2 * Unix Pageant, more or less similar to ssh-agent.
12 #include <sys/types.h>
17 #define PUTTY_DO_GLOBALS /* actually _define_ globals */
23 SockAddr unix_sock_addr(const char *path);
24 Socket new_unix_listener(SockAddr listenaddr, Plug plug);
26 void fatalbox(const char *p, ...)
29 fprintf(stderr, "FATAL ERROR: ");
31 vfprintf(stderr, p, ap);
36 void modalfatalbox(const char *p, ...)
39 fprintf(stderr, "FATAL ERROR: ");
41 vfprintf(stderr, p, ap);
46 void nonfatal(const char *p, ...)
49 fprintf(stderr, "ERROR: ");
51 vfprintf(stderr, p, ap);
55 void connection_fatal(void *frontend, const char *p, ...)
58 fprintf(stderr, "FATAL ERROR: ");
60 vfprintf(stderr, p, ap);
65 void cmdline_error(const char *p, ...)
68 fprintf(stderr, "pageant: ");
70 vfprintf(stderr, p, ap);
76 FILE *pageant_logfp = NULL;
77 void pageant_log(void *ctx, const char *fmt, va_list ap)
82 fprintf(pageant_logfp, "pageant: ");
83 vfprintf(pageant_logfp, fmt, ap);
84 fprintf(pageant_logfp, "\n");
88 * In Pageant our selects are synchronous, so these functions are
91 uxsel_id *uxsel_input_add(int fd, int rwx) { return NULL; }
92 void uxsel_input_remove(uxsel_id *id) { }
97 void random_save_seed(void) {}
98 void random_destroy_seed(void) {}
99 void noise_ultralight(unsigned long data) {}
100 char *platform_default_s(const char *name) { return NULL; }
101 int platform_default_i(const char *name, int def) { return def; }
102 FontSpec *platform_default_fontspec(const char *name) { return fontspec_new(""); }
103 Filename *platform_default_filename(const char *name) { return filename_from_str(""); }
104 char *x_get_default(const char *key) { return NULL; }
105 void log_eventlog(void *handle, const char *event) {}
106 int from_backend(void *frontend, int is_stderr, const char *data, int datalen)
107 { assert(!"only here to satisfy notional call from backend_socket_log"); }
110 * Short description of parameters.
112 static void usage(void)
114 printf("Pageant: SSH agent\n");
116 printf("Usage: pageant <lifetime> [key files]\n");
117 printf(" pageant [key files] --exec <command> [args]\n");
118 printf(" pageant -a [key files]\n");
119 printf(" pageant -d [key identifiers]\n");
120 printf(" pageant --public [key identifiers]\n");
121 printf(" pageant --public-openssh [key identifiers]\n");
122 printf(" pageant -l\n");
123 printf(" pageant -D\n");
124 printf("Lifetime options, for running Pageant as an agent:\n");
125 printf(" -X run with the lifetime of the X server\n");
126 printf(" -T run with the lifetime of the controlling tty\n");
127 printf(" --permanent run permanently\n");
128 printf(" --debug run in debugging mode, without forking\n");
129 printf(" --exec <command> run with the lifetime of that command\n");
130 printf("Client options, for talking to an existing agent:\n");
131 printf(" -a add key(s) to the existing agent\n");
132 printf(" -l list currently loaded key fingerprints and comments\n");
133 printf(" --public print public keys in RFC 4716 format\n");
134 printf(" --public-openssh print public keys in OpenSSH format\n");
135 printf(" -d delete key(s) from the agent\n");
136 printf(" -D delete all keys from the agent\n");
137 printf("Other options:\n");
138 printf(" -v verbose mode (in agent mode)\n");
139 printf(" -s -c force POSIX or C shell syntax (in agent mode)\n");
143 static void version(void)
145 char *buildinfo_text = buildinfo("\n");
146 printf("pageant: %s\n%s\n", ver, buildinfo_text);
147 sfree(buildinfo_text);
151 void keylist_update(void)
153 /* Nothing needs doing in Unix Pageant */
156 #define PAGEANT_DIR_PREFIX "/tmp/pageant"
158 const char *const appname = "Pageant";
160 static int time_to_die = FALSE;
162 /* Stub functions to permit linking against x11fwd.c. These never get
163 * used, because in LIFE_X11 mode we connect to the X server using a
164 * straightforward Socket and don't try to create an ersatz SSH
166 int sshfwd_write(struct ssh_channel *c, char *data, int len) { return 0; }
167 void sshfwd_write_eof(struct ssh_channel *c) { }
168 void sshfwd_unclean_close(struct ssh_channel *c, const char *err) { }
169 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize) {}
170 Conf *sshfwd_get_conf(struct ssh_channel *c) { return NULL; }
171 void sshfwd_x11_sharing_handover(struct ssh_channel *c,
172 void *share_cs, void *share_chan,
173 const char *peer_addr, int peer_port,
174 int endian, int protomajor, int protominor,
175 const void *initial_data, int initial_len) {}
176 void sshfwd_x11_is_local(struct ssh_channel *c) {}
179 * These functions are part of the plug for our connection to the X
180 * display, so they do get called. They needn't actually do anything,
181 * except that x11_closing has to signal back to the main loop that
182 * it's time to terminate.
184 static void x11_log(Plug p, int type, SockAddr addr, int port,
185 const char *error_msg, int error_code) {}
186 static int x11_receive(Plug plug, int urgent, char *data, int len) {return 0;}
187 static void x11_sent(Plug plug, int bufsize) {}
188 static int x11_closing(Plug plug, const char *error_msg, int error_code,
194 struct X11Connection {
195 const struct plug_function_table *fn;
199 static enum { SHELL_AUTO, SHELL_SH, SHELL_CSH } shell_type = SHELL_AUTO;
200 void pageant_print_env(int pid)
202 if (shell_type == SHELL_AUTO) {
203 /* Same policy as OpenSSH: if $SHELL ends in "csh" then assume
204 * it's csh-shaped. */
205 const char *shell = getenv("SHELL");
206 if (shell && strlen(shell) >= 3 &&
207 !strcmp(shell + strlen(shell) - 3, "csh"))
208 shell_type = SHELL_CSH;
210 shell_type = SHELL_SH;
214 * These shell snippets could usefully pay some attention to
215 * escaping of interesting characters. I don't think it causes a
216 * problem at the moment, because the pathnames we use are so
217 * utterly boring, but it's a lurking bug waiting to happen once
218 * a bit more flexibility turns up.
221 switch (shell_type) {
223 printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n"
224 "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n",
228 printf("setenv SSH_AUTH_SOCK %s;\n"
229 "setenv SSH_AGENT_PID %d;\n",
233 assert(0 && "Can't get here");
238 void pageant_fork_and_print_env(int retain_tty)
244 } else if (pid != 0) {
245 pageant_print_env(pid);
250 * Having forked off, we now daemonise ourselves as best we can.
251 * It's good practice in general to setsid() ourself out of any
252 * process group we didn't want to be part of, and to chdir("/")
253 * to avoid holding any directories open that we don't need in
254 * case someone wants to umount them; also, we should definitely
255 * close standard output (because it will very likely be pointing
256 * at a pipe from which some parent process is trying to read our
257 * environment variable dump, so if we hold open another copy of
258 * it then that process will never finish reading). We close
259 * standard input too on general principles, but not standard
260 * error, since we might need to shout a panicky error message
263 if (chdir("/") < 0) {
264 /* should there be an error condition, nothing we can do about
270 /* Get out of our previous process group, to avoid being
271 * blasted by passing signals. But keep our controlling tty,
272 * so we can keep checking to see if we still have one. */
275 /* Do that, but also leave our entire session and detach from
276 * the controlling tty (if any). */
283 void sigchld(int signum)
285 if (write(signalpipe[1], "x", 1) <= 0)
286 /* not much we can do about it */;
289 #define TTY_LIFE_POLL_INTERVAL (TICKSPERSEC * 30)
290 void *dummy_timer_ctx;
291 static void tty_life_timer(void *ctx, unsigned long now)
293 schedule_timer(TTY_LIFE_POLL_INTERVAL, tty_life_timer, &dummy_timer_ctx);
300 KEYACT_CLIENT_DEL_ALL,
302 KEYACT_CLIENT_PUBLIC_OPENSSH,
305 struct cmdline_key_action {
306 struct cmdline_key_action *next;
308 const char *filename;
311 int is_agent_action(keyact action)
313 return action == KEYACT_AGENT_LOAD;
316 struct cmdline_key_action *keyact_head = NULL, *keyact_tail = NULL;
318 void add_keyact(keyact action, const char *filename)
320 struct cmdline_key_action *a = snew(struct cmdline_key_action);
322 a->filename = filename;
325 keyact_tail->next = a;
331 int have_controlling_tty(void)
333 int fd = open("/dev/tty", O_RDONLY);
335 if (errno != ENXIO) {
336 perror("/dev/tty: open");
346 char **exec_args = NULL;
348 LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC
349 } life = LIFE_UNSPEC;
350 const char *display = NULL;
352 static char *askpass(const char *comment)
354 if (have_controlling_tty()) {
356 prompts_t *p = new_prompts(NULL);
357 p->to_server = FALSE;
358 p->name = dupstr("Pageant passphrase prompt");
360 dupprintf("Enter passphrase to load key '%s': ", comment),
362 ret = console_get_userpass_input(p, NULL, 0);
366 perror("pageant: unable to read passphrase");
370 char *passphrase = dupstr(p->prompts[0]->result);
374 } else if (display) {
375 char *prompt, *passphrase;
379 char *gtk_askpass_main(const char *display, const char *wintitle,
380 const char *prompt, int *success);
382 prompt = dupprintf("Enter passphrase to load key '%s': ", comment);
383 passphrase = gtk_askpass_main(display,
384 "Pageant passphrase prompt",
388 /* return value is error message */
389 fprintf(stderr, "%s\n", passphrase);
395 fprintf(stderr, "no way to read a passphrase without tty or "
401 static int unix_add_keyfile(const char *filename_str)
403 Filename *filename = filename_from_str(filename_str);
410 * Try without a passphrase.
412 status = pageant_add_keyfile(filename, NULL, &err);
413 if (status == PAGEANT_ACTION_OK) {
415 } else if (status == PAGEANT_ACTION_FAILURE) {
416 fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
422 * And now try prompting for a passphrase.
425 char *passphrase = askpass(err);
431 status = pageant_add_keyfile(filename, passphrase, &err);
433 smemclr(passphrase, strlen(passphrase));
437 if (status == PAGEANT_ACTION_OK) {
439 } else if (status == PAGEANT_ACTION_FAILURE) {
440 fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
448 filename_free(filename);
452 void key_list_callback(void *ctx, const char *fingerprint,
453 const char *comment, struct pageant_pubkey *key)
455 printf("%s %s\n", fingerprint, comment);
458 struct key_find_ctx {
460 int match_fp, match_comment;
461 struct pageant_pubkey *found;
465 int match_fingerprint_string(const char *string, const char *fingerprint)
469 /* Find the hash in the fingerprint string. It'll be the word at the end. */
470 hash = strrchr(fingerprint, ' ');
474 /* Now see if the search string is a prefix of the full hash,
475 * neglecting colons and case differences. */
477 while (*string == ':') string++;
478 while (*hash == ':') hash++;
481 if (tolower((unsigned char)*string) != tolower((unsigned char)*hash))
488 void key_find_callback(void *vctx, const char *fingerprint,
489 const char *comment, struct pageant_pubkey *key)
491 struct key_find_ctx *ctx = (struct key_find_ctx *)vctx;
493 if ((ctx->match_comment && !strcmp(ctx->string, comment)) ||
494 (ctx->match_fp && match_fingerprint_string(ctx->string, fingerprint)))
497 ctx->found = pageant_pubkey_copy(key);
502 struct pageant_pubkey *find_key(const char *string, char **retstr)
504 struct key_find_ctx actx, *ctx = &actx;
505 struct pageant_pubkey key_in, *key_ret;
506 int try_file = TRUE, try_fp = TRUE, try_comment = TRUE;
507 int file_errors = FALSE;
510 * Trim off disambiguating prefixes telling us how to interpret
511 * the provided string.
513 if (!strncmp(string, "file:", 5)) {
515 try_fp = try_comment = FALSE;
516 file_errors = TRUE; /* also report failure to load the file */
517 } else if (!strncmp(string, "comment:", 8)) {
519 try_file = try_fp = FALSE;
520 } else if (!strncmp(string, "fp:", 3)) {
522 try_file = try_comment = FALSE;
523 } else if (!strncmp(string, "fingerprint:", 12)) {
525 try_file = try_comment = FALSE;
529 * Try interpreting the string as a key file name.
532 Filename *fn = filename_from_str(string);
533 int keytype = key_type(fn);
534 if (keytype == SSH_KEYTYPE_SSH1 ||
535 keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
538 if (!rsakey_pubblob(fn, &key_in.blob, &key_in.bloblen,
541 *retstr = dupprintf("unable to load file '%s': %s",
549 * If we've successfully loaded the file, stop here - we
550 * already have a key blob and need not go to the agent to
553 key_in.ssh_version = 1;
554 key_ret = pageant_pubkey_copy(&key_in);
558 } else if (keytype == SSH_KEYTYPE_SSH2 ||
559 keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
560 keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
563 if ((key_in.blob = ssh2_userkey_loadpub(fn, NULL,
565 NULL, &error)) == NULL) {
567 *retstr = dupprintf("unable to load file '%s': %s",
575 * If we've successfully loaded the file, stop here - we
576 * already have a key blob and need not go to the agent to
579 key_in.ssh_version = 2;
580 key_ret = pageant_pubkey_copy(&key_in);
586 *retstr = dupprintf("unable to load key file '%s': %s",
587 string, key_type_to_str(keytype));
596 * Failing that, go through the keys in the agent, and match
597 * against fingerprints and comments as appropriate.
599 ctx->string = string;
600 ctx->match_fp = try_fp;
601 ctx->match_comment = try_comment;
604 if (pageant_enum_keys(key_find_callback, ctx, retstr) ==
605 PAGEANT_ACTION_FAILURE)
608 if (ctx->nfound == 0) {
609 *retstr = dupstr("no key matched");
612 } else if (ctx->nfound > 1) {
613 *retstr = dupstr("multiple keys matched");
615 pageant_pubkey_free(ctx->found);
623 void run_client(void)
625 const struct cmdline_key_action *act;
626 struct pageant_pubkey *key;
630 if (!agent_exists()) {
631 fprintf(stderr, "pageant: no agent running to talk to\n");
635 for (act = keyact_head; act; act = act->next) {
636 switch (act->action) {
637 case KEYACT_CLIENT_ADD:
638 if (!unix_add_keyfile(act->filename))
641 case KEYACT_CLIENT_LIST:
642 if (pageant_enum_keys(key_list_callback, NULL, &retstr) ==
643 PAGEANT_ACTION_FAILURE) {
644 fprintf(stderr, "pageant: listing keys: %s\n", retstr);
649 case KEYACT_CLIENT_DEL:
651 if (!(key = find_key(act->filename, &retstr)) ||
652 pageant_delete_key(key, &retstr) == PAGEANT_ACTION_FAILURE) {
653 fprintf(stderr, "pageant: deleting key '%s': %s\n",
654 act->filename, retstr);
659 pageant_pubkey_free(key);
661 case KEYACT_CLIENT_PUBLIC_OPENSSH:
662 case KEYACT_CLIENT_PUBLIC:
664 if (!(key = find_key(act->filename, &retstr))) {
665 fprintf(stderr, "pageant: finding key '%s': %s\n",
666 act->filename, retstr);
670 FILE *fp = stdout; /* FIXME: add a -o option? */
672 if (key->ssh_version == 1) {
674 memset(&rkey, 0, sizeof(rkey));
675 rkey.comment = dupstr(key->comment);
676 makekey(key->blob, key->bloblen, &rkey, NULL, 0);
677 ssh1_write_pubkey(fp, &rkey);
680 ssh2_write_pubkey(fp, key->comment, key->blob,key->bloblen,
681 (act->action == KEYACT_CLIENT_PUBLIC ?
682 SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 :
683 SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH));
685 pageant_pubkey_free(key);
688 case KEYACT_CLIENT_DEL_ALL:
689 if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) {
690 fprintf(stderr, "pageant: deleting all keys: %s\n", retstr);
696 assert(0 && "Invalid client action found");
707 char *username, *socketdir;
708 struct pageant_listen_state *pl;
713 int i, fdcount, fdsize, fdstate;
714 int termination_pid = -1;
717 const struct cmdline_key_action *act;
720 fdcount = fdsize = 0;
725 * Start by loading any keys provided on the command line.
727 for (act = keyact_head; act; act = act->next) {
728 assert(act->action == KEYACT_AGENT_LOAD);
729 if (!unix_add_keyfile(act->filename))
736 * Set up a listening socket and run Pageant on it.
738 username = get_username();
739 socketdir = dupprintf("%s.%s", PAGEANT_DIR_PREFIX, username);
741 assert(*socketdir == '/');
742 if ((err = make_dir_and_check_ours(socketdir)) != NULL) {
743 fprintf(stderr, "pageant: %s: %s\n", socketdir, err);
746 socketname = dupprintf("%s/pageant.%d", socketdir, (int)getpid());
747 pl = pageant_listener_new();
748 sock = new_unix_listener(unix_sock_addr(socketname), (Plug)pl);
749 if ((err = sk_socket_error(sock)) != NULL) {
750 fprintf(stderr, "pageant: %s: %s\n", socketname, err);
753 pageant_listener_got_socket(pl, sock);
756 conf_set_int(conf, CONF_proxy_type, PROXY_NONE);
759 * Lifetime preparations.
761 signalpipe[0] = signalpipe[1] = -1;
762 if (life == LIFE_X11) {
763 struct X11Display *disp;
767 struct X11Connection *conn;
769 static const struct plug_function_table fn_table = {
778 fprintf(stderr, "pageant: no DISPLAY for -X mode\n");
781 disp = x11_setup_display(display, conf);
783 conn = snew(struct X11Connection);
784 conn->fn = &fn_table;
785 s = new_connection(sk_addr_dup(disp->addr),
786 disp->realhost, disp->port,
787 0, 1, 0, 0, (Plug)conn, conf);
788 if ((err = sk_socket_error(s)) != NULL) {
789 fprintf(stderr, "pageant: unable to connect to X server: %s", err);
792 greeting = x11_make_greeting('B', 11, 0, disp->localauthproto,
794 disp->localauthdatalen,
795 NULL, 0, &greetinglen);
796 sk_write(s, greeting, greetinglen);
797 smemclr(greeting, greetinglen);
800 pageant_fork_and_print_env(FALSE);
801 } else if (life == LIFE_TTY) {
802 schedule_timer(TTY_LIFE_POLL_INTERVAL,
803 tty_life_timer, &dummy_timer_ctx);
804 pageant_fork_and_print_env(TRUE);
805 } else if (life == LIFE_PERM) {
806 pageant_fork_and_print_env(FALSE);
807 } else if (life == LIFE_DEBUG) {
808 pageant_print_env(getpid());
809 pageant_logfp = stdout;
810 } else if (life == LIFE_EXEC) {
816 * Set up the pipe we'll use to tell us about SIGCHLD.
818 if (pipe(signalpipe) < 0) {
822 putty_signal(SIGCHLD, sigchld);
828 } else if (pid == 0) {
829 setenv("SSH_AUTH_SOCK", socketname, TRUE);
830 setenv("SSH_AGENT_PID", dupprintf("%d", (int)agentpid), TRUE);
831 execvp(exec_args[0], exec_args);
835 termination_pid = pid;
840 * Now we've decided on our logging arrangements, pass them on to
843 pageant_listener_set_logfn(pl, NULL, pageant_logfp ? pageant_log : NULL);
845 now = GETTICKCOUNT();
847 while (!time_to_die) {
848 fd_set rset, wset, xset;
859 if (signalpipe[0] >= 0) {
860 FD_SET_MAX(signalpipe[0], maxfd, rset);
863 /* Count the currently active fds. */
865 for (fd = first_fd(&fdstate, &rwx); fd >= 0;
866 fd = next_fd(&fdstate, &rwx)) i++;
868 /* Expand the fdlist buffer if necessary. */
871 fdlist = sresize(fdlist, fdsize, int);
875 * Add all currently open fds to the select sets, and store
876 * them in fdlist as well.
879 for (fd = first_fd(&fdstate, &rwx); fd >= 0;
880 fd = next_fd(&fdstate, &rwx)) {
881 fdlist[fdcount++] = fd;
883 FD_SET_MAX(fd, maxfd, rset);
885 FD_SET_MAX(fd, maxfd, wset);
887 FD_SET_MAX(fd, maxfd, xset);
890 if (toplevel_callback_pending()) {
894 ret = select(maxfd, &rset, &wset, &xset, &tv);
895 } else if (run_timers(now, &next)) {
901 now = GETTICKCOUNT();
902 if (now - then > next - then)
906 tv.tv_sec = ticks / 1000;
907 tv.tv_usec = ticks % 1000 * 1000;
908 ret = select(maxfd, &rset, &wset, &xset, &tv);
912 now = GETTICKCOUNT();
914 ret = select(maxfd, &rset, &wset, &xset, NULL);
917 if (ret < 0 && errno == EINTR)
925 if (life == LIFE_TTY) {
927 * Every time we wake up (whether it was due to tty_timer
928 * elapsing or for any other reason), poll to see if we
929 * still have a controlling terminal. If we don't, then
930 * our containing tty session has ended, so it's time to
931 * clean up and leave.
933 if (!have_controlling_tty()) {
939 for (i = 0; i < fdcount; i++) {
942 * We must process exceptional notifications before
943 * ordinary readability ones, or we may go straight
944 * past the urgent marker.
946 if (FD_ISSET(fd, &xset))
947 select_result(fd, 4);
948 if (FD_ISSET(fd, &rset))
949 select_result(fd, 1);
950 if (FD_ISSET(fd, &wset))
951 select_result(fd, 2);
954 if (signalpipe[0] >= 0 && FD_ISSET(signalpipe[0], &rset)) {
956 if (read(signalpipe[0], c, 1) <= 0)
958 /* ignore its value; it'll be `x' */
962 pid = waitpid(-1, &status, WNOHANG);
965 if (pid == termination_pid)
970 run_toplevel_callbacks();
974 * When we come here, we're terminating, and should clean up our
975 * Unix socket file if possible.
977 if (unlink(socketname) < 0) {
978 fprintf(stderr, "pageant: %s: %s\n", socketname, strerror(errno));
985 int main(int argc, char **argv)
987 int doing_opts = TRUE;
988 keyact curr_keyact = KEYACT_AGENT_LOAD;
991 * Process the command line.
995 if (*p == '-' && doing_opts) {
996 if (!strcmp(p, "-V") || !strcmp(p, "--version")) {
998 } else if (!strcmp(p, "--help")) {
1001 } else if (!strcmp(p, "-v")) {
1002 pageant_logfp = stderr;
1003 } else if (!strcmp(p, "-a")) {
1004 curr_keyact = KEYACT_CLIENT_ADD;
1005 } else if (!strcmp(p, "-d")) {
1006 curr_keyact = KEYACT_CLIENT_DEL;
1007 } else if (!strcmp(p, "-s")) {
1008 shell_type = SHELL_SH;
1009 } else if (!strcmp(p, "-c")) {
1010 shell_type = SHELL_CSH;
1011 } else if (!strcmp(p, "-D")) {
1012 add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
1013 } else if (!strcmp(p, "-l")) {
1014 add_keyact(KEYACT_CLIENT_LIST, NULL);
1015 } else if (!strcmp(p, "--public")) {
1016 curr_keyact = KEYACT_CLIENT_PUBLIC;
1017 } else if (!strcmp(p, "--public-openssh")) {
1018 curr_keyact = KEYACT_CLIENT_PUBLIC_OPENSSH;
1019 } else if (!strcmp(p, "-X")) {
1021 } else if (!strcmp(p, "-T")) {
1023 } else if (!strcmp(p, "--debug")) {
1025 } else if (!strcmp(p, "--permanent")) {
1027 } else if (!strcmp(p, "--exec")) {
1029 /* Now all subsequent arguments go to the exec command. */
1032 argc = 0; /* force end of option processing */
1034 fprintf(stderr, "pageant: expected a command "
1038 } else if (!strcmp(p, "--")) {
1043 * Non-option arguments (apart from those after --exec,
1044 * which are treated specially above) are interpreted as
1045 * the names of private key files to either add or delete
1048 add_keyact(curr_keyact, p);
1052 if (life == LIFE_EXEC && !exec_args) {
1053 fprintf(stderr, "pageant: expected a command with --exec\n");
1058 * Block SIGPIPE, so that we'll get EPIPE individually on
1059 * particular network connections that go wrong.
1061 putty_signal(SIGPIPE, SIG_IGN);
1067 display = getenv("DISPLAY");
1068 if (display && !*display)
1073 * Now distinguish our two main running modes. Either we're
1074 * actually starting up an agent, in which case we should have a
1075 * lifetime mode, and no key actions of KEYACT_CLIENT_* type; or
1076 * else we're contacting an existing agent to add or remove keys,
1077 * in which case we should have no lifetime mode, and no key
1078 * actions of KEYACT_AGENT_* type.
1081 int has_agent_actions = FALSE;
1082 int has_client_actions = FALSE;
1083 int has_lifetime = FALSE;
1084 const struct cmdline_key_action *act;
1086 for (act = keyact_head; act; act = act->next) {
1087 if (is_agent_action(act->action))
1088 has_agent_actions = TRUE;
1090 has_client_actions = TRUE;
1092 if (life != LIFE_UNSPEC)
1093 has_lifetime = TRUE;
1095 if (has_lifetime && has_client_actions) {
1096 fprintf(stderr, "pageant: client key actions (-a, -d, -D, -l, -L)"
1097 " do not go with an agent lifetime option\n");
1100 if (!has_lifetime && has_agent_actions) {
1101 fprintf(stderr, "pageant: expected an agent lifetime option with"
1102 " bare key file arguments\n");
1105 if (!has_lifetime && !has_client_actions) {
1106 fprintf(stderr, "pageant: expected an agent lifetime option"
1107 " or a client key action\n");
1113 } else if (has_client_actions) {