2 * SSH port forwarding.
\r
11 #include "sshchan.h"
\r
14 * Enumeration of values that live in the 'socks_state' field of
\r
15 * struct PortForwarding.
\r
18 SOCKS_NONE, /* direct connection (no SOCKS, or SOCKS already done) */
\r
19 SOCKS_INITIAL, /* don't know if we're SOCKS 4 or 5 yet */
\r
20 SOCKS_4, /* expect a SOCKS 4 (or 4A) connection message */
\r
21 SOCKS_5_INITIAL, /* expect a SOCKS 5 preliminary message */
\r
22 SOCKS_5_CONNECT /* expect a SOCKS 5 connection message */
\r
25 typedef struct PortForwarding {
\r
26 SshChannel *c; /* channel structure held by SSH connection layer */
\r
27 ConnectionLayer *cl; /* the connection layer itself */
\r
28 /* Note that ssh need not be filled in if c is non-NULL */
\r
32 SocksState socks_state;
\r
34 * `hostname' and `port' are the real hostname and port, once
\r
35 * we know what we're connecting to.
\r
40 * `socksbuf' is the buffer we use to accumulate the initial SOCKS
\r
41 * segment of the incoming data, plus anything after that that we
\r
42 * receive before we're ready to send data to the SSH server.
\r
45 size_t socksbuf_consumed;
\r
51 struct PortListener {
\r
52 ConnectionLayer *cl;
\r
56 * `hostname' and `port' are the real hostname and port, for
\r
57 * ordinary forwardings.
\r
65 static struct PortForwarding *new_portfwd_state(void)
\r
67 struct PortForwarding *pf = snew(struct PortForwarding);
\r
68 pf->hostname = NULL;
\r
69 pf->socksbuf = NULL;
\r
73 static void free_portfwd_state(struct PortForwarding *pf)
\r
77 sfree(pf->hostname);
\r
79 strbuf_free(pf->socksbuf);
\r
83 static struct PortListener *new_portlistener_state(void)
\r
85 struct PortListener *pl = snew(struct PortListener);
\r
86 pl->hostname = NULL;
\r
90 static void free_portlistener_state(struct PortListener *pl)
\r
94 sfree(pl->hostname);
\r
98 static void pfd_log(Plug *plug, PlugLogType type, SockAddr *addr, int port,
\r
99 const char *error_msg, int error_code)
\r
101 /* we have to dump these since we have no interface to logging.c */
\r
104 static void pfl_log(Plug *plug, PlugLogType type, SockAddr *addr, int port,
\r
105 const char *error_msg, int error_code)
\r
107 /* we have to dump these since we have no interface to logging.c */
\r
110 static void pfd_close(struct PortForwarding *pf);
\r
112 static void pfd_closing(Plug *plug, const char *error_msg, int error_code,
\r
115 struct PortForwarding *pf =
\r
116 container_of(plug, struct PortForwarding, plug);
\r
120 * Socket error. Slam the connection instantly shut.
\r
123 sshfwd_initiate_close(pf->c, error_msg);
\r
126 * We might not have an SSH channel, if a socket error
\r
127 * occurred during SOCKS negotiation. If not, we must
\r
128 * clean ourself up without sshfwd_initiate_close's call
\r
129 * back to pfd_close.
\r
135 * Ordinary EOF received on socket. Send an EOF on the SSH
\r
139 sshfwd_write_eof(pf->c);
\r
143 static void pfl_terminate(struct PortListener *pl);
\r
145 static void pfl_closing(Plug *plug, const char *error_msg, int error_code,
\r
148 struct PortListener *pl = (struct PortListener *) plug;
\r
152 static SshChannel *wrap_lportfwd_open(
\r
153 ConnectionLayer *cl, const char *hostname, int port,
\r
154 Socket *s, Channel *chan)
\r
156 SocketPeerInfo *pi;
\r
160 pi = sk_peer_info(s);
\r
161 if (pi && pi->log_text) {
\r
162 description = dupprintf("forwarding from %s", pi->log_text);
\r
164 description = dupstr("forwarding");
\r
166 toret = ssh_lportfwd_open(cl, hostname, port, description, pi, chan);
\r
167 sk_free_peer_info(pi);
\r
169 sfree(description);
\r
173 static char *ipv4_to_string(unsigned ipv4)
\r
175 return dupprintf("%u.%u.%u.%u",
\r
176 (ipv4 >> 24) & 0xFF, (ipv4 >> 16) & 0xFF,
\r
177 (ipv4 >> 8) & 0xFF, (ipv4 ) & 0xFF);
\r
180 static char *ipv6_to_string(ptrlen ipv6)
\r
182 const unsigned char *addr = ipv6.ptr;
\r
183 assert(ipv6.len == 16);
\r
184 return dupprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
\r
185 (unsigned)GET_16BIT_MSB_FIRST(addr + 0),
\r
186 (unsigned)GET_16BIT_MSB_FIRST(addr + 2),
\r
187 (unsigned)GET_16BIT_MSB_FIRST(addr + 4),
\r
188 (unsigned)GET_16BIT_MSB_FIRST(addr + 6),
\r
189 (unsigned)GET_16BIT_MSB_FIRST(addr + 8),
\r
190 (unsigned)GET_16BIT_MSB_FIRST(addr + 10),
\r
191 (unsigned)GET_16BIT_MSB_FIRST(addr + 12),
\r
192 (unsigned)GET_16BIT_MSB_FIRST(addr + 14));
\r
195 static void pfd_receive(Plug *plug, int urgent, const char *data, size_t len)
\r
197 struct PortForwarding *pf =
\r
198 container_of(plug, struct PortForwarding, plug);
\r
203 if (pf->socks_state != SOCKS_NONE) {
\r
204 BinarySource src[1];
\r
207 * Store all the data we've got in socksbuf.
\r
209 put_data(pf->socksbuf, data, len);
\r
212 * Check the start of socksbuf to see if it's a valid and
\r
213 * complete message in the SOCKS exchange.
\r
216 if (pf->socks_state == SOCKS_INITIAL) {
\r
217 /* Preliminary: check the first byte of the data (which we
\r
218 * _must_ have by now) to find out which SOCKS major
\r
219 * version we're speaking. */
\r
220 switch (pf->socksbuf->u[0]) {
\r
222 pf->socks_state = SOCKS_4;
\r
225 pf->socks_state = SOCKS_5_INITIAL;
\r
228 pfd_close(pf); /* unrecognised version */
\r
233 BinarySource_BARE_INIT(src, pf->socksbuf->u, pf->socksbuf->len);
\r
234 get_data(src, pf->socksbuf_consumed);
\r
236 while (pf->socks_state != SOCKS_NONE) {
\r
237 unsigned socks_version, message_type, reserved_byte;
\r
238 unsigned reply_code, port, ipv4, method;
\r
240 const char *socks4_hostname;
\r
243 switch (pf->socks_state) {
\r
244 case SOCKS_INITIAL:
\r
246 unreachable("These case values cannot appear");
\r
249 /* SOCKS 4/4A connect message */
\r
250 socks_version = get_byte(src);
\r
251 message_type = get_byte(src);
\r
253 if (get_err(src) == BSE_OUT_OF_DATA)
\r
255 if (socks_version == 4 && message_type == 1) {
\r
256 /* CONNECT message */
\r
257 bool name_based = false;
\r
259 port = get_uint16(src);
\r
260 ipv4 = get_uint32(src);
\r
261 if (ipv4 > 0x00000000 && ipv4 < 0x00000100) {
\r
263 * Addresses in this range indicate the SOCKS 4A
\r
264 * extension to specify a hostname, which comes
\r
265 * after the username.
