diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2021-02-15 21:43:15 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2021-02-17 05:03:41 +0100 |
| commit | da0a9afcc446a30ca49dd216612c41ac3cb1f2d4 (patch) | |
| tree | 59583623e3eacb7a9f7b511f2ed2e4da70f9e187 /channels.c | |
| parent | upstream: factor out opt_array_append; ok djm@ (diff) | |
| download | openssh-da0a9afcc446a30ca49dd216612c41ac3cb1f2d4.tar.xz openssh-da0a9afcc446a30ca49dd216612c41ac3cb1f2d4.zip | |
upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
with SOCKS ok djm@, dtucker@
OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
Diffstat (limited to 'channels.c')
| -rw-r--r-- | channels.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/channels.c b/channels.c index 4fccd0b37..b60d56c48 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.404 2021/01/27 09:26:53 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.405 2021/02/15 20:43:15 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -4478,9 +4478,28 @@ rdynamic_connect_prepare(struct ssh *ssh, char *ctype, char *rname) static int rdynamic_connect_finish(struct ssh *ssh, Channel *c) { + struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; + struct permission *perm; struct channel_connect cctx; + u_int i, permit_adm = 1; int sock; + if (pset->num_permitted_admin > 0) { + permit_adm = 0; + for (i = 0; i < pset->num_permitted_admin; i++) { + perm = &pset->permitted_admin[i]; + if (open_match(perm, c->path, c->host_port)) { + permit_adm = 1; + break; + } + } + } + if (!permit_adm) { + debug_f("requested forward not permitted"); + return -1; + } + memset(&cctx, 0, sizeof(cctx)); sock = connect_to_helper(ssh, c->path, c->host_port, SOCK_STREAM, NULL, NULL, &cctx, NULL, NULL); |