[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] client code for agent forwarding
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] client code for agent forwarding
- From: Raf D <4287807@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sat, 19 Mar 2016 21:12:27 -0400
- To: libssh@xxxxxxxxxx
Updated patch using callback API, and a fix for a double-free.
Please let me know your thoughts.
Signed off-by: Raf D'Halleweyn <raf@xxxxxxxxxx>
---
include/libssh/callbacks.h | 16 ++++++++++++++++
include/libssh/libssh.h | 4 +++-
include/libssh/session.h | 3 +++
src/channels.c | 20 ++++++++++++++++++++
src/messages.c | 18 ++++++++++++++++++
5 files changed, 60 insertions(+), 1 deletion(-)
diff -ru -x debian libssh-0.7.3-orig/include/libssh/callbacks.h libssh-0.7.3/include/libssh/callbacks.h
--- libssh-0.7.3-orig/include/libssh/callbacks.h 2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/include/libssh/callbacks.h 2016-03-05 23:50:16.986528824 -0500
@@ -125,6 +125,18 @@
const char * originator_address, int originator_port, void *userdata);
/**
+ * @brief accept auth-agent forwarding channel initiated by other end.
+ * @param session Current session handler
+ * @param agent_forward_channel the new channel for agent communication
+ * @param userdata Userdata to be passed to the callback function.
+ * @warning the original channel for which forwarding was requested is not
+ * available
+ */
+typedef void (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
+ ssh_channel agent_forward_channel,
+ void *userdata);
+
+/**
* The structure to replace libssh functions with appropriate callbacks.
*/
struct ssh_callbacks_struct {
@@ -154,6 +166,10 @@
/** This function will be called when an incoming X11 request is received.
*/
ssh_channel_open_request_x11_callback channel_open_request_x11_function;
+ /** This function will be called when a client receives an auth-agent
+ * forwarding channel.
+ */
+ ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
};
typedef struct ssh_callbacks_struct *ssh_callbacks;
diff -ru -x debian libssh-0.7.3-orig/include/libssh/libssh.h libssh-0.7.3/include/libssh/libssh.h
--- libssh-0.7.3-orig/include/libssh/libssh.h 2016-02-23 02:23:19.000000000 -0500
+++ libssh-0.7.3/include/libssh/libssh.h 2016-03-05 23:49:28.709888129 -0500
@@ -189,7 +189,8 @@
SSH_CHANNEL_SESSION,
SSH_CHANNEL_DIRECT_TCPIP,
SSH_CHANNEL_FORWARDED_TCPIP,
- SSH_CHANNEL_X11
+ SSH_CHANNEL_X11,
+ SSH_CHANNEL_FORWARDED_AUTH_AGENT
};
enum ssh_channel_requests_e {
@@ -391,6 +392,7 @@
LIBSSH_API int ssh_channel_read_timeout(ssh_channel channel, void *dest, uint32_t count, int is_stderr, int timeout_ms);
LIBSSH_API int ssh_channel_read_nonblocking(ssh_channel channel, void *dest, uint32_t count,
int is_stderr);
+LIBSSH_API int ssh_channel_request_agent_forwarding(ssh_channel channel);
LIBSSH_API int ssh_channel_request_env(ssh_channel channel, const char *name, const char *value);
LIBSSH_API int ssh_channel_request_exec(ssh_channel channel, const char *cmd);
LIBSSH_API int ssh_channel_request_pty(ssh_channel channel);
diff -ru -x debian libssh-0.7.3-orig/include/libssh/session.h libssh-0.7.3/include/libssh/session.h
--- libssh-0.7.3-orig/include/libssh/session.h 2016-02-15 07:42:53.000000000 -0500
+++ libssh-0.7.3/include/libssh/session.h 2016-03-05 23:49:28.709888129 -0500
@@ -69,6 +69,9 @@
/* Client successfully authenticated */
#define SSH_SESSION_FLAG_AUTHENTICATED 2
+/* the channel supports auth-agent forwarding */
+#define SSH_SESSION_AUTH_AGENT_FORWARDING 0x4
+
/* codes to use with ssh_handle_packets*() */
/* Infinite timeout */
#define SSH_TIMEOUT_INFINITE -1
diff -ru -x debian libssh-0.7.3-orig/src/channels.c libssh-0.7.3/src/channels.c
--- libssh-0.7.3-orig/src/channels.c 2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/src/channels.c 2016-03-05 23:49:28.713888182 -0500
@@ -1600,6 +1600,26 @@
}
/**
+ * @brief Request to establish agent forwarding
+ *
+ * @param[in] channel The channel to send the request.
+ *
+ * @return SSH_OK on success,
+ * SSH_ERROR if an error occurred,
+ * SSH_AGAIN if in nonblocking mode and call has
+ * to be done again.
+ */
+int ssh_channel_request_agent_forwarding(ssh_channel channel) {
+ if(channel == NULL) {
+ return SSH_ERROR;
+ }
+
+ channel->session->flags |= SSH_SESSION_AUTH_AGENT_FORWARDING;
+
+ return channel_request(channel, "auth-agent-req@xxxxxxxxxxx", NULL, 0);
+}
+
+/**
* @brief Request a pty with a specific type and size.
*
* @param[in] channel The channel to sent the request.
diff -ru -x debian libssh-0.7.3-orig/src/messages.c libssh-0.7.3/src/messages.c
--- libssh-0.7.3-orig/src/messages.c 2016-02-23 02:16:40.000000000 -0500
+++ libssh-0.7.3/src/messages.c 2016-03-05 23:50:57.479052493 -0500
@@ -1070,6 +1070,24 @@
goto end;
}
+ if (strcmp(type_c,"auth-agent@xxxxxxxxxxx") == 0) {
+ if (! (session->flags & SSH_SESSION_AUTH_AGENT_FORWARDING)) {
+ /* do not establish agent forwarding if we didn't offer it! */
+ ssh_set_error(session,SSH_FATAL, "Unanounced auth-agent@xxxxxxxxxxx requested, possible server compromise");
+ goto error;
+ }
+ SSH_LOG(SSH_LOG_WARNING, "Establishing an auth-agent channel");
+
+ msg->channel_request_open.type = SSH_CHANNEL_FORWARDED_AUTH_AGENT;
+ if (ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
+ ssh_channel agent_channel = ssh_message_channel_request_open_reply_accept(msg);
+ session->common.callbacks->channel_open_request_auth_agent_function(session,
+ agent_channel,
+ session->common.callbacks->userdata);
+ }
+ goto error;
+ }
+
msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
goto end;
| Re: [PATCH] client code for agent forwarding | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
| Re: [PATCH] client code for agent forwarding | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
| Re: [PATCH] client code for agent forwarding | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
| Re: [PATCH] client code for agent forwarding | Raf D <4287807@xxxxxxxxxx> |