mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-11-27 05:46:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/04/17 12:55:04

Browse Source 
[channels.c ssh.c]
     undo socks5 and https support since they are not really used and
     only bloat ssh.  remove -D from usage(), since '-D' is experimental.
This commit is contained in:
Ben Lindstrom 2001-04-17 18:14:34 +00:00
parent 982dbbcfda
commit 2b261b9035
3 changed files with 40 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
ChangeLog
View File

@ -3,18 +3,23 @@
and temporary commented out 'catman-do:' since it is broken. Patches
for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/04/16 08:26:04
[key.c]
better safe than sorry in later mods; yongari@kt-is.co.kr
- markus@cvs.openbsd.org 2001/04/17 08:14:01
[sshconnect1.c]
check for key!=NULL, thanks to costa
- markus@cvs.openbsd.org 2001/04/17 09:52:48
[clientloop.c]
- deraadt@cvs.openbsd.org 2001/04/16 08:26:04
[key.c]
better safe than sorry in later mods; yongari@kt-is.co.kr
- markus@cvs.openbsd.org 2001/04/17 08:14:01
[sshconnect1.c]
check for key!=NULL, thanks to costa
- markus@cvs.openbsd.org 2001/04/17 09:52:48
[clientloop.c]
handle EINTR/EAGAIN on read; ok deraadt@
- markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
- markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
- markus@cvs.openbsd.org 2001/04/17 12:55:04
[channels.c ssh.c]
undo socks5 and https support since they are not really used and
only bloat ssh. remove -D from usage(), since '-D' is experimental.
20010416
- OpenBSD CVS Sync
@ -5140,4 +5145,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1134 2001/04/17 18:11:36 mouring Exp $
$Id: ChangeLog,v 1.1135 2001/04/17 18:14:34 mouring Exp $

211
channels.c
View File

@ -40,7 +40,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.108 2001/04/14 16:17:14 markus Exp $");
RCSID("$OpenBSD: channels.c,v 1.109 2001/04/17 12:55:03 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@ -542,79 +542,12 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
}
}
int
channel_decode_helper(Channel *c, int start, int lookfor)
{
u_char *p;
int i, have;
p = buffer_ptr(&c->input);
have = buffer_len(&c->input);
debug2("channel %d: decode_helper: start %d have %d lookfor %d",
c->self, start, have, lookfor);
if (have < start)
return 0;
for (i = start; i < have; i++) {
if (p[i] == lookfor) {
debug2("channel %d: decode_helper: matched at %d",
c->self, i);
if (lookfor == '\0' ||
(i+3 < have &&
p[i+1] == '\n' &&
p[i+2] == '\r' &&
p[i+3] == '\n'))
return i;
}
if (i > 4096) {
/* the peer is probably sending garbage */
debug("channel %d: decode_helper: too long",
c->self);
return -1;
}
}
return 0; /* need more */
}
/* try to decode a http connect header */
int
channel_decode_https(Channel *c, fd_set * readset, fd_set * writeset)
{
u_char *p, *host, *buf;
int port, ret;
char httpok[] = "HTTP/1.0 200\r\n\r\n";
debug2("channel %d: decode https connect", c->self);
ret = channel_decode_helper(c, strlen("connect "), '\r');
if (ret <= 0)
return ret;
p = buffer_ptr(&c->input);
buf = xmalloc(ret+1);
host = xmalloc(ret);
memcpy(buf, p, ret);
buf[ret] = '\0';
if (sscanf(buf, "CONNECT %[^:]:%u HTTP/", host, &port) != 2) {
debug("channel %d: cannot parse http header", c->self);
return -1;
}
debug("channel %d: dynamic request: https host %s port %u",
c->self, host, port);
strlcpy(c->path, host, sizeof(c->path));
c->host_port = port;
xfree(host);
xfree(buf);
buffer_consume(&c->input, ret+4);
buffer_append(&c->output, httpok, strlen(httpok));
return 1;
}
/* try to decode a socks4 header */
int
channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
{
u_char *p, *host;
int len, have, ret;
int len, have, i, found;
char username[256];
struct {
u_int8_t version;
@ -624,16 +557,33 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
} s4_req, s4_rsp;
debug2("channel %d: decode socks4", c->self);
ret = channel_decode_helper(c, sizeof(s4_req), '\0');
if (ret <= 0)
return ret;
have = buffer_len(&c->input);
len = sizeof(s4_req);
if (have < len)
return 0;
p = buffer_ptr(&c->input);
for (found = 0, i = len; i < have; i++) {
if (p[i] == '\0') {
found = 1;
break;
}
if (i > 1024) {
/* the peer is probably sending garbage */
debug("channel %d: decode socks4: too long",
c->self);
return -1;
}
}
if (!found)
return 0;
buffer_get(&c->input, (char *)&s4_req.version, 1);
buffer_get(&c->input, (char *)&s4_req.command, 1);
buffer_get(&c->input, (char *)&s4_req.dest_port, 2);
buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);
have = buffer_len(&c->input);
p = buffer_ptr(&c->input);
len = strlen(p);
have = buffer_len(&c->input);
debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
if (len > have)
fatal("channel %d: decode socks4: len %d > have %d",
@ -662,115 +612,6 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
return 1;
}
/* try to decode a socks5 header */
#define SSH_SOCKS5_AUTHDONE 0x1000
#define SSH_SOCKS5_NOAUTH 0x00
#define SSH_SOCKS5_IPV4 0x01
#define SSH_SOCKS5_DOMAIN 0x03
#define SSH_SOCKS5_IPV6 0x04
#define SSH_SOCKS5_CONNECT 0x01
#define SSH_SOCKS5_SUCCESS 0x00
int
channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
{
struct {
u_int8_t version;
u_int8_t command;
u_int8_t reserved;
u_int8_t atyp;
} s5_req, s5_rsp;
u_int16_t dest_port;
u_char *p, dest_addr[255+1];
int i, have, found, nmethods, addrlen, af;
debug2("channel %d: decode socks5", c->self);
p = buffer_ptr(&c->input);
if (p[0] != 0x05)
return -1;
have = buffer_len(&c->input);
if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
/* format: ver | nmethods | methods */
if (have < 2)
return 0;
nmethods = p[1];
if (have < nmethods + 2)
return 0;
/* look for method: "NO AUTHENTICATION REQUIRED" */
for (found = 0, i = 2 ; i < nmethods + 2; i++) {
if (p[i] == SSH_SOCKS5_NOAUTH ) {
found = 1;
break;
}
}
if (!found) {
debug("channel %d: method SSH_SOCKS5_NOAUTH not found",
c->self);
return -1;
}
buffer_consume(&c->input, nmethods + 2);
buffer_put_char(&c->output, 0x05); /* version */
buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */
FD_SET(c->sock, writeset);
c->flags |= SSH_SOCKS5_AUTHDONE;
debug2("channel %d: socks5 auth done", c->self);
return 0; /* need more */
}
debug2("channel %d: socks5 post auth", c->self);
if (have < sizeof(s5_req)+1)
return 0; /* need more */
memcpy((char *)&s5_req, p, sizeof(s5_req));
if (s5_req.version != 0x05 ||
s5_req.command != SSH_SOCKS5_CONNECT ||
s5_req.reserved != 0x00) {
debug("channel %d: only socks5 connect supported", c->self);
return -1;
}
switch(s5_req.atyp){
case SSH_SOCKS5_IPV4:
addrlen = 4;
af = AF_INET;
break;
case SSH_SOCKS5_DOMAIN:
addrlen = p[sizeof(s5_req)];
af = -1;
break;
case SSH_SOCKS5_IPV6:
addrlen = 16;
af = AF_INET6;
break;
default:
debug("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);
return -1;
}
if (have < 4 + addrlen + 2)
return 0;
buffer_consume(&c->input, sizeof(s5_req));
buffer_get(&c->input, (char *)&dest_addr, addrlen);
buffer_get(&c->input, (char *)&dest_port, 2);
dest_addr[addrlen] = '\0';
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
strlcpy(c->path, dest_addr, sizeof(c->path));
else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
return -1;
c->host_port = ntohs(dest_port);
debug("channel %d: dynamic request: socks5 host %s port %u command %u",
c->self, c->path, c->host_port, s5_req.command);
s5_rsp.version = 0x05;
s5_rsp.command = SSH_SOCKS5_SUCCESS;
s5_rsp.reserved = 0; /* ignored */
s5_rsp.atyp = SSH_SOCKS5_IPV4;
((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
dest_port = 0; /* ignored */
buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));
buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));
buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));
return 1;
}
/* dynamic port forwarding */
void
channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
@ -791,15 +632,9 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
/* try to guess the protocol */
p = buffer_ptr(&c->input);
switch (p[0]) {
case 'C':
ret = channel_decode_https(c, readset, writeset);
break;
case 0x04:
ret = channel_decode_socks4(c, readset, writeset);
break;
case 0x05:
ret = channel_decode_socks5(c, readset, writeset);
break;
default:
ret = -1;
break;

6
ssh.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.115 2001/04/14 16:33:20 stevesk Exp $");
RCSID("$OpenBSD: ssh.c,v 1.116 2001/04/17 12:55:04 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -182,10 +182,6 @@ usage(void)
fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n");
fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname);
fprintf(stderr, " forward them to the other side by connecting to host:port.\n");
fprintf(stderr, " -D port Dynamically forward local port to multiple remote addresses.\n");
fprintf(stderr, " Allows %s to act as an application-layer proxy.\n",
__progname);
fprintf(stderr, " Protocols supported: SOCKS4, SOCKS5, HTTPS\n");
fprintf(stderr, " -C Enable compression.\n");
fprintf(stderr, " -N Do not execute a shell or command.\n");
fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");