upstream: permitlisten option for authorized_keys; ok markus@

OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
author: djm@openbsd.org <djm@openbsd.org> 2018-06-06 18:23:32 +0000
committer: Damien Miller <djm@mindrot.org> 2018-06-07 04:27:20 +1000
commit: 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch)
tree: 86b19179eaa51962f0dae9ab02d6d37197942265 /servconf.c
parent: 115063a6647007286cc8ca70abfd2a7585f26ccc (diff)
1 files changed, 16 insertions, 16 deletions
diff --git a/servconf.c b/servconf.c
index b75faf3f8..3c41490b3 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.329 2018/06/06 18:22:41 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.330 2018/06/06 18:23:32 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -160,7 +160,7 @@ initialize_server_options(ServerOptions *options)
        options->num_accept_env = 0;
        options->permit_tun = -1;
        options->permitted_opens = NULL;
-        options->permitted_remote_opens = NULL;
+        options->permitted_listens = NULL;
        options->adm_forced_command = NULL;
        options->chroot_directory = NULL;
        options->authorized_keys_command = NULL;
@@ -463,7 +463,7 @@ typedef enum {
        sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
        sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
        sAcceptEnv, sPermitTunnel,
-        sMatch, sPermitOpen, sPermitRemoteOpen, sForceCommand, sChrootDirectory,
+        sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
        sHostCertificate,
        sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
@@ -598,7 +598,7 @@ static struct {
        { "permituserrc", sPermitUserRC, SSHCFG_ALL },
        { "match", sMatch, SSHCFG_ALL },
        { "permitopen", sPermitOpen, SSHCFG_ALL },
-        { "permitremoteopen", sPermitRemoteOpen, SSHCFG_ALL },
+        { "permitlisten", sPermitListen, SSHCFG_ALL },
        { "forcecommand", sForceCommand, SSHCFG_ALL },
        { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
        { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
@@ -878,9 +878,9 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
 {
        process_permitopen_list(ssh, sPermitOpen,
            options->permitted_opens, options->num_permitted_opens);
-        process_permitopen_list(ssh, sPermitRemoteOpen,
+        process_permitopen_list(ssh, sPermitListen,
-            options->permitted_remote_opens,
+            options->permitted_listens,
-            options->num_permitted_remote_opens);
+            options->num_permitted_listens);
 }
 struct connection_info *
@@ -1831,11 +1831,11 @@ process_server_config_line(ServerOptions *options, char *line,
                *activep = value;
                break;
-        case sPermitRemoteOpen:
+        case sPermitListen:
        case sPermitOpen:
-                if (opcode == sPermitRemoteOpen) {
+                if (opcode == sPermitListen) {
-                        uintptr = &options->num_permitted_remote_opens;
+                        uintptr = &options->num_permitted_listens;
-                        chararrayptr = &options->permitted_remote_opens;
+                        chararrayptr = &options->permitted_listens;
                } else {
                        uintptr = &options->num_permitted_opens;
                        chararrayptr = &options->permitted_opens;
@@ -1857,7 +1857,7 @@ process_server_config_line(ServerOptions *options, char *line,
                for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
                        arg2 = xstrdup(arg);
                        p = hpdelim(&arg);
-                        /* XXX support bare port number for PermitRemoteOpen */
+                        /* XXX support bare port number for PermitListen */
                        if (p == NULL) {
                                fatal("%s line %d: missing host in %s",
                                    filename, linenum,
@@ -2596,12 +2596,12 @@ dump_config(ServerOptions *o)
                        printf(" %s", o->permitted_opens[i]);
        }
        printf("\n");
-        printf("permitremoteopen");
+        printf("permitlisten");
-        if (o->num_permitted_remote_opens == 0)
+        if (o->num_permitted_listens == 0)
                printf(" any");
        else {
-                for (i = 0; i < o->num_permitted_remote_opens; i++)
+                for (i = 0; i < o->num_permitted_listens; i++)
-                        printf(" %s", o->permitted_remote_opens[i]);
+                        printf(" %s", o->permitted_listens[i]);
        }
        printf("\n");
 }
author	djm@openbsd.org <djm@openbsd.org>	2018-06-06 18:23:32 +0000
committer	Damien Miller <djm@mindrot.org>	2018-06-07 04:27:20 +1000
commit	93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch)
tree	86b19179eaa51962f0dae9ab02d6d37197942265 /servconf.c
parent	115063a6647007286cc8ca70abfd2a7585f26ccc (diff)

diff --git a/servconf.c b/servconf.c index b75faf3f8..3c41490b3 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,5 @@
1		1
2	/* $OpenBSD: servconf.c,v 1.329 2018/06/06 18:22:41 djm Exp $ */	2	/* $OpenBSD: servconf.c,v 1.330 2018/06/06 18:23:32 djm Exp $ */
3	/*	3	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	5	* All rights reserved
@@ -160,7 +160,7 @@ initialize_server_options(ServerOptions *options)
160	options->num_accept_env = 0;	160	options->num_accept_env = 0;
161	options->permit_tun = -1;	161	options->permit_tun = -1;
162	options->permitted_opens = NULL;	162	options->permitted_opens = NULL;
163	options->permitted_remote_opens = NULL;	163	options->permitted_listens = NULL;
164	options->adm_forced_command = NULL;	164	options->adm_forced_command = NULL;
165	options->chroot_directory = NULL;	165	options->chroot_directory = NULL;
166	options->authorized_keys_command = NULL;	166	options->authorized_keys_command = NULL;
@@ -463,7 +463,7 @@ typedef enum {
463	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,	463	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
464	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,	464	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
465	sAcceptEnv, sPermitTunnel,	465	sAcceptEnv, sPermitTunnel,
466	sMatch, sPermitOpen, sPermitRemoteOpen, sForceCommand, sChrootDirectory,	466	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
467	sUsePrivilegeSeparation, sAllowAgentForwarding,	467	sUsePrivilegeSeparation, sAllowAgentForwarding,
468	sHostCertificate,	468	sHostCertificate,
469	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,	469	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
@@ -598,7 +598,7 @@ static struct {
598	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },	598	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
599	{ "match", sMatch, SSHCFG_ALL },	599	{ "match", sMatch, SSHCFG_ALL },
600	{ "permitopen", sPermitOpen, SSHCFG_ALL },	600	{ "permitopen", sPermitOpen, SSHCFG_ALL },
601	{ "permitremoteopen", sPermitRemoteOpen, SSHCFG_ALL },	601	{ "permitlisten", sPermitListen, SSHCFG_ALL },
602	{ "forcecommand", sForceCommand, SSHCFG_ALL },	602	{ "forcecommand", sForceCommand, SSHCFG_ALL },
603	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },	603	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
604	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },	604	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
@@ -878,9 +878,9 @@ process_permitopen(struct ssh ssh, ServerOptions options)
878	{	878	{
879	process_permitopen_list(ssh, sPermitOpen,	879	process_permitopen_list(ssh, sPermitOpen,
880	options->permitted_opens, options->num_permitted_opens);	880	options->permitted_opens, options->num_permitted_opens);
881	process_permitopen_list(ssh, sPermitRemoteOpen,	881	process_permitopen_list(ssh, sPermitListen,
882	options->permitted_remote_opens,	882	options->permitted_listens,
883	options->num_permitted_remote_opens);	883	options->num_permitted_listens);
884	}	884	}
885		885
886	struct connection_info *	886	struct connection_info *
@@ -1831,11 +1831,11 @@ process_server_config_line(ServerOptions options, char line,
1831	*activep = value;	1831	*activep = value;
1832	break;	1832	break;
1833		1833
1834	case sPermitRemoteOpen:	1834	case sPermitListen:
1835	case sPermitOpen:	1835	case sPermitOpen:
1836	if (opcode == sPermitRemoteOpen) {	1836	if (opcode == sPermitListen) {
1837	uintptr = &options->num_permitted_remote_opens;	1837	uintptr = &options->num_permitted_listens;
1838	chararrayptr = &options->permitted_remote_opens;	1838	chararrayptr = &options->permitted_listens;
1839	} else {	1839	} else {
1840	uintptr = &options->num_permitted_opens;	1840	uintptr = &options->num_permitted_opens;
1841	chararrayptr = &options->permitted_opens;	1841	chararrayptr = &options->permitted_opens;
@@ -1857,7 +1857,7 @@ process_server_config_line(ServerOptions options, char line,
1857	for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {	1857	for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
1858	arg2 = xstrdup(arg);	1858	arg2 = xstrdup(arg);
1859	p = hpdelim(&arg);	1859	p = hpdelim(&arg);
1860	/* XXX support bare port number for PermitRemoteOpen */	1860	/* XXX support bare port number for PermitListen */
1861	if (p == NULL) {	1861	if (p == NULL) {
1862	fatal("%s line %d: missing host in %s",	1862	fatal("%s line %d: missing host in %s",
1863	filename, linenum,	1863	filename, linenum,
@@ -2596,12 +2596,12 @@ dump_config(ServerOptions *o)
2596	printf(" %s", o->permitted_opens[i]);	2596	printf(" %s", o->permitted_opens[i]);
2597	}	2597	}
2598	printf("\n");	2598	printf("\n");
2599	printf("permitremoteopen");	2599	printf("permitlisten");
2600	if (o->num_permitted_remote_opens == 0)	2600	if (o->num_permitted_listens == 0)
2601	printf(" any");	2601	printf(" any");
2602	else {	2602	else {
2603	for (i = 0; i < o->num_permitted_remote_opens; i++)	2603	for (i = 0; i < o->num_permitted_listens; i++)
2604	printf(" %s", o->permitted_remote_opens[i]);	2604	printf(" %s", o->permitted_listens[i]);
2605	}	2605	}
2606	printf("\n");	2606	printf("\n");
2607	}	2607	}