Add ssh_agent source from test.
This commit is contained in:
parent
66b5e704b7
commit
755c677304
28
configure.ac
28
configure.ac
@ -558,6 +558,34 @@ AM_CONDITIONAL([ENABLE_SSH], [test "x${have_libssh2}" = "xyes" \
|
||||
|
||||
AC_SUBST(SSH_LIBS)
|
||||
|
||||
#
|
||||
# Agent forwarding support within libssh2
|
||||
#
|
||||
|
||||
if test "x${have_libssh2}" = "xyes"
|
||||
then
|
||||
|
||||
have_ssh_agent=yes
|
||||
AC_CHECK_DECL([libssh2_channel_request_auth_agent],
|
||||
[], [have_ssh_agent=no],
|
||||
[[#include <libssh2.h>]])
|
||||
|
||||
AM_CONDITIONAL([ENABLE_SSH_AGENT], [test "x${have_ssh_agent}" = "xyes"])
|
||||
|
||||
if test "x${have_ssh_agent}" = "xno"
|
||||
then
|
||||
AC_MSG_WARN([
|
||||
--------------------------------------------
|
||||
No agent forwarding found in libssh2.
|
||||
Support for agent forwarding will not be built.
|
||||
--------------------------------------------])
|
||||
else
|
||||
AC_DEFINE([ENABLE_SSH_AGENT])
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
|
||||
AC_CONFIG_FILES([Makefile
|
||||
tests/Makefile
|
||||
src/libguac/Makefile
|
||||
|
@ -75,6 +75,12 @@ noinst_HEADERS = \
|
||||
terminal_handlers.h \
|
||||
types.h
|
||||
|
||||
# Add agent sources if enabled
|
||||
if ENABLE_SSH_AGENT
|
||||
libguac_client_ssh_la_SOURCES += ssh_agent.c
|
||||
noinst_HEADERS += ssh_agent.h
|
||||
endif
|
||||
|
||||
libguac_client_ssh_la_CFLAGS = -Werror -Wall -pedantic -Iinclude @PANGO_CFLAGS@ @PANGOCAIRO_CFLAGS@ @LIBGUAC_INCLUDE@
|
||||
libguac_client_ssh_la_LIBADD = @LIBGUAC_LTLIB@
|
||||
libguac_client_ssh_la_LDFLAGS = -version-info 0:0:0 @SSH_LIBS@ @SSL_LIBS@ @PTHREAD_LIBS@ @PANGO_LIBS@ @PANGOCAIRO_LIBS@ @CAIRO_LIBS@
|
||||
|
206
src/protocols/ssh/ssh_agent.c
Normal file
206
src/protocols/ssh/ssh_agent.c
Normal file
@ -0,0 +1,206 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <libssh2.h>
|
||||
#include <pthread.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#include <guacamole/client.h>
|
||||
|
||||
#include "client.h"
|
||||
#include "ssh_agent.h"
|
||||
#include "ssh_buffer.h"
|
||||
|
||||
void ssh_auth_agent_sign(ssh_auth_agent* agent, char* data, int data_length) {
|
||||
|
||||
LIBSSH2_CHANNEL* channel = agent->channel;
|
||||
ssh_key* key = agent->identity;
|
||||
|
||||
char sig[4096];
|
||||
int sig_len;
|
||||
|
||||
char buffer[4096];
|
||||
char* pos = buffer;
|
||||
|
||||
/* Sign with key */
|
||||
sig_len = ssh_key_sign(key, data, data_length, (u_char*) sig);
|
||||
if (sig_len < 0)
|
||||
return;
|
||||
|
||||
buffer_write_uint32(&pos, 1+4 + 4+7 + 4+sig_len);
|
||||
|
||||
buffer_write_byte(&pos, SSH2_AGENT_SIGN_RESPONSE);
|
||||
buffer_write_uint32(&pos, 4+7 + 4+sig_len);
|
||||
|
||||
/* Write key type */
|
||||
if (key->type == SSH_KEY_RSA)
|
||||
buffer_write_string(&pos, "ssh-rsa", 7);
|
||||
else if (key->type == SSH_KEY_DSA)
|
||||
buffer_write_string(&pos, "ssh-dsa", 7);
|
||||
else
|
||||
return;
|
||||
|
||||
/* Write signature */
|
||||
buffer_write_string(&pos, sig, sig_len);
|
||||
|
||||
libssh2_channel_write(channel, buffer, pos-buffer);
|
||||
libssh2_channel_flush(channel);
|
||||
|
||||
usleep(10000);
|
||||
|
||||
}
|
||||
|
||||
void ssh_auth_agent_list_identities(ssh_auth_agent* auth_agent) {
|
||||
|
||||
LIBSSH2_CHANNEL* channel = auth_agent->channel;
|
||||
ssh_key* key = auth_agent->identity;
|
||||
|
||||
char buffer[4096];
|
||||
char* pos = buffer;
|
||||
|
||||
buffer_write_uint32(&pos, 1+4
|
||||
+ key->public_key_length+4
|
||||
+ sizeof("comment")+3);
|
||||
|
||||
buffer_write_byte(&pos, SSH2_AGENT_IDENTITIES_ANSWER);
|
||||
buffer_write_uint32(&pos, 1);
|
||||
|
||||
buffer_write_string(&pos, key->public_key, key->public_key_length);
|
||||
buffer_write_string(&pos, "comment", sizeof("comment")-1);
|
||||
|
||||
libssh2_channel_write(channel, buffer, pos-buffer);
|
||||
libssh2_channel_flush(channel);
|
||||
|
||||
usleep(10000);
|
||||
|
||||
}
|
||||
|
||||
void ssh_auth_agent_handle_packet(ssh_auth_agent* auth_agent, uint8_t type,
|
||||
char* data, int data_length) {
|
||||
|
||||
switch (type) {
|
||||
|
||||
/* List identities */
|
||||
case SSH2_AGENT_REQUEST_IDENTITIES:
|
||||
ssh_auth_agent_list_identities(auth_agent);
|
||||
break;
|
||||
|
||||
/* Sign request */
|
||||
case SSH2_AGENT_SIGN_REQUEST: {
|
||||
|
||||
char* pos = data;
|
||||
|
||||
int key_blob_length;
|
||||
int sign_data_length;
|
||||
char* sign_data;
|
||||
|
||||
/* Skip past key, read data, ignore flags */
|
||||
buffer_read_string(&pos, &key_blob_length);
|
||||
sign_data = buffer_read_string(&pos, &sign_data_length);
|
||||
|
||||
/* Sign given data */
|
||||
ssh_auth_agent_sign(auth_agent, sign_data, sign_data_length);
|
||||
break;
|
||||
}
|
||||
|
||||
/* Otherwise, return failure */
|
||||
default:
|
||||
libssh2_channel_write(auth_agent->channel,
|
||||
UNSUPPORTED, sizeof(UNSUPPORTED)-1);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void* ssh_auth_agent_read_thread(void* arg) {
|
||||
|
||||
ssh_auth_agent* auth_agent = (ssh_auth_agent*) arg;
|
||||
LIBSSH2_CHANNEL* channel = auth_agent->channel;
|
||||
|
||||
int bytes_read;
|
||||
char buffer[4096];
|
||||
int buffer_length = 0;
|
||||
|
||||
/* Wait for channel to settle */
|
||||
usleep(10000);
|
||||
|
||||
do {
|
||||
|
||||
/* Read data into buffer */
|
||||
while ((bytes_read = libssh2_channel_read(channel, buffer+buffer_length,
|
||||
sizeof(buffer)-buffer_length)) >= 0
|
||||
|| bytes_read == LIBSSH2_ERROR_EAGAIN) {
|
||||
|
||||
/* If re-read required, wait a bit and retry */
|
||||
if (bytes_read == LIBSSH2_ERROR_EAGAIN) {
|
||||
usleep(10000);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Update buffer length */
|
||||
buffer_length += bytes_read;
|
||||
|
||||
/* Read length and type if given */
|
||||
if (buffer_length >= 5) {
|
||||
|
||||
/* Read length */
|
||||
uint32_t length =
|
||||
(((unsigned char*) buffer)[0] << 24)
|
||||
| (((unsigned char*) buffer)[1] << 16)
|
||||
| (((unsigned char*) buffer)[2] << 8)
|
||||
| ((unsigned char*) buffer)[3];
|
||||
|
||||
/* Read type */
|
||||
uint8_t type = ((unsigned char*) buffer)[4];
|
||||
|
||||
/* If enough data read, call handler, shift data */
|
||||
if (buffer_length >= length+4) {
|
||||
|
||||
ssh_auth_agent_handle_packet(auth_agent, type,
|
||||
buffer+5, length-1);
|
||||
|
||||
buffer_length -= length+4;
|
||||
memmove(buffer, buffer+length+4, buffer_length);
|
||||
|
||||
}
|
||||
|
||||
} /* end if have length and type */
|
||||
|
||||
/* If EOF, stop now */
|
||||
if (libssh2_channel_eof(channel))
|
||||
break;
|
||||
|
||||
} /* end packet fill */
|
||||
|
||||
} while (bytes_read >= 0 && !libssh2_channel_eof(channel));
|
||||
|
||||
/* Done */
|
||||
return NULL;
|
||||
|
||||
}
|
||||
|
||||
void ssh_auth_agent_callback(LIBSSH2_SESSION *session,
|
||||
LIBSSH2_CHANNEL *channel, void **abstract) {
|
||||
|
||||
/* Get client data */
|
||||
guac_client* client = (guac_client*) *abstract;
|
||||
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
|
||||
|
||||
/* Get base auth agent thread */
|
||||
pthread_t read_thread;
|
||||
ssh_auth_agent* auth_agent = malloc(sizeof(ssh_auth_agent));
|
||||
|
||||
auth_agent->channel = channel;
|
||||
auth_agent->identity = client_data->key;
|
||||
|
||||
/* Create thread */
|
||||
pthread_create(&read_thread, NULL, ssh_auth_agent_read_thread, auth_agent);
|
||||
|
||||
}
|
||||
|
78
src/protocols/ssh/ssh_agent.h
Normal file
78
src/protocols/ssh/ssh_agent.h
Normal file
@ -0,0 +1,78 @@
|
||||
|
||||
#ifndef _GUAC_SSH_AGENT_H
|
||||
#define _GUAC_SSH_AGENT_H
|
||||
|
||||
#include "ssh_key.h"
|
||||
|
||||
/**
|
||||
* Packet type of an agent identity request.
|
||||
*/
|
||||
#define SSH2_AGENT_REQUEST_IDENTITIES 0x0B
|
||||
|
||||
/**
|
||||
* Packet type of an agent identity response.
|
||||
*/
|
||||
#define SSH2_AGENT_IDENTITIES_ANSWER 0x0C
|
||||
|
||||
/**
|
||||
* Packet type of an agent sign request.
|
||||
*/
|
||||
#define SSH2_AGENT_SIGN_REQUEST 0x0D
|
||||
|
||||
/**
|
||||
* Packet type of an agent sign response.
|
||||
*/
|
||||
#define SSH2_AGENT_SIGN_RESPONSE 0x0E
|
||||
|
||||
/**
|
||||
* The packet sent by the SSH agent when an operation is not supported.
|
||||
*/
|
||||
#define UNSUPPORTED "\x00\x00\x00\x0C\x05Unsupported"
|
||||
|
||||
/**
|
||||
* Data representing an SSH auth agent.
|
||||
*/
|
||||
typedef struct ssh_auth_agent {
|
||||
|
||||
/**
|
||||
* The SSH channel being used for SSH agent protocol.
|
||||
*/
|
||||
LIBSSH2_CHANNEL* channel;
|
||||
|
||||
/**
|
||||
* The single private key to use for authentication.
|
||||
*/
|
||||
ssh_key* identity;
|
||||
|
||||
} ssh_auth_agent;
|
||||
|
||||
/**
|
||||
* Handler for an agent sign request.
|
||||
*/
|
||||
void ssh_auth_agent_sign(ssh_auth_agent* auth_agent,
|
||||
char* data, int data_length);
|
||||
|
||||
/**
|
||||
* Handler for an agent identity request.
|
||||
*/
|
||||
void ssh_auth_agent_list_identities(ssh_auth_agent* auth_agent);
|
||||
|
||||
/**
|
||||
* Generic handler for all packets received over the auth agent channel.
|
||||
*/
|
||||
void ssh_auth_agent_handle_packet(ssh_auth_agent* auth_agent,
|
||||
uint8_t type, char* data, int data_length);
|
||||
|
||||
/**
|
||||
* Auth agent channel thread.
|
||||
*/
|
||||
void* auth_agent_read_thread(void* arg);
|
||||
|
||||
/**
|
||||
* Libssh2 callback, invoked when the auth agent channel is opened.
|
||||
*/
|
||||
void ssh_auth_agent_callback(LIBSSH2_SESSION *session,
|
||||
LIBSSH2_CHANNEL *channel, void **abstract);
|
||||
|
||||
#endif
|
||||
|
@ -232,7 +232,8 @@ static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client) {
|
||||
}
|
||||
|
||||
/* Open SSH session */
|
||||
LIBSSH2_SESSION* session = libssh2_session_init();
|
||||
LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL,
|
||||
NULL, client);
|
||||
if (session == NULL) {
|
||||
guac_client_log_error(client, "Session allocation failed");
|
||||
return NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user