diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-06 18:22:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-07 04:27:20 +1000 |
| commit | 115063a6647007286cc8ca70abfd2a7585f26ccc (patch) | |
| tree | 7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8 /servconf.h | |
| parent | 7703ae5f5d42eb302ded51705166ff6e19c92892 (diff) | |
upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/servconf.h b/servconf.h index 6d2553c38..62acd8938 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.131 2018/04/13 03:57:26 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.132 2018/06/06 18:22:41 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -32,12 +32,6 @@ | |||
| 32 | #define PRIVSEP_ON 1 | 32 | #define PRIVSEP_ON 1 |
| 33 | #define PRIVSEP_NOSANDBOX 2 | 33 | #define PRIVSEP_NOSANDBOX 2 |
| 34 | 34 | ||
| 35 | /* AllowTCPForwarding */ | ||
| 36 | #define FORWARD_DENY 0 | ||
| 37 | #define FORWARD_REMOTE (1) | ||
| 38 | #define FORWARD_LOCAL (1<<1) | ||
| 39 | #define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) | ||
| 40 | |||
| 41 | /* PermitOpen */ | 35 | /* PermitOpen */ |
| 42 | #define PERMITOPEN_ANY 0 | 36 | #define PERMITOPEN_ANY 0 |
| 43 | #define PERMITOPEN_NONE -2 | 37 | #define PERMITOPEN_NONE -2 |
| @@ -187,8 +181,10 @@ typedef struct { | |||
| 187 | 181 | ||
| 188 | int permit_tun; | 182 | int permit_tun; |
| 189 | 183 | ||
| 190 | char **permitted_opens; | 184 | char **permitted_opens; /* May also be one of PERMITOPEN_* */ |
| 191 | u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ | 185 | u_int num_permitted_opens; |
| 186 | char **permitted_remote_opens; /* May also be one of PERMITOPEN_* */ | ||
| 187 | u_int num_permitted_remote_opens; | ||
| 192 | 188 | ||
| 193 | char *chroot_directory; | 189 | char *chroot_directory; |
| 194 | char *revoked_keys_file; | 190 | char *revoked_keys_file; |
| @@ -252,6 +248,8 @@ struct connection_info { | |||
| 252 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | 248 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ |
| 253 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ | 249 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ |
| 254 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ | 250 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ |
| 251 | M_CP_STRARRAYOPT(permitted_remote_opens, \ | ||
| 252 | num_permitted_remote_opens); \ | ||
| 255 | } while (0) | 253 | } while (0) |
| 256 | 254 | ||
| 257 | struct connection_info *get_connection_info(int, int); | 255 | struct connection_info *get_connection_info(int, int); |