upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
diff --git a/channels.h b/channels.h
index 126b043..1aeafe9 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.130 2017/09/21 19:16:53 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.131 2018/06/06 18:22:41 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -63,6 +63,15 @@
#define CHANNEL_CANCEL_PORT_STATIC -1
+/* TCP forwarding */
+#define FORWARD_DENY 0
+#define FORWARD_REMOTE (1)
+#define FORWARD_LOCAL (1<<1)
+#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL)
+
+#define FORWARD_ADM 0x100
+#define FORWARD_USER 0x101
+
struct ssh;
struct Channel;
typedef struct Channel Channel;
@@ -283,16 +292,11 @@
struct Forward;
struct ForwardOptions;
void channel_set_af(struct ssh *, int af);
-void channel_permit_all_opens(struct ssh *);
-void channel_add_permitted_opens(struct ssh *, char *, int);
-int channel_add_adm_permitted_opens(struct ssh *, char *, int);
-void channel_copy_adm_permitted_opens(struct ssh *,
- const struct fwd_perm_list *);
-void channel_disable_adm_local_opens(struct ssh *);
-void channel_update_permitted_opens(struct ssh *, int, int);
-void channel_clear_permitted_opens(struct ssh *);
-void channel_clear_adm_permitted_opens(struct ssh *);
-void channel_print_adm_permitted_opens(struct ssh *);
+void channel_permit_all(struct ssh *, int);
+void channel_add_permission(struct ssh *, int, int, char *, int);
+void channel_clear_permission(struct ssh *, int, int);
+void channel_disable_admin(struct ssh *, int);
+void channel_update_permission(struct ssh *, int, int);
Channel *channel_connect_to_port(struct ssh *, const char *, u_short,
char *, char *, int *, const char **);
Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);