StreamLocal forwarding
Rogan Dawes
rogan at dawes.za.net
Wed May 4 02:05:56 AEST 2016
Haha!
Glad to know i wasn't just doing something stupid!
Thanks for your help!
Rogan
On Tue, 03 May 2016 at 5:49 PM Damien Miller <djm at mindrot.org> wrote:
> On Wed, 4 May 2016, Damien Miller wrote:
>
> > On Tue, 3 May 2016, Rogan Dawes wrote:
> >
> > > And, surprisingly, even having set the directive outside the Match
> block,
> > > the following command still doesn't show streamlocalbindunlink set:
> > >
> > > sshd -T -C "user=sshvpn,host=196.209.244.243,addr=196.209.244.243" |
> grep -i
> > > stream
> > > streamlocalbindmask 0177
> > > allowstreamlocalforwarding yes
> >
> > oh, that's a bug in the config dump support.
>
> ... and with that fixed the real bug reveals itself:
>
> diff --git a/servconf.c b/servconf.c
> index 6111c5a..5e8b7ca 100644
> --- a/servconf.c
> +++ b/servconf.c
> @@ -1994,6 +1994,7 @@ copy_set_server_options(ServerOptions *dst,
> ServerOptions *src, int preauth)
> M_CP_INTOPT(allow_agent_forwarding);
> M_CP_INTOPT(permit_tun);
> M_CP_INTOPT(fwd_opts.gateway_ports);
> + M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
> M_CP_INTOPT(x11_display_offset);
> M_CP_INTOPT(x11_forwarding);
> M_CP_INTOPT(x11_use_localhost);
> @@ -2006,6 +2007,12 @@ copy_set_server_options(ServerOptions *dst,
> ServerOptions *src, int preauth)
> M_CP_INTOPT(rekey_limit);
> M_CP_INTOPT(rekey_interval);
>
> + /* This is a mode_t, so can't use M_CP_INTOPT */
> + if (src->fwd_opts.streamlocal_bind_mask == (mode_t)-1) {
> + dst->fwd_opts.streamlocal_bind_mask =
> + src->fwd_opts.streamlocal_bind_mask;
> + }
> +
> /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here
> */
> #define M_CP_STROPT(n) do {\
> if (src->n != NULL && dst->n != src->n) { \
>
More information about the openssh-unix-dev
mailing list