[gnome-keyring/ssh-wip: 3/4] WIP ssh more
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring/ssh-wip: 3/4] WIP ssh more
- Date: Fri, 29 Aug 2014 13:35:28 +0000 (UTC)
commit 58a5454c2c3e691f00888877fdc0a0f6c0294e6d
Author: Stef Walter <stefw redhat com>
Date: Fri Aug 29 15:30:18 2014 +0200
WIP ssh more
daemon/gkd-pkcs11.c | 2 -
daemon/ssh-agent/Makefile.am | 16 ----
daemon/ssh-agent/gkd-ssh-agent-client.h | 22 +++++-
daemon/ssh-agent/gkd-ssh-agent-ops.c | 120 ++++++++++++++++++-----------
daemon/ssh-agent/gkd-ssh-agent-private.h | 2 +
daemon/ssh-agent/gkd-ssh-agent.c | 24 +-----
daemon/ssh-agent/gkd-ssh-agent.h | 4 -
7 files changed, 100 insertions(+), 90 deletions(-)
---
diff --git a/daemon/gkd-pkcs11.c b/daemon/gkd-pkcs11.c
index b3ed43b..b2a1a91 100644
--- a/daemon/gkd-pkcs11.c
+++ b/daemon/gkd-pkcs11.c
@@ -50,7 +50,6 @@ pkcs11_daemon_cleanup (gpointer unused)
g_assert (pkcs11_roof);
- gkd_ssh_agent_uninitialize ();
gkm_rpc_layer_uninitialize ();
gkd_gpg_agent_uninitialize ();
rv = (pkcs11_roof->C_Finalize) (NULL);
@@ -116,7 +115,6 @@ gkd_pkcs11_initialize (void)
egg_cleanup_register (pkcs11_daemon_cleanup, NULL);
ret = gkd_gpg_agent_initialize (pkcs11_roof) &&
- gkd_ssh_agent_initialize (pkcs11_roof) &&
gkm_rpc_layer_initialize (pkcs11_roof);
return ret;
diff --git a/daemon/ssh-agent/Makefile.am b/daemon/ssh-agent/Makefile.am
index f84cc8a..014c9c6 100644
--- a/daemon/ssh-agent/Makefile.am
+++ b/daemon/ssh-agent/Makefile.am
@@ -14,19 +14,3 @@ libgkd_ssh_agent_la_SOURCES = \
daemon/ssh-agent/gkd-ssh-agent-proto.c
libgkd_ssh_agent_la_CFLAGS = \
$(DAEMON_CFLAGS)
-
-# ------------------------------------------------------------------------------
-# Standalone binary
-
-noinst_PROGRAMS += \
- gkd-ssh-agent-standalone
-
-gkd_ssh_agent_standalone_SOURCES = \
- daemon/ssh-agent/gkd-ssh-agent-standalone.c
-gkd_ssh_agent_standalone_CFLAGS = \
- $(DAEMON_CFLAGS)
-gkd_ssh_agent_standalone_LDADD = \
- libgkd-ssh-agent.la \
- libegg-buffer.la \
- libegg-secure.la \
- $(DAEMON_LIBS)
diff --git a/daemon/ssh-agent/gkd-ssh-agent-client.h b/daemon/ssh-agent/gkd-ssh-agent-client.h
index 9feacc0..c3cd135 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-client.h
+++ b/daemon/ssh-agent/gkd-ssh-agent-client.h
@@ -26,6 +26,8 @@
#include <glib-object.h>
+#include "egg/egg-buffer.h"
+
#define GKD_TYPE_SSH_AGENT_CLIENT (gkm_ssh_agent_client_get_type ())
#define GKD_SSH_AGENT_CLIENT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj),
GKD_TYPE_SSH_AGENT_CLIENT, GkdSshAgentClient))
#define GKD_SSH_AGENT_CLIENT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass),
GKD_TYPE_SSH_AGENT_CLIENT, GkdSshAgentClientClass))
@@ -38,9 +40,25 @@ typedef struct _GkdSshAgentClientClass GkdSshAgentClientClass;
GType gkd_ssh_agent_client_get_type (void);
-GList * gkd_ssh_agent_client_get_preload_keys (GkdSshAgentClient *self);
+GkdSshAgentClient * gkd_ssh_agent_client_connect (void);
+
+gboolean gkd_ssh_agent_client_call (GkdSshAgentClient *self,
+ EggBuffer *req,
+ EggBuffer *resp);
+
+GList * gkd_ssh_agent_client_preload_keys (GkdSshAgentClient *self);
+
+gchar * gkd_ssh_agent_client_preload_comment (GkdSshAgentClient *self,
+ GBytes *key);
+
+GBytes * gkd_ssh_agent_client_preload_unlock (GkdSshAgentClient *self,
+ GBytes *key);
-void gkd_ssh_agent_client_clear_preload (GkdSshAgentClient *self,
+void gkd_ssh_agent_client_preload_clear (GkdSshAgentClient *self,
GBytes *key);
+void gkd_ssh_agent_client_preload_clear_all (GkdSshAgentClient *self);
+
+void gkd_ssh_agent_client_cleanup (void);
+
#endif /* __GKD_SSH_AGENT_CLIENT_H__ */
diff --git a/daemon/ssh-agent/gkd-ssh-agent-ops.c b/daemon/ssh-agent/gkd-ssh-agent-ops.c
index 47c6560..c2b02a7 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-ops.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-ops.c
@@ -45,8 +45,8 @@ op_add_identity (GkdSshAgentCall *call)
{
GList *keys;
gsize offset;
- gconstpointer data;
- gsize size;
+ gconstpointer blob;
+ gsize length;
GList *l;
/*
@@ -59,19 +59,19 @@ op_add_identity (GkdSshAgentCall *call)
* initial bytes as the public key we've loaded.
*/
- keys = gkd_ssh_agent_client_get_preload_keys (call->agent);
+ keys = gkd_ssh_agent_client_preload_keys (call->agent);
offset = 5;
for (l = keys; l != NULL; l = g_list_next (l)) {
- data = g_bytes_get_data (l->data, &size);
- if (call->req->len >= size + offset &&
- memcmp (call->req->buf, data, size) == 0) {
- gkd_ssh_agent_client_clear_preload (call->agent, l->data);
+ blob = g_bytes_get_data (l->data, &length);
+ if (call->req->len >= length + offset &&
+ memcmp (call->req->buf + offset, blob, length) == 0) {
+ gkd_ssh_agent_client_preload_clear (call->agent, l->data);
break;
- }:snp
+ }
}
- g_list_free_full (keys, g_bytes_unref);
+ g_list_free_full (keys, (GDestroyNotify)g_bytes_unref);
return gkd_ssh_agent_relay (call);
}
@@ -79,6 +79,10 @@ op_add_identity (GkdSshAgentCall *call)
static GHashTable *
parse_identities_answer (EggBuffer *resp)
{
+ GHashTable *answer;
+ const guchar *blob;
+ gchar *comment;
+ gsize length;
gsize offset = 4;
guint32 count;
guchar op;
@@ -91,26 +95,31 @@ parse_identities_answer (EggBuffer *resp)
return NULL;
}
- keys = g_hash_table_new_full (g_bytes_hash, g_bytes_equal, g_bytes_unref, g_free);
+ answer = g_hash_table_new_full (g_bytes_hash, g_bytes_equal, (GDestroyNotify)g_bytes_unref, g_free);
for (i = 0; i < count; i++) {
if (!egg_buffer_get_byte_array (resp, offset, &offset, &blob, &length) ||
!egg_buffer_get_string (resp, offset, &offset, &comment, g_realloc)) {
g_warning ("got unparseable response back from ssh-agent when requesting identities");
- g_hash_table_unref (keys);
+ g_hash_table_unref (answer);
return NULL;
}
- g_hash_table_insert (keys, g_bytes_new (blob, length), comment);
+ g_hash_table_insert (answer, g_bytes_new (blob, length), comment);
}
- return keys;
+ return answer;
}
static gboolean
op_request_identities (GkdSshAgentCall *call)
{
GHashTable *answer;
+ const guchar *blob;
+ gchar *comment;
+ gsize length;
guint32 added;
+ GList *keys;
+ GList *l;
if (!gkd_ssh_agent_relay (call))
return FALSE;
@@ -123,72 +132,91 @@ op_request_identities (GkdSshAgentCall *call)
added = 0;
/* Add any preloaded keys not already in answer */
- keys = gkd_ssh_agent_get_preload_keys (call->agent);
+ keys = gkd_ssh_agent_client_preload_keys (call->agent);
for (l = keys; l != NULL; l = g_list_next (l)) {
if (g_hash_table_lookup (answer, l->data))
continue;
blob = g_bytes_get_data (l->data, &length);
egg_buffer_add_byte_array (call->resp, blob, length);
- comment = gkd_ssh_agent_get_preload_comment (l->data);
- egg_buffer_add_string (comment ? comment : "");
+ comment = gkd_ssh_agent_client_preload_comment (call->agent, l->data);
+ egg_buffer_add_string (call->resp, comment ? comment : "");
+ g_free (comment);
added++;
}
- g_list_free_full (keys, g_bytes_unref);
+ g_list_free_full (keys, (GDestroyNotify)g_bytes_unref);
/* Set the correct amount of keys including the ones we added */
- egg_buffer_set_uint32 (call->resp, 5, added + g_hash_table_get_size (answer));
+ egg_buffer_set_uint32 (call->resp, 5, added + g_hash_table_size (answer));
g_hash_table_unref (answer);
return TRUE;
}
+static void
+preload_key_if_necessary (GkdSshAgentClient *agent,
+ GBytes *key)
+{
+ EggBuffer buf;
+ const guchar *blob;
+ gchar *comment;
+ gsize length;
+ GBytes *priv;
+ guchar code;
+
+ priv = gkd_ssh_agent_client_preload_unlock (agent, key);
+ if (!priv)
+ return;
+
+ egg_buffer_init_full (&buf, 128, egg_secure_realloc);
+ egg_buffer_add_uint32 (&buf, 0); /* length */
+ egg_buffer_add_byte (&buf, GKD_SSH_OP_ADD_IDENTITY);
+ blob = g_bytes_get_data (priv, &length);
+ egg_buffer_add_byte_array (&buf, blob, length);
+
+ if (gkd_ssh_agent_client_call (agent, &buf, &buf)) {
+ if (!egg_buffer_get_byte (&buf, 4, NULL, &code) || code != GKD_SSH_RES_SUCCESS) {
+ comment = gkd_ssh_agent_client_preload_comment (agent, key);
+ g_warning ("couldn't add private key '%s' to ssh-agent", comment);
+ g_free (comment);
+ }
+ }
+
+ gkd_ssh_agent_client_preload_clear (agent, key);
+}
+
static gboolean
op_sign_request (GkdSshAgentCall *call)
{
- EggBuffer buf;
+ const guchar *blob;
+ gsize length;
gsize offset = 5;
GBytes *key;
/* If parsing the request fails, just pass through */
- if (!egg_buffer_get_byte_array (call->resp, offset, &offset, &blob, &length)) {
+ if (egg_buffer_get_byte_array (call->resp, offset, &offset, &blob, &length)) {
+ key = g_bytes_new (blob, length);
+ preload_key_if_necessary (call->agent, key);
+ g_bytes_unref (key);
+ } else {
g_warning ("got unparseable sign request for ssh-agent");
- return gkd_ssh_agent_relay (call);
- }
-
- key = g_bytes_new (blob, length);
- priv = gkd_ssh_agent_get_preload_private (call->agent, key);
-
- if (priv) {
- egg_buffer_init_full (&buf, xxxx);
- egg_buffer_add_uint32 (&buf, 0); /* length */
- egg_buffer_add_byte (&buf, GKR_ ADD_IDENTITY);
- blob = g_bytes_get_data (&buf, priv, &length);
- egg_buffer_add_byte_array (&buf, blob, length);
-
- xxxx gkd_ssh_agent_call (call->agent, buf);
-
- egg_buffer_get_byte (call->resp, what's the right code GKD_SSH_RES_FAILURE);
-
- gkd_ssh_agent_clear ();
-
- xxxx parse xxxx;
}
- xxxx separate function xxxx
-out:
- if (key)
- g_bytes_unref (key);
return gkd_ssh_agent_relay (call);
}
static gboolean
op_remove_identity (GkdSshAgentCall *call)
{
+ const guchar *blob;
+ gsize length;
+ gsize offset = 5;
+ GBytes *key;
+
/* If parsing the request fails, just pass through */
if (egg_buffer_get_byte_array (call->resp, offset, &offset, &blob, &length)) {
key = g_bytes_new (blob, length);
- gkd_ssh_agent_clear_preload (call->agent, key);
+ gkd_ssh_agent_client_preload_clear (call->agent, key);
g_bytes_unref (key);
} else {
g_warning ("got unparseable remove request for ssh-agent");
@@ -201,7 +229,7 @@ op_remove_identity (GkdSshAgentCall *call)
static gboolean
op_remove_all_identities (GkdSshAgentCall *call)
{
- gkd_ssh_agent_clear_all (call->agent);
+ gkd_ssh_agent_client_preload_clear_all (call->agent);
return gkd_ssh_agent_relay (call);
}
diff --git a/daemon/ssh-agent/gkd-ssh-agent-private.h b/daemon/ssh-agent/gkd-ssh-agent-private.h
index 6ee7bcf..d161b01 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-private.h
+++ b/daemon/ssh-agent/gkd-ssh-agent-private.h
@@ -95,4 +95,6 @@ gboolean gkd_ssh_agent_read_packet (gint fd,
gboolean gkd_ssh_agent_write_packet (gint fd,
EggBuffer *buffer);
+gboolean gkd_ssh_agent_relay (GkdSshAgentCall *call);
+
#endif /*GKDSSHPRIVATE_H_*/
diff --git a/daemon/ssh-agent/gkd-ssh-agent.c b/daemon/ssh-agent/gkd-ssh-agent.c
index b831408..5245034 100644
--- a/daemon/ssh-agent/gkd-ssh-agent.c
+++ b/daemon/ssh-agent/gkd-ssh-agent.c
@@ -44,9 +44,6 @@
typedef int socklen_t;
#endif
-/* The loaded PKCS#11 modules */
-static GList *pkcs11_modules = NULL;
-
EGG_SECURE_DECLARE (ssh_agent);
static gboolean
@@ -140,8 +137,7 @@ gkd_ssh_agent_write_packet (gint fd,
static gpointer
run_client_thread (gpointer data)
{
- gint *socket = xxxx;
- gint *agent = xxxx;
+ gint *socket = data;
GkdSshAgentCall call;
GkdSshAgentOperation func;
EggBuffer req;
@@ -164,7 +160,7 @@ run_client_thread (gpointer data)
for (;;) {
/* 1. Read in the request */
- if (!gkd_ssh_agent_read_packet (call.sock, &call.req))
+ if (!gkd_ssh_agent_read_packet (call.sock, call.req))
break;
/* 2. Now decode the operation */
@@ -203,7 +199,6 @@ out:
typedef struct _Client {
GThread *thread;
gint sock;
- gint agent;
} Client;
/* Each client thread in this list */
@@ -221,7 +216,6 @@ gkd_ssh_agent_accept (void)
Client *client;
struct sockaddr_un addr;
socklen_t addrlen;
- GError *error = NULL;
GList *l;
int new_fd;
@@ -245,16 +239,8 @@ gkd_ssh_agent_accept (void)
return;
}
- real_agent = gkd_ssh_agent_process_connect ();
- if (real_agent < 0) {
- /* Warning already printed */
- close (new_fd);
- return;
- }
-
client = g_slice_new0 (Client);
client->sock = new_fd;
- client->agent = real_agent;
/* And create a new thread/process */
client->thread = g_thread_new ("ssh-agent", run_client_thread, &client->sock);
@@ -278,10 +264,8 @@ gkd_ssh_agent_shutdown (void)
client = l->data;
/* Forcibly shutdown the connection */
- if (client->sock != -1) {
+ if (client->sock != -1)
shutdown (client->sock, SHUT_RDWR);
- shutdown (client->agent, SHUT_RDWR);
- }
g_thread_join (client->thread);
/* This is always closed by client thread */
@@ -292,7 +276,7 @@ gkd_ssh_agent_shutdown (void)
g_list_free (socket_clients);
socket_clients = NULL;
- gkd_ssh_agent_process_cleanup ();
+ gkd_ssh_agent_client_cleanup ();
}
int
diff --git a/daemon/ssh-agent/gkd-ssh-agent.h b/daemon/ssh-agent/gkd-ssh-agent.h
index 03427d2..781ab45 100644
--- a/daemon/ssh-agent/gkd-ssh-agent.h
+++ b/daemon/ssh-agent/gkd-ssh-agent.h
@@ -33,8 +33,4 @@ void gkd_ssh_agent_accept (void);
void gkd_ssh_agent_shutdown (void);
-gboolean gkd_ssh_agent_initialize (CK_FUNCTION_LIST_PTR funcs);
-
-void gkd_ssh_agent_uninitialize (void);
-
#endif /* GKDSSHAGENT_H_ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]