diff options
| -rw-r--r-- | usr.bin/ssh/servconf.c | 25 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 13 |
3 files changed, 32 insertions, 13 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 3eac3ee8451..17942069769 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.226 2012/05/13 01:42:32 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.227 2012/06/19 18:25:27 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -381,10 +381,10 @@ static struct { { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, - { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, - { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, - { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, - { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, + { "allowusers", sAllowUsers, SSHCFG_ALL }, + { "denyusers", sDenyUsers, SSHCFG_ALL }, + { "allowgroups", sAllowGroups, SSHCFG_ALL }, + { "denygroups", sDenyGroups, SSHCFG_ALL }, { "ciphers", sCiphers, SSHCFG_GLOBAL }, { "macs", sMacs, SSHCFG_GLOBAL }, { "protocol", sProtocol, SSHCFG_GLOBAL }, @@ -402,7 +402,7 @@ static struct { { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, - { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, + { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, @@ -1103,6 +1103,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); + if (!*activep) + continue; options->allow_users[options->num_allow_users++] = xstrdup(arg); } @@ -1113,6 +1115,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_users >= MAX_DENY_USERS) fatal("%s line %d: too many deny users.", filename, linenum); + if (!*activep) + continue; options->deny_users[options->num_deny_users++] = xstrdup(arg); } @@ -1123,6 +1127,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); + if (!*activep) + continue; options->allow_groups[options->num_allow_groups++] = xstrdup(arg); } @@ -1133,7 +1139,10 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_groups >= MAX_DENY_GROUPS) fatal("%s line %d: too many deny groups.", filename, linenum); - options->deny_groups[options->num_deny_groups++] = xstrdup(arg); + if (!*activep) + continue; + options->deny_groups[options->num_deny_groups++] = + xstrdup(arg); } break; @@ -1307,7 +1316,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: too many allow env.", filename, linenum); if (!*activep) - break; + continue; options->accept_env[options->num_accept_env++] = xstrdup(arg); } diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index a1c8a01180b..baea5f4577e 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.101 2012/05/13 01:42:32 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.102 2012/06/19 18:25:28 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -190,6 +190,11 @@ struct connection_info { M_CP_STROPT(revoked_keys_file); \ M_CP_STROPT(authorized_principals_file); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ + M_CP_STRARRAYOPT(allow_users, num_allow_users); \ + M_CP_STRARRAYOPT(deny_users, num_deny_users); \ + M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ + M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ + M_CP_STRARRAYOPT(accept_env, num_accept_env); \ } while (0) struct connection_info *get_connection_info(int, int); diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 31dcdb28f03..195c57f13cd 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.140 2012/05/19 06:30:30 dtucker Exp $ -.Dd $Mdocdate: May 19 2012 $ +.\" $OpenBSD: sshd_config.5,v 1.141 2012/06/19 18:25:28 markus Exp $ +.Dd $Mdocdate: June 19 2012 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -708,15 +708,20 @@ Only a subset of keywords may be used on the lines following a .Cm Match keyword. Available keywords are +.Cm AcceptEnv .Cm AllowAgentForwarding , +.Cm AllowGroups . .Cm AllowTcpForwarding , +.Cm AllowUsers , .Cm AuthorizedKeysFile , .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , +.Cm DenyGroups , +.Cm DenyUsers , .Cm ForceCommand , -.Cm GatewayPorts , .Cm GSSAPIAuthentication , +.Cm GatewayPorts , .Cm HostbasedAuthentication , .Cm HostbasedUsesNameFromPacketOnly , .Cm KbdInteractiveAuthentication , @@ -729,8 +734,8 @@ Available keywords are .Cm PermitRootLogin , .Cm PermitTunnel , .Cm PubkeyAuthentication , -.Cm RhostsRSAAuthentication , .Cm RSAAuthentication , +.Cm RhostsRSAAuthentication , .Cm X11DisplayOffset , .Cm X11Forwarding and |