1 files changed, 25 insertions, 19 deletions
diff --git a/clientloop.c b/clientloop.c
index f10fab769..a2d2d1d07 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -107,7 +107,6 @@
 #include "atomicio.h"
 #include "sshpty.h"
 #include "misc.h"
-#include "monitor_fdpass.h"
 #include "match.h"
 #include "msg.h"
@@ -765,8 +764,8 @@ process_cmdline(void)
        void (*handler)(int);
        char *s, *cmd, *cancel_host;
        int delete = 0;
-        int local = 0;
+        int local = 0, remote = 0, dynamic = 0;
-        u_short cancel_port;
+        int cancel_port;
        Forward fwd;
        bzero(&fwd, sizeof(fwd));
@@ -790,6 +789,8 @@ process_cmdline(void)
                    "Request local forward");
                logit("      -R[bind_address:]port:host:hostport    "
                    "Request remote forward");
+                logit("      -D[bind_address:]port                  "
+                    "Request dynamic forward");
                logit("      -KR[bind_address:]port                 "
                    "Cancel remote forward");
                if (!options.permit_local_command)
@@ -809,17 +810,22 @@ process_cmdline(void)
                delete = 1;
                s++;
        }
-        if (*s != 'L' && *s != 'R') {
+        if (*s == 'L')
+                local = 1;
+        else if (*s == 'R')
+                remote = 1;
+        else if (*s == 'D')
+                dynamic = 1;
+        else {
                logit("Invalid command.");
                goto out;
        }
-        if (*s == 'L')
-                local = 1;
+        if ((local || dynamic) && delete) {
-        if (local && delete) {
                logit("Not supported.");
                goto out;
        }
-        if ((!local || delete) && !compat20) {
+        if (remote && delete && !compat20) {
                logit("Not supported for SSH protocol version 1.");
                goto out;
        }
@@ -837,17 +843,17 @@ process_cmdline(void)
                        cancel_port = a2port(cancel_host);
                        cancel_host = NULL;
                }
-                if (cancel_port == 0) {
+                if (cancel_port <= 0) {
                        logit("Bad forwarding close port");
                        goto out;
                }
                channel_request_rforward_cancel(cancel_host, cancel_port);
        } else {
-                if (!parse_forward(&fwd, s)) {
+                if (!parse_forward(&fwd, s, dynamic, remote)) {
                        logit("Bad forwarding specification.");
                        goto out;
                }
-                if (local) {
+                if (local || dynamic) {
                        if (channel_setup_local_fwd_listener(fwd.listen_host,
                            fwd.listen_port, fwd.connect_host,
                            fwd.connect_port, options.gateway_ports) < 0) {
@@ -1036,7 +1042,6 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
 Supported escape sequences:\r\n\
  %c.  - terminate session\r\n\
  %cB  - send a BREAK to the remote system\r\n\
-  %cC  - open a command line\r\n\
  %cR  - Request rekey (SSH protocol 2 only)\r\n\
  %c#  - list forwarded connections\r\n\
  %c?  - this message\r\n\
@@ -1045,8 +1050,7 @@ Supported escape sequences:\r\n\
                                            escape_char, escape_char,
                                            escape_char, escape_char,
                                            escape_char, escape_char,
-                                            escape_char, escape_char,
+                                            escape_char, escape_char);
-                                            escape_char);
                                } else {
                                        snprintf(string, sizeof string,
 "%c?\r\n\
@@ -1081,6 +1085,8 @@ Supported escape sequences:\r\n\
                                continue;
                        case 'C':
+                                if (c && c->ctl_fd != -1)
+                                        goto noescape;
                                process_cmdline();
                                continue;
@@ -1632,7 +1638,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
 {
        Channel *c = NULL;
        char *listen_address, *originator_address;
-        int listen_port, originator_port;
+        u_short listen_port, originator_port;
        /* Get rest of the packet */
        listen_address = packet_get_string(NULL);
@@ -1658,7 +1664,7 @@ client_request_x11(const char *request_type, int rchan)
 {
        Channel *c = NULL;
        char *originator;
-        int originator_port;
+        u_short originator_port;
        int sock;
        if (!options.forward_x11) {
@@ -1722,7 +1728,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
                return 0;
        if (!compat20) {
-                error("Tunnel forwarding is not support for protocol 1");
+                error("Tunnel forwarding is not supported for protocol 1");
                return -1;
        }
@@ -1846,7 +1852,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
        if (reply) {
                packet_start(success ?
