- djm@cvs.openbsd.org 2013/10/16 02:31:47

     [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
     [sshconnect.c sshconnect.h]
     Implement client-side hostname canonicalisation to allow an explicit
     search path of domain suffixes to use to convert unqualified host names
     to fully-qualified ones for host key matching.
     This is particularly useful for host certificates, which would otherwise
     need to list unqualified names alongside fully-qualified ones (and this
     causes a number of problems).
     "looks fine" markus@

1 files changed, 20 insertions, 2 deletions

diff --git a/readconf.h b/readconf.h
index cde8b5242..4a210897e 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.97 2013/10/14 22:22:03 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.98 2013/10/16 02:31:46 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -29,7 +29,13 @@ typedef struct {
 /* Data structure for representing option data. */
 
 #define MAX_SEND_ENV            256
-#define SSH_MAX_HOSTS_FILES     256
+#define SSH_MAX_HOSTS_FILES     32
+#define MAX_CANON_DOMAINS       32
+
+struct allowed_cname {
+        char *source_list;
+        char *target_list;
+};
 
 typedef struct {
         int     forward_agent;  /* Forward authentication agent. */
@@ -140,9 +146,21 @@ typedef struct {
 
         int     proxy_use_fdpass;
 
+        int     num_canonical_domains;
+        char    *canonical_domains[MAX_CANON_DOMAINS];
+        int     canonicalise_hostname;
+        int     canonicalise_max_dots;
+        int     canonicalise_fallback_local;
+        int     num_permitted_cnames;
+        struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+
         char    *ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
+#define SSH_CANONICALISE_NO     0
+#define SSH_CANONICALISE_YES    1
+#define SSH_CANONICALISE_ALWAYS 2
+
 #define SSHCTL_MASTER_NO        0
 #define SSHCTL_MASTER_YES       1
 #define SSHCTL_MASTER_AUTO      2