diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-02-23 02:34:33 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-02-23 13:37:49 +1100 |
| commit | ac2e3026bbee1367e4cda34765d1106099be3287 (patch) | |
| tree | 83d0a8e3b1edcc01b087feb6ea98d67ec8607179 /readconf.c | |
| parent | fcdb9d777839a3fa034b3bc3067ba8c1f6886679 (diff) | |
upstream: Add BindInterface ssh_config directive and -B
command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.
BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.
Based on patch by Mike Manning in bz#2820, ok dtucker@
OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c index 10b57bd45..56bff850a 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.281 2017/12/05 23:59:47 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.282 2018/02/23 02:34:33 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -156,7 +156,7 @@ typedef enum { | |||
| 156 | oPubkeyAuthentication, | 156 | oPubkeyAuthentication, |
| 157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
| 158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
| 159 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 159 | oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, |
| 160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
| 161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
| 162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
| @@ -266,6 +266,7 @@ static struct { | |||
| 266 | { "preferredauthentications", oPreferredAuthentications }, | 266 | { "preferredauthentications", oPreferredAuthentications }, |
| 267 | { "hostkeyalgorithms", oHostKeyAlgorithms }, | 267 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
| 268 | { "bindaddress", oBindAddress }, | 268 | { "bindaddress", oBindAddress }, |
| 269 | { "bindinterface", oBindInterface }, | ||
| 269 | { "clearallforwardings", oClearAllForwardings }, | 270 | { "clearallforwardings", oClearAllForwardings }, |
| 270 | { "enablesshkeysign", oEnableSSHKeysign }, | 271 | { "enablesshkeysign", oEnableSSHKeysign }, |
| 271 | { "verifyhostkeydns", oVerifyHostKeyDNS }, | 272 | { "verifyhostkeydns", oVerifyHostKeyDNS }, |
| @@ -1099,6 +1100,10 @@ parse_char_array: | |||
| 1099 | charptr = &options->bind_address; | 1100 | charptr = &options->bind_address; |
| 1100 | goto parse_string; | 1101 | goto parse_string; |
| 1101 | 1102 | ||
| 1103 | case oBindInterface: | ||
| 1104 | charptr = &options->bind_interface; | ||
| 1105 | goto parse_string; | ||
| 1106 | |||
| 1102 | case oPKCS11Provider: | 1107 | case oPKCS11Provider: |
| 1103 | charptr = &options->pkcs11_provider; | 1108 | charptr = &options->pkcs11_provider; |
| 1104 | goto parse_string; | 1109 | goto parse_string; |
| @@ -1800,6 +1805,7 @@ initialize_options(Options * options) | |||
| 1800 | options->log_level = SYSLOG_LEVEL_NOT_SET; | 1805 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
| 1801 | options->preferred_authentications = NULL; | 1806 | options->preferred_authentications = NULL; |
| 1802 | options->bind_address = NULL; | 1807 | options->bind_address = NULL; |
| 1808 | options->bind_interface = NULL; | ||
| 1803 | options->pkcs11_provider = NULL; | 1809 | options->pkcs11_provider = NULL; |
| 1804 | options->enable_ssh_keysign = - 1; | 1810 | options->enable_ssh_keysign = - 1; |
| 1805 | options->no_host_authentication_for_localhost = - 1; | 1811 | options->no_host_authentication_for_localhost = - 1; |
| @@ -2509,6 +2515,7 @@ dump_client_config(Options *o, const char *host) | |||
| 2509 | 2515 | ||
| 2510 | /* String options */ | 2516 | /* String options */ |
| 2511 | dump_cfg_string(oBindAddress, o->bind_address); | 2517 | dump_cfg_string(oBindAddress, o->bind_address); |
| 2518 | dump_cfg_string(oBindInterface, o->bind_interface); | ||
| 2512 | dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); | 2519 | dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); |
| 2513 | dump_cfg_string(oControlPath, o->control_path); | 2520 | dump_cfg_string(oControlPath, o->control_path); |
| 2514 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); | 2521 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |