upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.
This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@
Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
diff --git a/servconf.c b/servconf.c
index e0bfbe6..795ddba 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.300 2016/11/23 23:14:15 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -163,6 +163,7 @@
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
options->fingerprint_hash = -1;
+ options->disable_forwarding = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -330,6 +331,8 @@
options->fwd_opts.streamlocal_bind_unlink = 0;
if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ if (options->disable_forwarding == -1)
+ options->disable_forwarding = 0;
assemble_algorithms(options);
@@ -414,7 +417,7 @@
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
- sAllowStreamLocalForwarding, sFingerprintHash,
+ sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
@@ -557,6 +560,7 @@
{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+ { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -1356,6 +1360,10 @@
intptr = &options->allow_agent_forwarding;
goto parse_flag;
+ case sDisableForwarding:
+ intptr = &options->disable_forwarding;
+ goto parse_flag;
+
case sUsePrivilegeSeparation:
intptr = &use_privsep;
multistate_ptr = multistate_privsep;
@@ -1965,6 +1973,7 @@
M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(allow_streamlocal_forwarding);
M_CP_INTOPT(allow_agent_forwarding);
+ M_CP_INTOPT(disable_forwarding);
M_CP_INTOPT(permit_tun);
M_CP_INTOPT(fwd_opts.gateway_ports);
M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
@@ -2263,6 +2272,7 @@
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
+ dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);