===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.h,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -r1.124 -r1.125
--- src/usr.bin/ssh/servconf.h	2017/06/24 06:34:38	1.124
+++ src/usr.bin/ssh/servconf.h	2017/09/12 06:32:07	1.125
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.124 2017/06/24 06:34:38 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.125 2017/09/12 06:32:07 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -48,12 +48,19 @@
 #define FORWARD_LOCAL		(1<<1)
 #define FORWARD_ALLOW		(FORWARD_REMOTE|FORWARD_LOCAL)
 
+/* PermitOpen */
+#define PERMITOPEN_ANY		0
+#define PERMITOPEN_NONE		-2
+
 #define DEFAULT_AUTH_FAIL_MAX	6	/* Default for MaxAuthTries */
 #define DEFAULT_SESSIONS_MAX	10	/* Default for MaxSessions */
 
 /* Magic name for internal sftp-server */
 #define INTERNAL_SFTP_NAME	"internal-sftp"
 
+struct ssh;
+struct fwd_perm_list;
+
 typedef struct {
 	u_int	num_ports;
 	u_int	ports_from_cmdline;
@@ -167,7 +174,8 @@
 
 	int	permit_tun;
 
-	int	num_permitted_opens;
+	char   **permitted_opens;
+	u_int   num_permitted_opens; /* May also be one of PERMITOPEN_* */
 
 	char   *chroot_directory;
 	char   *revoked_keys_file;
@@ -227,6 +235,7 @@
 		M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
 		M_CP_STRARRAYOPT(accept_env, num_accept_env); \
 		M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
+		M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
 	} while (0)
 
 struct connection_info *get_connection_info(int, int);
@@ -234,6 +243,7 @@
 void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int,
 	     int *, struct connection_info *);
+void	 process_permitopen(struct ssh *ssh, ServerOptions *options);
 void	 load_server_config(const char *, Buffer *);
 void	 parse_server_config(ServerOptions *, const char *, Buffer *,
 	     struct connection_info *);