From 115063a6647007286cc8ca70abfd2a7585f26ccc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 6 Jun 2018 18:22:41 +0000 Subject: upstream: Add a PermitListen directive to control which server-side addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f --- servconf.h | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'servconf.h') diff --git a/servconf.h b/servconf.h index 6d2553c3..62acd893 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.131 2018/04/13 03:57:26 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.132 2018/06/06 18:22:41 djm Exp $ */ /* * Author: Tatu Ylonen @@ -32,12 +32,6 @@ #define PRIVSEP_ON 1 #define PRIVSEP_NOSANDBOX 2 -/* AllowTCPForwarding */ -#define FORWARD_DENY 0 -#define FORWARD_REMOTE (1) -#define FORWARD_LOCAL (1<<1) -#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) - /* PermitOpen */ #define PERMITOPEN_ANY 0 #define PERMITOPEN_NONE -2 @@ -187,8 +181,10 @@ typedef struct { int permit_tun; - char **permitted_opens; - u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ + char **permitted_opens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_opens; + char **permitted_remote_opens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_remote_opens; char *chroot_directory; char *revoked_keys_file; @@ -252,6 +248,8 @@ struct connection_info { M_CP_STRARRAYOPT(accept_env, num_accept_env); \ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ + M_CP_STRARRAYOPT(permitted_remote_opens, \ + num_permitted_remote_opens); \ } while (0) struct connection_info *get_connection_info(int, int); -- cgit v1.2.1