search for: channel_request_remote_forward

...t listen_port, const char *bind_address, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, NULL, 0, gateway_ports); + bind_address, listen_port, listen_address, 0, gateway_ports); } /* @@ -2252,7 +2253,7 @@ */ void -channel_request_remote_forwarding(u_short listen_port, +channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { int type, success = 0; @@ -2263,7 +2264,8 @@ /* Send the forward request to the remote side. */ if (compat20) { - const cha...

...s/channels.c Tue Aug 15 19:10:49 2000 @@ -1506,38 +1509,139 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the for...

...)) != 1) { + logit("Bad forwarding port."); + goto out; + } + + fwd_port = a2port(sfwd_port); + if (channel_setup_local_fwd_listener(fwd_port, "socks", + 0, options.gateway_ports) < 0) { logit("Port forwarding failed."); goto out; } - } else - channel_request_remote_forwarding(fwd_port, buf, - fwd_host_port); + + } else { + if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3 && + sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", + sfwd_port, buf, sfwd_host_port) != 3) { + + logit("Bad forwarding spec...

...performed against listen_host when in remote fwd mode; otherwise hostname of any length is sent over The check against connect_host is already in channel_setup_fwd_listener(). I think that correct way is to remove the check from parse_forward() completely and put a new check against listen_host to channel_request_remote_forwarding(). patch attached. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...xstrdup("port listener")); @@ -1506,38 +1645,149 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the for...

...xstrdup("port listener"), 1); @@ -1536,15 +1639,12 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the for...

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

...rmittednet_opens == 0) all_opens_permitted = 1; } @@ -2368,6 +2385,35 @@ } void +channel_add_permittednet_opens(char *netblock, char *netmask, int porta, int portb) +{ + /* XXX this does not make any sens */ + if (num_permittednet_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) + fatal("channel_request_remote_forwarding: too many forwards"); + + if (portb) debug("allow port forwarding to netblock %s/%s port %d-%d", netblock,netmask, porta, portb); + else debug("allow port forwarding to netblock %s/%s port %d", netblock,netmask, porta); + + /* Continue if conversion fails - checked whil...

..."streamlocal" unix domain socket forwarding patch into 4.4p1 (or rather 20060926 SNAP) and I gather that the ExitOnForwardFailure capability only works for protocol 1.0. Am I misreading things? I was really looking forward to that feature. I noticed when I began fixing a merge reject in channel_request_remote_forwarding(). - Bill

http://bugzilla.mindrot.org/show_bug.cgi?id=1037 Summary: Man page for -L and -R should mention -g Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: Documentation AssignedTo: bitbucket at mindrot.org ReportedBy:

...3) + { + msg = "Invalid port forward"; + goto out; + } + if (local) { + n = channel_request_local_forwarding(fwd_port, buf, + fwd_host_port, + options.gateway_ports); + if (n <= 0) { + msg = "Port forwarding failed"; + goto out; + } + } + else + channel_request_remote_forwarding(fwd_port, buf, fwd_host_port); + + msg = "Forwarding port"; + out: + signal(SIGINT, handler); + enter_raw_mode(); + if (msg) { + snprintf(string, sizeof string, "%s\r\n", msg); + buffer_append(berr, string, strlen(string)); + } +} + /* process the characters one by one */...

...t;%255[^:]:%5[0-9]", host, sport) != 2 && + sscanf(hostport, "%255[^/]/%5[0-9]", host, sport) != 2) + return -1; + if ((port = a2port(sport)) == 0) + return -1; + + if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION || + fix_permitted_opens) fatal("channel_request_remote_forwarding: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); @@ -2224,6 +2249,7 @@ num_permitted_opens++; all_opens_permitted = 0; + return 0; } void @@ -2231,6 +2257,8 @@ { int i; + if (fix_permitted_opens) + return; for (i = 0; i &lt...

...f the channels. This is * updated in channel_allocate. @@ -1506,15 +1509,12 @@ u_short port_to_connect) { int payload_len; + int type; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the for...

...1/channels.h openssh-3.0.2p1-NewFeature/channels.h --- openssh-3.0.2p1/channels.h Sun Nov 11 18:04:55 2001 +++ openssh-3.0.2p1-NewFeature/channels.h Sat Jan 5 14:34:05 2002 @@ -189,7 +189,7 @@ int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); void channel_request_remote_forwarding(u_short, const char *, u_short); -int channel_request_local_forwarding(u_short, const char *, u_short, int); +int channel_request_local_forwarding(const char *, u_short, const char *, u_short, int); int channel_request_forwarding(const char *, u_short, const char *, u_short, int, int);...

...t;%255[^:]:%5[0-9]", host, sport) != 2 && + sscanf(hostport, "%255[^/]/%5[0-9]", host, sport) != 2) + return -1; + if ((port = a2port(sport)) == 0) + return -1; + + if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION || + fix_permitted_opens) fatal("channel_request_remote_forwarding: too many forwards"); debug("allow port forwarding to host %s port %d", host, port); @@ -2239,6 +2282,7 @@ num_permitted_opens++; all_opens_permitted = 0; + return 0; } void @@ -2246,6 +2290,8 @@ { int i; + if (fix_permitted_opens) + return; for (i = 0; i &lt...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...S_FAILURE); + buffer_put_cstring(r, "Port forwarding failed"); + goto out; + } + add_local_forward(&options, &fwd); + freefwd = 0; + } else { + /* XXX wait for remote to confirm */ + if (options.num_remote_forwards + 1 >= + SSH_MAX_FORWARDS_PER_DIRECTION || + channel_request_remote_forwarding(fwd.listen_host, + fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) + goto fail; + add_remote_forward(&options, &fwd); + freefwd = 0; + } + buffer_put_int(r, MUX_S_OK); + out: + if (fwd_desc != NULL) + xfree(fwd_desc); + if (freefwd) { + if (fwd.listen_host != NULL...