[openssh-commits] [openssh] 05/05: upstream: Add support for configuration tags to ssh(1).
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Jul 17 14:54:07 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 919bc3d3b712c920de1ae6be5ac6561c98886d7e
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 17 04:08:31 2023 +0000
upstream: Add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
ok markus
OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3
---
readconf.c | 15 +++++++++++++--
readconf.h | 3 ++-
ssh.1 | 15 +++++++++++++--
ssh.c | 8 +++++---
ssh_config.5 | 16 +++++++++++++++-
5 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/readconf.c b/readconf.c
index 28f6acce..5418ace8 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.378 2023/07/17 04:04:36 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.379 2023/07/17 04:08:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -144,7 +144,7 @@ static int process_config_line_depth(Options *options, struct passwd *pw,
typedef enum {
oBadOption,
- oHost, oMatch, oInclude,
+ oHost, oMatch, oInclude, oTag,
oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
oGatewayPorts, oExitOnForwardFailure,
oPasswordAuthentication,
@@ -257,6 +257,7 @@ static struct {
{ "user", oUser },
{ "host", oHost },
{ "match", oMatch },
+ { "tag", oTag },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
{ "userknownhostsfile", oUserKnownHostsFile },
@@ -745,6 +746,10 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
goto out;
}
r = check_match_ifaddrs(arg) == 1;
+ } else if (strcasecmp(attrib, "tagged") == 0) {
+ criteria = xstrdup(options->tag == NULL ? "" :
+ options->tag);
+ r = match_pattern_list(criteria, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
@@ -1365,6 +1370,10 @@ parse_char_array:
charptr = &options->hostname;
goto parse_string;
+ case oTag:
+ charptr = &options->tag;
+ goto parse_string;
+
case oHostKeyAlias:
charptr = &options->host_key_alias;
goto parse_string;
@@ -2512,6 +2521,7 @@ initialize_options(Options * options)
options->known_hosts_command = NULL;
options->required_rsa_size = -1;
options->enable_escape_commandline = -1;
+ options->tag = NULL;
}
/*
@@ -3431,6 +3441,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
dump_cfg_string(oXAuthLocation, o->xauth_location);
dump_cfg_string(oKnownHostsCommand, o->known_hosts_command);
+ dump_cfg_string(oTag, o->tag);
/* Forwards */
dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);
diff --git a/readconf.h b/readconf.h
index 2ce1b4c3..dfe5bab0 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.150 2023/01/13 02:58:20 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.151 2023/07/17 04:08:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -70,6 +70,7 @@ typedef struct {
char *kex_algorithms; /* SSH2 kex methods in order of preference. */
char *ca_sign_algorithms; /* Allowed CA signature algorithms */
char *hostname; /* Real host to connect. */
+ char *tag; /* Configuration tag name. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
char *user; /* User to log in as. */
diff --git a/ssh.1 b/ssh.1
index 3d89c7d7..4935a6ff 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.434 2023/06/21 05:08:32 djm Exp $
-.Dd $Mdocdate: June 21 2023 $
+.\" $OpenBSD: ssh.1,v 1.435 2023/07/17 04:08:31 djm Exp $
+.Dd $Mdocdate: July 17 2023 $
.Dt SSH 1
.Os
.Sh NAME
@@ -59,6 +59,7 @@
.Op Fl O Ar ctl_cmd
.Op Fl o Ar option
.Op Fl p Ar port
+.Op Fl P Ar tag
.Op Fl Q Ar query_option
.Op Fl R Ar address
.Op Fl S Ar ctl_path
@@ -593,6 +594,16 @@ For full details of the options listed below, and their possible values, see
.It XAuthLocation
.El
.Pp
+.It Fl P Ar tag
+Specify a tag name that may be used to select configuration in
+.Xr ssh_config 5 .
+Refer to the
+.Cm Tag
+and
+.Cm Match
+keywords in
+.Xr ssh_config 5
+for more information.
.It Fl p Ar port
Port to connect to on the remote host.
This can be specified on a
diff --git a/ssh.c b/ssh.c
index 83c509cc..d1182426 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.590 2023/07/04 03:59:21 dlg Exp $ */
+/* $OpenBSD: ssh.c,v 1.591 2023/07/17 04:08:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -708,7 +708,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
+ "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
switch (opt) {
case '1':
fatal("SSH protocol v.1 is no longer supported");
@@ -772,7 +772,9 @@ main(int ac, char **av)
else
fatal("Invalid multiplex command.");
break;
- case 'P': /* deprecated */
+ case 'P':
+ if (options.tag == NULL)
+ options.tag = xstrdup(optarg);
break;
case 'Q':
cp = NULL;
diff --git a/ssh_config.5 b/ssh_config.5
index 3d18fb2a..0c2327e0 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.381 2023/07/17 04:04:36 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.382 2023/07/17 04:08:31 djm Exp $
.Dd $Mdocdate: July 17 2023 $
.Dt SSH_CONFIG 5
.Os
@@ -144,6 +144,7 @@ The available criteria keywords are:
.Cm localnetwork ,
.Cm host ,
.Cm originalhost ,
+.Cm Tag ,
.Cm user ,
and
.Cm localuser .
@@ -223,6 +224,15 @@ The
.Cm originalhost
keyword matches against the hostname as it was specified on the command-line.
The
+.Cm tagged
+keyword matches a tag name specified by a prior
+.Cm Tag
+directive or on the
+.Xr ssh 1
+command-line using the
+.Fl P
+flag.
+The
.Cm user
keyword matches against the target username on the remote host.
The
@@ -1886,6 +1896,10 @@ To disable TCP keepalive messages, the value should be set to
See also
.Cm ServerAliveInterval
for protocol-level keepalives.
+.It Cm Tag
+Specify a configuration tag name that may be later used by a
+.Cm Match
+directive to select a block of configuation.
.It Cm Tunnel
Request
.Xr tun 4
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list