New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forward ssh-agent data between ssh-agent and RDP #4122
Conversation
Can one of the admins verify this patch? |
Please see neutrinolabs/xrdp#868 for more details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's definitely all the copyright statements to adjust. Plus some of my remarks.
Nice job, thanks for the contribution.
channels/sshagent/CMakeLists.txt
Outdated
# FreeRDP cmake build script | ||
# | ||
# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> | ||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it's not the right copyright...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I basically copied the file from echo so I can't claim much copyright! I've added myself, anyway :)
int rc = connect(agent_fd, (struct sockaddr*)&addr, sizeof(addr)); | ||
if (rc != 0) | ||
{ | ||
WLog_ERR(TAG, "Can't connect to Unix domain socket \"%s\"!", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agent_fd is leaked here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... when connect() fails. Thanks - fixed.
callback->channel_mgr = listener_callback->channel_mgr; | ||
callback->channel = pChannel; | ||
|
||
if (!(callback->thread |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strange code style
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
} | ||
else if (bytes_read < 0) | ||
{ | ||
if (errno != EAGAIN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I may have missed something, but your socket is opened in a blocking way (and is not changed afterwards) so you will never get a EAGAIN or a EWOULDBLOCK, and the same applies for writes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've removed them.
add_channel_client(${MODULE_PREFIX} ${CHANNEL_NAME}) | ||
endif() | ||
|
||
if(WITH_SERVER_CHANNELS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see the server code...
@freerdp-bot can you test that first shot buddy ? |
Refer to this link for build results (access rights to CI server needed): |
@hardening For the server code, I wrote and tested it against xrdp (#867: xrdp-ssh-agent.c). It is designed to be run as a command-line app that prints out the agent socket path, just as ssh-agent does. The same file compiles with minimal changes - different include files - in FreeRDP's tree. I am struggling to compile the Linux FreeRDP server so I haven't been able to test it yet. I have pushed it anyway - please let me know of any problems. |
@freerdp-bot test |
Refer to this link for build results (access rights to CI server needed): |
@hardening Are your issues with this resolved? |
include/freerdp/client/sshagent.h
Outdated
/** | ||
* FreeRDP: A Remote Desktop Protocol Implementation | ||
* Clipboard Virtual Channel Extension | ||
* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong comment, and copyright below are also wrong
@@ -0,0 +1,401 @@ | |||
/** | |||
* xrdp: A Remote Desktop Protocol server. | |||
* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong header here
@@ -0,0 +1,42 @@ | |||
/** | |||
* FreeRDP: A Remote Desktop Protocol Implementation | |||
* Echo Virtual Channel Extension |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment should be changed
You should really fix copyright statements and descriptions in file headers, apart from that that LGTM. |
I fixed the comments at the start of the files mentioned by @hardening and pushed that. It says there is a conflict. Do you want me to force-push the branch rebased to fix that? |
Yes please rebase, we've done quite a lot of merge recently |
# FreeRDP: A Remote Desktop Protocol Implementation | ||
# FreeRDP cmake build script | ||
# | ||
# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct? I assume you did write this file or am I mistaken?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes: I simply copied channels/sshagent/client/CMakeLists.txt from channels/echo/client/CMakeLists.txt and replaced "echo" with "sshagent". So I left the existing copyright line in and added my own afterwards.
* limitations under the License. | ||
*/ | ||
|
||
#ifndef __SSHAGENT_MAIN_H |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the __
, that should not be used in application / library header files. Maybe add some prefix (FREERDP or something to avoid collisions)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM except the minor issue pointed out.
Add the sshagent plugin to forward the ssh-agent protocol over an RDP dynamic virtual channel, just as the normal ssh-agent forwards it over an SSH channel. Add the "/ssh-agent" command line option to enable it. Usage: Run FreeRDP with the ssh-agent plugin enabled: xfreerdp /ssh-agent ... In the remote desktop session run xrdp-ssh-agent and evaluate the output in the shell as for ssh-agent to set the required environment variables (specifically $SSH_AUTH_SOCK): eval "$(xrdp-ssh-agent -s)" This is the same as for the normal ssh-agent. You would typically do this in your Xsession or /etc/xrdp/startwm.sh. Limitations: 1. Error checking and handling could be improved. 2. This is only tested on Linux and will only work on systems where clients talk to the ssh-agent via Unix domain sockets. It won't currently work on Windows but it could be ported.
1. In connect_to_sshagent() if connect() fails, the socket agent_fd is leaked. It needs to be closed before returning. 2. Fix copyright messages. 3. Make if statement with call to CreateThread() clearer to read.
Also fix copyright dates...
This is based on xrdpapi/xrdp-ssh-agent.c from xrdp PR FreeRDP#867.
@freerdp-bot test |
Build finished. |
Refer to this link for build results (access rights to CI server needed): |
@ben-cohen nice work! Thank you! |
Add the sshagent plugin to forward the ssh-agent protocol over an RDP
dynamic virtual channel, just as the normal ssh-agent forwards it over
an SSH channel. Add the "/ssh-agent" command line option to enable it.
Usage:
Run FreeRDP with the ssh-agent plugin enabled:
xfreerdp /ssh-agent ...
In the remote desktop session run xrdp-ssh-agent and evaluate the output
in the shell as for ssh-agent to set the required environment variables
(specifically $SSH_AUTH_SOCK):
eval "$(xrdp-ssh-agent -s)"
This is the same as for the normal ssh-agent. You would typically do
this in your Xsession or /etc/xrdp/startwm.sh.
Limitations:
Error checking and handling could be improved.
This is only tested on Linux and will only work on systems where
clients talk to the ssh-agent via Unix domain sockets. It won't
currently work on Windows but it could be ported.