search for: host_to_connect

...t payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind =...

...nd/channels.c --- openssh-3.8p1/channels.c 2004-01-20 16:02:09.000000000 -0800 +++ openssh-3.8p1-localbind/channels.c 2004-08-05 12:55:16.101830360 -0700 @@ -86,6 +86,7 @@ * network (which might be behind a firewall). */ typedef struct { + char *listen_host; /* Address to listen on */ char *host_to_connect; /* Connect to 'host'. */ u_short port_to_connect; /* Connect to 'port'. */ u_short listen_port; /* Remote side should listen port number. */ @@ -2146,8 +2147,7 @@ char ntop[NI_MAXHOST], strport[NI_MAXSERV]; success = 0; - host = (type == SSH_CHANNEL_RPORT_LISTENER) ? -...

...t; with that port, as seen in the following code snippet: > > Channel * > channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) > { > int i; > > for (i = 0; i < num_permitted_opens; i++) { > if (permitted_opens[i].host_to_connect != NULL && > port_match(permitted_opens[i].listen_port, listen_port)) { > return connect_to( > permitted_opens[i].host_to_connect, > permitted_opens[i].port_to_connect, ctype, rna...

...to_connect) { int payload_len; + int type; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind =...

...int payload_len; + int type; + int success = 0; /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind =...

...sh-3.0.2p1-NewFeature/channels.c --- openssh-3.0.2p1/channels.c Thu Oct 11 20:35:05 2001 +++ openssh-3.0.2p1-NewFeature/channels.c Sat Jan 5 15:36:10 2002 @@ -2057,11 +2057,11 @@ * channel to host:port from remote side. */ int -channel_request_local_forwarding(u_short listen_port, const char *host_to_connect, - u_short port_to_connect, int gateway_ports) +channel_request_local_forwarding(const char *listen_host, u_short listen_port, + const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_request_forwarding( - NULL, listen_port, + listen_host, listen_...

...t payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind =...

https://bugzilla.mindrot.org/show_bug.cgi?id=2416 Bug ID: 2416 Summary: [PATCH] Allow forwarding of stdio to streamlocal end points Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

...a new forwarding. But when the forwarding is cancelled the element is not really freed. It is marked somehow to be not in use but the current code cannot reuse it. 4) again permitted_opens. channel_request_rforward_cancel() identifies the local side of a forwarding only by permitted_opens[i].host_to_connect and permitted_opens[i].listen_port. Since a forwarding is really a quadruple this looks a little fragile to me. In fact you can try to remove a forwarding by specifying only a port number ssh -S ~/.ssh/ctl -O cancel-rforward 2000 localhost This matches an element of permitted_opens and reset...

https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5

...CTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1); c->connect_ctx = cctx; @@ -3347,6 +3479,10 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && port_match(permitted_opens[i].listen_port, listen_port)) { + if (permitted_opens[i].port_to_connect == FWD_PERMIT_ANY_PORT) + return channel_new(ctype, SSH_CHANNEL_RDYNAMIC, -1, -1, -1, + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1); + ret...

...ct = porta; + permittednet_opens[num_permittednet_opens].portb_to_connect = portb; + num_permittednet_opens++; + + all_opens_permitted = 0; +} + +void channel_clear_permitted_opens(void) { int i; @@ -2374,6 +2420,10 @@ for (i = 0; i < num_permitted_opens; i++) xfree(permitted_opens[i].host_to_connect); + for (i = 0; i < num_permittednet_opens; i++) { + xfree(permittednet_opens[i].netblock_to_connect); + xfree(permittednet_opens[i].netmask_to_connect); + } num_permitted_opens = 0; } @@ -2452,23 +2502,52 @@ /* Check if connecting to that port is permitted and connect. */ int -channe...

...nssh-6.5p1-1/canohost.c:292 #2 0x0000000100418db5 in port_open_helper (c=c at entry=0x600074700, rtype=rtype at entry=0x10045fe0d <log_facilities+301> "direct-tcpip") at /usr/src/debug/openssh-6.5p1-1/channels.c:1388 #3 0x000000010041dc07 in channel_connect_stdio_fwd ( host_to_connect=0x600039800 "machine2", port_to_connect=22, in=in at entry=4, out=5) at /usr/src/debug/openssh-6.5p1-1/channels.c:1269 #4 0x0000000100401566 in ssh_init_stdio_forwarding () at /usr/src/debug/openssh-6.5p1-1/ssh.c:1260 #5 0x0000000100454171 in ssh_session2 () at /usr/src/debu...

...a new forwarding. But when the forwarding is cancelled the element is not really freed. It is marked somehow to be not in use but the current code cannot reuse it. 4) again permitted_opens. channel_request_rforward_cancel() identifies the local side of a forwarding only by permitted_opens[i].host_to_connect and permitted_opens[i].listen_port. Since a forwarding is really a quadruple this looks a little fragile to me. In fact you can try to remove a forwarding by specifying only a port number ssh -S ~/.ssh/ctl -O cancel-rforward 2000 localhost This matches an element of permitted_opens and reset...

...forwarding to host %s port %d", host, port); @@ -2224,6 +2249,7 @@ num_permitted_opens++; all_opens_permitted = 0; + return 0; } void @@ -2231,6 +2257,8 @@ { int i; + if (fix_permitted_opens) + return; for (i = 0; i < num_permitted_opens; i++) xfree(permitted_opens[i].host_to_connect); num_permitted_opens = 0; --- channels.h 24 Jul 2002 11:04:17 -0000 1.1.1.1 +++ channels.h 13 Aug 2002 18:47:22 -0000 @@ -193,7 +193,8 @@ /* tcp forwarding */ void channel_set_af(int af); void channel_permit_all_opens(void); -void channel_add_permitted_opens(char *, int); +void chan...

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

...forwarding to host %s port %d", host, port); @@ -2239,6 +2282,7 @@ num_permitted_opens++; all_opens_permitted = 0; + return 0; } void @@ -2246,6 +2290,8 @@ { int i; + if (fix_permitted_opens) + return; for (i = 0; i < num_permitted_opens; i++) xfree(permitted_opens[i].host_to_connect); num_permitted_opens = 0; @@ -2448,6 +2494,7 @@ 0, xstrdup("X11 inet listener"), 1); nc->single_connection = single_connection; } + log("X11 forwarding listening on port %d", 6000+display_number); /* Return the display number for the DISPLAY environment var...

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in