upstream: Add a PermitListen directive to control which server-side

addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
author: djm@openbsd.org <djm@openbsd.org> 2018-06-06 18:22:41 +0000
committer: Damien Miller <djm@mindrot.org> 2018-06-07 04:27:20 +1000
commit: 115063a6647007286cc8ca70abfd2a7585f26ccc (patch)
tree: 7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8 /mux.c
parent: 7703ae5f5d42eb302ded51705166ff6e19c92892 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/mux.c b/mux.c
index 5ae454410..c591cb154 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */
+/* $OpenBSD: mux.c,v 1.70 2018/06/06 18:22:41 djm Exp $ */
 /*
 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
 *
@@ -634,7 +634,7 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
                        buffer_put_int(&out, MUX_S_REMOTE_PORT);
                        buffer_put_int(&out, fctx->rid);
                        buffer_put_int(&out, rfwd->allocated_port);
-                        channel_update_permitted_opens(ssh, rfwd->handle,
+                        channel_update_permission(ssh, rfwd->handle,
                           rfwd->allocated_port);
                } else {
                        buffer_put_int(&out, MUX_S_OK);
@@ -643,7 +643,7 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
                goto out;
        } else {
                if (rfwd->listen_port == 0)
-                        channel_update_permitted_opens(ssh, rfwd->handle, -1);
+                        channel_update_permission(ssh, rfwd->handle, -1);
                if (rfwd->listen_path != NULL)
                        xasprintf(&failmsg, "remote port forwarding failed for "
                            "listen path %s", rfwd->listen_path);
author	djm@openbsd.org <djm@openbsd.org>	2018-06-06 18:22:41 +0000
committer	Damien Miller <djm@mindrot.org>	2018-06-07 04:27:20 +1000
commit	115063a6647007286cc8ca70abfd2a7585f26ccc (patch)
tree	7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8 /mux.c
parent	7703ae5f5d42eb302ded51705166ff6e19c92892 (diff)

diff --git a/mux.c b/mux.c index 5ae454410..c591cb154 100644 --- a/mux.c +++ b/mux.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */	1	/* $OpenBSD: mux.c,v 1.70 2018/06/06 18:22:41 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>	3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4	*	4	*
@@ -634,7 +634,7 @@ mux_confirm_remote_forward(struct ssh ssh, int type, u_int32_t seq, void ctxt)
634	buffer_put_int(&out, MUX_S_REMOTE_PORT);	634	buffer_put_int(&out, MUX_S_REMOTE_PORT);
635	buffer_put_int(&out, fctx->rid);	635	buffer_put_int(&out, fctx->rid);
636	buffer_put_int(&out, rfwd->allocated_port);	636	buffer_put_int(&out, rfwd->allocated_port);
637	channel_update_permitted_opens(ssh, rfwd->handle,	637	channel_update_permission(ssh, rfwd->handle,
638	rfwd->allocated_port);	638	rfwd->allocated_port);
639	} else {	639	} else {
640	buffer_put_int(&out, MUX_S_OK);	640	buffer_put_int(&out, MUX_S_OK);
@@ -643,7 +643,7 @@ mux_confirm_remote_forward(struct ssh ssh, int type, u_int32_t seq, void ctxt)
643	goto out;	643	goto out;
644	} else {	644	} else {
645	if (rfwd->listen_port == 0)	645	if (rfwd->listen_port == 0)
646	channel_update_permitted_opens(ssh, rfwd->handle, -1);	646	channel_update_permission(ssh, rfwd->handle, -1);
647	if (rfwd->listen_path != NULL)	647	if (rfwd->listen_path != NULL)
648	xasprintf(&failmsg, "remote port forwarding failed for "	648	xasprintf(&failmsg, "remote port forwarding failed for "
649	"listen path %s", rfwd->listen_path);	649	"listen path %s", rfwd->listen_path);