diff options
-rw-r--r-- | usr.bin/ssh/channels.c | 10 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/servconf.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.1 | 15 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 7 |
6 files changed, 40 insertions, 11 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 18bb8a8e686..a990bbd1088 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.3 1999/09/28 07:56:47 deraadt Exp $"); +RCSID("$Id: channels.c,v 1.4 1999/09/29 00:10:16 deraadt Exp $"); #ifndef HAVE_GETHOSTNAME #include <sys/utsname.h> @@ -829,6 +829,7 @@ void channel_request_local_forwarding(int port, const char *host, { int ch, sock; struct sockaddr_in sin; + extern Options options; if (strlen(host) > sizeof(channels[0].path) - 1) packet_disconnect("Forward host name too long."); @@ -841,7 +842,10 @@ void channel_request_local_forwarding(int port, const char *host, /* Initialize socket address. */ memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + if (options.gateway_ports == 1) + sin.sin_addr.s_addr = htonl(INADDR_ANY); + else + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); sin.sin_port = htons(port); /* Bind the socket to the address. */ @@ -1068,7 +1072,7 @@ char *x11_create_display_inet(int screen_number) port = 6000 + display_number; memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_addr.s_addr = htonl(INADDR_ANY); sin.sin_port = htons(port); sock = socket(AF_INET, SOCK_STREAM, 0); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 8d74d5ac754..6bcd6194c5a 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ Functions for reading the configuration files. */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.2 1999/09/28 04:45:36 provos Exp $"); +RCSID("$Id: readconf.c,v 1.3 1999/09/29 00:10:16 deraadt Exp $"); #include "ssh.h" #include "cipher.h" @@ -88,7 +88,7 @@ RCSID("$Id: readconf.c,v 1.2 1999/09/28 04:45:36 provos Exp $"); typedef enum { - oForwardAgent, oForwardX11, oRhostsAuthentication, + oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, #ifdef KRB4 oKerberosAuthentication, @@ -116,6 +116,7 @@ static struct { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, + { "gatewayports", oGatewayPorts }, { "rhostsauthentication", oRhostsAuthentication }, { "passwordauthentication", oPasswordAuthentication }, { "rsaauthentication", oRSAAuthentication }, @@ -254,6 +255,10 @@ void process_config_line(Options *options, const char *host, case oForwardX11: intptr = &options->forward_x11; goto parse_flag; + + case oGatewayPorts: + intptr = &options->gateway_ports; + goto parse_flag; case oRhostsAuthentication: intptr = &options->rhosts_authentication; @@ -558,6 +563,7 @@ void initialize_options(Options *options) memset(options, 'X', sizeof(*options)); options->forward_agent = -1; options->forward_x11 = -1; + options->gateway_ports = -1; options->rhosts_authentication = -1; options->rsa_authentication = -1; #ifdef KRB4 @@ -605,6 +611,8 @@ void fill_default_options(Options *options) options->forward_agent = 1; if (options->forward_x11 == -1) options->forward_x11 = 1; + if (options->gateway_ports == -1) + options->gateway_ports = 0; if (options->rhosts_authentication == -1) options->rhosts_authentication = 1; if (options->rsa_authentication == -1) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 2ad83aec67b..079e20325a4 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -13,7 +13,7 @@ Functions for reading the configuration file. */ -/* RCSID("$Id: readconf.h,v 1.1 1999/09/26 20:53:37 deraadt Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.2 1999/09/29 00:10:16 deraadt Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -33,6 +33,7 @@ typedef struct { int forward_agent; /* Forward authentication agent. */ int forward_x11; /* Forward X11 display. */ + int gateway_ports; /* Allow remote connects to forwarded ports. */ int rhosts_authentication; /* Try rhosts authentication. */ int rhosts_rsa_authentication;/* Try rhosts with RSA authentication. */ int rsa_authentication; /* Try RSA authentication. */ diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index e8d4d55dcf7..aef557bb0f8 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.2 1999/09/28 07:56:47 deraadt Exp $"); +RCSID("$Id: servconf.c,v 1.3 1999/09/29 00:10:16 deraadt Exp $"); #include "ssh.h" #include "servconf.h" @@ -24,7 +24,7 @@ void initialize_server_options(ServerOptions *options) { memset(options, 0, sizeof(*options)); options->port = -1; - options->listen_addr.s_addr = INADDR_ANY; + options->listen_addr.s_addr = htonl(INADDR_ANY); options->host_key_file = NULL; options->random_seed_file = NULL; options->server_key_bits = -1; diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 5f76bedf028..19999b4c2cc 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.2 1999/09/26 22:30:06 deraadt Exp $ +.\" $Id: ssh.1,v 1.3 1999/09/29 00:10:16 deraadt Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,7 +24,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl knqtvxXC +.Op Fl gknqtvxXC .Op Fl c Ar blowfish|idea|des|3des|none .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -296,6 +296,8 @@ multiple .Fl i options (and multiple identities specified in configuration files). +.It Fl g +Allows remote hosts to connect to local forwarded ports. .It Fl k Disables forwarding of Kerberos tickets / AFS tokens. This may also be specified on a per-host basis in the configuration file. @@ -509,6 +511,15 @@ set. The argument must be .Dq yes or .Dq no . +.It Cm GatewayPorts +Specifies whether remote hosts are allowed to connect to local +forwarded ports. +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm GlobalKnownHostsFile Specifies a file to use instead of .Pa /etc/ssh_known_hosts . diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index cc938505d00..018dda25347 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.3 1999/09/28 07:57:42 deraadt Exp $"); +RCSID("$Id: ssh.c,v 1.4 1999/09/29 00:10:16 deraadt Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -110,6 +110,7 @@ usage() fprintf(stderr, "or none.\n"); fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n"); + fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); fprintf(stderr, " -L listen-port:host:port Forward local port to remote address\n"); fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n"); fprintf(stderr, " These cause %s to listen for connections on a port, and\n", av0); @@ -290,6 +291,10 @@ main(int ac, char **av) options.forward_x11 = 1; break; + case 'g': + options.gateway_ports = 1; + break; + case 'a': options.forward_agent = 0; #ifdef KERBEROS_TGT_PASSING |