Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit25e8edb

Browse files
committed
Merge remote-tracking branch 'origin/pull/24'
* origin/pull/24: LoadKeys(): slog.Debug() + refactor ssh-tpm-agent: use SSH_AUTH_SOCK Refactor main() listener
2 parents7f5985f +763c2ae commit25e8edb

File tree

2 files changed

+88
-76
lines changed

2 files changed

+88
-76
lines changed

‎agent/agent.go‎

Lines changed: 38 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,7 @@ func (a *Agent) List() ([]*agent.Key, error) {
127127
Comment:string(k.Comment),
128128
})
129129
}
130+
130131
returnagentKeys,nil
131132
}
132133

@@ -268,35 +269,46 @@ func (a *Agent) Unlock(passphrase []byte) error {
268269
}
269270

270271
funcLoadKeys(keyDirstring) (map[string]*key.Key,error) {
271-
keys:=map[string]*key.Key{}
272-
err:=filepath.WalkDir(keyDir,
273-
func(pathstring,d fs.DirEntry,errerror)error {
274-
iferr!=nil {
275-
returnerr
276-
}
277-
ifd.IsDir() {
278-
returnnil
279-
}
280-
if!strings.HasSuffix(path,"tpm") {
281-
returnnil
282-
}
283-
f,err:=os.ReadFile(path)
284-
iferr!=nil {
285-
returnfmt.Errorf("failed reading %s",path)
286-
}
287-
k,err:=key.DecodeKey(f)
288-
iferr!=nil {
289-
slog.Debug("not a TPM-sealed key",slog.String("key_path",path),slog.String("error",err.Error()))
290-
returnnil
291-
}
292-
keys[k.Fingerprint()]=k
293-
returnnil
294-
},
295-
)
272+
keyDir,err:=filepath.EvalSymlinks(keyDir)
296273
iferr!=nil {
297274
returnnil,err
298275
}
299-
returnkeys,nil
276+
277+
keys:=make(map[string]*key.Key)
278+
279+
walkFunc:=func(pathstring,d fs.DirEntry,errerror)error {
280+
iferr!=nil {
281+
returnerr
282+
}
283+
284+
ifd.IsDir() {
285+
returnnil
286+
}
287+
288+
if!strings.HasSuffix(path,".tpm") {
289+
slog.Debug("skipping key: does not have .tpm suffix",slog.String("name",path))
290+
returnnil
291+
}
292+
293+
f,err:=os.ReadFile(path)
294+
iferr!=nil {
295+
returnfmt.Errorf("failed reading %s",path)
296+
}
297+
298+
k,err:=key.DecodeKey(f)
299+
iferr!=nil {
300+
slog.Debug("not a TPM sealed key",slog.String("key_path",path),slog.String("error",err.Error()))
301+
returnnil
302+
}
303+
304+
keys[k.Fingerprint()]=k
305+
306+
slog.Debug("added TPM key",slog.String("name",path))
307+
returnnil
308+
}
309+
310+
err=filepath.WalkDir(keyDir,walkFunc)
311+
returnkeys,err
300312
}
301313

302314
funcNewAgent(listener*net.UnixListener,agents []agent.ExtendedAgent,tpmFetchfunc() transport.TPMCloser,pinfunc(*key.Key) ([]byte,error))*Agent {

‎cmd/ssh-tpm-agent/main.go‎

Lines changed: 50 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,11 @@ func main() {
103103
system,noLoad,debugModebool
104104
)
105105

106-
defaultSocketPath:=func()string {
106+
envSocketPath:=func()string {
107+
ifval,ok:=os.LookupEnv("SSH_AUTH_SOCK");ok&&socketPath=="" {
108+
returnval
109+
}
110+
107111
dir:=os.Getenv("XDG_RUNTIME_DIR")
108112
ifdir=="" {
109113
dir="/var/tmp"
@@ -113,7 +117,7 @@ func main() {
113117

114118
varsocketsSocketSet
115119

116-
flag.StringVar(&socketPath,"l",defaultSocketPath,"path of the UNIX socket to listen on")
120+
flag.StringVar(&socketPath,"l",envSocketPath,"path of the UNIX socket to listen on")
117121
flag.Var(&sockets,"A","fallback ssh-agent sockets")
118122
flag.BoolVar(&swtpmFlag,"swtpm",false,"use swtpm instead of actual tpm")
119123
flag.BoolVar(&printSocketFlag,"print-socket",false,"print path of UNIX socket to stdout")
@@ -161,15 +165,6 @@ func main() {
161165
keyDir=utils.SSHDir()
162166
}
163167

164-
fi,err:=os.Lstat(keyDir)
165-
iferr!=nil {
166-
slog.Error(err.Error())
167-
os.Exit(1)
168-
}
169-
iffi.Mode()&os.ModeSymlink==os.ModeSymlink {
170-
slog.Info("Not following symbolic link",slog.String("key_directory",keyDir))
171-
}
172-
173168
ifterm.IsTerminal(int(os.Stdin.Fd())) {
174169
slog.Info("Warning: ssh-tpm-agent is meant to run as a background daemon.")
175170
slog.Info("Running multiple instances is likely to lead to conflicts.")
@@ -187,44 +182,14 @@ func main() {
187182
agents=append(agents,sshagent.NewClient(conn))
188183
}
189184

190-
varlistener*net.UnixListener
191-
192-
ifos.Getenv("LISTEN_FDS")!="" {
193-
iferr!=nil {
194-
slog.Error(err.Error())
195-
os.Exit(1)
196-
}
197-
198-
file:=os.NewFile(uintptr(3),"ssh-tpm-agent.socket")
199-
fl,err:=net.FileListener(file)
200-
iferr!=nil {
201-
slog.Error(err.Error())
202-
os.Exit(1)
203-
}
204-
varokbool
205-
listener,ok=fl.(*net.UnixListener)
206-
if!ok {
207-
slog.Error("Socket-activation FD isn't a unix socket")
208-
os.Exit(1)
209-
}
210-
211-
slog.Info("Socket activated agent.")
212-
}else {
213-
os.Remove(socketPath)
214-
iferr:=os.MkdirAll(filepath.Dir(socketPath),0o777);err!=nil {
215-
slog.Error("Failed to create UNIX socket folder:",err)
216-
os.Exit(1)
217-
}
218-
listener,err=net.ListenUnix("unix",&net.UnixAddr{Net:"unix",Name:socketPath})
219-
iferr!=nil {
220-
slog.Error("Failed to listen on UNIX socket:",err)
221-
os.Exit(1)
222-
}
223-
slog.Info("Listening on socket",slog.String("path",socketPath))
185+
listener,err:=createListener(socketPath)
186+
iferr!=nil {
187+
slog.Error("creating listener",slog.String("error",err.Error()))
188+
os.Exit(1)
224189
}
225190

226-
a:=agent.NewAgent(listener,
227-
agents,
191+
agent:=agent.NewAgent(listener,agents,
192+
228193
// TPM Callback
229194
func() (tpm transport.TPMCloser) {
230195
// the agent will close the TPM after this is called
@@ -248,13 +213,48 @@ func main() {
248213
signal.Notify(c,syscall.SIGHUP)
249214
gofunc() {
250215
forrangec {
251-
a.Stop()
216+
agent.Stop()
252217
}
253218
}()
254219

255220
if!noLoad {
256-
a.LoadKeys(keyDir)
221+
iferr:=agent.LoadKeys(keyDir);err!=nil {
222+
slog.Error("loading keys",slog.String("error",err.Error()))
223+
}
224+
}
225+
226+
agent.Wait()
227+
}
228+
229+
funccreateListener(socketPathstring) (*net.UnixListener,error) {
230+
if_,ok:=os.LookupEnv("LISTEN_FDS");ok {
231+
f:=os.NewFile(uintptr(3),"ssh-tpm-agent.socket")
232+
233+
fListener,err:=net.FileListener(f)
234+
iferr!=nil {
235+
returnnil,err
236+
}
237+
238+
listener,ok:=fListener.(*net.UnixListener)
239+
if!ok {
240+
returnnil,fmt.Errorf("socket-activation file descriptor isn't an unix socket")
241+
}
242+
243+
slog.Info("Activated agent by socket")
244+
returnlistener,nil
245+
}
246+
247+
_=os.Remove(socketPath)
248+
249+
iferr:=os.MkdirAll(filepath.Dir(socketPath),0o770);err!=nil {
250+
returnnil,fmt.Errorf("creating UNIX socket directory: %w",err)
251+
}
252+
253+
listener,err:=net.ListenUnix("unix",&net.UnixAddr{Net:"unix",Name:socketPath})
254+
iferr!=nil {
255+
returnnil,err
257256
}
258257

259-
a.Wait()
258+
slog.Info("Listening on socket",slog.String("path",socketPath))
259+
returnlistener,nil
260260
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp