diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:49:55 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-08-26 11:49:55 +1000 |
commit | 0efd155c3c184f0eaa2e1eb244eaaf066e6906e0 (patch) | |
tree | 10f24586373d825d68cefd4a3746fe738cf0614a /servconf.c | |
parent | 30912f7259b771a1cf705c0bc47a6c3f3edffb43 (diff) |
- markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 09fdbf424..e13309388 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.124 2003/08/13 08:46:30 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.125 2003/08/22 10:56:09 markus Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "log.h" | 16 | #include "log.h" |
@@ -73,6 +73,8 @@ initialize_server_options(ServerOptions *options) | |||
73 | options->kerberos_or_local_passwd = -1; | 73 | options->kerberos_or_local_passwd = -1; |
74 | options->kerberos_ticket_cleanup = -1; | 74 | options->kerberos_ticket_cleanup = -1; |
75 | options->kerberos_tgt_passing = -1; | 75 | options->kerberos_tgt_passing = -1; |
76 | options->gss_authentication=-1; | ||
77 | options->gss_cleanup_creds = -1; | ||
76 | options->password_authentication = -1; | 78 | options->password_authentication = -1; |
77 | options->kbd_interactive_authentication = -1; | 79 | options->kbd_interactive_authentication = -1; |
78 | options->challenge_response_authentication = -1; | 80 | options->challenge_response_authentication = -1; |
@@ -182,6 +184,10 @@ fill_default_server_options(ServerOptions *options) | |||
182 | options->kerberos_ticket_cleanup = 1; | 184 | options->kerberos_ticket_cleanup = 1; |
183 | if (options->kerberos_tgt_passing == -1) | 185 | if (options->kerberos_tgt_passing == -1) |
184 | options->kerberos_tgt_passing = 0; | 186 | options->kerberos_tgt_passing = 0; |
187 | if (options->gss_authentication == -1) | ||
188 | options->gss_authentication = 0; | ||
189 | if (options->gss_cleanup_creds == -1) | ||
190 | options->gss_cleanup_creds = 1; | ||
185 | if (options->password_authentication == -1) | 191 | if (options->password_authentication == -1) |
186 | options->password_authentication = 1; | 192 | options->password_authentication = 1; |
187 | if (options->kbd_interactive_authentication == -1) | 193 | if (options->kbd_interactive_authentication == -1) |
@@ -259,6 +265,7 @@ typedef enum { | |||
259 | sBanner, sUseDNS, sHostbasedAuthentication, | 265 | sBanner, sUseDNS, sHostbasedAuthentication, |
260 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 266 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
261 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 267 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
268 | sGssAuthentication, sGssCleanupCreds, | ||
262 | sUsePrivilegeSeparation, | 269 | sUsePrivilegeSeparation, |
263 | sDeprecated, sUnsupported | 270 | sDeprecated, sUnsupported |
264 | } ServerOpCodes; | 271 | } ServerOpCodes; |
@@ -305,6 +312,13 @@ static struct { | |||
305 | { "kerberostgtpassing", sUnsupported }, | 312 | { "kerberostgtpassing", sUnsupported }, |
306 | #endif | 313 | #endif |
307 | { "afstokenpassing", sUnsupported }, | 314 | { "afstokenpassing", sUnsupported }, |
315 | #ifdef GSSAPI | ||
316 | { "gssapiauthentication", sGssAuthentication }, | ||
317 | { "gssapicleanupcreds", sGssCleanupCreds }, | ||
318 | #else | ||
319 | { "gssapiauthentication", sUnsupported }, | ||
320 | { "gssapicleanupcreds", sUnsupported }, | ||
321 | #endif | ||
308 | { "passwordauthentication", sPasswordAuthentication }, | 322 | { "passwordauthentication", sPasswordAuthentication }, |
309 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, | 323 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
310 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, | 324 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
@@ -623,6 +637,14 @@ parse_flag: | |||
623 | intptr = &options->kerberos_tgt_passing; | 637 | intptr = &options->kerberos_tgt_passing; |
624 | goto parse_flag; | 638 | goto parse_flag; |
625 | 639 | ||
640 | case sGssAuthentication: | ||
641 | intptr = &options->gss_authentication; | ||
642 | goto parse_flag; | ||
643 | |||
644 | case sGssCleanupCreds: | ||
645 | intptr = &options->gss_cleanup_creds; | ||
646 | goto parse_flag; | ||
647 | |||
626 | case sPasswordAuthentication: | 648 | case sPasswordAuthentication: |
627 | intptr = &options->password_authentication; | 649 | intptr = &options->password_authentication; |
628 | goto parse_flag; | 650 | goto parse_flag; |