| version 1.313, 2011/09/10 22:26:34 |
version 1.314, 2011/09/23 00:22:04 |
|
|
| /* Number of permitted host/port pair in the array permitted by the admin. */ |
/* Number of permitted host/port pair in the array permitted by the admin. */ |
| static int num_adm_permitted_opens = 0; |
static int num_adm_permitted_opens = 0; |
| |
|
| |
/* special-case port number meaning allow any port */ |
| |
#define FWD_PERMIT_ANY_PORT 0 |
| |
|
| /* |
/* |
| * If this is true, all opens are permitted. This is the case on the server |
* If this is true, all opens are permitted. This is the case on the server |
| * on which we have to trust the client anyway, and the user could do |
* on which we have to trust the client anyway, and the user could do |
|
|
| printf("\n"); |
printf("\n"); |
| } |
} |
| |
|
| |
/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ |
| |
int |
| |
permitopen_port(const char *p) |
| |
{ |
| |
int port; |
| |
|
| |
if (strcmp(p, "*") == 0) |
| |
return FWD_PERMIT_ANY_PORT; |
| |
if ((port = a2port(p)) > 0) |
| |
return port; |
| |
return -1; |
| |
} |
| |
|
| |
static int |
| |
port_match(u_short allowedport, u_short requestedport) |
| |
{ |
| |
if (allowedport == FWD_PERMIT_ANY_PORT || |
| |
allowedport == requestedport) |
| |
return 1; |
| |
return 0; |
| |
} |
| |
|
| /* Try to start non-blocking connect to next host in cctx list */ |
/* Try to start non-blocking connect to next host in cctx list */ |
| static int |
static int |
| connect_next(struct channel_connect *cctx) |
connect_next(struct channel_connect *cctx) |
|
|
| |
|
| for (i = 0; i < num_permitted_opens; i++) { |
for (i = 0; i < num_permitted_opens; i++) { |
| if (permitted_opens[i].host_to_connect != NULL && |
if (permitted_opens[i].host_to_connect != NULL && |
| permitted_opens[i].listen_port == listen_port) { |
port_match(permitted_opens[i].listen_port, listen_port)) { |
| return connect_to( |
return connect_to( |
| permitted_opens[i].host_to_connect, |
permitted_opens[i].host_to_connect, |
| permitted_opens[i].port_to_connect, ctype, rname); |
permitted_opens[i].port_to_connect, ctype, rname); |
|
|
| if (!permit) { |
if (!permit) { |
| for (i = 0; i < num_permitted_opens; i++) |
for (i = 0; i < num_permitted_opens; i++) |
| if (permitted_opens[i].host_to_connect != NULL && |
if (permitted_opens[i].host_to_connect != NULL && |
| permitted_opens[i].port_to_connect == port && |
port_match(permitted_opens[i].port_to_connect, port) && |
| strcmp(permitted_opens[i].host_to_connect, host) == 0) |
strcmp(permitted_opens[i].host_to_connect, host) == 0) |
| permit = 1; |
permit = 1; |
| } |
} |
|
|
| permit_adm = 0; |
permit_adm = 0; |
| for (i = 0; i < num_adm_permitted_opens; i++) |
for (i = 0; i < num_adm_permitted_opens; i++) |
| if (permitted_adm_opens[i].host_to_connect != NULL && |
if (permitted_adm_opens[i].host_to_connect != NULL && |
| permitted_adm_opens[i].port_to_connect == port && |
port_match(permitted_adm_opens[i].port_to_connect, port) && |
| strcmp(permitted_adm_opens[i].host_to_connect, host) |
strcmp(permitted_adm_opens[i].host_to_connect, host) |
| == 0) |
== 0) |
| permit_adm = 1; |
permit_adm = 1; |
![[BACK]](/icons/back.gif){kind=icon}
Return to channels.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh