mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-31 01:35:11 +02:00
Removed "TunnelOptions" option. Its function is now fulfilled by "PermitTunnel"(sshd) and "Tunnel" (ssh): you can append to the type of tunnel a ":" followed by options (e.g. Tunnel=ethernet:my_option)
This commit is contained in:
Giuseppe Guerrini
parent
05d0b01683
commit
ad8b4217d5
@ -1861,7 +1861,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
|
|||||||
debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
|
debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
|
||||||
|
|
||||||
/* Open local tunnel device */
|
/* Open local tunnel device */
|
||||||
if ((fd = tun_open(local_tun, tun_mode, options.tunnel_options, &ifname)) == -1) {
|
if ((fd = tun_open(local_tun, tun_mode, options.tun_options, &ifname)) == -1) {
|
||||||
error("Tunnel device open failed.");
|
error("Tunnel device open failed.");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
4
misc.c
4
misc.c
@ -1492,10 +1492,10 @@ percent_dollar_expand(const char *string, ...)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
tun_open(int tun, int mode, const char* tunnel_options, char **ifname)
|
tun_open(int tun, int mode, const char* tun_options, char **ifname)
|
||||||
{
|
{
|
||||||
#if defined(CUSTOM_SYS_TUN_OPEN)
|
#if defined(CUSTOM_SYS_TUN_OPEN)
|
||||||
return (sys_tun_open(tun, mode, tunnel_options, ifname));
|
return (sys_tun_open(tun, mode, tun_options, ifname));
|
||||||
#elif defined(SSH_TUN_OPENBSD)
|
#elif defined(SSH_TUN_OPENBSD)
|
||||||
struct ifreq ifr;
|
struct ifreq ifr;
|
||||||
char name[100];
|
char name[100];
|
||||||
|
|||||||
@ -687,12 +687,12 @@ FAIL:
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
sys_tun_open(int tun, int mode, const char *tunnel_options, char** ifname)
|
sys_tun_open(int tun, int mode, const char *tun_options, char** ifname)
|
||||||
{
|
{
|
||||||
int tun_fd = -1;
|
int tun_fd = -1;
|
||||||
const char *prefix = NULL;
|
const char *prefix = NULL;
|
||||||
|
|
||||||
prefix = tunnel_options;
|
prefix = tun_options;
|
||||||
|
|
||||||
if (ifname != NULL) {
|
if (ifname != NULL) {
|
||||||
*ifname = NULL;
|
*ifname = NULL;
|
||||||
|
|||||||
20
readconf.c
20
readconf.c
@ -180,7 +180,6 @@ typedef enum {
|
|||||||
oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
|
oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
|
||||||
oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize,
|
oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize,
|
||||||
oEnableEscapeCommandline, oObscureKeystrokeTiming, oChannelTimeout,
|
oEnableEscapeCommandline, oObscureKeystrokeTiming, oChannelTimeout,
|
||||||
oTunnelOptions,
|
|
||||||
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
|
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
|
||||||
} OpCodes;
|
} OpCodes;
|
||||||
|
|
||||||
@ -331,7 +330,6 @@ static struct {
|
|||||||
{ "enableescapecommandline", oEnableEscapeCommandline },
|
{ "enableescapecommandline", oEnableEscapeCommandline },
|
||||||
{ "obscurekeystroketiming", oObscureKeystrokeTiming },
|
{ "obscurekeystroketiming", oObscureKeystrokeTiming },
|
||||||
{ "channeltimeout", oChannelTimeout },
|
{ "channeltimeout", oChannelTimeout },
|
||||||
{ "tunneloptions", oTunnelOptions },
|
|
||||||
|
|
||||||
{ NULL, oBadOption }
|
{ NULL, oBadOption }
|
||||||
};
|
};
|
||||||
@ -1185,6 +1183,7 @@ parse_time:
|
|||||||
multistate_ptr = multistate_flag;
|
multistate_ptr = multistate_flag;
|
||||||
parse_multistate:
|
parse_multistate:
|
||||||
