-/* $OpenBSD: servconf.c,v 1.155 2006/07/17 01:31:09 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.156 2006/07/17 12:06:00 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include "kex.h"
#include "mac.h"
#include "match.h"
+#include "channels.h"
static void add_listen_addr(ServerOptions *, char *, u_short);
static void add_one_listen_addr(ServerOptions *, char *, u_short);
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
- sMatch,
+ sMatch, sPermitOpen,
sUsePrivilegeSeparation,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
+ { "match", sMatch, SSHCFG_ALL },
+ { "permitopen", sPermitOpen, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
*activep = value;
break;
+ case sPermitOpen:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing PermitOpen specification",
+ filename, linenum);
+ if (strcmp(arg, "any") == 0) {
+ if (*activep)
+ channel_clear_adm_permitted_opens();
+ break;
+ }
+ p = hpdelim(&arg);
+ if (p == NULL)
+ fatal("%s line %d: missing host in PermitOpen",
+ filename, linenum);
+ p = cleanhostname(p);
+ if (arg == NULL || (port = a2port(arg)) == 0)
+ fatal("%s line %d: bad port number in PermitOpen",
+ filename, linenum);
+ if (*activep)
+ channel_add_adm_permitted_opens(p, port);
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);