Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
openssh.32839
openssh-7.6p1-correct_error_reason_port_forward...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-7.6p1-correct_error_reason_port_forwarding.patch of Package openssh.32839
From 858252fb1d451ebb0969cf9749116c8f0ee42753 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" <dtucker@openbsd.org> Date: Wed, 1 Feb 2017 02:59:09 +0000 Subject: upstream commit Return true reason for port forwarding failures where feasible rather than always "administratively prohibited". bz#2674, ok djm@ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 --- channels.c | 33 ++++++++++++++++++++++++++------- channels.h | 5 +++-- serverloop.c | 17 ++++++++++------- 3 files changed, 39 insertions(+), 16 deletions(-) Index: openssh-7.2p2/channels.c =================================================================== --- openssh-7.2p2.orig/channels.c 2019-03-28 12:26:47.785548283 +0100 +++ openssh-7.2p2/channels.c 2019-03-28 12:36:01.652900467 +0100 @@ -2700,7 +2700,7 @@ channel_input_port_open(int type, u_int3 } packet_check_eom(); c = channel_connect_to_port(host, host_port, - "connected socket", originator_string); + "connected socket", originator_string, NULL, NULL); free(originator_string); free(host); if (c == NULL) { @@ -3694,9 +3694,13 @@ channel_connect_ctx_free(struct channel_ memset(cctx, 0, sizeof(*cctx)); } -/* Return CONNECTING channel to remote host:port or local socket path */ +/* + * Return CONNECTING channel to remote host:port or local socket path, + * passing back the failure reason if appropriate. + */ static Channel * -connect_to(const char *name, int port, char *ctype, char *rname) +connect_to_reason(const char *name, int port, char *ctype, char *rname, + int *reason, const char **errmsg) { struct addrinfo hints; int gaierr; @@ -3737,7 +3741,12 @@ connect_to(const char *name, int port, c hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { + if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) + != 0) { + if (errmsg != NULL) + *errmsg = ssh_gai_strerror(gaierr); + if (reason != NULL) + *reason = SSH2_OPEN_CONNECT_FAILED; error("connect_to %.100s: unknown host (%s)", name, ssh_gai_strerror(gaierr)); return NULL; @@ -3760,6 +3769,13 @@ connect_to(const char *name, int port, c return c; } +/* Return CONNECTING channel to remote host:port or local socket path */ +static Channel * +connect_to(const char *name, int port, char *ctype, char *rname) +{ + return connect_to_reason(name, port, ctype, rname, NULL, NULL); +} + Channel * channel_connect_by_listen_address(const char *listen_host, u_short listen_port, char *ctype, char *rname) @@ -3798,7 +3814,8 @@ channel_connect_by_listen_path(const cha /* Check if connecting to that port is permitted and connect. */ Channel * -channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) +channel_connect_to_port(const char *host, u_short port, char *ctype, + char *rname, int *reason, const char **errmsg) { int i, permit, permit_adm = 1; @@ -3823,9 +3840,11 @@ channel_connect_to_port(const char *host if (!permit || !permit_adm) { logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; return NULL; } - return connect_to(host, port, ctype, rname); + return connect_to_reason(host, port, ctype, rname, reason, errmsg); } /* Check if connecting to that path is permitted and connect. */ Index: openssh-7.2p2/channels.h =================================================================== --- openssh-7.2p2.orig/channels.h 2019-03-28 12:26:50.013563112 +0100 +++ openssh-7.2p2/channels.h 2019-03-28 12:29:05.414451137 +0100 @@ -268,7 +268,8 @@ void channel_clear_permitted_opens(void void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); int channel_input_port_forward_request(int, struct ForwardOptions *); -Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *, + const char **); Channel *channel_connect_to_path(const char *, char *, char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); Channel *channel_connect_by_listen_address(const char *, u_short, Index: openssh-7.2p2/serverloop.c =================================================================== --- openssh-7.2p2.orig/serverloop.c 2019-03-28 12:26:47.785548283 +0100 +++ openssh-7.2p2/serverloop.c 2019-03-28 12:26:50.013563112 +0100 @@ -946,7 +946,7 @@ server_input_window_size(int type, u_int } static Channel * -server_request_direct_tcpip(void) +server_request_direct_tcpip(int *reason, const char **errmsg) { Channel *c = NULL; char *target, *originator; @@ -965,11 +965,13 @@ server_request_direct_tcpip(void) if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag) { c = channel_connect_to_port(target, target_port, - "direct-tcpip", "direct-tcpip"); + "direct-tcpip", "direct-tcpip", reason, errmsg); } else { logit("refused local port forward: " "originator %s port %d, target %s port %d", originator, originator_port, target, target_port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; } free(originator); @@ -1096,7 +1098,8 @@ server_input_channel_open(int type, u_in { Channel *c = NULL; char *ctype; - int rchan; + const char *errmsg = NULL; + int rchan, reason = SSH2_OPEN_CONNECT_FAILED; u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); @@ -1110,7 +1113,7 @@ server_input_channel_open(int type, u_in if (strcmp(ctype, "session") == 0) { c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { - c = server_request_direct_tcpip(); + c = server_request_direct_tcpip(&reason, &errmsg); } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { c = server_request_direct_streamlocal(); } else if (strcmp(ctype, "tun@openssh.com") == 0) { @@ -1133,9 +1136,9 @@ server_input_channel_open(int type, u_in debug("server_input_channel_open: failure %s", ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); - packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); + packet_put_int(reason); if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); + packet_put_cstring(errmsg ? errmsg : "open failed"); packet_put_cstring(""); } packet_send();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor