Commit ce174152 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.5.2

Olivier Dembour <>
Contributors :
Nicolas Collignon <>
This diff is collapsed.
Version 0.5.2
Removal of left OpenSSL includes
Version 0.5.1
Remove OpenSSL library due to GPL conflicts
- Add specific PolarSSL hmac functions in dns2tcp
- No more external library needed
Kill child when authentication fails
Remove useless '=' padding
Version 0.5
Typo fixed in config file :
resource is know correctly written (with one 's')
Client now compiles and works under Windows (by Nicolas Collignon)
find the first DNS if server not specified
add --disable-{client,server} option in Makefile
Request type are now independant (TXT, KEY)
Add a client authentication (identification)
Fix bind problem and typo (Thanks Taylor R Campbell)
Server now put the AA flag in reply (Thanks Taylor R Campbell)
Client can execute command (for reverse connection)
dns2tcpc can be used as a proxy (like ProxyCommand for SSH)
pid file can be defined in the config file (patch from Michael Scherer)
Version 0.4.3
Fix buffer overflow and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Version 0.4.1
Fix buffer overflow in dns_decode
Fix bind Problem (thanks Taylor R Campbell)
Fix compilation problem in FreeBSD
Version 0.4
Typo fixed in README, manpages
64 bits architectures now working
Fix bind on in server (Thanks Charlie Von Metzradt)
client more reliable
Version 0.3
public release
Basic Installation
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `' is used to create `configure' by a program
called `autoconf'. You only need `' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
Installation Names
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/' if it exists, then
`PREFIX/etc/' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
`configure' recognizes the following options to control how it
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
Print a summary of the options to `configure', and exit.
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.
# $Id:,v 2010/05/18 15:35:47 dembour Exp $
EXTRA_DIST = common
rm -rf `find $(distdir)/ -name CVS`
This diff is collapsed.
---------- [ Note ] ----------
Dns2tcp is a tool for relaying TCP connections over DNS. There is only
a simple identification mecanism but no encryption : DNS encapsulation
must be considered as an unsecure and anonymous transport
layer. Resources should be public external services like ssh,
ssltunnel ...
----------[ Examples ]----------
View list of available connection.
$ dns2tcpc -z -k <my-key> <dns_server>
Available connection(s) :
Line based connection to a remote ssl-tunnel host :
$ dns2tcpc -r ssl-tunnel -l 4430 -k <my-key> -z <dns_server>
listening on port 4430
File configuration :
$ cat > ~/.dns2tcprc << EOF
domain =
resource = ssl-tunnel
local_port = 4430
debug_level = 1
key = whateveryouwant
server = the_dns_server # or scan /etc/resolv.conf
$ dns2tcpc
Server :
File configuration :
$ cat > ~/.dns2tcpdrc << EOF
listen = x.x.x.x
port = 53
user = nobody
key = whateveryouwant
chroot = /var/empty/dns2tcp/
domain =
resources = ssh: , smtp:,
pop3:, ssh2:[fe80::1664]:22
$ ./dns2tcpd -F -d 1
----------[ Known Bugs ]----------
DNS desynchronisation
dns2tcpd server not supported on Windows
This diff is collapsed.
bin_PROGRAMS = dns2tcpc
INCLUDES = -I./includes/ -I../common/includes
CLEANFILES= *~ *.~ \#*
EXTRA_DIST = includes dns2tcprc
dns2tcpc_SOURCES = \
../common/hmac_sha1.c \
select.c \
../common/crc16.c \
rr.c \
../common/mycrypto.c \
command.c \
session.c \
../common/config.c \
queue.c \
client.c \
../common/list.c \
../common/myrand.c \
auth.c \
../common/dns.c \
../common/mystrnlen.c \
requests.c \
../common/memdump.c \
../common/base64.c \
socket.c \
options.c \
This diff is collapsed.
** Copyright (C) 2006 Olivier DEMBOUR
** $Id: auth.c,v 2010/01/06 12:50:40 dembour Exp $
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** GNU General Public License for more details.
** You should have received a copy of the GNU General Public License
** along with This program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#include <string.h>
#include <stdio.h>
#include "client.h"
#include "dns.h"
#include "myerror.h"
#include "list.h"
#include "requests.h"
#include "socket.h"
#include "base64.h"
#include "myrand.h"
#include "session.h"
#include "myerror.h"
#include "debug.h"
#include "rr.h"
* @brief ask and list remote resource available
* @param[in] conf configuration
* @retval 0 on success
* @retval -1 on error
int list_resources(t_conf *conf)
char domain[MAX_DNS_LEN + 1];
char buffer[MAX_DNS_LEN + 1];
int len;
uint16_t id, session_id;
t_request request;
uint32_t count = 0;
uint8_t compress;
if (!((session_id = create_session(conf))))
return (-1);
if (create_simple_req(conf, &request, RESOURCE, (char *)&domain, session_id))
return (-1);
DPRINTF(1, "Requesting resource\n");
if ((id = send_query(conf, &request)) == 0)
return (-1);
if (!(request.len = get_simple_reply(conf, (char *)&request.req_data, id)))
return (-1);
printf("Available connection(s) : \n");
while ((len = request.request_functions->rr_decode_next_reply(&request, (char *)&buffer, MAX_DNS_LEN , count++)))
buffer[len] = 0;
printf("\t%s\n", &buffer[PACKET_LEN]);
compress = query_is_compressed((char *)&(request.req_data), request.len);
printf("\nNote : Compression %s available !\n", compress ? "SEEMS" : "NOT");
return (0);
* @brief connect to a specific ressource
* @param[in] conf configuration
* @param[in] session_id session identifier
* @retval 0 on success
* @retval 1 on error
uint16_t connect_resource(t_conf *conf, uint16_t session_id)
char domain[MAX_DNS_LEN + 1];
char *resource;
char buffer[MAX_DNS_LEN + 1];
int len;
t_request request;
t_packet *packet;
if (create_simple_req(conf, &request, CONNECT, (char *)&domain, session_id))
resource = &request.req_data[PACKET_LEN];
DPRINTF(1, "Connect to resource \"%s\"\n", conf->resource);
strncpy(resource, conf->resource, sizeof(request.req_data) - PACKET_LEN - 1);
request.len = PACKET_LEN + strlen(conf->resource);
if ((len = transceive_query(conf, &request, (char *)&buffer, sizeof(buffer)-1 )) == -1)
return (1);
buffer[len] = 0;
packet = (t_packet *)&buffer;
if (packet->type != OK)
fprintf(stderr, "Error : %s\n", (char *) (packet+1));
return (packet->type != OK);
This diff is collapsed.
** Copyright (C) 2006 Olivier DEMBOUR
** $Id: command.c,v 2010/06/01 15:25:29 collignon Exp $
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** GNU General Public License for more details.
** You should have received a copy of the GNU General Public License
** along with This program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#ifndef _WIN32
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "mywin32.h"
#include <signal.h>
#include <stdlib.h>
#include <errno.h>
#include "myerror.h"
#include "list.h"
#include "client.h"
#include "debug.h"
#define IS_SEPARATOR(c) ((c == ' ') || (c == '\t') || (c == '\n'))
#define MAX_ARG_SIZE 64
#ifndef _WIN32
* @brief find numbers of arguments
* @param[in] cmdline command to execute
* @retval numbers of arguments
int count_arg(char *cmdline)
int i = 0;
while (*cmdline)
if (IS_SEPARATOR(*cmdline++))
return (i);
* @brief convert command line into argv
* @param[in] line command line
* @param[in] argv table
void line_to_argv(char *line, char **argv)
int i = 0;
if (!IS_SEPARATOR(*line))
argv[i++] = line;
while (*line)
while ((*line) && (!IS_SEPARATOR(*line)))
while ((*line) && (IS_SEPARATOR(*line)))
*line++ = 0;
argv[i++] = *line? line: 0;
* @brief create a process, add it into client list
* @param[in] conf configuration
* @retval 0 on success
* @retval -1 on error
int create_process(t_conf *conf)
int from_child[2];
int to_child[2];
int status;
pid_t pid;
if ((pipe(from_child) == -1) || (pipe(to_child) == -1))
pid = fork();
if (!pid)
char *argv[MAX_ARG_SIZE];
line_to_argv(conf->cmdline, argv);
if (count_arg(conf->cmdline) > MAX_ARG_SIZE)
fprintf(stderr, "Arg size > MAX_ARG_SIZE\n");
exit (-1);
if (dup2(to_child[0], STDIN_FILENO) == -1)
return (-1);
if (dup2(from_child[1], STDOUT_FILENO) == -1)
return (-1);
if (dup2(from_child[1], STDERR_FILENO) == -1)
return (-1);
fprintf(stderr, "execv error (%d) for '%s'\n", errno, conf->cmdline);
DPRINTF(1, "Executing %s (Pid %d)\n", conf->cmdline, (int)pid);
if (add_client(conf, from_child[0], to_child[1] , pid))
/* BUGFIX: child process not killed if auth has failed (with -e) */
kill(pid, SIGKILL);
waitpid(-1, &status, WNOHANG);
close(from_child[0]); close(to_child[1]);
return (-1);
return (0);
* Windows pipe handling simply *SUX*
* It doesn't seem possible to perform asynchronous I/O on anonymous pipes.
* ReadFile() will block if there is no pending data. We don't want to use
* any additional thread.
* So we have to use named pipe... nasty ugly trick ...
static int create_pipe(HANDLE *rfd, HANDLE *wfd, int async_read, SECURITY_ATTRIBUTES *attr)
char name[128];
sprintf(name, "\\\\.\\pipe\\win-sux-no-async-anon-pipe-%lu-%i",
GetCurrentProcessId(), rand());
DPRINTF(2, "using pipe %s\n", name);
*rfd = CreateNamedPipe(name,
PIPE_TYPE_BYTE|PIPE_WAIT, 2, 4096, 4096,
5000 /*msec*/, attr);
MYERROR("error: failed to create pipe\n");
return -1;
*wfd = CreateFile(name, GENERIC_WRITE, 0, attr,
MYERROR("error: failed to create pipe\n");
return -1;
return 0;
int create_process(t_conf *conf)
BOOL res;
HANDLE stdin_child, stdin_parent, stdout_parent, stdout_child, stderr_child;
DWORD pid;
ZeroMemory(&sattr, sizeof(sattr));
ZeroMemory(&pi, sizeof(pi));
ZeroMemory(&si, sizeof(si));
sattr.nLength = sizeof(sattr);
sattr.bInheritHandle = TRUE;
// stdin pipe
if (create_pipe(&stdin_child, &stdin_parent, 0, &sattr))
return -1;
// stdout pipe
if (create_pipe(&stdout_parent, &stdout_child, 1, &sattr))
return -1;
// stderr pipe
if (!DuplicateHandle(GetCurrentProcess(), stdout_child,
GetCurrentProcess(), &stderr_child,
MYERROR("error: failed to duplicate pipe handle\n");
return -1;
SetHandleInformation(stdin_parent, HANDLE_FLAG_INHERIT, 0);
SetHandleInformation(stdout_parent, HANDLE_FLAG_INHERIT, 0);
si.cb = sizeof(si);
si.hStdInput = stdin_child;
si.hStdOutput = stdout_child;
si.hStdError = stderr_child;
//FIXME print error
res = CreateProcess(NULL, conf->cmdline, NULL, NULL, TRUE, 0,
NULL, NULL, &si, &pi);
if (!res)
MYERROR("error: failed to create process (%lu)\n", GetLastError());
return -1;
pid = GetProcessId(pi.hProcess);
DPRINTF(3, "===============================\n");
DPRINTF(3, "pipes: %lx/%lx\n", (long)stdin_parent, (long)stdout_parent);
DPRINTF(3, "proc: %lx\n", (long)pi.hProcess);
DPRINTF(3, "===============================\n");
if (add_client(conf, (socket_t)stdout_parent,
(socket_t)stdin_parent, pi.hProcess))