summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2005-12-13 19:29:02 +1100
committerDamien Miller <djm@mindrot.org>2005-12-13 19:29:02 +1100
commitd27b947178df3689bfb7fdfb62a5f1337ef73481 (patch)
treec8678325c355b3602bdabca16da1baa8707818eb /auth-options.c
parent6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff)
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c41
1 files changed, 40 insertions, 1 deletions
diff --git a/auth-options.c b/auth-options.c
index a85e40835..54798d9ad 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.32 2005/12/06 22:38:27 reyk Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "match.h" 16#include "match.h"
@@ -35,6 +35,9 @@ char *forced_command = NULL;
35/* "environment=" options. */ 35/* "environment=" options. */
36struct envstring *custom_environment = NULL; 36struct envstring *custom_environment = NULL;
37 37
38/* "tunnel=" option. */
39int forced_tun_device = -1;
40
38extern ServerOptions options; 41extern ServerOptions options;
39 42
40void 43void
@@ -54,6 +57,7 @@ auth_clear_options(void)
54 xfree(forced_command); 57 xfree(forced_command);
55 forced_command = NULL; 58 forced_command = NULL;
56 } 59 }
60 forced_tun_device = -1;
57 channel_clear_permitted_opens(); 61 channel_clear_permitted_opens();
58 auth_debug_reset(); 62 auth_debug_reset();
59} 63}
@@ -269,6 +273,41 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
269 xfree(patterns); 273 xfree(patterns);
270 goto next_option; 274 goto next_option;
271 } 275 }
276 cp = "tunnel=\"";
277 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
278 char *tun = NULL;
279 opts += strlen(cp);
280 tun = xmalloc(strlen(opts) + 1);
281 i = 0;
282 while (*opts) {
283 if (*opts == '"')
284 break;
285 tun[i++] = *opts++;
286 }
287 if (!*opts) {
288 debug("%.100s, line %lu: missing end quote",
289 file, linenum);
290 auth_debug_add("%.100s, line %lu: missing end quote",
291 file, linenum);
292 xfree(tun);
293 forced_tun_device = -1;
294 goto bad_option;
295 }
296 tun[i] = 0;
297 forced_tun_device = a2tun(tun, NULL);
298 xfree(tun);
299 if (forced_tun_device < -1) {
300 debug("%.100s, line %lu: invalid tun device",
301 file, linenum);
302 auth_debug_add("%.100s, line %lu: invalid tun device",
303 file, linenum);
304 forced_tun_device = -1;
305 goto bad_option;
306 }
307 auth_debug_add("Forced tun device: %d", forced_tun_device);
308 opts++;
309 goto next_option;
310 }
272next_option: 311next_option:
273 /* 312 /*
274 * Skip the comma, and move to the next option 313 * Skip the comma, and move to the next option
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 13:01:42 +0000