[Patch] Unix Domain Socket Forwarding

This is a discussion on [Patch] Unix Domain Socket Forwarding within the OpenSSH Development forums, part of the Networking and Network Related category; http://25thandclement.com/~william/o...20060421.patch The above URL is a complete patch to OpenSSH 4.3p2 to implement ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page [Patch] Unix Domain Socket Forwarding

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-22-2006
William Ahern
 
Posts: n/a
Default [Patch] Unix Domain Socket Forwarding
http://25thandclement.com/~william/o...20060421.patch

The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain
socket forwarding (this supercedes a canceled message I sent last night w/
an inline attachment). Basically, for forward and reverse forwardings
anywhere you previously put a port number you can now put a path. The socket
path should go between braces (`[' and `]'), and backslash escaping is
honored within. Basically, any "port" which uses an escaping mechanism is
considered a path instead. That way you can have socket paths like 1234 w/o
ambiguity.

-L[</path/to/socket>]:<host>:<port>
-L<port>:[</path/to/socket>]
-L[</path/to/socket>]:[</path/to/another_socket>]
-R[</path/to/socket>]:<host>:<port>
-R<port>:[</path/to/socket>]
-R[</path/to/socket>]:[</path/to/another_socket>]

I've added several new SSH messages:

streamlocal-forward@openssh.com
forarded-streamlocal@openssh.com
cancel-streamlocal-forward@openssh.com
direct-streamlocal@openssh.com

streamlocal from "AF_LOCAL" and "SOCK_STREAM". Seemed to logically follow
from the tcpip messages.

Um, included in this patch, for now, is my previous patch which added
options to specify a mask and access control lists for control sockets. I'll
seperate them out when I port this over to the main OpenSSH source in
OpenBSD. So, the following options are honored with this patch:

Client:
-> old stuff <-
ControlBindMask Mask to use when binding a control socket
ControlAllowUsers List of users and uids allowed to connect
ControlAllowGroups List of groups and gids allows to connect
ControlDenyUsers List of users and uids disallowed
ControlDenyGroups List of groups and gids disallowed

-> new stuff <-
StreamLocalBindMask Mask to use when binding a forward socket
StreamLocalBindUnlink Attempt an unlink before binding
FakeStreamLocalForwards Fake a connection originating from a socket as
tcpip. This isn't currently honored, but is
the default and only behavior. See
channel_post_port_listener().

Server:
StreamLocalBindMask See above.
StreamLocalBindUnlink See above.

All regression tests pass, though I haven't yet added any for the new
functionality.

Please send suggestions and comments. It would be nice if this were
included, or at least had the prospect of inclusion in the future.

- Bill

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:26 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0