Attachment #580 for bug #756




	return success;
}

int
channel_cancel_rport_listener(const char *host, u_short port)
{
	int i, found = 0;

	for(i = 0; i < channels_alloc; i++) {
		Channel *c = channels[i];

		if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER) {
			debug3("Channel %d %s:%d vs close msg %s:%d", 
			    c->self, c->path, c->host_port, host, port);
			if (strncmp(c->path, host, sizeof(c->path)) == 0 &&
		    	    c->listening_port == port) {
				debug2("%s: close clannel %d", __func__, i);
				channel_free(c);
				found = 1;
			}
		}
	}

	return (found);
}

/* protocol local port fwd, used by ssh (and sshd in v1) */
int
channel_setup_local_fwd_listener(u_short listen_port,

}

/*
 * Request cancellation of remote forwarding of connection host:port from 
 * local side.
 */

void
channel_request_rforward_cancel(u_short port)
{
	int i;
	const char *address_to_bind = "0.0.0.0";

	if (!compat20)
		return;

	for (i = 0; i < num_permitted_opens; i++) {
		if (permitted_opens[i].host_to_connect != NULL && 
		    permitted_opens[i].listen_port == port)
			break;
	}
	if (i >= num_permitted_opens) {
		debug("%s: requested forward not found", __func__);
		return;
	}
	packet_start(SSH2_MSG_GLOBAL_REQUEST);
	packet_put_cstring("cancel-tcpip-forward");
	packet_put_char(0);
	packet_put_cstring(address_to_bind);
	packet_put_int(port);
	packet_send();

	permitted_opens[i].listen_port = 0;
	permitted_opens[i].port_to_connect = 0;
	free(permitted_opens[i].host_to_connect);
	permitted_opens[i].host_to_connect = NULL;
}

/*
 * This is called after receiving CHANNEL_FORWARDING_REQUEST.  This initates
 * listening for the port, and sends back a success reply (or disconnect
 * message if there was an error).  This never returns if there was an error.

	int i;

	for (i = 0; i < num_permitted_opens; i++)
		if (permitted_opens[i].host_to_connect != NULL)
			xfree(permitted_opens[i].host_to_connect);
	num_permitted_opens = 0;

}

	int i;

	for (i = 0; i < num_permitted_opens; i++)
		if (permitted_opens[i].host_to_connect != NULL &&
		    permitted_opens[i].listen_port == listen_port)
			return connect_to(
			    permitted_opens[i].host_to_connect,
			    permitted_opens[i].port_to_connect);

	permit = all_opens_permitted;
	if (!permit) {
		for (i = 0; i < num_permitted_opens; i++)
			if (permitted_opens[i].host_to_connect != NULL &&
			    permitted_opens[i].port_to_connect == port &&
			    strcmp(permitted_opens[i].host_to_connect, host) == 0)
				permit = 1;


Lines 199-206 Link Here

(-)channels.h (+2 lines)
199	int channel_connect_to(const char *, u_short);	199	int channel_connect_to(const char *, u_short);
200	int channel_connect_by_listen_address(u_short);	200	int channel_connect_by_listen_address(u_short);
201	void channel_request_remote_forwarding(u_short, const char *, u_short);	201	void channel_request_remote_forwarding(u_short, const char *, u_short);
		202	void channel_request_rforward_cancel(u_short port);
202	int channel_setup_local_fwd_listener(u_short, const char *, u_short, int);	203	int channel_setup_local_fwd_listener(u_short, const char *, u_short, int);
203	int channel_setup_remote_fwd_listener(const char *, u_short, int);	204	int channel_setup_remote_fwd_listener(const char *, u_short, int);
		205	int channel_cancel_rport_listener(const char *, u_short);
204		206
205	/* x11 forwarding */	207	/* x11 forwarding */
206		208

Lines 507-512 Link Here

(-)clientloop.c (-24 / +58 lines)
507	char s, cmd;	507	char s, cmd;
508	u_short fwd_port, fwd_host_port;	508	u_short fwd_port, fwd_host_port;
509	char buf[1024], sfwd_port[6], sfwd_host_port[6];	509	char buf[1024], sfwd_port[6], sfwd_host_port[6];
		510	int delete = 0;
510	int local = 0;	511	int local = 0;
511		512
512	leave_raw_mode();	513	leave_raw_mode();
Lines 516-559 Link Here
516	goto out;	517	goto out;
517	while (s && isspace(s))	518	while (s && isspace(s))
518	s++;	519	s++;
		520	if (*s == '-')
		521	s++; /* Skip cmdline '-', if any */
519	if (*s == 0)	522	if (*s == 0)
520	goto out;	523	goto out;
521	if (strlen(s) < 2 \|\| s[0] != '-' \|\| !(s[1] == 'L' \|\| s[1] == 'R')) {	524
		525	if (*s == '?') {
		526	logit("Commands:");
		527	logit(" -Lport:host:hostport Request local forward");
		528	logit(" -Rport:host:hostport Request remote forward");
		529	logit(" -KRhostport Cancel remote forward");
		530	goto out;
		531	}
		532
		533	if (*s == 'K') {
		534	delete = 1;
		535	s++;
		536	}
		537	if (s != 'L' && s != 'R') {
522	logit("Invalid command.");	538	logit("Invalid command.");
523	goto out;	539	goto out;
524	}	540	}
525	if (s[1] == 'L')	541	if (*s == 'L')
526	local = 1;	542	local = 1;
527	if (!local && !compat20) {	543	if (local && delete) {
		544	logit("Not supported.");
		545	goto out;
		546	}
		547	if ((!local \|\| delete) && !compat20) {
528	logit("Not supported for SSH protocol version 1.");	548	logit("Not supported for SSH protocol version 1.");
529	goto out;	549	goto out;
530	}	550	}
531	s += 2;	551
		552	s++;
532	while (s && isspace(s))	553	while (s && isspace(s))
533	s++;	554	s++;
534		555
535	if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",	556	if (delete) {
536	sfwd_port, buf, sfwd_host_port) != 3 &&	557	if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) {
537	sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",	558	logit("Bad forwarding specification.");
538	sfwd_port, buf, sfwd_host_port) != 3) {
539	logit("Bad forwarding specification.");
540	goto out;
541	}
542	if ((fwd_port = a2port(sfwd_port)) == 0 \|\|
543	(fwd_host_port = a2port(sfwd_host_port)) == 0) {
544	logit("Bad forwarding port(s).");
545	goto out;
546	}
547	if (local) {
548	if (channel_setup_local_fwd_listener(fwd_port, buf,
549	fwd_host_port, options.gateway_ports) < 0) {
550	logit("Port forwarding failed.");
551	goto out;	559	goto out;
552	}	560	}
553	} else	561	if ((fwd_host_port = a2port(sfwd_host_port)) == 0) {
554	channel_request_remote_forwarding(fwd_port, buf,	562	logit("Bad forwarding port(s).");
555	fwd_host_port);	563	goto out;
556	logit("Forwarding port.");	564	}
		565	channel_request_rforward_cancel(fwd_host_port);
		566	} else {
		567	if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]",
		568	sfwd_port, buf, sfwd_host_port) != 3 &&
		569	sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
		570	sfwd_port, buf, sfwd_host_port) != 3) {
		571	logit("Bad forwarding specification.");
		572	goto out;
		573	}
		574	if ((fwd_port = a2port(sfwd_port)) == 0 \|\|
		575	(fwd_host_port = a2port(sfwd_host_port)) == 0) {
		576	logit("Bad forwarding port(s).");
		577	goto out;
		578	}
		579	if (local) {
		580	if (channel_setup_local_fwd_listener(fwd_port, buf,
		581	fwd_host_port, options.gateway_ports) < 0) {
		582	logit("Port forwarding failed.");
		583	goto out;
		584	}
		585	} else
		586	channel_request_remote_forwarding(fwd_port, buf,
		587	fwd_host_port);
		588	logit("Forwarding port.");
		589	}
		590
557	out:	591	out:
558	signal(SIGINT, handler);	592	signal(SIGINT, handler);
559	enter_raw_mode();	593	enter_raw_mode();




			    listen_address, listen_port, options.gateway_ports);
		}
		xfree(listen_address);
	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
		char *cancel_address;
		u_short cancel_port;

		cancel_address = packet_get_string(NULL);
		cancel_port = (u_short)packet_get_int();
		debug("server_input_global_request: cancel-tcpip-forward addr %s port %d",
		    cancel_address, cancel_port);

		success = channel_cancel_rport_listener(cancel_address,
		    cancel_port);
	}
	if (want_reply) {
		packet_start(success ?

Return to bug 756

Lines 2218-2223 Link Here

(-)channels.c (-3 / +65 lines)
2218	return success;	2218	return success;
2219	}	2219	}
2220		2220
		2221	int
		2222	channel_cancel_rport_listener(const char *host, u_short port)
		2223	{
		2224	int i, found = 0;
		2225
		2226	for(i = 0; i < channels_alloc; i++) {
		2227	Channel *c = channels[i];
		2228
		2229	if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER) {
		2230	debug3("Channel %d %s:%d vs close msg %s:%d",
		2231	c->self, c->path, c->host_port, host, port);
		2232	if (strncmp(c->path, host, sizeof(c->path)) == 0 &&
		2233	c->listening_port == port) {
		2234	debug2("%s: close clannel %d", __func__, i);
		2235	channel_free(c);
		2236	found = 1;
		2237	}
		2238	}
		2239	}
		2240
		2241	return (found);
		2242	}
		2243
2221	/* protocol local port fwd, used by ssh (and sshd in v1) */	2244	/* protocol local port fwd, used by ssh (and sshd in v1) */
2222	int	2245	int
2223	channel_setup_local_fwd_listener(u_short listen_port,	2246	channel_setup_local_fwd_listener(u_short listen_port,
Lines 2295-2300 Link Here
2295	}	2318	}
2296		2319
2297	/*	2320	/*
		2321	* Request cancellation of remote forwarding of connection host:port from
		2322	* local side.
		2323	*/
		2324
		2325	void
		2326	channel_request_rforward_cancel(u_short port)
		2327	{
		2328	int i;
		2329	const char *address_to_bind = "0.0.0.0";
		2330
		2331	if (!compat20)
		2332	return;
		2333
		2334	for (i = 0; i < num_permitted_opens; i++) {
		2335	if (permitted_opens[i].host_to_connect != NULL &&
		2336	permitted_opens[i].listen_port == port)
		2337	break;
		2338	}
		2339	if (i >= num_permitted_opens) {
		2340	debug("%s: requested forward not found", __func__);
		2341	return;
		2342	}
		2343	packet_start(SSH2_MSG_GLOBAL_REQUEST);
		2344	packet_put_cstring("cancel-tcpip-forward");
		2345	packet_put_char(0);
		2346	packet_put_cstring(address_to_bind);
		2347	packet_put_int(port);
		2348	packet_send();
		2349
		2350	permitted_opens[i].listen_port = 0;
		2351	permitted_opens[i].port_to_connect = 0;
		2352	free(permitted_opens[i].host_to_connect);
		2353	permitted_opens[i].host_to_connect = NULL;
		2354	}
		2355
		2356	/*
2298	* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates	2357	* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates
2299	* listening for the port, and sends back a success reply (or disconnect	2358	* listening for the port, and sends back a success reply (or disconnect
2300	* message if there was an error). This never returns if there was an error.	2359	* message if there was an error). This never returns if there was an error.
Lines 2361-2367 Link Here
2361	int i;	2420	int i;
2362		2421
2363	for (i = 0; i < num_permitted_opens; i++)	2422	for (i = 0; i < num_permitted_opens; i++)
2364	xfree(permitted_opens[i].host_to_connect);	2423	if (permitted_opens[i].host_to_connect != NULL)
		2424	xfree(permitted_opens[i].host_to_connect);
2365	num_permitted_opens = 0;	2425	num_permitted_opens = 0;
2366		2426
2367	}	2427	}
Lines 2429-2435 Link Here
2429	int i;	2489	int i;
2430		2490
2431	for (i = 0; i < num_permitted_opens; i++)	2491	for (i = 0; i < num_permitted_opens; i++)
2432	if (permitted_opens[i].listen_port == listen_port)	2492	if (permitted_opens[i].host_to_connect != NULL &&
		2493	permitted_opens[i].listen_port == listen_port)
2433	return connect_to(	2494	return connect_to(
2434	permitted_opens[i].host_to_connect,	2495	permitted_opens[i].host_to_connect,
2435	permitted_opens[i].port_to_connect);	2496	permitted_opens[i].port_to_connect);
Lines 2447-2453 Link Here
2447	permit = all_opens_permitted;	2508	permit = all_opens_permitted;
2448	if (!permit) {	2509	if (!permit) {
2449	for (i = 0; i < num_permitted_opens; i++)	2510	for (i = 0; i < num_permitted_opens; i++)
2450	if (permitted_opens[i].port_to_connect == port &&	2511	if (permitted_opens[i].host_to_connect != NULL &&
		2512	permitted_opens[i].port_to_connect == port &&
2451	strcmp(permitted_opens[i].host_to_connect, host) == 0)	2513	strcmp(permitted_opens[i].host_to_connect, host) == 0)
2452	permit = 1;	2514	permit = 1;
2453		2515

Lines 986-991 Link Here

(-)serverloop.c (+11 lines)
986	listen_address, listen_port, options.gateway_ports);	986	listen_address, listen_port, options.gateway_ports);
987	}	987	}
988	xfree(listen_address);	988	xfree(listen_address);
		989	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
		990	char *cancel_address;
		991	u_short cancel_port;
		992
		993	cancel_address = packet_get_string(NULL);
		994	cancel_port = (u_short)packet_get_int();
		995	debug("server_input_global_request: cancel-tcpip-forward addr %s port %d",
		996	cancel_address, cancel_port);
		997
		998	success = channel_cancel_rport_listener(cancel_address,
		999	cancel_port);
989	}	1000	}
990	if (want_reply) {	1001	if (want_reply) {
991	packet_start(success ?	1002	packet_start(success ?