Add basic remote port filtering
This commit is contained in:
Merlijn Wajer
parent
ebbf5692fa
commit
234df8bbbf
1 changed files with 13 additions and 2 deletions
15
sshd.go
15
sshd.go
|
|
@ -252,7 +252,19 @@ func handleTcpIpForward(client *sshClient, req *ssh.Request) (net.Listener, *bin
|
||||||
return nil, nil, fmt.Errorf("Address is not permitted")
|
return nil, nil, fmt.Errorf("Address is not permitted")
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Check port
|
ok := false
|
||||||
|
for _, port := range client.AllowedRemotePorts {
|
||||||
|
if payload.Port == port {
|
||||||
|
ok = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !ok {
|
||||||
|
log.Printf("Port is not permitted.")
|
||||||
|
req.Reply(false, []byte{})
|
||||||
|
return nil, nil, fmt.Errorf("Port is not permitted")
|
||||||
|
}
|
||||||
|
|
||||||
laddr := payload.Addr
|
laddr := payload.Addr
|
||||||
lport := payload.Port
|
lport := payload.Port
|
||||||
|
|
@ -294,7 +306,6 @@ func handleListener(client *sshClient, bindinfo *bindInfo, listener net.Listener
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: I don't think a goroutine is required here
|
|
||||||
go handleForwardTcpIp(client, bindinfo, lconn)
|
go handleForwardTcpIp(client, bindinfo, lconn)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue