diff options
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/servconf.h b/servconf.h index b0fa70455..76098119b 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -32,12 +32,6 @@ | |||
32 | #define PRIVSEP_ON 1 | 32 | #define PRIVSEP_ON 1 |
33 | #define PRIVSEP_NOSANDBOX 2 | 33 | #define PRIVSEP_NOSANDBOX 2 |
34 | 34 | ||
35 | /* AllowTCPForwarding */ | ||
36 | #define FORWARD_DENY 0 | ||
37 | #define FORWARD_REMOTE (1) | ||
38 | #define FORWARD_LOCAL (1<<1) | ||
39 | #define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) | ||
40 | |||
41 | /* PermitOpen */ | 35 | /* PermitOpen */ |
42 | #define PERMITOPEN_ANY 0 | 36 | #define PERMITOPEN_ANY 0 |
43 | #define PERMITOPEN_NONE -2 | 37 | #define PERMITOPEN_NONE -2 |
@@ -141,6 +135,7 @@ typedef struct { | |||
141 | int permit_empty_passwd; /* If false, do not permit empty | 135 | int permit_empty_passwd; /* If false, do not permit empty |
142 | * passwords. */ | 136 | * passwords. */ |
143 | int permit_user_env; /* If true, read ~/.ssh/environment */ | 137 | int permit_user_env; /* If true, read ~/.ssh/environment */ |
138 | char *permit_user_env_whitelist; /* pattern-list whitelist */ | ||
144 | int compression; /* If true, compression is allowed */ | 139 | int compression; /* If true, compression is allowed */ |
145 | int allow_tcp_forwarding; /* One of FORWARD_* */ | 140 | int allow_tcp_forwarding; /* One of FORWARD_* */ |
146 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ | 141 | int allow_streamlocal_forwarding; /* One of FORWARD_* */ |
@@ -162,6 +157,8 @@ typedef struct { | |||
162 | 157 | ||
163 | u_int num_accept_env; | 158 | u_int num_accept_env; |
164 | char **accept_env; | 159 | char **accept_env; |
160 | u_int num_setenv; | ||
161 | char **setenv; | ||
165 | 162 | ||
166 | int max_startups_begin; | 163 | int max_startups_begin; |
167 | int max_startups_rate; | 164 | int max_startups_rate; |
@@ -189,8 +186,10 @@ typedef struct { | |||
189 | 186 | ||
190 | int permit_tun; | 187 | int permit_tun; |
191 | 188 | ||
192 | char **permitted_opens; | 189 | char **permitted_opens; /* May also be one of PERMITOPEN_* */ |
193 | u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ | 190 | u_int num_permitted_opens; |
191 | char **permitted_listens; /* May also be one of PERMITOPEN_* */ | ||
192 | u_int num_permitted_listens; | ||
194 | 193 | ||
195 | char *chroot_directory; | 194 | char *chroot_directory; |
196 | char *revoked_keys_file; | 195 | char *revoked_keys_file; |
@@ -211,6 +210,7 @@ typedef struct { | |||
211 | 210 | ||
212 | int fingerprint_hash; | 211 | int fingerprint_hash; |
213 | int expose_userauth_info; | 212 | int expose_userauth_info; |
213 | u_int64_t timing_secret; | ||
214 | 214 | ||
215 | int debian_banner; | 215 | int debian_banner; |
216 | } ServerOptions; | 216 | } ServerOptions; |
@@ -247,6 +247,7 @@ struct connection_info { | |||
247 | M_CP_STROPT(hostbased_key_types); \ | 247 | M_CP_STROPT(hostbased_key_types); \ |
248 | M_CP_STROPT(pubkey_key_types); \ | 248 | M_CP_STROPT(pubkey_key_types); \ |
249 | M_CP_STROPT(routing_domain); \ | 249 | M_CP_STROPT(routing_domain); \ |
250 | M_CP_STROPT(permit_user_env_whitelist); \ | ||
250 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | 251 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |
251 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ | 252 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ |
252 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ | 253 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ |
@@ -255,6 +256,7 @@ struct connection_info { | |||
255 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | 256 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ |
256 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ | 257 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ |
257 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ | 258 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ |
259 | M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ | ||
258 | } while (0) | 260 | } while (0) |
259 | 261 | ||
260 | struct connection_info *get_connection_info(int, int); | 262 | struct connection_info *get_connection_info(int, int); |
@@ -263,8 +265,8 @@ void fill_default_server_options(ServerOptions *); | |||
263 | int process_server_config_line(ServerOptions *, char *, const char *, int, | 265 | int process_server_config_line(ServerOptions *, char *, const char *, int, |
264 | int *, struct connection_info *); | 266 | int *, struct connection_info *); |
265 | void process_permitopen(struct ssh *ssh, ServerOptions *options); | 267 | void process_permitopen(struct ssh *ssh, ServerOptions *options); |
266 | void load_server_config(const char *, Buffer *); | 268 | void load_server_config(const char *, struct sshbuf *); |
267 | void parse_server_config(ServerOptions *, const char *, Buffer *, | 269 | void parse_server_config(ServerOptions *, const char *, struct sshbuf *, |
268 | struct connection_info *); | 270 | struct connection_info *); |
269 | void parse_server_match_config(ServerOptions *, struct connection_info *); | 271 | void parse_server_match_config(ServerOptions *, struct connection_info *); |
270 | int parse_server_match_testspec(struct connection_info *, char *); | 272 | int parse_server_match_testspec(struct connection_info *, char *); |