diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-01-20 10:57:56 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-01-20 10:57:56 +1100 |
commit | 0f3832322230ebc4b0fe5a2aca5cf9aaa8b0c3c1 (patch) | |
tree | 636c57585769866a43d63c1f15e92930b07b4007 | |
parent | 7cfeecf67008d5135718806fab6bda7f353e5f59 (diff) |
- djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898: support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz; ok deraadt@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | servconf.c | 32 | ||||
-rw-r--r-- | servconf.h | 3 | ||||
-rw-r--r-- | sshd.c | 16 | ||||
-rw-r--r-- | sshd_config | 3 | ||||
-rw-r--r-- | sshd_config.5 | 13 |
6 files changed, 54 insertions, 19 deletions
@@ -6,6 +6,10 @@ | |||
6 | - markus@cvs.openbsd.org 2004/12/23 17:38:07 | 6 | - markus@cvs.openbsd.org 2004/12/23 17:38:07 |
7 | [ssh-keygen.c] | 7 | [ssh-keygen.c] |
8 | leak; from mpech | 8 | leak; from mpech |
9 | - djm@cvs.openbsd.org 2004/12/23 23:11:00 | ||
10 | [servconf.c servconf.h sshd.c sshd_config sshd_config.5] | ||
11 | bz #898: support AddressFamily in sshd_config. from | ||
12 | peak@argo.troja.mff.cuni.cz; ok deraadt@ | ||
9 | 13 | ||
10 | 20050118 | 14 | 20050118 |
11 | - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement | 15 | - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement |
@@ -1978,4 +1982,4 @@ | |||
1978 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1982 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1979 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1983 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1980 | 1984 | ||
1981 | $Id: ChangeLog,v 1.3610 2005/01/19 23:56:31 dtucker Exp $ | 1985 | $Id: ChangeLog,v 1.3611 2005/01/19 23:57:56 dtucker Exp $ |
diff --git a/servconf.c b/servconf.c index fae3c658e..541a9c85b 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.138 2004/12/23 23:11:00 djm Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "log.h" | 16 | #include "log.h" |
@@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); | |||
26 | static void add_listen_addr(ServerOptions *, char *, u_short); | 26 | static void add_listen_addr(ServerOptions *, char *, u_short); |
27 | static void add_one_listen_addr(ServerOptions *, char *, u_short); | 27 | static void add_one_listen_addr(ServerOptions *, char *, u_short); |
28 | 28 | ||
29 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | ||
30 | extern int IPv4or6; | ||
31 | /* Use of privilege separation or not */ | 29 | /* Use of privilege separation or not */ |
32 | extern int use_privsep; | 30 | extern int use_privsep; |
33 | 31 | ||
@@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options) | |||
45 | options->num_ports = 0; | 43 | options->num_ports = 0; |
46 | options->ports_from_cmdline = 0; | 44 | options->ports_from_cmdline = 0; |
47 | options->listen_addrs = NULL; | 45 | options->listen_addrs = NULL; |
46 | options->address_family = -1; | ||
48 | options->num_host_key_files = 0; | 47 | options->num_host_key_files = 0; |
49 | options->pid_file = NULL; | 48 | options->pid_file = NULL; |
50 | options->server_key_bits = -1; | 49 | options->server_key_bits = -1; |
@@ -258,7 +257,8 @@ typedef enum { | |||
258 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, | 257 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
259 | sKerberosGetAFSToken, | 258 | sKerberosGetAFSToken, |
260 | sKerberosTgtPassing, sChallengeResponseAuthentication, | 259 | sKerberosTgtPassing, sChallengeResponseAuthentication, |
261 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, | 260 | sPasswordAuthentication, sKbdInteractiveAuthentication, |
261 | sListenAddress, sAddressFamily, | ||
262 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 262 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
263 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 263 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
264 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 264 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
@@ -335,6 +335,7 @@ static struct { | |||
335 | { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ | 335 | { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ |
336 | { "checkmail", sDeprecated }, | 336 | { "checkmail", sDeprecated }, |
337 | { "listenaddress", sListenAddress }, | 337 | { "listenaddress", sListenAddress }, |
338 | { "addressfamily", sAddressFamily }, | ||
338 | { "printmotd", sPrintMotd }, | 339 | { "printmotd", sPrintMotd }, |
339 | { "printlastlog", sPrintLastLog }, | 340 | { "printlastlog", sPrintLastLog }, |
340 | { "ignorerhosts", sIgnoreRhosts }, | 341 | { "ignorerhosts", sIgnoreRhosts }, |
@@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port) | |||
401 | 402 | ||
402 | if (options->num_ports == 0) | 403 | if (options->num_ports == 0) |
403 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | 404 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
405 | if (options->address_family == -1) | ||
406 | options->address_family = AF_UNSPEC; | ||
404 | if (port == 0) | 407 | if (port == 0) |
405 | for (i = 0; i < options->num_ports; i++) | 408 | for (i = 0; i < options->num_ports; i++) |
406 | add_one_listen_addr(options, addr, options->ports[i]); | 409 | add_one_listen_addr(options, addr, options->ports[i]); |
@@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) | |||
416 | int gaierr; | 419 | int gaierr; |
417 | 420 | ||
418 | memset(&hints, 0, sizeof(hints)); | 421 | memset(&hints, 0, sizeof(hints)); |
419 | hints.ai_family = IPv4or6; | 422 | hints.ai_family = options->address_family; |
420 | hints.ai_socktype = SOCK_STREAM; | 423 | hints.ai_socktype = SOCK_STREAM; |
421 | hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; | 424 | hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
422 | snprintf(strport, sizeof strport, "%u", port); | 425 | snprintf(strport, sizeof strport, "%u", port); |
@@ -544,6 +547,25 @@ parse_time: | |||
544 | filename, linenum); | 547 | filename, linenum); |
545 | break; | 548 | break; |
546 | 549 | ||
550 | case sAddressFamily: | ||
551 | arg = strdelim(&cp); | ||
552 | intptr = &options->address_family; | ||
553 | if (options->listen_addrs != NULL) | ||
554 | fatal("%s line %d: address family must be specified before " | ||
555 | "ListenAddress.", filename, linenum); | ||
556 | if (strcasecmp(arg, "inet") == 0) | ||
557 | value = AF_INET; | ||
558 | else if (strcasecmp(arg, "inet6") == 0) | ||
559 | value = AF_INET6; | ||
560 | else if (strcasecmp(arg, "any") == 0) | ||
561 | value = AF_UNSPEC; | ||
562 | else | ||
563 | fatal("%s line %d: unsupported address family \"%s\".", | ||
564 | filename, linenum, arg); | ||
565 | if (*intptr == -1) | ||
566 | *intptr = value; | ||
567 | break; | ||
568 | |||
547 | case sHostKeyFile: | 569 | case sHostKeyFile: |
548 | intptr = &options->num_host_key_files; | 570 | intptr = &options->num_host_key_files; |
549 | if (*intptr >= MAX_HOSTKEYS) | 571 | if (*intptr >= MAX_HOSTKEYS) |
diff --git a/servconf.h b/servconf.h index ebd056814..f7e56d521 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -43,6 +43,7 @@ typedef struct { | |||
43 | u_short ports[MAX_PORTS]; /* Port number to listen on. */ | 43 | u_short ports[MAX_PORTS]; /* Port number to listen on. */ |
44 | char *listen_addr; /* Address on which the server listens. */ | 44 | char *listen_addr; /* Address on which the server listens. */ |
45 | struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ | 45 | struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ |
46 | int address_family; /* Address family used by the server. */ | ||
46 | char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ | 47 | char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ |
47 | int num_host_key_files; /* Number of files for host keys. */ | 48 | int num_host_key_files; /* Number of files for host keys. */ |
48 | char *pid_file; /* Where to put our pid */ | 49 | char *pid_file; /* Where to put our pid */ |
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.304 2004/09/25 03:45:14 djm Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.305 2004/12/23 23:11:00 djm Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -112,12 +112,6 @@ ServerOptions options; | |||
112 | char *config_file_name = _PATH_SERVER_CONFIG_FILE; | 112 | char *config_file_name = _PATH_SERVER_CONFIG_FILE; |
113 | 113 | ||
114 | /* | 114 | /* |
115 | * Flag indicating whether IPv4 or IPv6. This can be set on the command line. | ||
116 | * Default value is AF_UNSPEC means both IPv4 and IPv6. | ||
117 | */ | ||
118 | int IPv4or6 = AF_UNSPEC; | ||
119 | |||
120 | /* | ||
121 | * Debug mode flag. This can be set on the command line. If debug | 115 | * Debug mode flag. This can be set on the command line. If debug |
122 | * mode is enabled, extra debugging output will be sent to the system | 116 | * mode is enabled, extra debugging output will be sent to the system |
123 | * log, the daemon will not go to background, and will exit after processing | 117 | * log, the daemon will not go to background, and will exit after processing |
@@ -920,10 +914,10 @@ main(int ac, char **av) | |||
920 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { | 914 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { |
921 | switch (opt) { | 915 | switch (opt) { |
922 | case '4': | 916 | case '4': |
923 | IPv4or6 = AF_INET; | 917 | options.address_family = AF_INET; |
924 | break; | 918 | break; |
925 | case '6': | 919 | case '6': |
926 | IPv4or6 = AF_INET6; | 920 | options.address_family = AF_INET6; |
927 | break; | 921 | break; |
928 | case 'f': | 922 | case 'f': |
929 | config_file_name = optarg; | 923 | config_file_name = optarg; |
@@ -1024,7 +1018,6 @@ main(int ac, char **av) | |||
1024 | closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); | 1018 | closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); |
1025 | 1019 | ||
1026 | SSLeay_add_all_algorithms(); | 1020 | SSLeay_add_all_algorithms(); |
1027 | channel_set_af(IPv4or6); | ||
1028 | 1021 | ||
1029 | /* | 1022 | /* |
1030 | * Force logging to stderr until we have loaded the private host | 1023 | * Force logging to stderr until we have loaded the private host |
@@ -1074,6 +1067,9 @@ main(int ac, char **av) | |||
1074 | /* Fill in default values for those options not explicitly set. */ | 1067 | /* Fill in default values for those options not explicitly set. */ |
1075 | fill_default_server_options(&options); | 1068 | fill_default_server_options(&options); |
1076 | 1069 | ||
1070 | /* set default channel AF */ | ||
1071 | channel_set_af(options.address_family); | ||
1072 | |||
1077 | /* Check that there are no remaining arguments. */ | 1073 | /* Check that there are no remaining arguments. */ |
1078 | if (optind < ac) { | 1074 | if (optind < ac) { |
1079 | fprintf(stderr, "Extra argument %s.\n", av[optind]); | 1075 | fprintf(stderr, "Extra argument %s.\n", av[optind]); |
diff --git a/sshd_config b/sshd_config index 65e6f1c32..53ae9942e 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ | 1 | # $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -12,6 +12,7 @@ | |||
12 | 12 | ||
13 | #Port 22 | 13 | #Port 22 |
14 | #Protocol 2,1 | 14 | #Protocol 2,1 |
15 | #AddressFamily any | ||
15 | #ListenAddress 0.0.0.0 | 16 | #ListenAddress 0.0.0.0 |
16 | #ListenAddress :: | 17 | #ListenAddress :: |
17 | 18 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index 50b9a89b1..07f91b6ed 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.37 2004/12/23 23:11:00 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted | |||
83 | user environments. | 83 | user environments. |
84 | For this reason, care should be taken in the use of this directive. | 84 | For this reason, care should be taken in the use of this directive. |
85 | The default is not to accept any environment variables. | 85 | The default is not to accept any environment variables. |
86 | .It Cm AddressFamily | ||
87 | Specifies which address family should be used by | ||
88 | .Nm sshd . | ||
89 | Valid arguments are | ||
90 | .Dq any , | ||
91 | .Dq inet | ||
92 | (use IPv4 only) or | ||
93 | .Dq inet6 | ||
94 | (use IPv6 only). | ||
95 | The default is | ||
96 | .Dq any . | ||
86 | .It Cm AllowGroups | 97 | .It Cm AllowGroups |
87 | This keyword can be followed by a list of group name patterns, separated | 98 | This keyword can be followed by a list of group name patterns, separated |
88 | by spaces. | 99 | by spaces. |