summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--serverloop.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/serverloop.c b/serverloop.c
index c4e4699da..c55d203bc 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -468,6 +468,10 @@ server_request_direct_streamlocal(void)
468 Channel *c = NULL; 468 Channel *c = NULL;
469 char *target, *originator; 469 char *target, *originator;
470 u_short originator_port; 470 u_short originator_port;
471 struct passwd *pw = the_authctxt->pw;
472
473 if (pw == NULL || !the_authctxt->valid)
474 fatal("server_input_global_request: no/invalid user");
471 475
472 target = packet_get_string(NULL); 476 target = packet_get_string(NULL);
473 originator = packet_get_string(NULL); 477 originator = packet_get_string(NULL);
@@ -480,7 +484,7 @@ server_request_direct_streamlocal(void)
480 /* XXX fine grained permissions */ 484 /* XXX fine grained permissions */
481 if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && 485 if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
482 !no_port_forwarding_flag && !options.disable_forwarding && 486 !no_port_forwarding_flag && !options.disable_forwarding &&
483 use_privsep) { 487 (pw->pw_uid == 0 || use_privsep)) {
484 c = channel_connect_to_path(target, 488 c = channel_connect_to_path(target,
485 "direct-streamlocal@openssh.com", "direct-streamlocal"); 489 "direct-streamlocal@openssh.com", "direct-streamlocal");
486 } else { 490 } else {
@@ -702,6 +706,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
702 int want_reply; 706 int want_reply;
703 int r, success = 0, allocated_listen_port = 0; 707 int r, success = 0, allocated_listen_port = 0;
704 struct sshbuf *resp = NULL; 708 struct sshbuf *resp = NULL;
709 struct passwd *pw = the_authctxt->pw;
710
711 if (pw == NULL || !the_authctxt->valid)
712 fatal("server_input_global_request: no/invalid user");
705 713
706 rtype = packet_get_string(NULL); 714 rtype = packet_get_string(NULL);
707 want_reply = packet_get_char(); 715 want_reply = packet_get_char();
@@ -709,12 +717,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
709 717
710 /* -R style forwarding */ 718 /* -R style forwarding */
711 if (strcmp(rtype, "tcpip-forward") == 0) { 719 if (strcmp(rtype, "tcpip-forward") == 0) {
712 struct passwd *pw;
713 struct Forward fwd; 720 struct Forward fwd;
714 721
715 pw = the_authctxt->pw;
716 if (pw == NULL || !the_authctxt->valid)
717 fatal("server_input_global_request: no/invalid user");
718 memset(&fwd, 0, sizeof(fwd)); 722 memset(&fwd, 0, sizeof(fwd));
719 fwd.listen_host = packet_get_string(NULL); 723 fwd.listen_host = packet_get_string(NULL);
720 fwd.listen_port = (u_short)packet_get_int(); 724 fwd.listen_port = (u_short)packet_get_int();
@@ -762,9 +766,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
762 /* check permissions */ 766 /* check permissions */
763 if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 767 if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
764 || no_port_forwarding_flag || options.disable_forwarding || 768 || no_port_forwarding_flag || options.disable_forwarding ||
765 !use_privsep) { 769 (pw->pw_uid != 0 && !use_privsep)) {
766 success = 0; 770 success = 0;
767 packet_send_debug("Server has disabled port forwarding."); 771 packet_send_debug("Server has disabled "
772 "streamlocal forwarding.");
768 } else { 773 } else {
769 /* Start listening on the socket */ 774 /* Start listening on the socket */
770 success = channel_setup_remote_fwd_listener( 775 success = channel_setup_remote_fwd_listener(
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 17:18:22 +0000