diff options
| author | Damien Miller <djm@mindrot.org> | 2010-06-26 09:38:45 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-06-26 09:38:45 +1000 |
| commit | ab6de351404d5a691a89cf2c9fbe9438271bd03d (patch) | |
| tree | 855128945a4f4c44cff1e925f00b890a7fe28927 | |
| parent | 495663165f9ef1583249e690a8f654b312fbd40e (diff) | |
- djm@cvs.openbsd.org 2010/06/22 04:22:59
[servconf.c sshd_config.5]
expose some more sshd_config options inside Match blocks:
AuthorizedKeysFile AuthorizedPrincipalsFile
HostbasedUsesNameFromPacketOnly PermitTunnel
bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | servconf.c | 17 | ||||
| -rw-r--r-- | sshd_config.5 | 8 |
3 files changed, 23 insertions, 8 deletions
| @@ -25,6 +25,12 @@ | |||
| 25 | [sftp-client.c] | 25 | [sftp-client.c] |
| 26 | fix memory leak in do_realpath() error path; bz#1771, patch from | 26 | fix memory leak in do_realpath() error path; bz#1771, patch from |
| 27 | anicka AT suse.cz | 27 | anicka AT suse.cz |
| 28 | - djm@cvs.openbsd.org 2010/06/22 04:22:59 | ||
| 29 | [servconf.c sshd_config.5] | ||
| 30 | expose some more sshd_config options inside Match blocks: | ||
| 31 | AuthorizedKeysFile AuthorizedPrincipalsFile | ||
| 32 | HostbasedUsesNameFromPacketOnly PermitTunnel | ||
| 33 | bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ | ||
| 28 | 34 | ||
| 29 | 20100622 | 35 | 20100622 |
| 30 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | 36 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
diff --git a/servconf.c b/servconf.c index c556986e3..986a5b92f 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.208 2010/05/07 11:30:29 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -346,7 +346,7 @@ static struct { | |||
| 346 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 346 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
| 347 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 347 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
| 348 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 348 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
| 349 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 349 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
| 350 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 350 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
| 351 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 351 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
| 352 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 352 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
| @@ -421,11 +421,11 @@ static struct { | |||
| 421 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 421 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
| 422 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 422 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
| 423 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 423 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
| 424 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 424 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
| 425 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 425 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
| 426 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 426 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
| 427 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 427 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
| 428 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 428 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
| 429 | { "match", sMatch, SSHCFG_ALL }, | 429 | { "match", sMatch, SSHCFG_ALL }, |
| 430 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 430 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
| 431 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 431 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
| @@ -433,7 +433,7 @@ static struct { | |||
| 433 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 433 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
| 434 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 434 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
| 435 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 435 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 436 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_GLOBAL }, | 436 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
| 437 | { NULL, sBadOption, 0 } | 437 | { NULL, sBadOption, 0 } |
| 438 | }; | 438 | }; |
| 439 | 439 | ||
| @@ -1446,6 +1446,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1446 | M_CP_INTOPT(pubkey_authentication); | 1446 | M_CP_INTOPT(pubkey_authentication); |
| 1447 | M_CP_INTOPT(kerberos_authentication); | 1447 | M_CP_INTOPT(kerberos_authentication); |
| 1448 | M_CP_INTOPT(hostbased_authentication); | 1448 | M_CP_INTOPT(hostbased_authentication); |
| 1449 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
| 1449 | M_CP_INTOPT(kbd_interactive_authentication); | 1450 | M_CP_INTOPT(kbd_interactive_authentication); |
| 1450 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1451 | M_CP_INTOPT(zero_knowledge_password_authentication); |
| 1451 | M_CP_INTOPT(permit_root_login); | 1452 | M_CP_INTOPT(permit_root_login); |
| @@ -1453,6 +1454,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1453 | 1454 | ||
| 1454 | M_CP_INTOPT(allow_tcp_forwarding); | 1455 | M_CP_INTOPT(allow_tcp_forwarding); |
| 1455 | M_CP_INTOPT(allow_agent_forwarding); | 1456 | M_CP_INTOPT(allow_agent_forwarding); |
| 1457 | M_CP_INTOPT(permit_tun); | ||
| 1456 | M_CP_INTOPT(gateway_ports); | 1458 | M_CP_INTOPT(gateway_ports); |
| 1457 | M_CP_INTOPT(x11_display_offset); | 1459 | M_CP_INTOPT(x11_display_offset); |
| 1458 | M_CP_INTOPT(x11_forwarding); | 1460 | M_CP_INTOPT(x11_forwarding); |
| @@ -1467,6 +1469,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1467 | M_CP_STROPT(chroot_directory); | 1469 | M_CP_STROPT(chroot_directory); |
| 1468 | M_CP_STROPT(trusted_user_ca_keys); | 1470 | M_CP_STROPT(trusted_user_ca_keys); |
| 1469 | M_CP_STROPT(revoked_keys_file); | 1471 | M_CP_STROPT(revoked_keys_file); |
| 1472 | M_CP_STROPT(authorized_keys_file); | ||
| 1473 | M_CP_STROPT(authorized_keys_file2); | ||
| 1474 | M_CP_STROPT(authorized_principals_file); | ||
| 1470 | } | 1475 | } |
| 1471 | 1476 | ||
| 1472 | #undef M_CP_INTOPT | 1477 | #undef M_CP_INTOPT |
diff --git a/sshd_config.5 b/sshd_config.5 index f9814f9a0..acaf809db 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,8 +34,8 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.122 2010/05/07 12:49:17 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.123 2010/06/22 04:22:59 djm Exp $ |
| 38 | .Dd $Mdocdate: May 7 2010 $ | 38 | .Dd $Mdocdate: June 22 2010 $ |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -644,12 +644,15 @@ keyword. | |||
| 644 | Available keywords are | 644 | Available keywords are |
| 645 | .Cm AllowAgentForwarding , | 645 | .Cm AllowAgentForwarding , |
| 646 | .Cm AllowTcpForwarding , | 646 | .Cm AllowTcpForwarding , |
| 647 | .Cm AuthorizedKeysFile , | ||
| 648 | .Cm AuthorizedPrincipalsFile , | ||
| 647 | .Cm Banner , | 649 | .Cm Banner , |
| 648 | .Cm ChrootDirectory , | 650 | .Cm ChrootDirectory , |
| 649 | .Cm ForceCommand , | 651 | .Cm ForceCommand , |
| 650 | .Cm GatewayPorts , | 652 | .Cm GatewayPorts , |
| 651 | .Cm GSSAPIAuthentication , | 653 | .Cm GSSAPIAuthentication , |
| 652 | .Cm HostbasedAuthentication , | 654 | .Cm HostbasedAuthentication , |
| 655 | .Cm HostbasedUsesNameFromPacketOnly , | ||
| 653 | .Cm KbdInteractiveAuthentication , | 656 | .Cm KbdInteractiveAuthentication , |
| 654 | .Cm KerberosAuthentication , | 657 | .Cm KerberosAuthentication , |
| 655 | .Cm MaxAuthTries , | 658 | .Cm MaxAuthTries , |
| @@ -658,6 +661,7 @@ Available keywords are | |||
| 658 | .Cm PermitEmptyPasswords , | 661 | .Cm PermitEmptyPasswords , |
| 659 | .Cm PermitOpen , | 662 | .Cm PermitOpen , |
| 660 | .Cm PermitRootLogin , | 663 | .Cm PermitRootLogin , |
| 664 | .Cm PermitTunnel , | ||
| 661 | .Cm PubkeyAuthentication , | 665 | .Cm PubkeyAuthentication , |
| 662 | .Cm RhostsRSAAuthentication , | 666 | .Cm RhostsRSAAuthentication , |
| 663 | .Cm RSAAuthentication , | 667 | .Cm RSAAuthentication , |