- djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@
This commit is contained in:
parent
7cfeecf670
commit
0f38323222
|
@ -6,6 +6,10 @@
|
|||
- markus@cvs.openbsd.org 2004/12/23 17:38:07
|
||||
[ssh-keygen.c]
|
||||
leak; from mpech
|
||||
- djm@cvs.openbsd.org 2004/12/23 23:11:00
|
||||
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
|
||||
bz #898: support AddressFamily in sshd_config. from
|
||||
peak@argo.troja.mff.cuni.cz; ok deraadt@
|
||||
|
||||
20050118
|
||||
- (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
|
||||
|
@ -1978,4 +1982,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3610 2005/01/19 23:56:31 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3611 2005/01/19 23:57:56 dtucker Exp $
|
||||
|
|
32
servconf.c
32
servconf.c
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.138 2004/12/23 23:11:00 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
|
@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
|
|||
static void add_listen_addr(ServerOptions *, char *, u_short);
|
||||
static void add_one_listen_addr(ServerOptions *, char *, u_short);
|
||||
|
||||
/* AF_UNSPEC or AF_INET or AF_INET6 */
|
||||
extern int IPv4or6;
|
||||
/* Use of privilege separation or not */
|
||||
extern int use_privsep;
|
||||
|
||||
|
@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options)
|
|||
options->num_ports = 0;
|
||||
options->ports_from_cmdline = 0;
|
||||
options->listen_addrs = NULL;
|
||||
options->address_family = -1;
|
||||
options->num_host_key_files = 0;
|
||||
options->pid_file = NULL;
|
||||
options->server_key_bits = -1;
|
||||
|
@ -258,7 +257,8 @@ typedef enum {
|
|||
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
||||
sKerberosGetAFSToken,
|
||||
sKerberosTgtPassing, sChallengeResponseAuthentication,
|
||||
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
|
||||
sPasswordAuthentication, sKbdInteractiveAuthentication,
|
||||
sListenAddress, sAddressFamily,
|
||||
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
|
||||
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
|
||||
sStrictModes, sEmptyPasswd, sTCPKeepAlive,
|
||||
|
@ -335,6 +335,7 @@ static struct {
|
|||
{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
|
||||
{ "checkmail", sDeprecated },
|
||||
{ "listenaddress", sListenAddress },
|
||||
{ "addressfamily", sAddressFamily },
|
||||
{ "printmotd", sPrintMotd },
|
||||
{ "printlastlog", sPrintLastLog },
|
||||
{ "ignorerhosts", sIgnoreRhosts },
|
||||
|
@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
|
|||
|
||||
if (options->num_ports == 0)
|
||||
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
if (options->address_family == -1)
|
||||
options->address_family = AF_UNSPEC;
|
||||
if (port == 0)
|
||||
for (i = 0; i < options->num_ports; i++)
|
||||
add_one_listen_addr(options, addr, options->ports[i]);
|
||||
|
@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
|
|||
int gaierr;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = IPv4or6;
|
||||
hints.ai_family = options->address_family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
|
@ -544,6 +547,25 @@ parse_time:
|
|||
filename, linenum);
|
||||
break;
|
||||
|
||||
case sAddressFamily:
|
||||
arg = strdelim(&cp);
|
||||
intptr = &options->address_family;
|
||||
if (options->listen_addrs != NULL)
|
||||
fatal("%s line %d: address family must be specified before "
|
||||
"ListenAddress.", filename, linenum);
|
||||
if (strcasecmp(arg, "inet") == 0)
|
||||
value = AF_INET;
|
||||
else if (strcasecmp(arg, "inet6") == 0)
|
||||
value = AF_INET6;
|
||||
else if (strcasecmp(arg, "any") == 0)
|
||||
value = AF_UNSPEC;
|
||||
else
|
||||
fatal("%s line %d: unsupported address family \"%s\".",
|
||||
filename, linenum, arg);
|
||||
if (*intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
||||
case sHostKeyFile:
|
||||
intptr = &options->num_host_key_files;
|
||||
if (*intptr >= MAX_HOSTKEYS)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -43,6 +43,7 @@ typedef struct {
|
|||
u_short ports[MAX_PORTS]; /* Port number to listen on. */
|
||||
char *listen_addr; /* Address on which the server listens. */
|
||||
struct addrinfo *listen_addrs; /* Addresses on which the server listens. */
|
||||
int address_family; /* Address family used by the server. */
|
||||
char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */
|
||||
int num_host_key_files; /* Number of files for host keys. */
|
||||
char *pid_file; /* Where to put our pid */
|
||||
|
|
16
sshd.c
16
sshd.c
|
@ -42,7 +42,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.304 2004/09/25 03:45:14 djm Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.305 2004/12/23 23:11:00 djm Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
|
@ -111,12 +111,6 @@ ServerOptions options;
|
|||
/* Name of the server configuration file. */
|
||||
char *config_file_name = _PATH_SERVER_CONFIG_FILE;
|
||||
|
||||
/*
|
||||
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
|
||||
* Default value is AF_UNSPEC means both IPv4 and IPv6.
|
||||
*/
|
||||
int IPv4or6 = AF_UNSPEC;
|
||||
|
||||
/*
|
||||
* Debug mode flag. This can be set on the command line. If debug
|
||||
* mode is enabled, extra debugging output will be sent to the system
|
||||
|
@ -920,10 +914,10 @@ main(int ac, char **av)
|
|||
while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
|
||||
switch (opt) {
|
||||
case '4':
|
||||
IPv4or6 = AF_INET;
|
||||
options.address_family = AF_INET;
|
||||
break;
|
||||
case '6':
|
||||
IPv4or6 = AF_INET6;
|
||||
options.address_family = AF_INET6;
|
||||
break;
|
||||
case 'f':
|
||||
config_file_name = optarg;
|
||||
|
@ -1024,7 +1018,6 @@ main(int ac, char **av)
|
|||
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
||||
|
||||
SSLeay_add_all_algorithms();
|
||||
channel_set_af(IPv4or6);
|
||||
|
||||
/*
|
||||
* Force logging to stderr until we have loaded the private host
|
||||
|
@ -1074,6 +1067,9 @@ main(int ac, char **av)
|
|||
/* Fill in default values for those options not explicitly set. */
|
||||
fill_default_server_options(&options);
|
||||
|
||||
/* set default channel AF */
|
||||
channel_set_af(options.address_family);
|
||||
|
||||
/* Check that there are no remaining arguments. */
|
||||
if (optind < ac) {
|
||||
fprintf(stderr, "Extra argument %s.\n", av[optind]);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
|
||||
# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
@ -12,6 +12,7 @@
|
|||
|
||||
#Port 22
|
||||
#Protocol 2,1
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.37 2004/12/23 23:11:00 djm Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
|
@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted
|
|||
user environments.
|
||||
For this reason, care should be taken in the use of this directive.
|
||||
The default is not to accept any environment variables.
|
||||
.It Cm AddressFamily
|
||||
Specifies which address family should be used by
|
||||
.Nm sshd .
|
||||
Valid arguments are
|
||||
.Dq any ,
|
||||
.Dq inet
|
||||
(use IPv4 only) or
|
||||
.Dq inet6
|
||||
(use IPv6 only).
|
||||
The default is
|
||||
.Dq any .
|
||||
.It Cm AllowGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
|
|
Loading…
Reference in New Issue