diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | readconf.c | 10 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | ssh.1 | 13 | ||||
-rw-r--r-- | ssh.c | 8 | ||||
-rw-r--r-- | sshconnect.c | 48 |
6 files changed, 71 insertions, 19 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20010501 | ||
2 | - OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2001/04/30 11:18:52 | ||
4 | [readconf.c readconf.h ssh.1 ssh.c sshconnect.c] | ||
5 | implement 'ssh -b bind_address' like 'telnet -b' | ||
6 | |||
1 | 20010430 | 7 | 20010430 |
2 | - OpenBSD CVS Sync | 8 | - OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2001/04/29 18:32:52 | 9 | - markus@cvs.openbsd.org 2001/04/29 18:32:52 |
@@ -5282,4 +5288,4 @@ | |||
5282 | - Wrote replacements for strlcpy and mkdtemp | 5288 | - Wrote replacements for strlcpy and mkdtemp |
5283 | - Released 1.0pre1 | 5289 | - Released 1.0pre1 |
5284 | 5290 | ||
5285 | $Id: ChangeLog,v 1.1184 2001/04/30 03:55:37 djm Exp $ | 5291 | $Id: ChangeLog,v 1.1185 2001/04/30 13:06:24 mouring Exp $ |
diff --git a/readconf.c b/readconf.c index b30c61f28..75005b3fe 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.77 2001/04/30 11:18:51 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -111,7 +111,7 @@ typedef enum { | |||
111 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 111 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
112 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 112 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
113 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 113 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
114 | oHostKeyAlgorithms | 114 | oHostKeyAlgorithms, oBindAddress |
115 | } OpCodes; | 115 | } OpCodes; |
116 | 116 | ||
117 | /* Textual representations of the tokens. */ | 117 | /* Textual representations of the tokens. */ |
@@ -177,6 +177,7 @@ static struct { | |||
177 | { "dynamicforward", oDynamicForward }, | 177 | { "dynamicforward", oDynamicForward }, |
178 | { "preferredauthentications", oPreferredAuthentications }, | 178 | { "preferredauthentications", oPreferredAuthentications }, |
179 | { "hostkeyalgorithms", oHostKeyAlgorithms }, | 179 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
180 | { "bindaddress", oBindAddress }, | ||
180 | { NULL, 0 } | 181 | { NULL, 0 } |
181 | }; | 182 | }; |
182 | 183 | ||
@@ -459,6 +460,10 @@ parse_string: | |||
459 | charptr = &options->preferred_authentications; | 460 | charptr = &options->preferred_authentications; |
460 | goto parse_string; | 461 | goto parse_string; |
461 | 462 | ||
463 | case oBindAddress: | ||
464 | charptr = &options->bind_address; | ||
465 | goto parse_string; | ||
466 | |||
462 | case oProxyCommand: | 467 | case oProxyCommand: |
463 | charptr = &options->proxy_command; | 468 | charptr = &options->proxy_command; |
464 | string = xstrdup(""); | 469 | string = xstrdup(""); |
@@ -761,6 +766,7 @@ initialize_options(Options * options) | |||
761 | options->num_remote_forwards = 0; | 766 | options->num_remote_forwards = 0; |
762 | options->log_level = (LogLevel) - 1; | 767 | options->log_level = (LogLevel) - 1; |
763 | options->preferred_authentications = NULL; | 768 | options->preferred_authentications = NULL; |
769 | options->bind_address = NULL; | ||
764 | } | 770 | } |
765 | 771 | ||
766 | /* | 772 | /* |
diff --git a/readconf.h b/readconf.h index 9e943f905..4b20c93bf 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: readconf.h,v 1.31 2001/04/30 11:18:52 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef READCONF_H | 16 | #ifndef READCONF_H |
17 | #define READCONF_H | 17 | #define READCONF_H |
@@ -85,6 +85,7 @@ typedef struct { | |||
85 | char *system_hostfile2; | 85 | char *system_hostfile2; |
86 | char *user_hostfile2; | 86 | char *user_hostfile2; |
87 | char *preferred_authentications; | 87 | char *preferred_authentications; |
88 | char *bind_address; /* local socket address for connection to sshd */ | ||
88 | 89 | ||
89 | int num_identity_files; /* Number of files for RSA/DSA identities. */ | 90 | int num_identity_files; /* Number of files for RSA/DSA identities. */ |
90 | char *identity_files[SSH_MAX_IDENTITY_FILES]; | 91 | char *identity_files[SSH_MAX_IDENTITY_FILES]; |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.107 2001/04/22 23:58:36 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.108 2001/04/30 11:18:52 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -49,6 +49,7 @@ | |||
49 | .Pp | 49 | .Pp |
50 | .Nm ssh | 50 | .Nm ssh |
51 | .Op Fl afgknqstvxACNPTX1246 | 51 | .Op Fl afgknqstvxACNPTX1246 |
52 | .Op Fl b Ar bind_address | ||
52 | .Op Fl c Ar cipher_spec | 53 | .Op Fl c Ar cipher_spec |
53 | .Op Fl e Ar escape_char | 54 | .Op Fl e Ar escape_char |
54 | .Op Fl i Ar identity_file | 55 | .Op Fl i Ar identity_file |
@@ -383,6 +384,9 @@ Disables forwarding of the authentication agent connection. | |||
383 | .It Fl A | 384 | .It Fl A |
384 | Enables forwarding of the authentication agent connection. | 385 | Enables forwarding of the authentication agent connection. |
385 | This can also be specified on a per-host basis in a configuration file. | 386 | This can also be specified on a per-host basis in a configuration file. |
387 | .It Fl b Ar bind_address | ||
388 | Specify the interface to transmit from on machines with multiple | ||
389 | interfaces or aliased addresses. | ||
386 | .It Fl c Ar blowfish|3des | 390 | .It Fl c Ar blowfish|3des |
387 | Selects the cipher to use for encrypting the session. | 391 | Selects the cipher to use for encrypting the session. |
388 | .Ar 3des | 392 | .Ar 3des |
@@ -667,6 +671,13 @@ or | |||
667 | .Dq no . | 671 | .Dq no . |
668 | The default is | 672 | The default is |
669 | .Dq no . | 673 | .Dq no . |
674 | .It Cm BindAddress | ||
675 | Specify the interface to transmit from on machines with multiple | ||
676 | interfaces or aliased addresses. | ||
677 | Note that this option does not work if | ||
678 | .Cm UsePrivilegedPort | ||
679 | is set to | ||
680 | .Dq yes . | ||
670 | .It Cm CheckHostIP | 681 | .It Cm CheckHostIP |
671 | If this flag is set to | 682 | If this flag is set to |
672 | .Dq yes , | 683 | .Dq yes , |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.116 2001/04/17 12:55:04 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.117 2001/04/30 11:18:52 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
@@ -191,6 +191,7 @@ usage(void) | |||
191 | fprintf(stderr, " -6 Use IPv6 only.\n"); | 191 | fprintf(stderr, " -6 Use IPv6 only.\n"); |
192 | fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); | 192 | fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); |
193 | fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n"); | 193 | fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n"); |
194 | fprintf(stderr, " -b Local IP address.\n"); | ||
194 | exit(1); | 195 | exit(1); |
195 | } | 196 | } |
196 | 197 | ||
@@ -318,7 +319,7 @@ main(int ac, char **av) | |||
318 | opt = av[optind][1]; | 319 | opt = av[optind][1]; |
319 | if (!opt) | 320 | if (!opt) |
320 | usage(); | 321 | usage(); |
321 | if (strchr("eilcmpLRDo", opt)) { /* options with arguments */ | 322 | if (strchr("eilcmpbLRDo", opt)) { /* options with arguments */ |
322 | optarg = av[optind] + 2; | 323 | optarg = av[optind] + 2; |
323 | if (strcmp(optarg, "") == 0) { | 324 | if (strcmp(optarg, "") == 0) { |
324 | if (optind >= ac - 1) | 325 | if (optind >= ac - 1) |
@@ -517,6 +518,9 @@ main(int ac, char **av) | |||
517 | case 's': | 518 | case 's': |
518 | subsystem_flag = 1; | 519 | subsystem_flag = 1; |
519 | break; | 520 | break; |
521 | case 'b': | ||
522 | options.bind_address = optarg; | ||
523 | break; | ||
520 | default: | 524 | default: |
521 | usage(); | 525 | usage(); |
522 | } | 526 | } |
diff --git a/sshconnect.c b/sshconnect.c index 60b16a247..3397d6c06 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.104 2001/04/12 19:15:25 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.105 2001/04/30 11:18:52 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -147,7 +147,8 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw, | |||
147 | int | 147 | int |
148 | ssh_create_socket(struct passwd *pw, int privileged, int family) | 148 | ssh_create_socket(struct passwd *pw, int privileged, int family) |
149 | { | 149 | { |
150 | int sock; | 150 | int sock, gaierr; |
151 | struct addrinfo hints, *res; | ||
151 | 152 | ||
152 | /* | 153 | /* |
153 | * If we are running as root and want to connect to a privileged | 154 | * If we are running as root and want to connect to a privileged |
@@ -160,17 +161,40 @@ ssh_create_socket(struct passwd *pw, int privileged, int family) | |||
160 | error("rresvport: af=%d %.100s", family, strerror(errno)); | 161 | error("rresvport: af=%d %.100s", family, strerror(errno)); |
161 | else | 162 | else |
162 | debug("Allocated local port %d.", p); | 163 | debug("Allocated local port %d.", p); |
163 | } else { | 164 | return sock; |
164 | /* | 165 | } |
165 | * Just create an ordinary socket on arbitrary port. We use | 166 | /* |
166 | * the user's uid to create the socket. | 167 | * Just create an ordinary socket on arbitrary port. We use |
167 | */ | 168 | * the user's uid to create the socket. |
168 | temporarily_use_uid(pw); | 169 | */ |
169 | sock = socket(family, SOCK_STREAM, 0); | 170 | temporarily_use_uid(pw); |
170 | if (sock < 0) | 171 | sock = socket(family, SOCK_STREAM, 0); |
171 | error("socket: %.100s", strerror(errno)); | 172 | if (sock < 0) |
172 | restore_uid(); | 173 | error("socket: %.100s", strerror(errno)); |
174 | restore_uid(); | ||
175 | |||
176 | /* Bind the socket to an alternative local IP address */ | ||
177 | if (options.bind_address == NULL) | ||
178 | return sock; | ||
179 | |||
180 | memset(&hints, 0, sizeof(hints)); | ||
181 | hints.ai_family = IPv4or6; | ||
182 | hints.ai_socktype = SOCK_STREAM; | ||
183 | hints.ai_flags = AI_PASSIVE; | ||
184 | gaierr = getaddrinfo(options.bind_address, "0", &hints, &res); | ||
185 | if (gaierr) { | ||
186 | error("getaddrinfo: %s: %s", options.bind_address, | ||
187 | gai_strerror(gaierr)); | ||
188 | close(sock); | ||
189 | return -1; | ||
190 | } | ||
191 | if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { | ||
192 | error("bind: %s: %s", options.bind_address, strerror(errno)); | ||
193 | close(sock); | ||
194 | freeaddrinfo(res); | ||
195 | return -1; | ||
173 | } | 196 | } |
197 | freeaddrinfo(res); | ||
174 | return sock; | 198 | return sock; |
175 | } | 199 | } |
176 | 200 | ||