1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Dynamic port forwarding by means of a local SOCKS server. Fully

supports SOCKS 4, SOCKS 4A and SOCKS 5 (well, actually IPv6 in SOCKS
5 isn't supported, but it'll be no difficulty once I actually get
round to it). Thanks to Chas Honton for his `stone soup' patch: I
didn't end up actually using any of his code, but it galvanised me
into doing it properly myself :-)

[originally from svn r3055]
This commit is contained in:
Simon Tatham 2003-04-05 11:45:21 +00:00
parent 3bd0415579
commit 8a3ff2bf3e
8 changed files with 398 additions and 106 deletions

View File

@ -166,44 +166,47 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
strncpy(cfg->username, value, sizeof(cfg->username)); strncpy(cfg->username, value, sizeof(cfg->username));
cfg->username[sizeof(cfg->username) - 1] = '\0'; cfg->username[sizeof(cfg->username) - 1] = '\0';
} }
if ((!strcmp(p, "-L") || !strcmp(p, "-R"))) { if ((!strcmp(p, "-L") || !strcmp(p, "-R") || !strcmp(p, "-D"))) {
char *fwd, *ptr, *q, *qq; char *fwd, *ptr, *q, *qq;
int i=0; int dynamic, i=0;
RETURN(2); RETURN(2);
UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK); UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
SAVEABLE(0); SAVEABLE(0);
dynamic = !strcmp(p, "-D");
fwd = value; fwd = value;
ptr = cfg->portfwd; ptr = cfg->portfwd;
/* if multiple forwards, find end of list */ /* if multiple forwards, find end of list */
if (ptr[0]=='R' || ptr[0]=='L') { if (ptr[0]=='R' || ptr[0]=='L' || ptr[0] == 'D') {
for (i = 0; i < sizeof(cfg->portfwd) - 2; i++) for (i = 0; i < sizeof(cfg->portfwd) - 2; i++)
if (ptr[i]=='\000' && ptr[i+1]=='\000') if (ptr[i]=='\000' && ptr[i+1]=='\000')
break; break;
ptr = ptr + i + 1; /* point to next forward slot */ ptr = ptr + i + 1; /* point to next forward slot */
} }
ptr[0] = p[1]; /* insert a 'L' or 'R' at the start */ ptr[0] = p[1]; /* insert a 'L', 'R' or 'D' at the start */
if (strlen(fwd) > sizeof(cfg->portfwd) - i - 2) { if (strlen(fwd) > sizeof(cfg->portfwd) - i - 2) {
cmdline_error("out of space for port forwardings"); cmdline_error("out of space for port forwardings");
return ret; return ret;
} }
strncpy(ptr+1, fwd, sizeof(cfg->portfwd) - i); strncpy(ptr+1, fwd, sizeof(cfg->portfwd) - i);
/* if (!dynamic) {
* We expect _at least_ two colons in this string. The /*
* possible formats are `sourceport:desthost:destport', or * We expect _at least_ two colons in this string. The
* `sourceip:sourceport:desthost:destport' if you're * possible formats are `sourceport:desthost:destport',
* specifying a particular loopback address. We need to * or `sourceip:sourceport:desthost:destport' if you're
* replace the one between source and dest with a \t; this * specifying a particular loopback address. We need to
* means we must find the second-to-last colon in the * replace the one between source and dest with a \t;
* string. * this means we must find the second-to-last colon in
*/ * the string.
q = qq = strchr(ptr, ':'); */
while (qq) { q = qq = strchr(ptr, ':');
char *qqq = strchr(qq+1, ':'); while (qq) {
if (qqq) char *qqq = strchr(qq+1, ':');
q = qq; if (qqq)
qq = qqq; q = qq;
qq = qqq;
}
if (q) *q = '\t'; /* replace second-last colon with \t */
} }
if (q) *q = '\t'; /* replace second-last colon with \t */
cfg->portfwd[sizeof(cfg->portfwd) - 1] = '\0'; cfg->portfwd[sizeof(cfg->portfwd) - 1] = '\0';
cfg->portfwd[sizeof(cfg->portfwd) - 2] = '\0'; cfg->portfwd[sizeof(cfg->portfwd) - 2] = '\0';
ptr[strlen(ptr)+1] = '\000'; /* append two '\000' */ ptr[strlen(ptr)+1] = '\000'; /* append two '\000' */

View File

@ -634,24 +634,31 @@ static void portfwd_handler(union control *ctrl, void *dlg,
if (ctrl == pfd->addbutton) { if (ctrl == pfd->addbutton) {
char str[sizeof(cfg->portfwd)]; char str[sizeof(cfg->portfwd)];
char *p; char *p;
if (dlg_radiobutton_get(pfd->direction, dlg) == 0) int whichbutton = dlg_radiobutton_get(pfd->direction, dlg);
if (whichbutton == 0)
str[0] = 'L'; str[0] = 'L';
else else if (whichbutton == 1)
str[0] = 'R'; str[0] = 'R';
else
str[0] = 'D';
dlg_editbox_get(pfd->sourcebox, dlg, str+1, sizeof(str) - 2); dlg_editbox_get(pfd->sourcebox, dlg, str+1, sizeof(str) - 2);
if (!str[1]) { if (!str[1]) {
dlg_error_msg(dlg, "You need to specify a source port number"); dlg_error_msg(dlg, "You need to specify a source port number");
return; return;
} }
p = str + strlen(str); p = str + strlen(str);
*p++ = '\t'; if (str[0] != 'D') {
dlg_editbox_get(pfd->destbox, dlg, p, sizeof(str)-1 - (p - str)); *p++ = '\t';
if (!*p || !strchr(p, ':')) { dlg_editbox_get(pfd->destbox, dlg, p,
dlg_error_msg(dlg, sizeof(str)-1 - (p - str));
"You need to specify a destination address\n" if (!*p || !strchr(p, ':')) {
"in the form \"host.name:port\""); dlg_error_msg(dlg,
return; "You need to specify a destination address\n"
} "in the form \"host.name:port\"");
return;
}
} else
*p = '\0';
p = cfg->portfwd; p = cfg->portfwd;
while (*p) { while (*p) {
while (*p) while (*p)
@ -1550,11 +1557,13 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
pfd->destbox = ctrl_editbox(s, "Destination", 'i', 67, pfd->destbox = ctrl_editbox(s, "Destination", 'i', 67,
HELPCTX(ssh_tunnels_portfwd), HELPCTX(ssh_tunnels_portfwd),
portfwd_handler, P(pfd), P(NULL)); portfwd_handler, P(pfd), P(NULL));
pfd->direction = ctrl_radiobuttons(s, NULL, NO_SHORTCUT, 2, pfd->direction = ctrl_radiobuttons(s, NULL, NO_SHORTCUT, 3,
HELPCTX(ssh_tunnels_portfwd), HELPCTX(ssh_tunnels_portfwd),
portfwd_handler, P(pfd), portfwd_handler, P(pfd),
"Local", 'l', P(NULL), "Local", 'l', P(NULL),
"Remote", 'm', P(NULL), NULL); "Remote", 'm', P(NULL),
"Dynamic", 'y', P(NULL),
NULL);
ctrl_tabdelay(s, pfd->addbutton); ctrl_tabdelay(s, pfd->addbutton);
ctrl_columns(s, 1, 100); ctrl_columns(s, 1, 100);

View File

@ -207,6 +207,7 @@ static void usage(void)
printf(" -batch disable all interactive prompts\n"); printf(" -batch disable all interactive prompts\n");
printf("The following options only apply to SSH connections:\n"); printf("The following options only apply to SSH connections:\n");
printf(" -pw passw login with specified password\n"); printf(" -pw passw login with specified password\n");
printf(" -D listen-port Dynamic SOCKS-based port forwarding\n");
printf(" -L listen-port:host:port Forward local port to " printf(" -L listen-port:host:port Forward local port to "
"remote address\n"); "remote address\n");
printf(" -R listen-port:host:port Forward remote port to" printf(" -R listen-port:host:port Forward remote port to"

294
portfwd.c
View File

@ -51,11 +51,6 @@
(cp)[0] = (value) >> 8, \ (cp)[0] = (value) >> 8, \
(cp)[1] = (value) ) (cp)[1] = (value) )
struct pfwd_queue {
struct pfwd_queue *next;
char *buf;
};
struct PFwdPrivate { struct PFwdPrivate {
const struct plug_function_table *fn; const struct plug_function_table *fn;
/* the above variable absolutely *must* be the first in this structure */ /* the above variable absolutely *must* be the first in this structure */
@ -63,14 +58,34 @@ struct PFwdPrivate {
void *backhandle; /* instance of SSH backend itself */ void *backhandle; /* instance of SSH backend itself */
/* Note that backhandle need not be filled in if c is non-NULL */ /* Note that backhandle need not be filled in if c is non-NULL */
Socket s; Socket s;
char hostname[128];
int throttled, throttle_override; int throttled, throttle_override;
int port;
int ready; int ready;
struct pfwd_queue *waiting; /*
* `dynamic' does double duty. It's set to 0 for an ordinary
* forwarded port, and nonzero for SOCKS-style dynamic port
* forwarding; but it also represents the state of the SOCKS
* exchange.
*/
int dynamic;
/*
* `hostname' and `port' are the real hostname and port, once
* we know what we're connecting to; they're unused for this
* purpose while conducting a local SOCKS exchange, which means
* we can also use them as a buffer and pointer for reading
* data from the SOCKS client.
*/
char hostname[256];
int port;
/*
* When doing dynamic port forwarding, we can receive
* connection data before we are actually able to send it; so
* we may have to temporarily hold some in a dynamically
* allocated buffer here.
*/
void *buffer;
int buflen;
}; };
static int pfd_closing(Plug plug, char *error_msg, int error_code, static int pfd_closing(Plug plug, char *error_msg, int error_code,
int calling_back) int calling_back)
{ {
@ -81,7 +96,8 @@ static int pfd_closing(Plug plug, char *error_msg, int error_code,
* so if an error occurred on the socket, we just ignore it * so if an error occurred on the socket, we just ignore it
* and treat it like a proper close. * and treat it like a proper close.
*/ */
sshfwd_close(pr->c); if (pr->c)
sshfwd_close(pr->c);
pfd_close(pr->s); pfd_close(pr->s);
return 1; return 1;
} }
@ -89,6 +105,212 @@ static int pfd_closing(Plug plug, char *error_msg, int error_code,
static int pfd_receive(Plug plug, int urgent, char *data, int len) static int pfd_receive(Plug plug, int urgent, char *data, int len)
{ {
struct PFwdPrivate *pr = (struct PFwdPrivate *) plug; struct PFwdPrivate *pr = (struct PFwdPrivate *) plug;
if (pr->dynamic) {
while (len--) {
if (pr->port >= lenof(pr->hostname)) {
if ((pr->dynamic >> 12) == 4) {
/* Send back a SOCKS 4 error before closing. */
char data[8];
memset(data, 0, sizeof(data));
data[1] = 91; /* generic `request rejected' */
sk_write(pr->s, data, 8);
}
pfd_close(pr->s);
return 1;
}
pr->hostname[pr->port++] = *data++;
/*
* Now check what's in the buffer to see if it's a
* valid and complete message in the SOCKS exchange.
*/
if ((pr->dynamic == 1 || (pr->dynamic >> 12) == 4) &&
pr->hostname[0] == 4) {
/*
* SOCKS 4.
*/
if (pr->dynamic == 1)
pr->dynamic = 0x4000;
if (pr->port < 2) continue;/* don't have command code yet */
if (pr->hostname[1] != 1) {
/* Send back a SOCKS 4 error before closing. */
char data[8];
memset(data, 0, sizeof(data));
data[1] = 91; /* generic `request rejected' */
sk_write(pr->s, data, 8);
pfd_close(pr->s);
return 1;
}
if (pr->port < 8) continue; /* haven't started username */
if (pr->hostname[pr->port-1] != 0)
continue; /* haven't _finished_ username */
/*
* Now we have a full SOCKS 4 request. Check it to
* see if it's a SOCKS 4A request.
*/
if (pr->hostname[4] == 0 && pr->hostname[5] == 0 &&
pr->hostname[6] == 0 && pr->hostname[7] != 0) {
/*
* It's SOCKS 4A. So if we haven't yet
* collected the host name, we should continue
* waiting for data in order to do so; if we
* have, we can go ahead.
*/
int len;
if (pr->dynamic == 0x4000) {
pr->dynamic = 0x4001;
continue;
}
pr->hostname[0] = 0; /* reply version code */
pr->hostname[1] = 90; /* request granted */
sk_write(pr->s, pr->hostname, 8);
pr->port = GET_16BIT_MSB_FIRST(pr->hostname+2);
len = strlen(pr->hostname+8);
memmove(pr->hostname, pr->hostname + 8 + len + 1,
lenof(pr->hostname) - (8 + len + 1));
goto connect;
} else {
/*
* It's SOCKS 4, which means we should format
* the IP address into the hostname string and
* then just go.
*/
pr->hostname[0] = 0; /* reply version code */
pr->hostname[1] = 90; /* request granted */
sk_write(pr->s, pr->hostname, 8);
pr->port = GET_16BIT_MSB_FIRST(pr->hostname+2);
sprintf(pr->hostname, "%d.%d.%d.%d",
(unsigned char)pr->hostname[4],
(unsigned char)pr->hostname[5],
(unsigned char)pr->hostname[6],
(unsigned char)pr->hostname[7]);
goto connect;
}
}
if ((pr->dynamic == 1 || (pr->dynamic >> 12) == 5) &&
pr->hostname[0] == 5) {
/*
* SOCKS 5.
*/
if (pr->dynamic == 1)
pr->dynamic = 0x5000;
if (pr->dynamic == 0x5000) {
int i, method;
char data[2];
/*
* We're receiving a set of method identifiers.
*/
if (pr->port < 2) continue;/* no method count yet */
if (pr->port < 2 + (unsigned char)pr->hostname[1])
continue; /* no methods yet */
method = 0xFF; /* invalid */
for (i = 0; i < (unsigned char)pr->hostname[1]; i++)
if (pr->hostname[2+i] == 0) {
method = 0;/* no auth */
break;
}
data[0] = 5;
data[1] = method;
sk_write(pr->s, data, 2);
pr->dynamic = 0x5001;
pr->port = 0; /* re-empty the buffer */
continue;
}
if (pr->dynamic == 0x5001) {
int atype, alen;
if (pr->port < 6) continue;
atype = (unsigned char)pr->hostname[3];
if (atype == 1) /* IPv4 address */
alen = 4;
if (atype == 4) /* IPv6 address */
alen = 16;
if (atype == 3) /* domain name has leading length */
alen = 1 + (unsigned char)pr->hostname[4];
if (pr->port < 6 + alen) continue;
if (pr->hostname[1] != 1 || pr->hostname[2] != 0) {
pr->hostname[1] = 1; /* generic failure */
pr->hostname[2] = 0; /* reserved */
sk_write(pr->s, pr->hostname, pr->port);
pfd_close(pr->s);
return 1;
}
/*
* Now we have a viable connect request. Switch
* on atype.
*/
pr->port = GET_16BIT_MSB_FIRST(pr->hostname+4+alen);
if (atype == 1) {
pr->hostname[1] = 0; /* succeeded */
sk_write(pr->s, pr->hostname, alen + 6);
sprintf(pr->hostname, "%d.%d.%d.%d",
(unsigned char)pr->hostname[4],
(unsigned char)pr->hostname[5],
(unsigned char)pr->hostname[6],
(unsigned char)pr->hostname[7]);
goto connect;
} else if (atype == 3) {
pr->hostname[1] = 0; /* succeeded */
sk_write(pr->s, pr->hostname, alen + 6);
memmove(pr->hostname, pr->hostname + 5, alen-1);
pr->hostname[alen-1] = '\0';
goto connect;
} else {
/*
* Unknown address type. (FIXME: support IPv6!)
*/
pr->hostname[1] = 8; /* atype not supported */
sk_write(pr->s, pr->hostname, pr->port);
pfd_close(pr->s);
return 1;
}
}
}
/*
* If we get here without either having done `continue'
* or `goto connect', it must be because there is no
* sensible interpretation of what's in our buffer. So
* close the connection rudely.
*/
pfd_close(pr->s);
return 1;
}
return 1;
/*
* We come here when we're ready to make an actual
* connection.
*/
connect:
pr->c = new_sock_channel(pr->backhandle, pr->s);
if (pr->c == NULL) {
pfd_close(pr->s);
return 1;
} else {
/* asks to forward to the specified host/port for this */
ssh_send_port_open(pr->c, pr->hostname, pr->port, "forwarding");
}
pr->dynamic = 0;
/*
* Now freeze the socket until the SSH server confirms the
* connection.
*/
sk_set_frozen(pr->s, 1);
/*
* If there's any data remaining in our current buffer,
* save it to be sent on pfd_confirm().
*/
if (len > 0) {
pr->buffer = snewn(len, char);
memcpy(pr->buffer, data, len);
pr->buflen = len;
}
}
if (pr->ready) { if (pr->ready) {
if (sshfwd_write(pr->c, data, len) > 0) { if (sshfwd_write(pr->c, data, len) > 0) {
pr->throttled = 1; pr->throttled = 1;
@ -102,7 +324,8 @@ static void pfd_sent(Plug plug, int bufsize)
{ {
struct PFwdPrivate *pr = (struct PFwdPrivate *) plug; struct PFwdPrivate *pr = (struct PFwdPrivate *) plug;
sshfwd_unthrottle(pr->c, bufsize); if (pr->c)
sshfwd_unthrottle(pr->c, bufsize);
} }
/* /*
@ -133,6 +356,7 @@ char *pfd_newconnect(Socket *s, char *hostname, int port, void *c,
* Open socket. * Open socket.
*/ */
pr = snew(struct PFwdPrivate); pr = snew(struct PFwdPrivate);
pr->buffer = NULL;
pr->fn = &fn_table; pr->fn = &fn_table;
pr->throttled = pr->throttle_override = 0; pr->throttled = pr->throttle_override = 0;
pr->ready = 1; pr->ready = 1;
@ -169,6 +393,7 @@ static int pfd_accepting(Plug p, void *sock)
org = (struct PFwdPrivate *)p; org = (struct PFwdPrivate *)p;
pr = snew(struct PFwdPrivate); pr = snew(struct PFwdPrivate);
pr->buffer = NULL;
pr->fn = &fn_table; pr->fn = &fn_table;
pr->c = NULL; pr->c = NULL;
@ -180,22 +405,27 @@ static int pfd_accepting(Plug p, void *sock)
return err != NULL; return err != NULL;
} }
pr->c = new_sock_channel(org->backhandle, s);
strcpy(pr->hostname, org->hostname);
pr->port = org->port;
pr->throttled = pr->throttle_override = 0;
pr->ready = 0;
pr->waiting = NULL;
sk_set_private_ptr(s, pr); sk_set_private_ptr(s, pr);
if (pr->c == NULL) { pr->throttled = pr->throttle_override = 0;
sfree(pr); pr->ready = 0;
return 1;
if (org->dynamic) {
pr->dynamic = 1;
pr->port = 0; /* hostname buffer is so far empty */
sk_set_frozen(s, 0); /* we want to receive SOCKS _now_! */
} else { } else {
/* asks to forward to the specified host/port for this */ strcpy(pr->hostname, org->hostname);
ssh_send_port_open(pr->c, pr->hostname, pr->port, "forwarding"); pr->port = org->port;
pr->c = new_sock_channel(org->backhandle, s);
if (pr->c == NULL) {
sfree(pr);
return 1;
} else {
/* asks to forward to the specified host/port for this */
ssh_send_port_open(pr->c, pr->hostname, pr->port, "forwarding");
}
} }
return 0; return 0;
@ -223,13 +453,17 @@ char *pfd_addforward(char *desthost, int destport, char *srcaddr, int port,
* Open socket. * Open socket.
*/ */
pr = snew(struct PFwdPrivate); pr = snew(struct PFwdPrivate);
pr->buffer = NULL;
pr->fn = &fn_table; pr->fn = &fn_table;
pr->c = NULL; pr->c = NULL;
strcpy(pr->hostname, desthost); if (desthost) {
pr->port = destport; strcpy(pr->hostname, desthost);
pr->port = destport;
pr->dynamic = 0;
} else
pr->dynamic = 1;
pr->throttled = pr->throttle_override = 0; pr->throttled = pr->throttle_override = 0;
pr->ready = 0; pr->ready = 0;
pr->waiting = NULL;
pr->backhandle = backhandle; pr->backhandle = backhandle;
pr->s = s = new_listener(srcaddr, port, (Plug) pr, pr->s = s = new_listener(srcaddr, port, (Plug) pr,
@ -253,6 +487,7 @@ void pfd_close(Socket s)
pr = (struct PFwdPrivate *) sk_get_private_ptr(s); pr = (struct PFwdPrivate *) sk_get_private_ptr(s);
sfree(pr->buffer);
sfree(pr); sfree(pr);
sk_close(s); sk_close(s);
@ -302,4 +537,9 @@ void pfd_confirm(Socket s)
pr->ready = 1; pr->ready = 1;
sk_set_frozen(s, 0); sk_set_frozen(s, 0);
sk_write(s, NULL, 0); sk_write(s, NULL, 0);
if (pr->buffer) {
sshfwd_write(pr->c, pr->buffer, pr->buflen);
sfree(pr->buffer);
pr->buffer = NULL;
}
} }

13
putty.h
View File

@ -442,7 +442,18 @@ struct config_tag {
/* port forwarding */ /* port forwarding */
int lport_acceptall; /* accept conns from hosts other than localhost */ int lport_acceptall; /* accept conns from hosts other than localhost */
int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */ int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */
char portfwd[1024]; /* [LR]localport\thost:port\000[LR]localport\thost:port\000\000 */ /*
* The port forwarding string contains a number of
* NUL-terminated substrings, terminated in turn by an empty
* string (i.e. a second NUL immediately after the previous
* one). Each string can be of one of the following forms:
*
* [LR]localport\thost:port
* [LR]localaddr:localport\thost:port
* Dlocalport
* Dlocaladdr:localport
*/
char portfwd[1024];
/* SSH bug compatibility modes */ /* SSH bug compatibility modes */
int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1, int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1,
sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2, sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2,

118
ssh.c
View File

@ -3149,30 +3149,34 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
if (n < 255) sports[n++] = *ssh->portfwd_strptr++; if (n < 255) sports[n++] = *ssh->portfwd_strptr++;
} }
sports[n] = 0; sports[n] = 0;
if (*ssh->portfwd_strptr == '\t') if (type != 'D') {
ssh->portfwd_strptr++; if (*ssh->portfwd_strptr == '\t')
n = 0; ssh->portfwd_strptr++;
while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') { n = 0;
if (n < 255) host[n++] = *ssh->portfwd_strptr++; while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
} if (n < 255) host[n++] = *ssh->portfwd_strptr++;
host[n] = 0;
if (*ssh->portfwd_strptr == ':')
ssh->portfwd_strptr++;
n = 0;
while (*ssh->portfwd_strptr) {
if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
}
dports[n] = 0;
ssh->portfwd_strptr++;
dport = atoi(dports);
dserv = 0;
if (dport == 0) {
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
logeventf(ssh, "Service lookup failed for"
" destination port \"%s\"", dports);
} }
host[n] = 0;
if (*ssh->portfwd_strptr == ':')
ssh->portfwd_strptr++;
n = 0;
while (*ssh->portfwd_strptr) {
if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
}
dports[n] = 0;
ssh->portfwd_strptr++;
dport = atoi(dports);
dserv = 0;
if (dport == 0) {
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
logeventf(ssh, "Service lookup failed for"
" destination port \"%s\"", dports);
}
}
} else {
while (*ssh->portfwd_strptr) ssh->portfwd_strptr++;
} }
sport = atoi(sports); sport = atoi(sports);
sserv = 0; sserv = 0;
@ -3197,6 +3201,15 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
host, host,
(int)(dserv ? strlen(dports) : 0), dports, (int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")"); dserv, "(", dport, dserv, ")");
} else if (type == 'D') {
pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
sport, ssh, &ssh->cfg);
logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
" doing SOCKS dynamic forwarding",
(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
(int)(*saddr?1:0), ":",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")");
} else { } else {
struct ssh_rportfwd *pf; struct ssh_rportfwd *pf;
pf = snew(struct ssh_rportfwd); pf = snew(struct ssh_rportfwd);
@ -5230,30 +5243,34 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
if (n < 255) sports[n++] = *ssh->portfwd_strptr++; if (n < 255) sports[n++] = *ssh->portfwd_strptr++;
} }
sports[n] = 0; sports[n] = 0;
if (*ssh->portfwd_strptr == '\t') if (type != 'D') {
ssh->portfwd_strptr++; if (*ssh->portfwd_strptr == '\t')
n = 0; ssh->portfwd_strptr++;
while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') { n = 0;
if (n < 255) host[n++] = *ssh->portfwd_strptr++; while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
} if (n < 255) host[n++] = *ssh->portfwd_strptr++;
host[n] = 0;
if (*ssh->portfwd_strptr == ':')
ssh->portfwd_strptr++;
n = 0;
while (*ssh->portfwd_strptr) {
if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
}
dports[n] = 0;
ssh->portfwd_strptr++;
dport = atoi(dports);
dserv = 0;
if (dport == 0) {
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
logeventf(ssh, "Service lookup failed for destination"
" port \"%s\"", dports);
} }
host[n] = 0;
if (*ssh->portfwd_strptr == ':')
ssh->portfwd_strptr++;
n = 0;
while (*ssh->portfwd_strptr) {
if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
}
dports[n] = 0;
ssh->portfwd_strptr++;
dport = atoi(dports);
dserv = 0;
if (dport == 0) {
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
logeventf(ssh, "Service lookup failed for destination"
" port \"%s\"", dports);
}
}
} else {
while (*ssh->portfwd_strptr) ssh->portfwd_strptr++;
} }
sport = atoi(sports); sport = atoi(sports);
sserv = 0; sserv = 0;
@ -5278,6 +5295,15 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
host, host,
(int)(dserv ? strlen(dports) : 0), dports, (int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")"); dserv, "(", dport, dserv, ")");
} else if (type == 'D') {
pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
sport, ssh, &ssh->cfg);
logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
" doing SOCKS dynamic forwarding",
(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
(int)(*saddr?1:0), ":",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")");
} else { } else {
struct ssh_rportfwd *pf; struct ssh_rportfwd *pf;
pf = snew(struct ssh_rportfwd); pf = snew(struct ssh_rportfwd);

1
ssh.h
View File

@ -259,6 +259,7 @@ void ssh_send_port_open(void *channel, char *hostname, int port, char *org);
/* Exports from portfwd.c */ /* Exports from portfwd.c */
extern char *pfd_newconnect(Socket * s, char *hostname, int port, void *c, extern char *pfd_newconnect(Socket * s, char *hostname, int port, void *c,
const Config *cfg); const Config *cfg);
/* desthost == NULL indicates dynamic (SOCKS) port forwarding */
extern char *pfd_addforward(char *desthost, int destport, char *srcaddr, extern char *pfd_addforward(char *desthost, int destport, char *srcaddr,
int port, void *backhandle, const Config *cfg); int port, void *backhandle, const Config *cfg);
extern void pfd_close(Socket s); extern void pfd_close(Socket s);

View File

@ -263,6 +263,7 @@ static void usage(void)
printf(" -batch disable all interactive prompts\n"); printf(" -batch disable all interactive prompts\n");
printf("The following options only apply to SSH connections:\n"); printf("The following options only apply to SSH connections:\n");
printf(" -pw passw login with specified password\n"); printf(" -pw passw login with specified password\n");
printf(" -D listen-port Dynamic SOCKS-based port forwarding\n");
printf(" -L listen-port:host:port Forward local port to " printf(" -L listen-port:host:port Forward local port to "
"remote address\n"); "remote address\n");
printf(" -R listen-port:host:port Forward remote port to" printf(" -R listen-port:host:port Forward remote port to"