diff options
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/servconf.h b/servconf.h index b0fa70455..76098119b 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -32,12 +32,6 @@ | |||
| 32 | #define PRIVSEP_ON 1 | 32 | #define PRIVSEP_ON 1 |
| 33 | #define PRIVSEP_NOSANDBOX 2 | 33 | #define PRIVSEP_NOSANDBOX 2 |
| 34 | 34 | ||
| 35 | /* AllowTCPForwarding */ | ||
| 36 | #define FORWARD_DENY 0 | ||
| 37 | #define FORWARD_REMOTE (1) | ||
| 38 | #define FORWARD_LOCAL (1<<1) | ||
| 39 | #define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) | ||
| 40 | |||
| 41 | /* PermitOpen */ | 35 | /* PermitOpen */ |
| 42 | #define PERMITOPEN_ANY 0 | 36 | #define PERMITOPEN_ANY 0 |
| 43 | #define PERMITOPEN_NONE -2 | 37 | #define PERMITOPEN_NONE -2 |
| @@ -141,6 +135,7 @@ typedef struct { | |||
| 141 | int permit_empty_passwd; /* If false, do not permit empty | 135 | int permit_empty_passwd; /* If false, do not permit empty |
| 142 | * passwords. */ | 136 | * passwords. */ |
| 143 | int permit_user_env; /* If true, read ~/.ssh/environment */ | 137 | int permit_user_env; /* If true, read ~/.ssh/environment */ |
| 138 | char *permit_user_env_whitelist; /* pattern-list whitelist */ | ||
| 144 | int compression; /* If true, compression is allowed */ | 139 | int compression; /* If true, compression is allowed */ |
| 145 | int allow_tcp_forwarding; /* One of FORWARD_* */ | 140 | int allow_tcp_forwarding; /* One of FORWARD_* */ |
| 146 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ | 141 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ |
| @@ -162,6 +157,8 @@ typedef struct { | |||
| 162 | 157 | ||
| 163 | u_int num_accept_env; | 158 | u_int num_accept_env; |
| 164 | char **accept_env; | 159 | char **accept_env; |
| 160 | u_int num_setenv; | ||
| 161 | char **setenv; | ||
| 165 | 162 | ||
| 166 | int max_startups_begin; | 163 | int max_startups_begin; |
| 167 | int max_startups_rate; | 164 | int max_startups_rate; |
| @@ -189,8 +186,10 @@ typedef struct { | |||
| 189 | 186 | ||
| 190 | int permit_tun; | 187 | int permit_tun; |
| 191 | 188 | ||
| 192 | char **permitted_opens; | 189 | char **permitted_opens; /* May also be one of PERMITOPEN_* */ |
| 193 | u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ | 190 | u_int num_permitted_opens; |
| 191 | char **permitted_listens; /* May also be one of PERMITOPEN_* */ | ||
| 192 | u_int num_permitted_listens; | ||
| 194 | 193 | ||
| 195 | char *chroot_directory; | 194 | char *chroot_directory; |
| 196 | char *revoked_keys_file; | 195 | char *revoked_keys_file; |
| @@ -211,6 +210,7 @@ typedef struct { | |||
| 211 | 210 | ||
| 212 | int fingerprint_hash; | 211 | int fingerprint_hash; |
| 213 | int expose_userauth_info; | 212 | int expose_userauth_info; |
| 213 | u_int64_t timing_secret; | ||
| 214 | 214 | ||
| 215 | int debian_banner; | 215 | int debian_banner; |
| 216 | } ServerOptions; | 216 | } ServerOptions; |
| @@ -247,6 +247,7 @@ struct connection_info { | |||
| 247 | M_CP_STROPT(hostbased_key_types); \ | 247 | M_CP_STROPT(hostbased_key_types); \ |
| 248 | M_CP_STROPT(pubkey_key_types); \ | 248 | M_CP_STROPT(pubkey_key_types); \ |
| 249 | M_CP_STROPT(routing_domain); \ | 249 | M_CP_STROPT(routing_domain); \ |
| 250 | M_CP_STROPT(permit_user_env_whitelist); \ | ||
| 250 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | 251 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |
| 251 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ | 252 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ |
| 252 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ | 253 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ |
| @@ -255,6 +256,7 @@ struct connection_info { | |||
| 255 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | 256 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ |
| 256 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ | 257 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ |
| 257 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ | 258 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ |
| 259 | M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ | ||
| 258 | } while (0) | 260 | } while (0) |
| 259 | 261 | ||
| 260 | struct connection_info *get_connection_info(int, int); | 262 | struct connection_info *get_connection_info(int, int); |
| @@ -263,8 +265,8 @@ void fill_default_server_options(ServerOptions *); | |||
| 263 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 265 | int process_server_config_line(ServerOptions *, char *, const char *, int, |
| 264 | int *, struct connection_info *); | 266 | int *, struct connection_info *); |
| 265 | void process_permitopen(struct ssh *ssh, ServerOptions *options); | 267 | void process_permitopen(struct ssh *ssh, ServerOptions *options); |
| 266 | void load_server_config(const char *, Buffer *); | 268 | void load_server_config(const char *, struct sshbuf *); |
| 267 | void parse_server_config(ServerOptions *, const char *, Buffer *, | 269 | void parse_server_config(ServerOptions *, const char *, struct sshbuf *, |
| 268 | struct connection_info *); | 270 | struct connection_info *); |
| 269 | void parse_server_match_config(ServerOptions *, struct connection_info *); | 271 | void parse_server_match_config(ServerOptions *, struct connection_info *); |
| 270 | int parse_server_match_testspec(struct connection_info *, char *); | 272 | int parse_server_match_testspec(struct connection_info *, char *); |