diff options
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/servconf.h b/servconf.h index 37a0fb1a3..557521d73 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -32,12 +32,6 @@ | |||
| 32 | #define PRIVSEP_ON 1 | 32 | #define PRIVSEP_ON 1 |
| 33 | #define PRIVSEP_NOSANDBOX 2 | 33 | #define PRIVSEP_NOSANDBOX 2 |
| 34 | 34 | ||
| 35 | /* AllowTCPForwarding */ | ||
| 36 | #define FORWARD_DENY 0 | ||
| 37 | #define FORWARD_REMOTE (1) | ||
| 38 | #define FORWARD_LOCAL (1<<1) | ||
| 39 | #define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) | ||
| 40 | |||
| 41 | /* PermitOpen */ | 35 | /* PermitOpen */ |
| 42 | #define PERMITOPEN_ANY 0 | 36 | #define PERMITOPEN_ANY 0 |
| 43 | #define PERMITOPEN_NONE -2 | 37 | #define PERMITOPEN_NONE -2 |
| @@ -139,6 +133,7 @@ typedef struct { | |||
| 139 | int permit_empty_passwd; /* If false, do not permit empty | 133 | int permit_empty_passwd; /* If false, do not permit empty |
| 140 | * passwords. */ | 134 | * passwords. */ |
| 141 | int permit_user_env; /* If true, read ~/.ssh/environment */ | 135 | int permit_user_env; /* If true, read ~/.ssh/environment */ |
| 136 | char *permit_user_env_whitelist; /* pattern-list whitelist */ | ||
| 142 | int compression; /* If true, compression is allowed */ | 137 | int compression; /* If true, compression is allowed */ |
| 143 | int allow_tcp_forwarding; /* One of FORWARD_* */ | 138 | int allow_tcp_forwarding; /* One of FORWARD_* */ |
| 144 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ | 139 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ |
| @@ -160,6 +155,8 @@ typedef struct { | |||
| 160 | 155 | ||
| 161 | u_int num_accept_env; | 156 | u_int num_accept_env; |
| 162 | char **accept_env; | 157 | char **accept_env; |
| 158 | u_int num_setenv; | ||
| 159 | char **setenv; | ||
| 163 | 160 | ||
| 164 | int max_startups_begin; | 161 | int max_startups_begin; |
| 165 | int max_startups_rate; | 162 | int max_startups_rate; |
| @@ -187,8 +184,10 @@ typedef struct { | |||
| 187 | 184 | ||
| 188 | int permit_tun; | 185 | int permit_tun; |
| 189 | 186 | ||
| 190 | char **permitted_opens; | 187 | char **permitted_opens; /* May also be one of PERMITOPEN_* */ |
| 191 | u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ | 188 | u_int num_permitted_opens; |
| 189 | char **permitted_listens; /* May also be one of PERMITOPEN_* */ | ||
| 190 | u_int num_permitted_listens; | ||
| 192 | 191 | ||
| 193 | char *chroot_directory; | 192 | char *chroot_directory; |
| 194 | char *revoked_keys_file; | 193 | char *revoked_keys_file; |
| @@ -209,6 +208,7 @@ typedef struct { | |||
| 209 | 208 | ||
| 210 | int fingerprint_hash; | 209 | int fingerprint_hash; |
| 211 | int expose_userauth_info; | 210 | int expose_userauth_info; |
| 211 | u_int64_t timing_secret; | ||
| 212 | } ServerOptions; | 212 | } ServerOptions; |
| 213 | 213 | ||
| 214 | /* Information about the incoming connection as used by Match */ | 214 | /* Information about the incoming connection as used by Match */ |
| @@ -243,6 +243,7 @@ struct connection_info { | |||
| 243 | M_CP_STROPT(hostbased_key_types); \ | 243 | M_CP_STROPT(hostbased_key_types); \ |
| 244 | M_CP_STROPT(pubkey_key_types); \ | 244 | M_CP_STROPT(pubkey_key_types); \ |
| 245 | M_CP_STROPT(routing_domain); \ | 245 | M_CP_STROPT(routing_domain); \ |
| 246 | M_CP_STROPT(permit_user_env_whitelist); \ | ||
| 246 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | 247 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |
| 247 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ | 248 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ |
| 248 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ | 249 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ |
| @@ -251,6 +252,7 @@ struct connection_info { | |||
| 251 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | 252 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ |
| 252 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ | 253 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ |
| 253 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ | 254 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ |
| 255 | M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ | ||
| 254 | } while (0) | 256 | } while (0) |
| 255 | 257 | ||
| 256 | struct connection_info *get_connection_info(int, int); | 258 | struct connection_info *get_connection_info(int, int); |
| @@ -259,8 +261,8 @@ void fill_default_server_options(ServerOptions *); | |||
| 259 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 261 | int process_server_config_line(ServerOptions *, char *, const char *, int, |
| 260 | int *, struct connection_info *); | 262 | int *, struct connection_info *); |
| 261 | void process_permitopen(struct ssh *ssh, ServerOptions *options); | 263 | void process_permitopen(struct ssh *ssh, ServerOptions *options); |
| 262 | void load_server_config(const char *, Buffer *); | 264 | void load_server_config(const char *, struct sshbuf *); |
| 263 | void parse_server_config(ServerOptions *, const char *, Buffer *, | 265 | void parse_server_config(ServerOptions *, const char *, struct sshbuf *, |
| 264 | struct connection_info *); | 266 | struct connection_info *); |
| 265 | void parse_server_match_config(ServerOptions *, struct connection_info *); | 267 | void parse_server_match_config(ServerOptions *, struct connection_info *); |
| 266 | int parse_server_match_testspec(struct connection_info *, char *); | 268 | int parse_server_match_testspec(struct connection_info *, char *); |