- markus@cvs.openbsd.org 2001/03/16 19:06:30

     [auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de

1 files changed, 12 insertions, 4 deletions

diff --git a/channels.h b/channels.h
index f57029a1..493b04aa 100644
--- a/channels.h
+++ b/channels.h
@@ -32,11 +32,13 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.28 2001/03/16 19:06:29 markus Exp $"); */
 
 #ifndef CHANNELS_H
 #define CHANNELS_H
 
+#include "buffer.h"
+
 /* Definitions for channel types. */
 #define SSH_CHANNEL_FREE		0	/* This channel is free (unused). */
 #define SSH_CHANNEL_X11_LISTENER	1	/* Listening for inet X11 conn. */
@@ -226,12 +228,18 @@ channel_request_remote_forwarding(u_short port, const char *host,
     u_short remote_port);
 
 /*
- * Permits opening to any host/port in SSH_MSG_PORT_OPEN.  This is usually
- * called by the server, because the user could connect to any port anyway,
- * and the server has no way to know but to trust the client anyway.
+ * Permits opening to any host/port if permitted_opens[] is empty.  This is
+ * usually called by the server, because the user could connect to any port
+ * anyway, and the server has no way to know but to trust the client anyway.
  */
 void    channel_permit_all_opens(void);
 
+/* Add host/port to list of allowed targets for port forwarding */
+void	channel_add_permitted_opens(char *host, int port);
+
+/* Flush list */
+void	channel_clear_permitted_opens(void);
+
 /*
  * This is called after receiving CHANNEL_FORWARDING_REQUEST.  This initates
  * listening for the port, and sends back a success reply (or disconnect