diff options
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/servconf.h b/servconf.h index 5483da051..4202a2d02 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.140 2019/04/18 18:56:16 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.143 2020/01/31 22:42:45 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -16,6 +16,8 @@ | |||
| 16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
| 17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
| 18 | 18 | ||
| 19 | #include <openbsd-compat/sys-queue.h> | ||
| 20 | |||
| 19 | #define MAX_PORTS 256 /* Max # ports. */ | 21 | #define MAX_PORTS 256 /* Max # ports. */ |
| 20 | 22 | ||
| 21 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ | 23 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ |
| @@ -42,6 +44,9 @@ | |||
| 42 | /* Magic name for internal sftp-server */ | 44 | /* Magic name for internal sftp-server */ |
| 43 | #define INTERNAL_SFTP_NAME "internal-sftp" | 45 | #define INTERNAL_SFTP_NAME "internal-sftp" |
| 44 | 46 | ||
| 47 | /* PubkeyAuthOptions flags */ | ||
| 48 | #define PUBKEYAUTH_TOUCH_REQUIRED 1 | ||
| 49 | |||
| 45 | struct ssh; | 50 | struct ssh; |
| 46 | struct fwd_perm_list; | 51 | struct fwd_perm_list; |
| 47 | 52 | ||
| @@ -114,6 +119,7 @@ typedef struct { | |||
| 114 | char *ca_sign_algorithms; /* Allowed CA signature algorithms */ | 119 | char *ca_sign_algorithms; /* Allowed CA signature algorithms */ |
| 115 | int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ | 120 | int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ |
| 116 | char *pubkey_key_types; /* Key types allowed for public key */ | 121 | char *pubkey_key_types; /* Key types allowed for public key */ |
| 122 | int pubkey_auth_options; /* -1 or mask of PUBKEYAUTH_* flags */ | ||
| 117 | int kerberos_authentication; /* If true, permit Kerberos | 123 | int kerberos_authentication; /* If true, permit Kerberos |
| 118 | * authentication. */ | 124 | * authentication. */ |
| 119 | int kerberos_or_local_passwd; /* If true, permit kerberos | 125 | int kerberos_or_local_passwd; /* If true, permit kerberos |
| @@ -211,6 +217,7 @@ typedef struct { | |||
| 211 | int fingerprint_hash; | 217 | int fingerprint_hash; |
| 212 | int expose_userauth_info; | 218 | int expose_userauth_info; |
| 213 | u_int64_t timing_secret; | 219 | u_int64_t timing_secret; |
| 220 | char *sk_provider; | ||
| 214 | } ServerOptions; | 221 | } ServerOptions; |
| 215 | 222 | ||
| 216 | /* Information about the incoming connection as used by Match */ | 223 | /* Information about the incoming connection as used by Match */ |
| @@ -225,6 +232,15 @@ struct connection_info { | |||
| 225 | * unspecified */ | 232 | * unspecified */ |
| 226 | }; | 233 | }; |
| 227 | 234 | ||
| 235 | /* List of included files for re-exec from the parsed configuration */ | ||
| 236 | struct include_item { | ||
| 237 | char *selector; | ||
| 238 | char *filename; | ||
| 239 | struct sshbuf *contents; | ||
| 240 | TAILQ_ENTRY(include_item) entry; | ||
| 241 | }; | ||
| 242 | TAILQ_HEAD(include_list, include_item); | ||
| 243 | |||
| 228 | 244 | ||
| 229 | /* | 245 | /* |
| 230 | * These are string config options that must be copied between the | 246 | * These are string config options that must be copied between the |
| @@ -264,12 +280,13 @@ struct connection_info *get_connection_info(struct ssh *, int, int); | |||
| 264 | void initialize_server_options(ServerOptions *); | 280 | void initialize_server_options(ServerOptions *); |
| 265 | void fill_default_server_options(ServerOptions *); | 281 | void fill_default_server_options(ServerOptions *); |
| 266 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 282 | int process_server_config_line(ServerOptions *, char *, const char *, int, |
| 267 | int *, struct connection_info *); | 283 | int *, struct connection_info *, struct include_list *includes); |
| 268 | void process_permitopen(struct ssh *ssh, ServerOptions *options); | 284 | void process_permitopen(struct ssh *ssh, ServerOptions *options); |
| 269 | void load_server_config(const char *, struct sshbuf *); | 285 | void load_server_config(const char *, struct sshbuf *); |
| 270 | void parse_server_config(ServerOptions *, const char *, struct sshbuf *, | 286 | void parse_server_config(ServerOptions *, const char *, struct sshbuf *, |
| 271 | struct connection_info *); | 287 | struct include_list *includes, struct connection_info *); |
| 272 | void parse_server_match_config(ServerOptions *, struct connection_info *); | 288 | void parse_server_match_config(ServerOptions *, |
| 289 | struct include_list *includes, struct connection_info *); | ||
| 273 | int parse_server_match_testspec(struct connection_info *, char *); | 290 | int parse_server_match_testspec(struct connection_info *, char *); |
| 274 | int server_match_spec_complete(struct connection_info *); | 291 | int server_match_spec_complete(struct connection_info *); |
| 275 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); | 292 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); |