Mercurial > dropbear
comparison svr-tcpfwd.c @ 258:306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
hosts to connect to forwarded ports. Rearranged various some of the
tcp listening code.
* changed to /* */ style brackets in svr-authpam.c
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 04 Dec 2005 16:13:11 +0000 |
| parents | 84925eceeb13 |
| children | c049490e43fe |
comparison
equal
deleted
inserted
replaced
| 257:63601217f5ab | 258:306499676384 |
|---|---|
| 70 unsigned int wantreply = 0; | 70 unsigned int wantreply = 0; |
| 71 int ret = DROPBEAR_FAILURE; | 71 int ret = DROPBEAR_FAILURE; |
| 72 | 72 |
| 73 TRACE(("enter recv_msg_global_request_remotetcp")) | 73 TRACE(("enter recv_msg_global_request_remotetcp")) |
| 74 | 74 |
| 75 if (opts.noremotetcp) { | 75 if (svr_opts.noremotetcp) { |
| 76 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) | 76 TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled")) |
| 77 goto out; | 77 goto out; |
| 78 } | 78 } |
| 79 | 79 |
| 80 reqname = buf_getstring(ses.payload, &namelen); | 80 reqname = buf_getstring(ses.payload, &namelen); |
| 127 static int matchtcp(void* typedata1, void* typedata2) { | 127 static int matchtcp(void* typedata1, void* typedata2) { |
| 128 | 128 |
| 129 const struct TCPListener *info1 = (struct TCPListener*)typedata1; | 129 const struct TCPListener *info1 = (struct TCPListener*)typedata1; |
| 130 const struct TCPListener *info2 = (struct TCPListener*)typedata2; | 130 const struct TCPListener *info2 = (struct TCPListener*)typedata2; |
| 131 | 131 |
| 132 return (info1->sendport == info2->sendport) | 132 return (info1->listenport == info2->listenport) |
| 133 && (info1->chantype == info2->chantype) | 133 && (info1->chantype == info2->chantype) |
| 134 && (strcmp(info1->sendaddr, info2->sendaddr) == 0); | 134 && (strcmp(info1->listenaddr, info2->listenaddr) == 0); |
| 135 } | 135 } |
| 136 | 136 |
| 137 static int svr_cancelremotetcp() { | 137 static int svr_cancelremotetcp() { |
| 138 | 138 |
| 139 int ret = DROPBEAR_FAILURE; | 139 int ret = DROPBEAR_FAILURE; |
| 151 goto out; | 151 goto out; |
| 152 } | 152 } |
| 153 | 153 |
| 154 port = buf_getint(ses.payload); | 154 port = buf_getint(ses.payload); |
| 155 | 155 |
| 156 tcpinfo.sendaddr = bindaddr; | 156 tcpinfo.sendaddr = NULL; |
| 157 tcpinfo.sendport = port; | 157 tcpinfo.sendport = 0; |
| 158 tcpinfo.listenaddr = bindaddr; | |
| 159 tcpinfo.listenport = port; | |
| 158 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp); | 160 listener = get_listener(CHANNEL_ID_TCPFORWARDED, &tcpinfo, matchtcp); |
| 159 if (listener) { | 161 if (listener) { |
| 160 remove_listener( listener ); | 162 remove_listener( listener ); |
| 161 ret = DROPBEAR_SUCCESS; | 163 ret = DROPBEAR_SUCCESS; |
| 162 } | 164 } |
| 175 struct TCPListener *tcpinfo = NULL; | 177 struct TCPListener *tcpinfo = NULL; |
| 176 unsigned int port; | 178 unsigned int port; |
| 177 | 179 |
| 178 TRACE(("enter remotetcpreq")) | 180 TRACE(("enter remotetcpreq")) |
| 179 | 181 |
| 180 /* NOTE: at this stage, we ignore bindaddr. see below and listen_tcpfwd */ | |
| 181 bindaddr = buf_getstring(ses.payload, &addrlen); | 182 bindaddr = buf_getstring(ses.payload, &addrlen); |
| 182 if (addrlen > MAX_IP_LEN) { | 183 if (addrlen > MAX_IP_LEN) { |
| 183 TRACE(("addr len too long: %d", addrlen)) | 184 TRACE(("addr len too long: %d", addrlen)) |
| 184 goto out; | 185 goto out; |
| 185 } | 186 } |
| 200 TRACE(("can't assign port < 1024 for non-root")) | 201 TRACE(("can't assign port < 1024 for non-root")) |
| 201 goto out; | 202 goto out; |
| 202 } | 203 } |
| 203 | 204 |
| 204 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); | 205 tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener)); |
| 205 tcpinfo->sendaddr = bindaddr; | 206 tcpinfo->sendaddr = NULL; |
| 206 tcpinfo->sendport = port; | 207 tcpinfo->sendport = 0; |
| 208 tcpinfo->listenaddr = bindaddr; | |
| 207 tcpinfo->listenport = port; | 209 tcpinfo->listenport = port; |
| 208 tcpinfo->chantype = &svr_chan_tcpremote; | 210 tcpinfo->chantype = &svr_chan_tcpremote; |
| 209 | 211 |
| 210 /* Note: bindaddr is actually ignored by listen_tcpfwd, since | |
| 211 * we only want to bind to localhost */ | |
| 212 ret = listen_tcpfwd(tcpinfo); | 212 ret = listen_tcpfwd(tcpinfo); |
| 213 | 213 |
| 214 out: | 214 out: |
| 215 if (ret == DROPBEAR_FAILURE) { | 215 if (ret == DROPBEAR_FAILURE) { |
| 216 /* we only free it if a listener wasn't created, since the listener | 216 /* we only free it if a listener wasn't created, since the listener |
| 217 * has to remember it if it's to be cancelled */ | 217 * has to remember it if it's to be cancelled */ |
| 218 m_free(tcpinfo->sendaddr); | 218 m_free(tcpinfo->listenaddr); |
| 219 m_free(tcpinfo); | 219 m_free(tcpinfo); |
| 220 } | 220 } |
| 221 TRACE(("leave remotetcpreq")) | 221 TRACE(("leave remotetcpreq")) |
| 222 return ret; | 222 return ret; |
| 223 } | 223 } |
| 233 char portstring[NI_MAXSERV]; | 233 char portstring[NI_MAXSERV]; |
| 234 int sock; | 234 int sock; |
| 235 int len; | 235 int len; |
| 236 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; | 236 int err = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; |
| 237 | 237 |
| 238 if (opts.nolocaltcp) { | 238 if (svr_opts.nolocaltcp) { |
| 239 TRACE(("leave newtcpdirect: local tcp forwarding disabled")) | 239 TRACE(("leave newtcpdirect: local tcp forwarding disabled")) |
| 240 goto out; | 240 goto out; |
| 241 } | 241 } |
| 242 | 242 |
| 243 desthost = buf_getstring(ses.payload, &len); | 243 desthost = buf_getstring(ses.payload, &len); |