diff --git a/awit-ssh b/awit-ssh index d2c3e6447487e98019b9613fba2fc754bf88ecc7..71b58bd2fdfd71f4f054359d5173b39d4a457f1b 100755 --- a/awit-ssh +++ b/awit-ssh @@ -54,7 +54,7 @@ use User::pwent; my $NAME = "AWIT-SSH-Client"; -our $VERSION = "0.6.1"; +our $VERSION = "0.7.0"; print(STDERR "$NAME v$VERSION - Copyright (c) 2016, AllWorldIT\n\n"); @@ -153,7 +153,7 @@ if (defined($loginHost)) { my $realLoginHost = $loginHost; # Port forwarding/bouncing -my ($forwardHost,$forwardPort,$forwardUsername); +my ($forwardHost,$forwardPort,$forwardUsername,@forwardPortExtra); my %iniSetup; @@ -352,6 +352,43 @@ if ($ldapEntry) { $forwardUsername //= $ldapLoginForwardUsername; } + if (my $ldapLoginForwardPortExtra = $ldapEntry->get_value('awitLoginForwardPortExtra')) { + my @tmpList = (); + # Check if this is an array ref or not + if (ref($ldapLoginForwardPortExtra) eq "ARRAY") { + @tmpList = @{$ldapLoginForwardPortExtra}; + } else { + @tmpList = ($ldapLoginForwardPortExtra); + } + # Output all the port forwards + foreach my $item (@tmpList) { + my ($localPort,$destHost,$destPort) = split(/:/,$item); + # Check localPort + if (!defined($localPort) || $localPort < 8000) { + logger('WARNING'," - Forward port extra ".color('red')."%s".color('reset'). + " (awitLoginForwardPortExtra) is INVALID, localPort check failed",$item); + goto PFEC1; + } + # Check destHost + if (!defined($destHost)) { + logger('WARNING'," - Forward port extra ".color('red')."%s".color('reset'). + " (awitLoginForwardPortExtra) is INVALID, destHost check failed",$item); + goto PFEC1; + } + # Check destPort + if (!defined($destPort) || $destPort < 1) { + logger('WARNING'," - Forward port extra ".color('red')."%s".color('reset'). + " (awitLoginForwardPortExtra) is INVALID, destPort check failed",$item); + goto PFEC1; + } + # Add port forwarding to our list + push(@forwardPortExtra,{'localPort' => $localPort, 'destHost' => $destHost, 'destPort' => $destPort}); + + logger('INFO'," - Forward port extra ".color('green')."%s".color('reset')." (awitLoginForwardPortExtra)",$item); +PFEC1: + } + } + # Check if we need to set the host $loginHost = $ldapEntryName; if (my $ldapLoginHost = $ldapEntry->get_value('awitLoginHost')) { @@ -428,6 +465,7 @@ if (defined($knockHost)) { my @sshArgs = (); +my @sshArgsPortForwards = (); if (defined($pkcsProvider) && $pkcsProvider ne "") { push(@sshArgs,'-I',$pkcsProvider); @@ -464,6 +502,14 @@ push(@sshArgs,'-o','ConnectTimeout=30'); # Fail if we cannot forward ports push(@sshArgs,'-o','ExitOnForwardFailure=yes'); +# Check if we're doing port forwarding... +foreach my $item (@forwardPortExtra) { + push(@sshArgsPortForwards,'-L',sprintf('%s:%s:%s',$item->{'localPort'},$item->{'destHost'},$item->{'destPort'})); + + logger('NOTICE',color('magenta')."Forwarding port '".color('reset').$item->{'localPort'}.color('magenta'). + "' on localhost to '".color('reset').$item->{'destHost'}.color('magenta')."' port '" .color('reset'). + $item->{'destPort'}.color('magenta')."'\n"); +} # Fixup environment before we start to run SSH @@ -569,7 +615,7 @@ if (defined($forwardSocket)) { my $sshCmd = join(' ','/usr/bin/ssh', @sshArgs, # Override where we connecting to - '-o',"ProxyCommand=\"nc -U $forwardSocket\"", + '-o',"ProxyCommand=nc -U $forwardSocket", # Explicitly disable control master '-o','ControlMaster=no', ); @@ -584,6 +630,7 @@ if (defined($forwardSocket)) { # Fire up SSH system('/usr/bin/ssh', @sshArgs, + @sshArgsPortForwards, # Override where we connecting to '-o',"ProxyCommand=nc -U $forwardSocket", # Explicitly disable control master @@ -640,6 +687,7 @@ if (defined($forwardSocket)) { } else { system('/usr/bin/ssh', @sshArgs, + @sshArgsPortForwards, # Use basic compression '-o','Compression=yes', '-o','CompressionLevel=1',