-.\" $OpenBSD: ssh-agent.1,v 1.79 2023/08/10 14:37:32 naddy Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.80 2024/10/24 03:15:47 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: August 10 2023 $
+.Dd $Mdocdate: October 24 2024 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
and the result is returned to the requester,
allowing the user access to their identities anywhere in the network
in a secure fashion.
+.Pp
+.Nm
+will delete all keys it has loaded upon receiving
+.Dv SIGUSR1 .
.Sh ENVIRONMENT
.Bl -tag -width "SSH_AGENT_PID"
.It Ev SSH_AGENT_PID
-/* $OpenBSD: ssh-agent.c,v 1.307 2024/09/24 02:28:17 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.308 2024/10/24 03:15:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
pid_t parent_pid = -1;
time_t parent_alive_interval = 0;
-sig_atomic_t signalled = 0;
+static sig_atomic_t signalled_exit;
+static sig_atomic_t signalled_keydrop;
/* pid of process for which cleanup_socket is applicable */
pid_t cleanup_pid = 0;
}
static void
-process_remove_all_identities(SocketEntry *e)
+remove_all_identities(void)
{
Identity *id;
/* Mark that there are no identities. */
idtab->nentries = 0;
+}
+
+static void
+process_remove_all_identities(SocketEntry *e)
+{
+ remove_all_identities();
/* Send success. */
send_status(e, 1);
static void
cleanup_handler(int sig)
{
- signalled = sig;
+ signalled_exit = sig;
+}
+
+static void
+keydrop_handler(int sig)
+{
+ signalled_keydrop = sig;
}
static void
ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN);
ssh_signal(SIGHUP, cleanup_handler);
ssh_signal(SIGTERM, cleanup_handler);
+ ssh_signal(SIGUSR1, keydrop_handler);
sigemptyset(&nsigset);
sigaddset(&nsigset, SIGINT);
sigaddset(&nsigset, SIGHUP);
sigaddset(&nsigset, SIGTERM);
+ sigaddset(&nsigset, SIGUSR1);
if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
fatal("%s: pledge: %s", __progname, strerror(errno));
while (1) {
sigprocmask(SIG_BLOCK, &nsigset, &osigset);
- if (signalled != 0) {
- logit("exiting on signal %d", (int)signalled);
+ if (signalled_exit != 0) {
+ logit("exiting on signal %d", (int)signalled_exit);
cleanup_exit(2);
}
+ if (signalled_keydrop) {
+ logit("signal %d received; removing all keys",
+ signalled_keydrop);
+ remove_all_identities();
+ signalled_keydrop = 0;
+ }
ptimeout_init(&timeout);
prepare_poll(&pfd, &npfd, &timeout, maxfds);
result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset);
projects / thirdparty / openssh-portable.git / commitdiff
