Add ssh_agent source from test.

This commit is contained in:
Michael Jumper 2013-12-01 17:05:55 -08:00
parent 66b5e704b7
commit 755c677304
5 changed files with 320 additions and 1 deletions

View File

@ -558,6 +558,34 @@ AM_CONDITIONAL([ENABLE_SSH], [test "x${have_libssh2}" = "xyes" \
AC_SUBST(SSH_LIBS)
#
# Agent forwarding support within libssh2
#
if test "x${have_libssh2}" = "xyes"
then
have_ssh_agent=yes
AC_CHECK_DECL([libssh2_channel_request_auth_agent],
[], [have_ssh_agent=no],
[[#include <libssh2.h>]])
AM_CONDITIONAL([ENABLE_SSH_AGENT], [test "x${have_ssh_agent}" = "xyes"])
if test "x${have_ssh_agent}" = "xno"
then
AC_MSG_WARN([
--------------------------------------------
No agent forwarding found in libssh2.
Support for agent forwarding will not be built.
--------------------------------------------])
else
AC_DEFINE([ENABLE_SSH_AGENT])
fi
fi
AC_CONFIG_FILES([Makefile
tests/Makefile
src/libguac/Makefile

View File

@ -75,6 +75,12 @@ noinst_HEADERS = \
terminal_handlers.h \
types.h
# Add agent sources if enabled
if ENABLE_SSH_AGENT
libguac_client_ssh_la_SOURCES += ssh_agent.c
noinst_HEADERS += ssh_agent.h
endif
libguac_client_ssh_la_CFLAGS = -Werror -Wall -pedantic -Iinclude @PANGO_CFLAGS@ @PANGOCAIRO_CFLAGS@ @LIBGUAC_INCLUDE@
libguac_client_ssh_la_LIBADD = @LIBGUAC_LTLIB@
libguac_client_ssh_la_LDFLAGS = -version-info 0:0:0 @SSH_LIBS@ @SSL_LIBS@ @PTHREAD_LIBS@ @PANGO_LIBS@ @PANGOCAIRO_LIBS@ @CAIRO_LIBS@

View File

@ -0,0 +1,206 @@
#include <stdio.h>
#include <stdint.h>
#include <unistd.h>
#include <libssh2.h>
#include <pthread.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <guacamole/client.h>
#include "client.h"
#include "ssh_agent.h"
#include "ssh_buffer.h"
void ssh_auth_agent_sign(ssh_auth_agent* agent, char* data, int data_length) {
LIBSSH2_CHANNEL* channel = agent->channel;
ssh_key* key = agent->identity;
char sig[4096];
int sig_len;
char buffer[4096];
char* pos = buffer;
/* Sign with key */
sig_len = ssh_key_sign(key, data, data_length, (u_char*) sig);
if (sig_len < 0)
return;
buffer_write_uint32(&pos, 1+4 + 4+7 + 4+sig_len);
buffer_write_byte(&pos, SSH2_AGENT_SIGN_RESPONSE);
buffer_write_uint32(&pos, 4+7 + 4+sig_len);
/* Write key type */
if (key->type == SSH_KEY_RSA)
buffer_write_string(&pos, "ssh-rsa", 7);
else if (key->type == SSH_KEY_DSA)
buffer_write_string(&pos, "ssh-dsa", 7);
else
return;
/* Write signature */
buffer_write_string(&pos, sig, sig_len);
libssh2_channel_write(channel, buffer, pos-buffer);
libssh2_channel_flush(channel);
usleep(10000);
}
void ssh_auth_agent_list_identities(ssh_auth_agent* auth_agent) {
LIBSSH2_CHANNEL* channel = auth_agent->channel;
ssh_key* key = auth_agent->identity;
char buffer[4096];
char* pos = buffer;
buffer_write_uint32(&pos, 1+4
+ key->public_key_length+4
+ sizeof("comment")+3);
buffer_write_byte(&pos, SSH2_AGENT_IDENTITIES_ANSWER);
buffer_write_uint32(&pos, 1);
buffer_write_string(&pos, key->public_key, key->public_key_length);
buffer_write_string(&pos, "comment", sizeof("comment")-1);
libssh2_channel_write(channel, buffer, pos-buffer);
libssh2_channel_flush(channel);
usleep(10000);
}
void ssh_auth_agent_handle_packet(ssh_auth_agent* auth_agent, uint8_t type,
char* data, int data_length) {
switch (type) {
/* List identities */
case SSH2_AGENT_REQUEST_IDENTITIES:
ssh_auth_agent_list_identities(auth_agent);
break;
/* Sign request */
case SSH2_AGENT_SIGN_REQUEST: {
char* pos = data;
int key_blob_length;
int sign_data_length;
char* sign_data;
/* Skip past key, read data, ignore flags */
buffer_read_string(&pos, &key_blob_length);
sign_data = buffer_read_string(&pos, &sign_data_length);
/* Sign given data */
ssh_auth_agent_sign(auth_agent, sign_data, sign_data_length);
break;
}
/* Otherwise, return failure */
default:
libssh2_channel_write(auth_agent->channel,
UNSUPPORTED, sizeof(UNSUPPORTED)-1);
}
}
void* ssh_auth_agent_read_thread(void* arg) {
ssh_auth_agent* auth_agent = (ssh_auth_agent*) arg;
LIBSSH2_CHANNEL* channel = auth_agent->channel;
int bytes_read;
char buffer[4096];
int buffer_length = 0;
/* Wait for channel to settle */
usleep(10000);
do {
/* Read data into buffer */
while ((bytes_read = libssh2_channel_read(channel, buffer+buffer_length,
sizeof(buffer)-buffer_length)) >= 0
|| bytes_read == LIBSSH2_ERROR_EAGAIN) {
/* If re-read required, wait a bit and retry */
if (bytes_read == LIBSSH2_ERROR_EAGAIN) {
usleep(10000);
continue;
}
/* Update buffer length */
buffer_length += bytes_read;
/* Read length and type if given */
if (buffer_length >= 5) {
/* Read length */
uint32_t length =
(((unsigned char*) buffer)[0] << 24)
| (((unsigned char*) buffer)[1] << 16)
| (((unsigned char*) buffer)[2] << 8)
| ((unsigned char*) buffer)[3];
/* Read type */
uint8_t type = ((unsigned char*) buffer)[4];
/* If enough data read, call handler, shift data */
if (buffer_length >= length+4) {
ssh_auth_agent_handle_packet(auth_agent, type,
buffer+5, length-1);
buffer_length -= length+4;
memmove(buffer, buffer+length+4, buffer_length);
}
} /* end if have length and type */
/* If EOF, stop now */
if (libssh2_channel_eof(channel))
break;
} /* end packet fill */
} while (bytes_read >= 0 && !libssh2_channel_eof(channel));
/* Done */
return NULL;
}
void ssh_auth_agent_callback(LIBSSH2_SESSION *session,
LIBSSH2_CHANNEL *channel, void **abstract) {
/* Get client data */
guac_client* client = (guac_client*) *abstract;
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
/* Get base auth agent thread */
pthread_t read_thread;
ssh_auth_agent* auth_agent = malloc(sizeof(ssh_auth_agent));
auth_agent->channel = channel;
auth_agent->identity = client_data->key;
/* Create thread */
pthread_create(&read_thread, NULL, ssh_auth_agent_read_thread, auth_agent);
}

View File

@ -0,0 +1,78 @@
#ifndef _GUAC_SSH_AGENT_H
#define _GUAC_SSH_AGENT_H
#include "ssh_key.h"
/**
* Packet type of an agent identity request.
*/
#define SSH2_AGENT_REQUEST_IDENTITIES 0x0B
/**
* Packet type of an agent identity response.
*/
#define SSH2_AGENT_IDENTITIES_ANSWER 0x0C
/**
* Packet type of an agent sign request.
*/
#define SSH2_AGENT_SIGN_REQUEST 0x0D
/**
* Packet type of an agent sign response.
*/
#define SSH2_AGENT_SIGN_RESPONSE 0x0E
/**
* The packet sent by the SSH agent when an operation is not supported.
*/
#define UNSUPPORTED "\x00\x00\x00\x0C\x05Unsupported"
/**
* Data representing an SSH auth agent.
*/
typedef struct ssh_auth_agent {
/**
* The SSH channel being used for SSH agent protocol.
*/
LIBSSH2_CHANNEL* channel;
/**
* The single private key to use for authentication.
*/
ssh_key* identity;
} ssh_auth_agent;
/**
* Handler for an agent sign request.
*/
void ssh_auth_agent_sign(ssh_auth_agent* auth_agent,
char* data, int data_length);
/**
* Handler for an agent identity request.
*/
void ssh_auth_agent_list_identities(ssh_auth_agent* auth_agent);
/**
* Generic handler for all packets received over the auth agent channel.
*/
void ssh_auth_agent_handle_packet(ssh_auth_agent* auth_agent,
uint8_t type, char* data, int data_length);
/**
* Auth agent channel thread.
*/
void* auth_agent_read_thread(void* arg);
/**
* Libssh2 callback, invoked when the auth agent channel is opened.
*/
void ssh_auth_agent_callback(LIBSSH2_SESSION *session,
LIBSSH2_CHANNEL *channel, void **abstract);
#endif

View File

@ -232,7 +232,8 @@ static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client) {
}
/* Open SSH session */
LIBSSH2_SESSION* session = libssh2_session_init();
LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL,
NULL, client);
if (session == NULL) {
guac_client_log_error(client, "Session allocation failed");
return NULL;