src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2001-04-17 12:55:05 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2001-04-17 12:55:05 +0000
commit	52a02743a6543b5645890d80c321384e36c6a0f9 (patch)
tree	f94a6e7f724b833d8f40c0ce070ef183f1fcc647 /usr.bin
parent	36a1f206d4bc090453769f963edcbb1cbea63c86 (diff)

undo socks5 and https support since they are not really used and

only bloat ssh. remove -D from usage(), since '-D' is experimental.

Diffstat (limited to 'usr.bin')

-rw-r--r--

usr.bin/ssh/channels.c

211

-rw-r--r--

usr.bin/ssh/ssh.c

2 files changed, 24 insertions, 193 deletions

diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index fe26cb29e33..08780b0ebd9 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c

@@ -40,7 +40,7 @@

#include "includes.h"

-RCSID("$OpenBSD: channels.c,v 1.108 2001/04/14 16:17:14 markus Exp $");

+RCSID("$OpenBSD: channels.c,v 1.109 2001/04/17 12:55:03 markus Exp $");

#include <openssl/rsa.h>

#include <openssl/dsa.h>

@@ -542,79 +542,12 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)

}

-int

-channel_decode_helper(Channel *c, int start, int lookfor)

- u_char *p;

- int i, have;

- p = buffer_ptr(&c->input);

- have = buffer_len(&c->input);

- debug2("channel %d: decode_helper: start %d have %d lookfor %d",

- c->self, start, have, lookfor);

- if (have < start)

- return 0;

- for (i = start; i < have; i++) {

- if (p[i] == lookfor) {

- debug2("channel %d: decode_helper: matched at %d",

- c->self, i);

- if (lookfor == '\0' ||

- (i+3 < have &&

- p[i+1] == '\n' &&

- p[i+2] == '\r' &&

- p[i+3] == '\n'))

- return i;

- }

- if (i > 4096) {

- /* the peer is probably sending garbage */

- debug("channel %d: decode_helper: too long",

- c->self);

- return -1;

- }

- return 0; /* need more */

-/* try to decode a http connect header */

-int

-channel_decode_https(Channel *c, fd_set * readset, fd_set * writeset)

- u_char *p, *host, *buf;

- int port, ret;

- char httpok[] = "HTTP/1.0 200\r\n\r\n";

- debug2("channel %d: decode https connect", c->self);

- ret = channel_decode_helper(c, strlen("connect "), '\r');

- if (ret <= 0)

- return ret;

- p = buffer_ptr(&c->input);

- buf = xmalloc(ret+1);

- host = xmalloc(ret);

- memcpy(buf, p, ret);

- buf[ret] = '\0';

- if (sscanf(buf, "CONNECT %[^:]:%u HTTP/", host, &port) != 2) {

- debug("channel %d: cannot parse http header", c->self);

- return -1;

- }

- debug("channel %d: dynamic request: https host %s port %u",

- c->self, host, port);

- strlcpy(c->path, host, sizeof(c->path));

- c->host_port = port;

- xfree(host);

- xfree(buf);

- buffer_consume(&c->input, ret+4);

- buffer_append(&c->output, httpok, strlen(httpok));

- return 1;

/* try to decode a socks4 header */

int

channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)

{

u_char *p, *host;

- int len, have, ret;

+ int len, have, i, found;

char username[256];

struct {

u_int8_t version;

@@ -624,16 +557,33 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)

} s4_req, s4_rsp;

debug2("channel %d: decode socks4", c->self);

- ret = channel_decode_helper(c, sizeof(s4_req), '\0');

- if (ret <= 0)

- return ret;

+ have = buffer_len(&c->input);

+ len = sizeof(s4_req);

+ if (have < len)

+ return 0;

+ p = buffer_ptr(&c->input);

+ for (found = 0, i = len; i < have; i++) {

+ if (p[i] == '\0') {

+ found = 1;

+ break;

+ }

+ if (i > 1024) {

+ /* the peer is probably sending garbage */

+ debug("channel %d: decode socks4: too long",

+ c->self);

+ return -1;

+ }

+ if (!found)

+ return 0;

buffer_get(&c->input, (char *)&s4_req.version, 1);

buffer_get(&c->input, (char *)&s4_req.command, 1);

buffer_get(&c->input, (char *)&s4_req.dest_port, 2);

buffer_get(&c->input, (char *)&s4_req.dest_addr, 4);

+ have = buffer_len(&c->input);

p = buffer_ptr(&c->input);

len = strlen(p);

- have = buffer_len(&c->input);

debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);

if (len > have)

fatal("channel %d: decode socks4: len %d > have %d",

@@ -662,115 +612,6 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)

return 1;

}

-/* try to decode a socks5 header */

-#define SSH_SOCKS5_AUTHDONE 0x1000

-#define SSH_SOCKS5_NOAUTH 0x00

-#define SSH_SOCKS5_IPV4 0x01

-#define SSH_SOCKS5_DOMAIN 0x03

-#define SSH_SOCKS5_IPV6 0x04

-#define SSH_SOCKS5_CONNECT 0x01

-#define SSH_SOCKS5_SUCCESS 0x00

-int

-channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)

- struct {

- u_int8_t version;

- u_int8_t command;

- u_int8_t reserved;

- u_int8_t atyp;

- } s5_req, s5_rsp;

- u_int16_t dest_port;

- u_char *p, dest_addr[255+1];

- int i, have, found, nmethods, addrlen, af;

- debug2("channel %d: decode socks5", c->self);

- p = buffer_ptr(&c->input);

- if (p[0] != 0x05)

- return -1;

- have = buffer_len(&c->input);

- if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {

- /* format: ver | nmethods | methods */

- if (have < 2)

- return 0;

- nmethods = p[1];

- if (have < nmethods + 2)

- return 0;

- /* look for method: "NO AUTHENTICATION REQUIRED" */

- for (found = 0, i = 2 ; i < nmethods + 2; i++) {

- if (p[i] == SSH_SOCKS5_NOAUTH ) {

- found = 1;

- break;

- }

- if (!found) {

- debug("channel %d: method SSH_SOCKS5_NOAUTH not found",

- c->self);

- return -1;

- }

- buffer_consume(&c->input, nmethods + 2);

- buffer_put_char(&c->output, 0x05); /* version */

- buffer_put_char(&c->output, SSH_SOCKS5_NOAUTH); /* method */

- FD_SET(c->sock, writeset);

- c->flags |= SSH_SOCKS5_AUTHDONE;

- debug2("channel %d: socks5 auth done", c->self);

- return 0; /* need more */

- }

- debug2("channel %d: socks5 post auth", c->self);

- if (have < sizeof(s5_req)+1)

- return 0; /* need more */

- memcpy((char *)&s5_req, p, sizeof(s5_req));

- if (s5_req.version != 0x05 ||

- s5_req.command != SSH_SOCKS5_CONNECT ||

- s5_req.reserved != 0x00) {

- debug("channel %d: only socks5 connect supported", c->self);

- return -1;

- }

- switch(s5_req.atyp){

- case SSH_SOCKS5_IPV4:

- addrlen = 4;

- af = AF_INET;

- break;

- case SSH_SOCKS5_DOMAIN:

- addrlen = p[sizeof(s5_req)];

- af = -1;

- break;

- case SSH_SOCKS5_IPV6:

- addrlen = 16;

- af = AF_INET6;

- break;

- default:

- debug("channel %d: bad socks5 atyp %d", c->self, s5_req.atyp);

- return -1;

- }

- if (have < 4 + addrlen + 2)

- return 0;

- buffer_consume(&c->input, sizeof(s5_req));

- buffer_get(&c->input, (char *)&dest_addr, addrlen);

- buffer_get(&c->input, (char *)&dest_port, 2);

- dest_addr[addrlen] = '\0';

- if (s5_req.atyp == SSH_SOCKS5_DOMAIN)

- strlcpy(c->path, dest_addr, sizeof(c->path));

- else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)

- return -1;

- c->host_port = ntohs(dest_port);

- debug("channel %d: dynamic request: socks5 host %s port %u command %u",

- c->self, c->path, c->host_port, s5_req.command);

- s5_rsp.version = 0x05;

- s5_rsp.command = SSH_SOCKS5_SUCCESS;

- s5_rsp.reserved = 0; /* ignored */

- s5_rsp.atyp = SSH_SOCKS5_IPV4;

- ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;

- dest_port = 0; /* ignored */

- buffer_append(&c->output, (char *)&s5_rsp, sizeof(s5_rsp));

- buffer_append(&c->output, (char *)&dest_addr, sizeof(struct in_addr));

- buffer_append(&c->output, (char *)&dest_port, sizeof(dest_port));

- return 1;

/* dynamic port forwarding */

void

channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)

@@ -791,15 +632,9 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)

/* try to guess the protocol */

p = buffer_ptr(&c->input);

switch (p[0]) {

- case 'C':

- ret = channel_decode_https(c, readset, writeset);

- break;

case 0x04:

ret = channel_decode_socks4(c, readset, writeset);

break;

- case 0x05:

- ret = channel_decode_socks5(c, readset, writeset);

- break;

default:

ret = -1;

break;

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 470a4d41259..b9a56c938bc 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c

@@ -39,7 +39,7 @@

#include "includes.h"

-RCSID("$OpenBSD: ssh.c,v 1.115 2001/04/14 16:33:20 stevesk Exp $");

+RCSID("$OpenBSD: ssh.c,v 1.116 2001/04/17 12:55:04 markus Exp $");

#include <openssl/evp.h>

#include <openssl/err.h>

@@ -174,10 +174,6 @@ usage(void)

fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n");

fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname);

fprintf(stderr, " forward them to the other side by connecting to host:port.\n");

- fprintf(stderr, " -D port Dynamically forward local port to multiple remote addresses.\n");

- fprintf(stderr, " Allows %s to act as an application-layer proxy.\n",

- __progname);

- fprintf(stderr, " Protocols supported: SOCKS4, SOCKS5, HTTPS\n");

fprintf(stderr, " -C Enable compression.\n");

fprintf(stderr, " -N Do not execute a shell or command.\n");

fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");