diff options
| -rw-r--r-- | servconf.c | 15 | ||||
| -rw-r--r-- | servconf.h | 3 | ||||
| -rw-r--r-- | sshd.8 | 5 | ||||
| -rw-r--r-- | sshd.c | 12 | ||||
| -rw-r--r-- | sshd_config.5 | 11 |
5 files changed, 36 insertions, 10 deletions
@@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.316 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.317 2017/10/25 00:19:47 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -855,6 +855,7 @@ get_connection_info(int populate, int use_dns) ci.address = ssh_remote_ipaddr(ssh); ci.laddress = ssh_local_ipaddr(ssh); ci.lport = ssh_local_port(ssh); + ci.rdomain = ssh_packet_rdomain_in(ssh); return &ci; } @@ -1038,6 +1039,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) ci->laddress, port, line); else result = 0; + } else if (strcasecmp(attrib, "rdomain") == 0) { + if (ci == NULL || ci->rdomain == NULL) { + result = 0; + continue; + } + if (match_pattern_list(ci->rdomain, arg, 0) != 1) + result = 0; + else + debug("user %.100s matched 'RDomain %.100s' at " + "line %d", ci->rdomain, arg, line); } else { error("Unsupported Match attribute %s", attrib); return -1; @@ -2080,6 +2091,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) ci->user = xstrdup(p + 5); } else if (strncmp(p, "laddr=", 6) == 0) { ci->laddress = xstrdup(p + 6); + } else if (strncmp(p, "rdomain=", 8) == 0) { + ci->rdomain = xstrdup(p + 8); } else if (strncmp(p, "lport=", 6) == 0) { ci->lport = a2port(p + 6); if (ci->lport == -1) { @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.129 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -218,6 +218,7 @@ struct connection_info { const char *address; /* remote address */ const char *laddress; /* local address */ int lport; /* local port */ + const char *rdomain; /* routing domain if available */ }; @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $ -.Dd $Mdocdate: June 24 2017 $ +.\" $OpenBSD: sshd.8,v 1.292 2017/10/25 00:19:47 djm Exp $ +.Dd $Mdocdate: October 25 2017 $ .Dt SSHD 8 .Os .Sh NAME @@ -109,6 +109,7 @@ The keywords are .Dq host , .Dq laddr , .Dq lport , +.Dq rdomain and .Dq addr . All are required and may be supplied in any order, either with multiple @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.495 2017/10/25 00:17:08 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.496 2017/10/25 00:19:47 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1404,7 +1404,7 @@ main(int ac, char **av) extern int optind; int r, opt, on = 1, already_daemon, remote_port; int sock_in = -1, sock_out = -1, newsock = -1; - const char *remote_ip; + const char *remote_ip, *rdomain; char *fp, *line, *laddr, *logfile = NULL; int config_s[2] = { -1 , -1 }; u_int i, j; @@ -2022,10 +2022,14 @@ main(int ac, char **av) audit_connection_from(remote_ip, remote_port); #endif + rdomain = ssh_packet_rdomain_in(ssh); + /* Log the connection. */ laddr = get_local_ipaddr(sock_in); - verbose("Connection from %s port %d on %s port %d", - remote_ip, remote_port, laddr, ssh_local_port(ssh)); + verbose("Connection from %s port %d on %s port %d%s%s", + remote_ip, remote_port, laddr, ssh_local_port(ssh), + rdomain == NULL ? "" : " rdomain ", + rdomain == NULL ? "" : rdomain); free(laddr); /* diff --git a/sshd_config.5 b/sshd_config.5 index c216fb75..0b91f9f7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.258 2017/10/25 00:19:47 djm Exp $ .Dd $Mdocdate: October 25 2017 $ .Dt SSHD_CONFIG 5 .Os @@ -1054,8 +1054,15 @@ The available criteria are .Cm Host , .Cm LocalAddress , .Cm LocalPort , +.Cm RDomain , and -.Cm Address . +.Cm Address +(with +.Cm RDomain +representing the +.Xr rdomain 4 +on which the connection was received.) +.Pp The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the .Sx PATTERNS |