* Patch from Frédéric Moulins adding options to authorized_keys.

  Needs review.

--HG--
branch : pubkey-options
extra : convert_revision : 26872f944d79ddacff1070aab32115a6d726392c

1 files changed, 38 insertions, 0 deletions

diff --git a/auth.h b/auth.h
index b8e55bb..d6a50a4 100644
--- a/auth.h
+++ b/auth.h
@@ -26,6 +26,7 @@
 #define _AUTH_H_
 
 #include "includes.h"
+#include "chansession.h"
 
 void svr_authinitialise();
 void cli_authinitialise();
@@ -38,6 +39,25 @@ void svr_auth_password();
 void svr_auth_pubkey();
 void svr_auth_pam();
 
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+int svr_pubkey_allows_agentfwd();
+int svr_pubkey_allows_tcpfwd();
+int svr_pubkey_allows_x11fwd();
+int svr_pubkey_allows_pty();
+void svr_pubkey_set_forced_command(struct ChanSess *chansess);
+void svr_pubkey_options_cleanup();
+int svr_add_pubkey_options(const char* opts);
+#else
+/* no option : success */
+#define svr_pubkey_allows_agentfwd() 1
+#define svr_pubkey_allows_tcpfwd() 1
+#define svr_pubkey_allows_x11fwd() 1
+#define svr_pubkey_allows_pty() 1
+static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
+static inline void svr_pubkey_options_cleanup() { }
+#define svr_add_pubkey_options(x) DROPBEAR_SUCCESS
+#endif
+
 /* Client functions */
 void recv_msg_userauth_failure();
 void recv_msg_userauth_success();
@@ -97,6 +117,10 @@ struct AuthState {
 	char *pw_shell;
 	char *pw_name;
 	char *pw_passwd;
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+	struct PubKeyOptions* pubkey_options;
+#endif
+
 };
 
 struct SignKeyList;
@@ -111,4 +135,18 @@ struct SignKeyList {
 
 };
 
+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+struct PubKeyOptions;
+struct PubKeyOptions {
+	/* Flags */
+	int no_port_forwarding_flag;
+	int no_agent_forwarding_flag;
+	int no_x11_forwarding_flag;
+	int no_pty_flag;
+	/* "command=" option. */
+	unsigned char * forced_command;
+
+};
+#endif
+
 #endif /* _AUTH_H_ */