diff svr-authpubkeyoptions.c @ 1818:587c76726b5f

Add "restrict" authorized_keys option
author Matt Johnston <matt@ucc.asn.au>
date Sat, 01 May 2021 20:47:15 +0800
parents 2f5d797d9811
children d39cfedaf015
line wrap: on
line diff
--- a/svr-authpubkeyoptions.c	Wed Mar 31 23:31:26 2021 +0800
+++ b/svr-authpubkeyoptions.c	Sat May 01 20:47:15 2021 +0800
@@ -166,6 +166,18 @@
 			ses.authstate.pubkey_options->no_pty_flag = 1;
 			goto next_option;
 		}
+		if (match_option(options_buf, "restrict") == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Restrict option set");
+			ses.authstate.pubkey_options->no_port_forwarding_flag = 1;
+#if DROPBEAR_SVR_AGENTFWD
+			ses.authstate.pubkey_options->no_agent_forwarding_flag = 1;
+#endif
+#if DROPBEAR_X11FWD
+			ses.authstate.pubkey_options->no_x11_forwarding_flag = 1;
+#endif
+			ses.authstate.pubkey_options->no_pty_flag = 1;
+			goto next_option;
+		}
 		if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) {
 			int escaped = 0;
 			const unsigned char* command_start = buf_getptr(options_buf, 0);