1 files changed, 13 insertions, 11 deletions

diff --git a/servconf.h b/servconf.h
index 37a0fb1a39ff..557521d73033 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -32,12 +32,6 @@
 #define PRIVSEP_ON		1
 #define PRIVSEP_NOSANDBOX	2
 
-/* AllowTCPForwarding */
-#define FORWARD_DENY		0
-#define FORWARD_REMOTE		(1)
-#define FORWARD_LOCAL		(1<<1)
-#define FORWARD_ALLOW		(FORWARD_REMOTE|FORWARD_LOCAL)
-
 /* PermitOpen */
 #define PERMITOPEN_ANY		0
 #define PERMITOPEN_NONE		-2
@@ -139,6 +133,7 @@ typedef struct {
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     permit_user_env;	/* If true, read ~/.ssh/environment */
+	char   *permit_user_env_whitelist; /* pattern-list whitelist */
 	int     compression;	/* If true, compression is allowed */
 	int	allow_tcp_forwarding; /* One of FORWARD_* */
 	int	allow_streamlocal_forwarding; /* One of FORWARD_* */
@@ -160,6 +155,8 @@ typedef struct {
 
 	u_int num_accept_env;
 	char   **accept_env;
+	u_int num_setenv;
+	char   **setenv;
 
 	int	max_startups_begin;
 	int	max_startups_rate;
@@ -187,8 +184,10 @@ typedef struct {
 
 	int	permit_tun;
 
-	char   **permitted_opens;
-	u_int   num_permitted_opens; /* May also be one of PERMITOPEN_* */
+	char   **permitted_opens;	/* May also be one of PERMITOPEN_* */
+	u_int   num_permitted_opens;
+	char   **permitted_listens; /* May also be one of PERMITOPEN_* */
+	u_int   num_permitted_listens;
 
 	char   *chroot_directory;
 	char   *revoked_keys_file;
@@ -209,6 +208,7 @@ typedef struct {
 
 	int	fingerprint_hash;
 	int	expose_userauth_info;
+	u_int64_t timing_secret;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
@@ -243,6 +243,7 @@ struct connection_info {
 		M_CP_STROPT(hostbased_key_types); \
 		M_CP_STROPT(pubkey_key_types); \
 		M_CP_STROPT(routing_domain); \
+		M_CP_STROPT(permit_user_env_whitelist); \
 		M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
 		M_CP_STRARRAYOPT(allow_users, num_allow_users); \
 		M_CP_STRARRAYOPT(deny_users, num_deny_users); \
@@ -251,6 +252,7 @@ struct connection_info {
 		M_CP_STRARRAYOPT(accept_env, num_accept_env); \
 		M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
 		M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
+		M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
 	} while (0)
 
 struct connection_info *get_connection_info(int, int);
@@ -259,8 +261,8 @@ void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int,
 	     int *, struct connection_info *);
 void	 process_permitopen(struct ssh *ssh, ServerOptions *options);
-void	 load_server_config(const char *, Buffer *);
-void	 parse_server_config(ServerOptions *, const char *, Buffer *,
+void	 load_server_config(const char *, struct sshbuf *);
+void	 parse_server_config(ServerOptions *, const char *, struct sshbuf *,
 	     struct connection_info *);
 void	 parse_server_match_config(ServerOptions *, struct connection_info *);
 int	 parse_server_match_testspec(struct connection_info *, char *);