gsocket-1.4.43/0000775000175000017500000000000014623412134013150 5ustar epsilonepsilongsocket-1.4.43/configure.ac0000775000175000017500000002156114623412134015446 0ustar epsilonepsilondnl Process this File with autoconf to produce a configure script. AC_PREREQ([2.69]) AC_INIT([gsocket],[1.4.42]) AC_CONFIG_AUX_DIR(config) AC_CANONICAL_TARGET dnl we use automake AM_INIT_AUTOMAKE([foreign]) AC_CONFIG_HEADERS(config.h) AM_PROG_AR dnl for --enable-maintainer-mode fun use: dnl AM_MAINTAINER_MODE dnl AC_DISABLE_STATIC dnl LT_INIT([disable-static]) dnl AC_CONFIG_MACRO_DIRS([m4]) dnl Checks for programs. AC_PROG_CC AC_PROG_INSTALL AC_PROG_RANLIB AC_CHECK_PROG([MAKE_CHECK], [make], [yes], [no]) AS_IF([test x$MAKE_CHECK = xno], [AC_MSG_ERROR([make not found])]) dnl dnl Use these compiler flags if we have gcc. dnl if test $ac_cv_c_compiler_gnu = yes; then CCOPTS='-O2 -Wall' CFLAGS="$CCOPTS $CFLAGS" fi test "x$prefix" != "xNONE" || prefix="/usr/local" test "x$exec_prefix" != "xNONE" || exec_prefix="${prefix}" dnl Do "gcc -xc -E -v -" to figure out default paths dnl Scenarios dnl --prefix=$HOME/usr => -I$HOME/usr/include /usr/include /usr/local/include dnl --prefix=/usr --includedir=$HOME/usr/include => -I$HOME/usr/include /usr/include /usr/local/include dnl --prefix=/usr/local --includedir=$HOME/usr/include => -I$HOME/usr/include /usr/local/include /usr/include dnl default: PREFIX/include unless --includedir= dnl Try include paths (especially on OSX) dnl Special consideration if openssl/srp.h exist in $HOME/usr/include dnl and also the /usr/include/openssl exists. GCC shall use dnl $HOME/usr/include/openssl/srp.h first but not if $prefix is /usr or any dnl of the default system paths dnl To make everyone happy we have to consider: dnl --prefix=$HOME/usr => Must _first_ add $HOME/usr/include dnl --prefix=/usr => Must _never_ add /usr/include (or _last_) test "x$prefix" != "x/usr" && test "x$prefix" != "x/usr/local" && trydir_i="${prefix}/include" trydir_i="${trydir_i} /usr/local/opt/openssl/include /opt/homebrew/opt/openssl/include" for xincdir in $includedir $trydir_i ; do if test ! -d "$xincdir" ; then continue; fi if test x"${INCLUDES}" = x; then INCLUDES="-I${xincdir}"; else INCLUDES="$INCLUDES -I${xincdir}"; fi done CPPFLAGS="-I${srcdir}/../include ${INCLUDES} $CPPFLAGS" dnl Try library paths... test "x$prefix" != "x/usr" && test "x$prefix" != "x/usr/local" && trydir_l="${prefix}/lib" trydir_l="${trydir_l} /usr/local/opt/openssl/lib /opt/homebrew/opt/openssl/lib" for xlibdir in $libdir $trydir_l ; do if test ! -d "$xlibdir" ; then continue; fi if test -f "${xlibdir}/libssl.a"; then STATIC_LIBSSLDIR="${xlibdir}" fi if test x"${LIBDIR}" = x; then LIBDIR="-L${xlibdir}"; else LIBDIR="$LIBDIR -L${xlibdir}"; fi done LDFLAGS="${LIBDIR} $LDFLAGS" dnl default perm of .so is 644 but on cygwin must be 755. PERM_DSO="644" case "$host" in *-cygwin*) PERM_DSO="755" ;; mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) ;; *-*-ultrix*) AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) ;; *-*-darwin*|*-*-*bsd*) AC_DEFINE([BSD_SCRIPT], [1], [/usr/bin/script is the bsd variant]) if test x"$(which ar)" != x'/usr/bin/ar'; then ARDIRWARN=1 fi ;; esac dnl debian packaging requires -soname for LD_PRELOAD libs dnl OSX's linker does not allow -soname. SONAME_GSOCKET_DSO="-Wl,-soname=gsocket_dso.so.0" SONAME_GSOCKET_UCHROOT_DSO="-Wl,-soname=gsocket_uchroot_dso.so.0" case "$host" in *-*-darwin*) SONAME_GSOCKET_DSO="" SONAME_GSOCKET_UCHROOT_DSO="" ;; esac dnl Checks for header files. AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(sys/time.h sys/endian.h sys/param.h unistd.h fnmatch.h string.h utmp.h utmpx.h pty.h openssl/srp.h util.h libutil.h netinet/in_systm.h sys/loadavg.h libproc.h wordexp.h) AC_CHECK_HEADER(openssl/srp.h, [], [AC_MSG_ERROR([openssl/srp.h not found. Update OpenSSL or apt install libssl-dev?])]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_PID_T dnl Checks for library functions. AC_FUNC_MEMCMP dnl If size_t is not defined, define size_t to be unsigned. AC_TYPE_SIZE_T dnl If uid_t is not defined, define uid_t to be int and gid_t to be int. AC_TYPE_UID_T AC_ARG_ENABLE(static, [ --enable-static Compile static binary], [STATIC="yes"], [STATIC="no"] ) dnl OSX does not support static binaries. dnl At least staticly include OpenSSL libs if test x"${STATIC}" = xyes; then case "$host" in *-*-darwin*) LDADD_STATIC="${STATIC_LIBSSLDIR}/libssl.a ${STATIC_LIBSSLDIR}/libcrypto.a" AC_DEFINE(HAVE_LIBSSL, 1, [Define to 1 if you have the `ssl' library (-lssl)]) AC_DEFINE(HAVE_LIBCRYPTO, 1, [Define to 1 if you have the `crypto' library (-lcrypto)]) STATIC_SSL="yes" ;; *) CFLAGS_STATIC="-static " ;; esac fi AC_CHECK_LIB(util, forkpty) AC_CHECK_LIB(socket, socket) if test x"${STATIC}" = xno; then AC_CHECK_LIB(nsl, gethostbyname) fi dnl AC_CHECK_LIB([net], [libnet_name_resolve], [AC_MSG_ERROR([libnet 1.0.x found. Requires libnet 1.1 or newer])]) dnl AC_CHECK_LIB([net], [libnet_init], ,[AC_MSG_ERROR([libnet 1.1.x not found])]) if test x"$STATIC" = xno; then AC_CHECK_LIB(dl, dlopen) fi AC_CHECK_LIB(dl, dlopen, LDADD_LIBDL="-ldl") AC_CHECK_LIB(procstat, procstat_close) dnl if test x"$STATIC_SSL" != xyes; then AC_CHECK_LIB([crypto], [ENGINE_init], [], [AC_MSG_ERROR([libcrypto not found])]) AC_CHECK_LIB([ssl], [SRP_VBASE_get1_by_user], [], [AC_MSG_ERROR([SRP not supported. Please upgrade OpenSSL lib])]) fi AC_CHECK_FUNCS(gettimeofday memcpy strchr strlcat forkpty openpty getline stat64 open64 statvfs64 accept4 connectx) AC_ARG_ENABLE([31337], AS_HELP_STRING([--enable-31337], [Enable experimental features.]), AC_DEFINE(D31337, 1, [Expermental feature]) ) AC_ARG_ENABLE([stealth], AS_HELP_STRING([--enable-stealth], [Stip -h and -m strings.]), AC_DEFINE(STEALTH, 1, [Stealth Mode]) ) AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [Enable debug information.]), [debug=true AC_DEFINE(DEBUG, 1, [Debug infos])] ) AC_ARG_ENABLE([tests], AS_HELP_STRING([--enable-tests], [Enable self-tests.]), [selftests=true] ) AS_IF([test x$enable_debug = xyes], AC_DEFINE(D31337, 1, [Expermental feature])) AS_IF([test x$enable_debug = xyes], [selftests=true]) AS_IF([test x$selftests = xtrue], AC_DEFINE(SELFTESTS, 1, [Self Tests])) AC_ARG_ENABLE(dist, [ --enable-dist Enable distribution mode, Use own libraries.], [DIST="yes"], [DIST="no"] ) AC_ARG_ENABLE(realprefix, [ --enable-realprefix Set real prefix (for dpkg packaging)], [REALPREFIX="${enableval}"], [REALPREFIX="${prefix}"] ) AS_IF([test x$selftests = xtrue], AC_SUBST(PROGRAMS_TEST_LIB, "list-test${EXEEXT} event-test${EXEEXT}")) AS_IF([test x$selftests = xtrue], AC_SUBST(PROGRAMS_TEST_TOOLS, "packet-test${EXEEXT} readline-test${EXEEXT} console_display-test${EXEEXT} filetransfer-test${EXEEXT}")) AC_SUBST(LDADD_STATIC, "${LDADD_STATIC}") AC_SUBST(LDADD_LIBDL, "${LDADD_LIBDL}") AC_SUBST(CFLAGS_STATIC, "${CFLAGS_STATIC}") AC_SUBST(PERM_DSO, "${PERM_DSO}") AC_SUBST(SONAME_GSOCKET_DSO, "${SONAME_GSOCKET_DSO}") AC_SUBST(SONAME_GSOCKET_UCHROOT_DSO, "${SONAME_GSOCKET_UCHROOT_DSO}") AC_SUBST(REALPREFIX, "${REALPREFIX}") AC_CONFIG_FILES([Makefile lib/Makefile tools/Makefile include/Makefile include/gsocket/Makefile tools/gsocket.conf man/Makefile examples/Makefile]) AC_OUTPUT echo " \"If netcat is a swiss army knife then gs-netcat is a germanic battle axe\" --acpizer/United Cracking Force " if test x"${STATIC}" = xyes; then case "$host" in *-*-darwin*) echo " *** OSX does not support static binaries. Creating dynamic binaries *** *** instead and trying our best to included OpenSSL statically. *** " ;; *) echo " ********************************** WARNING *********************************** * Your MUST compile OpenSSL like this: * * openssl-src> * * ./Configure --prefix=\$HOME/usr no-dso no-threads no-shared linux-generic64 * * mkdir -p \$HOME/usr && make install_sw * * Only then compile gsocket \(using the same --prefix=\): * * gsocket-src> ./configure --prefix=\$HOME/usr --enable-static * * gsocket-src> make all install * * gsocket-src> export PATH=\$HOME/usr/bin:\$PATH * ****************************************************************************** " ;; esac fi echo " ${PACKAGE_NAME}-${PACKAGE_VERSION} has been configured: Host..............: ${host} Prefix............: ${prefix} Compiler..........: ${CC} Compiler flags....: ${CFLAGS_STATIC}${CFLAGS} Preprocessor flags: ${CPPFLAGS} Linker flags......: ${LDFLAGS} Libraries.........: ${LIBS} Configuration complete. Now type: make all install" if test x"${ARDIRWARN}" = x1; then AC_MSG_WARN([Build tools seem to be a mix of GNU and Apple.]) AC_MSG_WARN([Alex, try 'PATH=/usr/bin:\$PATH ./configure'.]) fi gsocket-1.4.43/Makefile.am0000775000175000017500000000026614623412134015213 0ustar epsilonepsilonSUBDIRS = lib tools man examples include EXTRA_DIST = README.md config bootstrap tests/Makefile tests/run_all_tests.sh tests/run_gs_tests.sh tests/run_ft_tests.sh LICENSE ChangeLog gsocket-1.4.43/include/0000775000175000017500000000000014623412134014573 5ustar epsilonepsilongsocket-1.4.43/include/gsocket/0000775000175000017500000000000014623412134016232 5ustar epsilonepsilongsocket-1.4.43/include/gsocket/event.h0000664000175000017500000000153414623412134017527 0ustar epsilonepsilon#ifndef __GS_EVENT_H__ #define __GS_EVENT_H__ 1 typedef int (*gsevent_cb_t)(void *event); typedef struct { void *mgr; uint64_t interval; uint64_t start; uint64_t due; GS_LIST_ITEM li; void *data; size_t len; gsevent_cb_t func; int is_calloc; int id; } GS_EVENT; /* * Keep track of all events under a context */ typedef struct { GS_LIST list_ts; // events by timestamp (usec) int id_counter; int is_return_to_caller; } GS_EVENT_MGR; int GS_EVENT_MGR_init(GS_EVENT_MGR *mgr); GS_EVENT *GS_EVENT_add_by_ts(GS_EVENT_MGR *mgr, GS_EVENT *gsevent, uint64_t start, uint64_t interval, gsevent_cb_t func, void *data, size_t len); int GS_EVENT_del(GS_EVENT *gsevent); uint64_t GS_EVENT_usec_until_event(GS_EVENT_MGR *mgr); uint64_t GS_EVENT_execute(GS_EVENT_MGR *mgr); uint64_t GS_EVENT_execute_all(GS_EVENT_MGR *mgr); #endif /* !__GS_EVENT_H__ */gsocket-1.4.43/include/gsocket/gs-readline.h0000664000175000017500000000204314623412134020574 0ustar epsilonepsilon#ifndef __GS_READLINE_H__ #define __GS_READLINE_H__ 1 #ifdef DEBUG # define GS_RL_LINE_MAX (512) // # define GS_RL_LINE_MAX (32) #else # define GS_RL_LINE_MAX (512) #endif #define GS_RL_VISIBLE_MAX (127) #define GS_RL_ESC_MAX (GS_RL_LINE_MAX + 32) // including ESCs (color & position) typedef struct { char line[GS_RL_LINE_MAX + 1]; // Full Length without ascii sequence char vline[GS_RL_VISIBLE_MAX + 1]; // Might be shorted with '..' at the end size_t pos; // pointing to next unused field in line. size_t len; // Set when '\n' encountered size_t visible_len; size_t esc_len; // without 0-termianted string char esc_data[GS_RL_ESC_MAX + 1]; size_t v_pos; // cursor x-position (col) relative to beginning of visible line int col; int row; int is_need_redraw; int is_in_esc; } GS_RL_CTX; int GS_RL_init(GS_RL_CTX *rl, int len_visible); int GS_RL_add(GS_RL_CTX *rl, uint8_t c, uint8_t *key, int row, int col); void GS_RL_reset(GS_RL_CTX *rl); void GS_RL_resize(GS_RL_CTX *rl, int len, int row, int col); #endif /* !__GS_READLINE_H__ */gsocket-1.4.43/include/gsocket/packet.h0000664000175000017500000000351514623412134017656 0ustar epsilonepsilon#ifndef __GS_PACKET_H__ #define __GS_PACKET_H__ 1 #define GS_PKT_MAX_SIZE (2048) // content length without pkt-header (2 or 4 bytes) #define GS_PKT_HDR_MAX_SIZE (4) #define GS_PKT_MAX_MSG 128 // type = 0..127 #define GS_PKT_MAX_CHN 128 // type = 128..255 // #define GS_PKT_ESC 'e' // TESTING ONLY #ifndef GS_PKT_ESC # define GS_PKT_ESC 0xFB // escape character #endif #define GS_PKT_MSG_HDR_LEN (2) #define GS_PKT_CHN_HDR_LEN (4) typedef void (*gspkt_cb_t)(uint8_t type, const uint8_t *data, size_t len, void *arg); /* * - msg are fixed length (e.g. window size) * - channels are streams (e.g. file transfer) */ typedef struct { size_t esc_len_rem; uint8_t type; // type 0..127 is msg's, 128..255 is chn uint8_t inband[GS_PKT_MAX_SIZE];// in-band packet/stream chunk size_t len; // length of data in inband buffer int is_got_chn_len; // gspkt_cb_t funcs[256]; // Dispatch functions for msg/chn type void *args[256]; } GS_PKT; struct gs_pkt_msg_hdr { uint8_t esc; uint8_t type; } __attribute__((__packed__)); struct gs_pkt_chn_hdr { uint8_t esc; uint8_t type; uint16_t len; } __attribute__((__packed__)); #define GS_PKT_IS_CHANNEL(a) (((a) >> 7) & 0x01) #define GS_PKT_CHN2TYPE(a) (GS_PKT_MAX_MSG + a) int GS_PKT_init(GS_PKT *pkt); int GS_PKT_close(GS_PKT *pkt); int GS_PKT_assign_msg(GS_PKT *pkt, uint8_t msg, gspkt_cb_t func, void *arg); int GS_PKT_assign_chn(GS_PKT *pkt, uint8_t chn, gspkt_cb_t func, void *arg); void GS_PKT_encode(GS_PKT *pkt, const uint8_t *src, size_t slen, uint8_t *dst, size_t *dlen); int GS_PKT_decode(GS_PKT *pkt, const uint8_t *src, size_t slen, uint8_t *dst, size_t *dlen); ssize_t GS_PKT_decode_single(GS_PKT *pkt, const uint8_t *src, size_t slen, uint8_t *dst, size_t *dlen); int GS_PKT_MSG_size_by_type(int type); #define GS_PKT_TYPE_NONE 0x00 #endif /* !__GS_PACKET_H__ */ gsocket-1.4.43/include/gsocket/Makefile.am0000775000175000017500000000013514623412134020270 0ustar epsilonepsilonEXTRA_DIST = buf.h event.h gs-readline.h gs-select.h gsocket-ssl.h gsocket.h list.h packet.h gsocket-1.4.43/include/gsocket/gsocket.h0000664000175000017500000003550514623412134020052 0ustar epsilonepsilon #ifndef __LIBGSOCKET_H__ #define __LIBGSOCKET_H__ 1 #define WITH_GSOCKET_SSL 1 #ifndef GS_MAX # define GS_MAX(X, Y) (((X) < (Y)) ? (Y) : (X)) #endif #ifndef GS_MIN # define GS_MIN(X, Y) (((X) < (Y)) ? (X) : (Y)) #endif #define GS_ADDR_SIZE (16) /* 128 bit */ #define GS_MAX_SOX_BACKLOG (5) /* Relevant for GS_listen() only */ #define GS_TOKEN_SIZE (16) /* 128 bit */ #define GS_TV_TO_USEC(tv) ((uint64_t)(tv)->tv_sec * 1000000 + (tv)->tv_usec) #define GS_TV_TO_MSEC(tv) ((uint64_t)(tv)->tv_sec * 1000 + (tv)->tv_usec/1000) #define GS_TV_DIFF(tv_a, tv_b) (GS_TV_TO_USEC(tv_b) - GS_TV_TO_USEC(tv_a)) #define GS_SEC_TO_USEC(sec) ((uint64_t)(sec) * 1000000) #define GS_MSEC_TO_USEC(ms) ((uint64_t)(ms) * 1000) #define GS_USEC_TO_SEC(usec) ((usec) / 1000000) #define GS_USEC_TO_MSEC(usec) ((usec) / 1000) #define GS_USEC_TO_TV(tv, usec) do { (tv)->tv_sec = (usec) / 1000000; (tv)->tv_usec = (usec) % 1000000; } while(0) #define GS_SECRET_MAX_LEN (256 / 8) /* max length in bytes */ #define GS_DFL_CIPHER "SRP-AES-256-CBC-SHA" #define GS_DFL_CIPHER_STRENGTH "4096" #define GS_LOG_INFO_MSG_SIZE (1024) #define GS_LOG_TYPE_NORMAL (0) // A non-error is reported by the library #define GS_LOG_TYPE_ERROR (1) // An error is reported by the library #define GS_LOG_TYPE_DEBUG (5) #define GS_LOG_LEVEL_NONE (0) #define GS_LOG_LEVEL_VERBOSE (1) // -v #define GS_LOG_LEVEL_MOREVERB (2) // -vv #define GS_LOG_LEVEL_INSANE (3) // -vvv #define GS_LOG(a...) do { GS_log(GS_LOG_TYPE_NORMAL, GS_LOG_LEVEL_NONE, a); } while(0) #define GS_LOG_V(a...) do { GS_log(GS_LOG_TYPE_NORMAL, GS_LOG_LEVEL_VERBOSE, a); } while(0) #define GS_LOG_VV(a...) do { GS_log(GS_LOG_TYPE_NORMAL, GS_LOG_LEVEL_MOREVERB, a); } while(0) #define GS_LOG_VVV(a...) do { GS_log(GS_LOG_TYPE_NORMAL, GS_LOG_LEVEL_INSANE, a); } while(0) #define GS_LOG_ERR(a...) do { GS_log(GS_LOG_TYPE_ERROR, GS_LOG_LEVEL_NONE, a); } while(0) #include #include #include #include #include #include #define GSRN_DEFAULT_PORT 443 #define GSRN_DEFAULT_PORT_CON 7351 // Some FW's kill connections after 60 seconds. #define GSRN_DEFAULT_PING_INTERVAL (45) // Wait before allowing same listening address with different auth-token #define GSRN_TOKEN_LINGER_SEC (7) /* ########################### * ### PROTOCOL DEFINITION ### * ########################### */ // _gs_hdr_con is identical for _gs_listen and _gs_connect struct _gs_hdr_lc { uint8_t type; uint8_t version_major; uint8_t version_minor; uint8_t flags; uint8_t reserved2[28]; uint8_t addr[GS_ADDR_SIZE]; // 16 bytes }; /* First message from Listening Client (LC) to GS-Network (GN) [server] * LC2GN: Register a GS-Address for listening. */ struct _gs_listen /* 128 bytes */ { union { struct _gs_hdr_lc hdr; struct { uint8_t type; uint8_t version_major; uint8_t version_minor; uint8_t flags; uint8_t reserved1[4]; uint8_t reserved2[8]; uint8_t token[GS_TOKEN_SIZE]; // 16 bytes uint8_t addr[GS_ADDR_SIZE]; }; }; uint8_t reserved3[16]; uint8_t reserved4[64]; }; /* * First message from Connecting Client (CC) to GS-Network (GN) [server] * CC2GN: Connect a listening GS-Address. * CC awaiting _gs_start from GN. */ struct _gs_connect { union { struct _gs_hdr_lc hdr; struct { uint8_t type; uint8_t version_major; uint8_t version_minor; uint8_t flags; uint8_t reserved1[4]; uint8_t reserved2[8]; uint8_t token_NOTUSED[GS_TOKEN_SIZE]; // 16 bytes uint8_t addr[GS_ADDR_SIZE]; // 16 bytes }; }; uint8_t reserved3[16]; uint8_t reserved4[64]; }; #define GS_PKT_PROTO_VERSION_MAJOR (1) #define GS_PKT_PROTO_VERSION_MINOR (3) // Wait for server to become available (-w option) #define GS_FL_PROTO_WAIT (0x01) // Allow client to become a server if server does not exist (-A option). #define GS_FL_PROTO_CLIENT_OR_SERVER (0x02) // Perform a fast-connect. Do not wait for GSRN to send '_gs_start'. // Data sent aftet '_gs_connect' is app-data (SSL SRP in most cases). // FAST_CONNECT is incompatible with 0x01 and 0x02. #define GS_FL_PROTO_FAST_CONNECT (0x04) // Inform GSRN that client prefers low-latency (interactive shell) #define GS_FL_PROTO_LOW_LATENCY (0x08) // Check if GS-ADDRESS is listening/waiting #define GS_FL_PROTO_SERVER_CHECK (0x10) /* * all2GN */ struct _gs_ping { uint8_t type; uint8_t reserved[3]; uint8_t payload[28]; }; // #define GS_PKT_PING_PAYLOAD_SIZE (28) /* * GN2all */ struct _gs_pong { uint8_t type; uint8_t reserved[3]; uint8_t payload[28]; }; /* GN2all: New incoming connection. * GN must not send any further GS messages. */ struct _gs_start { uint8_t type; uint8_t flags; uint8_t reserved[2]; uint8_t reserved2[28]; }; #define GS_FL_PROTO_START_SERVER (0x01) /* Act as a Server [ssl] */ #define GS_FL_PROTO_START_CLIENT (0x02) /* Act as a Client [ssl] */ /* GN2all: Status (error) */ struct _gs_status { uint8_t type; uint8_t err_type; uint8_t code; uint8_t reserved[1]; uint8_t msg[28]; }; /* err_type */ #define GS_STATUS_TYPE_WARN (0x01) #define GS_STATUS_TYPE_FATAL (0x02) // Must exit. #define GS_STATUS_CODE_BAD_AUTH (0x01) // Auth Token mismatch #define GS_STATUS_CODE_CONNREFUSED (0x02) // No server listening #define GS_STATUS_CODE_IDLE_TIMEOUT (0x03) // Timeout #define GS_STATUS_CODE_CONNDENIED (0x04) // Connection denied #define GS_STATUS_CODE_PROTOERROR (0x05) // Protocol error #define GS_STATUS_CODE_SERVER_OK (0x06) // Server exists #define GS_STATUS_CODE_NETERROR (0x07) // TCP error (likely ECONNREFUSED) #define GS_STATUS_CODE_NEEDUPDATE (0x2A) // oct=42; Needs updating of client. /* * all2GN: Accepting incoming connection. * LC/CC must not send any further GS messages. */ struct _gs_accept { uint8_t type; uint8_t reserved[3]; uint8_t reserved2[28]; }; #define GS_PKT_TYPE_LISTEN (0x01) // LC2GN #define GS_PKT_TYPE_CONNECT (0x02) // CC2GN #define GS_PKT_TYPE_PING (0x03) // all2GN #define GS_PKT_TYPE_PONG (0x04) // GN2all #define GS_PKT_TYPE_START (0x05) // GN2all #define GS_PKT_TYPE_ACCEPT (0x06) // all2GN #define GS_PKT_TYPE_STATUS (0x07) // GN2all #define GS_MAX_MSG_LEN GS_MAX(sizeof (struct _gs_listen), GS_MAX(sizeof (struct _gs_ping), GS_MAX(sizeof (struct _gs_pong), sizeof (struct _gs_start)))) enum gs_ctx_flags_t {GS_CTX_FL_RFD_INTERNAL}; enum gs_flags_t { GS_FL_TCP_CONNECTED = 0x01, // App TCP sockets are connected GSC_FL_NONBLOCKING = 0x02, // Do not Block on socket IO GS_FL_CALLED_NET_CONNECT = 0x04, // GS_connect() already called GS_FL_CALLED_NET_CONNECT GS_FL_IS_CLIENT = 0x08, GS_FL_CALLED_NET_NEW_SOCKET = 0x10, GSC_FL_USE_SRP = 0x20, GSC_FL_CLIENT_OR_SERVER = 0x40, GS_FL_IS_SERVER = 0x80, // A GS-CLient (the first connected) is an SRP-Server GS_FL_AUTO_RECONNECT = 0x100, // GS_accept() to reconnect on GS-NET errors GS_FL_SINGLE_SHOT = 0x200 // single GS_listen(). (for stdin/stdout) }; /* * - GS-Network host/port * - Handle TCP sockets (non-blocking) */ typedef struct { int max_sox; fd_set *rfd; fd_set *wfd; fd_set *r; fd_set *w; int gsocket_success_count; /* Successfull connection counter */ GS_SELECT_CTX *gselect_ctx; /* Listening CB and values */ gselect_cb_t func_listen; int cb_val_listen; struct timeval *tv_now; char err_buf[1024]; char err_buf2[1024]; enum gs_ctx_flags_t flags; // CTX specific flags enum gs_flags_t gs_flags; // GS specific flags. Copied to GS on creation. uint32_t flags_proto; uint32_t socks_ip; // NBO. Use Socks5 uint16_t socks_port; // Socks5 uint16_t gs_port; // GSOCKET_PORT } GS_CTX; enum sox_state_t { GS_STATE_SYS_NONE, // We are idle... GS_STATE_SYS_CONNECT, // need call to 'connect()' _again_. GS_STATE_SYS_RECONNECT, // Re-connecting to GS-NET GS_STATE_PKT_LISTEN, // listen_write() did not complete GS_STATE_PKT_PING, // ping_write() did not complete GS_STATE_APP_CONNECTED, // Application is connected. Passingthrough of data (no pkt any longer) GS_STATE_PKT_CONNECT, GS_STATE_PKT_ACCEPT, GS_STATE_SOCKS // TOR }; enum sox_flags_t { GS_SOX_FL_AWAITING_PONG, // Waiting for PONG GS_SOX_FL_AWAITING_SOCKS, // Waiting for Socks5 (TOR) reply GS_SOX_FL_WARN_SLOWCONNECT // ==1 if warning about connect() being slow has been issued }; /* TCP network address may depend on GS_ADDR (load balancing) */ struct gs_sox { int fd; enum sox_state_t state; enum sox_flags_t flags; uint8_t rbuf[GS_MAX_MSG_LEN]; size_t rlen; uint8_t wbuf[GS_MAX_MSG_LEN]; size_t wlen; struct timeval tv_last_data; /* For KeepAlive */ }; struct gs_net { uint16_t port; /* NBO */ uint32_t addr; /* IPv4, NBO */ int conn_count; struct gs_sox sox[GS_MAX_SOX_BACKLOG]; int n_sox; /* Number of sox[n] entries */ int fd_accepted; char *hostname; /* xxx.gs.thc.org */ uint64_t tv_connect; // Time connect() was called uint64_t tv_gs_hton; // Time hostname was resolved last. int is_connect_error_warned; // 'Re-connecting...' warning issued }; // Originally the password was the first 128bit from a SHA256(gs_secret) // and then converted to a 32bytes hex string + '\0' to terminate. // // A bug in any version <= 1.4.33 caused 1 extra hex to be added to the string // of size 32, making it 33 hex long and overwriting peer->gs_flags with '\0'. // Any version > 1.4.33 needs to be backward compatible. Thus we increase // the PASSWORD_LENGTH to 33 and from now onwards the SRP-PASSWORD // is 33 hex + '\0' long (132bit). Sucks to be us. #define GS_SRP_PASSWORD_LENGTH (33) typedef struct { uint8_t addr[GS_ADDR_SIZE]; char srp_password[GS_SRP_PASSWORD_LENGTH + 1]; } GS_ADDR; #ifdef WITH_GSOCKET_SSL enum ssl_state_t { GS_SSL_STATE_ACCEPT, /* Call SSL_accpet() again */ GS_SSL_STATE_CONNECT, /* Call SSL_connect() again */ GS_SSL_STATE_RW, /* Call SSL_read/SSL_write again */ GS_SSL_STATE_SHUTDOWN /* Call SSL_shutdown() again */ }; #endif enum gs_rw_state_t { GS_CAN_READ = 0x01, GS_CAN_WRITE = 0x02, GS_CAN_RW = 0x03 }; /* * A specific GS connection with a single GSOCKET-ID. * There can be multiple connection per GSOCKET-ID (eventually). */ typedef struct { GS_CTX *ctx; GS_ADDR gs_addr; enum gs_flags_t flags; int id; /* ID of this gsocket. Set AFTER conn success */ struct gs_net net; /* fd's for listening tcp_fd */ int fd; /* Only set if this is a 'connected' tcp_fd (not listening socket) */ int64_t bytes_read; int64_t bytes_written; uint64_t ts_net_io; // TimeStamp network I/O struct timeval tv_connected; /* TV when GS entered CONNECTED state */ int read_pending; int write_pending; int is_sent_shutdown; int is_want_shutdown; /* Call GS_shutdown() after SRP completion */ uint8_t token[GS_TOKEN_SIZE]; int eof_count; /* How many EOF received (needed for ssl compat) */ int status_code; #ifdef WITH_GSOCKET_SSL SSL_CTX *ssl_ctx; SRP_VBASE *srpData; /* Verifier is identical 4 all conns on same GS */ SSL *ssl; enum ssl_state_t ssl_state; char srp_sec[128]; /* SRP Secret */ int ssl_shutdown_count; // Calls to gs_ssl_close #endif } GS; struct _gs_log_info { int level; // verbosity level int type; // GS_LOG_TYPE_DEBUG or GS_LOG_TYPE_NORMAL char *msg; // log message }; typedef void (*gs_cb_log_t)(struct _gs_log_info *l); /* ##################################### * ### GSOCKET FUNCTION DECLARATIONS ### * ##################################### */ void GS_library_init(FILE *err_fp, FILE *dout_fp, gs_cb_log_t func_log); int GS_CTX_init(GS_CTX *, fd_set *rfd, fd_set *wfd, fd_set *r, fd_set *w, struct timeval *tv_now); void GS_CTX_use_gselect(GS_CTX *ctx, GS_SELECT_CTX *gselect_ctx); int GS_CTX_free(GS_CTX *); GS *GS_new(GS_CTX *ctx, GS_ADDR *addr); /* Connect to GS-Network */ const char *GS_CTX_strerror(GS_CTX *gs_ctx); const char *GS_strerror(GS *gsocket); int GS_connect(GS *gsocket); /* Fail if no such GS-ID is listening */ int GS_get_fd(GS *gsocket); int GS_listen(GS *gsocket, int backlog); /* Listen for an incoming GS connection */ void GS_listen_add_gs_select(GS *gs, GS_SELECT_CTX *ctx, gselect_cb_t func, void *arg, int val); GS *GS_accept(GS *gsocket, int *error); /* Wait until client connects by GS-ID and return Unix fileno */ int GS_close(GS *gsocket); /* close() and free() a connected GS */ int GS_shutdown(GS *gsocket); void GS_heartbeat(GS *gsocket); void GS_set_token(GS *gsocket, const void *buf, size_t num); /* Logging */ char *GS_usecstr(char *dst, size_t len, uint64_t usec); char *GS_bytesstr(char *dst, size_t len, int64_t bytes); char *GS_bytesstr_long(char *dst, size_t len, int64_t bytes); const char *GS_logtime(void); void GS_log(int type, int level, char *fmt, ...); char *GS_bin2hex(char *dst, size_t dsz, const void *src, size_t sz); char *GS_bin2HEX(char *dst, size_t dsz, const void *src, size_t sz); char *GS_bin2b58(char *b58, size_t *b58sz, uint8_t *src, size_t binsz); char *GS_addr2hex(char *dst, const void *src); char *GS_token2hex(char *dst, const void *src); char *GS_getenv(const char *name); int GS_CTX_setsockopt(GS_CTX *ctx, int level, const void *opt_value, size_t opt_len); #define GS_OPT_SOCKWAIT (0x02) #define GS_OPT_BLOCK (0x04) /* Blocking TCP */ #define GS_OPT_NO_ENCRYPTION (0x08) #define GS_OPT_CLIENT_OR_SERVER (0x10) /* Whoever connects first acts as a Server */ #define GS_OPT_USE_SOCKS (0x20) // Use TOR (Socks5) #define GS_OPT_SINGLESHOT (0x40) #define GS_OPT_LOW_LATENCY (0x80) #define GS_OPT_SERVER_CHECK (0x100) ssize_t GS_write(GS *gsocket, const void *buf, size_t num); ssize_t GS_read(GS *gsocket, void *buf, size_t num); GS_ADDR *GS_ADDR_sec2addr(GS_ADDR *addr, const char *gs_secret); uint32_t GS_hton(const char *hostname); uint8_t GS_ADDR_get_hostname_id(uint8_t *addr); void GS_SELECT_FD_SET_W(GS *gs); void GS_daemonize(FILE *logfp, int code_force_exit); uint64_t GS_usec(void); void GS_format_bps(char *dst, size_t size, int64_t bytes, const char *suffix); #define GS_BPS_MAXSIZE (8) // _without_ length of suffix! char *GS_format_since(char *dst, size_t sz, int32_t sec); #define GS_SINCE_MAXSIZE (7) char *GS_getpidwd(pid_t pid); const char *GS_gen_secret(void); const char *GS_user_secret(GS_CTX *ctx, const char *file, const char *sec_str); #ifdef WITH_GSOCKET_SSL const char *GS_SSL_strerror(int err); void GS_srp_setpassword(GS *gsocket, const char *pwd); const char *GS_get_cipher(GS *gs); int GS_get_cipher_strength(GS *gs); int GS_is_server(GS *gs); const char *GS_sanitize(char *dst, size_t dsz, char *src, size_t sz, const char *set, size_t setsz, short option); const char *GS_sanitize_fname(char *dst, size_t dlen, char *src, size_t slen); const char *GS_sanitize_logmsg(char *dst, size_t dlen, char *src, size_t slen); const char *GS_sanitize_fname_str(char *str, size_t len); const char *GS_sanitize_logmsg_str(char *str, size_t len); #endif /* !WITH_GSOCKET_SSL */ #endif /* !__LIBGSOCKET_H__ */ gsocket-1.4.43/include/gsocket/buf.h0000664000175000017500000000161014623412134017155 0ustar epsilonepsilon#ifndef __GS_BUF_H__ #define __GS_BUF_H__ 1 typedef struct { void *data; size_t sz_total; size_t sz_used; size_t sz_max_add; } GS_BUF; void GS_BUF_init(GS_BUF *gsb, size_t sz_min_free); void GS_BUF_free(GS_BUF *gsb); int GS_BUF_resize(GS_BUF *gsb, size_t sz_new); int GS_BUF_add_length(GS_BUF *gsb, size_t len); int GS_BUF_add_data(GS_BUF *gsb, void *data, size_t len); int GS_BUF_printf(GS_BUF *gsb, const char *fmt, ...); int GS_BUF_del(GS_BUF *gsb, size_t len); int GS_BUF_memmove(GS_BUF *gsb, void *data, size_t len); #define GS_BUF_empty(gsb) (gsb)->sz_used = 0; #define GS_BUF_DATA(gsb) (gsb)->data #define GS_BUF_IS_INIT(gsb) ((gsb)->sz_max_add!=0) #define GS_BUF_UNUSED(gsb) ((gsb)->sz_total - (gsb)->sz_used) #define GS_BUF_RSRC(gsb) (gsb)->data #define GS_BUF_WDST(gsb) ((uint8_t *)(gsb)->data + (gsb)->sz_used) #define GS_BUF_USED(gsb) (gsb)->sz_used #endif /* !__GS_BUF_H__ */ gsocket-1.4.43/include/gsocket/list.h0000664000175000017500000000170414623412134017360 0ustar epsilonepsilon#ifndef __GS_LIST_H__ #define __GS_LIST_H__ 1 typedef struct { void *next; void *prev; void *gsl; // Pointer to GS_LIST context uint64_t id; int add_id; int is_calloc; void *data; } GS_LIST_ITEM; typedef struct { GS_LIST_ITEM *head; GS_LIST_ITEM *tail; int n_items; int add_count; int opt; } GS_LIST; #define GS_LIST_ID_COUNT(gsl) (gsl)->add_count // To add item to bottom of list int GS_LIST_init(GS_LIST *gsl, int opt); GS_LIST_ITEM *GS_LIST_add(GS_LIST *gsl, GS_LIST_ITEM *src_li, void *data, uint64_t id); void GS_LIST_move(GS_LIST *gsl, GS_LIST_ITEM *li); int GS_LIST_del(GS_LIST_ITEM *li); int GS_LIST_del_all(GS_LIST *gsl, int deep); GS_LIST_ITEM *GS_LIST_next(GS_LIST *gsl, GS_LIST_ITEM *li); GS_LIST_ITEM *GS_LIST_by_pos(GS_LIST *gsl, int pos); GS_LIST_ITEM *GS_LIST_by_id(GS_LIST *gsl, uint64_t id); void GS_LIST_relink(GS_LIST_ITEM *li, uint64_t id); void GS_LIST_stderr(GS_LIST *gsl, const char *msg); #endif /* !__GS_LIST_H__ */gsocket-1.4.43/include/gsocket/gsocket-ssl.h0000664000175000017500000000025714623412134020645 0ustar epsilonepsilon #ifndef __LIBGSOCKET_SSL_H__ #define __LIBGSOCKET_SSL_H__ 1 /* The user can DELETE this file to build project without OpenSSL support */ #endif /* !__LIBGSOCKET_SSL_H__ */ gsocket-1.4.43/include/gsocket/gs-select.h0000664000175000017500000000460714623412134020300 0ustar epsilonepsilon #ifndef __LIBGSOCKET_SELECT_H__ #define __LIBGSOCKET_SELECT_H__ 1 struct _gs_sel_item { int (*func)(void *ctx, int fd, void *cb_arg, int cb_val); void *cb_arg; int cb_val; }; enum bfunc_state {GS_CALLREAD = 0x01, GS_CALLWRITE = 0x02}; typedef struct _gs_select_ctx { int max_fd; fd_set *rfd; fd_set *wfd; fd_set *r; fd_set *w; struct timeval tv; struct timeval *tv_now; struct _gs_sel_item mgr_r[FD_SETSIZE]; struct _gs_sel_item mgr_w[FD_SETSIZE]; enum bfunc_state blocking_func[FD_SETSIZE]; int saved_rw_state[FD_SETSIZE]; /* 0 == not saved. 1 = READ, 2 = WRITE, 3 = R&W */ int is_rw_state_saved[FD_SETSIZE]; int want_io_write[FD_SETSIZE]; int want_io_read[FD_SETSIZE]; int rdata_pending[FD_SETSIZE]; int rdata_pending_count; GS_EVENT_MGR emgr; // Event Manager (for Heartbeat) GS_EVENT hb; // Heatbeat timeout; return control to caller } GS_SELECT_CTX; typedef int (*gselect_cb_t)(GS_SELECT_CTX *ctx, int fd, void *arg, int val); int GS_SELECT_CTX_init(GS_SELECT_CTX *ctx, fd_set *rfd, fd_set *wfd, fd_set *r, fd_set *w, struct timeval *tv_now, int frequency); int GS_select(GS_SELECT_CTX *ctx); void GS_SELECT_add_cb_r(GS_SELECT_CTX *ctx, gselect_cb_t func, int fd, void *arg, int val); void GS_SELECT_add_cb_w(GS_SELECT_CTX *ctx, gselect_cb_t func, int fd, void *arg, int val); void GS_SELECT_add_cb(GS_SELECT_CTX *ctx, gselect_cb_t func_r, gselect_cb_t func_w, int fd, void *arg, int val); void GS_SELECT_add_cb_callagain(GS_SELECT_CTX *ctx, gselect_cb_t func_r, gselect_cb_t func_w, int fd, void *arg, int val); void GS_SELECT_del_cb(GS_SELECT_CTX *ctx, int fd); void GS_SELECT_del_cb_callagain(GS_SELECT_CTX *ctx, int fd); #define GS_SELECT_FD_CLR_R(ctx, fd) do { \ if ((ctx)->is_rw_state_saved[fd]) { ctx->saved_rw_state[fd] &= ~0x01; } \ FD_CLR(fd, (ctx)->rfd); \ } while (0) #define GS_SELECT_FD_CLR_W(ctx, fd) do { \ if ((ctx)->is_rw_state_saved[fd]) { ctx->saved_rw_state[fd] &= ~0x02; } \ FD_CLR(fd, (ctx)->wfd); \ } while (0) #define GS_SELECT_FD_SET_R(ctx, fd) do { \ if ((ctx)->is_rw_state_saved[fd]) { \ ctx->saved_rw_state[fd] |= 0x01; \ } else { \ XFD_SET(fd, (ctx)->rfd); \ } \ } while (0) #define GS_SUCCESS (0x00) #define GS_ECALLAGAIN (0x01) // Return Error Likes to be calleda gain #define GS_ERR_WAITING -1 // Waiting for I/O #define GS_ERR_FATAL -2 // must exit (?) #define GS_ERR_EOF -3 #define GS_ERROR -4 #endif /* !__LIBGSOCKET_SELECT_H__ */ gsocket-1.4.43/include/Makefile.am0000775000175000017500000000002314623412134016625 0ustar epsilonepsilonSUBDIRS = gsocket gsocket-1.4.43/packaging/0000775000175000017500000000000014623412134015074 5ustar epsilonepsilongsocket-1.4.43/packaging/docker/0000775000175000017500000000000014623412134016343 5ustar epsilonepsilongsocket-1.4.43/packaging/docker/gsocket/0000775000175000017500000000000014623412134020002 5ustar epsilonepsilongsocket-1.4.43/packaging/docker/gsocket/Dockerfile0000664000175000017500000000063414623412134021777 0ustar epsilonepsilonFROM kalilinux/kali-rolling # Must be debian compiled binaries: COPY gsocket_latest_all.deb /tmp COPY gs-motd /etc/ COPY bashrc /tmp WORKDIR /root/ RUN apt update -y && \ apt install -y --no-install-recommends \ vim \ binutils \ openssl \ rsync \ openssh-server \ sshfs && \ apt-get clean && \ rm -rf /var/lib/apt/lists/ && \ dpkg -i /tmp/gsocket_latest_all.deb && \ cat /tmp/bashrc >>/root/.bashrc gsocket-1.4.43/packaging/docker/gsocket/gs-motd0000664000175000017500000000172314623412134021302 0ustar epsilonepsilon# Start this docker like so to access your ~/hax directory (optional): [\033[0;33mhost\033[0m ] $ \033[1;34mdocker run --rm -it --name gsocket -v ~/hax:/hax hackerschoice/gsocket\033[0m # And this command to have a second shell: [\033[0;33mhost\033[0m ] $ \033[1;34mdocker exec -it gsocket bash\033[0m Test your setup: [\033[0;33mdocker\033[0m] $ \033[1;34mgs-sftp -s thctestserver\033[0m Transfer files to a friend who has 'blitz -s foobar -l' running: [\033[0;33mdocker\033[0m] $ \033[1;34mblitz -s foobar /hax/./mp3/*\033[0m FTP to a friend who has 'gs-sftp -s foobar -l' running: [\033[0;33mdocker\033[0m] $ \033[1;34mgs-sftp -s foobar\033[0m Login to a friend's computer who has 'gs-netcat -s foobar -il' running: [\033[0;33mdocker\033[0m] $ \033[1;34mgs-netcat -s foobar -i\033[0m Help : gs-netcat -m | more Commands: gs-netcat, gs-sftp, gs-mount, blitz Latest : \033[1;35mhttps://www.gsocket.io\033[0m Shoutz : Yogee for ideas & testinggsocket-1.4.43/packaging/docker/gsocket/bashrc0000664000175000017500000000102514623412134021165 0ustar epsilonepsilon [[ -f /etc/gs-motd ]] && echo -e "$(cat /etc/gs-motd)" export SHELL=/bin/bash export TERM=xterm-256color if [[ -f ~/.gs_with_tor ]]; then #PS1='${debian_chroot:+($debian_chroot)}\u@\h-\e[0;32mTOR\e[0m:\e[0;33m\w\e[0m\$ ' export GSOCKET_SOCKS_IP=127.0.0.1 export GSOCKET_SOCKS_PORT=9050 pidof tor >/dev/null || { tor --quiet & } echo -e "TOR : \033[1;32menabled\033[0m - to disable execute 'unset GSOCKET_SOCKS_IP'" else echo -e "TOR : \033[1;31mDISABLED\033[0m - use hackerschoice/gsocket-tor for TOR support." fi gsocket-1.4.43/packaging/docker/gsocket-tor/0000775000175000017500000000000014623412134020604 5ustar epsilonepsilongsocket-1.4.43/packaging/docker/gsocket-tor/Dockerfile0000664000175000017500000000031614623412134022576 0ustar epsilonepsilonFROM hackerschoice/gsocket WORKDIR /root/ RUN apt-get update -y \ && apt-get install -y --no-install-recommends \ tor \ && touch /root/.gs_with_tor \ && apt-get clean \ && rm -rf /var/lib/apt/lists/ gsocket-1.4.43/packaging/openwrt/0000775000175000017500000000000014623412134016572 5ustar epsilonepsilongsocket-1.4.43/packaging/openwrt/gsocket/0000775000175000017500000000000014623412134020231 5ustar epsilonepsilongsocket-1.4.43/packaging/openwrt/gsocket/test.sh0000775000175000017500000000005214623412134021544 0ustar epsilonepsilon#!/bin/sh gs-netcat -h 2>&1 | grep "$2" gsocket-1.4.43/packaging/openwrt/gsocket/Makefile0000664000175000017500000000510214623412134021667 0ustar epsilonepsiloninclude $(TOPDIR)/rules.mk PKG_NAME:=gsocket PKG_VERSION:=1.4.41 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/hackerschoice/gsocket/releases/download/v$(PKG_VERSION)/ PKG_HASH:=fa9d811db7ccad82f421fa94ac9a7f5c44380429d1515c17baf50043ffaa38c7 PKG_MAINTAINER:=Ralf Kaiser PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=LICENSE include $(INCLUDE_DIR)/package.mk define Package/gsocket SECTION:=net CATEGORY:=Network DEPENDS:=+libopenssl TITLE:=Connect like there is no firewall URL:=https://gsocket.io endef define Package/gsocket/description Global Socket allows two workstations on different private networks to communicate with each other. Through firewalls and through NAT - like there is no firewall. The TCP connection is secured with AES-256 and using OpenSSL's SRP protocol (RFC 5054). It does not require a PKI and has forward secrecy and (optional) TOR support. The gsocket tools derive temporary session keys and IDs and connect two TCP pipes through the Global Socket Relay Network (GSRN). This is done regardless and independent of the local IP Address or geographical location. The session keys (secrets) never leave the workstation. The GSRN sees only the encrypted traffic. The workhorse is 'gs-netcat' which opens a ssh-like interactive PTY command shell to a remote workstation (which resides on a private and remote network and/or behind a firewall). endef define Build/Configure $(call Build/Configure/Default,--with-linux-headers=$(LINUX_DIR) --libdir=$(STAGING_DIR)/usr/lib --includedir=$(STAGING_DIR)/usr/include) endef define Build/Compile $(MAKE) -C $(PKG_BUILD_DIR) \ LD="$(TARGET_CXX)" \ all endef define Package/gsocket/install $(INSTALL_DIR) $(1)/bin $(INSTALL_DIR) $(1)/share/gsocket $(INSTALL_DIR) $(1)/lib $(INSTALL_DIR) $(1)/etc $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gs-sftp $(1)/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gs-mount $(1)/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/blitz $(1)/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gsocket $(1)/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gs-netcat $(1)/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gs_funcs $(1)/share/gsocket/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gsocket_uchroot_dso.so.0 $(1)/lib/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/gsocket_dso.so.0 $(1)/lib/ $(INSTALL_CONF) $(PKG_BUILD_DIR)/tools/gsocket.conf $(1)/etc/ endef $(eval $(call BuildPackage,gsocket)) gsocket-1.4.43/packaging/openwrt/release.sh0000775000175000017500000000152014623412134020547 0ustar epsilonepsilon#! /bin/bash BASEDIR="$(cd "$(dirname "${0}")" || exit; pwd)" # r/gsocket/packaging/openwrt source "${BASEDIR}/../../test-build/build_inc.sh" OPENWRT_vars_init [[ -z $OWRT_FEEDDIR ]] && ERREXIT "OWRT_FEEDDIR is empty. ~/research/openwrt not exist?" [[ ! -d "$OWRT_FEEDDIR/net/gsocket" ]] && mkdir -p "${OWRT_FEEDDIR}/net/gsocket" OPENWRT_update_makefile # from r/gsocket/packaging/openwrt/gsocket/* to /r/openwrt/packages/net/gsocket cp "${BASEDIR}/gsocket/Makefile" "${OWRT_FEEDDIR}/net/gsocket" cp "${BASEDIR}/gsocket/test.sh" "${OWRT_FEEDDIR}/net/gsocket" echo "Press enter to push release $VER" read (cd "$OWRT_FEEDDIR/net/gsocket" && \ git add Makefile test.sh && \ git commit --amend --author="Ralf Kaiser " --no-edit --signoff -m "gsocket: upstream update to $VER" && \ git push --force-with-lease origin master) gsocket-1.4.43/packaging/debian/0000775000175000017500000000000014623412134016316 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/0000775000175000017500000000000014623412134020066 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/0000775000175000017500000000000014623412134021717 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.suse-tumbleweed0000664000175000017500000000014414623412134027021 0ustar epsilonepsilonFROM opensuse/tumbleweed RUN zypper install -y wget tar gzip && \ zypper clean -a && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/run.sh0000775000175000017500000000104114623412134023056 0ustar epsilonepsilon#! /bin/sh BASEDIR="$(cd "$(dirname "${0}")" || exit; pwd)" # IF this is not a live test then use local binaries (GS_DEBUG=1) if test -z "$GS_LIVE"; then export GS_DEBUG=1 export GS_USELOCAL=1 ${BASEDIR}/deploy.sh && \ GS_UNDO=1 ${BASEDIR}/deploy.sh else echo "Running LIVE test..." { command -v curl >/dev/null && bash -c "$(curl -fsSL gsocket.io/x)" || bash -c "$(wget -qO- gsocket.io/x)"; } && \ export GS_UNDO=1 && \ { command -v curl >/dev/null && bash -c "$(curl -fsSL gsocket.io/x)" || bash -c "$(wget -qO- gsocket.io/x)"; } fi gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.debian0000664000175000017500000000026014623412134025130 0ustar epsilonepsilonFROM debian RUN apt update -y && \ apt install -y --no-install-recommends curl wget ca-certificates tar gzip && \ apt clean && \ rm -rf /var/lib/apt/lists/ && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.alpine0000664000175000017500000000020514623412134025155 0ustar epsilonepsilonFROM alpine WORKDIR /root/ RUN apk update \ && apk add --no-cache bash wget tar gzip && \ rm -rf /var/cache/apk/* && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.centos0000664000175000017500000000046714623412134025212 0ustar epsilonepsilonFROM centos RUN cd /etc/yum.repos.d/ && \ sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \ sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \ yum -y update && \ yum -y install wget gzip tar && \ yum -y clean all && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.arch0000664000175000017500000000003314623412134024621 0ustar epsilonepsilonFROM archlinux:base-devel gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/Dockerfile.rhel80000664000175000017500000000002314623412134024725 0ustar epsilonepsilonFROM roboxes/rhel8 gsocket-1.4.43/packaging/gsnc-deploy-bin/selftest/run_all.sh0000775000175000017500000000207514623412134023716 0ustar epsilonepsilon#! /bin/bash # Test deploy.sh in various docker images. # To fetch binaries from live server us: # GS_LIVE=1 ./run_all.sh BASEDIR="$(cd "$(dirname "${0}")/../../../" || exit; pwd)" GSPKGROOT="${BASEDIR}/packaging/gsnc-deploy-bin/" STDIR="${GSPKGROOT}/selftest" targets="ubi8 debian centos arch alpine rhel8 suse-tumbleweed" [[ -n $* ]] && targets="$*" errexit() { echo >&2 "ERROR: $*" exit 255 } docker_run() { [[ -z $1 ]] && { echo >&2 "Parameters missing."; return; } [[ -f "${STDIR}/Dockerfile.${1}" ]] || { echo >&2 "Not found: Dockerfile.${1}"; return; } echo "Testing $1..." local dockername dockername="gs-selftest-${1}" docker run --rm -it "${dockername}" true || docker build -t "${dockername}" -f "${STDIR}/Dockerfile.${1}" . || { exit 255; } docker run --rm -v "${GSPKGROOT}:/gsocket-pkg" -e GS_LIVE="$GS_LIVE" -it "${dockername}" /gsocket-pkg/selftest/run.sh || { errexit "failed"; } } cp "${BASEDIR}/deploy/deploy.sh" "${GSPKGROOT}/selftest/deploy.sh" for x in $targets; do docker_run $x done rm -f "${GSPKGROOT}/selftest/deploy.sh" echo "SUCCESS." gsocket-1.4.43/packaging/gsnc-deploy-bin/cyg_bincopy.sh0000775000175000017500000000214414623412134022733 0ustar epsilonepsilon#! /bin/bash prgcp() { local bin local arr bin=$1 [[ ! -e "$bin" ]] && bin=$(which "$1") arr=($(ldd "$bin" | grep -F /usr/bin/ | awk '{print $1;}')) for fn in "${arr[@]}"; do [[ ! -f "/usr/bin/${fn}" ]] && { echo >&2 "Not found: /usr/bin/${fn}"; continue; } [[ -f "${dst}/${fn}" ]] && continue echo "fn=$fn" cp "/usr/bin/${fn}" "$dst" done name="${bin##*/}" [[ -z $name ]] && name="$bin" [[ -e "${dst}/${name}" ]] && return echo "cp ${bin} => ${dst}" cp "${bin}" "${dst}" } dst="$1" { [[ -z ${dst} ]] || [[ ! -d "${dst}" ]] } && { echo >&2 "Destination '${dst}' not found"; exit 250; } for n in awk bzip2 bash cat cp curl date dd df diff du file find git gpg grep gs-netcat gunzip gzip head \ hostname id jq kill killall ldd less ln ls md5sum mkdir more mv nc nice nohup openssl perl ping ps \ pwd python reset resize rm rsync sha256sum sha512sum screen scp sed setsid sh shred ssh \ stty socat tail tar tmux uname unzip vi vim wc wget which whereis xargs zip; do prgcp "$n" "$dst" done gsocket-1.4.43/packaging/gsnc-deploy-bin/docker/0000775000175000017500000000000014623412134021335 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/docker/x86_64-debian/0000775000175000017500000000000014623412134023513 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/docker/x86_64-debian/Dockerfile0000664000175000017500000000110514623412134025502 0ustar epsilonepsilonFROM debian ENV OPENSSL_VER=1.1.1k ENV OPENSSL_ARCH=linux-generic64 RUN apt update -y && \ apt install -y --no-install-recommends libc6-dev automake gcc make curl ca-certificates && \ apt clean && \ rm -rf /var/lib/apt/lists/ && \ curl https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz \ | tar -xzC /tmp/ && \ cd /tmp/openssl-${OPENSSL_VER} && \ ./Configure --prefix=/root/usr no-tests no-dso no-threads no-shared ${OPENSSL_ARCH} && \ make install_sw && \ rm -rf rm -rf /tmp/openssl-${OPENSSL_VER} /root/usr/bin/openssl /root/usr/bin/c_rehash && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/docker/build.sh0000775000175000017500000000146414623412134023000 0ustar epsilonepsilon#! /bin/sh # ^^^^^^^Mutli OS must use /bin/sh (alpine uses ash, debian uses dash) # This script is executed inside a docker container. # It is used to build gs-netcat as staticly linked binary for various OSes. test -d /gsocket-src || { echo >&2 "/gsocket-src does not exists."; exit 255; } test -d /gsocket-build || { echo >&2 "/gsocket-build does not exists."; exit 255; } cd /gsocket-src && \ ./configure --prefix=/root/usr --enable-stealth --enable-static $(cat /gsocket-src/configure-parameters.txt) && \ make clean all && \ strip tools/gs-netcat && \ { command -v upx >/dev/null && upx tools/gs-netcat; true; } && \ # Test execute the binary (unless cross compiler) { grep host /gsocket-src/configure-parameters.txt >/dev/null || tools/gs-netcat -g || { rm -f tools/gs-netcat; exit 255; }; } && exit exit 255 gsocket-1.4.43/packaging/gsnc-deploy-bin/docker/x86_64-alpine/0000775000175000017500000000000014623412134023541 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/docker/x86_64-alpine/Dockerfile0000664000175000017500000000107414623412134025535 0ustar epsilonepsilonFROM alpine ENV OPENSSL_VER=1.1.1k ENV OPENSSL_ARCH=linux-generic64 WORKDIR /root/ RUN apk update \ && apk add --no-cache bash musl-dev linux-headers gcc make automake openssl-dev curl upx && \ rm -rf /var/cache/apk/* && \ curl https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz \ | tar -xzC /tmp/ && \ cd /tmp/openssl-${OPENSSL_VER} && \ ./Configure --prefix=/root/usr no-tests no-dso no-threads no-shared ${OPENSSL_ARCH} && \ make install_sw && \ rm -rf rm -rf /tmp/openssl-${OPENSSL_VER} /root/usr/bin/openssl /root/usr/bin/c_rehash && \ echo done gsocket-1.4.43/packaging/gsnc-deploy-bin/docker/build_all.sh0000775000175000017500000000421114623412134023621 0ustar epsilonepsilon#! /bin/bash # Build all binaries for gsocket.io/x deployment scripts # Use docker. BASEDIR="$(cd "$(dirname "${0}")/../../../" || exit; pwd)" VER="$(grep AC_INIT "${BASEDIR}/configure.ac" | cut -f3 -d"[" | cut -f1 -d']')" source "${BASEDIR}/packaging/build_funcs" SRCDIR="${BASEDIR}/packaging/build/gsocket-${VER}" GSNCROOT="${BASEDIR}/packaging/gsnc-deploy-bin/docker" if [[ ! -f "${SRCDIR}"/configure.ac ]]; then tar_orig="${BASEDIR}/gsocket-${VER}.tar.gz" [[ -f "$tar_orig" ]] && (cd "${BASEDIR}/packaging/build" && tar xfz "$tar_orig") fi [[ -d "$SRCDIR" ]] || { echo >&2 "Source not found: $SRCDIR or ${tar_orig}."; exit 255; } docker_pack() { [[ -z $1 ]] && { echo >&2 "Parameters missing."; return; } echo "" >"${SRCDIR}/configure-parameters.txt" [[ -z $2 ]] || { echo "$2" >"${SRCDIR}/configure-parameters.txt"; } local dsttar local filename local dockername local dstdir filename="gs-netcat_${1}.tar.gz" dstdir="${GSNCROOT}/.." dsttar="${dstdir}/${filename}" dockername="gs-${1}" [[ -f "${dsttar}" ]] && { echo >&2 "${filename} exists. Skipping."; return; } rm -f "${dsttar}" # Create local docker container if it does not yet exist docker run --rm -it "${dockername}" true 2>/dev/null || ( cd docker && docker build -t "${dockername}" "${1}" ) || { exit 255; } [[ -f "${SRCDIR}/tools/gs-netcat" ]] && rm -f "${SRCDIR}/tools/gs-netcat" docker run --rm -v "${SRCDIR}:/gsocket-src" -v "${GSNCROOT}:/gsocket-build" -it "${dockername}" /gsocket-build/build.sh || { exit 255; } (cd "${SRCDIR}/tools" && ${GTAR_BIN} cfz "${dsttar}" --mode=755 --owner=0 --group=0 gs-netcat) (cd "${dstdir}" && shasum "${filename}" && ls -al "${filename}") } cd "${BASEDIR}/packaging/gsnc-deploy-bin" docker_pack arm-linux "--host=arm" && \ #docker_pack armv7l-linux "--host=armv7l" && \ #docker_pack armv6l-linux "--host=armv6l" && \ docker_pack aarch64-linux "--host=aarch64" && \ docker_pack mips64-alpine "--host=mips64" && \ docker_pack mips32-alpine "--host=mips32" && \ docker_pack mipsel32-alpine "--host=mips32" && \ docker_pack x86_64-alpine && \ docker_pack i386-alpine && \ { echo "SUCCESS"; exit 0; } # USE ALPINE docker_pack x86_64-debian && \ exit 255 gsocket-1.4.43/packaging/gsnc-deploy-bin/docker/arm-linux/0000775000175000017500000000000014623412134023251 5ustar epsilonepsilongsocket-1.4.43/packaging/gsnc-deploy-bin/docker/arm-linux/Dockerfile0000664000175000017500000000104714623412134025245 0ustar epsilonepsilonFROM muslcc/x86_64:arm-linux-musleabi ENV OPENSSL_VER=1.1.1k ENV OPENSSL_ARCH=linux-generic32 WORKDIR /root/ RUN apk update \ && apk add --no-cache bash perl make curl && \ rm -rf /var/cache/apk/* && \ curl https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz \ | tar -xzC /tmp/ && \ cd /tmp/openssl-${OPENSSL_VER} && \ ./Configure --prefix=/root/usr no-tests no-dso no-threads no-shared ${OPENSSL_ARCH} && \ make install_sw && \ rm -rf rm -rf /tmp/openssl-${OPENSSL_VER} /root/usr/bin/openssl /root/usr/bin/c_rehash && \ echo done gsocket-1.4.43/packaging/Makefile0000775000175000017500000000112014623412134016531 0ustar epsilonepsilon VERSION=1.4.23 BIN_NAME=gsocket PKG_NAME=${BIN_NAME}-${VERSION} debuild-setup: ../${PKG_NAME}.tar.gz rm -rf build mkdir build cp ../${PKG_NAME}.tar.gz build && \ cd build && \ tar xfz ${PKG_NAME}.tar.gz -cd build/${PKG_NAME} && \ dh_make -sy -f ../${PKG_NAME}.tar.gz && \ rm -f debian/*.EX debian/*.ex debian/*.docs debian/README.* && \ cp -a ../../debian/* debian/ && \ uscan . debian-debuild: debuild-setup cd build/${PKG_NAME} && \ debuild -S lintian --pedantic -IE build/${BIN_NAME}_*.dsc clean: rm -rf ./build ./${PKG_NAME}.tar.gz debian: debian-debuild echo Done. gsocket-1.4.43/packaging/deploy-all/0000775000175000017500000000000014623412134017136 5ustar epsilonepsilongsocket-1.4.43/packaging/deploy-all/deploy-all_head.sh0000775000175000017500000000127214623412134022522 0ustar epsilonepsilon#! /usr/bin/env bash # Extract deploy.sh and binary packages from _this script_ PKG_DIR="gs-pkg" errexit() { [[ -z "$1" ]] || echo -e 1>&2 "ERROR: ${CR}$*${CN}" exit 255 } check_file() { [[ -f "$1" ]] || errexit "Not found: $1" } check_file "$0" lc=0 while read -r l; do lc=$((lc + 1)) [[ "$l" = "# ---END---" ]] && break done <"$0" [[ $lc -eq 0 ]] && errexit "Cant determine my own file size." # Skip all lines until ---END--- and then untar binaries (head -n"${lc}" >/dev/null; tar xfz -)<"$0" check_file "${PKG_DIR}/deploy.sh" chmod 755 "${PKG_DIR}/deploy.sh" (cd "${PKG_DIR}" && GS_USELOCAL=1 ./deploy.sh) rm -rf ./"${PKG_DIR}" exit 0 # Do not change the next line # ---END--- gsocket-1.4.43/packaging/deploy-all/mk_deploy-all.sh0000775000175000017500000000224514623412134022231 0ustar epsilonepsilon#! /usr/bin/env bash # Create deploy-all.sh: # - Create a tar file containing all static binaries and deploy.sh # - Create shell script with deploy-all_head.sh and append tar file to it. BASEDIR="$(cd "$(dirname "${0}")/../../" || exit; pwd)" source "${BASEDIR}/packaging/build_funcs" targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-osx x86_64-cygwin i686-cygwin mips64-alpine mips32-alpine mipsel32-alpine x86_64-freebsd x86_64-openbsd" # targets="x86_64-alpine x86_64-osx" PKG_DIR="gs-pkg" FILE_DEPLOY_SH="../../deploy/deploy.sh" errexit() { [[ -z "$1" ]] || echo -e 1>&2 "ERROR: ${CR}$*${CN}" exit 255 } check_file() { [[ -f "$1" ]] || errexit "Not found: $1" } check_file deploy-all_head.sh check_file "${FILE_DEPLOY_SH}" rm -rf ./"$PKG_DIR" mkdir "$PKG_DIR" 2>/dev/null for osarch in $targets; do fn="gs-netcat_${osarch}.tar.gz" f="../gsnc-deploy-bin/${fn}" check_file "$f" ln -s "../${f}" "${PKG_DIR}/${fn}" done ln -s ../"${FILE_DEPLOY_SH}" "${PKG_DIR}/deploy.sh" (cat deploy-all_head.sh; "${GTAR_BIN}" cfhz - --owner=0 --group=0 "$PKG_DIR") >deploy-all.sh chmod 755 deploy-all.sh ls -al deploy-all.sh [[ -d "$PKG_DIR" ]] && rm -rf "${PKG_DIR}" gsocket-1.4.43/packaging/debian-deb/0000775000175000017500000000000014623412134017046 5ustar epsilonepsilongsocket-1.4.43/packaging/debian-deb/DEBIAN/0000775000175000017500000000000014623412134017770 5ustar epsilonepsilongsocket-1.4.43/packaging/debian-deb/DEBIAN/control.in0000775000175000017500000000043514623412134022005 0ustar epsilonepsilonPackage: gsocket Version: @@VER@@ Homepage: https://gsocket.io Architecture: all Essential: no Priority: optional Depends: sshfs Maintainer: Skyper/THC Description: The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely. gsocket-1.4.43/packaging/debian-deb/Dockerfile0000664000175000017500000000047414623412134021045 0ustar epsilonepsilon# Debian: :stable still runs on openssl-1.1.0 and but kali and most debian # derived need openssl3. FROM debian:sid RUN apt update -y && \ apt install -y --no-install-recommends git sshfs libssl-dev libc6-dev automake gcc make curl ca-certificates && \ apt clean && \ rm -rf /var/lib/apt/lists/ && \ echo done gsocket-1.4.43/packaging/debian-deb/build.sh0000775000175000017500000000165014623412134020506 0ustar epsilonepsilon#! /bin/bash test -d /gsocket-src || { echo >&2 "/gsocket-src does not exists."; exit 255; } test -d /gsocket-deb || { echo >&2 "/gsocket-deb does not exists."; exit 255; } [[ -z "$VER" ]] && { echo >&2 "VER not set"; exit 255; } PREFIX="/gsocket-deb/build/gsocket_${VER}_all" [[ -e "${PREFIX}" ]] && rm -rf "${PREFIX:?}" mkdir -p "${PREFIX}/DEBIAN" && \ sed "s/@@VER@@/$VER/" < /gsocket-deb/DEBIAN/control.in >"${PREFIX}/DEBIAN/control" && \ cd /gsocket-src && \ ./configure --prefix="${PREFIX}/usr" --enable-realprefix=/usr && \ make install && \ cd /gsocket-deb/build && \ mv "${PREFIX}/usr/etc" "${PREFIX}" && \ find "$PREFIX" -type d -exec chmod 755 {} \; && \ dpkg-deb --build gsocket_${VER}_all/ && \ dpkg -i "gsocket_${VER}_all.deb" && \ dpkg -r gsocket && \ dpkg -l | grep gsocket || IS_OK=1 [[ -z "$IS_OK" ]] && { echo >&2 "error"; exit 255; } mv "gsocket_${VER}_all.deb" "/gsocket-pkg/build" || exit 255 echo "SUCCESS." gsocket-1.4.43/packaging/debian-deb/build_all.sh0000775000175000017500000000153714623412134021342 0ustar epsilonepsilon#! /bin/bash BASEDIR="$(cd "$(dirname "${0}")/../.." || exit; pwd)" VER="$(grep AC_INIT "${BASEDIR}/configure.ac" | cut -f3 -d"[" | cut -f1 -d']')" PKGDIR="${BASEDIR}/packaging" SRCDIR="${BASEDIR}/packaging/build/gsocket-${VER}" DEBDIR="${BASEDIR}/packaging/debian-deb" if [[ ! -f "${SRCDIR}/configure.ac" ]]; then tar_orig="${BASEDIR}/gsocket-${VER}.tar.gz" [[ -f "$tar_orig" ]] && (cd "${BASEDIR}/packaging/build" && tar xfz "$tar_orig") fi [[ -d "$SRCDIR" ]] || { echo >&2 "Source not found: $SRCDIR or ${tar_orig}."; exit 255; } dockername="gs-x86_64-debian-devel" docker run --rm -it "${dockername}" true || (cd "${DEBDIR}" && docker build -t "${dockername}" . ) || { exit 255; } docker run --rm -v "${PKGDIR}:/gsocket-pkg" -v "${SRCDIR}:/gsocket-src" -v "${DEBDIR}:/gsocket-deb" -e VER=$VER -it "${dockername}" /gsocket-deb/build.sh || { exit 255; } gsocket-1.4.43/install.sh0000775000175000017500000000057114623412134015160 0ustar epsilonepsilon#! /usr/bin/env bash ## This script lives at https://gsocket.io/install.sh) command -v git >/dev/null 2>&1 || { echo >&2 "git not found. Try 'apt-get install git'"; exit 1; } git clone --depth 1 https://github.com/hackerschoice/gsocket.git || exit ( cd gsocket \ && ./bootstrap \ && ./configure && make && echo -e "\n---> Type 'cd gsocket; sudo make install' to install." ) gsocket-1.4.43/tools/0000775000175000017500000000000014623412134014310 5ustar epsilonepsilongsocket-1.4.43/tools/gs-sftp0000775000175000017500000000321714623412134015624 0ustar epsilonepsilon#! /usr/bin/env bash # A wrapper script to do this (essentially): # $ gs-netcat -s MySecret -l -e /usr/lib/sftp-server # Host # # $ export GSOCKET_ARGS="-s MySecret" # Workstation # $ sftp -D gs-netcat # Workstation # Try to use the gs-netcat that's in the same directory as this executable. BASEDIR="$(cd "$(dirname "${0}")" || exit; pwd)" # shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. # shellcheck disable=SC1091 # Not following: /etc/gsocket.conf was not specified as input (see shellcheck -x) source "${BASEDIR}/gs_funcs" 2>/dev/null || source "${BASEDIR}/../share/gsocket/gs_funcs" 2>/dev/null || { { source /etc/gsocket.conf 2>/dev/null || source "${BASEDIR}/../etc/gsocket.conf" 2>/dev/null || { echo >&2 "gsocket: gsocket.conf not found."; exit 3; } } && { source "${GS_PREFIX}/share/gsocket/gs_funcs" 2>/dev/null; } } || { echo >&2 "gsocket: gs_funcs not found"; exit 3; } my_usage() { echo "${BIN_NAME} [-k file] [-s password] [-l]" usage "${BIN_NAME}" exit 0 } command -v sftp >/dev/null 2>&1 || { echo >&2 "sftp not found. Try 'apt-get install openssh' or check PATH=?"; exit 1; } gs_init do_getopt "$@" shift $((OPTIND -1)) # Mount Point env_arg_init if [[ -n ${IS_SERVER} ]]; then # SERVER sftp_server_start else # CLIENT ARGS=" -q" [[ -n ${ARGS_NEW[*]} ]] && ARGS=" ${ARGS_NEW[*]}" # shellcheck disable=SC2086 # Double quote to prevent globbing and word splitting. ${RSYNC_ARGS} -> We want word splitting for multiple arugments. GSOCKET_NO_GREETINGS="1" GSOCKET_ARGS="${ENV_ARGS}${ARGS}" exec sftp -D "${GS_NETCAT_BIN}" fi gsocket-1.4.43/tools/console_display.c0000664000175000017500000001134114623412134017643 0ustar epsilonepsilon/* * Used by GS-NETCAT. * * Console Display is a display area for log messages and other messages. * Normally 3 rows and with a history (to scroll up/down). * * This is where log messages are being displayed. */ #include "common.h" #include "console_display.h" #include "pkt_mgr.h" #include "utils.h" int GS_condis_init(GS_CONDIS *cd, int fd, int rows) { memset(cd, 0, sizeof *cd); cd->rows = rows; cd->fd = fd; cd->y = 25 - rows; cd->max_char = 80; cd->pos_display = (cd->pos_add + CONDIS_MAX_HISTORY - cd->rows) % CONDIS_MAX_HISTORY; return 0; } void GS_condis_clear(GS_CONDIS *cd) { cd->entries = 0; cd->pos_add = 0; cd->pos_display = (cd->pos_add + CONDIS_MAX_HISTORY - cd->rows) % CONDIS_MAX_HISTORY; cd->is_redraw_needed = 1; } void GS_condis_add(GS_CONDIS *cd, int level, const char *str) { size_t len; struct condis_line *cdl = &cd->cdl[cd->pos_add]; DEBUGF("%s\n", str); len = MIN(sizeof cdl->line - 1, strlen(str)); memcpy(cdl->line, str, len); cdl->line[len] = 0x00; switch (level) { case GS_PKT_APP_LOG_TYPE_ALERT: cdl->color_str = "\x1B[31;1m"; // BRIGHT RED break; case GS_PKT_APP_LOG_TYPE_NOTICE: cdl->color_str = "\x1B[0m\x1B[33m"; // Reset brightness. Yellow break; case GS_PKT_APP_LOG_TYPE_INFO: cdl->color_str = "\x1B[0m\x1B[32m"; // Reset brightness. green break; default: cdl->color_str = NULL; // default color break; } cd->pos_add = (cd->pos_add + 1) % CONDIS_MAX_HISTORY; cd->pos_display = (cd->pos_add + CONDIS_MAX_HISTORY - cd->rows) % CONDIS_MAX_HISTORY; cd->entries = MIN(CONDIS_MAX_HISTORY, cd->entries + 1); cd->is_redraw_needed = 1; } void GS_condis_printf(GS_CONDIS *cd, int level, const char *fmt, ...) { va_list ap; char buf[CONDIS_LINE_MAX_LEN]; va_start(ap, fmt); vsnprintf(buf, sizeof buf, fmt, ap); va_end(ap); GS_condis_add(cd, level, buf); } // Add " " to console display. void GS_condis_log(GS_CONDIS *cd, int level, const char *str) { char buf[1024]; snprintf(buf, sizeof buf, "%s %s", GS_logtime(), str); GS_condis_add(cd, level, buf); } /* * Set the position and max line length. * Normally called if the dispaly is resized. */ void GS_condis_pos(GS_CONDIS *cd, int y, int max_char) { cd->y = y; // Always have space for \0 cd->max_char = MIN(CONDIS_LINE_MAX_LEN - 1, max_char); cd->is_redraw_needed = 1; } void GS_condis_up(GS_CONDIS *cd) { int apos = cd->pos_add; int dpos = cd->pos_display; if (dpos >= apos) apos += CONDIS_MAX_HISTORY; // Here: apos is larger if (dpos == apos) return; // Cant scroll any further. Out of buffer. if (cd->entries <= cd->rows) return; // Not enough entries to scroll. int max_scroll; int scroll; max_scroll = cd->entries - (apos - dpos); scroll = MIN(cd->rows, max_scroll); cd->pos_display = (dpos + CONDIS_MAX_HISTORY - scroll) % CONDIS_MAX_HISTORY; cd->is_redraw_needed = 1; } void GS_condis_down(GS_CONDIS *cd) { int apos = cd->pos_add; int dpos = cd->pos_display; if (dpos >= apos) apos += CONDIS_MAX_HISTORY; if (dpos + cd->rows >= apos) return; // Cant scroll any further. Last entry int scroll = MIN(cd->rows, apos - (dpos + cd->rows)); cd->pos_display = (dpos + scroll) % CONDIS_MAX_HISTORY; cd->is_redraw_needed = 1; } static void cd_write(int fd, void *buf, size_t len) { // Failed write() to stdout is fatal. if (write(fd, buf, len) != len) ERREXIT("write()\n"); } /* * Draw the console at position and with each string * up to max_char length. Add '..' if string is longer... * * THIS WILL LEAVE THE CURSOR ASTRAY. Use CONSOLE_draw() to correct cursor position. */ void GS_condis_draw(GS_CONDIS *cd, int force) { int pos = cd->pos_display; if (force == 0) { if (cd->is_redraw_needed == 0) return; } cd->is_redraw_needed = 0; char buf[1024]; char *end = buf + sizeof (buf) - 1; // Space for \n char *ptr = buf; DEBUGF("Moving cursor to %d:1f\n", cd->y); SXPRINTF(ptr, end - ptr, "\x1B[%d;1f", cd->y); cd_write(cd->fd, buf, ptr - buf); const char *last_color_str = NULL; struct condis_line *cdl; int i = 0; for (i = 0; i < cd->rows; i++) { if (cd->rows - (i+1) < cd->entries) { cdl = &cd->cdl[pos]; ptr = buf; if (last_color_str != cdl->color_str) { if (cdl->color_str == NULL) SXPRINTF(ptr, end - ptr, "\x1B[0m"); else SXPRINTF(ptr, end - ptr, "%s", cdl->color_str); last_color_str = cdl->color_str; } SXPRINTF(ptr, MIN(end - ptr, cd->max_char + 1), "%s", cdl->line); cd_write(cd->fd, buf, ptr - buf); } pos = (pos + 1) % CONDIS_MAX_HISTORY; cd_write(cd->fd, "\x1B[K", 3); // Clear to end of line if (i < cd->rows - 1) cd_write(cd->fd, "\r\n", 2); // Add \n to all but last line } // Reset color if last color was not the default color if (last_color_str != NULL) cd_write(cd->fd, "\x1B[0m", 4); } gsocket-1.4.43/tools/globbing.h0000664000175000017500000000076214623412134016251 0ustar epsilonepsilon#ifndef __GS_GLOBBING_H__ #define __GS_GLOBBING_H__ 1 typedef struct { const char *name; mode_t mode; uint32_t globbing_id; void *arg_ptr; uint32_t arg_val; } GS_GL; struct _gs_gl { int res; void *func; }; typedef void (gsglobbing_cb_t)(GS_GL *res); int GS_GLOBBING(gsglobbing_cb_t func, const char *path, uint32_t glob_id, void *arg_ptr, uint32_t arg_val); int GS_GLOBBING_argv(gsglobbing_cb_t func, const char *argv[], void *arg_ptr, uint32_t arg_val); #endif /* !__GS_GLOBBING_H__ */gsocket-1.4.43/tools/event_mgr.c0000664000175000017500000000502614623412134016445 0ustar epsilonepsilon/* * Used by GS-NETCAT. * * Callback for event handler and manager for events */ #include "common.h" #include "event_mgr.h" #include "console.h" #include "utils.h" #include "pkt_mgr.h" #include "ids.h" /* * When console is visible then send a ping more often. */ int cbe_ping(void *ptr) { GS_EVENT *event = (GS_EVENT *)ptr; if (gopt.is_console == 0) { return 0; // Return if data was transmitted recently // struct _peer *p = (struct _peer *)event->data; // if (p->gs->ts_net_io + GS_SEC_TO_USEC(gopt.app_keepalive_sec) >= GS_TV_TO_USEC(&gopt.tv_now)) // return 0; } cmd_ping(event->data); return 0; } // CLIENT - Called every second int cbe_bps(void *ptr) { GS_EVENT *event = (GS_EVENT *)ptr; // Calculate BPS CONSOLE_update_bps((struct _peer *)event->data); return 0; } // SERVER: add a log file to a peer static void add_log(struct _peer *p, GS_LIST *gsl, uint8_t log_type, const char *fmt) { GS_LIST_ITEM *li = NULL; while (1) { li = GS_LIST_next(gsl, li); if (li == NULL) break; struct _pkt_app_log *log = malloc(sizeof *log); log->type = log_type; snprintf((char *)log->msg, sizeof log->msg, fmt, (char *)li->data); GS_LIST_add(&p->logs, NULL, log, GS_LIST_ID_COUNT(&p->logs)); } if (gsl->n_items > 0) { p->is_pending_logs = 1; GS_SELECT_FD_SET_W(p->gs); } } // SERVER - Alert gs-user if Muggles are about. Also update // least idle Muggle (ping will use this information). int cbe_ids(void *ptrNOTUSED) { struct _peer *p; if (gopt.ids_peers.n_items == 0) { DEBUGF_R("No peer interested. Removing event IDS\n"); gopt.event_ids = NULL; // caller will free this. We return -1; } // Check for IDS messages. GS_LIST new_login; GS_LIST new_active; GS_LIST_init(&new_login, 0); GS_LIST_init(&new_active, 0); GS_IDS_utmp(&new_login, &new_active, &gopt.ids_active_user, &gopt.ids_idle, &gopt.n_users); if (gopt.ids_idle < 15) gopt.ids_idle = 0; // treat anything below 15 as fully active (0) // DEBUGF_C("Least Idle: %s (%d)\n", gopt.ids_active_user, gopt.ids_idle); // DEBUGF_W("Login: %d, active %d, Total %d\n", new_login.n_items, new_active.n_items, gopt.n_users); /* Search through all peers that want IDS messages */ GS_LIST_ITEM *li = NULL; while (1) { li = GS_LIST_next(&gopt.ids_peers, li); if (li == NULL) break; p = (struct _peer *)li->data; add_log(p, &new_login, GS_PKT_APP_LOG_TYPE_ALERT, "Login : %s"); add_log(p, &new_active, GS_PKT_APP_LOG_TYPE_ALERT, "Active: %s"); } GS_LIST_del_all(&new_login, 0); GS_LIST_del_all(&new_active, 0); return 0; } gsocket-1.4.43/tools/pkt_mgr.h0000664000175000017500000000600014623412134016120 0ustar epsilonepsilon#ifndef __GS_PKT_MGR_H__ #define __GS_PKT_MGR_H__ 1 // Message Numbers for fixed size messages // The number also sets the size. See GS_PKT_MSG_size_by_type() #define PKT_MSG_WSIZE (1) #define PKT_MSG_IDS (2) #define PKT_MSG_PWD (3) // pwd request #define PKT_MSG_PING (16) #define PKT_MSG_PONG (16) #define PKT_MSG_LOG (32) // max 64 bytes long #define PKT_MSG_STATUS (33) // max 64 bytes long // Channel Numbers, variable size messages #define GS_FT_CHN_PUT (0) // 128 #define GS_FT_CHN_ACCEPT (1) // 129 #define GS_FT_CHN_LIST_REQUEST (2) // 130 0x82 #define GS_FT_CHN_DATA (3) // 131 0x83 #define GS_FT_CHN_ERROR (4) // 132 #define GS_FT_CHN_SWITCH (5) // 133 0x85 #define GS_FT_CHN_LIST_REPLY (6) // 134 0x86 #define GS_FT_CHN_DL (7) // 135 0x87 #define GS_CHN_PWD (8) // Result of pwd-request (server to client) struct _pkt_app_ping { uint8_t flags; uint8_t resever[3]; uint8_t user[12]; } __attribute__((__packed__)); struct _pkt_app_pong { uint16_t load; uint16_t idle; uint8_t n_users; uint8_t user[11]; } __attribute__((__packed__)); struct _pkt_app_ids { uint8_t flags; uint8_t reserved[3]; } __attribute__((__packed__)); #define GS_PKT_APP_FL_IDS (0x01) struct _pkt_app_log { uint8_t type; uint8_t msg[63]; } __attribute__((__packed__)); #define GS_PKT_APP_LOG_TYPE_DEFAULT (0x00) // default color #define GS_PKT_APP_LOG_TYPE_ALERT (0x01) // RED #define GS_PKT_APP_LOG_TYPE_NOTICE (0x02) // Yellow #define GS_PKT_APP_LOG_TYPE_INFO (0x03) // green #define GS_PKT_APP_LOG_TYPE_MAX (0x03) // set to highest color code struct _pkt_app_status { uint8_t type; uint8_t msg[63]; } __attribute__((__packed__)); #define GS_PKT_APP_STATUS_TYPE_NOPTY (0x01) // Server could not allocate PTY void pkt_app_cb_wsize(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_ping(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_pong(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_ids(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_log(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_status(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_pwdrequest(uint8_t msg, const uint8_t *data, size_t len, void *ptr); void pkt_app_cb_pwdreply(uint8_t msg, const uint8_t *data, size_t len, void *ptr); int pkt_app_send_wsize(GS_SELECT_CTX *ctx, struct _peer *p, int row); int pkt_app_send_pong(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_ping(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_ids(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_all_log(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_status_nopty(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_ft(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_pwdrequest(GS_SELECT_CTX *ctx, struct _peer *p); int pkt_app_send_pwdreply(GS_SELECT_CTX *ctx, struct _peer *p); #endif /* !__GS_PKT_MGR_H__ */gsocket-1.4.43/tools/filetransfer_mgr.h0000664000175000017500000000040114623412134020005 0ustar epsilonepsilon#ifndef __GS_FILETRANSFER_MGR_H__ #define __GS_FILETRANSFER_MGR_H__ 1 void GS_FTM_init(struct _peer *p, int is_server); void GS_FTM_free(struct _peer *p); ssize_t GS_FTM_mk_packet(GS_FT *ft, uint8_t *dst, size_t dlen); #endif // __GS_FILETRANSFER_MGR_H__ gsocket-1.4.43/tools/gs_funcs0000775000175000017500000003073114623412134016051 0ustar epsilonepsilon#! /usr/bin/env bash [[ $(basename -- "$0") == "gs_funcs" ]] && { echo "Use gsocket, gs-netcat, gs-sftp, gs-mount or blitz instead."; exit 1; } # Find a sftp-server binary find_binary() { bin=$1 command -v "${bin}" && { echo "${bin}"; return; } shift 1 for dir in "$@"; do file="${dir}/${bin}" if [[ -f "$file" ]]; then echo "${file}" return fi done echo "" return } read_password() { echo -n >&2 "${GS_PRFX}Enter Secret (or press Enter to generate): " read -r password if [[ -z "${password}" ]]; then password=$(${GS_NETCAT_BIN} -g) fi echo "${password}" | tr -d "[:space:]" } # haystack1 haystack2 needle ucheck_fail() { [[ "$1" =~ $3 ]] || { echo >&2 "Symbol $3 not found in sftp-server."; exit 255; } [[ "$2" =~ $3 ]] || { echo >&2 "Symbol $3 not found (2)."; exit 255; } } test_sftp() { echo "${1}" | ./gs-sftp -k id_sec.txt -wq 2>&1 | grep -c "Permission denied" } first_symbol() { for func in "$@"; do if [[ "$sym_sftp" =~ $func ]]; then echo "$func " return fi done echo ">>>$*-NOT-FOUND<<< " } uchroot_check_sym() { command -v nm >/dev/null 2>&1 || { echo >&2 "chroot failed (nm not found. apt-get install binutils?). Try -U to disable."; exit 255; } # Extract symbols from .so and sftp-server binary if [[ "$OSTYPE" == "darwin"* ]]; then # on OSX remove the starting "_" from symboles sym_sftp="$(nm -pu "${SFTP_SERVER_BIN}" | sed 's/^_//g')" sym_uchr="$(nm -p "${UCHROOT_BIN}" | grep " T " | sed 's/^_//g')" elif [[ "$OSTYPE" == "solaris"* ]]; then sym_sftp="$(nm -Du "${SFTP_SERVER_BIN}")" sym_uchr="$(nm -p "${UCHROOT_BIN}" | grep " T ")" else sym_sftp="$(nm -Du "${SFTP_SERVER_BIN}")" sym_uchr="$(nm -D "${UCHROOT_BIN}" | grep " T ")" fi [[ -n "$sym_uchr" ]] || { echo >&2 "chroot self-test failed (nm bad1). Try -U to disable."; exit 255; } [[ -n "$sym_sftp" ]] || { echo >&2 "chroot self-test failed (nm bad2). Try -U to disable."; exit 255; } funclist+=$(first_symbol lstat\$INODE64 __lxstat64 __lxstat lstat64 lstat) funclist+=$(first_symbol stat\$INODE64 __xstat64 __xstat stat64 stat) funclist+=$(first_symbol opendir\$INODE64 opendir64 opendir) funclist+=$(first_symbol open64 open) if [[ ! "$OSTYPE" == "solaris2.10"* ]]; then # On solaris 10 the stock OpenSSH install does not use statvfs64 (older version) funclist+=$(first_symbol statvfs64 statvfs) fi [[ "${funclist}" =~ "NOT-FOUND"* ]] && { echo >&2 "Missing symbol...${funclist}"; exit 255; } funclist+="chmod link mkdir rename rmdir symlink unlink" # echo "funclist = $funclist" # DEBUG for func in ${funclist}; do ucheck_fail "${sym_sftp}" "${sym_uchr}" "${func}" done } failed() { echo >&2 "ERROR: Self test failed: $1. Try -U to disable." exit 255 } # Verify that all symboles will get hijacked. exit on failure. # linux osx solaris # sftp -Du -pu -Du # .so -D|T -p|T -p|T uchroot_check() { local VALID_CMD local FAIL_CMD # skip nm-style symbol check on cygwin # (sftp-server does not like nm on cygwin?!) if [[ x"$OSTYPE" != "xcygwin"* ]]; then # NOT cygwin uchroot_check_sym fi # Run a self test (sftp -D sftp-server) command -v sftp >/dev/null 2>&1 || { failed "sftp not found"; } mkdir -p "${ROOTDIR}/ok" mkdir -p "${ROOTDIR}/denied" # echo "ROOTDIR=${ROOTDIR}" # DEBUG echo hello exist-allowed.txt >"${ROOTDIR}/ok/exist-allowed.txt" echo hello exist-denied.txt >"${ROOTDIR}/denied/exist-denied.txt" dd if=/dev/urandom bs=1k count=1 2>/dev/null >"${ROOTDIR}/ok/test1k.dat" echo "\ #! /bin/bash cd \"${ROOTDIR}\"/ok ${PRELOAD} ${SFTP_SERVER_BIN} ${SFTP_ARGS[*]}" >"${ROOTDIR}/sftp-server.sh" chmod 755 "${ROOTDIR}/sftp-server.sh" # Run GOOD commands that should work VALID_CMD=" mkdir dir1 cd dir1 cd .. cd dir1 cd ../ ls ${ROOTDIR}/ok ls ${ROOTDIR}/ok/exist-allowed.txt put test1k.dat dir1 mkdir ./dir2/ " [[ $(cd "${ROOTDIR}/ok"; echo "$VALID_CMD" | sftp -D "${ROOTDIR}/sftp-server.sh" 2>&1 | grep -c "Permission denied") -eq 0 ]] || { failed "valid cmd 0"; } [[ -d "${ROOTDIR}/ok/dir1" ]] || { failed "valid-cmd 1"; } [[ -d "${ROOTDIR}/ok/dir2" ]] || { failed "valid-cmd 2"; } [[ -f "${ROOTDIR}/ok/dir1/test1k.dat" ]] || { failed "valid-cmd 3"; } FAIL_CMD=" rename exist-allowed.txt ../denied/0wned.txt mkdir ./dir1/../../denied/0wned cd dir1/../../denied cd ./../denied ls ${ROOTDIR} cd ${ROOTDIR} cd ${ROOTDIR}/denied cd ${ROOTDIR}/ok/../denied rm ./../denied/exist-denied.txt put test1k.dat ../denied/0wned.dat put test1k.dat ../denied/exist-denied.txt rename exist-allowed.txt ../denied/0wned.txt rename exist-allowed.txt /0wned.txt " [[ $(cd "${ROOTDIR}/ok"; echo "$FAIL_CMD" | sftp -D "${ROOTDIR}/sftp-server.sh" 2>&1 | grep -c "Permission denied") -eq 13 ]] || { failed "fail cmd (2)"; } FAIL_CMD=" ls dir1/../../denied ls ./../denied/exist-denied.txt" [[ $(cd "${ROOTDIR}/ok"; echo "$FAIL_CMD" | sftp -D "${ROOTDIR}/sftp-server.sh" 2>&1 | grep -c "not found") -eq 2 ]] || { failed "fail cmd (3)"; } rm -rf "${ROOTDIR}/ok" &>/dev/null rm -rf "${ROOTDIR}/denied" &>/dev/null rm -rf "${ROOTDIR}/sftp-server.sh" &>/dev/null } gs_find_so_single() { [[ -e "${1}/${2}" ]] && { echo "$(cd "${1}" || exit; pwd)""/${2}"; } } arrayContains() { local e match="$1" shift for e; do [[ "$e" == "$match" ]] && return 0; done return 1 } # Search for the dynamic shared object file. # 1. Try $basedir # 2. Try ${basedir}/../lib # 3. Try /usr/lib # 4. Try /usr/local/lib # Return absolute path to DSO. gs_find_so() { local DL=("${BASEDIR}") # Debian packaging requires libs in /usr/lib/x86_64-linux-gnu :/ if command -v dpkg-architecture &>/dev/null; then DL+=("/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)") fi DL+=("${1}/lib") # This is either GS_PREFIX/lib or BASEDIR/../lib arrayContains "/usr/lib" "${DL[@]}" || DL+=("/usr/lib") arrayContains "/usr/local/lib" "${DL[@]}" || DL+=("/usr/local/lib") for dir in "${DL[@]}"; do res=$(gs_find_so_single "${dir}" "${2}") [[ -z "$res" ]] || { echo "$res"; return; } done } gs_init() { GS_NETCAT_BIN="gs-netcat" BIN="${BASEDIR}/${GS_NETCAT_BIN}" [[ -f "${BIN}" ]] && GS_NETCAT_BIN="${BIN}" # shellcheck disable=SC2034 # appears unused. Verify use (or export if used externally). GS_SFTP_BIN="${BASEDIR}/gs-sftp" EXE="" if [[ "$OSTYPE" == "cygwin"* ]]; then EXE=".exe" fi # To find sftp-server and DSO's in PREFIX/lib PREFIX="$GS_PREFIX" [[ -z "$PREFIX" ]] && PREFIX="$(cd "$(dirname "${0}")/../" || exit; pwd)" # on OSX the dl-files are called .bundle (not .dylib) but it is generally # accepted to call them .so. OSX keep those is /System/Library/gsocket # but automake insists on ${PREFIX}/lib UCHROOT_BIN=$(gs_find_so "$PREFIX" "gsocket_uchroot_dso.so.0${EXE}") [[ -z "$UCHROOT_BIN" ]] && { echo >&2 "gsocket: gsocket_uchroot_dso.so.0${EXE} not found. Try 'apt install dpkg-dev'."; exit 5; } # shellcheck disable=SC2034 # appears unused. Verify use (or export if used externally). GS_SO_BIN=$(gs_find_so "$PREFIX" "gsocket_dso.so.0${EXE}") [[ -z "$GS_SO_BIN" ]] && { echo >&2 "gsocket: gsocket_dso.so.0${EXE} not found."; exit 5; } # shellcheck disable=SC2034 # appears unused. Verify use (or export if used externally). BIN_NAME="$(basename "${0}")" command -v "${GS_NETCAT_BIN}" >/dev/null 2>&1 || { echo >&2 "${GS_NETCAT_BIN} not found. Check PATH=?"; exit 1; } } usage() { echo " -l Server Mode. -R Server in read-only mode. -s Secret (e.g. password). -k Read Secret from file. Example: $ ${1} -s MySecret -l # Server $ ${1} -s MySecret # Client See 'gs-netcat -h' for more options." } do_getopt() { OPTERR=0 FL_NEED_PASSWORD=1 IS_UCHROOT=1 # Check if -s or -k is already supplied in environment and dont ask again. [[ "$GSOCKET_ARGS" =~ ^'-s' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ' -s' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ^'-k' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ' -k' ]] && unset FL_NEED_PASSWORD # shellcheck disable=SC2220 # Invalid flags are not handled. Add a *) case. while getopts ":qhURgls:k:L:" opt; do case ${opt} in s ) GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="-s" # Add to end of array GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="$OPTARG" # Add to end of array unset FL_NEED_PASSWORD ;; k ) GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="-k" # Add to end of array KFILE=$(cd "$(dirname "$OPTARG")" && pwd)/$(basename "$OPTARG") [[ -f "${KFILE}" ]] || { echo >&2 "File not found: ${KFILE}"; exit 255; } GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="${KFILE}" # Add to end of array # KFILE=$(eval echo "$OPTARG") # Add to end of array # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]=$(eval echo "$OPTARG") # Add to end of array unset FL_NEED_PASSWORD ;; g ) "${GS_NETCAT_BIN}" -g exit ;; h ) my_usage ;; q ) IS_QUIET=1 ARGS_NEW[${#ARGS_NEW[@]}]="-q" ;; l ) # shellcheck disable=SC2034 # appears unused. Verify use (or export if used externally). IS_SERVER=1 ARGS_NEW[${#ARGS_NEW[@]}]="-l" # Add to end of array ;; R ) # shellcheck disable=SC2034 # appears unused. Verify use (or export if used externally). IS_READONLY=1 SFTP_ARGS[${#SFTP_ARGS[@]}]="-R" ;; U ) unset IS_UCHROOT ;; \? ) # UNKNOWN option. Handle before '*' (e.g. -l) ARGS_NEW[${#ARGS_NEW[@]}]="-${OPTARG}" # Add to end of array ;; * ) # Other (known opts from opstring) w parameters (e.g. -L ) ARGS_NEW[${#ARGS_NEW[@]}]="-${opt}" # Add to end of array ARGS_NEW[${#ARGS_NEW[@]}]="${OPTARG}" # Add to end of array ;; esac done # Solaris 10 problems: # - stock sftp-server does not allow -p -> Acceptable risk # - LD_PRELOAD does not seem to work. Does anyone still use solaris10? if [[ "$OSTYPE" == "solaris2.10"* ]]; then echo -e >&2 "\033[1;31mWARNING\033[0m: uchroot not (yet) supported on solaris 10." unset IS_UCHROOT fi } env_arg_init() { # Prepare existing GSOCKET_ARGS to take more arguments if there are any [[ -n "$GSOCKET_ARGS" ]] && GSOCKET_ARGS+=" " if [[ -n "$FL_NEED_PASSWORD" ]]; then password=$(read_password) # shellcheck disable=SC2034 # GSOCKET_SECRET appears unused => It's used in 'gs' GSOCKET_SECRET="${password}" echo "${GS_PRFX}=Secret : ${password}" GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="-s" # Add to end of array GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="$password" # Add to end of array fi # Have to output it here because gs-netcat might be started from withing # sshfs or sftpd where stderr is no longer available to gs-netcat [[ -n "$IS_QUIET" ]] || echo >&2 "${GS_PRFX}=Encryption : SRP-AES-256-CBC-SHA-End2End (Prime: 4096 bits)" ENV_ARGS="${GSOCKET_ARGS}${GSNC_ENV_ARGS[*]}" } sftp_server_start() { # SERVER if [[ "$OSTYPE" == "darwin"* ]]; then # OSX does not allow LD_PRELOAD of binaries in /usr/. Copy to tmp... ROOTDIR=$(mktemp -d -t thc-gs-sftp) # FIXME: temp file only cleaned on reboot. Hmm... cp /usr/libexec/sftp-server "${ROOTDIR}/sftp-server" &>/dev/null SFTP_SERVER_BIN="${ROOTDIR}/sftp-server" PRELOAD="DYLD_INSERT_LIBRARIES=${UCHROOT_BIN} DYLD_FORCE_FLAT_NAMESPACE=1" else if [[ -n "${IS_UCHROOT}" ]]; then ROOTDIR=$(mktemp -d -t thc-gs-sftp-XXXXXXXXXXXXXXX) fi SFTP_SERVER_BIN=$(find_binary "sftp-server${EXE}" "${PREFIX}/lib" /opt/csw/libexec /usr/lib /usr/local/lib /usr/libexec /usr/libexec/openssh /usr/lib/ssh /usr/sbin) PRELOAD="LD_PRELOAD=${UCHROOT_BIN}" fi [[ -z "${SFTP_SERVER_BIN}" ]] && { echo >&2 "sftp-server binary not found."; exit 1; } # SFTP_ARGS[${#SFTP_ARGS[@]}]="-l" # SFTP_ARGS[${#SFTP_ARGS[@]}]="DEBUG3" # tail /var/log/auth.log | grep 'Refusing non-whitelisted' # Whitelist of commands sftp-server should allow (most are not needed # by sftp but for sshfs) # *** WARNING ***: If you add a string here you also must make sure that # gsocket_uchroot_dso checks the command for uchroot-escape. SFTP_ARGS[${#SFTP_ARGS[@]}]="-p" SFTP_ARGS[${#SFTP_ARGS[@]}]="open,opendir,mkdir,remove,rmdir,symlink,hardlink,stat,posix-rename,statvfs,setstat,fsetstat,fstat,lstat,readdir,realpath,write,read,close" ENV_ARGS="${GSOCKET_ARGS}${GSNC_ENV_ARGS[*]}" if [[ -n "${IS_UCHROOT}" ]]; then [[ -z "${ROOTDIR}" ]] && { failed "(mktemp)"; } uchroot_check # Try to delete temporary directory. OSX still has sftp-server bin in there and must be deleted rmdir "${ROOTDIR}" &>/dev/null else echo -e >&2 "\033[1;31mWARNING\033[0m: uchroot disabled. Allowing access to *ALL* files on this host." unset PRELOAD fi GSOCKET_NO_GREETINGS="1" GSOCKET_ARGS="${ENV_ARGS}" exec "${GS_NETCAT_BIN}" "${ARGS_NEW[@]}" -e "${PRELOAD} ${SFTP_SERVER_BIN} ${SFTP_ARGS[*]} 2>/dev/null" } gsocket-1.4.43/tools/console.h0000664000175000017500000000206614623412134016127 0ustar epsilonepsilon#ifndef __GST_CONSOLE_H__ #define __GST_CONSOLE_H__ 1 // #define GS_CONSOLE_ESC 0x1d // ctrl-] (^]) // #define GS_CONSOLE_ESC_CHR ']' // #define GS_CONSOLE_ESC_STR "^]" // #define GS_CONSOLE_ESC 0x02 // ctrl-b (^B) // #define GS_CONSOLE_ESC_CHR 'B' // #define GS_CONSOLE_ESC_STR "^B" #define GS_CONSOLE_ESC 0x05 // ctrl-E (^E) #define GS_CONSOLE_ESC_CHR 'E' #define GS_CONSOLE_ESC_LCHR 'e' #define GS_CONSOLE_ESC_STR "^E" #define GS_CONSOLE_ROWS (8) // Status-bar + Display + Prompt ssize_t CONSOLE_write(int fd, void *data, size_t len); int CONSOLE_check_esc(uint8_t c, uint8_t *submit); int CONSOLE_action(struct _peer *p, uint8_t key); int CONSOLE_command(struct _peer *p, const char *cmd); void CONSOLE_reset(void); void CONSOLE_resize(struct _peer *p); int CONSOLE_readline(struct _peer *p, void *data, size_t len); void CONSOLE_draw(int fd); void CONSOLE_update_pinginfo(struct _peer *p, float ms, int load, char *active_user, int sec_idle, uint8_t n_users); void CONSOLE_update_bps(struct _peer *p); #endif /* !__GST_CONSOLE_H__ */ gsocket-1.4.43/tools/gsocket0000775000175000017500000001240514623412134015677 0ustar epsilonepsilon#! /usr/bin/env bash # Try to use the gs-netcat that's in the same directory as this executable. BASEDIR="$(cd "$(dirname "${0}")" || exit; pwd)" # shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. # shellcheck disable=SC1091 # Not following: /etc/gsocket.conf was not specified as input (see shellcheck -x) source "${BASEDIR}/gs_funcs" 2>/dev/null || source "${BASEDIR}/../share/gsocket/gs_funcs" 2>/dev/null || { { source /etc/gsocket.conf 2>/dev/null || source "${BASEDIR}/../etc/gsocket.conf" 2>/dev/null || { echo >&2 "gsocket: gsocket.conf not found."; exit 3; } } && { source "${GS_PREFIX}/share/gsocket/gs_funcs" 2>/dev/null; } } || { echo >&2 "gsocket: gs_funcs not found"; exit 3; } my_usage() { echo "${BIN_NAME} [-k file] [-s password] -s Secret (e.g. password). -k Read Secret from file. -p Range of listening ports to redirect [default=all] -T Use TOR. Example: $ ${BIN_NAME} -s MySecret /usr/bin/sshd -d # Server $ ${BIN_NAME} -s MySecret ssh root@gsocket # Client See 'gs-netcat -h' for more options." exit "$1" } my_getopt() { OPTERR=0 # shellcheck disable=SC2034 # FL_NEED_PASSWORD appears unused. => used i env_arg_init FL_NEED_PASSWORD=1 # Check if -s or -k is already supplied in environment and dont ask again. [[ "$GSOCKET_ARGS" =~ ^'-s' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ' -s' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ^'-k' ]] && unset FL_NEED_PASSWORD [[ "$GSOCKET_ARGS" =~ ' -k' ]] && unset FL_NEED_PASSWORD # shellcheck disable=SC2220 # Invalid flags are not handled. Add a *) case. while getopts ":qhgTp:s:k:L:" opt; do case ${opt} in s ) # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="-s" # Add to end of array # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="$OPTARG" # Add to end of array GSOCKET_SECRET="$OPTARG" unset FL_NEED_PASSWORD ;; k ) # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="-k" # Add to end of array KFILE=$(cd "$(dirname "$OPTARG")" && pwd)/$(basename "$OPTARG") [[ -f "${KFILE}" ]] || { echo >&2 "File not found: ${KFILE}"; exit 255; } GSOCKET_SECRET=$(<"${KFILE}") # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]="${KFILE}" # Add to end of array # KFILE=$(eval echo "$OPTARG") # Add to end of array # GSNC_ENV_ARGS[${#GSNC_ENV_ARGS[@]}]=$(eval echo "$OPTARG") # Add to end of array unset FL_NEED_PASSWORD ;; g ) "${GS_NETCAT_BIN}" -g exit ;; h ) my_usage 0 ;; p ) GS_HIJACK_PORTS="${OPTARG}" ;; T ) [[ -z "${GSOCKET_SOCKS_IP}" ]] && GSOCKET_SOCKS_IP="127.0.0.1" ;; q ) # shellcheck disable=SC2034 # IS_QUIET appears unused. => Used in env_arg_init IS_QUIET=1 ARGS_NEW[${#ARGS_NEW[@]}]="-q" ;; \? ) # UNKNOWN option. Handle before '*' (e.g. -l) ARGS_NEW[${#ARGS_NEW[@]}]="-${OPTARG}" # Add to end of array ;; * ) # Other (known opts from opstring) w parameters (e.g. -L ) ARGS_NEW[${#ARGS_NEW[@]}]="-${opt}" # Add to end of array ARGS_NEW[${#ARGS_NEW[@]}]="${OPTARG}" # Add to end of array ;; esac done [[ -n "${GSOCKET_SECRET}" ]] && unset FL_NEED_PASSWORD } # default values GS_HIJACK_PORTS="1-65535" # shellcheck disable=SC2034 # GS_RFX appears unused. => Used in gs_funcs GS_PRFX="gsocket: " gs_init my_getopt "$@" shift $((OPTIND -1)) [[ ${#@} -le 0 ]] && { echo >&2 "ERROR: No program specified"; my_usage 255; } command -v "$1" >/dev/null 2>&1 || { echo >&2 "gsocket: command not found: ${1}"; exit 1; } if [[ "$OSTYPE" == "darwin"* ]]; then # OSX does not allow LD_PRELOAD of binaries in /usr/. Copy to tmp... ROOTDIR=$(mktemp -d -t thc-gsXXXXXX) PROGBIN_FULLPATH=$(which "$1") [[ -z "$PROGBIN_FULLPATH" ]] && { echo >&2 "gsocket: command not found: ${1}"; exit 1; } # FIXME: temp file is only cleaned on reboot. Hmm... cp "${PROGBIN_FULLPATH}" "${ROOTDIR}/" &>/dev/null PROGBIN_NAME="$(basename "${1}")" # programm binary PROGBIN="${ROOTDIR}/${PROGBIN_NAME}" # System Integrity Protection makes dyld ignore # DYLD_INSERT_LIBRARIES. # There are two ways how MacOS determines if a binary is SIP protected: # 1. The location of the binary (ls -alO /usr/bin/ssh) # 2. If the binary contains 'entitlements' (regardless of its location on the fs). # A hack around this is to remove the signature completed (which will also disable # any entitlements). IS_REMOVE_SIGN=1 command -v csrutil >/dev/null && [[ ! "$(csrutil status)" =~ enabled ]] && { unset IS_REMOVE_SIGN; } [[ -n $IS_REMOVE_SIGN ]] && command -v codesign >/dev/null && [[ -n "$(codesign -d --entitlements - "${PROGBIN}" 2>/dev/null)" ]] && { codesign --remove-signature "${PROGBIN}"; } else ROOTDIR="" PROGBIN="${1}" fi env_arg_init shift 1 if [[ "$OSTYPE" == "darwin"* ]]; then GS_NETCAT_BIN=${GS_NETCAT_BIN} GS_HIJACK_PORTS="${GS_HIJACK_PORTS}" GSOCKET_SOCKS_IP="${GSOCKET_SOCKS_IP}" GSOCKET_ARGS="${ENV_ARGS} ${ARGS_NEW[*]}" GSOCKET_SECRET="${GSOCKET_SECRET}" DYLD_INSERT_LIBRARIES=${GS_SO_BIN} DYLD_FORCE_FLAT_NAMESPACE=1 exec "${PROGBIN}" "$@" else GS_NETCAT_BIN=${GS_NETCAT_BIN} GS_HIJACK_PORTS="${GS_HIJACK_PORTS}" GSOCKET_SOCKS_IP="${GSOCKET_SOCKS_IP}" GSOCKET_ARGS="${ENV_ARGS} ${ARGS_NEW[*]}" GSOCKET_SECRET="${GSOCKET_SECRET}" LD_PRELOAD=${GS_SO_BIN} exec "${PROGBIN}" "$@" fi gsocket-1.4.43/tools/Makefile.am0000775000175000017500000000672114623412134016355 0ustar epsilonepsilon# test with # make install DESTDIR=/tmp/installer noinst_PROGRAMS = gs-helloworld gs-pipe gs-full-pipe @PROGRAMS_TEST_TOOLS@ EXTRA_PROGRAMS = packet-test readline-test console_display-test filetransfer-test bin_PROGRAMS = gs-netcat EXTRA_DIST = gsocket.conf.in noinst_PROGRAMS += gsocket_dso.so.0 gsocket_uchroot_dso.so.0 # https://www.gnu.org/software/automake/manual/automake.html says that # it should default to '${prefix}/etc' and not '/etc' and that the installer # will have to set '--sysconfdir=/etc' to change the default behaviour. gsocket_confdir = $(sysconfdir) gsocket_conf_DATA = gsocket.conf gs_funcsdir = $(datarootdir)/gsocket dist_gs_funcs_DATA = gs_funcs # lib_LIBRARIES = gsocket_dso.so gsocket_uchroot_dso.so # ERROR: This will generate static libs.. # lib_LTLIBRARIES = gsocket_dso.so gsocket_uchroot_dso.so # LT_INIT([disable-static]) has no effect. It insists to generate shared # and static libs (which wont work because those are DSO's on OSX). # So we must use noinst_PROGRAMS and an install-hook gs_helloworld_SOURCES = 1_gs-helloworld.c utils.c gsocket_dso-lib.c gs_helloworld_LDADD = ../lib/libgsocket.a @LDADD_STATIC@ gs_helloworld_CFLAGS = @CFLAGS_STATIC@ gs_pipe_SOURCES = 2_gs-pipe.c utils.c gsocket_dso-lib.c gs_pipe_LDADD = ../lib/libgsocket.a @LDADD_STATIC@ gs_pipe_CFLAGS = @CFLAGS_STATIC@ gs_full_pipe_SOURCES = 3_gs-full-pipe.c utils.c gsocket_dso-lib.c gs_full_pipe_LDADD = ../lib/libgsocket.a @LDADD_STATIC@ gs_ful_pipe_CFLAGS = @CFLAGS_STATIC@ gs_netcat_SOURCES = 4_gs-netcat.c utils.c socks.c console.c ids.c event_mgr.c pkt_mgr.c console_display.c filetransfer.c globbing.c filetransfer_mgr.c gsocket_dso-lib.c gs_netcat_LDADD = ../lib/libgsocket.a @LDADD_STATIC@ gs_netcat_CFLAGS = @CFLAGS_STATIC@ dist_bin_SCRIPTS = blitz gs-sftp gs-mount gsocket gsocket_uchroot_dso_so_0_SOURCES = gsocket_uchroot_dso.c gsocket_uchroot_dso_so_0_CFLAGS = -shared -fPIC gsocket_uchroot_dso_so_0_LDFLAGS = @LDADD_LIBDL@ @SONAME_GSOCKET_UCHROOT_DSO@ gsocket_dso_so_0_SOURCES = gsocket_dso.c gsocket_dso-lib.c gsocket_dso_so_0_CFLAGS = -shared -fPIC gsocket_dso_so_0_LDADD = @LDADD_STATIC@ gsocket_dso_so_0_LDFLAGS = @LDADD_LIBDL@ @SONAME_GSOCKET_DSO@ install-exec-hook: -rm -f $(DESTDIR)$(bindir)/gs_funcs # Old gs installed this here. Remove it now. $(install_sh) -d $(DESTDIR)$(libdir) $(install_sh) -c -m @PERM_DSO@ gsocket_dso.so.0 gsocket_uchroot_dso.so.0 $(DESTDIR)$(libdir) ln -sf gsocket_dso.so.0$(EXEEXT) $(DESTDIR)$(libdir)/gsocket_dso.so$(EXEEXT) ln -sf gsocket_uchroot_dso.so.0$(EXEEXT) $(DESTDIR)$(libdir)/gsocket_uchroot_dso.so$(EXEEXT) uninstall-hook: -rm -f $(DESTDIR)$(libdir)/gsocket_dso.so.0$(EXEEXT) -rm -f $(DESTDIR)$(libdir)/gsocket_dso.so$(EXEEXT) -rm -f $(DESTDIR)$(libdir)/gsocket_uchroot_dso.so.0$(EXEEXT) -rm -f $(DESTDIR)$(libdir)/gsocket_uchroot_dso.so$(EXEEXT) packet_test_SOURCES = packet-test.c utils.c gsocket_dso-lib.c packet_test_LDADD = ../lib/libgsocket.a readline_test_SOURCES = readline-test.c utils.c gsocket_dso-lib.c readline_test_LDADD = ../lib/libgsocket.a console_display_test_SOURCES = console_display.c console_display-test.c utils.c gsocket_dso-lib.c console_display_test_LDADD = ../lib/libgsocket.a filetransfer_test_SOURCES = filetransfer.c filetransfer-test.c utils.c gsocket_dso-lib.c globbing.c filetransfer_test_LDADD = ../lib/libgsocket.a noinst_HEADERS = common.h utils.h socks.h console.h ids.h event_mgr.h pkt_mgr.h gs-netcat.h console_display.h filetransfer.h man_gs-netcat.h globbing.h filetransfer_mgr.h gsocket_dso-lib.h gsocket-1.4.43/tools/man_gs-netcat.h0000664000175000017500000002742314623412134017211 0ustar epsilonepsilonconst char *man_str = "\ GS-NETCAT(1) General Commands Manual GS-NETCAT(1)\n\ \n\ NAME\n\ gs-netcat – transfer data, forward traffic and execute commands on a\n\ remote host. Securely.\n\ \n\ SYNOPSIS\n\ gs-netcat [-rlgvqwCTSDiu] [-s secret] [-k keyfile] [-L logfile] [-d IP]\n\ [-p port] [-e cmd]\n\ \n\ DESCRIPTION\n\ The gs-netcat utility is a re-implementation of netcat. It allows two or\n\ more users to establish a secure TCP connection with each other in a\n\ scenario where all users are behind NAT/Firewall and would not be able to\n\ connect to each other directly. Typically a connection between one\n\ workstation and another workstation on a different Local Area Network.\n\ \n\ It uses the Global Socket Relay Network (GSRN) instead of direct TCP\n\ connections. Neither workstation needs to open a port in their firewall\n\ or accept incoming TCP connections.\n\ \n\ The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256\n\ and a 4096 Prime. The GSRN sees only the encrypted traffic.\n\ \n\ Common uses include:\n\ \n\ • simple TCP proxies\n\ • PTY shell\n\ • File transfer\n\ • a SOCKS ProxyCommand for ssh(1)\n\ • and much, much more.\n\ \n\ OPTIONS\n\ -C Disable encryption and use clear-text instead. Use with caution.\n\ \n\ -d ip Destination IPv4 address for port forwarding.\n\ \n\ -D Daemon & Watchdog mode. Start gs-netcat as a background process\n\ and restart if killed.\n\ \n\ -e cmd Execute command and send output to the connected client. Needs\n\ -l.\n\ \n\ -g Generate a secure random password and output it to standard\n\ output.\n\ \n\ -i Interactive login shell. The server spawns a true PTY login\n\ shell. The client acts as a true PTY client (with Ctrl-C etc\n\ working). The client can terminate the session by typing 'Ctrl-e\n\ q' at any time or by typing 'exit'. The server supports multiple\n\ clients at the same time.\n\ \n\ -k file\n\ A file containing the password.\n\ \n\ -l Server/Listening mode. The default mode is client.\n\ \n\ -L file\n\ Log file [default: standard out]\n\ \n\ -p port\n\ Port to listen on or to forward traffic to [1-65535].\n\ \n\ -q Quiet mode. Do not output any warnings or errors.\n\ \n\ -r Receive-only. Do not send any data. Terminate when no more data\n\ is available for reading.\n\ \n\ -s secret\n\ A password chosen by the user. Both users need to use the same\n\ password to connect.\n\ \n\ -S Act as a SOCKS4/4a/5 server. The server acts as a SOCKS4/4a/5\n\ proxy. It allows multiple gs-netcat clients to (securely) relay\n\ traffic via the server. Needs -l.\n\ \n\ -T Use TOR. The gs-netcat tool will connect via TOR to the GSRN.\n\ This requires TOR to be installed and running. The IP and PORT of\n\ the TOR server can be set using environment variables.\n\ \n\ -t Connect to the GSRN (only) and check if the peer is listening. Do\n\ not connect the peer.\n\ \n\ -u Use UDP instead of TCP for port forwarding. Needs -p.\n\ \n\ -v Prints status messages. Use -vv to be more verbose and -vvv to be\n\ insanely verbose.\n\ \n\ -w Client to wait for the listening server to become available.\n\ \n\ CONSOLE\n\ The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-\n\ e c' (e for EEEElite) opens the command console. The command console\n\ displays the following information:\n\ \n\ • Latency (in milliseconds) to the remote host\n\ • Warning when a user logs into the system or becomes active\n\ • Data throughput\n\ • File transfer logs\n\ Type 'help' for a list of available commands.\n\ \n\ FILETRANSFER\n\ File transfer is available from the command console. Files are\n\ transferred with the permission and modification timestamp unchanged.\n\ Partially transferred files are re-started where the transfer was left\n\ off. The 'put' command is used for uploading:\n\ put foobar.txt\n\ put $HOME/foobar.txt\n\ put /tmp/*.log\n\ put $(find. -type f -name '*.c')\n\ (The above example shows Shell Variable substitution and word expansion)\n\ It is possible to limit the amount of path information that is sent as\n\ implied directories for each path you specify. You can insert a dot and a\n\ slash into the source path, like this:\n\ put /foo/./bar/baz.c\n\ That would create /tmp/bar/baz.c on the remote machine. The 'get'\n\ command is used for downloading:\n\ get foobar.txt\n\ get $(find /var/./ -name '*.log')\n\ Transferring a directory automatically transfers all files and\n\ directories within that directory (recursively):\n\ get /var/log\n\ get /\n\ The first command transfers all directories and files in /var/log/*. The\n\ latter command transfers the entire filesystem. Multiple get/put\n\ commands can be scheduled at the same time.\n\ \n\ EXAMPLES\n\ Example 1 - Listen for a new connection using the password 'MySecret':\n\ $ gs-netcat -s MySecret -l\n\ \n\ Connect with client using the same password:\n\ $ gs-netcat -s MySecret\n\ \n\ Example 2 - spawn a PTY login shell when a client connects:\n\ $ gs-netcat -s MySecret -l -i\n\ \n\ Log in to server's interactive shell:\n\ $ gs-netcat -s MySecret -i\n\ \n\ Log in via TOR:\n\ $ gs-netcat -s MySecret -i -T\n\ \n\ Log in via a Socks5 Proxy:\n\ $ export GSOCKET_SOCKS_IP=127.0.0.1\n\ $ export GSOCKET_SOCKS_PORT=1080\n\ $ gs-netcat -s MySecret -i -T\n\ \n\ Example 3 - Execute a command when a client connects:\n\ $ gs-netcat -s MySecret -l -e 'echo hello world; id; exit'\n\ \n\ Connect client to the server:\n\ $ gs-netcat -s MySecret\n\ \n\ Example 4 - Pipe data from client to server:\n\ $ gs-netcat -s MySecret -l -r >warez.tar.gz\n\ \n\ Client to read 'warez.tar.gz' and pipe it to the server.\n\ $ gs-netcat -s MySecret