[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] client code for agent forwarding
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] client code for agent forwarding
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 21 Mar 2016 17:30:33 +0100
- To: libssh@xxxxxxxxxx, Aris Adamantiadis <aris@xxxxxxxxxxxx>
On Saturday 19 March 2016 21:12:27 Raf D wrote:
> Updated patch using callback API, and a fix for a double-free.
Looks fine for me, Aris?
> Please let me know your thoughts.
>
> Signed off-by: Raf D'Halleweyn <raf@xxxxxxxxxx>
>
> ---
> include/libssh/callbacks.h | 16 ++++++++++++++++
> include/libssh/libssh.h | 4 +++-
> include/libssh/session.h | 3 +++
> src/channels.c | 20 ++++++++++++++++++++
> src/messages.c | 18 ++++++++++++++++++
> 5 files changed, 60 insertions(+), 1 deletion(-)
>
> diff -ru -x debian libssh-0.7.3-orig/include/libssh/callbacks.h
> libssh-0.7.3/include/libssh/callbacks.h ---
> libssh-0.7.3-orig/include/libssh/callbacks.h 2016-02-23
> 02:16:40.000000000 -0500 +++ libssh-0.7.3/include/libssh/callbacks.h
> 2016-03-05 23:50:16.986528824 -0500 @@ -125,6 +125,18 @@
> const char * originator_address, int originator_port, void
> *userdata);
>
> /**
> + * @brief accept auth-agent forwarding channel initiated by other end.
> + * @param session Current session handler
> + * @param agent_forward_channel the new channel for agent communication
> + * @param userdata Userdata to be passed to the callback function.
> + * @warning the original channel for which forwarding was requested is not
> + * available
> + */
> +typedef void (*ssh_channel_open_request_auth_agent_callback) (ssh_session
> session, + ssh_channel agent_forward_channel,
> + void *userdata);
> +
> +/**
> * The structure to replace libssh functions with appropriate callbacks.
> */
> struct ssh_callbacks_struct {
> @@ -154,6 +166,10 @@
> /** This function will be called when an incoming X11 request is
> received. */
> ssh_channel_open_request_x11_callback channel_open_request_x11_function;
> + /** This function will be called when a client receives an auth-agent
> + * forwarding channel.
> + */
> + ssh_channel_open_request_auth_agent_callback
> channel_open_request_auth_agent_function; };
> typedef struct ssh_callbacks_struct *ssh_callbacks;
>
> diff -ru -x debian libssh-0.7.3-orig/include/libssh/libssh.h
> libssh-0.7.3/include/libssh/libssh.h ---
> libssh-0.7.3-orig/include/libssh/libssh.h 2016-02-23 02:23:19.000000000
> -0500 +++ libssh-0.7.3/include/libssh/libssh.h 2016-03-05
> 23:49:28.709888129 -0500 @@ -189,7 +189,8 @@
> SSH_CHANNEL_SESSION,
> SSH_CHANNEL_DIRECT_TCPIP,
> SSH_CHANNEL_FORWARDED_TCPIP,
> - SSH_CHANNEL_X11
> + SSH_CHANNEL_X11,
> + SSH_CHANNEL_FORWARDED_AUTH_AGENT
> };
>
> enum ssh_channel_requests_e {
> @@ -391,6 +392,7 @@
> LIBSSH_API int ssh_channel_read_timeout(ssh_channel channel, void *dest,
> uint32_t count, int is_stderr, int timeout_ms); LIBSSH_API int
> ssh_channel_read_nonblocking(ssh_channel channel, void *dest, uint32_t
> count, int is_stderr);
> +LIBSSH_API int ssh_channel_request_agent_forwarding(ssh_channel channel);
> LIBSSH_API int ssh_channel_request_env(ssh_channel channel, const char
> *name, const char *value); LIBSSH_API int
> ssh_channel_request_exec(ssh_channel channel, const char *cmd); LIBSSH_API
> int ssh_channel_request_pty(ssh_channel channel);
> diff -ru -x debian libssh-0.7.3-orig/include/libssh/session.h
> libssh-0.7.3/include/libssh/session.h ---
> libssh-0.7.3-orig/include/libssh/session.h 2016-02-15 07:42:53.000000000
> -0500 +++ libssh-0.7.3/include/libssh/session.h 2016-03-05
> 23:49:28.709888129 -0500 @@ -69,6 +69,9 @@
> /* Client successfully authenticated */
> #define SSH_SESSION_FLAG_AUTHENTICATED 2
>
> +/* the channel supports auth-agent forwarding */
> +#define SSH_SESSION_AUTH_AGENT_FORWARDING 0x4
> +
> /* codes to use with ssh_handle_packets*() */
> /* Infinite timeout */
> #define SSH_TIMEOUT_INFINITE -1
> diff -ru -x debian libssh-0.7.3-orig/src/channels.c
> libssh-0.7.3/src/channels.c --- libssh-0.7.3-orig/src/channels.c
> 2016-02-23 02:16:40.000000000 -0500 +++ libssh-0.7.3/src/channels.c
> 2016-03-05 23:49:28.713888182 -0500 @@ -1600,6 +1600,26 @@
> }
>
> /**
> + * @brief Request to establish agent forwarding
> + *
> + * @param[in] channel The channel to send the request.
> + *
> + * @return SSH_OK on success,
> + * SSH_ERROR if an error occurred,
> + * SSH_AGAIN if in nonblocking mode and call has
> + * to be done again.
> + */
> +int ssh_channel_request_agent_forwarding(ssh_channel channel) {
> + if(channel == NULL) {
> + return SSH_ERROR;
> + }
> +
> + channel->session->flags |= SSH_SESSION_AUTH_AGENT_FORWARDING;
> +
> + return channel_request(channel, "auth-agent-req@xxxxxxxxxxx", NULL, 0);
> +}
> +
> +/**
> * @brief Request a pty with a specific type and size.
> *
> * @param[in] channel The channel to sent the request.
> diff -ru -x debian libssh-0.7.3-orig/src/messages.c
> libssh-0.7.3/src/messages.c --- libssh-0.7.3-orig/src/messages.c
> 2016-02-23 02:16:40.000000000 -0500 +++ libssh-0.7.3/src/messages.c
> 2016-03-05 23:50:57.479052493 -0500 @@ -1070,6 +1070,24 @@
> goto end;
> }
>
> + if (strcmp(type_c,"auth-agent@xxxxxxxxxxx") == 0) {
> + if (! (session->flags & SSH_SESSION_AUTH_AGENT_FORWARDING)) {
> + /* do not establish agent forwarding if we didn't offer it! */
> + ssh_set_error(session,SSH_FATAL, "Unanounced auth-agent@xxxxxxxxxxx
> requested, possible server compromise"); + goto error;
> + }
> + SSH_LOG(SSH_LOG_WARNING, "Establishing an auth-agent channel");
> +
> + msg->channel_request_open.type = SSH_CHANNEL_FORWARDED_AUTH_AGENT;
> + if (ssh_callbacks_exists(session->common.callbacks,
> channel_open_request_auth_agent_function)) { + ssh_channel
> agent_channel = ssh_message_channel_request_open_reply_accept(msg); +
> session->common.callbacks->channel_open_request_auth_agent_function(session
> , + agent_channel,
> + session->common.callbacks->userdata);
> + }
> + goto error;
> + }
> +
> msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
> goto end;
--
Andreas Schneider GPG-ID: CC014E3D
www.cryptomilk.org asn@xxxxxxxxxxxxxx
| Re: [PATCH] client code for agent forwarding | Aris Adamantiadis <aris@xxxxxxxxxxxx> |
| Re: [PATCH] client code for agent forwarding | Raf D <4287807@xxxxxxxxxx> |