\r
269 get_asciz(src); /* skip username */
\r
270 socks4_hostname = name_based ? get_asciz(src) : NULL;
\r
272 if (get_err(src) == BSE_OUT_OF_DATA)
\r
275 goto socks4_reject;
\r
279 pf->hostname = dupstr(socks4_hostname);
\r
281 pf->hostname = ipv4_to_string(ipv4);
\r
284 output = strbuf_new();
\r
285 put_byte(output, 0); /* reply version */
\r
286 put_byte(output, 90); /* SOCKS 4 'request granted' */
\r
287 put_uint16(output, 0); /* null port field */
\r
288 put_uint32(output, 0); /* null address field */
\r
289 sk_write(pf->s, output->u, output->len);
\r
290 strbuf_free(output);
\r
292 pf->socks_state = SOCKS_NONE;
\r
293 pf->socksbuf_consumed = src->pos;
\r
298 output = strbuf_new();
\r
299 put_byte(output, 0); /* reply version */
\r
300 put_byte(output, 91); /* SOCKS 4 'request rejected' */
\r
301 put_uint16(output, 0); /* null port field */
\r
302 put_uint32(output, 0); /* null address field */
\r
303 sk_write(pf->s, output->u, output->len);
\r
304 strbuf_free(output);
\r
308 case SOCKS_5_INITIAL:
\r
309 /* SOCKS 5 initial method list */
\r
310 socks_version = get_byte(src);
\r
311 methods = get_pstring(src);
\r
313 method = 0xFF; /* means 'no usable method found' */
\r
316 for (i = 0; i < methods.len; i++) {
\r
317 if (((const unsigned char *)methods.ptr)[i] == 0 ) {
\r
318 method = 0; /* no auth */
\r
324 if (get_err(src) == BSE_OUT_OF_DATA)
\r
329 output = strbuf_new();
\r
330 put_byte(output, 5); /* SOCKS version */
\r
331 put_byte(output, method); /* selected auth method */
\r
332 sk_write(pf->s, output->u, output->len);
\r
333 strbuf_free(output);
\r
335 if (method == 0xFF) {
\r
340 pf->socks_state = SOCKS_5_CONNECT;
\r
341 pf->socksbuf_consumed = src->pos;
\r
344 case SOCKS_5_CONNECT:
\r
345 /* SOCKS 5 connect message */
\r
346 socks_version = get_byte(src);
\r
347 message_type = get_byte(src);
\r
348 reserved_byte = get_byte(src);
\r
350 if (socks_version == 5 && message_type == 1 &&
\r
351 reserved_byte == 0) {
\r
353 reply_code = 0; /* success */
\r
355 switch (get_byte(src)) {
\r
357 pf->hostname = ipv4_to_string(get_uint32(src));
\r
360 pf->hostname = ipv6_to_string(get_data(src, 16));
\r
362 case 3: /* unresolved domain name */
\r
363 pf->hostname = mkstr(get_pstring(src));
\r
366 pf->hostname = NULL;
\r
367 reply_code = 8; /* address type not supported */
\r
371 pf->port = get_uint16(src);
\r
373 reply_code = 7; /* command not supported */
\r
376 if (get_err(src) == BSE_OUT_OF_DATA)
\r
379 reply_code = 1; /* general server failure */
\r
381 output = strbuf_new();
\r
382 put_byte(output, 5); /* SOCKS version */
\r
383 put_byte(output, reply_code);
\r
384 put_byte(output, 0); /* reserved */
\r
385 put_byte(output, 1); /* IPv4 address follows */
\r
386 put_uint32(output, 0); /* bound IPv4 address (unused) */
\r
387 put_uint16(output, 0); /* bound port number (unused) */
\r
388 sk_write(pf->s, output->u, output->len);
\r
389 strbuf_free(output);
\r
391 if (reply_code != 0) {
\r
396 pf->socks_state = SOCKS_NONE;
\r
397 pf->socksbuf_consumed = src->pos;
\r
403 * We come here when we're ready to make an actual
\r
408 * Freeze the socket until the SSH server confirms the
\r
411 sk_set_frozen(pf->s, true);
\r
413 pf->c = wrap_lportfwd_open(pf->cl, pf->hostname, pf->port, pf->s,
\r
417 sshfwd_write(pf->c, data, len);
\r
420 static void pfd_sent(Plug *plug, size_t bufsize)
\r
422 struct PortForwarding *pf =
\r
423 container_of(plug, struct PortForwarding, plug);
\r
426 sshfwd_unthrottle(pf->c, bufsize);
\r
429 static const PlugVtable PortForwarding_plugvt = {
\r
431 .closing = pfd_closing,
\r
432 .receive = pfd_receive,
\r
436 static void pfd_chan_free(Channel *chan);
\r
437 static void pfd_open_confirmation(Channel *chan);
\r
438 static void pfd_open_failure(Channel *chan, const char *errtext);
\r
439 static size_t pfd_send(
\r
440 Channel *chan, bool is_stderr, const void *data, size_t len);
\r
441 static void pfd_send_eof(Channel *chan);
\r
442 static void pfd_set_input_wanted(Channel *chan, bool wanted);
\r
443 static char *pfd_log_close_msg(Channel *chan);
\r
445 static const ChannelVtable PortForwarding_channelvt = {
\r
446 .free = pfd_chan_free,
\r
447 .open_confirmation = pfd_open_confirmation,
\r
448 .open_failed = pfd_open_failure,
\r
450 .send_eof = pfd_send_eof,
\r
451 .set_input_wanted = pfd_set_input_wanted,
\r
452 .log_close_msg = pfd_log_close_msg,
\r
453 .want_close = chan_default_want_close,
\r
454 .rcvd_exit_status = chan_no_exit_status,
\r
455 .rcvd_exit_signal = chan_no_exit_signal,
\r
456 .rcvd_exit_signal_numeric = chan_no_exit_signal_numeric,
\r
457 .run_shell = chan_no_run_shell,
\r
458 .run_command = chan_no_run_command,
\r
459 .run_subsystem = chan_no_run_subsystem,
\r
460 .enable_x11_forwarding = chan_no_enable_x11_forwarding,
\r
461 .enable_agent_forwarding = chan_no_enable_agent_forwarding,
\r
462 .allocate_pty = chan_no_allocate_pty,
\r
463 .set_env = chan_no_set_env,
\r
464 .send_break = chan_no_send_break,
\r
465 .send_signal = chan_no_send_signal,
\r
466 .change_window_size = chan_no_change_window_size,
\r
467 .request_response = chan_no_request_response,
\r
470 Channel *portfwd_raw_new(ConnectionLayer *cl, Plug **plug, bool start_ready)
\r
472 struct PortForwarding *pf;
\r
474 pf = new_portfwd_state();
\r
475 pf->plug.vt = &PortForwarding_plugvt;
\r
476 pf->chan.initial_fixed_window_size = 0;
\r
477 pf->chan.vt = &PortForwarding_channelvt;
\r
478 pf->input_wanted = true;
\r
483 pf->input_wanted = true;
\r
484 pf->ready = start_ready;
\r
486 pf->socks_state = SOCKS_NONE;
\r
487 pf->hostname = NULL;
\r
494 void portfwd_raw_free(Channel *pfchan)
\r
496 struct PortForwarding *pf;
\r
497 assert(pfchan->vt == &PortForwarding_channelvt);
\r
498 pf = container_of(pfchan, struct PortForwarding, chan);
\r
499 free_portfwd_state(pf);
\r
502 void portfwd_raw_setup(Channel *pfchan, Socket *s, SshChannel *sc)
\r
504 struct PortForwarding *pf;
\r
505 assert(pfchan->vt == &PortForwarding_channelvt);
\r
506 pf = container_of(pfchan, struct PortForwarding, chan);
\r
513 called when someone connects to the local port
\r
516 static int pfl_accepting(Plug *p, accept_fn_t constructor, accept_ctx_t ctx)
\r
518 struct PortListener *pl = container_of(p, struct PortListener, plug);
\r
519 struct PortForwarding *pf;
\r
525 chan = portfwd_raw_new(pl->cl, &plug, false);
\r
526 s = constructor(ctx, plug);
\r
527 if ((err = sk_socket_error(s)) != NULL) {
\r
528 portfwd_raw_free(chan);
\r
532 pf = container_of(chan, struct PortForwarding, chan);
\r
534 if (pl->is_dynamic) {
\r
536 pf->socks_state = SOCKS_INITIAL;
\r
537 pf->socksbuf = strbuf_new();
\r
538 pf->socksbuf_consumed = 0;
\r
539 pf->port = 0; /* "hostname" buffer is so far empty */
\r
540 sk_set_frozen(s, false); /* we want to receive SOCKS _now_! */
\r
542 pf->hostname = dupstr(pl->hostname);
\r
543 pf->port = pl->port;
\r
546 wrap_lportfwd_open(pl->cl, pf->hostname, pf->port, s, &pf->chan));
\r
552 static const PlugVtable PortListener_plugvt = {
\r
554 .closing = pfl_closing,
\r
555 .accepting = pfl_accepting,
\r
559 * Add a new port-forwarding listener from srcaddr:port -> desthost:destport.
\r
561 * desthost == NULL indicates dynamic SOCKS port forwarding.
\r
563 * On success, returns NULL and fills in *pl_ret. On error, returns a
\r
564 * dynamically allocated error message string.
\r
566 static char *pfl_listen(const char *desthost, int destport,
\r
567 const char *srcaddr, int port,
\r
568 ConnectionLayer *cl, Conf *conf,
\r
569 struct PortListener **pl_ret, int address_family)
\r
572 struct PortListener *pl;
\r
577 pl = *pl_ret = new_portlistener_state();
\r
578 pl->plug.vt = &PortListener_plugvt;
\r
580 pl->hostname = dupstr(desthost);
\r
581 pl->port = destport;
\r
582 pl->is_dynamic = false;
\r
584 pl->is_dynamic = true;
\r
587 pl->s = new_listener(srcaddr, port, &pl->plug,
\r
588 !conf_get_bool(conf, CONF_lport_acceptall),
\r
589 conf, address_family);
\r
590 if ((err = sk_socket_error(pl->s)) != NULL) {
\r
591 char *err_ret = dupstr(err);
\r
593 free_portlistener_state(pl);
\r
601 static char *pfd_log_close_msg(Channel *chan)
\r
603 return dupstr("Forwarded port closed");
\r
606 static void pfd_close(struct PortForwarding *pf)
\r
612 free_portfwd_state(pf);
\r
616 * Terminate a listener.
\r
618 static void pfl_terminate(struct PortListener *pl)
\r
624 free_portlistener_state(pl);
\r
627 static void pfd_set_input_wanted(Channel *chan, bool wanted)
\r
629 assert(chan->vt == &PortForwarding_channelvt);
\r
630 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
631 pf->input_wanted = wanted;
\r
632 sk_set_frozen(pf->s, !pf->input_wanted);
\r
635 static void pfd_chan_free(Channel *chan)
\r
637 assert(chan->vt == &PortForwarding_channelvt);
\r
638 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
643 * Called to send data down the raw connection.
\r
645 static size_t pfd_send(
\r
646 Channel *chan, bool is_stderr, const void *data, size_t len)
\r
648 assert(chan->vt == &PortForwarding_channelvt);
\r
649 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
650 return sk_write(pf->s, data, len);
\r
653 static void pfd_send_eof(Channel *chan)
\r
655 assert(chan->vt == &PortForwarding_channelvt);
\r
656 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
657 sk_write_eof(pf->s);
\r
660 static void pfd_open_confirmation(Channel *chan)
\r
662 assert(chan->vt == &PortForwarding_channelvt);
\r
663 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
666 sk_set_frozen(pf->s, false);
\r
667 sk_write(pf->s, NULL, 0);
\r
668 if (pf->socksbuf) {
\r
669 sshfwd_write(pf->c, pf->socksbuf->u + pf->socksbuf_consumed,
\r
670 pf->socksbuf->len - pf->socksbuf_consumed);
\r
671 strbuf_free(pf->socksbuf);
\r
672 pf->socksbuf = NULL;
\r
676 static void pfd_open_failure(Channel *chan, const char *errtext)
\r
678 assert(chan->vt == &PortForwarding_channelvt);
\r
679 PortForwarding *pf = container_of(chan, PortForwarding, chan);
\r
681 logeventf(pf->cl->logctx,
\r
682 "Forwarded connection refused by remote%s%s",
\r
683 errtext ? ": " : "", errtext ? errtext : "");
\r
686 /* ----------------------------------------------------------------------
\r
687 * Code to manage the complete set of currently active port
\r
688 * forwardings, and update it from Conf.
