diff --git a/agent/sockets/callingcontext.go b/agent/sockets/callingcontext.go index 3541094..7453446 100644 --- a/agent/sockets/callingcontext.go +++ b/agent/sockets/callingcontext.go @@ -16,6 +16,7 @@ type CallingContext struct { ProcessPid int ParentProcessPid int GrandParentProcessPid int + Error bool } func GetCallingContext(connection net.Conn) CallingContext { @@ -28,11 +29,23 @@ func GetCallingContext(connection net.Conn) CallingContext { ProcessPid: 0, ParentProcessPid: 0, GrandParentProcessPid: 0, + Error: true, } if err != nil { return errorContext } - pid, _ := creds.PID() + uid, _ := creds.UserID() + username, err := user.LookupId(uid) + if err != nil { + return errorContext + } + errorContext.UserName = username.Username + + pid, ok := creds.PID() + if !ok { + return errorContext + } + process, err := gops.FindProcess(pid) if err != nil { return errorContext @@ -50,7 +63,6 @@ func GetCallingContext(connection net.Conn) CallingContext { } } - uid, _ := creds.UserID() ppid := process.PPid() if err != nil { return errorContext @@ -66,11 +78,6 @@ func GetCallingContext(connection net.Conn) CallingContext { return errorContext } - username, err := user.LookupId(uid) - if err != nil { - return errorContext - } - return CallingContext{ UserName: username.Username, ProcessName: process.Executable(), @@ -79,5 +86,6 @@ func GetCallingContext(connection net.Conn) CallingContext { ProcessPid: pid, ParentProcessPid: ppid, GrandParentProcessPid: parentParentProcess.PPid(), + Error: false, } } diff --git a/agent/ssh/ssh.go b/agent/ssh/ssh.go index a0f5a85..a084eef 100644 --- a/agent/ssh/ssh.go +++ b/agent/ssh/ssh.go @@ -107,11 +107,23 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur isGit = true } - requestTemplate := "%s on %s>%s>%s is requesting ssh signage with key %s" - if isGit { - requestTemplate = "%s on %s>%s>%s is requesting git signage with key %s" + requestTemplate := "" + message := "" + if !vaultAgent.context.Error { + if isGit { + requestTemplate = "%s on %s>%s>%s is requesting git signage with key %s" + } else { + requestTemplate = "%s on %s>%s>%s is requesting ssh signage with key %s" + } + message = fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name) + } else { + if isGit { + requestTemplate = "%s is requesting git signage with key %s" + } else { + requestTemplate = "%s is requesting ssh signage with key %s" + } + message = fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, sshKey.Name) } - message := fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, vaultAgent.context.GrandParentProcessName, vaultAgent.context.ParentProcessName, vaultAgent.context.ProcessName, sshKey.Name) if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved { log.Info("Sign Request for key: %s denied", sshKey.Name)