From 88a3baa06541fc6563f5f94bac4758141eada690 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 15 Dec 2001 12:15:24 +0000 Subject: [PATCH] Add the remote counterpart for the `local port forwardings accept connections from outside localhost' switch. Interestingly OpenSSH 3.0 appears to ignore this (though I know it works because ssh.com 3.0 gets it right, and the SSH packet dump agrees that I'm doing the right thing). [originally from svn r1496] --- doc/config.but | 23 ++++++++++++++++++++++- doc/using.but | 18 +++++++++++++++++- putty.h | 3 ++- settings.c | 2 ++ ssh.c | 5 ++++- windlg.c | 30 ++++++++++++++++++++++-------- 6 files changed, 69 insertions(+), 12 deletions(-) diff --git a/doc/config.but b/doc/config.but index 2c14f698..c237aa74 100644 --- a/doc/config.but +++ b/doc/config.but @@ -1,4 +1,4 @@ -\versionid $Id: config.but,v 1.21 2001/12/14 14:57:50 simon Exp $ +\versionid $Id: config.but,v 1.22 2001/12/15 12:15:24 simon Exp $ \C{config} Configuring PuTTY @@ -1576,6 +1576,27 @@ in the list box. To remove a port forwarding, simply select its details in the list box, and click the \q{Remove} button. +\S{config-ssh-portfwd-localhost} Controlling the visibility of +forwarded ports + +\cfg{winhelp-topic}{ssh.tunnels.portfwd.localhost} + +The source port for a forwarded connection usually does not accept +connections from any machine except the SSH client or server machine +itself (for local and remote forwardings respectively). There are +controls in the Tunnels panel to change this: + +\b The \q{Local ports accept connections from other hosts} option +allows you to set up local-to-remote port forwardings in such a way +that machines other than your client PC can connect to the forwarded +port. + +\b The \q{Remote ports do the same} option does the same thing for +remote-to-local port forwardings (so that machines other than the +SSH server machine can connect to the forwarded port.) Note that +this feature is only available in the SSH 2 protocol, and not all +SSH 2 servers support it (OpenSSH 3.0 does not, for example). + \H{config-file} Storing configuration in a file PuTTY does not currently support storing its configuration in a file diff --git a/doc/using.but b/doc/using.but index 39919745..f4c42dd7 100644 --- a/doc/using.but +++ b/doc/using.but @@ -1,4 +1,4 @@ -\versionid $Id: using.but,v 1.4 2001/12/13 17:38:59 simon Exp $ +\versionid $Id: using.but,v 1.5 2001/12/15 12:15:24 simon Exp $ \C{using} Using PuTTY @@ -291,6 +291,22 @@ To do this, just select the \q{Remote} radio button instead of the number on the \e{server} (note that most servers will not allow you to use port numbers under 1024 for this purpose). +The source port for a forwarded connection usually does not accept +connections from any machine except the SSH client or server machine +itself (for local and remote forwardings respectively). There are +controls in the Tunnels panel to change this: + +\b The \q{Local ports accept connections from other hosts} option +allows you to set up local-to-remote port forwardings in such a way +that machines other than your client PC can connect to the forwarded +port. + +\b The \q{Remote ports do the same} option does the same thing for +remote-to-local port forwardings (so that machines other than the +SSH server machine can connect to the forwarded port.) Note that +this feature is only available in the SSH 2 protocol, and not all +SSH 2 servers support it (OpenSSH 3.0 does not, for example). + \H{using-rawprot} Making raw TCP connections A lot of Internet protocols are composed of commands and responses diff --git a/putty.h b/putty.h index 27a6564e..28639a9b 100644 --- a/putty.h +++ b/putty.h @@ -347,7 +347,8 @@ typedef struct { int x11_forward; char x11_display[128]; /* port forwarding */ - int lport_acceptall; /* accepts connection from hosts other than localhost */ + int lport_acceptall; /* accept conns from hosts other than localhost */ + int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */ char portfwd[1024]; /* [LR]localport\thost:port\000[LR]localport\thost:port\000\000 */ } Config; diff --git a/settings.c b/settings.c index 90bb9ce2..266e37f5 100644 --- a/settings.c +++ b/settings.c @@ -265,6 +265,7 @@ void save_settings(char *section, int do_host, Config * cfg) write_setting_i(sesskey, "X11Forward", cfg->x11_forward); write_setting_s(sesskey, "X11Display", cfg->x11_display); write_setting_i(sesskey, "LocalPortAcceptAll", cfg->lport_acceptall); + write_setting_i(sesskey, "RemotePortAcceptAll", cfg->rport_acceptall); { char buf[2 * sizeof(cfg->portfwd)], *p, *q; p = buf; @@ -501,6 +502,7 @@ void load_settings(char *section, int do_host, Config * cfg) sizeof(cfg->x11_display)); gppi(sesskey, "LocalPortAcceptAll", 0, &cfg->lport_acceptall); + gppi(sesskey, "RemotePortAcceptAll", 0, &cfg->rport_acceptall); { char buf[2 * sizeof(cfg->portfwd)], *p, *q; gpps(sesskey, "PortForwardings", "", buf, sizeof(buf)); diff --git a/ssh.c b/ssh.c index bc7f5bf6..dcb791da 100644 --- a/ssh.c +++ b/ssh.c @@ -4607,7 +4607,10 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST); ssh2_pkt_addstring("tcpip-forward"); ssh2_pkt_addbool(1);/* want reply */ - ssh2_pkt_addstring("127.0.0.1"); + if (cfg.rport_acceptall) + ssh2_pkt_addstring("0.0.0.0"); + else + ssh2_pkt_addstring("127.0.0.1"); ssh2_pkt_adduint32(sport); ssh2_pkt_send(); diff --git a/windlg.c b/windlg.c index c3f13b75..78e237cd 100644 --- a/windlg.c +++ b/windlg.c @@ -545,6 +545,7 @@ enum { IDCX_ABOUT = IDC_X11_DISPSTATIC, IDC_X11_DISPLAY, IDC_LPORT_ALL, + IDC_RPORT_ALL, IDC_PFWDSTATIC, IDC_PFWDSTATIC2, IDC_PFWDREMOVE, @@ -896,7 +897,6 @@ char *help_context_cmd(int id) case IDC_X11_DISPSTATIC: case IDC_X11_DISPLAY: return "JI(`',`ssh.tunnels.x11')"; - case IDC_LPORT_ALL: case IDC_PFWDSTATIC: case IDC_PFWDSTATIC2: case IDC_PFWDREMOVE: @@ -909,6 +909,9 @@ char *help_context_cmd(int id) case IDC_PFWDLOCAL: case IDC_PFWDREMOTE: return "JI(`',`ssh.tunnels.portfwd')"; + case IDC_LPORT_ALL: + case IDC_RPORT_ALL: + return "JI(`',`ssh.tunnels.portfwd.localhost')"; default: return NULL; @@ -1171,6 +1174,7 @@ static void init_dlg_ctrls(HWND hwnd, int keepsess) SetDlgItemText(hwnd, IDC_X11_DISPLAY, cfg.x11_display); CheckDlgButton(hwnd, IDC_LPORT_ALL, cfg.lport_acceptall); + CheckDlgButton(hwnd, IDC_RPORT_ALL, cfg.rport_acceptall); CheckRadioButton(hwnd, IDC_PFWDLOCAL, IDC_PFWDREMOTE, IDC_PFWDLOCAL); } @@ -1694,7 +1698,7 @@ static void create_controls(HWND hwnd, int dlgtype, int panel) } if (panel == tunnelspanelstart) { - /* The Tunnels panel. Accelerators used: [acgo] deilmrstx */ + /* The Tunnels panel. Accelerators used: [acgo] deilmrsthx */ struct ctlpos cp; ctlposinit(&cp, hwnd, 80, 3, 13); if (dlgtype == 0) { @@ -1706,7 +1710,10 @@ static void create_controls(HWND hwnd, int dlgtype, int panel) IDC_X11_DISPLAY, 50, NULL); endbox(&cp); beginbox(&cp, "Port forwarding", IDC_BOX_TUNNELS2); - checkbox(&cp, "Local ports accept connections from o&ther hosts", IDC_LPORT_ALL); + checkbox(&cp, "Local ports accept connections from o&ther hosts", + IDC_LPORT_ALL); + checkbox(&cp, "Remote ports do t&he same (SSH v2 only)", + IDC_RPORT_ALL); staticbtn(&cp, "Forwarded ports:", IDC_PFWDSTATIC, "&Remove", IDC_PFWDREMOVE); fwdsetter(&cp, IDC_PFWDLIST, @@ -1715,7 +1722,8 @@ static void create_controls(HWND hwnd, int dlgtype, int panel) "Dest&ination", IDC_DPORTSTATIC, IDC_DPORTEDIT, "A&dd", IDC_PFWDADD); bareradioline(&cp, 2, - "&Local", IDC_PFWDLOCAL, "Re&mote", IDC_PFWDREMOTE, NULL); + "&Local", IDC_PFWDLOCAL, + "Re&mote", IDC_PFWDREMOTE, NULL); endbox(&cp); } @@ -3007,14 +3015,20 @@ static int GenericMainDlgProc(HWND hwnd, UINT msg, case IDC_X11_FORWARD: if (HIWORD(wParam) == BN_CLICKED || HIWORD(wParam) == BN_DOUBLECLICKED) - cfg.x11_forward = - IsDlgButtonChecked(hwnd, IDC_X11_FORWARD); + cfg.x11_forward = + IsDlgButtonChecked(hwnd, IDC_X11_FORWARD); break; case IDC_LPORT_ALL: if (HIWORD(wParam) == BN_CLICKED || HIWORD(wParam) == BN_DOUBLECLICKED) - cfg.lport_acceptall = - IsDlgButtonChecked(hwnd, IDC_LPORT_ALL); + cfg.lport_acceptall = + IsDlgButtonChecked(hwnd, IDC_LPORT_ALL); + break; + case IDC_RPORT_ALL: + if (HIWORD(wParam) == BN_CLICKED || + HIWORD(wParam) == BN_DOUBLECLICKED) + cfg.rport_acceptall = + IsDlgButtonChecked(hwnd, IDC_RPORT_ALL); break; case IDC_X11_DISPLAY: if (HIWORD(wParam) == EN_CHANGE)