Attachment #3024 for bug #2751

View | Details | Raw Unified | Return to bug 2751
Collapse All | Expand All




}

/*
 * checks if host/port are allowed for remote forward
 */
int
channel_permitted_remote_fwd(char *host, int port)
{
	int i;
	if(all_opens_permitted){
		debug("no rule found for permitopen, allowed by default");
		return 1;
	}
	for (i = 0; i < num_permitted_opens; i++) {
		if((permitted_opens[i].port_to_connect==port)
			&&(strcmp(permitted_opens[i].host_to_connect,host)==0)
			){
			debug("allowed host: %s port %i",host,port);
			return 1;
		}
	}
return 0;
}
/*
 * Permits opening to any host/port if permitted_opens[] is empty.  This is
 * usually called by the server, because the user could connect to any port
 * anyway, and the server has no way to know but to trust the client anyway.

Lines 265-270 struct Forward; Link Here

(-)a/channels.h (+1 lines)
265	struct ForwardOptions;	265	struct ForwardOptions;
266	void channel_set_af(int af);	266	void channel_set_af(int af);
267	void channel_permit_all_opens(void);	267	void channel_permit_all_opens(void);
		268	int channel_permitted_remote_fwd(char *host, int port);
268	void channel_add_permitted_opens(char *, int);	269	void channel_add_permitted_opens(char *, int);
269	int channel_add_adm_permitted_opens(char *, int);	270	int channel_add_adm_permitted_opens(char *, int);
270	void channel_disable_adm_local_opens(void);	271	void channel_disable_adm_local_opens(void);

Lines 736-741 server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/serverloop.c (+3 lines)
736	!bind_permitted(fwd.listen_port, pw->pw_uid))) {	736	!bind_permitted(fwd.listen_port, pw->pw_uid))) {
737	success = 0;	737	success = 0;
738	packet_send_debug("Server has disabled port forwarding.");	738	packet_send_debug("Server has disabled port forwarding.");
		739	} else if(!channel_permitted_remote_fwd(fwd.listen_host, fwd.listen_port)) {
		740	success = 0;
		741	packet_send_debug("Server has disabled remote forwarding for this port.");
739	} else {	742	} else {
740	/* Start listening on the port */	743	/* Start listening on the port */
741	success = channel_setup_remote_fwd_listener(&fwd,	744	success = channel_setup_remote_fwd_listener(&fwd,

Return to bug 2751

Lines 3444-3449 channel_request_rforward_cancel(struct Forward *fwd) Link Here

(-)a/channels.c (+21 lines)
3444	}	3444	}
3445		3445
3446	/*	3446	/*
		3447	* checks if host/port are allowed for remote forward
		3448	*/
		3449	int
		3450	channel_permitted_remote_fwd(char *host, int port)
		3451	{
		3452	int i;
		3453	if(all_opens_permitted){
		3454	debug("no rule found for permitopen, allowed by default");
		3455	return 1;
		3456	}
		3457	for (i = 0; i < num_permitted_opens; i++) {
		3458	if((permitted_opens[i].port_to_connect==port)
		3459	&&(strcmp(permitted_opens[i].host_to_connect,host)==0)
		3460	){
		3461	debug("allowed host: %s port %i",host,port);
		3462	return 1;
		3463	}
		3464	}
		3465	return 0;
		3466	}
		3467	/*
3447	* Permits opening to any host/port if permitted_opens[] is empty. This is	3468	* Permits opening to any host/port if permitted_opens[] is empty. This is
3448	* usually called by the server, because the user could connect to any port	3469	* usually called by the server, because the user could connect to any port
3449	* anyway, and the server has no way to know but to trust the client anyway.	3470	* anyway, and the server has no way to know but to trust the client anyway.