diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-10-25 00:17:08 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-10-25 12:26:13 +1100 |
commit | 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a (patch) | |
tree | 6ff628a3a477e2e2c7c4757a74b06ab29d3430a2 /servconf.c | |
parent | acf559e1cffbd1d6167cc1742729fc381069f06b (diff) |
upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index 68db047f2..51139c31c 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.315 2017/10/25 00:15:35 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -91,6 +91,7 @@ initialize_server_options(ServerOptions *options) | |||
91 | options->listen_addrs = NULL; | 91 | options->listen_addrs = NULL; |
92 | options->num_listen_addrs = 0; | 92 | options->num_listen_addrs = 0; |
93 | options->address_family = -1; | 93 | options->address_family = -1; |
94 | options->routing_domain = NULL; | ||
94 | options->num_host_key_files = 0; | 95 | options->num_host_key_files = 0; |
95 | options->num_host_cert_files = 0; | 96 | options->num_host_cert_files = 0; |
96 | options->host_key_agent = NULL; | 97 | options->host_key_agent = NULL; |
@@ -406,6 +407,7 @@ fill_default_server_options(ServerOptions *options) | |||
406 | CLEAR_ON_NONE(options->authorized_principals_file); | 407 | CLEAR_ON_NONE(options->authorized_principals_file); |
407 | CLEAR_ON_NONE(options->adm_forced_command); | 408 | CLEAR_ON_NONE(options->adm_forced_command); |
408 | CLEAR_ON_NONE(options->chroot_directory); | 409 | CLEAR_ON_NONE(options->chroot_directory); |
410 | CLEAR_ON_NONE(options->routing_domain); | ||
409 | for (i = 0; i < options->num_host_key_files; i++) | 411 | for (i = 0; i < options->num_host_key_files; i++) |
410 | CLEAR_ON_NONE(options->host_key_files[i]); | 412 | CLEAR_ON_NONE(options->host_key_files[i]); |
411 | for (i = 0; i < options->num_host_cert_files; i++) | 413 | for (i = 0; i < options->num_host_cert_files; i++) |
@@ -469,7 +471,7 @@ typedef enum { | |||
469 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 471 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
470 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 472 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
471 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, | 473 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
472 | sExposeAuthInfo, | 474 | sExposeAuthInfo, sRDomain, |
473 | sDeprecated, sIgnore, sUnsupported | 475 | sDeprecated, sIgnore, sUnsupported |
474 | } ServerOpCodes; | 476 | } ServerOpCodes; |
475 | 477 | ||
@@ -614,6 +616,7 @@ static struct { | |||
614 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 616 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
615 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, | 617 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, |
616 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, | 618 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, |
619 | { "rdomain", sRDomain, SSHCFG_ALL }, | ||
617 | { NULL, sBadOption, 0 } | 620 | { NULL, sBadOption, 0 } |
618 | }; | 621 | }; |
619 | 622 | ||
@@ -1984,6 +1987,19 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1984 | intptr = &options->expose_userauth_info; | 1987 | intptr = &options->expose_userauth_info; |
1985 | goto parse_flag; | 1988 | goto parse_flag; |
1986 | 1989 | ||
1990 | case sRDomain: | ||
1991 | charptr = &options->routing_domain; | ||
1992 | arg = strdelim(&cp); | ||
1993 | if (!arg || *arg == '\0') | ||
1994 | fatal("%.200s line %d: Missing argument.", | ||
1995 | filename, linenum); | ||
1996 | if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && | ||
1997 | !valid_rdomain(arg)) | ||
1998 | fatal("%s line %d: bad routing domain", | ||
1999 | filename, linenum); | ||
2000 | if (*activep && *charptr == NULL) | ||
2001 | *charptr = xstrdup(arg); | ||
2002 | |||
1987 | case sDeprecated: | 2003 | case sDeprecated: |
1988 | case sIgnore: | 2004 | case sIgnore: |
1989 | case sUnsupported: | 2005 | case sUnsupported: |
@@ -2473,6 +2489,7 @@ dump_config(ServerOptions *o) | |||
2473 | o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); | 2489 | o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); |
2474 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? | 2490 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? |
2475 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); | 2491 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); |
2492 | dump_cfg_string(sRDomain, o->routing_domain); | ||
2476 | 2493 | ||
2477 | /* string arguments requiring a lookup */ | 2494 | /* string arguments requiring a lookup */ |
2478 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 2495 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |