diff options
| author | mouring <mouring> | 2001-03-17 00:47:54 +0000 |
|---|---|---|
| committer | mouring <mouring> | 2001-03-17 00:47:54 +0000 |
| commit | 60b2edba9486082d3d70e98dfd82442d401effb7 (patch) | |
| tree | 3bb74785b7973408c1ed42bc4b6f16723cf8e35f /auth-options.c | |
| parent | bafafee7bec516603af79e98ca7915fb25ed8a80 (diff) | |
| download | openssh-60b2edba9486082d3d70e98dfd82442d401effb7.tar.gz | |
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 62 |
1 files changed, 58 insertions, 4 deletions
diff --git a/auth-options.c b/auth-options.c index bfb1af86..7ce1e4b0 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,13 +10,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.14 2001/03/13 17:34:42 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.15 2001/03/16 19:06:28 markus Exp $"); #include "packet.h" #include "xmalloc.h" #include "match.h" #include "log.h" #include "canohost.h" +#include "channels.h" #include "auth-options.h" #include "servconf.h" @@ -51,6 +52,7 @@ auth_clear_options(void) xfree(forced_command); forced_command = NULL; } + channel_clear_permitted_opens(); } /* @@ -61,6 +63,7 @@ int auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) { const char *cp; + int i; /* reset options */ auth_clear_options(); @@ -99,7 +102,6 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "command=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - int i; opts += strlen(cp); forced_command = xmalloc(strlen(opts) + 1); i = 0; @@ -129,9 +131,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "environment=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - int i; char *s; struct envstring *new_envstring; + opts += strlen(cp); s = xmalloc(strlen(opts) + 1); i = 0; @@ -170,7 +172,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) const char *remote_host = get_canonical_hostname( options.reverse_mapping_check); char *patterns = xmalloc(strlen(opts) + 1); - int i; + opts += strlen(cp); i = 0; while (*opts) { @@ -218,6 +220,58 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) /* Host name matches. */ goto next_option; } + cp = "permitopen=\""; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + u_short port; + char *c, *ep; + char *patterns = xmalloc(strlen(opts) + 1); + + opts += strlen(cp); + i = 0; + while (*opts) { + if (*opts == '"') + break; + if (*opts == '\\' && opts[1] == '"') { + opts += 2; + patterns[i++] = '"'; + continue; + } + patterns[i++] = *opts++; + } + if (!*opts) { + debug("%.100s, line %lu: missing end quote", + file, linenum); + packet_send_debug("%.100s, line %lu: missing end quote", + file, linenum); + xfree(patterns); + goto bad_option; + } + patterns[i] = 0; + opts++; + c = strchr(patterns, ':'); + if (c == NULL) { + debug("%.100s, line %lu: permitopen: missing colon <%.100s>", + file, linenum, patterns); + packet_send_debug("%.100s, line %lu: missing colon", + file, linenum); + xfree(patterns); + goto bad_option; + } + *c = 0; + c++; + port = strtol(c, &ep, 0); + if (c == ep) { + debug("%.100s, line %lu: permitopen: missing port <%.100s>", + file, linenum, patterns); + packet_send_debug("%.100s, line %lu: missing port", + file, linenum); + xfree(patterns); + goto bad_option; + } + channel_add_permitted_opens(patterns, port); + xfree(patterns); + goto next_option; + } next_option: /* * Skip the comma, and move to the next option |