Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7844f357cdd90530eec81340847783f1f1da010b^! / . / servconf.c
commit7844f357cdd90530eec81340847783f1f1da010b[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Wed Nov 30 03:00:05 2016 +0000
committerDamien Miller <djm@mindrot.org>Wed Nov 30 19:44:01 2016 +1100
treea31f2189df130942f72eb0ea936fbbe9a70f0f65
parentfd6dcef2030d23c43f986d26979f84619c10589d [diff] [blame]
upstream commit

Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.

This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@

Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7

diff --git a/servconf.c b/servconf.c
index e0bfbe6..795ddba 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.300 2016/11/23 23:14:15 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -163,6 +163,7 @@
 	options->ip_qos_bulk = -1;
 	options->version_addendum = NULL;
 	options->fingerprint_hash = -1;
+	options->disable_forwarding = -1;
 }
 
 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -330,6 +331,8 @@
 		options->fwd_opts.streamlocal_bind_unlink = 0;
 	if (options->fingerprint_hash == -1)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+	if (options->disable_forwarding == -1)
+		options->disable_forwarding = 0;
 
 	assemble_algorithms(options);
 
@@ -414,7 +417,7 @@
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
 	sStreamLocalBindMask, sStreamLocalBindUnlink,
-	sAllowStreamLocalForwarding, sFingerprintHash,
+	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
 	sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
 
@@ -557,6 +560,7 @@
 	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
 	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1356,6 +1360,10 @@
 		intptr = &options->allow_agent_forwarding;
 		goto parse_flag;
 
+	case sDisableForwarding:
+		intptr = &options->disable_forwarding;
+		goto parse_flag;
+
 	case sUsePrivilegeSeparation:
 		intptr = &use_privsep;
 		multistate_ptr = multistate_privsep;
@@ -1965,6 +1973,7 @@
 	M_CP_INTOPT(allow_tcp_forwarding);
 	M_CP_INTOPT(allow_streamlocal_forwarding);
 	M_CP_INTOPT(allow_agent_forwarding);
+	M_CP_INTOPT(disable_forwarding);
 	M_CP_INTOPT(permit_tun);
 	M_CP_INTOPT(fwd_opts.gateway_ports);
 	M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
@@ -2263,6 +2272,7 @@
 	dump_cfg_fmtint(sUseDNS, o->use_dns);
 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
+	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);