NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: builtin httpd + pub dirs = snafu

On Jun 22, 2011, at 4:10 AM, Rhialto wrote:
> What I imagine is a little program that sits on the https or http port,
> accepts connections, determines whether it is ssh or http, does some
> plumbing[1] and gets out of the way.

You could start with plug-gw from the TIS FWTK.  Of course, if the local
firewall was doing it's job, it would already be forcing HTTP and HTTPS
through an HTTP-aware proxy which would block attempts to put other
protocols like SSH through.

> Determining the protocol ought to be possible. HTTP servers expect an
> immediate GET request. SSH servers first issue a prompt before a client
> reply is due. So if the little program first waits for half a second or
> so to see if a HTTP request comes in, and otherwise assumes SSH, this
> should be good enough.

Indeed.  Just make sure you don't upset the locals by violating their
security policies.  :-)

> [1] as far as I know there is no way to plumb two file descriptors
> together, a read and a write one, both open in the current program, such
> that the current process gets taken out of the loop and data written to
> the one are immediately available on the other. That would be very
> useful for a utility like this[2].

Unix domain sockets?

> [2] and while we're thinking up new plumbing operations, a pipe cutter
> that interposes a process into the data stream of a single existing pipe
> or other file descriptor would be useful too.



Home | Main Index | Thread Index | Old Index