Mercurial > dropbear
annotate cli-tcpfwd.c @ 1665:7c17995bcdfb
Improve address logging on early exit messages (#83)
Change 'Early exit' and 'Exit before auth' messages to include the IP
address & port as part of the message.
This allows log scanning utilities such as 'fail2ban' to obtain the
offending IP address as part of the failure event instead of extracting
the PID from the message and then scanning the log again for match
'child connection from' messages
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
| author | Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com> |
|---|---|
| date | Wed, 18 Mar 2020 15:28:56 +0000 |
| parents | 79eef94ccea9 |
| children | 9026f976eee8 |
| rev | line source |
|---|---|
|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
1 /* |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
2 * Dropbear SSH |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
3 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
5 * All rights reserved. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
6 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
13 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
16 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
23 * SOFTWARE. */ |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
24 |
| 62 | 25 #include "includes.h" |
| 64 | 26 #include "dbutil.h" |
| 27 #include "tcpfwd.h" | |
| 62 | 28 #include "channel.h" |
| 64 | 29 #include "runopts.h" |
| 30 #include "session.h" | |
| 31 #include "ssh.h" | |
|
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
32 #include "netio.h" |
| 62 | 33 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
34 #if DROPBEAR_CLI_REMOTETCPFWD |
| 64 | 35 static int newtcpforwarded(struct Channel * channel); |
| 36 | |
| 37 const struct ChanType cli_chan_tcpremote = { | |
| 38 1, /* sepfds */ | |
| 39 "forwarded-tcpip", | |
| 40 newtcpforwarded, | |
| 41 NULL, | |
| 42 NULL, | |
|
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
43 NULL, |
| 64 | 44 NULL |
| 45 }; | |
|
156
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
46 #endif |
|
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
47 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
48 #if DROPBEAR_CLI_LOCALTCPFWD |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
49 static int cli_localtcp(const char* listenaddr, |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
50 unsigned int listenport, |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
51 const char* remoteaddr, |
|
156
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
52 unsigned int remoteport); |
| 62 | 53 static const struct ChanType cli_chan_tcplocal = { |
| 54 1, /* sepfds */ | |
| 55 "direct-tcpip", | |
|
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
899
diff
changeset
|
56 tcp_prio_inithandler, |
| 62 | 57 NULL, |
| 64 | 58 NULL, |
|
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
59 NULL, |
| 62 | 60 NULL |
| 61 }; | |
|
156
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
62 #endif |
| 62 | 63 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
64 #if DROPBEAR_CLI_ANYTCPFWD |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
65 static void fwd_failed(const char* format, ...) ATTRIB_PRINTF(1,2); |
|
1275
d49bda490798
add static in function definition
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
66 static void fwd_failed(const char* format, ...) |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
67 { |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
68 va_list param; |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
69 va_start(param, format); |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
70 |
| 1215 | 71 if (cli_opts.exit_on_fwd_failure) { |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
72 _dropbear_exit(EXIT_FAILURE, format, param); |
| 1215 | 73 } else { |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
74 _dropbear_log(LOG_WARNING, format, param); |
| 1215 | 75 } |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
76 |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
77 va_end(param); |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
78 } |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
79 #endif |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
80 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
81 #if DROPBEAR_CLI_LOCALTCPFWD |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
82 void setup_localtcp() { |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
83 m_list_elem *iter; |
| 64 | 84 int ret; |
| 85 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
86 TRACE(("enter setup_localtcp")) |
|
66
38c3146aa23d
Some more sanity-checking of args, and just warn and ignore OpenSSH args
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
87 |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
88 for (iter = cli_opts.localfwds->first; iter; iter = iter->next) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
89 struct TCPFwdEntry * fwd = (struct TCPFwdEntry*)iter->item; |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
90 ret = cli_localtcp( |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
91 fwd->listenaddr, |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
92 fwd->listenport, |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
93 fwd->connectaddr, |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
94 fwd->connectport); |
| 64 | 95 if (ret == DROPBEAR_FAILURE) { |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
96 fwd_failed("Failed local port forward %s:%d:%s:%d", |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
97 fwd->listenaddr, |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
98 fwd->listenport, |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
99 fwd->connectaddr, |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
100 fwd->connectport); |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
101 } |
| 64 | 102 } |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
103 TRACE(("leave setup_localtcp")) |
| 62 | 104 |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
105 } |
| 62 | 106 |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
107 static int cli_localtcp(const char* listenaddr, |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
108 unsigned int listenport, |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
109 const char* remoteaddr, |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
110 unsigned int remoteport) { |
| 62 | 111 |
| 112 struct TCPListener* tcpinfo = NULL; | |
| 64 | 113 int ret; |
| 114 | |
| 115 TRACE(("enter cli_localtcp: %d %s %d", listenport, remoteaddr, | |
| 116 remoteport)); | |
| 62 | 117 |
|
184
ca55377e4f7e
- allocate correct buffer size for channel info, rather than sizeof(pointer).
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
118 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
119 |
|
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
120 tcpinfo->sendaddr = m_strdup(remoteaddr); |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
121 tcpinfo->sendport = remoteport; |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
122 |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
123 if (listenaddr) |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
124 { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
125 tcpinfo->listenaddr = m_strdup(listenaddr); |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
126 } |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
127 else |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
128 { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
129 if (opts.listen_fwd_all) { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
130 tcpinfo->listenaddr = m_strdup(""); |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
131 } else { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
132 tcpinfo->listenaddr = m_strdup("localhost"); |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
133 } |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
134 } |
|
63
dcc43965928f
- A nice cleaner structure for tcp (acceptor) forwarding.
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
135 tcpinfo->listenport = listenport; |
|
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
136 |
| 62 | 137 tcpinfo->chantype = &cli_chan_tcplocal; |
|
259
c049490e43fe
* fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
138 tcpinfo->tcp_type = direct; |
| 62 | 139 |
|
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1515
diff
changeset
|
140 ret = listen_tcpfwd(tcpinfo, NULL); |
| 62 | 141 |
| 142 if (ret == DROPBEAR_FAILURE) { | |
| 143 m_free(tcpinfo); | |
| 144 } | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
145 TRACE(("leave cli_localtcp: %d", ret)) |
| 62 | 146 return ret; |
| 147 } | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
148 #endif /* DROPBEAR_CLI_LOCALTCPFWD */ |
| 64 | 149 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
150 #if DROPBEAR_CLI_REMOTETCPFWD |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
151 static void send_msg_global_request_remotetcp(const char *addr, int port) { |
| 64 | 152 |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
153 TRACE(("enter send_msg_global_request_remotetcp")) |
| 64 | 154 |
| 155 CHECKCLEARTOWRITE(); | |
| 156 buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); | |
|
1123
d7b752525b91
buf_getstring and buf_putstring now use non-unsigned char*
Matt Johnston <matt@ucc.asn.au>
parents:
1094
diff
changeset
|
157 buf_putstring(ses.writepayload, "tcpip-forward", 13); |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
158 buf_putbyte(ses.writepayload, 1); /* want_reply */ |
|
1123
d7b752525b91
buf_getstring and buf_putstring now use non-unsigned char*
Matt Johnston <matt@ucc.asn.au>
parents:
1094
diff
changeset
|
159 buf_putstring(ses.writepayload, addr, strlen(addr)); |
| 64 | 160 buf_putint(ses.writepayload, port); |
| 161 | |
| 162 encrypt_packet(); | |
| 163 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
164 TRACE(("leave send_msg_global_request_remotetcp")) |
| 64 | 165 } |
| 166 | |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
167 /* The only global success/failure messages are for remotetcp. |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
168 * Since there isn't any identifier in these messages, we have to rely on them |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
169 * being in the same order as we sent the requests. This is the ordering |
|
631
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
170 * of the cli_opts.remotefwds list. |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
171 * If the requested remote port is 0 the listen port will be |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
172 * dynamically allocated by the server and the port number will be returned |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
173 * to client and the port number reported to the user. */ |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
174 void cli_recv_msg_request_success() { |
|
631
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
175 /* We just mark off that we have received the reply, |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
176 * so that we can report failure for later ones. */ |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
177 m_list_elem * iter = NULL; |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
178 for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
179 struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item; |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
180 if (!fwd->have_reply) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
181 fwd->have_reply = 1; |
|
631
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
182 if (fwd->listenport == 0) { |
|
899
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
183 /* The server should let us know which port was allocated if we requested port 0 */ |
|
631
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
184 int allocport = buf_getint(ses.payload); |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
185 if (allocport > 0) { |
|
899
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
186 fwd->listenport = allocport; |
|
631
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
187 dropbear_log(LOG_INFO, "Allocated port %d for remote forward to %s:%d", |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
188 allocport, fwd->connectaddr, fwd->connectport); |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
189 } |
|
af304deacb4c
Print the server allocated port when using dbclient -R 0:....
Matt Johnston <matt@ucc.asn.au>
parents:
591
diff
changeset
|
190 } |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
191 return; |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
192 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
193 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
194 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
195 |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
196 void cli_recv_msg_request_failure() { |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
197 m_list_elem *iter; |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
198 for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
199 struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item; |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
200 if (!fwd->have_reply) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
201 fwd->have_reply = 1; |
|
1206
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
202 fwd_failed("Remote TCP forward request failed (port %d -> %s:%d)", |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
203 fwd->listenport, |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
204 fwd->connectaddr, |
|
2907c658fa76
Implemented ExitOnForwardFailure option for local and remote forwarding.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1123
diff
changeset
|
205 fwd->connectport); |
|
505
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
206 return; |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
207 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
208 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
209 } |
|
805e557fdff7
Report errors if a remote request fails
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
210 |
| 64 | 211 void setup_remotetcp() { |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
212 m_list_elem *iter; |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
213 TRACE(("enter setup_remotetcp")) |
|
66
38c3146aa23d
Some more sanity-checking of args, and just warn and ignore OpenSSH args
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
214 |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
215 for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
216 struct TCPFwdEntry *fwd = (struct TCPFwdEntry*)iter->item; |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
217 if (!fwd->listenaddr) |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
218 { |
| 857 | 219 /* we store the addresses so that we can compare them |
| 220 when the server sends them back */ | |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
221 if (opts.listen_fwd_all) { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
222 fwd->listenaddr = m_strdup(""); |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
223 } else { |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
224 fwd->listenaddr = m_strdup("localhost"); |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
225 } |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
226 } |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
227 send_msg_global_request_remotetcp(fwd->listenaddr, fwd->listenport); |
| 64 | 228 } |
| 229 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
230 TRACE(("leave setup_remotetcp")) |
| 64 | 231 } |
| 232 | |
| 233 static int newtcpforwarded(struct Channel * channel) { | |
| 234 | |
| 1250 | 235 char *origaddr = NULL; |
| 64 | 236 unsigned int origport; |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
237 m_list_elem * iter = NULL; |
|
1327
e47e4b8a005d
initialize variable and protect against NULL dereferencement
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
238 struct TCPFwdEntry *fwd = NULL; |
| 64 | 239 char portstring[NI_MAXSERV]; |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
66
diff
changeset
|
240 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
| 64 | 241 |
|
1123
d7b752525b91
buf_getstring and buf_putstring now use non-unsigned char*
Matt Johnston <matt@ucc.asn.au>
parents:
1094
diff
changeset
|
242 origaddr = buf_getstring(ses.payload, NULL); |
| 64 | 243 origport = buf_getint(ses.payload); |
| 244 | |
|
899
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
245 /* Find which port corresponds. First try and match address as well as port, |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
246 in case they want to forward different ports separately ... */ |
|
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
247 for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) { |
|
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
505
diff
changeset
|
248 fwd = (struct TCPFwdEntry*)iter->item; |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
249 if (origport == fwd->listenport |
|
899
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
250 && strcmp(origaddr, fwd->listenaddr) == 0) { |
| 64 | 251 break; |
| 252 } | |
| 253 } | |
| 254 | |
|
899
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
255 if (!iter) |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
256 { |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
257 /* ... otherwise try to generically match the only forwarded port |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
258 without address (also handles ::1 vs 127.0.0.1 vs localhost case). |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
259 rfc4254 is vague about the definition of "address that was connected" */ |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
260 for (iter = cli_opts.remotefwds->first; iter; iter = iter->next) { |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
261 fwd = (struct TCPFwdEntry*)iter->item; |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
262 if (origport == fwd->listenport) { |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
263 break; |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
264 } |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
265 } |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
266 } |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
267 |
|
115f8a3c2d5a
- Fix dbclient with port 0 for server-allocated
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
268 |
|
1327
e47e4b8a005d
initialize variable and protect against NULL dereferencement
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
269 if (iter == NULL || fwd == NULL) { |
| 64 | 270 /* We didn't request forwarding on that port */ |
| 1250 | 271 cleantext(origaddr); |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
272 dropbear_log(LOG_INFO, "Server sent unrequested forward from \"%s:%d\"", |
|
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
273 origaddr, origport); |
| 64 | 274 goto out; |
| 275 } | |
| 276 | |
|
1237
888e3d17e962
Fix print format specifier
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1215
diff
changeset
|
277 snprintf(portstring, sizeof(portstring), "%u", fwd->connectport); |
|
1466
f787f60f8e45
bind to port as well with -b
Matt Johnston <matt@ucc.asn.au>
parents:
1465
diff
changeset
|
278 channel->conn_pending = connect_remote(fwd->connectaddr, portstring, channel_connect_done, channel, NULL, NULL); |
|
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
899
diff
changeset
|
279 |
|
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
899
diff
changeset
|
280 channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE; |
| 64 | 281 |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
66
diff
changeset
|
282 err = SSH_OPEN_IN_PROGRESS; |
| 64 | 283 |
| 284 out: | |
|
578
44f486b72427
- tcpfwd bindaddr support against trunk. needs merging.
Matt Johnston <matt@ucc.asn.au>
parents:
551
diff
changeset
|
285 m_free(origaddr); |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
286 TRACE(("leave newtcpdirect: err %d", err)) |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
66
diff
changeset
|
287 return err; |
| 64 | 288 } |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1275
diff
changeset
|
289 #endif /* DROPBEAR_CLI_REMOTETCPFWD */ |