Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/ssh-agent.c
Show All 29 Lines | |||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
*/ | */ | ||||
#include "includes.h" | #include "includes.h" | ||||
__RCSID("$FreeBSD$"); | |||||
#include <sys/types.h> | #include <sys/types.h> | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/resource.h> | #include <sys/resource.h> | ||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#ifdef HAVE_SYS_TIME_H | #ifdef HAVE_SYS_TIME_H | ||||
# include <sys/time.h> | # include <sys/time.h> | ||||
▲ Show 20 Lines • Show All 113 Lines • ▼ Show 20 Lines | |||||
extern char *__progname; | extern char *__progname; | ||||
/* Default lifetime in seconds (0 == forever) */ | /* Default lifetime in seconds (0 == forever) */ | ||||
static long lifetime = 0; | static long lifetime = 0; | ||||
static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||||
/* | |||||
* Client connection count; incremented in new_socket() and decremented in | |||||
* close_socket(). When it reaches 0, ssh-agent will exit. Since it is | |||||
* normally initialized to 1, it will never reach 0. However, if the -x | |||||
* option is specified, it is initialized to 0 in main(); in that case, | |||||
* ssh-agent will exit as soon as it has had at least one client but no | |||||
* longer has any. | |||||
*/ | |||||
static int xcount = 1; | |||||
static void | static void | ||||
close_socket(SocketEntry *e) | close_socket(SocketEntry *e) | ||||
{ | { | ||||
int last = 0; | |||||
if (e->type == AUTH_CONNECTION) { | |||||
debug("xcount %d -> %d", xcount, xcount - 1); | |||||
if (--xcount == 0) | |||||
last = 1; | |||||
} | |||||
close(e->fd); | close(e->fd); | ||||
e->fd = -1; | e->fd = -1; | ||||
e->type = AUTH_UNUSED; | e->type = AUTH_UNUSED; | ||||
sshbuf_free(e->input); | sshbuf_free(e->input); | ||||
sshbuf_free(e->output); | sshbuf_free(e->output); | ||||
sshbuf_free(e->request); | sshbuf_free(e->request); | ||||
if (last) | |||||
cleanup_exit(0); | |||||
} | } | ||||
static void | static void | ||||
idtab_init(void) | idtab_init(void) | ||||
{ | { | ||||
idtab = xcalloc(1, sizeof(*idtab)); | idtab = xcalloc(1, sizeof(*idtab)); | ||||
TAILQ_INIT(&idtab->idlist); | TAILQ_INIT(&idtab->idlist); | ||||
idtab->nentries = 0; | idtab->nentries = 0; | ||||
▲ Show 20 Lines • Show All 586 Lines • ▼ Show 20 Lines | #endif /* ENABLE_PKCS11 */ | ||||
return 0; | return 0; | ||||
} | } | ||||
static void | static void | ||||
new_socket(sock_type type, int fd) | new_socket(sock_type type, int fd) | ||||
{ | { | ||||
u_int i, old_alloc, new_alloc; | u_int i, old_alloc, new_alloc; | ||||
if (type == AUTH_CONNECTION) { | |||||
debug("xcount %d -> %d", xcount, xcount + 1); | |||||
++xcount; | |||||
} | |||||
set_nonblock(fd); | set_nonblock(fd); | ||||
if (fd > max_fd) | if (fd > max_fd) | ||||
max_fd = fd; | max_fd = fd; | ||||
for (i = 0; i < sockets_alloc; i++) | for (i = 0; i < sockets_alloc; i++) | ||||
if (sockets[i].type == AUTH_UNUSED) { | if (sockets[i].type == AUTH_UNUSED) { | ||||
sockets[i].fd = fd; | sockets[i].fd = fd; | ||||
▲ Show 20 Lines • Show All 279 Lines • ▼ Show 20 Lines | if (parent_pid != -1 && getppid() != parent_pid) { | ||||
_exit(2); | _exit(2); | ||||
} | } | ||||
} | } | ||||
static void | static void | ||||
usage(void) | usage(void) | ||||
{ | { | ||||
fprintf(stderr, | fprintf(stderr, | ||||
"usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" | "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" | ||||
" [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" | " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" | ||||
" ssh-agent [-c | -s] -k\n"); | " ssh-agent [-c | -s] -k\n"); | ||||
exit(1); | exit(1); | ||||
} | } | ||||
int | int | ||||
main(int ac, char **av) | main(int ac, char **av) | ||||
{ | { | ||||
Show All 16 Lines | #endif | ||||
ssh_malloc_init(); /* must be called before any mallocs */ | ssh_malloc_init(); /* must be called before any mallocs */ | ||||
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | ||||
sanitise_stdfd(); | sanitise_stdfd(); | ||||
/* drop */ | /* drop */ | ||||
setegid(getgid()); | setegid(getgid()); | ||||
setgid(getgid()); | setgid(getgid()); | ||||
setuid(geteuid()); | |||||
platform_disable_tracing(0); /* strict=no */ | platform_disable_tracing(0); /* strict=no */ | ||||
if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) | if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) | ||||
fatal("%s: getrlimit: %s", __progname, strerror(errno)); | fatal("%s: getrlimit: %s", __progname, strerror(errno)); | ||||
__progname = ssh_get_progname(av[0]); | __progname = ssh_get_progname(av[0]); | ||||
seed_rng(); | seed_rng(); | ||||
while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { | while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) { | ||||
switch (ch) { | switch (ch) { | ||||
case 'E': | case 'E': | ||||
fingerprint_hash = ssh_digest_alg_by_name(optarg); | fingerprint_hash = ssh_digest_alg_by_name(optarg); | ||||
if (fingerprint_hash == -1) | if (fingerprint_hash == -1) | ||||
fatal("Invalid hash algorithm \"%s\"", optarg); | fatal("Invalid hash algorithm \"%s\"", optarg); | ||||
break; | break; | ||||
case 'c': | case 'c': | ||||
if (s_flag) | if (s_flag) | ||||
Show All 26 Lines | while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) { | ||||
case 'a': | case 'a': | ||||
agentsocket = optarg; | agentsocket = optarg; | ||||
break; | break; | ||||
case 't': | case 't': | ||||
if ((lifetime = convtime(optarg)) == -1) { | if ((lifetime = convtime(optarg)) == -1) { | ||||
fprintf(stderr, "Invalid lifetime\n"); | fprintf(stderr, "Invalid lifetime\n"); | ||||
usage(); | usage(); | ||||
} | } | ||||
break; | |||||
case 'x': | |||||
xcount = 0; | |||||
break; | break; | ||||
default: | default: | ||||
usage(); | usage(); | ||||
} | } | ||||
} | } | ||||
ac -= optind; | ac -= optind; | ||||
av += optind; | av += optind; | ||||
▲ Show 20 Lines • Show All 184 Lines • Show Last 20 Lines |