search for: num_permitted_opens

...-2.1.1p4/channels.c Mon Jun 26 03:22:53 2000 +++ openssh-2.1.1p4-jhchanges/channels.c Tue Aug 15 19:10:49 2000 @@ -1506,38 +1509,139 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...

...verOptions options; + /* * Maximum file descriptor value used in any of the channels. This is * updated in channel_allocate. @@ -1506,15 +1509,12 @@ u_short port_to_connect) { int payload_len; + int type; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...

...s.allow_tcp_forwarding) - channel_add_permitted_opens(host, port); xfree(patterns); goto next_option; } --- channels.c 24 Jul 2002 11:04:17 -0000 1.1.1.1 +++ channels.c 13 Aug 2002 19:17:08 -0000 @@ -96,6 +96,10 @@ /* Number of permitted host/port pairs in the array. */ static int num_permitted_opens = 0; + +/* Don't allow any more to be added. */ +static int fix_permitted_opens = 0; + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -2212,10 +2216,31 @@ all_opens_permitted = 1; }...

.... */ static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; +/* List of all permitted netblock/portblock pairs to connect. */ +static ForwardNetPermission permittednet_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; + /* Number of permitted host/port pairs in the array. */ static int num_permitted_opens = 0; +/* Number of permitted netblock/portblock pairs in the array. */ +static int num_permittednet_opens = 0; /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -2110,7 +2127,7 @@ originator...

...k, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("port listener"), 1); @@ -1536,15 +1639,12 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...

...k, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("port listener")); @@ -1506,38 +1645,149 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...

...; int auth_root_allowed(char *); +int auth_restricted(int, struct passwd *); char *auth2_read_banner(void); --- channels.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ channels.c 28 Jan 2003 19:06:35 -0000 1.4 @@ -96,6 +98,10 @@ /* Number of permitted host/port pairs in the array. */ static int num_permitted_opens = 0; + +/* Don't allow any more to be added. */ +static int fix_permitted_opens = 0; + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -1972,7 +1978,7 @@ } void -channel_input_port_op...

Hello everybody, running make tests on latest openssh-portable git master (V_6_6_P1-114-g72e6b5c) fails: [...] run test multiplex.sh ... test connection multiplexing: envpass test connection multiplexing: transfer test connection multiplexing: status 0 test connection multiplexing: status 1 test connection multiplexing: status 4 test connection multiplexing: status 5 test connection

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...onst char *address_to_bind = + listen_host == NULL ? "0.0.0.0" : listen_host; packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); packet_put_char(1); /* boolean: want reply */ @@ -2297,6 +2299,7 @@ } } if (success) { + permitted_opens[num_permitted_opens].listen_host = listen_host == NULL ? NULL : xstrdup(listen_host); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; permitted_opens[num_permitted_opens].listen_port = listen_port; @@ -233...

Dear all, I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c .... debug("main sshd

...different addresses), the client always matches on the first listener > with that port, as seen in the following code snippet: > > Channel * > channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) > { > int i; > > for (i = 0; i < num_permitted_opens; i++) { > if (permitted_opens[i].host_to_connect != NULL && > port_match(permitted_opens[i].listen_port, listen_port)) { > return connect_to( > permitted_opens[i].host_to_connect, >...

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

...urn NULL; + c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1); c->connect_ctx = cctx; @@ -3347,6 +3479,10 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && port_match(permitted_opens[i].listen_port, listen_port)) { + if (permitted_opens[i].port_to_connect == FWD_PERMIT_ANY_PORT) + return channel_new(ctype, SSH_CHANNEL_RDYNAMIC, -1, -1, -1, + CHAN_TCP_WINDOW_DEFAULT...

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5

...adconf.h Mon Dec 17 03:53:57 2007 @@ -120,6 +120,7 @@ char *local_command; int permit_local_command; + int fips_mode; } Options; --- openssh-4.7p1/servconf.h Mon Dec 17 04:25:51 2007 +++ openssh-4.7p1/servconf.h Mon Dec 17 04:26:31 2007 @@ -141,6 +141,7 @@ int permit_tun; int num_permitted_opens; + int fips_mode; } ServerOptions; void initialize_server_options(ServerOptions *); --- openssh-4.7p1/readconf.c Mon Dec 17 03:46:49 2007 +++ openssh-4.7p1/readconf.c Fri Dec 21 15:40:50 2007 @@ -130,6 +130,7 @@ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv,...