From 720324365264d128615e05722d3ad5c8afb7a758 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 21 Feb 2010 16:56:20 +0100 Subject: [PATCH] Add portforwarder-ssh-wrap script. --- Makefile | 1 + debian/changelog | 6 ++- portforwarder-ssh-wrap | 96 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100755 portforwarder-ssh-wrap diff --git a/Makefile b/Makefile index 1637ee0..1c83784 100644 --- a/Makefile +++ b/Makefile @@ -5,3 +5,4 @@ install: install -m755 upgrade-porter-chroots $(DESTDIR)/usr/sbin install -m755 apache2-vhost-update $(DESTDIR)/usr/sbin install -m755 buildd-reboot $(DESTDIR)/usr/sbin + install -m755 portforwarder-ssh-wrap $(DESTDIR)/usr/bin diff --git a/debian/changelog b/debian/changelog index dfc1b97..00a093a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,13 @@ debian.org (31) UNRELEASED; urgency=low + [ Martin Zobel-Helas ] * New dependencies of debian.org-www-master: - ttf-arphic-uming - -- Martin Zobel-Helas Sun, 24 Jan 2010 22:33:51 +0100 + [ Peter Palfrader ] + * Add portforwarder-ssh-wrap script. + + -- Peter Palfrader Sun, 21 Feb 2010 16:56:06 +0100 debian.org (30) stable; urgency=low diff --git a/portforwarder-ssh-wrap b/portforwarder-ssh-wrap new file mode 100755 index 0000000..758ccb6 --- /dev/null +++ b/portforwarder-ssh-wrap @@ -0,0 +1,96 @@ +#!/bin/bash + +# Copyright (c) 2009,2010 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +set -e +set -u + + +MYLOGNAME="`basename "$0"`[$$]" + +usage() { + echo "local Usage: $0 [ ...]" + echo "via ssh orig command : forward-to " +} +croak() { + logger -s -p daemon.warn -t "$MYLOGNAME" "$1" + exit 1 +} + + +if [ -z "${SSH_ORIGINAL_COMMAND:-}" ] ; then + echo "Did not find SSH_ORIGINAL_COMMAND" 2>&1 + exit 1 +fi + + +if [ "${1-}" = "-h" ] || [ "${1-}" = "--help" ]; then + usage + exit 0 +fi +# check/parse local command line +if [ "$#" -le 2 ]; then + usage >&2 + exit 1 +fi +host="$1" +shift +bindaddr="$1" +shift +if [[ "$bindaddr" =~ [^0-9.] ]]; then + echo "Invalid bindaddr spec" >&2 + exit 1 +fi +allowed_ports="$@" + +# check/parse remote command line +set "dummy" ${SSH_ORIGINAL_COMMAND} +shift + +# check/parse local command line +if [ "$#" != 2 ]; then + usage >&2 + exit 1 +fi +if [ "$1" != "forward-to" ]; then + croak "Expected forward-to as command" +fi +port="$2" +if [[ "$port" =~ [^0-9] ]]; then + croak "Invalid port spec" +fi +ok=0 +for allowed in $allowed_ports ; do + if [ "$port" = "$allowed" ]; then + ok=1 + break + fi +done + +if [ "$ok" = "1" ]; then + logger -p daemon.info -t "$MYLOGNAME" "Forwarding to port $port for remote host $host" + exec /bin/nc -s "$bindaddr" 127.0.0.1 "$port" + echo "Exec failed" >&2 + exit 1 +else + croak "$host requested unallowed port $port" +fi -- 2.30.2