mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-29 08:44:52 +02:00
upstream commit
add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which rdomain(4) a connection was recevied on. ok markus@ Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
35eb33fb95
commit
68af80e6fd
15
servconf.c
15
servconf.c
@ -1,5 +1,5 @@
|
||||
|
||||
/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -855,6 +855,7 @@ get_connection_info(int populate, int use_dns)
|
||||
ci.address = ssh_remote_ipaddr(ssh);
|
||||
ci.laddress = ssh_local_ipaddr(ssh);
|
||||
ci.lport = ssh_local_port(ssh);
|
||||
ci.rdomain = ssh_packet_rdomain_in(ssh);
|
||||
return &ci;
|
||||
}
|
||||
|
||||
@ -1038,6 +1039,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
|
||||
ci->laddress, port, line);
|
||||
else
|
||||
result = 0;
|
||||
} else if (strcasecmp(attrib, "rdomain") == 0) {
|
||||
if (ci == NULL || ci->rdomain == NULL) {
|
||||
result = 0;
|
||||
continue;
|
||||
}
|
||||
if (match_pattern_list(ci->rdomain, arg, 0) != 1)
|
||||
result = 0;
|
||||
else
|
||||
debug("user %.100s matched 'RDomain %.100s' at "
|
||||
"line %d", ci->rdomain, arg, line);
|
||||
} else {
|
||||
error("Unsupported Match attribute %s", attrib);
|
||||
return -1;
|
||||
@ -2080,6 +2091,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
|
||||
ci->user = xstrdup(p + 5);
|
||||
} else if (strncmp(p, "laddr=", 6) == 0) {
|
||||
ci->laddress = xstrdup(p + 6);
|
||||
} else if (strncmp(p, "rdomain=", 8) == 0) {
|
||||
ci->rdomain = xstrdup(p + 8);
|
||||
} else if (strncmp(p, "lport=", 6) == 0) {
|
||||
ci->lport = a2port(p + 6);
|
||||
if (ci->lport == -1) {
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: servconf.h,v 1.129 2017/10/25 00:17:08 djm Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -218,6 +218,7 @@ struct connection_info {
|
||||
const char *address; /* remote address */
|
||||
const char *laddress; /* local address */
|
||||
int lport; /* local port */
|
||||
const char *rdomain; /* routing domain if available */
|
||||
};
|
||||
|
||||
|
||||
|
||||
5
sshd.8
5
sshd.8
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $
|
||||
.Dd $Mdocdate: June 24 2017 $
|
||||
.\" $OpenBSD: sshd.8,v 1.292 2017/10/25 00:19:47 djm Exp $
|
||||
.Dd $Mdocdate: October 25 2017 $
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -109,6 +109,7 @@ The keywords are
|
||||
.Dq host ,
|
||||
.Dq laddr ,
|
||||
.Dq lport ,
|
||||
.Dq rdomain
|
||||
and
|
||||
.Dq addr .
|
||||
All are required and may be supplied in any order, either with multiple
|
||||
|
||||
12
sshd.c
12
sshd.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.496 2017/10/25 00:19:47 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -1404,7 +1404,7 @@ main(int ac, char **av)
|
||||
extern int optind;
|
||||
int r, opt, on = 1, already_daemon, remote_port;
|
||||
int sock_in = -1, sock_out = -1, newsock = -1;
|
||||
const char *remote_ip;
|
||||
const char *remote_ip, *rdomain;
|
||||
char *fp, *line, *laddr, *logfile = NULL;
|
||||
int config_s[2] = { -1 , -1 };
|
||||
u_int i, j;
|
||||
@ -2022,10 +2022,14 @@ main(int ac, char **av)
|
||||
audit_connection_from(remote_ip, remote_port);
|
||||
#endif
|
||||
|
||||
rdomain = ssh_packet_rdomain_in(ssh);
|
||||
|
||||
/* Log the connection. */
|
||||
laddr = get_local_ipaddr(sock_in);
|
||||
verbose("Connection from %s port %d on %s port %d",
|
||||
remote_ip, remote_port, laddr, ssh_local_port(ssh));
|
||||
verbose("Connection from %s port %d on %s port %d%s%s",
|
||||
remote_ip, remote_port, laddr, ssh_local_port(ssh),
|
||||
rdomain == NULL ? "" : " rdomain ",
|
||||
rdomain == NULL ? "" : rdomain);
|
||||
free(laddr);
|
||||
|
||||
/*
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.258 2017/10/25 00:19:47 djm Exp $
|
||||
.Dd $Mdocdate: October 25 2017 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
@ -1054,8 +1054,15 @@ The available criteria are
|
||||
.Cm Host ,
|
||||
.Cm LocalAddress ,
|
||||
.Cm LocalPort ,
|
||||
.Cm RDomain ,
|
||||
and
|
||||
.Cm Address .
|
||||
.Cm Address
|
||||
(with
|
||||
.Cm RDomain
|
||||
representing the
|
||||
.Xr rdomain 4
|
||||
on which the connection was received.)
|
||||
.Pp
|
||||
The match patterns may consist of single entries or comma-separated
|
||||
lists and may use the wildcard and negation operators described in the
|
||||
.Sx PATTERNS
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user