Bugzilla – Attachment 1613 Details for
Bug 1572
accept SOCKS requests over the mux socket in master mode
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for OpenSSH current
openssh-muxsocks-3.patch (text/plain), 5.56 KB, created by
Salvador Fandiño
on 2009-03-11 20:10:14 AEDT
(
hide
)
Description:
patch for OpenSSH current
Filename:
MIME Type:
Creator:
Salvador Fandiño
Created:
2009-03-11 20:10:14 AEDT
Size:
5.56 KB
patch
obsolete
>Index: ssh//canohost.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/canohost.c,v >retrieving revision 1.64 >diff -u -r1.64 canohost.c >--- ssh//canohost.c 12 Feb 2009 03:00:56 -0000 1.64 >+++ ssh//canohost.c 10 Mar 2009 14:55:52 -0000 >@@ -16,6 +16,7 @@ > #include <sys/socket.h> > > #include <netinet/in.h> >+#include <sys/un.h> > > #include <ctype.h> > #include <errno.h> >@@ -217,14 +218,17 @@ > addrlen = sizeof(addr); > memset(&addr, 0, sizeof(addr)); > >+ if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) < 0) >+ return NULL; >+ >+ if (addr.ss_family == AF_UNIX) >+ return xstrdup(((struct sockaddr_un *)&addr)->sun_path); >+ > if (remote) { >+ addrlen = sizeof(addr); > if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) > < 0) > return NULL; >- } else { >- if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) >- < 0) >- return NULL; > } > /* Get the address in ascii. */ > if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, >@@ -311,12 +315,18 @@ > /* Get IP address of client. */ > fromlen = sizeof(from); > memset(&from, 0, sizeof(from)); >- if (local) { >- if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { >- error("getsockname failed: %.100s", strerror(errno)); >- return 0; >- } >- } else { >+ >+ >+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { >+ error("getsockname failed: %.100s", strerror(errno)); >+ return 0; >+ } >+ >+ if (from.ss_family == AF_UNIX) >+ return 0; >+ >+ if (!local) { >+ fromlen = sizeof(from); > if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { > debug("getpeername failed: %.100s", strerror(errno)); > return -1; >Index: ssh//channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.295 >diff -u -r1.295 channels.c >--- ssh//channels.c 12 Feb 2009 03:00:56 -0000 1.295 >+++ ssh//channels.c 10 Mar 2009 14:56:07 -0000 >@@ -1233,6 +1233,7 @@ > ret = channel_decode_socks5(c, readset, writeset); > break; > default: >+ error("channel %d: bad SOCKS protocol version %d", c->self, p[0]); > ret = -1; > break; > } >Index: ssh//msg.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/msg.c,v >retrieving revision 1.15 >diff -u -r1.15 msg.c >--- ssh//msg.c 3 Aug 2006 03:34:42 -0000 1.15 >+++ ssh//msg.c 10 Mar 2009 14:56:07 -0000 >@@ -60,6 +60,22 @@ > } > > int >+ssh_msg_recv_body(int fd, u_int msg_len, Buffer *m) >+{ >+ if (msg_len > 256 * 1024) { >+ error("ssh_msg_recv_body: read: bad msg_len %u", msg_len); >+ return (-1); >+ } >+ buffer_clear(m); >+ buffer_append_space(m, msg_len); >+ if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) { >+ error("ssh_msg_recv: read: %s", strerror(errno)); >+ return (-1); >+ } >+ return (0); >+} >+ >+int > ssh_msg_recv(int fd, Buffer *m) > { > u_char buf[4]; >@@ -73,15 +89,5 @@ > return (-1); > } > msg_len = get_u32(buf); >- if (msg_len > 256 * 1024) { >- error("ssh_msg_recv: read: bad msg_len %u", msg_len); >- return (-1); >- } >- buffer_clear(m); >- buffer_append_space(m, msg_len); >- if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) { >- error("ssh_msg_recv: read: %s", strerror(errno)); >- return (-1); >- } >- return (0); >+ return ssh_msg_recv_body(fd, msg_len, m); > } >Index: ssh//msg.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/msg.h,v >retrieving revision 1.4 >diff -u -r1.4 msg.h >--- ssh//msg.h 25 Mar 2006 22:22:43 -0000 1.4 >+++ ssh//msg.h 10 Mar 2009 14:56:07 -0000 >@@ -27,5 +27,6 @@ > > int ssh_msg_send(int, u_char, Buffer *); > int ssh_msg_recv(int, Buffer *); >+int ssh_msg_recv_body(int fd, u_int msg_len, Buffer *m); > > #endif >Index: ssh//mux.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/mux.c,v >retrieving revision 1.7 >diff -u -r1.7 mux.c >--- ssh//mux.c 13 Jun 2008 17:21:20 -0000 1.7 >+++ ssh//mux.c 10 Mar 2009 14:56:07 -0000 >@@ -68,6 +68,7 @@ > #include "key.h" > #include "readconf.h" > #include "clientloop.h" >+#include "atomicio.h" > > /* from ssh.c */ > extern int tty_flag; >@@ -217,6 +218,9 @@ > uid_t euid; > gid_t egid; > int start_close = 0; >+ u_char buf[4]; >+ u_int msg_len; >+ Channel *nc; > > /* > * Accept connection on control socket >@@ -244,10 +248,42 @@ > /* XXX handle asynchronously */ > unset_nonblock(client_fd); > >- /* Read command */ >- buffer_init(&m); >- if (ssh_msg_recv(client_fd, &m) == -1) { >- error("%s: client msg_recv failed", __func__); >+ /* We can distinguish if we are talking to a SOCKS client >+ * looking at the first byte: 0 indicates a mux packet, 4 and >+ * 5 a SOCKS request >+ */ >+ if (atomicio(read, client_fd, buf, 1) != 1) { >+ error("%s: client read char failed", __func__); >+ close (client_fd); >+ return 0; >+ } >+ >+ if ((buf[0] == 4) || (buf[0] == 5)) { >+ /* create a new channel for the SOCKS request */ >+ debug("Connection to mux socket is a SOCKS%d request", buf[0]); >+ >+ nc = channel_new("dynamic-tcpip", SSH_CHANNEL_DYNAMIC, >+ client_fd, client_fd, -1, >+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, >+ 0, "dynamic-tcpip", 1); >+ nc->listening_port = 0; >+ nc->host_port = 0; >+ buffer_append(&nc->input, buf, 1); >+ nc->delayed = 1; >+ return 0; >+ } >+ >+ /* Read mux command */ >+ if (atomicio(read, client_fd, buf+1, sizeof(buf) - 1) != (sizeof(buf) - 1)) { >+ error("%s: client read msg length failed", __func__); >+ close(client_fd); >+ return 0; >+ } >+ >+ msg_len = get_u32(buf); >+ buffer_init(&m); >+ if (ssh_msg_recv_body(client_fd, msg_len, &m) == -1) { >+ error("%s: client msg_recv_body failed", __func__); > close(client_fd); > buffer_free(&m); > return 0;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1613">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1572
: 1613 |
1614
|
1615
|
1616