api/sshagent__main_8c_source.html

/*

 * sshagent_main.c: DVC plugin to forward queries from RDP to the ssh-agent

 *

 * This relays data to and from an ssh-agent program equivalent running on the

 * RDP server to an ssh-agent running locally.  Unlike the normal ssh-agent,

 * which sends data over an SSH channel, the data is send over an RDP dynamic

 * virtual channel.

 *

 * protocol specification:

 *     Forward data verbatim over RDP dynamic virtual channel named "sshagent"

 *     between a ssh client on the xrdp server and the real ssh-agent where

 *     the RDP client is running.  Each connection by a separate client to

 *     xrdp-ssh-agent gets a separate DVC invocation.

 */


#include <freerdp/config.h>


#include <stdio.h>

#include <stdlib.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <sys/un.h>

#include <pwd.h>

#include <unistd.h>

#include <errno.h>


#include <winpr/crt.h>

#include <winpr/assert.h>

#include <winpr/synch.h>

#include <winpr/thread.h>

#include <winpr/stream.h>


#include "sshagent_main.h"


#include <freerdp/freerdp.h>

#include <freerdp/client/channels.h>

#include <freerdp/channels/log.h>


#define TAG CHANNELS_TAG("sshagent.client")


typedef struct

{

  IWTSListenerCallback iface;


  IWTSPlugin* plugin;

  IWTSVirtualChannelManager* channel_mgr;


  rdpContext* rdpcontext;

  const char* agent_uds_path;

} SSHAGENT_LISTENER_CALLBACK;


typedef struct

{

  GENERIC_CHANNEL_CALLBACK generic;


  rdpContext* rdpcontext;

  int agent_fd;

  HANDLE thread;

  CRITICAL_SECTION lock;

} SSHAGENT_CHANNEL_CALLBACK;


typedef struct

{

  IWTSPlugin iface;


  SSHAGENT_LISTENER_CALLBACK* listener_callback;


  rdpContext* rdpcontext;

} SSHAGENT_PLUGIN;


static int connect_to_sshagent(const char* udspath)

{

  WINPR_ASSERT(udspath);


  int agent_fd = socket(AF_UNIX, SOCK_STREAM, 0);


  if (agent_fd == -1)

  {

    WLog_ERR(TAG, "Can't open Unix domain socket!");

    return -1;

  }


  struct sockaddr_un addr = { 0 };


  addr.sun_family = AF_UNIX;


  strncpy(addr.sun_path, udspath, sizeof(addr.sun_path) - 1);


  int rc = connect(agent_fd, (struct sockaddr*)&addr, sizeof(addr));


  if (rc != 0)

  {

    WLog_ERR(TAG, "Can't connect to Unix domain socket \"%s\"!", udspath);

    close(agent_fd);

    return -1;

  }


  return agent_fd;

}


static DWORD WINAPI sshagent_read_thread(LPVOID data)

{

  SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)data;

  WINPR_ASSERT(callback);


  BYTE buffer[4096] = { 0 };

  int going = 1;

  UINT status = CHANNEL_RC_OK;


  while (going)

  {

    const ssize_t bytes_read = read(callback->agent_fd, buffer, sizeof(buffer));


    if (bytes_read == 0)

    {

      /* Socket closed cleanly at other end */

      going = 0;

    }

    else if (bytes_read < 0)

    {

      if (errno != EINTR)

      {

        WLog_ERR(TAG, "Error reading from sshagent, errno=%d", errno);

        status = ERROR_READ_FAULT;

        going = 0;

      }

    }

    else if ((size_t)bytes_read > ULONG_MAX)

    {

      status = ERROR_READ_FAULT;

      going = 0;

    }

    else

    {

      /* Something read: forward to virtual channel */

      IWTSVirtualChannel* channel = callback->generic.channel;

      status = channel->Write(channel, (ULONG)bytes_read, buffer, NULL);


      if (status != CHANNEL_RC_OK)

      {

        going = 0;

      }

    }

  }


  close(callback->agent_fd);


  if (status != CHANNEL_RC_OK)

    setChannelError(callback->rdpcontext, status, "sshagent_read_thread reported an error");


  ExitThread(status);

  return status;

}


static UINT sshagent_on_data_received(IWTSVirtualChannelCallback* pChannelCallback, wStream* data)

{

  SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)pChannelCallback;

  WINPR_ASSERT(callback);


  BYTE* pBuffer = Stream_Pointer(data);

  size_t cbSize = Stream_GetRemainingLength(data);

  BYTE* pos = pBuffer;

  /* Forward what we have received to the ssh agent */

  size_t bytes_to_write = cbSize;

  errno = 0;


  while (bytes_to_write > 0)

  {

    const ssize_t bytes_written = write(callback->agent_fd, pos, bytes_to_write);


    if (bytes_written < 0)

    {

      if (errno != EINTR)

      {

        WLog_ERR(TAG, "Error writing to sshagent, errno=%d", errno);

        return ERROR_WRITE_FAULT;

      }

    }

    else

    {

      bytes_to_write -= WINPR_ASSERTING_INT_CAST(size_t, bytes_written);

      pos += bytes_written;

    }

  }


  /* Consume stream */

  Stream_Seek(data, cbSize);

  return CHANNEL_RC_OK;

}


static UINT sshagent_on_close(IWTSVirtualChannelCallback* pChannelCallback)

{

  SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)pChannelCallback;

  WINPR_ASSERT(callback);


  /* Call shutdown() to wake up the read() in sshagent_read_thread(). */

  shutdown(callback->agent_fd, SHUT_RDWR);

  EnterCriticalSection(&callback->lock);


  if (WaitForSingleObject(callback->thread, INFINITE) == WAIT_FAILED)

  {

    UINT error = GetLastError();

    WLog_ERR(TAG, "WaitForSingleObject failed with error %" PRIu32 "!", error);

    return error;

  }


  (void)CloseHandle(callback->thread);

  LeaveCriticalSection(&callback->lock);

  DeleteCriticalSection(&callback->lock);

  free(callback);

  return CHANNEL_RC_OK;

}


// NOLINTBEGIN(readability-non-const-parameter)

static UINT sshagent_on_new_channel_connection(IWTSListenerCallback* pListenerCallback,

                                               IWTSVirtualChannel* pChannel, BYTE* Data,

                                               BOOL* pbAccept,

                                               IWTSVirtualChannelCallback** ppCallback)

// NOLINTEND(readability-non-const-parameter)

{

  SSHAGENT_LISTENER_CALLBACK* listener_callback = (SSHAGENT_LISTENER_CALLBACK*)pListenerCallback;

  WINPR_UNUSED(Data);

  WINPR_UNUSED(pbAccept);


  SSHAGENT_CHANNEL_CALLBACK* callback =

      (SSHAGENT_CHANNEL_CALLBACK*)calloc(1, sizeof(SSHAGENT_CHANNEL_CALLBACK));


  if (!callback)

  {

    WLog_ERR(TAG, "calloc failed!");

    return CHANNEL_RC_NO_MEMORY;

  }


  /* Now open a connection to the local ssh-agent.  Do this for each

   * connection to the plugin in case we mess up the agent session. */

  callback->agent_fd = connect_to_sshagent(listener_callback->agent_uds_path);


  if (callback->agent_fd == -1)

  {

    free(callback);

    return CHANNEL_RC_INITIALIZATION_ERROR;

  }


  InitializeCriticalSection(&callback->lock);


  GENERIC_CHANNEL_CALLBACK* generic = &callback->generic;

  generic->iface.OnDataReceived = sshagent_on_data_received;

  generic->iface.OnClose = sshagent_on_close;

  generic->plugin = listener_callback->plugin;

  generic->channel_mgr = listener_callback->channel_mgr;

  generic->channel = pChannel;

  callback->rdpcontext = listener_callback->rdpcontext;

  callback->thread = CreateThread(NULL, 0, sshagent_read_thread, (void*)callback, 0, NULL);


  if (!callback->thread)

  {

    WLog_ERR(TAG, "CreateThread failed!");

    DeleteCriticalSection(&callback->lock);

    free(callback);

    return CHANNEL_RC_INITIALIZATION_ERROR;

  }


  *ppCallback = (IWTSVirtualChannelCallback*)callback;

  return CHANNEL_RC_OK;

}


static UINT sshagent_plugin_initialize(IWTSPlugin* pPlugin, IWTSVirtualChannelManager* pChannelMgr)

{

  SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*)pPlugin;

  WINPR_ASSERT(sshagent);

  WINPR_ASSERT(pChannelMgr);


  sshagent->listener_callback =

      (SSHAGENT_LISTENER_CALLBACK*)calloc(1, sizeof(SSHAGENT_LISTENER_CALLBACK));


  if (!sshagent->listener_callback)

  {

    WLog_ERR(TAG, "calloc failed!");

    return CHANNEL_RC_NO_MEMORY;

  }


  sshagent->listener_callback->rdpcontext = sshagent->rdpcontext;

  sshagent->listener_callback->iface.OnNewChannelConnection = sshagent_on_new_channel_connection;

  sshagent->listener_callback->plugin = pPlugin;

  sshagent->listener_callback->channel_mgr = pChannelMgr;

  // NOLINTNEXTLINE(concurrency-mt-unsafe)

  sshagent->listener_callback->agent_uds_path = getenv("SSH_AUTH_SOCK");


  if (sshagent->listener_callback->agent_uds_path == NULL)

  {

    WLog_ERR(TAG, "Environment variable $SSH_AUTH_SOCK undefined!");

    free(sshagent->listener_callback);

    sshagent->listener_callback = NULL;

    return CHANNEL_RC_INITIALIZATION_ERROR;

  }


  return pChannelMgr->CreateListener(pChannelMgr, "SSHAGENT", 0,

                                     (IWTSListenerCallback*)sshagent->listener_callback, NULL);

}


static UINT sshagent_plugin_terminated(IWTSPlugin* pPlugin)

{

  SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*)pPlugin;

  free(sshagent);

  return CHANNEL_RC_OK;

}


FREERDP_ENTRY_POINT(UINT VCAPITYPE sshagent_DVCPluginEntry(IDRDYNVC_ENTRY_POINTS* pEntryPoints))

{

  UINT status = CHANNEL_RC_OK;


  WINPR_ASSERT(pEntryPoints);


  SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*)pEntryPoints->GetPlugin(pEntryPoints, "sshagent");


  if (!sshagent)

  {

    sshagent = (SSHAGENT_PLUGIN*)calloc(1, sizeof(SSHAGENT_PLUGIN));


    if (!sshagent)

    {

      WLog_ERR(TAG, "calloc failed!");

      return CHANNEL_RC_NO_MEMORY;

    }


    sshagent->iface.Initialize = sshagent_plugin_initialize;

    sshagent->iface.Connected = NULL;

    sshagent->iface.Disconnected = NULL;

    sshagent->iface.Terminated = sshagent_plugin_terminated;

    sshagent->rdpcontext = pEntryPoints->GetRdpContext(pEntryPoints);

    status = pEntryPoints->RegisterPlugin(pEntryPoints, "sshagent", &sshagent->iface);

  }


  return status;

}

GENERIC_CHANNEL_CALLBACK
Definition include/freerdp/client/channels.h:35

RTL_CRITICAL_SECTION
Definition include/winpr/synch.h:158

wStream
Definition include/winpr/stream.h:42