SSH agent forwarding patches @ mosh 1.4.0

Makefile.am

@@ -53,7 +53,7 @@ clean-local:
 cppcheck:
 	cppcheck $(CPPCHECK_FLAGS) -include src/include/config.h -I src/include \
 		-I src/crypto -I src/frontend -I src/network -I src/protobufs \
-		-I src/statesync -I src/terminal -I src/util \
+		-I src/statesync -I src/terminal -I src/util -I src/agent \
 		-I /usr/include -I /usr/include/google/protobuf -I/usr/include/openssl \
 		src
 

configure.ac

@@ -23,8 +23,16 @@ AS_IF([test x"$PROTOC" = x],
 m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
 
 # Protobuf 3.6+ requires C++11.
-AS_IF([pkg-config --atleast-version 3.6.0 protobuf],
-  [AX_CXX_COMPILE_STDCXX([11])])
+# Protobuf 22+ requires C++14.
+# Protobuf 23+ requires C++17.
+AS_IF(
+  [pkg-config --atleast-version 23.0.0 protobuf],
+  [AX_CXX_COMPILE_STDCXX([17])],
+  [pkg-config --atleast-version 22.0.0 protobuf],
+  [AX_CXX_COMPILE_STDCXX([14])],
+  [pkg-config --atleast-version 3.6.0 protobuf],
+  [AX_CXX_COMPILE_STDCXX([11])]
+)
 
 WARNING_CXXFLAGS=""
 PICKY_CXXFLAGS=""
@@ -209,6 +217,13 @@ AS_IF([test x"$enable_syslog" != xno],
       [AC_MSG_WARN([Unable to find syslog.h.])],
       [AC_MSG_ERROR([--enable-syslog was given but syslog.h was not found.])])])])
 
+AC_ARG_ENABLE([agent-forwarding],
+  [AS_HELP_STRING([--disable-agent-forwarding], [Build support for SSH agent forwarding @<:@yes@:>@])],
+  [enable_agent_forwarding="$enableval"],
+  [enable_agent_forwarding="yes"])
+AS_IF([test x"$enable_agent_forwarding" != xno],
+  [AC_DEFINE([SUPPORT_AGENT_FORWARDING], [1], [Define to build support for SSH agent forwarding.])])
+
 # Checks for libraries.
 AC_ARG_ENABLE([static-libraries],
   [AS_HELP_STRING([--enable-static-libraries], [Enable all static linking options below @<:@no@:>@])])
@@ -260,6 +275,7 @@ AC_SEARCH_LIBS([clock_gettime], [rt])
 
 # Checks for header files.
 AC_CHECK_HEADERS(m4_normalize([
+  errno.h
   fcntl.h
   langinfo.h
   limits.h
@@ -287,6 +303,8 @@ AC_CHECK_HEADERS([endian.h sys/endian.h])
 AC_CHECK_HEADERS([utmpx.h])
 AC_CHECK_HEADERS([termio.h])
 AC_CHECK_HEADERS([sys/uio.h])
+AC_CHECK_HEADERS([sys/un.h])
+AC_CHECK_HEADERS([sys/types.h])
 AC_CHECK_HEADERS([memory tr1/memory])
 
 # Checks for typedefs, structures, and compiler characteristics.
@@ -588,6 +606,7 @@ AC_CONFIG_FILES([
   src/protobufs/Makefile
   src/statesync/Makefile
   src/terminal/Makefile
+  src/agent/Makefile
   src/util/Makefile
   scripts/Makefile
   src/examples/Makefile

man/mosh.1

@@ -114,6 +114,11 @@ OpenSSH command to remotely execute mosh-server on remote machine (default: "ssh
 
 An alternate ssh port can be specified with, \fIe.g.\fP, \-\-ssh="ssh \-p 2222".
 
+.TP
+.B \-\-forward-agent
+Enable ssh authentication agent forwarding. If you use this, please be
+aware of the security implications.
+
 .TP
 .B \-\-ssh-pty\fP
 .B \-\-no-ssh-pty\fP
@@ -134,6 +139,10 @@ confident. This generally means a previous prediction on the same row
 of the terminal has been confirmed by the server, without any
 intervening control character keystrokes.
 
+.TP
+.B \-A
+Synonym for \-\-forward-agent
+
 .TP
 .B \-a
 Synonym for \-\-predict=always

scripts/mosh.pl

@@ -79,6 +79,8 @@ BEGIN
 
 my $term_init = 1;
 
+my $forward_agent = 0;
+
 my $localhost = undef;
 
 my $ssh_pty = 1;
@@ -118,6 +120,8 @@ BEGIN
                                 (example: "ssh -p 2222")
                                 (default: "ssh")
 
+-A      --forward-agent      enable ssh agent forwarding
+
         --no-ssh-pty         do not allocate a pseudo tty on ssh connection
 
         --no-init            do not send terminal initialization string
@@ -152,6 +156,10 @@ sub predict_check {
   }
 }
 
+# Make GetOptions behave more like traditional UNIX parsers.
+# As a side effect, parse short options case-sensitively (which we need for -A).
+Getopt::Long::Configure( "bundling" );
+
 GetOptions( 'client=s' => \$client,
 	    'server=s' => \$server,
 	    'predict=s' => \$predict,
@@ -164,6 +172,8 @@ sub predict_check {
 	    '6' => sub { $family = 'inet6' },
 	    'p=s' => \$port_request,
 	    'ssh=s' => sub { @ssh = shellwords($_[1]); },
+	    'A' => \$forward_agent,
+	    'forward-agent!' => \$forward_agent,
 	    'ssh-pty!' => \$ssh_pty,
 	    'init!' => \$term_init,
 	    'local' => \$localhost,
@@ -376,6 +386,10 @@ sub predict_check {
   }
   my @server = ( 'new' );
 
+  if ( $forward_agent ) {
+    push @server, ( '-A' );
+  }
+
   push @server, ( '-c', $colors );
 
   push @server, @bind_arguments;
@@ -462,7 +476,14 @@ sub predict_check {
   $ENV{ 'MOSH_KEY' } = $key;
   $ENV{ 'MOSH_PREDICTION_DISPLAY' } = $predict;
   $ENV{ 'MOSH_NO_TERM_INIT' } = '1' if !$term_init;
-  exec {$client} ("$client", "-# @cmdline |", $ip, $port);
+
+  my @client_av = ();
+  if ( $forward_agent ) {
+    push @client_av, ( '-A' );
+  }
+  push @client_av, ( $ip, $port );
+
+  exec {$client} ("$client", "-# @cmdline |", @client_av);
 }
 
 sub shell_quote { join ' ', map {(my $a = $_) =~ s/'/'\\''/g; "'$a'"} @_ }

src/Makefile.am

@@ -1 +1 @@
-SUBDIRS = include protobufs util crypto terminal network statesync frontend examples tests fuzz
+SUBDIRS = include protobufs util crypto terminal network statesync agent frontend examples tests fuzz

src/agent/Makefile.am

@@ -0,0 +1,7 @@
+AM_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../crypto -I$(srcdir)/../network -I../protobufs $(TINFO_CFLAGS) $(protobuf_CFLAGS)
+AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS) $(CODE_COVERAGE_CXXFLAGS)
+AM_LDFLAGS  = $(HARDEN_LDFLAGS) $(CODE_COVERAGE_LIBS)
+
+noinst_LIBRARIES = libmoshagent.a
+
+libmoshagent_a_SOURCES = agent.cc agent.h