diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-02-01 02:59:09 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2017-02-03 14:23:24 +1100 |
commit | 858252fb1d451ebb0969cf9749116c8f0ee42753 (patch) | |
tree | 86168774d4d73763e0114ec62d7abeb29fbfba12 /serverloop.c | |
parent | 6ba9f893838489add6ec4213c7a997b425e4a9e0 (diff) |
upstream commit
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674, ok djm@
Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
Diffstat (limited to 'serverloop.c')
-rw-r--r-- | serverloop.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/serverloop.c b/serverloop.c index bdb944fa3..2976f5594 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.190 2017/01/04 05:37:40 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt) | |||
430 | } | 430 | } |
431 | 431 | ||
432 | static Channel * | 432 | static Channel * |
433 | server_request_direct_tcpip(void) | 433 | server_request_direct_tcpip(int *reason, const char **errmsg) |
434 | { | 434 | { |
435 | Channel *c = NULL; | 435 | Channel *c = NULL; |
436 | char *target, *originator; | 436 | char *target, *originator; |
@@ -449,11 +449,13 @@ server_request_direct_tcpip(void) | |||
449 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && | 449 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && |
450 | !no_port_forwarding_flag && !options.disable_forwarding) { | 450 | !no_port_forwarding_flag && !options.disable_forwarding) { |
451 | c = channel_connect_to_port(target, target_port, | 451 | c = channel_connect_to_port(target, target_port, |
452 | "direct-tcpip", "direct-tcpip"); | 452 | "direct-tcpip", "direct-tcpip", reason, errmsg); |
453 | } else { | 453 | } else { |
454 | logit("refused local port forward: " | 454 | logit("refused local port forward: " |
455 | "originator %s port %d, target %s port %d", | 455 | "originator %s port %d, target %s port %d", |
456 | originator, originator_port, target, target_port); | 456 | originator, originator_port, target, target_port); |
457 | if (reason != NULL) | ||
458 | *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; | ||
457 | } | 459 | } |
458 | 460 | ||
459 | free(originator); | 461 | free(originator); |
@@ -581,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
581 | { | 583 | { |
582 | Channel *c = NULL; | 584 | Channel *c = NULL; |
583 | char *ctype; | 585 | char *ctype; |
584 | int rchan; | 586 | const char *errmsg = NULL; |
587 | int rchan, reason = SSH2_OPEN_CONNECT_FAILED; | ||
585 | u_int rmaxpack, rwindow, len; | 588 | u_int rmaxpack, rwindow, len; |
586 | 589 | ||
587 | ctype = packet_get_string(&len); | 590 | ctype = packet_get_string(&len); |
@@ -595,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
595 | if (strcmp(ctype, "session") == 0) { | 598 | if (strcmp(ctype, "session") == 0) { |
596 | c = server_request_session(); | 599 | c = server_request_session(); |
597 | } else if (strcmp(ctype, "direct-tcpip") == 0) { | 600 | } else if (strcmp(ctype, "direct-tcpip") == 0) { |
598 | c = server_request_direct_tcpip(); | 601 | c = server_request_direct_tcpip(&reason, &errmsg); |
599 | } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { | 602 | } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { |
600 | c = server_request_direct_streamlocal(); | 603 | c = server_request_direct_streamlocal(); |
601 | } else if (strcmp(ctype, "tun@openssh.com") == 0) { | 604 | } else if (strcmp(ctype, "tun@openssh.com") == 0) { |
@@ -618,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
618 | debug("server_input_channel_open: failure %s", ctype); | 621 | debug("server_input_channel_open: failure %s", ctype); |
619 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); | 622 | packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); |
620 | packet_put_int(rchan); | 623 | packet_put_int(rchan); |
621 | packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); | 624 | packet_put_int(reason); |
622 | if (!(datafellows & SSH_BUG_OPENFAILURE)) { | 625 | if (!(datafellows & SSH_BUG_OPENFAILURE)) { |
623 | packet_put_cstring("open failed"); | 626 | packet_put_cstring(errmsg ? errmsg : "open failed"); |
624 | packet_put_cstring(""); | 627 | packet_put_cstring(""); |
625 | } | 628 | } |
626 | packet_send(); | 629 | packet_send(); |