diff options
author | Damien Miller <djm@mindrot.org> | 2012-04-22 11:18:53 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-04-22 11:18:53 +1000 |
commit | c6081482b2b72caccce938c100c1b55f7b5e30fe (patch) | |
tree | 8bdb5d2df8d77e980822911573ffea17f4c67238 | |
parent | 48348fc3b4455df8112d4e1b6de5b4f0779be875 (diff) |
- dtucker@cvs.openbsd.org 2012/03/29 23:54:36
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949). ok djm@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | channels.c | 17 | ||||
-rw-r--r-- | channels.h | 3 | ||||
-rw-r--r-- | servconf.c | 10 |
4 files changed, 30 insertions, 4 deletions
@@ -13,6 +13,10 @@ [PROTOCOL.certkeys] explain certificate extensions/crit split rationale. Mention requirement that each appear at most once per cert. + - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 + [channels.c channels.h servconf.c] + Add PermitOpen none option based on patch from Loganaden Velvindron + (bz #1949). ok djm@ 20120420 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.316 2012/03/29 23:54:36 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3127,6 +3127,17 @@ channel_add_adm_permitted_opens(char *host, int port) } void +channel_disable_adm_local_opens(void) +{ + if (num_adm_permitted_opens == 0) { + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = NULL; + num_adm_permitted_opens = 1; + } +} + +void channel_clear_permitted_opens(void) { int i; @@ -3167,7 +3178,9 @@ channel_print_adm_permitted_opens(void) return; } for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) + if (permitted_adm_opens[i].host_to_connect == NULL) + printf(" none"); + else printf(" %s:%d", permitted_adm_opens[i].host_to_connect, permitted_adm_opens[i].port_to_connect); printf("\n"); @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.109 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.110 2012/03/29 23:54:36 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -253,6 +253,7 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.223 2011/09/23 00:22:04 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.224 2012/03/29 23:54:36 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1333,6 +1333,14 @@ process_server_config_line(ServerOptions *options, char *line, } break; } + if (strcmp(arg, "none") == 0) { + if (*activep && n == -1) { + channel_clear_adm_permitted_opens(); + options->num_permitted_opens = 1; + channel_disable_adm_local_opens(); + } + break; + } if (*activep && n == -1) channel_clear_adm_permitted_opens(); for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { |