-/* $OpenBSD: servconf.c,v 1.156 2006/07/17 12:06:00 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.164 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include <sys/types.h>
#include <sys/socket.h>
-#if defined(HAVE_NETDB_H)
-# include <netdb.h>
-#endif
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
#include <unistd.h>
+#include <stdarg.h>
+#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
+#include "buffer.h"
#include "servconf.h"
-#include "xmalloc.h"
#include "compat.h"
#include "pathnames.h"
#include "misc.h"
#include "cipher.h"
+#include "key.h"
#include "kex.h"
#include "mac.h"
#include "match.h"
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
options->permit_tun = -1;
+ options->num_permitted_opens = -1;
+ options->adm_forced_command = NULL;
}
void
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen,
+ sMatch, sPermitOpen, sForceCommand,
sUsePrivilegeSeparation,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
- { "x11forwarding", sX11Forwarding, SSHCFG_GLOBAL },
- { "x11displayoffset", sX11DisplayOffset, SSHCFG_GLOBAL },
- { "x11uselocalhost", sX11UseLocalhost, SSHCFG_GLOBAL },
+ { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
+ { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
+ { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
{ "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
+ { "forcecommand", sForceCommand, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
return result;
}
+#define WHITESPACE " \t\r\n"
+
int
process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum, int *activep, const char *user,
case sDenyUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_deny_users >= MAX_DENY_USERS)
- fatal( "%s line %d: too many deny users.",
+ fatal("%s line %d: too many deny users.",
filename, linenum);
options->deny_users[options->num_deny_users++] =
xstrdup(arg);
*/
case sAuthorizedKeysFile:
case sAuthorizedKeysFile2:
- charptr = (opcode == sAuthorizedKeysFile ) ?
+ charptr = (opcode == sAuthorizedKeysFile) ?
&options->authorized_keys_file :
&options->authorized_keys_file2;
goto parse_filename;
fatal("%s line %d: missing PermitOpen specification",
filename, linenum);
if (strcmp(arg, "any") == 0) {
- if (*activep)
+ if (*activep) {
channel_clear_adm_permitted_opens();
+ options->num_permitted_opens = 0;
+ }
break;
}
- p = hpdelim(&arg);
- if (p == NULL)
- fatal("%s line %d: missing host in PermitOpen",
- filename, linenum);
- p = cleanhostname(p);
- if (arg == NULL || (port = a2port(arg)) == 0)
- fatal("%s line %d: bad port number in PermitOpen",
- filename, linenum);
- if (*activep)
- channel_add_adm_permitted_opens(p, port);
+ for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
+ p = hpdelim(&arg);
+ if (p == NULL)
+ fatal("%s line %d: missing host in PermitOpen",
+ filename, linenum);
+ p = cleanhostname(p);
+ if (arg == NULL || (port = a2port(arg)) == 0)
+ fatal("%s line %d: bad port number in "
+ "PermitOpen", filename, linenum);
+ if (*activep && options->num_permitted_opens == -1) {
+ channel_clear_adm_permitted_opens();
+ options->num_permitted_opens =
+ channel_add_adm_permitted_opens(p, port);
+ }
+ }
break;
+ case sForceCommand:
+ if (cp == NULL)
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ len = strspn(cp, WHITESPACE);
+ if (*activep && options->adm_forced_command == NULL)
+ options->adm_forced_command = xstrdup(cp + len);
+ return 0;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
if (src->gateway_ports != -1)
dst->gateway_ports = src->gateway_ports;
+ if (src->adm_forced_command != NULL) {
+ if (dst->adm_forced_command != NULL)
+ xfree(dst->adm_forced_command);
+ dst->adm_forced_command = src->adm_forced_command;
+ }
+ if (src->x11_display_offset != -1)
+ dst->x11_display_offset = src->x11_display_offset;
+ if (src->x11_forwarding != -1)
+ dst->x11_forwarding = src->x11_forwarding;
+ if (src->x11_use_localhost != -1)
+ dst->x11_use_localhost = src->x11_use_localhost;
}
void
andersk / openssh.git / blobdiff