Bugzilla – Attachment 1255 Details for
Bug 1003
Support dynamic listen port allocation for remote forwards (-R0:...)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch for 4.6p1
openssh-4.6p1-port-0-forwarding.patch (text/plain), 6.40 KB, created by
Ron Yorston
on 2007-03-19 09:00:12 AEDT
(
hide
)
Description:
Updated patch for 4.6p1
Filename:
MIME Type:
Creator:
Ron Yorston
Created:
2007-03-19 09:00:12 AEDT
Size:
6.40 KB
patch
obsolete
>--- openssh-4.6p1/serverloop.c.port-0-forwarding 2007-01-28 23:16:28.000000000 +0000 >+++ openssh-4.6p1/serverloop.c 2007-03-18 20:36:10.000000000 +0000 >@@ -1090,6 +1090,8 @@ > char *rtype; > int want_reply; > int success = 0; >+ u_short listen_port, real_listen_port; >+ int tcpip_forward = 0; /* boolean */ > > rtype = packet_get_string(NULL); > want_reply = packet_get_char(); >@@ -1099,13 +1101,14 @@ > if (strcmp(rtype, "tcpip-forward") == 0) { > struct passwd *pw; > char *listen_address; >- u_short listen_port; > >+ tcpip_forward = 1; /* boolean, used for reply */ > pw = the_authctxt->pw; > if (pw == NULL || !the_authctxt->valid) > fatal("server_input_global_request: no/invalid user"); > listen_address = packet_get_string(NULL); > listen_port = (u_short)packet_get_int(); >+ real_listen_port = listen_port; > debug("server_input_global_request: tcpip-forward listen %s port %d", > listen_address, listen_port); > >@@ -1113,7 +1116,7 @@ > if (!options.allow_tcp_forwarding || > no_port_forwarding_flag > #ifndef NO_IPPORT_RESERVED_CONCEPT >- || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) >+ || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0 && listen_port != 0) > #endif > ) { > success = 0; >@@ -1121,7 +1124,7 @@ > } else { > /* Start listening on the port */ > success = channel_setup_remote_fwd_listener( >- listen_address, listen_port, options.gateway_ports); >+ listen_address, &real_listen_port, options.gateway_ports); > } > xfree(listen_address); > } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { >@@ -1140,6 +1143,8 @@ > if (want_reply) { > packet_start(success ? > SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); >+ if (success && tcpip_forward && listen_port == 0) >+ packet_put_int(real_listen_port); > packet_send(); > packet_write_wait(); > } >--- openssh-4.6p1/channels.c.port-0-forwarding 2007-01-28 23:16:28.000000000 +0000 >+++ openssh-4.6p1/channels.c 2007-03-18 20:39:06.000000000 +0000 >@@ -2340,12 +2340,12 @@ > } > > static int >-channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, >+channel_setup_fwd_listener(int type, const char *listen_addr, u_short *listen_port, > const char *host_to_connect, u_short port_to_connect, int gateway_ports) > { > Channel *c; > int sock, r, success = 0, wildcard = 0, is_client; >- struct addrinfo hints, *ai, *aitop; >+ struct addrinfo hints, *ai, *aitop, *ai2; > const char *host, *addr; > char ntop[NI_MAXHOST], strport[NI_MAXSERV]; > >@@ -2403,7 +2403,7 @@ > hints.ai_family = IPv4or6; > hints.ai_flags = wildcard ? AI_PASSIVE : 0; > hints.ai_socktype = SOCK_STREAM; >- snprintf(strport, sizeof strport, "%d", listen_port); >+ snprintf(strport, sizeof strport, "%d", (int)*listen_port); > if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { > if (addr == NULL) { > /* This really shouldn't happen */ >@@ -2447,6 +2447,43 @@ > close(sock); > continue; > } >+ >+ /* If the specified port was 0, get the actual port number */ >+ if (*listen_port == 0) { >+ if (ai->ai_family == AF_INET) { >+ struct sockaddr_in realport; >+ socklen_t realportsz = (socklen_t)sizeof(realport); >+ if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) { >+ error("getsockname: %.100s", strerror(errno)); >+ close(sock); >+ continue; >+ } >+ *listen_port = (u_short)ntohs(realport.sin_port); >+ } >+ else { >+ struct sockaddr_in6 realport; >+ socklen_t realportsz = (socklen_t)sizeof(realport); >+ if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) { >+ error("getsockname: %.100s", strerror(errno)); >+ close(sock); >+ continue; >+ } >+ *listen_port = (u_short)ntohs(realport.sin6_port); >+ } >+ >+ /* use the same port for all other sockets */ >+ for (ai2 = ai->ai_next; ai2; ai2 = ai2->ai_next) { >+ if (ai->ai_family == AF_INET) { >+ ((struct sockaddr_in *)ai2->ai_addr)->sin_port = >+ htons(*listen_port); >+ } >+ else { >+ ((struct sockaddr_in6 *)ai2->ai_addr)->sin6_port = >+ htons(*listen_port); >+ } >+ } >+ } >+ > /* Start listening for connections on the socket. */ > if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { > error("listen: %.100s", strerror(errno)); >@@ -2459,12 +2496,12 @@ > 0, "port listener", 1); > strlcpy(c->path, host, sizeof(c->path)); > c->host_port = port_to_connect; >- c->listening_port = listen_port; >+ c->listening_port = *listen_port; > success = 1; > } > if (success == 0) > error("channel_setup_fwd_listener: cannot listen to port: %d", >- listen_port); >+ (int)*listen_port); > freeaddrinfo(aitop); > return success; > } >@@ -2496,14 +2533,14 @@ > const char *host_to_connect, u_short port_to_connect, int gateway_ports) > { > return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, >- listen_host, listen_port, host_to_connect, port_to_connect, >+ listen_host, &listen_port, host_to_connect, port_to_connect, > gateway_ports); > } > > /* protocol v2 remote port fwd, used by sshd */ > int > channel_setup_remote_fwd_listener(const char *listen_address, >- u_short listen_port, int gateway_ports) >+ u_short *listen_port, int gateway_ports) > { > return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, > listen_address, listen_port, NULL, 0, gateway_ports); >@@ -2548,8 +2585,22 @@ > packet_put_int(listen_port); > packet_send(); > packet_write_wait(); >- /* Assume that server accepts the request */ >- success = 1; >+ >+ type = packet_read(); >+ switch(type) { >+ case SSH2_MSG_REQUEST_SUCCESS: >+ success = 1; >+ if (listen_port == 0) >+ listen_port = (u_short)packet_get_int(); >+ break; >+ case SSH2_MSG_REQUEST_FAILURE: >+ logit("Warning: Server denied remote port 0 forwarding."); >+ break; >+ default: >+ /* Unknown packet */ >+ packet_disconnect("Protocol error for port 0 forward request:" >+ "received packet typr %d.", type); >+ } > } else { > packet_start(SSH_CMSG_PORT_FORWARD_REQUEST); > packet_put_int(listen_port); >--- openssh-4.6p1/channels.h.port-0-forwarding 2006-08-05 03:39:39.000000000 +0100 >+++ openssh-4.6p1/channels.h 2007-03-18 20:39:44.000000000 +0000 >@@ -216,7 +216,7 @@ > int channel_setup_local_fwd_listener(const char *, u_short, > const char *, u_short, int); > void channel_request_rforward_cancel(const char *host, u_short port); >-int channel_setup_remote_fwd_listener(const char *, u_short, int); >+int channel_setup_remote_fwd_listener(const char *, u_short *, int); > int channel_cancel_rport_listener(const char *, u_short); > > /* x11 forwarding */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1255">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1003
:
858
|
879
|
1255
|
1595
|
1596