diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-06-06 18:22:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-06-07 04:27:20 +1000 |
commit | 115063a6647007286cc8ca70abfd2a7585f26ccc (patch) | |
tree | 7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8 /channels.h | |
parent | 7703ae5f5d42eb302ded51705166ff6e19c92892 (diff) |
upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
Diffstat (limited to 'channels.h')
-rw-r--r-- | channels.h | 26 |
1 files changed, 15 insertions, 11 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.130 2017/09/21 19:16:53 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.131 2018/06/06 18:22:41 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -63,6 +63,15 @@ #define CHANNEL_CANCEL_PORT_STATIC -1 +/* TCP forwarding */ +#define FORWARD_DENY 0 +#define FORWARD_REMOTE (1) +#define FORWARD_LOCAL (1<<1) +#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) + +#define FORWARD_ADM 0x100 +#define FORWARD_USER 0x101 + struct ssh; struct Channel; typedef struct Channel Channel; @@ -283,16 +292,11 @@ int channel_find_open(struct ssh *); struct Forward; struct ForwardOptions; void channel_set_af(struct ssh *, int af); -void channel_permit_all_opens(struct ssh *); -void channel_add_permitted_opens(struct ssh *, char *, int); -int channel_add_adm_permitted_opens(struct ssh *, char *, int); -void channel_copy_adm_permitted_opens(struct ssh *, - const struct fwd_perm_list *); -void channel_disable_adm_local_opens(struct ssh *); -void channel_update_permitted_opens(struct ssh *, int, int); -void channel_clear_permitted_opens(struct ssh *); -void channel_clear_adm_permitted_opens(struct ssh *); -void channel_print_adm_permitted_opens(struct ssh *); +void channel_permit_all(struct ssh *, int); +void channel_add_permission(struct ssh *, int, int, char *, int); +void channel_clear_permission(struct ssh *, int, int); +void channel_disable_admin(struct ssh *, int); +void channel_update_permission(struct ssh *, int, int); Channel *channel_connect_to_port(struct ssh *, const char *, u_short, char *, char *, int *, const char **); Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *); |