diff options
| author | Damien Miller <djm@mindrot.org> | 2011-09-22 21:39:48 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-09-22 21:39:48 +1000 |
| commit | ff773644e6892e6d3999b0e0c69f05b56705eabc (patch) | |
| tree | 56f792434d92ef52dd0e05a00b9295ba52bcc64e | |
| parent | f6dff7cd2ff5eba5cd63e3a9c7bf6ccf183cb056 (diff) | |
- markus@cvs.openbsd.org 2011/09/10 22:26:34
[channels.c channels.h clientloop.c ssh.1]
support cancellation of local/dynamic forwardings from ~C commandline;
ok & feedback djm@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | channels.c | 14 | ||||
| -rw-r--r-- | channels.h | 6 | ||||
| -rw-r--r-- | clientloop.c | 34 | ||||
| -rw-r--r-- | ssh.1 | 19 |
5 files changed, 56 insertions, 21 deletions
@@ -56,6 +56,10 @@ support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ 20110909 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port) int channel_cancel_lport_listener(const char *lhost, u_short lport, - u_short cport, int gateway_ports) + int cport, int gateway_ports) { u_int i; int found = 0; @@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport, Channel *c = channels[i]; if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) continue; - if (c->listening_port != lport || c->host_port != cport) + if (c->listening_port != lport) continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } if ((c->listening_addr == NULL && addr != NULL) || (c->listening_addr != NULL && addr == NULL)) continue; @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -57,6 +57,8 @@ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ #define SSH_CHANNEL_MAX_TYPE 17 +#define CHANNEL_CANCEL_PORT_STATIC -1 + struct Channel; typedef struct Channel Channel; @@ -265,7 +267,7 @@ int channel_setup_local_fwd_listener(const char *, u_short, int channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); -int channel_cancel_lport_listener(const char *, u_short, u_short, int); +int channel_cancel_lport_listener(const char *, u_short, int, int); /* x11 forwarding */ diff --git a/clientloop.c b/clientloop.c index c19b01f1..1339521f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -839,9 +839,8 @@ process_cmdline(void) { void (*handler)(int); char *s, *cmd, *cancel_host; - int delete = 0; - int local = 0, remote = 0, dynamic = 0; - int cancel_port; + int delete = 0, local = 0, remote = 0, dynamic = 0; + int cancel_port, ok; Forward fwd; bzero(&fwd, sizeof(fwd)); @@ -867,8 +866,12 @@ process_cmdline(void) "Request remote forward"); logit(" -D[bind_address:]port " "Request dynamic forward"); + logit(" -KL[bind_address:]port " + "Cancel local forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); + logit(" -KD[bind_address:]port " + "Cancel dynamic forward"); if (!options.permit_local_command) goto out; logit(" !args " @@ -897,11 +900,7 @@ process_cmdline(void) goto out; } - if ((local || dynamic) && delete) { - logit("Not supported."); - goto out; - } - if (remote && delete && !compat20) { + if (delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -924,7 +923,21 @@ process_cmdline(void) logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(cancel_host, cancel_port); + if (remote) + ok = channel_request_rforward_cancel(cancel_host, + cancel_port) == 0; + else if (dynamic) + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, 0, options.gateway_ports) > 0; + else + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, CHANNEL_CANCEL_PORT_STATIC, + options.gateway_ports) > 0; + if (!ok) { + logit("Unkown port forwarding."); + goto out; + } + logit("Canceled forwarding."); } else { if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); @@ -945,7 +958,6 @@ process_cmdline(void) goto out; } } - logit("Forwarding port."); } @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $ -.Dd $Mdocdate: August 26 2011 $ +.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $ +.Dd $Mdocdate: September 10 2011 $ .Dt SSH 1 .Os .Sh NAME @@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the and .Fl D options (see above). -It also allows the cancellation of existing remote port-forwardings -using +It also allows the cancellation of existing port-forwardings +with +.Sm off +.Fl KL Oo Ar bind_address : Oc Ar port +.Sm on +for local, +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port +.Sm on +for remote and .Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . +.Fl KD Oo Ar bind_address : Oc Ar port .Sm on +for dynamic port-forwardings. .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand |