Mercurial > dropbear
annotate svr-tcpfwd.c @ 1853:2be3115a8762
debugging test runner authorized_keys perms
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 19 Oct 2021 13:45:59 +0800 |
parents | a7cc3332d8ab |
children | 1d86a58fb52d |
rev | line source |
---|---|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
1 /* |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
2 * Dropbear SSH |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
3 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
6 * All rights reserved. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
7 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
14 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
16 * all copies or substantial portions of the Software. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
17 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
24 * SOFTWARE. */ |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
25 |
62 | 26 #include "includes.h" |
27 #include "ssh.h" | |
64 | 28 #include "tcpfwd.h" |
62 | 29 #include "dbutil.h" |
30 #include "session.h" | |
31 #include "buffer.h" | |
32 #include "packet.h" | |
33 #include "listener.h" | |
34 #include "runopts.h" | |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
35 #include "auth.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
36 #include "netio.h" |
62 | 37 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1466
diff
changeset
|
38 #if !DROPBEAR_SVR_REMOTETCPFWD |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
39 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
40 /* This is better than SSH_MSG_UNIMPLEMENTED */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
41 void recv_msg_global_request_remotetcp() { |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
42 unsigned int wantreply = 0; |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
43 |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
44 TRACE(("recv_msg_global_request_remotetcp: remote tcp forwarding not compiled in")) |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
45 |
1789 | 46 buf_eatstring(ses.payload); |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
47 wantreply = buf_getbool(ses.payload); |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
48 if (wantreply) { |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
49 send_msg_request_failure(); |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
50 } |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
51 } |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
52 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
53 /* */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
54 #endif /* !DROPBEAR_SVR_REMOTETCPFWD */ |
62 | 55 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
56 static int svr_cancelremotetcp(void); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
57 static int svr_remotetcpreq(int *allocated_listen_port); |
64 | 58 static int newtcpdirect(struct Channel * channel); |
62 | 59 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
60 #if DROPBEAR_SVR_REMOTETCPFWD |
62 | 61 static const struct ChanType svr_chan_tcpremote = { |
62 "forwarded-tcpip", | |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
63 tcp_prio_inithandler, |
62 | 64 NULL, |
65 NULL, | |
1627
9b02c49bd396
add missing initializer (#71)
François Perrad <francois.perrad@gadz.org>
parents:
1625
diff
changeset
|
66 NULL, |
62 | 67 NULL |
68 }; | |
69 | |
70 /* At the moment this is completely used for tcp code (with the name reflecting | |
71 * that). If new request types are added, this should be replaced with code | |
72 * similar to the request-switching in chansession.c */ | |
73 void recv_msg_global_request_remotetcp() { | |
74 | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
75 char* reqname = NULL; |
62 | 76 unsigned int namelen; |
77 unsigned int wantreply = 0; | |
78 int ret = DROPBEAR_FAILURE; | |
79 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
80 TRACE(("enter recv_msg_global_request_remotetcp")) |
62 | 81 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
82 if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
83 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) |
62 | 84 goto out; |
85 } | |
86 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
87 reqname = buf_getstring(ses.payload, &namelen); |
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
88 wantreply = buf_getbool(ses.payload); |
62 | 89 |
267
7ce577234a10
* svr-tcpfwd.c: should be MAX_NAME_LEN not MAXNAMLEN
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
90 if (namelen > MAX_NAME_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
91 TRACE(("name len is wrong: %d", namelen)) |
62 | 92 goto out; |
93 } | |
94 | |
95 if (strcmp("tcpip-forward", reqname) == 0) { | |
1547 | 96 int allocated_listen_port = 0; |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
97 ret = svr_remotetcpreq(&allocated_listen_port); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
98 /* client expects-port-number-to-make-use-of-server-allocated-ports */ |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
99 if (DROPBEAR_SUCCESS == ret) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
100 CHECKCLEARTOWRITE(); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
101 buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
102 buf_putint(ses.writepayload, allocated_listen_port); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
103 encrypt_packet(); |
1541
bb55dffab5ba
don't log server listen ports
Matt Johnston <matt@ucc.asn.au>
parents:
1502
diff
changeset
|
104 wantreply = 0; /* avoid out: below sending another reply */ |
1502
73aa542e76fe
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1499
diff
changeset
|
105 } |
62 | 106 } else if (strcmp("cancel-tcpip-forward", reqname) == 0) { |
107 ret = svr_cancelremotetcp(); | |
108 } else { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
109 TRACE(("reqname isn't tcpip-forward: '%s'", reqname)) |
62 | 110 } |
111 | |
112 out: | |
113 if (wantreply) { | |
114 if (ret == DROPBEAR_SUCCESS) { | |
115 send_msg_request_success(); | |
116 } else { | |
117 send_msg_request_failure(); | |
118 } | |
119 } | |
120 | |
121 m_free(reqname); | |
122 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
123 TRACE(("leave recv_msg_global_request")) |
62 | 124 } |
125 | |
1460
58a74cb829b8
Pointer parameter could be declared as pointing to const (callback)
Francois Perrad <francois.perrad@gadz.org>
parents:
1342
diff
changeset
|
126 static int matchtcp(const void* typedata1, const void* typedata2) { |
62 | 127 |
128 const struct TCPListener *info1 = (struct TCPListener*)typedata1; | |
129 const struct TCPListener *info2 = (struct TCPListener*)typedata2; | |
130 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
131 return (info1->listenport == info2->listenport) |
62 | 132 && (info1->chantype == info2->chantype) |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
133 && (strcmp(info1->listenaddr, info2->listenaddr) == 0); |
62 | 134 } |
135 | |
136 static int svr_cancelremotetcp() { | |
137 | |
138 int ret = DROPBEAR_FAILURE; | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
139 char * bindaddr = NULL; |
62 | 140 unsigned int addrlen; |
141 unsigned int port; | |
142 struct Listener * listener = NULL; | |
143 struct TCPListener tcpinfo; | |
144 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
145 TRACE(("enter cancelremotetcp")) |
62 | 146 |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
147 bindaddr = buf_getstring(ses.payload, &addrlen); |
1815
5015c80808c5
Use MAX_HOST_LEN for TCP forwarding requests (#121)
ValdikSS <iam@valdikss.org.ru>
parents:
1789
diff
changeset
|
148 if (addrlen > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
149 TRACE(("addr len too long: %d", addrlen)) |
62 | 150 goto out; |
151 } | |
152 | |
153 port = buf_getint(ses.payload); | |
154 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
155 tcpinfo.sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
156 tcpinfo.sendport = 0; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
157 tcpinfo.listenaddr = bindaddr; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
158 tcpinfo.listenport = port; |
62 | 159 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp); |
160 if (listener) { | |
161 remove_listener( listener ); | |
162 ret = DROPBEAR_SUCCESS; | |
163 } | |
164 | |
165 out: | |
166 m_free(bindaddr); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
167 TRACE(("leave cancelremotetcp")) |
62 | 168 return ret; |
169 } | |
170 | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
171 static int svr_remotetcpreq(int *allocated_listen_port) { |
62 | 172 |
173 int ret = DROPBEAR_FAILURE; | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
174 char * request_addr = NULL; |
62 | 175 unsigned int addrlen; |
176 struct TCPListener *tcpinfo = NULL; | |
177 unsigned int port; | |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
178 struct Listener *listener = NULL; |
62 | 179 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
180 TRACE(("enter remotetcpreq")) |
62 | 181 |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
182 request_addr = buf_getstring(ses.payload, &addrlen); |
1815
5015c80808c5
Use MAX_HOST_LEN for TCP forwarding requests (#121)
ValdikSS <iam@valdikss.org.ru>
parents:
1789
diff
changeset
|
183 if (addrlen > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
184 TRACE(("addr len too long: %d", addrlen)) |
62 | 185 goto out; |
186 } | |
187 | |
188 port = buf_getint(ses.payload); | |
189 | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
190 if (port != 0) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
191 if (port < 1 || port > 65535) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
192 TRACE(("invalid port: %d", port)) |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
193 goto out; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
194 } |
62 | 195 |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
196 if (!ses.allowprivport && port < IPPORT_RESERVED) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
197 TRACE(("can't assign port < 1024 for non-root")) |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
198 goto out; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
199 } |
62 | 200 } |
201 | |
202 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
203 tcpinfo->sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
204 tcpinfo->sendport = 0; |
64 | 205 tcpinfo->listenport = port; |
62 | 206 tcpinfo->chantype = &svr_chan_tcpremote; |
259
c049490e43fe
* fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
207 tcpinfo->tcp_type = forwarded; |
62 | 208 |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
209 tcpinfo->request_listenaddr = request_addr; |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
210 if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) { |
1250 | 211 /* NULL means "localhost only" */ |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
212 tcpinfo->listenaddr = NULL; |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
213 } |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
214 else |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
215 { |
1334
c8114a48837c
listenaddr must be malloced
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
216 tcpinfo->listenaddr = m_strdup(request_addr); |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
217 } |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
218 |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
219 ret = listen_tcpfwd(tcpinfo, &listener); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
220 if (DROPBEAR_SUCCESS == ret) { |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
221 tcpinfo->listenport = get_sock_port(listener->socks[0]); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
222 *allocated_listen_port = tcpinfo->listenport; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
223 } |
62 | 224 |
225 out: | |
226 if (ret == DROPBEAR_FAILURE) { | |
227 /* we only free it if a listener wasn't created, since the listener | |
228 * has to remember it if it's to be cancelled */ | |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
229 m_free(request_addr); |
62 | 230 m_free(tcpinfo); |
231 } | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
232 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
233 TRACE(("leave remotetcpreq")) |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
234 |
62 | 235 return ret; |
236 } | |
64 | 237 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
238 #endif /* DROPBEAR_SVR_REMOTETCPFWD */ |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
239 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
240 #if DROPBEAR_SVR_LOCALTCPFWD |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
241 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
242 const struct ChanType svr_chan_tcpdirect = { |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
243 "direct-tcpip", |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
244 newtcpdirect, /* init */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
245 NULL, /* checkclose */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
246 NULL, /* reqhandler */ |
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
247 NULL, /* closehandler */ |
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
248 NULL /* cleanup */ |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
249 }; |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
250 |
64 | 251 /* Called upon creating a new direct tcp channel (ie we connect out to an |
252 * address */ | |
253 static int newtcpdirect(struct Channel * channel) { | |
254 | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
255 char* desthost = NULL; |
64 | 256 unsigned int destport; |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
257 char* orighost = NULL; |
64 | 258 unsigned int origport; |
259 char portstring[NI_MAXSERV]; | |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1032
diff
changeset
|
260 unsigned int len; |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
261 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
64 | 262 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
263 TRACE(("newtcpdirect channel %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
264 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
265 if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
266 TRACE(("leave newtcpdirect: local tcp forwarding disabled")) |
64 | 267 goto out; |
268 } | |
269 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
270 desthost = buf_getstring(ses.payload, &len); |
64 | 271 if (len > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
272 TRACE(("leave newtcpdirect: desthost too long")) |
64 | 273 goto out; |
274 } | |
275 | |
276 destport = buf_getint(ses.payload); | |
277 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
278 orighost = buf_getstring(ses.payload, &len); |
64 | 279 if (len > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
280 TRACE(("leave newtcpdirect: orighost too long")) |
64 | 281 goto out; |
282 } | |
283 | |
284 origport = buf_getint(ses.payload); | |
285 | |
286 /* best be sure */ | |
287 if (origport > 65535 || destport > 65535) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
288 TRACE(("leave newtcpdirect: port > 65535")) |
64 | 289 goto out; |
290 } | |
291 | |
1785
9026f976eee8
fuzz: work around fuzz_connect_remote() limitations
Matt Johnston <matt@ucc.asn.au>
parents:
1627
diff
changeset
|
292 channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE; |
9026f976eee8
fuzz: work around fuzz_connect_remote() limitations
Matt Johnston <matt@ucc.asn.au>
parents:
1627
diff
changeset
|
293 |
1237
888e3d17e962
Fix print format specifier
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1122
diff
changeset
|
294 snprintf(portstring, sizeof(portstring), "%u", destport); |
1466
f787f60f8e45
bind to port as well with -b
Matt Johnston <matt@ucc.asn.au>
parents:
1465
diff
changeset
|
295 channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done, channel, NULL, NULL); |
64 | 296 |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
297 err = SSH_OPEN_IN_PROGRESS; |
64 | 298 |
299 out: | |
300 m_free(desthost); | |
301 m_free(orighost); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
302 TRACE(("leave newtcpdirect: err %d", err)) |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
303 return err; |
64 | 304 } |
305 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
306 #endif /* DROPBEAR_SVR_LOCALTCPFWD */ |