A hack to make dbclient to tcp forwarding netcat style.

eg ./dbclient -i testkey -L 1234:remotehost:remoteport tunnelhost will ssh to tunnelhost (using testkey, there's no way to ask for a password) and then tcpfwd to remotehost:remoteport on stdin/stdout. There's no way to give a cmdline password, so -i for a keyfile will have to do. Yet another reason for agent forwarding. The 1234 is a dummy var, I think it has to be a valid portnumber though. --HG-- branch : dbclient-netcat-alike extra : convert_revision : d1f69334581dc4c35f9ca16aa5355074c9dd315d
2025-02-07 13:21:15 +00:00 · 2006-03-21 16:16:41 +00:00 · 2006-03-21 16:16:41 +00:00 · cdbe853595
commit cdbe853595
parent 3f49fc5f2c
3 changed files with 46 additions and 5 deletions
--- a/cli-chansession.c
+++ b/cli-chansession.c
@ -367,14 +367,55 @@ static int cli_initchansess(struct Channel *channel) {

 void cli_send_chansess_request() {

+	unsigned int port = 0;
+	unsigned char* addr = NULL;
+	unsigned char* ipstring = "127.0.0.1";
+	unsigned char* portstring = "22";
+
+	/* hack hack */
+	static const struct ChanType cli_chan_tcphack = {
+		0, /* sepfds */
+		"direct-tcpip",
+		NULL,
+		NULL,
+		NULL,
+		cli_closechansess
+	};
+
 	TRACE(("enter cli_send_chansess_request"))
-	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
+	if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_tcphack) 
 			== DROPBEAR_FAILURE) {
 		dropbear_exit("Couldn't open initial channel");
 	}

-	/* No special channel request data */
+	if (cli_opts.localfwds == NULL) {
+		dropbear_exit("You need to give a \"-L ignored:host:port\" option with this hacked up dbclient.");
+	}
+
+	addr = cli_opts.localfwds->connectaddr;
+	port = cli_opts.localfwds->connectport;
+
+	buf_putstring(ses.writepayload, addr, strlen(addr));
+	buf_putint(ses.writepayload, port);
+
+	/* originator ip */
+	buf_putstring(ses.writepayload, ipstring, strlen(ipstring));
+	/* originator port */
+	buf_putint(ses.writepayload, atol(portstring));
+
 	encrypt_packet();
 	TRACE(("leave cli_send_chansess_request"))

 }
+
+#if 0
+	while (cli_opts.localfwds != NULL) {
+		ret = cli_localtcp(cli_opts.localfwds->listenport,
+				cli_opts.localfwds->connectaddr,
+				cli_opts.localfwds->connectport);
+		if (ret == DROPBEAR_FAILURE) {
+			dropbear_log(LOG_WARNING, "Failed local port forward %d:%s:%d",
+					cli_opts.localfwds->listenport,
+					cli_opts.localfwds->connectaddr,
+					cli_opts.localfwds->connectport);
+#endif
--- a/cli-session.c
+++ b/cli-session.c
@ -213,10 +213,10 @@ static void cli_sessionloop() {

 		case USERAUTH_SUCCESS_RCVD:
 #ifdef ENABLE_CLI_LOCALTCPFWD
-			setup_localtcp();
+			//setup_localtcp();
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
-			setup_remotetcp();
+			//setup_remotetcp();
 #endif
 			cli_send_chansess_request();
 			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
--- a/debug.h
+++ b/debug.h
@ -39,7 +39,7 @@
 * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
 * since the printing may not sanitise strings etc. This will add a reasonable
 * amount to your executable size. */
-/*#define DEBUG_TRACE */
+#define DEBUG_TRACE 

 /* All functions writing to the cleartext payload buffer call
 * CHECKCLEARTOWRITE() before writing. This is only really useful if you're