tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2012/03/29 23:54:36 

[channels.c channels.h servconf.c]
     Add PermitOpen none option based on patch from Loganaden Velvindron
     (bz #1949).  ok djm@
This commit is contained in:
Damien Miller 2012-04-22 11:18:53 +10:00
parent 48348fc3b4
commit c6081482b2
4 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -13,6 +13,10 @@
[PROTOCOL.certkeys] [PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert. that each appear at most once per cert.
- dtucker@cvs.openbsd.org 2012/03/29 23:54:36
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949). ok djm@
20120420 20120420
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]

17
channels.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ /* $OpenBSD: channels.c,v 1.316 2012/03/29 23:54:36 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -3126,6 +3126,17 @@ channel_add_adm_permitted_opens(char *host, int port)
return ++num_adm_permitted_opens; return ++num_adm_permitted_opens;
} }
void
channel_disable_adm_local_opens(void)
{
if (num_adm_permitted_opens == 0) {
permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens));
permitted_adm_opens[num_adm_permitted_opens].host_to_connect
= NULL;
num_adm_permitted_opens = 1;
}
}
void void
channel_clear_permitted_opens(void) channel_clear_permitted_opens(void)
{ {
@ -3167,7 +3178,9 @@ channel_print_adm_permitted_opens(void)
return; return;
} }
for (i = 0; i < num_adm_permitted_opens; i++) for (i = 0; i < num_adm_permitted_opens; i++)
if (permitted_adm_opens[i].host_to_connect != NULL) if (permitted_adm_opens[i].host_to_connect == NULL)
printf(" none");
else
printf(" %s:%d", permitted_adm_opens[i].host_to_connect, printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
permitted_adm_opens[i].port_to_connect); permitted_adm_opens[i].port_to_connect);
printf("\n"); printf("\n");

3
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.109 2011/09/23 07:45:05 markus Exp $ */ /* $OpenBSD: channels.h,v 1.110 2012/03/29 23:54:36 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -253,6 +253,7 @@ void channel_set_af(int af);
void channel_permit_all_opens(void); void channel_permit_all_opens(void);
void channel_add_permitted_opens(char *, int); void channel_add_permitted_opens(char *, int);
int channel_add_adm_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int);
void channel_disable_adm_local_opens(void);
void channel_update_permitted_opens(int, int); void channel_update_permitted_opens(int, int);
void channel_clear_permitted_opens(void); void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void); void channel_clear_adm_permitted_opens(void);

10
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.223 2011/09/23 00:22:04 dtucker Exp $ */ /* $OpenBSD: servconf.c,v 1.224 2012/03/29 23:54:36 dtucker Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -1333,6 +1333,14 @@ process_server_config_line(ServerOptions *options, char *line,
} }
break; break;
} }
if (strcmp(arg, "none") == 0) {
if (*activep && n == -1) {
channel_clear_adm_permitted_opens();
options->num_permitted_opens = 1;
channel_disable_adm_local_opens();
}
break;
}
if (*activep && n == -1) if (*activep && n == -1)
channel_clear_adm_permitted_opens(); channel_clear_adm_permitted_opens();
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {