2015-05-05 19:16:19 +00:00
|
|
|
/*
|
|
|
|
* pageant.h: header for pageant.c.
|
|
|
|
*/
|
|
|
|
|
2015-05-06 18:32:26 +00:00
|
|
|
#include <stdarg.h>
|
|
|
|
|
2015-05-05 19:16:19 +00:00
|
|
|
/*
|
2018-07-08 16:04:12 +00:00
|
|
|
* Upper limit on length of any agent message. Used as a basic sanity
|
|
|
|
* check on messages' length fields, and used by the Windows Pageant
|
|
|
|
* client IPC to decide how large a file mapping to allocate.
|
2015-05-05 19:16:19 +00:00
|
|
|
*/
|
2018-07-08 16:04:12 +00:00
|
|
|
#define AGENT_MAX_MSGLEN 262144
|
2015-05-05 19:16:19 +00:00
|
|
|
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
typedef struct PageantClientVtable PageantClientVtable;
|
|
|
|
typedef struct PageantClient PageantClient;
|
|
|
|
typedef struct PageantClientInfo PageantClientInfo;
|
|
|
|
typedef struct PageantClientRequestId PageantClientRequestId;
|
2020-01-20 21:22:33 +00:00
|
|
|
typedef struct PageantClientDialogId PageantClientDialogId;
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
struct PageantClient {
|
|
|
|
const struct PageantClientVtable *vt;
|
|
|
|
PageantClientInfo *info; /* used by the central Pageant code */
|
|
|
|
|
|
|
|
/* Setting this flag prevents the 'log' vtable entry from ever
|
|
|
|
* being called, so that it's safe to make it NULL. This also
|
|
|
|
* allows optimisations in the core code (it can avoid entire
|
|
|
|
* loops that are only used for logging purposes). So you can also
|
|
|
|
* set it dynamically if you find out at run time that you're not
|
|
|
|
* doing logging. */
|
|
|
|
bool suppress_logging;
|
|
|
|
};
|
|
|
|
struct PageantClientVtable {
|
|
|
|
void (*log)(PageantClient *pc, PageantClientRequestId *reqid,
|
|
|
|
const char *fmt, va_list ap);
|
|
|
|
void (*got_response)(PageantClient *pc, PageantClientRequestId *reqid,
|
|
|
|
ptrlen response);
|
2020-01-20 21:22:33 +00:00
|
|
|
bool (*ask_passphrase)(PageantClient *pc, PageantClientDialogId *dlgid,
|
2021-04-02 09:49:18 +00:00
|
|
|
const char *key_comment);
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static inline void pageant_client_log_v(
|
|
|
|
PageantClient *pc, PageantClientRequestId *reqid,
|
|
|
|
const char *fmt, va_list ap)
|
|
|
|
{
|
|
|
|
if (!pc->suppress_logging)
|
|
|
|
pc->vt->log(pc, reqid, fmt, ap);
|
|
|
|
}
|
2020-01-26 14:49:31 +00:00
|
|
|
static inline PRINTF_LIKE(3, 4) void pageant_client_log(
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
PageantClient *pc, PageantClientRequestId *reqid, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
if (!pc->suppress_logging) {
|
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
|
|
pc->vt->log(pc, reqid, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
static inline void pageant_client_got_response(
|
|
|
|
PageantClient *pc, PageantClientRequestId *reqid, ptrlen response)
|
|
|
|
{ pc->vt->got_response(pc, reqid, response); }
|
2020-01-20 21:22:33 +00:00
|
|
|
static inline bool pageant_client_ask_passphrase(
|
2021-04-02 09:49:18 +00:00
|
|
|
PageantClient *pc, PageantClientDialogId *dlgid, const char *comment)
|
|
|
|
{ return pc->vt->ask_passphrase(pc, dlgid, comment); }
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
|
|
|
|
/* PageantClientRequestId is used to match up responses to the agent
|
|
|
|
* requests they refer to. A client may allocate one of these for each
|
|
|
|
* call to pageant_handle_request, (probably as a subfield of some
|
|
|
|
* larger struct on the client side) and expect the same pointer to be
|
|
|
|
* passed back in pageant_client_got_response. */
|
|
|
|
struct PageantClientRequestId { int unused_; };
|
2015-05-06 18:32:26 +00:00
|
|
|
|
2015-05-05 19:16:19 +00:00
|
|
|
/*
|
|
|
|
* Initial setup.
|
|
|
|
*/
|
|
|
|
void pageant_init(void);
|
|
|
|
|
|
|
|
/*
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
* Register and unregister PageantClients. This is necessary so that
|
|
|
|
* when a PageantClient goes away, any unfinished asynchronous
|
|
|
|
* requests can be cleaned up.
|
2015-05-05 19:16:19 +00:00
|
|
|
*
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
* pageant_register_client will fill in pc->id. The client itself
|
|
|
|
* should not touch that field.
|
2015-05-05 19:16:19 +00:00
|
|
|
*/
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
void pageant_register_client(PageantClient *pc);
|
|
|
|
void pageant_unregister_client(PageantClient *pc);
|
2015-05-05 19:16:19 +00:00
|
|
|
|
|
|
|
/*
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
* The main agent function that answers messages.
|
|
|
|
*
|
|
|
|
* Expects a message/length pair as input, minus its initial length
|
|
|
|
* field but still with its type code on the front.
|
2018-05-24 12:23:17 +00:00
|
|
|
*
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
* When a response is ready, the got_response method in the
|
|
|
|
* PageantClient vtable will be passed it in the form of a ptrlen,
|
|
|
|
* again minus its length field.
|
2015-05-05 19:16:19 +00:00
|
|
|
*/
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
void pageant_handle_msg(PageantClient *pc, PageantClientRequestId *reqid,
|
|
|
|
ptrlen msg);
|
2015-05-05 19:16:19 +00:00
|
|
|
|
2020-01-20 21:22:33 +00:00
|
|
|
/*
|
|
|
|
* Send the core Pageant code a response to a passphrase request.
|
|
|
|
*/
|
|
|
|
void pageant_passphrase_request_success(PageantClientDialogId *dlgid,
|
|
|
|
ptrlen passphrase);
|
|
|
|
void pageant_passphrase_request_refused(PageantClientDialogId *dlgid);
|
|
|
|
|
2015-05-05 19:16:19 +00:00
|
|
|
/*
|
|
|
|
* Construct a list of public keys, just as the two LIST_IDENTITIES
|
|
|
|
* requests would have returned them.
|
|
|
|
*/
|
2018-05-24 12:23:17 +00:00
|
|
|
void pageant_make_keylist1(BinarySink *);
|
|
|
|
void pageant_make_keylist2(BinarySink *);
|
2015-05-05 19:16:19 +00:00
|
|
|
|
|
|
|
/*
|
2021-04-02 10:39:01 +00:00
|
|
|
* Accessor functions for Pageant's internal key lists, used by GUI
|
2021-04-04 08:42:00 +00:00
|
|
|
* Pageant, to count the keys, to delete a key, or to re-encrypt a
|
|
|
|
* decrypted-on-demand key (SSH-2 only).
|
2015-05-05 19:16:19 +00:00
|
|
|
*/
|
|
|
|
int pageant_count_ssh1_keys(void);
|
|
|
|
int pageant_count_ssh2_keys(void);
|
2021-04-02 10:30:18 +00:00
|
|
|
bool pageant_delete_nth_ssh1_key(int i);
|
|
|
|
bool pageant_delete_nth_ssh2_key(int i);
|
2021-04-04 08:42:00 +00:00
|
|
|
bool pageant_reencrypt_nth_ssh2_key(int i);
|
2021-04-04 09:02:24 +00:00
|
|
|
void pageant_delete_all(void);
|
|
|
|
void pageant_reencrypt_all(void);
|
2015-05-05 19:16:19 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This callback must be provided by the Pageant front end code.
|
|
|
|
* pageant_handle_msg calls it to indicate that the message it's just
|
|
|
|
* handled has changed the list of keys held by the agent. Front ends
|
|
|
|
* which expose that key list through dedicated UI may need to refresh
|
|
|
|
* that UI's state in this function; other front ends can leave it
|
|
|
|
* empty.
|
|
|
|
*/
|
|
|
|
void keylist_update(void);
|
2015-05-05 19:16:20 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Functions to establish a listening socket speaking the SSH agent
|
|
|
|
* protocol. Call pageant_listener_new() to set up a state; then
|
2018-05-27 08:29:33 +00:00
|
|
|
* create a socket using the returned Plug; then call
|
2015-05-05 19:16:20 +00:00
|
|
|
* pageant_listener_got_socket() to give the listening state its own
|
2015-05-07 18:04:25 +00:00
|
|
|
* socket pointer. Also, provide a logging function later if you want
|
|
|
|
* to.
|
2015-05-05 19:16:20 +00:00
|
|
|
*/
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
typedef struct PageantListenerClientVtable PageantListenerClientVtable;
|
|
|
|
typedef struct PageantListenerClient PageantListenerClient;
|
|
|
|
struct PageantListenerClient {
|
|
|
|
const PageantListenerClientVtable *vt;
|
|
|
|
/* suppress_logging flag works similarly to the one in
|
|
|
|
* PageantClient, but it is only read when a new connection comes
|
|
|
|
* in. So if you do need to change it in mid-run, expect existing
|
|
|
|
* agent connections to still use the old value. */
|
|
|
|
bool suppress_logging;
|
|
|
|
};
|
|
|
|
struct PageantListenerClientVtable {
|
|
|
|
void (*log)(PageantListenerClient *, const char *fmt, va_list ap);
|
2020-01-20 21:22:33 +00:00
|
|
|
bool (*ask_passphrase)(PageantListenerClient *pc,
|
2021-04-02 09:49:18 +00:00
|
|
|
PageantClientDialogId *dlgid,
|
|
|
|
const char *key_comment);
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static inline void pageant_listener_client_log_v(
|
|
|
|
PageantListenerClient *plc, const char *fmt, va_list ap)
|
|
|
|
{
|
|
|
|
if (!plc->suppress_logging)
|
|
|
|
plc->vt->log(plc, fmt, ap);
|
|
|
|
}
|
2020-01-26 14:49:31 +00:00
|
|
|
static inline PRINTF_LIKE(2, 3) void pageant_listener_client_log(
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
PageantListenerClient *plc, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
if (!plc->suppress_logging) {
|
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
|
|
plc->vt->log(plc, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
}
|
2020-01-20 21:22:33 +00:00
|
|
|
static inline bool pageant_listener_client_ask_passphrase(
|
2021-04-02 09:49:18 +00:00
|
|
|
PageantListenerClient *plc, PageantClientDialogId *dlgid,
|
|
|
|
const char *comment)
|
|
|
|
{ return plc->vt->ask_passphrase(plc, dlgid, comment); }
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
|
2015-05-05 19:16:20 +00:00
|
|
|
struct pageant_listen_state;
|
Pageant: new asynchronous internal APIs.
This is a pure refactoring: no functional change expected.
This commit introduces two new small vtable-style APIs. One is
PageantClient, which identifies a particular client of the Pageant
'core' (meaning the code that handles each individual request). This
changes pageant_handle_msg into an asynchronous operation: you pass in
an agent request message and an identifier, and at some later point,
the got_response method in your PageantClient will be called with the
answer (and the same identifier, to allow you to match requests to
responses). The trait vtable also contains a logging system.
The main importance of PageantClient, and the reason why it has to
exist instead of just passing pageant_handle_msg a bare callback
function pointer and context parameter, is that it provides robustness
if a client stops existing while a request is still pending. You call
pageant_unregister_client, and any unfinished requests associated with
that client in the Pageant core will be cleaned up, so that you're
guaranteed that after the unregister operation, no stray callbacks
will happen with a stale pointer to that client.
The WM_COPYDATA interface of Windows Pageant is a direct client of
this API. The other client is PageantListener, the system that lives
in pageant.c and handles stream-based agent connections for both Unix
Pageant and the new Windows named-pipe IPC. More specifically, each
individual connection to the listening socket is a separate
PageantClient, which means that if a socket is closed abruptly or
suffers an OS error, that client can be unregistered and any pending
requests cancelled without disrupting other connections.
Users of PageantListener have a second client vtable they can use,
called PageantListenerClient. That contains _only_ logging facilities,
and at the moment, only Unix Pageant bothers to use it (and even that
only in debugging mode).
Finally, internally to the Pageant core, there's a new trait called
PageantAsyncOp which describes an agent request in the process of
being handled. But at the moment, it has only one trivial
implementation, which is handed the full response message already
constructed, and on the next toplevel callback, passes it back to the
PageantClient.
2020-01-25 17:24:28 +00:00
|
|
|
struct pageant_listen_state *pageant_listener_new(
|
|
|
|
Plug **plug, PageantListenerClient *plc);
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
void pageant_listener_got_socket(struct pageant_listen_state *pl, Socket *);
|
2015-05-05 19:16:20 +00:00
|
|
|
void pageant_listener_free(struct pageant_listen_state *pl);
|
2015-05-11 14:06:25 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Functions to perform specific key actions, either as a client of an
|
|
|
|
* ssh-agent running elsewhere, or directly on the agent state in this
|
|
|
|
* process. (On at least one platform we want to do this in an
|
|
|
|
* agnostic way between the two situations.)
|
|
|
|
*
|
|
|
|
* pageant_add_keyfile() is used to load a private key from a file and
|
|
|
|
* add it to the agent. Initially, you should call it with passphrase
|
|
|
|
* NULL, and it will check if the key is already in the agent, and
|
|
|
|
* whether a passphrase is required. Return values are given in the
|
|
|
|
* enum below. On return, *retstr will either be NULL, or a
|
|
|
|
* dynamically allocated string containing a key comment or an error
|
|
|
|
* message.
|
|
|
|
*
|
|
|
|
* pageant_add_keyfile() also remembers passphrases with which it's
|
|
|
|
* successfully decrypted keys (because if you try to add multiple
|
|
|
|
* keys in one go, you might very well have used the same passphrase
|
|
|
|
* for keys that have the same trust properties). Call
|
|
|
|
* pageant_forget_passphrases() to get rid of them all.
|
|
|
|
*/
|
|
|
|
enum {
|
|
|
|
PAGEANT_ACTION_OK, /* success; no further action needed */
|
|
|
|
PAGEANT_ACTION_FAILURE, /* failure; *retstr is error message */
|
2020-02-15 16:39:02 +00:00
|
|
|
PAGEANT_ACTION_NEED_PP, /* need passphrase: *retstr is key comment */
|
|
|
|
PAGEANT_ACTION_WARNING, /* success but with a warning message;
|
|
|
|
* *retstr is warning message */
|
2015-05-11 14:06:25 +00:00
|
|
|
};
|
|
|
|
int pageant_add_keyfile(Filename *filename, const char *passphrase,
|
2020-02-08 17:28:46 +00:00
|
|
|
char **retstr, bool add_encrypted);
|
2015-05-11 14:06:25 +00:00
|
|
|
void pageant_forget_passphrases(void);
|
2015-05-12 12:27:33 +00:00
|
|
|
|
|
|
|
struct pageant_pubkey {
|
|
|
|
/* Everything needed to identify a public key found by
|
|
|
|
* pageant_enum_keys and pass it back to the agent or other code
|
|
|
|
* later */
|
2018-05-24 09:59:39 +00:00
|
|
|
strbuf *blob;
|
2015-05-12 13:48:32 +00:00
|
|
|
char *comment;
|
2015-05-12 12:27:33 +00:00
|
|
|
int ssh_version;
|
|
|
|
};
|
|
|
|
struct pageant_pubkey *pageant_pubkey_copy(struct pageant_pubkey *key);
|
|
|
|
void pageant_pubkey_free(struct pageant_pubkey *key);
|
|
|
|
|
2021-03-13 10:27:50 +00:00
|
|
|
typedef void (*pageant_key_enum_fn_t)(void *ctx, char **fingerprints,
|
|
|
|
const char *comment, uint32_t ext_flags,
|
2015-05-12 12:27:33 +00:00
|
|
|
struct pageant_pubkey *key);
|
2015-05-11 17:34:45 +00:00
|
|
|
int pageant_enum_keys(pageant_key_enum_fn_t callback, void *callback_ctx,
|
|
|
|
char **retstr);
|
2015-05-12 12:27:33 +00:00
|
|
|
int pageant_delete_key(struct pageant_pubkey *key, char **retstr);
|
2015-05-12 13:55:44 +00:00
|
|
|
int pageant_delete_all_keys(char **retstr);
|
2020-02-15 16:39:02 +00:00
|
|
|
int pageant_reencrypt_key(struct pageant_pubkey *key, char **retstr);
|
|
|
|
int pageant_reencrypt_all_keys(char **retstr);
|
2020-02-09 21:56:21 +00:00
|
|
|
int pageant_sign(struct pageant_pubkey *key, ptrlen message, strbuf *out,
|
|
|
|
uint32_t flags, char **retstr);
|
2020-12-15 13:24:58 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Definitions for agent protocol extensions.
|
|
|
|
*/
|
|
|
|
#define PUTTYEXT(base) base "@putty.projects.tartarus.org"
|
|
|
|
|
|
|
|
#define KNOWN_EXTENSIONS(X) \
|
|
|
|
X(EXT_QUERY, "query") \
|
|
|
|
X(EXT_ADD_PPK, PUTTYEXT("add-ppk")) \
|
|
|
|
X(EXT_REENCRYPT, PUTTYEXT("reencrypt")) \
|
|
|
|
X(EXT_REENCRYPT_ALL, PUTTYEXT("reencrypt-all")) \
|
2020-12-15 13:25:45 +00:00
|
|
|
X(EXT_LIST_EXTENDED, PUTTYEXT("list-extended")) \
|
2020-12-15 13:24:58 +00:00
|
|
|
/* end of list */
|
2020-12-15 13:25:45 +00:00
|
|
|
|
|
|
|
#define LIST_EXTENDED_FLAG_HAS_ENCRYPTED_KEY_FILE 1
|
|
|
|
#define LIST_EXTENDED_FLAG_HAS_NO_CLEARTEXT_KEY 2
|