version 1.295, 2018/06/01 03:33:53 |
version 1.296, 2018/06/06 18:22:41 |
|
|
|
|
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
return; |
return; |
channel_clear_permitted_opens(ssh); |
channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL); |
for (i = 0; i < auth_opts->npermitopen; i++) { |
for (i = 0; i < auth_opts->npermitopen; i++) { |
tmp = cp = xstrdup(auth_opts->permitopen[i]); |
tmp = cp = xstrdup(auth_opts->permitopen[i]); |
/* This shouldn't fail as it has already been checked */ |
/* This shouldn't fail as it has already been checked */ |
|
|
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
fatal("%s: internal error: permitopen port", |
fatal("%s: internal error: permitopen port", |
__func__); |
__func__); |
channel_add_permitted_opens(ssh, host, port); |
channel_add_permission(ssh, FORWARD_USER, FORWARD_LOCAL, |
|
host, port); |
free(tmp); |
free(tmp); |
} |
} |
} |
} |
|
|
/* setup the channel layer */ |
/* setup the channel layer */ |
/* XXX - streamlocal? */ |
/* XXX - streamlocal? */ |
set_permitopen_from_authopts(ssh, auth_opts); |
set_permitopen_from_authopts(ssh, auth_opts); |
if (!auth_opts->permit_port_forwarding_flag || |
|
options.disable_forwarding || |
|
(options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
|
channel_disable_adm_local_opens(ssh); |
|
else |
|
channel_permit_all_opens(ssh); |
|
|
|
|
if (!auth_opts->permit_port_forwarding_flag || |
|
options.disable_forwarding) { |
|
channel_disable_admin(ssh, FORWARD_LOCAL); |
|
channel_disable_admin(ssh, FORWARD_REMOTE); |
|
} else { |
|
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
|
channel_disable_admin(ssh, FORWARD_LOCAL); |
|
else |
|
channel_permit_all(ssh, FORWARD_LOCAL); |
|
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0) |
|
channel_disable_admin(ssh, FORWARD_REMOTE); |
|
else |
|
channel_permit_all(ssh, FORWARD_REMOTE); |
|
} |
auth_debug_send(); |
auth_debug_send(); |
|
|
prepare_auth_info_file(authctxt->pw, authctxt->session_info); |
prepare_auth_info_file(authctxt->pw, authctxt->session_info); |