From 7acefbbcbeab725420ea07397ae35992f505f702 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jul 2014 14:11:24 +1000 Subject: - millert@cvs.openbsd.org 2014/07/15 15:54:14 [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@ --- clientloop.c | 78 ++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 44 insertions(+), 34 deletions(-) (limited to 'clientloop.c') diff --git a/clientloop.c b/clientloop.c index 02510e26d..397c96532 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.260 2014/06/27 16:41:56 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.261 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -100,13 +100,13 @@ #include "cipher.h" #include "kex.h" #include "log.h" +#include "misc.h" #include "readconf.h" #include "clientloop.h" #include "sshconnect.h" #include "authfd.h" #include "atomicio.h" #include "sshpty.h" -#include "misc.h" #include "match.h" #include "msg.h" #include "roaming.h" @@ -871,13 +871,11 @@ static void process_cmdline(void) { void (*handler)(int); - char *s, *cmd, *cancel_host; - int delete = 0, local = 0, remote = 0, dynamic = 0; - int cancel_port, ok; - Forward fwd; + char *s, *cmd; + int ok, delete = 0, local = 0, remote = 0, dynamic = 0; + struct Forward fwd; memset(&fwd, 0, sizeof(fwd)); - fwd.listen_host = fwd.connect_host = NULL; leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); handler = signal(SIGINT, SIG_IGN); @@ -943,29 +941,20 @@ process_cmdline(void) /* XXX update list of forwards in options */ if (delete) { - cancel_port = 0; - cancel_host = hpdelim(&s); /* may be NULL */ - if (s != NULL) { - cancel_port = a2port(s); - cancel_host = cleanhostname(cancel_host); - } else { - cancel_port = a2port(cancel_host); - cancel_host = NULL; - } - if (cancel_port <= 0) { - logit("Bad forwarding close port"); + /* We pass 1 for dynamicfwd to restrict to 1 or 2 fields. */ + if (!parse_forward(&fwd, s, 1, 0)) { + logit("Bad forwarding close specification."); goto out; } if (remote) - ok = channel_request_rforward_cancel(cancel_host, - cancel_port) == 0; + ok = channel_request_rforward_cancel(&fwd) == 0; else if (dynamic) - ok = channel_cancel_lport_listener(cancel_host, - cancel_port, 0, options.gateway_ports) > 0; + ok = channel_cancel_lport_listener(&fwd, + 0, &options.fwd_opts) > 0; else - ok = channel_cancel_lport_listener(cancel_host, - cancel_port, CHANNEL_CANCEL_PORT_STATIC, - options.gateway_ports) > 0; + ok = channel_cancel_lport_listener(&fwd, + CHANNEL_CANCEL_PORT_STATIC, + &options.fwd_opts) > 0; if (!ok) { logit("Unkown port forwarding."); goto out; @@ -977,16 +966,13 @@ process_cmdline(void) goto out; } if (local || dynamic) { - if (!channel_setup_local_fwd_listener(fwd.listen_host, - fwd.listen_port, fwd.connect_host, - fwd.connect_port, options.gateway_ports)) { + if (!channel_setup_local_fwd_listener(&fwd, + &options.fwd_opts)) { logit("Port forwarding failed."); goto out; } } else { - if (channel_request_remote_forwarding(fwd.listen_host, - fwd.listen_port, fwd.connect_host, - fwd.connect_port) < 0) { + if (channel_request_remote_forwarding(&fwd) < 0) { logit("Port forwarding failed."); goto out; } @@ -999,7 +985,9 @@ out: enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); free(cmd); free(fwd.listen_host); + free(fwd.listen_path); free(fwd.connect_host); + free(fwd.connect_path); } /* reasons to suppress output of an escape command in help output */ @@ -1845,9 +1833,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) originator_port = packet_get_int(); packet_check_eom(); - debug("client_request_forwarded_tcpip: listen %s port %d, " - "originator %s port %d", listen_address, listen_port, - originator_address, originator_port); + debug("%s: listen %s port %d, originator %s port %d", __func__, + listen_address, listen_port, originator_address, originator_port); c = channel_connect_by_listen_address(listen_address, listen_port, "forwarded-tcpip", originator_address); @@ -1857,6 +1844,27 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) return c; } +static Channel * +client_request_forwarded_streamlocal(const char *request_type, int rchan) +{ + Channel *c = NULL; + char *listen_path; + + /* Get the remote path. */ + listen_path = packet_get_string(NULL); + /* XXX: Skip reserved field for now. */ + if (packet_get_string_ptr(NULL) == NULL) + fatal("%s: packet_get_string_ptr failed", __func__); + packet_check_eom(); + + debug("%s: %s", __func__, listen_path); + + c = channel_connect_by_listen_path(listen_path, + "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); + free(listen_path); + return c; +} + static Channel * client_request_x11(const char *request_type, int rchan) { @@ -1984,6 +1992,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) if (strcmp(ctype, "forwarded-tcpip") == 0) { c = client_request_forwarded_tcpip(ctype, rchan); + } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { + c = client_request_forwarded_streamlocal(ctype, rchan); } else if (strcmp(ctype, "x11") == 0) { c = client_request_x11(ctype, rchan); } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { -- cgit v1.2.3