Context Navigation

source: npl/overig/netcat_openbsd/patches/0011-misc-failures-and-features.patch @ 7c410f9

Last change on this file since 7c410f9 was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago
initial commit, transferred from cleaned syn3 svn tree
Property mode set to `100644`
File size: 12.6 KB

Rev	Line
[c5c522c]	1	From: Aron Xu <aron@debian.org>
	2	Date: Mon, 13 Feb 2012 19:06:52 +0800
	3	Subject: misc connection failures
	4
	5	---
	6	nc.1 \| 76 ++++++++++++++++++++++++++++++++++++---
	7	netcat.c \| 119 ++++++++++++++++++++++++++++++++++++++++++--------------------
	8	2 files changed, 153 insertions(+), 42 deletions(-)
	9
	10	diff --git a/nc.1 b/nc.1
	11	index 60e3668..477cb1b 100644
	12	--- a/nc.1
	13	+++ b/nc.1
	14	@@ -34,7 +34,7 @@
	15	.Sh SYNOPSIS
	16	.Nm nc
	17	.Bk -words
	18	-.Op Fl 46CDdhklnrStUuvZz
	19	+.Op Fl 46bCDdhklnrStUuvZz
	20	.Op Fl I Ar length
	21	.Op Fl i Ar interval
	22	.Op Fl O Ar length
	23	@@ -99,6 +99,8 @@ to use IPv4 addresses only.
	24	Forces
	25	.Nm
	26	to use IPv6 addresses only.
	27	+.It Fl b
	28	+Allow broadcast.
	29	.It Fl C
	30	Send CRLF as line-ending.
	31	.It Fl D
	32	@@ -323,6 +325,54 @@ and which side is being used as a
	33	The connection may be terminated using an
	34	.Dv EOF
	35	.Pq Sq ^D .
	36	+.Pp
	37	+There is no
	38	+.Fl c
	39	+or
	40	+.Fl e
	41	+option in this netcat, but you still can execute a command after connection
	42	+being established by redirecting file descriptors. Be cautious here because
	43	+opening a port and let anyone connected execute arbitrary command on your
	44	+site is DANGEROUS. If you really need to do this, here is an example:
	45	+.Pp
	46	+On
	47	+.Sq server
	48	+side:
	49	+.Pp
	50	+.Dl $ rm -f /tmp/f; mkfifo /tmp/f
	51	+.Dl $ cat /tmp/f \| /bin/sh -i 2>&1 \| nc -l 127.0.0.1 1234 > /tmp/f
	52	+.Pp
	53	+On
	54	+.Sq client
	55	+side:
	56	+.Pp
	57	+.Dl $ nc host.example.com 1234
	58	+.Dl $ (shell prompt from host.example.com)
	59	+.Pp
	60	+By doing this, you create a fifo at /tmp/f and make nc listen at port 1234
	61	+of address 127.0.0.1 on
	62	+.Sq server
	63	+side, when a
	64	+.Sq client
	65	+establishes a connection successfully to that port, /bin/sh gets executed
	66	+on
	67	+.Sq server
	68	+side and the shell prompt is given to
	69	+.Sq client
	70	+side.
	71	+.Pp
	72	+When connection is terminated,
	73	+.Nm
	74	+quits as well. Use
	75	+.Fl k
	76	+if you want it keep listening, but if the command quits this option won't
	77	+restart it or keep
	78	+.Nm
	79	+running. Also don't forget to remove the file descriptor once you don't need
	80	+it anymore:
	81	+.Pp
	82	+.Dl $ rm -f /tmp/f
	83	+.Pp
	84	.Sh DATA TRANSFER
	85	The example in the previous section can be expanded to build a
	86	basic data transfer model.
	87	@@ -382,15 +432,30 @@ The
	88	flag can be used to tell
	89	.Nm
	90	to report open ports,
	91	-rather than initiate a connection.
	92	+rather than initiate a connection. Usually it's useful to turn on verbose
	93	+output to stderr by use this option in conjunction with
	94	+.Fl v
	95	+option.
	96	+.Pp
	97	For example:
	98	.Bd -literal -offset indent
	99	-$ nc -z host.example.com 20-30
	100	+$ nc \-zv host.example.com 20-30
	101	Connection to host.example.com 22 port [tcp/ssh] succeeded!
	102	Connection to host.example.com 25 port [tcp/smtp] succeeded!
	103	.Ed
	104	.Pp
	105	-The port range was specified to limit the search to ports 20 \- 30.
	106	+The port range was specified to limit the search to ports 20 \- 30, and is
	107	+scanned by increasing order.
