# HG changeset patch # User Matt Johnston # Date 1142957801 0 # Node ID 6b41e2cbf071cc021f76dcf74f51dfe8dd73c108 # Parent 03f65e461915a940939e4cc689fc89721ffc40de A hack to make dbclient to tcp forwarding netcat style. eg ./dbclient -i testkey -L 1234:remotehost:remoteport tunnelhost will ssh to tunnelhost (using testkey, there's no way to ask for a password) and then tcpfwd to remotehost:remoteport on stdin/stdout. There's no way to give a cmdline password, so -i for a keyfile will have to do. Yet another reason for agent forwarding. The 1234 is a dummy var, I think it has to be a valid portnumber though. diff -r 03f65e461915 -r 6b41e2cbf071 cli-chansession.c --- a/cli-chansession.c Sat Mar 11 14:59:34 2006 +0000 +++ b/cli-chansession.c Tue Mar 21 16:16:41 2006 +0000 @@ -367,14 +367,55 @@ void cli_send_chansess_request() { + unsigned int port = 0; + unsigned char* addr = NULL; + unsigned char* ipstring = "127.0.0.1"; + unsigned char* portstring = "22"; + + /* hack hack */ + static const struct ChanType cli_chan_tcphack = { + 0, /* sepfds */ + "direct-tcpip", + NULL, + NULL, + NULL, + cli_closechansess + }; + TRACE(("enter cli_send_chansess_request")) - if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) + if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_tcphack) == DROPBEAR_FAILURE) { dropbear_exit("Couldn't open initial channel"); } - /* No special channel request data */ + if (cli_opts.localfwds == NULL) { + dropbear_exit("You need to give a \"-L ignored:host:port\" option with this hacked up dbclient."); + } + + addr = cli_opts.localfwds->connectaddr; + port = cli_opts.localfwds->connectport; + + buf_putstring(ses.writepayload, addr, strlen(addr)); + buf_putint(ses.writepayload, port); + + /* originator ip */ + buf_putstring(ses.writepayload, ipstring, strlen(ipstring)); + /* originator port */ + buf_putint(ses.writepayload, atol(portstring)); + encrypt_packet(); TRACE(("leave cli_send_chansess_request")) } + +#if 0 + while (cli_opts.localfwds != NULL) { + ret = cli_localtcp(cli_opts.localfwds->listenport, + cli_opts.localfwds->connectaddr, + cli_opts.localfwds->connectport); + if (ret == DROPBEAR_FAILURE) { + dropbear_log(LOG_WARNING, "Failed local port forward %d:%s:%d", + cli_opts.localfwds->listenport, + cli_opts.localfwds->connectaddr, + cli_opts.localfwds->connectport); +#endif diff -r 03f65e461915 -r 6b41e2cbf071 cli-session.c --- a/cli-session.c Sat Mar 11 14:59:34 2006 +0000 +++ b/cli-session.c Tue Mar 21 16:16:41 2006 +0000 @@ -213,10 +213,10 @@ case USERAUTH_SUCCESS_RCVD: #ifdef ENABLE_CLI_LOCALTCPFWD - setup_localtcp(); + //setup_localtcp(); #endif #ifdef ENABLE_CLI_REMOTETCPFWD - setup_remotetcp(); + //setup_remotetcp(); #endif cli_send_chansess_request(); TRACE(("leave cli_sessionloop: cli_send_chansess_request")) diff -r 03f65e461915 -r 6b41e2cbf071 debug.h --- a/debug.h Sat Mar 11 14:59:34 2006 +0000 +++ b/debug.h Tue Mar 21 16:16:41 2006 +0000 @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/*#define DEBUG_TRACE */ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're