From e7261c7e368fe7d6694918e62fe23e24aa3e1fca Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Nov 2008 19:25:40 +1100 Subject: - stevesk@cvs.openbsd.org 2008/10/30 19:31:16 [clientloop.c sshd.c] don't need to #include "monitor_fdpass.h" --- clientloop.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'clientloop.c') diff --git a/clientloop.c b/clientloop.c index f10fab769..30e17d20c 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.202 2008/10/30 19:31:16 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -107,7 +107,6 @@ #include "atomicio.h" #include "sshpty.h" #include "misc.h" -#include "monitor_fdpass.h" #include "match.h" #include "msg.h" -- cgit v1.2.3 From a699d952e5e20be83fada0ff10ba8e02ad4dcd81 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Nov 2008 19:27:34 +1100 Subject: - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 [clientloop.c readconf.c readconf.h ssh.c] merge dynamic forward parsing into parse_forward(); 'i think this is OK' djm@ --- ChangeLog | 6 ++++- clientloop.c | 4 +-- readconf.c | 82 +++++++++++++++++++++++++++++++++--------------------------- readconf.h | 4 +-- ssh.c | 32 ++++++------------------ 5 files changed, 62 insertions(+), 66 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 5b6889fba..b095d974e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -92,6 +92,10 @@ - sobrado@cvs.openbsd.org 2008/11/01 11:14:36 [ssh-keyscan.1 ssh-keyscan.c] the ellipsis is not an optional argument; while here, improve spacing. + - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 + [clientloop.c readconf.c readconf.h ssh.c] + merge dynamic forward parsing into parse_forward(); + 'i think this is OK' djm@ 20080906 - (dtucker) [config.guess config.sub] Update to latest versions from @@ -4826,4 +4830,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5121 2008/11/03 08:27:07 djm Exp $ +$Id: ChangeLog,v 1.5122 2008/11/03 08:27:34 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 30e17d20c..0ed4194a6 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.202 2008/10/30 19:31:16 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.203 2008/11/01 17:40:33 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -842,7 +842,7 @@ process_cmdline(void) } channel_request_rforward_cancel(cancel_host, cancel_port); } else { - if (!parse_forward(&fwd, s)) { + if (!parse_forward(&fwd, s, 0)) { logit("Bad forwarding specification."); goto out; } diff --git a/readconf.c b/readconf.c index 73f6eb361..27be8df68 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ +/* $OpenBSD: readconf.c,v 1.168 2008/11/01 17:40:33 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -706,56 +706,39 @@ parse_int: case oLocalForward: case oRemoteForward: + case oDynamicForward: arg = strdelim(&s); if (arg == NULL || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - arg2 = strdelim(&s); - if (arg2 == NULL || *arg2 == '\0') - fatal("%.200s line %d: Missing target argument.", - filename, linenum); - /* construct a string for parse_forward */ - snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); + if (opcode == oLocalForward || + opcode == oRemoteForward) { + arg2 = strdelim(&s); + if (arg2 == NULL || *arg2 == '\0') + fatal("%.200s line %d: Missing target argument.", + filename, linenum); - if (parse_forward(&fwd, fwdarg) == 0) + /* construct a string for parse_forward */ + snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); + } else if (opcode == oDynamicForward) { + strlcpy(fwdarg, arg, sizeof(fwdarg)); + } + + if (parse_forward(&fwd, fwdarg, + opcode == oDynamicForward ? 1 : 0) == 0) fatal("%.200s line %d: Bad forwarding specification.", filename, linenum); if (*activep) { - if (opcode == oLocalForward) + if (opcode == oLocalForward || + opcode == oDynamicForward) add_local_forward(options, &fwd); else if (opcode == oRemoteForward) add_remote_forward(options, &fwd); } break; - case oDynamicForward: - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing port argument.", - filename, linenum); - memset(&fwd, '\0', sizeof(fwd)); - fwd.connect_host = "socks"; - fwd.listen_host = hpdelim(&arg); - if (fwd.listen_host == NULL || - strlen(fwd.listen_host) >= NI_MAXHOST) - fatal("%.200s line %d: Bad forwarding specification.", - filename, linenum); - if (arg) { - fwd.listen_port = a2port(arg); - fwd.listen_host = cleanhostname(fwd.listen_host); - } else { - fwd.listen_port = a2port(fwd.listen_host); - fwd.listen_host = NULL; - } - if (fwd.listen_port == 0) - fatal("%.200s line %d: Badly formatted port number.", - filename, linenum); - if (*activep) - add_local_forward(options, &fwd); - break; - case oClearAllForwardings: intptr = &options->clear_forwardings; goto parse_flag; @@ -1219,11 +1202,14 @@ fill_default_options(Options * options) /* * parse_forward * parses a string containing a port forwarding specification of the form: + * dynamicfwd == 0 * [listenhost:]listenport:connecthost:connectport + * dynamicfwd == 1 + * [listenhost:]listenport * returns number of arguments parsed or zero on error */ int -parse_forward(Forward *fwd, const char *fwdspec) +parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd) { int i; char *p, *cp, *fwdarg[4]; @@ -1245,6 +1231,18 @@ parse_forward(Forward *fwd, const char *fwdspec) i = 0; /* failure */ switch (i) { + case 1: + fwd->listen_host = NULL; + fwd->listen_port = a2port(fwdarg[0]); + fwd->connect_host = xstrdup("socks"); + break; + + case 2: + fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); + fwd->listen_port = a2port(fwdarg[1]); + fwd->connect_host = xstrdup("socks"); + break; + case 3: fwd->listen_host = NULL; fwd->listen_port = a2port(fwdarg[0]); @@ -1264,7 +1262,17 @@ parse_forward(Forward *fwd, const char *fwdspec) xfree(p); - if (fwd->listen_port == 0 || fwd->connect_port == 0) + if (dynamicfwd) { + if (!(i == 1 || i == 2)) + goto fail_free; + } else { + if (!(i == 3 || i == 4)) + goto fail_free; + if (fwd->connect_port == 0) + goto fail_free; + } + + if (fwd->listen_port == 0) goto fail_free; if (fwd->connect_host != NULL && diff --git a/readconf.h b/readconf.h index 47c7aef4e..c1387a896 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */ +/* $OpenBSD: readconf.h,v 1.75 2008/11/01 17:40:33 stevesk Exp $ */ /* * Author: Tatu Ylonen @@ -133,7 +133,7 @@ typedef struct { void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); -int parse_forward(Forward *, const char *); +int parse_forward(Forward *, const char *, int); int process_config_line(Options *, const char *, char *, const char *, int, int *); diff --git a/ssh.c b/ssh.c index 82d3ab26b..5bb67c5b1 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.321 2008/10/09 06:54:22 jmc Exp $ */ +/* $OpenBSD: ssh.c,v 1.322 2008/11/01 17:40:33 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -453,7 +453,7 @@ main(int ac, char **av) break; case 'L': - if (parse_forward(&fwd, optarg)) + if (parse_forward(&fwd, optarg, 0)) add_local_forward(&options, &fwd); else { fprintf(stderr, @@ -464,7 +464,7 @@ main(int ac, char **av) break; case 'R': - if (parse_forward(&fwd, optarg)) { + if (parse_forward(&fwd, optarg, 0)) { add_remote_forward(&options, &fwd); } else { fprintf(stderr, @@ -475,30 +475,14 @@ main(int ac, char **av) break; case 'D': - cp = p = xstrdup(optarg); - memset(&fwd, '\0', sizeof(fwd)); - fwd.connect_host = "socks"; - if ((fwd.listen_host = hpdelim(&cp)) == NULL) { - fprintf(stderr, "Bad dynamic forwarding " - "specification '%.100s'\n", optarg); - exit(255); - } - if (cp != NULL) { - fwd.listen_port = a2port(cp); - fwd.listen_host = - cleanhostname(fwd.listen_host); + if (parse_forward(&fwd, optarg, 1)) { + add_local_forward(&options, &fwd); } else { - fwd.listen_port = a2port(fwd.listen_host); - fwd.listen_host = NULL; - } - - if (fwd.listen_port == 0) { - fprintf(stderr, "Bad dynamic port '%s'\n", - optarg); + fprintf(stderr, + "Bad dynamic forwarding specification " + "'%s'\n", optarg); exit(255); } - add_local_forward(&options, &fwd); - xfree(p); break; case 'C': -- cgit v1.2.3 From 0164cb8a87cf3060f13954ce4e842ecbe8316817 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 5 Nov 2008 16:30:31 +1100 Subject: - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 [clientloop.c ssh.1] add dynamic forward escape command line; ok djm@ --- ChangeLog | 5 ++++- clientloop.c | 25 ++++++++++++++++--------- ssh.1 | 9 +++++---- 3 files changed, 25 insertions(+), 14 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index d49180e6e..1b4594114 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,9 @@ space was not malloc'd in that case. ok djm@ + - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 + [clientloop.c ssh.1] + add dynamic forward escape command line; ok djm@ 20081103 - OpenBSD CVS Sync @@ -4886,4 +4889,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5131 2008/11/05 05:30:06 djm Exp $ +$Id: ChangeLog,v 1.5132 2008/11/05 05:30:31 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 0ed4194a6..737807496 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.203 2008/11/01 17:40:33 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.204 2008/11/05 03:23:09 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -764,7 +764,7 @@ process_cmdline(void) void (*handler)(int); char *s, *cmd, *cancel_host; int delete = 0; - int local = 0; + int local = 0, remote = 0, dynamic = 0; u_short cancel_port; Forward fwd; @@ -789,6 +789,8 @@ process_cmdline(void) "Request local forward"); logit(" -R[bind_address:]port:host:hostport " "Request remote forward"); + logit(" -D[bind_address:]port " + "Request dynamic forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); if (!options.permit_local_command) @@ -808,17 +810,22 @@ process_cmdline(void) delete = 1; s++; } - if (*s != 'L' && *s != 'R') { + if (*s == 'L') + local = 1; + else if (*s == 'R') + remote = 1; + else if (*s == 'D') + dynamic = 1; + else { logit("Invalid command."); goto out; } - if (*s == 'L') - local = 1; - if (local && delete) { + + if ((local || dynamic) && delete) { logit("Not supported."); goto out; } - if ((!local || delete) && !compat20) { + if (remote && delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -842,11 +849,11 @@ process_cmdline(void) } channel_request_rforward_cancel(cancel_host, cancel_port); } else { - if (!parse_forward(&fwd, s, 0)) { + if (!parse_forward(&fwd, s, dynamic ? 1 : 0)) { logit("Bad forwarding specification."); goto out; } - if (local) { + if (local || dynamic) { if (channel_setup_local_fwd_listener(fwd.listen_host, fwd.listen_port, fwd.connect_host, fwd.connect_port, options.gateway_ports) < 0) { diff --git a/ssh.1 b/ssh.1 index c8cd2136c..5f55dfe9d 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.278 2008/10/08 23:34:03 djm Exp $ -.Dd $Mdocdate: October 8 2008 $ +.\" $OpenBSD: ssh.1,v 1.279 2008/11/05 03:23:09 stevesk Exp $ +.Dd $Mdocdate: November 5 2008 $ .Dt SSH 1 .Os .Sh NAME @@ -898,9 +898,10 @@ Send a BREAK to the remote system .It Cm ~C Open command line. Currently this allows the addition of port forwardings using the -.Fl L -and +.Fl L , .Fl R +and +.Fl D options (see above). It also allows the cancellation of existing remote port-forwardings using -- cgit v1.2.3 From 8533c7801d598fa048a7a0ef33d4404ae5d67b3e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Dec 2008 09:54:40 +1100 Subject: - markus@cvs.openbsd.org 2008/12/02 19:01:07 [clientloop.c] we have to use the recipient's channel number (RFC 4254) for SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, otherwise we trigger 'Non-public channel' error messages on sshd systems with clientkeepalive enabled; noticed by sturm; ok djm; --- ChangeLog | 9 ++++++++- clientloop.c | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 91fca57aa..92f61141f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,13 @@ - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually use some stack in main(). Report and suggested fix from vapier AT gentoo.org + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2008/12/02 19:01:07 + [clientloop.c] + we have to use the recipient's channel number (RFC 4254) for + SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, + otherwise we trigger 'Non-public channel' error messages on sshd + systems with clientkeepalive enabled; noticed by sturm; ok djm; 20081201 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files @@ -4950,5 +4957,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5148 2008/12/07 22:35:36 djm Exp $ +$Id: ChangeLog,v 1.5149 2008/12/07 22:54:40 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 737807496..df4545828 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.204 2008/11/05 03:23:09 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.205 2008/12/02 19:01:07 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1852,7 +1852,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) if (reply) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); - packet_put_int(id); + packet_put_int(c->remote_id); packet_send(); } xfree(rtype); -- cgit v1.2.3 From 586b00532f89e6166e6a74bdf3e801cc59449b84 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 9 Dec 2008 14:11:32 +1100 Subject: - djm@cvs.openbsd.org 2008/12/09 02:38:18 [clientloop.c] The ~C escape handler does not work correctly for multiplexed sessions - it opens a commandline on the master session, instead of on the slave that requested it. Disable it on slave sessions until such time as it is fixed; bz#1543 report from Adrian Bridgett via Colin Watson ok markus@ --- ChangeLog | 12 +++++++++++- clientloop.c | 8 ++++---- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 0c986d4c0..8626eee63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +20081209 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2008/12/09 02:38:18 + [clientloop.c] + The ~C escape handler does not work correctly for multiplexed sessions - + it opens a commandline on the master session, instead of on the slave + that requested it. Disable it on slave sessions until such time as it + is fixed; bz#1543 report from Adrian Bridgett via Colin Watson + ok markus@ + 20081208 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually use some stack in main(). @@ -4964,5 +4974,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5151 2008/12/07 22:55:25 djm Exp $ +$Id: ChangeLog,v 1.5152 2008/12/09 03:11:32 djm Exp $ diff --git a/clientloop.c b/clientloop.c index df4545828..0d228421c 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.205 2008/12/02 19:01:07 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.206 2008/12/09 02:38:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1042,7 +1042,6 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, Supported escape sequences:\r\n\ %c. - terminate session\r\n\ %cB - send a BREAK to the remote system\r\n\ - %cC - open a command line\r\n\ %cR - Request rekey (SSH protocol 2 only)\r\n\ %c# - list forwarded connections\r\n\ %c? - this message\r\n\ @@ -1051,8 +1050,7 @@ Supported escape sequences:\r\n\ escape_char, escape_char, escape_char, escape_char, escape_char, escape_char, - escape_char, escape_char, - escape_char); + escape_char, escape_char); } else { snprintf(string, sizeof string, "%c?\r\n\ @@ -1087,6 +1085,8 @@ Supported escape sequences:\r\n\ continue; case 'C': + if (c && c->ctl_fd != -1) + goto noescape; process_cmdline(); continue; -- cgit v1.2.3 From b3f2c9fcaf082077ba42f86272011fe08ece3afa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 28 Jan 2009 16:15:30 +1100 Subject: - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 [clientloop.c] fix typo in error message --- ChangeLog | 5 ++++- clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index f3a1b0033..482bd6bed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ few missing flags; add 'bye' to the output of 'help'; sorting and spacing. jmc@ suggested replacing .Oo/.Oc with a single .Op macro. ok jmc@ + - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 + [clientloop.c] + fix typo in error message 20090107 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. @@ -5023,5 +5026,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5163 2009/01/28 05:14:09 djm Exp $ +$Id: ChangeLog,v 1.5164 2009/01/28 05:15:30 djm Exp $ diff --git a/clientloop.c b/clientloop.c index 0d228421c..fdeedc351 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.206 2008/12/09 02:38:18 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.207 2008/12/09 22:37:33 stevesk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1728,7 +1728,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) return 0; if (!compat20) { - error("Tunnel forwarding is not support for protocol 1"); + error("Tunnel forwarding is not supported for protocol 1"); return -1; } -- cgit v1.2.3 From 3dc71ad8653bab5591fc75bb1d3e6aa8fb9360df Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 28 Jan 2009 16:31:22 +1100 Subject: - djm@cvs.openbsd.org 2009/01/22 10:02:34 [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] [serverloop.c ssh-keyscan.c ssh.c sshd.c] make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@ --- ChangeLog | 11 ++++++++++- clientloop.c | 10 +++++----- misc.c | 22 +++++++++------------- readconf.c | 6 +++--- readconf.h | 6 +++--- servconf.c | 20 ++++++++++---------- servconf.h | 8 ++++---- serverloop.c | 4 ++-- ssh-keyscan.c | 4 ++-- ssh.c | 4 ++-- sshd.c | 4 ++-- 11 files changed, 52 insertions(+), 47 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index 6b109e5be..2b371d11e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,15 @@ [channels.c] oops! I committed the wrong version of the Channel->path diff, it was missing some tweaks suggested by stevesk@ + - djm@cvs.openbsd.org 2009/01/22 10:02:34 + [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] + [serverloop.c ssh-keyscan.c ssh.c sshd.c] + make a2port() return -1 when it encounters an invalid port number + rather than 0, which it will now treat as valid (needed for future work) + adjust current consumers of a2port() to check its return value is <= 0, + which in turn required some things to be converted from u_short => int + make use of int vs. u_short consistent in some other places too + feedback & ok markus@ 20090107 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. @@ -5070,5 +5079,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5174 2009/01/28 05:30:33 djm Exp $ +$Id: ChangeLog,v 1.5175 2009/01/28 05:31:22 djm Exp $ diff --git a/clientloop.c b/clientloop.c index fdeedc351..1b5badb71 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.207 2008/12/09 22:37:33 stevesk Exp $ */ +/* $OpenBSD: clientloop.c,v 1.208 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -765,7 +765,7 @@ process_cmdline(void) char *s, *cmd, *cancel_host; int delete = 0; int local = 0, remote = 0, dynamic = 