socks and misc patch to 2.9.9p2
Michael Robinton
root at bizsystems.com
Sun Oct 7 11:09:09 EST 2001
Attached is a very small patch that allows the ssh clients to use the
socks5 library. It should work with socks4 but is untested.
Tested on linux only
configure --with-socks
configure --with-socks5
Also included is a configure option to disable scp statistics
--disable-scp-stats
modified files
openssh-2.9.9p2/acconfig.h
openssh-2.9.9p2/channels.c
openssh-2.9.9p2/configure.in
openssh-2.9.9p2/includes.h
openssh-2.9.9p2/scp.c
openssh-2.9.9p2/sshconnect.c
autoconf and autoheader need to be run
patches change only a line or two of actual C code in each file, most of
the changes are in the configure script
Hope this makes it into the distribution :-)
Michael Robinton
michael at bizsystems.com
-------------- next part --------------
diff -u openssh-2.9.9p2.old/acconfig.h openssh-2.9.9p2/acconfig.h
--- openssh-2.9.9p2.old/acconfig.h Thu Sep 20 12:43:41 2001
+++ openssh-2.9.9p2/acconfig.h Sat Oct 6 17:44:07 2001
@@ -111,6 +111,9 @@
* message at run-time. */
#undef RSAREF
+/* Define to disable scp statistics */
+#undef DISABLE_SCP_STATISTICS
+
/* struct timeval */
#undef HAVE_STRUCT_TIMEVAL
@@ -332,6 +335,30 @@
/* Define if you want smartcard support */
#undef SMARTCARD
+
+/* The code in sshconnect.c is written for SOCKS4. If SOCKS5 should be used
+ these needs redefining */
+#undef Rconnect
+#undef Rgetsockname
+#undef Rgetpeername
+#undef Rbind
+#undef Raccept
+#undef Rlisten
+#undef Rselect
+#undef Rrecvfrom
+#undef Rsendto
+#undef Rrecv
+#undef Rsend
+#undef Rread
+#undef Rwrite
+#undef Rrresvport
+#undef Rshutdown
+#undef Rlisten
+#undef Rclose
+#undef Rdup
+#undef Rdup2
+#undef Rfclose
+#undef Rgethostbyname
@BOTTOM@
diff -u openssh-2.9.9p2.old/channels.c openssh-2.9.9p2/channels.c
--- openssh-2.9.9p2.old/channels.c Mon Sep 17 22:53:12 2001
+++ openssh-2.9.9p2/channels.c Sat Oct 6 17:09:30 2001
@@ -2481,7 +2481,12 @@
struct hostent *he;
struct in_addr my_addr;
+#if defined(SOCKS5)
+ he = Rgethostbyname(hostname);
+#else
+
he = gethostbyname(hostname);
+#endif
if (he == NULL) {
error("[X11-broken-fwd-hostname-workaround] Could not get "
"IP address for hostname %s.", hostname);
diff -u openssh-2.9.9p2.old/configure.in openssh-2.9.9p2/configure.in
--- openssh-2.9.9p2.old/configure.in Tue Sep 25 15:39:38 2001
+++ openssh-2.9.9p2/configure.in Sat Oct 6 17:41:54 2001
@@ -480,6 +480,141 @@
]
)
+dnl checkfor SOCKS support
+AC_MSG_CHECKING(whether to support SOCKS)
+AC_ARG_WITH(socks,
+ [ --with-socks Build with SOCKS firewall support.],
+ [ case "$withval" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ yes)
+ AC_MSG_RESULT(yes)
+ AC_CHECK_LIB(socks5, SOCKSconnect, [
+ socks=5
+ LIBS="-lsocks5 $LIBS"], [
+ AC_CHECK_LIB(socks, Rconnect, [
+ socks=4
+ LIBS="-lsocks $LIBS"], [
+ AC_MSG_ERROR(SOCKS library missing. You must first install socks.) ] ) ] )
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+)
+
+if test "x$socks" = "x"; then
+ AC_MSG_CHECKING(whether to support SOCKS5)
+ AC_ARG_WITH(socks5,
+ [ --with-socks5[=PATH] Build with SOCKS5 firewall support.],
+ [ case "$withval" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ socks=5
+ if test "x$withval" = "xyes"; then
+ withval="-lsocks5"
+ else
+ if test -d "$withval"; then
+ if test -d "$withval/include"; then
+ CFLAGS="$CFLAGS -I$withval/include"
+ else
+ CFLAGS="$CFLAGS -I$withval"
+ fi
+ if test -d "$withval/lib"; then
+ withval="-L$withval/lib -lsocks5"
+ else
+ withval="-L$withval -lsocks5"
+ fi
+ fi
+ fi
+ LIBS="$withval $LIBS"
+ # If Socks was compiled with Kerberos support, we will need
+ # to link against kerberos libraries. Temporarily append
+ # to LIBS. This is harmless if there is no kerberos support.
+ TMPLIBS="$LIBS"
+ LIBS="$LIBS $KERBEROS_LIBS"
+ AC_TRY_LINK([],
+ [ SOCKSconnect(); ],
+ [],
+ [ AC_MSG_ERROR(Could not find the $withval library. You must first install socks5.) ])
+ LIBS="$TMPLIBS"
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+ )
+fi
+
+if test "x$socks" = "x"; then
+ AC_MSG_CHECKING(whether to support SOCKS4)
+ AC_ARG_WITH(socks4,
+ [ --with-socks4[=PATH] Compile with SOCKS4 firewall traversal
+support.],
+ [ case "$withval" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ socks=4
+ if test "x$withval" = "xyes"; then
+ withval="-lsocks"
+ else
+ if test -d "$withval"; then
+ withval="-L$withval -lsocks"
+ fi
+ fi
+ LIBS="$withval $LIBS"
+ AC_TRY_LINK([],
+ [ Rconnect(); ],
+ [],
+ [ AC_MSG_ERROR(Could not find the $withval library.
+You must first install socks.) ])
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+ )
+fi
+
+
+
+if test "x$socks" = "x4"; then
+ AC_DEFINE(SOCKS)
+ AC_DEFINE(SOCKS4)
+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+fi
+
+if test "x$socks" = "x5"; then
+ AC_DEFINE(SOCKS)
+ AC_DEFINE(SOCKS5)
+ AC_DEFINE(Rconnect,SOCKSconnect)
+ AC_DEFINE(Rgetsockname,SOCKSgetsockname)
+ AC_DEFINE(Rgetpeername,SOCKSgetpeername)
+ AC_DEFINE(Rbind,SOCKSbind)
+ AC_DEFINE(Raccept,SOCKSaccept)
+ AC_DEFINE(Rlisten,SOCKSlisten)
+ AC_DEFINE(Rselect,SOCKSselect)
+ AC_DEFINE(Rrecvfrom,SOCKSrecvfrom)
+ AC_DEFINE(Rsendto,SOCKSsendto)
+ AC_DEFINE(Rrecv,SOCKSrecv)
+ AC_DEFINE(Rsend,SOCKSsend)
+ AC_DEFINE(Rread,SOCKSread)
+ AC_DEFINE(Rwrite,SOCKSwrite)
+ AC_DEFINE(Rrresvport,SOCKSrresvport)
+ AC_DEFINE(Rshutdown,SOCKSshutdown)
+ AC_DEFINE(Rlisten,SOCKSlisten)
+ AC_DEFINE(Rclose,SOCKSclose)
+ AC_DEFINE(Rdup,SOCKSdup)
+ AC_DEFINE(Rdup2,SOCKSdup2)
+ AC_DEFINE(Rfclose,SOCKSfclose)
+ AC_DEFINE(Rgethostbyname,SOCKSgethostbyname)
+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+ CFLAGS="$CFLAGS -DSOCKS"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+fi
+
dnl Checks for library functions.
AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock dirname fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getopt getnameinfo getrlimit getrusage getttyent glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty readpassphrase realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid setvbuf sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes vsnprintf vhangup waitpid _getpty __b64_ntop)
dnl Checks for time functions
@@ -1838,6 +1973,12 @@
[ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
[ AC_DEFINE(DISABLE_PUTUTXLINE) ]
)
+AC_ARG_ENABLE(scp-stats,
+[ --disable-scp-stats disable scp statistics display [no]],
+ AC_DEFINE(DISABLE_SCP_STATISTICS)
+ AC_MSG_RESULT(yes)
+)
+
AC_ARG_WITH(lastlog,
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[
diff -u openssh-2.9.9p2.old/includes.h openssh-2.9.9p2/includes.h
--- openssh-2.9.9p2.old/includes.h Wed Sep 19 19:07:51 2001
+++ openssh-2.9.9p2/includes.h Sat Oct 6 17:10:37 2001
@@ -23,6 +23,11 @@
#include "openbsd-compat/bsd-nextstep.h"
+#if defined(SOCKS5)
+/* does not support IPV6 */
+#include "socks.h"
+#endif
+
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
diff -u openssh-2.9.9p2.old/scp.c openssh-2.9.9p2/scp.c
--- openssh-2.9.9p2.old/scp.c Wed Sep 19 17:57:56 2001
+++ openssh-2.9.9p2/scp.c Sat Oct 6 17:42:08 2001
@@ -128,7 +128,11 @@
int verbose_mode = 0;
/* This is set to zero if the progressmeter is not desired. */
+#if defined(DISABLE_SCP_STATISTICS)
+int showprogress = 0;
+#else
int showprogress = 1;
+#endif
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = _PATH_SSH_PROGRAM;
diff -u openssh-2.9.9p2.old/sshconnect.c openssh-2.9.9p2/sshconnect.c
--- openssh-2.9.9p2.old/sshconnect.c Tue Aug 7 15:29:09 2001
+++ openssh-2.9.9p2/sshconnect.c Sat Oct 6 17:10:55 2001
@@ -15,8 +15,6 @@
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.110 2001/07/25 14:35:18 markus Exp $");
-#include <openssl/bn.h>
-
#include "ssh.h"
#include "xmalloc.h"
#include "rsa.h"
@@ -182,7 +180,12 @@
*/
if (privileged) {
int p = IPPORT_RESERVED - 1;
+#if defined(SOCKS)
+/* does not support IPV6 */
+ sock = Rrresvport(&p);
+#else /* SOCKS */
sock = rresvport_af(&p, family);
+#endif /* SOCKS */
if (sock < 0)
error("rresvport: af=%d %.100s", family, strerror(errno));
else
@@ -326,7 +329,12 @@
* the remote uid as root.
*/
temporarily_use_uid(pw);
- if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
+#if defined(SOCKS)
+ if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
+#else /* SOCKS */
+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
+#endif /* SOCKS */
+ {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
restore_uid();
More information about the openssh-unix-dev
mailing list