[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] client code for agent forwarding


Updated patch using callback API, and a fix for a double-free.

Please let me know your thoughts.

Signed off-by: Raf D'Halleweyn <raf@xxxxxxxxxx>

---
 include/libssh/callbacks.h |   16 ++++++++++++++++
 include/libssh/libssh.h    |    4 +++-
 include/libssh/session.h   |    3 +++
 src/channels.c             |   20 ++++++++++++++++++++
 src/messages.c             |   18 ++++++++++++++++++
 5 files changed, 60 insertions(+), 1 deletion(-)

diff -ru -x debian libssh-0.7.3-orig/include/libssh/callbacks.h libssh-0.7.3/include/libssh/callbacks.h
--- libssh-0.7.3-orig/include/libssh/callbacks.h    2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/include/libssh/callbacks.h    2016-03-05 23:50:16.986528824 -0500
@@ -125,6 +125,18 @@
       const char * originator_address, int originator_port, void *userdata);
 
 /**
+ * @brief accept auth-agent forwarding channel initiated by other end.
+ * @param session Current session handler
+ * @param agent_forward_channel the new channel for agent communication
+ * @param userdata Userdata to be passed to the callback function.
+ * @warning the original channel for which forwarding was requested is not
+ * available
+ */
+typedef void (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
+    ssh_channel agent_forward_channel,
+    void *userdata);
+
+/**
  * The structure to replace libssh functions with appropriate callbacks.
  */
 struct ssh_callbacks_struct {
@@ -154,6 +166,10 @@
   /** This function will be called when an incoming X11 request is received.
    */
   ssh_channel_open_request_x11_callback channel_open_request_x11_function;
+  /** This function will be called when a client receives an auth-agent
+   * forwarding channel.
+   */
+  ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
 };
 typedef struct ssh_callbacks_struct *ssh_callbacks;
 
diff -ru -x debian libssh-0.7.3-orig/include/libssh/libssh.h libssh-0.7.3/include/libssh/libssh.h
--- libssh-0.7.3-orig/include/libssh/libssh.h    2016-02-23 02:23:19.000000000 -0500
+++ libssh-0.7.3/include/libssh/libssh.h    2016-03-05 23:49:28.709888129 -0500
@@ -189,7 +189,8 @@
     SSH_CHANNEL_SESSION,
     SSH_CHANNEL_DIRECT_TCPIP,
     SSH_CHANNEL_FORWARDED_TCPIP,
-    SSH_CHANNEL_X11
+    SSH_CHANNEL_X11,
+    SSH_CHANNEL_FORWARDED_AUTH_AGENT
 };
 
 enum ssh_channel_requests_e {
@@ -391,6 +392,7 @@
 LIBSSH_API int ssh_channel_read_timeout(ssh_channel channel, void *dest, uint32_t count, int is_stderr, int timeout_ms);
 LIBSSH_API int ssh_channel_read_nonblocking(ssh_channel channel, void *dest, uint32_t count,
     int is_stderr);
+LIBSSH_API int ssh_channel_request_agent_forwarding(ssh_channel channel);
 LIBSSH_API int ssh_channel_request_env(ssh_channel channel, const char *name, const char *value);
 LIBSSH_API int ssh_channel_request_exec(ssh_channel channel, const char *cmd);
 LIBSSH_API int ssh_channel_request_pty(ssh_channel channel);
diff -ru -x debian libssh-0.7.3-orig/include/libssh/session.h libssh-0.7.3/include/libssh/session.h
--- libssh-0.7.3-orig/include/libssh/session.h    2016-02-15 07:42:53.000000000 -0500
+++ libssh-0.7.3/include/libssh/session.h    2016-03-05 23:49:28.709888129 -0500
@@ -69,6 +69,9 @@
 /* Client successfully authenticated */
 #define SSH_SESSION_FLAG_AUTHENTICATED 2
 
+/* the channel supports auth-agent forwarding */
+#define SSH_SESSION_AUTH_AGENT_FORWARDING 0x4
+
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
 #define SSH_TIMEOUT_INFINITE -1
diff -ru -x debian libssh-0.7.3-orig/src/channels.c libssh-0.7.3/src/channels.c
--- libssh-0.7.3-orig/src/channels.c    2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/src/channels.c    2016-03-05 23:49:28.713888182 -0500
@@ -1600,6 +1600,26 @@
 }
 
 /**
+ * @brief Request to establish agent forwarding
+ *
+ * @param[in]  channel  The channel to send the request.
+ *
+ * @return              SSH_OK on success,
+ *                      SSH_ERROR if an error occurred,
+ *                      SSH_AGAIN if in nonblocking mode and call has
+ *                      to be done again.
+ */
+int ssh_channel_request_agent_forwarding(ssh_channel channel) {
+  if(channel == NULL) {
+      return SSH_ERROR;
+  }
+
+  channel->session->flags |= SSH_SESSION_AUTH_AGENT_FORWARDING;
+
+  return channel_request(channel, "auth-agent-req@xxxxxxxxxxx", NULL, 0);
+}
+
+/**
  * @brief Request a pty with a specific type and size.
  *
  * @param[in]  channel  The channel to sent the request.
diff -ru -x debian libssh-0.7.3-orig/src/messages.c libssh-0.7.3/src/messages.c
--- libssh-0.7.3-orig/src/messages.c    2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/src/messages.c    2016-03-05 23:50:57.479052493 -0500
@@ -1070,6 +1070,24 @@
     goto end;
   }
 
+  if (strcmp(type_c,"auth-agent@xxxxxxxxxxx") == 0) {
+    if (! (session->flags & SSH_SESSION_AUTH_AGENT_FORWARDING)) {
+      /* do not establish agent forwarding if we didn't offer it! */
+      ssh_set_error(session,SSH_FATAL, "Unanounced auth-agent@xxxxxxxxxxx requested, possible server compromise");
+      goto error;
+    }
+    SSH_LOG(SSH_LOG_WARNING, "Establishing an auth-agent channel");
+
+    msg->channel_request_open.type = SSH_CHANNEL_FORWARDED_AUTH_AGENT;
+    if (ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
+      ssh_channel agent_channel = ssh_message_channel_request_open_reply_accept(msg);
+      session->common.callbacks->channel_open_request_auth_agent_function(session,
+        agent_channel,
+        session->common.callbacks->userdata);
+    }
+    goto error;
+  }
+
   msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
   goto end;
 

Follow-Ups:
Re: [PATCH] client code for agent forwardingAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: [PATCH] client code for agent forwardingAndreas Schneider <asn@xxxxxxxxxxxxxx>
References:
Re: [PATCH] client code for agent forwardingAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: [PATCH] client code for agent forwardingRaf D <4287807@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org