search for: env_len

...ariables before passing them to mux master. */ +static int +env_permitted(char *env) { - Buffer m; - Channel *c; - int client_fd, new_fd[3], ver, allowed, window, packetmax; - socklen_t addrlen; - struct sockaddr_storage addr; - struct mux_session_confirm_ctx *cctx; - char *cmd; - u_int i, j, len, env_len, mux_command, flags, escape_char; - uid_t euid; - gid_t egid; - int start_close = 0; - - /* - * Accept connection on control socket - */ - memset(&addr, 0, sizeof(addr)); - addrlen = sizeof(addr); - if ((client_fd = accept(muxserver_sock, - (struct sockaddr*)&addr, &addrlen)) == -...

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

...i]))) { + return 1; + } + } + + error("%s control mode uid/gid denied: %s/%s", __func__, euidstr, egidstr); + + return 0; /* Deny by default. */ +} + + static void client_process_control(fd_set * readset) { @@ -686,8 +764,6 @@ struct confirm_ctx *cctx; char *cmd; u_int i, len, env_len, command, flags; - uid_t euid; - gid_t egid; /* * Accept connection on control socket @@ -703,16 +779,21 @@ return; } - if (getpeereid(client_fd, &euid, &egid) < 0) { - error("%s getpeereid failed: %s", __func__, strerror(errno)); + switch(client_control_grant(cl...