diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-06-06 18:22:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-06-07 04:27:20 +1000 |
commit | 115063a6647007286cc8ca70abfd2a7585f26ccc (patch) | |
tree | 7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8 /servconf.h | |
parent | 7703ae5f5d42eb302ded51705166ff6e19c92892 (diff) | |
download | openssh-git-115063a6647007286cc8ca70abfd2a7585f26ccc.tar.gz |
upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.131 2018/04/13 03:57:26 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.132 2018/06/06 18:22:41 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -32,12 +32,6 @@ #define PRIVSEP_ON 1 #define PRIVSEP_NOSANDBOX 2 -/* AllowTCPForwarding */ -#define FORWARD_DENY 0 -#define FORWARD_REMOTE (1) -#define FORWARD_LOCAL (1<<1) -#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) - /* PermitOpen */ #define PERMITOPEN_ANY 0 #define PERMITOPEN_NONE -2 @@ -187,8 +181,10 @@ typedef struct { int permit_tun; - char **permitted_opens; - u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ + char **permitted_opens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_opens; + char **permitted_remote_opens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_remote_opens; char *chroot_directory; char *revoked_keys_file; @@ -252,6 +248,8 @@ struct connection_info { M_CP_STRARRAYOPT(accept_env, num_accept_env); \ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ + M_CP_STRARRAYOPT(permitted_remote_opens, \ + num_permitted_remote_opens); \ } while (0) struct connection_info *get_connection_info(int, int); |