1 files changed, 47 insertions, 30 deletions
diff --git a/servconf.h b/servconf.h
index 410c42754..b0fa70455 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
 #define MAX_PORTS               256     /* Max # ports. */
-#define MAX_ALLOW_USERS         256     /* Max # users on allow list. */
-#define MAX_DENY_USERS          256     /* Max # users on deny list. */
-#define MAX_ALLOW_GROUPS        256     /* Max # groups on allow list. */
-#define MAX_DENY_GROUPS         256     /* Max # groups on deny list. */
 #define MAX_SUBSYSTEMS          256     /* Max # subsystems. */
-#define MAX_HOSTKEYS            256     /* Max # hostkeys. */
-#define MAX_HOSTCERTS           256     /* Max # host certificates. */
-#define MAX_ACCEPT_ENV          256     /* Max # of env vars. */
-#define MAX_MATCH_GROUPS        256     /* Max # of groups for Match. */
-#define MAX_AUTHKEYS_FILES      256     /* Max # of authorized_keys files. */
-#define MAX_AUTH_METHODS        256     /* Max # of AuthenticationMethods. */
 /* permit_root_login */
 #define PERMIT_NOT_SET          -1
@@ -61,21 +51,42 @@
 struct ssh;
 struct fwd_perm_list;
+/*
+ * Used to store addresses from ListenAddr directives. These may be
+ * incomplete, as they may specify addresses that need to be merged
+ * with any ports requested by ListenPort.
+ */
+struct queued_listenaddr {
+        char *addr;
+        int port; /* <=0 if unspecified */
+        char *rdomain;
+};
+/* Resolved listen addresses, grouped by optional routing domain */
+struct listenaddr {
+        char *rdomain;
+        struct addrinfo *addrs;
+};
 typedef struct {
        u_int   num_ports;
        u_int   ports_from_cmdline;
        int     ports[MAX_PORTS];       /* Port number to listen on. */
+        struct queued_listenaddr *queued_listen_addrs;
        u_int   num_queued_listens;
-        char   **queued_listen_addrs;
+        struct listenaddr *listen_addrs;
-        int    *queued_listen_ports;
+        u_int   num_listen_addrs;
-        struct addrinfo *listen_addrs;  /* Addresses on which the server listens. */
+        int     address_family;         /* Address family used by the server. */
-        int     address_family;         /* Address family used by the server. */
-        char   *host_key_files[MAX_HOSTKEYS];   /* Files containing host keys. */
+        char    *routing_domain;        /* Bind session to routing domain */
-        int     num_host_key_files;     /* Number of files for host keys. */
-        char   *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */
+        char   **host_key_files;        /* Files containing host keys. */
-        int     num_host_cert_files;     /* Number of files for host certs. */
+        u_int   num_host_key_files;     /* Number of files for host keys. */
-        char   *host_key_agent;          /* ssh-agent socket for host keys. */
+        char   **host_cert_files;       /* Files containing host certs. */
-        char   *pid_file;       /* Where to put our pid */
+        u_int   num_host_cert_files;    /* Number of files for host certs. */
+        char   *host_key_agent;         /* ssh-agent socket for host keys. */
+        char   *pid_file;               /* Where to put our pid */
        int     login_grace_time;       /* Disconnect if no auth in this time
                                         * (sec). */
        int     permit_root_login;      /* PERMIT_*, see above */
@@ -136,13 +147,13 @@ typedef struct {
        int     allow_agent_forwarding;
        int     disable_forwarding;
        u_int num_allow_users;
-        char   *allow_users[MAX_ALLOW_USERS];
+        char   **allow_users;
        u_int num_deny_users;
-        char   *deny_users[MAX_DENY_USERS];
+        char   **deny_users;
        u_int num_allow_groups;
-        char   *allow_groups[MAX_ALLOW_GROUPS];
+        char   **allow_groups;
        u_int num_deny_groups;
-        char   *deny_groups[MAX_DENY_GROUPS];
+        char   **deny_groups;
        u_int num_subsystems;
        char   *subsystem_name[MAX_SUBSYSTEMS];
@@ -150,7 +161,7 @@ typedef struct {
        char   *subsystem_args[MAX_SUBSYSTEMS];
        u_int num_accept_env;
-        char   *accept_env[MAX_ACCEPT_ENV];
+        char   **accept_env;
        int     max_startups_begin;
        int     max_startups_rate;
@@ -169,8 +180,8 @@ typedef struct {
                                         * disconnect the session
                                         */
-        u_int num_authkeys_files;       /* Files containing public keys */
+        u_int   num_authkeys_files;     /* Files containing public keys */
-        char   *authorized_keys_files[MAX_AUTHKEYS_FILES];
+        char   **authorized_keys_files;
        char   *adm_forced_command;
@@ -196,7 +207,7 @@ typedef struct {
        char   *version_addendum;       /* Appended to SSH banner */
        u_int   num_auth_methods;
-        char   *auth_methods[MAX_AUTH_METHODS];
+        char   **auth_methods;
        int     fingerprint_hash;
        int     expose_userauth_info;
@@ -211,6 +222,7 @@ struct connection_info {
        const char *address;    /* remote address */
        const char *laddress;   /* local address */
        int lport;              /* local port */
+        const char *rdomain;    /* routing domain if available */
 };
@@ -234,6 +246,7 @@ struct connection_info {
                M_CP_STROPT(authorized_principals_command_user); \
                M_CP_STROPT(hostbased_key_types); \
                M_CP_STROPT(pubkey_key_types); \
+                M_CP_STROPT(routing_domain); \
                M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
                M_CP_STRARRAYOPT(allow_users, num_allow_users); \
                M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -241,7 +254,7 @@ struct connection_info {
                M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
                M_CP_STRARRAYOPT(accept_env, num_accept_env); \
                M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
-                M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \
+                M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
        } while (0)
 struct connection_info *get_connection_info(int, int);
@@ -259,5 +272,9 @@ int	 server_match_spec_complete(struct connection_info *);
 void     copy_set_server_options(ServerOptions *, ServerOptions *, int);
 void     dump_config(ServerOptions *);
 char    *derelativise_path(const char *);
+void     servconf_add_hostkey(const char *, const int,
+            ServerOptions *, const char *path);
+void     servconf_add_hostcert(const char *, const int,
+            ServerOptions *, const char *path);
 #endif                          /* SERVCONF_H */

diff --git a/servconf.h b/servconf.h index 410c42754..b0fa70455 100644 --- a/servconf.h +++ b/servconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */	1	/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
18		18
19	#define MAX_PORTS 256 /* Max # ports. */	19	#define MAX_PORTS 256 /* Max # ports. */
20		20
21	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
22	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
23	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
24	#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */
25	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */	21	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
26	#define MAX_HOSTKEYS 256 /* Max # hostkeys. */
27	#define MAX_HOSTCERTS 256 /* Max # host certificates. */
28	#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */
29	#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */
30	#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */
31	#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */
32		22
33	/* permit_root_login */	23	/* permit_root_login */
34	#define PERMIT_NOT_SET -1	24	#define PERMIT_NOT_SET -1
@@ -61,21 +51,42 @@
61	struct ssh;	51	struct ssh;
62	struct fwd_perm_list;	52	struct fwd_perm_list;
63		53
		54	/*
		55	* Used to store addresses from ListenAddr directives. These may be
		56	* incomplete, as they may specify addresses that need to be merged
		57	* with any ports requested by ListenPort.
		58	*/
		59	struct queued_listenaddr {
		60	char *addr;
		61	int port; /* <=0 if unspecified */
		62	char *rdomain;
		63	};
		64
		65	/* Resolved listen addresses, grouped by optional routing domain */
		66	struct listenaddr {
		67	char *rdomain;
		68	struct addrinfo *addrs;
		69	};
		70
64	typedef struct {	71	typedef struct {
65	u_int num_ports;	72	u_int num_ports;
66	u_int ports_from_cmdline;	73	u_int ports_from_cmdline;
67	int ports[MAX_PORTS]; /* Port number to listen on. */	74	int ports[MAX_PORTS]; /* Port number to listen on. */
		75	struct queued_listenaddr *queued_listen_addrs;
68	u_int num_queued_listens;	76	u_int num_queued_listens;
69	char **queued_listen_addrs;	77	struct listenaddr *listen_addrs;
70	int *queued_listen_ports;	78	u_int num_listen_addrs;
71	struct addrinfo listen_addrs; / Addresses on which the server listens. */	79	int address_family; /* Address family used by the server. */
72	int address_family; /* Address family used by the server. */	80
73	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */	81	char routing_domain; / Bind session to routing domain */
74	int num_host_key_files; /* Number of files for host keys. */	82
75	char host_cert_files[MAX_HOSTCERTS]; / Files containing host certs. */	83	char *host_key_files; / Files containing host keys. */
76	int num_host_cert_files; /* Number of files for host certs. */	84	u_int num_host_key_files; /* Number of files for host keys. */
77	char host_key_agent; / ssh-agent socket for host keys. */	85	char *host_cert_files; / Files containing host certs. */
78	char pid_file; / Where to put our pid */	86	u_int num_host_cert_files; /* Number of files for host certs. */
		87
		88	char host_key_agent; / ssh-agent socket for host keys. */
		89	char pid_file; / Where to put our pid */
79	int login_grace_time; /* Disconnect if no auth in this time	90	int login_grace_time; /* Disconnect if no auth in this time
80	* (sec). */	91	* (sec). */
81	int permit_root_login; /* PERMIT_, see above /	92	int permit_root_login; /* PERMIT_, see above /
@@ -136,13 +147,13 @@ typedef struct {
136	int allow_agent_forwarding;	147	int allow_agent_forwarding;
137	int disable_forwarding;	148	int disable_forwarding;
138	u_int num_allow_users;	149	u_int num_allow_users;
139	char *allow_users[MAX_ALLOW_USERS];	150	char **allow_users;
140	u_int num_deny_users;	151	u_int num_deny_users;
141	char *deny_users[MAX_DENY_USERS];	152	char **deny_users;
142	u_int num_allow_groups;	153	u_int num_allow_groups;
143	char *allow_groups[MAX_ALLOW_GROUPS];	154	char **allow_groups;
144	u_int num_deny_groups;	155	u_int num_deny_groups;
145	char *deny_groups[MAX_DENY_GROUPS];	156	char **deny_groups;
146		157
147	u_int num_subsystems;	158	u_int num_subsystems;
148	char *subsystem_name[MAX_SUBSYSTEMS];	159	char *subsystem_name[MAX_SUBSYSTEMS];
@@ -150,7 +161,7 @@ typedef struct {
150	char *subsystem_args[MAX_SUBSYSTEMS];	161	char *subsystem_args[MAX_SUBSYSTEMS];
151		162
152	u_int num_accept_env;	163	u_int num_accept_env;
153	char *accept_env[MAX_ACCEPT_ENV];	164	char **accept_env;
154		165
155	int max_startups_begin;	166	int max_startups_begin;
156	int max_startups_rate;	167	int max_startups_rate;
@@ -169,8 +180,8 @@ typedef struct {
169	* disconnect the session	180	* disconnect the session
170	*/	181	*/
171		182
172	u_int num_authkeys_files; /* Files containing public keys */	183	u_int num_authkeys_files; /* Files containing public keys */
173	char *authorized_keys_files[MAX_AUTHKEYS_FILES];	184	char **authorized_keys_files;
174		185
175	char *adm_forced_command;	186	char *adm_forced_command;
176		187
@@ -196,7 +207,7 @@ typedef struct {
196	char version_addendum; / Appended to SSH banner */	207	char version_addendum; / Appended to SSH banner */
197		208
198	u_int num_auth_methods;	209	u_int num_auth_methods;
199	char *auth_methods[MAX_AUTH_METHODS];	210	char **auth_methods;
200		211
201	int fingerprint_hash;	212	int fingerprint_hash;
202	int expose_userauth_info;	213	int expose_userauth_info;
@@ -211,6 +222,7 @@ struct connection_info {
211	const char address; / remote address */	222	const char address; / remote address */
212	const char laddress; / local address */	223	const char laddress; / local address */
213	int lport; /* local port */	224	int lport; /* local port */
		225	const char rdomain; / routing domain if available */
214	};	226	};
215		227
216		228
@@ -234,6 +246,7 @@ struct connection_info {
234	M_CP_STROPT(authorized_principals_command_user); \	246	M_CP_STROPT(authorized_principals_command_user); \
235	M_CP_STROPT(hostbased_key_types); \	247	M_CP_STROPT(hostbased_key_types); \
236	M_CP_STROPT(pubkey_key_types); \	248	M_CP_STROPT(pubkey_key_types); \
		249	M_CP_STROPT(routing_domain); \
237	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \	250	M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
238	M_CP_STRARRAYOPT(allow_users, num_allow_users); \	251	M_CP_STRARRAYOPT(allow_users, num_allow_users); \
239	M_CP_STRARRAYOPT(deny_users, num_deny_users); \	252	M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -241,7 +254,7 @@ struct connection_info {
241	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \	254	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
242	M_CP_STRARRAYOPT(accept_env, num_accept_env); \	255	M_CP_STRARRAYOPT(accept_env, num_accept_env); \
243	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \	256	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
244	M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \	257	M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
245	} while (0)	258	} while (0)
246		259
247	struct connection_info *get_connection_info(int, int);	260	struct connection_info *get_connection_info(int, int);
@@ -259,5 +272,9 @@ int server_match_spec_complete(struct connection_info *);
259	void copy_set_server_options(ServerOptions , ServerOptions , int);	272	void copy_set_server_options(ServerOptions , ServerOptions , int);
260	void dump_config(ServerOptions *);	273	void dump_config(ServerOptions *);
261	char derelativise_path(const char );	274	char derelativise_path(const char );
		275	void servconf_add_hostkey(const char *, const int,
		276	ServerOptions , const char path);
		277	void servconf_add_hostcert(const char *, const int,
		278	ServerOptions , const char path);
262		279
263	#endif /* SERVCONF_H */	280	#endif /* SERVCONF_H */