StreamLocal forwarding
Damien Miller
djm at mindrot.org
Wed May 4 01:49:08 AEST 2016
On Wed, 4 May 2016, Damien Miller wrote:
> On Tue, 3 May 2016, Rogan Dawes wrote:
>
> > And, surprisingly, even having set the directive outside the Match block,
> > the following command still doesn't show streamlocalbindunlink set:
> >
> > sshd -T -C "user=sshvpn,host=196.209.244.243,addr=196.209.244.243" | grep -i
> > stream
> > streamlocalbindmask 0177
> > allowstreamlocalforwarding yes
>
> oh, that's a bug in the config dump support.
... and with that fixed the real bug reveals itself:
diff --git a/servconf.c b/servconf.c
index 6111c5a..5e8b7ca 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1994,6 +1994,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(allow_agent_forwarding);
M_CP_INTOPT(permit_tun);
M_CP_INTOPT(fwd_opts.gateway_ports);
+ M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
@@ -2006,6 +2007,12 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
+ /* This is a mode_t, so can't use M_CP_INTOPT */
+ if (src->fwd_opts.streamlocal_bind_mask == (mode_t)-1) {
+ dst->fwd_opts.streamlocal_bind_mask =
+ src->fwd_opts.streamlocal_bind_mask;
+ }
+
/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
#define M_CP_STROPT(n) do {\
if (src->n != NULL && dst->n != src->n) { \
More information about the openssh-unix-dev
mailing list