SockAddr unix_sock_addr(const char *path);
Socket new_unix_listener(SockAddr listenaddr, Plug plug);
-void fatalbox(char *p, ...)
+void fatalbox(const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void modalfatalbox(char *p, ...)
+void modalfatalbox(const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void nonfatal(char *p, ...)
+void nonfatal(const char *p, ...)
{
va_list ap;
fprintf(stderr, "ERROR: ");
va_end(ap);
fputc('\n', stderr);
}
-void connection_fatal(void *frontend, char *p, ...)
+void connection_fatal(void *frontend, const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void cmdline_error(char *p, ...)
+void cmdline_error(const char *p, ...)
{
va_list ap;
fprintf(stderr, "pageant: ");
* In Pageant our selects are synchronous, so these functions are
* empty stubs.
*/
-int uxsel_input_add(int fd, int rwx) { return 0; }
-void uxsel_input_remove(int id) { }
+uxsel_id *uxsel_input_add(int fd, int rwx) { return NULL; }
+void uxsel_input_remove(uxsel_id *id) { }
/*
* More stubs.
Filename *platform_default_filename(const char *name) { return filename_from_str(""); }
char *x_get_default(const char *key) { return NULL; }
void log_eventlog(void *handle, const char *event) {}
+int from_backend(void *frontend, int is_stderr, const char *data, int datalen)
+{ assert(!"only here to satisfy notional call from backend_socket_log"); }
/*
* Short description of parameters.
{
printf("Pageant: SSH agent\n");
printf("%s\n", ver);
- printf("FIXME\n");
+ printf("Usage: pageant <lifetime> [key files]\n");
+ printf(" pageant [key files] --exec <command> [args]\n");
+ printf(" pageant -a [key files]\n");
+ printf(" pageant -d [key identifiers]\n");
+ printf(" pageant --public [key identifiers]\n");
+ printf(" pageant --public-openssh [key identifiers]\n");
+ printf(" pageant -l\n");
+ printf(" pageant -D\n");
+ printf("Lifetime options, for running Pageant as an agent:\n");
+ printf(" -X run with the lifetime of the X server\n");
+ printf(" -T run with the lifetime of the controlling tty\n");
+ printf(" --permanent run permanently\n");
+ printf(" --debug run in debugging mode, without forking\n");
+ printf(" --exec <command> run with the lifetime of that command\n");
+ printf("Client options, for talking to an existing agent:\n");
+ printf(" -a add key(s) to the existing agent\n");
+ printf(" -l list currently loaded key fingerprints and comments\n");
+ printf(" --public print public keys in RFC 4716 format\n");
+ printf(" --public-openssh print public keys in OpenSSH format\n");
+ printf(" -d delete key(s) from the agent\n");
+ printf(" -D delete all keys from the agent\n");
+ printf("Other options:\n");
+ printf(" -v verbose mode (in agent mode)\n");
exit(1);
}
};
char *socketname;
+static enum { SHELL_AUTO, SHELL_SH, SHELL_CSH } shell_type = SHELL_AUTO;
void pageant_print_env(int pid)
{
- printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n"
- "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n",
- socketname, (int)pid);
+ if (shell_type == SHELL_AUTO) {
+ /* Same policy as OpenSSH: if $SHELL ends in "csh" then assume
+ * it's csh-shaped. */
+ const char *shell = getenv("SHELL");
+ if (shell && strlen(shell) >= 3 &&
+ !strcmp(shell + strlen(shell) - 3, "csh"))
+ shell_type = SHELL_CSH;
+ else
+ shell_type = SHELL_SH;
+ }
+
+ /*
+ * These shell snippets could usefully pay some attention to
+ * escaping of interesting characters. I don't think it causes a
+ * problem at the moment, because the pathnames we use are so
+ * utterly boring, but it's a lurking bug waiting to happen once
+ * a bit more flexibility turns up.
+ */
+
+ switch (shell_type) {
+ case SHELL_SH:
+ printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n"
+ "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n",
+ socketname, pid);
+ break;
+ case SHELL_CSH:
+ printf("setenv SSH_AUTH_SOCK %s;\n"
+ "setenv SSH_AGENT_PID %d;\n",
+ socketname, pid);
+ break;
+ case SHELL_AUTO:
+ assert(0 && "Can't get here");
+ break;
+ }
}
void pageant_fork_and_print_env(int retain_tty)
keyact_tail = a;
}
+int have_controlling_tty(void)
+{
+ int fd = open("/dev/tty", O_RDONLY);
+ if (fd < 0) {
+ if (errno != ENXIO) {
+ perror("/dev/tty: open");
+ exit(1);
+ }
+ return FALSE;
+ } else {
+ close(fd);
+ return TRUE;
+ }
+}
+
char **exec_args = NULL;
enum {
LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC
static char *askpass(const char *comment)
{
- prompts_t *p = new_prompts(NULL);
- int ret;
-
- /*
- * FIXME: if we don't have a terminal, and have to do this by X11,
- * there's a big missing piece.
- */
-
- p->to_server = FALSE;
- p->name = dupstr("Pageant passphrase prompt");
- add_prompt(p,
- dupprintf("Enter passphrase to load key '%s': ", comment),
- FALSE);
- ret = console_get_userpass_input(p, NULL, 0);
- assert(ret >= 0);
-
- if (!ret) {
- perror("pageant: unable to read passphrase");
- free_prompts(p);
- return NULL;
- } else {
- char *passphrase = dupstr(p->prompts[0]->result);
- free_prompts(p);
+ if (have_controlling_tty()) {
+ int ret;
+ prompts_t *p = new_prompts(NULL);
+ p->to_server = FALSE;
+ p->name = dupstr("Pageant passphrase prompt");
+ add_prompt(p,
+ dupprintf("Enter passphrase to load key '%s': ", comment),
+ FALSE);
+ ret = console_get_userpass_input(p, NULL, 0);
+ assert(ret >= 0);
+
+ if (!ret) {
+ perror("pageant: unable to read passphrase");
+ free_prompts(p);
+ return NULL;
+ } else {
+ char *passphrase = dupstr(p->prompts[0]->result);
+ free_prompts(p);
+ return passphrase;
+ }
+ } else if (display) {
+ char *prompt, *passphrase;
+ int success;
+
+ /* in gtkask.c */
+ char *gtk_askpass_main(const char *display, const char *wintitle,
+ const char *prompt, int *success);
+
+ prompt = dupprintf("Enter passphrase to load key '%s': ", comment);
+ passphrase = gtk_askpass_main(display,
+ "Pageant passphrase prompt",
+ prompt, &success);
+ sfree(prompt);
+ if (!success) {
+ /* return value is error message */
+ fprintf(stderr, "%s\n", passphrase);
+ sfree(passphrase);
+ passphrase = NULL;
+ }
return passphrase;
+ } else {
+ fprintf(stderr, "no way to read a passphrase without tty or "
+ "X display\n");
+ return NULL;
}
}
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
- sfree(err);
ret = FALSE;
goto cleanup;
}
while (1) {
char *passphrase = askpass(err);
sfree(err);
+ err = NULL;
if (!passphrase)
break;
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
- sfree(err);
ret = FALSE;
goto cleanup;
}
}
break;
case KEYACT_CLIENT_DEL_ALL:
- fprintf(stderr, "NYI\n");
- errors = TRUE;
+ if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) {
+ fprintf(stderr, "pageant: deleting all keys: %s\n", retstr);
+ sfree(retstr);
+ errors = TRUE;
+ }
break;
default:
assert(0 && "Invalid client action found");
NULL
};
- if (!display)
- display = getenv("DISPLAY");
if (!display) {
fprintf(stderr, "pageant: no DISPLAY for -X mode\n");
exit(1);
* our containing tty session has ended, so it's time to
* clean up and leave.
*/
- int fd = open("/dev/tty", O_RDONLY);
- if (fd < 0) {
- if (errno != ENXIO) {
- perror("/dev/tty: open");
- exit(1);
- }
+ if (!have_controlling_tty()) {
time_to_die = TRUE;
break;
- } else {
- close(fd);
}
}
curr_keyact = KEYACT_CLIENT_ADD;
} else if (!strcmp(p, "-d")) {
curr_keyact = KEYACT_CLIENT_DEL;
+ } else if (!strcmp(p, "-s")) {
+ shell_type = SHELL_SH;
+ } else if (!strcmp(p, "-c")) {
+ shell_type = SHELL_CSH;
} else if (!strcmp(p, "-D")) {
add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
} else if (!strcmp(p, "-l")) {
sk_init();
uxsel_init();
+ if (!display) {
+ display = getenv("DISPLAY");
+ if (display && !*display)
+ display = NULL;
+ }
+
/*
* Now distinguish our two main running modes. Either we're
* actually starting up an agent, in which case we should have a