Add basic remote port filtering

7 years ago · 234df8bbbf
parent ebbf5692fa
commit 234df8bbbf
1 changed files with 13 additions and 2 deletions
--- a/sshd.go
+++ b/sshd.go
@ -252,7 +252,19 @@ func handleTcpIpForward(client *sshClient, req *ssh.Request) (net.Listener, *bin
 		return nil, nil, fmt.Errorf("Address is not permitted")
 	}

-	// TODO: Check port
+	ok := false
+	for _, port := range client.AllowedRemotePorts {
+		if payload.Port == port {
+			ok = true
+			break
+		}
+	}
+
+	if !ok {
+		log.Printf("Port is not permitted.")
+		req.Reply(false, []byte{})
+		return nil, nil, fmt.Errorf("Port is not permitted")
+	}

 	laddr := payload.Addr
 	lport := payload.Port
@ -294,7 +306,6 @@ func handleListener(client *sshClient, bindinfo *bindInfo, listener net.Listener
 			break
 		}

-		// TODO: I don't think a goroutine is required here
 		go handleForwardTcpIp(client, bindinfo, lconn)
 	}
 }