\r
691 struct PortFwdRecord {
\r
692 enum { DESTROY, KEEP, CREATE } status;
\r
694 unsigned sport, dport;
\r
695 char *saddr, *daddr;
\r
696 char *sserv, *dserv;
\r
697 struct ssh_rportfwd *remote;
\r
699 struct PortListener *local;
\r
702 static int pfr_cmp(void *av, void *bv)
\r
704 PortFwdRecord *a = (PortFwdRecord *) av;
\r
705 PortFwdRecord *b = (PortFwdRecord *) bv;
\r
707 if (a->type > b->type)
\r
709 if (a->type < b->type)
\r
711 if (a->addressfamily > b->addressfamily)
\r
713 if (a->addressfamily < b->addressfamily)
\r
715 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
\r
716 return i < 0 ? -1 : +1;
\r
717 if (a->sport > b->sport)
\r
719 if (a->sport < b->sport)
\r
721 if (a->type != 'D') {
\r
722 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
\r
723 return i < 0 ? -1 : +1;
\r
724 if (a->dport > b->dport)
\r
726 if (a->dport < b->dport)
\r
732 static void pfr_free(PortFwdRecord *pfr)
\r
734 /* Dispose of any listening socket. */
\r
736 pfl_terminate(pfr->local);
\r
745 struct PortFwdManager {
\r
746 ConnectionLayer *cl;
\r
748 tree234 *forwardings;
\r
751 PortFwdManager *portfwdmgr_new(ConnectionLayer *cl)
\r
753 PortFwdManager *mgr = snew(PortFwdManager);
\r
757 mgr->forwardings = newtree234(pfr_cmp);
\r
762 void portfwdmgr_close(PortFwdManager *mgr, PortFwdRecord *pfr)
\r
764 PortFwdRecord *realpfr = del234(mgr->forwardings, pfr);
\r
765 if (realpfr == pfr)
\r
769 void portfwdmgr_close_all(PortFwdManager *mgr)
\r
771 PortFwdRecord *pfr;
\r
773 while ((pfr = delpos234(mgr->forwardings, 0)) != NULL)
\r
777 void portfwdmgr_free(PortFwdManager *mgr)
\r
779 portfwdmgr_close_all(mgr);
\r
780 freetree234(mgr->forwardings);
\r
782 conf_free(mgr->conf);
\r
786 void portfwdmgr_config(PortFwdManager *mgr, Conf *conf)
\r
788 PortFwdRecord *pfr;
\r
793 conf_free(mgr->conf);
\r
794 mgr->conf = conf_copy(conf);
\r
797 * Go through the existing port forwardings and tag them
\r
798 * with status==DESTROY. Any that we want to keep will be
\r
799 * re-enabled (status==KEEP) as we go through the
\r
800 * configuration and find out which bits are the same as
\r
801 * they were before.
\r
803 for (i = 0; (pfr = index234(mgr->forwardings, i)) != NULL; i++)
\r
804 pfr->status = DESTROY;
\r
806 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
\r
808 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
\r
809 char *kp, *kp2, *vp, *vp2;
\r
810 char address_family, type;
\r
811 int sport, dport, sserv, dserv;
\r
812 char *sports, *dports, *saddr, *host;
\r
816 address_family = 'A';
\r
818 if (*kp == 'A' || *kp == '4' || *kp == '6')
\r
819 address_family = *kp++;
\r
820 if (*kp == 'L' || *kp == 'R')
\r
823 if ((kp2 = host_strchr(kp, ':')) != NULL) {
\r
825 * There's a colon in the middle of the source port
\r
826 * string, which means that the part before it is
\r
827 * actually a source address.
\r
829 char *saddr_tmp = dupprintf("%.*s", (int)(kp2 - kp), kp);
\r
830 saddr = host_strduptrim(saddr_tmp);
\r
837 sport = atoi(sports);
\r
841 sport = net_service_lookup(sports);
\r
843 logeventf(mgr->cl->logctx, "Service lookup failed for source"
\r
844 " port \"%s\"", sports);
\r
848 if (type == 'L' && !strcmp(val, "D")) {
\r
849 /* dynamic forwarding */
\r
856 /* ordinary forwarding */
\r
858 vp2 = vp + host_strcspn(vp, ":");
\r
859 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
\r
863 dport = atoi(dports);
\r
867 dport = net_service_lookup(dports);
\r
869 logeventf(mgr->cl->logctx,
\r
870 "Service lookup failed for destination"
\r
871 " port \"%s\"", dports);
\r
876 if (sport && dport) {
\r
877 /* Set up a description of the source port. */
\r
878 pfr = snew(PortFwdRecord);
\r
880 pfr->saddr = saddr;
\r
881 pfr->sserv = sserv ? dupstr(sports) : NULL;
\r
882 pfr->sport = sport;
\r
884 pfr->dserv = dserv ? dupstr(dports) : NULL;
\r
885 pfr->dport = dport;
\r
887 pfr->remote = NULL;
\r
888 pfr->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
\r
889 address_family == '6' ? ADDRTYPE_IPV6 :
\r
892 PortFwdRecord *existing = add234(mgr->forwardings, pfr);
\r
893 if (existing != pfr) {
\r
894 if (existing->status == DESTROY) {
\r
896 * We already have a port forwarding up and running
\r
897 * with precisely these parameters. Hence, no need
\r
898 * to do anything; simply re-tag the existing one
\r
901 existing->status = KEEP;
\r
904 * Anything else indicates that there was a duplicate
\r
905 * in our input, which we'll silently ignore.
\r
909 pfr->status = CREATE;
\r
918 * Now go through and destroy any port forwardings which were
\r
921 for (i = 0; (pfr = index234(mgr->forwardings, i)) != NULL; i++) {
\r
922 if (pfr->status == DESTROY) {
\r
925 message = dupprintf("%s port forwarding from %s%s%d",
\r
926 pfr->type == 'L' ? "local" :
\r
927 pfr->type == 'R' ? "remote" : "dynamic",
\r
928 pfr->saddr ? pfr->saddr : "",
\r
929 pfr->saddr ? ":" : "",
\r
932 if (pfr->type != 'D') {
\r
933 char *msg2 = dupprintf("%s to %s:%d", message,
\r
934 pfr->daddr, pfr->dport);
\r
939 logeventf(mgr->cl->logctx, "Cancelling %s", message);
\r
942 /* pfr->remote or pfr->local may be NULL if setting up a
\r
943 * forwarding failed. */
\r
946 * Cancel the port forwarding at the server
\r
949 * Actually closing the listening port on the server
\r
950 * side may fail - because in SSH-1 there's no message
\r
951 * in the protocol to request it!
\r
953 * Instead, we simply remove the record of the
\r
954 * forwarding from our local end, so that any
\r
955 * connections the server tries to make on it are
\r
958 ssh_rportfwd_remove(mgr->cl, pfr->remote);
\r
959 pfr->remote = NULL;
\r
960 } else if (pfr->local) {
\r
961 pfl_terminate(pfr->local);
\r
965 delpos234(mgr->forwardings, i);
\r
967 i--; /* so we don't skip one in the list */
\r
972 * And finally, set up any new port forwardings (status==CREATE).
\r
974 for (i = 0; (pfr = index234(mgr->forwardings, i)) != NULL; i++) {
\r
975 if (pfr->status == CREATE) {
\r
976 char *sportdesc, *dportdesc;
\r
977 sportdesc = dupprintf("%s%s%s%s%d%s",
\r
978 pfr->saddr ? pfr->saddr : "",
\r
979 pfr->saddr ? ":" : "",
\r
980 pfr->sserv ? pfr->sserv : "",
\r
981 pfr->sserv ? "(" : "",
\r
983 pfr->sserv ? ")" : "");
\r
984 if (pfr->type == 'D') {
\r
987 dportdesc = dupprintf("%s:%s%s%d%s",
\r
989 pfr->dserv ? pfr->dserv : "",
\r
990 pfr->dserv ? "(" : "",
\r
992 pfr->dserv ? ")" : "");
\r
995 if (pfr->type == 'L') {
\r
996 char *err = pfl_listen(pfr->daddr, pfr->dport,
\r
997 pfr->saddr, pfr->sport,
\r
998 mgr->cl, conf, &pfr->local,
\r
999 pfr->addressfamily);
\r
1001 logeventf(mgr->cl->logctx,
\r
1002 "Local %sport %s forwarding to %s%s%s",
\r
1003 pfr->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
\r
1004 pfr->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
\r
1005 sportdesc, dportdesc,
\r
1006 err ? " failed: " : "", err ? err : "");
\r
1009 } else if (pfr->type == 'D') {
\r
1010 char *err = pfl_listen(NULL, -1, pfr->saddr, pfr->sport,
\r
1011 mgr->cl, conf, &pfr->local,
\r
1012 pfr->addressfamily);
\r
1014 logeventf(mgr->cl->logctx,
\r
1015 "Local %sport %s SOCKS dynamic forwarding%s%s",
\r
1016 pfr->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
\r
1017 pfr->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
\r
1019 err ? " failed: " : "", err ? err : "");
\r
1024 const char *shost;
\r
1027 shost = pfr->saddr;
\r
1028 } else if (conf_get_bool(conf, CONF_rport_acceptall)) {
\r
1031 shost = "localhost";
\r
1034 pfr->remote = ssh_rportfwd_alloc(
\r
1035 mgr->cl, shost, pfr->sport, pfr->daddr, pfr->dport,
\r
1036 pfr->addressfamily, sportdesc, pfr, NULL);
\r
1038 if (!pfr->remote) {
\r
1039 logeventf(mgr->cl->logctx,
\r
1040 "Duplicate remote port forwarding to %s:%d",
\r
1041 pfr->daddr, pfr->dport);
\r
1044 logeventf(mgr->cl->logctx, "Requesting remote port %s"
\r
1045 " forward to %s", sportdesc, dportdesc);
\r
1054 bool portfwdmgr_listen(PortFwdManager *mgr, const char *host, int port,
\r
1055 const char *keyhost, int keyport, Conf *conf)
\r
1057 PortFwdRecord *pfr;
\r
1059 pfr = snew(PortFwdRecord);
\r
1061 pfr->saddr = host ? dupstr(host) : NULL;
\r
1062 pfr->daddr = keyhost ? dupstr(keyhost) : NULL;
\r
1063 pfr->sserv = pfr->dserv = NULL;
\r
1064 pfr->sport = port;
\r
1065 pfr->dport = keyport;
\r
1066 pfr->local = NULL;
\r
1067 pfr->remote = NULL;
\r
1068 pfr->addressfamily = ADDRTYPE_UNSPEC;
\r
1070 PortFwdRecord *existing = add234(mgr->forwardings, pfr);
\r
1071 if (existing != pfr) {
\r
1073 * We had this record already. Return failure.
