diff options
| author |   djm <djm@openbsd.org> | 2017-10-25 00:19:47 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2017-10-25 00:19:47 +0000 |
| commit | d8b469be5eb031e542d1a0f19a2f08e778e4a037 (patch) | |
| tree | 5ee6e17c72152686f5a14587b07ae84a9e65ae9c | |
| parent | add sshd_config RDomain keyword to place sshd and the subsequent (diff) | |
| download | wireguard-openbsd-d8b469be5eb031e542d1a0f19a2f08e778e4a037.tar.xz wireguard-openbsd-d8b469be5eb031e542d1a0f19a2f08e778e4a037.zip | |
add a "rdomain" criteria for the sshd_config Match keyword to allow
conditional configuration that depends on which rdomain(4) a connection
was recevied on. ok markus@
| -rw-r--r-- | usr.bin/ssh/servconf.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 11 |
5 files changed, 36 insertions, 10 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 86cfb083b5c..d74a684697b 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -805,6 +805,7 @@ get_connection_info(int populate, int use_dns) ci.address = ssh_remote_ipaddr(ssh); ci.laddress = ssh_local_ipaddr(ssh); ci.lport = ssh_local_port(ssh); + ci.rdomain = ssh_packet_rdomain_in(ssh); return &ci; } @@ -988,6 +989,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) ci->laddress, port, line); else result = 0; + } else if (strcasecmp(attrib, "rdomain") == 0) { + if (ci == NULL || ci->rdomain == NULL) { + result = 0; + continue; + } + if (match_pattern_list(ci->rdomain, arg, 0) != 1) + result = 0; + else + debug("user %.100s matched 'RDomain %.100s' at " + "line %d", ci->rdomain, arg, line); } else { error("Unsupported Match attribute %s", attrib); return -1; @@ -2024,6 +2035,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) ci->user = xstrdup(p + 5); } else if (strncmp(p, "laddr=", 6) == 0) { ci->laddress = xstrdup(p + 6); + } else if (strncmp(p, "rdomain=", 8) == 0) { + ci->rdomain = xstrdup(p + 8); } else if (strncmp(p, "lport=", 6) == 0) { ci->lport = a2port(p + 6); if (ci->lport == -1) { diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 5cd3e72a19b..9da7a203cc8 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.129 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -216,6 +216,7 @@ struct connection_info { const char *address; /* remote address */ const char *laddress; /* local address */ int lport; /* local port */ + const char *rdomain; /* routing domain if available */ }; diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index a091131fc60..7335c6ff995 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $ -.Dd $Mdocdate: June 24 2017 $ +.\" $OpenBSD: sshd.8,v 1.292 2017/10/25 00:19:47 djm Exp $ +.Dd $Mdocdate: October 25 2017 $ .Dt SSHD 8 .Os .Sh NAME @@ -109,6 +109,7 @@ The keywords are .Dq host , .Dq laddr , .Dq lport , +.Dq rdomain and .Dq addr . All are required and may be supplied in any order, either with multiple diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index b2793a77160..2a1f6956388 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.496 2017/10/25 00:19:47 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1328,7 +1328,7 @@ main(int ac, char **av) extern int optind; int r, opt, on = 1, already_daemon, remote_port; int sock_in = -1, sock_out = -1, newsock = -1; - const char *remote_ip; + const char *remote_ip, *rdomain; char *fp, *line, *laddr, *logfile = NULL; int config_s[2] = { -1 , -1 }; u_int i, j; @@ -1866,10 +1866,14 @@ main(int ac, char **av) */ remote_ip = ssh_remote_ipaddr(ssh); + rdomain = ssh_packet_rdomain_in(ssh); + /* Log the connection. */ laddr = get_local_ipaddr(sock_in); - verbose("Connection from %s port %d on %s port %d", - remote_ip, remote_port, laddr, ssh_local_port(ssh)); + verbose("Connection from %s port %d on %s port %d%s%s", + remote_ip, remote_port, laddr, ssh_local_port(ssh), + rdomain == NULL ? "" : " rdomain ", + rdomain == NULL ? "" : rdomain); free(laddr); /* diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 492ffe0a4f6..d42dac6748a 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.258 2017/10/25 00:19:47 djm Exp $ .Dd $Mdocdate: October 25 2017 $ .Dt SSHD_CONFIG 5 .Os @@ -1055,8 +1055,15 @@ The available criteria are .Cm Host , .Cm LocalAddress , .Cm LocalPort , +.Cm RDomain , and -.Cm Address . +.Cm Address +(with +.Cm RDomain +representing the +.Xr rdomain 4 +on which the connection was received.) +.Pp The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the .Sx PATTERNS |