From cdbe853595d1ba06be4127d86c60a9bc2e9e3545 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 21 Mar 2006 16:16:41 +0000
Subject: [PATCH] A hack to make dbclient to tcp forwarding netcat style.

eg

./dbclient -i testkey -L 1234:remotehost:remoteport  tunnelhost

will ssh to tunnelhost (using testkey, there's no way to ask for a password)
and then tcpfwd to remotehost:remoteport on stdin/stdout.

There's no way to give a cmdline password, so -i for a keyfile will have to do.
Yet another reason for agent forwarding.

The 1234 is a dummy var, I think it has to be a valid portnumber though.

--HG--
branch : dbclient-netcat-alike
extra : convert_revision : d1f69334581dc4c35f9ca16aa5355074c9dd315d
---
 cli-chansession.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
 cli-session.c     |  4 ++--
 debug.h           |  2 +-
 3 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/cli-chansession.c b/cli-chansession.c
index 6d358b7f..76dbb3c2 100644
--- a/cli-chansession.c
+++ b/cli-chansession.c
@@ -367,14 +367,55 @@ static int cli_initchansess(struct Channel *channel) {
 
 void cli_send_chansess_request() {
 
+	unsigned int port = 0;
+	unsigned char* addr = NULL;
+	unsigned char* ipstring = "127.0.0.1";
+	unsigned char* portstring = "22";
+
+	/* hack hack */
+	static const struct ChanType cli_chan_tcphack = {
+		0, /* sepfds */
+		"direct-tcpip",
+		NULL,
+		NULL,
+		NULL,
+		cli_closechansess
+	};
+
 	TRACE(("enter cli_send_chansess_request"))
-	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
+	if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_tcphack) 
 			== DROPBEAR_FAILURE) {
 		dropbear_exit("Couldn't open initial channel");
 	}
 
-	/* No special channel request data */
+	if (cli_opts.localfwds == NULL) {
+		dropbear_exit("You need to give a \"-L ignored:host:port\" option with this hacked up dbclient.");
+	}
+
+	addr = cli_opts.localfwds->connectaddr;
+	port = cli_opts.localfwds->connectport;
+
+	buf_putstring(ses.writepayload, addr, strlen(addr));
+	buf_putint(ses.writepayload, port);
+
+	/* originator ip */
+	buf_putstring(ses.writepayload, ipstring, strlen(ipstring));
+	/* originator port */
+	buf_putint(ses.writepayload, atol(portstring));
+
 	encrypt_packet();
 	TRACE(("leave cli_send_chansess_request"))
 
 }
+
+#if 0
+	while (cli_opts.localfwds != NULL) {
+		ret = cli_localtcp(cli_opts.localfwds->listenport,
+				cli_opts.localfwds->connectaddr,
+				cli_opts.localfwds->connectport);
+		if (ret == DROPBEAR_FAILURE) {
+			dropbear_log(LOG_WARNING, "Failed local port forward %d:%s:%d",
+					cli_opts.localfwds->listenport,
+					cli_opts.localfwds->connectaddr,
+					cli_opts.localfwds->connectport);
+#endif
diff --git a/cli-session.c b/cli-session.c
index 35510fa9..34eeabcd 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -213,10 +213,10 @@ static void cli_sessionloop() {
 
 		case USERAUTH_SUCCESS_RCVD:
 #ifdef ENABLE_CLI_LOCALTCPFWD
-			setup_localtcp();
+			//setup_localtcp();
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
-			setup_remotetcp();
+			//setup_remotetcp();
 #endif
 			cli_send_chansess_request();
 			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
diff --git a/debug.h b/debug.h
index 93cb8917..f87cdd38 100644
--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/*#define DEBUG_TRACE */
+#define DEBUG_TRACE 
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
-- 
GitLab