static ssh_session create_ssh_connection(const char* hostname, const unsigned int port, const char* username,
const char* password, const char* sshkey_path, const char* sshkey_passphrase)
{
ssh_session sshs;
/* Open session and set options */
sshs = ssh_new();
if (sshs == NULL) {
errmsg_print("Can't create ssh session");
return NULL;
}
if (!hostname)
return NULL;
if (ssh_options_set(sshs, SSH_OPTIONS_HOST, hostname)) {
errmsg_print("Can't set the hostname: %s\n", hostname);
goto failure;
}
if (port != 0) {
if (ssh_options_set(sshs, SSH_OPTIONS_PORT, &port)) {
errmsg_print("Can't set the port: %d\n", port);
goto failure;
}
}
if (!username)
username = g_get_user_name();
if (ssh_options_set(sshs, SSH_OPTIONS_USER, username)) {
errmsg_print("Can't set the username: %s\n", username);
goto failure;
}
verbose_print("Opening ssh connection to %s@%s:%u\n", username, hostname, port);
/* Connect to server */
if (ssh_connect(sshs) != SSH_OK) {
errmsg_print("Error connecting to %s@%s:%u (%s)\n", username, hostname, port,
ssh_get_error(sshs));
goto failure;
}
#ifdef HAVE_LIBSSH_USERAUTH_AGENT
verbose_print("Connecting using ssh-agent...");
/* Try to authenticate using ssh agent */
if (ssh_userauth_agent(sshs, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
#endif
/* If a public key path has been provided, try to authenticate using it */
if (sshkey_path) {
ssh_key pkey = ssh_key_new();
int ret;
verbose_print("Connecting using public key in %s...", sshkey_path);
ret = ssh_pki_import_privkey_file(sshkey_path, sshkey_passphrase, NULL, NULL, &pkey);
if (ret == SSH_OK) {
if (ssh_userauth_publickey(sshs, NULL, pkey) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
ssh_key_free(pkey);
return sshs;
}
}
ssh_key_free(pkey);
verbose_print("failed (%s)\n", ssh_get_error(sshs));
}
/* Try to authenticate using standard public key */
verbose_print("Connecting using standard public key...");
if (ssh_userauth_publickey_auto(sshs, NULL, NULL) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
/* If a password has been provided and all previous attempts failed, try to use it */
if (password) {
verbose_print("Connecting using password...");
if (ssh_userauth_password(sshs, username, password) == SSH_AUTH_SUCCESS) {
verbose_print("done\n");
return sshs;
}
verbose_print("failed\n");
}
errmsg_print("Can't find a valid authentication. Disconnecting.\n");
/* All authentication failed. Disconnect and return */
ssh_disconnect(sshs);
failure:
ssh_free(sshs);
return NULL;
}
void attach_parent_console()
{
BOOL outRedirected, errRedirected;
outRedirected = IsHandleRedirected(STD_OUTPUT_HANDLE);
errRedirected = IsHandleRedirected(STD_ERROR_HANDLE);
if (outRedirected && errRedirected) {
/* Both standard output and error handles are redirected.
* There is no point in attaching to parent process console.
*/
return;
}
if (AttachConsole(ATTACH_PARENT_PROCESS) == 0) {
/* Console attach failed. */
return;
}
/* Console attach succeeded */
if (outRedirected == FALSE) {
if (!freopen("CONOUT$", "w", stdout)) {
errmsg_print("WARNING: Cannot redirect to stdout.");
}
}
if (errRedirected == FALSE) {
if (!freopen("CONOUT$", "w", stderr)) {
errmsg_print("WARNING: Cannot redirect to strerr.");
}
}
}
static int wait_until_data(ssh_channel channel, const long unsigned count)
{
long unsigned got = 0;
char output[SSH_READ_BLOCK_SIZE];
char* output_ptr;
guint rounds = 100;
while (got < count && rounds--) {
if (ssh_channel_printf(channel, "show monitor capture buffer %s parameters\n", WIRESHARK_CAPTURE_BUFFER) == EXIT_FAILURE) {
errmsg_print("Can't write to channel");
return EXIT_FAILURE;
}
if (read_output_bytes(channel, SSH_READ_BLOCK_SIZE, output) == EXIT_FAILURE)
return EXIT_FAILURE;
output_ptr = g_strstr_len(output, strlen(output), "Packets");
if (!output_ptr) {
errmsg_print("Error in sscanf()");
return EXIT_FAILURE;
} else {
sscanf(output_ptr, "Packets : %lu", &got);
}
}
verbose_print("All packets got: dumping\n");
return EXIT_SUCCESS;
}
static int list_config(char *interface, unsigned int remote_port)
{
unsigned inc = 0;
char* ipfilter;
if (!interface) {
errmsg_print("ERROR: No interface specified.");
return EXIT_FAILURE;
}
if (g_strcmp0(interface, SSH_EXTCAP_INTERFACE)) {
errmsg_print("ERROR: interface must be %s", SSH_EXTCAP_INTERFACE);
return EXIT_FAILURE;
}
ipfilter = local_interfaces_to_filter(remote_port);
printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}"
"{type=string}{tooltip=The remote SSH host. It can be both "
"an IP address or a hostname}{required=true}\n", inc++);
printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
"{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}"
"{range=1,65535}\n", inc++);
printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
"{type=string}{default=%s}{tooltip=The remote SSH username. If not provided, "
"the current user will be used}\n", inc++, g_get_user_name());
printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}"
"{type=password}{tooltip=The SSH password, used when other methods (SSH agent "
"or key files) are unavailable.}\n", inc++);
printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
"{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}\n",
inc++);
printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}"
"{type=password}{tooltip=Passphrase to unlock the SSH private key}\n",
inc++);
printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}"
"{type=string}{default=eth0}{tooltip=The remote network interface used for capture"
"}\n", inc++);
printf("arg {number=%u}{call=--remote-capture-bin}{display=Remote capture binary}"
"{type=string}{default=%s}{tooltip=The remote dumpcap binary used "
"for capture.}\n", inc++, DEFAULT_CAPTURE_BIN);
printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}"
"{type=string}{tooltip=The remote capture filter}", inc++);
if (ipfilter)
printf("{default=%s}", ipfilter);
printf("\n");
printf("arg {number=%u}{call=--remote-count}{display=Packets to capture}"
"{type=unsigned}{default=0}{tooltip=The number of remote packets to capture. (Default: inf)}\n",
inc++);
g_free(ipfilter);
return EXIT_SUCCESS;
}
static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password,
const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_bin,
const unsigned long int count, const char* fifo)
{
ssh_session sshs = NULL;
ssh_channel channel = NULL;
int fd = STDOUT_FILENO;
int ret = EXIT_FAILURE;
char* err_info = NULL;
if (g_strcmp0(fifo, "-")) {
/* Open or create the output file */
fd = ws_open(fifo, O_WRONLY, 0640);
if (fd == -1) {
fd = ws_open(fifo, O_WRONLY | O_CREAT, 0640);
if (fd == -1) {
errmsg_print("Error creating output file: %s", g_strerror(errno));
return EXIT_FAILURE;
}
}
}
sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase, &err_info);
if (!sshs) {
errmsg_print("Error creating connection: %s", err_info);
goto cleanup;
}
channel = run_ssh_command(sshs, capture_bin, iface, cfilter, count);
if (!channel)
goto cleanup;
/* read from channel and write into fd */
ssh_loop_read(channel, fd);
ret = EXIT_SUCCESS;
cleanup:
if (err_info)
errmsg_print("%s", err_info);
g_free(err_info);
/* clean up and exit */
ssh_cleanup(&sshs, &channel);
if (g_strcmp0(fifo, "-"))
ws_close(fd);
return ret;
}
static void ssh_loop_read(ssh_channel channel, int fd)
{
int nbytes;
char buffer[SSH_READ_BLOCK_SIZE];
/* read from stdin until data are available */
do {
nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 0);
if (write(fd, buffer, nbytes) != nbytes) {
errmsg_print("ERROR reading: %s\n", g_strerror(errno));
return;
}
} while(nbytes > 0);
/* read loop finished... maybe something wrong happened. Read from stderr */
do {
nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 1);
if (write(STDERR_FILENO, buffer, nbytes) != nbytes) {
return;
}
} while(nbytes > 0);
if (ssh_channel_send_eof(channel) != SSH_OK)
return;
}
uint8_t extcap_base_handle_interface(extcap_parameters * extcap)
{
/* A fifo must be provided for capture */
if (extcap->capture && (extcap->fifo == NULL || strlen(extcap->fifo) <= 0)) {
extcap->capture = 0;
errmsg_print("Extcap Error: No FIFO pipe provided");
return 0;
}
if (extcap->do_list_interfaces) {
return extcap_iface_listall(extcap, 1);
} else if (extcap->do_version || extcap->do_list_dlts) {
return extcap_iface_listall(extcap, 0);
} else {
/* An interface must exist */
if (g_list_find_custom(extcap->interfaces, extcap->interface, extcap_iface_compare) == NULL) {
errmsg_print("Extcap Error: No interface [%s] provided", extcap->interface);
return 0;
}
}
return 0;
}
static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password,
const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_bin,
const unsigned long int count, const char* fifo)
{
ssh_session sshs;
ssh_channel channel;
int fd;
if (!g_strcmp0(fifo, "-")) {
/* use stdout */
fd = STDOUT_FILENO;
} else {
/* Open or create the output file */
fd = open(fifo, O_WRONLY);
if (fd == -1) {
fd = open(fifo, O_WRONLY | O_CREAT, 0640);
if (fd == -1) {
errmsg_print("Error creating output file: %s\n", g_strerror(errno));
return EXIT_FAILURE;
}
}
}
sshs = create_ssh_connection(hostname, port, username, password, sshkey, sshkey_passphrase);
if (!sshs)
return EXIT_FAILURE;
channel = run_ssh_command(sshs, capture_bin, iface, cfilter, count);
if (!channel)
return EXIT_FAILURE;
/* read from channel and write into fd */
ssh_loop_read(channel, fd);
/* clean up and exit */
ssh_cleanup(sshs, channel);
return EXIT_SUCCESS;
}
int main(int argc, char **argv)
{
int result;
int option_idx = 0;
int do_list_interfaces = 0;
int do_config = 0;
int do_capture = 0;
int i;
char* interface = NULL;
char* remote_host = NULL;
unsigned int remote_port = 22;
char* remote_username = NULL;
char* remote_password = NULL;
int do_dlts = 0;
char* fifo = NULL;
char* remote_interface = NULL;
char* remote_capture_bin = NULL;
char* extcap_filter = NULL;
char* sshkey = NULL;
char* sshkey_passphrase = NULL;
char* remote_filter = NULL;
unsigned long int count = 0;
#ifdef _WIN32
WSADATA wsaData;
attach_parent_console();
#endif /* _WIN32 */
opterr = 0;
optind = 0;
if (argc == 1) {
help(argv[0]);
return EXIT_FAILURE;
}
for (i = 0; i < argc; i++) {
verbose_print("%s ", argv[i]);
}
verbose_print("\n");
while ((result = getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
switch (result) {
case OPT_HELP:
help(argv[0]);
return EXIT_SUCCESS;
case OPT_VERBOSE:
verbose = TRUE;
break;
case OPT_VERSION:
printf("%u.%u.%u\n", SSHDUMP_VERSION_MAJOR, SSHDUMP_VERSION_MINOR, SSHDUMP_VERSION_RELEASE);
return EXIT_SUCCESS;
case OPT_LIST_INTERFACES:
do_list_interfaces = 1;
break;
case OPT_LIST_DLTS:
do_dlts = 1;
break;
case OPT_INTERFACE:
if (interface)
g_free(interface);
interface = g_strdup(optarg);
break;
case OPT_CONFIG:
do_config = 1;
break;
case OPT_CAPTURE:
do_capture = 1;
break;
case OPT_FIFO:
if (fifo)
g_free(fifo);
fifo = g_strdup(optarg);
break;
case OPT_REMOTE_HOST:
if (remote_host)
g_free(remote_host);
remote_host = g_strdup(optarg);
break;
case OPT_REMOTE_PORT:
remote_port = (unsigned int)strtoul(optarg, NULL, 10);
if (remote_port > 65535 || remote_port == 0) {
printf("Invalid port: %s\n", optarg);
return EXIT_FAILURE;
}
break;
case OPT_REMOTE_USERNAME:
if (remote_username)
g_free(remote_username);
remote_username = g_strdup(optarg);
break;
case OPT_REMOTE_PASSWORD:
if (remote_password)
g_free(remote_password);
remote_password = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_SSHKEY:
if (sshkey)
g_free(sshkey);
sshkey = g_strdup(optarg);
break;
case OPT_SSHKEY_PASSPHRASE:
if (sshkey_passphrase)
g_free(sshkey_passphrase);
sshkey_passphrase = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_REMOTE_INTERFACE:
if (remote_interface)
g_free(remote_interface);
remote_interface = g_strdup(optarg);
break;
case OPT_REMOTE_CAPTURE_BIN:
if (remote_capture_bin)
g_free(remote_capture_bin);
remote_capture_bin = g_strdup(optarg);
break;
case OPT_EXTCAP_FILTER:
if (extcap_filter)
g_free(extcap_filter);
extcap_filter = g_strdup(optarg);
break;
case OPT_REMOTE_FILTER:
if (remote_filter)
g_free(remote_filter);
remote_filter = g_strdup(optarg);
break;
case OPT_REMOTE_COUNT:
count = strtoul(optarg, NULL, 10);
break;
case ':':
/* missing option argument */
printf("Option '%s' requires an argument\n", argv[optind - 1]);
break;
default:
printf("Invalid option: %s\n", argv[optind - 1]);
return EXIT_FAILURE;
}
}
if (optind != argc) {
printf("Unexpected extra option: %s\n", argv[optind]);
return EXIT_FAILURE;
}
if (do_list_interfaces)
return list_interfaces();
if (do_config)
return list_config(interface, remote_port);
if (do_dlts)
return list_dlts(interface);
#ifdef _WIN32
result = WSAStartup(MAKEWORD(1,1), &wsaData);
if (result != 0) {
if (verbose)
errmsg_print("ERROR: WSAStartup failed with error: %d\n", result);
return 1;
}
#endif /* _WIN32 */
if (do_capture) {
char* filter;
int ret = 0;
if (!fifo) {
errmsg_print("ERROR: No FIFO or file specified\n");
return 1;
}
if (g_strcmp0(interface, SSH_EXTCAP_INTERFACE)) {
errmsg_print("ERROR: invalid interface\n");
return 1;
}
if (!remote_host) {
errmsg_print("Missing parameter: --remote-host");
return 1;
}
filter = concat_filters(extcap_filter, remote_filter);
ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
remote_password, sshkey, sshkey_passphrase, remote_interface,
filter, remote_capture_bin, count, fifo);
g_free(filter);
return ret;
}
verbose_print("You should not come here... maybe some parameter missing?\n");
return 1;
}
int main(int argc, char **argv)
{
int result;
int option_idx = 0;
int i;
char* remote_host = NULL;
unsigned int remote_port = 22;
char* remote_username = NULL;
char* remote_password = NULL;
