diff options
author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /servconf.h | |
parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/servconf.h b/servconf.h index 0be15f09a..a15f2a7fa 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.99 2011/06/22 21:57:01 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.103 2012/07/10 02:19:15 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -39,7 +39,7 @@ | |||
39 | /* use_privsep */ | 39 | /* use_privsep */ |
40 | #define PRIVSEP_OFF 0 | 40 | #define PRIVSEP_OFF 0 |
41 | #define PRIVSEP_ON 1 | 41 | #define PRIVSEP_ON 1 |
42 | #define PRIVSEP_SANDBOX 2 | 42 | #define PRIVSEP_NOSANDBOX 2 |
43 | 43 | ||
44 | #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ | 44 | #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ |
45 | #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ | 45 | #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ |
@@ -166,14 +166,25 @@ typedef struct { | |||
166 | 166 | ||
167 | int num_permitted_opens; | 167 | int num_permitted_opens; |
168 | 168 | ||
169 | int debian_banner; | ||
170 | |||
171 | char *chroot_directory; | 169 | char *chroot_directory; |
172 | char *revoked_keys_file; | 170 | char *revoked_keys_file; |
173 | char *trusted_user_ca_keys; | 171 | char *trusted_user_ca_keys; |
174 | char *authorized_principals_file; | 172 | char *authorized_principals_file; |
173 | |||
174 | char *version_addendum; /* Appended to SSH banner */ | ||
175 | int debian_banner; | ||
175 | } ServerOptions; | 176 | } ServerOptions; |
176 | 177 | ||
178 | /* Information about the incoming connection as used by Match */ | ||
179 | struct connection_info { | ||
180 | const char *user; | ||
181 | const char *host; /* possibly resolved hostname */ | ||
182 | const char *address; /* remote address */ | ||
183 | const char *laddress; /* local address */ | ||
184 | int lport; /* local port */ | ||
185 | }; | ||
186 | |||
187 | |||
177 | /* | 188 | /* |
178 | * These are string config options that must be copied between the | 189 | * These are string config options that must be copied between the |
179 | * Match sub-config and the main config, and must be sent from the | 190 | * Match sub-config and the main config, and must be sent from the |
@@ -186,17 +197,24 @@ typedef struct { | |||
186 | M_CP_STROPT(revoked_keys_file); \ | 197 | M_CP_STROPT(revoked_keys_file); \ |
187 | M_CP_STROPT(authorized_principals_file); \ | 198 | M_CP_STROPT(authorized_principals_file); \ |
188 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | 199 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |
200 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ | ||
201 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ | ||
202 | M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ | ||
203 | M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ | ||
204 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | ||
189 | } while (0) | 205 | } while (0) |
190 | 206 | ||
207 | struct connection_info *get_connection_info(int, int); | ||
191 | void initialize_server_options(ServerOptions *); | 208 | void initialize_server_options(ServerOptions *); |
192 | void fill_default_server_options(ServerOptions *); | 209 | void fill_default_server_options(ServerOptions *); |
193 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 210 | int process_server_config_line(ServerOptions *, char *, const char *, int, |
194 | int *, const char *, const char *, const char *); | 211 | int *, struct connection_info *); |
195 | void load_server_config(const char *, Buffer *); | 212 | void load_server_config(const char *, Buffer *); |
196 | void parse_server_config(ServerOptions *, const char *, Buffer *, | 213 | void parse_server_config(ServerOptions *, const char *, Buffer *, |
197 | const char *, const char *, const char *); | 214 | struct connection_info *); |
198 | void parse_server_match_config(ServerOptions *, const char *, const char *, | 215 | void parse_server_match_config(ServerOptions *, struct connection_info *); |
199 | const char *); | 216 | int parse_server_match_testspec(struct connection_info *, char *); |
217 | int server_match_spec_complete(struct connection_info *); | ||
200 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); | 218 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); |
201 | void dump_config(ServerOptions *); | 219 | void dump_config(ServerOptions *); |
202 | char *derelativise_path(const char *); | 220 | char *derelativise_path(const char *); |