mirror of
https://github.com/libssh2/libssh2.git
synced 2025-11-03 22:13:11 +03:00
a1a28ac943
- kex: drop unused assigment. - knownhost: error when salt is NULL. - mbedtls: avoid unnecessary inline assigments, that were ignored for the second block and replaceable with a `ret = 0` initialization for the first one. - mbedtls: fix ignoring an API failure and ending up calling `mbedtls_rsa_check_privkey()` unconditionally. - misc: initialize datalen on error in `_libssh2_base64_decode()`. - openssl: drop unused assigments. - openssl: fix unused static function. - packet: avoid NULL deref. - packet: avoid NULL in `memcpy` src. - publickey: optimize struct layout to avoid padding. - sftp: replace ignored `rc` error assigment with `_libssh2_error()` call. - transport: fix potential NULL ptr dereferences. - transport: silence uninitialized value warnings. - userauth: drop unused assigment. - userauth: possible use of unitialized pointer. - userauth: replace `rewind()` with `fseek()`. `rewind()` returns an error condition in `errno`. `errno` is problematic and reduces portability. Use `fseek()` to avoid it. - userauth: replace potential NULL deref by returning error from `sign_frommemory()`. Possible false positive. `rc` should be set upstream if the callback is NULL. - userauth: replace potential NULL deref by returning error from `sign_fromfile()`. clang-tidy did not warn about this one, but let's match `sign_frommemory()` anyway. - wincng: fix potentially unused macros. - wincng: make sure bignum is not NULL before use. tests: - openssh_fixture: drop unused assignment. - session_fixture: exit if `username` not set, to avoid `strlen(NULL)`. - session_fixture: replace `rewind()` with `fseek()`. `rewind()` returns an error condition in `errno`. `errno` is problematic and reduces portability. Use `fseek()` to avoid it. - test_read: exit if `username` not set, to avoid `strlen(NULL)`. examples: - scp_write_nonblock: fix file handle leak. - sftp_write_nonblock: file handle leak on error. - sftp_write_sliding: file handle leak on error. - ssh2_agent_forwarding: fix unused error codes. Details in the subcommits under the PR. Thanks-to: Michael Buckley Thanks-to: Will Cosgrove Closes #1561
310 lines
8.0 KiB
C
310 lines
8.0 KiB
C
/* Copyright (C) The libssh2 project and its contributors.
|
|
*
|
|
* Sample showing how to use libssh2 to request agent forwarding
|
|
* on the remote host. The command executed will run with agent forwarded
|
|
* so you should be able to do things like clone out protected git
|
|
* repos and such.
|
|
*
|
|
* The example uses agent authentication to ensure an agent to forward
|
|
* is running.
|
|
*
|
|
* $ ./ssh2_agent_forwarding 127.0.0.1 user "uptime"
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include "libssh2_setup.h"
|
|
#include <libssh2.h>
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
#include <sys/socket.h>
|
|
#endif
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
#ifdef HAVE_NETINET_IN_H
|
|
#include <netinet/in.h>
|
|
#endif
|
|
#ifdef HAVE_ARPA_INET_H
|
|
#include <arpa/inet.h>
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
static const char *hostname = "127.0.0.1";
|
|
static const char *commandline = "uptime";
|
|
static const char *username;
|
|
|
|
static int waitsocket(libssh2_socket_t socket_fd, LIBSSH2_SESSION *session)
|
|
{
|
|
struct timeval timeout;
|
|
int rc;
|
|
fd_set fd;
|
|
fd_set *writefd = NULL;
|
|
fd_set *readfd = NULL;
|
|
int dir;
|
|
|
|
timeout.tv_sec = 10;
|
|
timeout.tv_usec = 0;
|
|
|
|
FD_ZERO(&fd);
|
|
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
#pragma GCC diagnostic push
|
|
#pragma GCC diagnostic ignored "-Wsign-conversion"
|
|
#endif
|
|
FD_SET(socket_fd, &fd);
|
|
#if defined(__GNUC__) || defined(__clang__)
|
|
#pragma GCC diagnostic pop
|
|
#endif
|
|
|
|
/* now make sure we wait in the correct direction */
|
|
dir = libssh2_session_block_directions(session);
|
|
|
|
if(dir & LIBSSH2_SESSION_BLOCK_INBOUND)
|
|
readfd = &fd;
|
|
|
|
if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND)
|
|
writefd = &fd;
|
|
|
|
rc = select((int)(socket_fd + 1), readfd, writefd, NULL, &timeout);
|
|
|
|
return rc;
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
uint32_t hostaddr;
|
|
libssh2_socket_t sock;
|
|
struct sockaddr_in sin;
|
|
int rc;
|
|
LIBSSH2_SESSION *session = NULL;
|
|
LIBSSH2_CHANNEL *channel;
|
|
LIBSSH2_AGENT *agent = NULL;
|
|
struct libssh2_agent_publickey *identity, *prev_identity = NULL;
|
|
int exitcode;
|
|
char *exitsignal = NULL;
|
|
ssize_t bytecount = 0;
|
|
|
|
#ifdef _WIN32
|
|
WSADATA wsadata;
|
|
|
|
rc = WSAStartup(MAKEWORD(2, 0), &wsadata);
|
|
if(rc) {
|
|
fprintf(stderr, "WSAStartup failed with error: %d\n", rc);
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
if(argc < 2) {
|
|
fprintf(stderr, "At least IP and username arguments are required.\n");
|
|
return 1;
|
|
}
|
|
/* must be ip address only */
|
|
hostname = argv[1];
|
|
username = argv[2];
|
|
|
|
if(argc > 3) {
|
|
commandline = argv[3];
|
|
}
|
|
|
|
rc = libssh2_init(0);
|
|
if(rc) {
|
|
fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
|
|
return 1;
|
|
}
|
|
|
|
hostaddr = inet_addr(hostname);
|
|
|
|
/* Ultra basic "connect to port 22 on localhost". Your code is
|
|
* responsible for creating the socket establishing the connection
|
|
*/
|
|
sock = socket(AF_INET, SOCK_STREAM, 0);
|
|
if(sock == LIBSSH2_INVALID_SOCKET) {
|
|
fprintf(stderr, "failed to create socket.\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
sin.sin_family = AF_INET;
|
|
sin.sin_port = htons(22);
|
|
sin.sin_addr.s_addr = hostaddr;
|
|
if(connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in))) {
|
|
fprintf(stderr, "failed to connect.\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
/* Create a session instance */
|
|
session = libssh2_session_init();
|
|
if(!session) {
|
|
fprintf(stderr, "Could not initialize SSH session.\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
if(libssh2_session_handshake(session, sock) != 0) {
|
|
fprintf(stderr, "Failure establishing SSH session: %d\n", rc);
|
|
goto shutdown;
|
|
}
|
|
|
|
/* Connect to the ssh-agent */
|
|
agent = libssh2_agent_init(session);
|
|
if(!agent) {
|
|
fprintf(stderr, "Failure initializing ssh-agent support\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_connect(agent)) {
|
|
fprintf(stderr, "Failure connecting to ssh-agent\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_list_identities(agent)) {
|
|
fprintf(stderr, "Failure requesting identities to ssh-agent\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
for(;;) {
|
|
rc = libssh2_agent_get_identity(agent, &identity, prev_identity);
|
|
if(rc == 1)
|
|
break;
|
|
if(rc < 0) {
|
|
fprintf(stderr,
|
|
"Failure obtaining identity from ssh-agent support\n");
|
|
rc = 1;
|
|
goto shutdown;
|
|
}
|
|
if(libssh2_agent_userauth(agent, username, identity)) {
|
|
fprintf(stderr, "Authentication with username %s and "
|
|
"public key %s failed.\n",
|
|
username, identity->comment);
|
|
}
|
|
else {
|
|
fprintf(stderr, "Authentication with username %s and "
|
|
"public key %s succeeded.\n",
|
|
username, identity->comment);
|
|
break;
|
|
}
|
|
prev_identity = identity;
|
|
}
|
|
if(rc) {
|
|
fprintf(stderr, "Could not continue authentication\n");
|
|
goto shutdown;
|
|
}
|
|
|
|
#if 0
|
|
libssh2_trace(session, ~0);
|
|
#endif
|
|
|
|
/* Set session to non-blocking */
|
|
libssh2_session_set_blocking(session, 0);
|
|
|
|
/* Exec non-blocking on the remote host */
|
|
do {
|
|
channel = libssh2_channel_open_session(session);
|
|
if(channel ||
|
|
libssh2_session_last_error(session, NULL, NULL, 0) !=
|
|
LIBSSH2_ERROR_EAGAIN)
|
|
break;
|
|
waitsocket(sock, session);
|
|
} while(1);
|
|
if(!channel) {
|
|
fprintf(stderr, "Error\n");
|
|
return 1;
|
|
}
|
|
while((rc = libssh2_channel_request_auth_agent(channel)) ==
|
|
LIBSSH2_ERROR_EAGAIN) {
|
|
waitsocket(sock, session);
|
|
}
|
|
if(rc) {
|
|
fprintf(stderr, "Error, could not request auth agent, "
|
|
"error code %d.\n", rc);
|
|
return 1;
|
|
}
|
|
else {
|
|
fprintf(stdout, "Agent forwarding request succeeded.\n");
|
|
}
|
|
while((rc = libssh2_channel_exec(channel, commandline)) ==
|
|
LIBSSH2_ERROR_EAGAIN) {
|
|
waitsocket(sock, session);
|
|
}
|
|
if(rc) {
|
|
fprintf(stderr, "Error\n");
|
|
return 1;
|
|
}
|
|
for(;;) {
|
|
ssize_t nread;
|
|
/* loop until we block */
|
|
do {
|
|
char buffer[0x4000];
|
|
nread = libssh2_channel_read(channel, buffer, sizeof(buffer) );
|
|
if(nread > 0) {
|
|
ssize_t i;
|
|
bytecount += nread;
|
|
fprintf(stderr, "We read:\n");
|
|
for(i = 0; i < nread; ++i)
|
|
fputc(buffer[i], stderr);
|
|
fprintf(stderr, "\n");
|
|
}
|
|
else {
|
|
if(nread != LIBSSH2_ERROR_EAGAIN)
|
|
/* no need to output this for the EAGAIN case */
|
|
fprintf(stderr, "libssh2_channel_read returned %ld\n",
|
|
(long)nread);
|
|
}
|
|
} while(nread > 0);
|
|
|
|
/* this is due to blocking that would occur otherwise so we loop on
|
|
this condition */
|
|
if(nread == LIBSSH2_ERROR_EAGAIN) {
|
|
waitsocket(sock, session);
|
|
}
|
|
else
|
|
break;
|
|
}
|
|
exitcode = 127;
|
|
while((rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN) {
|
|
waitsocket(sock, session);
|
|
}
|
|
if(rc == 0) {
|
|
exitcode = libssh2_channel_get_exit_status(channel);
|
|
libssh2_channel_get_exit_signal(channel, &exitsignal,
|
|
NULL, NULL, NULL, NULL, NULL);
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
if(exitsignal) {
|
|
fprintf(stderr, "\nGot signal: %s\n",
|
|
exitsignal ? exitsignal : "none");
|
|
}
|
|
else {
|
|
fprintf(stderr, "\nEXIT: %d bytecount: %ld\n",
|
|
exitcode, (long)bytecount);
|
|
}
|
|
|
|
libssh2_channel_free(channel);
|
|
channel = NULL;
|
|
|
|
shutdown:
|
|
|
|
if(session) {
|
|
libssh2_session_disconnect(session, "Normal Shutdown");
|
|
libssh2_session_free(session);
|
|
}
|
|
|
|
if(sock != LIBSSH2_INVALID_SOCKET) {
|
|
shutdown(sock, 2);
|
|
LIBSSH2_SOCKET_CLOSE(sock);
|
|
}
|
|
|
|
fprintf(stderr, "all done\n");
|
|
|
|
libssh2_exit();
|
|
|
|
#ifdef _WIN32
|
|
WSACleanup();
|
|
#endif
|
|
|
|
return rc;
|
|
}
|