aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabiano FidĂȘncio <fidencio@redhat.com>2015-07-02 15:29:06 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2015-07-07 13:24:55 +0200
commit2bf6e66ffe9f617ec56a4cc4561c533a81d80cdf (patch)
tree9aa7fcb7629fb4abe859c8d9735b6b520a9e1987
parent728c2fbd017451a868ed9471c9d001f6d4ffff96 (diff)
downloadlibssh-2bf6e66ffe9f617ec56a4cc4561c533a81d80cdf.tar.gz
libssh-2bf6e66ffe9f617ec56a4cc4561c533a81d80cdf.tar.xz
libssh-2bf6e66ffe9f617ec56a4cc4561c533a81d80cdf.zip
client: handle agent forward open requests with callbacks
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com> Reviewed-by: Aris Adamantiadis <aris@badcode.be>
-rw-r--r--include/libssh/callbacks.h15
-rw-r--r--include/libssh/libssh.h4
-rw-r--r--src/channels.c19
-rw-r--r--src/messages.c20
4 files changed, 57 insertions, 1 deletions
diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h
index 6bd8c573..20c540e5 100644
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -125,6 +125,18 @@ typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session sessio
const char * originator_address, int originator_port, void *userdata);
/**
+ * @brief Handles an SSH new channel open "auth-agent" request. This happens when the server
+ * sends back an "auth-agent" connection attempt. This is a client-side API
+ * @param session current session handler
+ * @param userdata Userdata to be passed to the callback function.
+ * @returns a valid ssh_channel handle if the request is to be allowed
+ * @returns NULL if the request should not be allowed
+ * @warning The channel pointer returned by this callback must be closed by the application.
+ */
+typedef ssh_channel (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
+ void *userdata);
+
+/**
* The structure to replace libssh functions with appropriate callbacks.
*/
struct ssh_callbacks_struct {
@@ -154,6 +166,9 @@ struct ssh_callbacks_struct {
/** This function will be called when an incoming X11 request is received.
*/
ssh_channel_open_request_x11_callback channel_open_request_x11_function;
+ /** This function will be called when an incoming "auth-agent" request is received.
+ */
+ ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
};
typedef struct ssh_callbacks_struct *ssh_callbacks;
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index e52317f9..232d7c2b 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -188,7 +188,8 @@ enum ssh_channel_type_e {
SSH_CHANNEL_SESSION,
SSH_CHANNEL_DIRECT_TCPIP,
SSH_CHANNEL_FORWARDED_TCPIP,
- SSH_CHANNEL_X11
+ SSH_CHANNEL_X11,
+ SSH_CHANNEL_AUTH_AGENT
};
enum ssh_channel_requests_e {
@@ -401,6 +402,7 @@ LIBSSH_API int ssh_channel_request_sftp(ssh_channel channel);
LIBSSH_API int ssh_channel_request_subsystem(ssh_channel channel, const char *subsystem);
LIBSSH_API int ssh_channel_request_x11(ssh_channel channel, int single_connection, const char *protocol,
const char *cookie, int screen_number);
+LIBSSH_API int ssh_channel_request_auth_agent(ssh_channel channel);
LIBSSH_API int ssh_channel_send_eof(ssh_channel channel);
LIBSSH_API int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct
timeval * timeout);
diff --git a/src/channels.c b/src/channels.c
index 2c841ed3..d8cd1907 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -1982,6 +1982,25 @@ ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
}
/**
+ * @brief Send an "auth-agent-req" channel request over an existing session channel.
+ *
+ * This client-side request will enable forwarding the agent over an secure tunnel.
+ * When the server is ready to open one authentication agent channel, an
+ * ssh_channel_open_request_auth_agent_callback event will be generated.
+ *
+ * @param[in] channel The channel to send signal.
+ *
+ * @return SSH_OK on success, SSH_ERROR if an error occurred
+ */
+int ssh_channel_request_auth_agent(ssh_channel channel) {
+ if (channel == NULL) {
+ return SSH_ERROR;
+ }
+
+ return channel_request(channel, "auth-agent-req@openssh.com", NULL, 0);
+}
+
+/**
* @internal
*
* @brief Handle a SSH_REQUEST_SUCCESS packet normally sent after a global
diff --git a/src/messages.c b/src/messages.c
index d906e696..ec538771 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -294,6 +294,21 @@ static int ssh_execute_client_request(ssh_session session, ssh_message msg)
}
return SSH_OK;
+ } else if (msg->type == SSH_REQUEST_CHANNEL_OPEN
+ && msg->channel_request_open.type == SSH_CHANNEL_AUTH_AGENT
+ && ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
+ channel = session->common.callbacks->channel_open_request_auth_agent_function (session,
+ session->common.callbacks->userdata);
+
+ if (channel != NULL) {
+ rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+
+ return rc;
+ } else {
+ ssh_message_reply_default(msg);
+ }
+
+ return SSH_OK;
}
return rc;
@@ -1070,6 +1085,11 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
goto end;
}
+ if (strcmp(type_c,"auth-agent@openssh.com") == 0) {
+ msg->channel_request_open.type = SSH_CHANNEL_AUTH_AGENT;
+ goto end;
+ }
+
msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
goto end;