arg = argv_next(&ac, &av);
|
arg = argv_next(&ac, &av);
|
||||||
|
parse_multistate_arg:
|
||||||
if ((value = parse_multistate_value(arg, filename, linenum,
|
if ((value = parse_multistate_value(arg, filename, linenum,
|
||||||
multistate_ptr)) == -1) {
|
multistate_ptr)) == -1) {
|
||||||
error("%s line %d: unsupported option \"%s\".",
|
error("%s line %d: unsupported option \"%s\".",
|
||||||
@ -1949,7 +1948,8 @@ parse_pubkey_algos:
|
|||||||
case oTunnel:
|
case oTunnel:
|
||||||
intptr = &options->tun_open;
|
intptr = &options->tun_open;
|
||||||
multistate_ptr = multistate_tunnel;
|
multistate_ptr = multistate_tunnel;
|
||||||
goto parse_multistate;
|
arg = argv_next(&ac, &av);
|
||||||
|
goto parse_multistate_arg;
|
||||||
|
|
||||||
case oTunnelDevice:
|
case oTunnelDevice:
|
||||||
arg = argv_next(&ac, &av);
|
arg = argv_next(&ac, &av);
|
||||||
@ -2413,13 +2413,6 @@ parse_pubkey_algos:
|
|||||||
argv_consume(&ac);
|
argv_consume(&ac);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oTunnelOptions:
|
|
||||||
charptr = &options->tunnel_options;
|
|
||||||
arg = argv_next(&ac, &av);
|
|
||||||
if (*activep && *charptr == NULL)
|
|
||||||
*charptr = xstrdup((arg == NULL) ? "" : arg);
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
error("%s line %d: Unimplemented opcode %d",
|
error("%s line %d: Unimplemented opcode %d",
|
||||||
filename, linenum, opcode);
|
filename, linenum, opcode);
|
||||||
@ -2672,7 +2665,7 @@ initialize_options(Options * options)
|
|||||||
options->required_rsa_size = -1;
|
options->required_rsa_size = -1;
|
||||||
options->enable_escape_commandline = -1;
|
options->enable_escape_commandline = -1;
|
||||||
options->obscure_keystroke_timing_interval = -1;
|
options->obscure_keystroke_timing_interval = -1;
|
||||||
options->tunnel_options = NULL;
|
options->tun_options = NULL;
|
||||||
options->tag = NULL;
|
options->tag = NULL;
|
||||||
options->channel_timeouts = NULL;
|
options->channel_timeouts = NULL;
|
||||||
options->num_channel_timeouts = 0;
|
options->num_channel_timeouts = 0;
|
||||||
@ -2837,6 +2830,8 @@ fill_default_options(Options * options)
|
|||||||
options->hash_known_hosts = 0;
|
options->hash_known_hosts = 0;
|
||||||
if (options->tun_open == -1)
|
if (options->tun_open == -1)
|
||||||
options->tun_open = SSH_TUNMODE_NO;
|
options->tun_open = SSH_TUNMODE_NO;
|
||||||
|
if (options->tun_options == NULL)
|
||||||
|
options->tun_options = xstrdup("");
|
||||||
if (options->tun_local == -1)
|
if (options->tun_local == -1)
|
||||||
options->tun_local = SSH_TUNID_ANY;
|
options->tun_local = SSH_TUNID_ANY;
|
||||||
if (options->tun_remote == -1)
|
if (options->tun_remote == -1)
|
||||||
@ -2940,7 +2935,6 @@ fill_default_options(Options * options)
|
|||||||
CLEAR_ON_NONE(options->pkcs11_provider);
|
CLEAR_ON_NONE(options->pkcs11_provider);
|
||||||
CLEAR_ON_NONE(options->sk_provider);
|
CLEAR_ON_NONE(options->sk_provider);
|
||||||
CLEAR_ON_NONE(options->known_hosts_command);
|
CLEAR_ON_NONE(options->known_hosts_command);
|
||||||
CLEAR_ON_NONE(options->tunnel_options);
|
|
||||||
CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none");
|
CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none");
|
||||||
#undef CLEAR_ON_NONE
|
#undef CLEAR_ON_NONE
|
||||||
#undef CLEAR_ON_NONE_ARRAY
|
#undef CLEAR_ON_NONE_ARRAY
|
||||||
@ -3693,8 +3687,6 @@ dump_client_config(Options *o, const char *host)
|
|||||||
printf(":%d", o->tun_remote);
|
printf(":%d", o->tun_remote);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
dump_cfg_string(oTunnelOptions, o->tunnel_options);
|
|
||||||
|
|
||||||
|
|
||||||
/* oCanonicalizePermittedCNAMEs */
|
/* oCanonicalizePermittedCNAMEs */
|
||||||
printf("canonicalizePermittedcnames");
|
printf("canonicalizePermittedcnames");
|
||||||
|
|||||||
@ -184,7 +184,7 @@ typedef struct {
|
|||||||
|
|
||||||
char **channel_timeouts; /* inactivity timeout by channel type */
|
char **channel_timeouts; /* inactivity timeout by channel type */
|
||||||
u_int num_channel_timeouts;
|
u_int num_channel_timeouts;
|
||||||
char *tunnel_options;
|
char *tun_options;
|
||||||
|
|
||||||
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
|
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
|
||||||
} Options;
|
} Options;
|
||||||
|
|||||||
29
servconf.c
29
servconf.c
@ -194,7 +194,7 @@ initialize_server_options(ServerOptions *options)
|
|||||||
options->num_accept_env = 0;
|
options->num_accept_env = 0;
|
||||||
options->num_setenv = 0;
|
options->num_setenv = 0;
|
||||||
options->permit_tun = -1;
|
options->permit_tun = -1;
|
||||||
options->tunnel_options = NULL;
|
options->tun_options = NULL;
|
||||||
options->permitted_opens = NULL;
|
options->permitted_opens = NULL;
|
||||||
options->permitted_listens = NULL;
|
options->permitted_listens = NULL;
|
||||||
options->adm_forced_command = NULL;
|
options->adm_forced_command = NULL;
|
||||||
@ -472,6 +472,8 @@ fill_default_server_options(ServerOptions *options)
|
|||||||
}
|
}
|
||||||
if (options->permit_tun == -1)
|
if (options->permit_tun == -1)
|
||||||
options->permit_tun = SSH_TUNMODE_NO;
|
options->permit_tun = SSH_TUNMODE_NO;
|
||||||
|
if (options->tun_options == NULL)
|
||||||
|
options->tun_options = xstrdup("");
|
||||||
if (options->ip_qos_interactive == -1)
|
if (options->ip_qos_interactive == -1)
|
||||||
options->ip_qos_interactive = IPTOS_DSCP_AF21;
|
options->ip_qos_interactive = IPTOS_DSCP_AF21;
|
||||||
if (options->ip_qos_bulk == -1)
|
if (options->ip_qos_bulk == -1)
|
||||||
@ -531,7 +533,6 @@ fill_default_server_options(ServerOptions *options)
|
|||||||
CLEAR_ON_NONE(options->chroot_directory);
|
CLEAR_ON_NONE(options->chroot_directory);
|
||||||
CLEAR_ON_NONE(options->routing_domain);
|
CLEAR_ON_NONE(options->routing_domain);
|
||||||
CLEAR_ON_NONE(options->host_key_agent);
|
CLEAR_ON_NONE(options->host_key_agent);
|
||||||
CLEAR_ON_NONE(options->tunnel_options);
|
|
||||||
CLEAR_ON_NONE(options->per_source_penalty_exempt);
|
CLEAR_ON_NONE(options->per_source_penalty_exempt);
|
||||||
|
|
||||||
for (i = 0; i < options->num_host_key_files; i++)
|
for (i = 0; i < options->num_host_key_files; i++)
|
||||||
@ -570,7 +571,7 @@ typedef enum {
|
|||||||
sPerSourcePenalties, sPerSourcePenaltyExemptList,
|
sPerSourcePenalties, sPerSourcePenaltyExemptList,
|
||||||
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
|
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
|
||||||
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
|
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
|
||||||
sAcceptEnv, sSetEnv, sPermitTunnel, sTunnelOptions,
|
sAcceptEnv, sSetEnv, sPermitTunnel,
|
||||||
sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
|
sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
|
||||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||||
sHostCertificate, sInclude,
|
sHostCertificate, sInclude,
|
||||||
@ -718,7 +719,6 @@ static struct {
|
|||||||
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
|
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
|
||||||
{ "setenv", sSetEnv, SSHCFG_ALL },
|
{ "setenv", sSetEnv, SSHCFG_ALL },
|
||||||
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
|
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
|
||||||
{ "tunneloptions", sTunnelOptions, SSHCFG_GLOBAL },
|
|
||||||
{ "permittty", sPermitTTY, SSHCFG_ALL },
|
{ "permittty", sPermitTTY, SSHCFG_ALL },
|
||||||
{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
|
{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
|
||||||
{ "match", sMatch, SSHCFG_ALL },
|
{ "match", sMatch, SSHCFG_ALL },
|
||||||
@ -2292,9 +2292,17 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||||||
case sPermitTunnel:
|
case sPermitTunnel:
|
||||||
intptr = &options->permit_tun;
|
intptr = &options->permit_tun;
|
||||||
arg = argv_next(&ac, &av);
|
arg = argv_next(&ac, &av);
|
||||||
if (!arg || *arg == '\0')
|
if (!arg || *arg == '\0') {
|
||||||
fatal("%s line %d: %s missing argument.",
|
fatal("%s line %d: %s missing argument.",
|
||||||
filename, linenum, keyword);
|
filename, linenum, keyword);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
char* opt = strchr(arg, ':');
|
||||||
|
if (opt != NULL) {
|
||||||
|
options->tun_options = xstrdup(opt + 1);
|
||||||
|
*opt = '\0';
|
||||||
|
}
|
||||||
|
}
|
||||||
value = -1;
|
value = -1;
|
||||||
for (i = 0; tunmode_desc[i].val != -1; i++)
|
for (i = 0; tunmode_desc[i].val != -1; i++)
|
||||||
if (strcmp(tunmode_desc[i].text, arg) == 0) {
|
if (strcmp(tunmode_desc[i].text, arg) == 0) {
|
||||||
@ -2308,14 +2316,6 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||||||
*intptr = value;
|
*intptr = value;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case sTunnelOptions:
|
|
||||||
charptr = &options->tunnel_options;
|
|
||||||
arg = argv_next(&ac, &av);
|
|
||||||
if (*activep && *charptr == NULL)
|
|
||||||
*charptr = xstrdup((arg == NULL) ? "" : arg);
|
|
||||||
break;
|
|
||||||
|
|
||||||
|
|
||||||
case sInclude:
|
case sInclude:
|
||||||
if (cmdline) {
|
if (cmdline) {
|
||||||
fatal("Include directive not supported as a "
|
fatal("Include directive not supported as a "
|
||||||
@ -3436,7 +3436,6 @@ dump_config(ServerOptions *o)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
dump_cfg_string(sPermitTunnel, s);
|
dump_cfg_string(sPermitTunnel, s);
|
||||||
dump_cfg_string(sTunnelOptions, o->tunnel_options);
|
|
||||||
|
|
||||||
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
|
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
|
||||||
printf("%s\n", iptos2str(o->ip_qos_bulk));
|
printf("%s\n", iptos2str(o->ip_qos_bulk));
|
||||||
|
|||||||
@ -214,7 +214,7 @@ typedef struct {
|
|||||||
|
|
||||||
int permit_tun;
|
int permit_tun;
|
||||||
|
|
||||||
char* tunnel_options;
|
char* tun_options;
|
||||||
|
|
||||||
char **permitted_opens; /* May also be one of PERMITOPEN_* */
|
char **permitted_opens; /* May also be one of PERMITOPEN_* */
|
||||||
u_int num_permitted_opens;
|
u_int num_permitted_opens;
|
||||||
|
|||||||
@ -516,7 +516,7 @@ server_request_tun(struct ssh *ssh)
|
|||||||
goto done;
|
goto done;
|
||||||
tun = auth_opts->force_tun_device;
|
tun = auth_opts->force_tun_device;
|
||||||
}
|
}
|
||||||
sock = tun_open(tun, mode, options.tunnel_options, &ifname);
|
sock = tun_open(tun, mode, options.tun_options, &ifname);
|
||||||
if (sock < 0)
|
if (sock < 0)
|
||||||
goto done;
|
goto done;
|
||||||
debug("Tunnel forwarding using interface %s", ifname);
|
debug("Tunnel forwarding using interface %s", ifname);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user