- markus@cvs.openbsd.org 2001/04/30 11:18:52
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c] implement 'ssh -b bind_address' like 'telnet -b'
This commit is contained in:
parent
8a188a8027
commit
e0f8804194
|
@ -1,3 +1,9 @@
|
||||||
|
20010501
|
||||||
|
- OpenBSD CVS Sync
|
||||||
|
- markus@cvs.openbsd.org 2001/04/30 11:18:52
|
||||||
|
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
|
||||||
|
implement 'ssh -b bind_address' like 'telnet -b'
|
||||||
|
|
||||||
20010430
|
20010430
|
||||||
- OpenBSD CVS Sync
|
- OpenBSD CVS Sync
|
||||||
- markus@cvs.openbsd.org 2001/04/29 18:32:52
|
- markus@cvs.openbsd.org 2001/04/29 18:32:52
|
||||||
|
@ -5282,4 +5288,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1184 2001/04/30 03:55:37 djm Exp $
|
$Id: ChangeLog,v 1.1185 2001/04/30 13:06:24 mouring Exp $
|
||||||
|
|
10
readconf.c
10
readconf.c
|
@ -12,7 +12,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
|
RCSID("$OpenBSD: readconf.c,v 1.77 2001/04/30 11:18:51 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
@ -111,7 +111,7 @@ typedef enum {
|
||||||
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
|
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
|
||||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||||
oHostKeyAlgorithms
|
oHostKeyAlgorithms, oBindAddress
|
||||||
} OpCodes;
|
} OpCodes;
|
||||||
|
|
||||||
/* Textual representations of the tokens. */
|
/* Textual representations of the tokens. */
|
||||||
|
@ -177,6 +177,7 @@ static struct {
|
||||||
{ "dynamicforward", oDynamicForward },
|
{ "dynamicforward", oDynamicForward },
|
||||||
{ "preferredauthentications", oPreferredAuthentications },
|
{ "preferredauthentications", oPreferredAuthentications },
|
||||||
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
||||||
|
{ "bindaddress", oBindAddress },
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -459,6 +460,10 @@ parse_string:
|
||||||
charptr = &options->preferred_authentications;
|
charptr = &options->preferred_authentications;
|
||||||
goto parse_string;
|
goto parse_string;
|
||||||
|
|
||||||
|
case oBindAddress:
|
||||||
|
charptr = &options->bind_address;
|
||||||
|
goto parse_string;
|
||||||
|
|
||||||
case oProxyCommand:
|
case oProxyCommand:
|
||||||
charptr = &options->proxy_command;
|
charptr = &options->proxy_command;
|
||||||
string = xstrdup("");
|
string = xstrdup("");
|
||||||
|
@ -761,6 +766,7 @@ initialize_options(Options * options)
|
||||||
options->num_remote_forwards = 0;
|
options->num_remote_forwards = 0;
|
||||||
options->log_level = (LogLevel) - 1;
|
options->log_level = (LogLevel) - 1;
|
||||||
options->preferred_authentications = NULL;
|
options->preferred_authentications = NULL;
|
||||||
|
options->bind_address = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
* called by a name other than "ssh" or "Secure Shell".
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
|
/* RCSID("$OpenBSD: readconf.h,v 1.31 2001/04/30 11:18:52 markus Exp $"); */
|
||||||
|
|
||||||
#ifndef READCONF_H
|
#ifndef READCONF_H
|
||||||
#define READCONF_H
|
#define READCONF_H
|
||||||
|
@ -85,6 +85,7 @@ typedef struct {
|
||||||
char *system_hostfile2;
|
char *system_hostfile2;
|
||||||
char *user_hostfile2;
|
char *user_hostfile2;
|
||||||
char *preferred_authentications;
|
char *preferred_authentications;
|
||||||
|
char *bind_address; /* local socket address for connection to sshd */
|
||||||
|
|
||||||
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
||||||
char *identity_files[SSH_MAX_IDENTITY_FILES];
|
char *identity_files[SSH_MAX_IDENTITY_FILES];
|
||||||
|
|
13
ssh.1
13
ssh.1
|
@ -34,7 +34,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh.1,v 1.107 2001/04/22 23:58:36 markus Exp $
|
.\" $OpenBSD: ssh.1,v 1.108 2001/04/30 11:18:52 markus Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSH 1
|
.Dt SSH 1
|
||||||
.Os
|
.Os
|
||||||
|
@ -49,6 +49,7 @@
|
||||||
.Pp
|
.Pp
|
||||||
.Nm ssh
|
.Nm ssh
|
||||||
.Op Fl afgknqstvxACNPTX1246
|
.Op Fl afgknqstvxACNPTX1246
|
||||||
|
.Op Fl b Ar bind_address
|
||||||
.Op Fl c Ar cipher_spec
|
.Op Fl c Ar cipher_spec
|
||||||
.Op Fl e Ar escape_char
|
.Op Fl e Ar escape_char
|
||||||
.Op Fl i Ar identity_file
|
.Op Fl i Ar identity_file
|
||||||
|
@ -383,6 +384,9 @@ Disables forwarding of the authentication agent connection.
|
||||||
.It Fl A
|
.It Fl A
|
||||||
Enables forwarding of the authentication agent connection.
|
Enables forwarding of the authentication agent connection.
|
||||||
This can also be specified on a per-host basis in a configuration file.
|
This can also be specified on a per-host basis in a configuration file.
|
||||||
|
.It Fl b Ar bind_address
|
||||||
|
Specify the interface to transmit from on machines with multiple
|
||||||
|
interfaces or aliased addresses.
|
||||||
.It Fl c Ar blowfish|3des
|
.It Fl c Ar blowfish|3des
|
||||||
Selects the cipher to use for encrypting the session.
|
Selects the cipher to use for encrypting the session.
|
||||||
.Ar 3des
|
.Ar 3des
|
||||||
|
@ -667,6 +671,13 @@ or
|
||||||
.Dq no .
|
.Dq no .
|
||||||
The default is
|
The default is
|
||||||
.Dq no .
|
.Dq no .
|
||||||
|
.It Cm BindAddress
|
||||||
|
Specify the interface to transmit from on machines with multiple
|
||||||
|
interfaces or aliased addresses.
|
||||||
|
Note that this option does not work if
|
||||||
|
.Cm UsePrivilegedPort
|
||||||
|
is set to
|
||||||
|
.Dq yes .
|
||||||
.It Cm CheckHostIP
|
.It Cm CheckHostIP
|
||||||
If this flag is set to
|
If this flag is set to
|
||||||
.Dq yes ,
|
.Dq yes ,
|
||||||
|
|
8
ssh.c
8
ssh.c
|
@ -39,7 +39,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh.c,v 1.116 2001/04/17 12:55:04 markus Exp $");
|
RCSID("$OpenBSD: ssh.c,v 1.117 2001/04/30 11:18:52 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
@ -191,6 +191,7 @@ usage(void)
|
||||||
fprintf(stderr, " -6 Use IPv6 only.\n");
|
fprintf(stderr, " -6 Use IPv6 only.\n");
|
||||||
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
|
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
|
||||||
fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n");
|
fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n");
|
||||||
|
fprintf(stderr, " -b Local IP address.\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -318,7 +319,7 @@ main(int ac, char **av)
|
||||||
opt = av[optind][1];
|
opt = av[optind][1];
|
||||||
if (!opt)
|
if (!opt)
|
||||||
usage();
|
usage();
|
||||||
if (strchr("eilcmpLRDo", opt)) { /* options with arguments */
|
if (strchr("eilcmpbLRDo", opt)) { /* options with arguments */
|
||||||
optarg = av[optind] + 2;
|
optarg = av[optind] + 2;
|
||||||
if (strcmp(optarg, "") == 0) {
|
if (strcmp(optarg, "") == 0) {
|
||||||
if (optind >= ac - 1)
|
if (optind >= ac - 1)
|
||||||
|
@ -517,6 +518,9 @@ main(int ac, char **av)
|
||||||
case 's':
|
case 's':
|
||||||
subsystem_flag = 1;
|
subsystem_flag = 1;
|
||||||
break;
|
break;
|
||||||
|
case 'b':
|
||||||
|
options.bind_address = optarg;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
usage();
|
usage();
|
||||||
}
|
}
|
||||||
|
|
48
sshconnect.c
48
sshconnect.c
|
@ -13,7 +13,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect.c,v 1.104 2001/04/12 19:15:25 markus Exp $");
|
RCSID("$OpenBSD: sshconnect.c,v 1.105 2001/04/30 11:18:52 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
|
@ -147,7 +147,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
|
||||||
int
|
int
|
||||||
ssh_create_socket(struct passwd *pw, int privileged, int family)
|
ssh_create_socket(struct passwd *pw, int privileged, int family)
|
||||||
{
|
{
|
||||||
int sock;
|
int sock, gaierr;
|
||||||
|
struct addrinfo hints, *res;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we are running as root and want to connect to a privileged
|
* If we are running as root and want to connect to a privileged
|
||||||
|
@ -160,17 +161,40 @@ ssh_create_socket(struct passwd *pw, int privileged, int family)
|
||||||
error("rresvport: af=%d %.100s", family, strerror(errno));
|
error("rresvport: af=%d %.100s", family, strerror(errno));
|
||||||
else
|
else
|
||||||
debug("Allocated local port %d.", p);
|
debug("Allocated local port %d.", p);
|
||||||
} else {
|
return sock;
|
||||||
/*
|
|
||||||
* Just create an ordinary socket on arbitrary port. We use
|
|
||||||
* the user's uid to create the socket.
|
|
||||||
*/
|
|
||||||
temporarily_use_uid(pw);
|
|
||||||
sock = socket(family, SOCK_STREAM, 0);
|
|
||||||
if (sock < 0)
|
|
||||||
error("socket: %.100s", strerror(errno));
|
|
||||||
restore_uid();
|
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Just create an ordinary socket on arbitrary port. We use
|
||||||
|
* the user's uid to create the socket.
|
||||||
|
*/
|
||||||
|
temporarily_use_uid(pw);
|
||||||
|
sock = socket(family, SOCK_STREAM, 0);
|
||||||
|
if (sock < 0)
|
||||||
|
error("socket: %.100s", strerror(errno));
|
||||||
|
restore_uid();
|
||||||
|
|
||||||
|
/* Bind the socket to an alternative local IP address */
|
||||||
|
if (options.bind_address == NULL)
|
||||||
|
return sock;
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
hints.ai_family = IPv4or6;
|
||||||
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
|
hints.ai_flags = AI_PASSIVE;
|
||||||
|
gaierr = getaddrinfo(options.bind_address, "0", &hints, &res);
|
||||||
|
if (gaierr) {
|
||||||
|
error("getaddrinfo: %s: %s", options.bind_address,
|
||||||
|
gai_strerror(gaierr));
|
||||||
|
close(sock);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
|
||||||
|
error("bind: %s: %s", options.bind_address, strerror(errno));
|
||||||
|
close(sock);
|
||||||
|
freeaddrinfo(res);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
freeaddrinfo(res);
|
||||||
return sock;
|
return sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue