Mercurial > dropbear
annotate svr-tcpfwd.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | 1d86a58fb52d |
children |
rev | line source |
---|---|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
1 /* |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
2 * Dropbear SSH |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
3 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
6 * All rights reserved. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
7 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
14 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
16 * all copies or substantial portions of the Software. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
17 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
24 * SOFTWARE. */ |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
25 |
62 | 26 #include "includes.h" |
27 #include "ssh.h" | |
64 | 28 #include "tcpfwd.h" |
62 | 29 #include "dbutil.h" |
30 #include "session.h" | |
31 #include "buffer.h" | |
32 #include "packet.h" | |
33 #include "listener.h" | |
34 #include "runopts.h" | |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
35 #include "auth.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1025
diff
changeset
|
36 #include "netio.h" |
62 | 37 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1466
diff
changeset
|
38 #if !DROPBEAR_SVR_REMOTETCPFWD |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
39 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
40 /* This is better than SSH_MSG_UNIMPLEMENTED */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
41 void recv_msg_global_request_remotetcp() { |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
42 unsigned int wantreply = 0; |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
43 |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
44 TRACE(("recv_msg_global_request_remotetcp: remote tcp forwarding not compiled in")) |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
45 |
1789 | 46 buf_eatstring(ses.payload); |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
47 wantreply = buf_getbool(ses.payload); |
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
48 if (wantreply) { |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
49 send_msg_request_failure(); |
1788
1fc0012b9c38
Fix handling of replies to global requests (#112)
Dirkjan Bussink <d.bussink@gmail.com>
parents:
1785
diff
changeset
|
50 } |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
51 } |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
52 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
53 /* */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
54 #endif /* !DROPBEAR_SVR_REMOTETCPFWD */ |
62 | 55 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1251
diff
changeset
|
56 static int svr_cancelremotetcp(void); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
57 static int svr_remotetcpreq(int *allocated_listen_port); |
64 | 58 static int newtcpdirect(struct Channel * channel); |
62 | 59 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
60 #if DROPBEAR_SVR_REMOTETCPFWD |
62 | 61 static const struct ChanType svr_chan_tcpremote = { |
62 "forwarded-tcpip", | |
1859
1d86a58fb52d
Leave non-interactive at default QoS class
Matt Johnston <matt@ucc.asn.au>
parents:
1829
diff
changeset
|
63 NULL, |
62 | 64 NULL, |
65 NULL, | |
1627
9b02c49bd396
add missing initializer (#71)
François Perrad <francois.perrad@gadz.org>
parents:
1625
diff
changeset
|
66 NULL, |
62 | 67 NULL |
68 }; | |
69 | |
70 /* At the moment this is completely used for tcp code (with the name reflecting | |
71 * that). If new request types are added, this should be replaced with code | |
72 * similar to the request-switching in chansession.c */ | |
73 void recv_msg_global_request_remotetcp() { | |
74 | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
75 char* reqname = NULL; |
62 | 76 unsigned int namelen; |
77 unsigned int wantreply = 0; | |
78 int ret = DROPBEAR_FAILURE; | |
79 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
80 TRACE(("enter recv_msg_global_request_remotetcp")) |
62 | 81 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
82 if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
83 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) |
62 | 84 goto out; |
85 } | |
86 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
87 reqname = buf_getstring(ses.payload, &namelen); |
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
88 wantreply = buf_getbool(ses.payload); |
62 | 89 |
267
7ce577234a10
* svr-tcpfwd.c: should be MAX_NAME_LEN not MAXNAMLEN
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
90 if (namelen > MAX_NAME_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
91 TRACE(("name len is wrong: %d", namelen)) |
62 | 92 goto out; |
93 } | |
94 | |
95 if (strcmp("tcpip-forward", reqname) == 0) { | |
1547 | 96 int allocated_listen_port = 0; |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
97 ret = svr_remotetcpreq(&allocated_listen_port); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
98 /* client expects-port-number-to-make-use-of-server-allocated-ports */ |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
99 if (DROPBEAR_SUCCESS == ret) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
100 CHECKCLEARTOWRITE(); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
101 buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
102 buf_putint(ses.writepayload, allocated_listen_port); |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
103 encrypt_packet(); |
1541
bb55dffab5ba
don't log server listen ports
Matt Johnston <matt@ucc.asn.au>
parents:
1502
diff
changeset
|
104 wantreply = 0; /* avoid out: below sending another reply */ |
1502
73aa542e76fe
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1499
diff
changeset
|
105 } |
62 | 106 } else if (strcmp("cancel-tcpip-forward", reqname) == 0) { |
107 ret = svr_cancelremotetcp(); | |
108 } else { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
109 TRACE(("reqname isn't tcpip-forward: '%s'", reqname)) |
62 | 110 } |
111 | |
112 out: | |
113 if (wantreply) { | |
114 if (ret == DROPBEAR_SUCCESS) { | |
115 send_msg_request_success(); | |
116 } else { | |
117 send_msg_request_failure(); | |
118 } | |
119 } | |
120 | |
121 m_free(reqname); | |
122 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
123 TRACE(("leave recv_msg_global_request")) |
62 | 124 } |
125 | |
1460
58a74cb829b8
Pointer parameter could be declared as pointing to const (callback)
Francois Perrad <francois.perrad@gadz.org>
parents:
1342
diff
changeset
|
126 static int matchtcp(const void* typedata1, const void* typedata2) { |
62 | 127 |
128 const struct TCPListener *info1 = (struct TCPListener*)typedata1; | |
129 const struct TCPListener *info2 = (struct TCPListener*)typedata2; | |
130 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
131 return (info1->listenport == info2->listenport) |
62 | 132 && (info1->chantype == info2->chantype) |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
133 && (strcmp(info1->listenaddr, info2->listenaddr) == 0); |
62 | 134 } |
135 | |
136 static int svr_cancelremotetcp() { | |
137 | |
138 int ret = DROPBEAR_FAILURE; | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
139 char * bindaddr = NULL; |
62 | 140 unsigned int addrlen; |
141 unsigned int port; | |
142 struct Listener * listener = NULL; | |
143 struct TCPListener tcpinfo; | |
144 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
145 TRACE(("enter cancelremotetcp")) |
62 | 146 |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
147 bindaddr = buf_getstring(ses.payload, &addrlen); |
1815
5015c80808c5
Use MAX_HOST_LEN for TCP forwarding requests (#121)
ValdikSS <iam@valdikss.org.ru>
parents:
1789
diff
changeset
|
148 if (addrlen > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
149 TRACE(("addr len too long: %d", addrlen)) |
62 | 150 goto out; |
151 } | |
152 | |
153 port = buf_getint(ses.payload); | |
154 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
155 tcpinfo.sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
156 tcpinfo.sendport = 0; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
157 tcpinfo.listenaddr = bindaddr; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
158 tcpinfo.listenport = port; |
62 | 159 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp); |
160 if (listener) { | |
161 remove_listener( listener ); | |
162 ret = DROPBEAR_SUCCESS; | |
163 } | |
164 | |
165 out: | |
166 m_free(bindaddr); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
167 TRACE(("leave cancelremotetcp")) |
62 | 168 return ret; |
169 } | |
170 | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
171 static int svr_remotetcpreq(int *allocated_listen_port) { |
62 | 172 |
173 int ret = DROPBEAR_FAILURE; | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
174 char * request_addr = NULL; |
62 | 175 unsigned int addrlen; |
176 struct TCPListener *tcpinfo = NULL; | |
177 unsigned int port; | |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
178 struct Listener *listener = NULL; |
62 | 179 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
180 TRACE(("enter remotetcpreq")) |
62 | 181 |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
182 request_addr = buf_getstring(ses.payload, &addrlen); |
1815
5015c80808c5
Use MAX_HOST_LEN for TCP forwarding requests (#121)
ValdikSS <iam@valdikss.org.ru>
parents:
1789
diff
changeset
|
183 if (addrlen > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
184 TRACE(("addr len too long: %d", addrlen)) |
62 | 185 goto out; |
186 } | |
187 | |
188 port = buf_getint(ses.payload); | |
189 | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
190 if (port != 0) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
191 if (port < 1 || port > 65535) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
192 TRACE(("invalid port: %d", port)) |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
193 goto out; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
194 } |
62 | 195 |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
196 if (!ses.allowprivport && port < IPPORT_RESERVED) { |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
197 TRACE(("can't assign port < 1024 for non-root")) |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
198 goto out; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
199 } |
62 | 200 } |
201 | |
202 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
203 tcpinfo->sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
204 tcpinfo->sendport = 0; |
64 | 205 tcpinfo->listenport = port; |
62 | 206 tcpinfo->chantype = &svr_chan_tcpremote; |
259
c049490e43fe
* fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
207 tcpinfo->tcp_type = forwarded; |
62 | 208 |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
209 tcpinfo->request_listenaddr = request_addr; |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
210 if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) { |
1250 | 211 /* NULL means "localhost only" */ |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
212 tcpinfo->listenaddr = NULL; |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
213 } |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
214 else |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
215 { |
1334
c8114a48837c
listenaddr must be malloced
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
216 tcpinfo->listenaddr = m_strdup(request_addr); |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
217 } |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
218 |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
219 ret = listen_tcpfwd(tcpinfo, &listener); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
220 if (DROPBEAR_SUCCESS == ret) { |
1620
572a7aefa188
FIx remote forward listeners
Matt Johnston <matt@ucc.asn.au>
parents:
1547
diff
changeset
|
221 tcpinfo->listenport = get_sock_port(listener->socks[0]); |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
222 *allocated_listen_port = tcpinfo->listenport; |
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
223 } |
62 | 224 |
225 out: | |
226 if (ret == DROPBEAR_FAILURE) { | |
227 /* we only free it if a listener wasn't created, since the listener | |
228 * has to remember it if it's to be cancelled */ | |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
229 m_free(request_addr); |
62 | 230 m_free(tcpinfo); |
231 } | |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
232 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
233 TRACE(("leave remotetcpreq")) |
1464
ad637c9e0f6f
Server chosen tcpfwd ports (#43)
houseofkodai <karthik@houseofkodai.in>
parents:
1460
diff
changeset
|
234 |
62 | 235 return ret; |
236 } | |
64 | 237 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
238 #endif /* DROPBEAR_SVR_REMOTETCPFWD */ |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
239 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
240 #if DROPBEAR_SVR_LOCALTCPFWD |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
241 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
242 const struct ChanType svr_chan_tcpdirect = { |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
243 "direct-tcpip", |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
244 newtcpdirect, /* init */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
245 NULL, /* checkclose */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
246 NULL, /* reqhandler */ |
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
247 NULL, /* closehandler */ |
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1620
diff
changeset
|
248 NULL /* cleanup */ |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
249 }; |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
250 |
64 | 251 /* Called upon creating a new direct tcp channel (ie we connect out to an |
252 * address */ | |
253 static int newtcpdirect(struct Channel * channel) { | |
254 | |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
255 char* desthost = NULL; |
64 | 256 unsigned int destport; |
1114
db7963049308
Turn many local variables into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
257 char* orighost = NULL; |
64 | 258 unsigned int origport; |
259 char portstring[NI_MAXSERV]; | |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1032
diff
changeset
|
260 unsigned int len; |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
261 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
64 | 262 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
263 TRACE(("newtcpdirect channel %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
264 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
265 if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
266 TRACE(("leave newtcpdirect: local tcp forwarding disabled")) |
64 | 267 goto out; |
268 } | |
269 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
270 desthost = buf_getstring(ses.payload, &len); |
64 | 271 if (len > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
272 TRACE(("leave newtcpdirect: desthost too long")) |
64 | 273 goto out; |
274 } | |
275 | |
276 destport = buf_getint(ses.payload); | |
277 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1114
diff
changeset
|
278 orighost = buf_getstring(ses.payload, &len); |
64 | 279 if (len > MAX_HOST_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
280 TRACE(("leave newtcpdirect: orighost too long")) |
64 | 281 goto out; |
282 } | |
283 | |
284 origport = buf_getint(ses.payload); | |
285 | |
286 /* best be sure */ | |
287 if (origport > 65535 || destport > 65535) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
288 TRACE(("leave newtcpdirect: port > 65535")) |
64 | 289 goto out; |
290 } | |
291 | |
1859
1d86a58fb52d
Leave non-interactive at default QoS class
Matt Johnston <matt@ucc.asn.au>
parents:
1829
diff
changeset
|
292 snprintf(portstring, sizeof(portstring), "%u", destport); |
1d86a58fb52d
Leave non-interactive at default QoS class
Matt Johnston <matt@ucc.asn.au>
parents:
1829
diff
changeset
|
293 channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done, |
1d86a58fb52d
Leave non-interactive at default QoS class
Matt Johnston <matt@ucc.asn.au>
parents:
1829
diff
changeset
|
294 channel, NULL, NULL, DROPBEAR_PRIO_NORMAL); |
1785
9026f976eee8
fuzz: work around fuzz_connect_remote() limitations
Matt Johnston <matt@ucc.asn.au>
parents:
1627
diff
changeset
|
295 |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
296 err = SSH_OPEN_IN_PROGRESS; |
64 | 297 |
298 out: | |
299 m_free(desthost); | |
300 m_free(orighost); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
301 TRACE(("leave newtcpdirect: err %d", err)) |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
302 return err; |
64 | 303 } |
304 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
305 #endif /* DROPBEAR_SVR_LOCALTCPFWD */ |