Attachment #879 for bug #1003




}

static int
channel_setup_fwd_listener(int type, const char *listen_addr, u_short *listen_port,
    const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
	Channel *c;

	hints.ai_family = IPv4or6;
	hints.ai_flags = wildcard ? AI_PASSIVE : 0;
	hints.ai_socktype = SOCK_STREAM;
	snprintf(strport, sizeof strport, "%d", (int)*listen_port);
	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
		if (addr == NULL) {
			/* This really shouldn't happen */

			close(sock);
			continue;
		}
		/* If the specified port was 0, get the actual port number */
		if (*listen_port == 0) {
			struct sockaddr_in realport;
			socklen_t realportsz = (socklen_t)sizeof(realport);
			if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
				error("getsockname: %.100s", strerror(errno));
				close(sock);
				continue;
			}
			*listen_port = (u_short)ntohs(realport.sin_port);
		}
		
		/* Start listening for connections on the socket. */
		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
			error("listen: %.100s", strerror(errno));

		    0, "port listener", 1);
		strlcpy(c->path, host, sizeof(c->path));
		c->host_port = port_to_connect;
		c->listening_port = *listen_port;
		success = 1;
	}
	if (success == 0)
		error("channel_setup_fwd_listener: cannot listen to port: %d",
		    (int)*listen_port);
	freeaddrinfo(aitop);
	return success;
}

    const char *host_to_connect, u_short port_to_connect, int gateway_ports)
{
	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
	    listen_host, &listen_port, host_to_connect, port_to_connect,
	    gateway_ports);
}

/* protocol v2 remote port fwd, used by sshd */
int
channel_setup_remote_fwd_listener(const char *listen_address,
    u_short *listen_port, int gateway_ports)
{
	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
	    listen_address, listen_port, NULL, 0, gateway_ports);

		packet_put_int(listen_port);
		packet_send();
		packet_write_wait();
		
		if (listen_port != 0)
		  /* Assume that server accepts the request */
		  success = 1;
		else {
			type = packet_read();
			switch(type) {
			case SSH2_MSG_REQUEST_SUCCESS:
				success = 1;
				listen_port = (u_short)packet_get_int();
				break;
			case SSH2_MSG_REQUEST_FAILURE:
				logit("Warning: Server denied remote port 0 forwarding.");
				break;
			default:
				/* Unknown packet */
				packet_disconnect("Protocol error for port 0 forward request:"
					"received packet typr %d.", type);
			}
		}
				
	} else {
		packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
		packet_put_int(listen_port);

Lines 208-214 Link Here

(-)openssh-4.0p1/channels.h (-1 / +1 lines)
208	int channel_setup_local_fwd_listener(const char *, u_short,	208	int channel_setup_local_fwd_listener(const char *, u_short,
209	const char *, u_short, int);	209	const char *, u_short, int);
210	void channel_request_rforward_cancel(const char *host, u_short port);	210	void channel_request_rforward_cancel(const char *host, u_short port);
211	int channel_setup_remote_fwd_listener(const char *, u_short, int);	211	int channel_setup_remote_fwd_listener(const char , u_short , int);
212	int channel_cancel_rport_listener(const char *, u_short);	212	int channel_cancel_rport_listener(const char *, u_short);
213		213
214	/* x11 forwarding */	214	/* x11 forwarding */

Lines 958-963 Link Here

(-)openssh-4.0p1/serverloop.c (-4 / +9 lines)
958	char *rtype;	958	char *rtype;
959	int want_reply;	959	int want_reply;
960	int success = 0;	960	int success = 0;
		961	u_short listen_port, real_listen_port;
		962	int tcpip_forward = 0; /* boolean */
961		963
962	rtype = packet_get_string(NULL);	964	rtype = packet_get_string(NULL);
963	want_reply = packet_get_char();	965	want_reply = packet_get_char();
Lines 967-979 Link Here
967	if (strcmp(rtype, "tcpip-forward") == 0) {	969	if (strcmp(rtype, "tcpip-forward") == 0) {
968	struct passwd *pw;	970	struct passwd *pw;
969	char *listen_address;	971	char *listen_address;
970	u_short listen_port;	972
971		973	tcpip_forward = 1; /* boolean, used for reply */
972	pw = the_authctxt->pw;	974	pw = the_authctxt->pw;
973	if (pw == NULL \|\| !the_authctxt->valid)	975	if (pw == NULL \|\| !the_authctxt->valid)
974	fatal("server_input_global_request: no/invalid user");	976	fatal("server_input_global_request: no/invalid user");
975	listen_address = packet_get_string(NULL);	977	listen_address = packet_get_string(NULL);
976	listen_port = (u_short)packet_get_int();	978	listen_port = (u_short)packet_get_int();
		979	real_listen_port = listen_port;
977	debug("server_input_global_request: tcpip-forward listen %s port %d",	980	debug("server_input_global_request: tcpip-forward listen %s port %d",
978	listen_address, listen_port);	981	listen_address, listen_port);
979		982
Lines 981-987 Link Here
981	if (!options.allow_tcp_forwarding \|\|	984	if (!options.allow_tcp_forwarding \|\|
982	no_port_forwarding_flag	985	no_port_forwarding_flag
983	#ifndef NO_IPPORT_RESERVED_CONCEPT	986	#ifndef NO_IPPORT_RESERVED_CONCEPT
984	\|\| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)	987	\|\| (listen_port < IPPORT_RESERVED && pw->pw_uid != 0 && listen_port != 0)
985	#endif	988	#endif
986	) {	989	) {
987	success = 0;	990	success = 0;
Lines 989-995 Link Here
989	} else {	992	} else {
990	/* Start listening on the port */	993	/* Start listening on the port */
991	success = channel_setup_remote_fwd_listener(	994	success = channel_setup_remote_fwd_listener(
992	listen_address, listen_port, options.gateway_ports);	995	listen_address, &real_listen_port, options.gateway_ports);
993	}	996	}
994	xfree(listen_address);	997	xfree(listen_address);
995	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {	998	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
Lines 1007-1012 Link Here
1007	if (want_reply) {	1010	if (want_reply) {
1008	packet_start(success ?	1011	packet_start(success ?
1009	SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);	1012	SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
		1013	if (success && tcpip_forward && listen_port == 0)
		1014	packet_put_int(real_listen_port);
1010	packet_send();	1015	packet_send();
1011	packet_write_wait();	1016	packet_write_wait();
1012	}	1017	}

Return to bug 1003

Lines 2175-2181 Link Here

(-)openssh-4.0p1/channels.c (-8 / +39 lines)
2175	}	2175	}
2176		2176
2177	static int	2177	static int
2178	channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port,	2178	channel_setup_fwd_listener(int type, const char listen_addr, u_short listen_port,
2179	const char *host_to_connect, u_short port_to_connect, int gateway_ports)	2179	const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2180	{	2180	{
2181	Channel *c;	2181	Channel *c;
Lines 2238-2244 Link Here
2238	hints.ai_family = IPv4or6;	2238	hints.ai_family = IPv4or6;
2239	hints.ai_flags = wildcard ? AI_PASSIVE : 0;	2239	hints.ai_flags = wildcard ? AI_PASSIVE : 0;
2240	hints.ai_socktype = SOCK_STREAM;	2240	hints.ai_socktype = SOCK_STREAM;
2241	snprintf(strport, sizeof strport, "%d", listen_port);	2241	snprintf(strport, sizeof strport, "%d", (int)*listen_port);
2242	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {	2242	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
2243	if (addr == NULL) {	2243	if (addr == NULL) {
2244	/* This really shouldn't happen */	2244	/* This really shouldn't happen */
Lines 2289-2294 Link Here
2289	close(sock);	2289	close(sock);
2290	continue;	2290	continue;
2291	}	2291	}
		2292	/* If the specified port was 0, get the actual port number */
		2293	if (*listen_port == 0) {
		2294	struct sockaddr_in realport;
		2295	socklen_t realportsz = (socklen_t)sizeof(realport);
		2296	if (getsockname(sock, (struct sockaddr *)&realport, &realportsz) < 0) {
		2297	error("getsockname: %.100s", strerror(errno));
		2298	close(sock);
		2299	continue;
		2300	}
		2301	*listen_port = (u_short)ntohs(realport.sin_port);
		2302	}
		2303
2292	/* Start listening for connections on the socket. */	2304	/* Start listening for connections on the socket. */
2293	if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {	2305	if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
2294	error("listen: %.100s", strerror(errno));	2306	error("listen: %.100s", strerror(errno));
Lines 2301-2312 Link Here
2301	0, "port listener", 1);	2313	0, "port listener", 1);
2302	strlcpy(c->path, host, sizeof(c->path));	2314	strlcpy(c->path, host, sizeof(c->path));
2303	c->host_port = port_to_connect;	2315	c->host_port = port_to_connect;
2304	c->listening_port = listen_port;	2316	c->listening_port = *listen_port;
2305	success = 1;	2317	success = 1;
2306	}	2318	}
2307	if (success == 0)	2319	if (success == 0)
2308	error("channel_setup_fwd_listener: cannot listen to port: %d",	2320	error("channel_setup_fwd_listener: cannot listen to port: %d",
2309	listen_port);	2321	(int)*listen_port);
2310	freeaddrinfo(aitop);	2322	freeaddrinfo(aitop);
2311	return success;	2323	return success;
2312	}	2324	}
Lines 2338-2351 Link Here
2338	const char *host_to_connect, u_short port_to_connect, int gateway_ports)	2350	const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2339	{	2351	{
2340	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,	2352	return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
2341	listen_host, listen_port, host_to_connect, port_to_connect,	2353	listen_host, &listen_port, host_to_connect, port_to_connect,
2342	gateway_ports);	2354	gateway_ports);
2343	}	2355	}
2344		2356
2345	/* protocol v2 remote port fwd, used by sshd */	2357	/* protocol v2 remote port fwd, used by sshd */
2346	int	2358	int
2347	channel_setup_remote_fwd_listener(const char *listen_address,	2359	channel_setup_remote_fwd_listener(const char *listen_address,
2348	u_short listen_port, int gateway_ports)	2360	u_short *listen_port, int gateway_ports)
2349	{	2361	{
2350	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,	2362	return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
2351	listen_address, listen_port, NULL, 0, gateway_ports);	2363	listen_address, listen_port, NULL, 0, gateway_ports);
Lines 2383-2390 Link Here
2383	packet_put_int(listen_port);	2395	packet_put_int(listen_port);
2384	packet_send();	2396	packet_send();
2385	packet_write_wait();	2397	packet_write_wait();
2386	/* Assume that server accepts the request */	2398
2387	success = 1;	2399	if (listen_port != 0)
		2400	/* Assume that server accepts the request */
		2401	success = 1;
		2402	else {
		2403	type = packet_read();
		2404	switch(type) {
		2405	case SSH2_MSG_REQUEST_SUCCESS:
		2406	success = 1;
		2407	listen_port = (u_short)packet_get_int();
		2408	break;
		2409	case SSH2_MSG_REQUEST_FAILURE:
		2410	logit("Warning: Server denied remote port 0 forwarding.");
		2411	break;
		2412	default:
		2413	/* Unknown packet */
		2414	packet_disconnect("Protocol error for port 0 forward request:"
		2415	"received packet typr %d.", type);
		2416	}
		2417	}
		2418
2388	} else {	2419	} else {
2389	packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);	2420	packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
2390	packet_put_int(listen_port);	2421	packet_put_int(listen_port);