GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/ssh/ssh-agent/../ssh-agent.c Lines: 0 624 0.0 %
Date: 2017-11-13 Branches: 0 402 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: ssh-agent.c,v 1.224 2017/07/24 04:34:28 djm Exp $ */
2
/*
3
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5
 *                    All rights reserved
6
 * The authentication agent program.
7
 *
8
 * As far as I am concerned, the code I have written for this software
9
 * can be used freely for any purpose.  Any derived versions of this
10
 * software must be clearly marked as such, and if the derived work is
11
 * incompatible with the protocol description in the RFC file, it must be
12
 * called by a name other than "ssh" or "Secure Shell".
13
 *
14
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
15
 *
16
 * Redistribution and use in source and binary forms, with or without
17
 * modification, are permitted provided that the following conditions
18
 * are met:
19
 * 1. Redistributions of source code must retain the above copyright
20
 *    notice, this list of conditions and the following disclaimer.
21
 * 2. Redistributions in binary form must reproduce the above copyright
22
 *    notice, this list of conditions and the following disclaimer in the
23
 *    documentation and/or other materials provided with the distribution.
24
 *
25
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35
 */
36
37
#include <sys/types.h>
38
#include <sys/time.h>
39
#include <sys/queue.h>
40
#include <sys/resource.h>
41
#include <sys/socket.h>
42
#include <sys/stat.h>
43
#include <sys/un.h>
44
45
#ifdef WITH_OPENSSL
46
#include <openssl/evp.h>
47
#endif
48
49
#include <errno.h>
50
#include <fcntl.h>
51
#include <paths.h>
52
#include <poll.h>
53
#include <signal.h>
54
#include <stdlib.h>
55
#include <stdio.h>
56
#include <string.h>
57
#include <limits.h>
58
#include <time.h>
59
#include <unistd.h>
60
#include <util.h>
61
62
#include "xmalloc.h"
63
#include "ssh.h"
64
#include "sshbuf.h"
65
#include "sshkey.h"
66
#include "authfd.h"
67
#include "compat.h"
68
#include "log.h"
69
#include "misc.h"
70
#include "digest.h"
71
#include "ssherr.h"
72
#include "match.h"
73
74
#ifdef ENABLE_PKCS11
75
#include "ssh-pkcs11.h"
76
#endif
77
78
#ifndef DEFAULT_PKCS11_WHITELIST
79
# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
80
#endif
81
82
/* Maximum accepted message length */
83
#define AGENT_MAX_LEN	(256*1024)
84
85
typedef enum {
86
	AUTH_UNUSED,
87
	AUTH_SOCKET,
88
	AUTH_CONNECTION
89
} sock_type;
90
91
typedef struct {
92
	int fd;
93
	sock_type type;
94
	struct sshbuf *input;
95
	struct sshbuf *output;
96
	struct sshbuf *request;
97
} SocketEntry;
98
99
u_int sockets_alloc = 0;
100
SocketEntry *sockets = NULL;
101
102
typedef struct identity {
103
	TAILQ_ENTRY(identity) next;
104
	struct sshkey *key;
105
	char *comment;
106
	char *provider;
107
	time_t death;
108
	u_int confirm;
109
} Identity;
110
111
struct idtable {
112
	int nentries;
113
	TAILQ_HEAD(idqueue, identity) idlist;
114
};
115
116
/* private key table */
117
struct idtable *idtab;
118
119
int max_fd = 0;
120
121
/* pid of shell == parent of agent */
122
pid_t parent_pid = -1;
123
time_t parent_alive_interval = 0;
124
125
/* pid of process for which cleanup_socket is applicable */
126
pid_t cleanup_pid = 0;
127
128
/* pathname and directory for AUTH_SOCKET */
129
char socket_name[PATH_MAX];
130
char socket_dir[PATH_MAX];
131
132
/* PKCS#11 path whitelist */
133
static char *pkcs11_whitelist;
134
135
/* locking */
136
#define LOCK_SIZE	32
137
#define LOCK_SALT_SIZE	16
138
#define LOCK_ROUNDS	1
139
int locked = 0;
140
u_char lock_pwhash[LOCK_SIZE];
141
u_char lock_salt[LOCK_SALT_SIZE];
142
143
extern char *__progname;
144
145
/* Default lifetime in seconds (0 == forever) */
146
static long lifetime = 0;
147
148
static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
149
150
static void
151
close_socket(SocketEntry *e)
152
{
153
	close(e->fd);
154
	e->fd = -1;
155
	e->type = AUTH_UNUSED;
156
	sshbuf_free(e->input);
157
	sshbuf_free(e->output);
158
	sshbuf_free(e->request);
159
}
160
161
static void
162
idtab_init(void)
163
{
164
	idtab = xcalloc(1, sizeof(*idtab));
165
	TAILQ_INIT(&idtab->idlist);
166
	idtab->nentries = 0;
167
}
168
169
static void
170
free_identity(Identity *id)
171
{
172
	sshkey_free(id->key);
173
	free(id->provider);
174
	free(id->comment);
175
	free(id);
176
}
177
178
/* return matching private key for given public key */
179
static Identity *
180
lookup_identity(struct sshkey *key)
181
{
182
	Identity *id;
183
184
	TAILQ_FOREACH(id, &idtab->idlist, next) {
185
		if (sshkey_equal(key, id->key))
186
			return (id);
187
	}
188
	return (NULL);
189
}
190
191
/* Check confirmation of keysign request */
192
static int
193
confirm_key(Identity *id)
194
{
195
	char *p;
196
	int ret = -1;
197
198
	p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
199
	if (p != NULL &&
200
	    ask_permission("Allow use of key %s?\nKey fingerprint %s.",
201
	    id->comment, p))
202
		ret = 0;
203
	free(p);
204
205
	return (ret);
206
}
207
208
static void
209
send_status(SocketEntry *e, int success)
210
{
211
	int r;
212
213
	if ((r = sshbuf_put_u32(e->output, 1)) != 0 ||
214
	    (r = sshbuf_put_u8(e->output, success ?
215
	    SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
216
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
217
}
218
219
/* send list of supported public keys to 'client' */
220
static void
221
process_request_identities(SocketEntry *e)
222
{
223
	Identity *id;
224
	struct sshbuf *msg;
225
	int r;
226
227
	if ((msg = sshbuf_new()) == NULL)
228
		fatal("%s: sshbuf_new failed", __func__);
229
	if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
230
	    (r = sshbuf_put_u32(msg, idtab->nentries)) != 0)
231
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
232
	TAILQ_FOREACH(id, &idtab->idlist, next) {
233
		if ((r = sshkey_puts(id->key, msg)) != 0 ||
234
		    (r = sshbuf_put_cstring(msg, id->comment)) != 0) {
235
			error("%s: put key/comment: %s", __func__,
236
			    ssh_err(r));
237
			continue;
238
		}
239
	}
240
	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
241
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
242
	sshbuf_free(msg);
243
}
244
245
246
static char *
247
agent_decode_alg(struct sshkey *key, u_int flags)
248
{
249
	if (key->type == KEY_RSA) {
250
		if (flags & SSH_AGENT_RSA_SHA2_256)
251
			return "rsa-sha2-256";
252
		else if (flags & SSH_AGENT_RSA_SHA2_512)
253
			return "rsa-sha2-512";
254
	}
255
	return NULL;
256
}
257
258
/* ssh2 only */
259
static void
260
process_sign_request2(SocketEntry *e)
261
{
262
	const u_char *data;
263
	u_char *signature = NULL;
264
	size_t dlen, slen = 0;
265
	u_int compat = 0, flags;
266
	int r, ok = -1;
267
	struct sshbuf *msg;
268
	struct sshkey *key = NULL;
269
	struct identity *id;
270
271
	if ((msg = sshbuf_new()) == NULL)
272
		fatal("%s: sshbuf_new failed", __func__);
273
	if ((r = sshkey_froms(e->request, &key)) != 0 ||
274
	    (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
275
	    (r = sshbuf_get_u32(e->request, &flags)) != 0)
276
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
277
	if (flags & SSH_AGENT_OLD_SIGNATURE)
278
		compat = SSH_BUG_SIGBLOB;
279
	if ((id = lookup_identity(key)) == NULL) {
280
		verbose("%s: %s key not found", __func__, sshkey_type(key));
281
		goto send;
282
	}
283
	if (id->confirm && confirm_key(id) != 0) {
284
		verbose("%s: user refused key", __func__);
285
		goto send;
286
	}
287
	if ((r = sshkey_sign(id->key, &signature, &slen,
288
	    data, dlen, agent_decode_alg(key, flags), compat)) != 0) {
289
		error("%s: sshkey_sign: %s", __func__, ssh_err(r));
290
		goto send;
291
	}
292
	/* Success */
293
	ok = 0;
294
 send:
295
	sshkey_free(key);
296
	if (ok == 0) {
297
		if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
298
		    (r = sshbuf_put_string(msg, signature, slen)) != 0)
299
			fatal("%s: buffer error: %s", __func__, ssh_err(r));
300
	} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
301
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
302
303
	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
304
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
305
306
	sshbuf_free(msg);
307
	free(signature);
308
}
309
310
/* shared */
311
static void
312
process_remove_identity(SocketEntry *e)
313
{
314
	int r, success = 0;
315
	struct sshkey *key = NULL;
316
	Identity *id;
317
318
	if ((r = sshkey_froms(e->request, &key)) != 0) {
319
		error("%s: get key: %s", __func__, ssh_err(r));
320
		goto done;
321
	}
322
	if ((id = lookup_identity(key)) == NULL) {
323
		debug("%s: key not found", __func__);
324
		goto done;
325
	}
326
	/* We have this key, free it. */
327
	if (idtab->nentries < 1)
328
		fatal("%s: internal error: nentries %d",
329
		    __func__, idtab->nentries);
330
	TAILQ_REMOVE(&idtab->idlist, id, next);
331
	free_identity(id);
332
	idtab->nentries--;
333
	sshkey_free(key);
334
	success = 1;
335
 done:
336
	send_status(e, success);
337
}
338
339
static void
340
process_remove_all_identities(SocketEntry *e)
341
{
342
	Identity *id;
343
344
	/* Loop over all identities and clear the keys. */
345
	for (id = TAILQ_FIRST(&idtab->idlist); id;
346
	    id = TAILQ_FIRST(&idtab->idlist)) {
347
		TAILQ_REMOVE(&idtab->idlist, id, next);
348
		free_identity(id);
349
	}
350
351
	/* Mark that there are no identities. */
352
	idtab->nentries = 0;
353
354
	/* Send success. */
355
	send_status(e, 1);
356
}
357
358
/* removes expired keys and returns number of seconds until the next expiry */
359
static time_t
360
reaper(void)
361
{
362
	time_t deadline = 0, now = monotime();
363
	Identity *id, *nxt;
364
365
	for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
366
		nxt = TAILQ_NEXT(id, next);
367
		if (id->death == 0)
368
			continue;
369
		if (now >= id->death) {
370
			debug("expiring key '%s'", id->comment);
371
			TAILQ_REMOVE(&idtab->idlist, id, next);
372
			free_identity(id);
373
			idtab->nentries--;
374
		} else
375
			deadline = (deadline == 0) ? id->death :
376
			    MINIMUM(deadline, id->death);
377
	}
378
	if (deadline == 0 || deadline <= now)
379
		return 0;
380
	else
381
		return (deadline - now);
382
}
383
384
static void
385
process_add_identity(SocketEntry *e)
386
{
387
	Identity *id;
388
	int success = 0, confirm = 0;
389
	u_int seconds;
390
	char *comment = NULL;
391
	time_t death = 0;
392
	struct sshkey *k = NULL;
393
	u_char ctype;
394
	int r = SSH_ERR_INTERNAL_ERROR;
395
396
	if ((r = sshkey_private_deserialize(e->request, &k)) != 0 ||
397
	    k == NULL ||
398
	    (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) {
399
		error("%s: decode private key: %s", __func__, ssh_err(r));
400
		goto err;
401
	}
402
403
	while (sshbuf_len(e->request)) {
404
		if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
405
			error("%s: buffer error: %s", __func__, ssh_err(r));
406
			goto err;
407
		}
408
		switch (ctype) {
409
		case SSH_AGENT_CONSTRAIN_LIFETIME:
410
			if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
411
				error("%s: bad lifetime constraint: %s",
412
				    __func__, ssh_err(r));
413
				goto err;
414
			}
415
			death = monotime() + seconds;
416
			break;
417
		case SSH_AGENT_CONSTRAIN_CONFIRM:
418
			confirm = 1;
419
			break;
420
		default:
421
			error("%s: Unknown constraint %d", __func__, ctype);
422
 err:
423
			sshbuf_reset(e->request);
424
			free(comment);
425
			sshkey_free(k);
426
			goto send;
427
		}
428
	}
429
430
	success = 1;
431
	if (lifetime && !death)
432
		death = monotime() + lifetime;
433
	if ((id = lookup_identity(k)) == NULL) {
434
		id = xcalloc(1, sizeof(Identity));
435
		id->key = k;
436
		TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
437
		/* Increment the number of identities. */
438
		idtab->nentries++;
439
	} else {
440
		sshkey_free(k);
441
		free(id->comment);
442
	}
443
	id->comment = comment;
444
	id->death = death;
445
	id->confirm = confirm;
446
send:
447
	send_status(e, success);
448
}
449
450
/* XXX todo: encrypt sensitive data with passphrase */
451
static void
452
process_lock_agent(SocketEntry *e, int lock)
453
{
454
	int r, success = 0, delay;
455
	char *passwd;
456
	u_char passwdhash[LOCK_SIZE];
457
	static u_int fail_count = 0;
458
	size_t pwlen;
459
460
	if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
461
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
462
	if (pwlen == 0) {
463
		debug("empty password not supported");
464
	} else if (locked && !lock) {
465
		if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
466
		    passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0)
467
			fatal("bcrypt_pbkdf");
468
		if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) {
469
			debug("agent unlocked");
470
			locked = 0;
471
			fail_count = 0;
472
			explicit_bzero(lock_pwhash, sizeof(lock_pwhash));
473
			success = 1;
474
		} else {
475
			/* delay in 0.1s increments up to 10s */
476
			if (fail_count < 100)
477
				fail_count++;
478
			delay = 100000 * fail_count;
479
			debug("unlock failed, delaying %0.1lf seconds",
480
			    (double)delay/1000000);
481
			usleep(delay);
482
		}
483
		explicit_bzero(passwdhash, sizeof(passwdhash));
484
	} else if (!locked && lock) {
485
		debug("agent locked");
486
		locked = 1;
487
		arc4random_buf(lock_salt, sizeof(lock_salt));
488
		if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt),
489
		    lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0)
490
			fatal("bcrypt_pbkdf");
491
		success = 1;
492
	}
493
	explicit_bzero(passwd, pwlen);
494
	free(passwd);
495
	send_status(e, success);
496
}
497
498
static void
499
no_identities(SocketEntry *e)
500
{
501
	struct sshbuf *msg;
502
	int r;
503
504
	if ((msg = sshbuf_new()) == NULL)
505
		fatal("%s: sshbuf_new failed", __func__);
506
	if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
507
	    (r = sshbuf_put_u32(msg, 0)) != 0 ||
508
	    (r = sshbuf_put_stringb(e->output, msg)) != 0)
509
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
510
	sshbuf_free(msg);
511
}
512
513
#ifdef ENABLE_PKCS11
514
static void
515
process_add_smartcard_key(SocketEntry *e)
516
{
517
	char *provider = NULL, *pin, canonical_provider[PATH_MAX];
518
	int r, i, count = 0, success = 0, confirm = 0;
519
	u_int seconds;
520
	time_t death = 0;
521
	u_char type;
522
	struct sshkey **keys = NULL, *k;
523
	Identity *id;
524
525
	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
526
	    (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
527
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
528
529
	while (sshbuf_len(e->request)) {
530
		if ((r = sshbuf_get_u8(e->request, &type)) != 0)
531
			fatal("%s: buffer error: %s", __func__, ssh_err(r));
532
		switch (type) {
533
		case SSH_AGENT_CONSTRAIN_LIFETIME:
534
			if ((r = sshbuf_get_u32(e->request, &seconds)) != 0)
535
				fatal("%s: buffer error: %s",
536
				    __func__, ssh_err(r));
537
			death = monotime() + seconds;
538
			break;
539
		case SSH_AGENT_CONSTRAIN_CONFIRM:
540
			confirm = 1;
541
			break;
542
		default:
543
			error("%s: Unknown constraint type %d", __func__, type);
544
			goto send;
545
		}
546
	}
547
	if (realpath(provider, canonical_provider) == NULL) {
548
		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
549
		    provider, strerror(errno));
550
		goto send;
551
	}
552
	if (match_pattern_list(canonical_provider, pkcs11_whitelist, 0) != 1) {
553
		verbose("refusing PKCS#11 add of \"%.100s\": "
554
		    "provider not whitelisted", canonical_provider);
555
		goto send;
556
	}
557
	debug("%s: add %.100s", __func__, canonical_provider);
558
	if (lifetime && !death)
559
		death = monotime() + lifetime;
560
561
	count = pkcs11_add_provider(canonical_provider, pin, &keys);
562
	for (i = 0; i < count; i++) {
563
		k = keys[i];
564
		if (lookup_identity(k) == NULL) {
565
			id = xcalloc(1, sizeof(Identity));
566
			id->key = k;
567
			id->provider = xstrdup(canonical_provider);
568
			id->comment = xstrdup(canonical_provider); /* XXX */
569
			id->death = death;
570
			id->confirm = confirm;
571
			TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
572
			idtab->nentries++;
573
			success = 1;
574
		} else {
575
			sshkey_free(k);
576
		}
577
		keys[i] = NULL;
578
	}
579
send:
580
	free(pin);
581
	free(provider);
582
	free(keys);
583
	send_status(e, success);
584
}
585
586
static void
587
process_remove_smartcard_key(SocketEntry *e)
588
{
589
	char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
590
	int r, success = 0;
591
	Identity *id, *nxt;
592
593
	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
594
	    (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
595
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
596
	free(pin);
597
598
	if (realpath(provider, canonical_provider) == NULL) {
599
		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
600
		    provider, strerror(errno));
601
		goto send;
602
	}
603
604
	debug("%s: remove %.100s", __func__, canonical_provider);
605
	for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
606
		nxt = TAILQ_NEXT(id, next);
607
		/* Skip file--based keys */
608
		if (id->provider == NULL)
609
			continue;
610
		if (!strcmp(canonical_provider, id->provider)) {
611
			TAILQ_REMOVE(&idtab->idlist, id, next);
612
			free_identity(id);
613
			idtab->nentries--;
614
		}
615
	}
616
	if (pkcs11_del_provider(canonical_provider) == 0)
617
		success = 1;
618
	else
619
		error("%s: pkcs11_del_provider failed", __func__);
620
send:
621
	free(provider);
622
	send_status(e, success);
623
}
624
#endif /* ENABLE_PKCS11 */
625
626
/* dispatch incoming messages */
627
628
static int
629
process_message(u_int socknum)
630
{
631
	u_int msg_len;
632
	u_char type;
633
	const u_char *cp;
634
	int r;
635
	SocketEntry *e;
636
637
	if (socknum >= sockets_alloc) {
638
		fatal("%s: socket number %u >= allocated %u",
639
		    __func__, socknum, sockets_alloc);
640
	}
641
	e = &sockets[socknum];
642
643
	if (sshbuf_len(e->input) < 5)
644
		return 0;		/* Incomplete message header. */
645
	cp = sshbuf_ptr(e->input);
646
	msg_len = PEEK_U32(cp);
647
	if (msg_len > AGENT_MAX_LEN) {
648
		debug("%s: socket %u (fd=%d) message too long %u > %u",
649
		    __func__, socknum, e->fd, msg_len, AGENT_MAX_LEN);
650
		return -1;
651
	}
652
	if (sshbuf_len(e->input) < msg_len + 4)
653
		return 0;		/* Incomplete message body. */
654
655
	/* move the current input to e->request */
656
	sshbuf_reset(e->request);
657
	if ((r = sshbuf_get_stringb(e->input, e->request)) != 0 ||
658
	    (r = sshbuf_get_u8(e->request, &type)) != 0) {
659
		if (r == SSH_ERR_MESSAGE_INCOMPLETE ||
660
		    r == SSH_ERR_STRING_TOO_LARGE) {
661
			debug("%s: buffer error: %s", __func__, ssh_err(r));
662
			return -1;
663
		}
664
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
665
	}
666
667
	debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type);
668
669
	/* check wheter agent is locked */
670
	if (locked && type != SSH_AGENTC_UNLOCK) {
671
		sshbuf_reset(e->request);
672
		switch (type) {
673
		case SSH2_AGENTC_REQUEST_IDENTITIES:
674
			/* send empty lists */
675
			no_identities(e);
676
			break;
677
		default:
678
			/* send a fail message for all other request types */
679
			send_status(e, 0);
680
		}
681
		return 0;
682
	}
683
684
	switch (type) {
685
	case SSH_AGENTC_LOCK:
686
	case SSH_AGENTC_UNLOCK:
687
		process_lock_agent(e, type == SSH_AGENTC_LOCK);
688
		break;
689
	case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
690
		process_remove_all_identities(e); /* safe for !WITH_SSH1 */
691
		break;
692
	/* ssh2 */
693
	case SSH2_AGENTC_SIGN_REQUEST:
694
		process_sign_request2(e);
695
		break;
696
	case SSH2_AGENTC_REQUEST_IDENTITIES:
697
		process_request_identities(e);
698
		break;
699
	case SSH2_AGENTC_ADD_IDENTITY:
700
	case SSH2_AGENTC_ADD_ID_CONSTRAINED:
701
		process_add_identity(e);
702
		break;
703
	case SSH2_AGENTC_REMOVE_IDENTITY:
704
		process_remove_identity(e);
705
		break;
706
	case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
707
		process_remove_all_identities(e);
708
		break;
709
#ifdef ENABLE_PKCS11
710
	case SSH_AGENTC_ADD_SMARTCARD_KEY:
711
	case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
712
		process_add_smartcard_key(e);
713
		break;
714
	case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
715
		process_remove_smartcard_key(e);
716
		break;
717
#endif /* ENABLE_PKCS11 */
718
	default:
719
		/* Unknown message.  Respond with failure. */
720
		error("Unknown message %d", type);
721
		sshbuf_reset(e->request);
722
		send_status(e, 0);
723
		break;
724
	}
725
	return 0;
726
}
727
728
static void
729
new_socket(sock_type type, int fd)
730
{
731
	u_int i, old_alloc, new_alloc;
732
733
	set_nonblock(fd);
734
735
	if (fd > max_fd)
736
		max_fd = fd;
737
738
	for (i = 0; i < sockets_alloc; i++)
739
		if (sockets[i].type == AUTH_UNUSED) {
740
			sockets[i].fd = fd;
741
			if ((sockets[i].input = sshbuf_new()) == NULL)
742
				fatal("%s: sshbuf_new failed", __func__);
743
			if ((sockets[i].output = sshbuf_new()) == NULL)
744
				fatal("%s: sshbuf_new failed", __func__);
745
			if ((sockets[i].request = sshbuf_new()) == NULL)
746
				fatal("%s: sshbuf_new failed", __func__);
747
			sockets[i].type = type;
748
			return;
749
		}
750
	old_alloc = sockets_alloc;
751
	new_alloc = sockets_alloc + 10;
752
	sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0]));
753
	for (i = old_alloc; i < new_alloc; i++)
754
		sockets[i].type = AUTH_UNUSED;
755
	sockets_alloc = new_alloc;
756
	sockets[old_alloc].fd = fd;
757
	if ((sockets[old_alloc].input = sshbuf_new()) == NULL)
758
		fatal("%s: sshbuf_new failed", __func__);
759
	if ((sockets[old_alloc].output = sshbuf_new()) == NULL)
760
		fatal("%s: sshbuf_new failed", __func__);
761
	if ((sockets[old_alloc].request = sshbuf_new()) == NULL)
762
		fatal("%s: sshbuf_new failed", __func__);
763
	sockets[old_alloc].type = type;
764
}
765
766
static int
767
handle_socket_read(u_int socknum)
768
{
769
	struct sockaddr_un sunaddr;
770
	socklen_t slen;
771
	uid_t euid;
772
	gid_t egid;
773
	int fd;
774
775
	slen = sizeof(sunaddr);
776
	fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen);
777
	if (fd < 0) {
778
		error("accept from AUTH_SOCKET: %s", strerror(errno));
779
		return -1;
780
	}
781
	if (getpeereid(fd, &euid, &egid) < 0) {
782
		error("getpeereid %d failed: %s", fd, strerror(errno));
783
		close(fd);
784
		return -1;
785
	}
786
	if ((euid != 0) && (getuid() != euid)) {
787
		error("uid mismatch: peer euid %u != uid %u",
788
		    (u_int) euid, (u_int) getuid());
789
		close(fd);
790
		return -1;
791
	}
792
	new_socket(AUTH_CONNECTION, fd);
793
	return 0;
794
}
795
796
static int
797
handle_conn_read(u_int socknum)
798
{
799
	char buf[1024];
800
	ssize_t len;
801
	int r;
802
803
	if ((len = read(sockets[socknum].fd, buf, sizeof(buf))) <= 0) {
804
		if (len == -1) {
805
			if (errno == EAGAIN || errno == EINTR)
806
				return 0;
807
			error("%s: read error on socket %u (fd %d): %s",
808
			    __func__, socknum, sockets[socknum].fd,
809
			    strerror(errno));
810
		}
811
		return -1;
812
	}
813
	if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
814
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
815
	explicit_bzero(buf, sizeof(buf));
816
	process_message(socknum);
817
	return 0;
818
}
819
820
static int
821
handle_conn_write(u_int socknum)
822
{
823
	ssize_t len;
824
	int r;
825
826
	if (sshbuf_len(sockets[socknum].output) == 0)
827
		return 0; /* shouldn't happen */
828
	if ((len = write(sockets[socknum].fd,
829
	    sshbuf_ptr(sockets[socknum].output),
830
	    sshbuf_len(sockets[socknum].output))) <= 0) {
831
		if (len == -1) {
832
			if (errno == EAGAIN || errno == EINTR)
833
				return 0;
834
			error("%s: read error on socket %u (fd %d): %s",
835
			    __func__, socknum, sockets[socknum].fd,
836
			    strerror(errno));
837
		}
838
		return -1;
839
	}
840
	if ((r = sshbuf_consume(sockets[socknum].output, len)) != 0)
841
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
842
	return 0;
843
}
844
845
static void
846
after_poll(struct pollfd *pfd, size_t npfd)
847
{
848
	size_t i;
849
	u_int socknum;
850
851
	for (i = 0; i < npfd; i++) {
852
		if (pfd[i].revents == 0)
853
			continue;
854
		/* Find sockets entry */
855
		for (socknum = 0; socknum < sockets_alloc; socknum++) {
856
			if (sockets[socknum].type != AUTH_SOCKET &&
857
			    sockets[socknum].type != AUTH_CONNECTION)
858
				continue;
859
			if (pfd[i].fd == sockets[socknum].fd)
860
				break;
861
		}
862
		if (socknum >= sockets_alloc) {
863
			error("%s: no socket for fd %d", __func__, pfd[i].fd);
864
			continue;
865
		}
866
		/* Process events */
867
		switch (sockets[socknum].type) {
868
		case AUTH_SOCKET:
869
			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
870
			    handle_socket_read(socknum) != 0)
871
				close_socket(&sockets[socknum]);
872
			break;
873
		case AUTH_CONNECTION:
874
			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
875
			    handle_conn_read(socknum) != 0) {
876
				close_socket(&sockets[socknum]);
877
				break;
878
			}
879
			if ((pfd[i].revents & (POLLOUT|POLLHUP)) != 0 &&
880
			    handle_conn_write(socknum) != 0)
881
				close_socket(&sockets[socknum]);
882
			break;
883
		default:
884
			break;
885
		}
886
	}
887
}
888
889
static int
890
prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp)
891
{
892
	struct pollfd *pfd = *pfdp;
893
	size_t i, j, npfd = 0;
894
	time_t deadline;
895
896
	/* Count active sockets */
897
	for (i = 0; i < sockets_alloc; i++) {
898
		switch (sockets[i].type) {
899
		case AUTH_SOCKET:
900
		case AUTH_CONNECTION:
901
			npfd++;
902
			break;
903
		case AUTH_UNUSED:
904
			break;
905
		default:
906
			fatal("Unknown socket type %d", sockets[i].type);
907
			break;
908
		}
909
	}
910
	if (npfd != *npfdp &&
911
	    (pfd = recallocarray(pfd, *npfdp, npfd, sizeof(*pfd))) == NULL)
912
		fatal("%s: recallocarray failed", __func__);
913
	*pfdp = pfd;
914
	*npfdp = npfd;
915
916
	for (i = j = 0; i < sockets_alloc; i++) {
917
		switch (sockets[i].type) {
918
		case AUTH_SOCKET:
919
		case AUTH_CONNECTION:
920
			pfd[j].fd = sockets[i].fd;
921
			pfd[j].revents = 0;
922
			/* XXX backoff when input buffer full */
923
			pfd[j].events = POLLIN;
924
			if (sshbuf_len(sockets[i].output) > 0)
925
				pfd[j].events |= POLLOUT;
926
			j++;
927
			break;
928
		default:
929
			break;
930
		}
931
	}
932
	deadline = reaper();
933
	if (parent_alive_interval != 0)
934
		deadline = (deadline == 0) ? parent_alive_interval :
935
		    MINIMUM(deadline, parent_alive_interval);
936
	if (deadline == 0) {
937
		*timeoutp = -1; /* INFTIM */
938
	} else {
939
		if (deadline > INT_MAX / 1000)
940
			*timeoutp = INT_MAX / 1000;
941
		else
942
			*timeoutp = deadline * 1000;
943
	}
944
	return (1);
945
}
946
947
static void
948
cleanup_socket(void)
949
{
950
	if (cleanup_pid != 0 && getpid() != cleanup_pid)
951
		return;
952
	debug("%s: cleanup", __func__);
953
	if (socket_name[0])
954
		unlink(socket_name);
955
	if (socket_dir[0])
956
		rmdir(socket_dir);
957
}
958
959
void
960
cleanup_exit(int i)
961
{
962
	cleanup_socket();
963
	_exit(i);
964
}
965
966
/*ARGSUSED*/
967
static void
968
cleanup_handler(int sig)
969
{
970
	cleanup_socket();
971
#ifdef ENABLE_PKCS11
972
	pkcs11_terminate();
973
#endif
974
	_exit(2);
975
}
976
977
static void
978
check_parent_exists(void)
979
{
980
	/*
981
	 * If our parent has exited then getppid() will return (pid_t)1,
982
	 * so testing for that should be safe.
983
	 */
984
	if (parent_pid != -1 && getppid() != parent_pid) {
985
		/* printf("Parent has died - Authentication agent exiting.\n"); */
986
		cleanup_socket();
987
		_exit(2);
988
	}
989
}
990
991
static void
992
usage(void)
993
{
994
	fprintf(stderr,
995
	    "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
996
	    "                 [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n"
997
	    "       ssh-agent [-c | -s] -k\n");
998
	exit(1);
999
}
1000
1001
int
1002
main(int ac, char **av)
1003
{
1004
	int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
1005
	int sock, fd, ch, result, saved_errno;
1006
	char *shell, *format, *pidstr, *agentsocket = NULL;
1007
	struct rlimit rlim;
1008
	extern int optind;
1009
	extern char *optarg;
1010
	pid_t pid;
1011
	char pidstrbuf[1 + 3 * sizeof pid];
1012
	size_t len;
1013
	mode_t prev_mask;
1014
	int timeout = -1; /* INFTIM */
1015
	struct pollfd *pfd = NULL;
1016
	size_t npfd = 0;
1017
1018
	ssh_malloc_init();	/* must be called before any mallocs */
1019
	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1020
	sanitise_stdfd();
1021
1022
	/* drop */
1023
	setegid(getgid());
1024
	setgid(getgid());
1025
1026
#ifdef WITH_OPENSSL
1027
	OpenSSL_add_all_algorithms();
1028
#endif
1029
1030
	while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
1031
		switch (ch) {
1032
		case 'E':
1033
			fingerprint_hash = ssh_digest_alg_by_name(optarg);
1034
			if (fingerprint_hash == -1)
1035
				fatal("Invalid hash algorithm \"%s\"", optarg);
1036
			break;
1037
		case 'c':
1038
			if (s_flag)
1039
				usage();
1040
			c_flag++;
1041
			break;
1042
		case 'k':
1043
			k_flag++;
1044
			break;
1045
		case 'P':
1046
			if (pkcs11_whitelist != NULL)
1047
				fatal("-P option already specified");
1048
			pkcs11_whitelist = xstrdup(optarg);
1049
			break;
1050
		case 's':
1051
			if (c_flag)
1052
				usage();
1053
			s_flag++;
1054
			break;
1055
		case 'd':
1056
			if (d_flag || D_flag)
1057
				usage();
1058
			d_flag++;
1059
			break;
1060
		case 'D':
1061
			if (d_flag || D_flag)
1062
				usage();
1063
			D_flag++;
1064
			break;
1065
		case 'a':
1066
			agentsocket = optarg;
1067
			break;
1068
		case 't':
1069
			if ((lifetime = convtime(optarg)) == -1) {
1070
				fprintf(stderr, "Invalid lifetime\n");
1071
				usage();
1072
			}
1073
			break;
1074
		default:
1075
			usage();
1076
		}
1077
	}
1078
	ac -= optind;
1079
	av += optind;
1080
1081
	if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag))
1082
		usage();
1083
1084
	if (pkcs11_whitelist == NULL)
1085
		pkcs11_whitelist = xstrdup(DEFAULT_PKCS11_WHITELIST);
1086
1087
	if (ac == 0 && !c_flag && !s_flag) {
1088
		shell = getenv("SHELL");
1089
		if (shell != NULL && (len = strlen(shell)) > 2 &&
1090
		    strncmp(shell + len - 3, "csh", 3) == 0)
1091
			c_flag = 1;
1092
	}
1093
	if (k_flag) {
1094
		const char *errstr = NULL;
1095
1096
		pidstr = getenv(SSH_AGENTPID_ENV_NAME);
1097
		if (pidstr == NULL) {
1098
			fprintf(stderr, "%s not set, cannot kill agent\n",
1099
			    SSH_AGENTPID_ENV_NAME);
1100
			exit(1);
1101
		}
1102
		pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr);
1103
		if (errstr) {
1104
			fprintf(stderr,
1105
			    "%s=\"%s\", which is not a good PID: %s\n",
1106
			    SSH_AGENTPID_ENV_NAME, pidstr, errstr);
1107
			exit(1);
1108
		}
1109
		if (kill(pid, SIGTERM) == -1) {
1110
			perror("kill");
1111
			exit(1);
1112
		}
1113
		format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
1114
		printf(format, SSH_AUTHSOCKET_ENV_NAME);
1115
		printf(format, SSH_AGENTPID_ENV_NAME);
1116
		printf("echo Agent pid %ld killed;\n", (long)pid);
1117
		exit(0);
1118
	}
1119
	parent_pid = getpid();
1120
1121
	if (agentsocket == NULL) {
1122
		/* Create private directory for agent socket */
1123
		mktemp_proto(socket_dir, sizeof(socket_dir));
1124
		if (mkdtemp(socket_dir) == NULL) {
1125
			perror("mkdtemp: private socket dir");
1126
			exit(1);
1127
		}
1128
		snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir,
1129
		    (long)parent_pid);
1130
	} else {
1131
		/* Try to use specified agent socket */
1132
		socket_dir[0] = '\0';
1133
		strlcpy(socket_name, agentsocket, sizeof socket_name);
1134
	}
1135
1136
	/*
1137
	 * Create socket early so it will exist before command gets run from
1138
	 * the parent.
1139
	 */
1140
	prev_mask = umask(0177);
1141
	sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
1142
	if (sock < 0) {
1143
		/* XXX - unix_listener() calls error() not perror() */
1144
		*socket_name = '\0'; /* Don't unlink any existing file */
1145
		cleanup_exit(1);
1146
	}
1147
	umask(prev_mask);
1148
1149
	/*
1150
	 * Fork, and have the parent execute the command, if any, or present
1151
	 * the socket data.  The child continues as the authentication agent.
1152
	 */
1153
	if (D_flag || d_flag) {
1154
		log_init(__progname,
1155
		    d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
1156
		    SYSLOG_FACILITY_AUTH, 1);
1157
		format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
1158
		printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
1159
		    SSH_AUTHSOCKET_ENV_NAME);
1160
		printf("echo Agent pid %ld;\n", (long)parent_pid);
1161
		fflush(stdout);
1162
		goto skip;
1163
	}
1164
	pid = fork();
1165
	if (pid == -1) {
1166
		perror("fork");
1167
		cleanup_exit(1);
1168
	}
1169
	if (pid != 0) {		/* Parent - execute the given command. */
1170
		close(sock);
1171
		snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid);
1172
		if (ac == 0) {
1173
			format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
1174
			printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
1175
			    SSH_AUTHSOCKET_ENV_NAME);
1176
			printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
1177
			    SSH_AGENTPID_ENV_NAME);
1178
			printf("echo Agent pid %ld;\n", (long)pid);
1179
			exit(0);
1180
		}
1181
		if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 ||
1182
		    setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) {
1183
			perror("setenv");
1184
			exit(1);
1185
		}
1186
		execvp(av[0], av);
1187
		perror(av[0]);
1188
		exit(1);
1189
	}
1190
	/* child */
1191
	log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
1192
1193
	if (setsid() == -1) {
1194
		error("setsid: %s", strerror(errno));
1195
		cleanup_exit(1);
1196
	}
1197
1198
	(void)chdir("/");
1199
	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
1200
		/* XXX might close listen socket */
1201
		(void)dup2(fd, STDIN_FILENO);
1202
		(void)dup2(fd, STDOUT_FILENO);
1203
		(void)dup2(fd, STDERR_FILENO);
1204
		if (fd > 2)
1205
			close(fd);
1206
	}
1207
1208
	/* deny core dumps, since memory contains unencrypted private keys */
1209
	rlim.rlim_cur = rlim.rlim_max = 0;
1210
	if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
1211
		error("setrlimit RLIMIT_CORE: %s", strerror(errno));
1212
		cleanup_exit(1);
1213
	}
1214
1215
skip:
1216
1217
	cleanup_pid = getpid();
1218
1219
#ifdef ENABLE_PKCS11
1220
	pkcs11_init(0);
1221
#endif
1222
	new_socket(AUTH_SOCKET, sock);
1223
	if (ac > 0)
1224
		parent_alive_interval = 10;
1225
	idtab_init();
1226
	signal(SIGPIPE, SIG_IGN);
1227
	signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
1228
	signal(SIGHUP, cleanup_handler);
1229
	signal(SIGTERM, cleanup_handler);
1230
1231
	if (pledge("stdio rpath cpath unix id proc exec flock wpath", NULL) == -1)
1232
		fatal("%s: pledge: %s", __progname, strerror(errno));
1233
1234
	while (1) {
1235
		prepare_poll(&pfd, &npfd, &timeout);
1236
		result = poll(pfd, npfd, timeout);
1237
		saved_errno = errno;
1238
		if (parent_alive_interval != 0)
1239
			check_parent_exists();
1240
		(void) reaper();	/* remove expired keys */
1241
		if (result < 0) {
1242
			if (saved_errno == EINTR)
1243
				continue;
1244
			fatal("poll: %s", strerror(saved_errno));
1245
		} else if (result > 0)
1246
			after_poll(pfd, npfd);
1247
	}
1248
	/* NOTREACHED */
1249
}