diff options
author | Damien Miller <djm@mindrot.org> | 2010-06-26 09:38:45 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-06-26 09:38:45 +1000 |
commit | ab6de351404d5a691a89cf2c9fbe9438271bd03d (patch) | |
tree | 855128945a4f4c44cff1e925f00b890a7fe28927 | |
parent | 495663165f9ef1583249e690a8f654b312fbd40e (diff) |
- djm@cvs.openbsd.org 2010/06/22 04:22:59
[servconf.c sshd_config.5]
expose some more sshd_config options inside Match blocks:
AuthorizedKeysFile AuthorizedPrincipalsFile
HostbasedUsesNameFromPacketOnly PermitTunnel
bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | servconf.c | 17 | ||||
-rw-r--r-- | sshd_config.5 | 8 |
3 files changed, 23 insertions, 8 deletions
@@ -25,6 +25,12 @@ | |||
25 | [sftp-client.c] | 25 | [sftp-client.c] |
26 | fix memory leak in do_realpath() error path; bz#1771, patch from | 26 | fix memory leak in do_realpath() error path; bz#1771, patch from |
27 | anicka AT suse.cz | 27 | anicka AT suse.cz |
28 | - djm@cvs.openbsd.org 2010/06/22 04:22:59 | ||
29 | [servconf.c sshd_config.5] | ||
30 | expose some more sshd_config options inside Match blocks: | ||
31 | AuthorizedKeysFile AuthorizedPrincipalsFile | ||
32 | HostbasedUsesNameFromPacketOnly PermitTunnel | ||
33 | bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ | ||
28 | 34 | ||
29 | 20100622 | 35 | 20100622 |
30 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | 36 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
diff --git a/servconf.c b/servconf.c index c556986e3..986a5b92f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.208 2010/05/07 11:30:29 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -346,7 +346,7 @@ static struct { | |||
346 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 346 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
347 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 347 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
348 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 348 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
349 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 349 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
350 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 350 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
351 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 351 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
352 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 352 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
@@ -421,11 +421,11 @@ static struct { | |||
421 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 421 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
422 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 422 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
423 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 423 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
424 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 424 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
425 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 425 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
426 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 426 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
427 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 427 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
428 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 428 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
429 | { "match", sMatch, SSHCFG_ALL }, | 429 | { "match", sMatch, SSHCFG_ALL }, |
430 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 430 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
431 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 431 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
@@ -433,7 +433,7 @@ static struct { | |||
433 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 433 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
434 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 434 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
435 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 435 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
436 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL }, | 436 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
437 | { NULL, sBadOption, 0 } | 437 | { NULL, sBadOption, 0 } |
438 | }; | 438 | }; |
439 | 439 | ||
@@ -1446,6 +1446,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1446 | M_CP_INTOPT(pubkey_authentication); | 1446 | M_CP_INTOPT(pubkey_authentication); |
1447 | M_CP_INTOPT(kerberos_authentication); | 1447 | M_CP_INTOPT(kerberos_authentication); |
1448 | M_CP_INTOPT(hostbased_authentication); | 1448 | M_CP_INTOPT(hostbased_authentication); |
1449 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
1449 | M_CP_INTOPT(kbd_interactive_authentication); | 1450 | M_CP_INTOPT(kbd_interactive_authentication); |
1450 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1451 | M_CP_INTOPT(zero_knowledge_password_authentication); |
1451 | M_CP_INTOPT(permit_root_login); | 1452 | M_CP_INTOPT(permit_root_login); |
@@ -1453,6 +1454,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1453 | 1454 | ||
1454 | M_CP_INTOPT(allow_tcp_forwarding); | 1455 | M_CP_INTOPT(allow_tcp_forwarding); |
1455 | M_CP_INTOPT(allow_agent_forwarding); | 1456 | M_CP_INTOPT(allow_agent_forwarding); |
1457 | M_CP_INTOPT(permit_tun); | ||
1456 | M_CP_INTOPT(gateway_ports); | 1458 | M_CP_INTOPT(gateway_ports); |
1457 | M_CP_INTOPT(x11_display_offset); | 1459 | M_CP_INTOPT(x11_display_offset); |
1458 | M_CP_INTOPT(x11_forwarding); | 1460 | M_CP_INTOPT(x11_forwarding); |
@@ -1467,6 +1469,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1467 | M_CP_STROPT(chroot_directory); | 1469 | M_CP_STROPT(chroot_directory); |
1468 | M_CP_STROPT(trusted_user_ca_keys); | 1470 | M_CP_STROPT(trusted_user_ca_keys); |
1469 | M_CP_STROPT(revoked_keys_file); | 1471 | M_CP_STROPT(revoked_keys_file); |
1472 | M_CP_STROPT(authorized_keys_file); | ||
1473 | M_CP_STROPT(authorized_keys_file2); | ||
1474 | M_CP_STROPT(authorized_principals_file); | ||
1470 | } | 1475 | } |
1471 | 1476 | ||
1472 | #undef M_CP_INTOPT | 1477 | #undef M_CP_INTOPT |
diff --git a/sshd_config.5 b/sshd_config.5 index f9814f9a0..acaf809db 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.122 2010/05/07 12:49:17 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.123 2010/06/22 04:22:59 djm Exp $ |
38 | .Dd $Mdocdate: May 7 2010 $ | 38 | .Dd $Mdocdate: June 22 2010 $ |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -644,12 +644,15 @@ keyword. | |||
644 | Available keywords are | 644 | Available keywords are |
645 | .Cm AllowAgentForwarding , | 645 | .Cm AllowAgentForwarding , |
646 | .Cm AllowTcpForwarding , | 646 | .Cm AllowTcpForwarding , |
647 | .Cm AuthorizedKeysFile , | ||
648 | .Cm AuthorizedPrincipalsFile , | ||
647 | .Cm Banner , | 649 | .Cm Banner , |
648 | .Cm ChrootDirectory , | 650 | .Cm ChrootDirectory , |
649 | .Cm ForceCommand , | 651 | .Cm ForceCommand , |
650 | .Cm GatewayPorts , | 652 | .Cm GatewayPorts , |
651 | .Cm GSSAPIAuthentication , | 653 | .Cm GSSAPIAuthentication , |
652 | .Cm HostbasedAuthentication , | 654 | .Cm HostbasedAuthentication , |
655 | .Cm HostbasedUsesNameFromPacketOnly , | ||
653 | .Cm KbdInteractiveAuthentication , | 656 | .Cm KbdInteractiveAuthentication , |
654 | .Cm KerberosAuthentication , | 657 | .Cm KerberosAuthentication , |
655 | .Cm MaxAuthTries , | 658 | .Cm MaxAuthTries , |
@@ -658,6 +661,7 @@ Available keywords are | |||
658 | .Cm PermitEmptyPasswords , | 661 | .Cm PermitEmptyPasswords , |
659 | .Cm PermitOpen , | 662 | .Cm PermitOpen , |
660 | .Cm PermitRootLogin , | 663 | .Cm PermitRootLogin , |
664 | .Cm PermitTunnel , | ||
661 | .Cm PubkeyAuthentication , | 665 | .Cm PubkeyAuthentication , |
662 | .Cm RhostsRSAAuthentication , | 666 | .Cm RhostsRSAAuthentication , |
663 | .Cm RSAAuthentication , | 667 | .Cm RSAAuthentication , |