diff options
| author |   djm <djm@openbsd.org> | 2018-06-06 18:23:32 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2018-06-06 18:23:32 +0000 |
| commit | 76acd6a71237f8313d3e3c6409127b372cc7d0ab (patch) | |
| tree | c35a44e88d05c21728ff39d2a5cd07a174f860b5 /usr.bin/ssh/auth.c | |
| parent | Add a PermitListen directive to control which server-side addresses (diff) | |
| download | wireguard-openbsd-76acd6a71237f8313d3e3c6409127b372cc7d0ab.tar.xz wireguard-openbsd-76acd6a71237f8313d3e3c6409127b372cc7d0ab.zip | |
permitlisten option for authorized_keys; ok markus@
Diffstat (limited to 'usr.bin/ssh/auth.c')
| -rw-r--r-- | usr.bin/ssh/auth.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index d393d138ca8..b2b0636e8de 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -871,17 +871,20 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) int do_env = options.permit_user_env && opts->nenv > 0; int do_permitopen = opts->npermitopen > 0 && (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; + int do_permitlisten = opts->npermitlisten > 0 && + (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0; size_t i; char msg[1024], buf[64]; snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); /* Try to keep this alphabetically sorted */ - snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s", + snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", opts->force_command == NULL ? "" : " command", do_env ? " environment" : "", opts->valid_before == 0 ? "" : "expires", do_permitopen ? " permitopen" : "", + do_permitlisten ? " permitlisten" : "", opts->permit_port_forwarding_flag ? " port-forwarding" : "", opts->cert_principals == NULL ? "" : " principals", opts->permit_pty_flag ? " pty" : "", @@ -915,12 +918,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) } if (opts->force_command != NULL) debug("%s: forced command: \"%s\"", loc, opts->force_command); - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + if (do_permitopen) { for (i = 0; i < opts->npermitopen; i++) { debug("%s: permitted open: %s", loc, opts->permitopen[i]); } } + if (do_permitlisten) { + for (i = 0; i < opts->npermitlisten; i++) { + debug("%s: permitted listen: %s", + loc, opts->permitlisten[i]); + } + } } /* Activate a new set of key/cert options; merging with what is there. */ |