- markus@cvs.openbsd.org 2002/06/05 19:57:12

[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...
author: Ben Lindstrom <mouring@eviladmin.org> 2002-06-06 21:52:03 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-06-06 21:52:03 +0000
commit: 2f71704b42891fbb486b1925e522ea95739fa8ca (patch)
tree: 5ec11dbd740c8d7a92fd783f162faf0bd3df224a /ssh-agent.c
parent: 21d1ed8303c0d766b5bb1b3f0e54a7e28ae3c577 (diff)
1 files changed, 68 insertions, 1 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 13a88afd9..d9567af5c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 #include "includes.h"
 #include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.88 2002/06/05 19:57:12 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -95,6 +95,10 @@ pid_t parent_pid = -1;
 char socket_name[1024];
 char socket_dir[1024];
+/* locking */
+int locked = 0;
+char *lock_passwd = NULL;
 #ifdef HAVE___PROGNAME
 extern char *__progname;
 #else
@@ -442,6 +446,48 @@ send:
            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
 }
+/* XXX todo: encrypt sensitive data with passphrase */
+static void
+process_lock_agent(SocketEntry *e, int lock)
+{
+        char *passwd;
+        int success = 0;
+        passwd = buffer_get_string(&e->request, NULL);
+        if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
+                locked = 0;
+                memset(lock_passwd, 0, strlen(lock_passwd));
+                xfree(lock_passwd);
+                lock_passwd = NULL;
+                success = 1;
+        } else if (!locked && lock) {
+                locked = 1;
+                lock_passwd = xstrdup(passwd);
+                success = 1;
+        }
+        memset(passwd, 0, strlen(passwd));
+        xfree(passwd);
+ 
+        buffer_put_int(&e->output, 1);
+        buffer_put_char(&e->output,
+            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
+        return;
+}
+static void
+no_identities(SocketEntry *e, u_int type)
+{
+        Buffer msg;
+        buffer_init(&msg);
+        buffer_put_char(&msg,
+            (type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ?
+            SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER);
+        buffer_put_int(&msg, 0);
+        buffer_put_int(&e->output, buffer_len(&msg));
+        buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
+        buffer_free(&msg);
+}
 #ifdef SMARTCARD
 static void
@@ -557,8 +603,29 @@ process_message(SocketEntry *e)
        buffer_consume(&e->input, msg_len);
        type = buffer_get_char(&e->request);
+        /* check wheter agent is locked */
+        if (locked && type != SSH_AGENTC_UNLOCK) {
+                buffer_clear(&e->request);
+                switch (type) {
+                case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
+                case SSH2_AGENTC_REQUEST_IDENTITIES:
+                        /* send empty lists */
+                        no_identities(e, type);
+                        break;
+                default:
+                        /* send a fail message for all other request types */
+                        buffer_put_int(&e->output, 1);
+                        buffer_put_char(&e->output, SSH_AGENT_FAILURE);
+                }
+                return;
+        }
        debug("type %d", type);
        switch (type) {
+        case SSH_AGENTC_LOCK:
+        case SSH_AGENTC_UNLOCK:
+                process_lock_agent(e, type == SSH_AGENTC_LOCK);
+                break;
        /* ssh1 */
        case SSH_AGENTC_RSA_CHALLENGE:
                process_authentication_challenge1(e);
author	Ben Lindstrom <mouring@eviladmin.org>	2002-06-06 21:52:03 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-06-06 21:52:03 +0000
commit	2f71704b42891fbb486b1925e522ea95739fa8ca (patch)
tree	5ec11dbd740c8d7a92fd783f162faf0bd3df224a /ssh-agent.c
parent	21d1ed8303c0d766b5bb1b3f0e54a7e28ae3c577 (diff)

diff --git a/ssh-agent.c b/ssh-agent.c index 13a88afd9..d9567af5c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35		35
36	#include "includes.h"	36	#include "includes.h"
37	#include "openbsd-compat/fake-queue.h"	37	#include "openbsd-compat/fake-queue.h"
38	RCSID("$OpenBSD: ssh-agent.c,v 1.87 2002/06/05 16:48:54 markus Exp $");	38	RCSID("$OpenBSD: ssh-agent.c,v 1.88 2002/06/05 19:57:12 markus Exp $");
39		39
40	#include <openssl/evp.h>	40	#include <openssl/evp.h>
41	#include <openssl/md5.h>	41	#include <openssl/md5.h>
@@ -95,6 +95,10 @@ pid_t parent_pid = -1;
95	char socket_name[1024];	95	char socket_name[1024];
96	char socket_dir[1024];	96	char socket_dir[1024];
97		97
		98	/* locking */
		99	int locked = 0;
		100	char *lock_passwd = NULL;
		101
98	#ifdef HAVE___PROGNAME	102	#ifdef HAVE___PROGNAME
99	extern char *__progname;	103	extern char *__progname;
100	#else	104	#else
@@ -442,6 +446,48 @@ send:
442	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);	446	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
443	}	447	}
444		448
		449	/* XXX todo: encrypt sensitive data with passphrase */
		450	static void
		451	process_lock_agent(SocketEntry *e, int lock)
		452	{
		453	char *passwd;
		454	int success = 0;
		455
		456	passwd = buffer_get_string(&e->request, NULL);
		457	if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
		458	locked = 0;
		459	memset(lock_passwd, 0, strlen(lock_passwd));
		460	xfree(lock_passwd);
		461	lock_passwd = NULL;
		462	success = 1;
		463	} else if (!locked && lock) {
		464	locked = 1;
		465	lock_passwd = xstrdup(passwd);
		466	success = 1;
		467	}
		468	memset(passwd, 0, strlen(passwd));
		469	xfree(passwd);
		470
		471	buffer_put_int(&e->output, 1);
		472	buffer_put_char(&e->output,
		473	success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
		474	return;
		475	}
		476
		477	static void
		478	no_identities(SocketEntry *e, u_int type)
		479	{
		480	Buffer msg;
		481
		482	buffer_init(&msg);
		483	buffer_put_char(&msg,
		484	(type == SSH_AGENTC_REQUEST_RSA_IDENTITIES) ?
		485	SSH_AGENT_RSA_IDENTITIES_ANSWER : SSH2_AGENT_IDENTITIES_ANSWER);
		486	buffer_put_int(&msg, 0);
		487	buffer_put_int(&e->output, buffer_len(&msg));
		488	buffer_append(&e->output, buffer_ptr(&msg), buffer_len(&msg));
		489	buffer_free(&msg);
		490	}
445		491
446	#ifdef SMARTCARD	492	#ifdef SMARTCARD
447	static void	493	static void
@@ -557,8 +603,29 @@ process_message(SocketEntry *e)
557	buffer_consume(&e->input, msg_len);	603	buffer_consume(&e->input, msg_len);
558	type = buffer_get_char(&e->request);	604	type = buffer_get_char(&e->request);
559		605
		606	/* check wheter agent is locked */
		607	if (locked && type != SSH_AGENTC_UNLOCK) {
		608	buffer_clear(&e->request);
		609	switch (type) {
		610	case SSH_AGENTC_REQUEST_RSA_IDENTITIES:
		611	case SSH2_AGENTC_REQUEST_IDENTITIES:
		612	/* send empty lists */
		613	no_identities(e, type);
		614	break;
		615	default:
		616	/* send a fail message for all other request types */
		617	buffer_put_int(&e->output, 1);
		618	buffer_put_char(&e->output, SSH_AGENT_FAILURE);
		619	}
		620	return;
		621	}
		622
560	debug("type %d", type);	623	debug("type %d", type);
561	switch (type) {	624	switch (type) {
		625	case SSH_AGENTC_LOCK:
		626	case SSH_AGENTC_UNLOCK:
		627	process_lock_agent(e, type == SSH_AGENTC_LOCK);
		628	break;
562	/* ssh1 */	629	/* ssh1 */
563	case SSH_AGENTC_RSA_CHALLENGE:	630	case SSH_AGENTC_RSA_CHALLENGE:
564	process_authentication_challenge1(e);	631	process_authentication_challenge1(e);