[openssh-commits] [openssh] 02/03: upstream: amake ssh-agent drop all keys when it receives SIGUSR1;

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Oct 24 14:30:18 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e86d7a077ce9a2b9ee9d4138c358a17cbdb786f9
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Oct 24 03:15:47 2024 +0000

    upstream: amake ssh-agent drop all keys when it receives SIGUSR1;
    
    let's users zap keys without access to $SSH_AUTH_SOCK
    
    ok deraadt@
    
    OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
---
 ssh-agent.1 |  8 ++++++--
 ssh-agent.c | 33 +++++++++++++++++++++++++++------
 2 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/ssh-agent.1 b/ssh-agent.1
index 0b93d03a..e5f9b0e3 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.79 2023/08/10 14:37:32 naddy Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.80 2024/10/24 03:15:47 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 10 2023 $
+.Dd $Mdocdate: October 24 2024 $
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME
@@ -233,6 +233,10 @@ the connection to the agent is forwarded over SSH remote connections
 and the result is returned to the requester,
 allowing the user access to their identities anywhere in the network
 in a secure fashion.
+.Pp
+.Nm
+will delete all keys it has loaded upon receiving
+.Dv SIGUSR1 .
 .Sh ENVIRONMENT
 .Bl -tag -width "SSH_AGENT_PID"
 .It Ev SSH_AGENT_PID
diff --git a/ssh-agent.c b/ssh-agent.c
index 08646b76..55f3a852 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.307 2024/09/24 02:28:17 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.308 2024/10/24 03:15:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -162,7 +162,8 @@ int max_fd = 0;
 pid_t parent_pid = -1;
 time_t parent_alive_interval = 0;
 
-sig_atomic_t signalled = 0;
+static sig_atomic_t signalled_exit;
+static sig_atomic_t signalled_keydrop;
 
 /* pid of process for which cleanup_socket is applicable */
 pid_t cleanup_pid = 0;
@@ -1021,7 +1022,7 @@ process_remove_identity(SocketEntry *e)
 }
 
 static void
-process_remove_all_identities(SocketEntry *e)
+remove_all_identities(void)
 {
 	Identity *id;
 
@@ -1035,6 +1036,12 @@ process_remove_all_identities(SocketEntry *e)
 
 	/* Mark that there are no identities. */
 	idtab->nentries = 0;
+}
+
+static void
+process_remove_all_identities(SocketEntry *e)
+{
+	remove_all_identities();
 
 	/* Send success. */
 	send_status(e, 1);
@@ -2164,7 +2171,13 @@ cleanup_exit(int i)
 static void
 cleanup_handler(int sig)
 {
-	signalled = sig;
+	signalled_exit = sig;
+}
+
+static void
+keydrop_handler(int sig)
+{
+	signalled_keydrop = sig;
 }
 
 static void
@@ -2447,11 +2460,13 @@ skip:
 	ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
 	ssh_signal(SIGHUP, cleanup_handler);
 	ssh_signal(SIGTERM, cleanup_handler);
+	ssh_signal(SIGUSR1, keydrop_handler);
 
 	sigemptyset(&nsigset);
 	sigaddset(&nsigset, SIGINT);
 	sigaddset(&nsigset, SIGHUP);
 	sigaddset(&nsigset, SIGTERM);
+	sigaddset(&nsigset, SIGUSR1);
 
 	if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
 		fatal("%s: pledge: %s", __progname, strerror(errno));
@@ -2459,10 +2474,16 @@ skip:
 
 	while (1) {
 		sigprocmask(SIG_BLOCK, &nsigset, &osigset);
-		if (signalled != 0) {
-			logit("exiting on signal %d", (int)signalled);
+		if (signalled_exit != 0) {
+			logit("exiting on signal %d", (int)signalled_exit);
 			cleanup_exit(2);
 		}
+		if (signalled_keydrop) {
+			logit("signal %d received; removing all keys",
+			    signalled_keydrop);
+			remove_all_identities();
+			signalled_keydrop = 0;
+		}
 		ptimeout_init(&timeout);
 		prepare_poll(&pfd, &npfd, &timeout, maxfds);
 		result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list