tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 01:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on which rdomain(4) a
connection was recevied on. ok markus@

Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
This commit is contained in:
djm@openbsd.org 2017-10-25 00:19:47 +00:00 committed by Damien Miller
parent 35eb33fb95
commit 68af80e6fd
5 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -855,6 +855,7 @@ get_connection_info(int populate, int use_dns)
ci.address = ssh_remote_ipaddr(ssh); ci.address = ssh_remote_ipaddr(ssh);
ci.laddress = ssh_local_ipaddr(ssh); ci.laddress = ssh_local_ipaddr(ssh);
ci.lport = ssh_local_port(ssh); ci.lport = ssh_local_port(ssh);
ci.rdomain = ssh_packet_rdomain_in(ssh);
return &ci; return &ci;
} }
@ -1038,6 +1039,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
ci->laddress, port, line); ci->laddress, port, line);
else else
result = 0; result = 0;
} else if (strcasecmp(attrib, "rdomain") == 0) {
if (ci == NULL || ci->rdomain == NULL) {
result = 0;
continue;
}
if (match_pattern_list(ci->rdomain, arg, 0) != 1)
result = 0;
else
debug("user %.100s matched 'RDomain %.100s' at "
"line %d", ci->rdomain, arg, line);
} else { } else {
error("Unsupported Match attribute %s", attrib); error("Unsupported Match attribute %s", attrib);
return -1; return -1;
@ -2080,6 +2091,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
ci->user = xstrdup(p + 5); ci->user = xstrdup(p + 5);
} else if (strncmp(p, "laddr=", 6) == 0) { } else if (strncmp(p, "laddr=", 6) == 0) {
ci->laddress = xstrdup(p + 6); ci->laddress = xstrdup(p + 6);
} else if (strncmp(p, "rdomain=", 8) == 0) {
ci->rdomain = xstrdup(p + 8);
} else if (strncmp(p, "lport=", 6) == 0) { } else if (strncmp(p, "lport=", 6) == 0) {
ci->lport = a2port(p + 6); ci->lport = a2port(p + 6);
if (ci->lport == -1) { if (ci->lport == -1) {

3
servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.129 2017/10/25 00:17:08 djm Exp $ */ /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -218,6 +218,7 @@ struct connection_info {
const char *address; /* remote address */ const char *address; /* remote address */
const char *laddress; /* local address */ const char *laddress; /* local address */
int lport; /* local port */ int lport; /* local port */
const char *rdomain; /* routing domain if available */
}; };

5
sshd.8
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $ .\" $OpenBSD: sshd.8,v 1.292 2017/10/25 00:19:47 djm Exp $
.Dd $Mdocdate: June 24 2017 $ .Dd $Mdocdate: October 25 2017 $
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
.Sh NAME .Sh NAME
@ -109,6 +109,7 @@ The keywords are
.Dq host , .Dq host ,
.Dq laddr , .Dq laddr ,
.Dq lport , .Dq lport ,
.Dq rdomain
and and
.Dq addr . .Dq addr .
All are required and may be supplied in any order, either with multiple All are required and may be supplied in any order, either with multiple

12
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */ /* $OpenBSD: sshd.c,v 1.496 2017/10/25 00:19:47 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1404,7 +1404,7 @@ main(int ac, char **av)
extern int optind; extern int optind;
int r, opt, on = 1, already_daemon, remote_port; int r, opt, on = 1, already_daemon, remote_port;
int sock_in = -1, sock_out = -1, newsock = -1; int sock_in = -1, sock_out = -1, newsock = -1;
const char *remote_ip; const char *remote_ip, *rdomain;
char *fp, *line, *laddr, *logfile = NULL; char *fp, *line, *laddr, *logfile = NULL;
int config_s[2] = { -1 , -1 }; int config_s[2] = { -1 , -1 };
u_int i, j; u_int i, j;
@ -2022,10 +2022,14 @@ main(int ac, char **av)
audit_connection_from(remote_ip, remote_port); audit_connection_from(remote_ip, remote_port);
#endif #endif
rdomain = ssh_packet_rdomain_in(ssh);
/* Log the connection. */ /* Log the connection. */
laddr = get_local_ipaddr(sock_in); laddr = get_local_ipaddr(sock_in);
verbose("Connection from %s port %d on %s port %d", verbose("Connection from %s port %d on %s port %d%s%s",
remote_ip, remote_port, laddr, ssh_local_port(ssh)); remote_ip, remote_port, laddr, ssh_local_port(ssh),
rdomain == NULL ? "" : " rdomain ",
rdomain == NULL ? "" : rdomain);
free(laddr); free(laddr);
/* /*

11
sshd_config.5
View File

@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.258 2017/10/25 00:19:47 djm Exp $
.Dd $Mdocdate: October 25 2017 $ .Dd $Mdocdate: October 25 2017 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -1054,8 +1054,15 @@ The available criteria are
.Cm Host , .Cm Host ,
.Cm LocalAddress , .Cm LocalAddress ,
.Cm LocalPort , .Cm LocalPort ,
.Cm RDomain ,
and and
.Cm Address . .Cm Address
(with
.Cm RDomain
representing the
.Xr rdomain 4
on which the connection was received.)
.Pp
The match patterns may consist of single entries or comma-separated The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the lists and may use the wildcard and negation operators described in the
.Sx PATTERNS .Sx PATTERNS