diff options
| author |   markus <markus@openbsd.org> | 2011-09-23 07:45:05 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2011-09-23 07:45:05 +0000 |
| commit | d6c4a90ca63efe75eb475cf6e862c78c9d280204 (patch) | |
| tree | ad8bd86a6978a0609907d6c3a0dd7b9710796215 /usr.bin/ssh/ssh.c | |
| parent | ph = pool_get(&phpool, PR_NOWAIT) can return NULL, so dont unconditionally (diff) | |
| download | wireguard-openbsd-d6c4a90ca63efe75eb475cf6e862c78c9d280204.tar.xz wireguard-openbsd-d6c4a90ca63efe75eb475cf6e862c78c9d280204.zip | |
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index be75d0148bc..b261601b4a9 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.365 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.366 2011/09/23 07:45:05 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -970,11 +970,17 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); - if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { - rfwd->allocated_port = packet_get_int(); - logit("Allocated port %u for remote forward to %s:%d", - rfwd->allocated_port, - rfwd->connect_host, rfwd->connect_port); + if (rfwd->listen_port == 0) { + if (type == SSH2_MSG_REQUEST_SUCCESS) { + rfwd->allocated_port = packet_get_int(); + logit("Allocated port %u for remote forward to %s:%d", + rfwd->allocated_port, + rfwd->connect_host, rfwd->connect_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); + } else { + channel_update_permitted_opens(rfwd->handle, -1); + } } if (type == SSH2_MSG_REQUEST_FAILURE) { @@ -1066,19 +1072,22 @@ ssh_init_forwarding(void) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - if (channel_request_remote_forwarding( + options.remote_forwards[i].handle = + channel_request_remote_forwarding( options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port) < 0) { + options.remote_forwards[i].connect_port); + if (options.remote_forwards[i].handle < 0) { if (options.exit_on_forward_failure) fatal("Could not request remote forwarding."); else logit("Warning: Could not request remote " "forwarding."); + } else { + client_register_global_confirm(ssh_confirm_remote_forward, + &options.remote_forwards[i]); } - client_register_global_confirm(ssh_confirm_remote_forward, - &options.remote_forwards[i]); } /* Initiate tunnel forwarding. */ |