View | Details | Raw Unified | Return to bug 2038 | Differences between
and this patch

Collapse All | Expand All

(-)a/channels.c (+118 lines)
Lines 126-140 typedef struct { Link Here
126
126
127
/* List of all permitted host/port pairs to connect by the user. */
127
/* List of all permitted host/port pairs to connect by the user. */
128
static ForwardPermission *permitted_opens = NULL;
128
static ForwardPermission *permitted_opens = NULL;
129
static ForwardPermission *permitted_remote_opens = NULL;
129
130
130
/* List of all permitted host/port pairs to connect by the admin. */
131
/* List of all permitted host/port pairs to connect by the admin. */
131
static ForwardPermission *permitted_adm_opens = NULL;
132
static ForwardPermission *permitted_adm_opens = NULL;
133
static ForwardPermission *permitted_adm_remote_opens = NULL;
132
134
133
/* Number of permitted host/port pairs in the array permitted by the user. */
135
/* Number of permitted host/port pairs in the array permitted by the user. */
134
static int num_permitted_opens = 0;
136
static int num_permitted_opens = 0;
137
static int num_permitted_remote_opens = 0;
135
138
136
/* Number of permitted host/port pair in the array permitted by the admin. */
139
/* Number of permitted host/port pair in the array permitted by the admin. */
137
static int num_adm_permitted_opens = 0;
140
static int num_adm_permitted_opens = 0;
141
static int num_adm_permitted_remote_opens = 0;
138
142
139
/* special-case port number meaning allow any port */
143
/* special-case port number meaning allow any port */
140
#define FWD_PERMIT_ANY_PORT	0
144
#define FWD_PERMIT_ANY_PORT	0
Lines 148-153 static int num_adm_permitted_opens = 0; Link Here
148
 * anything after logging in anyway.
152
 * anything after logging in anyway.
149
 */
153
 */
150
static int all_opens_permitted = 0;
154
static int all_opens_permitted = 0;
155
static int all_remote_opens_permitted = 0;
151
156
152
157
153
/* -- X11 forwarding */
158
/* -- X11 forwarding */
Lines 3816-3821 channel_permit_all_opens(void) Link Here
3816
	if (num_permitted_opens == 0)
3821
	if (num_permitted_opens == 0)
3817
		all_opens_permitted = 1;
3822
		all_opens_permitted = 1;
3818
}
3823
}
3824
void
3825
channel_permit_all_remote_opens(void)
3826
{
3827
	if (num_permitted_remote_opens == 0)
3828
		all_remote_opens_permitted = 1;
3829
}
3830
3819
3831
3820
void
3832
void
3821
channel_add_permitted_opens(char *host, int port)
3833
channel_add_permitted_opens(char *host, int port)
Lines 3835-3840 channel_add_permitted_opens(char *host, int port) Link Here
3835
	all_opens_permitted = 0;
3847
	all_opens_permitted = 0;
3836
}
3848
}
3837
3849
3850
void
3851
channel_add_permitted_remote_opens(int port)
3852
{
3853
	debug("allow remote port forwarding %d", port);
3854
3855
	permitted_remote_opens = xreallocarray(permitted_remote_opens,
3856
	    num_permitted_remote_opens + 1, sizeof(*permitted_remote_opens));
3857
	permitted_remote_opens[num_permitted_remote_opens].listen_port = port;
3858
	num_permitted_remote_opens++;
3859
3860
	all_remote_opens_permitted = 0;
3861
}
3862
3838
/*
3863
/*
3839
 * Update the listen port for a dynamic remote forward, after
3864
 * Update the listen port for a dynamic remote forward, after
3840
 * the actual 'newport' has been allocated. If 'newport' < 0 is
3865
 * the actual 'newport' has been allocated. If 'newport' < 0 is
Lines 3884-3889 channel_add_adm_permitted_opens(char *host, int port) Link Here
3884
	return ++num_adm_permitted_opens;
3909
	return ++num_adm_permitted_opens;
3885
}
3910
}
3886
3911
3912
int
3913
channel_add_adm_permitted_remote_opens(int port)
3914
{
3915
	debug("config allows remote port forwarding,  port %d", port);
3916
3917
	permitted_adm_remote_opens = xreallocarray(permitted_adm_remote_opens,
3918
	    num_adm_permitted_remote_opens + 1, sizeof(*permitted_adm_remote_opens));
3919
	permitted_adm_remote_opens[num_adm_permitted_remote_opens].listen_port = port;
3920
	return ++num_adm_permitted_remote_opens;
3921
}
3922
3923
3887
void
3924
void
3888
channel_disable_adm_local_opens(void)
3925
channel_disable_adm_local_opens(void)
3889
{
3926
{
Lines 3894-3899 channel_disable_adm_local_opens(void) Link Here
3894
}
3931
}
3895
3932
3896
void
3933
void
3934
channel_disable_adm_remote_opens(void)
