-/* $OpenBSD: servconf.c,v 1.155 2006/07/17 01:31:09 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.159 2006/07/21 12:43:36 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include "kex.h"
#include "mac.h"
#include "match.h"
+#include "channels.h"
static void add_listen_addr(ServerOptions *, char *, u_short);
static void add_one_listen_addr(ServerOptions *, char *, u_short);
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
options->permit_tun = -1;
+ options->num_permitted_opens = -1;
+ options->adm_forced_command = NULL;
}
void
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
- sMatch,
+ sMatch, sPermitOpen, sForceCommand,
sUsePrivilegeSeparation,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
- { "x11forwarding", sX11Forwarding, SSHCFG_GLOBAL },
- { "x11displayoffset", sX11DisplayOffset, SSHCFG_GLOBAL },
- { "x11uselocalhost", sX11UseLocalhost, SSHCFG_GLOBAL },
+ { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
+ { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
+ { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
{ "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
+ { "match", sMatch, SSHCFG_ALL },
+ { "permitopen", sPermitOpen, SSHCFG_ALL },
+ { "forcecommand", sForceCommand, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
return result;
}
+#define WHITESPACE " \t\r\n"
+
int
process_server_config_line(ServerOptions *options, char *line,
const char *filename, int linenum, int *activep, const char *user,
*activep = value;
break;
+ case sPermitOpen:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing PermitOpen specification",
+ filename, linenum);
+ if (strcmp(arg, "any") == 0) {
+ if (*activep) {
+ channel_clear_adm_permitted_opens();
+ options->num_permitted_opens = 0;
+ }
+ break;
+ }
+ for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
+ p = hpdelim(&arg);
+ if (p == NULL)
+ fatal("%s line %d: missing host in PermitOpen",
+ filename, linenum);
+ p = cleanhostname(p);
+ if (arg == NULL || (port = a2port(arg)) == 0)
+ fatal("%s line %d: bad port number in "
+ "PermitOpen", filename, linenum);
+ if (*activep && options->num_permitted_opens == -1) {
+ channel_clear_adm_permitted_opens();
+ options->num_permitted_opens =
+ channel_add_adm_permitted_opens(p, port);
+ }
+ }
+ break;
+
+ case sForceCommand:
+ if (cp == NULL)
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ len = strspn(cp, WHITESPACE);
+ if (*activep && options->adm_forced_command == NULL)
+ options->adm_forced_command = xstrdup(cp + len);
+ return 0;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
if (src->gateway_ports != -1)
dst->gateway_ports = src->gateway_ports;
+ if (src->adm_forced_command != NULL) {
+ if (dst->adm_forced_command != NULL)
+ xfree(dst->adm_forced_command);
+ dst->adm_forced_command = src->adm_forced_command;
+ }
+ if (src->x11_display_offset != -1)
+ dst->x11_display_offset = src->x11_display_offset;
+ if (src->x11_forwarding != -1)
+ dst->x11_forwarding = src->x11_forwarding;
+ if (src->x11_use_localhost != -1)
+ dst->x11_use_localhost = src->x11_use_localhost;
}
void