upstream commit

refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
author: djm@openbsd.org <djm@openbsd.org> 2017-09-12 06:32:07 +0000
committer: Damien Miller <djm@mindrot.org> 2017-09-12 17:37:02 +1000
commit: dbee4119b502e3f8b6cd3282c69c537fd01d8e16 (patch)
tree: b8a3263a79e0920e8d08f188654f1ccb7c254406 /servconf.h
parent: abd59663df37a42152e37980113ccaa405b9a282 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/servconf.h b/servconf.h
index c2848a765..ffcbc3319 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.124 2017/06/24 06:34:38 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.125 2017/09/12 06:32:07 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -48,12 +48,19 @@
 #define FORWARD_LOCAL           (1<<1)
 #define FORWARD_ALLOW           (FORWARD_REMOTE|FORWARD_LOCAL)
+/* PermitOpen */
+#define PERMITOPEN_ANY          0
+#define PERMITOPEN_NONE         -2
 #define DEFAULT_AUTH_FAIL_MAX   6       /* Default for MaxAuthTries */
 #define DEFAULT_SESSIONS_MAX    10      /* Default for MaxSessions */
 /* Magic name for internal sftp-server */
 #define INTERNAL_SFTP_NAME      "internal-sftp"
+struct ssh;
+struct fwd_perm_list;
 typedef struct {
        u_int   num_ports;
        u_int   ports_from_cmdline;
@@ -169,7 +176,8 @@ typedef struct {
        int     permit_tun;
-        int     num_permitted_opens;
+        char   **permitted_opens;
+        u_int   num_permitted_opens; /* May also be one of PERMITOPEN_* */
        char   *chroot_directory;
        char   *revoked_keys_file;
@@ -229,6 +237,7 @@ struct connection_info {
                M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
                M_CP_STRARRAYOPT(accept_env, num_accept_env); \
                M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
+                M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
        } while (0)
 struct connection_info *get_connection_info(int, int);
@@ -236,6 +245,7 @@ void	 initialize_server_options(ServerOptions *);
 void     fill_default_server_options(ServerOptions *);
 int      process_server_config_line(ServerOptions *, char *, const char *, int,
             int *, struct connection_info *);
+void     process_permitopen(struct ssh *ssh, ServerOptions *options);
 void     load_server_config(const char *, Buffer *);
 void     parse_server_config(ServerOptions *, const char *, Buffer *,
             struct connection_info *);
author	djm@openbsd.org <djm@openbsd.org>	2017-09-12 06:32:07 +0000
committer	Damien Miller <djm@mindrot.org>	2017-09-12 17:37:02 +1000
commit	dbee4119b502e3f8b6cd3282c69c537fd01d8e16 (patch)
tree	b8a3263a79e0920e8d08f188654f1ccb7c254406 /servconf.h
parent	abd59663df37a42152e37980113ccaa405b9a282 (diff)