#include <errno.h>
#include <assert.h>
#include <signal.h>
+#include <ctype.h>
#include <sys/types.h>
#include <sys/wait.h>
SockAddr unix_sock_addr(const char *path);
Socket new_unix_listener(SockAddr listenaddr, Plug plug);
-void fatalbox(char *p, ...)
+void fatalbox(const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void modalfatalbox(char *p, ...)
+void modalfatalbox(const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void nonfatal(char *p, ...)
+void nonfatal(const char *p, ...)
{
va_list ap;
fprintf(stderr, "ERROR: ");
va_end(ap);
fputc('\n', stderr);
}
-void connection_fatal(void *frontend, char *p, ...)
+void connection_fatal(void *frontend, const char *p, ...)
{
va_list ap;
fprintf(stderr, "FATAL ERROR: ");
fputc('\n', stderr);
exit(1);
}
-void cmdline_error(char *p, ...)
+void cmdline_error(const char *p, ...)
{
va_list ap;
fprintf(stderr, "pageant: ");
{
printf("Pageant: SSH agent\n");
printf("%s\n", ver);
- printf("FIXME\n");
+ printf("Usage: pageant <lifetime> [key files]\n");
+ printf(" pageant [key files] --exec <command> [args]\n");
+ printf(" pageant -a [key files]\n");
+ printf(" pageant -d [key identifiers]\n");
+ printf(" pageant --public [key identifiers]\n");
+ printf(" pageant --public-openssh [key identifiers]\n");
+ printf(" pageant -l\n");
+ printf(" pageant -D\n");
+ printf("Lifetime options, for running Pageant as an agent:\n");
+ printf(" -X run with the lifetime of the X server\n");
+ printf(" -T run with the lifetime of the controlling tty\n");
+ printf(" --permanent run permanently\n");
+ printf(" --debug run in debugging mode, without forking\n");
+ printf(" --exec <command> run with the lifetime of that command\n");
+ printf("Client options, for talking to an existing agent:\n");
+ printf(" -a add key(s) to the existing agent\n");
+ printf(" -l list currently loaded key fingerprints and comments\n");
+ printf(" --public print public keys in RFC 4716 format\n");
+ printf(" --public-openssh print public keys in OpenSSH format\n");
+ printf(" -d delete key(s) from the agent\n");
+ printf(" -D delete all keys from the agent\n");
+ printf("Other options:\n");
+ printf(" -v verbose mode (in agent mode)\n");
exit(1);
}
KEYACT_CLIENT_DEL,
KEYACT_CLIENT_DEL_ALL,
KEYACT_CLIENT_LIST,
- KEYACT_CLIENT_LIST_FULL,
+ KEYACT_CLIENT_PUBLIC_OPENSSH,
+ KEYACT_CLIENT_PUBLIC
} keyact;
struct cmdline_key_action {
struct cmdline_key_action *next;
keyact_tail = a;
}
+int have_controlling_tty(void)
+{
+ int fd = open("/dev/tty", O_RDONLY);
+ if (fd < 0) {
+ if (errno != ENXIO) {
+ perror("/dev/tty: open");
+ exit(1);
+ }
+ return FALSE;
+ } else {
+ close(fd);
+ return TRUE;
+ }
+}
+
char **exec_args = NULL;
enum {
LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC
static char *askpass(const char *comment)
{
- prompts_t *p = new_prompts(NULL);
- int ret;
-
- /*
- * FIXME: if we don't have a terminal, and have to do this by X11,
- * there's a big missing piece.
- */
-
- p->to_server = FALSE;
- p->name = dupstr("Pageant passphrase prompt");
- add_prompt(p,
- dupprintf("Enter passphrase to load key '%s': ", comment),
- FALSE);
- ret = console_get_userpass_input(p, NULL, 0);
- assert(ret >= 0);
-
- if (!ret) {
- perror("pageant: unable to read passphrase");
- free_prompts(p);
- return NULL;
- } else {
- char *passphrase = dupstr(p->prompts[0]->result);
- free_prompts(p);
+ if (have_controlling_tty()) {
+ int ret;
+ prompts_t *p = new_prompts(NULL);
+ p->to_server = FALSE;
+ p->name = dupstr("Pageant passphrase prompt");
+ add_prompt(p,
+ dupprintf("Enter passphrase to load key '%s': ", comment),
+ FALSE);
+ ret = console_get_userpass_input(p, NULL, 0);
+ assert(ret >= 0);
+
+ if (!ret) {
+ perror("pageant: unable to read passphrase");
+ free_prompts(p);
+ return NULL;
+ } else {
+ char *passphrase = dupstr(p->prompts[0]->result);
+ free_prompts(p);
+ return passphrase;
+ }
+ } else if (display) {
+ char *prompt, *passphrase;
+ int success;
+
+ /* in gtkask.c */
+ char *gtk_askpass_main(const char *display, const char *wintitle,
+ const char *prompt, int *success);
+
+ prompt = dupprintf("Enter passphrase to load key '%s': ", comment);
+ passphrase = gtk_askpass_main(display,
+ "Pageant passphrase prompt",
+ prompt, &success);
+ sfree(prompt);
+ if (!success) {
+ /* return value is error message */
+ fprintf(stderr, "%s\n", passphrase);
+ sfree(passphrase);
+ passphrase = NULL;
+ }
return passphrase;
+ } else {
+ fprintf(stderr, "no way to read a passphrase without tty or "
+ "X display\n");
+ return NULL;
}
}
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
- sfree(err);
ret = FALSE;
goto cleanup;
}
while (1) {
char *passphrase = askpass(err);
sfree(err);
+ err = NULL;
if (!passphrase)
break;
goto cleanup;
} else if (status == PAGEANT_ACTION_FAILURE) {
fprintf(stderr, "pageant: %s: %s\n", filename_str, err);
- sfree(err);
ret = FALSE;
goto cleanup;
}
return ret;
}
+void key_list_callback(void *ctx, const char *fingerprint,
+ const char *comment, struct pageant_pubkey *key)
+{
+ printf("%s %s\n", fingerprint, comment);
+}
+
+struct key_find_ctx {
+ const char *string;
+ int match_fp, match_comment;
+ struct pageant_pubkey *found;
+ int nfound;
+};
+
+int match_fingerprint_string(const char *string, const char *fingerprint)
+{
+ const char *hash;
+
+ /* Find the hash in the fingerprint string. It'll be the word at the end. */
+ hash = strrchr(fingerprint, ' ');
+ assert(hash);
+ hash++;
+
+ /* Now see if the search string is a prefix of the full hash,
+ * neglecting colons and case differences. */
+ while (1) {
+ while (*string == ':') string++;
+ while (*hash == ':') hash++;
+ if (!*string)
+ return TRUE;
+ if (tolower((unsigned char)*string) != tolower((unsigned char)*hash))
+ return FALSE;
+ string++;
+ hash++;
+ }
+}
+
+void key_find_callback(void *vctx, const char *fingerprint,
+ const char *comment, struct pageant_pubkey *key)
+{
+ struct key_find_ctx *ctx = (struct key_find_ctx *)vctx;
+
+ if ((ctx->match_comment && !strcmp(ctx->string, comment)) ||
+ (ctx->match_fp && match_fingerprint_string(ctx->string, fingerprint)))
+ {
+ if (!ctx->found)
+ ctx->found = pageant_pubkey_copy(key);
+ ctx->nfound++;
+ }
+}
+
+struct pageant_pubkey *find_key(const char *string, char **retstr)
+{
+ struct key_find_ctx actx, *ctx = &actx;
+ struct pageant_pubkey key_in, *key_ret;
+ int try_file = TRUE, try_fp = TRUE, try_comment = TRUE;
+ int file_errors = FALSE;
+
+ /*
+ * Trim off disambiguating prefixes telling us how to interpret
+ * the provided string.
+ */
+ if (!strncmp(string, "file:", 5)) {
+ string += 5;
+ try_fp = try_comment = FALSE;
+ file_errors = TRUE; /* also report failure to load the file */
+ } else if (!strncmp(string, "comment:", 8)) {
+ string += 8;
+ try_file = try_fp = FALSE;
+ } else if (!strncmp(string, "fp:", 3)) {
+ string += 3;
+ try_file = try_comment = FALSE;
+ } else if (!strncmp(string, "fingerprint:", 12)) {
+ string += 12;
+ try_file = try_comment = FALSE;
+ }
+
+ /*
+ * Try interpreting the string as a key file name.
+ */
+ if (try_file) {
+ Filename *fn = filename_from_str(string);
+ int keytype = key_type(fn);
+ if (keytype == SSH_KEYTYPE_SSH1 ||
+ keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
+ const char *error;
+
+ if (!rsakey_pubblob(fn, &key_in.blob, &key_in.bloblen,
+ NULL, &error)) {
+ if (file_errors) {
+ *retstr = dupprintf("unable to load file '%s': %s",
+ string, error);
+ filename_free(fn);
+ return NULL;
+ }
+ }
+
+ /*
+ * If we've successfully loaded the file, stop here - we
+ * already have a key blob and need not go to the agent to
+ * list things.
+ */
+ key_in.ssh_version = 1;
+ key_ret = pageant_pubkey_copy(&key_in);
+ sfree(key_in.blob);
+ filename_free(fn);
+ return key_ret;
+ } else if (keytype == SSH_KEYTYPE_SSH2 ||
+ keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
+ keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
+ const char *error;
+
+ if ((key_in.blob = ssh2_userkey_loadpub(fn, NULL,
+ &key_in.bloblen,
+ NULL, &error)) == NULL) {
+ if (file_errors) {
+ *retstr = dupprintf("unable to load file '%s': %s",
+ string, error);
+ filename_free(fn);
+ return NULL;
+ }
+ }
+
+ /*
+ * If we've successfully loaded the file, stop here - we
+ * already have a key blob and need not go to the agent to
+ * list things.
+ */
+ key_in.ssh_version = 2;
+ key_ret = pageant_pubkey_copy(&key_in);
+ sfree(key_in.blob);
+ filename_free(fn);
+ return key_ret;
+ } else {
+ if (file_errors) {
+ *retstr = dupprintf("unable to load key file '%s': %s",
+ string, key_type_to_str(keytype));
+ filename_free(fn);
+ return NULL;
+ }
+ }
+ filename_free(fn);
+ }
+
+ /*
+ * Failing that, go through the keys in the agent, and match
+ * against fingerprints and comments as appropriate.
+ */
+ ctx->string = string;
+ ctx->match_fp = try_fp;
+ ctx->match_comment = try_comment;
+ ctx->found = NULL;
+ ctx->nfound = 0;
+ if (pageant_enum_keys(key_find_callback, ctx, retstr) ==
+ PAGEANT_ACTION_FAILURE)
+ return NULL;
+
+ if (ctx->nfound == 0) {
+ *retstr = dupstr("no key matched");
+ assert(!ctx->found);
+ return NULL;
+ } else if (ctx->nfound > 1) {
+ *retstr = dupstr("multiple keys matched");
+ assert(ctx->found);
+ pageant_pubkey_free(ctx->found);
+ return NULL;
+ }
+
+ assert(ctx->found);
+ return ctx->found;
+}
+
void run_client(void)
{
const struct cmdline_key_action *act;
+ struct pageant_pubkey *key;
int errors = FALSE;
+ char *retstr;
if (!agent_exists()) {
fprintf(stderr, "pageant: no agent running to talk to\n");
if (!unix_add_keyfile(act->filename))
errors = TRUE;
break;
+ case KEYACT_CLIENT_LIST:
+ if (pageant_enum_keys(key_list_callback, NULL, &retstr) ==
+ PAGEANT_ACTION_FAILURE) {
+ fprintf(stderr, "pageant: listing keys: %s\n", retstr);
+ sfree(retstr);
+ errors = TRUE;
+ }
+ break;
case KEYACT_CLIENT_DEL:
+ key = NULL;
+ if (!(key = find_key(act->filename, &retstr)) ||
+ pageant_delete_key(key, &retstr) == PAGEANT_ACTION_FAILURE) {
+ fprintf(stderr, "pageant: deleting key '%s': %s\n",
+ act->filename, retstr);
+ sfree(retstr);
+ errors = TRUE;
+ }
+ if (key)
+ pageant_pubkey_free(key);
+ break;
+ case KEYACT_CLIENT_PUBLIC_OPENSSH:
+ case KEYACT_CLIENT_PUBLIC:
+ key = NULL;
+ if (!(key = find_key(act->filename, &retstr))) {
+ fprintf(stderr, "pageant: finding key '%s': %s\n",
+ act->filename, retstr);
+ sfree(retstr);
+ errors = TRUE;
+ } else {
+ FILE *fp = stdout; /* FIXME: add a -o option? */
+
+ if (key->ssh_version == 1) {
+ struct RSAKey rkey;
+ memset(&rkey, 0, sizeof(rkey));
+ rkey.comment = dupstr(key->comment);
+ makekey(key->blob, key->bloblen, &rkey, NULL, 0);
+ ssh1_write_pubkey(fp, &rkey);
+ freersakey(&rkey);
+ } else {
+ ssh2_write_pubkey(fp, key->comment, key->blob,key->bloblen,
+ (act->action == KEYACT_CLIENT_PUBLIC ?
+ SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 :
+ SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH));
+ }
+ pageant_pubkey_free(key);
+ }
+ break;
case KEYACT_CLIENT_DEL_ALL:
- case KEYACT_CLIENT_LIST:
- case KEYACT_CLIENT_LIST_FULL:
- fprintf(stderr, "NYI\n");
- errors = TRUE;
+ if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) {
+ fprintf(stderr, "pageant: deleting all keys: %s\n", retstr);
+ sfree(retstr);
+ errors = TRUE;
+ }
break;
default:
assert(0 && "Invalid client action found");
NULL
};
- if (!display)
- display = getenv("DISPLAY");
if (!display) {
fprintf(stderr, "pageant: no DISPLAY for -X mode\n");
exit(1);
* our containing tty session has ended, so it's time to
* clean up and leave.
*/
- int fd = open("/dev/tty", O_RDONLY);
- if (fd < 0) {
- if (errno != ENXIO) {
- perror("/dev/tty: open");
- exit(1);
- }
+ if (!have_controlling_tty()) {
time_to_die = TRUE;
break;
- } else {
- close(fd);
}
}
add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
} else if (!strcmp(p, "-l")) {
add_keyact(KEYACT_CLIENT_LIST, NULL);
- } else if (!strcmp(p, "-L")) {
- add_keyact(KEYACT_CLIENT_LIST_FULL, NULL);
+ } else if (!strcmp(p, "--public")) {
+ curr_keyact = KEYACT_CLIENT_PUBLIC;
+ } else if (!strcmp(p, "--public-openssh")) {
+ curr_keyact = KEYACT_CLIENT_PUBLIC_OPENSSH;
} else if (!strcmp(p, "-X")) {
life = LIFE_X11;
} else if (!strcmp(p, "-T")) {
sk_init();
uxsel_init();
+ if (!display) {
+ display = getenv("DISPLAY");
+ if (display && !*display)
+ display = NULL;
+ }
+
/*
* Now distinguish our two main running modes. Either we're
* actually starting up an agent, in which case we should have a
projects / PuTTY.git / blobdiff