diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-10-25 00:19:47 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-10-25 12:26:21 +1100 |
| commit | 68af80e6fdeaeb79432209db614386ff0f37e75f (patch) | |
| tree | f3933ecc3e27513aa642587f90f44fffd4a7f13e /servconf.c | |
| parent | 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a (diff) | |
upstream commit
add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on which rdomain(4) a
connection was recevied on. ok markus@
Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 51139c31c..64a865180 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -855,6 +855,7 @@ get_connection_info(int populate, int use_dns) | |||
| 855 | ci.address = ssh_remote_ipaddr(ssh); | 855 | ci.address = ssh_remote_ipaddr(ssh); |
| 856 | ci.laddress = ssh_local_ipaddr(ssh); | 856 | ci.laddress = ssh_local_ipaddr(ssh); |
| 857 | ci.lport = ssh_local_port(ssh); | 857 | ci.lport = ssh_local_port(ssh); |
| 858 | ci.rdomain = ssh_packet_rdomain_in(ssh); | ||
| 858 | return &ci; | 859 | return &ci; |
| 859 | } | 860 | } |
| 860 | 861 | ||
| @@ -1038,6 +1039,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
| 1038 | ci->laddress, port, line); | 1039 | ci->laddress, port, line); |
| 1039 | else | 1040 | else |
| 1040 | result = 0; | 1041 | result = 0; |
| 1042 | } else if (strcasecmp(attrib, "rdomain") == 0) { | ||
| 1043 | if (ci == NULL || ci->rdomain == NULL) { | ||
| 1044 | result = 0; | ||
| 1045 | continue; | ||
| 1046 | } | ||
| 1047 | if (match_pattern_list(ci->rdomain, arg, 0) != 1) | ||
| 1048 | result = 0; | ||
| 1049 | else | ||
| 1050 | debug("user %.100s matched 'RDomain %.100s' at " | ||
| 1051 | "line %d", ci->rdomain, arg, line); | ||
| 1041 | } else { | 1052 | } else { |
| 1042 | error("Unsupported Match attribute %s", attrib); | 1053 | error("Unsupported Match attribute %s", attrib); |
| 1043 | return -1; | 1054 | return -1; |
| @@ -2080,6 +2091,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) | |||
| 2080 | ci->user = xstrdup(p + 5); | 2091 | ci->user = xstrdup(p + 5); |
| 2081 | } else if (strncmp(p, "laddr=", 6) == 0) { | 2092 | } else if (strncmp(p, "laddr=", 6) == 0) { |
| 2082 | ci->laddress = xstrdup(p + 6); | 2093 | ci->laddress = xstrdup(p + 6); |
| 2094 | } else if (strncmp(p, "rdomain=", 8) == 0) { | ||
| 2095 | ci->rdomain = xstrdup(p + 8); | ||
| 2083 | } else if (strncmp(p, "lport=", 6) == 0) { | 2096 | } else if (strncmp(p, "lport=", 6) == 0) { |
| 2084 | ci->lport = a2port(p + 6); | 2097 | ci->lport = a2port(p + 6); |
| 2085 | if (ci->lport == -1) { | 2098 | if (ci->lport == -1) { |