Mercurial > dropbear
annotate svr-tcpfwd.c @ 1012:ffd2359564b0
twofish ctr modes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 04 Feb 2015 22:12:06 +0800 |
parents | 5daedffd0769 |
children | 4121ca987e6a |
rev | line source |
---|---|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
1 /* |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
2 * Dropbear SSH |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
3 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
6 * All rights reserved. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
7 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
14 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
16 * all copies or substantial portions of the Software. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
17 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
24 * SOFTWARE. */ |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
70
diff
changeset
|
25 |
62 | 26 #include "includes.h" |
27 #include "ssh.h" | |
64 | 28 #include "tcpfwd.h" |
62 | 29 #include "dbutil.h" |
30 #include "session.h" | |
31 #include "buffer.h" | |
32 #include "packet.h" | |
33 #include "listener.h" | |
34 #include "runopts.h" | |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
35 #include "auth.h" |
62 | 36 |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
37 #ifndef ENABLE_SVR_REMOTETCPFWD |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
38 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
39 /* This is better than SSH_MSG_UNIMPLEMENTED */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
40 void recv_msg_global_request_remotetcp() { |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
41 TRACE(("recv_msg_global_request_remotetcp: remote tcp forwarding not compiled in")) |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
42 send_msg_request_failure(); |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
43 } |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
44 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
45 /* */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
46 #endif /* !ENABLE_SVR_REMOTETCPFWD */ |
62 | 47 |
48 static int svr_cancelremotetcp(); | |
49 static int svr_remotetcpreq(); | |
64 | 50 static int newtcpdirect(struct Channel * channel); |
62 | 51 |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
52 #ifdef ENABLE_SVR_REMOTETCPFWD |
62 | 53 static const struct ChanType svr_chan_tcpremote = { |
54 1, /* sepfds */ | |
55 "forwarded-tcpip", | |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
56 tcp_prio_inithandler, |
62 | 57 NULL, |
58 NULL, | |
59 NULL | |
60 }; | |
61 | |
62 /* At the moment this is completely used for tcp code (with the name reflecting | |
63 * that). If new request types are added, this should be replaced with code | |
64 * similar to the request-switching in chansession.c */ | |
65 void recv_msg_global_request_remotetcp() { | |
66 | |
67 unsigned char* reqname = NULL; | |
68 unsigned int namelen; | |
69 unsigned int wantreply = 0; | |
70 int ret = DROPBEAR_FAILURE; | |
71 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
72 TRACE(("enter recv_msg_global_request_remotetcp")) |
62 | 73 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
74 if (svr_opts.noremotetcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
75 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) |
62 | 76 goto out; |
77 } | |
78 | |
79 reqname = buf_getstring(ses.payload, &namelen); | |
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
80 wantreply = buf_getbool(ses.payload); |
62 | 81 |
267
7ce577234a10
* svr-tcpfwd.c: should be MAX_NAME_LEN not MAXNAMLEN
Matt Johnston <matt@ucc.asn.au>
parents:
259
diff
changeset
|
82 if (namelen > MAX_NAME_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
83 TRACE(("name len is wrong: %d", namelen)) |
62 | 84 goto out; |
85 } | |
86 | |
87 if (strcmp("tcpip-forward", reqname) == 0) { | |
88 ret = svr_remotetcpreq(); | |
89 } else if (strcmp("cancel-tcpip-forward", reqname) == 0) { | |
90 ret = svr_cancelremotetcp(); | |
91 } else { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
92 TRACE(("reqname isn't tcpip-forward: '%s'", reqname)) |
62 | 93 } |
94 | |
95 out: | |
96 if (wantreply) { | |
97 if (ret == DROPBEAR_SUCCESS) { | |
98 send_msg_request_success(); | |
99 } else { | |
100 send_msg_request_failure(); | |
101 } | |
102 } | |
103 | |
104 m_free(reqname); | |
105 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
106 TRACE(("leave recv_msg_global_request")) |
62 | 107 } |
108 | |
109 static int matchtcp(void* typedata1, void* typedata2) { | |
110 | |
111 const struct TCPListener *info1 = (struct TCPListener*)typedata1; | |
112 const struct TCPListener *info2 = (struct TCPListener*)typedata2; | |
113 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
114 return (info1->listenport == info2->listenport) |
62 | 115 && (info1->chantype == info2->chantype) |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
116 && (strcmp(info1->listenaddr, info2->listenaddr) == 0); |
62 | 117 } |
118 | |
119 static int svr_cancelremotetcp() { | |
120 | |
121 int ret = DROPBEAR_FAILURE; | |
122 unsigned char * bindaddr = NULL; | |
123 unsigned int addrlen; | |
124 unsigned int port; | |
125 struct Listener * listener = NULL; | |
126 struct TCPListener tcpinfo; | |
127 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
128 TRACE(("enter cancelremotetcp")) |
62 | 129 |
130 bindaddr = buf_getstring(ses.payload, &addrlen); | |
131 if (addrlen > MAX_IP_LEN) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
132 TRACE(("addr len too long: %d", addrlen)) |
62 | 133 goto out; |
134 } | |
135 | |
136 port = buf_getint(ses.payload); | |
137 | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
138 tcpinfo.sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
139 tcpinfo.sendport = 0; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
140 tcpinfo.listenaddr = bindaddr; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
141 tcpinfo.listenport = port; |
62 | 142 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp); |
143 if (listener) { | |
144 remove_listener( listener ); | |
145 ret = DROPBEAR_SUCCESS; | |
146 } | |
147 | |
148 out: | |
149 m_free(bindaddr); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
150 TRACE(("leave cancelremotetcp")) |
62 | 151 return ret; |
152 } | |
153 | |
154 static int svr_remotetcpreq() { | |
155 | |
156 int ret = DROPBEAR_FAILURE; | |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
157 unsigned char * request_addr = NULL; |
62 | 158 unsigned int addrlen; |
159 struct TCPListener *tcpinfo = NULL; | |
160 unsigned int port; | |
161 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
162 TRACE(("enter remotetcpreq")) |
62 | 163 |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
164 request_addr = buf_getstring(ses.payload, &addrlen); |
62 | 165 if (addrlen > MAX_IP_LEN) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
166 TRACE(("addr len too long: %d", addrlen)) |
62 | 167 goto out; |
168 } | |
169 | |
170 port = buf_getint(ses.payload); | |
171 | |
172 if (port == 0) { | |
173 dropbear_log(LOG_INFO, "Server chosen tcpfwd ports are unsupported"); | |
174 goto out; | |
175 } | |
176 | |
177 if (port < 1 || port > 65535) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
178 TRACE(("invalid port: %d", port)) |
62 | 179 goto out; |
180 } | |
181 | |
182 if (!ses.allowprivport && port < IPPORT_RESERVED) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
183 TRACE(("can't assign port < 1024 for non-root")) |
62 | 184 goto out; |
185 } | |
186 | |
187 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); | |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
188 tcpinfo->sendaddr = NULL; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
253
diff
changeset
|
189 tcpinfo->sendport = 0; |
64 | 190 tcpinfo->listenport = port; |
62 | 191 tcpinfo->chantype = &svr_chan_tcpremote; |
259
c049490e43fe
* fix -L forwarding on the client, broke last rev
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
192 tcpinfo->tcp_type = forwarded; |
62 | 193 |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
194 tcpinfo->request_listenaddr = request_addr; |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
195 if (!opts.listen_fwd_all || (strcmp(request_addr, "localhost") == 0) ) { |
857 | 196 /* NULL means "localhost only" */ |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
197 tcpinfo->listenaddr = NULL; |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
198 } |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
199 else |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
200 { |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
201 tcpinfo->listenaddr = request_addr; |
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
202 } |
577
69e98c45db7c
- Progress for allowing specifying a listenaddr for tcp forwards
Matt Johnston <matt@ucc.asn.au>
parents:
475
diff
changeset
|
203 |
62 | 204 ret = listen_tcpfwd(tcpinfo); |
205 | |
206 out: | |
207 if (ret == DROPBEAR_FAILURE) { | |
208 /* we only free it if a listener wasn't created, since the listener | |
209 * has to remember it if it's to be cancelled */ | |
675
dfdb9d9189ff
Server shouldn't return "localhost" in response to -R forward connections
Matt Johnston <matt@ucc.asn.au>
parents:
673
diff
changeset
|
210 m_free(request_addr); |
62 | 211 m_free(tcpinfo); |
212 } | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
213 TRACE(("leave remotetcpreq")) |
62 | 214 return ret; |
215 } | |
64 | 216 |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
217 #endif /* ENABLE_SVR_REMOTETCPFWD */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
218 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
219 #ifdef ENABLE_SVR_LOCALTCPFWD |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
220 |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
221 const struct ChanType svr_chan_tcpdirect = { |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
222 1, /* sepfds */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
223 "direct-tcpip", |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
224 newtcpdirect, /* init */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
225 NULL, /* checkclose */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
226 NULL, /* reqhandler */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
227 NULL /* closehandler */ |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
228 }; |
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
229 |
64 | 230 /* Called upon creating a new direct tcp channel (ie we connect out to an |
231 * address */ | |
232 static int newtcpdirect(struct Channel * channel) { | |
233 | |
234 unsigned char* desthost = NULL; | |
235 unsigned int destport; | |
236 unsigned char* orighost = NULL; | |
237 unsigned int origport; | |
238 char portstring[NI_MAXSERV]; | |
239 int sock; | |
240 int len; | |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
241 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
64 | 242 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
243 TRACE(("newtcpdirect channel %d", channel->index)) |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
244 |
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
410
diff
changeset
|
245 if (svr_opts.nolocaltcp || !svr_pubkey_allows_tcpfwd()) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
246 TRACE(("leave newtcpdirect: local tcp forwarding disabled")) |
64 | 247 goto out; |
248 } | |
249 | |
250 desthost = buf_getstring(ses.payload, &len); | |
251 if (len > MAX_HOST_LEN) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
252 TRACE(("leave newtcpdirect: desthost too long")) |
64 | 253 goto out; |
254 } | |
255 | |
256 destport = buf_getint(ses.payload); | |
257 | |
258 orighost = buf_getstring(ses.payload, &len); | |
259 if (len > MAX_HOST_LEN) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
260 TRACE(("leave newtcpdirect: orighost too long")) |
64 | 261 goto out; |
262 } | |
263 | |
264 origport = buf_getint(ses.payload); | |
265 | |
266 /* best be sure */ | |
267 if (origport > 65535 || destport > 65535) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
268 TRACE(("leave newtcpdirect: port > 65535")) |
64 | 269 goto out; |
270 } | |
271 | |
272 snprintf(portstring, sizeof(portstring), "%d", destport); | |
273 sock = connect_remote(desthost, portstring, 1, NULL); | |
274 if (sock < 0) { | |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
275 err = SSH_OPEN_CONNECT_FAILED; |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
276 TRACE(("leave newtcpdirect: sock failed")) |
64 | 277 goto out; |
278 } | |
279 | |
280 ses.maxfd = MAX(ses.maxfd, sock); | |
281 | |
253
84925eceeb13
* rename infd/outfd to writefd/readfd, to avoid confusion
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
282 /* We don't set readfd, that will get set after the connection's |
64 | 283 * progress succeeds */ |
253
84925eceeb13
* rename infd/outfd to writefd/readfd, to avoid confusion
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
284 channel->writefd = sock; |
64 | 285 channel->initconn = 1; |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
286 |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
937
diff
changeset
|
287 channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE; |
64 | 288 |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
289 err = SSH_OPEN_IN_PROGRESS; |
64 | 290 |
291 out: | |
292 m_free(desthost); | |
293 m_free(orighost); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
294 TRACE(("leave newtcpdirect: err %d", err)) |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
295 return err; |
64 | 296 } |
297 | |
673
c519b78b6d1a
- Don't sent SSH_MSG_UNIMPLEMENTED if we don't have ENABLE_SVR_REMOTETCPFWD
Matt Johnston <matt@ucc.asn.au>
parents:
620
diff
changeset
|
298 #endif /* ENABLE_SVR_LOCALTCPFWD */ |