diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-07-10 06:21:53 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:38:02 +1000 |
commit | 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 (patch) | |
tree | e74e4219344349a4f9a4393aa4c2c6b7baecb127 /readconf.c | |
parent | 16db0a7ee9a87945cc594d13863cfcb86038db59 (diff) |
upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/readconf.c b/readconf.c index db7d0bbbf..f1c860b9c 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -157,6 +157,7 @@ typedef enum { | |||
157 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 157 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
158 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 158 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
159 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 159 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
160 | oPubkeyAcceptedKeyTypes, | ||
160 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 161 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
161 | } OpCodes; | 162 | } OpCodes; |
162 | 163 | ||
@@ -275,6 +276,7 @@ static struct { | |||
275 | { "fingerprinthash", oFingerprintHash }, | 276 | { "fingerprinthash", oFingerprintHash }, |
276 | { "updatehostkeys", oUpdateHostkeys }, | 277 | { "updatehostkeys", oUpdateHostkeys }, |
277 | { "hostbasedkeytypes", oHostbasedKeyTypes }, | 278 | { "hostbasedkeytypes", oHostbasedKeyTypes }, |
279 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | ||
278 | { "ignoreunknown", oIgnoreUnknown }, | 280 | { "ignoreunknown", oIgnoreUnknown }, |
279 | 281 | ||
280 | { NULL, oBadOption } | 282 | { NULL, oBadOption } |
@@ -1115,14 +1117,17 @@ parse_int: | |||
1115 | break; | 1117 | break; |
1116 | 1118 | ||
1117 | case oHostKeyAlgorithms: | 1119 | case oHostKeyAlgorithms: |
1120 | charptr = &options->hostkeyalgorithms; | ||
1121 | parse_keytypes: | ||
1118 | arg = strdelim(&s); | 1122 | arg = strdelim(&s); |
1119 | if (!arg || *arg == '\0') | 1123 | if (!arg || *arg == '\0') |
1120 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 1124 | fatal("%.200s line %d: Missing argument.", |
1125 | filename, linenum); | ||
1121 | if (!sshkey_names_valid2(arg, 1)) | 1126 | if (!sshkey_names_valid2(arg, 1)) |
1122 | fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", | 1127 | fatal("%s line %d: Bad key types '%s'.", |
1123 | filename, linenum, arg ? arg : "<NONE>"); | 1128 | filename, linenum, arg ? arg : "<NONE>"); |
1124 | if (*activep && options->hostkeyalgorithms == NULL) | 1129 | if (*activep && *charptr == NULL) |
1125 | options->hostkeyalgorithms = xstrdup(arg); | 1130 | *charptr = xstrdup(arg); |
1126 | break; | 1131 | break; |
1127 | 1132 | ||
1128 | case oProtocol: | 1133 | case oProtocol: |
@@ -1485,16 +1490,11 @@ parse_int: | |||
1485 | 1490 | ||
1486 | case oHostbasedKeyTypes: | 1491 | case oHostbasedKeyTypes: |
1487 | charptr = &options->hostbased_key_types; | 1492 | charptr = &options->hostbased_key_types; |
1488 | arg = strdelim(&s); | 1493 | goto parse_keytypes; |
1489 | if (!arg || *arg == '\0') | 1494 | |
1490 | fatal("%.200s line %d: Missing argument.", | 1495 | case oPubkeyAcceptedKeyTypes: |
1491 | filename, linenum); | 1496 | charptr = &options->pubkey_key_types; |
1492 | if (!sshkey_names_valid2(arg, 1)) | 1497 | goto parse_keytypes; |
1493 | fatal("%s line %d: Bad key types '%s'.", | ||
1494 | filename, linenum, arg ? arg : "<NONE>"); | ||
1495 | if (*activep && *charptr == NULL) | ||
1496 | *charptr = xstrdup(arg); | ||
1497 | break; | ||
1498 | 1498 | ||
1499 | case oDeprecated: | 1499 | case oDeprecated: |
1500 | debug("%s line %d: Deprecated option \"%s\"", | 1500 | debug("%s line %d: Deprecated option \"%s\"", |
@@ -1676,6 +1676,7 @@ initialize_options(Options * options) | |||
1676 | options->fingerprint_hash = -1; | 1676 | options->fingerprint_hash = -1; |
1677 | options->update_hostkeys = -1; | 1677 | options->update_hostkeys = -1; |
1678 | options->hostbased_key_types = NULL; | 1678 | options->hostbased_key_types = NULL; |
1679 | options->pubkey_key_types = NULL; | ||
1679 | } | 1680 | } |
1680 | 1681 | ||
1681 | /* | 1682 | /* |
@@ -1858,7 +1859,9 @@ fill_default_options(Options * options) | |||
1858 | if (options->update_hostkeys == -1) | 1859 | if (options->update_hostkeys == -1) |
1859 | options->update_hostkeys = 0; | 1860 | options->update_hostkeys = 0; |
1860 | if (options->hostbased_key_types == NULL) | 1861 | if (options->hostbased_key_types == NULL) |
1861 | options->hostbased_key_types = xstrdup("*"); | 1862 | options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG); |
1863 | if (options->pubkey_key_types == NULL) | ||
1864 | options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG); | ||
1862 | 1865 | ||
1863 | #define CLEAR_ON_NONE(v) \ | 1866 | #define CLEAR_ON_NONE(v) \ |
1864 | do { \ | 1867 | do { \ |