Discussion:
combining multihop and -J command for proxy connect
Hans Harder
2018-08-02 18:11:18 UTC
Permalink
I have to do a multihop behind after a proxy connect...

so I do something like:
dbclient -J "corkscrew proxyserver proxyport makado 22" ***@makado
,***@canyons

but I get the message : Exited: -J can't be used with multihop mode

Basicly what I see in cli-runopts.c that if multihop is detected it
prevents that -J is used, because multihop uses itself the -J option...
Any suggestion how I get this working ?

Hans
Hans Harder
2018-08-03 21:05:52 UTC
Permalink
did some testing with a small adaption in cli-runopts.c
Basicly if a proycmd if used and multihop is used, I pass the proxycmd with
-J in each exec

Seems to work :)
underneath the complete function... didn't have time to make a diff to the
original...

Hans


static void parse_multihop_hostname(const char* orighostarg, const char*
argv0) {
char *userhostarg = NULL;
char *hostbuf = NULL;
char *last_hop = NULL;
char *remainder = NULL;

/* both scp and rsync parse a ***@host argument
* and turn it into "-l user host". This breaks
* for our multihop syntax, so we suture it back together.
* This will break usernames that have both '@' and ',' in them,
* though that should be fairly uncommon. */
if (cli_opts.username
&& strchr(cli_opts.username, ',')
&& strchr(cli_opts.username, '@')) {
unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2;
hostbuf = m_malloc(len);
snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg);
} else {
hostbuf = m_strdup(orighostarg);
}
userhostarg = hostbuf;

last_hop = strrchr(userhostarg, ',');
if (last_hop) {
if (last_hop == userhostarg) {
dropbear_exit("Bad multi-hop hostnames");
}
*last_hop = '\0';
last_hop++;
remainder = userhostarg;
userhostarg = last_hop;
}

parse_hostname(userhostarg);

if (last_hop) {
/* Set up the proxycmd */
unsigned int cmd_len = 0;
char *passthrough_args = multihop_passthrough_args();
char *pproxycmd = NULL;
if (cli_opts.remoteport == NULL) {
cli_opts.remoteport = "22";
}
cmd_len = strlen(argv0) + strlen(remainder)
+ strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport)
+ strlen(passthrough_args)
+ 30;
/* if proxycmd is filled, pass it also with every exec */
if (cli_opts.proxycmd) {
int proxylen = strlen(cli_opts.proxycmd) + 10;
/* save original proxycmd to insert in new cmd */
pproxycmd = m_malloc(proxylen);
snprintf(pproxycmd,proxylen,"-J \"%s\"
",cli_opts.proxycmd);
cli_opts.proxycmd = NULL;
/* increase cmd_len with proxycmd length */
cmd_len += proxylen;
}
cli_opts.proxycmd = m_malloc(cmd_len);
snprintf(cli_opts.proxycmd, cmd_len, "%s %s-B %s:%s %s %s",
argv0, (pproxycmd)?pproxycmd:"",
cli_opts.remotehost, cli_opts.remoteport,
passthrough_args, remainder);
#ifndef DISABLE_ZLIB
/* The stream will be incompressible since it's encrypted. */
opts.compress_mode = DROPBEAR_COMPRESS_OFF;
#endif
if (pproxycmd) m_free(pproxycmd);
m_free(passthrough_args);
}
m_free(hostbuf);
}
Hans Harder
2018-08-04 10:58:27 UTC
Permalink
Underneath the patch against the current git version
Hans

diff -w dropbear-git/cli-runopts.c dropbear-patch/cli-runopts.c
--- dropbear-git/cli-runopts.c
+++ dropbear-patch/cli-runopts.c
@@ -629,9 +629,7 @@
/* Set up the proxycmd */
unsigned int cmd_len = 0;
char *passthrough_args = multihop_passthrough_args();
- if (cli_opts.proxycmd) {
- dropbear_exit("-J can't be used with multihop mode");
- }
+ char *pproxycmd = NULL;
if (cli_opts.remoteport == NULL) {
cli_opts.remoteport = "22";
}
@@ -639,14 +637,27 @@
+ strlen(cli_opts.remotehost) +
strlen(cli_opts.remoteport)
+ strlen(passthrough_args)
+ 30;
+ /* if proxycmd is filled, pass it also with every exec */
+ if (cli_opts.proxycmd) {
+ int proxylen = strlen(cli_opts.proxycmd) + 10;
+ /* save original proxycmd to insert in new cmd */
+ pproxycmd = m_malloc(proxylen);
+ snprintf(pproxycmd,proxylen,"-J \"%s\"
",cli_opts.proxycmd);
+ cli_opts.proxycmd = NULL;
+ /* increase cmd_len with proxycmd length */
+ cmd_len += proxylen;
+ }
cli_opts.proxycmd = m_malloc(cmd_len);
- snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s",
- argv0, cli_opts.remotehost, cli_opts.remoteport,
- passthrough_args, remainder);
+ snprintf(cli_opts.proxycmd, cmd_len, "%s %s-B %s:%s %s %s",
+ argv0, (pproxycmd)?pproxycmd:"",
+ cli_opts.remotehost,
cli_opts.remoteport, passthrough_args, remainder);
#ifndef DISABLE_ZLIB
/* The stream will be incompressible since it's encrypted. */
opts.compress_mode = DROPBEAR_COMPRESS_OFF;
#endif
+ if (pproxycmd) {
+ m_free(pproxycmd);
+ }
m_free(passthrough_args);
}
m_free(hostbuf);
Walter Harms
2018-08-08 16:03:09 UTC
Permalink
Post by Hans Harder
Underneath the patch against the current git version
Hans
diff -w dropbear-git/cli-runopts.c dropbear-patch/cli-runopts.c
--- dropbear-git/cli-runopts.c
+++ dropbear-patch/cli-runopts.c
@@ -629,9 +629,7 @@
/* Set up the proxycmd */
unsigned int cmd_len = 0;
char *passthrough_args = multihop_passthrough_args();
- if (cli_opts.proxycmd) {
- dropbear_exit("-J can't be used with multihop mode");
- }
+ char *pproxycmd = NULL;
if (cli_opts.remoteport == NULL) {
cli_opts.remoteport = "22";
}
@@ -639,14 +637,27 @@
+ strlen(cli_opts.remotehost) +
strlen(cli_opts.remoteport)
+ strlen(passthrough_args)
+ 30;
+ /* if proxycmd is filled, pass it also with every exec */
+ if (cli_opts.proxycmd) {
+ int proxylen = strlen(cli_opts.proxycmd) + 10;
+ /* save original proxycmd to insert in new cmd */
+ pproxycmd = m_malloc(proxylen);
+ snprintf(pproxycmd,proxylen,"-J \"%s\"
",cli_opts.proxycmd);
+ cli_opts.proxycmd = NULL;
+ /* increase cmd_len with proxycmd length */
+ cmd_len += proxylen;
+ }
same notes;

if you use "" for pproxycmd you may have it more easy with sprintf() below
instead of malloc/snprintf would it be possible to use asprintf() ?
Post by Hans Harder
cli_opts.proxycmd = m_malloc(cmd_len);
- snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s",
- argv0, cli_opts.remotehost,
cli_opts.remoteport,
- passthrough_args, remainder);
+ snprintf(cli_opts.proxycmd, cmd_len, "%s %s-B %s:%s %s %s",
+ argv0, (pproxycmd)?pproxycmd:"",
+ cli_opts.remotehost,
cli_opts.remoteport, passthrough_args, remainder);
the "-B" looks very close to the %s

just my 2 cents
re,
wh
Post by Hans Harder
#ifndef DISABLE_ZLIB
/* The stream will be incompressible since it's encrypted. */
opts.compress_mode = DROPBEAR_COMPRESS_OFF;
#endif
+ if (pproxycmd) {
+ m_free(pproxycmd);
+ }
m_free(passthrough_args);
}
m_free(hostbuf);
Loading...