diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-06 18:23:32 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-07 04:27:20 +1000 |
| commit | 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch) | |
| tree | 86b19179eaa51962f0dae9ab02d6d37197942265 /auth.c | |
| parent | 115063a6647007286cc8ca70abfd2a7585f26ccc (diff) | |
upstream: permitlisten option for authorized_keys; ok markus@
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -1005,17 +1005,20 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) int do_env = options.permit_user_env && opts->nenv > 0; int do_permitopen = opts->npermitopen > 0 && (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; + int do_permitlisten = opts->npermitlisten > 0 && + (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0; size_t i; char msg[1024], buf[64]; snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); /* Try to keep this alphabetically sorted */ - snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s", + snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", opts->force_command == NULL ? "" : " command", do_env ? " environment" : "", opts->valid_before == 0 ? "" : "expires", do_permitopen ? " permitopen" : "", + do_permitlisten ? " permitlisten" : "", opts->permit_port_forwarding_flag ? " port-forwarding" : "", opts->cert_principals == NULL ? "" : " principals", opts->permit_pty_flag ? " pty" : "", @@ -1049,12 +1052,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) } if (opts->force_command != NULL) debug("%s: forced command: \"%s\"", loc, opts->force_command); - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + if (do_permitopen) { for (i = 0; i < opts->npermitopen; i++) { debug("%s: permitted open: %s", loc, opts->permitopen[i]); } } + if (do_permitlisten) { + for (i = 0; i < opts->npermitlisten; i++) { + debug("%s: permitted listen: %s", + loc, opts->permitlisten[i]); + } + } } /* Activate a new set of key/cert options; merging with what is there. */ |