Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 115063a6647007286cc8ca70abfd2a7585f26ccc^! / . / channels.h
commit115063a6647007286cc8ca70abfd2a7585f26ccc[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Wed Jun 06 18:22:41 2018 +0000
committerDamien Miller <djm@mindrot.org>Thu Jun 07 04:27:20 2018 +1000
tree7bd8d46ae55ff7fc1f8699740d2d2e106c3d5fe8
parent7703ae5f5d42eb302ded51705166ff6e19c92892 [diff] [blame]
upstream: Add a PermitListen directive to control which server-side

addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f

diff --git a/channels.h b/channels.h
index 126b043..1aeafe9 100644
--- a/channels.h
+++ b/channels.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.130 2017/09/21 19:16:53 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.131 2018/06/06 18:22:41 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -63,6 +63,15 @@
 
 #define CHANNEL_CANCEL_PORT_STATIC	-1
 
+/* TCP forwarding */
+#define FORWARD_DENY		0
+#define FORWARD_REMOTE		(1)
+#define FORWARD_LOCAL		(1<<1)
+#define FORWARD_ALLOW		(FORWARD_REMOTE|FORWARD_LOCAL)
+
+#define FORWARD_ADM		0x100
+#define FORWARD_USER		0x101
+
 struct ssh;
 struct Channel;
 typedef struct Channel Channel;
@@ -283,16 +292,11 @@
 struct Forward;
 struct ForwardOptions;
 void	 channel_set_af(struct ssh *, int af);
-void     channel_permit_all_opens(struct ssh *);
-void	 channel_add_permitted_opens(struct ssh *, char *, int);
-int	 channel_add_adm_permitted_opens(struct ssh *, char *, int);
-void	 channel_copy_adm_permitted_opens(struct ssh *,
-	    const struct fwd_perm_list *);
-void	 channel_disable_adm_local_opens(struct ssh *);
-void	 channel_update_permitted_opens(struct ssh *, int, int);
-void	 channel_clear_permitted_opens(struct ssh *);
-void	 channel_clear_adm_permitted_opens(struct ssh *);
-void 	 channel_print_adm_permitted_opens(struct ssh *);
+void     channel_permit_all(struct ssh *, int);
+void	 channel_add_permission(struct ssh *, int, int, char *, int);
+void	 channel_clear_permission(struct ssh *, int, int);
+void	 channel_disable_admin(struct ssh *, int);
+void	 channel_update_permission(struct ssh *, int, int);
 Channel	*channel_connect_to_port(struct ssh *, const char *, u_short,
 	    char *, char *, int *, const char **);
 Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);