1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00

Port forwarding now works in SSH 2 as well as SSH 1.

[originally from svn r1179]
This commit is contained in:
Simon Tatham 2001-08-09 21:17:05 +00:00
parent fa6b9c1896
commit 54bcab760f

242
ssh.c
View File

@ -271,7 +271,8 @@ enum { /* channel types */
CHAN_MAINSESSION, CHAN_MAINSESSION,
CHAN_X11, CHAN_X11,
CHAN_AGENT, CHAN_AGENT,
CHAN_SOCKDATA CHAN_SOCKDATA,
CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
}; };
/* /*
@ -302,13 +303,37 @@ struct ssh_channel {
}; };
/* /*
* 2-3-4 tree storing remote->local port forwardings (so we can * 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
* reject any attempt to open a port we didn't explicitly ask to * 2 use this structure in different ways, reflecting SSH 2's
* have forwarded). * altogether saner approach to port forwarding.
*
* In SSH 1, you arrange a remote forwarding by sending the server
* the remote port number, and the local destination host:port.
* When a connection comes in, the server sends you back that
* host:port pair, and you connect to it. This is a ready-made
* security hole if you're not on the ball: a malicious server
* could send you back _any_ host:port pair, so if you trustingly
* connect to the address it gives you then you've just opened the
* entire inside of your corporate network just by connecting
* through it to a dodgy SSH server. Hence, we must store a list of
* host:port pairs we _are_ trying to forward to, and reject a
* connection request from the server if it's not in the list.
*
* In SSH 2, each side of the connection minds its own business and
* doesn't send unnecessary information to the other. You arrange a
* remote forwarding by sending the server just the remote port
* number. When a connection comes in, the server tells you which
* of its ports was connected to; and _you_ have to remember what
* local host:port pair went with that port number.
*
* Hence: in SSH 1 this structure stores host:port pairs we intend
* to allow connections to, and is indexed by those host:port
* pairs. In SSH 2 it stores a mapping from source port to
* destination host:port pair, and is indexed by source port.
*/ */
struct ssh_rportfwd { struct ssh_rportfwd {
unsigned port; unsigned sport, dport;
char host[256]; char dhost[256];
}; };
struct Packet { struct Packet {
@ -417,15 +442,29 @@ static int ssh_channelfind(void *av, void *bv)
return 0; return 0;
} }
static int ssh_rportcmp(void *av, void *bv) static int ssh_rportcmp_ssh1(void *av, void *bv)
{ {
struct ssh_rportfwd *a = (struct ssh_rportfwd *) av; struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv; struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
int i; int i;
if ( (i = strcmp(a->host, b->host)) != 0) if ( (i = strcmp(a->dhost, b->dhost)) != 0)
return i < 0 ? -1 : +1; return i < 0 ? -1 : +1;
if (a->port > b->port) if (a->dport > b->dport)
return +1; return +1;
if (a->dport < b->dport)
return -1;
return 0;
}
static int ssh_rportcmp_ssh2(void *av, void *bv)
{
struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
int i;
if (a->sport > b->sport)
return +1;
if (a->sport < b->sport)
return -1;
return 0; return 0;
} }
@ -2383,7 +2422,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
char sports[256], dports[256], host[256]; char sports[256], dports[256], host[256];
char buf[1024]; char buf[1024];
ssh_rportfwds = newtree234(ssh_rportcmp); ssh_rportfwds = newtree234(ssh_rportcmp_ssh1);
/* Add port forwardings. */ /* Add port forwardings. */
e = cfg.portfwd; e = cfg.portfwd;
while (*e) { while (*e) {
@ -2416,13 +2455,14 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
} else { } else {
struct ssh_rportfwd *pf; struct ssh_rportfwd *pf;
pf = smalloc(sizeof(*pf)); pf = smalloc(sizeof(*pf));
strcpy(pf->host, host); strcpy(pf->dhost, host);
pf->port = dport; pf->dport = dport;
if (add234(ssh_rportfwds, pf) != pf) { if (add234(ssh_rportfwds, pf) != pf) {
sprintf(buf, sprintf(buf,
"Duplicate remote port forwarding to %s:%s", "Duplicate remote port forwarding to %s:%s",
host, dport); host, dport);
logevent(buf); logevent(buf);
sfree(pf);
} else { } else {
sprintf(buf, "Requesting remote port %d forward to %s:%d", sprintf(buf, "Requesting remote port %d forward to %s:%d",
sport, host, dport); sport, host, dport);
@ -2580,8 +2620,8 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
*h = 0; *h = 0;
port = GET_32BIT(p); port = GET_32BIT(p);
strcpy(pf.host, host); strcpy(pf.dhost, host);
pf.port = port; pf.dport = port;
if (find234(ssh_rportfwds, &pf, NULL) == NULL) { if (find234(ssh_rportfwds, &pf, NULL) == NULL) {
sprintf(buf, "Rejected remote port open request for %s:%d", sprintf(buf, "Rejected remote port open request for %s:%d",
@ -2621,11 +2661,10 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
struct ssh_channel *c; struct ssh_channel *c;
c = find234(ssh_channels, &remoteid, ssh_channelfind); c = find234(ssh_channels, &remoteid, ssh_channelfind);
if (c) { if (c && c->type == CHAN_SOCKDATA_DORMANT) {
c->remoteid = localid; c->remoteid = localid;
c->type = CHAN_SOCKDATA;
pfd_confirm(c->u.pfd.s); pfd_confirm(c->u.pfd.s);
} else {
sshfwd_close(c);
} }
} else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE || } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE ||
@ -4052,6 +4091,97 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
} }
} }
/*
* Enable port forwardings.
*/
{
static char *e; /* preserve across crReturn */
char type;
int n;
int sport,dport;
char sports[256], dports[256], host[256];
char buf[1024];
ssh_rportfwds = newtree234(ssh_rportcmp_ssh2);
/* Add port forwardings. */
e = cfg.portfwd;
while (*e) {
type = *e++;
n = 0;
while (*e && *e != '\t')
sports[n++] = *e++;
sports[n] = 0;
if (*e == '\t')
e++;
n = 0;
while (*e && *e != ':')
host[n++] = *e++;
host[n] = 0;
if (*e == ':')
e++;
n = 0;
while (*e)
dports[n++] = *e++;
dports[n] = 0;
e++;
dport = atoi(dports);
sport = atoi(sports);
if (sport && dport) {
if (type == 'L') {
pfd_addforward(host, dport, sport);
sprintf(buf, "Local port %d forwarding to %s:%d",
sport, host, dport);
logevent(buf);
} else {
struct ssh_rportfwd *pf;
pf = smalloc(sizeof(*pf));
strcpy(pf->dhost, host);
pf->dport = dport;
pf->sport = sport;
if (add234(ssh_rportfwds, pf) != pf) {
sprintf(buf,
"Duplicate remote port forwarding to %s:%s",
host, dport);
logevent(buf);
sfree(pf);
} else {
sprintf(buf, "Requesting remote port %d (forwarded to %s:%d)",
sport, host, dport);
logevent(buf);
ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
ssh2_pkt_addstring("tcpip-forward");
ssh2_pkt_addbool(1);/* want reply */
ssh2_pkt_addstring("127.0.0.1");
ssh2_pkt_adduint32(sport);
ssh2_pkt_send();
do {
crWaitUntilV(ispkt);
if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) {
unsigned i = ssh2_pkt_getuint32();
struct ssh_channel *c;
c = find234(ssh_channels, &i, ssh_channelfind);
if (!c)
continue;/* nonexistent channel */
c->v2.remwindow += ssh2_pkt_getuint32();
}
} while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST);
if (pktin.type != SSH2_MSG_REQUEST_SUCCESS) {
if (pktin.type != SSH2_MSG_REQUEST_FAILURE) {
bombout(("Server got confused by port forwarding request"));
crReturnV;
}
logevent("Server refused this port forwarding");
} else {
logevent("Remote port forwarding enabled");
}
}
}
}
}
}
/* /*
* Potentially enable agent forwarding. * Potentially enable agent forwarding.
