summaryrefslogtreecommitdiff
path: root/channels.c
diff options
context:
space:
mode:
Diffstat (limited to 'channels.c')
-rw-r--r--channels.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/channels.c b/channels.c
index c9d2015ee..9f9e972f4 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.349 2016/02/05 13:28:19 naddy Exp $ */ 1/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -138,6 +138,9 @@ static int num_adm_permitted_opens = 0;
138/* special-case port number meaning allow any port */ 138/* special-case port number meaning allow any port */
139#define FWD_PERMIT_ANY_PORT 0 139#define FWD_PERMIT_ANY_PORT 0
140 140
141/* special-case wildcard meaning allow any host */
142#define FWD_PERMIT_ANY_HOST "*"
143
141/* 144/*
142 * If this is true, all opens are permitted. This is the case on the server 145 * If this is true, all opens are permitted. This is the case on the server
143 * on which we have to trust the client anyway, and the user could do 146 * on which we have to trust the client anyway, and the user could do
@@ -1416,7 +1419,7 @@ port_open_helper(Channel *c, char *rtype)
1416{ 1419{
1417 char buf[1024]; 1420 char buf[1024];
1418 char *local_ipaddr = get_local_ipaddr(c->sock); 1421 char *local_ipaddr = get_local_ipaddr(c->sock);
1419 int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1); 1422 int local_port = c->sock == -1 ? 65536 : get_local_port(c->sock);
1420 char *remote_ipaddr = get_peer_ipaddr(c->sock); 1423 char *remote_ipaddr = get_peer_ipaddr(c->sock);
1421 int remote_port = get_peer_port(c->sock); 1424 int remote_port = get_peer_port(c->sock);
1422 1425
@@ -2935,7 +2938,7 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
2935 if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 && 2938 if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 &&
2936 allocated_listen_port != NULL && 2939 allocated_listen_port != NULL &&
2937 *allocated_listen_port == 0) { 2940 *allocated_listen_port == 0) {
2938 *allocated_listen_port = get_sock_port(sock, 1); 2941 *allocated_listen_port = get_local_port(sock);
2939 debug("Allocated listen port %d", 2942 debug("Allocated listen port %d",
2940 *allocated_listen_port); 2943 *allocated_listen_port);
2941 } 2944 }
@@ -3298,7 +3301,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost,
3298 if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && 3301 if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT &&
3299 allowed_open->port_to_connect != requestedport) 3302 allowed_open->port_to_connect != requestedport)
3300 return 0; 3303 return 0;
3301 if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) 3304 if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 &&
3305 strcmp(allowed_open->host_to_connect, requestedhost) != 0)
3302 return 0; 3306 return 0;
3303 return 1; 3307 return 1;
3304} 3308}