diff options
author | Moritz Kaspar Rudert | 2015-10-22 12:37:21 +0200 |
---|---|---|
committer | Moritz Kaspar Rudert | 2015-10-22 12:37:21 +0200 |
commit | 42adf4c5436b427f1a046be24636801bbde7c457 (patch) | |
tree | c1ff77df7eca8f37a79fe791a5541985fa6fa644 | |
parent | 04dc6a24b09d60ee55e7089045dae8148e8f0643 (diff) | |
parent | 470dcb1042aab68b171e1a327ac0c8318cbc3b45 (diff) | |
download | aur-42adf4c5436b427f1a046be24636801bbde7c457.tar.gz |
Merge pull request #1 from NeoRaider/master
Update multiple_bindaddress patch for OpenSSH 7.1p1
-rw-r--r-- | PKGBUILD | 2 | ||||
-rw-r--r-- | openssh_multiple_bindaddress.patch | 71 |
2 files changed, 45 insertions, 28 deletions
@@ -27,7 +27,7 @@ sha512sums=('f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4 'fbf8ba29eefef98a0596d255e7dab24790d828d466f06f209c63280d31a25950c88cc354296c0da9a5bd085384fa59f296809cad1ab8db6712d8158ac74da343' 'ea1d31d84ca30fffa60b6eb06d1f532c75ff5a8acec893479cbe0f3669c62e5da9ee81be8549bae75d63e4b6fe69a4ffe6dfd4e3008e731e320d6da4bc4beae9' '298e47a21c337101974fa5237b3110aa3c7638b5fa53bd07661413236c8ed3212b431abaeffd875af6c9a72b4f8e1c8512e1e1960cbfff15bfee62b32d305fc3' - '9801d6db7f7bac0ccbccf12e24bf37f97304eba02e69298b2000bfbc30904f1eb2365687db43e40429ba53f39b8f9581babba292b8552a8ac2654452e5b92b44') + '2ca5430e521039b6b92b1bd653f5f67bca93758c0dc33c1b8f62d7eb14cf91dcab81c2d30bd1c4302f40b220476655f84f4c9b1bebea1d6b4600b7ffcb1b07c6') backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') diff --git a/openssh_multiple_bindaddress.patch b/openssh_multiple_bindaddress.patch index 32a2f9d3fc75..af8b90b31d45 100644 --- a/openssh_multiple_bindaddress.patch +++ b/openssh_multiple_bindaddress.patch @@ -1,53 +1,69 @@ -From 510ee02f90b5c56d1abeafbbdb9fc7d21d173224 Mon Sep 17 00:00:00 2001 -Message-Id: <510ee02f90b5c56d1abeafbbdb9fc7d21d173224.1420755946.git.mschiffer@universe-factory.net> +From e93d805c6b39fe733b6ff223ce655a5b71ccdbf4 Mon Sep 17 00:00:00 2001 +Message-Id: <e93d805c6b39fe733b6ff223ce655a5b71ccdbf4.1445475563.git.mschiffer@universe-factory.net> From: Matthias Schiffer <mschiffer@universe-factory.net> -Date: Thu, 8 Jan 2015 22:19:36 +0100 -Subject: [PATCH] multibind patch +Date: Thu, 22 Oct 2015 02:59:14 +0200 +Subject: [PATCH] Allow specifying multiple bind addresses --- - readconf.c | 8 ++++-- + readconf.c | 10 ++++--- readconf.h | 12 +++++++- ssh.c | 3 +- ssh_config | 5 ++++ ssh_config.5 | 7 +++-- sshconnect.c | 89 +++++++++++++++++++++++++++++++++++------------------------- - 6 files changed, 80 insertions(+), 44 deletions(-) + 6 files changed, 81 insertions(+), 45 deletions(-) diff --git a/readconf.c b/readconf.c -index 7948ce1..95f9289 100644 +index 1d03bdf..a78ff2f 100644 --- a/readconf.c +++ b/readconf.c -@@ -1001,8 +1001,10 @@ parse_char_array: +@@ -1031,8 +1031,10 @@ parse_char_array: goto parse_string; case oBindAddress: - charptr = &options->bind_address; - goto parse_string; + cpptr = (char**)&options->bind_addresses; -+ uintptr = &options->num_bind_address; ++ uintptr = &options->num_bind_addresses; + max_entries = SSH_MAX_BIND_ADDRESSES; + goto parse_char_array; case oPKCS11Provider: charptr = &options->pkcs11_provider; -@@ -1576,7 +1578,7 @@ initialize_options(Options * options) +@@ -1639,7 +1641,7 @@ initialize_options(Options * options) options->clear_forwardings = -1; options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; - options->bind_address = NULL; -+ options->num_bind_address = 0; ++ options->num_bind_addresses = 0; options->pkcs11_provider = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; +@@ -2300,7 +2302,6 @@ dump_client_config(Options *o, const char *host) + dump_cfg_int(oServerAliveInterval, o->server_alive_interval); + + /* String options */ +- dump_cfg_string(oBindAddress, o->bind_address); + dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); + dump_cfg_string(oControlPath, o->control_path); + dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); +@@ -2324,6 +2325,7 @@ dump_client_config(Options *o, const char *host) + + /* String array options */ + dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files); ++ dump_cfg_strarray_oneline(oBindAddress, o->num_bind_addresses, o->bind_addresses); + dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains); + dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); + dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); diff --git a/readconf.h b/readconf.h -index 0b9cb77..9299c4b 100644 +index bb2d552..9750fe5 100644 --- a/readconf.h +++ b/readconf.h @@ -27,6 +27,11 @@ struct allowed_cname { char *source_list; char *target_list; }; -+#define SSH_MAX_BIND_ADDRESSES 8 /* 16 addresses, should be enough */ ++#define SSH_MAX_BIND_ADDRESSES 8 /* 8 addresses should be enough */ + +#define SSH_BIND_ADDRESS_ANY "any" /* any address mark, used in + * configuration file */ @@ -64,22 +80,22 @@ index 0b9cb77..9299c4b 100644 + char *bind_addresses[SSH_MAX_BIND_ADDRESSES]; /* local socket + * address list for connection to sshd, main reason for this is ipv4 and + * ipv6 only hosts, when using global host match */ -+ u_int num_bind_address; /* count of bind_addresses */ ++ u_int num_bind_addresses; /* count of bind_addresses */ + char *pkcs11_provider; /* PKCS#11 provider */ int verify_host_key_dns; /* Verify host key using DNS */ diff --git a/ssh.c b/ssh.c -index 26e9681..be59241 100644 +index 59c1f93..47e6fdb 100644 --- a/ssh.c +++ b/ssh.c -@@ -803,7 +803,8 @@ main(int ac, char **av) +@@ -902,7 +902,8 @@ main(int ac, char **av) options.control_path = xstrdup(optarg); break; case 'b': - options.bind_address = optarg; + options.bind_addresses[0] = optarg; -+ options.num_bind_address = 1; ++ options.num_bind_addresses = 1; break; case 'F': config = optarg; @@ -97,10 +113,10 @@ index 03a228f..c1b653b 100644 +# This means, that ssh tries 192.168.0.1 if fail to bind, next address willbe 3004:aaaa::beef and if it fails, +# uses default bind strategy, bind on any address diff --git a/ssh_config.5 b/ssh_config.5 -index f9ede7a..f138d17 100644 +index a47f3ca..b9aaf2f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 -@@ -214,8 +214,11 @@ or +@@ -242,8 +242,11 @@ or The default is .Dq no . .It Cm BindAddress @@ -115,15 +131,15 @@ index f9ede7a..f138d17 100644 Note that this option does not work if .Cm UsePrivilegedPort diff --git a/sshconnect.c b/sshconnect.c -index ac09eae..5ba4959 100644 +index 17fbe39..777b715 100644 --- a/sshconnect.c +++ b/sshconnect.c -@@ -280,49 +280,64 @@ ssh_create_socket(int privileged, struct addrinfo *ai) +@@ -283,49 +283,64 @@ ssh_create_socket(int privileged, struct addrinfo *ai) fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && !privileged) -+ if (options.num_bind_address == 0 && !privileged) ++ if (options.num_bind_addresses == 0 && !privileged) return sock; - if (options.bind_address) { @@ -138,13 +154,13 @@ index ac09eae..5ba4959 100644 - ssh_gai_strerror(gaierr)); - close(sock); - return -1; -+ verbose("Trying %d addresses to connect", options.num_bind_address); ++ verbose("Trying %d addresses to connect", options.num_bind_addresses); + uint i; -+ for (i = 0; i < options.num_bind_address || i == 0; i++) { -+ if (options.num_bind_address > 0) ++ for (i = 0; i < options.num_bind_addresses || i == 0; i++) { ++ if (options.num_bind_addresses > 0) + verbose("Trying bind address: %s", options.bind_addresses[i]); + -+ if (options.num_bind_address > 0 && strncmp(options.bind_addresses[i], SSH_BIND_ADDRESS_ANY, SSH_BIND_ADDRESS_ANYlen) != 0) { ++ if (options.num_bind_addresses > 0 && strncmp(options.bind_addresses[i], SSH_BIND_ADDRESS_ANY, SSH_BIND_ADDRESS_ANYlen) != 0) { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; @@ -221,4 +237,5 @@ index ac09eae..5ba4959 100644 static int -- -2.2.1 +2.6.2 + |