From 2bf6e66ffe9f617ec56a4cc4561c533a81d80cdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Thu, 2 Jul 2015 15:29:06 +0200
Subject: client: handle agent forward open requests with callbacks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@badcode.be>
---
 include/libssh/callbacks.h | 15 +++++++++++++++
 include/libssh/libssh.h    |  4 +++-
 src/channels.c             | 19 +++++++++++++++++++
 src/messages.c             | 20 ++++++++++++++++++++
 4 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h
index 6bd8c573..20c540e5 100644
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -124,6 +124,18 @@ typedef void (*ssh_global_request_callback) (ssh_session session,
 typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session session,
       const char * originator_address, int originator_port, void *userdata);
 
+/**
+ * @brief Handles an SSH new channel open "auth-agent" request. This happens when the server
+ * sends back an "auth-agent" connection attempt. This is a client-side API
+ * @param session current session handler
+ * @param userdata Userdata to be passed to the callback function.
+ * @returns a valid ssh_channel handle if the request is to be allowed
+ * @returns NULL if the request should not be allowed
+ * @warning The channel pointer returned by this callback must be closed by the application.
+ */
+typedef ssh_channel (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
+      void *userdata);
+
 /**
  * The structure to replace libssh functions with appropriate callbacks.
  */
@@ -154,6 +166,9 @@ struct ssh_callbacks_struct {
   /** This function will be called when an incoming X11 request is received.
    */
   ssh_channel_open_request_x11_callback channel_open_request_x11_function;
+  /** This function will be called when an incoming "auth-agent" request is received.
+   */
+  ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
 };
 typedef struct ssh_callbacks_struct *ssh_callbacks;
 
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index e52317f9..232d7c2b 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -188,7 +188,8 @@ enum ssh_channel_type_e {
 	SSH_CHANNEL_SESSION,
 	SSH_CHANNEL_DIRECT_TCPIP,
 	SSH_CHANNEL_FORWARDED_TCPIP,
-	SSH_CHANNEL_X11
+	SSH_CHANNEL_X11,
+	SSH_CHANNEL_AUTH_AGENT
 };
 
 enum ssh_channel_requests_e {
@@ -401,6 +402,7 @@ LIBSSH_API int ssh_channel_request_sftp(ssh_channel channel);
 LIBSSH_API int ssh_channel_request_subsystem(ssh_channel channel, const char *subsystem);
 LIBSSH_API int ssh_channel_request_x11(ssh_channel channel, int single_connection, const char *protocol,
     const char *cookie, int screen_number);
+LIBSSH_API int ssh_channel_request_auth_agent(ssh_channel channel);
 LIBSSH_API int ssh_channel_send_eof(ssh_channel channel);
 LIBSSH_API int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct
         timeval * timeout);
diff --git a/src/channels.c b/src/channels.c
index 2c841ed3..d8cd1907 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -1981,6 +1981,25 @@ ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
   return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
 }
 
+/**
+ * @brief Send an "auth-agent-req" channel request over an existing session channel.
+ *
+ * This client-side request will enable forwarding the agent over an secure tunnel.
+ * When the server is ready to open one authentication agent channel, an
+ * ssh_channel_open_request_auth_agent_callback event will be generated.
+ *
+ * @param[in]  channel  The channel to send signal.
+ *
+ * @return              SSH_OK on success, SSH_ERROR if an error occurred
+ */
+int ssh_channel_request_auth_agent(ssh_channel channel) {
+  if (channel == NULL) {
+    return SSH_ERROR;
+  }
+
+  return channel_request(channel, "auth-agent-req@openssh.com", NULL, 0);
+}
+
 /**
  * @internal
  *
diff --git a/src/messages.c b/src/messages.c
index d906e696..ec538771 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -293,6 +293,21 @@ static int ssh_execute_client_request(ssh_session session, ssh_message msg)
             ssh_message_reply_default(msg);
         }
 
+        return SSH_OK;
+    } else if (msg->type == SSH_REQUEST_CHANNEL_OPEN
+               && msg->channel_request_open.type == SSH_CHANNEL_AUTH_AGENT
+               && ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
+        channel = session->common.callbacks->channel_open_request_auth_agent_function (session,
+                session->common.callbacks->userdata);
+
+        if (channel != NULL) {
+            rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+
+            return rc;
+        } else {
+            ssh_message_reply_default(msg);
+        }
+
         return SSH_OK;
     }
 
@@ -1070,6 +1085,11 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
     goto end;
   }
 
+  if (strcmp(type_c,"auth-agent@openssh.com") == 0) {
+    msg->channel_request_open.type = SSH_CHANNEL_AUTH_AGENT;
+    goto end;
+  }
+
   msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
   goto end;
 
-- 
cgit v1.2.3