Bugzilla – Attachment 3024 Details for
Bug 2751
permitopen but for -R option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch exported from github pull request
74.patch (text/plain), 2.23 KB, created by
Pablo
on 2017-07-28 23:29:57 AEST
(
hide
)
Description:
patch exported from github pull request
Filename:
MIME Type:
Creator:
Pablo
Created:
2017-07-28 23:29:57 AEST
Size:
2.23 KB
patch
obsolete
>From abdae2e40fceb278fa55c9797aa83ec5984f4151 Mon Sep 17 00:00:00 2001 >From: biagioni84 <biagioni84@gmail.com> >Date: Tue, 25 Jul 2017 11:15:08 -0300 >Subject: [PATCH] permitopen for -R > >--- > channels.c | 21 +++++++++++++++++++++ > channels.h | 1 + > serverloop.c | 3 +++ > 3 files changed, 25 insertions(+) > >diff --git a/channels.c b/channels.c >index 028d5db20..01db931a6 100644 >--- a/channels.c >+++ b/channels.c >@@ -3444,6 +3444,27 @@ channel_request_rforward_cancel(struct Forward *fwd) > } > > /* >+ * checks if host/port are allowed for remote forward >+ */ >+int >+channel_permitted_remote_fwd(char *host, int port) >+{ >+ int i; >+ if(all_opens_permitted){ >+ debug("no rule found for permitopen, allowed by default"); >+ return 1; >+ } >+ for (i = 0; i < num_permitted_opens; i++) { >+ if((permitted_opens[i].port_to_connect==port) >+ &&(strcmp(permitted_opens[i].host_to_connect,host)==0) >+ ){ >+ debug("allowed host: %s port %i",host,port); >+ return 1; >+ } >+ } >+return 0; >+} >+/* > * Permits opening to any host/port if permitted_opens[] is empty. This is > * usually called by the server, because the user could connect to any port > * anyway, and the server has no way to know but to trust the client anyway. >diff --git a/channels.h b/channels.h >index 36e5363aa..caa28fa1e 100644 >--- a/channels.h >+++ b/channels.h >@@ -265,6 +265,7 @@ struct Forward; > struct ForwardOptions; > void channel_set_af(int af); > void channel_permit_all_opens(void); >+int channel_permitted_remote_fwd(char *host, int port); > void channel_add_permitted_opens(char *, int); > int channel_add_adm_permitted_opens(char *, int); > void channel_disable_adm_local_opens(void); >diff --git a/serverloop.c b/serverloop.c >index b5eb3440a..1e86b69a7 100644 >--- a/serverloop.c >+++ b/serverloop.c >@@ -736,6 +736,9 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) > !bind_permitted(fwd.listen_port, pw->pw_uid))) { > success = 0; > packet_send_debug("Server has disabled port forwarding."); >+ } else if(!channel_permitted_remote_fwd(fwd.listen_host, fwd.listen_port)) { >+ success = 0; >+ packet_send_debug("Server has disabled remote forwarding for this port."); > } else { > /* Start listening on the port */ > success = channel_setup_remote_fwd_listener(&fwd,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3024">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2751
: 3024