Re: [PATCH] SSH Tunnels

[Loïc Michaux <lmichaux@xxxxxxxxxx>]

Hi, 

To address this issue I added two callbacks for direct-tcpip and forwarded-tcpip channel open requests. Patch attached, please tell me if something is missing or to modify. 

Best regards, 
Loïc Michaux 

From c2eec6a95e7a4f839f04ec99c878f2b127638a2a Mon Sep 17 00:00:00 2001
From: Loïc Michaux <lmichaux@xxxxxxxxxx>
Date: Fri, 7 Mar 2014 15:19:44 +0100
Subject: [PATCH] direct-tcpip and forwarded-tcpip callbacks

---
 include/libssh/callbacks.h |   34 ++++++++++++++++++++++++++++++++--
 src/messages.c             |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h
index 6bd8c57..a4f603c 100644
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -124,6 +124,7 @@ typedef void (*ssh_global_request_callback) (ssh_session session,
 typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session session,
       const char * originator_address, int originator_port, void *userdata);
 
+
 /**
  * The structure to replace libssh functions with appropriate callbacks.
  */
@@ -239,6 +240,21 @@ typedef int (*ssh_service_request_callback) (ssh_session session, const char *se
 typedef ssh_channel (*ssh_channel_open_request_session_callback) (ssh_session session, void *userdata);
 
 /*
+ * @brief Handles an SSH new channel open direct TCPIP request
+ */
+typedef ssh_channel (*ssh_channel_open_request_direct_tcpip_callback) (ssh_session session,
+            const char *destination, uint16_t destination_port, const char *originator,
+            uint16_t originator_port, void *userdata);
+
+/*
+ * @brief Handles an SSH new channel open forwarded TCPIP request
+ */
+
+typedef ssh_channel (*ssh_channel_open_request_forwarded_tcpip_callback) (ssh_session session,
+        const char *destination, uint16_t destination_port, const char *originator,
+        uint16_t originator_port, void *userdata);
+
+/*
  * @brief handle the beginning of a GSSAPI authentication, server side.
  * @param session current session handler
  * @param user the username of the client
@@ -313,20 +329,34 @@ struct ssh_server_callbacks_struct {
    */
   ssh_auth_pubkey_callback auth_pubkey_function;
 
-  /** This functions gets called when a service request is issued by the
+  /** This function gets called when a service request is issued by the
    * client
    */
   ssh_service_request_callback service_request_function;
-  /** This functions gets called when a new channel request is issued by
+
+  /** This function gets called when a new channel request is issued by
    * the client
    */
   ssh_channel_open_request_session_callback channel_open_request_session_function;
+
+  /** This function gets called when a new direct tcpip channel request is issued by
+   * the client
+   */
+  ssh_channel_open_request_direct_tcpip_callback channel_open_request_direct_tcpip_function;
+
+  /** This function gets called when a new forwarded tcpip channel request is issued by
+   * the client
+   */
+  ssh_channel_open_request_forwarded_tcpip_callback channel_open_request_forwarded_tcpip_function;
+
   /** This function will be called when a new gssapi authentication is attempted.
    */
   ssh_gssapi_select_oid_callback gssapi_select_oid_function;
+
   /** This function will be called when a gssapi token comes in.
    */
   ssh_gssapi_accept_sec_ctx_callback gssapi_accept_sec_ctx_function;
+
   /* This function will be called when a MIC needs to be verified.
    */
   ssh_gssapi_verify_mic_callback gssapi_verify_mic_function;
diff --git a/src/messages.c b/src/messages.c
index 4246c63..71971de 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -162,6 +162,38 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
 
                 return SSH_OK;
             }
+            else if (msg->channel_request_open.type == SSH_CHANNEL_DIRECT_TCPIP &&
+                    ssh_callbacks_exists(session->server_callbacks, channel_open_request_direct_tcpip_function)) {
+                channel = session->server_callbacks->channel_open_request_direct_tcpip_function(session,
+                        msg->channel_request_open.destination,
+                        msg->channel_request_open.destination_port,
+                        msg->channel_request_open.originator,
+                        msg->channel_request_open.originator_port,
+                        session->server_callbacks->userdata);
+                if (channel != NULL) {
+                    rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+                    return SSH_OK;
+                } else {
+                    ssh_message_reply_default(msg);
+                }
+                return SSH_OK;
+            }
+            else if (msg->channel_request_open.type == SSH_CHANNEL_FORWARDED_TCPIP &&
+                    ssh_callbacks_exists(session->server_callbacks, channel_open_request_forwarded_tcpip_function)) {
+                channel = session->server_callbacks->channel_open_request_forwarded_tcpip_function(session,
+                        msg->channel_request_open.destination,
+                        msg->channel_request_open.destination_port,
+                        msg->channel_request_open.originator,
+                        msg->channel_request_open.originator_port,
+                        session->server_callbacks->userdata);
+                if (channel != NULL) {
+                    rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+                    return SSH_OK;
+                } else {
+                    ssh_message_reply_default(msg);
+                }
+                return SSH_OK;
+            }
             break;
         case SSH_REQUEST_CHANNEL:
             channel = msg->channel_request.channel;
-- 
1.7.10.4