diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2015-07-10 06:21:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:38:02 +1000 |
| commit | 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 (patch) | |
| tree | e74e4219344349a4f9a4393aa4c2c6b7baecb127 /readconf.c | |
| parent | 16db0a7ee9a87945cc594d13863cfcb86038db59 (diff) | |
upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/readconf.c b/readconf.c index db7d0bbbf..f1c860b9c 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -157,6 +157,7 @@ typedef enum { | |||
| 157 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 157 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
| 158 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 158 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
| 159 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 159 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
| 160 | oPubkeyAcceptedKeyTypes, | ||
| 160 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 161 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
| 161 | } OpCodes; | 162 | } OpCodes; |
| 162 | 163 | ||
| @@ -275,6 +276,7 @@ static struct { | |||
| 275 | { "fingerprinthash", oFingerprintHash }, | 276 | { "fingerprinthash", oFingerprintHash }, |
| 276 | { "updatehostkeys", oUpdateHostkeys }, | 277 | { "updatehostkeys", oUpdateHostkeys }, |
| 277 | { "hostbasedkeytypes", oHostbasedKeyTypes }, | 278 | { "hostbasedkeytypes", oHostbasedKeyTypes }, |
| 279 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | ||
| 278 | { "ignoreunknown", oIgnoreUnknown }, | 280 | { "ignoreunknown", oIgnoreUnknown }, |
| 279 | 281 | ||
| 280 | { NULL, oBadOption } | 282 | { NULL, oBadOption } |
| @@ -1115,14 +1117,17 @@ parse_int: | |||
| 1115 | break; | 1117 | break; |
| 1116 | 1118 | ||
| 1117 | case oHostKeyAlgorithms: | 1119 | case oHostKeyAlgorithms: |
| 1120 | charptr = &options->hostkeyalgorithms; | ||
| 1121 | parse_keytypes: | ||
| 1118 | arg = strdelim(&s); | 1122 | arg = strdelim(&s); |
| 1119 | if (!arg || *arg == '\0') | 1123 | if (!arg || *arg == '\0') |
| 1120 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 1124 | fatal("%.200s line %d: Missing argument.", |
| 1125 | filename, linenum); | ||
| 1121 | if (!sshkey_names_valid2(arg, 1)) | 1126 | if (!sshkey_names_valid2(arg, 1)) |
| 1122 | fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", | 1127 | fatal("%s line %d: Bad key types '%s'.", |
| 1123 | filename, linenum, arg ? arg : "<NONE>"); | 1128 | filename, linenum, arg ? arg : "<NONE>"); |
| 1124 | if (*activep && options->hostkeyalgorithms == NULL) | 1129 | if (*activep && *charptr == NULL) |
| 1125 | options->hostkeyalgorithms = xstrdup(arg); | 1130 | *charptr = xstrdup(arg); |
| 1126 | break; | 1131 | break; |
| 1127 | 1132 | ||
| 1128 | case oProtocol: | 1133 | case oProtocol: |
| @@ -1485,16 +1490,11 @@ parse_int: | |||
| 1485 | 1490 | ||
| 1486 | case oHostbasedKeyTypes: | 1491 | case oHostbasedKeyTypes: |
| 1487 | charptr = &options->hostbased_key_types; | 1492 | charptr = &options->hostbased_key_types; |
| 1488 | arg = strdelim(&s); | 1493 | goto parse_keytypes; |
| 1489 | if (!arg || *arg == '\0') | 1494 | |
| 1490 | fatal("%.200s line %d: Missing argument.", | 1495 | case oPubkeyAcceptedKeyTypes: |
| 1491 | filename, linenum); | 1496 | charptr = &options->pubkey_key_types; |
| 1492 | if (!sshkey_names_valid2(arg, 1)) | 1497 | goto parse_keytypes; |
| 1493 | fatal("%s line %d: Bad key types '%s'.", | ||
| 1494 | filename, linenum, arg ? arg : "<NONE>"); | ||
| 1495 | if (*activep && *charptr == NULL) | ||
| 1496 | *charptr = xstrdup(arg); | ||
| 1497 | break; | ||
| 1498 | 1498 | ||
| 1499 | case oDeprecated: | 1499 | case oDeprecated: |
| 1500 | debug("%s line %d: Deprecated option \"%s\"", | 1500 | debug("%s line %d: Deprecated option \"%s\"", |
| @@ -1676,6 +1676,7 @@ initialize_options(Options * options) | |||
| 1676 | options->fingerprint_hash = -1; | 1676 | options->fingerprint_hash = -1; |
| 1677 | options->update_hostkeys = -1; | 1677 | options->update_hostkeys = -1; |
| 1678 | options->hostbased_key_types = NULL; | 1678 | options->hostbased_key_types = NULL; |
| 1679 | options->pubkey_key_types = NULL; | ||
| 1679 | } | 1680 | } |
| 1680 | 1681 | ||
| 1681 | /* | 1682 | /* |
| @@ -1858,7 +1859,9 @@ fill_default_options(Options * options) | |||
| 1858 | if (options->update_hostkeys == -1) | 1859 | if (options->update_hostkeys == -1) |
| 1859 | options->update_hostkeys = 0; | 1860 | options->update_hostkeys = 0; |
| 1860 | if (options->hostbased_key_types == NULL) | 1861 | if (options->hostbased_key_types == NULL) |
| 1861 | options->hostbased_key_types = xstrdup("*"); | 1862 | options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG); |
| 1863 | if (options->pubkey_key_types == NULL) | ||
| 1864 | options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG); | ||
| 1862 | 1865 | ||
| 1863 | #define CLEAR_ON_NONE(v) \ | 1866 | #define CLEAR_ON_NONE(v) \ |
| 1864 | do { \ | 1867 | do { \ |