Forward ssh-agent data between ssh-agent and RDP #4122
Conversation
|
Can one of the admins verify this patch? |
|
Please see neutrinolabs/xrdp#868 for more details. |
channels/sshagent/CMakeLists.txt
Outdated
| # FreeRDP cmake build script | ||
| # | ||
| # Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> | ||
| # |
There was a problem hiding this comment.
I guess it's not the right copyright...
There was a problem hiding this comment.
I basically copied the file from echo so I can't claim much copyright! I've added myself, anyway :)
| int rc = connect(agent_fd, (struct sockaddr*)&addr, sizeof(addr)); | ||
| if (rc != 0) | ||
| { | ||
| WLog_ERR(TAG, "Can't connect to Unix domain socket \"%s\"!", |
There was a problem hiding this comment.
... when connect() fails. Thanks - fixed.
| callback->channel_mgr = listener_callback->channel_mgr; | ||
| callback->channel = pChannel; | ||
|
|
||
| if (!(callback->thread |
| } | ||
| else if (bytes_read < 0) | ||
| { | ||
| if (errno != EAGAIN |
There was a problem hiding this comment.
I may have missed something, but your socket is opened in a blocking way (and is not changed afterwards) so you will never get a EAGAIN or a EWOULDBLOCK, and the same applies for writes.
There was a problem hiding this comment.
I've removed them.
| add_channel_client(${MODULE_PREFIX} ${CHANNEL_NAME}) | ||
| endif() | ||
|
|
||
| if(WITH_SERVER_CHANNELS) |
There was a problem hiding this comment.
I don't see the server code...
|
@freerdp-bot can you test that first shot buddy ? |
|
Refer to this link for build results (access rights to CI server needed): |
|
@hardening For the server code, I wrote and tested it against xrdp (#867: xrdp-ssh-agent.c). It is designed to be run as a command-line app that prints out the agent socket path, just as ssh-agent does. The same file compiles with minimal changes - different include files - in FreeRDP's tree. I am struggling to compile the Linux FreeRDP server so I haven't been able to test it yet. I have pushed it anyway - please let me know of any problems. |
|
@freerdp-bot test |
|
Refer to this link for build results (access rights to CI server needed): |
|
@hardening Are your issues with this resolved? |
include/freerdp/client/sshagent.h
Outdated
| /** | ||
| * FreeRDP: A Remote Desktop Protocol Implementation | ||
| * Clipboard Virtual Channel Extension | ||
| * |
There was a problem hiding this comment.
Wrong comment, and copyright below are also wrong
| @@ -0,0 +1,401 @@ | |||
| /** | |||
| * xrdp: A Remote Desktop Protocol server. | |||
| * | |||
| @@ -0,0 +1,42 @@ | |||
| /** | |||
| * FreeRDP: A Remote Desktop Protocol Implementation | |||
| * Echo Virtual Channel Extension | |||
There was a problem hiding this comment.
comment should be changed
|
You should really fix copyright statements and descriptions in file headers, apart from that that LGTM. |
|
I fixed the comments at the start of the files mentioned by @hardening and pushed that. It says there is a conflict. Do you want me to force-push the branch rebased to fix that? |
|
Yes please rebase, we've done quite a lot of merge recently |
| # FreeRDP: A Remote Desktop Protocol Implementation | ||
| # FreeRDP cmake build script | ||
| # | ||
| # Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
There was a problem hiding this comment.
Is this correct? I assume you did write this file or am I mistaken?
There was a problem hiding this comment.
Yes: I simply copied channels/sshagent/client/CMakeLists.txt from channels/echo/client/CMakeLists.txt and replaced "echo" with "sshagent". So I left the existing copyright line in and added my own afterwards.
| * limitations under the License. | ||
| */ | ||
|
|
||
| #ifndef __SSHAGENT_MAIN_H |
There was a problem hiding this comment.
Please remove the __, that should not be used in application / library header files. Maybe add some prefix (FREERDP or something to avoid collisions)
Add the sshagent plugin to forward the ssh-agent protocol over an RDP dynamic virtual channel, just as the normal ssh-agent forwards it over an SSH channel. Add the "/ssh-agent" command line option to enable it. Usage: Run FreeRDP with the ssh-agent plugin enabled: xfreerdp /ssh-agent ... In the remote desktop session run xrdp-ssh-agent and evaluate the output in the shell as for ssh-agent to set the required environment variables (specifically $SSH_AUTH_SOCK): eval "$(xrdp-ssh-agent -s)" This is the same as for the normal ssh-agent. You would typically do this in your Xsession or /etc/xrdp/startwm.sh. Limitations: 1. Error checking and handling could be improved. 2. This is only tested on Linux and will only work on systems where clients talk to the ssh-agent via Unix domain sockets. It won't currently work on Windows but it could be ported.
1. In connect_to_sshagent() if connect() fails, the socket agent_fd is leaked. It needs to be closed before returning. 2. Fix copyright messages. 3. Make if statement with call to CreateThread() clearer to read.
Also fix copyright dates...
This is based on xrdpapi/xrdp-ssh-agent.c from xrdp PR FreeRDP#867.
|
@freerdp-bot test |
|
Build finished. |
|
Refer to this link for build results (access rights to CI server needed): |
|
@ben-cohen nice work! Thank you! |
Add the sshagent plugin to forward the ssh-agent protocol over an RDP
dynamic virtual channel, just as the normal ssh-agent forwards it over
an SSH channel. Add the "/ssh-agent" command line option to enable it.
Usage:
Run FreeRDP with the ssh-agent plugin enabled:
xfreerdp /ssh-agent ...
In the remote desktop session run xrdp-ssh-agent and evaluate the output
in the shell as for ssh-agent to set the required environment variables
(specifically $SSH_AUTH_SOCK):
eval "$(xrdp-ssh-agent -s)"
This is the same as for the normal ssh-agent. You would typically do
this in your Xsession or /etc/xrdp/startwm.sh.
Limitations:
Error checking and handling could be improved.
This is only tested on Linux and will only work on systems where
clients talk to the ssh-agent via Unix domain sockets. It won't
currently work on Windows but it could be ported.