Attachment #2976 for bug #2711

View | Details | Raw Unified | Return to bug 2711
Collapse All | Expand All




	authorized_principals = NULL;
	forced_tun_device = -1;
	channel_clear_permitted_opens();
	channel_clear_permitted_gatewayports();
}

/*

			/* deny access */
			return 0;
		}
		cp = "permitgwport=\"";
		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *p;
			int port;
			char *patterns = xmalloc(strlen(opts) + 1);

			opts += strlen(cp);
			i = 0;
			while (*opts) {
				if (*opts == '"')
					break;
				if (*opts == '\\' && opts[1] == '"') {
					opts += 2;
					patterns[i++] = '"';
					continue;
				}
				patterns[i++] = *opts++;
			}
			if (!*opts) {
				debug("%.100s, line %lu: missing end quote",
				    file, linenum);
				auth_debug_add("%.100s, line %lu: missing "
				    "end quote", file, linenum);
				free(patterns);
				goto bad_option;
			}
			patterns[i] = '\0';
			opts++;
			p = patterns;
			port = a2port(p);
			if (port <= 0 || port >= 65536) {
				debug("%.100s, line %lu: Bad permitgwport "
				    "specification <%.100s>", file, linenum,
				    patterns);
				auth_debug_add("%.100s, line %lu: "
				    "Bad permitgwport specification", file,
				    linenum);
				free(patterns);
				goto bad_option;
			}
			if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0)
				channel_add_permitted_gatewayports(port);
			free(patterns);
			goto next_option;
		}
		cp = "permitopen=\"";
		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *host, *p;

Lines 135-140 Link Here

(-)channels.c.orig (-2 / +44 lines)
135	/* Number of permitted host/port pair in the array permitted by the admin. */	135	/* Number of permitted host/port pair in the array permitted by the admin. */
136	static int num_adm_permitted_opens = 0;	136	static int num_adm_permitted_opens = 0;
137		137
		138	/* List of all permitted ports allowed to be gateway ports by the user */
		139	static int *permitted_gatewayports = NULL;
		140
		141	/* Number of permitted ports allowed to be gateway ports by the user */
		142	static int num_permitted_gatewayports = 0;
		143
138	/* special-case port number meaning allow any port */	144	/* special-case port number meaning allow any port */
139	#define FWD_PERMIT_ANY_PORT 0	145	#define FWD_PERMIT_ANY_PORT 0
140		146
Lines 3303-3308 Link Here
3303	return 1;	3309	return 1;
3304	}	3310	}
3305		3311
		3312	int
		3313	gatewayport_permit(int requestedport)
		3314	{
		3315	int i, permit = 0;
		3316	for (i = 0; i < num_permitted_gatewayports; i++) {
		3317	if (permitted_gatewayports[i] == requestedport) {
		3318	permit = 1;
		3319	break;
		3320	}
		3321	}
		3322	if (!permit) {
		3323	logit("Received request for gateway port %d, "
		3324	"but the request was denied.", requestedport);
		3325	return 0;
		3326	}
		3327	return 1;
		3328	}
		3329
3306	/*	3330	/*
3307	* Note that in the listen host/port case	3331	* Note that in the listen host/port case
3308	* we don't support FWD_PERMIT_ANY_PORT and	3332	* we don't support FWD_PERMIT_ANY_PORT and
Lines 3482-3489 Link Here
3482	void	3506	void
3483	channel_permit_all_opens(void)	3507	channel_permit_all_opens(void)
3484	{	3508	{
3485	if (num_permitted_opens == 0)	3509	/* always require explicit permitopens */
3486	all_opens_permitted = 1;	3510	all_opens_permitted = 0;
3487	}	3511	}
3488		3512
3489	void	3513	void
Lines 3503-3508 Link Here
3503	all_opens_permitted = 0;	3527	all_opens_permitted = 0;
3504	}	3528	}
3505		3529
		3530	void
		3531	channel_add_permitted_gatewayports(int port)
		3532	{
		3533	debug("allow gatewayport %d", port);
		3534	permitted_gatewayports = xreallocarray(permitted_gatewayports,
		3535	num_permitted_gatewayports + 1, sizeof(*permitted_gatewayports));
		3536	permitted_gatewayports[num_permitted_gatewayports] = port;
		3537	num_permitted_gatewayports++;
		3538	}
		3539
3506	/*	3540	/*
3507	* Update the listen port for a dynamic remote forward, after	3541	* Update the listen port for a dynamic remote forward, after
3508	* the actual 'newport' has been allocated. If 'newport' < 0 is	3542	* the actual 'newport' has been allocated. If 'newport' < 0 is
Lines 3577-3582 Link Here
3577	}	3611	}
3578		3612
3579	void	3613	void
		3614	channel_clear_permitted_gatewayports(void)
		3615	{
		3616	free(permitted_gatewayports);
		3617	permitted_gatewayports = NULL;
		3618	num_permitted_gatewayports = 0;
		3619	}
		3620
		3621	void
3580	channel_clear_adm_permitted_opens(void)	3622	channel_clear_adm_permitted_opens(void)
3581	{	3623	{
3582	int i;	3624	int i;




void	 channel_set_af(int af);
void     channel_permit_all_opens(void);
void	 channel_add_permitted_opens(char *, int);
void	 channel_add_permitted_gatewayports(int);
int	 channel_add_adm_permitted_opens(char *, int);
void	 channel_disable_adm_local_opens(void);
void	 channel_update_permitted_opens(int, int);
void	 channel_clear_permitted_opens(void);
void	 channel_clear_permitted_gatewayports(void);
void	 channel_clear_adm_permitted_opens(void);
void 	 channel_print_adm_permitted_opens(void);
int      channel_input_port_forward_request(int, struct ForwardOptions *);

int	 channel_cancel_rport_listener(struct Forward *);
int	 channel_cancel_lport_listener(struct Forward *, int, struct ForwardOptions *);
int	 permitopen_port(const char *);
int	 gatewayport_permit(int);

/* x11 forwarding */


Lines 1240-1245 Link Here

(-)serverloop.c.orig (+1 lines)
1240	if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 \|\|	1240	if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 \|\|
1241	no_port_forwarding_flag \|\|	1241	no_port_forwarding_flag \|\|
1242	(!want_reply && fwd.listen_port == 0)	1242	(!want_reply && fwd.listen_port == 0)
		1243	\|\| !gatewayport_permit(fwd.listen_port)
1243	#ifndef NO_IPPORT_RESERVED_CONCEPT	1244	#ifndef NO_IPPORT_RESERVED_CONCEPT
1244	\|\| (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&	1245	\|\| (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
1245	pw->pw_uid != 0)	1246	pw->pw_uid != 0)

Return to bug 2711

Lines 81-86 Link Here

(-)auth-options.c.orig (+46 lines)
81	authorized_principals = NULL;	81	authorized_principals = NULL;
82	forced_tun_device = -1;	82	forced_tun_device = -1;
83	channel_clear_permitted_opens();	83	channel_clear_permitted_opens();
		84	channel_clear_permitted_gatewayports();
84	}	85	}
85		86
86	/*	87	/*
Lines 326-331 Link Here
326	/* deny access */	327	/* deny access */
327	return 0;	328	return 0;
328	}	329	}
		330	cp = "permitgwport=\"";
		331	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
		332	char *p;
		333	int port;
		334	char *patterns = xmalloc(strlen(opts) + 1);
		335
		336	opts += strlen(cp);
		337	i = 0;
		338	while (*opts) {
		339	if (*opts == '"')
		340	break;
		341	if (*opts == '\\' && opts[1] == '"') {
		342	opts += 2;
		343	patterns[i++] = '"';
		344	continue;
		345	}
		346	patterns[i++] = *opts++;
		347	}
		348	if (!*opts) {
		349	debug("%.100s, line %lu: missing end quote",
		350	file, linenum);
		351	auth_debug_add("%.100s, line %lu: missing "
		352	"end quote", file, linenum);
		353	free(patterns);
		354	goto bad_option;
		355	}
		356	patterns[i] = '\0';
		357	opts++;
		358	p = patterns;
		359	port = a2port(p);
		360	if (port <= 0 \|\| port >= 65536) {
		361	debug("%.100s, line %lu: Bad permitgwport "
		362	"specification <%.100s>", file, linenum,
		363	patterns);
		364	auth_debug_add("%.100s, line %lu: "
		365	"Bad permitgwport specification", file,
		366	linenum);
		367	free(patterns);
		368	goto bad_option;
		369	}
		370	if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0)
		371	channel_add_permitted_gatewayports(port);
		372	free(patterns);
		373	goto next_option;
		374	}
329	cp = "permitopen=\"";	375	cp = "permitopen=\"";
330	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	376	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
331	char host, p;	377	char host, p;

Lines 261-270 Link Here

(-)channels.h.orig (+3 lines)
261	void channel_set_af(int af);	261	void channel_set_af(int af);
262	void channel_permit_all_opens(void);	262	void channel_permit_all_opens(void);
263	void channel_add_permitted_opens(char *, int);	263	void channel_add_permitted_opens(char *, int);
		264	void channel_add_permitted_gatewayports(int);
264	int channel_add_adm_permitted_opens(char *, int);	265	int channel_add_adm_permitted_opens(char *, int);
265	void channel_disable_adm_local_opens(void);	266	void channel_disable_adm_local_opens(void);
266	void channel_update_permitted_opens(int, int);	267	void channel_update_permitted_opens(int, int);
267	void channel_clear_permitted_opens(void);	268	void channel_clear_permitted_opens(void);
		269	void channel_clear_permitted_gatewayports(void);
268	void channel_clear_adm_permitted_opens(void);	270	void channel_clear_adm_permitted_opens(void);
269	void channel_print_adm_permitted_opens(void);	271	void channel_print_adm_permitted_opens(void);
270	int channel_input_port_forward_request(int, struct ForwardOptions *);	272	int channel_input_port_forward_request(int, struct ForwardOptions *);
Lines 281-286 Link Here
281	int channel_cancel_rport_listener(struct Forward *);	283	int channel_cancel_rport_listener(struct Forward *);
282	int channel_cancel_lport_listener(struct Forward , int, struct ForwardOptions );	284	int channel_cancel_lport_listener(struct Forward , int, struct ForwardOptions );
283	int permitopen_port(const char *);	285	int permitopen_port(const char *);
		286	int gatewayport_permit(int);
284		287
285	/* x11 forwarding */	288	/* x11 forwarding */
286		289