[patch] RFC: put server tunnel name in environment

Tue Sep 22 03:54:47 EST 2009

--On 21 September 2009 13:21:13 +0100 Alex Bligh <alex at alex.org.uk> wrote:

> If an ssh server receives a tun/tap tunnel request and sets up the tunnel
> concerned, as far as I can see there is currently no way for the server
> to configure the tunnel in a manner dependent upon (e.g) the key used to
> set up the ssh session. Whilst an id based on the key can be passed to
> the ssh child process, where the tunnel is dynamically allocated, its
> tunnel name is lost.
>
> This patch remedies this. It is very simple. All it does is put the
> tunnel name in the environment if one is set up. IE ssh to a server
> with "-w any" and the executed command will have (e.g.)
>   SSH_TUNNEL=tun1
> if tun1 was allocated. On *BSD, this will look more like '/dev/tun1'.
>
> I have tested this patch on Linux. It should work equally well on OpenBSD
> and FreeBSD (it's really very simple) but someone should test this.
>
> Patch is against 5.1p1.
>
> [this is my first patch against openssh so please go easy]

Trying again, with the patch attached as text/plain
(apologies for the extension)

-- 
Alex Bligh
-------------- next part --------------
diff -ur --exclude out ../openssh-5.1p1/misc.c ./misc.c

--- ../openssh-5.1p1/misc.c	2008-06-13 05:48:59.000000000 +0100
+++ ./misc.c	2009-09-21 13:07:44.000000000 +0100
@@ -56,6 +56,8 @@
 #include "log.h"
 #include "ssh.h"
 
+static char *misc_tunname = 0;
+
 /* remove newline at end of string */
 char *
 chop(char *s)
@@ -695,6 +697,9 @@
 	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
 		goto failed;
 
+	/* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY */
+	tun_setname(ifr.ifr_name);
+
 	close(sock);
 	return (fd);
 
@@ -712,6 +717,28 @@
 #endif
 }
 
+/*
+ * Return the recorded name of the tunnel device
+ */
+char *
+tun_getname()
+{
+	return (misc_tunname);
+}
+
+/*
+ * Set the name of the recorded tunnel device, storing a copy (freeing
+ * any old version
+ */
+void
+tun_setname(const char *tunname)
+{
+	if (misc_tunname)
+		xfree (misc_tunname);
+	
+	misc_tunname = xstrdup(tunname);
+}
+
 void
 sanitise_stdfd(void)
 {
diff -ur --exclude out ../openssh-5.1p1/misc.h ./misc.h
--- ../openssh-5.1p1/misc.h	2008-06-12 21:42:45.000000000 +0100
+++ ./misc.h	2009-09-21 12:22:56.000000000 +0100
@@ -52,6 +52,8 @@
 void	 freeargs(arglist *);
 
 int	 tun_open(int, int);
+char	*tun_getname();
+void	 tun_setname(const char *);
 
 /* Common definitions for ssh tunnel device forwarding */
 #define SSH_TUNMODE_NO		0x00
diff -ur --exclude out ../openssh-5.1p1/openbsd-compat/port-tun.c ./openbsd-compat/port-tun.c
--- ../openssh-5.1p1/openbsd-compat/port-tun.c	2008-05-19 06:28:36.000000000 +0100
+++ ./openbsd-compat/port-tun.c	2009-09-21 12:59:09.000000000 +0100
@@ -93,6 +93,9 @@
 		goto failed;
 	}
 
+	/* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY */
+	tun_setname(ifr.ifr_name);
+
 	if (tun == SSH_TUNID_ANY)
 		debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
 	else
@@ -177,6 +180,9 @@
 	if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
 		goto failed;
 
+	/* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY */
+	tun_setname(ifr.ifr_name);
+
 	close(sock);
 	return (fd);
 
diff -ur --exclude out ../openssh-5.1p1/session.c ./session.c
--- ../openssh-5.1p1/session.c	2008-06-16 14:29:18.000000000 +0100
+++ ./session.c	2009-09-21 12:45:19.000000000 +0100
@@ -1110,6 +1110,7 @@
 	u_int i, envsize;
 	char **env, *laddr;
 	struct passwd *pw = s->pw;
+	char * tunname;
 #ifndef HAVE_LOGIN_CAP
 	char *path = NULL;
 #endif
@@ -1216,6 +1217,10 @@
 	xfree(laddr);
 	child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
 
+	tunname = tun_getname();
+	if (tunname)
+		child_set_env(&env, &envsize, "SSH_TUNNEL", tunname);
+
 	if (s->ttyfd != -1)
 		child_set_env(&env, &envsize, "SSH_TTY", s->tty);
 	if (s->term)
