Bugzilla – Attachment 580 Details for
Bug 756
sshd does not support global request cancel-tcpip-forward
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fixed cancel-tcpip-forward patch
stopforward.diff (text/plain), 7.63 KB, created by
Damien Miller
on 2004-03-30 22:34:04 AEST
(
hide
)
Description:
Fixed cancel-tcpip-forward patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2004-03-30 22:34:04 AEST
Size:
7.63 KB
patch
obsolete
>Index: channels.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.c,v >retrieving revision 1.200 >diff -u -r1.200 channels.c >--- channels.c 19 Jan 2004 09:24:21 -0000 1.200 >+++ channels.c 30 Mar 2004 12:35:14 -0000 >@@ -2218,6 +2218,29 @@ > return success; > } > >+int >+channel_cancel_rport_listener(const char *host, u_short port) >+{ >+ int i, found = 0; >+ >+ for(i = 0; i < channels_alloc; i++) { >+ Channel *c = channels[i]; >+ >+ if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER) { >+ debug3("Channel %d %s:%d vs close msg %s:%d", >+ c->self, c->path, c->host_port, host, port); >+ if (strncmp(c->path, host, sizeof(c->path)) == 0 && >+ c->listening_port == port) { >+ debug2("%s: close clannel %d", __func__, i); >+ channel_free(c); >+ found = 1; >+ } >+ } >+ } >+ >+ return (found); >+} >+ > /* protocol local port fwd, used by ssh (and sshd in v1) */ > int > channel_setup_local_fwd_listener(u_short listen_port, >@@ -2295,6 +2318,42 @@ > } > > /* >+ * Request cancellation of remote forwarding of connection host:port from >+ * local side. >+ */ >+ >+void >+channel_request_rforward_cancel(u_short port) >+{ >+ int i; >+ const char *address_to_bind = "0.0.0.0"; >+ >+ if (!compat20) >+ return; >+ >+ for (i = 0; i < num_permitted_opens; i++) { >+ if (permitted_opens[i].host_to_connect != NULL && >+ permitted_opens[i].listen_port == port) >+ break; >+ } >+ if (i >= num_permitted_opens) { >+ debug("%s: requested forward not found", __func__); >+ return; >+ } >+ packet_start(SSH2_MSG_GLOBAL_REQUEST); >+ packet_put_cstring("cancel-tcpip-forward"); >+ packet_put_char(0); >+ packet_put_cstring(address_to_bind); >+ packet_put_int(port); >+ packet_send(); >+ >+ permitted_opens[i].listen_port = 0; >+ permitted_opens[i].port_to_connect = 0; >+ free(permitted_opens[i].host_to_connect); >+ permitted_opens[i].host_to_connect = NULL; >+} >+ >+/* > * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates > * listening for the port, and sends back a success reply (or disconnect > * message if there was an error). This never returns if there was an error. >@@ -2361,7 +2420,8 @@ > int i; > > for (i = 0; i < num_permitted_opens; i++) >- xfree(permitted_opens[i].host_to_connect); >+ if (permitted_opens[i].host_to_connect != NULL) >+ xfree(permitted_opens[i].host_to_connect); > num_permitted_opens = 0; > > } >@@ -2429,7 +2489,8 @@ > int i; > > for (i = 0; i < num_permitted_opens; i++) >- if (permitted_opens[i].listen_port == listen_port) >+ if (permitted_opens[i].host_to_connect != NULL && >+ permitted_opens[i].listen_port == listen_port) > return connect_to( > permitted_opens[i].host_to_connect, > permitted_opens[i].port_to_connect); >@@ -2447,7 +2508,8 @@ > permit = all_opens_permitted; > if (!permit) { > for (i = 0; i < num_permitted_opens; i++) >- if (permitted_opens[i].port_to_connect == port && >+ if (permitted_opens[i].host_to_connect != NULL && >+ permitted_opens[i].port_to_connect == port && > strcmp(permitted_opens[i].host_to_connect, host) == 0) > permit = 1; > >Index: channels.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/channels.h,v >retrieving revision 1.71 >diff -u -r1.71 channels.h >--- channels.h 23 Sep 2003 20:41:11 -0000 1.71 >+++ channels.h 30 Mar 2004 12:35:14 -0000 >@@ -199,8 +199,10 @@ > int channel_connect_to(const char *, u_short); > int channel_connect_by_listen_address(u_short); > void channel_request_remote_forwarding(u_short, const char *, u_short); >+void channel_request_rforward_cancel(u_short port); > int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); > int channel_setup_remote_fwd_listener(const char *, u_short, int); >+int channel_cancel_rport_listener(const char *, u_short); > > /* x11 forwarding */ > >Index: clientloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v >retrieving revision 1.117 >diff -u -r1.117 clientloop.c >--- clientloop.c 16 Dec 2003 15:49:51 -0000 1.117 >+++ clientloop.c 30 Mar 2004 12:35:14 -0000 >@@ -507,6 +507,7 @@ > char *s, *cmd; > u_short fwd_port, fwd_host_port; > char buf[1024], sfwd_port[6], sfwd_host_port[6]; >+ int delete = 0; > int local = 0; > > leave_raw_mode(); >@@ -516,44 +517,77 @@ > goto out; > while (*s && isspace(*s)) > s++; >+ if (*s == '-') >+ s++; /* Skip cmdline '-', if any */ > if (*s == 0) > goto out; >- if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) { >+ >+ if (*s == '?') { >+ logit("Commands:"); >+ logit(" -Lport:host:hostport Request local forward"); >+ logit(" -Rport:host:hostport Request remote forward"); >+ logit(" -KRhostport Cancel remote forward"); >+ goto out; >+ } >+ >+ if (*s == 'K') { >+ delete = 1; >+ s++; >+ } >+ if (*s != 'L' && *s != 'R') { > logit("Invalid command."); > goto out; > } >- if (s[1] == 'L') >+ if (*s == 'L') > local = 1; >- if (!local && !compat20) { >+ if (local && delete) { >+ logit("Not supported."); >+ goto out; >+ } >+ if ((!local || delete) && !compat20) { > logit("Not supported for SSH protocol version 1."); > goto out; > } >- s += 2; >+ >+ s++; > while (*s && isspace(*s)) > s++; > >- if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", >- sfwd_port, buf, sfwd_host_port) != 3 && >- sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", >- sfwd_port, buf, sfwd_host_port) != 3) { >- logit("Bad forwarding specification."); >- goto out; >- } >- if ((fwd_port = a2port(sfwd_port)) == 0 || >- (fwd_host_port = a2port(sfwd_host_port)) == 0) { >- logit("Bad forwarding port(s)."); >- goto out; >- } >- if (local) { >- if (channel_setup_local_fwd_listener(fwd_port, buf, >- fwd_host_port, options.gateway_ports) < 0) { >- logit("Port forwarding failed."); >+ if (delete) { >+ if (sscanf(s, "%5[0-9]", sfwd_host_port) != 1) { >+ logit("Bad forwarding specification."); > goto out; > } >- } else >- channel_request_remote_forwarding(fwd_port, buf, >- fwd_host_port); >- logit("Forwarding port."); >+ if ((fwd_host_port = a2port(sfwd_host_port)) == 0) { >+ logit("Bad forwarding port(s)."); >+ goto out; >+ } >+ channel_request_rforward_cancel(fwd_host_port); >+ } else { >+ if (sscanf(s, "%5[0-9]:%255[^:]:%5[0-9]", >+ sfwd_port, buf, sfwd_host_port) != 3 && >+ sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]", >+ sfwd_port, buf, sfwd_host_port) != 3) { >+ logit("Bad forwarding specification."); >+ goto out; >+ } >+ if ((fwd_port = a2port(sfwd_port)) == 0 || >+ (fwd_host_port = a2port(sfwd_host_port)) == 0) { >+ logit("Bad forwarding port(s)."); >+ goto out; >+ } >+ if (local) { >+ if (channel_setup_local_fwd_listener(fwd_port, buf, >+ fwd_host_port, options.gateway_ports) < 0) { >+ logit("Port forwarding failed."); >+ goto out; >+ } >+ } else >+ channel_request_remote_forwarding(fwd_port, buf, >+ fwd_host_port); >+ logit("Forwarding port."); >+ } >+ > out: > signal(SIGINT, handler); > enter_raw_mode(); >Index: serverloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/serverloop.c,v >retrieving revision 1.115 >diff -u -r1.115 serverloop.c >--- serverloop.c 19 Jan 2004 21:25:15 -0000 1.115 >+++ serverloop.c 30 Mar 2004 12:35:15 -0000 >@@ -986,6 +986,17 @@ > listen_address, listen_port, options.gateway_ports); > } > xfree(listen_address); >+ } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { >+ char *cancel_address; >+ u_short cancel_port; >+ >+ cancel_address = packet_get_string(NULL); >+ cancel_port = (u_short)packet_get_int(); >+ debug("server_input_global_request: cancel-tcpip-forward addr %s port %d", >+ cancel_address, cancel_port); >+ >+ success = channel_cancel_rport_listener(cancel_address, >+ cancel_port); > } > if (want_reply) { > packet_start(success ?
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=580">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 756
:
494
|
505
|
579
| 580