1 files changed, 47 insertions, 30 deletions
diff --git a/servconf.h b/servconf.h
index 1dca702e6..37a0fb1a3 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
 #define MAX_PORTS               256     /* Max # ports. */
-#define MAX_ALLOW_USERS         256     /* Max # users on allow list. */
-#define MAX_DENY_USERS          256     /* Max # users on deny list. */
-#define MAX_ALLOW_GROUPS        256     /* Max # groups on allow list. */
-#define MAX_DENY_GROUPS         256     /* Max # groups on deny list. */
 #define MAX_SUBSYSTEMS          256     /* Max # subsystems. */
-#define MAX_HOSTKEYS            256     /* Max # hostkeys. */
-#define MAX_HOSTCERTS           256     /* Max # host certificates. */
-#define MAX_ACCEPT_ENV          256     /* Max # of env vars. */
-#define MAX_MATCH_GROUPS        256     /* Max # of groups for Match. */
-#define MAX_AUTHKEYS_FILES      256     /* Max # of authorized_keys files. */
-#define MAX_AUTH_METHODS        256     /* Max # of AuthenticationMethods. */
 /* permit_root_login */
 #define PERMIT_NOT_SET          -1
@@ -61,21 +51,42 @@
 struct ssh;
 struct fwd_perm_list;
+/*
+ * Used to store addresses from ListenAddr directives. These may be
+ * incomplete, as they may specify addresses that need to be merged
+ * with any ports requested by ListenPort.
+ */
+struct queued_listenaddr {
+        char *addr;
+        int port; /* <=0 if unspecified */
+        char *rdomain;
+};
+/* Resolved listen addresses, grouped by optional routing domain */
+struct listenaddr {
+        char *rdomain;
+        struct addrinfo *addrs;
+};
 typedef struct {
        u_int   num_ports;
        u_int   ports_from_cmdline;
        int     ports[MAX_PORTS];       /* Port number to listen on. */
+        struct queued_listenaddr *queued_listen_addrs;
        u_int   num_queued_listens;
-        char   **queued_listen_addrs;
+        struct listenaddr *listen_addrs;
-        int    *queued_listen_ports;
+        u_int   num_listen_addrs;
-        struct addrinfo *listen_addrs;  /* Addresses on which the server listens. */
+        int     address_family;         /* Address family used by the server. */
-        int     address_family;         /* Address family used by the server. */
-        char   *host_key_files[MAX_HOSTKEYS];   /* Files containing host keys. */
+        char    *routing_domain;        /* Bind session to routing domain */
-        int     num_host_key_files;     /* Number of files for host keys. */
-        char   *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */
+        char   **host_key_files;        /* Files containing host keys. */
-        int     num_host_cert_files;     /* Number of files for host certs. */
+        u_int   num_host_key_files;     /* Number of files for host keys. */
-        char   *host_key_agent;          /* ssh-agent socket for host keys. */
+        char   **host_cert_files;       /* Files containing host certs. */
-        char   *pid_file;       /* Where to put our pid */
+        u_int   num_host_cert_files;    /* Number of files for host certs. */
+        char   *host_key_agent;         /* ssh-agent socket for host keys. */
+        char   *pid_file;               /* Where to put our pid */
        int     login_grace_time;       /* Disconnect if no auth in this time
                                         * (sec). */
        int     permit_root_login;      /* PERMIT_*, see above */
@@ -134,13 +145,13 @@ typedef struct {
        int     allow_agent_forwarding;
        int     disable_forwarding;
        u_int num_allow_users;
-        char   *allow_users[MAX_ALLOW_USERS];
+        char   **allow_users;
        u_int num_deny_users;
-        char   *deny_users[MAX_DENY_USERS];
+        char   **deny_users;
        u_int num_allow_groups;
-        char   *allow_groups[MAX_ALLOW_GROUPS];
+        char   **allow_groups;
        u_int num_deny_groups;
-        char   *deny_groups[MAX_DENY_GROUPS];
+        char   **deny_groups;
        u_int num_subsystems;
        char   *subsystem_name[MAX_SUBSYSTEMS];
@@ -148,7 +159,7 @@ typedef struct {
        char   *subsystem_args[MAX_SUBSYSTEMS];
        u_int num_accept_env;
-        char   *accept_env[MAX_ACCEPT_ENV];
+        char   **accept_env;
        int     max_startups_begin;
        int     max_startups_rate;
@@ -167,8 +178,8 @@ typedef struct {
                                         * disconnect the session
                                         */
-        u_int num_authkeys_files;       /* Files containing public keys */
+        u_int   num_authkeys_files;     /* Files containing public keys */
-        char   *authorized_keys_files[MAX_AUTHKEYS_FILES];
+        char   **authorized_keys_files;
        char   *adm_forced_command;
@@ -194,7 +205,7 @@ typedef struct {
        char   *version_addendum;       /* Appended to SSH banner */
        u_int   num_auth_methods;
-        char   *auth_methods[MAX_AUTH_METHODS];
+        char   **auth_methods;
        int     fingerprint_hash;
        int     expose_userauth_info;
@@ -207,6 +218,7 @@ struct connection_info {
        const char *address;    /* remote address */
        const char *laddress;   /* local address */
        int lport;              /* local port */
+        const char *rdomain;    /* routing domain if available */
 };
@@ -230,6 +242,7 @@ struct connection_info {
                M_CP_STROPT(authorized_principals_command_user); \
                M_CP_STROPT(hostbased_key_types); \
                M_CP_STROPT(pubkey_key_types); \
+                M_CP_STROPT(routing_domain); \
                M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
                M_CP_STRARRAYOPT(allow_users, num_allow_users); \
                M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -237,7 +250,7 @@ struct connection_info {
                M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
                M_CP_STRARRAYOPT(accept_env, num_accept_env); \
                M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
-                M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \
+                M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
        } while (0)
 struct connection_info *get_connection_info(int, int);
@@ -255,5 +268,9 @@ int	 server_match_spec_complete(struct connection_info *);
 void     copy_set_server_options(ServerOptions *, ServerOptions *, int);
 void     dump_config(ServerOptions *);
 char    *derelativise_path(const char *);
+void     servconf_add_hostkey(const char *, const int,
+            ServerOptions *, const char *path);
+void     servconf_add_hostcert(const char *, const int,
+            ServerOptions *, const char *path);
 #endif                          /* SERVCONF_H */

diff --git a/servconf.h b/servconf.h index 1dca702e6..37a0fb1a3 100644 --- a/servconf.h +++ b/servconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */	1	/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
18		18
19	#define MAX_PORTS 256 /* Max # ports. */	19	#define MAX_PORTS 256 /* Max # ports. */
20		20
21	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
22	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
23	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
24	#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */
25	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */	21	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
26	#define MAX_HOSTKEYS 256 /* Max # hostkeys. */
27	#define MAX_HOSTCERTS 256 /* Max # host certificates. */
28	#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */
29	#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */
30	#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */
31	#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */
32		22
33	/* permit_root_login */	23	/* permit_root_login */
34	#define PERMIT_NOT_SET -1	24	#define PERMIT_NOT_SET -1
@@ -61,21 +51,42 @@
61	struct ssh;	51	struct ssh;
62	struct fwd_perm_list;	52	struct fwd_perm_list;
63		53
		54	/*
		55	* Used to store addresses from ListenAddr directives. These may be
		56	* incomplete, as they may specify addresses that need to be merged
		57	* with any ports requested by ListenPort.
		58	*/
		59	struct queued_listenaddr {
		60	char *addr;
		61	int port; /* <=0 if unspecified */
		62	char *rdomain;
		63	};
		64
		65	/* Resolved listen addresses, grouped by optional routing domain */
		66	struct listenaddr {
		67	char *rdomain;
		68	struct addrinfo *addrs;
		69	};
		70
64	typedef struct {	71	typedef struct {
65	u_int num_ports;	72	u_int num_ports;
66	u_int ports_from_cmdline;	73	u_int ports_from_cmdline;
67	int ports[MAX_PORTS]; /* Port number to listen on. */	74	int ports[MAX_PORTS]; /* Port number to listen on. */
		75	struct queued_listenaddr *queued_listen_addrs;
68	u_int num_queued_listens;	76	u_int num_queued_listens;
69	char **queued_listen_addrs;	77	struct listenaddr *listen_addrs;
70	int *queued_listen_ports;	78	u_int num_listen_addrs;
71	struct addrinfo listen_addrs; / Addresses on which the server listens. */	79	int address_family; /* Address family used by the server. */
72	int address_family; /* Address family used by the server. */	80
73	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */	81	char routing_domain; / Bind session to routing domain */
74	int num_host_key_files; /* Number of files for host keys. */	82
75	char host_cert_files[MAX_HOSTCERTS]; / Files containing host certs. */	83	char *host_key_files; / Files containing host keys. */
76	int num_host_cert_files; /* Number of files for host certs. */	84	u_int num_host_key_files; /* Number of files for host keys. */
77	char host_key_agent; / ssh-agent socket for host keys. */	85	char *host_cert_files; / Files containing host certs. */
78	char pid_file; / Where to put our pid */	86	u_int num_host_cert_files; /* Number of files for host certs. */
		87
		88	char host_key_agent; / ssh-agent socket for host keys. */
		89	char pid_file; / Where to put our pid */
79	int login_grace_time; /* Disconnect if no auth in this time	90	int login_grace_time; /* Disconnect if no auth in this time
80	* (sec). */	91	* (sec). */
81	int permit_root_login; /* PERMIT_, see above /	92	int permit_root_login; /* PERMIT_, see above /
@@ -134,13 +145,13 @@ typedef struct {
134	int allow_agent_forwarding;	145	int allow_agent_forwarding;
135	int disable_forwarding;	146	int disable_forwarding;
136	u_int num_allow_users;	147	u_int num_allow_users;
137	char *allow_users[MAX_ALLOW_USERS];	148	char **allow_users;
138	u_int num_deny_users;	149	u_int num_deny_users;
139	char *deny_users[MAX_DENY_USERS];	150	char **deny_users;
140	u_int num_allow_groups;	151	u_int num_allow_groups;
141	char *allow_groups[MAX_ALLOW_GROUPS];	152	char **allow_groups;
142	u_int num_deny_groups;	153	u_int num_deny_groups;
143	char *deny_groups[MAX_DENY_GROUPS];	154	char **deny_groups;
144		155
145	u_int num_subsystems;	156	u_int num_subsystems;
146	char *subsystem_name[MAX_SUBSYSTEMS];	157	char *subsystem_name[MAX_SUBSYSTEMS];
@@ -148,7 +159,7 @@ typedef struct {
148	char *subsystem_args[MAX_SUBSYSTEMS];	159	char *subsystem_args[MAX_SUBSYSTEMS];
149		160
150	u_int num_accept_env;	161	u_int num_accept_env;
151	char *accept_env[MAX_ACCEPT_ENV];	162	char **accept_env;
152		163
153	int max_startups_begin;	164	int max_startups_begin;
154	int max_startups_rate;	165	int max_startups_rate;
@@ -167,8 +178,8 @@ typedef struct {
167	* disconnect the session	178	* disconnect the session
168	*/	179	*/
169		180
170	u_int num_authkeys_files; /* Files containing public keys */	181	u_int num_authkeys_files; /* Files containing public keys */
171	char *authorized_keys_files[MAX_AUTHKEYS_FILES];	182	char **authorized_keys_files;
172		183
173	char *adm_forced_command;	184	char *adm_forced_command;
174		185
@@ -194,7 +205,7 @@ typedef struct {
194	char version_addendum; / Appended to SSH banner */	205	char version_addendum; / Appended to SSH banner */
195		206
196	u_int num_auth_methods;	207	u_int num_auth_methods;
197	char *auth_methods[MAX_AUTH_METHODS];	208	char **auth_methods;
198		209
199	int fingerprint_hash;	210	int fingerprint_hash;
200	int expose_userauth_info;	211	int expose_userauth_info;
@@ -207,6 +218,7 @@ struct connection_info {
207	const char address; / remote address */	218	const char address; / remote address */
208	const char laddress; / local address */	219	const char laddress; / local address */
209	int lport; /* local port */	220	int lport; /* local port */
		221	const char rdomain; / routing domain if available */
210	};	222	};
211		223
212		224
@@ -230,6 +242,7 @@ struct connection_info {
230	M_CP_STROPT(authorized_principals_command_user); \	242	M_CP_STROPT(authorized_principals_command_user); \
231	M_CP_STROPT(hostbased_key_types); \	243	M_CP_STROPT(hostbased_key_types); \
232	M_CP_STROPT(pubkey_key_types); \	244	M_CP_STROPT(pubkey_key_types); \
		245	M_CP_STROPT(routing_domain); \
233	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \	246	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
234	M_CP_STRARRAYOPT(allow_users, num_allow_users); \	247	M_CP_STRARRAYOPT(allow_users, num_allow_users); \
235	M_CP_STRARRAYOPT(deny_users, num_deny_users); \	248	M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -237,7 +250,7 @@ struct connection_info {
237	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \	250	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
238	M_CP_STRARRAYOPT(accept_env, num_accept_env); \	251	M_CP_STRARRAYOPT(accept_env, num_accept_env); \
239	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \	252	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
240	M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \	253	M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
241	} while (0)	254	} while (0)
242		255
243	struct connection_info *get_connection_info(int, int);	256	struct connection_info *get_connection_info(int, int);
@@ -255,5 +268,9 @@ int server_match_spec_complete(struct connection_info *);
255	void copy_set_server_options(ServerOptions , ServerOptions , int);	268	void copy_set_server_options(ServerOptions , ServerOptions , int);
256	void dump_config(ServerOptions *);	269	void dump_config(ServerOptions *);
257	char derelativise_path(const char );	270	char derelativise_path(const char );
		271	void servconf_add_hostkey(const char *, const int,
		272	ServerOptions , const char path);
		273	void servconf_add_hostcert(const char *, const int,
		274	ServerOptions , const char path);
258		275
259	#endif /* SERVCONF_H */	276	#endif /* SERVCONF_H */