- djm@cvs.openbsd.org 2013/10/16 02:31:47
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
diff --git a/readconf.h b/readconf.h
index cde8b52..4a21089 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.97 2013/10/14 22:22:03 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.98 2013/10/16 02:31:46 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -29,7 +29,13 @@
/* Data structure for representing option data. */
#define MAX_SEND_ENV 256
-#define SSH_MAX_HOSTS_FILES 256
+#define SSH_MAX_HOSTS_FILES 32
+#define MAX_CANON_DOMAINS 32
+
+struct allowed_cname {
+ char *source_list;
+ char *target_list;
+};
typedef struct {
int forward_agent; /* Forward authentication agent. */
@@ -140,9 +146,21 @@
int proxy_use_fdpass;
+ int num_canonical_domains;
+ char *canonical_domains[MAX_CANON_DOMAINS];
+ int canonicalise_hostname;
+ int canonicalise_max_dots;
+ int canonicalise_fallback_local;
+ int num_permitted_cnames;
+ struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
+#define SSH_CANONICALISE_NO 0
+#define SSH_CANONICALISE_YES 1
+#define SSH_CANONICALISE_ALWAYS 2
+
#define SSHCTL_MASTER_NO 0
#define SSHCTL_MASTER_YES 1
#define SSHCTL_MASTER_AUTO 2