                    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
-                packet_put_int(id);
+                packet_put_int(c->remote_id);
                packet_send();
        }
        xfree(rtype);

diff --git a/clientloop.c b/clientloop.c index f10fab769..a2d2d1d07 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -107,7 +107,6 @@
107	#include "atomicio.h"	107	#include "atomicio.h"
108	#include "sshpty.h"	108	#include "sshpty.h"
109	#include "misc.h"	109	#include "misc.h"
110	#include "monitor_fdpass.h"
111	#include "match.h"	110	#include "match.h"
112	#include "msg.h"	111	#include "msg.h"
113		112
@@ -765,8 +764,8 @@ process_cmdline(void)
765	void (*handler)(int);	764	void (*handler)(int);
766	char s, cmd, *cancel_host;	765	char s, cmd, *cancel_host;
767	int delete = 0;	766	int delete = 0;
768	int local = 0;	767	int local = 0, remote = 0, dynamic = 0;
769	u_short cancel_port;	768	int cancel_port;
770	Forward fwd;	769	Forward fwd;
771		770
772	bzero(&fwd, sizeof(fwd));	771	bzero(&fwd, sizeof(fwd));
@@ -790,6 +789,8 @@ process_cmdline(void)
790	"Request local forward");	789	"Request local forward");
791	logit(" -R[bind_address:]port:host:hostport "	790	logit(" -R[bind_address:]port:host:hostport "
792	"Request remote forward");	791	"Request remote forward");
		792	logit(" -D[bind_address:]port "
		793	"Request dynamic forward");
793	logit(" -KR[bind_address:]port "	794	logit(" -KR[bind_address:]port "
794	"Cancel remote forward");	795	"Cancel remote forward");
795	if (!options.permit_local_command)	796	if (!options.permit_local_command)
@@ -809,17 +810,22 @@ process_cmdline(void)
809	delete = 1;	810	delete = 1;
810	s++;	811	s++;
811	}	812	}
812	if (s != 'L' && s != 'R') {	813	if (*s == 'L')
		814	local = 1;
		815	else if (*s == 'R')
		816	remote = 1;
		817	else if (*s == 'D')
		818	dynamic = 1;
		819	else {
813	logit("Invalid command.");	820	logit("Invalid command.");
814	goto out;	821	goto out;
815	}	822	}
816	if (*s == 'L')	823
817	local = 1;	824	if ((local \|\| dynamic) && delete) {
818	if (local && delete) {
819	logit("Not supported.");	825	logit("Not supported.");
820	goto out;	826	goto out;
821	}	827	}
822	if ((!local \|\| delete) && !compat20) {	828	if (remote && delete && !compat20) {
823	logit("Not supported for SSH protocol version 1.");	829	logit("Not supported for SSH protocol version 1.");
824	goto out;	830	goto out;
825	}	831	}
@@ -837,17 +843,17 @@ process_cmdline(void)
837	cancel_port = a2port(cancel_host);	843	cancel_port = a2port(cancel_host);
838	cancel_host = NULL;	844	cancel_host = NULL;
839	}	845	}
840	if (cancel_port == 0) {	846	if (cancel_port <= 0) {
841	logit("Bad forwarding close port");	847	logit("Bad forwarding close port");
842	goto out;	848	goto out;
843	}	849	}
844	channel_request_rforward_cancel(cancel_host, cancel_port);	850	channel_request_rforward_cancel(cancel_host, cancel_port);
845	} else {	851	} else {
846	if (!parse_forward(&fwd, s)) {	852	if (!parse_forward(&fwd, s, dynamic, remote)) {
847	logit("Bad forwarding specification.");	853	logit("Bad forwarding specification.");
848	goto out;	854	goto out;
849	}	855	}
850	if (local) {	856	if (local \|\| dynamic) {
851	if (channel_setup_local_fwd_listener(fwd.listen_host,	857	if (channel_setup_local_fwd_listener(fwd.listen_host,
852	fwd.listen_port, fwd.connect_host,	858	fwd.listen_port, fwd.connect_host,
853	fwd.connect_port, options.gateway_ports) < 0) {	859	fwd.connect_port, options.gateway_ports) < 0) {
@@ -1036,7 +1042,6 @@ process_escapes(Channel c, Buffer bin, Buffer bout, Buffer berr,
1036	Supported escape sequences:\r\n\	1042	Supported escape sequences:\r\n\
1037	%c. - terminate session\r\n\	1043	%c. - terminate session\r\n\
1038	%cB - send a BREAK to the remote system\r\n\	1044	%cB - send a BREAK to the remote system\r\n\
1039	%cC - open a command line\r\n\
1040	%cR - Request rekey (SSH protocol 2 only)\r\n\	1045	%cR - Request rekey (SSH protocol 2 only)\r\n\
1041	%c# - list forwarded connections\r\n\	1046	%c# - list forwarded connections\r\n\
1042	%c? - this message\r\n\	1047	%c? - this message\r\n\
@@ -1045,8 +1050,7 @@ Supported escape sequences:\r\n\
1045	escape_char, escape_char,	1050	escape_char, escape_char,
1046	escape_char, escape_char,	1051	escape_char, escape_char,
1047	escape_char, escape_char,	1052	escape_char, escape_char,
1048	escape_char, escape_char,	1053	escape_char, escape_char);
1049	escape_char);
1050	} else {	1054	} else {
1051	snprintf(string, sizeof string,	1055	snprintf(string, sizeof string,
1052	"%c?\r\n\	1056	"%c?\r\n\
@@ -1081,6 +1085,8 @@ Supported escape sequences:\r\n\
1081	continue;	1085	continue;
1082		1086
1083	case 'C':	1087	case 'C':
		1088	if (c && c->ctl_fd != -1)
		1089	goto noescape;
1084	process_cmdline();	1090	process_cmdline();
1085	continue;	1091	continue;
1086		1092
@@ -1632,7 +1638,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
1632	{	1638	{
1633	Channel *c = NULL;	1639	Channel *c = NULL;
1634	char listen_address, originator_address;	1640	char listen_address, originator_address;
1635	int listen_port, originator_port;	1641	u_short listen_port, originator_port;
1636		1642
1637	/* Get rest of the packet */	1643	/* Get rest of the packet */
1638	listen_address = packet_get_string(NULL);	1644	listen_address = packet_get_string(NULL);
@@ -1658,7 +1664,7 @@ client_request_x11(const char *request_type, int rchan)
1658	{	1664	{
1659	Channel *c = NULL;	1665	Channel *c = NULL;
1660	char *originator;	1666	char *originator;
1661	int originator_port;	1667	u_short originator_port;
1662	int sock;	1668	int sock;
1663		1669
1664	if (!options.forward_x11) {	1670	if (!options.forward_x11) {
@@ -1722,7 +1728,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
1722	return 0;	1728	return 0;
1723		1729
1724	if (!compat20) {	1730	if (!compat20) {
1725	error("Tunnel forwarding is not support for protocol 1");	1731	error("Tunnel forwarding is not supported for protocol 1");
1726	return -1;	1732	return -1;
1727	}	1733	}
1728		1734
@@ -1846,7 +1852,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
1846	if (reply) {	1852	if (reply) {
1847	packet_start(success ?	1853	packet_start(success ?
1848	SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);	1854	SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1849	packet_put_int(id);	1855	packet_put_int(c->remote_id);
1850	packet_send();	1856	packet_send();
1851	}	1857	}
1852	xfree(rtype);	1858	xfree(rtype);