SSH agent forwarding patches re-merged as one patch.

Signed-off-by: Timo J. Rinne <[email protected]>
rinne · Nov 28, 2015 · dfa183d · dfa183d
1 parent b742e95
commit dfa183d
Show file tree

Hide file tree

Showing 27 changed files with 1,306 additions and 31 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -32,7 +32,7 @@ clean-local:
 cppcheck: $(BUILT_SOURCES) config.h
 	cppcheck --enable=all --template=gcc -include config.h -I . \
 		-I src/crypto -I src/frontend -I src/network -I src/protobufs \
-		-I src/statesync -I src/terminal -I src/util \
+		-I src/statesync -I src/terminal -I src/util -I src/agent \
 		-I /usr/include -I /usr/include/google/protobuf -I/usr/include/openssl \
 		.
 

diff --git a/configure.ac b/configure.ac
@@ -172,13 +172,21 @@ AS_IF([test x"$with_utempter" != xno],
       [AC_MSG_WARN([Unable to find libutempter; utmp entries will not be made.])],
       [AC_MSG_ERROR([--with-utempter was given but libutempter was not found.])])])])
 
+# Handle --disable-agent-forwarding
+AC_ARG_ENABLE(agent-forwarding,
+              AS_HELP_STRING([--disable-agent-forwarding],
+                             [disable ssh agent forwarding in compile time]),
+              , enable_agent_forwarding=yes)
+
+
 AC_SEARCH_LIBS([compress], [z], , [AC_MSG_ERROR([Unable to find zlib.])])
 
 AC_SEARCH_LIBS([socket], [socket])
 AC_SEARCH_LIBS([inet_addr], [nsl])
 
 # Checks for header files.
 AC_CHECK_HEADERS(m4_normalize([
+  errno.h
   fcntl.h
   langinfo.h
   limits.h
@@ -206,6 +214,8 @@ AC_CHECK_HEADERS([endian.h sys/endian.h])
 AC_CHECK_HEADERS([utmpx.h])
 AC_CHECK_HEADERS([termio.h])
 AC_CHECK_HEADERS([sys/uio.h])
+AC_CHECK_HEADERS([sys/un.h])
+AC_CHECK_HEADERS([sys/types.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_HEADER_STDBOOL
@@ -415,6 +425,11 @@ AC_CHECK_DECL([IUTF8],
   [AC_MSG_WARN([No IUTF8 termios mode; character-erase of multibyte character sequence probably does not work properly in canonical mode on this platform.])],
   [[#include <termios.h>]])
 
+if test "$enable_agent_forwarding" = "yes"; then
+  AC_DEFINE([SUPPORT_AGENT_FORWARDING], [], [
+    Define to enable support for SSH agent forwarding])
+fi
+
 # Checks for protobuf
 PKG_CHECK_MODULES([protobuf], [protobuf])
 
@@ -438,6 +453,7 @@ AC_CONFIG_FILES([
   src/protobufs/Makefile
   src/statesync/Makefile
   src/terminal/Makefile
+  src/agent/Makefile
   src/util/Makefile
   scripts/Makefile
   src/examples/Makefile

diff --git a/man/mosh.1 b/man/mosh.1
@@ -105,6 +105,11 @@ OpenSSH command to remotely execute mosh-server on remote machine (default: "ssh
 
 An alternate ssh port can be specified with, \fIe.g.\fP, \-\-ssh="ssh \-p 2222".
 
+.TP
+.B \-\-forward-agent
+Enable ssh authentication agent forwarding. If you use this, please be
+aware of the security implications.
+
 .TP
 .B \-\-predict=\fIWHEN\fP
 Controls use of speculative local echo. WHEN defaults to `adaptive'
@@ -119,6 +124,10 @@ confident. This generally means a previous prediction on the same row
 of the terminal has been confirmed by the server, without any
 intervening control character keystrokes.
 
+.TP
+.B \-A
+Synonym for \-\-forward-agent
+
 .TP
 .B \-a
 Synonym for \-\-predict=always

diff --git a/scripts/mosh.pl b/scripts/mosh.pl
@@ -52,6 +52,8 @@
 
 my $term_init = 1;
 
+my $forward_agent = 0;
+
 my $localhost = undef;
 
 my $help = undef;
@@ -82,6 +84,8 @@
                                 (example: "ssh -p 2222")
                                 (default: "ssh")
 
+-A      --forward-agent      enable ssh agent forwarding
+
         --no-init            do not send terminal initialization string
 
         --local              run mosh-server locally without using ssh
@@ -121,6 +125,8 @@ sub predict_check {
 	    '6' => sub { $family = 'inet6' },
 	    'p=s' => \$port_request,
 	    'ssh=s' => sub { @ssh = shellwords($_[1]); },
+            'A' => \$forward_agent,
+            'forward-agent!' => \$forward_agent,
 	    'init!' => \$term_init,
 	    'local' => \$localhost,
 	    'help' => \$help,
@@ -275,6 +281,10 @@ sub predict_check {
 
   my @server = ( 'new' );
 
+  if ( $forward_agent ) {
+    push @server, ( '-A' );
+  }
+
   push @server, ( '-c', $colors );
 
   push @server, @bind_arguments;
@@ -342,7 +352,14 @@ sub predict_check {
   $ENV{ 'MOSH_KEY' } = $key;
   $ENV{ 'MOSH_PREDICTION_DISPLAY' } = $predict;
   $ENV{ 'MOSH_NO_TERM_INIT' } = '1' if !$term_init;
-  exec {$client} ("$client @cmdline |", $ip, $port);
+
+  my @client_av = ();
+  if ( $forward_agent ) {
+    push @client_av, ( '-A' );
+  }
+  push @client_av, ( $ip, $port );
+
+  exec {$client} ("$client @cmdline |", @client_av);
 }
 
 sub shell_quote { join ' ', map {(my $a = $_) =~ s/'/'\\''/g; "'$a'"} @_ }

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -1 +1 @@
-SUBDIRS = protobufs util crypto terminal network statesync frontend examples tests
+SUBDIRS = protobufs util crypto terminal network statesync agent frontend examples tests
diff --git a/src/agent/Makefile.am b/src/agent/Makefile.am
@@ -0,0 +1,7 @@
+AM_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../crypto -I$(srcdir)/../network -I../protobufs $(protobuf_CFLAGS) $(TINFO_CFLAGS)
+AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
+
+noinst_LIBRARIES = libmoshagent.a
+
+libmoshagent_a_SOURCES = agent.h agent.cc
+