annotate svr-tcpfwd.c @ 808:d7784616409a

improve auth failure delays to avoid indicating which users exist
author Matt Johnston <matt@ucc.asn.au>
date Sun, 26 May 2013 18:39:24 +0800
parents dfdb9d9189ff
children c19acba28590
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 70
diff changeset
25
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "ssh.h"
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
28 #include "tcpfwd.h"
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "session.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "buffer.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "packet.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "listener.h"
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "runopts.h"
475
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents: 410
diff changeset
35 #include "auth.h"
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36
673
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
37 static void send_msg_request_failure();
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
38
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
39 static void send_msg_request_failure() {
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
40 CHECKCLEARTOWRITE();
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
41 buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE);
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
42 encrypt_packet();
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
43 }
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
44
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
45 #ifndef ENABLE_SVR_REMOTETCPFWD
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
46
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
47 /* This is better than SSH_MSG_UNIMPLEMENTED */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
48 void recv_msg_global_request_remotetcp() {
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
49 TRACE(("recv_msg_global_request_remotetcp: remote tcp forwarding not compiled in"))
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
50 send_msg_request_failure();
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
51 }
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
52
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
53 /* */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
54 #endif /* !ENABLE_SVR_REMOTETCPFWD */
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 static void send_msg_request_success();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 static int svr_cancelremotetcp();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 static int svr_remotetcpreq();
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
59 static int newtcpdirect(struct Channel * channel);
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60
673
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
61 #ifdef ENABLE_SVR_REMOTETCPFWD
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 static const struct ChanType svr_chan_tcpremote = {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 1, /* sepfds */
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 "forwarded-tcpip",
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 NULL,
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 NULL,
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 NULL,
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 NULL
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 };
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 /* At the moment this is completely used for tcp code (with the name reflecting
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 * that). If new request types are added, this should be replaced with code
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 * similar to the request-switching in chansession.c */
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 void recv_msg_global_request_remotetcp() {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 unsigned char* reqname = NULL;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 unsigned int namelen;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 unsigned int wantreply = 0;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 int ret = DROPBEAR_FAILURE;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
81 TRACE(("enter recv_msg_global_request_remotetcp"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82
475
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents: 410
diff changeset
83 if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
84 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 reqname = buf_getstring(ses.payload, &namelen);
179
161557a9dde8 * fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
89 wantreply = buf_getbool(ses.payload);
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90
267
7ce577234a10 * svr-tcpfwd.c: should be MAX_NAME_LEN not MAXNAMLEN
Matt Johnston <matt@ucc.asn.au>
parents: 259
diff changeset
91 if (namelen > MAX_NAME_LEN) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
92 TRACE(("name len is wrong: %d", namelen))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
95
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
96 if (strcmp("tcpip-forward", reqname) == 0) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 ret = svr_remotetcpreq();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 } else if (strcmp("cancel-tcpip-forward", reqname) == 0) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 ret = svr_cancelremotetcp();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 } else {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
101 TRACE(("reqname isn't tcpip-forward: '%s'", reqname))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104 out:
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 if (wantreply) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 if (ret == DROPBEAR_SUCCESS) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 send_msg_request_success();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 } else {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 send_msg_request_failure();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 m_free(reqname);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
115 TRACE(("leave recv_msg_global_request"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 static void send_msg_request_success() {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121 CHECKCLEARTOWRITE();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 encrypt_packet();
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127 static int matchtcp(void* typedata1, void* typedata2) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129 const struct TCPListener *info1 = (struct TCPListener*)typedata1;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 const struct TCPListener *info2 = (struct TCPListener*)typedata2;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
132 return (info1->listenport == info2->listenport)
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 && (info1->chantype == info2->chantype)
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
134 && (strcmp(info1->listenaddr, info2->listenaddr) == 0);
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137 static int svr_cancelremotetcp() {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 int ret = DROPBEAR_FAILURE;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 unsigned char * bindaddr = NULL;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 unsigned int addrlen;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 unsigned int port;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 struct Listener * listener = NULL;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 struct TCPListener tcpinfo;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
146 TRACE(("enter cancelremotetcp"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 bindaddr = buf_getstring(ses.payload, &addrlen);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 if (addrlen > MAX_IP_LEN) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
150 TRACE(("addr len too long: %d", addrlen))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 port = buf_getint(ses.payload);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
156 tcpinfo.sendaddr = NULL;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
157 tcpinfo.sendport = 0;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
158 tcpinfo.listenaddr = bindaddr;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
159 tcpinfo.listenport = port;
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161 if (listener) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 remove_listener( listener );
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 ret = DROPBEAR_SUCCESS;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166 out:
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
167 m_free(bindaddr);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
168 TRACE(("leave cancelremotetcp"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 return ret;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172 static int svr_remotetcpreq() {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 int ret = DROPBEAR_FAILURE;
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
175 unsigned char * request_addr = NULL;
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 unsigned int addrlen;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 struct TCPListener *tcpinfo = NULL;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 unsigned int port;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
180 TRACE(("enter remotetcpreq"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
182 request_addr = buf_getstring(ses.payload, &addrlen);
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183 if (addrlen > MAX_IP_LEN) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
184 TRACE(("addr len too long: %d", addrlen))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 port = buf_getint(ses.payload);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 if (port == 0) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191 dropbear_log(LOG_INFO, "Server chosen tcpfwd ports are unsupported");
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 if (port < 1 || port > 65535) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
196 TRACE(("invalid port: %d", port))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200 if (!ses.allowprivport && port < IPPORT_RESERVED) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
201 TRACE(("can't assign port < 1024 for non-root"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202 goto out;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 }
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener));
258
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
206 tcpinfo->sendaddr = NULL;
306499676384 * add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents: 253
diff changeset
207 tcpinfo->sendport = 0;
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
208 tcpinfo->listenport = port;
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 tcpinfo->chantype = &svr_chan_tcpremote;
259
c049490e43fe * fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
210 tcpinfo->tcp_type = forwarded;
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
212 tcpinfo->request_listenaddr = request_addr;
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
213 if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) {
577
69e98c45db7c - Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents: 475
diff changeset
214 // NULL means "localhost only"
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
215 tcpinfo->listenaddr = NULL;
577
69e98c45db7c - Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents: 475
diff changeset
216 }
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
217 else
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
218 {
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
219 tcpinfo->listenaddr = request_addr;
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
220 }
577
69e98c45db7c - Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents: 475
diff changeset
221
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 ret = listen_tcpfwd(tcpinfo);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 out:
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 if (ret == DROPBEAR_FAILURE) {
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 /* we only free it if a listener wasn't created, since the listener
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 * has to remember it if it's to be cancelled */
675
dfdb9d9189ff Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents: 673
diff changeset
228 m_free(request_addr);
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 m_free(tcpinfo);
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 }
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
231 TRACE(("leave remotetcpreq"))
62
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 return ret;
20563735e8b5 just checkpointing
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233 }
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
234
673
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
235 #endif /* ENABLE_SVR_REMOTETCPFWD */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
236
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
237 #ifdef ENABLE_SVR_LOCALTCPFWD
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
238
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
239 const struct ChanType svr_chan_tcpdirect = {
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
240 1, /* sepfds */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
241 "direct-tcpip",
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
242 newtcpdirect, /* init */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
243 NULL, /* checkclose */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
244 NULL, /* reqhandler */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
245 NULL /* closehandler */
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
246 };
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
247
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
248 /* Called upon creating a new direct tcp channel (ie we connect out to an
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
249 * address */
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
250 static int newtcpdirect(struct Channel * channel) {
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
251
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
252 unsigned char* desthost = NULL;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
253 unsigned int destport;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
254 unsigned char* orighost = NULL;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
255 unsigned int origport;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
256 char portstring[NI_MAXSERV];
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
257 int sock;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
258 int len;
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 64
diff changeset
259 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED;
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
260
475
52a644e7b8e1 * Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents: 410
diff changeset
261 if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
262 TRACE(("leave newtcpdirect: local tcp forwarding disabled"))
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
263 goto out;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
264 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
265
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
266 desthost = buf_getstring(ses.payload, &len);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
267 if (len > MAX_HOST_LEN) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
268 TRACE(("leave newtcpdirect: desthost too long"))
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
269 goto out;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
270 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
271
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
272 destport = buf_getint(ses.payload);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
273
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
274 orighost = buf_getstring(ses.payload, &len);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
275 if (len > MAX_HOST_LEN) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
276 TRACE(("leave newtcpdirect: orighost too long"))
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
277 goto out;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
278 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
279
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
280 origport = buf_getint(ses.payload);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
281
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
282 /* best be sure */
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
283 if (origport > 65535 || destport > 65535) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
284 TRACE(("leave newtcpdirect: port > 65535"))
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
285 goto out;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
286 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
287
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
288 snprintf(portstring, sizeof(portstring), "%d", destport);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
289 sock = connect_remote(desthost, portstring, 1, NULL);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
290 if (sock < 0) {
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 64
diff changeset
291 err = SSH_OPEN_CONNECT_FAILED;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
292 TRACE(("leave newtcpdirect: sock failed"))
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
293 goto out;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
294 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
295
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
296 ses.maxfd = MAX(ses.maxfd, sock);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
297
253
84925eceeb13 * rename infd/outfd to writefd/readfd, to avoid confusion
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
298 /* We don't set readfd, that will get set after the connection's
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
299 * progress succeeds */
253
84925eceeb13 * rename infd/outfd to writefd/readfd, to avoid confusion
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
300 channel->writefd = sock;
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
301 channel->initconn = 1;
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
302
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 64
diff changeset
303 err = SSH_OPEN_IN_PROGRESS;
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
304
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
305 out:
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
306 m_free(desthost);
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
307 m_free(orighost);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 156
diff changeset
308 TRACE(("leave newtcpdirect: err %d", err))
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 64
diff changeset
309 return err;
64
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
310 }
efb5e0b335cf TCP forwarding works.
Matt Johnston <matt@ucc.asn.au>
parents: 63
diff changeset
311
673
c519b78b6d1a - Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents: 620
diff changeset
312 #endif /* ENABLE_SVR_LOCALTCPFWD */