From 226cfa03781466907dd252916aeade6879e376b8 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 22 Jan 2001 05:34:40 +0000 Subject: Hopefully things did not get mixed around too much. It compiles under Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19. --- ssh-agent.c | 101 ++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 34 deletions(-) (limited to 'ssh-agent.c') diff --git a/ssh-agent.c b/ssh-agent.c index 55704e492..bc577e76a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $"); + +#include +#include #include "ssh.h" #include "rsa.h" @@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $"); #include "packet.h" #include "getput.h" #include "mpaux.h" - -#include -#include -#include -#include #include "key.h" #include "authfd.h" +#include "cipher.h" #include "kex.h" #include "compat.h" +#include "log.h" typedef struct { int fd; @@ -97,6 +97,8 @@ extern char *__progname; char *__progname; #endif +int prepare_select(fd_set **, fd_set **, int *); + void idtab_init(void) { @@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version) if (bits != key_size(key)) log("Warning: identity keysize mismatch: actual %d, announced %d", - key_size(key), bits); + key_size(key), bits); break; case 2: blob = buffer_get_string(&e->input, &blen); @@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version) switch (version) { case 1: k = key_new_private(KEY_RSA1); - buffer_get_int(&e->input); /* ignored */ + buffer_get_int(&e->input); /* ignored */ buffer_get_bignum(&e->input, k->rsa->n); buffer_get_bignum(&e->input, k->rsa->e); buffer_get_bignum(&e->input, k->rsa->d); @@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version) break; case 2: type_name = buffer_get_string(&e->input, NULL); - type = key_type_from_name(type_name); + type = key_type_from_name(type_name); xfree(type_name); switch(type) { case KEY_DSA: @@ -556,17 +558,17 @@ new_socket(int type, int fd) buffer_init(&sockets[old_alloc].output); } -void -prepare_select(fd_set *readset, fd_set *writeset) +int +prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl) { - u_int i; - for (i = 0; i < sockets_alloc; i++) + u_int i, sz; + int n = 0; + + for (i = 0; i < sockets_alloc; i++) { switch (sockets[i].type) { case AUTH_SOCKET: case AUTH_CONNECTION: - FD_SET(sockets[i].fd, readset); - if (buffer_len(&sockets[i].output) > 0) - FD_SET(sockets[i].fd, writeset); + n = MAX(n, sockets[i].fd); break; case AUTH_UNUSED: break; @@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset) fatal("Unknown socket type %d", sockets[i].type); break; } + } + + sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); + if (*fdrp == NULL || n > *fdl) { + if (*fdrp) + free(*fdrp); + if (*fdwp) + free(*fdwp); + *fdrp = xmalloc(sz); + *fdwp = xmalloc(sz); + *fdl = n; + } + memset(*fdrp, 0, sz); + memset(*fdwp, 0, sz); + + for (i = 0; i < sockets_alloc; i++) { + switch (sockets[i].type) { + case AUTH_SOCKET: + case AUTH_CONNECTION: + FD_SET(sockets[i].fd, *fdrp); + if (buffer_len(&sockets[i].output) > 0) + FD_SET(sockets[i].fd, *fdwp); + break; + default: + break; + } + } + return (1); } void @@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset) case AUTH_SOCKET: if (FD_ISSET(sockets[i].fd, readset)) { slen = sizeof(sunaddr); - sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen); + sock = accept(sockets[i].fd, + (struct sockaddr *) &sunaddr, &slen); if (sock < 0) { perror("accept from AUTH_SOCKET"); break; @@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset) case AUTH_CONNECTION: if (buffer_len(&sockets[i].output) > 0 && FD_ISSET(sockets[i].fd, writeset)) { - len = write(sockets[i].fd, buffer_ptr(&sockets[i].output), - buffer_len(&sockets[i].output)); + len = write(sockets[i].fd, + buffer_ptr(&sockets[i].output), + buffer_len(&sockets[i].output)); if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); @@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset) void check_parent_exists(int sig) { + int save_errno = errno; + if (parent_pid != -1 && kill(parent_pid, 0) < 0) { /* printf("Parent has died - Authentication agent exiting.\n"); */ exit(1); } signal(SIGALRM, check_parent_exists); alarm(10); + errno = save_errno; } void @@ -664,14 +699,13 @@ usage() { fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION); fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n", - __progname); + __progname); exit(1); } int main(int ac, char **av) { - fd_set readset, writeset; int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; struct sockaddr_un sunaddr; #ifdef HAVE_SETRLIMIT @@ -680,6 +714,7 @@ main(int ac, char **av) pid_t pid; char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; extern int optind; + fd_set *readsetp = NULL, *writesetp = NULL; __progname = get_progname(av[0]); init_rng(); @@ -722,14 +757,13 @@ main(int ac, char **av) pidstr = getenv(SSH_AGENTPID_ENV_NAME); if (pidstr == NULL) { fprintf(stderr, "%s not set, cannot kill agent\n", - SSH_AGENTPID_ENV_NAME); + SSH_AGENTPID_ENV_NAME); exit(1); } pid = atoi(pidstr); - if (pid < 1) { /* XXX PID_MAX check too */ - /* Yes, PID_MAX check please */ + if (pid < 1) { fprintf(stderr, "%s=\"%s\", which is not a good PID\n", - SSH_AGENTPID_ENV_NAME, pidstr); + SSH_AGENTPID_ENV_NAME, pidstr); exit(1); } if (kill(pid, SIGTERM) == -1) { @@ -751,7 +785,7 @@ main(int ac, char **av) exit(1); } snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, - parent_pid); + parent_pid); /* * Create socket early so it will exist before command gets run from @@ -773,6 +807,7 @@ main(int ac, char **av) perror("listen"); cleanup_exit(1); } + /* * Fork, and have the parent execute the command, if any, or present * the socket data. The child continues as the authentication agent. @@ -788,9 +823,9 @@ main(int ac, char **av) if (ac == 0) { format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, - SSH_AUTHSOCKET_ENV_NAME); + SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, - SSH_AGENTPID_ENV_NAME); + SSH_AGENTPID_ENV_NAME); printf("echo Agent pid %d;\n", pid); exit(0); } @@ -834,15 +869,13 @@ main(int ac, char **av) signal(SIGHUP, cleanup_exit); signal(SIGTERM, cleanup_exit); while (1) { - FD_ZERO(&readset); - FD_ZERO(&writeset); - prepare_select(&readset, &writeset); - if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) { + prepare_select(&readsetp, &writesetp, &max_fd); + if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) { if (errno == EINTR) continue; exit(1); } - after_select(&readset, &writeset); + after_select(readsetp, writesetp); } /* NOTREACHED */ } -- cgit v1.2.3