Bugzilla – Attachment 1616 Details for
Bug 1572
accept SOCKS requests over the mux socket in master mode
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
use UNIX domain sockets instead of INET for tunnel listeners, proof of concept
openssh-unix-listeners-0.patch (text/plain), 24.36 KB, created by
Salvador Fandiño
on 2009-03-13 03:12:15 AEDT
(
hide
)
Description:
use UNIX domain sockets instead of INET for tunnel listeners, proof of concept
Filename:
MIME Type:
Creator:
Salvador Fandiño
Created:
2009-03-13 03:12:15 AEDT
Size:
24.36 KB
patch
obsolete
>Index: canohost.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/canohost.c,v >retrieving revision 1.64 >diff -u -r1.64 canohost.c >--- canohost.c 12 Feb 2009 03:00:56 -0000 1.64 >+++ canohost.c 12 Mar 2009 15:22:15 -0000 >@@ -16,6 +16,7 @@ > #include <sys/socket.h> > > #include <netinet/in.h> >+#include <sys/un.h> > > #include <ctype.h> > #include <errno.h> >@@ -217,14 +218,17 @@ > addrlen = sizeof(addr); > memset(&addr, 0, sizeof(addr)); > >+ if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) < 0) >+ return NULL; >+ >+ if (addr.ss_family == AF_UNIX) >+ return xstrdup(((struct sockaddr_un *)&addr)->sun_path); >+ > if (remote) { >+ addrlen = sizeof(addr); > if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) > < 0) > return NULL; >- } else { >- if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) >- < 0) >- return NULL; > } > /* Get the address in ascii. */ > if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, >@@ -311,12 +315,18 @@ > /* Get IP address of client. */ > fromlen = sizeof(from); > memset(&from, 0, sizeof(from)); >- if (local) { >- if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { >- error("getsockname failed: %.100s", strerror(errno)); >- return 0; >- } >- } else { >+ >+ >+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { >+ error("getsockname failed: %.100s", strerror(errno)); >+ return 0; >+ } >+ >+ if (from.ss_family == AF_UNIX) >+ return 0; >+ >+ if (!local) { >+ fromlen = sizeof(from); > if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { > debug("getpeername failed: %.100s", strerror(errno)); > return -1; >Index: channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.295 >diff -u -r1.295 channels.c >--- channels.c 12 Feb 2009 03:00:56 -0000 1.295 >+++ channels.c 12 Mar 2009 15:22:30 -0000 >@@ -2443,160 +2443,203 @@ > const char *host_to_connect, u_short port_to_connect, int gateway_ports) > { > Channel *c; >- int sock, r, success = 0, wildcard = 0, is_client; >+ int sock, r, success = 0, wildcard = 0, is_client, is_unix; > struct addrinfo hints, *ai, *aitop; >- const char *host, *addr; >+ const char *host, *path, *addr; > char ntop[NI_MAXHOST], strport[NI_MAXSERV]; > in_port_t *lport_p; >+ struct sockaddr_un sun; > >- host = (type == SSH_CHANNEL_RPORT_LISTENER) ? >- listen_addr : host_to_connect; > is_client = (type == SSH_CHANNEL_PORT_LISTENER); >+ is_unix = (is_client && listen_port == 0); > >- if (host == NULL) { >- error("No forward host name."); >- return 0; >- } >- if (strlen(host) >= NI_MAXHOST) { >- error("Forward host name too long."); >- return 0; >- } >+ if (is_unix) { >+ path = listen_addr; >+ if (strlen(path) >= sizeof(sun.sun_path)) { >+ error("Forward path too long."); >+ return 0; >+ } > >- /* >- * Determine whether or not a port forward listens to loopback, >- * specified address or wildcard. On the client, a specified bind >- * address will always override gateway_ports. On the server, a >- * gateway_ports of 1 (``yes'') will override the client's >- * specification and force a wildcard bind, whereas a value of 2 >- * (``clientspecified'') will bind to whatever address the client >- * asked for. >- * >- * Special-case listen_addrs are: >- * >- * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR >- * "" (empty string), "*" -> wildcard v4/v6 >- * "localhost" -> loopback v4/v6 >- */ >- addr = NULL; >- if (listen_addr == NULL) { >- /* No address specified: default to gateway_ports setting */ >- if (gateway_ports) >- wildcard = 1; >- } else if (gateway_ports || is_client) { >- if (((datafellows & SSH_OLD_FORWARD_ADDR) && >- strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || >- *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || >- (!is_client && gateway_ports == 1)) >- wildcard = 1; >- else if (strcmp(listen_addr, "localhost") != 0) >- addr = listen_addr; >- } >+ memset(&sun, '\0', sizeof(sun)); >+ sun.sun_len = sizeof(sun); >+ sun.sun_family = AF_UNIX; >+ strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); > >- debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", >- type, wildcard, (addr == NULL) ? "NULL" : addr); >+ if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) >+ goto unix_error; > >- /* >- * getaddrinfo returns a loopback address if the hostname is >- * set to NULL and hints.ai_flags is not AI_PASSIVE >- */ >- memset(&hints, 0, sizeof(hints)); >- hints.ai_family = IPv4or6; >- hints.ai_flags = wildcard ? AI_PASSIVE : 0; >- hints.ai_socktype = SOCK_STREAM; >- snprintf(strport, sizeof strport, "%d", listen_port); >- if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { >- if (addr == NULL) { >- /* This really shouldn't happen */ >- packet_disconnect("getaddrinfo: fatal error: %s", >- ssh_gai_strerror(r)); >- } else { >- error("channel_setup_fwd_listener: " >- "getaddrinfo(%.64s): %s", addr, >- ssh_gai_strerror(r)); >- } >+ if (bind(sock, (struct sockaddr *)&sun, sizeof(sun)) < 0) >+ goto unix_error; >+ >+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) >+ goto unix_error; >+ >+ c = channel_new("unix listener", type, sock, sock, -1, >+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, >+ 0, "unix listener", 1); >+ c->path = xstrdup(host_to_connect); >+ c->host_port = port_to_connect; >+ c->listening_port = 0; >+ >+ return 1; >+ >+ unix_error: >+ error("channel_setup_fwd_listener: unable to create listener " >+ "unix:%.200s, %s", path, strerror(errno)); >+ if (sock >= 0) >+ close(sock); > return 0; > } >- if (allocated_listen_port != NULL) >- *allocated_listen_port = 0; >- for (ai = aitop; ai; ai = ai->ai_next) { >- switch (ai->ai_family) { >- case AF_INET: >- lport_p = &((struct sockaddr_in *)ai->ai_addr)-> >- sin_port; >- break; >- case AF_INET6: >- lport_p = &((struct sockaddr_in6 *)ai->ai_addr)-> >- sin6_port; >- break; >- default: >- continue; >+ else { >+ host = (is_client ? host_to_connect : listen_addr); >+ >+ if (host == NULL) { >+ error("No forward host name."); >+ return 0; >+ } >+ if (strlen(host) >= NI_MAXHOST) { >+ error("Forward host name too long."); >+ return 0; > } >+ > /* >- * If allocating a port for -R forwards, then use the >- * same port for all address families. >+ * Determine whether or not a port forward listens to loopback, >+ * specified address or wildcard. On the client, a specified bind >+ * address will always override gateway_ports. On the server, a >+ * gateway_ports of 1 (``yes'') will override the client's >+ * specification and force a wildcard bind, whereas a value of 2 >+ * (``clientspecified'') will bind to whatever address the client >+ * asked for. >+ * >+ * Special-case listen_addrs are: >+ * >+ * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR >+ * "" (empty string), "*" -> wildcard v4/v6 >+ * "localhost" -> loopback v4/v6 > */ >- if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && >- allocated_listen_port != NULL && *allocated_listen_port > 0) >- *lport_p = htons(*allocated_listen_port); >- >- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), >- strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { >- error("channel_setup_fwd_listener: getnameinfo failed"); >- continue; >- } >- /* Create a port to listen for the host. */ >- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); >- if (sock < 0) { >- /* this is no error since kernel may not support ipv6 */ >- verbose("socket: %.100s", strerror(errno)); >- continue; >- } >- >- channel_set_reuseaddr(sock); >- >- debug("Local forwarding listening on %s port %s.", >- ntop, strport); >- >- /* Bind the socket to the address. */ >- if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { >- /* address can be in use ipv6 address is already bound */ >- verbose("bind: %.100s", strerror(errno)); >- close(sock); >- continue; >- } >- /* Start listening for connections on the socket. */ >- if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { >- error("listen: %.100s", strerror(errno)); >- close(sock); >- continue; >+ addr = NULL; >+ if (listen_addr == NULL) { >+ /* No address specified: default to gateway_ports setting */ >+ if (gateway_ports) >+ wildcard = 1; >+ } else if (gateway_ports || is_client) { >+ if (((datafellows & SSH_OLD_FORWARD_ADDR) && >+ strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || >+ *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || >+ (!is_client && gateway_ports == 1)) >+ wildcard = 1; >+ else if (strcmp(listen_addr, "localhost") != 0) >+ addr = listen_addr; > } > >+ debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", >+ type, wildcard, (addr == NULL) ? "NULL" : addr); >+ > /* >- * listen_port == 0 requests a dynamically allocated port - >- * record what we got. >+ * getaddrinfo returns a loopback address if the hostname is >+ * set to NULL and hints.ai_flags is not AI_PASSIVE > */ >- if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && >- allocated_listen_port != NULL && >- *allocated_listen_port == 0) { >- *allocated_listen_port = get_sock_port(sock, 1); >- debug("Allocated listen port %d", >- *allocated_listen_port); >- } >+ memset(&hints, 0, sizeof(hints)); >+ hints.ai_family = IPv4or6; >+ hints.ai_flags = wildcard ? AI_PASSIVE : 0; >+ hints.ai_socktype = SOCK_STREAM; >+ snprintf(strport, sizeof strport, "%d", listen_port); >+ if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { >+ if (addr == NULL) { >+ /* This really shouldn't happen */ >+ packet_disconnect("getaddrinfo: fatal error: %s", >+ ssh_gai_strerror(r)); >+ } else { >+ error("channel_setup_fwd_listener: " >+ "getaddrinfo(%.64s): %s", addr, >+ ssh_gai_strerror(r)); >+ } >+ return 0; >+ } >+ if (allocated_listen_port != NULL) >+ *allocated_listen_port = 0; >+ for (ai = aitop; ai; ai = ai->ai_next) { >+ switch (ai->ai_family) { >+ case AF_INET: >+ lport_p = &((struct sockaddr_in *)ai->ai_addr)-> >+ sin_port; >+ break; >+ case AF_INET6: >+ lport_p = &((struct sockaddr_in6 *)ai->ai_addr)-> >+ sin6_port; >+ break; >+ default: >+ continue; >+ } >+ /* >+ * If allocating a port for -R forwards, then use the >+ * same port for all address families. >+ */ >+ if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && >+ allocated_listen_port != NULL && *allocated_listen_port > 0) >+ *lport_p = htons(*allocated_listen_port); >+ >+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), >+ strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { >+ error("channel_setup_fwd_listener: getnameinfo failed"); >+ continue; >+ } >+ /* Create a port to listen for the host. */ >+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); >+ if (sock < 0) { >+ /* this is no error since kernel may not support ipv6 */ >+ verbose("socket: %.100s", strerror(errno)); >+ continue; >+ } >+ >+ channel_set_reuseaddr(sock); >+ >+ debug("Local forwarding listening on %s port %s.", >+ ntop, strport); >+ >+ /* Bind the socket to the address. */ >+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { >+ /* address can be in use ipv6 address is already bound */ >+ verbose("bind: %.100s", strerror(errno)); >+ close(sock); >+ continue; >+ } >+ /* Start listening for connections on the socket. */ >+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { >+ error("listen: %.100s", strerror(errno)); >+ close(sock); >+ continue; >+ } >+ >+ /* >+ * listen_port == 0 requests a dynamically allocated port - >+ * record what we got. >+ */ >+ if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 && >+ allocated_listen_port != NULL && >+ *allocated_listen_port == 0) { >+ *allocated_listen_port = get_sock_port(sock, 1); >+ debug("Allocated listen port %d", >+ *allocated_listen_port); >+ } >+ >+ /* Allocate a channel number for the socket. */ >+ c = channel_new("port listener", type, sock, sock, -1, >+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, >+ 0, "port listener", 1); >+ c->path = xstrdup(host); >+ c->host_port = port_to_connect; >+ c->listening_port = listen_port; >+ success = 1; >+ } >+ >+ if (success == 0) >+ error("channel_setup_fwd_listener: cannot listen to port: %d", >+ listen_port); >+ freeaddrinfo(aitop); > >- /* Allocate a channel number for the socket. */ >- c = channel_new("port listener", type, sock, sock, -1, >- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, >- 0, "port listener", 1); >- c->path = xstrdup(host); >- c->host_port = port_to_connect; >- c->listening_port = listen_port; >- success = 1; >+ return success; > } >- if (success == 0) >- error("channel_setup_fwd_listener: cannot listen to port: %d", >- listen_port); >- freeaddrinfo(aitop); >- return success; > } > > int >@@ -2621,11 +2664,11 @@ > > /* protocol local port fwd, used by ssh (and sshd in v1) */ > int >-channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port, >+channel_setup_local_fwd_listener(const char *listen_host_or_path, u_short listen_port, > const char *host_to_connect, u_short port_to_connect, int gateway_ports) > { > return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, >- listen_host, listen_port, NULL, host_to_connect, port_to_connect, >+ listen_host_or_path, listen_port, NULL, host_to_connect, port_to_connect, > gateway_ports); > } > >Index: clientloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v >retrieving revision 1.209 >diff -u -r1.209 clientloop.c >--- clientloop.c 12 Feb 2009 03:00:56 -0000 1.209 >+++ clientloop.c 12 Mar 2009 15:22:35 -0000 >@@ -760,7 +760,7 @@ > Forward fwd; > > bzero(&fwd, sizeof(fwd)); >- fwd.listen_host = fwd.connect_host = NULL; >+ fwd.listen_host_or_path = fwd.connect_host = NULL; > > leave_raw_mode(); > handler = signal(SIGINT, SIG_IGN); >@@ -845,14 +845,14 @@ > goto out; > } > if (local || dynamic) { >- if (channel_setup_local_fwd_listener(fwd.listen_host, >+ if (channel_setup_local_fwd_listener(fwd.listen_host_or_path, > fwd.listen_port, fwd.connect_host, > fwd.connect_port, options.gateway_ports) < 0) { > logit("Port forwarding failed."); > goto out; > } > } else { >- if (channel_request_remote_forwarding(fwd.listen_host, >+ if (channel_request_remote_forwarding(fwd.listen_host_or_path, > fwd.listen_port, fwd.connect_host, > fwd.connect_port) < 0) { > logit("Port forwarding failed."); >@@ -868,8 +868,8 @@ > enter_raw_mode(); > if (cmd) > xfree(cmd); >- if (fwd.listen_host != NULL) >- xfree(fwd.listen_host); >+ if (fwd.listen_host_or_path != NULL) >+ xfree(fwd.listen_host_or_path); > if (fwd.connect_host != NULL) > xfree(fwd.connect_host); > } >Index: misc.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/misc.c,v >retrieving revision 1.71 >diff -u -r1.71 misc.c >--- misc.c 21 Feb 2009 19:32:04 -0000 1.71 >+++ misc.c 12 Mar 2009 15:22:36 -0000 >@@ -131,7 +131,8 @@ > > optlen = sizeof opt; > if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { >- debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); >+ if (errno != ENOPROTOOPT) /* it is an UNIX domain socket */ >+ debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); > return; > } > if (opt == 1) { >@@ -375,7 +376,8 @@ > return NULL; > else > s++; >- } else if ((s = strpbrk(s, ":/")) == NULL) >+ /* } else if ((s = strpbrk(s, ":/")) == NULL) */ >+ } else if ((s = strpbrk(s, ":")) == NULL) > s = *cp + strlen(*cp); /* skip to end (see first case below) */ > > switch (*s) { >@@ -384,7 +386,7 @@ > break; > > case ':': >- case '/': >+ /* case '/': */ > *s = '\0'; /* terminate */ > *cp = s + 1; > break; >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.176 >diff -u -r1.176 readconf.c >--- readconf.c 12 Feb 2009 03:00:56 -0000 1.176 >+++ readconf.c 12 Mar 2009 15:22:41 -0000 >@@ -17,6 +17,7 @@ > #include <sys/socket.h> > > #include <netinet/in.h> >+#include <sys/un.h> > > #include <ctype.h> > #include <errno.h> >@@ -245,13 +246,14 @@ > { > Forward *fwd; > extern uid_t original_real_uid; >- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) >+ if (newfwd->listen_port && newfwd->listen_port < IPPORT_RESERVED && >+ original_real_uid != 0) > fatal("Privileged ports can only be forwarded by root."); > if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) > fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); > fwd = &options->local_forwards[options->num_local_forwards++]; > >- fwd->listen_host = newfwd->listen_host; >+ fwd->listen_host_or_path = newfwd->listen_host_or_path; > fwd->listen_port = newfwd->listen_port; > fwd->connect_host = newfwd->connect_host; > fwd->connect_port = newfwd->connect_port; >@@ -271,7 +273,7 @@ > SSH_MAX_FORWARDS_PER_DIRECTION); > fwd = &options->remote_forwards[options->num_remote_forwards++]; > >- fwd->listen_host = newfwd->listen_host; >+ fwd->listen_host_or_path = newfwd->listen_host_or_path; > fwd->listen_port = newfwd->listen_port; > fwd->connect_host = newfwd->connect_host; > fwd->connect_port = newfwd->connect_port; >@@ -283,14 +285,14 @@ > int i; > > for (i = 0; i < options->num_local_forwards; i++) { >- if (options->local_forwards[i].listen_host != NULL) >- xfree(options->local_forwards[i].listen_host); >+ if (options->local_forwards[i].listen_host_or_path != NULL) >+ xfree(options->local_forwards[i].listen_host_or_path); > xfree(options->local_forwards[i].connect_host); > } > options->num_local_forwards = 0; > for (i = 0; i < options->num_remote_forwards; i++) { >- if (options->remote_forwards[i].listen_host != NULL) >- xfree(options->remote_forwards[i].listen_host); >+ if (options->remote_forwards[i].listen_host_or_path != NULL) >+ xfree(options->remote_forwards[i].listen_host_or_path); > xfree(options->remote_forwards[i].connect_host); > } > options->num_remote_forwards = 0; >@@ -1206,6 +1208,12 @@ > /* options->preferred_authentications will be set in ssh */ > } > >+static int >+is_unix_domain(const char *port) >+{ >+ return (strchr(port, '/') != NULL); >+} >+ > /* > * parse_forward > * parses a string containing a port forwarding specification of the form: >@@ -1218,7 +1226,7 @@ > int > parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) > { >- int i; >+ int i, unix = 0; > char *p, *cp, *fwdarg[4]; > > memset(fwd, '\0', sizeof(*fwd)); >@@ -1239,26 +1247,44 @@ > > switch (i) { > case 1: >- fwd->listen_host = NULL; >- fwd->listen_port = a2port(fwdarg[0]); >+ unix = is_unix_domain(fwdarg[0]); >+ if (unix) { >+ fwd->listen_host_or_path = xstrdup(fwdarg[0]); >+ fwd->listen_port = 0; >+ } >+ else { >+ fwd->listen_host_or_path = NULL; >+ fwd->listen_port = a2port(fwdarg[0]); >+ } > fwd->connect_host = xstrdup("socks"); > break; > > case 2: >- fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); >+ if (is_unix_domain(fwdarg[1])) >+ goto fail_free; >+ fwd->listen_host_or_path = xstrdup(cleanhostname(fwdarg[0])); > fwd->listen_port = a2port(fwdarg[1]); > fwd->connect_host = xstrdup("socks"); > break; > > case 3: >- fwd->listen_host = NULL; >- fwd->listen_port = a2port(fwdarg[0]); >+ unix = is_unix_domain(fwdarg[0]); >+ if (unix) { >+ fwd->listen_host_or_path = xstrdup(fwdarg[0]); >+ fwd->listen_port = 0; >+ } >+ else { >+ fwd->listen_host_or_path = NULL; >+ fwd->listen_port = a2port(fwdarg[0]); >+ } > fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); > fwd->connect_port = a2port(fwdarg[2]); > break; > > case 4: >- fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); >+ if (is_unix_domain(fwdarg[1])) >+ goto fail_free; >+ fwd->listen_host_or_path = xstrdup(cleanhostname(fwdarg[0])); > fwd->listen_port = a2port(fwdarg[1]); > fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); > fwd->connect_port = a2port(fwdarg[3]); >@@ -1279,15 +1305,23 @@ > goto fail_free; > } > >- if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0)) >+ if (fwd->listen_port < 0 || (!remotefwd && !unix && fwd->listen_port == 0)) > goto fail_free; >- > if (fwd->connect_host != NULL && > strlen(fwd->connect_host) >= NI_MAXHOST) > goto fail_free; >- if (fwd->listen_host != NULL && >- strlen(fwd->listen_host) >= NI_MAXHOST) >- goto fail_free; >+ if (unix) { >+ if (remotefwd) >+ goto fail_free; >+ if (strlen(fwd->listen_host_or_path) >+ >= sizeof(((struct sockaddr_un *)NULL)->sun_path)) >+ goto fail_free; >+ } >+ else { >+ if (fwd->listen_host_or_path != NULL && >+ strlen(fwd->listen_host_or_path) >= NI_MAXHOST) >+ goto fail_free; >+ } > > > return (i); >@@ -1297,9 +1331,9 @@ > xfree(fwd->connect_host); > fwd->connect_host = NULL; > } >- if (fwd->listen_host != NULL) { >- xfree(fwd->listen_host); >- fwd->listen_host = NULL; >+ if (fwd->listen_host_or_path != NULL) { >+ xfree(fwd->listen_host_or_path); >+ fwd->listen_host_or_path = NULL; > } > return (0); > } >Index: readconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.h,v >retrieving revision 1.78 >diff -u -r1.78 readconf.h >--- readconf.h 12 Feb 2009 03:00:56 -0000 1.78 >+++ readconf.h 12 Mar 2009 15:22:41 -0000 >@@ -19,8 +19,8 @@ > /* Data structure for representing a forwarding request. */ > > typedef struct { >- char *listen_host; /* Host (address) to listen on. */ >- int listen_port; /* Port to forward. */ >+ int listen_port; /* Port to forward, 0 for UNIX domain sockets. */ >+ char *listen_host_or_path; /* Host (address) to listen on or path for UNIX sockets */ > char *connect_host; /* Host to connect. */ > int connect_port; /* Port to connect on connect_host. */ > } Forward; >Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.324 >diff -u -r1.324 ssh.c >--- ssh.c 12 Feb 2009 03:00:56 -0000 1.324 >+++ ssh.c 12 Mar 2009 15:22:41 -0000 >@@ -855,21 +855,30 @@ > > /* Initiate local TCP/IP port forwardings. */ > for (i = 0; i < options.num_local_forwards; i++) { >- debug("Local connections to %.200s:%d forwarded to remote " >- "address %.200s:%d", >- (options.local_forwards[i].listen_host == NULL) ? >- (options.gateway_ports ? "*" : "LOCALHOST") : >- options.local_forwards[i].listen_host, >- options.local_forwards[i].listen_port, >- options.local_forwards[i].connect_host, >- options.local_forwards[i].connect_port); >+ if (options.local_forwards[i].listen_port) { >+ debug("Local connections to %.200s:%d forwarded to remote " >+ "address %.200s:%d", >+ (options.local_forwards[i].listen_host_or_path == NULL) ? >+ (options.gateway_ports ? "*" : "LOCALHOST") : >+ options.local_forwards[i].listen_host_or_path, >+ options.local_forwards[i].listen_port, >+ options.local_forwards[i].connect_host, >+ options.local_forwards[i].connect_port); >+ } >+ else { >+ debug("Local connections to unix:%.200s forwarded to remote " >+ "address %.200s:%d", >+ options.local_forwards[i].listen_host_or_path, >+ options.local_forwards[i].connect_host, >+ options.local_forwards[i].connect_port); >+ } > success += channel_setup_local_fwd_listener( >- options.local_forwards[i].listen_host, >- options.local_forwards[i].listen_port, >- options.local_forwards[i].connect_host, >- options.local_forwards[i].connect_port, >- options.gateway_ports); >- } >+ options.local_forwards[i].listen_host_or_path, >+ options.local_forwards[i].listen_port, >+ options.local_forwards[i].connect_host, >+ options.local_forwards[i].connect_port, >+ options.gateway_ports); >+ } > if (i > 0 && success != i && options.exit_on_forward_failure) > fatal("Could not request local forwarding."); > if (i > 0 && success == 0) >@@ -879,13 +888,13 @@ > for (i = 0; i < options.num_remote_forwards; i++) { > debug("Remote connections from %.200s:%d forwarded to " > "local address %.200s:%d", >- (options.remote_forwards[i].listen_host == NULL) ? >- "LOCALHOST" : options.remote_forwards[i].listen_host, >+ (options.remote_forwards[i].listen_host_or_path == NULL) ? >+ "LOCALHOST" : options.remote_forwards[i].listen_host_or_path, > options.remote_forwards[i].listen_port, > options.remote_forwards[i].connect_host, > options.remote_forwards[i].connect_port); > if (channel_request_remote_forwarding( >- options.remote_forwards[i].listen_host, >+ options.remote_forwards[i].listen_host_or_path, > options.remote_forwards[i].listen_port, > options.remote_forwards[i].connect_host, > options.remote_forwards[i].connect_port) < 0) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1616">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1572
:
1613
|
1614
|
1615
| 1616