Displaying 7 results from an estimated 7 matches for "all_opens_permitted".
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...txt);
if (sock != -1) {
c = channel_new("connected socket",
SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0,
@@ -2349,7 +2366,7 @@
void
channel_permit_all_opens(void)
{
- if (num_permitted_opens == 0)
+ if (num_permitted_opens == 0 && num_permittednet_opens == 0)
all_opens_permitted = 1;
}
@@ -2368,6 +2385,35 @@
}
void
+channel_add_permittednet_opens(char *netblock, char *netmask, int porta, int portb)
+{
+ /* XXX this does not make any sens */
+ if (num_permittednet_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("channel_request_remote_forwarding: too many f...
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote:
> Hi Devin, have you looked at using openssh certificates to help manage
[...]
> While the feature has been around for a while now (and is really
> useful), there doesn't seem to be huge amount of documentation around
> it. I found the following useful when getting a client of my running
Yeah, when I wrote about it
2002 Aug 13
1
[PATCH] global port forwarding restriction
...atic int num_permitted_opens = 0;
+
+/* Don't allow any more to be added. */
+static int fix_permitted_opens = 0;
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
@@ -2212,10 +2216,31 @@
all_opens_permitted = 1;
}
+/*
+ * If the server-wide configuration specifies some permitted_opens
+ * then don't allow users to add to them.
+ */
void
-channel_add_permitted_opens(char *host, int port)
+channel_fix_permitted_opens(void)
{
- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ if (...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...dif
/* Initiate forwarding */
+ log("TCP forwarding listening on port %d %s", port,
+ gateway_ports ? "open" : "private");
channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);
/* Free the argument string. */
@@ -2227,10 +2249,31 @@
all_opens_permitted = 1;
}
+/*
+ * If the server-wide configuration specifies some permitted_opens
+ * then don't allow users to add to them.
+ */
void
-channel_add_permitted_opens(char *host, int port)
+channel_fix_permitted_opens(void)
{
- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ if (...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...is permitted and connect. */
Channel *
-channel_connect_to_path(const char *path, char *ctype, char *rname)
+channel_connect_to_path(const char *path, char *ctype, char *rname,
+ struct ForwardOptions *fwd_opts)
{
int i, permit, permit_adm = 1;
+ char *connect_path;
+ Channel *c;
permit = all_opens_permitted;
if (!permit) {
@@ -3852,7 +3926,21 @@ channel_connect_to_path(const char *path, char *ctype, char *rname)
"but the request was denied.", path);
return NULL;
}
- return connect_to(path, PORT_STREAMLOCAL, ctype, rname);
+
+ if (path[0] != '/') {
+ if (fwd_opts->st...
2001 Oct 24
2
disable features
...ff -u -r1.140 channels.c
--- channels.c 10 Oct 2001 22:18:47 -0000 1.140
+++ channels.c 22 Oct 2001 18:25:31 -0000
@@ -76,7 +76,7 @@
*/
static int channel_max_fd = 0;
-
+#ifdef WITH_TCPFWD
/* -- tcp forwarding */
/*
@@ -102,8 +102,9 @@
* anything after logging in anyway.
*/
static int all_opens_permitted = 0;
+#endif
-
+#ifdef WITH_X11FWD
/* -- X11 forwarding */
/* Maximum number of fake X11 displays to try. */
@@ -122,8 +123,9 @@
*/
static char *x11_fake_data = NULL;
static u_int x11_fake_data_len;
+#endif
-
+#ifdef WITH_AGENTFWD
/* -- agent forwarding */
#define NUM_SOCKS 10
@@ -1...