client: handle agent forward open requests with callbacks

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Aris Adamantiadis <aris@badcode.be>
2025-05-28 17:41:28 +03:00 · 2015-07-02 15:29:06 +02:00 · 2015-07-02 15:29:06 +02:00 · 2bf6e66ffe
commit 2bf6e66ffe
parent 728c2fbd01
4 changed files with 57 additions and 1 deletions
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@ -124,6 +124,18 @@ typedef void (*ssh_global_request_callback) (ssh_session session,
 typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session session,
      const char * originator_address, int originator_port, void *userdata);

+/**
+ * @brief Handles an SSH new channel open "auth-agent" request. This happens when the server
+ * sends back an "auth-agent" connection attempt. This is a client-side API
+ * @param session current session handler
+ * @param userdata Userdata to be passed to the callback function.
+ * @returns a valid ssh_channel handle if the request is to be allowed
+ * @returns NULL if the request should not be allowed
+ * @warning The channel pointer returned by this callback must be closed by the application.
+ */
+typedef ssh_channel (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
+      void *userdata);
+
 /**
 * The structure to replace libssh functions with appropriate callbacks.
 */
@ -154,6 +166,9 @@ struct ssh_callbacks_struct {
  /** This function will be called when an incoming X11 request is received.
   */
  ssh_channel_open_request_x11_callback channel_open_request_x11_function;
+  /** This function will be called when an incoming "auth-agent" request is received.
+   */
+  ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
 };
 typedef struct ssh_callbacks_struct *ssh_callbacks;

--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@ -188,7 +188,8 @@ enum ssh_channel_type_e {
 	SSH_CHANNEL_SESSION,
 	SSH_CHANNEL_DIRECT_TCPIP,
 	SSH_CHANNEL_FORWARDED_TCPIP,
-	SSH_CHANNEL_X11
+	SSH_CHANNEL_X11,
+	SSH_CHANNEL_AUTH_AGENT
 };

 enum ssh_channel_requests_e {
@ -401,6 +402,7 @@ LIBSSH_API int ssh_channel_request_sftp(ssh_channel channel);
 LIBSSH_API int ssh_channel_request_subsystem(ssh_channel channel, const char *subsystem);
 LIBSSH_API int ssh_channel_request_x11(ssh_channel channel, int single_connection, const char *protocol,
    const char *cookie, int screen_number);
+LIBSSH_API int ssh_channel_request_auth_agent(ssh_channel channel);
 LIBSSH_API int ssh_channel_send_eof(ssh_channel channel);
 LIBSSH_API int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans, ssh_channel *exceptchans, struct
        timeval * timeout);
--- a/src/channels.c
+++ b/src/channels.c
@ -1981,6 +1981,25 @@ ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
  return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
 }

+/**
+ * @brief Send an "auth-agent-req" channel request over an existing session channel.
+ *
+ * This client-side request will enable forwarding the agent over an secure tunnel.
+ * When the server is ready to open one authentication agent channel, an
+ * ssh_channel_open_request_auth_agent_callback event will be generated.
+ *
+ * @param[in]  channel  The channel to send signal.
+ *
+ * @return              SSH_OK on success, SSH_ERROR if an error occurred
+ */
+int ssh_channel_request_auth_agent(ssh_channel channel) {
+  if (channel == NULL) {
+    return SSH_ERROR;
+  }
+
+  return channel_request(channel, "auth-agent-req@openssh.com", NULL, 0);
+}
+
 /**
 * @internal
 *
--- a/src/messages.c
+++ b/src/messages.c
@ -293,6 +293,21 @@ static int ssh_execute_client_request(ssh_session session, ssh_message msg)
            ssh_message_reply_default(msg);
        }

+        return SSH_OK;
+    } else if (msg->type == SSH_REQUEST_CHANNEL_OPEN
+               && msg->channel_request_open.type == SSH_CHANNEL_AUTH_AGENT
+               && ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
+        channel = session->common.callbacks->channel_open_request_auth_agent_function (session,
+                session->common.callbacks->userdata);
+
+        if (channel != NULL) {
+            rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+
+            return rc;
+        } else {
+            ssh_message_reply_default(msg);
+        }
+
        return SSH_OK;
    }

@ -1070,6 +1085,11 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
    goto end;
  }

+  if (strcmp(type_c,"auth-agent@openssh.com") == 0) {
+    msg->channel_request_open.type = SSH_CHANNEL_AUTH_AGENT;
+    goto end;
+  }
+
  msg->channel_request_open.type = SSH_CHANNEL_UNKNOWN;
  goto end;