diff options
| author | Damien Miller <djm@mindrot.org> | 2005-12-13 19:29:02 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-12-13 19:29:02 +1100 |
| commit | d27b947178df3689bfb7fdfb62a5f1337ef73481 (patch) | |
| tree | c8678325c355b3602bdabca16da1baa8707818eb /ssh.c | |
| parent | 6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff) | |
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 39 |
1 files changed, 36 insertions, 3 deletions
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.254 2005/10/30 08:52:18 djm Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.255 2005/12/06 22:38:27 reyk Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -162,7 +162,7 @@ usage(void) | |||
| 162 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" | 162 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" |
| 163 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | 163 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
| 164 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" | 164 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
| 165 | " [user@]hostname [command]\n" | 165 | " [-w tunnel:tunnel] [user@]hostname [command]\n" |
| 166 | ); | 166 | ); |
| 167 | exit(1); | 167 | exit(1); |
| 168 | } | 168 | } |
| @@ -244,7 +244,7 @@ main(int ac, char **av) | |||
| 244 | 244 | ||
| 245 | again: | 245 | again: |
| 246 | while ((opt = getopt(ac, av, | 246 | while ((opt = getopt(ac, av, |
| 247 | "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { | 247 | "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) { |
| 248 | switch (opt) { | 248 | switch (opt) { |
| 249 | case '1': | 249 | case '1': |
| 250 | options.protocol = SSH_PROTO_1; | 250 | options.protocol = SSH_PROTO_1; |
| @@ -340,6 +340,14 @@ again: | |||
| 340 | if (opt == 'V') | 340 | if (opt == 'V') |
| 341 | exit(0); | 341 | exit(0); |
| 342 | break; | 342 | break; |
| 343 | case 'w': | ||
| 344 | options.tun_open = 1; | ||
| 345 | options.tun_local = a2tun(optarg, &options.tun_remote); | ||
| 346 | if (options.tun_local < -1) { | ||
| 347 | fprintf(stderr, "Bad tun device '%s'\n", optarg); | ||
| 348 | exit(1); | ||
| 349 | } | ||
| 350 | break; | ||
| 343 | case 'q': | 351 | case 'q': |
| 344 | options.log_level = SYSLOG_LEVEL_QUIET; | 352 | options.log_level = SYSLOG_LEVEL_QUIET; |
| 345 | break; | 353 | break; |
| @@ -1059,6 +1067,26 @@ ssh_session2_setup(int id, void *arg) | |||
| 1059 | packet_send(); | 1067 | packet_send(); |
| 1060 | } | 1068 | } |
| 1061 | 1069 | ||
| 1070 | if (options.tun_open) { | ||
| 1071 | Channel *c; | ||
| 1072 | int fd; | ||
| 1073 | |||
| 1074 | debug("Requesting tun."); | ||
| 1075 | if ((fd = tun_open(options.tun_local)) >= 0) { | ||
| 1076 | c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, | ||
| 1077 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | ||
| 1078 | 0, "tun", 1); | ||
| 1079 | c->datagram = 1; | ||
| 1080 | packet_start(SSH2_MSG_CHANNEL_OPEN); | ||
| 1081 | packet_put_cstring("tun@openssh.com"); | ||
| 1082 | packet_put_int(c->self); | ||
| 1083 | packet_put_int(c->local_window_max); | ||
| 1084 | packet_put_int(c->local_maxpacket); | ||
| 1085 | packet_put_int(options.tun_remote); | ||
| 1086 | packet_send(); | ||
| 1087 | } | ||
| 1088 | } | ||
| 1089 | |||
| 1062 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), | 1090 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), |
| 1063 | NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); | 1091 | NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); |
| 1064 | 1092 | ||
| @@ -1123,6 +1151,11 @@ ssh_session2(void) | |||
| 1123 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1151 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
| 1124 | id = ssh_session2_open(); | 1152 | id = ssh_session2_open(); |
| 1125 | 1153 | ||
| 1154 | /* Execute a local command */ | ||
| 1155 | if (options.local_command != NULL && | ||
| 1156 | options.permit_local_command) | ||
| 1157 | ssh_local_cmd(options.local_command); | ||
| 1158 | |||
| 1126 | /* If requested, let ssh continue in the background. */ | 1159 | /* If requested, let ssh continue in the background. */ |
| 1127 | if (fork_after_authentication_flag) | 1160 | if (fork_after_authentication_flag) |
| 1128 | if (daemon(1, 1) < 0) | 1161 | if (daemon(1, 1) < 0) |