Attachment #3081 for bug #2784

Lines 3358-3366 channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, Link Here

(-)a/channels.c (-2 / +8 lines)
3358	set_reuseaddr(sock);	3358	set_reuseaddr(sock);
3359	if (ai->ai_family == AF_INET6)	3359	if (ai->ai_family == AF_INET6)
3360	sock_set_v6only(sock);	3360	sock_set_v6only(sock);
		3361	if (fwd->rdomain != NULL &&
		3362	set_rdomain(sock, fwd->rdomain) == -1) {
		3363	close(sock);
		3364	continue;
		3365	}
3361		3366
3362	debug("Local forwarding listening on %s port %s.",	3367	debug("Local forwarding listening on %s port %s %s%s.",
3363	ntop, strport);	3368	ntop, strport, fwd->rdomain == NULL ? "" : " rdomain ",
		3369	fwd->rdomain == NULL ? "" : fwd->rdomain);
3364		3370
3365	/* Bind the socket to the address. */	3371	/* Bind the socket to the address. */
3366	if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {	3372	if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {

Lines 26-31 struct Forward { Link Here

(-)a/misc.h (+1 lines)
26	char connect_host; / Host to connect. */	26	char connect_host; / Host to connect. */
27	int connect_port; /* Port to connect on connect_host. */	27	int connect_port; /* Port to connect on connect_host. */
28	char connect_path; / Path to connect domain socket. */	28	char connect_path; / Path to connect domain socket. */
		29	char rdomain; / Routing Domain to listen in. */
29	int allocated_port; /* Dynamically allocated listen port */	30	int allocated_port; /* Dynamically allocated listen port */
30	int handle; /* Handle for dynamic listen ports */	31	int handle; /* Handle for dynamic listen ports */
31	};	32	};




	fwd->connect_host = newfwd->connect_host;
	fwd->connect_port = newfwd->connect_port;
	fwd->connect_path = newfwd->connect_path;
	fwd->rdomain = newfwd->rdomain;
}

/*

	fwd->connect_host = newfwd->connect_host;
	fwd->connect_port = newfwd->connect_port;
	fwd->connect_path = newfwd->connect_path;
	fwd->rdomain = newfwd->rdomain;
	fwd->handle = newfwd->handle;
	fwd->allocated_port = 0;
}

		free(options->local_forwards[i].listen_path);
		free(options->local_forwards[i].connect_host);
		free(options->local_forwards[i].connect_path);
		free(options->local_forwards[i].rdomain);
	}
	if (options->num_local_forwards > 0) {
		free(options->local_forwards);

int
parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
{
	struct fwdarg fwdargs[5];
	char *p, *cp;
	int i;


	while (isspace((u_char)*cp))
		cp++;

	for (i = 0; i < 5; ++i) {
		if (parse_fwd_field(&cp, &fwdargs[i]) != 0)
			break;
	}

		fwd->connect_host = xstrdup(fwdargs[2].arg);
		fwd->connect_port = a2port(fwdargs[3].arg);
		break;

	case 5:
		fwd->listen_host = xstrdup(fwdargs[0].arg);
		fwd->listen_port = a2port(fwdargs[1].arg);
		fwd->connect_host = xstrdup(fwdargs[2].arg);
		fwd->connect_port = a2port(fwdargs[3].arg);
		fwd->rdomain = xstrdup(fwdargs[4].arg);
		break;
	default:
		i = 0; /* failure */
	}

		if (!(i == 1 || i == 2))
			goto fail_free;
	} else {
		if (!(i == 3 || i == 4 || i == 5)) {
			if (fwd->connect_path == NULL &&
			    fwd->listen_path == NULL)
				goto fail_free;

	if (fwd->listen_path != NULL &&
	    strlen(fwd->listen_path) >= PATH_MAX_SUN)
		goto fail_free;
	if (fwd->rdomain != NULL &&
	    !valid_rdomain(fwd->rdomain))
		goto fail_free;

	return (i);


	fwd->listen_host = NULL;
	free(fwd->listen_path);
	fwd->listen_path = NULL;
	free(fwd->rdomain);
	fwd->rdomain = NULL;
	return (0);
}


Lines 323-328 Disables forwarding (delegation) of GSSAPI credentials to the server. Link Here

(-)a/ssh.1 (+10 lines)
323	.Xc	323	.Xc
324	.It Fl L Xo	324	.It Fl L Xo
325	.Sm off	325	.Sm off
		326	.Ar bind_address : port : host : hostport : routing_domain
		327	.Sm on
		328	.Xc
		329	.It Fl L Xo
		330	.Sm off
326	.Oo Ar bind_address : Oc	331	.Oo Ar bind_address : Oc
327	.Ar port : remote_socket	332	.Ar port : remote_socket
328	.Sm on	333	.Sm on
Lines 374-379 empty address or Link Here
374	.Sq *	379	.Sq *
375	indicates that the port should be available from all interfaces.	380	indicates that the port should be available from all interfaces.
376	.Pp	381	.Pp
		382	.Ar routing_domain
		383	can also be specified, which makes the
		384	.Ar bind_address
		385	mandatory, to bind the local port in a specific Routing Domain.
		386	.Pp
377	.It Fl l Ar login_name	387	.It Fl l Ar login_name
378	Specifies the user to log in as on the remote machine.	388	Specifies the user to log in as on the remote machine.
379	This also may be specified on a per-host basis in the configuration file.	389	This also may be specified on a per-host basis in the configuration file.

Lines 1655-1661 ssh_init_forwarding(struct ssh ssh, char *ifname) Link Here

(-)a/ssh.c (-1 / +5 lines)
1655		1655
1656	/* Initiate local TCP/IP port forwardings. */	1656	/* Initiate local TCP/IP port forwardings. */
1657	for (i = 0; i < options.num_local_forwards; i++) {	1657	for (i = 0; i < options.num_local_forwards; i++) {
1658	debug("Local connections to %.200s:%d forwarded to remote "	1658	debug("Local connections to %.200s:%d%s%s forwarded to remote "
1659	"address %.200s:%d",	1659	"address %.200s:%d",
1660	(options.local_forwards[i].listen_path != NULL) ?	1660	(options.local_forwards[i].listen_path != NULL) ?
1661	options.local_forwards[i].listen_path :	1661	options.local_forwards[i].listen_path :
Lines 1663-1668 ssh_init_forwarding(struct ssh ssh, char *ifname) Link Here
1663	(options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :	1663	(options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
1664	options.local_forwards[i].listen_host,	1664	options.local_forwards[i].listen_host,
1665	options.local_forwards[i].listen_port,	1665	options.local_forwards[i].listen_port,
		1666	options.local_forwards[i].rdomain != NULL ?
		1667	" rdomain " : "",
		1668	options.local_forwards[i].rdomain != NULL ?
		1669	options.local_forwards[i].rdomain : "",
1666	(options.local_forwards[i].connect_path != NULL) ?	1670	(options.local_forwards[i].connect_path != NULL) ?
1667	options.local_forwards[i].connect_path :	1671	options.local_forwards[i].connect_path :
1668	options.local_forwards[i].connect_host,	1672	options.local_forwards[i].connect_host,

Lines 1068-1073 indicates that the listening port be bound for local use only, while an Link Here

(-)a/ssh_config.5 (-1 / +4 lines)
1068	empty address or	1068	empty address or
1069	.Sq *	1069	.Sq *
1070	indicates that the port should be available from all interfaces.	1070	indicates that the port should be available from all interfaces.
		1071	.Ar bind_address : Ns Ar port : Ns Ar host : Ns Ar hostport : Ns Ar routing_domain
		1072	can also be used, which makes the
		1073	.Ar bind_address
		1074	mandatory, to bind the local port in a specific Routing Domain.
1071	.It Cm LogLevel	1075	.It Cm LogLevel
1072	Gives the verbosity level that is used when logging messages from	1076	Gives the verbosity level that is used when logging messages from
1073	.Xr ssh 1 .	1077	.Xr ssh 1 .
1074	-

Return to bug 2784

Lines 341-346 add_local_forward(Options options, const struct Forward newfwd) Link Here

(-)a/readconf.c (-3 / +19 lines)
341	fwd->connect_host = newfwd->connect_host;	341	fwd->connect_host = newfwd->connect_host;
342	fwd->connect_port = newfwd->connect_port;	342	fwd->connect_port = newfwd->connect_port;
343	fwd->connect_path = newfwd->connect_path;	343	fwd->connect_path = newfwd->connect_path;
		344	fwd->rdomain = newfwd->rdomain;
344	}	345	}
345		346
346	/*	347	/*
Lines 370-375 add_remote_forward(Options options, const struct Forward newfwd) Link Here
370	fwd->connect_host = newfwd->connect_host;	371	fwd->connect_host = newfwd->connect_host;
371	fwd->connect_port = newfwd->connect_port;	372	fwd->connect_port = newfwd->connect_port;
372	fwd->connect_path = newfwd->connect_path;	373	fwd->connect_path = newfwd->connect_path;
		374	fwd->rdomain = newfwd->rdomain;
373	fwd->handle = newfwd->handle;	375	fwd->handle = newfwd->handle;
374	fwd->allocated_port = 0;	376	fwd->allocated_port = 0;
375	}	377	}
Lines 384-389 clear_forwardings(Options *options) Link Here
384	free(options->local_forwards[i].listen_path);	386	free(options->local_forwards[i].listen_path);
385	free(options->local_forwards[i].connect_host);	387	free(options->local_forwards[i].connect_host);
386	free(options->local_forwards[i].connect_path);	388	free(options->local_forwards[i].connect_path);
		389	free(options->local_forwards[i].rdomain);
387	}	390	}
388	if (options->num_local_forwards > 0) {	391	if (options->num_local_forwards > 0) {
389	free(options->local_forwards);	392	free(options->local_forwards);
Lines 2129-2135 done: Link Here
2129	int	2132	int
2130	parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remotefwd)	2133	parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remotefwd)
2131	{	2134	{
2132	struct fwdarg fwdargs[4];	2135	struct fwdarg fwdargs[5];
2133	char p, cp;	2136	char p, cp;
2134	int i;	2137	int i;
2135		2138
Lines 2142-2148 parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remo Link Here
2142	while (isspace((u_char)*cp))	2145	while (isspace((u_char)*cp))
2143	cp++;	2146	cp++;
2144		2147
2145	for (i = 0; i < 4; ++i) {	2148	for (i = 0; i < 5; ++i) {
2146	if (parse_fwd_field(&cp, &fwdargs[i]) != 0)	2149	if (parse_fwd_field(&cp, &fwdargs[i]) != 0)
2147	break;	2150	break;
2148	}	2151	}
Lines 2207-2212 parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remo Link Here
2207	fwd->connect_host = xstrdup(fwdargs[2].arg);	2210	fwd->connect_host = xstrdup(fwdargs[2].arg);
2208	fwd->connect_port = a2port(fwdargs[3].arg);	2211	fwd->connect_port = a2port(fwdargs[3].arg);
2209	break;	2212	break;
		2213
		2214	case 5:
		2215	fwd->listen_host = xstrdup(fwdargs[0].arg);
		2216	fwd->listen_port = a2port(fwdargs[1].arg);
		2217	fwd->connect_host = xstrdup(fwdargs[2].arg);
		2218	fwd->connect_port = a2port(fwdargs[3].arg);
		2219	fwd->rdomain = xstrdup(fwdargs[4].arg);
		2220	break;
2210	default:	2221	default:
2211	i = 0; /* failure */	2222	i = 0; /* failure */
2212	}	2223	}
Lines 2217-2223 parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remo Link Here
2217	if (!(i == 1 \|\| i == 2))	2228	if (!(i == 1 \|\| i == 2))
2218	goto fail_free;	2229	goto fail_free;
2219	} else {	2230	} else {
2220	if (!(i == 3 \|\| i == 4)) {	2231	if (!(i == 3 \|\| i == 4 \|\| i == 5)) {
2221	if (fwd->connect_path == NULL &&	2232	if (fwd->connect_path == NULL &&
2222	fwd->listen_path == NULL)	2233	fwd->listen_path == NULL)
2223	goto fail_free;	2234	goto fail_free;
Lines 2242-2247 parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remo Link Here
2242	if (fwd->listen_path != NULL &&	2253	if (fwd->listen_path != NULL &&
2243	strlen(fwd->listen_path) >= PATH_MAX_SUN)	2254	strlen(fwd->listen_path) >= PATH_MAX_SUN)
2244	goto fail_free;	2255	goto fail_free;
		2256	if (fwd->rdomain != NULL &&
		2257	!valid_rdomain(fwd->rdomain))
		2258	goto fail_free;
2245		2259
2246	return (i);	2260	return (i);
2247		2261
Lines 2254-2259 parse_forward(struct Forward fwd, const char fwdspec, int dynamicfwd, int remo Link Here
2254	fwd->listen_host = NULL;	2268	fwd->listen_host = NULL;
2255	free(fwd->listen_path);	2269	free(fwd->listen_path);
2256	fwd->listen_path = NULL;	2270	fwd->listen_path = NULL;
		2271	free(fwd->rdomain);
		2272	fwd->rdomain = NULL;
2257	return (0);	2273	return (0);
2258	}	2274	}
2259		2275