1 files changed, 24 insertions, 28 deletions
diff --git a/servconf.h b/servconf.h
index 1dca702e6..1ff3bc5a1 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.127 2017/10/05 15:52:03 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
 #define MAX_PORTS               256     /* Max # ports. */
-#define MAX_ALLOW_USERS         256     /* Max # users on allow list. */
-#define MAX_DENY_USERS          256     /* Max # users on deny list. */
-#define MAX_ALLOW_GROUPS        256     /* Max # groups on allow list. */
-#define MAX_DENY_GROUPS         256     /* Max # groups on deny list. */
 #define MAX_SUBSYSTEMS          256     /* Max # subsystems. */
-#define MAX_HOSTKEYS            256     /* Max # hostkeys. */
-#define MAX_HOSTCERTS           256     /* Max # host certificates. */
-#define MAX_ACCEPT_ENV          256     /* Max # of env vars. */
-#define MAX_MATCH_GROUPS        256     /* Max # of groups for Match. */
-#define MAX_AUTHKEYS_FILES      256     /* Max # of authorized_keys files. */
-#define MAX_AUTH_METHODS        256     /* Max # of AuthenticationMethods. */
 /* permit_root_login */
 #define PERMIT_NOT_SET          -1
@@ -68,14 +58,16 @@ typedef struct {
        u_int   num_queued_listens;
        char   **queued_listen_addrs;
        int    *queued_listen_ports;
-        struct addrinfo *listen_addrs;  /* Addresses on which the server listens. */
+        struct addrinfo *listen_addrs;  /* Addresses for server to listen. */
-        int     address_family;         /* Address family used by the server. */
+        int     address_family;         /* Address family used by the server. */
-        char   *host_key_files[MAX_HOSTKEYS];   /* Files containing host keys. */
-        int     num_host_key_files;     /* Number of files for host keys. */
+        char   **host_key_files;        /* Files containing host keys. */
-        char   *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */
+        u_int   num_host_key_files;     /* Number of files for host keys. */
-        int     num_host_cert_files;     /* Number of files for host certs. */
+        char   **host_cert_files;       /* Files containing host certs. */
-        char   *host_key_agent;          /* ssh-agent socket for host keys. */
+        u_int   num_host_cert_files;    /* Number of files for host certs. */
-        char   *pid_file;       /* Where to put our pid */
+        char   *host_key_agent;         /* ssh-agent socket for host keys. */
+        char   *pid_file;               /* Where to put our pid */
        int     login_grace_time;       /* Disconnect if no auth in this time
                                         * (sec). */
        int     permit_root_login;      /* PERMIT_*, see above */
@@ -134,13 +126,13 @@ typedef struct {
        int     allow_agent_forwarding;
        int     disable_forwarding;
        u_int num_allow_users;
-        char   *allow_users[MAX_ALLOW_USERS];
+        char   **allow_users;
        u_int num_deny_users;
-        char   *deny_users[MAX_DENY_USERS];
+        char   **deny_users;
        u_int num_allow_groups;
-        char   *allow_groups[MAX_ALLOW_GROUPS];
+        char   **allow_groups;
        u_int num_deny_groups;
-        char   *deny_groups[MAX_DENY_GROUPS];
+        char   **deny_groups;
        u_int num_subsystems;
        char   *subsystem_name[MAX_SUBSYSTEMS];
@@ -148,7 +140,7 @@ typedef struct {
        char   *subsystem_args[MAX_SUBSYSTEMS];
        u_int num_accept_env;
-        char   *accept_env[MAX_ACCEPT_ENV];
+        char   **accept_env;
        int     max_startups_begin;
        int     max_startups_rate;
@@ -167,8 +159,8 @@ typedef struct {
                                         * disconnect the session
                                         */
-        u_int num_authkeys_files;       /* Files containing public keys */
+        u_int   num_authkeys_files;     /* Files containing public keys */
-        char   *authorized_keys_files[MAX_AUTHKEYS_FILES];
+        char   **authorized_keys_files;
        char   *adm_forced_command;
@@ -194,7 +186,7 @@ typedef struct {
        char   *version_addendum;       /* Appended to SSH banner */
        u_int   num_auth_methods;
-        char   *auth_methods[MAX_AUTH_METHODS];
+        char   **auth_methods;
        int     fingerprint_hash;
        int     expose_userauth_info;
@@ -237,7 +229,7 @@ struct connection_info {
                M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
                M_CP_STRARRAYOPT(accept_env, num_accept_env); \
                M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
-                M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \
+                M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
        } while (0)
 struct connection_info *get_connection_info(int, int);
@@ -255,5 +247,9 @@ int	 server_match_spec_complete(struct connection_info *);
 void     copy_set_server_options(ServerOptions *, ServerOptions *, int);
 void     dump_config(ServerOptions *);
 char    *derelativise_path(const char *);
+void     servconf_add_hostkey(const char *, const int,
+            ServerOptions *, const char *path);
+void     servconf_add_hostcert(const char *, const int,
+            ServerOptions *, const char *path);
 #endif                          /* SERVCONF_H */

diff --git a/servconf.h b/servconf.h index 1dca702e6..1ff3bc5a1 100644 --- a/servconf.h +++ b/servconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */	1	/* $OpenBSD: servconf.h,v 1.127 2017/10/05 15:52:03 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,17 +18,7 @@
18		18
19	#define MAX_PORTS 256 /* Max # ports. */	19	#define MAX_PORTS 256 /* Max # ports. */
20		20
21	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
22	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
23	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
24	#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */
25	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */	21	#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */
26	#define MAX_HOSTKEYS 256 /* Max # hostkeys. */
27	#define MAX_HOSTCERTS 256 /* Max # host certificates. */
28	#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */
29	#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */
30	#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */
31	#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */
32		22
33	/* permit_root_login */	23	/* permit_root_login */
34	#define PERMIT_NOT_SET -1	24	#define PERMIT_NOT_SET -1
@@ -68,14 +58,16 @@ typedef struct {
68	u_int num_queued_listens;	58	u_int num_queued_listens;
69	char **queued_listen_addrs;	59	char **queued_listen_addrs;
70	int *queued_listen_ports;	60	int *queued_listen_ports;
71	struct addrinfo listen_addrs; / Addresses on which the server listens. */	61	struct addrinfo listen_addrs; / Addresses for server to listen. */
72	int address_family; /* Address family used by the server. */	62	int address_family; /* Address family used by the server. */
73	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */	63
74	int num_host_key_files; /* Number of files for host keys. */	64	char *host_key_files; / Files containing host keys. */
75	char host_cert_files[MAX_HOSTCERTS]; / Files containing host certs. */	65	u_int num_host_key_files; /* Number of files for host keys. */
76	int num_host_cert_files; /* Number of files for host certs. */	66	char *host_cert_files; / Files containing host certs. */
77	char host_key_agent; / ssh-agent socket for host keys. */	67	u_int num_host_cert_files; /* Number of files for host certs. */
78	char pid_file; / Where to put our pid */	68
		69	char host_key_agent; / ssh-agent socket for host keys. */
		70	char pid_file; / Where to put our pid */
79	int login_grace_time; /* Disconnect if no auth in this time	71	int login_grace_time; /* Disconnect if no auth in this time
80	* (sec). */	72	* (sec). */
81	int permit_root_login; /* PERMIT_, see above /	73	int permit_root_login; /* PERMIT_, see above /
@@ -134,13 +126,13 @@ typedef struct {
134	int allow_agent_forwarding;	126	int allow_agent_forwarding;
135	int disable_forwarding;	127	int disable_forwarding;
136	u_int num_allow_users;	128	u_int num_allow_users;
137	char *allow_users[MAX_ALLOW_USERS];	129	char **allow_users;
138	u_int num_deny_users;	130	u_int num_deny_users;
139	char *deny_users[MAX_DENY_USERS];	131	char **deny_users;
140	u_int num_allow_groups;	132	u_int num_allow_groups;
141	char *allow_groups[MAX_ALLOW_GROUPS];	133	char **allow_groups;
142	u_int num_deny_groups;	134	u_int num_deny_groups;
143	char *deny_groups[MAX_DENY_GROUPS];	135	char **deny_groups;
144		136
145	u_int num_subsystems;	137	u_int num_subsystems;
146	char *subsystem_name[MAX_SUBSYSTEMS];	138	char *subsystem_name[MAX_SUBSYSTEMS];
@@ -148,7 +140,7 @@ typedef struct {
148	char *subsystem_args[MAX_SUBSYSTEMS];	140	char *subsystem_args[MAX_SUBSYSTEMS];
149		141
150	u_int num_accept_env;	142	u_int num_accept_env;
151	char *accept_env[MAX_ACCEPT_ENV];	143	char **accept_env;
152		144
153	int max_startups_begin;	145	int max_startups_begin;
154	int max_startups_rate;	146	int max_startups_rate;
@@ -167,8 +159,8 @@ typedef struct {
167	* disconnect the session	159	* disconnect the session
168	*/	160	*/
169		161
170	u_int num_authkeys_files; /* Files containing public keys */	162	u_int num_authkeys_files; /* Files containing public keys */
171	char *authorized_keys_files[MAX_AUTHKEYS_FILES];	163	char **authorized_keys_files;
172		164
173	char *adm_forced_command;	165	char *adm_forced_command;
174		166
@@ -194,7 +186,7 @@ typedef struct {
194	char version_addendum; / Appended to SSH banner */	186	char version_addendum; / Appended to SSH banner */
195		187
196	u_int num_auth_methods;	188	u_int num_auth_methods;
197	char *auth_methods[MAX_AUTH_METHODS];	189	char **auth_methods;
198		190
199	int fingerprint_hash;	191	int fingerprint_hash;
200	int expose_userauth_info;	192	int expose_userauth_info;
@@ -237,7 +229,7 @@ struct connection_info {
237	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \	229	M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
238	M_CP_STRARRAYOPT(accept_env, num_accept_env); \	230	M_CP_STRARRAYOPT(accept_env, num_accept_env); \
239	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \	231	M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
240	M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \	232	M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
241	} while (0)	233	} while (0)
242		234
243	struct connection_info *get_connection_info(int, int);	235	struct connection_info *get_connection_info(int, int);
@@ -255,5 +247,9 @@ int server_match_spec_complete(struct connection_info *);
255	void copy_set_server_options(ServerOptions , ServerOptions , int);	247	void copy_set_server_options(ServerOptions , ServerOptions , int);
256	void dump_config(ServerOptions *);	248	void dump_config(ServerOptions *);
257	char derelativise_path(const char );	249	char derelativise_path(const char );
		250	void servconf_add_hostkey(const char *, const int,
		251	ServerOptions , const char path);
		252	void servconf_add_hostcert(const char *, const int,
		253	ServerOptions , const char path);
258		254
259	#endif /* SERVCONF_H */	255	#endif /* SERVCONF_H */