summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c55
1 files changed, 47 insertions, 8 deletions
diff --git a/servconf.c b/servconf.c
index 331716c8f..b7f329447 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.250 2014/07/03 22:40:43 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.251 2014/07/15 15:54:14 millert Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -39,10 +39,10 @@
39#include "ssh.h" 39#include "ssh.h"
40#include "log.h" 40#include "log.h"
41#include "buffer.h" 41#include "buffer.h"
42#include "misc.h"
42#include "servconf.h" 43#include "servconf.h"
43#include "compat.h" 44#include "compat.h"
44#include "pathnames.h" 45#include "pathnames.h"
45#include "misc.h"
46#include "cipher.h" 46#include "cipher.h"
47#include "key.h" 47#include "key.h"
48#include "kex.h" 48#include "kex.h"
@@ -120,6 +120,7 @@ initialize_server_options(ServerOptions *options)
120 options->rekey_limit = -1; 120 options->rekey_limit = -1;
121 options->rekey_interval = -1; 121 options->rekey_interval = -1;
122 options->allow_tcp_forwarding = -1; 122 options->allow_tcp_forwarding = -1;
123 options->allow_streamlocal_forwarding = -1;
123 options->allow_agent_forwarding = -1; 124 options->allow_agent_forwarding = -1;
124 options->num_allow_users = 0; 125 options->num_allow_users = 0;
125 options->num_deny_users = 0; 126 options->num_deny_users = 0;
@@ -129,7 +130,9 @@ initialize_server_options(ServerOptions *options)
129 options->macs = NULL; 130 options->macs = NULL;
130 options->kex_algorithms = NULL; 131 options->kex_algorithms = NULL;
131 options->protocol = SSH_PROTO_UNKNOWN; 132 options->protocol = SSH_PROTO_UNKNOWN;
132 options->gateway_ports = -1; 133 options->fwd_opts.gateway_ports = -1;
134 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
135 options->fwd_opts.streamlocal_bind_unlink = -1;
133 options->num_subsystems = 0; 136 options->num_subsystems = 0;
134 options->max_startups_begin = -1; 137 options->max_startups_begin = -1;
135 options->max_startups_rate = -1; 138 options->max_startups_rate = -1;
@@ -269,10 +272,12 @@ fill_default_server_options(ServerOptions *options)
269 options->rekey_interval = 0; 272 options->rekey_interval = 0;
270 if (options->allow_tcp_forwarding == -1) 273 if (options->allow_tcp_forwarding == -1)
271 options->allow_tcp_forwarding = FORWARD_ALLOW; 274 options->allow_tcp_forwarding = FORWARD_ALLOW;
275 if (options->allow_streamlocal_forwarding == -1)
276 options->allow_streamlocal_forwarding = FORWARD_ALLOW;
272 if (options->allow_agent_forwarding == -1) 277 if (options->allow_agent_forwarding == -1)
273 options->allow_agent_forwarding = 1; 278 options->allow_agent_forwarding = 1;
274 if (options->gateway_ports == -1) 279 if (options->fwd_opts.gateway_ports == -1)
275 options->gateway_ports = 0; 280 options->fwd_opts.gateway_ports = 0;
276 if (options->max_startups == -1) 281 if (options->max_startups == -1)
277 options->max_startups = 100; 282 options->max_startups = 100;
278 if (options->max_startups_rate == -1) 283 if (options->max_startups_rate == -1)
@@ -303,6 +308,10 @@ fill_default_server_options(ServerOptions *options)
303 options->ip_qos_bulk = IPTOS_THROUGHPUT; 308 options->ip_qos_bulk = IPTOS_THROUGHPUT;
304 if (options->version_addendum == NULL) 309 if (options->version_addendum == NULL)
305 options->version_addendum = xstrdup(""); 310 options->version_addendum = xstrdup("");
311 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
312 options->fwd_opts.streamlocal_bind_mask = 0177;
313 if (options->fwd_opts.streamlocal_bind_unlink == -1)
314 options->fwd_opts.streamlocal_bind_unlink = 0;
306 /* Turn privilege separation on by default */ 315 /* Turn privilege separation on by default */
307 if (use_privsep == -1) 316 if (use_privsep == -1)
308 use_privsep = PRIVSEP_NOSANDBOX; 317 use_privsep = PRIVSEP_NOSANDBOX;
@@ -351,6 +360,8 @@ typedef enum {
351 sKexAlgorithms, sIPQoS, sVersionAddendum, 360 sKexAlgorithms, sIPQoS, sVersionAddendum,
352 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 361 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
353 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 362 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
363 sStreamLocalBindMask, sStreamLocalBindUnlink,
364 sAllowStreamLocalForwarding,
354 sDeprecated, sUnsupported 365 sDeprecated, sUnsupported
355} ServerOpCodes; 366} ServerOpCodes;
356 367
@@ -478,6 +489,9 @@ static struct {
478 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 489 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
479 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 490 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
480 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 491 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
492 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
493 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
494 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
481 { NULL, sBadOption, 0 } 495 { NULL, sBadOption, 0 }
482}; 496};
483 497
@@ -1195,7 +1209,7 @@ process_server_config_line(ServerOptions *options, char *line,
1195 break; 1209 break;
1196 1210
1197 case sGatewayPorts: 1211 case sGatewayPorts:
1198 intptr = &options->gateway_ports; 1212 intptr = &options->fwd_opts.gateway_ports;
1199 multistate_ptr = multistate_gatewayports; 1213 multistate_ptr = multistate_gatewayports;
1200 goto parse_multistate; 1214 goto parse_multistate;
1201 1215
@@ -1230,6 +1244,11 @@ process_server_config_line(ServerOptions *options, char *line,
1230 multistate_ptr = multistate_tcpfwd; 1244 multistate_ptr = multistate_tcpfwd;
1231 goto parse_multistate; 1245 goto parse_multistate;
1232 1246
1247 case sAllowStreamLocalForwarding:
1248 intptr = &options->allow_streamlocal_forwarding;
1249 multistate_ptr = multistate_tcpfwd;
1250 goto parse_multistate;
1251
1233 case sAllowAgentForwarding: 1252 case sAllowAgentForwarding:
1234 intptr = &options->allow_agent_forwarding; 1253 intptr = &options->allow_agent_forwarding;
1235 goto parse_flag; 1254 goto parse_flag;
@@ -1628,6 +1647,22 @@ process_server_config_line(ServerOptions *options, char *line,
1628 } 1647 }
1629 return 0; 1648 return 0;
1630 1649
1650 case sStreamLocalBindMask:
1651 arg = strdelim(&cp);
1652 if (!arg || *arg == '\0')
1653 fatal("%s line %d: missing StreamLocalBindMask argument.",
1654 filename, linenum);
1655 /* Parse mode in octal format */
1656 value = strtol(arg, &p, 8);
1657 if (arg == p || value < 0 || value > 0777)
1658 fatal("%s line %d: Bad mask.", filename, linenum);
1659 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
1660 break;
1661
1662 case sStreamLocalBindUnlink:
1663 intptr = &options->fwd_opts.streamlocal_bind_unlink;
1664 goto parse_flag;
1665
1631 case sDeprecated: 1666 case sDeprecated:
1632 logit("%s line %d: Deprecated option %s", 1667 logit("%s line %d: Deprecated option %s",
1633 filename, linenum, arg); 1668 filename, linenum, arg);
@@ -1767,9 +1802,10 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1767 M_CP_INTOPT(permit_empty_passwd); 1802 M_CP_INTOPT(permit_empty_passwd);
1768 1803
1769 M_CP_INTOPT(allow_tcp_forwarding); 1804 M_CP_INTOPT(allow_tcp_forwarding);
1805 M_CP_INTOPT(allow_streamlocal_forwarding);
1770 M_CP_INTOPT(allow_agent_forwarding); 1806 M_CP_INTOPT(allow_agent_forwarding);
1771 M_CP_INTOPT(permit_tun); 1807 M_CP_INTOPT(permit_tun);
1772 M_CP_INTOPT(gateway_ports); 1808 M_CP_INTOPT(fwd_opts.gateway_ports);
1773 M_CP_INTOPT(x11_display_offset); 1809 M_CP_INTOPT(x11_display_offset);
1774 M_CP_INTOPT(x11_forwarding); 1810 M_CP_INTOPT(x11_forwarding);
1775 M_CP_INTOPT(x11_use_localhost); 1811 M_CP_INTOPT(x11_use_localhost);
@@ -1867,6 +1903,8 @@ fmt_intarg(ServerOpCodes code, int val)
1867 return fmt_multistate_int(val, multistate_privsep); 1903 return fmt_multistate_int(val, multistate_privsep);
1868 case sAllowTcpForwarding: 1904 case sAllowTcpForwarding:
1869 return fmt_multistate_int(val, multistate_tcpfwd); 1905 return fmt_multistate_int(val, multistate_tcpfwd);
1906 case sAllowStreamLocalForwarding:
1907 return fmt_multistate_int(val, multistate_tcpfwd);
1870 case sProtocol: 1908 case sProtocol:
1871 switch (val) { 1909 switch (val) {
1872 case SSH_PROTO_1: 1910 case SSH_PROTO_1:
@@ -2023,9 +2061,10 @@ dump_config(ServerOptions *o)
2023 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2061 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2024 dump_cfg_fmtint(sUseLogin, o->use_login); 2062 dump_cfg_fmtint(sUseLogin, o->use_login);
2025 dump_cfg_fmtint(sCompression, o->compression); 2063 dump_cfg_fmtint(sCompression, o->compression);
2026 dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); 2064 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2027 dump_cfg_fmtint(sUseDNS, o->use_dns); 2065 dump_cfg_fmtint(sUseDNS, o->use_dns);
2028 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2066 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2067 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2029 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2068 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2030 2069
2031 /* string arguments */ 2070 /* string arguments */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 05:35:04 +0000