diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-02-01 02:59:09 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2017-02-03 14:23:24 +1100 |
| commit | 858252fb1d451ebb0969cf9749116c8f0ee42753 (patch) | |
| tree | 86168774d4d73763e0114ec62d7abeb29fbfba12 /serverloop.c | |
| parent | 6ba9f893838489add6ec4213c7a997b425e4a9e0 (diff) | |
upstream commit
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674, ok djm@
Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
Diffstat (limited to 'serverloop.c')
| -rw-r--r-- | serverloop.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/serverloop.c b/serverloop.c index bdb944fa..2976f559 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.190 2017/01/04 05:37:40 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt) } static Channel * -server_request_direct_tcpip(void) +server_request_direct_tcpip(int *reason, const char **errmsg) { Channel *c = NULL; char *target, *originator; @@ -449,11 +449,13 @@ server_request_direct_tcpip(void) if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding) { c = channel_connect_to_port(target, target_port, - "direct-tcpip", "direct-tcpip"); + "direct-tcpip", "direct-tcpip", reason, errmsg); } else { logit("refused local port forward: " "originator %s port %d, target %s port %d", originator, originator_port, target, target_port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; } free(originator); @@ -581,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - int rchan; + const char *errmsg = NULL; + int rchan, reason = SSH2_OPEN_CONNECT_FAILED; u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); @@ -595,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) if (strcmp(ctype, "session") == 0) { c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { - c = server_request_direct_tcpip(); + c = server_request_direct_tcpip(&reason, &errmsg); } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { c = server_request_direct_streamlocal(); } else if (strcmp(ctype, "tun@openssh.com") == 0) { @@ -618,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) debug("server_input_channel_open: failure %s", ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); - packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); + packet_put_int(reason); if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); + packet_put_cstring(errmsg ? errmsg : "open failed"); packet_put_cstring(""); } packet_send(); |