/**
* FreeRDP: A Remote Desktop Protocol Implementation
* SSH Agent Virtual Channel Extension
*
* Copyright 2013 Christian Hofstaedtler
* Copyright 2015 Thincast Technologies GmbH
* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
* Copyright 2017 Ben Cohen
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* sshagent_main.c: DVC plugin to forward queries from RDP to the ssh-agent
*
* This relays data to and from an ssh-agent program equivalent running on the
* RDP server to an ssh-agent running locally. Unlike the normal ssh-agent,
* which sends data over an SSH channel, the data is send over an RDP dynamic
* virtual channel.
*
* protocol specification:
* Forward data verbatim over RDP dynamic virtual channel named "sshagent"
* between a ssh client on the xrdp server and the real ssh-agent where
* the RDP client is running. Each connection by a separate client to
* xrdp-ssh-agent gets a separate DVC invocation.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <pwd.h>
#include <unistd.h>
#include <errno.h>
#include <winpr/crt.h>
#include <winpr/synch.h>
#include <winpr/thread.h>
#include <winpr/stream.h>
#include "sshagent_main.h"
#include <freerdp/channels/log.h>
#define TAG CHANNELS_TAG("sshagent.client")
typedef struct _SSHAGENT_LISTENER_CALLBACK SSHAGENT_LISTENER_CALLBACK;
struct _SSHAGENT_LISTENER_CALLBACK
{
IWTSListenerCallback iface;
IWTSPlugin* plugin;
IWTSVirtualChannelManager* channel_mgr;
rdpContext* rdpcontext;
const char* agent_uds_path;
};
typedef struct _SSHAGENT_CHANNEL_CALLBACK SSHAGENT_CHANNEL_CALLBACK;
struct _SSHAGENT_CHANNEL_CALLBACK
{
IWTSVirtualChannelCallback iface;
IWTSPlugin* plugin;
IWTSVirtualChannelManager* channel_mgr;
IWTSVirtualChannel* channel;
rdpContext* rdpcontext;
int agent_fd;
HANDLE thread;
CRITICAL_SECTION lock;
};
typedef struct _SSHAGENT_PLUGIN SSHAGENT_PLUGIN;
struct _SSHAGENT_PLUGIN
{
IWTSPlugin iface;
SSHAGENT_LISTENER_CALLBACK* listener_callback;
rdpContext* rdpcontext;
};
/**
* Function to open the connection to the sshagent
*
* @return The fd on success, otherwise -1
*/
static int connect_to_sshagent(const char* udspath)
{
int agent_fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (agent_fd == -1)
{
WLog_ERR(TAG, "Can't open Unix domain socket!");
return -1;
}
struct sockaddr_un addr;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, udspath, sizeof(addr.sun_path) - 1);
int rc = connect(agent_fd, (struct sockaddr*)&addr, sizeof(addr));
if (rc != 0)
{
WLog_ERR(TAG, "Can't connect to Unix domain socket \"%s\"!", udspath);
close(agent_fd);
return -1;
}
return agent_fd;
}
/**
* Entry point for thread to read from the ssh-agent socket and forward
* the data to RDP
*
* @return NULL
*/
static DWORD WINAPI sshagent_read_thread(LPVOID data)
{
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)data;
BYTE buffer[4096];
int going = 1;
UINT status = CHANNEL_RC_OK;
while (going)
{
int bytes_read = read(callback->agent_fd, buffer, sizeof(buffer));
if (bytes_read == 0)
{
/* Socket closed cleanly at other end */
going = 0;
}
else if (bytes_read < 0)
{
if (errno != EINTR)
{
WLog_ERR(TAG, "Error reading from sshagent, errno=%d", errno);
status = ERROR_READ_FAULT;
going = 0;
}
}
else
{
/* Something read: forward to virtual channel */
status = callback->channel->Write(callback->channel, bytes_read, buffer, NULL);
if (status != CHANNEL_RC_OK)
{
going = 0;
}
}
}
close(callback->agent_fd);
if (status != CHANNEL_RC_OK)
setChannelError(callback->rdpcontext, status, "sshagent_read_thread reported an error");
ExitThread(status);
return status;
}
/**
* Callback for data received from the RDP server; forward this to ssh-agent
*
* @return 0 on success, otherwise a Win32 error code
*/
static UINT sshagent_on_data_received(IWTSVirtualChannelCallback* pChannelCallback, wStream* data)
{
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)pChannelCallback;
BYTE* pBuffer = Stream_Pointer(data);
UINT32 cbSize = Stream_GetRemainingLength(data);
BYTE* pos = pBuffer;
/* Forward what we have received to the ssh agent */
UINT32 bytes_to_write = cbSize;
errno = 0;
while (bytes_to_write > 0)
{
int bytes_written = write(callback->agent_fd, pos, bytes_to_write);
if (bytes_written < 0)
{
if (errno != EINTR)
{
WLog_ERR(TAG, "Error writing to sshagent, errno=%d", errno);
return ERROR_WRITE_FAULT;
}
}
else
{
bytes_to_write -= bytes_written;
pos += bytes_written;
}
}
/* Consume stream */
Stream_Seek(data, cbSize);
return CHANNEL_RC_OK;
}
/**
* Callback for when the virtual channel is closed
*
* @return 0 on success, otherwise a Win32 error code
*/
static UINT sshagent_on_close(IWTSVirtualChannelCallback* pChannelCallback)
{
SSHAGENT_CHANNEL_CALLBACK* callback = (SSHAGENT_CHANNEL_CALLBACK*)pChannelCallback;
/* Call shutdown() to wake up the read() in sshagent_read_thread(). */
shutdown(callback->agent_fd, SHUT_RDWR);
EnterCriticalSection(&callback->lock);
if (WaitForSingleObject(callback->thread, INFINITE) == WAIT_FAILED)
{
UINT error = GetLastError();
WLog_ERR(TAG, "WaitForSingleObject failed with error %" PRIu32 "!", error);
return error;
}
CloseHandle(callback->thread);
LeaveCriticalSection(&callback->lock);
DeleteCriticalSection(&callback->lock);
free(callback);
return CHANNEL_RC_OK;
}
/**
* Callback for when a new virtual channel is opened
*
* @return 0 on success, otherwise a Win32 error code
*/
static UINT sshagent_on_new_channel_connection(IWTSListenerCallback* pListenerCallback,
IWTSVirtualChannel* pChannel, BYTE* Data,
BOOL* pbAccept,
IWTSVirtualChannelCallback** ppCallback)
{
SSHAGENT_CHANNEL_CALLBACK* callback;
SSHAGENT_LISTENER_CALLBACK* listener_callback = (SSHAGENT_LISTENER_CALLBACK*)pListenerCallback;
callback = (SSHAGENT_CHANNEL_CALLBACK*)calloc(1, sizeof(SSHAGENT_CHANNEL_CALLBACK));
if (!callback)
{
WLog_ERR(TAG, "calloc failed!");
return CHANNEL_RC_NO_MEMORY;
}
/* Now open a connection to the local ssh-agent. Do this for each
* connection to the plugin in case we mess up the agent session. */
callback->agent_fd = connect_to_sshagent(listener_callback->agent_uds_path);
if (callback->agent_fd == -1)
{
free(callback);
return CHANNEL_RC_INITIALIZATION_ERROR;
}
InitializeCriticalSection(&callback->lock);
callback->iface.OnDataReceived = sshagent_on_data_received;
callback->iface.OnClose = sshagent_on_close;
callback->plugin = listener_callback->plugin;
callback->channel_mgr = listener_callback->channel_mgr;
callback->channel = pChannel;
callback->rdpcontext = listener_callback->rdpcontext;
callback->thread = CreateThread(NULL, 0, sshagent_read_thread, (void*)callback, 0, NULL);
if (!callback->thread)
{
WLog_ERR(TAG, "CreateThread failed!");
DeleteCriticalSection(&callback->lock);
free(callback);
return CHANNEL_RC_INITIALIZATION_ERROR;
}
*ppCallback = (IWTSVirtualChannelCallback*)callback;
return CHANNEL_RC_OK;
}
/**
* Callback for when the plugin is initialised
*
* @return 0 on success, otherwise a Win32 error code
*/
static UINT sshagent_plugin_initialize(IWTSPlugin* pPlugin, IWTSVirtualChannelManager* pChannelMgr)
{
SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*)pPlugin;
sshagent->listener_callback =
(SSHAGENT_LISTENER_CALLBACK*)calloc(1, sizeof(SSHAGENT_LISTENER_CALLBACK));
if (!sshagent->listener_callback)
{
WLog_ERR(TAG, "calloc failed!");
return CHANNEL_RC_NO_MEMORY;
}
sshagent->listener_callback->rdpcontext = sshagent->rdpcontext;
sshagent->listener_callback->iface.OnNewChannelConnection = sshagent_on_new_channel_connection;
sshagent->listener_callback->plugin = pPlugin;
sshagent->listener_callback->channel_mgr = pChannelMgr;
sshagent->listener_callback->agent_uds_path = getenv("SSH_AUTH_SOCK");
if (sshagent->listener_callback->agent_uds_path == NULL)
{
WLog_ERR(TAG, "Environment variable $SSH_AUTH_SOCK undefined!");
free(sshagent->listener_callback);
sshagent->listener_callback = NULL;
return CHANNEL_RC_INITIALIZATION_ERROR;
}
return pChannelMgr->CreateListener(pChannelMgr, "SSHAGENT", 0,
(IWTSListenerCallback*)sshagent->listener_callback, NULL);
}
/**
* Callback for when the plugin is terminated
*
* @return 0 on success, otherwise a Win32 error code
*/
static UINT sshagent_plugin_terminated(IWTSPlugin* pPlugin)
{
SSHAGENT_PLUGIN* sshagent = (SSHAGENT_PLUGIN*)pPlugin;
free(sshagent);
return CHANNEL_RC_OK;
}
#ifdef BUILTIN_CHANNELS
#define DVCPluginEntry sshagent_DVCPluginEntry
#else
#define DVCPluginEntry FREERDP_API DVCPluginEntry
#endif
/**
* Main entry point for sshagent DVC plugin
*
* @return 0 on success, otherwise a Win32 error code
*/
UINT DVCPluginEntry(IDRDYNVC_ENTRY_POINTS* pEntryPoints)
{
UINT status = CHANNEL_RC_OK;
SSHAGENT_PLUGIN* sshagent;
sshagent = (SSHAGENT_PLUGIN*)pEntryPoints->GetPlugin(pEntryPoints, "sshagent");
if (!sshagent)
{
sshagent = (SSHAGENT_PLUGIN*)calloc(1, sizeof(SSHAGENT_PLUGIN));
if (!sshagent)
{
WLog_ERR(TAG, "calloc failed!");
return CHANNEL_RC_NO_MEMORY;
}
sshagent->iface.Initialize = sshagent_plugin_initialize;
sshagent->iface.Connected = NULL;
sshagent->iface.Disconnected = NULL;
sshagent->iface.Terminated = sshagent_plugin_terminated;
sshagent->rdpcontext =
((freerdp*)((rdpSettings*)pEntryPoints->GetRdpSettings(pEntryPoints))->instance)
->context;
status = pEntryPoints->RegisterPlugin(pEntryPoints, "sshagent", (IWTSPlugin*)sshagent);
}
return status;
}
/* vim: set sw=8:ts=8:noet: */