Displaying 3 results from an estimated 3 matches for "channel_fix_permitted_opens".
2002 Aug 13
1
[PATCH] global port forwarding restriction
...ch we have to trust the client anyway, and the user could do
@@ -2212,10 +2216,31 @@
all_opens_permitted = 1;
}
+/*
+ * If the server-wide configuration specifies some permitted_opens
+ * then don't allow users to add to them.
+ */
void
-channel_add_permitted_opens(char *host, int port)
+channel_fix_permitted_opens(void)
{
- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ if (num_permitted_opens != 0)
+ fix_permitted_opens = 1;
+}
+
+int
+channel_add_permitted_opens(char *hostport)
+{
+ char host[256], sport[6];
+ u_short port;
+
+ if (sscanf(hostport, "%255[^:]:%5[0-9]", host, spo...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...st_port, gateway_ports);
/* Free the argument string. */
@@ -2227,10 +2249,31 @@
all_opens_permitted = 1;
}
+/*
+ * If the server-wide configuration specifies some permitted_opens
+ * then don't allow users to add to them.
+ */
void
-channel_add_permitted_opens(char *host, int port)
+channel_fix_permitted_opens(void)
{
- if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ if (num_permitted_opens != 0)
+ fix_permitted_opens = 1;
+}
+
+int
+channel_add_permitted_opens(char *hostport)
+{
+ char host[256], sport[6];
+ u_short port;
+
+ if (sscanf(hostport, "%255[^:]:%5[0-9]", host, spo...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in