openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Restricting users using one port

Re: Restricting users using one port

From: Damien Miller <djm_at_nospam>
Date: Sun Oct 16 2011 - 21:06:57 GMT
To: Darren Tucker <dtucker@zip.com.au>

On Mon, 17 Oct 2011, Darren Tucker wrote:

> It's feasible. The initial Match processing is done just after the
> client sends the username so both the local address and port are known
> and there should be no additional hooks needed.
>
> I'd suggest calling them LocalAddress and LocalPort (or ServerAddress
> and ServerPort) though.
>
> Attached are two patches: openssh-match-struct.patch
> which moves the items that are checked to a struct, and
> openssh-match-localaddrport.patch which implements the requested
> functionality. (You only need the latter to try it, the former is just
> for review).

I like this, but I prefer LocalAddress/LocalPort over
ListenAddress/ListenPort. Instead of adding another global, perhaps you
could add a canohost.c function that returns a (cached) ConnectionInfo?

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev