Displaying 6 results from an estimated 6 matches for "channel_add_permitted_open".
Did you mean:
channel_add_permitted_opens
2002 Aug 13
1
[PATCH] global port forwarding restriction
...char *patterns = xmalloc(strlen(opts) + 1);
opts += strlen(cp);
@@ -247,8 +245,7 @@
}
patterns[i] = 0;
opts++;
- if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 &&
- sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
+ if (channel_add_permitted_opens(patterns) < 0) {
debug("%.100s, line %lu: Bad permitopen specification "
"<%.100s>", file, linenum, patterns);
auth_debug_add("%.100s, line %lu: "
@@ -256,16 +253,6 @@
xfree(patterns);
goto bad_option;
}
- if ((port = a2port...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...char *patterns = xmalloc(strlen(opts) + 1);
opts += strlen(cp);
@@ -243,8 +243,7 @@
}
patterns[i] = 0;
opts++;
- if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 &&
- sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
+ if (channel_add_permitted_opens(patterns) < 0) {
debug("%.100s, line %lu: Bad permitopen specification "
"<%.100s>", file, linenum, patterns);
auth_debug_add("%.100s, line %lu: "
@@ -252,16 +251,6 @@
xfree(patterns);
goto bad_option;
}
- if ((port = a2port...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...tednet_opens[i].portb_to_connect &&
+ port >= permittednet_opens[i].porta_to_connect &&
+ port <= permittednet_opens[i].portb_to_connect) ||
+ (!permittednet_opens[i].portb_to_connect &&
+ permittednet_opens[i].porta_to_connect == port)) {
+ channel_add_permitted_opens(host,port);
+ permit = 1;
+ }
+ }
+ }
+ xfree(host_dst);
+ }
+ }
+ if (!permit) {
+ if (pw && ctxt->valid)
+ logit("%s (uid:%d) requests to connect to host %.100s port %d, "
+ "but the request was denied.",ctxt->pw->pw_name,ctxt->p...
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote:
> Hi Devin, have you looked at using openssh certificates to help manage
[...]
> While the feature has been around for a while now (and is really
> useful), there doesn't seem to be huge amount of documentation around
> it. I found the following useful when getting a client of my running
Yeah, when I wrote about it
2001 Oct 24
2
disable features
...2001 18:26:52 -0000
@@ -53,7 +53,9 @@
xfree(forced_command);
forced_command = NULL;
}
+#ifdef WITH_TCPFWD
channel_clear_permitted_opens();
+#endif
}
/*
@@ -257,8 +259,10 @@
xfree(patterns);
goto bad_option;
}
+#ifdef WITH_TCPFWD
if (options.allow_tcp_forwarding)
channel_add_permitted_opens(host, port);
+#endif
xfree(patterns);
goto next_option;
}
Index: channels.c
===================================================================
RCS file: /home/markus/cvs/ssh/channels.c,v
retrieving revision 1.140
diff -u -r1.140 channels.c
--- channels.c 10 Oct 2001 22:18:47 -0000 1.14...