Google Git
Sign in
vanadium / release.go.x.ref / 764efb771d7872889c4ee2d9cc788bda70e36072 / . / security / agent / agentd / main.go
blob: 03a97ff133ec5b14bda1d06a76459b7d9ffad24f [file] [log] [blame]
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]1package main
2
3import (
4 "flag"
5 "fmt"
Suharsh Sivakumar23ea5352014-11-18 18:10:00 -0800[diff] [blame]6 "io"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]7 "os"
8 "os/exec"
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]9 "os/signal"
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]10 "strconv"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]11 "syscall"
Bogdan Caprita7f491672014-11-13 14:51:08 -0800[diff] [blame]12
Cosmos Nicolaoud412cb22014-12-15 22:06:32 -0800[diff] [blame]13 "golang.org/x/crypto/ssh/terminal"
Bogdan Caprita7f491672014-11-13 14:51:08 -0800[diff] [blame]14
Jiri Simsa764efb72014-12-25 20:57:03 -0800[diff] [blame^]15 "v.io/core/veyron/lib/flags/consts"
16 vsignals "v.io/core/veyron/lib/signals"
17 _ "v.io/core/veyron/profiles"
18 vsecurity "v.io/core/veyron/security"
19 "v.io/core/veyron/security/agent"
20 "v.io/core/veyron/security/agent/server"
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]21
Jiri Simsa764efb72014-12-25 20:57:03 -0800[diff] [blame^]22 "v.io/core/veyron2/options"
23 "v.io/core/veyron2/rt"
24 "v.io/core/veyron2/security"
25 "v.io/core/veyron2/vlog"
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]26)
27
Bogdan Capritac98a8b52014-12-01 10:08:47 -0800[diff] [blame]28var (
29 keypath = flag.String("additional_principals", "", "If non-empty, allow for the creation of new principals and save them in this directory.")
30 noPassphrase = flag.Bool("no_passphrase", false, "If true, user will not be prompted for principal encryption passphrase.")
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]31
32 // TODO(caprita): We use the exit code of the child to determine if the
33 // agent should restart it. Consider changing this to use the unix
34 // socket for this purpose.
35 restartExitCode = flag.String("restart_exit_code", "", "If non-empty, will restart the command when it exits, provided that the command's exit code matches the value of this flag. The value must be an integer, or an integer preceded by '!' (in which case all exit codes except the flag will trigger a restart.")
Bogdan Capritac98a8b52014-12-01 10:08:47 -0800[diff] [blame]36)
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]37
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]38func main() {
39 flag.Usage = func() {
40 fmt.Fprintf(os.Stderr, `Usage: %s [agent options] command command_args...
41
Bogdan Caprita7f491672014-11-13 14:51:08 -0800[diff] [blame]42Loads the private key specified in privatekey.pem in %v into memory, then
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]43starts the specified command with access to the private key via the
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]44agent protocol instead of directly reading from disk.
45
Asim Shankar95910b62014-10-31 22:02:29 -0700[diff] [blame]46`, os.Args[0], consts.VeyronCredentials)
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]47 flag.PrintDefaults()
48 }
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]49 exitCode := 0
50 defer func() {
51 os.Exit(exitCode)
52 }()
Bogdan Caprita7f491672014-11-13 14:51:08 -0800[diff] [blame]53 flag.Parse()
54 if len(flag.Args()) < 1 {
55 fmt.Fprintln(os.Stderr, "Need at least one argument.")
56 flag.Usage()
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]57 exitCode = 1
58 return
Bogdan Caprita7f491672014-11-13 14:51:08 -0800[diff] [blame]59 }
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]60 var restartOpts restartOptions
61 if err := restartOpts.parse(); err != nil {
62 fmt.Fprintln(os.Stderr, err)
63 flag.Usage()
64 exitCode = 1
65 return
66 }
67
Asim Shankar95910b62014-10-31 22:02:29 -0700[diff] [blame]68 // TODO(ashankar,cnicolaou): Should flags.Parse be used instead? But that adds unnecessary
69 // flags like "--veyron.namespace.root", which has no meaning for this binary.
70 dir := os.Getenv(consts.VeyronCredentials)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]71 if len(dir) == 0 {
Asim Shankar95910b62014-10-31 22:02:29 -0700[diff] [blame]72 vlog.Fatalf("The %v environment variable must be set to a directory", consts.VeyronCredentials)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]73 }
74
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]75 p, passphrase, err := newPrincipalFromDir(dir)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]76 if err != nil {
77 vlog.Fatalf("failed to create new principal from dir(%s): %v", dir, err)
78 }
79
Matt Rosencrantz3df85842014-12-04 16:10:45 -0800[diff] [blame]80 runtime, err := rt.New(options.RuntimePrincipal{p})
81 if err != nil {
82 panic("Could not initialize runtime: " + err.Error())
83 }
84 defer runtime.Cleanup()
85
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]86 log := runtime.Logger()
87
Ryan Brown50b473a2014-09-23 14:23:00 -0700[diff] [blame]88 if err = os.Setenv(agent.FdVarName, "3"); err != nil {
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]89 log.Fatalf("setenv: %v", err)
90 }
Asim Shankar95910b62014-10-31 22:02:29 -0700[diff] [blame]91 if err = os.Setenv(consts.VeyronCredentials, ""); err != nil {
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]92 log.Fatalf("setenv: %v", err)
93 }
94
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]95 if *keypath == "" && passphrase != nil {
96 // If we're done with the passphrase, zero it out so it doesn't stay in memory
97 for i := range passphrase {
98 passphrase[i] = 0
99 }
100 passphrase = nil
101 }
102
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]103 // Start running our server.
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]104 var sock, mgrSock *os.File
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]105 if sock, err = server.RunAnonymousAgent(runtime, p); err != nil {
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]106 log.Fatalf("RunAnonymousAgent: %v", err)
107 }
108 if *keypath != "" {
109 if mgrSock, err = server.RunKeyManager(runtime, *keypath, passphrase); err != nil {
110 log.Fatalf("RunKeyManager: %v", err)
111 }
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]112 }
113
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]114 for {
115 // Run the client and wait for it to finish.
116 cmd := exec.Command(flag.Args()[0], flag.Args()[1:]...)
117 cmd.Stdin = os.Stdin
118 cmd.Stdout = os.Stdout
119 cmd.Stderr = os.Stderr
120 cmd.ExtraFiles = []*os.File{sock}
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]121
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]122 if mgrSock != nil {
123 cmd.ExtraFiles = append(cmd.ExtraFiles, mgrSock)
Bogdan Capritab61c6752014-12-03 11:35:11 -0800[diff] [blame]124 }
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]125
126 err = cmd.Start()
127 if err != nil {
128 log.Fatalf("Error starting child: %v", err)
129 }
130 shutdown := make(chan struct{})
131 go func() {
132 select {
133 case sig := <-vsignals.ShutdownOnSignals(runtime):
134 // TODO(caprita): Should we also relay double
135 // signal to the child? That currently just
136 // force exits the current process.
137 if sig == vsignals.STOP {
138 sig = syscall.SIGTERM
139 }
140 cmd.Process.Signal(sig)
141 case <-shutdown:
142 }
143 }()
144 cmd.Wait()
145 close(shutdown)
146 exitCode = cmd.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()
147 if !restartOpts.restart(exitCode) {
148 break
149 }
150 }
151 // TODO(caprita): If restartOpts.enabled is false, we could close these
152 // right after cmd.Start().
153 sock.Close()
154 mgrSock.Close()
Ryan Brownfed691e2014-09-15 13:09:40 -0700[diff] [blame]155}
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]156
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]157func newPrincipalFromDir(dir string) (security.Principal, []byte, error) {
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]158 p, err := vsecurity.LoadPersistentPrincipal(dir, nil)
159 if os.IsNotExist(err) {
160 return handleDoesNotExist(dir)
161 }
Suharsh Sivakumar4684f4e2014-10-24 13:42:06 -0700[diff] [blame]162 if err == vsecurity.PassphraseErr {
163 return handlePassphrase(dir)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]164 }
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]165 return p, nil, err
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]166}
167
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]168func handleDoesNotExist(dir string) (security.Principal, []byte, error) {
Bogdan Capritac98a8b52014-12-01 10:08:47 -0800[diff] [blame]169 fmt.Println("Private key file does not exist. Creating new private key...")
170 var pass []byte
171 if !*noPassphrase {
172 var err error
173 if pass, err = getPassword("Enter passphrase (entering nothing will store unencrypted): "); err != nil {
174 return nil, nil, fmt.Errorf("failed to read passphrase: %v", err)
175 }
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]176 }
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]177 p, err := vsecurity.CreatePersistentPrincipal(dir, pass)
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]178 if err != nil {
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]179 return nil, pass, err
Suharsh Sivakumar8a7fba42014-10-27 12:40:48 -0700[diff] [blame]180 }
181 vsecurity.InitDefaultBlessings(p, "agent_principal")
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]182 return p, pass, nil
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]183}
184
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]185func handlePassphrase(dir string) (security.Principal, []byte, error) {
Bogdan Capritac98a8b52014-12-01 10:08:47 -0800[diff] [blame]186 if *noPassphrase {
187 return nil, nil, fmt.Errorf("Passphrase required for decrypting principal.")
188 }
Suharsh Sivakumar23ea5352014-11-18 18:10:00 -0800[diff] [blame]189 pass, err := getPassword("Private key file is encrypted. Please enter passphrase.\nEnter passphrase: ")
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]190 if err != nil {
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]191 return nil, nil, fmt.Errorf("failed to read passphrase: %v", err)
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]192 }
Ryan Brown81789442014-10-30 13:23:53 -0700[diff] [blame]193 p, err := vsecurity.LoadPersistentPrincipal(dir, pass)
194 return p, pass, err
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]195}
196
197func getPassword(prompt string) ([]byte, error) {
Jiri Simsaab5f4ff2014-11-18 15:31:48 -0800[diff] [blame]198 if !terminal.IsTerminal(int(os.Stdin.Fd())) {
Suharsh Sivakumar23ea5352014-11-18 18:10:00 -0800[diff] [blame]199 // If the standard input is not a terminal, the password is obtained by reading a line from it.
200 return readPassword()
Jiri Simsaab5f4ff2014-11-18 15:31:48 -0800[diff] [blame]201 }
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]202 fmt.Printf(prompt)
203 stop := make(chan bool)
204 defer close(stop)
205 state, err := terminal.GetState(int(os.Stdin.Fd()))
206 if err != nil {
207 return nil, err
208 }
209 go catchTerminationSignals(stop, state)
Suharsh Sivakumar23ea5352014-11-18 18:10:00 -0800[diff] [blame]210 defer fmt.Printf("\n")
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]211 return terminal.ReadPassword(int(os.Stdin.Fd()))
212}
213
Suharsh Sivakumar23ea5352014-11-18 18:10:00 -0800[diff] [blame]214// readPassword reads form Stdin until it sees '\n' or EOF.
215func readPassword() ([]byte, error) {
216 var pass []byte
217 var total int
218 for {
219 b := make([]byte, 1)
220 count, err := os.Stdin.Read(b)
221 if err != nil && err != io.EOF {
222 return nil, err
223 }
224 if err == io.EOF || b[0] == '\n' {
225 return pass[:total], nil
226 }
227 total += count
228 pass = secureAppend(pass, b)
229 }
230}
231
232func secureAppend(s, t []byte) []byte {
233 res := append(s, t...)
234 if len(res) > cap(s) {
235 // When append needs to allocate a new array, clear out the old one.
236 for i := range s {
237 s[i] = '0'
238 }
239 }
240 // Clear out the second array.
241 for i := range t {
242 t[i] = '0'
243 }
244 return res
245}
246
Suharsh Sivakumar30ee6662014-10-29 18:10:07 -0700[diff] [blame]247// catchTerminationSignals catches signals to allow us to turn terminal echo back on.
248func catchTerminationSignals(stop <-chan bool, state *terminal.State) {
249 var successErrno syscall.Errno
250 sig := make(chan os.Signal, 4)
251 // Catch the blockable termination signals.
252 signal.Notify(sig, syscall.SIGTERM, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGHUP)
253 select {
254 case <-sig:
255 // Start on new line in terminal.
256 fmt.Printf("\n")
257 if err := terminal.Restore(int(os.Stdin.Fd()), state); err != successErrno {
258 vlog.Errorf("Failed to restore terminal state (%v), you words may not show up when you type, enter 'stty echo' to fix this.", err)
259 }
260 os.Exit(-1)
261 case <-stop:
262 signal.Stop(sig)
263 }
Suharsh Sivakumaraca1c322014-10-21 11:27:32 -0700[diff] [blame]264}
Bogdan Caprita67a62112014-12-23 17:35:55 -0800[diff] [blame]265
266type restartOptions struct {
267 enabled, unless bool
268 code int
269}
270
271func (opts *restartOptions) parse() error {
272 code := *restartExitCode
273 if code == "" {
274 return nil
275 }
276 opts.enabled = true
277 if code[0] == '!' {
278 opts.unless = true
279 code = code[1:]
280 }
281 var err error
282 if opts.code, err = strconv.Atoi(code); err != nil {
283 return fmt.Errorf("Failed to parse restart exit code: %v", err)
284 }
285 return nil
286}
287
288func (opts *restartOptions) restart(exitCode int) bool {
289 return opts.enabled && opts.unless != (exitCode == opts.code)
290}