diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | channels.c | 17 | ||||
-rw-r--r-- | channels.h | 3 | ||||
-rw-r--r-- | servconf.c | 10 |
4 files changed, 30 insertions, 4 deletions
@@ -13,6 +13,10 @@ | |||
13 | [PROTOCOL.certkeys] | 13 | [PROTOCOL.certkeys] |
14 | explain certificate extensions/crit split rationale. Mention requirement | 14 | explain certificate extensions/crit split rationale. Mention requirement |
15 | that each appear at most once per cert. | 15 | that each appear at most once per cert. |
16 | - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 | ||
17 | [channels.c channels.h servconf.c] | ||
18 | Add PermitOpen none option based on patch from Loganaden Velvindron | ||
19 | (bz #1949). ok djm@ | ||
16 | 20 | ||
17 | 20120420 | 21 | 20120420 |
18 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 22 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
diff --git a/channels.c b/channels.c index f6e9b4d8c..e5783b197 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.316 2012/03/29 23:54:36 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -3127,6 +3127,17 @@ channel_add_adm_permitted_opens(char *host, int port) | |||
3127 | } | 3127 | } |
3128 | 3128 | ||
3129 | void | 3129 | void |
3130 | channel_disable_adm_local_opens(void) | ||
3131 | { | ||
3132 | if (num_adm_permitted_opens == 0) { | ||
3133 | permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); | ||
3134 | permitted_adm_opens[num_adm_permitted_opens].host_to_connect | ||
3135 | = NULL; | ||
3136 | num_adm_permitted_opens = 1; | ||
3137 | } | ||
3138 | } | ||
3139 | |||
3140 | void | ||
3130 | channel_clear_permitted_opens(void) | 3141 | channel_clear_permitted_opens(void) |
3131 | { | 3142 | { |
3132 | int i; | 3143 | int i; |
@@ -3167,7 +3178,9 @@ channel_print_adm_permitted_opens(void) | |||
3167 | return; | 3178 | return; |
3168 | } | 3179 | } |
3169 | for (i = 0; i < num_adm_permitted_opens; i++) | 3180 | for (i = 0; i < num_adm_permitted_opens; i++) |
3170 | if (permitted_adm_opens[i].host_to_connect != NULL) | 3181 | if (permitted_adm_opens[i].host_to_connect == NULL) |
3182 | printf(" none"); | ||
3183 | else | ||
3171 | printf(" %s:%d", permitted_adm_opens[i].host_to_connect, | 3184 | printf(" %s:%d", permitted_adm_opens[i].host_to_connect, |
3172 | permitted_adm_opens[i].port_to_connect); | 3185 | permitted_adm_opens[i].port_to_connect); |
3173 | printf("\n"); | 3186 | printf("\n"); |
diff --git a/channels.h b/channels.h index c1f01c48b..6ed1ce00c 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.109 2011/09/23 07:45:05 markus Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.110 2012/03/29 23:54:36 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -253,6 +253,7 @@ void channel_set_af(int af); | |||
253 | void channel_permit_all_opens(void); | 253 | void channel_permit_all_opens(void); |
254 | void channel_add_permitted_opens(char *, int); | 254 | void channel_add_permitted_opens(char *, int); |
255 | int channel_add_adm_permitted_opens(char *, int); | 255 | int channel_add_adm_permitted_opens(char *, int); |
256 | void channel_disable_adm_local_opens(void); | ||
256 | void channel_update_permitted_opens(int, int); | 257 | void channel_update_permitted_opens(int, int); |
257 | void channel_clear_permitted_opens(void); | 258 | void channel_clear_permitted_opens(void); |
258 | void channel_clear_adm_permitted_opens(void); | 259 | void channel_clear_adm_permitted_opens(void); |
diff --git a/servconf.c b/servconf.c index 8ec5ca0e6..6de77164e 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.223 2011/09/23 00:22:04 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.224 2012/03/29 23:54:36 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1333,6 +1333,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1333 | } | 1333 | } |
1334 | break; | 1334 | break; |
1335 | } | 1335 | } |
1336 | if (strcmp(arg, "none") == 0) { | ||
1337 | if (*activep && n == -1) { | ||
1338 | channel_clear_adm_permitted_opens(); | ||
1339 | options->num_permitted_opens = 1; | ||
1340 | channel_disable_adm_local_opens(); | ||
1341 | } | ||
1342 | break; | ||
1343 | } | ||
1336 | if (*activep && n == -1) | 1344 | if (*activep && n == -1) |
1337 | channel_clear_adm_permitted_opens(); | 1345 | channel_clear_adm_permitted_opens(); |
1338 | for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { | 1346 | for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { |