Attachment #1866 for bug #1327

View | Details | Raw Unified | Return to bug 1327
Collapse All | Expand All




} ForwardPermission;

/* List of all permitted host/port pairs to connect by the user. */
static ForwardPermission *permitted_opens = NULL;

/* List of all permitted host/port pairs to connect by the admin. */
static ForwardPermission *permitted_adm_opens = NULL;

/* Number of permitted host/port pairs in the array permitted by the user. */
static int num_permitted_opens = 0;

{
	int type, success = 0;

	/* Record locally that connection to this host/port is permitted. */
	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("channel_request_remote_forwarding: too many forwards");

	/* Send the forward request to the remote side. */
	if (compat20) {
		const char *address_to_bind;

		}
	}
	if (success) {
		/* Record that connection to this host/port is permitted. */
		permitted_opens = xrealloc(permitted_opens,
		    num_permitted_opens + 1, sizeof(*permitted_opens));
		permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
		permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
		permitted_opens[num_permitted_opens].listen_port = listen_port;

void
channel_add_permitted_opens(char *host, int port)
{
	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("channel_add_permitted_opens: too many forwards");
	debug("allow port forwarding to host %s port %d", host, port);

	permitted_opens = xrealloc(permitted_opens,
	    num_permitted_opens + 1, sizeof(*permitted_opens));
	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
	permitted_opens[num_permitted_opens].port_to_connect = port;
	num_permitted_opens++;

int
channel_add_adm_permitted_opens(char *host, int port)
{
	if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
		fatal("channel_add_adm_permitted_opens: too many forwards");
	debug("config allows port forwarding to host %s port %d", host, port);

	permitted_adm_opens = xrealloc(permitted_adm_opens,
	    num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
	permitted_adm_opens[num_adm_permitted_opens].host_to_connect
	     = xstrdup(host);
	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;

	for (i = 0; i < num_permitted_opens; i++)
		if (permitted_opens[i].host_to_connect != NULL)
			xfree(permitted_opens[i].host_to_connect);
	if (num_permitted_opens > 0) {
		xfree(permitted_opens);
		permitted_opens = NULL;
	}
	num_permitted_opens = 0;
}


	for (i = 0; i < num_adm_permitted_opens; i++)
		if (permitted_adm_opens[i].host_to_connect != NULL)
			xfree(permitted_adm_opens[i].host_to_connect);
	if (num_adm_permitted_opens > 0) {
		xfree(permitted_adm_opens);
		permitted_adm_opens = NULL;
	}
	num_adm_permitted_opens = 0;
}





	}

	if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
		if (channel_setup_local_fwd_listener(fwd.listen_host,
		    SSH_MAX_FORWARDS_PER_DIRECTION ||
		    channel_setup_local_fwd_listener(fwd.listen_host,
		    fwd.listen_port, fwd.connect_host, fwd.connect_port,
		    options.gateway_ports) < 0) {
 fail:

	} else {
		struct mux_channel_confirm_ctx *fctx;

		if (channel_request_remote_forwarding(fwd.listen_host,
		    SSH_MAX_FORWARDS_PER_DIRECTION ||
		    channel_request_remote_forwarding(fwd.listen_host,
		    fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
			goto fail;
		add_remote_forward(&options, &fwd);
		fctx = xcalloc(1, sizeof(*fctx));
		fctx->cid = c->self;
		fctx->rid = rid;
		fctx->fid = options.num_remote_forwards - 1;
		client_register_global_confirm(mux_confirm_remote_forward,
		    fctx);
		freefwd = 0;




{
	Forward *fwd;
	extern uid_t original_real_uid;

	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
		fatal("Privileged ports can only be forwarded by root.");
	options->local_forwards = xrealloc(options->local_forwards,
	    options->num_local_forwards + 1,
	    sizeof(*options->local_forwards));
	fwd = &options->local_forwards[options->num_local_forwards++];

	fwd->listen_host = newfwd->listen_host;

add_remote_forward(Options *options, const Forward *newfwd)
{
	Forward *fwd;

	options->remote_forwards = xrealloc(options->remote_forwards,
	    options->num_remote_forwards + 1,
	    sizeof(*options->remote_forwards));
	fwd = &options->remote_forwards[options->num_remote_forwards++];

	fwd->listen_host = newfwd->listen_host;

			xfree(options->local_forwards[i].listen_host);
		xfree(options->local_forwards[i].connect_host);
	}
	if (options->num_local_forwards > 0) {
		xfree(options->local_forwards);
		options->local_forwards = NULL;
	}
	options->num_local_forwards = 0;
	for (i = 0; i < options->num_remote_forwards; i++) {
		if (options->remote_forwards[i].listen_host != NULL)
			xfree(options->remote_forwards[i].listen_host);
		xfree(options->remote_forwards[i].connect_host);
	}
	if (options->num_remote_forwards > 0) {
		xfree(options->remote_forwards);
		options->remote_forwards = NULL;
	}
	options->num_remote_forwards = 0;
	options->tun_open = SSH_TUNMODE_NO;
}

	options->user_hostfile = NULL;
	options->system_hostfile2 = NULL;
	options->user_hostfile2 = NULL;
	options->local_forwards = NULL;
	options->num_local_forwards = 0;
	options->remote_forwards = NULL;
	options->num_remote_forwards = 0;
	options->clear_forwardings = -1;
	options->log_level = SYSLOG_LEVEL_NOT_SET;

Lines 94-104 typedef struct { Link Here

(-)readconf.h (-2 / +2 lines)
94		94
95	/* Local TCP/IP forward requests. */	95	/* Local TCP/IP forward requests. */
96	int num_local_forwards;	96	int num_local_forwards;
97	Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];	97	Forward *local_forwards;
98		98
99	/* Remote TCP/IP forward requests. */	99	/* Remote TCP/IP forward requests. */
100	int num_remote_forwards;	100	int num_remote_forwards;
101	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];	101	Forward *remote_forwards;
102	int clear_forwardings;	102	int clear_forwardings;
103		103
104	int enable_ssh_keysign;	104	int enable_ssh_keysign;

Lines 18-26 Link Here

(-)ssh.h (-3 lines)
18	/* Default port number. */	18	/* Default port number. */
19	#define SSH_DEFAULT_PORT 22	19	#define SSH_DEFAULT_PORT 22
20		20
21	/* Maximum number of TCP/IP ports forwarded per direction. */
22	#define SSH_MAX_FORWARDS_PER_DIRECTION 100
23
24	/*	21	/*
25	* Maximum number of RSA authentication identity files that can be specified	22	* Maximum number of RSA authentication identity files that can be specified
26	* in configuration files or on the command line.	23	* in configuration files or on the command line.

Return to bug 1327

Lines 110-119 typedef struct { Link Here

(-)channels.c (-10 / +17 lines)
110	} ForwardPermission;	110	} ForwardPermission;
111		111
112	/* List of all permitted host/port pairs to connect by the user. */	112	/* List of all permitted host/port pairs to connect by the user. */
113	static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION];	113	static ForwardPermission *permitted_opens = NULL;
114		114
115	/* List of all permitted host/port pairs to connect by the admin. */	115	/* List of all permitted host/port pairs to connect by the admin. */
116	static ForwardPermission permitted_adm_opens[SSH_MAX_FORWARDS_PER_DIRECTION];	116	static ForwardPermission *permitted_adm_opens = NULL;
117		117
118	/* Number of permitted host/port pairs in the array permitted by the user. */	118	/* Number of permitted host/port pairs in the array permitted by the user. */
119	static int num_permitted_opens = 0;	119	static int num_permitted_opens = 0;
Lines 2810-2819 channel_request_remote_forwarding(const Link Here
2810	{	2810	{
2811	int type, success = 0;	2811	int type, success = 0;
2812		2812
2813	/* Record locally that connection to this host/port is permitted. */
2814	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2815	fatal("channel_request_remote_forwarding: too many forwards");
2816
2817	/* Send the forward request to the remote side. */	2813	/* Send the forward request to the remote side. */
2818	if (compat20) {	2814	if (compat20) {
2819	const char *address_to_bind;	2815	const char *address_to_bind;
Lines 2863-2868 channel_request_remote_forwarding(const Link Here
2863	}	2859	}
2864	}	2860	}
2865	if (success) {	2861	if (success) {
		2862	/* Record that connection to this host/port is permitted. */
		2863	permitted_opens = xrealloc(permitted_opens,
		2864	num_permitted_opens + 1, sizeof(*permitted_opens));
2866	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);	2865	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
2867	permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;	2866	permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
2868	permitted_opens[num_permitted_opens].listen_port = listen_port;	2867	permitted_opens[num_permitted_opens].listen_port = listen_port;
Lines 2958-2967 channel_permit_all_opens(void) Link Here
2958	void	2957	void
2959	channel_add_permitted_opens(char *host, int port)	2958	channel_add_permitted_opens(char *host, int port)
2960	{	2959	{
2961	if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2962	fatal("channel_add_permitted_opens: too many forwards");
2963	debug("allow port forwarding to host %s port %d", host, port);	2960	debug("allow port forwarding to host %s port %d", host, port);
2964		2961
		2962	permitted_opens = xrealloc(permitted_opens,
		2963	num_permitted_opens + 1, sizeof(*permitted_opens));
2965	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);	2964	permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host);
2966	permitted_opens[num_permitted_opens].port_to_connect = port;	2965	permitted_opens[num_permitted_opens].port_to_connect = port;
2967	num_permitted_opens++;	2966	num_permitted_opens++;
Lines 2972-2981 channel_add_permitted_opens(char *host, Link Here
2972	int	2971	int
2973	channel_add_adm_permitted_opens(char *host, int port)	2972	channel_add_adm_permitted_opens(char *host, int port)
2974	{	2973	{
2975	if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
2976	fatal("channel_add_adm_permitted_opens: too many forwards");
2977	debug("config allows port forwarding to host %s port %d", host, port);	2974	debug("config allows port forwarding to host %s port %d", host, port);
2978		2975
		2976	permitted_adm_opens = xrealloc(permitted_adm_opens,
		2977	num_adm_permitted_opens + 1, sizeof(*permitted_adm_opens));
2979	permitted_adm_opens[num_adm_permitted_opens].host_to_connect	2978	permitted_adm_opens[num_adm_permitted_opens].host_to_connect
2980	= xstrdup(host);	2979	= xstrdup(host);
2981	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;	2980	permitted_adm_opens[num_adm_permitted_opens].port_to_connect = port;
Lines 2990-2995 channel_clear_permitted_opens(void) Link Here
2990	for (i = 0; i < num_permitted_opens; i++)	2989	for (i = 0; i < num_permitted_opens; i++)
2991	if (permitted_opens[i].host_to_connect != NULL)	2990	if (permitted_opens[i].host_to_connect != NULL)
2992	xfree(permitted_opens[i].host_to_connect);	2991	xfree(permitted_opens[i].host_to_connect);
		2992	if (num_permitted_opens > 0) {
		2993	xfree(permitted_opens);
		2994	permitted_opens = NULL;
		2995	}
2993	num_permitted_opens = 0;	2996	num_permitted_opens = 0;
2994	}	2997	}
2995		2998
Lines 3001-3006 channel_clear_adm_permitted_opens(void) Link Here
3001	for (i = 0; i < num_adm_permitted_opens; i++)	3004	for (i = 0; i < num_adm_permitted_opens; i++)
3002	if (permitted_adm_opens[i].host_to_connect != NULL)	3005	if (permitted_adm_opens[i].host_to_connect != NULL)
3003	xfree(permitted_adm_opens[i].host_to_connect);	3006	xfree(permitted_adm_opens[i].host_to_connect);
		3007	if (num_adm_permitted_opens > 0) {
		3008	xfree(permitted_adm_opens);
		3009	permitted_adm_opens = NULL;
		3010	}
3004	num_adm_permitted_opens = 0;	3011	num_adm_permitted_opens = 0;
3005	}	3012	}
3006		3013

Lines 710-718 process_mux_open_fwd(u_int rid, Channel Link Here

(-)mux.c (-7 / +3 lines)
710	}	710	}
711		711
712	if (ftype == MUX_FWD_LOCAL \|\| ftype == MUX_FWD_DYNAMIC) {	712	if (ftype == MUX_FWD_LOCAL \|\| ftype == MUX_FWD_DYNAMIC) {
713	if (options.num_local_forwards + 1 >=	713	if (channel_setup_local_fwd_listener(fwd.listen_host,
714	SSH_MAX_FORWARDS_PER_DIRECTION \|\|
715	channel_setup_local_fwd_listener(fwd.listen_host,
716	fwd.listen_port, fwd.connect_host, fwd.connect_port,	714	fwd.listen_port, fwd.connect_host, fwd.connect_port,
717	options.gateway_ports) < 0) {	715	options.gateway_ports) < 0) {
718	fail:	716	fail:
Lines 727-742 process_mux_open_fwd(u_int rid, Channel Link Here
727	} else {	725	} else {
728	struct mux_channel_confirm_ctx *fctx;	726	struct mux_channel_confirm_ctx *fctx;
729		727
730	if (options.num_remote_forwards + 1 >=	728	if (channel_request_remote_forwarding(fwd.listen_host,
731	SSH_MAX_FORWARDS_PER_DIRECTION \|\|
732	channel_request_remote_forwarding(fwd.listen_host,
733	fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)	729	fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
734	goto fail;	730	goto fail;
735	add_remote_forward(&options, &fwd);	731	add_remote_forward(&options, &fwd);
736	fctx = xcalloc(1, sizeof(*fctx));	732	fctx = xcalloc(1, sizeof(*fctx));
737	fctx->cid = c->self;	733	fctx->cid = c->self;
738	fctx->rid = rid;	734	fctx->rid = rid;
739	fctx->fid = options.num_remote_forwards-1;	735	fctx->fid = options.num_remote_forwards - 1;
740	client_register_global_confirm(mux_confirm_remote_forward,	736	client_register_global_confirm(mux_confirm_remote_forward,
741	fctx);	737	fctx);
742	freefwd = 0;	738	freefwd = 0;

Lines 248-257 add_local_forward(Options *options, cons Link Here

(-)readconf.c (-5 / +18 lines)
248	{	248	{
249	Forward *fwd;	249	Forward *fwd;
250	extern uid_t original_real_uid;	250	extern uid_t original_real_uid;
		251
251	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)	252	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
252	fatal("Privileged ports can only be forwarded by root.");	253	fatal("Privileged ports can only be forwarded by root.");
253	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	254	options->local_forwards = xrealloc(options->local_forwards,
254	fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);	255	options->num_local_forwards + 1,
		256	sizeof(*options->local_forwards));
255	fwd = &options->local_forwards[options->num_local_forwards++];	257	fwd = &options->local_forwards[options->num_local_forwards++];
256		258
257	fwd->listen_host = newfwd->listen_host;	259	fwd->listen_host = newfwd->listen_host;
Lines 269-277 void Link Here
269	add_remote_forward(Options options, const Forward newfwd)	271	add_remote_forward(Options options, const Forward newfwd)
270	{	272	{
271	Forward *fwd;	273	Forward *fwd;
272	if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)	274
273	fatal("Too many remote forwards (max %d).",	275	options->remote_forwards = xrealloc(options->remote_forwards,
274	SSH_MAX_FORWARDS_PER_DIRECTION);	276	options->num_remote_forwards + 1,
		277	sizeof(*options->remote_forwards));
275	fwd = &options->remote_forwards[options->num_remote_forwards++];	278	fwd = &options->remote_forwards[options->num_remote_forwards++];
276		279
277	fwd->listen_host = newfwd->listen_host;	280	fwd->listen_host = newfwd->listen_host;
Lines 291-302 clear_forwardings(Options *options) Link Here
291	xfree(options->local_forwards[i].listen_host);	294	xfree(options->local_forwards[i].listen_host);
292	xfree(options->local_forwards[i].connect_host);	295	xfree(options->local_forwards[i].connect_host);
293	}	296	}
		297	if (options->num_local_forwards > 0) {
		298	xfree(options->local_forwards);
		299	options->local_forwards = NULL;
		300	}
294	options->num_local_forwards = 0;	301	options->num_local_forwards = 0;
295	for (i = 0; i < options->num_remote_forwards; i++) {	302	for (i = 0; i < options->num_remote_forwards; i++) {
296	if (options->remote_forwards[i].listen_host != NULL)	303	if (options->remote_forwards[i].listen_host != NULL)
297	xfree(options->remote_forwards[i].listen_host);	304	xfree(options->remote_forwards[i].listen_host);
298	xfree(options->remote_forwards[i].connect_host);	305	xfree(options->remote_forwards[i].connect_host);
299	}	306	}
		307	if (options->num_remote_forwards > 0) {
		308	xfree(options->remote_forwards);
		309	options->remote_forwards = NULL;
		310	}
300	options->num_remote_forwards = 0;	311	options->num_remote_forwards = 0;
301	options->tun_open = SSH_TUNMODE_NO;	312	options->tun_open = SSH_TUNMODE_NO;
302	}	313	}
Lines 1043-1049 initialize_options(Options * options) Link Here
1043	options->user_hostfile = NULL;	1054	options->user_hostfile = NULL;
1044	options->system_hostfile2 = NULL;	1055	options->system_hostfile2 = NULL;
1045	options->user_hostfile2 = NULL;	1056	options->user_hostfile2 = NULL;
		1057	options->local_forwards = NULL;
1046	options->num_local_forwards = 0;	1058	options->num_local_forwards = 0;
		1059	options->remote_forwards = NULL;
1047	options->num_remote_forwards = 0;	1060	options->num_remote_forwards = 0;
1048	options->clear_forwardings = -1;	1061	options->clear_forwardings = -1;
1049	options->log_level = SYSLOG_LEVEL_NOT_SET;	1062	options->log_level = SYSLOG_LEVEL_NOT_SET;