2 * Unix Pageant, more or less similar to ssh-agent.
12 #include <sys/types.h>
17 #define PUTTY_DO_GLOBALS /* actually _define_ globals */
23 SockAddr unix_sock_addr(const char *path);
24 Socket new_unix_listener(SockAddr listenaddr, Plug plug);
26 void fatalbox(const char *p, ...)
29 fprintf(stderr, "FATAL ERROR: ");
31 vfprintf(stderr, p, ap);
36 void modalfatalbox(const char *p, ...)
39 fprintf(stderr, "FATAL ERROR: ");
41 vfprintf(stderr, p, ap);
46 void nonfatal(const char *p, ...)
49 fprintf(stderr, "ERROR: ");
51 vfprintf(stderr, p, ap);
55 void connection_fatal(void *frontend, const char *p, ...)
58 fprintf(stderr, "FATAL ERROR: ");
60 vfprintf(stderr, p, ap);
65 void cmdline_error(const char *p, ...)
68 fprintf(stderr, "pageant: ");
70 vfprintf(stderr, p, ap);
76 FILE *pageant_logfp = NULL;
77 void pageant_log(void *ctx, const char *fmt, va_list ap)
82 fprintf(pageant_logfp, "pageant: ");
83 vfprintf(pageant_logfp, fmt, ap);
84 fprintf(pageant_logfp, "\n");
88 * In Pageant our selects are synchronous, so these functions are
91 uxsel_id *uxsel_input_add(int fd, int rwx) { return NULL; }
92 void uxsel_input_remove(uxsel_id *id) { }
97 void random_save_seed(void) {}
98 void random_destroy_seed(void) {}
99 void noise_ultralight(unsigned long data) {}
100 char *platform_default_s(const char *name) { return NULL; }
101 int platform_default_i(const char *name, int def) { return def; }
102 FontSpec *platform_default_fontspec(const char *name) { return fontspec_new(""); }
103 Filename *platform_default_filename(const char *name) { return filename_from_str(""); }
104 char *x_get_default(const char *key) { return NULL; }
105 void log_eventlog(void *handle, const char *event) {}
106 int from_backend(void *frontend, int is_stderr, const char *data, int datalen)
107 { assert(!"only here to satisfy notional call from backend_socket_log"); }
110 * Short description of parameters.
112 static void usage(void)
114 printf("Pageant: SSH agent\n");
116 printf("Usage: pageant <lifetime> [key files]\n");
117 printf(" pageant [key files] --exec <command> [args]\n");
118 printf(" pageant -a [key files]\n");
119 printf(" pageant -d [key identifiers]\n");
120 printf(" pageant --public [key identifiers]\n");
121 printf(" pageant --public-openssh [key identifiers]\n");
122 printf(" pageant -l\n");
123 printf(" pageant -D\n");
124 printf("Lifetime options, for running Pageant as an agent:\n");
125 printf(" -X run with the lifetime of the X server\n");
126 printf(" -T run with the lifetime of the controlling tty\n");
127 printf(" --permanent run permanently\n");
128 printf(" --debug run in debugging mode, without forking\n");
129 printf(" --exec <command> run with the lifetime of that command\n");
130 printf("Client options, for talking to an existing agent:\n");
131 printf(" -a add key(s) to the existing agent\n");
132 printf(" -l list currently loaded key fingerprints and comments\n");
133 printf(" --public print public keys in RFC 4716 format\n");
134 printf(" --public-openssh print public keys in OpenSSH format\n");
135 printf(" -d delete key(s) from the agent\n");
136 printf(" -D delete all keys from the agent\n");
137 printf("Other options:\n");
138 printf(" -v verbose mode (in agent mode)\n");
142 static void version(void)
144 char *buildinfo_text = buildinfo("\n");
145 printf("pageant: %s\n%s\n", ver, buildinfo_text);
146 sfree(buildinfo_text);
150 void keylist_update(void)
152 /* Nothing needs doing in Unix Pageant */
155 #define PAGEANT_DIR_PREFIX "/tmp/pageant"
157 const char *const appname = "Pageant";
159 static int time_to_die = FALSE;
161 /* Stub functions to permit linking against x11fwd.c. These never get
162 * used, because in LIFE_X11 mode we connect to the X server using a
163 * straightforward Socket and don't try to create an ersatz SSH
165 int sshfwd_write(struct ssh_channel *c, char *data, int len) { return 0; }
166 void sshfwd_write_eof(struct ssh_channel *c) { }
167 void sshfwd_unclean_close(struct ssh_channel *c, const char *err) { }
168 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize) {}
169 Conf *sshfwd_get_conf(struct ssh_channel *c) { return NULL; }
170 void sshfwd_x11_sharing_handover(struct ssh_channel *c,
171 void *share_cs, void *share_chan,
172 const char *peer_addr, int peer_port,
173 int endian, int protomajor, int protominor,
174 const void *initial_data, int initial_len) {}
175 void sshfwd_x11_is_local(struct ssh_channel *c) {}
178 * These functions are part of the plug for our connection to the X
179 * display, so they do get called. They needn't actually do anything,
180 * except that x11_closing has to signal back to the main loop that
181 * it's time to terminate.
183 static void x11_log(Plug p, int type, SockAddr addr, int port,
184 const char *error_msg, int error_code) {}
185 static int x11_receive(Plug plug, int urgent, char *data, int len) {return 0;}
186 static void x11_sent(Plug plug, int bufsize) {}
187 static int x11_closing(Plug plug, const char *error_msg, int error_code,
193 struct X11Connection {
194 const struct plug_function_table *fn;
198 static enum { SHELL_AUTO, SHELL_SH, SHELL_CSH } shell_type = SHELL_AUTO;
199 void pageant_print_env(int pid)
201 if (shell_type == SHELL_AUTO) {
202 /* Same policy as OpenSSH: if $SHELL ends in "csh" then assume
203 * it's csh-shaped. */
204 const char *shell = getenv("SHELL");
205 if (shell && strlen(shell) >= 3 &&
206 !strcmp(shell + strlen(shell) - 3, "csh"))
207 shell_type = SHELL_CSH;
209 shell_type = SHELL_SH;
213 * These shell snippets could usefully pay some attention to
214 * escaping of interesting characters. I don't think it causes a
215 * problem at the moment, because the pathnames we use are so
216 * utterly boring, but it's a lurking bug waiting to happen once
217 * a bit more flexibility turns up.
220 switch (shell_type) {
222 printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n"
223 "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n",
227 printf("setenv SSH_AUTH_SOCK %s;\n"
228 "setenv SSH_AGENT_PID %d;\n",
232 assert(0 && "Can't get here");
237 void pageant_fork_and_print_env(int retain_tty)
243 } else if (pid != 0) {
244 pageant_print_env(pid);
249 * Having forked off, we now daemonise ourselves as best we can.
250 * It's good practice in general to setsid() ourself out of any
251 * process group we didn't want to be part of, and to chdir("/")
252 * to avoid holding any directories open that we don't need in
253 * case someone wants to umount them; also, we should definitely
254 * close standard output (because it will very likely be pointing
255 * at a pipe from which some parent process is trying to read our
256 * environment variable dump, so if we hold open another copy of
257 * it then that process will never finish reading). We close
258 * standard input too on general principles, but not standard
259 * error, since we might need to shout a panicky error message
262 if (chdir("/") < 0) {
263 /* should there be an error condition, nothing we can do about
269 /* Get out of our previous process group, to avoid being
270 * blasted by passing signals. But keep our controlling tty,
271 * so we can keep checking to see if we still have one. */
274 /* Do that, but also leave our entire session and detach from
275 * the controlling tty (if any). */
282 void sigchld(int signum)
284 if (write(signalpipe[1], "x", 1) <= 0)
285 /* not much we can do about it */;
288 #define TTY_LIFE_POLL_INTERVAL (TICKSPERSEC * 30)
289 void *dummy_timer_ctx;
290 static void tty_life_timer(void *ctx, unsigned long now)
292 schedule_timer(TTY_LIFE_POLL_INTERVAL, tty_life_timer, &dummy_timer_ctx);
299 KEYACT_CLIENT_DEL_ALL,
301 KEYACT_CLIENT_PUBLIC_OPENSSH,
304 struct cmdline_key_action {
305 struct cmdline_key_action *next;
307 const char *filename;
310 int is_agent_action(keyact action)
312 return action == KEYACT_AGENT_LOAD;
315 struct cmdline_key_action *keyact_head = NULL, *keyact_tail = NULL;
317 void add_keyact(keyact action, const char *filename)
319 struct cmdline_key_action *a = snew(struct cmdline_key_action);
321 a->filename = filename;
324 keyact_tail->next = a;
330 int have_controlling_tty(void)
332 int fd = open("/dev/tty", O_RDONLY);
334 if (errno != ENXIO) {
335 perror("/dev/tty: open");
345 char **exec_args = NULL;
347 LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC
348 } life = LIFE_UNSPEC;
349 const char *display = NULL;
351 static char *askpass(const char *comment)
353 if (have_controlling_tty()) {
355 prompts_t *p = new_prompts(NULL);
356 p->to_server = FALSE;
357 p->name = dupstr("Pageant passphrase prompt");
359 dupprintf("Enter passphrase to load key '%s': ", comment),
361 ret = console_get_userpass_input(p, NULL, 0);
365 perror("pageant: unable to read passphrase");
369 char *passphrase = dupstr(p->prompts[0]->result);
373 } else if (display) {
374 char *prompt, *passphrase;
378 char *gtk_askpass_main(const char *display, const char *wintitle,
379 const char *prompt, int *success);
381 prompt = dupprintf("Enter passphrase to load key '%s': ", comment);
382 passphrase = gtk_askpass_main(display,
383 "Pageant passphrase prompt",
387 /* return value is error message */
388 fprintf(stderr, "%s\n", passphrase);
394 fprintf(stderr, "no way to read a passphrase without tty or "
400 static int unix_add_keyfile(const char *filename_str)
402 Filename *filename = filename_from_str(filename_str);
409 * Try without a passphrase.
411 status = pageant_add_keyfile(filename, NULL, &err);
412 if (status == PAGEANT_ACTION_OK) {
414 } else if (status == PAGEANT_ACTION_FAILURE) {
415 fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
421 * And now try prompting for a passphrase.
424 char *passphrase = askpass(err);
430 status = pageant_add_keyfile(filename, passphrase, &err);
432 smemclr(passphrase, strlen(passphrase));
436 if (status == PAGEANT_ACTION_OK) {
438 } else if (status == PAGEANT_ACTION_FAILURE) {
439 fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
447 filename_free(filename);
451 void key_list_callback(void *ctx, const char *fingerprint,
452 const char *comment, struct pageant_pubkey *key)
454 printf("%s %s\n", fingerprint, comment);
457 struct key_find_ctx {
459 int match_fp, match_comment;
460 struct pageant_pubkey *found;
464 int match_fingerprint_string(const char *string, const char *fingerprint)
468 /* Find the hash in the fingerprint string. It'll be the word at the end. */
469 hash = strrchr(fingerprint, ' ');
473 /* Now see if the search string is a prefix of the full hash,
474 * neglecting colons and case differences. */
476 while (*string == ':') string++;
477 while (*hash == ':') hash++;
480 if (tolower((unsigned char)*string) != tolower((unsigned char)*hash))
487 void key_find_callback(void *vctx, const char *fingerprint,
488 const char *comment, struct pageant_pubkey *key)
490 struct key_find_ctx *ctx = (struct key_find_ctx *)vctx;
492 if ((ctx->match_comment && !strcmp(ctx->string, comment)) ||
493 (ctx->match_fp && match_fingerprint_string(ctx->string, fingerprint)))
496 ctx->found = pageant_pubkey_copy(key);
501 struct pageant_pubkey *find_key(const char *string, char **retstr)
503 struct key_find_ctx actx, *ctx = &actx;
504 struct pageant_pubkey key_in, *key_ret;
505 int try_file = TRUE, try_fp = TRUE, try_comment = TRUE;
506 int file_errors = FALSE;
509 * Trim off disambiguating prefixes telling us how to interpret
510 * the provided string.
512 if (!strncmp(string, "file:", 5)) {
514 try_fp = try_comment = FALSE;
515 file_errors = TRUE; /* also report failure to load the file */
516 } else if (!strncmp(string, "comment:", 8)) {
518 try_file = try_fp = FALSE;
519 } else if (!strncmp(string, "fp:", 3)) {
521 try_file = try_comment = FALSE;
522 } else if (!strncmp(string, "fingerprint:", 12)) {
524 try_file = try_comment = FALSE;
528 * Try interpreting the string as a key file name.
531 Filename *fn = filename_from_str(string);
532 int keytype = key_type(fn);
533 if (keytype == SSH_KEYTYPE_SSH1 ||
534 keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
537 if (!rsakey_pubblob(fn, &key_in.blob, &key_in.bloblen,
540 *retstr = dupprintf("unable to load file '%s': %s",
548 * If we've successfully loaded the file, stop here - we
549 * already have a key blob and need not go to the agent to
552 key_in.ssh_version = 1;
553 key_ret = pageant_pubkey_copy(&key_in);
557 } else if (keytype == SSH_KEYTYPE_SSH2 ||
558 keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
559 keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
562 if ((key_in.blob = ssh2_userkey_loadpub(fn, NULL,
564 NULL, &error)) == NULL) {
566 *retstr = dupprintf("unable to load file '%s': %s",
574 * If we've successfully loaded the file, stop here - we
575 * already have a key blob and need not go to the agent to
578 key_in.ssh_version = 2;
579 key_ret = pageant_pubkey_copy(&key_in);
585 *retstr = dupprintf("unable to load key file '%s': %s",
586 string, key_type_to_str(keytype));
595 * Failing that, go through the keys in the agent, and match
596 * against fingerprints and comments as appropriate.
598 ctx->string = string;
599 ctx->match_fp = try_fp;
600 ctx->match_comment = try_comment;
603 if (pageant_enum_keys(key_find_callback, ctx, retstr) ==
604 PAGEANT_ACTION_FAILURE)
607 if (ctx->nfound == 0) {
608 *retstr = dupstr("no key matched");
611 } else if (ctx->nfound > 1) {
612 *retstr = dupstr("multiple keys matched");
614 pageant_pubkey_free(ctx->found);
622 void run_client(void)
624 const struct cmdline_key_action *act;
625 struct pageant_pubkey *key;
629 if (!agent_exists()) {
630 fprintf(stderr, "pageant: no agent running to talk to\n");
634 for (act = keyact_head; act; act = act->next) {
635 switch (act->action) {
636 case KEYACT_CLIENT_ADD:
637 if (!unix_add_keyfile(act->filename))
640 case KEYACT_CLIENT_LIST:
641 if (pageant_enum_keys(key_list_callback, NULL, &retstr) ==
642 PAGEANT_ACTION_FAILURE) {
643 fprintf(stderr, "pageant: listing keys: %s\n", retstr);
648 case KEYACT_CLIENT_DEL:
650 if (!(key = find_key(act->filename, &retstr)) ||
651 pageant_delete_key(key, &retstr) == PAGEANT_ACTION_FAILURE) {
652 fprintf(stderr, "pageant: deleting key '%s': %s\n",
653 act->filename, retstr);
658 pageant_pubkey_free(key);
660 case KEYACT_CLIENT_PUBLIC_OPENSSH:
661 case KEYACT_CLIENT_PUBLIC:
663 if (!(key = find_key(act->filename, &retstr))) {
664 fprintf(stderr, "pageant: finding key '%s': %s\n",
665 act->filename, retstr);
669 FILE *fp = stdout; /* FIXME: add a -o option? */
671 if (key->ssh_version == 1) {
673 memset(&rkey, 0, sizeof(rkey));
674 rkey.comment = dupstr(key->comment);
675 makekey(key->blob, key->bloblen, &rkey, NULL, 0);
676 ssh1_write_pubkey(fp, &rkey);
679 ssh2_write_pubkey(fp, key->comment, key->blob,key->bloblen,
680 (act->action == KEYACT_CLIENT_PUBLIC ?
681 SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 :
682 SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH));
684 pageant_pubkey_free(key);
687 case KEYACT_CLIENT_DEL_ALL:
688 if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) {
689 fprintf(stderr, "pageant: deleting all keys: %s\n", retstr);
695 assert(0 && "Invalid client action found");
706 char *username, *socketdir;
707 struct pageant_listen_state *pl;
712 int i, fdcount, fdsize, fdstate;
713 int termination_pid = -1;
716 const struct cmdline_key_action *act;
719 fdcount = fdsize = 0;
724 * Start by loading any keys provided on the command line.
726 for (act = keyact_head; act; act = act->next) {
727 assert(act->action == KEYACT_AGENT_LOAD);
728 if (!unix_add_keyfile(act->filename))
735 * Set up a listening socket and run Pageant on it.
737 username = get_username();
738 socketdir = dupprintf("%s.%s", PAGEANT_DIR_PREFIX, username);
740 assert(*socketdir == '/');
741 if ((err = make_dir_and_check_ours(socketdir)) != NULL) {
742 fprintf(stderr, "pageant: %s: %s\n", socketdir, err);
745 socketname = dupprintf("%s/pageant.%d", socketdir, (int)getpid());
746 pl = pageant_listener_new();
747 sock = new_unix_listener(unix_sock_addr(socketname), (Plug)pl);
748 if ((err = sk_socket_error(sock)) != NULL) {
749 fprintf(stderr, "pageant: %s: %s\n", socketname, err);
752 pageant_listener_got_socket(pl, sock);
755 conf_set_int(conf, CONF_proxy_type, PROXY_NONE);
758 * Lifetime preparations.
760 signalpipe[0] = signalpipe[1] = -1;
761 if (life == LIFE_X11) {
762 struct X11Display *disp;
766 struct X11Connection *conn;
768 static const struct plug_function_table fn_table = {
777 fprintf(stderr, "pageant: no DISPLAY for -X mode\n");
780 disp = x11_setup_display(display, conf);
782 conn = snew(struct X11Connection);
783 conn->fn = &fn_table;
784 s = new_connection(sk_addr_dup(disp->addr),
785 disp->realhost, disp->port,
786 0, 1, 0, 0, (Plug)conn, conf);
787 if ((err = sk_socket_error(s)) != NULL) {
788 fprintf(stderr, "pageant: unable to connect to X server: %s", err);
791 greeting = x11_make_greeting('B', 11, 0, disp->localauthproto,
793 disp->localauthdatalen,
794 NULL, 0, &greetinglen);
795 sk_write(s, greeting, greetinglen);
796 smemclr(greeting, greetinglen);
799 pageant_fork_and_print_env(FALSE);
800 } else if (life == LIFE_TTY) {
801 schedule_timer(TTY_LIFE_POLL_INTERVAL,
802 tty_life_timer, &dummy_timer_ctx);
803 pageant_fork_and_print_env(TRUE);
804 } else if (life == LIFE_PERM) {
805 pageant_fork_and_print_env(FALSE);
806 } else if (life == LIFE_DEBUG) {
807 pageant_print_env(getpid());
808 pageant_logfp = stdout;
809 } else if (life == LIFE_EXEC) {
815 * Set up the pipe we'll use to tell us about SIGCHLD.
817 if (pipe(signalpipe) < 0) {
821 putty_signal(SIGCHLD, sigchld);
827 } else if (pid == 0) {
828 setenv("SSH_AUTH_SOCK", socketname, TRUE);
829 setenv("SSH_AGENT_PID", dupprintf("%d", (int)agentpid), TRUE);
830 execvp(exec_args[0], exec_args);
834 termination_pid = pid;
839 * Now we've decided on our logging arrangements, pass them on to
842 pageant_listener_set_logfn(pl, NULL, pageant_logfp ? pageant_log : NULL);
844 now = GETTICKCOUNT();
846 while (!time_to_die) {
847 fd_set rset, wset, xset;
858 if (signalpipe[0] >= 0) {
859 FD_SET_MAX(signalpipe[0], maxfd, rset);
862 /* Count the currently active fds. */
864 for (fd = first_fd(&fdstate, &rwx); fd >= 0;
865 fd = next_fd(&fdstate, &rwx)) i++;
867 /* Expand the fdlist buffer if necessary. */
870 fdlist = sresize(fdlist, fdsize, int);
874 * Add all currently open fds to the select sets, and store
875 * them in fdlist as well.
878 for (fd = first_fd(&fdstate, &rwx); fd >= 0;
879 fd = next_fd(&fdstate, &rwx)) {
880 fdlist[fdcount++] = fd;
882 FD_SET_MAX(fd, maxfd, rset);
884 FD_SET_MAX(fd, maxfd, wset);
886 FD_SET_MAX(fd, maxfd, xset);
889 if (toplevel_callback_pending()) {
893 ret = select(maxfd, &rset, &wset, &xset, &tv);
894 } else if (run_timers(now, &next)) {
900 now = GETTICKCOUNT();
901 if (now - then > next - then)
905 tv.tv_sec = ticks / 1000;
906 tv.tv_usec = ticks % 1000 * 1000;
907 ret = select(maxfd, &rset, &wset, &xset, &tv);
911 now = GETTICKCOUNT();
913 ret = select(maxfd, &rset, &wset, &xset, NULL);
916 if (ret < 0 && errno == EINTR)
924 if (life == LIFE_TTY) {
926 * Every time we wake up (whether it was due to tty_timer
927 * elapsing or for any other reason), poll to see if we
928 * still have a controlling terminal. If we don't, then
929 * our containing tty session has ended, so it's time to
930 * clean up and leave.
932 if (!have_controlling_tty()) {
938 for (i = 0; i < fdcount; i++) {
941 * We must process exceptional notifications before
942 * ordinary readability ones, or we may go straight
943 * past the urgent marker.
945 if (FD_ISSET(fd, &xset))
946 select_result(fd, 4);
947 if (FD_ISSET(fd, &rset))
948 select_result(fd, 1);
949 if (FD_ISSET(fd, &wset))
950 select_result(fd, 2);
953 if (signalpipe[0] >= 0 && FD_ISSET(signalpipe[0], &rset)) {
955 if (read(signalpipe[0], c, 1) <= 0)
957 /* ignore its value; it'll be `x' */
961 pid = waitpid(-1, &status, WNOHANG);
964 if (pid == termination_pid)
969 run_toplevel_callbacks();
973 * When we come here, we're terminating, and should clean up our
974 * Unix socket file if possible.
976 if (unlink(socketname) < 0) {
977 fprintf(stderr, "pageant: %s: %s\n", socketname, strerror(errno));
982 int main(int argc, char **argv)
984 int doing_opts = TRUE;
985 keyact curr_keyact = KEYACT_AGENT_LOAD;
988 * Process the command line.
992 if (*p == '-' && doing_opts) {
993 if (!strcmp(p, "-V") || !strcmp(p, "--version")) {
995 } else if (!strcmp(p, "--help")) {
998 } else if (!strcmp(p, "-v")) {
999 pageant_logfp = stderr;
1000 } else if (!strcmp(p, "-a")) {
1001 curr_keyact = KEYACT_CLIENT_ADD;
1002 } else if (!strcmp(p, "-d")) {
1003 curr_keyact = KEYACT_CLIENT_DEL;
1004 } else if (!strcmp(p, "-s")) {
1005 shell_type = SHELL_SH;
1006 } else if (!strcmp(p, "-c")) {
1007 shell_type = SHELL_CSH;
1008 } else if (!strcmp(p, "-D")) {
1009 add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
1010 } else if (!strcmp(p, "-l")) {
1011 add_keyact(KEYACT_CLIENT_LIST, NULL);
1012 } else if (!strcmp(p, "--public")) {
1013 curr_keyact = KEYACT_CLIENT_PUBLIC;
1014 } else if (!strcmp(p, "--public-openssh")) {
1015 curr_keyact = KEYACT_CLIENT_PUBLIC_OPENSSH;
1016 } else if (!strcmp(p, "-X")) {
1018 } else if (!strcmp(p, "-T")) {
1020 } else if (!strcmp(p, "--debug")) {
1022 } else if (!strcmp(p, "--permanent")) {
1024 } else if (!strcmp(p, "--exec")) {
1026 /* Now all subsequent arguments go to the exec command. */
1029 argc = 0; /* force end of option processing */
1031 fprintf(stderr, "pageant: expected a command "
1035 } else if (!strcmp(p, "--")) {
1040 * Non-option arguments (apart from those after --exec,
1041 * which are treated specially above) are interpreted as
1042 * the names of private key files to either add or delete
1045 add_keyact(curr_keyact, p);
1049 if (life == LIFE_EXEC && !exec_args) {
1050 fprintf(stderr, "pageant: expected a command with --exec\n");
1055 * Block SIGPIPE, so that we'll get EPIPE individually on
1056 * particular network connections that go wrong.
1058 putty_signal(SIGPIPE, SIG_IGN);
1064 display = getenv("DISPLAY");
1065 if (display && !*display)
1070 * Now distinguish our two main running modes. Either we're
1071 * actually starting up an agent, in which case we should have a
1072 * lifetime mode, and no key actions of KEYACT_CLIENT_* type; or
1073 * else we're contacting an existing agent to add or remove keys,
1074 * in which case we should have no lifetime mode, and no key
1075 * actions of KEYACT_AGENT_* type.
1078 int has_agent_actions = FALSE;
1079 int has_client_actions = FALSE;
1080 int has_lifetime = FALSE;
1081 const struct cmdline_key_action *act;
1083 for (act = keyact_head; act; act = act->next) {
1084 if (is_agent_action(act->action))
1085 has_agent_actions = TRUE;
1087 has_client_actions = TRUE;
1089 if (life != LIFE_UNSPEC)
1090 has_lifetime = TRUE;
1092 if (has_lifetime && has_client_actions) {
1093 fprintf(stderr, "pageant: client key actions (-a, -d, -D, -l, -L)"
1094 " do not go with an agent lifetime option\n");
1097 if (!has_lifetime && has_agent_actions) {
1098 fprintf(stderr, "pageant: expected an agent lifetime option with"
1099 " bare key file arguments\n");
1102 if (!has_lifetime && !has_client_actions) {
1103 fprintf(stderr, "pageant: expected an agent lifetime option"
1104 " or a client key action\n");
1110 } else if (has_client_actions) {