aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ssh/.gitignore1
-rw-r--r--ssh/Makefile5
-rw-r--r--ssh/client_proxy.c225
3 files changed, 230 insertions, 1 deletions
diff --git a/ssh/.gitignore b/ssh/.gitignore
index 17baeb4..0abd297 100644
--- a/ssh/.gitignore
+++ b/ssh/.gitignore
@@ -1,5 +1,6 @@
ssh_host_key
server
client
+client_proxy
*.o
compile_commands.json
diff --git a/ssh/Makefile b/ssh/Makefile
index d77dc67..76d23c9 100644
--- a/ssh/Makefile
+++ b/ssh/Makefile
@@ -7,7 +7,7 @@ LDFLAGS += $(shell pkg-config --libs libssh)
.PHONY: all clean
-all: server client
+all: server client client_proxy
clean:
rm -f server client *.o
@@ -19,5 +19,8 @@ server: server.o util.o
client: client.o sshnc.o util.o
$(CC) -o $@ $^ $(LDFLAGS)
+client_proxy: client_proxy.o sshnc.o util.o
+ $(CC) -o $@ $^ $(LDFLAGS)
+
%.o: %.c $(wildcard *.h)
$(CC) $(CFLAGS) -c -o $@ $<
diff --git a/ssh/client_proxy.c b/ssh/client_proxy.c
new file mode 100644
index 0000000..58f40cb
--- /dev/null
+++ b/ssh/client_proxy.c
@@ -0,0 +1,225 @@
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <poll.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <assert.h>
+#include "util.h"
+#include "sshnc.h"
+
+
+const char *g_hostkey_hash_preload;
+
+static int writeall(int sock, const char *buffer, size_t length) {
+ size_t cursor = 0;
+ while (cursor < length) {
+ ssize_t nw = write(sock, buffer + cursor, length - cursor);
+ if (nw < 0) {
+ if (errno == EINTR) continue;
+ return -1; // just dump all error conditions together
+ }
+ if (nw == 0) return -1; // eof is also an error condition
+ cursor += nw;
+ }
+ return 0;
+}
+
+static bool hostkey_checker(const unsigned char *hash, size_t length, void *userdata) {
+ (void)userdata;
+ const char* showed = sshnc_print_hash(hash, length);
+
+ bool ok = strcmp(showed, g_hostkey_hash_preload) == 0;
+ if (!ok) {
+ fprintf(stderr, "Rejecting host key '%s'!\n", showed);
+ }
+ return ok;
+}
+
+struct thread_data {
+ const char *server_host;
+ int server_port;
+ int client_sock;
+};
+
+static void* proxy_thread_entry(void *thread_data_) {
+ struct thread_data *thread_data = thread_data_;
+ int client_sock = thread_data->client_sock;
+
+ struct sshnc_client *client;
+ enum sshnc_retval ret = sshnc_connect(
+ thread_data->server_host, thread_data->server_port, "tomsg", "tomsg",
+ hostkey_checker, NULL, &client);
+
+ if (ret != SSHNC_OK) {
+ fprintf(stderr, "Could not connect over SSH: %s\n", sshnc_strerror(ret));
+ return NULL;
+ }
+
+ struct pollfd polls[2];
+ polls[0] = (struct pollfd){
+ .fd = sshnc_poll_fd(client),
+ .events = POLLIN,
+ };
+ polls[1] = (struct pollfd){
+ .fd = client_sock,
+ .events = POLLIN,
+ };
+
+ while (true) {
+ int pollret = poll(polls, sizeof polls / sizeof polls[0], -1);
+ if (pollret < 0) {
+ perror("poll");
+ goto cleanup;
+ }
+
+ if (polls[0].revents & (POLLERR | POLLNVAL)) {
+ fprintf(stderr, "Error reading from SSH socket\n");
+ goto cleanup;
+ }
+ if (polls[1].revents & (POLLERR | POLLNVAL)) {
+ // Assume downstream has been closed
+ break;
+ }
+
+ if (polls[0].revents & (POLLIN | POLLHUP)) {
+ char buffer[4096];
+ size_t length = 0;
+ ret = sshnc_maybe_recv(client, sizeof buffer, buffer, &length);
+ if (ret == SSHNC_OK) {
+ if (writeall(client_sock, buffer, length) < 0) {
+ // Error writing back to downstream, let's just close
+ break;
+ }
+ } else if (ret == SSHNC_EOF) {
+ break;
+ } else if (ret != SSHNC_AGAIN) {
+ fprintf(stderr, "Error on SSH recv: %s\n", sshnc_strerror(ret));
+ goto cleanup;
+ }
+ }
+
+ if (polls[1].revents & (POLLIN | POLLHUP)) {
+ char buffer[4096];
+ ssize_t nr = read(client_sock, buffer, sizeof buffer);
+ if (nr < 0) {
+ if (errno == ECONNRESET) break;
+ perror("Error reading from downstream");
+ goto cleanup;
+ }
+ if (nr == 0) {
+ break;
+ }
+
+ ret = sshnc_send(client, buffer, nr);
+ if (ret == SSHNC_EOF) {
+ break;
+ } else if (ret != SSHNC_OK) {
+ fprintf(stderr, "Error on SSH send: %s\n", sshnc_strerror(ret));
+ goto cleanup;
+ }
+ }
+ }
+
+cleanup:
+ close(client_sock);
+ sshnc_close(client);
+ return NULL;
+}
+
+int main(int argc, char **argv) {
+ const char *server_host = NULL;
+ int server_port = 2222;
+
+ if (argc != 4) {
+ fprintf(stderr, "Usage: %s <server[:port]> <listen_port> <hostkey_hash_preload>\n", argv[0]);
+ fprintf(stderr, "If :port is not specified for the backend server, %d is assumed.\n", server_port);
+ fprintf(stderr, "Will listen for connections to proxy on <listen_port>.\n");
+ fprintf(stderr, "The hostkey hash should be in the form 'SHA256:base64'.\n");
+ return 1;
+ }
+
+ if (!parse_host_port(argv[1], &server_host, &server_port)) {
+ fprintf(stderr, "Cannot parse host:port from argument '%s'\n", argv[1]);
+ return 1;
+ }
+
+ int bindport = strtol(argv[2], NULL, 10);
+ if (bindport == 0) {
+ fprintf(stderr, "Invalid listen port given\n");
+ return 1;
+ }
+
+ if (memcmp(argv[3], "SHA256:", 7) != 0) {
+ fprintf(stderr, "Preloaded host key in invalid format\n");
+ return 1;
+ }
+
+ g_hostkey_hash_preload = argv[3];
+
+ int bindsock = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
+ if (bindsock < 0) {
+ perror("socket(bind)");
+ return 1;
+ }
+
+ const int yes = 1;
+ if (setsockopt(bindsock, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof yes) < 0) {
+ fprintf(stderr, "Warning: could not set SO_REUSEADDR\n");
+ }
+
+ struct sockaddr_in bindaddr;
+ memset(&bindaddr, 0, sizeof bindaddr);
+ bindaddr.sin_family = AF_INET;
+ bindaddr.sin_port = htons(bindport);
+ bindaddr.sin_addr.s_addr = htonl(INADDR_ANY);
+
+ if (bind(bindsock, (const struct sockaddr*)&bindaddr, sizeof bindaddr) < 0) {
+ perror("bind");
+ return 1;
+ }
+
+ if (listen(bindsock, 5) < 0) {
+ perror("listen");
+ return 1;
+ }
+
+ pthread_attr_t thread_attr;
+ assert(pthread_attr_init(&thread_attr) == 0);
+ assert(pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED) == 0);
+
+ while (true) {
+ int sock = accept(bindsock, NULL, NULL);
+ if (sock < 0) {
+ perror("accept");
+ return 1;
+ }
+
+ struct thread_data *data = malloc(sizeof(struct thread_data));
+ if (!data) { // OOM, reject this connection and try to go on
+ close(sock);
+ usleep(500000);
+ continue;
+ }
+
+ data->server_host = server_host;
+ data->server_port = server_port;
+ data->client_sock = sock;
+
+ pthread_t thread;
+ int ret = pthread_create(&thread, &thread_attr, proxy_thread_entry, data);
+ if (ret < 0) {
+ // Something happened; reject this connection and try to go on
+ free(data);
+ close(sock);
+ perror("pthread_create");
+ usleep(500000);
+ continue;
+ }
+ }
+}