diff options
| author | Damien Miller <djm@mindrot.org> | 2005-12-13 19:33:19 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-12-13 19:33:19 +1100 |
| commit | 7b58e800364870d05630514945687d2f26e3c065 (patch) | |
| tree | f8b436c13a767fcb014125513fe53b6bc0bde9a2 /servconf.c | |
| parent | 957d4e430ed40265cffc483abdc5b0e6a58c69ed (diff) | |
- reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 91a0ced29..81953bb80 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.145 2005/12/06 22:38:27 reyk Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $"); |
| 14 | 14 | ||
| 15 | #include "ssh.h" | 15 | #include "ssh.h" |
| 16 | #include "log.h" | 16 | #include "log.h" |
| @@ -231,7 +231,7 @@ fill_default_server_options(ServerOptions *options) | |||
| 231 | if (options->authorized_keys_file == NULL) | 231 | if (options->authorized_keys_file == NULL) |
| 232 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; | 232 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
| 233 | if (options->permit_tun == -1) | 233 | if (options->permit_tun == -1) |
| 234 | options->permit_tun = 0; | 234 | options->permit_tun = SSH_TUNMODE_NO; |
| 235 | 235 | ||
| 236 | /* Turn privilege separation on by default */ | 236 | /* Turn privilege separation on by default */ |
| 237 | if (use_privsep == -1) | 237 | if (use_privsep == -1) |
| @@ -968,7 +968,25 @@ parse_flag: | |||
| 968 | 968 | ||
| 969 | case sPermitTunnel: | 969 | case sPermitTunnel: |
| 970 | intptr = &options->permit_tun; | 970 | intptr = &options->permit_tun; |
| 971 | goto parse_flag; | 971 | arg = strdelim(&cp); |
| 972 | if (!arg || *arg == '\0') | ||
| 973 | fatal("%s line %d: Missing yes/point-to-point/" | ||
| 974 | "ethernet/no argument.", filename, linenum); | ||
| 975 | value = 0; /* silence compiler */ | ||
| 976 | if (strcasecmp(arg, "ethernet") == 0) | ||
| 977 | value = SSH_TUNMODE_ETHERNET; | ||
| 978 | else if (strcasecmp(arg, "point-to-point") == 0) | ||
| 979 | value = SSH_TUNMODE_POINTOPOINT; | ||
| 980 | else if (strcasecmp(arg, "yes") == 0) | ||
| 981 | value = SSH_TUNMODE_YES; | ||
| 982 | else if (strcasecmp(arg, "no") == 0) | ||
| 983 | value = SSH_TUNMODE_NO; | ||
| 984 | else | ||
| 985 | fatal("%s line %d: Bad yes/point-to-point/ethernet/" | ||
| 986 | "no argument: %s", filename, linenum, arg); | ||
| 987 | if (*intptr == -1) | ||
| 988 | *intptr = value; | ||
| 989 | break; | ||
| 972 | 990 | ||
| 973 | case sDeprecated: | 991 | case sDeprecated: |
| 974 | logit("%s line %d: Deprecated option %s", | 992 | logit("%s line %d: Deprecated option %s", |