- markus@cvs.openbsd.org 2012/06/19 18:25:28
[servconf.c servconf.h sshd_config.5] sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' ok djm@ (back in March)
This commit is contained in:
parent
36378c6413
commit
c24da77015
|
@ -42,6 +42,11 @@
|
|||
[ssh.1]
|
||||
Clarify description of -W. Noted by Steve.McClellan at radisys com,
|
||||
ok jmc
|
||||
- markus@cvs.openbsd.org 2012/06/19 18:25:28
|
||||
[servconf.c servconf.h sshd_config.5]
|
||||
sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
|
||||
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
|
||||
ok djm@ (back in March)
|
||||
|
||||
20120519
|
||||
- (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
|
||||
|
|
25
servconf.c
25
servconf.c
|
@ -1,5 +1,5 @@
|
|||
|
||||
/* $OpenBSD: servconf.c,v 1.226 2012/05/13 01:42:32 dtucker Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.227 2012/06/19 18:25:27 markus Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -420,10 +420,10 @@ static struct {
|
|||
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
|
||||
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
|
||||
{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
|
||||
{ "allowusers", sAllowUsers, SSHCFG_GLOBAL },
|
||||
{ "denyusers", sDenyUsers, SSHCFG_GLOBAL },
|
||||
{ "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
|
||||
{ "denygroups", sDenyGroups, SSHCFG_GLOBAL },
|
||||
{ "allowusers", sAllowUsers, SSHCFG_ALL },
|
||||
{ "denyusers", sDenyUsers, SSHCFG_ALL },
|
||||
{ "allowgroups", sAllowGroups, SSHCFG_ALL },
|
||||
{ "denygroups", sDenyGroups, SSHCFG_ALL },
|
||||
{ "ciphers", sCiphers, SSHCFG_GLOBAL },
|
||||
{ "macs", sMacs, SSHCFG_GLOBAL },
|
||||
{ "protocol", sProtocol, SSHCFG_GLOBAL },
|
||||
|
@ -441,7 +441,7 @@ static struct {
|
|||
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
|
||||
{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
|
||||
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
|
||||
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
|
||||
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
|
||||
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
|
||||
{ "match", sMatch, SSHCFG_ALL },
|
||||
{ "permitopen", sPermitOpen, SSHCFG_ALL },
|
||||
|
@ -1148,6 +1148,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
||||
fatal("%s line %d: too many allow users.",
|
||||
filename, linenum);
|
||||
if (!*activep)
|
||||
continue;
|
||||
options->allow_users[options->num_allow_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
|
@ -1158,6 +1160,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||
if (options->num_deny_users >= MAX_DENY_USERS)
|
||||
fatal("%s line %d: too many deny users.",
|
||||
filename, linenum);
|
||||
if (!*activep)
|
||||
continue;
|
||||
options->deny_users[options->num_deny_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
|
@ -1168,6 +1172,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
|
||||
fatal("%s line %d: too many allow groups.",
|
||||
filename, linenum);
|
||||
if (!*activep)
|
||||
continue;
|
||||
options->allow_groups[options->num_allow_groups++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
|
@ -1178,7 +1184,10 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||
if (options->num_deny_groups >= MAX_DENY_GROUPS)
|
||||
fatal("%s line %d: too many deny groups.",
|
||||
filename, linenum);
|
||||
options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
|
||||
if (!*activep)
|
||||
continue;
|
||||
options->deny_groups[options->num_deny_groups++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
|
@ -1352,7 +1361,7 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||
fatal("%s line %d: too many allow env.",
|
||||
filename, linenum);
|
||||
if (!*activep)
|
||||
break;
|
||||
continue;
|
||||
options->accept_env[options->num_accept_env++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: servconf.h,v 1.101 2012/05/13 01:42:32 dtucker Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.102 2012/06/19 18:25:28 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -192,6 +192,11 @@ struct connection_info {
|
|||
M_CP_STROPT(revoked_keys_file); \
|
||||
M_CP_STROPT(authorized_principals_file); \
|
||||
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
|
||||
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
|
||||
M_CP_STRARRAYOPT(deny_users, num_deny_users); \
|
||||
M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
|
||||
M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
|
||||
M_CP_STRARRAYOPT(accept_env, num_accept_env); \
|
||||
} while (0)
|
||||
|
||||
struct connection_info *get_connection_info(int, int);
|
||||
|
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.140 2012/05/19 06:30:30 dtucker Exp $
|
||||
.Dd $Mdocdate: May 19 2012 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.141 2012/06/19 18:25:28 markus Exp $
|
||||
.Dd $Mdocdate: June 19 2012 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -707,15 +707,20 @@ Only a subset of keywords may be used on the lines following a
|
|||
.Cm Match
|
||||
keyword.
|
||||
Available keywords are
|
||||
.Cm AcceptEnv
|
||||
.Cm AllowAgentForwarding ,
|
||||
.Cm AllowGroups .
|
||||
.Cm AllowTcpForwarding ,
|
||||
.Cm AllowUsers ,
|
||||
.Cm AuthorizedKeysFile ,
|
||||
.Cm AuthorizedPrincipalsFile ,
|
||||
.Cm Banner ,
|
||||
.Cm ChrootDirectory ,
|
||||
.Cm DenyGroups ,
|
||||
.Cm DenyUsers ,
|
||||
.Cm ForceCommand ,
|
||||
.Cm GatewayPorts ,
|
||||
.Cm GSSAPIAuthentication ,
|
||||
.Cm GatewayPorts ,
|
||||
.Cm HostbasedAuthentication ,
|
||||
.Cm HostbasedUsesNameFromPacketOnly ,
|
||||
.Cm KbdInteractiveAuthentication ,
|
||||
|
@ -728,8 +733,8 @@ Available keywords are
|
|||
.Cm PermitRootLogin ,
|
||||
.Cm PermitTunnel ,
|
||||
.Cm PubkeyAuthentication ,
|
||||
.Cm RhostsRSAAuthentication ,
|
||||
.Cm RSAAuthentication ,
|
||||
.Cm RhostsRSAAuthentication ,
|
||||
.Cm X11DisplayOffset ,
|
||||
.Cm X11Forwarding
|
||||
and
|
||||
|
|
Loading…
Reference in New Issue