\r
1079 char *err = pfl_listen(keyhost, keyport, host, port,
\r
1080 mgr->cl, conf, &pfr->local, pfr->addressfamily);
\r
1081 logeventf(mgr->cl->logctx,
\r
1082 "%s on port %s:%d to forward to client%s%s",
\r
1083 err ? "Failed to listen" : "Listening", host, port,
\r
1084 err ? ": " : "", err ? err : "");
\r
1087 del234(mgr->forwardings, pfr);
\r
1095 bool portfwdmgr_unlisten(PortFwdManager *mgr, const char *host, int port)
\r
1097 PortFwdRecord pfr_key;
\r
1099 pfr_key.type = 'L';
\r
1100 /* Safe to cast the const away here, because it will only be used
\r
1101 * by pfr_cmp, which won't write to the string */
\r
1102 pfr_key.saddr = pfr_key.daddr = (char *)host;
\r
1103 pfr_key.sserv = pfr_key.dserv = NULL;
\r
1104 pfr_key.sport = pfr_key.dport = port;
\r
1105 pfr_key.local = NULL;
\r
1106 pfr_key.remote = NULL;
\r
1107 pfr_key.addressfamily = ADDRTYPE_UNSPEC;
\r
1109 PortFwdRecord *pfr = del234(mgr->forwardings, &pfr_key);
\r
1114 logeventf(mgr->cl->logctx, "Closing listening port %s:%d", host, port);
\r
1121 * Called when receiving a PORT OPEN from the server to make a
\r
1122 * connection to a destination host.
\r
1124 * On success, returns NULL and fills in *pf_ret. On error, returns a
\r
1125 * dynamically allocated error message string.
\r
1127 char *portfwdmgr_connect(PortFwdManager *mgr, Channel **chan_ret,
\r
1128 char *hostname, int port, SshChannel *c,
\r
1129 int addressfamily)
\r
1133 char *dummy_realhost = NULL;
\r
1134 struct PortForwarding *pf;
\r
1137 * Try to find host.
\r
1139 addr = name_lookup(hostname, port, &dummy_realhost, mgr->conf,
\r
1140 addressfamily, NULL, NULL);
\r
1141 if ((err = sk_addr_error(addr)) != NULL) {
\r
1142 char *err_ret = dupstr(err);
\r
1143 sk_addr_free(addr);
\r
1144 sfree(dummy_realhost);
\r
1151 pf = new_portfwd_state();
\r
1152 *chan_ret = &pf->chan;
\r
1153 pf->plug.vt = &PortForwarding_plugvt;
\r
1154 pf->chan.initial_fixed_window_size = 0;
\r
1155 pf->chan.vt = &PortForwarding_channelvt;
\r
1156 pf->input_wanted = true;
\r
1160 pf->socks_state = SOCKS_NONE;
\r
1162 pf->s = new_connection(addr, dummy_realhost, port,
\r
1163 false, true, false, false, &pf->plug, mgr->conf);
\r
1164 sfree(dummy_realhost);
\r
1165 if ((err = sk_socket_error(pf->s)) != NULL) {
\r
1166 char *err_ret = dupstr(err);
\r
1168 free_portfwd_state(pf);
\r