diff options
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 77 |
1 files changed, 47 insertions, 30 deletions
diff --git a/servconf.h b/servconf.h index 410c42754..b0fa70455 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -18,17 +18,7 @@ | |||
18 | 18 | ||
19 | #define MAX_PORTS 256 /* Max # ports. */ | 19 | #define MAX_PORTS 256 /* Max # ports. */ |
20 | 20 | ||
21 | #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ | ||
22 | #define MAX_DENY_USERS 256 /* Max # users on deny list. */ | ||
23 | #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ | ||
24 | #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ | ||
25 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ | 21 | #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ |
26 | #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ | ||
27 | #define MAX_HOSTCERTS 256 /* Max # host certificates. */ | ||
28 | #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ | ||
29 | #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ | ||
30 | #define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ | ||
31 | #define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */ | ||
32 | 22 | ||
33 | /* permit_root_login */ | 23 | /* permit_root_login */ |
34 | #define PERMIT_NOT_SET -1 | 24 | #define PERMIT_NOT_SET -1 |
@@ -61,21 +51,42 @@ | |||
61 | struct ssh; | 51 | struct ssh; |
62 | struct fwd_perm_list; | 52 | struct fwd_perm_list; |
63 | 53 | ||
54 | /* | ||
55 | * Used to store addresses from ListenAddr directives. These may be | ||
56 | * incomplete, as they may specify addresses that need to be merged | ||
57 | * with any ports requested by ListenPort. | ||
58 | */ | ||
59 | struct queued_listenaddr { | ||
60 | char *addr; | ||
61 | int port; /* <=0 if unspecified */ | ||
62 | char *rdomain; | ||
63 | }; | ||
64 | |||
65 | /* Resolved listen addresses, grouped by optional routing domain */ | ||
66 | struct listenaddr { | ||
67 | char *rdomain; | ||
68 | struct addrinfo *addrs; | ||
69 | }; | ||
70 | |||
64 | typedef struct { | 71 | typedef struct { |
65 | u_int num_ports; | 72 | u_int num_ports; |
66 | u_int ports_from_cmdline; | 73 | u_int ports_from_cmdline; |
67 | int ports[MAX_PORTS]; /* Port number to listen on. */ | 74 | int ports[MAX_PORTS]; /* Port number to listen on. */ |
75 | struct queued_listenaddr *queued_listen_addrs; | ||
68 | u_int num_queued_listens; | 76 | u_int num_queued_listens; |
69 | char **queued_listen_addrs; | 77 | struct listenaddr *listen_addrs; |
70 | int *queued_listen_ports; | 78 | u_int num_listen_addrs; |
71 | struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ | 79 | int address_family; /* Address family used by the server. */ |
72 | int address_family; /* Address family used by the server. */ | 80 | |
73 | char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ | 81 | char *routing_domain; /* Bind session to routing domain */ |
74 | int num_host_key_files; /* Number of files for host keys. */ | 82 | |
75 | char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ | 83 | char **host_key_files; /* Files containing host keys. */ |
76 | int num_host_cert_files; /* Number of files for host certs. */ | 84 | u_int num_host_key_files; /* Number of files for host keys. */ |
77 | char *host_key_agent; /* ssh-agent socket for host keys. */ | 85 | char **host_cert_files; /* Files containing host certs. */ |
78 | char *pid_file; /* Where to put our pid */ | 86 | u_int num_host_cert_files; /* Number of files for host certs. */ |
87 | |||
88 | char *host_key_agent; /* ssh-agent socket for host keys. */ | ||
89 | char *pid_file; /* Where to put our pid */ | ||
79 | int login_grace_time; /* Disconnect if no auth in this time | 90 | int login_grace_time; /* Disconnect if no auth in this time |
80 | * (sec). */ | 91 | * (sec). */ |
81 | int permit_root_login; /* PERMIT_*, see above */ | 92 | int permit_root_login; /* PERMIT_*, see above */ |
@@ -136,13 +147,13 @@ typedef struct { | |||
136 | int allow_agent_forwarding; | 147 | int allow_agent_forwarding; |
137 | int disable_forwarding; | 148 | int disable_forwarding; |
138 | u_int num_allow_users; | 149 | u_int num_allow_users; |
139 | char *allow_users[MAX_ALLOW_USERS]; | 150 | char **allow_users; |
140 | u_int num_deny_users; | 151 | u_int num_deny_users; |
141 | char *deny_users[MAX_DENY_USERS]; | 152 | char **deny_users; |
142 | u_int num_allow_groups; | 153 | u_int num_allow_groups; |
143 | char *allow_groups[MAX_ALLOW_GROUPS]; | 154 | char **allow_groups; |
144 | u_int num_deny_groups; | 155 | u_int num_deny_groups; |
145 | char *deny_groups[MAX_DENY_GROUPS]; | 156 | char **deny_groups; |
146 | 157 | ||
147 | u_int num_subsystems; | 158 | u_int num_subsystems; |
148 | char *subsystem_name[MAX_SUBSYSTEMS]; | 159 | char *subsystem_name[MAX_SUBSYSTEMS]; |
@@ -150,7 +161,7 @@ typedef struct { | |||
150 | char *subsystem_args[MAX_SUBSYSTEMS]; | 161 | char *subsystem_args[MAX_SUBSYSTEMS]; |
151 | 162 | ||
152 | u_int num_accept_env; | 163 | u_int num_accept_env; |
153 | char *accept_env[MAX_ACCEPT_ENV]; | 164 | char **accept_env; |
154 | 165 | ||
155 | int max_startups_begin; | 166 | int max_startups_begin; |
156 | int max_startups_rate; | 167 | int max_startups_rate; |
@@ -169,8 +180,8 @@ typedef struct { | |||
169 | * disconnect the session | 180 | * disconnect the session |
170 | */ | 181 | */ |
171 | 182 | ||
172 | u_int num_authkeys_files; /* Files containing public keys */ | 183 | u_int num_authkeys_files; /* Files containing public keys */ |
173 | char *authorized_keys_files[MAX_AUTHKEYS_FILES]; | 184 | char **authorized_keys_files; |
174 | 185 | ||
175 | char *adm_forced_command; | 186 | char *adm_forced_command; |
176 | 187 | ||
@@ -196,7 +207,7 @@ typedef struct { | |||
196 | char *version_addendum; /* Appended to SSH banner */ | 207 | char *version_addendum; /* Appended to SSH banner */ |
197 | 208 | ||
198 | u_int num_auth_methods; | 209 | u_int num_auth_methods; |
199 | char *auth_methods[MAX_AUTH_METHODS]; | 210 | char **auth_methods; |
200 | 211 | ||
201 | int fingerprint_hash; | 212 | int fingerprint_hash; |
202 | int expose_userauth_info; | 213 | int expose_userauth_info; |
@@ -211,6 +222,7 @@ struct connection_info { | |||
211 | const char *address; /* remote address */ | 222 | const char *address; /* remote address */ |
212 | const char *laddress; /* local address */ | 223 | const char *laddress; /* local address */ |
213 | int lport; /* local port */ | 224 | int lport; /* local port */ |
225 | const char *rdomain; /* routing domain if available */ | ||
214 | }; | 226 | }; |
215 | 227 | ||
216 | 228 | ||
@@ -234,6 +246,7 @@ struct connection_info { | |||
234 | M_CP_STROPT(authorized_principals_command_user); \ | 246 | M_CP_STROPT(authorized_principals_command_user); \ |
235 | M_CP_STROPT(hostbased_key_types); \ | 247 | M_CP_STROPT(hostbased_key_types); \ |
236 | M_CP_STROPT(pubkey_key_types); \ | 248 | M_CP_STROPT(pubkey_key_types); \ |
249 | M_CP_STROPT(routing_domain); \ | ||
237 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ | 250 | M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |
238 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ | 251 | M_CP_STRARRAYOPT(allow_users, num_allow_users); \ |
239 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ | 252 | M_CP_STRARRAYOPT(deny_users, num_deny_users); \ |
@@ -241,7 +254,7 @@ struct connection_info { | |||
241 | M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ | 254 | M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ |
242 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ | 255 | M_CP_STRARRAYOPT(accept_env, num_accept_env); \ |
243 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ | 256 | M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ |
244 | M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \ | 257 | M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ |
245 | } while (0) | 258 | } while (0) |
246 | 259 | ||
247 | struct connection_info *get_connection_info(int, int); | 260 | struct connection_info *get_connection_info(int, int); |
@@ -259,5 +272,9 @@ int server_match_spec_complete(struct connection_info *); | |||
259 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); | 272 | void copy_set_server_options(ServerOptions *, ServerOptions *, int); |
260 | void dump_config(ServerOptions *); | 273 | void dump_config(ServerOptions *); |
261 | char *derelativise_path(const char *); | 274 | char *derelativise_path(const char *); |
275 | void servconf_add_hostkey(const char *, const int, | ||
276 | ServerOptions *, const char *path); | ||
277 | void servconf_add_hostcert(const char *, const int, | ||
278 | ServerOptions *, const char *path); | ||
262 | 279 | ||
263 | #endif /* SERVCONF_H */ | 280 | #endif /* SERVCONF_H */ |