3 files changed, 74 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index d402c4284..a22bef554 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,15 @@
 20140721
+ - OpenBSD CVS Sync
+   - millert@cvs.openbsd.org 2014/07/15 15:54:15
+     [forwarding.sh multiplex.sh]
+     Add support for Unix domain socket forwarding.  A remote TCP port
+     may be forwarded to a local Unix domain socket and vice versa or
+     both ends may be a Unix domain socket.  This is a reimplementation
+     of the streamlocal patches by William Ahern from:
+         http://www.25thandclement.com/~william/projects/streamlocal.html
+     OK djm@ markus@
+20140721
 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
   needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm
 - (dtucker) [regress/unittests/sshkey/
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index 94873f22c..f799d4951 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $
+#       $OpenBSD: forwarding.sh,v 1.12 2014/07/15 15:54:15 millert Exp $
 #       Placed in the Public Domain.
 tid="local and remote forwarding"
@@ -28,7 +28,7 @@ for p in 1 2; do
        trace "transfer over forwarded channels and check result"
        ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
                somehost cat ${DATA} > ${COPY}
-        test -f ${COPY}         || fail "failed copy of ${DATA}"
+        test -s ${COPY}         || fail "failed copy of ${DATA}"
        cmp ${DATA} ${COPY}     || fail "corrupted copy of ${DATA}"
        sleep 10
@@ -114,8 +114,24 @@ for p in 1 2; do
        trace "config file: transfer over forwarded channels and check result"
        ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
                somehost cat ${DATA} > ${COPY}
-        test -f ${COPY}         || fail "failed copy of ${DATA}"
+        test -s ${COPY}         || fail "failed copy of ${DATA}"
        cmp ${DATA} ${COPY}     || fail "corrupted copy of ${DATA}"
        wait
 done
+for p in 2; do
+        trace "transfer over chained unix domain socket forwards and check result"
+        rm -f $OBJ/unix-[123].fwd
+        ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
+        ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
+        ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
+        ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
+        ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
+                somehost cat ${DATA} > ${COPY}
+        test -s ${COPY}                 || fail "failed copy ${DATA}"
+        cmp ${DATA} ${COPY}             || fail "corrupted copy of ${DATA}"
+        #wait
+        sleep 10
+done
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index 0a9ed2fbf..9f5fc38ea 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: multiplex.sh,v 1.23 2014/07/07 08:15:26 djm Exp $
+#       $OpenBSD: multiplex.sh,v 1.24 2014/07/15 15:54:15 millert Exp $
 #       Placed in the Public Domain.
 CTL=/tmp/openssh.regress.ctl-sock.$$
@@ -72,6 +72,25 @@ test -f ${COPY}			|| fail "scp: failed copy ${DATA}"
 cmp ${DATA} ${COPY}             || fail "scp: corrupted copy of ${DATA}"
 rm -f ${COPY}
+verbose "test $tid: forward"
+trace "forward over TCP/IP and check result"
+nc -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} &
+netcat_pid=$!
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1
+nc 127.0.0.1 $((${PORT} + 2)) > ${COPY}
+cmp ${DATA} ${COPY}             || fail "ssh: corrupted copy of ${DATA}"
+kill $netcat_pid 2>/dev/null
+rm -f ${COPY} $OBJ/unix-[123].fwd
+trace "forward over UNIX and check result"
+nc -N -Ul $OBJ/unix-1.fwd < ${DATA} &
+netcat_pid=$!
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L$OBJ/unix-2.fwd:$OBJ/unix-1.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R$OBJ/unix-3.fwd:$OBJ/unix-2.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
+nc -U $OBJ/unix-3.fwd > ${COPY}
+cmp ${DATA} ${COPY}             || fail "ssh: corrupted copy of ${DATA}"
+kill $netcat_pid 2>/dev/null
+rm -f ${COPY} $OBJ/unix-[123].fwd
 for s in 0 1 4 5 44; do
        trace "exit status $s over multiplexed connection"
@@ -96,7 +115,7 @@ verbose "test $tid: cmd check"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
    || fail "check command failed" 
-verbose "test $tid: cmd forward local"
+verbose "test $tid: cmd forward local (TCP)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \
     || fail "request local forward failed"
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
@@ -106,7 +125,7 @@ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
     && fail "local forward port still listening"
-verbose "test $tid: cmd forward remote"
+verbose "test $tid: cmd forward remote (TCP)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \
     || fail "request remote forward failed"
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
@@ -116,6 +135,28 @@ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
     && fail "remote forward port still listening"
+verbose "test $tid: cmd forward local (UNIX)"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
+     || fail "request local forward failed"
+echo "" | nc -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \
+     || fail "connect to local forward path failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
+     || fail "cancel local forward failed"
+N=$(echo "" | nc -U $OBJ/unix-1.fwd 2>&1 | wc -l)
+test ${N} -eq 0 || fail "local forward path still listening"
+rm -f $OBJ/unix-1.fwd
+verbose "test $tid: cmd forward remote (UNIX)"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
+     || fail "request remote forward failed"
+echo "" | nc -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \
+     || fail "connect to remote forwarded path failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
+     || fail "cancel remote forward failed"
+N=$(echo "" | nc -U $OBJ/unix-1.fwd 2>&1 | wc -l)
+test ${N} -eq 0 || fail "remote forward path still listening"
+rm -f $OBJ/unix-1.fwd
 verbose "test $tid: cmd exit"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
    || fail "send exit command failed"

diff --git a/ChangeLog b/ChangeLog index d402c4284..a22bef554 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,4 +1,15 @@
1	20140721	1	20140721
		2	- OpenBSD CVS Sync
		3	- millert@cvs.openbsd.org 2014/07/15 15:54:15
		4	[forwarding.sh multiplex.sh]
		5	Add support for Unix domain socket forwarding. A remote TCP port
		6	may be forwarded to a local Unix domain socket and vice versa or
		7	both ends may be a Unix domain socket. This is a reimplementation
		8	of the streamlocal patches by William Ahern from:
		9	http://www.25thandclement.com/~william/projects/streamlocal.html
		10	OK djm@ markus@
		11
		12	20140721
2	- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits	13	- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
3	needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm	14	needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
4	- (dtucker) [regress/unittests/sshkey/	15	- (dtucker) [regress/unittests/sshkey/


diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 94873f22c..f799d4951 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $	1	# $OpenBSD: forwarding.sh,v 1.12 2014/07/15 15:54:15 millert Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="local and remote forwarding"	4	tid="local and remote forwarding"
@@ -28,7 +28,7 @@ for p in 1 2; do
28	trace "transfer over forwarded channels and check result"	28	trace "transfer over forwarded channels and check result"
29	${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \	29	${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
30	somehost cat ${DATA} > ${COPY}	30	somehost cat ${DATA} > ${COPY}
31	test -f ${COPY} \|\| fail "failed copy of ${DATA}"	31	test -s ${COPY} \|\| fail "failed copy of ${DATA}"
32	cmp ${DATA} ${COPY} \|\| fail "corrupted copy of ${DATA}"	32	cmp ${DATA} ${COPY} \|\| fail "corrupted copy of ${DATA}"
33		33
34	sleep 10	34	sleep 10
@@ -114,8 +114,24 @@ for p in 1 2; do
114	trace "config file: transfer over forwarded channels and check result"	114	trace "config file: transfer over forwarded channels and check result"
115	${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \	115	${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
116	somehost cat ${DATA} > ${COPY}	116	somehost cat ${DATA} > ${COPY}
117	test -f ${COPY} \|\| fail "failed copy of ${DATA}"	117	test -s ${COPY} \|\| fail "failed copy of ${DATA}"
118	cmp ${DATA} ${COPY} \|\| fail "corrupted copy of ${DATA}"	118	cmp ${DATA} ${COPY} \|\| fail "corrupted copy of ${DATA}"
119		119
120	wait	120	wait
121	done	121	done
		122
		123	for p in 2; do
		124	trace "transfer over chained unix domain socket forwards and check result"
		125	rm -f $OBJ/unix-[123].fwd
		126	${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
		127	${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
		128	${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
		129	${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
		130	${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
		131	somehost cat ${DATA} > ${COPY}
		132	test -s ${COPY} \|\| fail "failed copy ${DATA}"
		133	cmp ${DATA} ${COPY} \|\| fail "corrupted copy of ${DATA}"
		134
		135	#wait
		136	sleep 10
		137	done


diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 0a9ed2fbf..9f5fc38ea 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: multiplex.sh,v 1.23 2014/07/07 08:15:26 djm Exp $	1	# $OpenBSD: multiplex.sh,v 1.24 2014/07/15 15:54:15 millert Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	CTL=/tmp/openssh.regress.ctl-sock.$$	4	CTL=/tmp/openssh.regress.ctl-sock.$$
@@ -72,6 +72,25 @@ test -f ${COPY} \|\| fail "scp: failed copy ${DATA}"
72	cmp ${DATA} ${COPY} \|\| fail "scp: corrupted copy of ${DATA}"	72	cmp ${DATA} ${COPY} \|\| fail "scp: corrupted copy of ${DATA}"
73		73
74	rm -f ${COPY}	74	rm -f ${COPY}
		75	verbose "test $tid: forward"
		76	trace "forward over TCP/IP and check result"
		77	nc -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} &
		78	netcat_pid=$!
		79	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1
		80	nc 127.0.0.1 $((${PORT} + 2)) > ${COPY}
		81	cmp ${DATA} ${COPY} \|\| fail "ssh: corrupted copy of ${DATA}"
		82	kill $netcat_pid 2>/dev/null
		83	rm -f ${COPY} $OBJ/unix-[123].fwd
		84
		85	trace "forward over UNIX and check result"
		86	nc -N -Ul $OBJ/unix-1.fwd < ${DATA} &
		87	netcat_pid=$!
		88	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L$OBJ/unix-2.fwd:$OBJ/unix-1.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
		89	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R$OBJ/unix-3.fwd:$OBJ/unix-2.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
		90	nc -U $OBJ/unix-3.fwd > ${COPY}
		91	cmp ${DATA} ${COPY} \|\| fail "ssh: corrupted copy of ${DATA}"
		92	kill $netcat_pid 2>/dev/null
		93	rm -f ${COPY} $OBJ/unix-[123].fwd
75		94
76	for s in 0 1 4 5 44; do	95	for s in 0 1 4 5 44; do
77	trace "exit status $s over multiplexed connection"	96	trace "exit status $s over multiplexed connection"
@@ -96,7 +115,7 @@ verbose "test $tid: cmd check"
96	${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \	115	${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
97	\|\| fail "check command failed"	116	\|\| fail "check command failed"
98		117
99	verbose "test $tid: cmd forward local"	118	verbose "test $tid: cmd forward local (TCP)"
100	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \	119	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \
101	\|\| fail "request local forward failed"	120	\|\| fail "request local forward failed"
102	${SSH} -F $OBJ/ssh_config -p$P otherhost true \	121	${SSH} -F $OBJ/ssh_config -p$P otherhost true \
@@ -106,7 +125,7 @@ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \
106	${SSH} -F $OBJ/ssh_config -p$P otherhost true \	125	${SSH} -F $OBJ/ssh_config -p$P otherhost true \
107	&& fail "local forward port still listening"	126	&& fail "local forward port still listening"
108		127
109	verbose "test $tid: cmd forward remote"	128	verbose "test $tid: cmd forward remote (TCP)"
110	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \	129	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \
111	\|\| fail "request remote forward failed"	130	\|\| fail "request remote forward failed"
112	${SSH} -F $OBJ/ssh_config -p$P otherhost true \	131	${SSH} -F $OBJ/ssh_config -p$P otherhost true \
@@ -116,6 +135,28 @@ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \
116	${SSH} -F $OBJ/ssh_config -p$P otherhost true \	135	${SSH} -F $OBJ/ssh_config -p$P otherhost true \
117	&& fail "remote forward port still listening"	136	&& fail "remote forward port still listening"
118		137
		138	verbose "test $tid: cmd forward local (UNIX)"
		139	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
		140	\|\| fail "request local forward failed"
		141	echo "" \| nc -U $OBJ/unix-1.fwd \| grep "Protocol mismatch" >/dev/null 2>&1 \
		142	\|\| fail "connect to local forward path failed"
		143	${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
		144	\|\| fail "cancel local forward failed"
		145	N=$(echo "" \| nc -U $OBJ/unix-1.fwd 2>&1 \| wc -l)
		146	test ${N} -eq 0 \|\| fail "local forward path still listening"
		147	rm -f $OBJ/unix-1.fwd
		148
		149	verbose "test $tid: cmd forward remote (UNIX)"
		150	${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
		151	\|\| fail "request remote forward failed"
		152	echo "" \| nc -U $OBJ/unix-1.fwd \| grep "Protocol mismatch" >/dev/null 2>&1 \
		153	\|\| fail "connect to remote forwarded path failed"
		154	${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
		155	\|\| fail "cancel remote forward failed"
		156	N=$(echo "" \| nc -U $OBJ/unix-1.fwd 2>&1 \| wc -l)
		157	test ${N} -eq 0 \|\| fail "remote forward path still listening"
		158	rm -f $OBJ/unix-1.fwd
		159
119	verbose "test $tid: cmd exit"	160	verbose "test $tid: cmd exit"
120	${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \	161	${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
121	\|\| fail "send exit command failed"	162	\|\| fail "send exit command failed"