summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/serverloop.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/serverloop.c')
-rw-r--r--crypto/openssh/serverloop.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index 33fcfc3..53a99ca 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.162 2012/06/20 04:42:58 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.164 2012/12/07 01:51:35 dtucker Exp $ */
/* $FreeBSD$ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -709,7 +709,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
&nalloc, max_time_milliseconds);
if (received_sigterm) {
- logit("Exiting on signal %d", received_sigterm);
+ logit("Exiting on signal %d", (int)received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
@@ -859,7 +859,7 @@ server_loop2(Authctxt *authctxt)
&nalloc, 0);
if (received_sigterm) {
- logit("Exiting on signal %d", received_sigterm);
+ logit("Exiting on signal %d", (int)received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
@@ -951,7 +951,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt)
static Channel *
server_request_direct_tcpip(void)
{
- Channel *c;
+ Channel *c = NULL;
char *target, *originator;
u_short target_port, originator_port;
@@ -964,9 +964,16 @@ server_request_direct_tcpip(void)
debug("server_request_direct_tcpip: originator %s port %d, target %s "
"port %d", originator, originator_port, target, target_port);
- /* XXX check permission */
- c = channel_connect_to(target, target_port,
- "direct-tcpip", "direct-tcpip");
+ /* XXX fine grained permissions */
+ if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
+ !no_port_forwarding_flag) {
+ c = channel_connect_to(target, target_port,
+ "direct-tcpip", "direct-tcpip");
+ } else {
+ logit("refused local port forward: "
+ "originator %s port %d, target %s port %d",
+ originator, originator_port, target, target_port);
+ }
xfree(originator);
xfree(target);
@@ -1135,7 +1142,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
listen_address, listen_port);
/* check permissions */
- if (!options.allow_tcp_forwarding ||
+ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
OpenPOWER on IntegriCloud