Add --key-dir flag; warn if key dir is a symlink; move GetSSHDir() to…

… utils
Foxboron · Aug 5, 2023 · ffeafa3 · ffeafa3
1 parent 68f5e32
commit ffeafa3
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 22 deletions.
diff --git a/agent/agent.go b/agent/agent.go
@@ -10,7 +10,6 @@ import (
 	"log"
 	"net"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -210,10 +209,10 @@ func (a *Agent) AddKey(k *key.Key) error {
 	return nil
 }
 
-func (a *Agent) LoadKeys() error {
+func (a *Agent) LoadKeys(keyDir string) error {
 	a.mu.Lock()
 	defer a.mu.Unlock()
-	keys, err := LoadKeys()
+	keys, err := LoadKeys(keyDir)
 	if err != nil {
 		return err
 	}
@@ -222,22 +221,9 @@ func (a *Agent) LoadKeys() error {
 	return nil
 }
 
-func GetSSHDir() string {
-	dirname, err := os.UserHomeDir()
-	if err != nil {
-		panic("$HOME is not defined")
-	}
-	sshdir := path.Join(dirname, ".ssh")
-	realsshdir, err := filepath.EvalSymlinks(sshdir)
-	if err != nil {
-		return sshdir
-	}
-	return realsshdir
-}
-
-func LoadKeys() (map[string]*key.Key, error) {
+func LoadKeys(keyDir string) (map[string]*key.Key, error) {
 	keys := map[string]*key.Key{}
-	err := filepath.WalkDir(GetSSHDir(),
+	err := filepath.WalkDir(keyDir,
 		func(path string, d fs.DirEntry, err error) error {
 			if err != nil {
 				return err

diff --git a/cmd/ssh-tpm-agent/main.go b/cmd/ssh-tpm-agent/main.go
@@ -35,6 +35,9 @@ Options:
 
     --print-socket    Prints the socket to STDIN.
 
+    --key-dir PATH    Path of the directory to look for TPM sealed keys in,
+                      defaults to $HOME/.ssh
+
 ssh-tpm-agent is a program that loads TPM sealed keys for public key
 authentication. It is an ssh-agent(1) compatible program and can be used for
 ssh(1) authentication.
@@ -45,7 +48,8 @@ where produced on and can't be transferred to other machines.
 
 Use ssh-tpm-keygen to create new keys.
 
-The agent loads all TPM sealed keys from $HOME/.ssh.
+The agent loads all TPM sealed keys from $HOME/.ssh, unless --key-dir is
+specified.
 
 Example:
     $ ssh-tpm-agent &
@@ -84,6 +88,7 @@ func main() {
 
 	var (
 		socketPath      string
+		keyDir          string
 		swtpmFlag       bool
 		printSocketFlag bool
 	)
@@ -102,6 +107,7 @@ func main() {
 	flag.Var(&sockets, "A", "fallback ssh-agent sockets")
 	flag.BoolVar(&swtpmFlag, "swtpm", false, "use swtpm instead of actual tpm")
 	flag.BoolVar(&printSocketFlag, "print-socket", false, "print path of UNIX socket to stdout")
+	flag.StringVar(&keyDir, "key-dir", utils.GetSSHDir(), "path of the directory to look for keys in")
 	flag.Parse()
 
 	if socketPath == "" {
@@ -114,6 +120,14 @@ func main() {
 		os.Exit(0)
 	}
 
+	fi, err := os.Lstat(keyDir)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
+		log.Printf("Warning: %s is a symbolic link; will not follow it", keyDir)
+	}
+
 	if term.IsTerminal(int(os.Stdin.Fd())) {
 		log.Println("Warning: ssh-tpm-agent is meant to run as a background daemon.")
 		log.Println("Running multiple instances is likely to lead to conflicts.")
@@ -166,7 +180,7 @@ func main() {
 	}()
 
 	//TODO: Maybe we should allow people to not auto-load keys
-	a.LoadKeys()
+	a.LoadKeys(keyDir)
 
 	a.Wait()
 }
diff --git a/cmd/ssh-tpm-keygen/main.go b/cmd/ssh-tpm-keygen/main.go
@@ -13,7 +13,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/foxboron/ssh-tpm-agent/agent"
 	"github.com/foxboron/ssh-tpm-agent/key"
 	"github.com/foxboron/ssh-tpm-agent/utils"
 	"golang.org/x/crypto/ssh"
@@ -109,7 +108,7 @@ func main() {
 
 	fmt.Println("Generating a sealed public/private ecdsa key pair.")
 
-	filename := path.Join(agent.GetSSHDir(), "id_ecdsa")
+	filename := path.Join(utils.GetSSHDir(), "id_ecdsa")
 	filenameInput, err := getStdin("Enter file in which to save the key (%s): ", filename)
 	if err != nil {
 		log.Fatal(err)

diff --git a/utils/misc.go b/utils/misc.go
@@ -0,0 +1,14 @@
+package utils
+
+import (
+	"os"
+	"path"
+)
+
+func GetSSHDir() string {
+	dirname, err := os.UserHomeDir()
+	if err != nil {
+		panic("$HOME is not defined")
+	}
+	return path.Join(dirname, ".ssh")
+}