version 1.296, 2018/06/06 18:22:41 |
version 1.297, 2018/06/06 18:23:32 |
|
|
} |
} |
|
|
static void |
static void |
set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) |
set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) |
{ |
{ |
char *tmp, *cp, *host; |
char *tmp, *cp, *host; |
int port; |
int port; |
size_t i; |
size_t i; |
|
|
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { |
return; |
channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL); |
channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL); |
for (i = 0; i < auth_opts->npermitopen; i++) { |
for (i = 0; i < auth_opts->npermitopen; i++) { |
tmp = cp = xstrdup(auth_opts->permitopen[i]); |
tmp = cp = xstrdup(auth_opts->permitopen[i]); |
/* This shouldn't fail as it has already been checked */ |
/* This shouldn't fail as it has already been checked */ |
if ((host = hpdelim(&cp)) == NULL) |
if ((host = hpdelim(&cp)) == NULL) |
fatal("%s: internal error: hpdelim", __func__); |
fatal("%s: internal error: hpdelim", __func__); |
host = cleanhostname(host); |
host = cleanhostname(host); |
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
fatal("%s: internal error: permitopen port", |
fatal("%s: internal error: permitopen port", |
__func__); |
__func__); |
channel_add_permission(ssh, |
channel_add_permission(ssh, FORWARD_USER, FORWARD_LOCAL, |
FORWARD_USER, FORWARD_LOCAL, host, port); |
host, port); |
free(tmp); |
free(tmp); |
} |
} |
} |
|
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0) { |
|
channel_clear_permission(ssh, FORWARD_USER, FORWARD_REMOTE); |
|
for (i = 0; i < auth_opts->npermitlisten; i++) { |
|
tmp = cp = xstrdup(auth_opts->permitlisten[i]); |
|
/* This shouldn't fail as it has already been checked */ |
|
if ((host = hpdelim(&cp)) == NULL) |
|
fatal("%s: internal error: hpdelim", __func__); |
|
host = cleanhostname(host); |
|
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
|
fatal("%s: internal error: permitlisten port", |
|
__func__); |
|
channel_add_permission(ssh, |
|
FORWARD_USER, FORWARD_REMOTE, host, port); |
|
free(tmp); |
|
} |
|
} |
} |
} |
|
|
void |
void |
|
|
|
|
/* setup the channel layer */ |
/* setup the channel layer */ |
/* XXX - streamlocal? */ |
/* XXX - streamlocal? */ |
set_permitopen_from_authopts(ssh, auth_opts); |
set_fwdpermit_from_authopts(ssh, auth_opts); |
|
|
if (!auth_opts->permit_port_forwarding_flag || |
if (!auth_opts->permit_port_forwarding_flag || |
options.disable_forwarding) { |
options.disable_forwarding) { |