diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:49:55 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:49:55 +1000 |
| commit | 0efd155c3c184f0eaa2e1eb244eaaf066e6906e0 (patch) | |
| tree | 10f24586373d825d68cefd4a3746fe738cf0614a /servconf.c | |
| parent | 30912f7259b771a1cf705c0bc47a6c3f3edffb43 (diff) | |
- markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 09fdbf424..e13309388 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.125 2003/08/22 10:56:09 markus Exp $"); |
| 14 | 14 | ||
| 15 | #include "ssh.h" | 15 | #include "ssh.h" |
| 16 | #include "log.h" | 16 | #include "log.h" |
| @@ -73,6 +73,8 @@ initialize_server_options(ServerOptions *options) | |||
| 73 | options->kerberos_or_local_passwd = -1; | 73 | options->kerberos_or_local_passwd = -1; |
| 74 | options->kerberos_ticket_cleanup = -1; | 74 | options->kerberos_ticket_cleanup = -1; |
| 75 | options->kerberos_tgt_passing = -1; | 75 | options->kerberos_tgt_passing = -1; |
| 76 | options->gss_authentication=-1; | ||
| 77 | options->gss_cleanup_creds = -1; | ||
| 76 | options->password_authentication = -1; | 78 | options->password_authentication = -1; |
| 77 | options->kbd_interactive_authentication = -1; | 79 | options->kbd_interactive_authentication = -1; |
| 78 | options->challenge_response_authentication = -1; | 80 | options->challenge_response_authentication = -1; |
| @@ -182,6 +184,10 @@ fill_default_server_options(ServerOptions *options) | |||
| 182 | options->kerberos_ticket_cleanup = 1; | 184 | options->kerberos_ticket_cleanup = 1; |
| 183 | if (options->kerberos_tgt_passing == -1) | 185 | if (options->kerberos_tgt_passing == -1) |
| 184 | options->kerberos_tgt_passing = 0; | 186 | options->kerberos_tgt_passing = 0; |
| 187 | if (options->gss_authentication == -1) | ||
| 188 | options->gss_authentication = 0; | ||
| 189 | if (options->gss_cleanup_creds == -1) | ||
| 190 | options->gss_cleanup_creds = 1; | ||
| 185 | if (options->password_authentication == -1) | 191 | if (options->password_authentication == -1) |
| 186 | options->password_authentication = 1; | 192 | options->password_authentication = 1; |
| 187 | if (options->kbd_interactive_authentication == -1) | 193 | if (options->kbd_interactive_authentication == -1) |
| @@ -259,6 +265,7 @@ typedef enum { | |||
| 259 | sBanner, sUseDNS, sHostbasedAuthentication, | 265 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 260 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 266 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 261 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 267 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 268 | sGssAuthentication, sGssCleanupCreds, | ||
| 262 | sUsePrivilegeSeparation, | 269 | sUsePrivilegeSeparation, |
| 263 | sDeprecated, sUnsupported | 270 | sDeprecated, sUnsupported |
| 264 | } ServerOpCodes; | 271 | } ServerOpCodes; |
| @@ -305,6 +312,13 @@ static struct { | |||
| 305 | { "kerberostgtpassing", sUnsupported }, | 312 | { "kerberostgtpassing", sUnsupported }, |
| 306 | #endif | 313 | #endif |
| 307 | { "afstokenpassing", sUnsupported }, | 314 | { "afstokenpassing", sUnsupported }, |
| 315 | #ifdef GSSAPI | ||
| 316 | { "gssapiauthentication", sGssAuthentication }, | ||
| 317 | { "gssapicleanupcreds", sGssCleanupCreds }, | ||
| 318 | #else | ||
| 319 | { "gssapiauthentication", sUnsupported }, | ||
| 320 | { "gssapicleanupcreds", sUnsupported }, | ||
| 321 | #endif | ||
| 308 | { "passwordauthentication", sPasswordAuthentication }, | 322 | { "passwordauthentication", sPasswordAuthentication }, |
| 309 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, | 323 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
| 310 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, | 324 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
| @@ -623,6 +637,14 @@ parse_flag: | |||
| 623 | intptr = &options->kerberos_tgt_passing; | 637 | intptr = &options->kerberos_tgt_passing; |
| 624 | goto parse_flag; | 638 | goto parse_flag; |
| 625 | 639 | ||
| 640 | case sGssAuthentication: | ||
| 641 | intptr = &options->gss_authentication; | ||
| 642 | goto parse_flag; | ||
| 643 | |||
| 644 | case sGssCleanupCreds: | ||
| 645 | intptr = &options->gss_cleanup_creds; | ||
| 646 | goto parse_flag; | ||
| 647 | |||
| 626 | case sPasswordAuthentication: | 648 | case sPasswordAuthentication: |
| 627 | intptr = &options->password_authentication; | 649 | intptr = &options->password_authentication; |
| 628 | goto parse_flag; | 650 | goto parse_flag; |