diff --git a/ChangeLog b/ChangeLog index b31ee81cd..d1c4b3e65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,10 @@ support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ 20110909 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From diff --git a/channels.c b/channels.c index 0f7e1a872..b6663de8f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port) int channel_cancel_lport_listener(const char *lhost, u_short lport, - u_short cport, int gateway_ports) + int cport, int gateway_ports) { u_int i; int found = 0; @@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport, Channel *c = channels[i]; if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) continue; - if (c->listening_port != lport || c->host_port != cport) + if (c->listening_port != lport) continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } if ((c->listening_addr == NULL && addr != NULL) || (c->listening_addr != NULL && addr == NULL)) continue; diff --git a/channels.h b/channels.h index 37af32289..ff84ea54f 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen @@ -57,6 +57,8 @@ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ #define SSH_CHANNEL_MAX_TYPE 17 +#define CHANNEL_CANCEL_PORT_STATIC -1 + struct Channel; typedef struct Channel Channel; @@ -265,7 +267,7 @@ int channel_setup_local_fwd_listener(const char *, u_short, int channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); -int channel_cancel_lport_listener(const char *, u_short, u_short, int); +int channel_cancel_lport_listener(const char *, u_short, int, int); /* x11 forwarding */ diff --git a/clientloop.c b/clientloop.c index c19b01f19..1339521f4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -839,9 +839,8 @@ process_cmdline(void) { void (*handler)(int); char *s, *cmd, *cancel_host; - int delete = 0; - int local = 0, remote = 0, dynamic = 0; - int cancel_port; + int delete = 0, local = 0, remote = 0, dynamic = 0; + int cancel_port, ok; Forward fwd; bzero(&fwd, sizeof(fwd)); @@ -867,8 +866,12 @@ process_cmdline(void) "Request remote forward"); logit(" -D[bind_address:]port " "Request dynamic forward"); + logit(" -KL[bind_address:]port " + "Cancel local forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); + logit(" -KD[bind_address:]port " + "Cancel dynamic forward"); if (!options.permit_local_command) goto out; logit(" !args " @@ -897,11 +900,7 @@ process_cmdline(void) goto out; } - if ((local || dynamic) && delete) { - logit("Not supported."); - goto out; - } - if (remote && delete && !compat20) { + if (delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -924,7 +923,21 @@ process_cmdline(void) logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(cancel_host, cancel_port); + if (remote) + ok = channel_request_rforward_cancel(cancel_host, + cancel_port) == 0; + else if (dynamic) + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, 0, options.gateway_ports) > 0; + else + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, CHANNEL_CANCEL_PORT_STATIC, + options.gateway_ports) > 0; + if (!ok) { + logit("Unkown port forwarding."); + goto out; + } + logit("Canceled forwarding."); } else { if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); @@ -945,7 +958,6 @@ process_cmdline(void) goto out; } } - logit("Forwarding port."); } diff --git a/ssh.1 b/ssh.1 index fbdddc7d1..67a42cb5d 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $ -.Dd $Mdocdate: August 26 2011 $ +.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $ +.Dd $Mdocdate: September 10 2011 $ .Dt SSH 1 .Os .Sh NAME @@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the and .Fl D options (see above). -It also allows the cancellation of existing remote port-forwardings -using +It also allows the cancellation of existing port-forwardings +with .Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . +.Fl KL Oo Ar bind_address : Oc Ar port .Sm on +for local, +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port +.Sm on +for remote and +.Sm off +.Fl KD Oo Ar bind_address : Oc Ar port +.Sm on +for dynamic port-forwardings. .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand