--On 21 September 2009 13:21:13 +0100 Alex Bligh <alex at alex.org.uk>
wrote:
> If an ssh server receives a tun/tap tunnel request and sets up the tunnel
> concerned, as far as I can see there is currently no way for the server
> to configure the tunnel in a manner dependent upon (e.g) the key used to
> set up the ssh session. Whilst an id based on the key can be passed to
> the ssh child process, where the tunnel is dynamically allocated, its
> tunnel name is lost.
>
> This patch remedies this. It is very simple. All it does is put the
> tunnel name in the environment if one is set up. IE ssh to a server
> with "-w any" and the executed command will have (e.g.)
> SSH_TUNNEL=tun1
> if tun1 was allocated. On *BSD, this will look more like
'/dev/tun1'.
>
> I have tested this patch on Linux. It should work equally well on OpenBSD
> and FreeBSD (it's really very simple) but someone should test this.
>
> Patch is against 5.1p1.
>
> [this is my first patch against openssh so please go easy]
Trying again, with the patch attached as text/plain
(apologies for the extension)
--
Alex Bligh
-------------- next part --------------
diff -ur --exclude out ../openssh-5.1p1/misc.c ./misc.c
--- ../openssh-5.1p1/misc.c 2008-06-13 05:48:59.000000000 +0100
+++ ./misc.c 2009-09-21 13:07:44.000000000 +0100
@@ -56,6 +56,8 @@
#include "log.h"
#include "ssh.h"
+static char *misc_tunname = 0;
+
/* remove newline at end of string */
char *
chop(char *s)
@@ -695,6 +697,9 @@
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
goto failed;
+ /* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY
*/
+ tun_setname(ifr.ifr_name);
+
close(sock);
return (fd);
@@ -712,6 +717,28 @@
#endif
}
+/*
+ * Return the recorded name of the tunnel device
+ */
+char *
+tun_getname()
+{
+ return (misc_tunname);
+}
+
+/*
+ * Set the name of the recorded tunnel device, storing a copy (freeing
+ * any old version
+ */
+void
+tun_setname(const char *tunname)
+{
+ if (misc_tunname)
+ xfree (misc_tunname);
+
+ misc_tunname = xstrdup(tunname);
+}
+
void
sanitise_stdfd(void)
{
diff -ur --exclude out ../openssh-5.1p1/misc.h ./misc.h
--- ../openssh-5.1p1/misc.h 2008-06-12 21:42:45.000000000 +0100
+++ ./misc.h 2009-09-21 12:22:56.000000000 +0100
@@ -52,6 +52,8 @@
void freeargs(arglist *);
int tun_open(int, int);
+char *tun_getname();
+void tun_setname(const char *);
/* Common definitions for ssh tunnel device forwarding */
#define SSH_TUNMODE_NO 0x00
diff -ur --exclude out ../openssh-5.1p1/openbsd-compat/port-tun.c
./openbsd-compat/port-tun.c
--- ../openssh-5.1p1/openbsd-compat/port-tun.c 2008-05-19 06:28:36.000000000
+0100
+++ ./openbsd-compat/port-tun.c 2009-09-21 12:59:09.000000000 +0100
@@ -93,6 +93,9 @@
goto failed;
}
+ /* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY
*/
+ tun_setname(ifr.ifr_name);
+
if (tun == SSH_TUNID_ANY)
debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
else
@@ -177,6 +180,9 @@
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
goto failed;
+ /* Preserve the name with the field the ioctl populated when tun=SSH_TUNID_ANY
*/
+ tun_setname(ifr.ifr_name);
+
close(sock);
return (fd);
diff -ur --exclude out ../openssh-5.1p1/session.c ./session.c
--- ../openssh-5.1p1/session.c 2008-06-16 14:29:18.000000000 +0100
+++ ./session.c 2009-09-21 12:45:19.000000000 +0100
@@ -1110,6 +1110,7 @@
u_int i, envsize;
char **env, *laddr;
struct passwd *pw = s->pw;
+ char * tunname;
#ifndef HAVE_LOGIN_CAP
char *path = NULL;
#endif
@@ -1216,6 +1217,10 @@
xfree(laddr);
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
+ tunname = tun_getname();
+ if (tunname)
+ child_set_env(&env, &envsize, "SSH_TUNNEL", tunname);
+
if (s->ttyfd != -1)
child_set_env(&env, &envsize, "SSH_TTY", s->tty);
if (s->term)