diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | channels.c | 14 | ||||
-rw-r--r-- | channels.h | 6 | ||||
-rw-r--r-- | clientloop.c | 34 | ||||
-rw-r--r-- | ssh.1 | 19 |
5 files changed, 56 insertions, 21 deletions
@@ -56,6 +56,10 @@ | |||
56 | support for cancelling local and remote port forwards via the multiplex | 56 | support for cancelling local and remote port forwards via the multiplex |
57 | socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request | 57 | socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request |
58 | the cancellation of the specified forwardings; ok markus@ | 58 | the cancellation of the specified forwardings; ok markus@ |
59 | - markus@cvs.openbsd.org 2011/09/10 22:26:34 | ||
60 | [channels.c channels.h clientloop.c ssh.1] | ||
61 | support cancellation of local/dynamic forwardings from ~C commandline; | ||
62 | ok & feedback djm@ | ||
59 | 63 | ||
60 | 20110909 | 64 | 20110909 |
61 | - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From | 65 | - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From |
diff --git a/channels.c b/channels.c index 0f7e1a872..b6663de8f 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port) | |||
2844 | 2844 | ||
2845 | int | 2845 | int |
2846 | channel_cancel_lport_listener(const char *lhost, u_short lport, | 2846 | channel_cancel_lport_listener(const char *lhost, u_short lport, |
2847 | u_short cport, int gateway_ports) | 2847 | int cport, int gateway_ports) |
2848 | { | 2848 | { |
2849 | u_int i; | 2849 | u_int i; |
2850 | int found = 0; | 2850 | int found = 0; |
@@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport, | |||
2854 | Channel *c = channels[i]; | 2854 | Channel *c = channels[i]; |
2855 | if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) | 2855 | if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) |
2856 | continue; | 2856 | continue; |
2857 | if (c->listening_port != lport || c->host_port != cport) | 2857 | if (c->listening_port != lport) |
2858 | continue; | 2858 | continue; |
2859 | if (cport == CHANNEL_CANCEL_PORT_STATIC) { | ||
2860 | /* skip dynamic forwardings */ | ||
2861 | if (c->host_port == 0) | ||
2862 | continue; | ||
2863 | } else { | ||
2864 | if (c->host_port != cport) | ||
2865 | continue; | ||
2866 | } | ||
2859 | if ((c->listening_addr == NULL && addr != NULL) || | 2867 | if ((c->listening_addr == NULL && addr != NULL) || |
2860 | (c->listening_addr != NULL && addr == NULL)) | 2868 | (c->listening_addr != NULL && addr == NULL)) |
2861 | continue; | 2869 | continue; |
diff --git a/channels.h b/channels.h index 37af32289..ff84ea54f 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -57,6 +57,8 @@ | |||
57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ | 57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ |
58 | #define SSH_CHANNEL_MAX_TYPE 17 | 58 | #define SSH_CHANNEL_MAX_TYPE 17 |
59 | 59 | ||
60 | #define CHANNEL_CANCEL_PORT_STATIC -1 | ||
61 | |||
60 | struct Channel; | 62 | struct Channel; |
61 | typedef struct Channel Channel; | 63 | typedef struct Channel Channel; |
62 | 64 | ||
@@ -265,7 +267,7 @@ int channel_setup_local_fwd_listener(const char *, u_short, | |||
265 | int channel_request_rforward_cancel(const char *host, u_short port); | 267 | int channel_request_rforward_cancel(const char *host, u_short port); |
266 | int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); | 268 | int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); |
267 | int channel_cancel_rport_listener(const char *, u_short); | 269 | int channel_cancel_rport_listener(const char *, u_short); |
268 | int channel_cancel_lport_listener(const char *, u_short, u_short, int); | 270 | int channel_cancel_lport_listener(const char *, u_short, int, int); |
269 | 271 | ||
270 | /* x11 forwarding */ | 272 | /* x11 forwarding */ |
271 | 273 | ||
diff --git a/clientloop.c b/clientloop.c index c19b01f19..1339521f4 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -839,9 +839,8 @@ process_cmdline(void) | |||
839 | { | 839 | { |
840 | void (*handler)(int); | 840 | void (*handler)(int); |
841 | char *s, *cmd, *cancel_host; | 841 | char *s, *cmd, *cancel_host; |
842 | int delete = 0; | 842 | int delete = 0, local = 0, remote = 0, dynamic = 0; |
843 | int local = 0, remote = 0, dynamic = 0; | 843 | int cancel_port, ok; |
844 | int cancel_port; | ||
845 | Forward fwd; | 844 | Forward fwd; |
846 | 845 | ||
847 | bzero(&fwd, sizeof(fwd)); | 846 | bzero(&fwd, sizeof(fwd)); |
@@ -867,8 +866,12 @@ process_cmdline(void) | |||
867 | "Request remote forward"); | 866 | "Request remote forward"); |
868 | logit(" -D[bind_address:]port " | 867 | logit(" -D[bind_address:]port " |
869 | "Request dynamic forward"); | 868 | "Request dynamic forward"); |
869 | logit(" -KL[bind_address:]port " | ||
870 | "Cancel local forward"); | ||
870 | logit(" -KR[bind_address:]port " | 871 | logit(" -KR[bind_address:]port " |
871 | "Cancel remote forward"); | 872 | "Cancel remote forward"); |
873 | logit(" -KD[bind_address:]port " | ||
874 | "Cancel dynamic forward"); | ||
872 | if (!options.permit_local_command) | 875 | if (!options.permit_local_command) |
873 | goto out; | 876 | goto out; |
874 | logit(" !args " | 877 | logit(" !args " |
@@ -897,11 +900,7 @@ process_cmdline(void) | |||
897 | goto out; | 900 | goto out; |
898 | } | 901 | } |
899 | 902 | ||
900 | if ((local || dynamic) && delete) { | 903 | if (delete && !compat20) { |
901 | logit("Not supported."); | ||
902 | goto out; | ||
903 | } | ||
904 | if (remote && delete && !compat20) { | ||
905 | logit("Not supported for SSH protocol version 1."); | 904 | logit("Not supported for SSH protocol version 1."); |
906 | goto out; | 905 | goto out; |
907 | } | 906 | } |
@@ -924,7 +923,21 @@ process_cmdline(void) | |||
924 | logit("Bad forwarding close port"); | 923 | logit("Bad forwarding close port"); |
925 | goto out; | 924 | goto out; |
926 | } | 925 | } |
927 | channel_request_rforward_cancel(cancel_host, cancel_port); | 926 | if (remote) |
927 | ok = channel_request_rforward_cancel(cancel_host, | ||
928 | cancel_port) == 0; | ||
929 | else if (dynamic) | ||
930 | ok = channel_cancel_lport_listener(cancel_host, | ||
931 | cancel_port, 0, options.gateway_ports) > 0; | ||
932 | else | ||
933 | ok = channel_cancel_lport_listener(cancel_host, | ||
934 | cancel_port, CHANNEL_CANCEL_PORT_STATIC, | ||
935 | options.gateway_ports) > 0; | ||
936 | if (!ok) { | ||
937 | logit("Unkown port forwarding."); | ||
938 | goto out; | ||
939 | } | ||
940 | logit("Canceled forwarding."); | ||
928 | } else { | 941 | } else { |
929 | if (!parse_forward(&fwd, s, dynamic, remote)) { | 942 | if (!parse_forward(&fwd, s, dynamic, remote)) { |
930 | logit("Bad forwarding specification."); | 943 | logit("Bad forwarding specification."); |
@@ -945,7 +958,6 @@ process_cmdline(void) | |||
945 | goto out; | 958 | goto out; |
946 | } | 959 | } |
947 | } | 960 | } |
948 | |||
949 | logit("Forwarding port."); | 961 | logit("Forwarding port."); |
950 | } | 962 | } |
951 | 963 | ||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $ |
37 | .Dd $Mdocdate: August 26 2011 $ | 37 | .Dd $Mdocdate: September 10 2011 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the | |||
899 | and | 899 | and |
900 | .Fl D | 900 | .Fl D |
901 | options (see above). | 901 | options (see above). |
902 | It also allows the cancellation of existing remote port-forwardings | 902 | It also allows the cancellation of existing port-forwardings |
903 | using | 903 | with |
904 | .Sm off | ||
905 | .Fl KL Oo Ar bind_address : Oc Ar port | ||
906 | .Sm on | ||
907 | for local, | ||
908 | .Sm off | ||
909 | .Fl KR Oo Ar bind_address : Oc Ar port | ||
910 | .Sm on | ||
911 | for remote and | ||
904 | .Sm off | 912 | .Sm off |
905 | .Fl KR Oo Ar bind_address : Oc Ar port . | 913 | .Fl KD Oo Ar bind_address : Oc Ar port |
906 | .Sm on | 914 | .Sm on |
915 | for dynamic port-forwardings. | ||
907 | .Ic !\& Ns Ar command | 916 | .Ic !\& Ns Ar command |
908 | allows the user to execute a local command if the | 917 | allows the user to execute a local command if the |
909 | .Ic PermitLocalCommand | 918 | .Ic PermitLocalCommand |