	108	+.Pp
	109	+You can also specify a list of ports to scan, for example:
	110	+.Bd -literal -offset indent
	111	+$ nc \-zv host.example.com 80 20 22
	112	+nc: connect to host.example.com 80 (tcp) failed: Connection refused
	113	+nc: connect to host.example.com 20 (tcp) failed: Connection refused
	114	+Connection to host.example.com port [tcp/ssh] succeeded!
	115	+.Ed
	116	+.Pp
	117	+The ports are scanned by the order you given.
	118	.Pp
	119	Alternatively, it might be useful to know which server software
	120	is running, and which versions.
	121	@@ -455,6 +520,9 @@ Original implementation by Hobbit
	122	.br
	123	Rewritten with IPv6 support by
	124	.An Eric Jackson Aq ericj@monkey.org .
	125	+.br
	126	+Modified for Debian port by Aron Xu
	127	+.Aq aron@debian.org .
	128	.Sh CAVEATS
	129	UDP port scans using the
	130	.Fl uz
	131	diff --git a/netcat.c b/netcat.c
	132	index bf9940f..c938d11 100644
	133	--- a/netcat.c
	134	+++ b/netcat.c
	135	@@ -88,6 +88,7 @@
	136	#include <netdb.h>
	137	#include <poll.h>
	138	#include <signal.h>
	139	+#include <stddef.h>
	140	#include <stdarg.h>
	141	#include <stdio.h>
	142	#include <stdlib.h>
	143	@@ -115,6 +116,7 @@
	144	#define UDP_SCAN_TIMEOUT 3 /* Seconds */
	145
	146	/* Command Line Options */
	147	+int bflag; /* Allow Broadcast */
	148	int Cflag = 0; /* CRLF line-ending */
	149	int dflag; /* detached, no stdin */
	150	unsigned int iflag; /* Interval Flag */
	151	@@ -146,7 +148,7 @@ char *portlist[PORT_MAX+1];
	152	char *unix_dg_tmp_socket;
	153
	154	void atelnet(int, unsigned char *, unsigned int);
	155	-void build_ports(char *);
	156	+void build_ports(char **);
	157	void help(void);
	158	int local_listen(char , char , struct addrinfo);
	159	void readwrite(int);
	160	@@ -171,11 +173,14 @@ int
	161	main(int argc, char *argv[])
	162	{
	163	int ch, s, ret, socksv;
	164	- char host, uport;
	165	+ char host, *uport;
	166	struct addrinfo hints;
	167	struct servent *sv;
	168	socklen_t len;
	169	- struct sockaddr_storage cliaddr;
	170	+ union {
	171	+ struct sockaddr_storage storage;
	172	+ struct sockaddr_un forunix;
	173	+ } cliaddr;
	174	char *proxy = NULL;
	175	const char errstr, proxyhost = "", *proxyport = NULL;
	176	struct addrinfo proxyhints;
	177	@@ -189,7 +194,7 @@ main(int argc, char *argv[])
	178	sv = NULL;
	179
	180	while ((ch = getopt(argc, argv,
	181	- "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) {
	182	+ "46bCDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) {
	183	switch (ch) {
	184	case '4':
	185	family = AF_INET;
	186	@@ -197,6 +202,13 @@ main(int argc, char *argv[])
	187	case '6':
	188	family = AF_INET6;
	189	break;
	190	+ case 'b':
	191	+# if defined(SO_BROADCAST)
	192	+ bflag = 1;
	193	+# else
	194	+ errx(1, "no broadcast frame support available");
	195	+# endif
	196	+ break;
	197	case 'U':
	198	family = AF_UNIX;
	199	break;
	200	@@ -342,35 +354,40 @@ main(int argc, char *argv[])
	201
	202	/* Cruft to make sure options are clean, and used properly. */
	203	if (argv[0] && !argv[1] && family == AF_UNIX) {
	204	- if (uflag)
	205	- errx(1, "cannot use -u and -U");
	206	# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
	207	if (dccpflag)
	208	errx(1, "cannot use -Z and -U");
	209	# endif
	210	host = argv[0];
	211	uport = NULL;
	212	- } else if (!argv[0] && lflag) {
	213	- if (sflag)
	214	- errx(1, "cannot use -s and -l");
	215	- if (zflag)
	216	- errx(1, "cannot use -z and -l");
	217	- if (pflag)
	218	- uport=pflag;
	219	- } else if (!lflag && kflag) {
	220	- errx(1, "cannot use -k without -l");
	221	- } else if (argv[0] && !argv[1]) {
	222	- if (!lflag)
	223	- usage(1);
	224	- uport = argv[0];
	225	+ } else if (argv[0] && !argv[1] && lflag) {
	226	+ if (pflag) {
	227	+ uport = &pflag;
	228	+ host = argv[0];
	229	+ } else {
	230	+ uport = argv;
	231	+ host = NULL;
	232	+ }
	233	+ } else if (!argv[0] && lflag && pflag) {
	234	+ uport = &pflag;
	235	host = NULL;
	236	} else if (argv[0] && argv[1]) {
	237	host = argv[0];
	238	- uport = argv[1];
	239	+ uport = &argv[1];
	240	} else
	241	usage(1);
	242
	243	-
	244	+ if (lflag) {
	245	+ if (sflag)
	246	+ errx(1, "cannot use -s and -l");
	247	+ if (zflag)
	248	+ errx(1, "cannot use -z and -l");
	249	+ if (pflag)
	250	+ /* This still does not work well because of getopt mess
	251	+ errx(1, "cannot use -p and -l"); */
	252	+ uport = &pflag;
	253	+ } else if (!lflag && kflag)
	254	+ errx(1, "cannot use -k without -l");
	255
	256	/* Get name of temporary socket for unix datagram client */
	257	if ((family == AF_UNIX) && uflag && !lflag) {
	258	@@ -448,7 +465,7 @@ main(int argc, char *argv[])
	259	else
	260	s = unix_listen(host);
	261	} else
	262	- s = local_listen(host, uport, hints);
	263	+ s = local_listen(host, *uport, hints);
	264	if (s < 0)
	265	err(1, NULL);
	266
	267	@@ -457,7 +474,8 @@ main(int argc, char *argv[])
	268	local = ":::";
	269	else
	270	local = "0.0.0.0";
	271	- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
	272	+ if (vflag && (family != AF_UNIX))
	273	+ fprintf(stderr, "Listening on [%s] (family %d, port %s)\n",
	274	host ?: local,
	275	family,
	276	*uport);
	277	@@ -490,13 +508,17 @@ main(int argc, char *argv[])
	278	len = sizeof(cliaddr);
	279	connfd = accept(s, (struct sockaddr *)&cliaddr,
	280	&len);
	281	- if(vflag) {
	282	+ if(vflag && family == AF_UNIX) {
	283	+ fprintf(stderr, "Connection from \"%.*s\" accepted\n",
	284	+ (len - (int)offsetof(struct sockaddr_un, sun_path)),
	285	+ ((struct sockaddr_un*)&cliaddr)->sun_path);
	286	+ } else if(vflag) {
	287	char *proto = proto_name(uflag, dccpflag);
	288	/* Don't look up port if -n. */
	289	if (nflag)
	290	sv = NULL;
	291	else
	292	- sv = getservbyport(ntohs(atoi(uport)),
	293	+ sv = getservbyport(ntohs(atoi(*uport)),
	294	proto);
	295
	296	if (((struct sockaddr *)&cliaddr)->sa_family == AF_INET) {
	297	@@ -504,7 +526,7 @@ main(int argc, char *argv[])
	298	inet_ntop(((struct sockaddr )&cliaddr)->sa_family,&(((struct sockaddr_in )&cliaddr)->sin_addr),dst,INET_ADDRSTRLEN);
	299	fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n",
	300	dst,
	301	- uport,
	302	+ *uport,
	303	proto,
	304	sv ? sv->s_name : "*",
	305	((struct sockaddr *)(&cliaddr))->sa_family,
	306	@@ -515,7 +537,7 @@ main(int argc, char *argv[])
	307	inet_ntop(((struct sockaddr )&cliaddr)->sa_family,&(((struct sockaddr_in6 )&cliaddr)->sin6_addr),dst,INET6_ADDRSTRLEN);
	308	fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n",
	309	dst,
	310	- uport,
	311	+ *uport,
	312	proto,
	313	sv ? sv->s_name : "*",
	314	((struct sockaddr *)&cliaddr)->sa_family,
	315	@@ -523,17 +545,21 @@ main(int argc, char *argv[])
	316	}
	317	else {
	318	fprintf(stderr, "Connection from unknown port %s [%s/%s] accepted (family %d, sport %d)\n",
	319	- uport,
	320	+ *uport,
	321	proto,
	322	sv ? sv->s_name : "*",
	323	((struct sockaddr *)(&cliaddr))->sa_family,
	324	ntohs(((struct sockaddr_in *)&cliaddr)->sin_port));
	325	}
	326	}
	327	+ if(!kflag)
	328	+ close(s);
	329	readwrite(connfd);
	330	close(connfd);
	331	}
	332
	333	+ if (vflag && kflag)
	334	+ fprintf(stderr, "Connection closed, listening again.\n");
	335	if (kflag)
	336	continue;
	337	if (family != AF_UNIX) {
	338	@@ -641,6 +667,8 @@ unix_bind(char *path)
	339	return (-1);
	340	}
	341
	342	+ unlink(path);
	343	+
	344	if (bind(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) {
	345	close(s);
	346	return (-1);
	347	@@ -662,8 +690,10 @@ unix_connect(char *path)
	348	if ((s = unix_bind(unix_dg_tmp_socket)) < 0)
	349	return (-1);
	350	} else {
	351	- if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
	352	+ if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
	353	+ errx(1,"create unix socket failed");
	354	return (-1);
	355	+ }
	356	}
	357	(void)fcntl(s, F_SETFD, 1);
	358
	359	@@ -674,9 +704,11 @@ unix_connect(char *path)
	360	sizeof(sun.sun_path)) {
	361	close(s);
	362	errno = ENAMETOOLONG;
	363	+ warn("unix connect abandoned");
	364	return (-1);
	365	}
	366	if (connect(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) {
	367	+ warn("unix connect failed");
	368	close(s);
	369	return (-1);
	370	}
	371	@@ -1105,22 +1137,23 @@ atelnet(int nfd, unsigned char *buf, unsigned int size)
	372	* that we should try to connect to.