3935
{
3936
	channel_clear_adm_permitted_remote_opens();
3937
	permitted_adm_remote_opens = xmalloc(sizeof(*permitted_adm_remote_opens));
3938
	permitted_adm_remote_opens[num_adm_permitted_remote_opens].host_to_connect = NULL;
3939
	num_adm_permitted_remote_opens = 1;
3940
}
3941
3942
void
3897
channel_clear_permitted_opens(void)
3943
channel_clear_permitted_opens(void)
3898
{
3944
{
3899
	int i;
3945
	int i;
Lines 3909-3914 channel_clear_permitted_opens(void) Link Here
3909
}
3955
}
3910
3956
3911
void
3957
void
3958
channel_clear_permitted_remote_opens(void)
3959
{
3960
3961
	free(permitted_remote_opens);
3962
	permitted_remote_opens = NULL;
3963
	num_permitted_remote_opens = 0;
3964
}
3965
3966
3967
void
3912
channel_clear_adm_permitted_opens(void)
3968
channel_clear_adm_permitted_opens(void)
3913
{
3969
{
3914
	int i;
3970
	int i;
Lines 3924-3929 channel_clear_adm_permitted_opens(void) Link Here
3924
}
3980
}
3925
3981
3926
void
3982
void
3983
channel_clear_adm_permitted_remote_opens(void)
3984
{
3985
	free(permitted_adm_remote_opens);
3986
	permitted_adm_remote_opens = NULL;
3987
	num_adm_permitted_remote_opens = 0;
3988
}
3989
3990
3991
void
3927
channel_print_adm_permitted_opens(void)
3992
channel_print_adm_permitted_opens(void)
3928
{
3993
{
3929
	int i;
3994
	int i;
Lines 4217-4222 channel_connect_to_path(const char *path, char *ctype, char *rname) Link Here
4217
	return connect_to(path, PORT_STREAMLOCAL, ctype, rname);
4282
	return connect_to(path, PORT_STREAMLOCAL, ctype, rname);
4218
}
4283
}
4219
4284
4285
static int
4286
remote_port_match(u_short allowedport, u_short requestedport)
4287
{
4288
        if (allowedport == FWD_PERMIT_ANY_PORT ||
4289
            allowedport == requestedport)
4290
                return 1;
4291
        return 0;
4292
}
4293
4294
/* Check if remote port is permitted and connect. */
4295
int
4296
channel_connect_remote_to(u_short port)
4297
{
4298
	int i, permit, permit_adm = 1;
4299
	int allowed_port = 0;
4300
4301
	permit = all_remote_opens_permitted;
4302
	if (!permit) {
4303
		for (i = 0; i < num_permitted_remote_opens; i++) {
4304
			allowed_port = permitted_remote_opens[i].listen_port;
4305
			debug("i=%d check remote permitted vs requested "
4306
					"%u vs %u", i, allowed_port, port);
4307
			if ( remote_port_match(allowed_port, port)) {
4308
				debug2("i=%d found match remote permitted vs "
4309
						"requested %u==%u", i, allowed_port, port);
4310
				permit = 1;
4311
				break;
4312
			}
4313
		}
4314
	}
4315
	if (num_adm_permitted_remote_opens > 0) {
4316
		permit_adm = 0;
4317
		for (i = 0; i < num_adm_permitted_remote_opens; i++)
4318
			allowed_port = permitted_adm_remote_opens[i].listen_port;
4319
			if (remote_port_match(allowed_port, port) ) {
4320
				/*  && strcmp(permitted_adm_remote_opens[i].host_to_connect, host) == 0) */
4321
				debug2("i=%d found match admin remote permitted vs "
4322
						"requested %u==%u", i, allowed_port, port);
4323
				permit_adm = 1;
4324
			}
4325
	}
4326
4327
	if (!permit || !permit_adm) {
4328
		logit("Received request to forward remote port %d, "
4329
		      "but the request was denied. return %d", port, permit);
4330
		return 0;
4331
	}
4332
	return ( permit | permit_adm);
4333
}
4334
4335
4336
4220
void
4337
void
4221
channel_send_window_changes(void)
4338
channel_send_window_changes(void)
4222
{
4339
{
Lines 4670-4672 auth_request_forwarding(void) Link Here
4670
	packet_send();
4787
	packet_send();
4671
	packet_write_wait();
4788
	packet_write_wait();
4672
}
4789
}
4790
(-)a/channels.h (-1 / +8 lines)
Lines 268-280 struct Forward; Link Here
268
struct ForwardOptions;
268
struct ForwardOptions;
269
void	 channel_set_af(int af);
269
void	 channel_set_af(int af);
270
void     channel_permit_all_opens(void);
270
void     channel_permit_all_opens(void);
271
void	 channel_add_permitted_opens(char *, int);
271
void	 channel_permit_all_remote_opens(void);
272
void     channel_add_permitted_opens(char *, int);
273
void	 channel_add_permitted_remote_opens(int);
272
int	 channel_add_adm_permitted_opens(char *, int);
274
int	 channel_add_adm_permitted_opens(char *, int);
275
int	 channel_add_adm_permitted_remote_opens(int);
273
void	 channel_disable_adm_local_opens(void);
276
void	 channel_disable_adm_local_opens(void);
