diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth-options.c | 32 | ||||
-rw-r--r-- | sshd.8 | 7 |
3 files changed, 25 insertions, 20 deletions
@@ -66,6 +66,10 @@ | |||
66 | validate ports for LocalForward/RemoteForward. | 66 | validate ports for LocalForward/RemoteForward. |
67 | add host/port alternative syntax for IPv6 (like -L/-R). | 67 | add host/port alternative syntax for IPv6 (like -L/-R). |
68 | ok markus@ | 68 | ok markus@ |
69 | - stevesk@cvs.openbsd.org 2001/08/30 20:36:34 | ||
70 | [auth-options.c sshd.8] | ||
71 | validate ports for permitopen key file option. add host/port | ||
72 | alternative syntax for IPv6. ok markus@ | ||
69 | 73 | ||
70 | 20010815 | 74 | 20010815 |
71 | - (bal) Fixed stray code in readconf.c that went in by mistake. | 75 | - (bal) Fixed stray code in readconf.c that went in by mistake. |
@@ -6389,4 +6393,4 @@ | |||
6389 | - Wrote replacements for strlcpy and mkdtemp | 6393 | - Wrote replacements for strlcpy and mkdtemp |
6390 | - Released 1.0pre1 | 6394 | - Released 1.0pre1 |
6391 | 6395 | ||
6392 | $Id: ChangeLog,v 1.1504 2001/09/12 18:01:59 mouring Exp $ | 6396 | $Id: ChangeLog,v 1.1505 2001/09/12 18:03:31 mouring Exp $ |
diff --git a/auth-options.c b/auth-options.c index 83ef02c42..9f90437ca 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.20 2001/08/30 20:36:34 stevesk Exp $"); |
14 | 14 | ||
15 | #include "packet.h" | 15 | #include "packet.h" |
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
@@ -20,6 +20,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $"); | |||
20 | #include "channels.h" | 20 | #include "channels.h" |
21 | #include "auth-options.h" | 21 | #include "auth-options.h" |
22 | #include "servconf.h" | 22 | #include "servconf.h" |
23 | #include "misc.h" | ||
23 | 24 | ||
24 | /* Flags set authorized_keys flags */ | 25 | /* Flags set authorized_keys flags */ |
25 | int no_port_forwarding_flag = 0; | 26 | int no_port_forwarding_flag = 0; |
@@ -213,8 +214,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
213 | } | 214 | } |
214 | cp = "permitopen=\""; | 215 | cp = "permitopen=\""; |
215 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 216 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
217 | char host[256], sport[6]; | ||
216 | u_short port; | 218 | u_short port; |
217 | char *c, *ep; | ||
218 | char *patterns = xmalloc(strlen(opts) + 1); | 219 | char *patterns = xmalloc(strlen(opts) + 1); |
219 | 220 | ||
220 | opts += strlen(cp); | 221 | opts += strlen(cp); |
@@ -239,28 +240,25 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
239 | } | 240 | } |
240 | patterns[i] = 0; | 241 | patterns[i] = 0; |
241 | opts++; | 242 | opts++; |
242 | c = strchr(patterns, ':'); | 243 | if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && |
243 | if (c == NULL) { | 244 | sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { |
244 | debug("%.100s, line %lu: permitopen: missing colon <%.100s>", | 245 | debug("%.100s, line %lu: Bad permitopen specification " |
245 | file, linenum, patterns); | 246 | "<%.100s>", file, linenum, patterns); |
246 | packet_send_debug("%.100s, line %lu: missing colon", | 247 | packet_send_debug("%.100s, line %lu: " |
247 | file, linenum); | 248 | "Bad permitopen specification", file, linenum); |
248 | xfree(patterns); | 249 | xfree(patterns); |
249 | goto bad_option; | 250 | goto bad_option; |
250 | } | 251 | } |
251 | *c = 0; | 252 | if ((port = a2port(sport)) == 0) { |
252 | c++; | 253 | debug("%.100s, line %lu: Bad permitopen port <%.100s>", |
253 | port = strtol(c, &ep, 0); | 254 | file, linenum, sport); |
254 | if (c == ep) { | 255 | packet_send_debug("%.100s, line %lu: " |
255 | debug("%.100s, line %lu: permitopen: missing port <%.100s>", | 256 | "Bad permitopen port", file, linenum); |
256 | file, linenum, patterns); | ||
257 | packet_send_debug("%.100s, line %lu: missing port", | ||
258 | file, linenum); | ||
259 | xfree(patterns); | 257 | xfree(patterns); |
260 | goto bad_option; | 258 | goto bad_option; |
261 | } | 259 | } |
262 | if (options.allow_tcp_forwarding) | 260 | if (options.allow_tcp_forwarding) |
263 | channel_add_permitted_opens(patterns, port); | 261 | channel_add_permitted_opens(host, port); |
264 | xfree(patterns); | 262 | xfree(patterns); |
265 | goto next_option; | 263 | goto next_option; |
266 | } | 264 | } |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.145 2001/08/29 23:39:40 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.146 2001/08/30 20:36:34 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -1031,7 +1031,10 @@ Prevents tty allocation (a request to allocate a pty will fail). | |||
1031 | Limit local | 1031 | Limit local |
1032 | .Li ``ssh -L'' | 1032 | .Li ``ssh -L'' |
1033 | port forwarding such that it may only connect to the specified host and | 1033 | port forwarding such that it may only connect to the specified host and |
1034 | port. Multiple | 1034 | port. |
1035 | IPv6 addresses can be specified with an alternative syntax: | ||
1036 | .Ar host/port . | ||
1037 | Multiple | ||
1035 | .Cm permitopen | 1038 | .Cm permitopen |
1036 | options may be applied separated by commas. No pattern matching is | 1039 | options may be applied separated by commas. No pattern matching is |
1037 | performed on the specified hostnames, they must be literal domains or | 1040 | performed on the specified hostnames, they must be literal domains or |