X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=unix%2Fuxpgnt.c;h=14f1366c28068d2155faa8c10bb0c3468b3655c3;hb=095072fa46b2d7b8beafaddb2f873d2f500a1e10;hp=c1a094ce522209160fffacaab5a1045e83b2f343;hpb=8228085c540edbe822529699025641a05fae383f;p=PuTTY.git diff --git a/unix/uxpgnt.c b/unix/uxpgnt.c index c1a094ce..14f1366c 100644 --- a/unix/uxpgnt.c +++ b/unix/uxpgnt.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include @@ -22,7 +23,7 @@ SockAddr unix_sock_addr(const char *path); Socket new_unix_listener(SockAddr listenaddr, Plug plug); -void fatalbox(char *p, ...) +void fatalbox(const char *p, ...) { va_list ap; fprintf(stderr, "FATAL ERROR: "); @@ -32,7 +33,7 @@ void fatalbox(char *p, ...) fputc('\n', stderr); exit(1); } -void modalfatalbox(char *p, ...) +void modalfatalbox(const char *p, ...) { va_list ap; fprintf(stderr, "FATAL ERROR: "); @@ -42,7 +43,7 @@ void modalfatalbox(char *p, ...) fputc('\n', stderr); exit(1); } -void nonfatal(char *p, ...) +void nonfatal(const char *p, ...) { va_list ap; fprintf(stderr, "ERROR: "); @@ -51,7 +52,7 @@ void nonfatal(char *p, ...) va_end(ap); fputc('\n', stderr); } -void connection_fatal(void *frontend, char *p, ...) +void connection_fatal(void *frontend, const char *p, ...) { va_list ap; fprintf(stderr, "FATAL ERROR: "); @@ -61,7 +62,7 @@ void connection_fatal(void *frontend, char *p, ...) fputc('\n', stderr); exit(1); } -void cmdline_error(char *p, ...) +void cmdline_error(const char *p, ...) { va_list ap; fprintf(stderr, "pageant: "); @@ -87,13 +88,12 @@ void pageant_log(void *ctx, const char *fmt, va_list ap) * In Pageant our selects are synchronous, so these functions are * empty stubs. */ -int uxsel_input_add(int fd, int rwx) { return 0; } -void uxsel_input_remove(int id) { } +uxsel_id *uxsel_input_add(int fd, int rwx) { return NULL; } +void uxsel_input_remove(uxsel_id *id) { } /* * More stubs. */ -void logevent(void *frontend, const char *string) {} void random_save_seed(void) {} void random_destroy_seed(void) {} void noise_ultralight(unsigned long data) {} @@ -102,8 +102,9 @@ int platform_default_i(const char *name, int def) { return def; } FontSpec *platform_default_fontspec(const char *name) { return fontspec_new(""); } Filename *platform_default_filename(const char *name) { return filename_from_str(""); } char *x_get_default(const char *key) { return NULL; } -void old_keyfile_warning(void) {} -void timer_change_notify(unsigned long next) {} +void log_eventlog(void *handle, const char *event) {} +int from_backend(void *frontend, int is_stderr, const char *data, int datalen) +{ assert(!"only here to satisfy notional call from backend_socket_log"); } /* * Short description of parameters. @@ -112,13 +113,37 @@ static void usage(void) { printf("Pageant: SSH agent\n"); printf("%s\n", ver); - printf("FIXME\n"); + printf("Usage: pageant [key files]\n"); + printf(" pageant [key files] --exec [args]\n"); + printf(" pageant -a [key files]\n"); + printf(" pageant -d [key identifiers]\n"); + printf(" pageant --public [key identifiers]\n"); + printf(" pageant --public-openssh [key identifiers]\n"); + printf(" pageant -l\n"); + printf(" pageant -D\n"); + printf("Lifetime options, for running Pageant as an agent:\n"); + printf(" -X run with the lifetime of the X server\n"); + printf(" -T run with the lifetime of the controlling tty\n"); + printf(" --permanent run permanently\n"); + printf(" --debug run in debugging mode, without forking\n"); + printf(" --exec run with the lifetime of that command\n"); + printf("Client options, for talking to an existing agent:\n"); + printf(" -a add key(s) to the existing agent\n"); + printf(" -l list currently loaded key fingerprints and comments\n"); + printf(" --public print public keys in RFC 4716 format\n"); + printf(" --public-openssh print public keys in OpenSSH format\n"); + printf(" -d delete key(s) from the agent\n"); + printf(" -D delete all keys from the agent\n"); + printf("Other options:\n"); + printf(" -v verbose mode (in agent mode)\n"); exit(1); } static void version(void) { - printf("pageant: %s\n", ver); + char *buildinfo_text = buildinfo("\n"); + printf("pageant: %s\n%s\n", ver, buildinfo_text); + sfree(buildinfo_text); exit(1); } @@ -131,10 +156,6 @@ void keylist_update(void) const char *const appname = "Pageant"; -char *platform_get_x_display(void) { - return dupstr(getenv("DISPLAY")); -} - static int time_to_die = FALSE; /* Stub functions to permit linking against x11fwd.c. These never get @@ -174,11 +195,43 @@ struct X11Connection { }; char *socketname; +static enum { SHELL_AUTO, SHELL_SH, SHELL_CSH } shell_type = SHELL_AUTO; void pageant_print_env(int pid) { - printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n" - "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n", - socketname, (int)pid); + if (shell_type == SHELL_AUTO) { + /* Same policy as OpenSSH: if $SHELL ends in "csh" then assume + * it's csh-shaped. */ + const char *shell = getenv("SHELL"); + if (shell && strlen(shell) >= 3 && + !strcmp(shell + strlen(shell) - 3, "csh")) + shell_type = SHELL_CSH; + else + shell_type = SHELL_SH; + } + + /* + * These shell snippets could usefully pay some attention to + * escaping of interesting characters. I don't think it causes a + * problem at the moment, because the pathnames we use are so + * utterly boring, but it's a lurking bug waiting to happen once + * a bit more flexibility turns up. + */ + + switch (shell_type) { + case SHELL_SH: + printf("SSH_AUTH_SOCK=%s; export SSH_AUTH_SOCK;\n" + "SSH_AGENT_PID=%d; export SSH_AGENT_PID;\n", + socketname, pid); + break; + case SHELL_CSH: + printf("setenv SSH_AUTH_SOCK %s;\n" + "setenv SSH_AGENT_PID %d;\n", + socketname, pid); + break; + case SHELL_AUTO: + assert(0 && "Can't get here"); + break; + } } void pageant_fork_and_print_env(int retain_tty) @@ -239,91 +292,444 @@ static void tty_life_timer(void *ctx, unsigned long now) schedule_timer(TTY_LIFE_POLL_INTERVAL, tty_life_timer, &dummy_timer_ctx); } -int main(int argc, char **argv) +typedef enum { + KEYACT_AGENT_LOAD, + KEYACT_CLIENT_ADD, + KEYACT_CLIENT_DEL, + KEYACT_CLIENT_DEL_ALL, + KEYACT_CLIENT_LIST, + KEYACT_CLIENT_PUBLIC_OPENSSH, + KEYACT_CLIENT_PUBLIC +} keyact; +struct cmdline_key_action { + struct cmdline_key_action *next; + keyact action; + const char *filename; +}; + +int is_agent_action(keyact action) { - int *fdlist; - int fd; - int i, fdcount, fdsize, fdstate; - int errors; - unsigned long now; - char *username, *socketdir; - const char *err; - struct pageant_listen_state *pl; - Socket sock; - enum { - LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC - } life = LIFE_UNSPEC; - const char *display = NULL; - int doing_opts = TRUE; - char **exec_args = NULL; - int termination_pid = -1; - Conf *conf; + return action == KEYACT_AGENT_LOAD; +} - fdlist = NULL; - fdcount = fdsize = 0; - errors = FALSE; +struct cmdline_key_action *keyact_head = NULL, *keyact_tail = NULL; + +void add_keyact(keyact action, const char *filename) +{ + struct cmdline_key_action *a = snew(struct cmdline_key_action); + a->action = action; + a->filename = filename; + a->next = NULL; + if (keyact_tail) + keyact_tail->next = a; + else + keyact_head = a; + keyact_tail = a; +} + +int have_controlling_tty(void) +{ + int fd = open("/dev/tty", O_RDONLY); + if (fd < 0) { + if (errno != ENXIO) { + perror("/dev/tty: open"); + exit(1); + } + return FALSE; + } else { + close(fd); + return TRUE; + } +} + +char **exec_args = NULL; +enum { + LIFE_UNSPEC, LIFE_X11, LIFE_TTY, LIFE_DEBUG, LIFE_PERM, LIFE_EXEC +} life = LIFE_UNSPEC; +const char *display = NULL; + +static char *askpass(const char *comment) +{ + if (have_controlling_tty()) { + int ret; + prompts_t *p = new_prompts(NULL); + p->to_server = FALSE; + p->name = dupstr("Pageant passphrase prompt"); + add_prompt(p, + dupprintf("Enter passphrase to load key '%s': ", comment), + FALSE); + ret = console_get_userpass_input(p, NULL, 0); + assert(ret >= 0); + + if (!ret) { + perror("pageant: unable to read passphrase"); + free_prompts(p); + return NULL; + } else { + char *passphrase = dupstr(p->prompts[0]->result); + free_prompts(p); + return passphrase; + } + } else if (display) { + char *prompt, *passphrase; + int success; + + /* in gtkask.c */ + char *gtk_askpass_main(const char *display, const char *wintitle, + const char *prompt, int *success); + + prompt = dupprintf("Enter passphrase to load key '%s': ", comment); + passphrase = gtk_askpass_main(display, + "Pageant passphrase prompt", + prompt, &success); + sfree(prompt); + if (!success) { + /* return value is error message */ + fprintf(stderr, "%s\n", passphrase); + sfree(passphrase); + passphrase = NULL; + } + return passphrase; + } else { + fprintf(stderr, "no way to read a passphrase without tty or " + "X display\n"); + return NULL; + } +} + +static int unix_add_keyfile(const char *filename_str) +{ + Filename *filename = filename_from_str(filename_str); + int status, ret; + char *err; + + ret = TRUE; /* - * Process the command line. + * Try without a passphrase. */ - while (--argc > 0) { - char *p = *++argv; - if (*p == '-' && doing_opts) { - if (!strcmp(p, "-V") || !strcmp(p, "--version")) { - version(); - } else if (!strcmp(p, "--help")) { - usage(); - exit(0); - } else if (!strcmp(p, "-v")) { - pageant_logfp = stderr; - } else if (!strcmp(p, "-X")) { - life = LIFE_X11; - } else if (!strcmp(p, "-T")) { - life = LIFE_TTY; - } else if (!strcmp(p, "--debug")) { - life = LIFE_DEBUG; - } else if (!strcmp(p, "--permanent")) { - life = LIFE_PERM; - } else if (!strcmp(p, "--exec")) { - life = LIFE_EXEC; - /* Now all subsequent arguments go to the exec command. */ - if (--argc > 0) { - exec_args = ++argv; - argc = 0; /* force end of option processing */ - } else { - fprintf(stderr, "pageant: expected a command " - "after --exec\n"); - exit(1); + status = pageant_add_keyfile(filename, NULL, &err); + if (status == PAGEANT_ACTION_OK) { + goto cleanup; + } else if (status == PAGEANT_ACTION_FAILURE) { + fprintf(stderr, "pageant: %s: %s\n", filename_str, err); + ret = FALSE; + goto cleanup; + } + + /* + * And now try prompting for a passphrase. + */ + while (1) { + char *passphrase = askpass(err); + sfree(err); + err = NULL; + if (!passphrase) + break; + + status = pageant_add_keyfile(filename, passphrase, &err); + + smemclr(passphrase, strlen(passphrase)); + sfree(passphrase); + passphrase = NULL; + + if (status == PAGEANT_ACTION_OK) { + goto cleanup; + } else if (status == PAGEANT_ACTION_FAILURE) { + fprintf(stderr, "pageant: %s: %s\n", filename_str, err); + ret = FALSE; + goto cleanup; + } + } + + cleanup: + sfree(err); + filename_free(filename); + return ret; +} + +void key_list_callback(void *ctx, const char *fingerprint, + const char *comment, struct pageant_pubkey *key) +{ + printf("%s %s\n", fingerprint, comment); +} + +struct key_find_ctx { + const char *string; + int match_fp, match_comment; + struct pageant_pubkey *found; + int nfound; +}; + +int match_fingerprint_string(const char *string, const char *fingerprint) +{ + const char *hash; + + /* Find the hash in the fingerprint string. It'll be the word at the end. */ + hash = strrchr(fingerprint, ' '); + assert(hash); + hash++; + + /* Now see if the search string is a prefix of the full hash, + * neglecting colons and case differences. */ + while (1) { + while (*string == ':') string++; + while (*hash == ':') hash++; + if (!*string) + return TRUE; + if (tolower((unsigned char)*string) != tolower((unsigned char)*hash)) + return FALSE; + string++; + hash++; + } +} + +void key_find_callback(void *vctx, const char *fingerprint, + const char *comment, struct pageant_pubkey *key) +{ + struct key_find_ctx *ctx = (struct key_find_ctx *)vctx; + + if ((ctx->match_comment && !strcmp(ctx->string, comment)) || + (ctx->match_fp && match_fingerprint_string(ctx->string, fingerprint))) + { + if (!ctx->found) + ctx->found = pageant_pubkey_copy(key); + ctx->nfound++; + } +} + +struct pageant_pubkey *find_key(const char *string, char **retstr) +{ + struct key_find_ctx actx, *ctx = &actx; + struct pageant_pubkey key_in, *key_ret; + int try_file = TRUE, try_fp = TRUE, try_comment = TRUE; + int file_errors = FALSE; + + /* + * Trim off disambiguating prefixes telling us how to interpret + * the provided string. + */ + if (!strncmp(string, "file:", 5)) { + string += 5; + try_fp = try_comment = FALSE; + file_errors = TRUE; /* also report failure to load the file */ + } else if (!strncmp(string, "comment:", 8)) { + string += 8; + try_file = try_fp = FALSE; + } else if (!strncmp(string, "fp:", 3)) { + string += 3; + try_file = try_comment = FALSE; + } else if (!strncmp(string, "fingerprint:", 12)) { + string += 12; + try_file = try_comment = FALSE; + } + + /* + * Try interpreting the string as a key file name. + */ + if (try_file) { + Filename *fn = filename_from_str(string); + int keytype = key_type(fn); + if (keytype == SSH_KEYTYPE_SSH1 || + keytype == SSH_KEYTYPE_SSH1_PUBLIC) { + const char *error; + + if (!rsakey_pubblob(fn, &key_in.blob, &key_in.bloblen, + NULL, &error)) { + if (file_errors) { + *retstr = dupprintf("unable to load file '%s': %s", + string, error); + filename_free(fn); + return NULL; + } + } + + /* + * If we've successfully loaded the file, stop here - we + * already have a key blob and need not go to the agent to + * list things. + */ + key_in.ssh_version = 1; + key_ret = pageant_pubkey_copy(&key_in); + sfree(key_in.blob); + filename_free(fn); + return key_ret; + } else if (keytype == SSH_KEYTYPE_SSH2 || + keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 || + keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) { + const char *error; + + if ((key_in.blob = ssh2_userkey_loadpub(fn, NULL, + &key_in.bloblen, + NULL, &error)) == NULL) { + if (file_errors) { + *retstr = dupprintf("unable to load file '%s': %s", + string, error); + filename_free(fn); + return NULL; } - } else if (!strcmp(p, "--")) { - doing_opts = FALSE; } + + /* + * If we've successfully loaded the file, stop here - we + * already have a key blob and need not go to the agent to + * list things. + */ + key_in.ssh_version = 2; + key_ret = pageant_pubkey_copy(&key_in); + sfree(key_in.blob); + filename_free(fn); + return key_ret; } else { - fprintf(stderr, "pageant: unexpected argument '%s'\n", p); - exit(1); + if (file_errors) { + *retstr = dupprintf("unable to load key file '%s': %s", + string, key_type_to_str(keytype)); + filename_free(fn); + return NULL; + } } + filename_free(fn); } - if (errors) - return 1; + /* + * Failing that, go through the keys in the agent, and match + * against fingerprints and comments as appropriate. + */ + ctx->string = string; + ctx->match_fp = try_fp; + ctx->match_comment = try_comment; + ctx->found = NULL; + ctx->nfound = 0; + if (pageant_enum_keys(key_find_callback, ctx, retstr) == + PAGEANT_ACTION_FAILURE) + return NULL; - if (life == LIFE_UNSPEC) { - fprintf(stderr, "pageant: expected a lifetime option\n"); - exit(1); + if (ctx->nfound == 0) { + *retstr = dupstr("no key matched"); + assert(!ctx->found); + return NULL; + } else if (ctx->nfound > 1) { + *retstr = dupstr("multiple keys matched"); + assert(ctx->found); + pageant_pubkey_free(ctx->found); + return NULL; } - if (life == LIFE_EXEC && !exec_args) { - fprintf(stderr, "pageant: expected a command with --exec\n"); + + assert(ctx->found); + return ctx->found; +} + +void run_client(void) +{ + const struct cmdline_key_action *act; + struct pageant_pubkey *key; + int errors = FALSE; + char *retstr; + + if (!agent_exists()) { + fprintf(stderr, "pageant: no agent running to talk to\n"); exit(1); } + for (act = keyact_head; act; act = act->next) { + switch (act->action) { + case KEYACT_CLIENT_ADD: + if (!unix_add_keyfile(act->filename)) + errors = TRUE; + break; + case KEYACT_CLIENT_LIST: + if (pageant_enum_keys(key_list_callback, NULL, &retstr) == + PAGEANT_ACTION_FAILURE) { + fprintf(stderr, "pageant: listing keys: %s\n", retstr); + sfree(retstr); + errors = TRUE; + } + break; + case KEYACT_CLIENT_DEL: + key = NULL; + if (!(key = find_key(act->filename, &retstr)) || + pageant_delete_key(key, &retstr) == PAGEANT_ACTION_FAILURE) { + fprintf(stderr, "pageant: deleting key '%s': %s\n", + act->filename, retstr); + sfree(retstr); + errors = TRUE; + } + if (key) + pageant_pubkey_free(key); + break; + case KEYACT_CLIENT_PUBLIC_OPENSSH: + case KEYACT_CLIENT_PUBLIC: + key = NULL; + if (!(key = find_key(act->filename, &retstr))) { + fprintf(stderr, "pageant: finding key '%s': %s\n", + act->filename, retstr); + sfree(retstr); + errors = TRUE; + } else { + FILE *fp = stdout; /* FIXME: add a -o option? */ + + if (key->ssh_version == 1) { + struct RSAKey rkey; + memset(&rkey, 0, sizeof(rkey)); + rkey.comment = dupstr(key->comment); + makekey(key->blob, key->bloblen, &rkey, NULL, 0); + ssh1_write_pubkey(fp, &rkey); + freersakey(&rkey); + } else { + ssh2_write_pubkey(fp, key->comment, key->blob,key->bloblen, + (act->action == KEYACT_CLIENT_PUBLIC ? + SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 : + SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH)); + } + pageant_pubkey_free(key); + } + break; + case KEYACT_CLIENT_DEL_ALL: + if (pageant_delete_all_keys(&retstr) == PAGEANT_ACTION_FAILURE) { + fprintf(stderr, "pageant: deleting all keys: %s\n", retstr); + sfree(retstr); + errors = TRUE; + } + break; + default: + assert(0 && "Invalid client action found"); + } + } + + if (errors) + exit(1); +} + +void run_agent(void) +{ + const char *err; + char *username, *socketdir; + struct pageant_listen_state *pl; + Socket sock; + unsigned long now; + int *fdlist; + int fd; + int i, fdcount, fdsize, fdstate; + int termination_pid = -1; + int errors = FALSE; + Conf *conf; + const struct cmdline_key_action *act; + + fdlist = NULL; + fdcount = fdsize = 0; + + pageant_init(); + /* - * Block SIGPIPE, so that we'll get EPIPE individually on - * particular network connections that go wrong. + * Start by loading any keys provided on the command line. */ - putty_signal(SIGPIPE, SIG_IGN); - - sk_init(); - uxsel_init(); + for (act = keyact_head; act; act = act->next) { + assert(act->action == KEYACT_AGENT_LOAD); + if (!unix_add_keyfile(act->filename)) + errors = TRUE; + } + if (errors) + exit(1); /* * Set up a listening socket and run Pageant on it. @@ -337,7 +743,6 @@ int main(int argc, char **argv) exit(1); } socketname = dupprintf("%s/pageant.%d", socketdir, (int)getpid()); - pageant_init(); pl = pageant_listener_new(); sock = new_unix_listener(unix_sock_addr(socketname), (Plug)pl); if ((err = sk_socket_error(sock)) != NULL) { @@ -368,8 +773,6 @@ int main(int argc, char **argv) NULL }; - if (!display) - display = getenv("DISPLAY"); if (!display) { fprintf(stderr, "pageant: no DISPLAY for -X mode\n"); exit(1); @@ -526,16 +929,9 @@ int main(int argc, char **argv) * our containing tty session has ended, so it's time to * clean up and leave. */ - int fd = open("/dev/tty", O_RDONLY); - if (fd < 0) { - if (errno != ENXIO) { - perror("/dev/tty: open"); - exit(1); - } + if (!have_controlling_tty()) { time_to_die = TRUE; break; - } else { - close(fd); } } @@ -581,6 +977,140 @@ int main(int argc, char **argv) fprintf(stderr, "pageant: %s: %s\n", socketname, strerror(errno)); exit(1); } +} + +int main(int argc, char **argv) +{ + int doing_opts = TRUE; + keyact curr_keyact = KEYACT_AGENT_LOAD; + + /* + * Process the command line. + */ + while (--argc > 0) { + char *p = *++argv; + if (*p == '-' && doing_opts) { + if (!strcmp(p, "-V") || !strcmp(p, "--version")) { + version(); + } else if (!strcmp(p, "--help")) { + usage(); + exit(0); + } else if (!strcmp(p, "-v")) { + pageant_logfp = stderr; + } else if (!strcmp(p, "-a")) { + curr_keyact = KEYACT_CLIENT_ADD; + } else if (!strcmp(p, "-d")) { + curr_keyact = KEYACT_CLIENT_DEL; + } else if (!strcmp(p, "-s")) { + shell_type = SHELL_SH; + } else if (!strcmp(p, "-c")) { + shell_type = SHELL_CSH; + } else if (!strcmp(p, "-D")) { + add_keyact(KEYACT_CLIENT_DEL_ALL, NULL); + } else if (!strcmp(p, "-l")) { + add_keyact(KEYACT_CLIENT_LIST, NULL); + } else if (!strcmp(p, "--public")) { + curr_keyact = KEYACT_CLIENT_PUBLIC; + } else if (!strcmp(p, "--public-openssh")) { + curr_keyact = KEYACT_CLIENT_PUBLIC_OPENSSH; + } else if (!strcmp(p, "-X")) { + life = LIFE_X11; + } else if (!strcmp(p, "-T")) { + life = LIFE_TTY; + } else if (!strcmp(p, "--debug")) { + life = LIFE_DEBUG; + } else if (!strcmp(p, "--permanent")) { + life = LIFE_PERM; + } else if (!strcmp(p, "--exec")) { + life = LIFE_EXEC; + /* Now all subsequent arguments go to the exec command. */ + if (--argc > 0) { + exec_args = ++argv; + argc = 0; /* force end of option processing */ + } else { + fprintf(stderr, "pageant: expected a command " + "after --exec\n"); + exit(1); + } + } else if (!strcmp(p, "--")) { + doing_opts = FALSE; + } + } else { + /* + * Non-option arguments (apart from those after --exec, + * which are treated specially above) are interpreted as + * the names of private key files to either add or delete + * from an agent. + */ + add_keyact(curr_keyact, p); + } + } + + if (life == LIFE_EXEC && !exec_args) { + fprintf(stderr, "pageant: expected a command with --exec\n"); + exit(1); + } + + /* + * Block SIGPIPE, so that we'll get EPIPE individually on + * particular network connections that go wrong. + */ + putty_signal(SIGPIPE, SIG_IGN); + + sk_init(); + uxsel_init(); + + if (!display) { + display = getenv("DISPLAY"); + if (display && !*display) + display = NULL; + } + + /* + * Now distinguish our two main running modes. Either we're + * actually starting up an agent, in which case we should have a + * lifetime mode, and no key actions of KEYACT_CLIENT_* type; or + * else we're contacting an existing agent to add or remove keys, + * in which case we should have no lifetime mode, and no key + * actions of KEYACT_AGENT_* type. + */ + { + int has_agent_actions = FALSE; + int has_client_actions = FALSE; + int has_lifetime = FALSE; + const struct cmdline_key_action *act; + + for (act = keyact_head; act; act = act->next) { + if (is_agent_action(act->action)) + has_agent_actions = TRUE; + else + has_client_actions = TRUE; + } + if (life != LIFE_UNSPEC) + has_lifetime = TRUE; + + if (has_lifetime && has_client_actions) { + fprintf(stderr, "pageant: client key actions (-a, -d, -D, -l, -L)" + " do not go with an agent lifetime option\n"); + exit(1); + } + if (!has_lifetime && has_agent_actions) { + fprintf(stderr, "pageant: expected an agent lifetime option with" + " bare key file arguments\n"); + exit(1); + } + if (!has_lifetime && !has_client_actions) { + fprintf(stderr, "pageant: expected an agent lifetime option" + " or a client key action\n"); + exit(1); + } + + if (has_lifetime) { + run_agent(); + } else if (has_client_actions) { + run_client(); + } + } return 0; }