summaryrefslogtreecommitdiff
path: root/serverloop.c
diff options
context:
space:
mode:
Diffstat (limited to 'serverloop.c')
-rw-r--r--serverloop.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/serverloop.c b/serverloop.c
index 741c5befb..e224bd08a 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.162 2012/06/20 04:42:58 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.164 2012/12/07 01:51:35 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -708,7 +708,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
708 &nalloc, max_time_milliseconds); 708 &nalloc, max_time_milliseconds);
709 709
710 if (received_sigterm) { 710 if (received_sigterm) {
711 logit("Exiting on signal %d", received_sigterm); 711 logit("Exiting on signal %d", (int)received_sigterm);
712 /* Clean up sessions, utmp, etc. */ 712 /* Clean up sessions, utmp, etc. */
713 cleanup_exit(255); 713 cleanup_exit(255);
714 } 714 }
@@ -858,7 +858,7 @@ server_loop2(Authctxt *authctxt)
858 &nalloc, 0); 858 &nalloc, 0);
859 859
860 if (received_sigterm) { 860 if (received_sigterm) {
861 logit("Exiting on signal %d", received_sigterm); 861 logit("Exiting on signal %d", (int)received_sigterm);
862 /* Clean up sessions, utmp, etc. */ 862 /* Clean up sessions, utmp, etc. */
863 cleanup_exit(255); 863 cleanup_exit(255);
864 } 864 }
@@ -950,7 +950,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt)
950static Channel * 950static Channel *
951server_request_direct_tcpip(void) 951server_request_direct_tcpip(void)
952{ 952{
953 Channel *c; 953 Channel *c = NULL;
954 char *target, *originator; 954 char *target, *originator;
955 u_short target_port, originator_port; 955 u_short target_port, originator_port;
956 956
@@ -963,9 +963,16 @@ server_request_direct_tcpip(void)
963 debug("server_request_direct_tcpip: originator %s port %d, target %s " 963 debug("server_request_direct_tcpip: originator %s port %d, target %s "
964 "port %d", originator, originator_port, target, target_port); 964 "port %d", originator, originator_port, target, target_port);
965 965
966 /* XXX check permission */ 966 /* XXX fine grained permissions */
967 c = channel_connect_to(target, target_port, 967 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
968 "direct-tcpip", "direct-tcpip"); 968 !no_port_forwarding_flag) {
969 c = channel_connect_to(target, target_port,
970 "direct-tcpip", "direct-tcpip");
971 } else {
972 logit("refused local port forward: "
973 "originator %s port %d, target %s port %d",
974 originator, originator_port, target, target_port);
975 }
969 976
970 xfree(originator); 977 xfree(originator);
971 xfree(target); 978 xfree(target);
@@ -1126,7 +1133,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1126 listen_address, listen_port); 1133 listen_address, listen_port);
1127 1134
1128 /* check permissions */ 1135 /* check permissions */
1129 if (!options.allow_tcp_forwarding || 1136 if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
1130 no_port_forwarding_flag || 1137 no_port_forwarding_flag ||
1131 (!want_reply && listen_port == 0) 1138 (!want_reply && listen_port == 0)
1132#ifndef NO_IPPORT_RESERVED_CONCEPT 1139#ifndef NO_IPPORT_RESERVED_CONCEPT
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 03:15:17 +0000