version 1.313, 2011/09/10 22:26:34 |
version 1.314, 2011/09/23 00:22:04 |
|
|
/* Number of permitted host/port pair in the array permitted by the admin. */ |
/* Number of permitted host/port pair in the array permitted by the admin. */ |
static int num_adm_permitted_opens = 0; |
static int num_adm_permitted_opens = 0; |
|
|
|
/* special-case port number meaning allow any port */ |
|
#define FWD_PERMIT_ANY_PORT 0 |
|
|
/* |
/* |
* If this is true, all opens are permitted. This is the case on the server |
* If this is true, all opens are permitted. This is the case on the server |
* on which we have to trust the client anyway, and the user could do |
* on which we have to trust the client anyway, and the user could do |
|
|
printf("\n"); |
printf("\n"); |
} |
} |
|
|
|
/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ |
|
int |
|
permitopen_port(const char *p) |
|
{ |
|
int port; |
|
|
|
if (strcmp(p, "*") == 0) |
|
return FWD_PERMIT_ANY_PORT; |
|
if ((port = a2port(p)) > 0) |
|
return port; |
|
return -1; |
|
} |
|
|
|
static int |
|
port_match(u_short allowedport, u_short requestedport) |
|
{ |
|
if (allowedport == FWD_PERMIT_ANY_PORT || |
|
allowedport == requestedport) |
|
return 1; |
|
return 0; |
|
} |
|
|
/* Try to start non-blocking connect to next host in cctx list */ |
/* Try to start non-blocking connect to next host in cctx list */ |
static int |
static int |
connect_next(struct channel_connect *cctx) |
connect_next(struct channel_connect *cctx) |
|
|
|
|
for (i = 0; i < num_permitted_opens; i++) { |
for (i = 0; i < num_permitted_opens; i++) { |
if (permitted_opens[i].host_to_connect != NULL && |
if (permitted_opens[i].host_to_connect != NULL && |
permitted_opens[i].listen_port == listen_port) { |
port_match(permitted_opens[i].listen_port, listen_port)) { |
return connect_to( |
return connect_to( |
permitted_opens[i].host_to_connect, |
permitted_opens[i].host_to_connect, |
permitted_opens[i].port_to_connect, ctype, rname); |
permitted_opens[i].port_to_connect, ctype, rname); |
|
|
if (!permit) { |
if (!permit) { |
for (i = 0; i < num_permitted_opens; i++) |
for (i = 0; i < num_permitted_opens; i++) |
if (permitted_opens[i].host_to_connect != NULL && |
if (permitted_opens[i].host_to_connect != NULL && |
permitted_opens[i].port_to_connect == port && |
port_match(permitted_opens[i].port_to_connect, port) && |
strcmp(permitted_opens[i].host_to_connect, host) == 0) |
strcmp(permitted_opens[i].host_to_connect, host) == 0) |
permit = 1; |
permit = 1; |
} |
} |
|
|
permit_adm = 0; |
permit_adm = 0; |
for (i = 0; i < num_adm_permitted_opens; i++) |
for (i = 0; i < num_adm_permitted_opens; i++) |
if (permitted_adm_opens[i].host_to_connect != NULL && |
if (permitted_adm_opens[i].host_to_connect != NULL && |
permitted_adm_opens[i].port_to_connect == port && |
port_match(permitted_adm_opens[i].port_to_connect, port) && |
strcmp(permitted_adm_opens[i].host_to_connect, host) |
strcmp(permitted_adm_opens[i].host_to_connect, host) |
== 0) |
== 0) |
permit_adm = 1; |
permit_adm = 1; |