diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:34:17 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-07-12 22:34:17 +1000 |
| commit | 4515047e47f26377a46f480ed5929e8ccfa18720 (patch) | |
| tree | a7485f1794bcab3a46c5f3efcf2a3ba630021be9 /sshd.c | |
| parent | ba724050263c0bca0a7dffa26462d046c4df7e01 (diff) | |
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 17 |
1 files changed, 8 insertions, 9 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.336 2006/07/11 20:07:25 stevesk Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.337 2006/07/12 11:34:58 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -219,12 +219,15 @@ int *startup_pipes = NULL; | |||
| 219 | int startup_pipe; /* in child */ | 219 | int startup_pipe; /* in child */ |
| 220 | 220 | ||
| 221 | /* variables used for privilege separation */ | 221 | /* variables used for privilege separation */ |
| 222 | int use_privsep; | 222 | int use_privsep = -1; |
| 223 | struct monitor *pmonitor = NULL; | 223 | struct monitor *pmonitor = NULL; |
| 224 | 224 | ||
| 225 | /* global authentication context */ | 225 | /* global authentication context */ |
| 226 | Authctxt *the_authctxt = NULL; | 226 | Authctxt *the_authctxt = NULL; |
| 227 | 227 | ||
| 228 | /* sshd_config buffer */ | ||
| 229 | Buffer cfg; | ||
| 230 | |||
| 228 | /* message to be displayed after login */ | 231 | /* message to be displayed after login */ |
| 229 | Buffer loginmsg; | 232 | Buffer loginmsg; |
| 230 | 233 | ||
| @@ -916,7 +919,6 @@ main(int ac, char **av) | |||
| 916 | Key *key; | 919 | Key *key; |
| 917 | Authctxt *authctxt; | 920 | Authctxt *authctxt; |
| 918 | int ret, key_used = 0; | 921 | int ret, key_used = 0; |
| 919 | Buffer cfg; | ||
| 920 | 922 | ||
| 921 | #ifdef HAVE_SECUREWARE | 923 | #ifdef HAVE_SECUREWARE |
| 922 | (void)set_auth_parameters(ac, av); | 924 | (void)set_auth_parameters(ac, av); |
| @@ -1036,7 +1038,7 @@ main(int ac, char **av) | |||
| 1036 | case 'o': | 1038 | case 'o': |
| 1037 | line = xstrdup(optarg); | 1039 | line = xstrdup(optarg); |
| 1038 | if (process_server_config_line(&options, line, | 1040 | if (process_server_config_line(&options, line, |
| 1039 | "command-line", 0) != 0) | 1041 | "command-line", 0, NULL, NULL, NULL, NULL) != 0) |
| 1040 | exit(1); | 1042 | exit(1); |
| 1041 | xfree(line); | 1043 | xfree(line); |
| 1042 | break; | 1044 | break; |
| @@ -1094,11 +1096,8 @@ main(int ac, char **av) | |||
| 1094 | else | 1096 | else |
| 1095 | load_server_config(config_file_name, &cfg); | 1097 | load_server_config(config_file_name, &cfg); |
| 1096 | 1098 | ||
| 1097 | parse_server_config(&options, | 1099 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, |
| 1098 | rexeced_flag ? "rexec" : config_file_name, &cfg); | 1100 | &cfg, NULL, NULL, NULL); |
| 1099 | |||
| 1100 | if (!rexec_flag) | ||
| 1101 | buffer_free(&cfg); | ||
| 1102 | 1101 | ||
| 1103 | seed_rng(); | 1102 | seed_rng(); |
| 1104 | 1103 | ||