# HG changeset patch # User Matt Johnston # Date 1221489630 0 # Node ID 738313e73b1cb216c565f433156cddd44aad9c64 # Parent 7ad49f34a122b0e09576ecea720dc40998680d8c - "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc. diff -r 7ad49f34a122 -r 738313e73b1c cli-main.c --- a/cli-main.c Mon Sep 15 14:04:55 2008 +0000 +++ b/cli-main.c Mon Sep 15 14:40:30 2008 +0000 @@ -32,6 +32,8 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param); static void cli_dropbear_log(int priority, const char* format, va_list param); +static void cli_proxy_cmd(int *sock_in, int *sock_out); + #if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI) #if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI) int cli_main(int argc, char ** argv) { @@ -58,9 +60,9 @@ dropbear_exit("signal() error"); } -#ifdef CLI_ENABLE_PROXYCMD - if (cli_runopts.proxycmd) { - +#ifdef ENABLE_CLI_PROXYCMD + if (cli_opts.proxycmd) { + cli_proxy_cmd(&sock_in, &sock_out); } else #endif { @@ -120,3 +122,27 @@ fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf); } + +static void exec_proxy_cmd(void *user_data_cmd) { + const char *cmd = user_data_cmd; + char *usershell; + + usershell = m_strdup(get_user_shell()); + run_shell_command(cmd, ses.maxfd, usershell); + dropbear_exit("Failed to run '%s'\n", cmd); +} + +static void cli_proxy_cmd(int *sock_in, int *sock_out) { + int ret; + int errfd; + pid_t pid; + + fill_passwd(cli_opts.own_user); + + ret = spawn_command(exec_proxy_cmd, cli_opts.proxycmd, + sock_out, sock_in, &errfd, &pid); + if (ret == DROPBEAR_FAILURE) { + dropbear_exit("Failed running proxy command"); + *sock_in = *sock_out = -1; + } +} diff -r 7ad49f34a122 -r 738313e73b1c cli-runopts.c --- a/cli-runopts.c Mon Sep 15 14:04:55 2008 +0000 +++ b/cli-runopts.c Mon Sep 15 14:40:30 2008 +0000 @@ -34,6 +34,7 @@ static void printhelp(); static void parsehostname(char* userhostarg); +static void fill_own_user(); #ifdef ENABLE_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename); #endif @@ -90,9 +91,6 @@ #ifdef ENABLE_CLI_REMOTETCPFWD int nextisremote = 0; #endif -#ifdef ENABLE_CLI_PROXYCMD - int nextisproxycmd = 0; -#endif char* dummy = NULL; /* Not used for anything real */ char* recv_window_arg = NULL; @@ -118,12 +116,17 @@ #ifdef ENABLE_CLI_REMOTETCPFWD cli_opts.remotefwds = NULL; #endif +#ifdef ENABLE_CLI_PROXYCMD + cli_opts.proxycmd = NULL; +#endif /* not yet opts.ipv4 = 1; opts.ipv6 = 1; */ opts.recv_window = DEFAULT_RECV_WINDOW; + fill_own_user(); + /* Iterate all the arguments */ for (i = 1; i < (unsigned int)argc; i++) { #ifdef ENABLE_CLI_PUBKEY_AUTH @@ -294,6 +297,14 @@ } } +#ifdef ENABLE_CLI_PROXYCMD + if (cli_opts.proxycmd != NULL) { + /* XXX something more useful */ + cli_opts.remotehost = cli_opts.proxycmd; + cli_opts.remoteport = ""; + } +#endif + if (cli_opts.remotehost == NULL) { printhelp(); exit(EXIT_FAILURE); @@ -318,18 +329,15 @@ dropbear_exit("command required for -f"); } - if (recv_window_arg) - { + if (recv_window_arg) { opts.recv_window = atol(recv_window_arg); - if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) - { + if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { dropbear_exit("Bad recv window '%s'", recv_window_arg); } } if (keepalive_arg) { opts.keepalive_secs = strtoul(keepalive_arg, NULL, 10); - if (opts.keepalive_secs == 0 && errno == EINVAL) - { + if (opts.keepalive_secs == 0 && errno == EINVAL) { dropbear_exit("Bad keepalive '%s'", keepalive_arg); } } @@ -365,9 +373,6 @@ /* Parses a [user@]hostname argument. userhostarg is the argv[i] corresponding * - note that it will be modified */ static void parsehostname(char* orighostarg) { - - uid_t uid; - struct passwd *pw = NULL; char *userhostarg = NULL; /* We probably don't want to be editing argvs */ @@ -385,14 +390,7 @@ } if (cli_opts.username == NULL) { - uid = getuid(); - - pw = getpwuid(uid); - if (pw == NULL || pw->pw_name == NULL) { - dropbear_exit("Unknown own user"); - } - - cli_opts.username = m_strdup(pw->pw_name); + cli_opts.username = m_strdup(cli_opts.own_user); } if (cli_opts.remotehost[0] == '\0') { @@ -400,6 +398,20 @@ } } +static void fill_own_user() { + uid_t uid; + struct passwd *pw = NULL; + + uid = getuid(); + + pw = getpwuid(uid); + if (pw == NULL || pw->pw_name == NULL) { + dropbear_exit("Unknown own user"); + } + + cli_opts.own_user = m_strdup(pw->pw_name); +} + #ifdef ENABLE_CLI_ANYTCPFWD /* Turn a "listenport:remoteaddr:remoteport" string into into a forwarding * set, and add it to the forwarding list */ diff -r 7ad49f34a122 -r 738313e73b1c common-session.c --- a/common-session.c Mon Sep 15 14:04:55 2008 +0000 +++ b/common-session.c Mon Sep 15 14:40:30 2008 +0000 @@ -423,3 +423,26 @@ return ses.authstate.pw_shell; } } +void fill_passwd(const char* username) { + struct passwd *pw = NULL; + if (ses.authstate.pw_name) + m_free(ses.authstate.pw_name); + if (ses.authstate.pw_dir) + m_free(ses.authstate.pw_dir); + if (ses.authstate.pw_shell) + m_free(ses.authstate.pw_shell); + if (ses.authstate.pw_passwd) + m_free(ses.authstate.pw_passwd); + + pw = getpwnam(username); + if (!pw) { + return; + } + ses.authstate.pw_uid = pw->pw_uid; + ses.authstate.pw_gid = pw->pw_gid; + ses.authstate.pw_name = m_strdup(pw->pw_name); + ses.authstate.pw_dir = m_strdup(pw->pw_dir); + ses.authstate.pw_shell = m_strdup(pw->pw_shell); + ses.authstate.pw_passwd = m_strdup(pw->pw_passwd); +} + diff -r 7ad49f34a122 -r 738313e73b1c debug.h --- a/debug.h Mon Sep 15 14:04:55 2008 +0000 +++ b/debug.h Mon Sep 15 14:40:30 2008 +0000 @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/*#define DEBUG_TRACE*/ +#define DEBUG_TRACE /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff -r 7ad49f34a122 -r 738313e73b1c options.h --- a/options.h Mon Sep 15 14:04:55 2008 +0000 +++ b/options.h Mon Sep 15 14:40:30 2008 +0000 @@ -62,7 +62,7 @@ /* Allow using -J to run the connection through a pipe to a program, rather the normal TCP connection */ -/*#define ENABLE_CLI_PROXYCMD*/ +#define ENABLE_CLI_PROXYCMD #define ENABLE_SVR_LOCALTCPFWD #define ENABLE_SVR_REMOTETCPFWD diff -r 7ad49f34a122 -r 738313e73b1c runopts.h --- a/runopts.h Mon Sep 15 14:04:55 2008 +0000 +++ b/runopts.h Mon Sep 15 14:40:30 2008 +0000 @@ -101,6 +101,7 @@ char *remotehost; char *remoteport; + char *own_user; char *username; char *cmd; diff -r 7ad49f34a122 -r 738313e73b1c session.h --- a/session.h Mon Sep 15 14:04:55 2008 +0000 +++ b/session.h Mon Sep 15 14:40:30 2008 +0000 @@ -48,6 +48,7 @@ void send_msg_ignore(); const char* get_user_shell(); +void fill_passwd(const char* username); /* Server */ void svr_session(int sock, int childpipe, char *remotehost, char *addrstring); diff -r 7ad49f34a122 -r 738313e73b1c svr-auth.c --- a/svr-auth.c Mon Sep 15 14:04:55 2008 +0000 +++ b/svr-auth.c Mon Sep 15 14:40:30 2008 +0000 @@ -203,29 +203,6 @@ m_free(methodname); } -static void fill_passwd(const char* username) { - struct passwd *pw = NULL; - if (ses.authstate.pw_name) - m_free(ses.authstate.pw_name); - if (ses.authstate.pw_dir) - m_free(ses.authstate.pw_dir); - if (ses.authstate.pw_shell) - m_free(ses.authstate.pw_shell); - if (ses.authstate.pw_passwd) - m_free(ses.authstate.pw_passwd); - - pw = getpwnam(username); - if (!pw) { - return; - } - ses.authstate.pw_uid = pw->pw_uid; - ses.authstate.pw_gid = pw->pw_gid; - ses.authstate.pw_name = m_strdup(pw->pw_name); - ses.authstate.pw_dir = m_strdup(pw->pw_dir); - ses.authstate.pw_shell = m_strdup(pw->pw_shell); - ses.authstate.pw_passwd = m_strdup(pw->pw_passwd); -} - /* Check that the username exists, has a non-empty password, and has a valid * shell.