*/ */
@ -4350,14 +4480,35 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
continue; /* nonexistent channel */ continue; /* nonexistent channel */
c->v2.remwindow += ssh2_pkt_getuint32(); c->v2.remwindow += ssh2_pkt_getuint32();
try_send = TRUE; try_send = TRUE;
} else if (pktin.type == SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
unsigned i = ssh2_pkt_getuint32();
struct ssh_channel *c;
c = find234(ssh_channels, &i, ssh_channelfind);
if (!c)
continue; /* nonexistent channel */
if (c->type != CHAN_SOCKDATA_DORMANT)
continue; /* dunno why they're confirming this */
c->remoteid = ssh2_pkt_getuint32();
c->type = CHAN_SOCKDATA;
c->closes = 0;
c->v2.remwindow = ssh2_pkt_getuint32();
c->v2.remmaxpkt = ssh2_pkt_getuint32();
c->v2.outbuffer = NULL;
c->v2.outbuflen = c->v2.outbufsize = 0;
pfd_confirm(c->u.pfd.s);
} else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) { } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
char *type; char *type;
int typelen; int typelen;
char *error = NULL; char *error = NULL;
struct ssh_channel *c; struct ssh_channel *c;
unsigned remid, winsize, pktsize;
ssh2_pkt_getstring(&type, &typelen); ssh2_pkt_getstring(&type, &typelen);
c = smalloc(sizeof(struct ssh_channel)); c = smalloc(sizeof(struct ssh_channel));
remid = ssh2_pkt_getuint32();
winsize = ssh2_pkt_getuint32();
pktsize = ssh2_pkt_getuint32();
if (typelen == 3 && !memcmp(type, "x11", 3)) { if (typelen == 3 && !memcmp(type, "x11", 3)) {
if (!ssh_X11_fwd_enabled) if (!ssh_X11_fwd_enabled)
error = "X11 forwarding is not enabled"; error = "X11 forwarding is not enabled";
@ -4367,6 +4518,32 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
} else { } else {
c->type = CHAN_X11; c->type = CHAN_X11;
} }
} else if (typelen == 15 &&
!memcmp(type, "forwarded-tcpip", 15)) {
struct ssh_rportfwd pf, *realpf;
char *dummy;
int dummylen;
ssh2_pkt_getstring(&dummy, &dummylen);/* skip address */
pf.sport = ssh2_pkt_getuint32();
realpf = find234(ssh_rportfwds, &pf, NULL);
if (realpf == NULL) {
error = "Remote port is not recognised";
} else {
char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost,
realpf->dport, c);
char buf[1024];
sprintf(buf, "Received remote port open request for %s:%d",
realpf->dhost, realpf->dport);
logevent(buf);
if (e != NULL) {
sprintf(buf, "Port open failed: %s", e);
logevent(buf);
error = "Port open failed";
} else {
logevent("Forwarded port opened successfully");
c->type = CHAN_SOCKDATA;
}
}
} else if (typelen == 22 && } else if (typelen == 22 &&
!memcmp(type, "auth-agent@openssh.com", 3)) { !memcmp(type, "auth-agent@openssh.com", 3)) {
if (!ssh_agentfwd_enabled) if (!ssh_agentfwd_enabled)
@ -4379,7 +4556,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
error = "Unsupported channel type requested"; error = "Unsupported channel type requested";
} }
c->remoteid = ssh2_pkt_getuint32(); c->remoteid = remid;
if (error) { if (error) {
ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE); ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
ssh2_pkt_adduint32(c->remoteid); ssh2_pkt_adduint32(c->remoteid);
@ -4391,8 +4568,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
} else { } else {
c->localid = alloc_channel_id(); c->localid = alloc_channel_id();
c->closes = 0; c->closes = 0;
c->v2.remwindow = ssh2_pkt_getuint32(); c->v2.remwindow = winsize;
c->v2.remmaxpkt = ssh2_pkt_getuint32(); c->v2.remmaxpkt = pktsize;
c->v2.outbuffer = NULL; c->v2.outbuffer = NULL;
c->v2.outbuflen = c->v2.outbufsize = 0; c->v2.outbuflen = c->v2.outbufsize = 0;
add234(ssh_channels, c); add234(ssh_channels, c);
@ -4555,10 +4732,10 @@ void *new_sock_channel(Socket s)
c = smalloc(sizeof(struct ssh_channel)); c = smalloc(sizeof(struct ssh_channel));
if (c) { if (c) {
c->remoteid = GET_32BIT(pktin.body); c->remoteid = -1; /* to be set when open confirmed */
c->localid = alloc_channel_id(); c->localid = alloc_channel_id();
c->closes = 0; c->closes = 0;
c->type = CHAN_SOCKDATA; /* identify channel type */ c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
c->u.pfd.s = s; c->u.pfd.s = s;
add234(ssh_channels, c); add234(ssh_channels, c);
} }
@ -4573,12 +4750,31 @@ void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
sprintf(buf, "Opening forwarded connection to %.512s:%d", hostname, port); sprintf(buf, "Opening forwarded connection to %.512s:%d", hostname, port);
logevent(buf); logevent(buf);
if (ssh_version == 1) {
send_packet(SSH1_MSG_PORT_OPEN, send_packet(SSH1_MSG_PORT_OPEN,
PKT_INT, c->localid, PKT_INT, c->localid,
PKT_STR, hostname, PKT_STR, hostname,
PKT_INT, port, PKT_INT, port,
//PKT_STR, org, //PKT_STR, <org:orgport>,
PKT_END); PKT_END);
} else {
ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
ssh2_pkt_addstring("direct-tcpip");
ssh2_pkt_adduint32(c->localid);
ssh2_pkt_adduint32(0x8000UL); /* our window size */
ssh2_pkt_adduint32(0x4000UL); /* our max pkt size */
ssh2_pkt_addstring(hostname);
ssh2_pkt_adduint32(port);
/*
* We make up values for the originator data; partly it's
* too much hassle to keep track, and partly I'm not
* convinced the server should be told details like that
* about my local network configuration.
*/
ssh2_pkt_addstring("client-side-connection");
ssh2_pkt_adduint32(0);
ssh2_pkt_send();
}
} }