409 lines
11 KiB
C
409 lines
11 KiB
C
/**
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
* SSH Agent Virtual Channel Extension
|
|
*
|
|
* Copyright 2013 Christian Hofstaedtler
|
|
* Copyright 2015 Thincast Technologies GmbH
|
|
* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
|
|
* Copyright 2017 Ben Cohen
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/*
|
|
* sshagent_main.c: DVC plugin to forward queries from RDP to the ssh-agent
|
|
*
|
|
* This relays data to and from an ssh-agent program equivalent running on the
|
|
* RDP server to an ssh-agent running locally. Unlike the normal ssh-agent,
|
|
* which sends data over an SSH channel, the data is send over an RDP dynamic
|
|
* virtual channel.
|
|
*
|
|
* protocol specification:
|
|
* Forward data verbatim over RDP dynamic virtual channel named "sshagent"
|
|
* between a ssh client on the xrdp server and the real ssh-agent where
|
|
* the RDP client is running. Each connection by a separate client to
|
|
* xrdp-ssh-agent gets a separate DVC invocation.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/un.h>
|
|
#include <pwd.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
|
|
#include <winpr/crt.h>
|
|
#include <winpr/synch.h>
|
|
#include <winpr/thread.h>
|
|
#include <winpr/stream.h>
|
|
|
|
#include "sshagent_main.h"
|
|
#include <freerdp/channels/log.h>
|
|
|
|
#define TAG CHANNELS_TAG("sshagent.client")
|
|
|
|
typedef struct _SSHAGENT_LISTENER_CALLBACK SSHAGENT_LISTENER_CALLBACK;
|
|
struct _SSHAGENT_LISTENER_CALLBACK
|
|
{
|
|
IWTSListenerCallback iface;
|
|
|
|
IWTSPlugin* plugin;
|
|
IWTSVirtualChannelManager* channel_mgr;
|
|
|
|
rdpContext* rdpcontext;
|
|
const char* agent_uds_path;
|
|
};
|
|
|
|
typedef struct _SSHAGENT_CHANNEL_CALLBACK SSHAGENT_CHANNEL_CALLBACK;
|
|
struct _SSHAGENT_CHANNEL_CALLBACK
|
|
{
|
|
IWTSVirtualChannelCallback iface;
|
|
|
|
IWTSPlugin* plugin;
|
|
IWTSVirtualChannelManager* channel_mgr;
|
|
IWTSVirtualChannel* channel;
|
|
|
|
rdpContext* rdpcontext;
|
|
int agent_fd;
|
|
HANDLE thread;
|
|
CRITICAL_SECTION lock;
|
|
};
|
|
|
|
typedef struct _SSHAGENT_PLUGIN SSHAGENT_PLUGIN;
|
|
struct _SSHAGENT_PLUGIN
|
|
{
|
|
IWTSPlugin iface;
|
|
|
|
SSHAGENT_LISTENER_CALLBACK* listener_callback;
|
|
|
|
rdpContext* rdpcontext;
|
|
};
|
|
|
|
|
|
/**
|
|
* Function to open the connection to the sshagent
|
|
*
|
|
* @return The fd on success, otherwise -1
|
|
*/
|
|
static int connect_to_sshagent(const char* udspath)
|
|
{
|
|
int agent_fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
|
|
if (agent_fd == -1)
|
|
{
|
|
WLog_ERR(TAG, "Can't open Unix domain socket!");
|
|
return -1;
|
|
}
|
|
|
|
struct sockaddr_un addr;
|
|
|
|
memset(&addr, 0, sizeof(addr));
|
|
|
|
addr.sun_family = AF_UNIX;
|
|
|
|
strncpy(addr.sun_path, udspath, sizeof(addr.sun_path) - 1);
|
|
|
|
int rc = connect(agent_fd, (struct sockaddr*)&addr, sizeof(addr));
|
|
|
|
if (rc != 0)
|
|
{
|
|
WLog_ERR(TAG, "Can't connect to Unix domain socket \"%s\"!",
|
|
udspath);
|
|
close(agent_fd);
|
|
return -1;
|
|
}
|
|
|
|
return agent_fd;
|
|
}
|
|
|
|
|
|
/**
|
|
* Entry point for thread to read from the ssh-agent socket and forward
|
|
* the data to RDP
|
|
*
|
|
* @return NULL
|
|
*/
|
|
static DWORD WINAPI sshagent_read_thread(LPVOID data)
|
|
{
|
|
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)data;
|
|
BYTE buffer[4096];
|
|
int going = 1;
|
|
UINT status = CHANNEL_RC_OK;
|
|
|
|
while (going)
|
|
{
|
|
int bytes_read = read(callback->agent_fd,
|
|
buffer,
|
|
sizeof(buffer));
|
|
|
|
if (bytes_read == 0)
|
|
{
|
|
/* Socket closed cleanly at other end */
|
|
going = 0;
|
|
}
|
|
else if (bytes_read < 0)
|
|
{
|
|
if (errno != EINTR)
|
|
{
|
|
WLog_ERR(TAG,
|
|
"Error reading from sshagent, errno=%d",
|
|
errno);
|
|
status = ERROR_READ_FAULT;
|
|
going = 0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* Something read: forward to virtual channel */
|
|
status = callback->channel->Write(callback->channel,
|
|
bytes_read,
|
|
buffer,
|
|
NULL);
|
|
|
|
if (status != CHANNEL_RC_OK)
|
|
{
|
|
going = 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
close(callback->agent_fd);
|
|
|
|
if (status != CHANNEL_RC_OK)
|
|
setChannelError(callback->rdpcontext, status,
|
|
"sshagent_read_thread reported an error");
|
|
|
|
ExitThread(status);
|
|
return status;
|
|
}
|
|
|
|
/**
|
|
* Callback for data received from the RDP server; forward this to ssh-agent
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
static UINT sshagent_on_data_received(IWTSVirtualChannelCallback* pChannelCallback, wStream* data)
|
|
{
|
|
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*) pChannelCallback;
|
|
BYTE* pBuffer = Stream_Pointer(data);
|
|
UINT32 cbSize = Stream_GetRemainingLength(data);
|
|
BYTE* pos = pBuffer;
|
|
/* Forward what we have received to the ssh agent */
|
|
UINT32 bytes_to_write = cbSize;
|
|
errno = 0;
|
|
|
|
while (bytes_to_write > 0)
|
|
{
|
|
int bytes_written = write(callback->agent_fd, pos,
|
|
bytes_to_write);
|
|
|
|
if (bytes_written < 0)
|
|
{
|
|
if (errno != EINTR)
|
|
{
|
|
WLog_ERR(TAG,
|
|
"Error writing to sshagent, errno=%d",
|
|
errno);
|
|
return ERROR_WRITE_FAULT;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
bytes_to_write -= bytes_written;
|
|
pos += bytes_written;
|
|
}
|
|
}
|
|
|
|
/* Consume stream */
|
|
Stream_Seek(data, cbSize);
|
|
return CHANNEL_RC_OK;
|
|
}
|
|
|
|
/**
|
|
* Callback for when the virtual channel is closed
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
static UINT sshagent_on_close(IWTSVirtualChannelCallback* pChannelCallback)
|
|
{
|
|
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*) pChannelCallback;
|
|
/* Call shutdown() to wake up the read() in sshagent_read_thread(). */
|
|
shutdown(callback->agent_fd, SHUT_RDWR);
|
|
EnterCriticalSection(&callback->lock);
|
|
|
|
if (WaitForSingleObject(callback->thread, INFINITE) == WAIT_FAILED)
|
|
{
|
|
UINT error = GetLastError();
|
|
WLog_ERR(TAG, "WaitForSingleObject failed with error %"PRIu32"!", error);
|
|
return error;
|
|
}
|
|
|
|
CloseHandle(callback->thread);
|
|
LeaveCriticalSection(&callback->lock);
|
|
DeleteCriticalSection(&callback->lock);
|
|
free(callback);
|
|
return CHANNEL_RC_OK;
|
|
}
|
|
|
|
|
|
/**
|
|
* Callback for when a new virtual channel is opened
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
static UINT sshagent_on_new_channel_connection(IWTSListenerCallback* pListenerCallback,
|
|
IWTSVirtualChannel* pChannel, BYTE* Data, BOOL* pbAccept,
|
|
IWTSVirtualChannelCallback** ppCallback)
|
|
{
|
|
SSHAGENT_CHANNEL_CALLBACK* callback;
|
|
SSHAGENT_LISTENER_CALLBACK* listener_callback = (SSHAGENT_LISTENER_CALLBACK*) pListenerCallback;
|
|
callback = (SSHAGENT_CHANNEL_CALLBACK*) calloc(1, sizeof(SSHAGENT_CHANNEL_CALLBACK));
|
|
|
|
if (!callback)
|
|
{
|
|
WLog_ERR(TAG, "calloc failed!");
|
|
return CHANNEL_RC_NO_MEMORY;
|
|
}
|
|
|
|
/* Now open a connection to the local ssh-agent. Do this for each
|
|
* connection to the plugin in case we mess up the agent session. */
|
|
callback->agent_fd
|
|
= connect_to_sshagent(listener_callback->agent_uds_path);
|
|
|
|
if (callback->agent_fd == -1)
|
|
{
|
|
free(callback);
|
|
return CHANNEL_RC_INITIALIZATION_ERROR;
|
|
}
|
|
|
|
InitializeCriticalSection(&callback->lock);
|
|
callback->iface.OnDataReceived = sshagent_on_data_received;
|
|
callback->iface.OnClose = sshagent_on_close;
|
|
callback->plugin = listener_callback->plugin;
|
|
callback->channel_mgr = listener_callback->channel_mgr;
|
|
callback->channel = pChannel;
|
|
callback->rdpcontext = listener_callback->rdpcontext;
|
|
callback->thread
|
|
= CreateThread(NULL,
|
|
0,
|
|
sshagent_read_thread,
|
|
(void*) callback,
|
|
0,
|
|
NULL);
|
|
|
|
if (!callback->thread)
|
|
{
|
|
WLog_ERR(TAG, "CreateThread failed!");
|
|
DeleteCriticalSection(&callback->lock);
|
|
free(callback);
|
|
return CHANNEL_RC_INITIALIZATION_ERROR;
|
|
}
|
|
|
|
*ppCallback = (IWTSVirtualChannelCallback*) callback;
|
|
return CHANNEL_RC_OK;
|
|
}
|
|
|
|
/**
|
|
* Callback for when the plugin is initialised
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
static UINT sshagent_plugin_initialize(IWTSPlugin* pPlugin, IWTSVirtualChannelManager* pChannelMgr)
|
|
{
|
|
SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*) pPlugin;
|
|
sshagent->listener_callback = (SSHAGENT_LISTENER_CALLBACK*) calloc(1,
|
|
sizeof(SSHAGENT_LISTENER_CALLBACK));
|
|
|
|
if (!sshagent->listener_callback)
|
|
{
|
|
WLog_ERR(TAG, "calloc failed!");
|
|
return CHANNEL_RC_NO_MEMORY;
|
|
}
|
|
|
|
sshagent->listener_callback->rdpcontext = sshagent->rdpcontext;
|
|
sshagent->listener_callback->iface.OnNewChannelConnection = sshagent_on_new_channel_connection;
|
|
sshagent->listener_callback->plugin = pPlugin;
|
|
sshagent->listener_callback->channel_mgr = pChannelMgr;
|
|
sshagent->listener_callback->agent_uds_path = getenv("SSH_AUTH_SOCK");
|
|
|
|
if (sshagent->listener_callback->agent_uds_path == NULL)
|
|
{
|
|
WLog_ERR(TAG, "Environment variable $SSH_AUTH_SOCK undefined!");
|
|
free(sshagent->listener_callback);
|
|
sshagent->listener_callback = NULL;
|
|
return CHANNEL_RC_INITIALIZATION_ERROR;
|
|
}
|
|
|
|
return pChannelMgr->CreateListener(pChannelMgr, "SSHAGENT", 0,
|
|
(IWTSListenerCallback*) sshagent->listener_callback, NULL);
|
|
}
|
|
|
|
/**
|
|
* Callback for when the plugin is terminated
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
static UINT sshagent_plugin_terminated(IWTSPlugin* pPlugin)
|
|
{
|
|
SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*) pPlugin;
|
|
free(sshagent);
|
|
return CHANNEL_RC_OK;
|
|
}
|
|
|
|
#ifdef BUILTIN_CHANNELS
|
|
#define DVCPluginEntry sshagent_DVCPluginEntry
|
|
#else
|
|
#define DVCPluginEntry FREERDP_API DVCPluginEntry
|
|
#endif
|
|
|
|
/**
|
|
* Main entry point for sshagent DVC plugin
|
|
*
|
|
* @return 0 on success, otherwise a Win32 error code
|
|
*/
|
|
UINT DVCPluginEntry(IDRDYNVC_ENTRY_POINTS* pEntryPoints)
|
|
{
|
|
UINT status = CHANNEL_RC_OK;
|
|
SSHAGENT_PLUGIN* sshagent;
|
|
sshagent = (SSHAGENT_PLUGIN*) pEntryPoints->GetPlugin(pEntryPoints, "sshagent");
|
|
|
|
if (!sshagent)
|
|
{
|
|
sshagent = (SSHAGENT_PLUGIN*) calloc(1, sizeof(SSHAGENT_PLUGIN));
|
|
|
|
if (!sshagent)
|
|
{
|
|
WLog_ERR(TAG, "calloc failed!");
|
|
return CHANNEL_RC_NO_MEMORY;
|
|
}
|
|
|
|
sshagent->iface.Initialize = sshagent_plugin_initialize;
|
|
sshagent->iface.Connected = NULL;
|
|
sshagent->iface.Disconnected = NULL;
|
|
sshagent->iface.Terminated = sshagent_plugin_terminated;
|
|
sshagent->rdpcontext = ((freerdp*)((rdpSettings*) pEntryPoints->GetRdpSettings(
|
|
pEntryPoints))->instance)->context;
|
|
status = pEntryPoints->RegisterPlugin(pEntryPoints, "sshagent", (IWTSPlugin*) sshagent);
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
/* vim: set sw=8:ts=8:noet: */
|