search for: channel_connect_to

Displaying 19 results from an estimated 19 matches for "channel_connect_to".

2008 Jul 09
2
Changes in channel_connect_to
I just want to make sure I'm interpreting this correctly. In 5.0 channel_connect_to would only return the requested socket. You'd then need to use this socket to create the channel with with channel_new. In 5.1 channel_connect_to doesn't return the socket but rolls in channel_new and now returns the channel directly. The usage of channel_new hasn't changed though,...
2000 Nov 24
2
Getting the authctxt
My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the globa...
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...ns = 0; /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -2110,7 +2127,7 @@ originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); - sock = channel_connect_to(host, host_port); + sock = channel_connect_to(host, host_port, ctxt); if (sock != -1) { c = channel_new("connected socket", SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0, @@ -2349,7 +2366,7 @@ void channel_permit_all_opens(void) { - if (num_permitted_opens == 0) + if (num...
2009 Feb 17
2
Idea: reverse socks proxy
Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of
2009 Jan 30
12
[Bug 1552] New: Patch to log tunnel information
...for all I know, but I for one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunn...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...eq, void *ctxt, int loud) { Channel *c = NULL; u_short host_port; @@ -1989,6 +1995,8 @@ originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); + if (loud) + log("TCP forwarding connection to %s port %d", host, host_port); sock = channel_connect_to(host, host_port); if (sock != -1) { c = channel_new("connected socket", @@ -2004,6 +2012,18 @@ xfree(host); } +void +channel_input_port_open_quiet(int type, u_int32_t seq, void *ctxt) +{ + channel_input_port_open(type, seq, ctxt, 0); +} + +void +channel_input_port_open_loud(int...
2009 Jan 30
1
Patch to log tunnel information
...for all I know, but I for one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunn...
2001 Jun 20
1
openssh and port forwarding as root
...hat forwards users requested port forwards as root, so the connection seems to come from root. Is it enough to open the socket as normal user so the connection would appear to come from that user ? (On Linux this seems to work, but what about other OS's ?) I tested this briefly by wrapping the channel_connect_to(target,target_port); (in serverloop.c:server_request_direct_tcpip) with temporarily_use_uid and restore_uid calls and it seems to work (I used hardcoded values for temporarily_use_uid). Is it possible to acquire the username/uid/gid info in server_request_direct_tcpip (and where the socket is open...
2004 Jan 15
0
two minor memory leaks
...p.c, function server_input_channel_open(), the ctype variable is a char *, dynamically allocated in packet_get_string. It's xfree'd at the end of the function. However, before that, it's passed to server_request_session/server_request_direct_tcpip, which call either channel_new or channel_connect_to, passing in ctype. The channel structure keeps a pointer to ctype, so when server_input_channel_open returns, and xfree's the ctype pointer, the pointer held by the channel structure is now pointing at free'd memory. The channel never appears to use the ctype at all (at least on the s...
2003 Sep 26
0
(no subject)
...on: if (((strcmp(target, "localhost") == 0) && (!options.allow_nonlocal_port_forward_destinations)) || (options.allow_nonlocal_port_forward_destinations)) { debug("port forwarding to target %s allowed", target); sock = channel_connect_to(target, target_port); } else { debug("port forwarding to target %s not allowed", target); sock = -1; } This code effecitvely allows the OpenSSH server to be configured to only allow port forwarding if the destination host is the OpenSSH server itself (...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...log("Received request to open remote forwarded channel (%d) but the request was denied", rchan); + return NULL; + } + + /* TODO: Somekind of access control ?? + * Maybe tcp_wrappers/username/group based access control ?? + */ + + /* Open socket and allocate a channel for it */ + sock = channel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(originator_address)); + c = channel_lookup...
2000 Aug 15
0
Experimental -R support patch for openssh client
...ceived request to open remote forwarded channel (%d) but the request was denied", rchan); + return NULL; + } + + /* TODO: call somekind of forward allowed function to check if connection + * is allowed. + */ + /* int allowed = allow_forwarded_tcpip( .... ); */ + + /* Open socket */ + sock = channel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(client_address)); + c = channel_lookup( ne...
2002 Aug 13
1
[PATCH] global port forwarding restriction
...et_af(int af); void channel_permit_all_opens(void); -void channel_add_permitted_opens(char *, int); +void channel_fix_permitted_opens(void); +int channel_add_permitted_opens(char *); void channel_clear_permitted_opens(void); void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); --- servconf.c 26 Jul 2002 11:02:28 -0000 1.3 +++ servconf.c 13 Aug 2002 18:50:33 -0000 @@ -41,6 +41,7 @@ #include "cipher.h" #include "kex.h" #include "mac.h" +#include "channels.h" static void add_listen_addr(ServerOptions *, c...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2002 Jan 05
2
new feature w/ patch
...port, gateway_ports); /* Free the argument string. */ xfree(hostname); diff -ru openssh-3.0.2p1/channels.h openssh-3.0.2p1-NewFeature/channels.h --- openssh-3.0.2p1/channels.h Sun Nov 11 18:04:55 2001 +++ openssh-3.0.2p1-NewFeature/channels.h Sat Jan 5 14:34:05 2002 @@ -189,7 +189,7 @@ int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); void channel_request_remote_forwarding(u_short, const char *, u_short); -int channel_request_local_forwarding(u_short, const char *, u_short, int); +int channel_request_local_forwarding(const char *, u_short, const char *...
2001 Feb 01
0
warnings on aix325
...: warning: implicit declaration of function `socket' channels.c:1494: warning: implicit declaration of function `setsockopt' channels.c:1501: warning: implicit declaration of function `bind' channels.c:1512: warning: implicit declaration of function `listen' channels.c: In function `channel_connect_to': channels.c:1642: warning: implicit declaration of function `connect' channels.c: In function `x11_create_display_inet': channels.c:1819: warning: implicit declaration of function `gethostname' cipher.c: In function `cipher_by_name': cipher.c:450: warning: implicit declaration...
2008 Aug 27
18
[Bug 1513] New: CIDR address/masklen matching support for permitopen=
https://bugzilla.mindrot.org/show_bug.cgi?id=1513 Summary: CIDR address/masklen matching support for permitopen= Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org
2004 Aug 05
1
LocalForward and RemoteForward bind patch
...name); diff -u -r openssh-3.8p1/channels.h openssh-3.8p1-localbind/channels.h --- openssh-3.8p1/channels.h 2003-10-01 23:17:00.000000000 -0700 +++ openssh-3.8p1-localbind/channels.h 2004-08-05 09:44:22.159094328 -0700 @@ -199,9 +199,9 @@ void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); -void channel_request_remote_forwarding(u_short, const char *, u_short); -int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); -int channel_setup_remote_fwd_listener(const char *, u_short, int); +void...
2001 Feb 10
3
Protocol 2 remote forwarding patch
...log("Received request to open remote forwarded channel (%d) but the request was denied", rchan); + return NULL; } + + /* TODO: Somekind of access control ?? + * Maybe tcp_wrappers/username/group based access control ?? + */ + + /* Open socket and allocate a channel for it */ + sock = channel_connect_to(permitted_opens[i].host_to_connect, + permitted_opens[i].port_to_connect); + + if ( sock >= 0 ) { + newch = channel_new("forwarded-tcpip", SSH_CHANNEL_OPEN, + sock, sock, -1, 4*1024, 32*1024, 0, + xstrdup(originator_address), 1); + c = channel_lookup( newch ); +...