Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / aa5b3f831417bac9538d2b6f21d55fef278e8926^! / . / servconf.c
commitaa5b3f831417bac9538d2b6f21d55fef278e8926[log] [tgz]
authorDamien Miller <djm@mindrot.org>Mon Dec 03 09:50:54 2012 +1100
committerDamien Miller <djm@mindrot.org>Mon Dec 03 09:50:54 2012 +1100
treedfaa5a58efa8195f1f72761fb9e2ba4fad7021b4
parent33a813613a9f48acba0e88f4c51a6a25259bbebc [diff] [blame]
   - djm@cvs.openbsd.org 2012/12/02 20:46:11
     [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@

diff --git a/servconf.c b/servconf.c
index b90dba6..21b371c 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.232 2012/11/04 11:09:15 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.233 2012/12/02 20:46:11 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -250,7 +250,7 @@
 	if (options->compression == -1)
 		options->compression = COMP_DELAYED;
 	if (options->allow_tcp_forwarding == -1)
-		options->allow_tcp_forwarding = 1;
+		options->allow_tcp_forwarding = FORWARD_ALLOW;
 	if (options->allow_agent_forwarding == -1)
 		options->allow_agent_forwarding = 1;
 	if (options->gateway_ports == -1)
@@ -786,6 +786,14 @@
 	{ "no",				PRIVSEP_OFF },
 	{ NULL, -1 }
 };
+static const struct multistate multistate_tcpfwd[] = {
+	{ "yes",			FORWARD_ALLOW },
+	{ "all",			FORWARD_ALLOW },
+	{ "no",				FORWARD_DENY },
+	{ "remote",			FORWARD_REMOTE },
+	{ "local",			FORWARD_LOCAL },
+	{ NULL, -1 }
+};
 
 int
 process_server_config_line(ServerOptions *options, char *line,
@@ -1143,7 +1151,8 @@
 
 	case sAllowTcpForwarding:
 		intptr = &options->allow_tcp_forwarding;
-		goto parse_flag;
+		multistate_ptr = multistate_tcpfwd;
+		goto parse_multistate;
 
 	case sAllowAgentForwarding:
 		intptr = &options->allow_agent_forwarding;
@@ -1423,7 +1432,6 @@
 		}
 		if (strcmp(arg, "none") == 0) {
 			if (*activep && n == -1) {
-				channel_clear_adm_permitted_opens();
 				options->num_permitted_opens = 1;
 				channel_disable_adm_local_opens();
 			}
@@ -1780,6 +1788,8 @@
 		return fmt_multistate_int(val, multistate_compression);
 	case sUsePrivilegeSeparation:
 		return fmt_multistate_int(val, multistate_privsep);
+	case sAllowTcpForwarding:
+		return fmt_multistate_int(val, multistate_tcpfwd);
 	case sProtocol:
 		switch (val) {
 		case SSH_PROTO_1: