Bugzilla – Attachment 3077 Details for
Bug 2784
Add native support for routing domains / VRF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
rdomain Match criteria
0003-rdomain-Match-criteria.patch (text/plain), 3.64 KB, created by
Damien Miller
on 2017-10-23 12:29:42 AEDT
(
hide
)
Description:
rdomain Match criteria
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-10-23 12:29:42 AEDT
Size:
3.64 KB
patch
obsolete
>From eaea3895e29b537feea402cb5e2a898b4d9a9e3b Mon Sep 17 00:00:00 2001 >From: Damien Miller <djm@mindrot.org> >Date: Mon, 23 Oct 2017 09:13:06 +1100 >Subject: [PATCH 3/3] "rdomain" Match criteria > >--- > servconf.c | 13 +++++++++++++ > servconf.h | 1 + > sshd.8 | 1 + > sshd.c | 10 +++++++--- > sshd_config.5 | 9 ++++++++- > 5 files changed, 30 insertions(+), 4 deletions(-) > >diff --git a/servconf.c b/servconf.c >index 2f15900..e149049 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -805,6 +805,7 @@ get_connection_info(int populate, int use_dns) > ci.address = ssh_remote_ipaddr(ssh); > ci.laddress = ssh_local_ipaddr(ssh); > ci.lport = ssh_local_port(ssh); >+ ci.rdomain = ssh_packet_rdomain_in(ssh); > return &ci; > } > >@@ -988,6 +989,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) > ci->laddress, port, line); > else > result = 0; >+ } else if (strcasecmp(attrib, "rdomain") == 0) { >+ if (ci == NULL || ci->rdomain == NULL) { >+ result = 0; >+ continue; >+ } >+ if (match_pattern_list(ci->rdomain, arg, 0) != 1) >+ result = 0; >+ else >+ debug("user %.100s matched 'RDomain %.100s' at " >+ "line %d", ci->rdomain, arg, line); > } else { > error("Unsupported Match attribute %s", attrib); > return -1; >@@ -2024,6 +2035,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) > ci->user = xstrdup(p + 5); > } else if (strncmp(p, "laddr=", 6) == 0) { > ci->laddress = xstrdup(p + 6); >+ } else if (strncmp(p, "rdomain=", 8) == 0) { >+ ci->rdomain = xstrdup(p + 8); > } else if (strncmp(p, "lport=", 6) == 0) { > ci->lport = a2port(p + 6); > if (ci->lport == -1) { >diff --git a/servconf.h b/servconf.h >index 8fc816f..29a156b 100644 >--- a/servconf.h >+++ b/servconf.h >@@ -216,6 +216,7 @@ struct connection_info { > const char *address; /* remote address */ > const char *laddress; /* local address */ > int lport; /* local port */ >+ const char *rdomain; /* routing domain if available */ > }; > > >diff --git a/sshd.8 b/sshd.8 >index a091131..5386c52 100644 >--- a/sshd.8 >+++ b/sshd.8 >@@ -109,6 +109,7 @@ The keywords are > .Dq host , > .Dq laddr , > .Dq lport , >+.Dq rdomain > and > .Dq addr . > All are required and may be supplied in any order, either with multiple >diff --git a/sshd.c b/sshd.c >index e417e2c..10e71c1 100644 >--- a/sshd.c >+++ b/sshd.c >@@ -1328,7 +1328,7 @@ main(int ac, char **av) > extern int optind; > int r, opt, on = 1, already_daemon, remote_port; > int sock_in = -1, sock_out = -1, newsock = -1; >- const char *remote_ip; >+ const char *remote_ip, *rdomain; > char *fp, *line, *laddr, *logfile = NULL; > int config_s[2] = { -1 , -1 }; > u_int i, j; >@@ -1866,10 +1866,14 @@ main(int ac, char **av) > */ > remote_ip = ssh_remote_ipaddr(ssh); > >+ rdomain = ssh_packet_rdomain_in(ssh); >+ > /* Log the connection. */ > laddr = get_local_ipaddr(sock_in); >- verbose("Connection from %s port %d on %s port %d", >- remote_ip, remote_port, laddr, ssh_local_port(ssh)); >+ verbose("Connection from %s port %d on %s port %d%s%s", >+ remote_ip, remote_port, laddr, ssh_local_port(ssh), >+ rdomain == NULL ? "" : " rdomain ", >+ rdomain == NULL ? "" : rdomain); > free(laddr); > > /* >diff --git a/sshd_config.5 b/sshd_config.5 >index fcf57d4..ccd4368 100644 >--- a/sshd_config.5 >+++ b/sshd_config.5 >@@ -1055,8 +1055,15 @@ The available criteria are > .Cm Host , > .Cm LocalAddress , > .Cm LocalPort , >+.Cm RDomain , > and >-.Cm Address . >+.Cm Address >+(with >+.Cm RDomain >+representing the >+.Xr rdomain 4 >+on which the connection was received.) >+.Pp > The match patterns may consist of single entries or comma-separated > lists and may use the wildcard and negation operators described in the > .Sx PATTERNS >-- >2.14.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3077">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2784
:
3061
|
3064
|
3070
|
3071
|
3072
|
3075
|
3076
| 3077 |
3078
|
3079
|
3080
|
3081
|
3082