1 files changed, 13 insertions, 11 deletions

diff --git a/servconf.h b/servconf.h
index 37a0fb1a3..557521d73 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -32,12 +32,6 @@
 #define PRIVSEP_ON              1
 #define PRIVSEP_NOSANDBOX       2
 
-/* AllowTCPForwarding */
-#define FORWARD_DENY            0
-#define FORWARD_REMOTE          (1)
-#define FORWARD_LOCAL           (1<<1)
-#define FORWARD_ALLOW           (FORWARD_REMOTE|FORWARD_LOCAL)
-
 /* PermitOpen */
 #define PERMITOPEN_ANY          0
 #define PERMITOPEN_NONE         -2
@@ -139,6 +133,7 @@ typedef struct {
         int     permit_empty_passwd;    /* If false, do not permit empty
                                          * passwords. */
         int     permit_user_env;        /* If true, read ~/.ssh/environment */
+        char   *permit_user_env_whitelist; /* pattern-list whitelist */
         int     compression;    /* If true, compression is allowed */
         int     allow_tcp_forwarding; /* One of FORWARD_* */
         int     allow_streamlocal_forwarding; /* One of FORWARD_* */
@@ -160,6 +155,8 @@ typedef struct {
 
         u_int num_accept_env;
         char   **accept_env;
+        u_int num_setenv;
+        char   **setenv;
 
         int     max_startups_begin;
         int     max_startups_rate;
@@ -187,8 +184,10 @@ typedef struct {
 
         int     permit_tun;
 
-        char   **permitted_opens;
-        u_int   num_permitted_opens; /* May also be one of PERMITOPEN_* */
+        char   **permitted_opens;       /* May also be one of PERMITOPEN_* */
+        u_int   num_permitted_opens;
+        char   **permitted_listens; /* May also be one of PERMITOPEN_* */
+        u_int   num_permitted_listens;
 
         char   *chroot_directory;
         char   *revoked_keys_file;
@@ -209,6 +208,7 @@ typedef struct {
 
         int     fingerprint_hash;
         int     expose_userauth_info;
+        u_int64_t timing_secret;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
@@ -243,6 +243,7 @@ struct connection_info {
                 M_CP_STROPT(hostbased_key_types); \
                 M_CP_STROPT(pubkey_key_types); \
                 M_CP_STROPT(routing_domain); \
+                M_CP_STROPT(permit_user_env_whitelist); \
                 M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
                 M_CP_STRARRAYOPT(allow_users, num_allow_users); \
                 M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -251,6 +252,7 @@ struct connection_info {
                 M_CP_STRARRAYOPT(accept_env, num_accept_env); \
                 M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
                 M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
+                M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
         } while (0)
 
 struct connection_info *get_connection_info(int, int);
@@ -259,8 +261,8 @@ void	 fill_default_server_options(ServerOptions *);
 int      process_server_config_line(ServerOptions *, char *, const char *, int,
              int *, struct connection_info *);
 void     process_permitopen(struct ssh *ssh, ServerOptions *options);
-void     load_server_config(const char *, Buffer *);
-void     parse_server_config(ServerOptions *, const char *, Buffer *,
+void     load_server_config(const char *, struct sshbuf *);
+void     parse_server_config(ServerOptions *, const char *, struct sshbuf *,
              struct connection_info *);
 void     parse_server_match_config(ServerOptions *, struct connection_info *);
 int      parse_server_match_testspec(struct connection_info *, char *);