277
void	 channel_disable_adm_remote_opens(void);
274
void	 channel_update_permitted_opens(int, int);
278
void	 channel_update_permitted_opens(int, int);
275
void	 channel_clear_permitted_opens(void);
279
void	 channel_clear_permitted_opens(void);
276
void	 channel_clear_adm_permitted_opens(void);
280
void	 channel_clear_adm_permitted_opens(void);
281
void	 channel_clear_permitted_remote_opens(void);
282
void	 channel_clear_adm_permitted_remote_opens(void);
277
void 	 channel_print_adm_permitted_opens(void);
283
void 	 channel_print_adm_permitted_opens(void);
284
int	 channel_connect_remote_to(u_short);
278
Channel	*channel_connect_to_port(const char *, u_short, char *, char *, int *,
285
Channel	*channel_connect_to_port(const char *, u_short, char *, char *, int *,
279
	     const char **);
286
	     const char **);
280
Channel *channel_connect_to_path(const char *, char *, char *);
287
Channel *channel_connect_to_path(const char *, char *, char *);
(-)a/servconf.c (-1 / +34 lines)
Lines 150-155 initialize_server_options(ServerOptions *options) Link Here
150
	options->num_accept_env = 0;
150
	options->num_accept_env = 0;
151
	options->permit_tun = -1;
151
	options->permit_tun = -1;
152
	options->num_permitted_opens = -1;
152
	options->num_permitted_opens = -1;
153
	options->num_permitted_remote_opens = -1;
153
	options->adm_forced_command = NULL;
154
	options->adm_forced_command = NULL;
154
	options->chroot_directory = NULL;
155
	options->chroot_directory = NULL;
155
	options->authorized_keys_command = NULL;
156
	options->authorized_keys_command = NULL;
Lines 408-414 typedef enum { Link Here
408
	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
409
	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
409
	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
410
	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
410
	sAcceptEnv, sPermitTunnel,
411
	sAcceptEnv, sPermitTunnel,
411
	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
412
	sMatch, sPermitOpen, sPermitRemoteOpen, sForceCommand, sChrootDirectory,
412
	sUsePrivilegeSeparation, sAllowAgentForwarding,
413
	sUsePrivilegeSeparation, sAllowAgentForwarding,
413
	sHostCertificate,
414
	sHostCertificate,
414
	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
415
	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
Lines 542-547 static struct { Link Here
542
	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
543
	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
543
	{ "match", sMatch, SSHCFG_ALL },
544
	{ "match", sMatch, SSHCFG_ALL },
544
	{ "permitopen", sPermitOpen, SSHCFG_ALL },
545
	{ "permitopen", sPermitOpen, SSHCFG_ALL },
546
	{ "permitremoteopen", sPermitRemoteOpen, SSHCFG_ALL },
545
	{ "forcecommand", sForceCommand, SSHCFG_ALL },
547
	{ "forcecommand", sForceCommand, SSHCFG_ALL },
546
	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
548
	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
547
	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
549
	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
Lines 1658-1663 process_server_config_line(ServerOptions *options, char *line, Link Here
1658
				    channel_add_adm_permitted_opens(p, port);
1660
				    channel_add_adm_permitted_opens(p, port);
1659
		}
1661
		}
1660
		break;
1662
		break;
1663
	case sPermitRemoteOpen:
1664
		arg = strdelim(&cp);
1665
		if (!arg || *arg == '\0')
1666
			fatal("%s line %d: missing PermitRemoteOpen "
1667
				" specification", filename, linenum);
1668
		n = options->num_permitted_remote_opens; /* modified later */
1669
		if (strcmp(arg, "any") == 0) {
1670
			if (*activep && n == -1) {
1671
				channel_clear_adm_permitted_remote_opens();
1672
				options->num_permitted_remote_opens = 0;
1673
			}
1674
			break;
1675
		}
1676
		if (strcmp(arg, "none") == 0) {
1677
			if (*activep && n == -1) {
1678
				options->num_permitted_remote_opens = 1;
1679
				channel_disable_adm_remote_opens();
1680
			}
1681
			break;
1682
		}
1683
		if (*activep && n == -1)
1684
			channel_clear_adm_permitted_remote_opens();
1685
		for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1686
			if (arg == NULL || ((port = permitopen_port(arg)) < 0))
1687
				fatal("%s line %d: bad port number in "
1688
				      "PermitRemoteOpen", filename, linenum);
1689
			if (*activep && n == -1)
1690
				options->num_permitted_remote_opens =
1691
					channel_add_adm_permitted_remote_opens(port);
1692
		}
1693
		break;
1661
1694
1662
	case sForceCommand:
1695
	case sForceCommand:
1663
		if (cp == NULL || *cp == '\0')
1696
		if (cp == NULL || *cp == '\0')
(-)a/servconf.h (+1 lines)
Lines 170-175 typedef struct { Link Here
170
	int	permit_tun;
170
	int	permit_tun;
171
171
172
	int	num_permitted_opens;
172
	int	num_permitted_opens;
173
	int	num_permitted_remote_opens;
173
174
174
	char   *chroot_directory;
175
	char   *chroot_directory;
175
	char   *revoked_keys_file;
176
	char   *revoked_keys_file;
(-)a/serverloop.c (-3 / +11 lines)
Lines 737-745 server_input_global_request(int type, u_int32_t seq, void *ctxt) Link Here
737
			success = 0;
737
			success = 0;
738
			packet_send_debug("Server has disabled port forwarding.");
738
			packet_send_debug("Server has disabled port forwarding.");
739
		} else {
739
		} else {
740
			/* Start listening on the port */
740
			debug2("check permitted remote opens");
741
			success = channel_setup_remote_fwd_listener(&fwd,
741
			if (!channel_connect_remote_to(fwd.listen_port)) {
742
			    &allocated_listen_port, &options.fwd_opts);
742
				success = 0;
743
				packet_send_debug("Server denied remote port forward request.");
744
			}
745
			else {
746
				/* Start listening on the port */
747
				success = channel_setup_remote_fwd_listener(&fwd,
748
						&allocated_listen_port,
749
						&options.fwd_opts);
750
			}
743
		}
751
		}
744
		free(fwd.listen_host);
752
		free(fwd.listen_host);
745
		if ((resp = sshbuf_new()) == NULL)
753
		if ((resp = sshbuf_new()) == NULL)
(-)a/session.c (-2 / +6 lines)
Lines 258-267 do_authenticated(Authctxt *authctxt) Link Here
258
	/* setup the channel layer */
258
	/* setup the channel layer */
259
	/* XXX - streamlocal? */
259
	/* XXX - streamlocal? */
260
	if (no_port_forwarding_flag || options.disable_forwarding ||
260
	if (no_port_forwarding_flag || options.disable_forwarding ||
261
	    (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
261
	    (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) {
262
		channel_disable_adm_local_opens();
262
		channel_disable_adm_local_opens();
263
	else
263
		channel_disable_adm_remote_opens();
264
	}
265
	else {
264
		channel_permit_all_opens();
266
		channel_permit_all_opens();
267
		channel_permit_all_remote_opens();
268
	}
265
269
266
	auth_debug_send();
270
	auth_debug_send();
267
271
(-)a/sshd.8 (+11 lines)
Lines 563-568 they must be literal domains or addresses. Link Here
563
A port specification of
563
A port specification of
564
.Cm *
564
.Cm *
565
matches any port.
565
matches any port.
566
.It Cm permitremoteopen="port"
567
Limit remote
568
.Li ``ssh -R''
569
port forwarding such that it may only forward the specified port to the client.
570
Multiple
571
.Cm permitremoteopen
572
options may be applied separated by commas.
573
Specified port must be a single port.
574
A port specification of
575
.Cm *
576
matches any port.
566
.It Cm port-forwarding
577
.It Cm port-forwarding
567
Enable port forwarding previously disabled by the
578
Enable port forwarding previously disabled by the
568
.Cm restrict
579
.Cm restrict
(-)a/sshd_config.5 (-1 / +12 lines)
Lines 1175-1180 The wildcard Link Here
1175
.Sq *
1175
.Sq *
1176
can be used for host or port to allow all hosts or ports, respectively.
1176
can be used for host or port to allow all hosts or ports, respectively.
1177
By default all port forwarding requests are permitted.
1177
By default all port forwarding requests are permitted.
1178
.It Cm PermitRemoteOpen
1179
Specifies the TCP ports which may be opened by clients with the
1180
RemoteForward option.
1181
Multiple forwards may be specified by separating them with whitespace.
1182
An argument of
1183
.Dq any
1184
can be used to remove all restrictions and permit any remote
1185
forwarding requests.
1186
An argument of
1187
.Dq none
1188
can be used to prohibit all forwarding requests.
1189
By default all port forwarding requests are permitted.
1178
.It Cm PermitRootLogin
1190
.It Cm PermitRootLogin
1179
Specifies whether root can log in using
1191
Specifies whether root can log in using
1180
.Xr ssh 1 .
1192
.Xr ssh 1 .
1181
- 

Return to bug 2038