[Patch] Unix Domain Socket Forwarding
This is a discussion on [Patch] Unix Domain Socket Forwarding within the mailing.openbsd.tech forums, part of the OpenBSD category; --> http://25thandclement.com/~william/o...20060421.patch The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain socket forwarding (this supercedes ...
| |||||||
![[Patch] Unix Domain Socket Forwarding](http://www.unixadmintalk.com/iconimages/mailing-openbsd-tech/patch-unix-domain-socket-forwarding_ltr.gif)
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 08:32 AM
| ||||
| ||||
 [Patch] Unix Domain Socket Forwarding http://25thandclement.com/~william/o...20060421.patch The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain socket forwarding (this supercedes a canceled message I sent last night w/ an inline attachment). Basically, for forward and reverse forwardings anywhere you previously put a port number you can now put a path. The socket path should go between braces (`[' and `]'), and backslash escaping is honored within. Basically, any "port" which uses an escaping mechanism is considered a path instead. That way you can have socket paths like 1234 w/o ambiguity. -L[</path/to/socket>]:<host>:<port> -L<port>:[</path/to/socket>] -L[</path/to/socket>]:[</path/to/another_socket>] -R[</path/to/socket>]:<host>:<port> -R<port>:[</path/to/socket>] -R[</path/to/socket>]:[</path/to/another_socket>] I've added several new SSH messages: streamlocal-forward@openssh.com forarded-streamlocal@openssh.com cancel-streamlocal-forward@openssh.com direct-streamlocal@openssh.com streamlocal from "AF_LOCAL" and "SOCK_STREAM". Seemed to logically follow from the tcpip messages. Um, included in this patch, for now, is my previous patch which added options to specify a mask and access control lists for control sockets. I'll seperate them out when I port this over to the main OpenSSH source in OpenBSD. So, the following options are honored with this patch: Client: -> old stuff <- ControlBindMask Mask to use when binding a control socket ControlAllowUsers List of users and uids allowed to connect ControlAllowGroups List of groups and gids allows to connect ControlDenyUsers List of users and uids disallowed ControlDenyGroups List of groups and gids disallowed -> new stuff <- StreamLocalBindMask Mask to use when binding a forward socket StreamLocalBindUnlink Attempt an unlink before binding FakeStreamLocalForwards Fake a connection originating from a socket as tcpip. This isn't currently honored, but is the default and only behavior. See channel_post_port_listener(). Server: StreamLocalBindMask See above. StreamLocalBindUnlink See above. All regression tests pass, though I haven't yet added any for the new functionality. Please send suggestions and comments. It would be nice if this were included, or at least had the prospect of inclusion in the future. - Bill      |
Linear Mode
