From f74e883352a52dd3ed454627dc159aa65f98d7f3 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 26 Aug 2024 09:43:00 +0200 Subject: Merging upstream version 1:9.8p1. Signed-off-by: Daniel Baumann --- servconf.h | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) (limited to 'servconf.h') diff --git a/servconf.h b/servconf.h index ed7b72e..22b158d 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.160 2023/09/06 23:35:35 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.165 2024/06/12 22:36:00 djm Exp $ */ /* * Author: Tatu Ylonen @@ -27,11 +27,6 @@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 -/* use_privsep */ -#define PRIVSEP_OFF 0 -#define PRIVSEP_ON 1 -#define PRIVSEP_NOSANDBOX 2 - /* PermitOpen */ #define PERMITOPEN_ANY 0 #define PERMITOPEN_NONE -2 @@ -52,7 +47,6 @@ #define PUBKEYAUTH_VERIFY_REQUIRED (1<<1) struct ssh; -struct fwd_perm_list; /* * Used to store addresses from ListenAddr directives. These may be @@ -71,6 +65,22 @@ struct listenaddr { struct addrinfo *addrs; }; +#define PER_SOURCE_PENALTY_OVERFLOW_DENY_ALL 1 +#define PER_SOURCE_PENALTY_OVERFLOW_PERMISSIVE 2 +struct per_source_penalty { + int enabled; + int max_sources4; + int max_sources6; + int overflow_mode; + int overflow_mode6; + int penalty_crash; + int penalty_grace; + int penalty_authfail; + int penalty_noauth; + int penalty_max; + int penalty_min; +}; + typedef struct { u_int num_ports; u_int ports_from_cmdline; @@ -178,6 +188,8 @@ typedef struct { int per_source_max_startups; int per_source_masklen_ipv4; int per_source_masklen_ipv6; + char *per_source_penalty_exempt; + struct per_source_penalty per_source_penalty; int max_authtries; int max_sessions; char *banner; /* SSH-2 banner message */ @@ -198,6 +210,7 @@ typedef struct { char *adm_forced_command; int use_pam; /* Enable auth via PAM */ + char *pam_service_name; int permit_tun; @@ -233,6 +246,8 @@ typedef struct { u_int num_channel_timeouts; int unused_connection_timeout; + + char *sshd_session_path; } ServerOptions; /* Information about the incoming connection as used by Match */ @@ -280,6 +295,7 @@ TAILQ_HEAD(include_list, include_item); M_CP_STROPT(ca_sign_algorithms); \ M_CP_STROPT(routing_domain); \ M_CP_STROPT(permit_user_env_allowlist); \ + M_CP_STROPT(pam_service_name); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_users); \ @@ -297,20 +313,16 @@ TAILQ_HEAD(include_list, include_item); M_CP_STRARRAYOPT(subsystem_args, num_subsystems); \ } while (0) -struct connection_info *get_connection_info(struct ssh *, int, int); void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, int *, struct connection_info *, struct include_list *includes); -void process_permitopen(struct ssh *ssh, ServerOptions *options); -void process_channel_timeouts(struct ssh *ssh, ServerOptions *); void load_server_config(const char *, struct sshbuf *); void parse_server_config(ServerOptions *, const char *, struct sshbuf *, struct include_list *includes, struct connection_info *, int); void parse_server_match_config(ServerOptions *, struct include_list *includes, struct connection_info *); int parse_server_match_testspec(struct connection_info *, char *); -int server_match_spec_complete(struct connection_info *); void servconf_merge_subsystems(ServerOptions *, ServerOptions *); void copy_set_server_options(ServerOptions *, ServerOptions *, int); void dump_config(ServerOptions *); -- cgit v1.2.3