From 7bb8b49596156b85df403d09c2195e2533ec372c Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Sat, 17 Mar 2001 00:47:54 +0000
Subject:    - markus@cvs.openbsd.org 2001/03/16 19:06:30      [auth-options.c
 channels.c channels.h serverloop.c session.c]      implement "permitopen" key
 option, restricts -L style forwarding to      to specified host:port pairs.
 based on work by harlan@genua.de

---
 auth-options.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 4 deletions(-)

(limited to 'auth-options.c')

diff --git a/auth-options.c b/auth-options.c
index bfb1af86b..7ce1e4b0c 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,13 +10,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.14 2001/03/13 17:34:42 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.15 2001/03/16 19:06:28 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
 #include "canohost.h"
+#include "channels.h"
 #include "auth-options.h"
 #include "servconf.h"
 
@@ -51,6 +52,7 @@ auth_clear_options(void)
 		xfree(forced_command);
 		forced_command = NULL;
 	}
+	channel_clear_permitted_opens();
 }
 
 /*
@@ -61,6 +63,7 @@ int
 auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 {
 	const char *cp;
+	int i;
 
 	/* reset options */
 	auth_clear_options();
@@ -99,7 +102,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 		}
 		cp = "command=\"";
 		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			int i;
 			opts += strlen(cp);
 			forced_command = xmalloc(strlen(opts) + 1);
 			i = 0;
@@ -129,9 +131,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 		}
 		cp = "environment=\"";
 		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			int i;
 			char *s;
 			struct envstring *new_envstring;
+
 			opts += strlen(cp);
 			s = xmalloc(strlen(opts) + 1);
 			i = 0;
@@ -170,7 +172,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			const char *remote_host = get_canonical_hostname(
 			    options.reverse_mapping_check);
 			char *patterns = xmalloc(strlen(opts) + 1);
-			int i;
+
 			opts += strlen(cp);
 			i = 0;
 			while (*opts) {
@@ -218,6 +220,58 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			/* Host name matches. */
 			goto next_option;
 		}
+		cp = "permitopen=\"";
+		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+			u_short port;
+			char *c, *ep;
+			char *patterns = xmalloc(strlen(opts) + 1);
+
+			opts += strlen(cp);
+			i = 0;
+			while (*opts) {
+				if (*opts == '"')
+					break;
+				if (*opts == '\\' && opts[1] == '"') {
+					opts += 2;
+					patterns[i++] = '"';
+					continue;
+				}
+				patterns[i++] = *opts++;
+			}
+			if (!*opts) {
+				debug("%.100s, line %lu: missing end quote",
+				    file, linenum);
+				packet_send_debug("%.100s, line %lu: missing end quote",
+				    file, linenum);
+				xfree(patterns);
+				goto bad_option;
+			}
+			patterns[i] = 0;
+			opts++;
+			c = strchr(patterns, ':');
+			if (c == NULL) {
+				debug("%.100s, line %lu: permitopen: missing colon <%.100s>",
+				    file, linenum, patterns);
+				packet_send_debug("%.100s, line %lu: missing colon",
+				    file, linenum);
+				xfree(patterns);
+				goto bad_option;
+			}
+			*c = 0;
+			c++;
+			port = strtol(c, &ep, 0);
+			if (c == ep) {
+				debug("%.100s, line %lu: permitopen: missing port <%.100s>",
+				    file, linenum, patterns);
+				packet_send_debug("%.100s, line %lu: missing port",
+				    file, linenum);
+				xfree(patterns);
+				goto bad_option;
+			}
+			channel_add_permitted_opens(patterns, port);
+			xfree(patterns);
+			goto next_option;
+		}
 next_option:
 		/*
 		 * Skip the comma, and move to the next option
-- 
cgit v1.2.3