diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-10-25 00:17:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-10-25 12:26:13 +1100 |
| commit | 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a (patch) | |
| tree | 6ff628a3a477e2e2c7c4757a74b06ab29d3430a2 /servconf.c | |
| parent | acf559e1cffbd1d6167cc1742729fc381069f06b (diff) | |
upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index 68db047f2..51139c31c 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.315 2017/10/25 00:15:35 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -91,6 +91,7 @@ initialize_server_options(ServerOptions *options) | |||
| 91 | options->listen_addrs = NULL; | 91 | options->listen_addrs = NULL; |
| 92 | options->num_listen_addrs = 0; | 92 | options->num_listen_addrs = 0; |
| 93 | options->address_family = -1; | 93 | options->address_family = -1; |
| 94 | options->routing_domain = NULL; | ||
| 94 | options->num_host_key_files = 0; | 95 | options->num_host_key_files = 0; |
| 95 | options->num_host_cert_files = 0; | 96 | options->num_host_cert_files = 0; |
| 96 | options->host_key_agent = NULL; | 97 | options->host_key_agent = NULL; |
| @@ -406,6 +407,7 @@ fill_default_server_options(ServerOptions *options) | |||
| 406 | CLEAR_ON_NONE(options->authorized_principals_file); | 407 | CLEAR_ON_NONE(options->authorized_principals_file); |
| 407 | CLEAR_ON_NONE(options->adm_forced_command); | 408 | CLEAR_ON_NONE(options->adm_forced_command); |
| 408 | CLEAR_ON_NONE(options->chroot_directory); | 409 | CLEAR_ON_NONE(options->chroot_directory); |
| 410 | CLEAR_ON_NONE(options->routing_domain); | ||
| 409 | for (i = 0; i < options->num_host_key_files; i++) | 411 | for (i = 0; i < options->num_host_key_files; i++) |
| 410 | CLEAR_ON_NONE(options->host_key_files[i]); | 412 | CLEAR_ON_NONE(options->host_key_files[i]); |
| 411 | for (i = 0; i < options->num_host_cert_files; i++) | 413 | for (i = 0; i < options->num_host_cert_files; i++) |
| @@ -469,7 +471,7 @@ typedef enum { | |||
| 469 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 471 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
| 470 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 472 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
| 471 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, | 473 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
| 472 | sExposeAuthInfo, | 474 | sExposeAuthInfo, sRDomain, |
| 473 | sDeprecated, sIgnore, sUnsupported | 475 | sDeprecated, sIgnore, sUnsupported |
| 474 | } ServerOpCodes; | 476 | } ServerOpCodes; |
| 475 | 477 | ||
| @@ -614,6 +616,7 @@ static struct { | |||
| 614 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 616 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
| 615 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, | 617 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, |
| 616 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, | 618 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, |
| 619 | { "rdomain", sRDomain, SSHCFG_ALL }, | ||
| 617 | { NULL, sBadOption, 0 } | 620 | { NULL, sBadOption, 0 } |
| 618 | }; | 621 | }; |
| 619 | 622 | ||
| @@ -1984,6 +1987,19 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1984 | intptr = &options->expose_userauth_info; | 1987 | intptr = &options->expose_userauth_info; |
| 1985 | goto parse_flag; | 1988 | goto parse_flag; |
| 1986 | 1989 | ||
| 1990 | case sRDomain: | ||
| 1991 | charptr = &options->routing_domain; | ||
| 1992 | arg = strdelim(&cp); | ||
| 1993 | if (!arg || *arg == '\0') | ||
| 1994 | fatal("%.200s line %d: Missing argument.", | ||
| 1995 | filename, linenum); | ||
| 1996 | if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && | ||
| 1997 | !valid_rdomain(arg)) | ||
| 1998 | fatal("%s line %d: bad routing domain", | ||
| 1999 | filename, linenum); | ||
| 2000 | if (*activep && *charptr == NULL) | ||
| 2001 | *charptr = xstrdup(arg); | ||
| 2002 | |||
| 1987 | case sDeprecated: | 2003 | case sDeprecated: |
| 1988 | case sIgnore: | 2004 | case sIgnore: |
| 1989 | case sUnsupported: | 2005 | case sUnsupported: |
| @@ -2473,6 +2489,7 @@ dump_config(ServerOptions *o) | |||
| 2473 | o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); | 2489 | o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); |
| 2474 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? | 2490 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? |
| 2475 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); | 2491 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); |
| 2492 | dump_cfg_string(sRDomain, o->routing_domain); | ||
| 2476 | 2493 | ||
| 2477 | /* string arguments requiring a lookup */ | 2494 | /* string arguments requiring a lookup */ |
| 2478 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 2495 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |