Advertisement
devinteske

ssh-agent-sierra-patch.txt

Sep 7th, 2017
633
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 5.40 KB | None | 0 0
  1. --- Makefile.in.orig
  2. +++ Makefile.in
  3. @@ -42,7 +42,10 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
  4.  
  5.  CC=@CC@
  6.  LD=@LD@
  7. -CFLAGS=@CFLAGS@
  8. +CFLAGS=@CFLAGS@ \
  9. +   -D__APPLE__ \
  10. +   -D__APPLE_KEYCHAIN__ \
  11. +   -D__APPLE_LAUNCHD__
  12.  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
  13.  LIBS=@LIBS@
  14.  K5LIBS=@K5LIBS@
  15. @@ -58,7 +61,12 @@ PERL=@PERL@
  16.  SED=@SED@
  17.  ENT=@ENT@
  18.  XAUTH_PATH=@XAUTH_PATH@
  19. -LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
  20. +LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ \
  21. +   -framework Foundation \
  22. +   -framework CoreFoundation \
  23. +   -framework Kerberos \
  24. +   -framework OpenDirectory \
  25. +   -framework Security
  26.  EXEEXT=@EXEEXT@
  27.  MANFMT=@MANFMT@
  28.  
  29. @@ -95,7 +103,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
  30.     platform-pledge.o platform-tracing.o
  31.  
  32.  SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
  33. -   sshconnect.o sshconnect1.o sshconnect2.o mux.o
  34. +   sshconnect.o sshconnect1.o keychain.o sshconnect2.o mux.o
  35.  
  36.  SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
  37.     audit.o audit-bsm.o audit-linux.o platform.o \
  38. @@ -169,11 +177,11 @@ sshd$(EXEEXT): libssh.a   $(LIBCOMPAT) $(S
  39.  scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
  40.     $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  41.  
  42. -ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
  43. -   $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  44. +ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o keychain.o
  45. +   $(LD) -o $@ ssh-add.o keychain.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  46.  
  47. -ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
  48. -   $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  49. +ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-agent-notify.o ssh-pkcs11-client.o
  50. +   $(LD) -o $@ ssh-agent.o ssh-agent-notify.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  51.  
  52.  ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
  53.     $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  54. --- /dev/null
  55. +++ ssh-agent-notify.h
  56. @@ -0,0 +1,6 @@
  57. +#ifndef _SSH_AGENT_NOTIFY_H_
  58. +#define _SSH_AGENT_NOTIFY_H_
  59. +
  60. +void notify_user_macos(char *key, char *comment);
  61. +
  62. +#endif /* _SSH_AGENT_NOTIFY_H */
  63. --- /dev/null
  64. +++ ssh-agent-notify.m
  65. @@ -0,0 +1,69 @@
  66. +#import <Foundation/Foundation.h>
  67. +#import <Foundation/NSUserNotification.h>
  68. +#import <objc/runtime.h>
  69. +#import "ssh-agent-notify.h"
  70. +
  71. +@implementation NSBundle(sshagent)
  72. +- (NSString *)__bundleIdentifier
  73. +{
  74. +   return (self == [NSBundle mainBundle] ? @"com.apple.keychainaccess" :
  75. +       [self __bundleIdentifier]);
  76. +}
  77. +@end
  78. +
  79. +BOOL
  80. +installNSBundleHook()
  81. +{
  82. +   Class class = objc_getClass("NSBundle");
  83. +   if (class) {
  84. +       method_exchangeImplementations(
  85. +         class_getInstanceMethod(class, @selector(bundleIdentifier)),
  86. +         class_getInstanceMethod(class, @selector(__bundleIdentifier))
  87. +       );
  88. +       return YES;
  89. +   }
  90. +   return NO;
  91. +}
  92. +
  93. +#pragma mark - NotificationCenterDelegate
  94. +
  95. +@interface NotificationCenterDelegate:NSObject<NSUserNotificationCenterDelegate>
  96. +@property (nonatomic, assign) BOOL keepRunning;
  97. +@end
  98. +
  99. +@implementation NotificationCenterDelegate
  100. +- (void)userNotificationCenter:(NSUserNotificationCenter *)center
  101. +    didDeliverNotification:(NSUserNotification *)notification
  102. +{
  103. +   self.keepRunning = NO;
  104. +}
  105. +@end
  106. +
  107. +#pragma mark -
  108. +
  109. +void
  110. +notify_user_macos(char *key, char *comment)
  111. +{
  112. +   @autoreleasepool
  113. +   {
  114. +       if (!installNSBundleHook()) return;
  115. +
  116. +       NSUserNotificationCenter *center =
  117. +           [NSUserNotificationCenter defaultUserNotificationCenter];
  118. +       NotificationCenterDelegate *ncDelegate =
  119. +           [[NotificationCenterDelegate alloc] init];
  120. +       ncDelegate.keepRunning = YES;
  121. +       center.delegate = ncDelegate;
  122. +
  123. +       NSUserNotification *notification =
  124. +           [[NSUserNotification alloc] init];
  125. +       [notification setTitle:
  126. +           @"Key challenge signed for fingerprint"];
  127. +       [notification setSubtitle:
  128. +           [NSString stringWithUTF8String:key]];
  129. +       [notification setInformativeText:
  130. +           [NSString stringWithUTF8String:comment]];
  131. +       [notification setSoundName:@"Submarine"];
  132. +       [center scheduleNotification:notification];
  133. +   }
  134. +}
  135. --- ssh-agent.c
  136. +++ ssh-agent.c
  137. @@ -95,6 +95,8 @@
  138.  # define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*"
  139.  #endif
  140.  
  141. +#include "ssh-agent-notify.h"
  142. +
  143.  typedef enum {
  144.     AUTH_UNUSED,
  145.     AUTH_SOCKET,
  146. @@ -161,6 +163,18 @@ static long lifetime = 0;
  147.  static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
  148.  
  149.  static void
  150. +notify_user(struct identity *id)
  151. +{
  152. +   char *p;
  153. +
  154. +   p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
  155. +   debug("notifying key challenge signed for fingerprint %s path %s", p,
  156. +       id->comment);
  157. +   notify_user_macos(p, id->comment);
  158. +   free(p);
  159. +}
  160. +
  161. +static void
  162.  close_socket(SocketEntry *e)
  163.  {
  164.     close(e->fd);
  165. @@ -358,6 +372,9 @@ process_authentication_challenge1(Socket
  166.         if ((r = sshbuf_put_u8(msg, SSH_AGENT_RSA_RESPONSE)) != 0 ||
  167.             (r = sshbuf_put(msg, mdbuf, sizeof(mdbuf))) != 0)
  168.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
  169. +
  170. +       notify_user(id);
  171. +
  172.         goto send;
  173.     }
  174.  
  175. @@ -431,6 +448,7 @@ process_sign_request2(SocketEntry *e)
  176.         if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
  177.             (r = sshbuf_put_string(msg, signature, slen)) != 0)
  178.             fatal("%s: buffer error: %s", __func__, ssh_err(r));
  179. +       if (id) notify_user(id);
  180.     } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
  181.         fatal("%s: buffer error: %s", __func__, ssh_err(r));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement