- djm@cvs.openbsd.org 2004/12/23 23:11:00

[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00 · 2005-01-20 10:57:56 +11:00 · 0f38323222
parent 7cfeecf670
commit 0f38323222
6 changed files with 54 additions and 19 deletions
--- a/6
+++ b/6
@ -6,6 +6,10 @@
   - markus@cvs.openbsd.org 2004/12/23 17:38:07
     [ssh-keygen.c]
     leak; from mpech
   - djm@cvs.openbsd.org 2004/12/23 23:11:00
     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
 20050118
 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
@ -1978,4 +1982,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3610 2005/01/19 23:56:31 dtucker Exp $
+$Id: ChangeLog,v 1.3611 2005/01/19 23:57:56 dtucker Exp $
--- a/servconf.c
+++ b/servconf.c
@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.138 2004/12/23 23:11:00 djm Exp $");
 #include "ssh.h"
 #include "log.h"
@ -26,8 +26,6 @@ RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
 static void add_listen_addr(ServerOptions *, char *, u_short);
 static void add_one_listen_addr(ServerOptions *, char *, u_short);
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
 /* Use of privilege separation or not */
 extern int use_privsep;
@ -45,6 +43,7 @@ initialize_server_options(ServerOptions *options)
 	options->num_ports = 0;
 	options->ports_from_cmdline = 0;
 	options->listen_addrs = NULL;
 	options->address_family = -1;
 	options->num_host_key_files = 0;
 	options->pid_file = NULL;
 	options->server_key_bits = -1;
@ -258,7 +257,8 @@ typedef enum {
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
 	sKerberosGetAFSToken,
 	sKerberosTgtPassing, sChallengeResponseAuthentication,
-	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
+	sPasswordAuthentication, sKbdInteractiveAuthentication,
 	sListenAddress, sAddressFamily,
 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
 	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
@ -335,6 +335,7 @@ static struct {
 	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
 	{ "checkmail", sDeprecated },
 	{ "listenaddress", sListenAddress },
 	{ "addressfamily", sAddressFamily },
 	{ "printmotd", sPrintMotd },
 	{ "printlastlog", sPrintLastLog },
 	{ "ignorerhosts", sIgnoreRhosts },
@ -401,6 +402,8 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
 	if (options->num_ports == 0)
 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
 	if (options->address_family == -1)
 		options->address_family = AF_UNSPEC;
 	if (port == 0)
 		for (i = 0; i < options->num_ports; i++)
 			add_one_listen_addr(options, addr, options->ports[i]);
@ -416,7 +419,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
 	int gaierr;
 	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = IPv4or6;
+	hints.ai_family = options->address_family;
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
 	snprintf(strport, sizeof strport, "%u", port);
@ -544,6 +547,25 @@ parse_time:
 			    filename, linenum);
 		break;
 	case sAddressFamily:
 		arg = strdelim(&cp);
 		intptr = &options->address_family;
 		if (options->listen_addrs != NULL)
 			fatal("%s line %d: address family must be specified before "
 			    "ListenAddress.", filename, linenum);
 		if (strcasecmp(arg, "inet") == 0)
 			value = AF_INET;
 		else if (strcasecmp(arg, "inet6") == 0)
 			value = AF_INET6;
 		else if (strcasecmp(arg, "any") == 0)
 			value = AF_UNSPEC;
 		else
 			fatal("%s line %d: unsupported address family \"%s\".",
 			    filename, linenum, arg);
 		if (*intptr == -1)
 			*intptr = value;
 		break;
 	case sHostKeyFile:
 		intptr = &options->num_host_key_files;
 		if (*intptr >= MAX_HOSTKEYS)
--- a/servconf.h
+++ b/servconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: servconf.h,v 1.70 2004/06/24 19:30:54 djm Exp $	*/
+/*	$OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $	*/
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -43,6 +43,7 @@ typedef struct {
 	u_short ports[MAX_PORTS];	/* Port number to listen on. */
 	char   *listen_addr;		/* Address on which the server listens. */
 	struct addrinfo *listen_addrs;	/* Addresses on which the server listens. */
 	int     address_family;		/* Address family used by the server. */
 	char   *host_key_files[MAX_HOSTKEYS];	/* Files containing host keys. */
 	int     num_host_key_files;     /* Number of files for host keys. */
 	char   *pid_file;	/* Where to put our pid */
--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.304 2004/09/25 03:45:14 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.305 2004/12/23 23:11:00 djm Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -111,12 +111,6 @@ ServerOptions options;
 /* Name of the server configuration file. */
 char *config_file_name = _PATH_SERVER_CONFIG_FILE;
 /*
 * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
 * Default value is AF_UNSPEC means both IPv4 and IPv6.
 */
 int IPv4or6 = AF_UNSPEC;
 /*
 * Debug mode flag.  This can be set on the command line.  If debug
 * mode is enabled, extra debugging output will be sent to the system
@ -920,10 +914,10 @@ main(int ac, char **av)
 	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
 		switch (opt) {
 		case '4':
-			IPv4or6 = AF_INET;
+			options.address_family = AF_INET;
 			break;
 		case '6':
-			IPv4or6 = AF_INET6;
+			options.address_family = AF_INET6;
 			break;
 		case 'f':
 			config_file_name = optarg;
@ -1024,7 +1018,6 @@ main(int ac, char **av)
 		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 	SSLeay_add_all_algorithms();
 	channel_set_af(IPv4or6);
 	/*
 	 * Force logging to stderr until we have loaded the private host
@ -1074,6 +1067,9 @@ main(int ac, char **av)
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 	/* set default channel AF */
 	channel_set_af(options.address_family);
 	/* Check that there are no remaining arguments. */
 	if (optind < ac) {
 		fprintf(stderr, "Extra argument %s.\n", av[optind]);
--- a/3
+++ b/3
@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
+#	$OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@ -12,6 +12,7 @@
 #Port 22
 #Protocol 2,1
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
--- a/sshd_config.5
+++ b/sshd_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.36 2004/09/15 03:25:41 jaredy Exp $
+.\" $OpenBSD: sshd_config.5,v 1.37 2004/12/23 23:11:00 djm Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@ -83,6 +83,17 @@ Be warned that some environment variables could be used to bypass restricted
 user environments.
 For this reason, care should be taken in the use of this directive.
 The default is not to accept any environment variables.
 .It Cm AddressFamily
 Specifies which address family should be used by
 .Nm sshd .
 Valid arguments are
 .Dq any ,
 .Dq inet
 (use IPv4 only) or
 .Dq inet6
 (use IPv6 only).
 The default is
 .Dq any .
 .It Cm AllowGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.