summaryrefslogtreecommitdiffstats
path: root/servconf.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 07:43:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 07:43:00 +0000
commitf74e883352a52dd3ed454627dc159aa65f98d7f3 (patch)
treeef77b7637e7135f0f61cad9ae9923215ed60066b /servconf.h
parentAdding debian version 1:9.7p1-7. (diff)
downloadopenssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.tar.xz
openssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.zip
Merging upstream version 1:9.8p1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'servconf.h')
-rw-r--r--servconf.h34
1 files changed, 23 insertions, 11 deletions
diff --git a/servconf.h b/servconf.h
index ed7b72e..22b158d 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.160 2023/09/06 23:35:35 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.165 2024/06/12 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,11 +27,6 @@
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
-/* use_privsep */
-#define PRIVSEP_OFF 0
-#define PRIVSEP_ON 1
-#define PRIVSEP_NOSANDBOX 2
-
/* PermitOpen */
#define PERMITOPEN_ANY 0
#define PERMITOPEN_NONE -2
@@ -52,7 +47,6 @@
#define PUBKEYAUTH_VERIFY_REQUIRED (1<<1)
struct ssh;
-struct fwd_perm_list;
/*
* Used to store addresses from ListenAddr directives. These may be
@@ -71,6 +65,22 @@ struct listenaddr {
struct addrinfo *addrs;
};
+#define PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL 1
+#define PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE 2
+struct per_source_penalty {
+ int enabled;
+ int max_sources4;
+ int max_sources6;
+ int overflow_mode;
+ int overflow_mode6;
+ int penalty_crash;
+ int penalty_grace;
+ int penalty_authfail;
+ int penalty_noauth;
+ int penalty_max;
+ int penalty_min;
+};
+
typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
@@ -178,6 +188,8 @@ typedef struct {
int per_source_max_startups;
int per_source_masklen_ipv4;
int per_source_masklen_ipv6;
+ char *per_source_penalty_exempt;
+ struct per_source_penalty per_source_penalty;
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
@@ -198,6 +210,7 @@ typedef struct {
char *adm_forced_command;
int use_pam; /* Enable auth via PAM */
+ char *pam_service_name;
int permit_tun;
@@ -233,6 +246,8 @@ typedef struct {
u_int num_channel_timeouts;
int unused_connection_timeout;
+
+ char *sshd_session_path;
} ServerOptions;
/* Information about the incoming connection as used by Match */
@@ -280,6 +295,7 @@ TAILQ_HEAD(include_list, include_item);
M_CP_STROPT(ca_sign_algorithms); \
M_CP_STROPT(routing_domain); \
M_CP_STROPT(permit_user_env_allowlist); \
+ M_CP_STROPT(pam_service_name); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -297,20 +313,16 @@ TAILQ_HEAD(include_list, include_item);
M_CP_STRARRAYOPT(subsystem_args, num_subsystems); \
} while (0)
-struct connection_info *get_connection_info(struct ssh *, int, int);
void initialize_server_options(ServerOptions *);
void fill_default_server_options(ServerOptions *);
int process_server_config_line(ServerOptions *, char *, const char *, int,
int *, struct connection_info *, struct include_list *includes);
-void process_permitopen(struct ssh *ssh, ServerOptions *options);
-void process_channel_timeouts(struct ssh *ssh, ServerOptions *);
void load_server_config(const char *, struct sshbuf *);
void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
struct include_list *includes, struct connection_info *, int);
void parse_server_match_config(ServerOptions *,
struct include_list *includes, struct connection_info *);
int parse_server_match_testspec(struct connection_info *, char *);
-int server_match_spec_complete(struct connection_info *);
void servconf_merge_subsystems(ServerOptions *, ServerOptions *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
void dump_config(ServerOptions *);