summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-06-06 18:23:32 +0000
committerDamien Miller <djm@mindrot.org>2018-06-07 04:27:20 +1000
commit93c06ab6b77514e0447fe4f1d822afcbb2a9be08 (patch)
tree86b19179eaa51962f0dae9ab02d6d37197942265 /auth.c
parent115063a6647007286cc8ca70abfd2a7585f26ccc (diff)
upstream: permitlisten option for authorized_keys; ok markus@
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/auth.c b/auth.c
index 573cd03b..0424f1f7 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -1005,17 +1005,20 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
int do_env = options.permit_user_env && opts->nenv > 0;
int do_permitopen = opts->npermitopen > 0 &&
(options.allow_tcp_forwarding & FORWARD_LOCAL) != 0;
+ int do_permitlisten = opts->npermitlisten > 0 &&
+ (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0;
size_t i;
char msg[1024], buf[64];
snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
/* Try to keep this alphabetically sorted */
- snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s",
+ snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",
opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
opts->force_command == NULL ? "" : " command",
do_env ? " environment" : "",
opts->valid_before == 0 ? "" : "expires",
do_permitopen ? " permitopen" : "",
+ do_permitlisten ? " permitlisten" : "",
opts->permit_port_forwarding_flag ? " port-forwarding" : "",
opts->cert_principals == NULL ? "" : " principals",
opts->permit_pty_flag ? " pty" : "",
@@ -1049,12 +1052,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
}
if (opts->force_command != NULL)
debug("%s: forced command: \"%s\"", loc, opts->force_command);
- if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) {
+ if (do_permitopen) {
for (i = 0; i < opts->npermitopen; i++) {
debug("%s: permitted open: %s",
loc, opts->permitopen[i]);
}
}
+ if (do_permitlisten) {
+ for (i = 0; i < opts->npermitlisten; i++) {
+ debug("%s: permitted listen: %s",
+ loc, opts->permitlisten[i]);
+ }
+ }
}
/* Activate a new set of key/cert options; merging with what is there. */