Displaying 17 results from an estimated 17 matches for "num_permitted_opens".
2000 Aug 15
0
Experimental -R support patch for openssh client
...-2.1.1p4/channels.c Mon Jun 26 03:22:53 2000
+++ openssh-2.1.1p4-jhchanges/channels.c Tue Aug 15 19:10:49 2000
@@ -1506,38 +1509,139 @@
u_short port_to_connect)
{
int payload_len;
+ int type;
+ int success = 0;
+
/* Record locally that connection to this host/port is permitted. */
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
fatal("channel_request_remote_forwarding: too many forwards");
- permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
- permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
- permitted_opens[num_perm...
2000 Aug 13
1
Patches for openssh port forwarding
...verOptions options;
+
/*
* Maximum file descriptor value used in any of the channels. This is
* updated in channel_allocate.
@@ -1506,15 +1509,12 @@
u_short port_to_connect)
{
int payload_len;
+ int type;
+
/* Record locally that connection to this host/port is permitted. */
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
fatal("channel_request_remote_forwarding: too many forwards");
- permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
- permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
- permitted_opens[num_perm...
2002 Aug 13
1
[PATCH] global port forwarding restriction
...s.allow_tcp_forwarding)
- channel_add_permitted_opens(host, port);
xfree(patterns);
goto next_option;
}
--- channels.c 24 Jul 2002 11:04:17 -0000 1.1.1.1
+++ channels.c 13 Aug 2002 19:17:08 -0000
@@ -96,6 +96,10 @@
/* Number of permitted host/port pairs in the array. */
static int num_permitted_opens = 0;
+
+/* Don't allow any more to be added. */
+static int fix_permitted_opens = 0;
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
@@ -2212,10 +2216,31 @@
all_opens_permitted = 1;
}...
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
.... */
static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+/* List of all permitted netblock/portblock pairs to connect. */
+static ForwardNetPermission permittednet_opens[SSH_MAX_FORWARDS_PER_DIRECTION];
+
/* Number of permitted host/port pairs in the array. */
static int num_permitted_opens = 0;
+/* Number of permitted netblock/portblock pairs in the array. */
+static int num_permittednet_opens = 0;
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
@@ -2110,7 +2127,7 @@
originator...
2001 Feb 10
3
Protocol 2 remote forwarding patch
...k, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, xstrdup("port listener"), 1);
@@ -1536,15 +1639,12 @@
u_short port_to_connect)
{
int payload_len;
+ int type;
+ int success = 0;
/* Record locally that connection to this host/port is permitted. */
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
fatal("channel_request_remote_forwarding: too many forwards");
- permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
- permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
- permitted_opens[num_perm...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...k, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, xstrdup("port listener"));
@@ -1506,38 +1645,149 @@
u_short port_to_connect)
{
int payload_len;
+ int type;
+ int success = 0;
+
/* Record locally that connection to this host/port is permitted. */
if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
fatal("channel_request_remote_forwarding: too many forwards");
- permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
- permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
- permitted_opens[num_perm...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...;
int auth_root_allowed(char *);
+int auth_restricted(int, struct passwd *);
char *auth2_read_banner(void);
--- channels.c 28 Jan 2003 18:06:51 -0000 1.1.1.2
+++ channels.c 28 Jan 2003 19:06:35 -0000 1.4
@@ -96,6 +98,10 @@
/* Number of permitted host/port pairs in the array. */
static int num_permitted_opens = 0;
+
+/* Don't allow any more to be added. */
+static int fix_permitted_opens = 0;
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
@@ -1972,7 +1978,7 @@
}
void
-channel_input_port_op...
2014 Jul 04
1
multiplex.sh fails in make tests
Hello everybody,
running make tests on latest openssh-portable git master
(V_6_6_P1-114-g72e6b5c) fails:
[...]
run test multiplex.sh ...
test connection multiplexing: envpass
test connection multiplexing: transfer
test connection multiplexing: status 0
test connection multiplexing: status 1
test connection multiplexing: status 4
test connection multiplexing: status 5
test connection
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2004 Aug 05
1
LocalForward and RemoteForward bind patch
...onst char *address_to_bind =
+ listen_host == NULL ? "0.0.0.0" : listen_host;
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring("tcpip-forward");
packet_put_char(1); /* boolean: want reply */
@@ -2297,6 +2299,7 @@
}
}
if (success) {
+ permitted_opens[num_permitted_opens].listen_host = listen_host == NULL ? NULL : xstrdup(listen_host);
permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
permitted_opens[num_permitted_opens].listen_port = listen_port;
@@ -233...
2010 Mar 18
3
problem of adding a new option of sshd
Dear all,
I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and
servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set
the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c
....
debug("main sshd
2013 Dec 19
3
[Bug 2189] New: Client fails to consider hostname when matching rfwd channel opens
...different addresses), the client always matches on the first listener
> with that port, as seen in the following code snippet:
>
> Channel *
> channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname)
> {
> int i;
>
> for (i = 0; i < num_permitted_opens; i++) {
> if (permitted_opens[i].host_to_connect != NULL &&
> port_match(permitted_opens[i].listen_port, listen_port)) {
> return connect_to(
> permitted_opens[i].host_to_connect,
>...
2007 May 16
2
Disabling ForceCommand in a Match block
Hello,
I am trying to force a command for all users *except* for users in the
"wheel" group. My idea was to do the following in sshd_config:
ForceCommand /usr/bin/validate-ssh-command
Match Group wheel
ForceCommand
But obviously this doesn't work, because ForceCommand requires an
argument. I couldn't find a way to achieve what I want.
I wrote a patch that adds a
2012 Oct 22
1
[PATCH] Implement remote dynamic TCP forwarding
...urn NULL;
+
c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1);
c->connect_ctx = cctx;
@@ -3347,6 +3479,10 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname)
for (i = 0; i < num_permitted_opens; i++) {
if (permitted_opens[i].host_to_connect != NULL &&
port_match(permitted_opens[i].listen_port, listen_port)) {
+ if (permitted_opens[i].port_to_connect == FWD_PERMIT_ANY_PORT)
+ return channel_new(ctype, SSH_CHANNEL_RDYNAMIC, -1, -1, -1,
+ CHAN_TCP_WINDOW_DEFAULT...
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote:
> Hi Devin, have you looked at using openssh certificates to help manage
[...]
> While the feature has been around for a while now (and is really
> useful), there doesn't seem to be huge amount of documentation around
> it. I found the following useful when getting a client of my running
Yeah, when I wrote about it
2013 Aug 31
11
[Bug 2147] New: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one
https://bugzilla.mindrot.org/show_bug.cgi?id=2147
Bug ID: 2147
Summary: OpenSSH remote forwarding of dynamic ports doesn't
work when you create more than one
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
...adconf.h Mon Dec 17 03:53:57 2007
@@ -120,6 +120,7 @@
char *local_command;
int permit_local_command;
+ int fips_mode;
} Options;
--- openssh-4.7p1/servconf.h Mon Dec 17 04:25:51 2007
+++ openssh-4.7p1/servconf.h Mon Dec 17 04:26:31 2007
@@ -141,6 +141,7 @@
int permit_tun;
int num_permitted_opens;
+ int fips_mode;
} ServerOptions;
void initialize_server_options(ServerOptions *);
--- openssh-4.7p1/readconf.c Mon Dec 17 03:46:49 2007
+++ openssh-4.7p1/readconf.c Fri Dec 21 15:40:50 2007
@@ -130,6 +130,7 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv,...