char* remote_interface = NULL;
char* remote_capture_bin = NULL;
char* sshkey = NULL;
char* sshkey_passphrase = NULL;
char* remote_filter = NULL;
unsigned long int count = 0;
int ret = EXIT_FAILURE;
extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1);
#ifdef _WIN32
WSADATA wsaData;
attach_parent_console();
#endif /* _WIN32 */
extcap_base_set_util_info(extcap_conf, SSHDUMP_VERSION_MAJOR, SSHDUMP_VERSION_MINOR, SSHDUMP_VERSION_RELEASE, NULL);
extcap_base_register_interface(extcap_conf, SSH_EXTCAP_INTERFACE, "SSH remote capture", 147, "Remote capture dependent DLT");
opterr = 0;
optind = 0;
if (argc == 1) {
help(argv[0]);
goto end;
}
for (i = 0; i < argc; i++) {
verbose_print("%s ", argv[i]);
}
verbose_print("\n");
while ((result = getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
switch (result) {
case OPT_HELP:
help(argv[0]);
ret = EXIT_SUCCESS;
goto end;
case OPT_VERBOSE:
verbose = TRUE;
break;
case OPT_VERSION:
printf("%s.%s.%s\n", SSHDUMP_VERSION_MAJOR, SSHDUMP_VERSION_MINOR, SSHDUMP_VERSION_RELEASE);
ret = EXIT_SUCCESS;
goto end;
case OPT_REMOTE_HOST:
g_free(remote_host);
remote_host = g_strdup(optarg);
break;
case OPT_REMOTE_PORT:
remote_port = (unsigned int)strtoul(optarg, NULL, 10);
if (remote_port > 65535 || remote_port == 0) {
errmsg_print("Invalid port: %s", optarg);
goto end;
}
break;
case OPT_REMOTE_USERNAME:
g_free(remote_username);
remote_username = g_strdup(optarg);
break;
case OPT_REMOTE_PASSWORD:
g_free(remote_password);
remote_password = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_SSHKEY:
g_free(sshkey);
sshkey = g_strdup(optarg);
break;
case OPT_SSHKEY_PASSPHRASE:
g_free(sshkey_passphrase);
sshkey_passphrase = g_strdup(optarg);
memset(optarg, 'X', strlen(optarg));
break;
case OPT_REMOTE_INTERFACE:
g_free(remote_interface);
remote_interface = g_strdup(optarg);
break;
case OPT_REMOTE_CAPTURE_BIN:
g_free(remote_capture_bin);
remote_capture_bin = g_strdup(optarg);
break;
case OPT_REMOTE_FILTER:
g_free(remote_filter);
remote_filter = g_strdup(optarg);
break;
case OPT_REMOTE_COUNT:
count = strtoul(optarg, NULL, 10);
break;
case ':':
/* missing option argument */
errmsg_print("Option '%s' requires an argument", argv[optind - 1]);
break;
default:
if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, optarg)) {
errmsg_print("Invalid option: %s", argv[optind - 1]);
goto end;
}
}
}
if (optind != argc) {
errmsg_print("Unexpected extra option: %s", argv[optind]);
goto end;
}
if (extcap_base_handle_interface(extcap_conf)) {
ret = EXIT_SUCCESS;
goto end;
}
if (extcap_conf->show_config) {
ret = list_config(extcap_conf->interface, remote_port);
goto end;
}
#ifdef _WIN32
result = WSAStartup(MAKEWORD(1,1), &wsaData);
if (result != 0) {
if (verbose)
errmsg_print("ERROR: WSAStartup failed with error: %d", result);
goto end;
}
#endif /* _WIN32 */
if (extcap_conf->capture) {
char* filter;
if (!remote_host) {
errmsg_print("Missing parameter: --remote-host");
goto end;
}
filter = concat_filters(extcap_conf->capture_filter, remote_filter);
ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
remote_password, sshkey, sshkey_passphrase, remote_interface,
filter, remote_capture_bin, count, extcap_conf->fifo);
g_free(filter);
} else {
verbose_print("You should not come here... maybe some parameter missing?\n");
ret = EXIT_FAILURE;
}
end:
/* clean up stuff */
g_free(remote_host);
g_free(remote_username);
g_free(remote_password);
g_free(remote_interface);
g_free(remote_capture_bin);
g_free(sshkey);
g_free(sshkey_passphrase);
g_free(remote_filter);
extcap_base_cleanup(&extcap_conf);
return ret;
}