0; - u_short cancel_port; + int cancel_port; Forward fwd; bzero(&fwd, sizeof(fwd)); @@ -843,7 +843,7 @@ process_cmdline(void) cancel_port = a2port(cancel_host); cancel_host = NULL; } - if (cancel_port == 0) { + if (cancel_port <= 0) { logit("Bad forwarding close port"); goto out; } @@ -1638,7 +1638,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) { Channel *c = NULL; char *listen_address, *originator_address; - int listen_port, originator_port; + u_short listen_port, originator_port; /* Get rest of the packet */ listen_address = packet_get_string(NULL); @@ -1664,7 +1664,7 @@ client_request_x11(const char *request_type, int rchan) { Channel *c = NULL; char *originator; - int originator_port; + u_short originator_port; int sock; if (!options.forward_x11) { diff --git a/misc.c b/misc.c index 8b303f16f..755eda105 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.70 2009/01/22 10:02:34 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -221,23 +221,19 @@ pwcopy(struct passwd *pw) /* * Convert ASCII string to TCP/IP port number. - * Port must be >0 and <=65535. - * Return 0 if invalid. + * Port must be >=0 and <=65535. + * Return -1 if invalid. */ int a2port(const char *s) { - long port; - char *endp; - - errno = 0; - port = strtol(s, &endp, 0); - if (s == endp || *endp != '\0' || - (errno == ERANGE && (port == LONG_MIN || port == LONG_MAX)) || - port <= 0 || port > 65535) - return 0; + long long port; + const char *errstr; - return port; + port = strtonum(s, 0, 65535, &errstr); + if (errstr != NULL) + return -1; + return (int)port; } int diff --git a/readconf.c b/readconf.c index f63a00c47..0a8be1400 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.174 2009/01/15 17:38:43 stevesk Exp $ */ +/* $OpenBSD: readconf.c,v 1.175 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1279,11 +1279,11 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd) } else { if (!(i == 3 || i == 4)) goto fail_free; - if (fwd->connect_port == 0) + if (fwd->connect_port <= 0) goto fail_free; } - if (fwd->listen_port == 0) + if (fwd->listen_port <= 0) goto fail_free; if (fwd->connect_host != NULL && diff --git a/readconf.h b/readconf.h index c9e5f6a41..d94d65890 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.76 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.77 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen @@ -20,9 +20,9 @@ typedef struct { char *listen_host; /* Host (address) to listen on. */ - u_short listen_port; /* Port to forward. */ + int listen_port; /* Port to forward. */ char *connect_host; /* Host to connect. */ - u_short connect_port; /* Port to connect on connect_host. */ + int connect_port; /* Port to connect on connect_host. */ } Forward; /* Data structure for representing option data. */ diff --git a/servconf.c b/servconf.c index 7d8851860..e7fc2a781 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.193 2008/12/09 03:20:42 stevesk Exp $ */ +/* $OpenBSD: servconf.c,v 1.194 2009/01/22 10:02:34 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -42,8 +42,8 @@ #include "channels.h" #include "groupaccess.h" -static void add_listen_addr(ServerOptions *, char *, u_short); -static void add_one_listen_addr(ServerOptions *, char *, u_short); +static void add_listen_addr(ServerOptions *, char *, int); +static void add_one_listen_addr(ServerOptions *, char *, int); /* Use of privilege separation or not */ extern int use_privsep; @@ -460,7 +460,7 @@ parse_token(const char *cp, const char *filename, } static void -add_listen_addr(ServerOptions *options, char *addr, u_short port) +add_listen_addr(ServerOptions *options, char *addr, int port) { u_int i; @@ -476,7 +476,7 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port) } static void -add_one_listen_addr(ServerOptions *options, char *addr, u_short port) +add_one_listen_addr(ServerOptions *options, char *addr, int port) { struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; @@ -486,7 +486,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) hints.ai_family = options->address_family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; - snprintf(strport, sizeof strport, "%u", port); + snprintf(strport, sizeof strport, "%d", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", addr ? addr : "", @@ -642,7 +642,7 @@ process_server_config_line(ServerOptions *options, char *line, SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; - u_short port; + int port; u_int i, flags = 0; size_t len; @@ -699,7 +699,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: missing port number.", filename, linenum); options->ports[options->num_ports++] = a2port(arg); - if (options->ports[options->num_ports-1] == 0) + if (options->ports[options->num_ports-1] <= 0) fatal("%s line %d: Badly formatted port number.", filename, linenum); break; @@ -752,7 +752,7 @@ process_server_config_line(ServerOptions *options, char *line, p = cleanhostname(p); if (arg == NULL) port = 0; - else if ((port = a2port(arg)) == 0) + else if ((port = a2port(arg)) <= 0) fatal("%s line %d: bad port number", filename, linenum); add_listen_addr(options, p, port); @@ -1265,7 +1265,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: missing host in PermitOpen", filename, linenum); p = cleanhostname(p); - if (arg == NULL || (port = a2port(arg)) == 0) + if (arg == NULL || (port = a2port(arg)) <= 0) fatal("%s line %d: bad port number in " "PermitOpen", filename, linenum); if (*activep && n == -1) diff --git a/servconf.h b/servconf.h index 1d4c3a01a..b3ac7da4b 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.86 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.87 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen @@ -41,9 +41,9 @@ #define INTERNAL_SFTP_NAME "internal-sftp" typedef struct { - u_int num_ports; - u_int ports_from_cmdline; - u_short ports[MAX_PORTS]; /* Port number to listen on. */ + u_int num_ports; + u_int ports_from_cmdline; + int ports[MAX_PORTS]; /* Port number to listen on. */ char *listen_addr; /* Address on which the server listens. */ struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ int address_family; /* Address family used by the server. */ diff --git a/serverloop.c b/serverloop.c index 6a3ae1665..931779e30 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.154 2008/12/02 19:08:59 markus Exp $ */ +/* $OpenBSD: serverloop.c,v 1.155 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -942,7 +942,7 @@ server_request_direct_tcpip(void) { Channel *c; char *target, *originator; - int target_port, originator_port; + u_short target_port, originator_port; target = packet_get_string(NULL); target_port = packet_get_int(); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c6ec3507e..9a91be499 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.77 2008/11/01 11:14:36 sobrado Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.78 2009/01/22 10:02:34 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -748,7 +748,7 @@ main(int argc, char **argv) break; case 'p': ssh_port = a2port(optarg); - if (ssh_port == 0) { + if (ssh_port <= 0) { fprintf(stderr, "Bad port '%s'\n", optarg); exit(1); } diff --git a/ssh.c b/ssh.c index 5bb67c5b1..26f070f3e 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.322 2008/11/01 17:40:33 stevesk Exp $ */ +/* $OpenBSD: ssh.c,v 1.323 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -443,7 +443,7 @@ main(int ac, char **av) break; case 'p': options.port = a2port(optarg); - if (options.port == 0) { + if (options.port <= 0) { fprintf(stderr, "Bad port '%s'\n", optarg); exit(255); } diff --git a/sshd.c b/sshd.c index fa314b8a7..3b5cd3cfd 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.365 2008/10/30 19:31:16 stevesk Exp $ */ +/* $OpenBSD: sshd.c,v 1.366 2009/01/22 10:02:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1333,7 +1333,7 @@ main(int ac, char **av) exit(1); } options.ports[options.num_ports++] = a2port(optarg); - if (options.ports[options.num_ports-1] == 0) { + if (options.ports[options.num_ports-1] <= 0) { fprintf(stderr, "Bad port number.\n"); exit(1); } -- cgit v1.2.3 From 4bf648f7766ba764d7a78b1dbb26df4f0d42a8c9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Feb 2009 16:28:21 +1100 Subject: - djm@cvs.openbsd.org 2009/02/12 03:00:56 [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] [readconf.h serverloop.c ssh.c] support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@ --- ChangeLog | 8 +++++++- canohost.c | 4 ++-- canohost.h | 4 +++- channels.c | 52 ++++++++++++++++++++++++++++++++++++++++++++-------- channels.h | 4 ++-- clientloop.c | 4 ++-- readconf.c | 13 +++++++++---- readconf.h | 4 ++-- serverloop.c | 9 ++++++--- ssh.c | 15 +++++++++++---- 10 files changed, 88 insertions(+), 29 deletions(-) (limited to 'clientloop.c') diff --git a/ChangeLog b/ChangeLog index cdcd1aced..d8f8f2610 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,12 @@ [sftp.c] Initialize a few variables to prevent spurious "may be used uninitialized" warnings from newer gcc's. ok djm@ + - djm@cvs.openbsd.org 2009/02/12 03:00:56 + [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] + [readconf.h serverloop.c ssh.c] + support remote port forwarding with a zero listen port (-R0:...) to + dyamically allocate a listen port at runtime (this is actually + specified in rfc4254); bz#1003 ok markus@ 20090212 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically @@ -5130,5 +5136,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5186 2009/02/14 05:26:19 djm Exp $ +$Id: ChangeLog,v 1.5187 2009/02/14 05:28:21 djm Exp $ diff --git a/canohost.c b/canohost.c index 42011fd0a..7138f48d0 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.63 2008/06/12 00:03:49 dtucker Exp $ */ +/* $OpenBSD: canohost.c,v 1.64 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -342,7 +342,7 @@ get_remote_name_or_ip(u_int utmp_len, int use_dns) /* Returns the local/remote port for the socket. */ -static int +int get_sock_port(int sock, int local) { struct sockaddr_storage from; diff --git a/canohost.h b/canohost.h index e33e8941b..d9b41ffe5 100644 --- a/canohost.h +++ b/canohost.h @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: canohost.h,v 1.10 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen @@ -23,5 +23,7 @@ char *get_local_name(int); int get_remote_port(void); int get_local_port(void); +int get_sock_port(int, int); + void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/channels.c b/channels.c index 0b1c34c83..dea60ba24 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.294 2009/01/22 09:49:57 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.295 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2460,7 +2460,8 @@ channel_set_af(int af) } static int -channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, +channel_setup_fwd_listener(int type, const char *listen_addr, + u_short listen_port, int *allocated_listen_port, const char *host_to_connect, u_short port_to_connect, int gateway_ports) { Channel *c; @@ -2468,6 +2469,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por struct addrinfo hints, *ai, *aitop; const char *host, *addr; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + in_port_t *lport_p; host = (type == SSH_CHANNEL_RPORT_LISTENER) ? listen_addr : host_to_connect; @@ -2536,10 +2538,29 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por } return 0; } - + if (allocated_listen_port != NULL) + *allocated_listen_port = 0; for (ai = aitop; ai; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + switch (ai->ai_family) { + case AF_INET: + lport_p = &((struct sockaddr_in *)ai->ai_addr)-> + sin_port; + break; + case AF_INET6: + lport_p = &((struct sockaddr_in6 *)ai->ai_addr)-> + sin6_port; + break; + default: continue; + } + /* + * If allocating a port for -R forwards, then use the + * same port for all address families. + */ + if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && + allocated_listen_port != NULL && *allocated_listen_port > 0) + *lport_p = htons(*allocated_listen_port); + if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { error("channel_setup_fwd_listener: getnameinfo failed"); @@ -2555,7 +2576,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por channel_set_reuseaddr(sock); - debug("Local forwarding listening on %s port %s.", ntop, strport); + debug("Local forwarding listening on %s port %s.", + ntop, strport); /* Bind the socket to the address. */ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { @@ -2574,6 +2596,19 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por close(sock); continue; } + + /* + * listen_port == 0 requests a dynamically allocated port - + * record what we got. + */ + if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && + allocated_listen_port != NULL && + *allocated_listen_port == 0) { + *allocated_listen_port = get_sock_port(sock, 1); + debug("Allocated listen port %d", + *allocated_listen_port); + } + /* Allocate a channel number for the socket. */ c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, @@ -2616,17 +2651,18 @@ channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, - listen_host, listen_port, host_to_connect, port_to_connect, + listen_host, listen_port, NULL, host_to_connect, port_to_connect, gateway_ports); } /* protocol v2 remote port fwd, used by sshd */ int channel_setup_remote_fwd_listener(const char *listen_address, - u_short listen_port, int gateway_ports) + u_short listen_port, int *allocated_listen_port, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, NULL, 0, gateway_ports); + listen_address, listen_port, allocated_listen_port, + NULL, 0, gateway_ports); } /* diff --git a/channels.h b/channels.h index 19fee769c..1488ed7e5 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.97 2009/01/22 09:46:01 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.98 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen @@ -245,7 +245,7 @@ int channel_request_remote_forwarding(const char *, u_short, int channel_setup_local_fwd_listener(const char *, u_short, const char *, u_short, int); void channel_request_rforward_cancel(const char *host, u_short port); -int channel_setup_remote_fwd_listener(const char *, u_short, int); +int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); /* x11 forwarding */ diff --git a/clientloop.c b/clientloop.c index 1b5badb71..a2d2d1d07 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.208 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -849,7 +849,7 @@ process_cmdline(void) } channel_request_rforward_cancel(cancel_host, cancel_port); } else { - if (!parse_forward(&fwd, s, dynamic ? 1 : 0)) { + if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); goto out; } diff --git a/readconf.c b/readconf.c index 0a8be1400..53fc6c7ba 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.175 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -735,7 +735,8 @@ parse_int: } if (parse_forward(&fwd, fwdarg, - opcode == oDynamicForward ? 1 : 0) == 0) + opcode == oDynamicForward ? 1 : 0, + opcode == oRemoteForward ? 1 : 0) == 0) fatal("%.200s line %d: Bad forwarding specification.", filename, linenum); @@ -1220,7 +1221,7 @@ fill_default_options(Options * options) * returns number of arguments parsed or zero on error */ int -parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd) +parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) { int i; char *p, *cp, *fwdarg[4]; @@ -1283,12 +1284,16 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd) goto fail_free; } - if (fwd->listen_port <= 0) + if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0)) goto fail_free; if (fwd->connect_host != NULL && strlen(fwd->connect_host) >= NI_MAXHOST) goto fail_free; + if (fwd->listen_host != NULL && + strlen(fwd->listen_host) >= NI_MAXHOST) + goto fail_free; + return (i); diff --git a/readconf.h b/readconf.h index d94d65890..8fb3a8528 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.77 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.78 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen @@ -134,7 +134,7 @@ typedef struct { void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); -int parse_forward(Forward *, const char *, int); +int parse_forward(Forward *, const char *, int, int); int process_config_line(Options *, const char *, char *, const char *, int, int *); diff --git a/serverloop.c b/serverloop.c index 931779e30..6244ad71c 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.155 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.156 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1095,7 +1095,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) { char *rtype; int want_reply; - int success = 0; + int success = 0, allocated_listen_port = 0; rtype = packet_get_string(NULL); want_reply = packet_get_char(); @@ -1119,7 +1119,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) if (!options.allow_tcp_forwarding || no_port_forwarding_flag #ifndef NO_IPPORT_RESERVED_CONCEPT - || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) + || (listen_port != 0 && + listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif ) { success = 0; @@ -1149,6 +1150,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) if (want_reply) { packet_start(success ? SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); + if (success && allocated_listen_port > 0) + packet_put_int(allocated_listen_port); packet_send(); packet_write_wait(); } diff --git a/ssh.c b/ssh.c index 26f070f3e..9d43bb74f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.323 2009/01/22 10:02:34 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.324 2009/02/12 03:00:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -453,7 +453,7 @@ main(int ac, char **av) break; case 'L': - if (parse_forward(&fwd, optarg, 0)) + if (parse_forward(&fwd, optarg, 0, 0)) add_local_forward(&options, &fwd); else { fprintf(stderr, @@ -464,7 +464,7 @@ main(int ac, char **av) break; case 'R': - if (parse_forward(&fwd, optarg, 0)) { + if (parse_forward(&fwd, optarg, 0, 1)) { add_remote_forward(&options, &fwd); } else { fprintf(stderr, @@ -475,7 +475,7 @@ main(int ac, char **av) break; case 'D': - if (parse_forward(&fwd, optarg, 1)) { + if (parse_forward(&fwd, optarg, 1, 0)) { add_local_forward(&options, &fwd); } else { fprintf(stderr, @@ -837,9 +837,16 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) { Forward *rfwd = (Forward *)ctxt; + /* XXX verbose() on failure? */ debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); + if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { + logit("Allocated port %u for remote forward to %s:%d", + packet_get_int(), + rfwd->connect_host, rfwd->connect_port); + } + if (type == SSH2_MSG_REQUEST_FAILURE) { if (options.exit_on_forward_failure) fatal("Error: remote port forwarding failed for " -- cgit v1.2.3