	373	*/
	374	void
	375	-build_ports(char *p)
	376	+build_ports(char **p)
	377	{
	378	struct servent *sv;
	379	const char *errstr;
	380	char *n;
	381	int hi, lo, cp;
	382	int x = 0;
	383	+ int i;
	384
	385	char *proto = proto_name(uflag, dccpflag);
	386	- sv = getservbyname(p, proto);
	387	+ sv = getservbyname(*p, proto);
	388	if (sv) {
	389	portlist[0] = calloc(1, PORT_MAX_LEN);
	390	if (portlist[0] == NULL)
	391	err(1, NULL);
	392	snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port));
	393	- } else if ((n = strchr(p, '-')) != NULL) {
	394	+ } else if ((n = strchr(*p, '-')) != NULL) {
	395	*n = '\0';
	396	n++;
	397
	398	@@ -1128,9 +1161,9 @@ build_ports(char *p)
	399	hi = strtonum(n, 1, PORT_MAX, &errstr);
	400	if (errstr)
	401	errx(1, "port number %s: %s", errstr, n);
	402	- lo = strtonum(p, 1, PORT_MAX, &errstr);
	403	+ lo = strtonum(*p, 1, PORT_MAX, &errstr);
	404	if (errstr)
	405	- errx(1, "port number %s: %s", errstr, p);
	406	+ errx(1, "port number %s: %s", errstr, *p);
	407
	408	if (lo > hi) {
	409	cp = hi;
	410	@@ -1160,10 +1193,12 @@ build_ports(char *p)
	411	}
	412	}
	413	} else {
	414	- hi = strtonum(p, 1, PORT_MAX, &errstr);
	415	+ hi = strtonum(*p, 1, PORT_MAX, &errstr);
	416	if (errstr)
	417	- errx(1, "port number %s: %s", errstr, p);
	418	- portlist[0] = strdup(p);
	419	+ errx(1, "port number %s: %s", errstr, *p);
	420	+ for (i=0;p[i];i++) {
	421	+ portlist[i] = strdup(p[i]);
	422	+ }
	423	if (portlist[0] == NULL)
	424	err(1, NULL);
	425	}
	426	@@ -1198,6 +1233,13 @@ set_common_sockopts(int s)
	427	{
	428	int x = 1;
	429
	430	+# if defined(SO_BROADCAST)
	431	+ if (bflag) {
	432	+ if (setsockopt(s, IPPROTO_TCP, SO_BROADCAST,
	433	+ &x, sizeof(x)) == -1)
	434	+ err(1, NULL);
	435	+ }
	436	+# endif
	437	# if defined(TCP_MD5SIG)
	438	if (Sflag) {
	439	if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
	440	@@ -1293,6 +1335,7 @@ help(void)
	441	fprintf(stderr, "\tCommand Summary:\n\
	442	\t-4 Use IPv4\n\
	443	\t-6 Use IPv6\n\
	444	+ \t-b Allow broadcast\n\
	445	\t-C Send CRLF as line-ending\n\
	446	\t-D Enable the debug socket option\n\
	447	\t-d Detach from stdin\n\
	448	@@ -1329,7 +1372,7 @@ void
	449	usage(int ret)
	450	{
	451	fprintf(stderr,
	452	- "usage: nc [-46CDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n"
	453	+ "usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n"
	454	"\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n"
	455	"\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n"
	456	"\t [-x proxy_address[:port]] [destination] [port]\n");
	457	--

Note: See TracBrowser for help on using the repository browser.

Download in other formats: