diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-30 00:01:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-30 12:32:16 +1000 |
commit | f9eca249d4961f28ae4b09186d7dc91de74b5895 (patch) | |
tree | f4c86ae2043499a6ed7f8c736f0cd5e1f483102c /servconf.c | |
parent | 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 (diff) |
upstream commit
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index 018f251ca..7506ad21f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.277 2015/07/30 00:01:34 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -259,16 +259,12 @@ fill_default_server_options(ServerOptions *options) | |||
259 | options->hostbased_authentication = 0; | 259 | options->hostbased_authentication = 0; |
260 | if (options->hostbased_uses_name_from_packet_only == -1) | 260 | if (options->hostbased_uses_name_from_packet_only == -1) |
261 | options->hostbased_uses_name_from_packet_only = 0; | 261 | options->hostbased_uses_name_from_packet_only = 0; |
262 | if (options->hostbased_key_types == NULL) | ||
263 | options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG); | ||
264 | if (options->hostkeyalgorithms == NULL) | 262 | if (options->hostkeyalgorithms == NULL) |
265 | options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); | 263 | options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); |
266 | if (options->rsa_authentication == -1) | 264 | if (options->rsa_authentication == -1) |
267 | options->rsa_authentication = 1; | 265 | options->rsa_authentication = 1; |
268 | if (options->pubkey_authentication == -1) | 266 | if (options->pubkey_authentication == -1) |
269 | options->pubkey_authentication = 1; | 267 | options->pubkey_authentication = 1; |
270 | if (options->pubkey_key_types == NULL) | ||
271 | options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG); | ||
272 | if (options->kerberos_authentication == -1) | 268 | if (options->kerberos_authentication == -1) |
273 | options->kerberos_authentication = 0; | 269 | options->kerberos_authentication = 0; |
274 | if (options->kerberos_or_local_passwd == -1) | 270 | if (options->kerberos_or_local_passwd == -1) |
@@ -345,6 +341,16 @@ fill_default_server_options(ServerOptions *options) | |||
345 | options->fwd_opts.streamlocal_bind_unlink = 0; | 341 | options->fwd_opts.streamlocal_bind_unlink = 0; |
346 | if (options->fingerprint_hash == -1) | 342 | if (options->fingerprint_hash == -1) |
347 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 343 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
344 | |||
345 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || | ||
346 | kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || | ||
347 | kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || | ||
348 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
349 | &options->hostbased_key_types) != 0 || | ||
350 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
351 | &options->pubkey_key_types) != 0) | ||
352 | fatal("%s: kex_assemble_names failed", __func__); | ||
353 | |||
348 | /* Turn privilege separation on by default */ | 354 | /* Turn privilege separation on by default */ |
349 | if (use_privsep == -1) | 355 | if (use_privsep == -1) |
350 | use_privsep = PRIVSEP_NOSANDBOX; | 356 | use_privsep = PRIVSEP_NOSANDBOX; |
@@ -1181,7 +1187,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1181 | if (!arg || *arg == '\0') | 1187 | if (!arg || *arg == '\0') |
1182 | fatal("%s line %d: Missing argument.", | 1188 | fatal("%s line %d: Missing argument.", |
1183 | filename, linenum); | 1189 | filename, linenum); |
1184 | if (!sshkey_names_valid2(arg, 1)) | 1190 | if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) |
1185 | fatal("%s line %d: Bad key types '%s'.", | 1191 | fatal("%s line %d: Bad key types '%s'.", |
1186 | filename, linenum, arg ? arg : "<NONE>"); | 1192 | filename, linenum, arg ? arg : "<NONE>"); |
1187 | if (*activep && *charptr == NULL) | 1193 | if (*activep && *charptr == NULL) |
@@ -1434,7 +1440,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1434 | arg = strdelim(&cp); | 1440 | arg = strdelim(&cp); |
1435 | if (!arg || *arg == '\0') | 1441 | if (!arg || *arg == '\0') |
1436 | fatal("%s line %d: Missing argument.", filename, linenum); | 1442 | fatal("%s line %d: Missing argument.", filename, linenum); |
1437 | if (!ciphers_valid(arg)) | 1443 | if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) |
1438 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", | 1444 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
1439 | filename, linenum, arg ? arg : "<NONE>"); | 1445 | filename, linenum, arg ? arg : "<NONE>"); |
1440 | if (options->ciphers == NULL) | 1446 | if (options->ciphers == NULL) |
@@ -1445,7 +1451,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1445 | arg = strdelim(&cp); | 1451 | arg = strdelim(&cp); |
1446 | if (!arg || *arg == '\0') | 1452 | if (!arg || *arg == '\0') |
1447 | fatal("%s line %d: Missing argument.", filename, linenum); | 1453 | fatal("%s line %d: Missing argument.", filename, linenum); |
1448 | if (!mac_valid(arg)) | 1454 | if (!mac_valid(*arg == '+' ? arg + 1 : arg)) |
1449 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", | 1455 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", |
1450 | filename, linenum, arg ? arg : "<NONE>"); | 1456 | filename, linenum, arg ? arg : "<NONE>"); |
1451 | if (options->macs == NULL) | 1457 | if (options->macs == NULL) |
@@ -1457,7 +1463,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1457 | if (!arg || *arg == '\0') | 1463 | if (!arg || *arg == '\0') |
1458 | fatal("%s line %d: Missing argument.", | 1464 | fatal("%s line %d: Missing argument.", |
1459 | filename, linenum); | 1465 | filename, linenum); |
1460 | if (!kex_names_valid(arg)) | 1466 | if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) |
1461 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", | 1467 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", |
1462 | filename, linenum, arg ? arg : "<NONE>"); | 1468 | filename, linenum, arg ? arg : "<NONE>"); |
1463 | if (options->kex_algorithms == NULL) | 1469 | if (options->kex_algorithms == NULL) |