLD.
*/
if (pipe(signalpipe) < 0) {
perror("pipe");
exit(1);
}
putty_signal(SIGCHLD, sigchld);
pid = fork();
if (pid < 0) {
perror("fork");
exit(1);
} else if (pid == 0) {
setenv("SSH_AUTH_SOCK", socketname, TRUE);
setenv("SSH_AGENT_PID", dupprintf("%d", (int)agentpid), TRUE);
execvp(exec_args[0], exec_args);
perror("exec");
_exit(127);
} else {
termination_pid = pid;
}
}
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
/*
* Now we've decided on our logging arrangements, pass them on to
* pageant.c.
*/
pageant_listener_set_logfn(pl, NULL, pageant_logfp ? pageant_log : NULL);
Put proper logging into Pageant. Now it actually logs all its requests and responses, the fingerprints of keys mentioned in all messages, and so on. I've also added the -v option, which causes Pageant in any mode to direct that logging information to standard error. In --debug mode, however, the logging output goes to standard output instead (because when debugging, that information changes from a side effect to the thing you actually wanted in the first place :-). An internal tweak: the logging functions now take a va_list rather than an actual variadic argument list, so that I can pass it through several functions.
2015-05-06 18:32:26 +00:00
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
now = GETTICKCOUNT();
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
while (!time_to_die) {
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
fd_set rset, wset, xset;
int maxfd;
int rwx;
int ret;
unsigned long next;
FD_ZERO(&rset);
FD_ZERO(&wset);
FD_ZERO(&xset);
maxfd = 0;
if (signalpipe[0] >= 0) {
FD_SET_MAX(signalpipe[0], maxfd, rset);
}
/* Count the currently active fds. */
i = 0;
for (fd = first_fd(&fdstate, &rwx); fd >= 0;
fd = next_fd(&fdstate, &rwx)) i++;
/* Expand the fdlist buffer if necessary. */
if (i > fdsize) {
fdsize = i + 16;
fdlist = sresize(fdlist, fdsize, int);
}
/*
* Add all currently open fds to the select sets, and store
* them in fdlist as well.
*/
fdcount = 0;
for (fd = first_fd(&fdstate, &rwx); fd >= 0;
fd = next_fd(&fdstate, &rwx)) {
fdlist[fdcount++] = fd;
if (rwx & 1)
FD_SET_MAX(fd, maxfd, rset);
if (rwx & 2)
FD_SET_MAX(fd, maxfd, wset);
if (rwx & 4)
FD_SET_MAX(fd, maxfd, xset);
}
if (toplevel_callback_pending()) {
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 0;
ret = select(maxfd, &rset, &wset, &xset, &tv);
} else if (run_timers(now, &next)) {
unsigned long then;
long ticks;
struct timeval tv;
then = now;
now = GETTICKCOUNT();
if (now - then > next - then)
ticks = 0;
else
ticks = next - now;
tv.tv_sec = ticks / 1000;
tv.tv_usec = ticks % 1000 * 1000;
ret = select(maxfd, &rset, &wset, &xset, &tv);
if (ret == 0)
now = next;
else
now = GETTICKCOUNT();
} else {
ret = select(maxfd, &rset, &wset, &xset, NULL);
}
if (ret < 0 && errno == EINTR)
continue;
if (ret < 0) {
perror("select");
exit(1);
}
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
if (life == LIFE_TTY) {
/*
* Every time we wake up (whether it was due to tty_timer
* elapsing or for any other reason), poll to see if we
* still have a controlling terminal. If we don't, then
* our containing tty session has ended, so it's time to
* clean up and leave.
*/
Unix Pageant: factor out have_controlling_tty(). I'm going to want to reuse it when deciding on a passphrase-prompting strategy.
2015-05-13 12:54:15 +00:00
if (!have_controlling_tty()) {
Unix Pageant: -T option, tying lifetime to controlling tty. This is intended to be a useful mode when you want to run an ssh agent in a terminal session with no X11 available. You just execute a command along the lines of eval $(pageant -T), and then Pageant will run in the background for the rest of that terminal session - and when the terminal session ends, so that Pageant loses its controlling tty, it will take that as the signal to shut down. So, no need to manually kill it, and unlike 'pageant --exec $SHELL', you can also do this half way through a session if you don't realise until later that you need an SSH agent, without losing any shell command history or other shell context that you've accumulated so far in the session. Unfortunately, I haven't been able to find any reliable way to actually implement this -T mode, short of having Pageant wake up at regular intervals and try to open /dev/tty to see if it's still there. I had hoped that I could arrange to reliably get SIGHUP, or select on /dev/tty for exceptional conditions, or some such, but nothing I've tried along those lines seems to work.
2015-05-08 18:50:48 +00:00
time_to_die = TRUE;
break;
}
}
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
for (i = 0; i < fdcount; i++) {
fd = fdlist[i];
/*
* We must process exceptional notifications before
* ordinary readability ones, or we may go straight
* past the urgent marker.
*/
if (FD_ISSET(fd, &xset))
select_result(fd, 4);
if (FD_ISSET(fd, &rset))
select_result(fd, 1);
if (FD_ISSET(fd, &wset))
select_result(fd, 2);
}
if (signalpipe[0] >= 0 && FD_ISSET(signalpipe[0], &rset)) {
char c[1];
if (read(signalpipe[0], c, 1) <= 0)
/* ignore error */;
/* ignore its value; it'll be `x' */
while (1) {
int status;
pid_t pid;
pid = waitpid(-1, &status, WNOHANG);
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
if (pid <= 0)
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
break;
if (pid == termination_pid)
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
time_to_die = TRUE;
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
}
}
run_toplevel_callbacks();
}
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
/*
* When we come here, we're terminating, and should clean up our
* Unix socket file if possible.
*/
if (unlink(socketname) < 0) {
fprintf(stderr, "pageant: %s: %s\n", socketname, strerror(errno));
exit(1);
}
Add an assortment of missing frees and closes. Coverity's resource-leak checker is on the ball as usual.
2017-02-14 20:42:26 +00:00
conf_free(conf);
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
}
int main(int argc, char **argv)
{
int doing_opts = TRUE;
keyact curr_keyact = KEYACT_AGENT_LOAD;
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
const char *standalone_askpass_prompt = NULL;
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
/*
* Process the command line.
*/
while (--argc > 0) {
char *p = *++argv;
if (*p == '-' && doing_opts) {
if (!strcmp(p, "-V") || !strcmp(p, "--version")) {
version();
} else if (!strcmp(p, "--help")) {
usage();
exit(0);
} else if (!strcmp(p, "-v")) {
pageant_logfp = stderr;
} else if (!strcmp(p, "-a")) {
curr_keyact = KEYACT_CLIENT_ADD;
} else if (!strcmp(p, "-d")) {
curr_keyact = KEYACT_CLIENT_DEL;
Support sh/csh syntax switching for Unix Pageant.
2016-03-25 16:43:59 +00:00
} else if (!strcmp(p, "-s")) {
shell_type = SHELL_SH;
} else if (!strcmp(p, "-c")) {
shell_type = SHELL_CSH;
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
} else if (!strcmp(p, "-D")) {
add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
} else if (!strcmp(p, "-l")) {
add_keyact(KEYACT_CLIENT_LIST, NULL);
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
} else if (!strcmp(p, "--public")) {
curr_keyact = KEYACT_CLIENT_PUBLIC;
Unix Pageant: add alias '-L' for '--private-openssh'. Matches the -L option in Unix PuTTYgen, and is much easier to type.
2018-06-03 14:38:57 +00:00
} else if (!strcmp(p, "--public-openssh") || !strcmp(p, "-L")) {
Unix Pageant: provide public-key extraction options. I've decided against implementing an option exactly analogous to 'ssh-add -L' (printing the full public key of everything in the agent). Instead, you can identify a specific key to display in full, by any of the same means -d lets you use, and then print it in either of the public key formats we support.
2015-05-12 13:48:32 +00:00
curr_keyact = KEYACT_CLIENT_PUBLIC_OPENSSH;
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
} else if (!strcmp(p, "-X")) {
life = LIFE_X11;
} else if (!strcmp(p, "-T")) {
life = LIFE_TTY;
} else if (!strcmp(p, "--debug")) {
life = LIFE_DEBUG;
} else if (!strcmp(p, "--permanent")) {
life = LIFE_PERM;
} else if (!strcmp(p, "--exec")) {
life = LIFE_EXEC;
/* Now all subsequent arguments go to the exec command. */
if (--argc > 0) {
exec_args = ++argv;
argc = 0; /* force end of option processing */
} else {
fprintf(stderr, "pageant: expected a command "
"after --exec\n");
exit(1);
}
Unix Pageant: options to select askpass type. Mostly for debugging purposes, because I'm tired of having to use 'setsid' to force Pageant to select the GUI passphrase prompt when I'm trying to fix bugs in gtkask.c. But I can also imagine situations in which the ability to force a GUI prompt window might be useful to end users, for example if the process does _technically_ have a controlling terminal but it's not a user-visible one (say, in the back end of some automation tool like expect(1)). For symmetry, I also provide an option to force the tty prompt. That's less obviously useful, because that's already the preferred prompt type when both methods are available - so the only use for it would be if you wanted to ensure that Pageant didn't _accidentally_ try to launch a GUI prompt, and aborted with an error if it couldn't use a tty prompt.
2018-05-14 06:36:05 +00:00
} else if (!strcmp(p, "--tty-prompt")) {
prompt_type = PROMPT_TTY;
} else if (!strcmp(p, "--gui-prompt")) {
prompt_type = PROMPT_GUI;
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
} else if (!strcmp(p, "--askpass")) {
if (--argc > 0) {
standalone_askpass_prompt = *++argv;
} else {
fprintf(stderr, "pageant: expected a prompt message "
"after --askpass\n");
exit(1);
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
} else if (!strcmp(p, "--")) {
doing_opts = FALSE;
}
} else {
/*
* Non-option arguments (apart from those after --exec,
* which are treated specially above) are interpreted as
* the names of private key files to either add or delete
* from an agent.
*/
add_keyact(curr_keyact, p);
}
}
if (life == LIFE_EXEC && !exec_args) {
fprintf(stderr, "pageant: expected a command with --exec\n");
exit(1);
}
Unix Pageant: option to behave like ssh-askpass. Since Pageant contains its own passphrase prompt system rather than delegating it to another process, it's not trivial to use it in other contexts. But having gone to the effort of coming up with my own askpass system that (I think) does a better job at not revealing the length of the password, I _want_ to use it in other contexts where a GUI passphrase or password prompt is needed. Solution: an --askpass option.
2018-05-14 07:08:34 +00:00
if (!display) {
display = getenv("DISPLAY");
if (display && !*display)
display = NULL;
}
/*
* Deal with standalone-askpass mode.
*/
if (standalone_askpass_prompt) {
char *passphrase = askpass(standalone_askpass_prompt);
if (!passphrase)
return 1;
puts(passphrase);
smemclr(passphrase, strlen(passphrase));
sfree(passphrase);
return 0;
}
Unix Pageant: prepare to add client-side modes. I've moved the setup and running of the actual agent server into run_agent(), so that main() is now only command-line parsing and validation. We recognise a collection of new command-line options for talking to an existing agent as a client (analogous to ssh-add), which go to a new run_client() function, but I haven't filled in that function itself yet.
2015-05-11 16:56:37 +00:00
/*
* Block SIGPIPE, so that we'll get EPIPE individually on
* particular network connections that go wrong.
*/
putty_signal(SIGPIPE, SIG_IGN);
sk_init();
uxsel_init();
/*
* Now distinguish our two main running modes. Either we're
* actually starting up an agent, in which case we should have a
* lifetime mode, and no key actions of KEYACT_CLIENT_* type; or
* else we're contacting an existing agent to add or remove keys,
* in which case we should have no lifetime mode, and no key
* actions of KEYACT_AGENT_* type.
*/
{
int has_agent_actions = FALSE;
int has_client_actions = FALSE;
int has_lifetime = FALSE;
const struct cmdline_key_action *act;
for (act = keyact_head; act; act = act->next) {
if (is_agent_action(act->action))
has_agent_actions = TRUE;
else
has_client_actions = TRUE;
}
if (life != LIFE_UNSPEC)
has_lifetime = TRUE;
if (has_lifetime && has_client_actions) {
fprintf(stderr, "pageant: client key actions (-a, -d, -D, -l, -L)"
" do not go with an agent lifetime option\n");
exit(1);
}
if (!has_lifetime && has_agent_actions) {
fprintf(stderr, "pageant: expected an agent lifetime option with"
" bare key file arguments\n");
exit(1);
}
if (!has_lifetime && !has_client_actions) {
fprintf(stderr, "pageant: expected an agent lifetime option"
" or a client key action\n");
exit(1);
}
if (has_lifetime) {
run_agent();
} else if (has_client_actions) {
run_client();
}
}
Clean up Unix Pageant's setup and teardown. I've moved the listening socket setup back to before the lifetime preparations, so in particular we find out that we couldn't bind to the socket _before_ we fork. The only part that really needed to come after lifetime setup was the logging setup, so that's now a separate function called later. Also, the random exit(0)s in silly places like x11_closing have turned into setting a time_to_die flag, so that all clean exits funnel back to the end of main() which at least tries to tidy up a bit afterwards. (Finally, fixed a small bug in testing the return value of waitpid(), which only showed up once we didn't exit(0) after the first wait. Ahem.)
2015-05-07 18:04:25 +00:00
Provide a Unix port of Pageant. This is much more like ssh-agent than the Windows version is - it sets SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other processes, rather than Windows Pageant's approach of establishing itself in a well-known location. But the actual agent code is the same as Windows Pageant. For the moment, this is an experimental utility and I don't expect it to be useful to many people; its immediate use to me is that it provides a way to test and debug the agent code on Unix, and also to use the agent interface as a convenient way to exercise public key functions I want to debug. And of course it means I can be constantly using and testing my own code, on whatever platform I happen to be using. In the further future, I have a list of possible features I might add to it, but I don't know which ones I'll decide are worthwhile. One feature I've already put in is a wider range of lifetime management options than ssh-agent: the -X mode causes Pageant to make a connection to your X display, and automatically terminate when that connection closes, so that it has the same lifetime as your X session without having to do the cumbersome trick of exec()ing the subsequent session-management process.
2015-05-05 19:16:23 +00:00
return 0;
}
Reference in New Issue Copy Permalink