summaryrefslogtreecommitdiffstats
path: root/ssh-agent.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2024-10-24 05:15:47 +0200
committerDamien Miller <djm@mindrot.org>2024-10-24 05:29:31 +0200
commite86d7a077ce9a2b9ee9d4138c358a17cbdb786f9 (patch)
treef1fd65720832d2a710be9f0b176c86bae65c4821 /ssh-agent.c
parentupstream: relax valid_domain() checks to allow an underscore as the (diff)
downloadopenssh-e86d7a077ce9a2b9ee9d4138c358a17cbdb786f9.tar.xz
openssh-e86d7a077ce9a2b9ee9d4138c358a17cbdb786f9.zip
upstream: amake ssh-agent drop all keys when it receives SIGUSR1;
let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
Diffstat (limited to '')
-rw-r--r--ssh-agent.c33
1 files changed, 27 insertions, 6 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 08646b76c..55f3a8520 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.307 2024/09/24 02:28:17 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.308 2024/10/24 03:15:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -162,7 +162,8 @@ int max_fd = 0;
pid_t parent_pid = -1;
time_t parent_alive_interval = 0;
-sig_atomic_t signalled = 0;
+static sig_atomic_t signalled_exit;
+static sig_atomic_t signalled_keydrop;
/* pid of process for which cleanup_socket is applicable */
pid_t cleanup_pid = 0;
@@ -1021,7 +1022,7 @@ process_remove_identity(SocketEntry *e)
}
static void
-process_remove_all_identities(SocketEntry *e)
+remove_all_identities(void)
{
Identity *id;
@@ -1035,6 +1036,12 @@ process_remove_all_identities(SocketEntry *e)
/* Mark that there are no identities. */
idtab->nentries = 0;
+}
+
+static void
+process_remove_all_identities(SocketEntry *e)
+{
+ remove_all_identities();
/* Send success. */
send_status(e, 1);
@@ -2164,7 +2171,13 @@ cleanup_exit(int i)
static void
cleanup_handler(int sig)
{
- signalled = sig;
+ signalled_exit = sig;
+}
+
+static void
+keydrop_handler(int sig)
+{
+ signalled_keydrop = sig;
}
static void
@@ -2447,11 +2460,13 @@ skip:
ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
ssh_signal(SIGHUP, cleanup_handler);
ssh_signal(SIGTERM, cleanup_handler);
+ ssh_signal(SIGUSR1, keydrop_handler);
sigemptyset(&nsigset);
sigaddset(&nsigset, SIGINT);
sigaddset(&nsigset, SIGHUP);
sigaddset(&nsigset, SIGTERM);
+ sigaddset(&nsigset, SIGUSR1);
if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
fatal("%s: pledge: %s", __progname, strerror(errno));
@@ -2459,10 +2474,16 @@ skip:
while (1) {
sigprocmask(SIG_BLOCK, &nsigset, &osigset);
- if (signalled != 0) {
- logit("exiting on signal %d", (int)signalled);
+ if (signalled_exit != 0) {
+ logit("exiting on signal %d", (int)signalled_exit);
cleanup_exit(2);
}
+ if (signalled_keydrop) {
+ logit("signal %d received; removing all keys",
+ signalled_keydrop);
+ remove_all_identities();
+ signalled_keydrop = 0;
+ }
ptimeout_init(&timeout);
prepare_poll(&pfd, &npfd, &timeout, maxfds);
result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset);