[openssh-commits] [openssh] 03/04: upstream: add "Match version" support to ssh_config. Allows
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Feb 15 13:16:45 AEDT 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 9131ac64b0ebe66dc1de9d44bf8d1bd64a24c350
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Sat Feb 15 01:52:07 2025 +0000
upstream: add "Match version" support to ssh_config. Allows
matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*"
ok markus@
OpenBSD-Commit-ID: c0cb504d0b9e43ccf12e68a544a7cd625e89758d
---
readconf.c | 9 ++++++++-
servconf.c | 18 ++++++++++++++----
ssh_config.5 | 11 +++++++++--
sshd_config.5 | 12 ++++++++++--
version.h | 3 ++-
5 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/readconf.c b/readconf.c
index 10adaaaa..c7630f6e 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.396 2025/02/15 01:50:47 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.397 2025/02/15 01:52:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -70,6 +70,7 @@
#include "uidswap.h"
#include "myproposal.h"
#include "digest.h"
+#include "version.h"
/* Format of the configuration file:
@@ -788,6 +789,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
strprefix(attrib, "user=", 1) != NULL ||
strprefix(attrib, "localuser=", 1) != NULL ||
strprefix(attrib, "localnetwork=", 1) != NULL ||
+ strprefix(attrib, "version=", 1) != NULL ||
strprefix(attrib, "tagged=", 1) != NULL ||
strprefix(attrib, "command=", 1) != NULL ||
strprefix(attrib, "exec=", 1) != NULL) {
@@ -840,6 +842,11 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
r = check_match_ifaddrs(arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
+ } else if (strcasecmp(attrib, "version") == 0) {
+ criteria = xstrdup(SSH_RELEASE);
+ r = match_pattern_list(SSH_RELEASE, arg, 0) == 1;
+ if (r == (negate ? 1 : 0))
+ this_result = result = 0;
} else if (strcasecmp(attrib, "tagged") == 0) {
criteria = xstrdup(options->tag == NULL ? "" :
options->tag);
diff --git a/servconf.c b/servconf.c
index 61f758b7..c5c1713c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.423 2025/02/10 23:16:51 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.424 2025/02/15 01:52:07 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -68,6 +68,7 @@
#include "auth.h"
#include "myproposal.h"
#include "digest.h"
+#include "version.h"
#if !defined(SSHD_PAM_SERVICE)
# define SSHD_PAM_SERVICE "sshd"
@@ -1094,7 +1095,8 @@ match_cfg_line(const char *full_line, int *acp, char ***avp,
strprefix(attrib, "address=", 1) != NULL ||
strprefix(attrib, "localaddress=", 1) != NULL ||
strprefix(attrib, "localport=", 1) != NULL ||
- strprefix(attrib, "rdomain=", 1) != NULL) {
+ strprefix(attrib, "rdomain=", 1) != NULL ||
+ strprefix(attrib, "version=", 1) != NULL) {
arg = strchr(attrib, '=');
*(arg++) = '\0';
} else {
@@ -1224,8 +1226,16 @@ match_cfg_line(const char *full_line, int *acp, char ***avp,
if (match_pattern_list(ci->rdomain, arg, 0) != 1)
result = 0;
else
- debug("user %.100s matched 'RDomain %.100s' at "
- "line %d", ci->rdomain, arg, line);
+ debug("connection RDomain %.100s matched "
+ "'RDomain %.100s' at line %d",
+ ci->rdomain, arg, line);
+ } else if (strcasecmp(attrib, "version") == 0) {
+ if (match_pattern_list(SSH_RELEASE, arg, 0) != 1)
+ result = 0;
+ else
+ debug("version %.100s matched "
+ "'version %.100s' at line %d",
+ SSH_RELEASE, arg, line);
} else {
error("Unsupported Match attribute %s", oattrib);
result = -1;
diff --git a/ssh_config.5 b/ssh_config.5
index 6fff9c74..0c650459 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.409 2025/02/15 01:50:47 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.410 2025/02/15 01:52:07 djm Exp $
.Dd $Mdocdate: February 15 2025 $
.Dt SSH_CONFIG 5
.Os
@@ -147,8 +147,9 @@ The available criteria keywords are:
.Cm tagged ,
.Cm command ,
.Cm user ,
+.Cm localuser ,
and
-.Cm localuser .
+.Cm version .
The
.Cm all
criteria must appear alone or immediately after
@@ -244,6 +245,12 @@ for an SFTP session).
The empty string will match the case where a command or tag has not been
specified, i.e.
.Sq Match tag \&"\&"
+The
+.Cm version
+keyword matches against the version string of
+.Xr ssh 1 ,
+for example
+.Dq OpenSSH_10.0 .
.Pp
The
.Cm user
diff --git a/sshd_config.5 b/sshd_config.5
index c3d76bc6..c0771737 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.380 2024/12/06 16:24:27 djm Exp $
-.Dd $Mdocdate: December 6 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.381 2025/02/15 01:52:07 djm Exp $
+.Dd $Mdocdate: February 15 2025 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1245,6 +1245,7 @@ The available criteria are
.Cm Host ,
.Cm LocalAddress ,
.Cm LocalPort ,
+.Cm Version ,
.Cm RDomain ,
and
.Cm Address
@@ -1270,6 +1271,13 @@ it is an error to specify a mask length that is too long for the address
or one with bits set in this host portion of the address.
For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
.Pp
+The
+.Cm Version
+keyword matches against the version string of
+.Xr sshd 8 ,
+for example
+.Dq OpenSSH_10.0 .
+.Pp
Only a subset of keywords may be used on the lines following a
.Cm Match
keyword.
diff --git a/version.h b/version.h
index 8c7e37e7..718735c9 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,7 @@
-/* $OpenBSD: version.h,v 1.103 2024/09/19 22:17:44 djm Exp $ */
+/* $OpenBSD: version.h,v 1.104 2025/02/15 01:52:07 djm Exp $ */
#define SSH_VERSION "OpenSSH_9.9"
+#define SSH_RELEASE SSH_VERSION
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list