security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-15 00:29:49 +02:00
Code Activity

Implement the procedure to handle requests from client.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-07-27 18:56:17 +09:00
parent f057a71e7f
commit 6f9bb301b7
3 changed files with 96 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
agent/agent.h
View File

@ -453,6 +453,7 @@ gpg_error_t ssh_search_control_file (ssh_control_file_t cf,
int *r_disabled,
int *r_ttl, int *r_confirm);
void start_command_handler_ssh_stream (ctrl_t ctrl, estream_t stream);
void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
/*-- findkey.c --*/

86
agent/command-ssh.c
View File

@ -3768,23 +3768,59 @@ get_client_info (gnupg_fd_t fd, struct peer_info_s *out)
}
/* Start serving client on STREAM. */
void
start_command_handler_ssh_stream (ctrl_t ctrl, estream_t stream)
{
gpg_error_t err;
int ret;
err = agent_copy_startup_env (ctrl);
if (err)
goto out;
/* We have to disable the estream buffering, because the estream
core doesn't know about secure memory. */
ret = es_setvbuf (stream, NULL, _IONBF, 0);
if (ret)
{
log_error ("failed to disable buffering on socket stream: %s\n",
strerror (errno));
goto out;
}
/* Main processing loop. */
while ( !ssh_request_process (ctrl, stream) )
{
/* Check whether we have reached EOF before trying to read
another request. */
int c;
c = es_fgetc (stream);
if (c == EOF)
break;
es_ungetc (c, stream);
}
/* Reset the daemon in case it has been used. */
agent_reset_daemon (ctrl);
out:
es_fclose (stream);
}
/* Start serving client on SOCK_CLIENT. */
void
start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
{
estream_t stream_sock = NULL;
gpg_error_t err;
int ret;
estream_t stream_sock;
struct peer_info_s peer_info;
es_syshd_t syshd;
syshd.type = ES_SYSHD_SOCK;
syshd.u.sock = sock_client;
err = agent_copy_startup_env (ctrl);
if (err)
goto out;
get_client_info (sock_client, &peer_info);
ctrl->client_pid = peer_info.pid;
ctrl->client_uid = peer_info.uid;
@ -3793,42 +3829,12 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
stream_sock = es_sysopen (&syshd, "r+");
if (!stream_sock)
{
err = gpg_error_from_syserror ();
log_error (_("failed to create stream from socket: %s\n"),
gpg_strerror (err));
goto out;
}
/* We have to disable the estream buffering, because the estream
core doesn't know about secure memory. */
ret = es_setvbuf (stream_sock, NULL, _IONBF, 0);
if (ret)
{
err = gpg_error_from_syserror ();
log_error ("failed to disable buffering "
"on socket stream: %s\n", gpg_strerror (err));
goto out;
strerror (errno));
return;
}
/* Main processing loop. */
while ( !ssh_request_process (ctrl, stream_sock) )
{
/* Check whether we have reached EOF before trying to read
another request. */
int c;
c = es_fgetc (stream_sock);
if (c == EOF)
break;
es_ungetc (c, stream_sock);
}
/* Reset the daemon in case it has been used. */
agent_reset_daemon (ctrl);
out:
if (stream_sock)
es_fclose (stream_sock);
start_command_handler_ssh_stream (ctrl, stream_sock);
}

65
agent/gpg-agent.c
View File

@ -2767,6 +2767,7 @@ putty_message_thread (void *arg)
#define AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent"
/* FIXME: Don't know exact semantics, but copied from Win32-Openssh */
#define SDDL_STR "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
#define BUFSIZE 5 * 1024
/* The thread handling Win32-OpenSSH requests through NamedPipe. */
static void *
@ -2774,7 +2775,6 @@ win32_openssh_thread (void *arg)
{
HANDLE pipe;
SECURITY_ATTRIBUTES sa;
const char *;
(void)arg;
@ -2783,10 +2783,10 @@ win32_openssh_thread (void *arg)
memset(&sa, 0, sizeof (SECURITY_ATTRIBUTES));
sa.nLength = sizeof (sa);
if (!ConvertStringSecurityDescriptorToSecurityDescriptorA (SDDL_STR, SDDL_REVISION_1,
&sa.lpSecurityDescriptor, &sa.nLength))
if (!ConvertStringSecurityDescriptorToSecurityDescriptorA
(SDDL_STR, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength))
{
log_error ("cannot convert sddl: %d\n", GetLastError ());
log_error ("cannot convert sddl: %ld\n", GetLastError ());
return NULL;
}
@ -2794,12 +2794,12 @@ win32_openssh_thread (void *arg)
while (1)
{
/* The message loop runs as thread independent from our nPth system.
This also means that we need to make sure that we switch back to
our system before calling any no-windows function. */
npth_unprotect ();
ctrl_t ctrl = NULL;
estream_t ssh_stream = NULL;
es_syshd_t syshd;
pipe = CreateNamedPipeW (AGENT_PIPE_NAME,
npth_unprotect ();
pipe = CreateNamedPipeA (AGENT_PIPE_NAME,
PIPE_ACCESS_DUPLEX, // | FILE_FLAG_OVERLAPPED
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
@ -2807,26 +2807,59 @@ win32_openssh_thread (void *arg)
if (pipe == INVALID_HANDLE_VALUE)
{
log_error ("cannot create pipe: %d\n", GetLastError());
npth_protect ();
log_error ("cannot create pipe: %ld\n", GetLastError());
break;
}
if (ConnectNamedPipe (pipe, NULL) != FALSE)
{
CloseHandle (pipe);
npth_protect ();
CloseHandle (pipe);
log_error ("ConnectNamedPipe returned TRUE unexpectedly\n");
return NULL;
break;
}
/* FIXME: Here, handle the requests from ssh client */
npth_protect ();
ctrl = xtrycalloc (1, sizeof *ctrl);
if (!ctrl)
{
CloseHandle (pipe);
log_error ("error allocating connection control data: %s\n",
strerror (errno));
break;
}
ctrl->session_env = session_env_new ();
if (!ctrl->session_env)
{
log_error ("error allocating session environment block: %s\n",
strerror (errno));
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
CloseHandle (pipe);
break;
}
agent_init_default_ctrl (ctrl);
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = pipe;
ssh_stream = es_sysopen (&syshd, "r+");
if (!ssh_stream)
{
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
CloseHandle (pipe);
break;
}
start_command_handler_ssh_stream (ctrl, ssh_stream);
agent_deinit_default_ctrl (ctrl);
xfree (ctrl);
CloseHandle (pipe);
}
/* Back to nPth. */
npth_protect ();
if (opt.verbose)
log_info ("Win32-OpenSSH thread stopped\n");
return NULL;