search for: permitted_opens

Displaying 16 results from an estimated 16 matches for "permitted_opens".

2005 Mar 04
1
[PATCH] controlling remote port forwarding over control path
...-O to occur only once. So, to add or remove multiple channels ssh has to be called multiple times. Would it make sense to extend the code to allow it to occur multiple times? ssh -S ~/.ssh/ctl \ -O add-rforward 2000:forward:80 \ -O add-rforward 2001:forward:80 \ localhost 3) permitted_opens in channels.c is a real problem. The current code allocates a new element from the end of this array while adding a new forwarding. But when the forwarding is cancelled the element is not really freed. It is marked somehow to be not in use but the current code cannot reuse it. 4) again permitt...
2000 Aug 15
0
Experimental -R support patch for openssh client
....1p4/channels.c Mon Jun 26 03:22:53 2000 +++ openssh-2.1.1p4-jhchanges/channels.c Tue Aug 15 19:10:49 2000 @@ -1506,38 +1509,139 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...
2005 Mar 05
2
[Bug 993] adding and removing forwardings via the control connection
...-O to occur only once. So, to add or remove multiple channels ssh has to be called multiple times. Would it make sense to extend the code to allow it to occur multiple times? ssh -S ~/.ssh/ctl \ -O add-rforward 2000:forward:80 \ -O add-rforward 2001:forward:80 \ localhost 3) permitted_opens in channels.c is a real problem. The current code allocates a new element from the end of this array while adding a new forwarding. But when the forwarding is cancelled the element is not really freed. It is marked somehow to be not in use but the current code cannot reuse it. 4) again permitt...
2001 Feb 10
3
Protocol 2 remote forwarding patch
...1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("port listener"), 1); @@ -1536,15 +1639,12 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...
2000 Aug 13
1
Patches for openssh port forwarding
...ptions options; + /* * Maximum file descriptor value used in any of the channels. This is * updated in channel_allocate. @@ -1506,15 +1509,12 @@ u_short port_to_connect) { int payload_len; + int type; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("port listener")); @@ -1506,38 +1645,149 @@ u_short port_to_connect) { int payload_len; + int type; + int success = 0; + /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("channel_request_remote_forwarding: too many forwards"); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_perm...
2013 Dec 19
3
[Bug 2189] New: Client fails to consider hostname when matching rfwd channel opens
...erent addresses), the client always matches on the first listener > with that port, as seen in the following code snippet: > > Channel * > channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) > { > int i; > > for (i = 0; i < num_permitted_opens; i++) { > if (permitted_opens[i].host_to_connect != NULL && > port_match(permitted_opens[i].listen_port, listen_port)) { > return connect_to( > permitted_opens[i].host_to_connect, >...
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...t;auth.h" /* -- channel core */ @@ -91,11 +92,27 @@ u_short listen_port; /* Remote side should listen port number. */ } ForwardPermission; +/* That structure _only_ stocks authorized permitopennet demands + * A ForwardPermission entry is added at each incoming connexion + * in "permitted_opens" array + */ +typedef struct { + struct in_addr * netblock_to_connect; + struct in_addr * netmask_to_connect; + u_short porta_to_connect; + u_short portb_to_connect; +} ForwardNetPermission; + /* List of all permitted host/port pairs to connect. */ static ForwardPermission permitted_opens[SSH...
2012 Oct 22
1
[PATCH] Implement remote dynamic TCP forwarding
...NULL; + c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1); c->connect_ctx = cctx; @@ -3347,6 +3479,10 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && port_match(permitted_opens[i].listen_port, listen_port)) { + if (permitted_opens[i].port_to_connect == FWD_PERMIT_ANY_PORT) + return channel_new(ctype, SSH_CHANNEL_RDYNAMIC, -1, -1, -1, + CHAN_TCP_WINDOW_DEFAULT...
2014 Jul 04
1
multiplex.sh fails in make tests
Hello everybody, running make tests on latest openssh-portable git master (V_6_6_P1-114-g72e6b5c) fails: [...] run test multiplex.sh ... test connection multiplexing: envpass test connection multiplexing: transfer test connection multiplexing: status 0 test connection multiplexing: status 1 test connection multiplexing: status 4 test connection multiplexing: status 5 test connection
2004 Aug 05
1
LocalForward and RemoteForward bind patch
....0.0"; + const char *address_to_bind = + listen_host == NULL ? "0.0.0.0" : listen_host; packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); packet_put_char(1); /* boolean: want reply */ @@ -2297,6 +2299,7 @@ } } if (success) { + permitted_opens[num_permitted_opens].listen_host = listen_host == NULL ? NULL : xstrdup(listen_host); permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; permitted_opens[num_permitted_opens].listen_port =...
2013 Aug 31
11
[Bug 2147] New: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one
https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5
2002 Aug 13
1
[PATCH] global port forwarding restriction
...terns = xmalloc(strlen(opts) + 1); opts += strlen(cp); @@ -247,8 +245,7 @@ } patterns[i] = 0; opts++; - if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && - sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { + if (channel_add_permitted_opens(patterns) < 0) { debug("%.100s, line %lu: Bad permitopen specification " "<%.100s>", file, linenum, patterns); auth_debug_add("%.100s, line %lu: " @@ -256,16 +253,6 @@ xfree(patterns); goto bad_option; } - if ((port = a2port(...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...terns = xmalloc(strlen(opts) + 1); opts += strlen(cp); @@ -243,8 +243,7 @@ } patterns[i] = 0; opts++; - if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && - sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { + if (channel_add_permitted_opens(patterns) < 0) { debug("%.100s, line %lu: Bad permitopen specification " "<%.100s>", file, linenum, patterns); auth_debug_add("%.100s, line %lu: " @@ -252,16 +251,6 @@ xfree(patterns); goto bad_option; } - if ((port = a2port(...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2012 May 03
5
[PATCH/RFC 0/6] New mux client request to list open tcp forwardings.
These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from