libssh2

1
/* Copyright (C) The libssh2 project and its contributors.
2
 *
3
 * SPDX-License-Identifier: BSD-3-Clause
4
 */
5

6
#include "libssh2_setup.h"
7
#include <libssh2.h>
8

9
#ifdef _WIN32
10
#include <ws2tcpip.h>  /* for socklen_t */
11
#define recv(s, b, l, f)  recv((s), (b), (int)(l), (f))
12
#define send(s, b, l, f)  send((s), (b), (int)(l), (f))
13
#endif
14

15
#ifdef HAVE_SYS_SOCKET_H
16
#include <sys/socket.h>
17
#endif
18
#ifdef HAVE_UNISTD_H
19
#include <unistd.h>
20
#endif
21
#ifdef HAVE_NETINET_IN_H
22
#include <netinet/in.h>
23
#endif
24
#ifdef HAVE_ARPA_INET_H
25
#include <arpa/inet.h>
26
#endif
27

28
#include <stdio.h>
29
#include <stdlib.h>
30
#include <string.h>
31

32
#ifndef INADDR_NONE
33
#define INADDR_NONE (in_addr_t)~0
34
#endif
35

36
static const char *pubkey = "/home/username/.ssh/id_rsa.pub";
37
static const char *privkey = "/home/username/.ssh/id_rsa";
38
static const char *username = "username";
39
static const char *password = "";
40

41
static const char *server_ip = "127.0.0.1";
42

43
static const char *local_listenip = "127.0.0.1";
44
static int local_listenport = 2222;
45

46
static const char *remote_desthost = "localhost"; /* resolved by the server */
47
static int remote_destport = 22;
48

49
enum {
50
    AUTH_NONE = 0,
51
    AUTH_PASSWORD = 1,
52
    AUTH_PUBLICKEY = 2
53
};
54

55
int main(int argc, char *argv[])
56
{
57
    int i, auth = AUTH_NONE;
58
    struct sockaddr_in sin;
59
    socklen_t sinlen;
60
    const char *fingerprint;
61
    char *userauthlist;
62
    int rc;
63
    LIBSSH2_SESSION *session = NULL;
64
    LIBSSH2_CHANNEL *channel = NULL;
65
    const char *shost;
66
    int sport;
67
    struct timeval tv;
68
    ssize_t len, wr;
69
    char buf[16384];
70
    libssh2_socket_t sock;
71
    libssh2_socket_t listensock = LIBSSH2_INVALID_SOCKET;
72
    libssh2_socket_t forwardsock = LIBSSH2_INVALID_SOCKET;
73

74
#ifdef _WIN32
75
    char sockopt;
76
    WSADATA wsadata;
77

78
    rc = WSAStartup(MAKEWORD(2, 0), &wsadata);
79
    if(rc) {
80
        fprintf(stderr, "WSAStartup failed with error: %d\n", rc);
81
        return 1;
82
    }
83
#else
84
    int sockopt;
85
#endif
86

87
    if(argc > 1)
88
        server_ip = argv[1];
89
    if(argc > 2)
90
        username = argv[2];
91
    if(argc > 3)
92
        password = argv[3];
93
    if(argc > 4)
94
        local_listenip = argv[4];
95
    if(argc > 5)
96
        local_listenport = atoi(argv[5]);
97
    if(argc > 6)
98
        remote_desthost = argv[6];
99
    if(argc > 7)
100
        remote_destport = atoi(argv[7]);
101

102
    rc = libssh2_init(0);
103
    if(rc) {
104
        fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
105
        return 1;
106
    }
107

108
    /* Connect to SSH server */
109
    sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
110
    if(sock == LIBSSH2_INVALID_SOCKET) {
111
        fprintf(stderr, "failed to open socket.\n");
112
        goto shutdown;
113
    }
114

115
    sin.sin_family = AF_INET;
116
    sin.sin_addr.s_addr = inet_addr(server_ip);
117
    if(INADDR_NONE == sin.sin_addr.s_addr) {
118
        fprintf(stderr, "inet_addr: Invalid IP address '%s'\n", server_ip);
119
        goto shutdown;
120
    }
121
    sin.sin_port = htons(22);
122
    if(connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in))) {
123
        fprintf(stderr, "Failed to connect to %s.\n", inet_ntoa(sin.sin_addr));
124
        goto shutdown;
125
    }
126

127
    /* Create a session instance */
128
    session = libssh2_session_init();
129
    if(!session) {
130
        fprintf(stderr, "Could not initialize SSH session.\n");
131
        goto shutdown;
132
    }
133

134
    /* ... start it up. This will trade welcome banners, exchange keys,
135
     * and setup crypto, compression, and MAC layers
136
     */
137
    rc = libssh2_session_handshake(session, sock);
138
    if(rc) {
139
        fprintf(stderr, "Error when starting up SSH session: %d\n", rc);
140
        goto shutdown;
141
    }
142

143
    /* At this point we have not yet authenticated.  The first thing to do
144
     * is check the hostkey's fingerprint against our known hosts Your app
145
     * may have it hard coded, may go to a file, may present it to the
146
     * user, that's your call
147
     */
148
    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
149
    fprintf(stderr, "Fingerprint: ");
150
    for(i = 0; i < 20; i++)
151
        fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
152
    fprintf(stderr, "\n");
153

154
    /* check what authentication methods are available */
155
    userauthlist = libssh2_userauth_list(session, username,
156
                                         (unsigned int)strlen(username));
157
    if(userauthlist) {
158
        fprintf(stderr, "Authentication methods: %s\n", userauthlist);
159
        if(strstr(userauthlist, "password"))
160
            auth |= AUTH_PASSWORD;
161
        if(strstr(userauthlist, "publickey"))
162
            auth |= AUTH_PUBLICKEY;
163

164
        /* check for options */
165
        if(argc > 8) {
166
            if((auth & AUTH_PASSWORD) && !strcmp(argv[8], "-p"))
167
                auth = AUTH_PASSWORD;
168
            if((auth & AUTH_PUBLICKEY) && !strcmp(argv[8], "-k"))
169
                auth = AUTH_PUBLICKEY;
170
        }
171

172
        if(auth & AUTH_PASSWORD) {
173
            if(libssh2_userauth_password(session, username, password)) {
174
                fprintf(stderr, "Authentication by password failed.\n");
175
                goto shutdown;
176
            }
177
        }
178
        else if(auth & AUTH_PUBLICKEY) {
179
            if(libssh2_userauth_publickey_fromfile(session, username,
180
                                                   pubkey, privkey,
181
                                                   password)) {
182
                fprintf(stderr, "Authentication by public key failed.\n");
183
                goto shutdown;
184
            }
185
            else {
186
                fprintf(stderr, "Authentication by public key succeeded.\n");
187
            }
188
        }
189
        else {
190
            fprintf(stderr, "No supported authentication methods found.\n");
191
            goto shutdown;
192
        }
193
    }
194

195
    listensock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
196
    if(listensock == LIBSSH2_INVALID_SOCKET) {
197
        fprintf(stderr, "failed to open listen socket.\n");
198
        goto shutdown;
199
    }
200

201
    sin.sin_family = AF_INET;
202
    sin.sin_port = htons((unsigned short)local_listenport);
203
    sin.sin_addr.s_addr = inet_addr(local_listenip);
204
    if(INADDR_NONE == sin.sin_addr.s_addr) {
205
        fprintf(stderr, "failed in inet_addr().\n");
206
        goto shutdown;
207
    }
208
    sockopt = 1;
209
    setsockopt(listensock, SOL_SOCKET, SO_REUSEADDR, &sockopt,
210
               sizeof(sockopt));
211
    sinlen = sizeof(sin);
212
    if(-1 == bind(listensock, (struct sockaddr *)&sin, sinlen)) {
213
        fprintf(stderr, "failed to bind().\n");
214
        goto shutdown;
215
    }
216
    if(-1 == listen(listensock, 2)) {
217
        fprintf(stderr, "failed to listen().\n");
218
        goto shutdown;
219
    }
220

221
    fprintf(stderr, "Waiting for TCP connection on %s:%d...\n",
222
            inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
223

224
    forwardsock = accept(listensock, (struct sockaddr *)&sin, &sinlen);
225
    if(forwardsock == LIBSSH2_INVALID_SOCKET) {
226
        fprintf(stderr, "failed to accept forward socket.\n");
227
        goto shutdown;
228
    }
229

230
    shost = inet_ntoa(sin.sin_addr);
231
    sport = ntohs(sin.sin_port);
232

233
    fprintf(stderr, "Forwarding connection from %s:%d here to remote %s:%d\n",
234
            shost, sport, remote_desthost, remote_destport);
235

236
    channel = libssh2_channel_direct_tcpip_ex(session, remote_desthost,
237
                                              remote_destport, shost, sport);
238
    if(!channel) {
239
        fprintf(stderr, "Could not open the direct-tcpip channel.\n"
240
                        "(Note that this can be a problem at the server."
241
                        " Please review the server logs.)\n");
242
        goto shutdown;
243
    }
244

245
    /* Must use non-blocking IO hereafter due to the current libssh2 API */
246
    libssh2_session_set_blocking(session, 0);
247

248
    for(;;) {
249
        fd_set fds;
250
        FD_ZERO(&fds);
251
#if defined(__GNUC__)
252
#pragma GCC diagnostic push
253
#pragma GCC diagnostic ignored "-Wsign-conversion"
254
#endif
255
        FD_SET(forwardsock, &fds);
256
#if defined(__GNUC__)
257
#pragma GCC diagnostic pop
258
#endif
259
        tv.tv_sec = 0;
260
        tv.tv_usec = 100000;
261
        rc = select((int)(forwardsock + 1), &fds, NULL, NULL, &tv);
262
        if(-1 == rc) {
263
            fprintf(stderr, "failed to select().\n");
264
            goto shutdown;
265
        }
266
#if defined(__GNUC__)
267
#pragma GCC diagnostic push
268
#pragma GCC diagnostic ignored "-Wsign-conversion"
269
#endif
270
        if(rc && FD_ISSET(forwardsock, &fds)) {
271
#if defined(__GNUC__)
272
#pragma GCC diagnostic pop
273
#endif
274
            len = recv(forwardsock, buf, sizeof(buf), 0);
275
            if(len < 0) {
276
                fprintf(stderr, "failed to recv().\n");
277
                goto shutdown;
278
            }
279
            else if(len == 0) {
280
                fprintf(stderr, "The client at %s:%d disconnected.\n", shost,
281
                        sport);
282
                goto shutdown;
283
            }
284
            wr = 0;
285
            while(wr < len) {
286
                ssize_t nwritten = libssh2_channel_write(channel,
287
                                                         buf + wr,
288
                                                         (size_t)(len - wr));
289
                if(nwritten == LIBSSH2_ERROR_EAGAIN) {
290
                    continue;
291
                }
292
                if(nwritten < 0) {
293
                    fprintf(stderr, "libssh2_channel_write: %ld\n",
294
                            (long)nwritten);
295
                    goto shutdown;
296
                }
297
                wr += nwritten;
298
            }
299
        }
300
        for(;;) {
301
            len = libssh2_channel_read(channel, buf, sizeof(buf));
302
            if(LIBSSH2_ERROR_EAGAIN == len)
303
                break;
304
            else if(len < 0) {
305
                fprintf(stderr, "libssh2_channel_read: %ld", (long)len);
306
                goto shutdown;
307
            }
308
            wr = 0;
309
            while(wr < len) {
310
                ssize_t nsent = send(forwardsock, buf + wr,
311
                                     (size_t)(len - wr), 0);
312
                if(nsent <= 0) {
313
                    fprintf(stderr, "failed to send().\n");
314
                    goto shutdown;
315
                }
316
                wr += nsent;
317
            }
318
            if(libssh2_channel_eof(channel)) {
319
                fprintf(stderr, "The server at %s:%d disconnected.\n",
320
                        remote_desthost, remote_destport);
321
                goto shutdown;
322
            }
323
        }
324
    }
325

326
shutdown:
327

328
    if(forwardsock != LIBSSH2_INVALID_SOCKET) {
329
        shutdown(forwardsock, 2);
330
        LIBSSH2_SOCKET_CLOSE(forwardsock);
331
    }
332

333
    if(listensock != LIBSSH2_INVALID_SOCKET) {
334
        shutdown(listensock, 2);
335
        LIBSSH2_SOCKET_CLOSE(listensock);
336
    }
337

338
    if(channel)
339
        libssh2_channel_free(channel);
340

341
    if(session) {
342
        libssh2_session_disconnect(session, "Normal Shutdown");
343
        libssh2_session_free(session);
344
    }
345

346
    if(sock != LIBSSH2_INVALID_SOCKET) {
347
        shutdown(sock, 2);
348
        LIBSSH2_SOCKET_CLOSE(sock);
349
    }
350

351
    libssh2_exit();
352

353
#ifdef _WIN32
354
    WSACleanup();
355
#endif
356

357
    return 0;
358
}
359