mirror of
https://github.com/clearml/dropbear
synced 2025-05-25 05:34:22 +00:00
Add multihop 'onion-forwarding' mode. Needs refinement, works.
--HG-- extra : convert_revision : 877947ce24297781438a75e7e9c64ba86f0dce93
This commit is contained in:
Matt Johnston
parent
66e2f59c7b
commit
f4aacaa74c
@ -33,7 +33,7 @@
|
||||
cli_runopts cli_opts; /* GLOBAL */
|
||||
|
||||
static void printhelp();
|
||||
static void parsehostname(const char* orighostarg);
|
||||
static void parsehostname(const char* orighostarg, const char* argv0);
|
||||
static void fill_own_user();
|
||||
#ifdef ENABLE_CLI_PUBKEY_AUTH
|
||||
static void loadidentityfile(const char* filename);
|
||||
@ -291,7 +291,7 @@ void cli_getopts(int argc, char ** argv) {
|
||||
|
||||
if (cli_opts.remotehost == NULL) {
|
||||
|
||||
parsehostname(argv[i]);
|
||||
parsehostname(argv[i], argv[0]);
|
||||
|
||||
} else {
|
||||
|
||||
@ -319,6 +319,8 @@ void cli_getopts(int argc, char ** argv) {
|
||||
}
|
||||
}
|
||||
|
||||
/* And now a few sanity checks and setup */
|
||||
|
||||
if (cli_opts.remotehost == NULL) {
|
||||
printhelp();
|
||||
exit(EXIT_FAILURE);
|
||||
@ -355,6 +357,12 @@ void cli_getopts(int argc, char ** argv) {
|
||||
dropbear_exit("Bad keepalive '%s'", keepalive_arg);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef ENABLE_CLI_NETCAT
|
||||
if (cli_opts.cmd && cli_opts.netcat_host) {
|
||||
dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
@ -383,12 +391,77 @@ static void loadidentityfile(const char* filename) {
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef ENABLE_CLI_MULTIHOP
|
||||
|
||||
/* Sets up 'onion-forwarding' connections.
|
||||
* As an example, if the cmdline is
|
||||
* dbclient wrt,madako,canyons
|
||||
* then we want to run:
|
||||
* dbclient -J "dbclient -B canyons:22 wrt,madako" canyons
|
||||
* and then the inner dbclient will recursively run:
|
||||
* dbclient -J "dbclient -B madako:22 wrt" madako
|
||||
* etc for as many hosts as we want.
|
||||
*/
|
||||
static void parsehostname(const char* orighostarg, const char* argv0) {
|
||||
char *userhostarg = NULL;
|
||||
char *last_hop = NULL;;
|
||||
char *remainder = NULL;
|
||||
|
||||
userhostarg = m_strdup(orighostarg);
|
||||
|
||||
last_hop = strrchr(userhostarg, ',');
|
||||
if (last_hop) {
|
||||
if (last_hop == userhostarg) {
|
||||
dropbear_exit("Bad multi-hop hostnames");
|
||||
}
|
||||
*last_hop = '\0';
|
||||
last_hop++;
|
||||
remainder = userhostarg;
|
||||
userhostarg = last_hop;
|
||||
}
|
||||
|
||||
cli_opts.remotehost = strchr(userhostarg, '@');
|
||||
if (cli_opts.remotehost == NULL) {
|
||||
/* no username portion, the cli-auth.c code can figure the
|
||||
* local user's name */
|
||||
cli_opts.remotehost = userhostarg;
|
||||
} else {
|
||||
cli_opts.remotehost[0] = '\0'; /* Split the user/host */
|
||||
cli_opts.remotehost++;
|
||||
cli_opts.username = userhostarg;
|
||||
}
|
||||
|
||||
if (cli_opts.username == NULL) {
|
||||
cli_opts.username = m_strdup(cli_opts.own_user);
|
||||
}
|
||||
|
||||
if (cli_opts.remotehost[0] == '\0') {
|
||||
dropbear_exit("Bad hostname");
|
||||
}
|
||||
|
||||
if (last_hop) {
|
||||
/* Set up the proxycmd */
|
||||
unsigned int cmd_len = 0;
|
||||
if (cli_opts.proxycmd) {
|
||||
dropbear_exit("-J can't be used with multihop mode");
|
||||
}
|
||||
if (cli_opts.remoteport == NULL) {
|
||||
cli_opts.remoteport = "22";
|
||||
}
|
||||
cmd_len = strlen(remainder)
|
||||
+ strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport)
|
||||
+ strlen(argv0) + 30;
|
||||
cli_opts.proxycmd = m_malloc(cmd_len);
|
||||
snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s",
|
||||
argv0, cli_opts.remotehost, cli_opts.remoteport, remainder);
|
||||
dropbear_log(LOG_INFO, "proxycmd: '%s'", cli_opts.proxycmd);
|
||||
}
|
||||
}
|
||||
|
||||
#else /* !ENABLE_CLI_MULTIHOP */
|
||||
|
||||
/* Parses a [user@]hostname argument. orighostarg is the argv[i] corresponding */
|
||||
static void parsehostname(const char* orighostarg) {
|
||||
|
||||
uid_t uid;
|
||||
struct passwd *pw = NULL;
|
||||
static void parsehostname(const char* orighostarg, const char* argv0) {
|
||||
char *userhostarg = NULL;
|
||||
|
||||
userhostarg = m_strdup(orighostarg);
|
||||
@ -413,6 +486,8 @@ static void parsehostname(const char* orighostarg) {
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* !ENABLE_CLI_MULTIHOP */
|
||||
|
||||
#ifdef ENABLE_CLI_NETCAT
|
||||
static void add_netcat(const char* origstr) {
|
||||
char *portstr = NULL;
|
||||
|
||||
@ -140,8 +140,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
|
||||
* but there's an interface via a PAM module - don't bother using it otherwise.
|
||||
* You can't enable both PASSWORD and PAM. */
|
||||
|
||||
#define ENABLE_SVR_PASSWORD_AUTH
|
||||
/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
|
||||
//#define ENABLE_SVR_PASSWORD_AUTH
|
||||
#define ENABLE_SVR_PAM_AUTH /* requires ./configure --enable-pam */
|
||||
#define ENABLE_SVR_PUBKEY_AUTH
|
||||
|
||||
#define ENABLE_CLI_PASSWORD_AUTH
|
||||
@ -407,6 +407,10 @@ be overridden at runtime with -K. 0 disables keepalives */
|
||||
#define USING_LISTENERS
|
||||
#endif
|
||||
|
||||
#if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
|
||||
#define ENABLE_CLI_MULTIHOP
|
||||
#endif
|
||||
|
||||
#if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
|
||||
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
|
||||
#endif
|
||||
|
||||
Loading…
Reference in New Issue
Block a user