diff options
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/servconf.h b/servconf.h index be3be0be3..0be15f09a 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.99 2011/06/22 21:57:01 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -27,6 +27,7 @@ | |||
| 27 | #define MAX_HOSTCERTS 256 /* Max # host certificates. */ | 27 | #define MAX_HOSTCERTS 256 /* Max # host certificates. */ |
| 28 | #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ | 28 | #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ |
| 29 | #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ | 29 | #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ |
| 30 | #define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ | ||
| 30 | 31 | ||
| 31 | /* permit_root_login */ | 32 | /* permit_root_login */ |
| 32 | #define PERMIT_NOT_SET -1 | 33 | #define PERMIT_NOT_SET -1 |
| @@ -35,6 +36,11 @@ | |||
| 35 | #define PERMIT_NO_PASSWD 2 | 36 | #define PERMIT_NO_PASSWD 2 |
| 36 | #define PERMIT_YES 3 | 37 | #define PERMIT_YES 3 |
| 37 | 38 | ||
| 39 | /* use_privsep */ | ||
| 40 | #define PRIVSEP_OFF 0 | ||
| 41 | #define PRIVSEP_ON 1 | ||
| 42 | #define PRIVSEP_SANDBOX 2 | ||
| 43 | |||
| 38 | #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ | 44 | #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ |
| 39 | #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ | 45 | #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ |
| 40 | 46 | ||
| @@ -149,8 +155,8 @@ typedef struct { | |||
| 149 | * disconnect the session | 155 | * disconnect the session |
| 150 | */ | 156 | */ |
| 151 | 157 | ||
| 152 | char *authorized_keys_file; /* File containing public keys */ | 158 | u_int num_authkeys_files; /* Files containing public keys */ |
| 153 | char *authorized_keys_file2; | 159 | char *authorized_keys_files[MAX_AUTHKEYS_FILES]; |
| 154 | 160 | ||
| 155 | char *adm_forced_command; | 161 | char *adm_forced_command; |
| 156 | 162 | ||
| @@ -168,6 +174,20 @@ typedef struct { | |||
| 168 | char *authorized_principals_file; | 174 | char *authorized_principals_file; |
| 169 | } ServerOptions; | 175 | } ServerOptions; |
| 170 | 176 | ||
| 177 | /* | ||
| 178 | * These are string config options that must be copied between the | ||
| 179 | * Match sub-config and the main config, and must be sent from the | ||
| 180 | * privsep slave to the privsep master. We use a macro to ensure all | ||
| 181 | * the options are copied and the copies are done in the correct order. | ||
| 182 | */ | ||
| 183 | #define COPY_MATCH_STRING_OPTS() do { \ | ||
| 184 | M_CP_STROPT(banner); \ | ||
| 185 | M_CP_STROPT(trusted_user_ca_keys); \ | ||
| 186 | M_CP_STROPT(revoked_keys_file); \ | ||
| 187 | M_CP_STROPT(authorized_principals_file); \ | ||
| 188 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | ||
| 189 | } while (0) | ||
| 190 | |||
| 171 | void initialize_server_options(ServerOptions *); | 191 | void initialize_server_options(ServerOptions *); |
| 172 | void fill_default_server_options(ServerOptions *); | 192 | void fill_default_server_options(ServerOptions *); |
| 173 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 193 | int process_server_config_line(ServerOptions *, char *, const char *, int, |