1 /* $OpenBSD: ssh-agent.c,v 1.203 2015/05/15 05:44:21 dtucker Exp $ */ 2 /* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * The authentication agent program. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 * 14 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 1. Redistributions of source code must retain the above copyright 20 * notice, this list of conditions and the following disclaimer. 21 * 2. Redistributions in binary form must reproduce the above copyright 22 * notice, this list of conditions and the following disclaimer in the 23 * documentation and/or other materials provided with the distribution. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <sys/param.h> /* MIN MAX */ 38 #include <sys/types.h> 39 #include <sys/time.h> 40 #include <sys/queue.h> 41 #include <sys/resource.h> 42 #include <sys/socket.h> 43 #include <sys/stat.h> 44 #include <sys/un.h> 45 46 #ifdef WITH_OPENSSL 47 #include <openssl/evp.h> 48 #endif 49 50 #include <errno.h> 51 #include <fcntl.h> 52 #include <paths.h> 53 #include <signal.h> 54 #include <stdlib.h> 55 #include <stdio.h> 56 #include <string.h> 57 #include <limits.h> 58 #include <time.h> 59 #include <unistd.h> 60 #include <util.h> 61 62 #include "key.h" /* XXX for typedef */ 63 #include "buffer.h" /* XXX for typedef */ 64 65 #include "xmalloc.h" 66 #include "ssh.h" 67 #include "rsa.h" 68 #include "sshbuf.h" 69 #include "sshkey.h" 70 #include "authfd.h" 71 #include "compat.h" 72 #include "log.h" 73 #include "misc.h" 74 #include "digest.h" 75 #include "ssherr.h" 76 77 #ifdef ENABLE_PKCS11 78 #include "ssh-pkcs11.h" 79 #endif 80 81 typedef enum { 82 AUTH_UNUSED, 83 AUTH_SOCKET, 84 AUTH_CONNECTION 85 } sock_type; 86 87 typedef struct { 88 int fd; 89 sock_type type; 90 struct sshbuf *input; 91 struct sshbuf *output; 92 struct sshbuf *request; 93 } SocketEntry; 94 95 u_int sockets_alloc = 0; 96 SocketEntry *sockets = NULL; 97 98 typedef struct identity { 99 TAILQ_ENTRY(identity) next; 100 struct sshkey *key; 101 char *comment; 102 char *provider; 103 time_t death; 104 u_int confirm; 105 } Identity; 106 107 typedef struct { 108 int nentries; 109 TAILQ_HEAD(idqueue, identity) idlist; 110 } Idtab; 111 112 /* private key table, one per protocol version */ 113 Idtab idtable[3]; 114 115 int max_fd = 0; 116 117 /* pid of shell == parent of agent */ 118 pid_t parent_pid = -1; 119 time_t parent_alive_interval = 0; 120 121 /* pid of process for which cleanup_socket is applicable */ 122 pid_t cleanup_pid = 0; 123 124 /* pathname and directory for AUTH_SOCKET */ 125 char socket_name[PATH_MAX]; 126 char socket_dir[PATH_MAX]; 127 128 /* locking */ 129 #define LOCK_SIZE 32 130 #define LOCK_SALT_SIZE 16 131 #define LOCK_ROUNDS 1 132 int locked = 0; 133 char lock_passwd[LOCK_SIZE]; 134 char lock_salt[LOCK_SALT_SIZE]; 135 136 extern char *__progname; 137 138 /* Default lifetime in seconds (0 == forever) */ 139 static long lifetime = 0; 140 141 static int fingerprint_hash = SSH_FP_HASH_DEFAULT; 142 143 static void 144 close_socket(SocketEntry *e) 145 { 146 close(e->fd); 147 e->fd = -1; 148 e->type = AUTH_UNUSED; 149 sshbuf_free(e->input); 150 sshbuf_free(e->output); 151 sshbuf_free(e->request); 152 } 153 154 static void 155 idtab_init(void) 156 { 157 int i; 158 159 for (i = 0; i <=2; i++) { 160 TAILQ_INIT(&idtable[i].idlist); 161 idtable[i].nentries = 0; 162 } 163 } 164 165 /* return private key table for requested protocol version */ 166 static Idtab * 167 idtab_lookup(int version) 168 { 169 if (version < 1 || version > 2) 170 fatal("internal error, bad protocol version %d", version); 171 return &idtable[version]; 172 } 173 174 static void 175 free_identity(Identity *id) 176 { 177 sshkey_free(id->key); 178 free(id->provider); 179 free(id->comment); 180 free(id); 181 } 182 183 /* return matching private key for given public key */ 184 static Identity * 185 lookup_identity(struct sshkey *key, int version) 186 { 187 Identity *id; 188 189 Idtab *tab = idtab_lookup(version); 190 TAILQ_FOREACH(id, &tab->idlist, next) { 191 if (sshkey_equal(key, id->key)) 192 return (id); 193 } 194 return (NULL); 195 } 196 197 /* Check confirmation of keysign request */ 198 static int 199 confirm_key(Identity *id) 200 { 201 char *p; 202 int ret = -1; 203 204 p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT); 205 if (p != NULL && 206 ask_permission("Allow use of key %s?\nKey fingerprint %s.", 207 id->comment, p)) 208 ret = 0; 209 free(p); 210 211 return (ret); 212 } 213 214 static void 215 send_status(SocketEntry *e, int success) 216 { 217 int r; 218 219 if ((r = sshbuf_put_u32(e->output, 1)) != 0 || 220 (r = sshbuf_put_u8(e->output, success ? 221 SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) 222 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 223 } 224 225 /* send list of supported public keys to 'client' */ 226 static void 227 process_request_identities(SocketEntry *e, int version) 228 { 229 Idtab *tab = idtab_lookup(version); 230 Identity *id; 231 struct sshbuf *msg; 232 int r; 233 234 if ((msg = sshbuf_new()) == NULL) 235 fatal("%s: sshbuf_new failed", __func__); 236 if ((r = sshbuf_put_u8(msg, (version == 1) ? 237 SSH_AGENT_RSA_IDENTITIES_ANSWER : 238 SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || 239 (r = sshbuf_put_u32(msg, tab->nentries)) != 0) 240 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 241 TAILQ_FOREACH(id, &tab->idlist, next) { 242 if (id->key->type == KEY_RSA1) { 243 #ifdef WITH_SSH1 244 if ((r = sshbuf_put_u32(msg, 245 BN_num_bits(id->key->rsa->n))) != 0 || 246 (r = sshbuf_put_bignum1(msg, 247 id->key->rsa->e)) != 0 || 248 (r = sshbuf_put_bignum1(msg, 249 id->key->rsa->n)) != 0) 250 fatal("%s: buffer error: %s", 251 __func__, ssh_err(r)); 252 #endif 253 } else { 254 u_char *blob; 255 size_t blen; 256 257 if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { 258 error("%s: sshkey_to_blob: %s", __func__, 259 ssh_err(r)); 260 continue; 261 } 262 if ((r = sshbuf_put_string(msg, blob, blen)) != 0) 263 fatal("%s: buffer error: %s", 264 __func__, ssh_err(r)); 265 free(blob); 266 } 267 if ((r = sshbuf_put_cstring(msg, id->comment)) != 0) 268 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 269 } 270 if ((r = sshbuf_put_stringb(e->output, msg)) != 0) 271 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 272 sshbuf_free(msg); 273 } 274 275 #ifdef WITH_SSH1 276 /* ssh1 only */ 277 static void 278 process_authentication_challenge1(SocketEntry *e) 279 { 280 u_char buf[32], mdbuf[16], session_id[16]; 281 u_int response_type; 282 BIGNUM *challenge; 283 Identity *id; 284 int r, len; 285 struct sshbuf *msg; 286 struct ssh_digest_ctx *md; 287 struct sshkey *key; 288 289 if ((msg = sshbuf_new()) == NULL) 290 fatal("%s: sshbuf_new failed", __func__); 291 if ((key = sshkey_new(KEY_RSA1)) == NULL) 292 fatal("%s: sshkey_new failed", __func__); 293 if ((challenge = BN_new()) == NULL) 294 fatal("%s: BN_new failed", __func__); 295 296 if ((r = sshbuf_get_u32(e->request, NULL)) != 0 || /* ignored */ 297 (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || 298 (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0 || 299 (r = sshbuf_get_bignum1(e->request, challenge))) 300 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 301 302 /* Only protocol 1.1 is supported */ 303 if (sshbuf_len(e->request) == 0) 304 goto failure; 305 if ((r = sshbuf_get(e->request, session_id, sizeof(session_id))) != 0 || 306 (r = sshbuf_get_u32(e->request, &response_type)) != 0) 307 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 308 if (response_type != 1) 309 goto failure; 310 311 id = lookup_identity(key, 1); 312 if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { 313 struct sshkey *private = id->key; 314 /* Decrypt the challenge using the private key. */ 315 if ((r = rsa_private_decrypt(challenge, challenge, 316 private->rsa) != 0)) { 317 fatal("%s: rsa_public_encrypt: %s", __func__, 318 ssh_err(r)); 319 goto failure; /* XXX ? */ 320 } 321 322 /* The response is MD5 of decrypted challenge plus session id */ 323 len = BN_num_bytes(challenge); 324 if (len <= 0 || len > 32) { 325 logit("%s: bad challenge length %d", __func__, len); 326 goto failure; 327 } 328 memset(buf, 0, 32); 329 BN_bn2bin(challenge, buf + 32 - len); 330 if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || 331 ssh_digest_update(md, buf, 32) < 0 || 332 ssh_digest_update(md, session_id, 16) < 0 || 333 ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) 334 fatal("%s: md5 failed", __func__); 335 ssh_digest_free(md); 336 337 /* Send the response. */ 338 if ((r = sshbuf_put_u8(msg, SSH_AGENT_RSA_RESPONSE)) != 0 || 339 (r = sshbuf_put(msg, mdbuf, sizeof(mdbuf))) != 0) 340 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 341 goto send; 342 } 343 344 failure: 345 /* Unknown identity or protocol error. Send failure. */ 346 if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) 347 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 348 send: 349 if ((r = sshbuf_put_stringb(e->output, msg)) != 0) 350 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 351 sshkey_free(key); 352 BN_clear_free(challenge); 353 sshbuf_free(msg); 354 } 355 #endif 356 357 /* ssh2 only */ 358 static void 359 process_sign_request2(SocketEntry *e) 360 { 361 u_char *blob, *data, *signature = NULL; 362 size_t blen, dlen, slen = 0; 363 u_int compat = 0, flags; 364 int r, ok = -1; 365 struct sshbuf *msg; 366 struct sshkey *key; 367 struct identity *id; 368 369 if ((msg = sshbuf_new()) == NULL) 370 fatal("%s: sshbuf_new failed", __func__); 371 if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0 || 372 (r = sshbuf_get_string(e->request, &data, &dlen)) != 0 || 373 (r = sshbuf_get_u32(e->request, &flags)) != 0) 374 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 375 if (flags & SSH_AGENT_OLD_SIGNATURE) 376 compat = SSH_BUG_SIGBLOB; 377 if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { 378 error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); 379 goto send; 380 } 381 if ((id = lookup_identity(key, 2)) == NULL) { 382 verbose("%s: %s key not found", __func__, sshkey_type(key)); 383 goto send; 384 } 385 if (id->confirm && confirm_key(id) != 0) { 386 verbose("%s: user refused key", __func__); 387 goto send; 388 } 389 if ((r = sshkey_sign(id->key, &signature, &slen, 390 data, dlen, compat)) != 0) { 391 error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); 392 goto send; 393 } 394 /* Success */ 395 ok = 0; 396 send: 397 sshkey_free(key); 398 if (ok == 0) { 399 if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || 400 (r = sshbuf_put_string(msg, signature, slen)) != 0) 401 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 402 } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) 403 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 404 405 if ((r = sshbuf_put_stringb(e->output, msg)) != 0) 406 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 407 408 sshbuf_free(msg); 409 free(data); 410 free(blob); 411 free(signature); 412 } 413 414 /* shared */ 415 static void 416 process_remove_identity(SocketEntry *e, int version) 417 { 418 size_t blen; 419 int r, success = 0; 420 struct sshkey *key = NULL; 421 u_char *blob; 422 #ifdef WITH_SSH1 423 u_int bits; 424 #endif /* WITH_SSH1 */ 425 426 switch (version) { 427 #ifdef WITH_SSH1 428 case 1: 429 if ((key = sshkey_new(KEY_RSA1)) == NULL) { 430 error("%s: sshkey_new failed", __func__); 431 return; 432 } 433 if ((r = sshbuf_get_u32(e->request, &bits)) != 0 || 434 (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || 435 (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0) 436 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 437 438 if (bits != sshkey_size(key)) 439 logit("Warning: identity keysize mismatch: " 440 "actual %u, announced %u", 441 sshkey_size(key), bits); 442 break; 443 #endif /* WITH_SSH1 */ 444 case 2: 445 if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0) 446 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 447 if ((r = sshkey_from_blob(blob, blen, &key)) != 0) 448 error("%s: sshkey_from_blob failed: %s", 449 __func__, ssh_err(r)); 450 free(blob); 451 break; 452 } 453 if (key != NULL) { 454 Identity *id = lookup_identity(key, version); 455 if (id != NULL) { 456 /* 457 * We have this key. Free the old key. Since we 458 * don't want to leave empty slots in the middle of 459 * the array, we actually free the key there and move 460 * all the entries between the empty slot and the end 461 * of the array. 462 */ 463 Idtab *tab = idtab_lookup(version); 464 if (tab->nentries < 1) 465 fatal("process_remove_identity: " 466 "internal error: tab->nentries %d", 467 tab->nentries); 468 TAILQ_REMOVE(&tab->idlist, id, next); 469 free_identity(id); 470 tab->nentries--; 471 success = 1; 472 } 473 sshkey_free(key); 474 } 475 send_status(e, success); 476 } 477 478 static void 479 process_remove_all_identities(SocketEntry *e, int version) 480 { 481 Idtab *tab = idtab_lookup(version); 482 Identity *id; 483 484 /* Loop over all identities and clear the keys. */ 485 for (id = TAILQ_FIRST(&tab->idlist); id; 486 id = TAILQ_FIRST(&tab->idlist)) { 487 TAILQ_REMOVE(&tab->idlist, id, next); 488 free_identity(id); 489 } 490 491 /* Mark that there are no identities. */ 492 tab->nentries = 0; 493 494 /* Send success. */ 495 send_status(e, 1); 496 } 497 498 /* removes expired keys and returns number of seconds until the next expiry */ 499 static time_t 500 reaper(void) 501 { 502 time_t deadline = 0, now = monotime(); 503 Identity *id, *nxt; 504 int version; 505 Idtab *tab; 506 507 for (version = 1; version < 3; version++) { 508 tab = idtab_lookup(version); 509 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 510 nxt = TAILQ_NEXT(id, next); 511 if (id->death == 0) 512 continue; 513 if (now >= id->death) { 514 debug("expiring key '%s'", id->comment); 515 TAILQ_REMOVE(&tab->idlist, id, next); 516 free_identity(id); 517 tab->nentries--; 518 } else 519 deadline = (deadline == 0) ? id->death : 520 MIN(deadline, id->death); 521 } 522 } 523 if (deadline == 0 || deadline <= now) 524 return 0; 525 else 526 return (deadline - now); 527 } 528 529 /* 530 * XXX this and the corresponding serialisation function probably belongs 531 * in key.c 532 */ 533 #ifdef WITH_SSH1 534 static int 535 agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) 536 { 537 struct sshkey *k = NULL; 538 int r = SSH_ERR_INTERNAL_ERROR; 539 540 *kp = NULL; 541 if ((k = sshkey_new_private(KEY_RSA1)) == NULL) 542 return SSH_ERR_ALLOC_FAIL; 543 544 if ((r = sshbuf_get_u32(m, NULL)) != 0 || /* ignored */ 545 (r = sshbuf_get_bignum1(m, k->rsa->n)) != 0 || 546 (r = sshbuf_get_bignum1(m, k->rsa->e)) != 0 || 547 (r = sshbuf_get_bignum1(m, k->rsa->d)) != 0 || 548 (r = sshbuf_get_bignum1(m, k->rsa->iqmp)) != 0 || 549 /* SSH1 and SSL have p and q swapped */ 550 (r = sshbuf_get_bignum1(m, k->rsa->q)) != 0 || /* p */ 551 (r = sshbuf_get_bignum1(m, k->rsa->p)) != 0) /* q */ 552 goto out; 553 554 /* Generate additional parameters */ 555 if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) 556 goto out; 557 /* enable blinding */ 558 if (RSA_blinding_on(k->rsa, NULL) != 1) { 559 r = SSH_ERR_LIBCRYPTO_ERROR; 560 goto out; 561 } 562 563 r = 0; /* success */ 564 out: 565 if (r == 0) 566 *kp = k; 567 else 568 sshkey_free(k); 569 return r; 570 } 571 #endif /* WITH_SSH1 */ 572 573 static void 574 process_add_identity(SocketEntry *e, int version) 575 { 576 Idtab *tab = idtab_lookup(version); 577 Identity *id; 578 int success = 0, confirm = 0; 579 u_int seconds; 580 char *comment = NULL; 581 time_t death = 0; 582 struct sshkey *k = NULL; 583 u_char ctype; 584 int r = SSH_ERR_INTERNAL_ERROR; 585 586 switch (version) { 587 #ifdef WITH_SSH1 588 case 1: 589 r = agent_decode_rsa1(e->request, &k); 590 break; 591 #endif /* WITH_SSH1 */ 592 case 2: 593 r = sshkey_private_deserialize(e->request, &k); 594 break; 595 } 596 if (r != 0 || k == NULL || 597 (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) { 598 error("%s: decode private key: %s", __func__, ssh_err(r)); 599 goto err; 600 } 601 602 while (sshbuf_len(e->request)) { 603 if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { 604 error("%s: buffer error: %s", __func__, ssh_err(r)); 605 goto err; 606 } 607 switch (ctype) { 608 case SSH_AGENT_CONSTRAIN_LIFETIME: 609 if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { 610 error("%s: bad lifetime constraint: %s", 611 __func__, ssh_err(r)); 612 goto err; 613 } 614 death = monotime() + seconds; 615 break; 616 case SSH_AGENT_CONSTRAIN_CONFIRM: 617 confirm = 1; 618 break; 619 default: 620 error("%s: Unknown constraint %d", __func__, ctype); 621 err: 622 sshbuf_reset(e->request); 623 free(comment); 624 sshkey_free(k); 625 goto send; 626 } 627 } 628 629 success = 1; 630 if (lifetime && !death) 631 death = monotime() + lifetime; 632 if ((id = lookup_identity(k, version)) == NULL) { 633 id = xcalloc(1, sizeof(Identity)); 634 id->key = k; 635 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 636 /* Increment the number of identities. */ 637 tab->nentries++; 638 } else { 639 sshkey_free(k); 640 free(id->comment); 641 } 642 id->comment = comment; 643 id->death = death; 644 id->confirm = confirm; 645 send: 646 send_status(e, success); 647 } 648 649 /* XXX todo: encrypt sensitive data with passphrase */ 650 static void 651 process_lock_agent(SocketEntry *e, int lock) 652 { 653 int r, success = 0, delay; 654 char *passwd, passwdhash[LOCK_SIZE]; 655 static u_int fail_count = 0; 656 size_t pwlen; 657 658 if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0) 659 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 660 if (pwlen == 0) { 661 debug("empty password not supported"); 662 } else if (locked && !lock) { 663 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), 664 passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) 665 fatal("bcrypt_pbkdf"); 666 if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { 667 debug("agent unlocked"); 668 locked = 0; 669 fail_count = 0; 670 explicit_bzero(lock_passwd, sizeof(lock_passwd)); 671 success = 1; 672 } else { 673 /* delay in 0.1s increments up to 10s */ 674 if (fail_count < 100) 675 fail_count++; 676 delay = 100000 * fail_count; 677 debug("unlock failed, delaying %0.1lf seconds", 678 (double)delay/1000000); 679 usleep(delay); 680 } 681 explicit_bzero(passwdhash, sizeof(passwdhash)); 682 } else if (!locked && lock) { 683 debug("agent locked"); 684 locked = 1; 685 arc4random_buf(lock_salt, sizeof(lock_salt)); 686 if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), 687 lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) 688 fatal("bcrypt_pbkdf"); 689 success = 1; 690 } 691 explicit_bzero(passwd, pwlen); 692 free(passwd); 693 send_status(e, success); 694 } 695 696 static void 697 no_identities(SocketEntry *e, u_int type) 698 { 699 struct sshbuf *msg; 700 int r; 701 702 if ((msg = sshbuf_new()) == NULL) 703 fatal("%s: sshbuf_new failed", __func__); 704 if ((r = sshbuf_put_u8(msg, 705 (type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ? 706 SSH_AGENT_RSA_IDENTITIES_ANSWER : 707 SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || 708 (r = sshbuf_put_u32(msg, 0)) != 0 || 709 (r = sshbuf_put_stringb(e->output, msg)) != 0) 710 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 711 sshbuf_free(msg); 712 } 713 714 #ifdef ENABLE_PKCS11 715 static void 716 process_add_smartcard_key(SocketEntry *e) 717 { 718 char *provider = NULL, *pin; 719 int r, i, version, count = 0, success = 0, confirm = 0; 720 u_int seconds; 721 time_t death = 0; 722 u_char type; 723 struct sshkey **keys = NULL, *k; 724 Identity *id; 725 Idtab *tab; 726 727 if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || 728 (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) 729 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 730 731 while (sshbuf_len(e->request)) { 732 if ((r = sshbuf_get_u8(e->request, &type)) != 0) 733 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 734 switch (type) { 735 case SSH_AGENT_CONSTRAIN_LIFETIME: 736 if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) 737 fatal("%s: buffer error: %s", 738 __func__, ssh_err(r)); 739 death = monotime() + seconds; 740 break; 741 case SSH_AGENT_CONSTRAIN_CONFIRM: 742 confirm = 1; 743 break; 744 default: 745 error("process_add_smartcard_key: " 746 "Unknown constraint type %d", type); 747 goto send; 748 } 749 } 750 if (lifetime && !death) 751 death = monotime() + lifetime; 752 753 count = pkcs11_add_provider(provider, pin, &keys); 754 for (i = 0; i < count; i++) { 755 k = keys[i]; 756 version = k->type == KEY_RSA1 ? 1 : 2; 757 tab = idtab_lookup(version); 758 if (lookup_identity(k, version) == NULL) { 759 id = xcalloc(1, sizeof(Identity)); 760 id->key = k; 761 id->provider = xstrdup(provider); 762 id->comment = xstrdup(provider); /* XXX */ 763 id->death = death; 764 id->confirm = confirm; 765 TAILQ_INSERT_TAIL(&tab->idlist, id, next); 766 tab->nentries++; 767 success = 1; 768 } else { 769 sshkey_free(k); 770 } 771 keys[i] = NULL; 772 } 773 send: 774 free(pin); 775 free(provider); 776 free(keys); 777 send_status(e, success); 778 } 779 780 static void 781 process_remove_smartcard_key(SocketEntry *e) 782 { 783 char *provider = NULL, *pin = NULL; 784 int r, version, success = 0; 785 Identity *id, *nxt; 786 Idtab *tab; 787 788 if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || 789 (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) 790 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 791 free(pin); 792 793 for (version = 1; version < 3; version++) { 794 tab = idtab_lookup(version); 795 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 796 nxt = TAILQ_NEXT(id, next); 797 /* Skip file--based keys */ 798 if (id->provider == NULL) 799 continue; 800 if (!strcmp(provider, id->provider)) { 801 TAILQ_REMOVE(&tab->idlist, id, next); 802 free_identity(id); 803 tab->nentries--; 804 } 805 } 806 } 807 if (pkcs11_del_provider(provider) == 0) 808 success = 1; 809 else 810 error("process_remove_smartcard_key:" 811 " pkcs11_del_provider failed"); 812 free(provider); 813 send_status(e, success); 814 } 815 #endif /* ENABLE_PKCS11 */ 816 817 /* dispatch incoming messages */ 818 819 static void 820 process_message(SocketEntry *e) 821 { 822 u_int msg_len; 823 u_char type; 824 const u_char *cp; 825 int r; 826 827 if (sshbuf_len(e->input) < 5) 828 return; /* Incomplete message. */ 829 cp = sshbuf_ptr(e->input); 830 msg_len = PEEK_U32(cp); 831 if (msg_len > 256 * 1024) { 832 close_socket(e); 833 return; 834 } 835 if (sshbuf_len(e->input) < msg_len + 4) 836 return; 837 838 /* move the current input to e->request */ 839 sshbuf_reset(e->request); 840 if ((r = sshbuf_get_stringb(e->input, e->request)) != 0 || 841 (r = sshbuf_get_u8(e->request, &type)) != 0) 842 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 843 844 /* check wheter agent is locked */ 845 if (locked && type != SSH_AGENTC_UNLOCK) { 846 sshbuf_reset(e->request); 847 switch (type) { 848 case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 849 case SSH2_AGENTC_REQUEST_IDENTITIES: 850 /* send empty lists */ 851 no_identities(e, type); 852 break; 853 default: 854 /* send a fail message for all other request types */ 855 send_status(e, 0); 856 } 857 return; 858 } 859 860 debug("type %d", type); 861 switch (type) { 862 case SSH_AGENTC_LOCK: 863 case SSH_AGENTC_UNLOCK: 864 process_lock_agent(e, type == SSH_AGENTC_LOCK); 865 break; 866 #ifdef WITH_SSH1 867 /* ssh1 */ 868 case SSH_AGENTC_RSA_CHALLENGE: 869 process_authentication_challenge1(e); 870 break; 871 case SSH_AGENTC_REQUEST_RSA_IDENTITIES: 872 process_request_identities(e, 1); 873 break; 874 case SSH_AGENTC_ADD_RSA_IDENTITY: 875 case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: 876 process_add_identity(e, 1); 877 break; 878 case SSH_AGENTC_REMOVE_RSA_IDENTITY: 879 process_remove_identity(e, 1); 880 break; 881 #endif 882 case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: 883 process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */ 884 break; 885 /* ssh2 */ 886 case SSH2_AGENTC_SIGN_REQUEST: 887 process_sign_request2(e); 888 break; 889 case SSH2_AGENTC_REQUEST_IDENTITIES: 890 process_request_identities(e, 2); 891 break; 892 case SSH2_AGENTC_ADD_IDENTITY: 893 case SSH2_AGENTC_ADD_ID_CONSTRAINED: 894 process_add_identity(e, 2); 895 break; 896 case SSH2_AGENTC_REMOVE_IDENTITY: 897 process_remove_identity(e, 2); 898 break; 899 case SSH2_AGENTC_REMOVE_ALL_IDENTITIES: 900 process_remove_all_identities(e, 2); 901 break; 902 #ifdef ENABLE_PKCS11 903 case SSH_AGENTC_ADD_SMARTCARD_KEY: 904 case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED: 905 process_add_smartcard_key(e); 906 break; 907 case SSH_AGENTC_REMOVE_SMARTCARD_KEY: 908 process_remove_smartcard_key(e); 909 break; 910 #endif /* ENABLE_PKCS11 */ 911 default: 912 /* Unknown message. Respond with failure. */ 913 error("Unknown message %d", type); 914 sshbuf_reset(e->request); 915 send_status(e, 0); 916 break; 917 } 918 } 919 920 static void 921 new_socket(sock_type type, int fd) 922 { 923 u_int i, old_alloc, new_alloc; 924 925 set_nonblock(fd); 926 927 if (fd > max_fd) 928 max_fd = fd; 929 930 for (i = 0; i < sockets_alloc; i++) 931 if (sockets[i].type == AUTH_UNUSED) { 932 sockets[i].fd = fd; 933 if ((sockets[i].input = sshbuf_new()) == NULL) 934 fatal("%s: sshbuf_new failed", __func__); 935 if ((sockets[i].output = sshbuf_new()) == NULL) 936 fatal("%s: sshbuf_new failed", __func__); 937 if ((sockets[i].request = sshbuf_new()) == NULL) 938 fatal("%s: sshbuf_new failed", __func__); 939 sockets[i].type = type; 940 return; 941 } 942 old_alloc = sockets_alloc; 943 new_alloc = sockets_alloc + 10; 944 sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0])); 945 for (i = old_alloc; i < new_alloc; i++) 946 sockets[i].type = AUTH_UNUSED; 947 sockets_alloc = new_alloc; 948 sockets[old_alloc].fd = fd; 949 if ((sockets[old_alloc].input = sshbuf_new()) == NULL) 950 fatal("%s: sshbuf_new failed", __func__); 951 if ((sockets[old_alloc].output = sshbuf_new()) == NULL) 952 fatal("%s: sshbuf_new failed", __func__); 953 if ((sockets[old_alloc].request = sshbuf_new()) == NULL) 954 fatal("%s: sshbuf_new failed", __func__); 955 sockets[old_alloc].type = type; 956 } 957 958 static int 959 prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, 960 struct timeval **tvpp) 961 { 962 u_int i, sz; 963 int n = 0; 964 static struct timeval tv; 965 time_t deadline; 966 967 for (i = 0; i < sockets_alloc; i++) { 968 switch (sockets[i].type) { 969 case AUTH_SOCKET: 970 case AUTH_CONNECTION: 971 n = MAX(n, sockets[i].fd); 972 break; 973 case AUTH_UNUSED: 974 break; 975 default: 976 fatal("Unknown socket type %d", sockets[i].type); 977 break; 978 } 979 } 980 981 sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); 982 if (*fdrp == NULL || sz > *nallocp) { 983 free(*fdrp); 984 free(*fdwp); 985 *fdrp = xmalloc(sz); 986 *fdwp = xmalloc(sz); 987 *nallocp = sz; 988 } 989 if (n < *fdl) 990 debug("XXX shrink: %d < %d", n, *fdl); 991 *fdl = n; 992 memset(*fdrp, 0, sz); 993 memset(*fdwp, 0, sz); 994 995 for (i = 0; i < sockets_alloc; i++) { 996 switch (sockets[i].type) { 997 case AUTH_SOCKET: 998 case AUTH_CONNECTION: 999 FD_SET(sockets[i].fd, *fdrp); 1000 if (sshbuf_len(sockets[i].output) > 0) 1001 FD_SET(sockets[i].fd, *fdwp); 1002 break; 1003 default: 1004 break; 1005 } 1006 } 1007 deadline = reaper(); 1008 if (parent_alive_interval != 0) 1009 deadline = (deadline == 0) ? parent_alive_interval : 1010 MIN(deadline, parent_alive_interval); 1011 if (deadline == 0) { 1012 *tvpp = NULL; 1013 } else { 1014 tv.tv_sec = deadline; 1015 tv.tv_usec = 0; 1016 *tvpp = &tv; 1017 } 1018 return (1); 1019 } 1020 1021 static void 1022 after_select(fd_set *readset, fd_set *writeset) 1023 { 1024 struct sockaddr_un sunaddr; 1025 socklen_t slen; 1026 char buf[1024]; 1027 int len, sock, r; 1028 u_int i, orig_alloc; 1029 uid_t euid; 1030 gid_t egid; 1031 1032 for (i = 0, orig_alloc = sockets_alloc; i < orig_alloc; i++) 1033 switch (sockets[i].type) { 1034 case AUTH_UNUSED: 1035 break; 1036 case AUTH_SOCKET: 1037 if (FD_ISSET(sockets[i].fd, readset)) { 1038 slen = sizeof(sunaddr); 1039 sock = accept(sockets[i].fd, 1040 (struct sockaddr *)&sunaddr, &slen); 1041 if (sock < 0) { 1042 error("accept from AUTH_SOCKET: %s", 1043 strerror(errno)); 1044 break; 1045 } 1046 if (getpeereid(sock, &euid, &egid) < 0) { 1047 error("getpeereid %d failed: %s", 1048 sock, strerror(errno)); 1049 close(sock); 1050 break; 1051 } 1052 if ((euid != 0) && (getuid() != euid)) { 1053 error("uid mismatch: " 1054 "peer euid %u != uid %u", 1055 (u_int) euid, (u_int) getuid()); 1056 close(sock); 1057 break; 1058 } 1059 new_socket(AUTH_CONNECTION, sock); 1060 } 1061 break; 1062 case AUTH_CONNECTION: 1063 if (sshbuf_len(sockets[i].output) > 0 && 1064 FD_ISSET(sockets[i].fd, writeset)) { 1065 len = write(sockets[i].fd, 1066 sshbuf_ptr(sockets[i].output), 1067 sshbuf_len(sockets[i].output)); 1068 if (len == -1 && (errno == EAGAIN || 1069 errno == EINTR)) 1070 continue; 1071 if (len <= 0) { 1072 close_socket(&sockets[i]); 1073 break; 1074 } 1075 if ((r = sshbuf_consume(sockets[i].output, 1076 len)) != 0) 1077 fatal("%s: buffer error: %s", 1078 __func__, ssh_err(r)); 1079 } 1080 if (FD_ISSET(sockets[i].fd, readset)) { 1081 len = read(sockets[i].fd, buf, sizeof(buf)); 1082 if (len == -1 && (errno == EAGAIN || 1083 errno == EINTR)) 1084 continue; 1085 if (len <= 0) { 1086 close_socket(&sockets[i]); 1087 break; 1088 } 1089 if ((r = sshbuf_put(sockets[i].input, 1090 buf, len)) != 0) 1091 fatal("%s: buffer error: %s", 1092 __func__, ssh_err(r)); 1093 explicit_bzero(buf, sizeof(buf)); 1094 process_message(&sockets[i]); 1095 } 1096 break; 1097 default: 1098 fatal("Unknown type %d", sockets[i].type); 1099 } 1100 } 1101 1102 static void 1103 cleanup_socket(void) 1104 { 1105 if (cleanup_pid != 0 && getpid() != cleanup_pid) 1106 return; 1107 debug("%s: cleanup", __func__); 1108 if (socket_name[0]) 1109 unlink(socket_name); 1110 if (socket_dir[0]) 1111 rmdir(socket_dir); 1112 } 1113 1114 void 1115 cleanup_exit(int i) 1116 { 1117 cleanup_socket(); 1118 _exit(i); 1119 } 1120 1121 /*ARGSUSED*/ 1122 static void 1123 cleanup_handler(int sig) 1124 { 1125 cleanup_socket(); 1126 #ifdef ENABLE_PKCS11 1127 pkcs11_terminate(); 1128 #endif 1129 _exit(2); 1130 } 1131 1132 static void 1133 check_parent_exists(void) 1134 { 1135 /* 1136 * If our parent has exited then getppid() will return (pid_t)1, 1137 * so testing for that should be safe. 1138 */ 1139 if (parent_pid != -1 && getppid() != parent_pid) { 1140 /* printf("Parent has died - Authentication agent exiting.\n"); */ 1141 cleanup_socket(); 1142 _exit(2); 1143 } 1144 } 1145 1146 static void 1147 usage(void) 1148 { 1149 fprintf(stderr, 1150 "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" 1151 " [-t life] [command [arg ...]]\n" 1152 " ssh-agent [-c | -s] -k\n"); 1153 exit(1); 1154 } 1155 1156 int 1157 main(int ac, char **av) 1158 { 1159 int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; 1160 int sock, fd, ch, result, saved_errno; 1161 u_int nalloc; 1162 char *shell, *format, *pidstr, *agentsocket = NULL; 1163 fd_set *readsetp = NULL, *writesetp = NULL; 1164 struct rlimit rlim; 1165 extern int optind; 1166 extern char *optarg; 1167 pid_t pid; 1168 char pidstrbuf[1 + 3 * sizeof pid]; 1169 struct timeval *tvp = NULL; 1170 size_t len; 1171 mode_t prev_mask; 1172 1173 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 1174 sanitise_stdfd(); 1175 1176 /* drop */ 1177 setegid(getgid()); 1178 setgid(getgid()); 1179 1180 #ifdef WITH_OPENSSL 1181 OpenSSL_add_all_algorithms(); 1182 #endif 1183 1184 while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) { 1185 switch (ch) { 1186 case 'E': 1187 fingerprint_hash = ssh_digest_alg_by_name(optarg); 1188 if (fingerprint_hash == -1) 1189 fatal("Invalid hash algorithm \"%s\"", optarg); 1190 break; 1191 case 'c': 1192 if (s_flag) 1193 usage(); 1194 c_flag++; 1195 break; 1196 case 'k': 1197 k_flag++; 1198 break; 1199 case 's': 1200 if (c_flag) 1201 usage(); 1202 s_flag++; 1203 break; 1204 case 'd': 1205 if (d_flag || D_flag) 1206 usage(); 1207 d_flag++; 1208 break; 1209 case 'D': 1210 if (d_flag || D_flag) 1211 usage(); 1212 D_flag++; 1213 break; 1214 case 'a': 1215 agentsocket = optarg; 1216 break; 1217 case 't': 1218 if ((lifetime = convtime(optarg)) == -1) { 1219 fprintf(stderr, "Invalid lifetime\n"); 1220 usage(); 1221 } 1222 break; 1223 default: 1224 usage(); 1225 } 1226 } 1227 ac -= optind; 1228 av += optind; 1229 1230 if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) 1231 usage(); 1232 1233 if (ac == 0 && !c_flag && !s_flag) { 1234 shell = getenv("SHELL"); 1235 if (shell != NULL && (len = strlen(shell)) > 2 && 1236 strncmp(shell + len - 3, "csh", 3) == 0) 1237 c_flag = 1; 1238 } 1239 if (k_flag) { 1240 const char *errstr = NULL; 1241 1242 pidstr = getenv(SSH_AGENTPID_ENV_NAME); 1243 if (pidstr == NULL) { 1244 fprintf(stderr, "%s not set, cannot kill agent\n", 1245 SSH_AGENTPID_ENV_NAME); 1246 exit(1); 1247 } 1248 pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); 1249 if (errstr) { 1250 fprintf(stderr, 1251 "%s=\"%s\", which is not a good PID: %s\n", 1252 SSH_AGENTPID_ENV_NAME, pidstr, errstr); 1253 exit(1); 1254 } 1255 if (kill(pid, SIGTERM) == -1) { 1256 perror("kill"); 1257 exit(1); 1258 } 1259 format = c_flag ? "unsetenv %s;\n" : "unset %s;\n"; 1260 printf(format, SSH_AUTHSOCKET_ENV_NAME); 1261 printf(format, SSH_AGENTPID_ENV_NAME); 1262 printf("echo Agent pid %ld killed;\n", (long)pid); 1263 exit(0); 1264 } 1265 parent_pid = getpid(); 1266 1267 if (agentsocket == NULL) { 1268 /* Create private directory for agent socket */ 1269 mktemp_proto(socket_dir, sizeof(socket_dir)); 1270 if (mkdtemp(socket_dir) == NULL) { 1271 perror("mkdtemp: private socket dir"); 1272 exit(1); 1273 } 1274 snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, 1275 (long)parent_pid); 1276 } else { 1277 /* Try to use specified agent socket */ 1278 socket_dir[0] = '\0'; 1279 strlcpy(socket_name, agentsocket, sizeof socket_name); 1280 } 1281 1282 /* 1283 * Create socket early so it will exist before command gets run from 1284 * the parent. 1285 */ 1286 prev_mask = umask(0177); 1287 sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); 1288 if (sock < 0) { 1289 /* XXX - unix_listener() calls error() not perror() */ 1290 *socket_name = '\0'; /* Don't unlink any existing file */ 1291 cleanup_exit(1); 1292 } 1293 umask(prev_mask); 1294 1295 /* 1296 * Fork, and have the parent execute the command, if any, or present 1297 * the socket data. The child continues as the authentication agent. 1298 */ 1299 if (D_flag || d_flag) { 1300 log_init(__progname, 1301 d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, 1302 SYSLOG_FACILITY_AUTH, 1); 1303 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 1304 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 1305 SSH_AUTHSOCKET_ENV_NAME); 1306 printf("echo Agent pid %ld;\n", (long)parent_pid); 1307 goto skip; 1308 } 1309 pid = fork(); 1310 if (pid == -1) { 1311 perror("fork"); 1312 cleanup_exit(1); 1313 } 1314 if (pid != 0) { /* Parent - execute the given command. */ 1315 close(sock); 1316 snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid); 1317 if (ac == 0) { 1318 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 1319 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 1320 SSH_AUTHSOCKET_ENV_NAME); 1321 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, 1322 SSH_AGENTPID_ENV_NAME); 1323 printf("echo Agent pid %ld;\n", (long)pid); 1324 exit(0); 1325 } 1326 if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || 1327 setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { 1328 perror("setenv"); 1329 exit(1); 1330 } 1331 execvp(av[0], av); 1332 perror(av[0]); 1333 exit(1); 1334 } 1335 /* child */ 1336 log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); 1337 1338 if (setsid() == -1) { 1339 error("setsid: %s", strerror(errno)); 1340 cleanup_exit(1); 1341 } 1342 1343 (void)chdir("/"); 1344 if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { 1345 /* XXX might close listen socket */ 1346 (void)dup2(fd, STDIN_FILENO); 1347 (void)dup2(fd, STDOUT_FILENO); 1348 (void)dup2(fd, STDERR_FILENO); 1349 if (fd > 2) 1350 close(fd); 1351 } 1352 1353 /* deny core dumps, since memory contains unencrypted private keys */ 1354 rlim.rlim_cur = rlim.rlim_max = 0; 1355 if (setrlimit(RLIMIT_CORE, &rlim) < 0) { 1356 error("setrlimit RLIMIT_CORE: %s", strerror(errno)); 1357 cleanup_exit(1); 1358 } 1359 1360 skip: 1361 1362 cleanup_pid = getpid(); 1363 1364 #ifdef ENABLE_PKCS11 1365 pkcs11_init(0); 1366 #endif 1367 new_socket(AUTH_SOCKET, sock); 1368 if (ac > 0) 1369 parent_alive_interval = 10; 1370 idtab_init(); 1371 signal(SIGPIPE, SIG_IGN); 1372 signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); 1373 signal(SIGHUP, cleanup_handler); 1374 signal(SIGTERM, cleanup_handler); 1375 nalloc = 0; 1376 1377 while (1) { 1378 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); 1379 result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); 1380 saved_errno = errno; 1381 if (parent_alive_interval != 0) 1382 check_parent_exists(); 1383 (void) reaper(); /* remove expired keys */ 1384 if (result < 0) { 1385 if (saved_errno == EINTR) 1386 continue; 1387 fatal("select: %s", strerror(saved_errno)); 1388 } else if (result > 0) 1389 after_select(readsetp, writesetp); 1390 } 1391 /* NOTREACHED */ 1392 } 1393