Add support for Apple NSNotificationCenter

devinteske · Apr 27, 2014 · 296d954 · 296d954
1 parent f1dd8ad
commit 296d954
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 6 deletions.
diff --git a/OpenSSH-186/openssh/Makefile.in b/OpenSSH-186/openssh/Makefile.in
@@ -41,7 +41,10 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
 
 CC=@CC@
 LD=@LD@
-CFLAGS=@CFLAGS@
+CFLAGS=@CFLAGS@ \
+	-D__APPLE__ \
+	-D__APPLE_KEYCHAIN__ \
+	-D__APPLE_LAUNCHD__
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
 K5LIBS=@K5LIBS@
@@ -57,9 +60,14 @@ PERL=@PERL@
 SED=@SED@
 ENT=@ENT@
 XAUTH_PATH=@XAUTH_PATH@
-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ \
+	-framework Foundation \
+	-framework CoreFoundation \
+	-framework Kerberos \
+	-framework OpenDirectory \
+	-framework Security
 EXEEXT=@EXEEXT@
-KEYCHAIN_LDFLAGS=@KEYCHAIN_LDFLAGS@
+KEYCHAIN_LDFLAGS=
 MANFMT=@MANFMT@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
@@ -156,8 +164,8 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
 ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(KEYCHAINOBJS)
 	$(LD) -o $@ ssh-add.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
-ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o $(KEYCHAINOBJS)
-	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-agent-notify.o ssh-pkcs11-client.o $(KEYCHAINOBJS)
+	$(LD) -o $@ ssh-agent.o ssh-agent-notify.o ssh-pkcs11-client.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
 	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)

diff --git a/OpenSSH-186/openssh/ssh-agent-notify.h b/OpenSSH-186/openssh/ssh-agent-notify.h
@@ -0,0 +1,6 @@
+#ifndef _SSH_AGENT_NOTIFY_H_
+#define _SSH_AGENT_NOTIFY_H_
+
+void notify_user_macos(char *key, char *comment);
+
+#endif /* _SSH_AGENT_NOTIFY_H */
diff --git a/OpenSSH-186/openssh/ssh-agent-notify.m b/OpenSSH-186/openssh/ssh-agent-notify.m
@@ -0,0 +1,69 @@
+#import <Foundation/Foundation.h>
+#import <Foundation/NSUserNotification.h>
+#import <objc/runtime.h>
+#import "ssh-agent-notify.h"
+
+@implementation NSBundle(sshagent)
+- (NSString *)__bundleIdentifier
+{
+	return (self == [NSBundle mainBundle] ? @"com.apple.keychainaccess" :
+	    [self __bundleIdentifier]);
+}
+@end
+
+BOOL
+installNSBundleHook()
+{
+	Class class = objc_getClass("NSBundle");
+	if (class) {
+		method_exchangeImplementations(
+		  class_getInstanceMethod(class, @selector(bundleIdentifier)),
+		  class_getInstanceMethod(class, @selector(__bundleIdentifier))
+		);
+		return YES;
+	}
+	return NO;
+}
+
+#pragma mark - NotificationCenterDelegate
+
+@interface NotificationCenterDelegate:NSObject<NSUserNotificationCenterDelegate>
+@property (nonatomic, assign) BOOL keepRunning;
+@end
+
+@implementation NotificationCenterDelegate
+- (void)userNotificationCenter:(NSUserNotificationCenter *)center
+    didDeliverNotification:(NSUserNotification *)notification
+{
+	self.keepRunning = NO;
+}
+@end
+
+#pragma mark -
+
+void
+notify_user_macos(char *key, char *comment)
+{
+	@autoreleasepool
+	{
+		if (!installNSBundleHook()) return;
+
+		NSUserNotificationCenter *center =
+		    [NSUserNotificationCenter defaultUserNotificationCenter];
+		NotificationCenterDelegate *ncDelegate =
+		    [[NotificationCenterDelegate alloc] init];
+		ncDelegate.keepRunning = YES;
+		center.delegate = ncDelegate;
+
+		NSUserNotification *notification =
+		    [[NSUserNotification alloc] init];
+		[notification setTitle:
+		    @"Key challenge signed for fingerprint"];
+		[notification setSubtitle:
+		    [NSString stringWithUTF8String:key]];
+		[notification setInformativeText:
+		    [NSString stringWithUTF8String:comment]];
+		[notification setSoundName:@"Submarine"];
+		[center scheduleNotification:notification];
+	}
+}
diff --git a/OpenSSH-186/openssh/ssh-agent.c b/OpenSSH-186/openssh/ssh-agent.c
@@ -94,6 +94,8 @@
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
 
+#include "ssh-agent-notify.h"
+
 typedef enum {
 	AUTH_UNUSED,
 	AUTH_SOCKET,
@@ -147,6 +149,18 @@ extern char *__progname;
 /* Default lifetime (0 == forever) */
 static int lifetime = 0;
 
+static void
+notify_user(Identity *id)
+{
+	char *p;
+
+	p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+	debug("notifying key challenge signed for fingerprint %s path %s", p,
+	    id->comment);
+	notify_user_macos(p, id->comment);
+	xfree(p);
+}
+
 static void
 close_socket(SocketEntry *e)
 {
@@ -304,6 +318,9 @@ process_authentication_challenge1(SocketEntry *e)
 		buffer_put_char(&msg, SSH_AGENT_RSA_RESPONSE);
 		for (i = 0; i < 16; i++)
 			buffer_put_char(&msg, mdbuf[i]);
+
+		notify_user(id);
+
 		goto send;
 	}
 
@@ -327,6 +344,7 @@ process_sign_request2(SocketEntry *e)
 	extern int datafellows;
 	int odatafellows;
 	int ok = -1, flags;
+	Identity *id;
 	Buffer msg;
 	Key *key;
 
@@ -342,7 +360,7 @@ process_sign_request2(SocketEntry *e)
 
 	key = key_from_blob(blob, blen);
 	if (key != NULL) {
-		Identity *id = lookup_identity(key, 2);
+		id = lookup_identity(key, 2);
 		if (id != NULL && (!id->confirm || confirm_key(id) == 0))
 			ok = key_sign(id->key, &signature, &slen, data, dlen);
 		key_free(key);
@@ -351,6 +369,7 @@ process_sign_request2(SocketEntry *e)
 	if (ok == 0) {
 		buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE);
 		buffer_put_string(&msg, signature, slen);
+		if (id) notify_user(id);
 	} else {
 		buffer_put_char(&msg, SSH_AGENT_FAILURE);
 	}