Bugzilla – Attachment 752 Details for
Bug 898
support for AddressFamily in sshd_config
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Respin patch for CVS -current 20041220
sshd-af.diff (text/plain), 6.42 KB, created by
Damien Miller
on 2004-12-20 10:56:58 AEDT
(
hide
)
Description:
Respin patch for CVS -current 20041220
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2004-12-20 10:56:58 AEDT
Size:
6.42 KB
patch
obsolete
>from peak@argo.troja.mff.cuni.cz: > >Adds an AddressFamily option to the server. We already have -4 and -6 >commandline options to do this, but I think it is best to be able to do >everything from the config file (ssh already has this). > >ok? > >-d > >Index: servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.137 >diff -u -r1.137 servconf.c >--- servconf.c 13 Aug 2004 11:09:24 -0000 1.137 >+++ servconf.c 19 Dec 2004 23:40:37 -0000 >@@ -26,8 +26,6 @@ > static void add_listen_addr(ServerOptions *, char *, u_short); > static void add_one_listen_addr(ServerOptions *, char *, u_short); > >-/* AF_UNSPEC or AF_INET or AF_INET6 */ >-extern int IPv4or6; > /* Use of privilege separation or not */ > extern int use_privsep; > >@@ -40,6 +38,7 @@ > options->num_ports = 0; > options->ports_from_cmdline = 0; > options->listen_addrs = NULL; >+ options->address_family = -1; > options->num_host_key_files = 0; > options->pid_file = NULL; > options->server_key_bits = -1; >@@ -235,7 +234,8 @@ > sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, > sKerberosGetAFSToken, > sKerberosTgtPassing, sChallengeResponseAuthentication, >- sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, >+ sPasswordAuthentication, sKbdInteractiveAuthentication, >+ sListenAddress, sAddressFamily, > sPrintMotd, sPrintLastLog, sIgnoreRhosts, > sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, > sStrictModes, sEmptyPasswd, sTCPKeepAlive, >@@ -300,6 +300,7 @@ > { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ > { "checkmail", sDeprecated }, > { "listenaddress", sListenAddress }, >+ { "addressfamily", sAddressFamily }, > { "printmotd", sPrintMotd }, > { "printlastlog", sPrintLastLog }, > { "ignorerhosts", sIgnoreRhosts }, >@@ -366,6 +367,8 @@ > > if (options->num_ports == 0) > options->ports[options->num_ports++] = SSH_DEFAULT_PORT; >+ if (options->address_family == -1) >+ options->address_family = AF_UNSPEC; > if (port == 0) > for (i = 0; i < options->num_ports; i++) > add_one_listen_addr(options, addr, options->ports[i]); >@@ -381,7 +384,7 @@ > int gaierr; > > memset(&hints, 0, sizeof(hints)); >- hints.ai_family = IPv4or6; >+ hints.ai_family = options->address_family; > hints.ai_socktype = SOCK_STREAM; > hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; > snprintf(strport, sizeof strport, "%u", port); >@@ -501,6 +504,25 @@ > else > fatal("%s line %d: bad inet addr usage.", > filename, linenum); >+ break; >+ >+ case sAddressFamily: >+ arg = strdelim(&cp); >+ intptr = &options->address_family; >+ if (options->listen_addrs != NULL) >+ fatal("%s line %d: address family must be specified before " >+ "ListenAddress.", filename, linenum); >+ if (strcasecmp(arg, "inet") == 0) >+ value = AF_INET; >+ else if (strcasecmp(arg, "inet6") == 0) >+ value = AF_INET6; >+ else if (strcasecmp(arg, "any") == 0) >+ value = AF_UNSPEC; >+ else >+ fatal("%s line %d: unsupported address family \"%s\".", >+ filename, linenum, arg); >+ if (*intptr == -1) >+ *intptr = value; > break; > > case sHostKeyFile: >Index: servconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.h,v >retrieving revision 1.70 >diff -u -r1.70 servconf.h >--- servconf.h 24 Jun 2004 19:30:54 -0000 1.70 >+++ servconf.h 19 Dec 2004 23:40:37 -0000 >@@ -43,6 +43,7 @@ > u_short ports[MAX_PORTS]; /* Port number to listen on. */ > char *listen_addr; /* Address on which the server listens. */ > struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ >+ int address_family; /* Address family used by the server. */ > char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ > int num_host_key_files; /* Number of files for host keys. */ > char *pid_file; /* Where to put our pid */ >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.304 >diff -u -r1.304 sshd.c >--- sshd.c 25 Sep 2004 03:45:14 -0000 1.304 >+++ sshd.c 19 Dec 2004 23:40:37 -0000 >@@ -108,12 +108,6 @@ > char *config_file_name = _PATH_SERVER_CONFIG_FILE; > > /* >- * Flag indicating whether IPv4 or IPv6. This can be set on the command line. >- * Default value is AF_UNSPEC means both IPv4 and IPv6. >- */ >-int IPv4or6 = AF_UNSPEC; >- >-/* > * Debug mode flag. This can be set on the command line. If debug > * mode is enabled, extra debugging output will be sent to the system > * log, the daemon will not go to background, and will exit after processing >@@ -891,10 +885,10 @@ > while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { > switch (opt) { > case '4': >- IPv4or6 = AF_INET; >+ options.address_family = AF_INET; > break; > case '6': >- IPv4or6 = AF_INET6; >+ options.address_family = AF_INET6; > break; > case 'f': > config_file_name = optarg; >@@ -995,7 +989,6 @@ > closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); > > SSLeay_add_all_algorithms(); >- channel_set_af(IPv4or6); > > /* > * Force logging to stderr until we have loaded the private host >@@ -1028,6 +1021,9 @@ > > /* Fill in default values for those options not explicitly set. */ > fill_default_server_options(&options); >+ >+ /* set default channel AF */ >+ channel_set_af(options.address_family); > > /* Check that there are no remaining arguments. */ > if (optind < ac) { >Index: sshd_config >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config,v >retrieving revision 1.69 >diff -u -r1.69 sshd_config >--- sshd_config 23 May 2004 23:59:53 -0000 1.69 >+++ sshd_config 19 Dec 2004 23:40:37 -0000 >@@ -10,6 +10,7 @@ > > #Port 22 > #Protocol 2,1 >+#AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.36 >diff -u -r1.36 sshd_config.5 >--- sshd_config.5 15 Sep 2004 03:25:41 -0000 1.36 >+++ sshd_config.5 19 Dec 2004 23:40:37 -0000 >@@ -83,6 +83,17 @@ > user environments. > For this reason, care should be taken in the use of this directive. > The default is not to accept any environment variables. >+.It Cm AddressFamily >+Specifies which address family should be used by >+.Nm sshd . >+Valid arguments are >+.Dq any , >+.Dq inet >+(use IPv4 only) or >+.Dq inet6 >+(use IPv6 only). >+The default is >+.Dq any . > .It Cm AllowGroups > This keyword can be followed by a list of group name patterns, separated > by spaces.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=752">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 898
:
689
|
694
| 752