support remote port forwarding with a zero listen port (-R0:...) to

dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@

1 files changed, 8 insertions, 4 deletions

diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 86ee4ae31d4..999e5be8a49 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.155 2009/01/22 10:02:34 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.156 2009/02/12 03:00:56 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1058,7 +1058,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 {
 	char *rtype;
 	int want_reply;
-	int success = 0;
+	int success = 0, allocated_listen_port = 0;
 
 	rtype = packet_get_string(NULL);
 	want_reply = packet_get_char();
@@ -1081,13 +1081,15 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 		/* check permissions */
 		if (!options.allow_tcp_forwarding ||
 		    no_port_forwarding_flag ||
-		    (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
+		    (listen_port != 0 && listen_port < IPPORT_RESERVED &&
+		    pw->pw_uid != 0)) {
 			success = 0;
 			packet_send_debug("Server has disabled port forwarding.");
 		} else {
 			/* Start listening on the port */
 			success = channel_setup_remote_fwd_listener(
-			    listen_address, listen_port, options.gateway_ports);
+			    listen_address, listen_port,
+			    &allocated_listen_port, options.gateway_ports);
 		}
 		xfree(listen_address);
 	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
@@ -1109,6 +1111,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
 	if (want_reply) {
 		packet_start(success ?
 		    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
+		if (success && allocated_listen_port > 0)
+			packet_put_int(allocated_listen_port);
 		packet_send();
 		packet_write_wait();
 	}