diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
| commit | 0970072c89b079b022538e3c366fbfa2c53fc821 (patch) | |
| tree | b7024712d74234bb5a8b036ccbc9109e2e211296 /servconf.c | |
| parent | 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff) | |
| parent | 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff) | |
merge 5.7p1
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 61 |
1 files changed, 56 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c index 3ce2397c3..b08772601 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -15,6 +15,10 @@ | |||
| 15 | #include <sys/types.h> | 15 | #include <sys/types.h> |
| 16 | #include <sys/socket.h> | 16 | #include <sys/socket.h> |
| 17 | 17 | ||
| 18 | #include <netinet/in.h> | ||
| 19 | #include <netinet/in_systm.h> | ||
| 20 | #include <netinet/ip.h> | ||
| 21 | |||
| 18 | #include <netdb.h> | 22 | #include <netdb.h> |
| 19 | #include <pwd.h> | 23 | #include <pwd.h> |
| 20 | #include <stdio.h> | 24 | #include <stdio.h> |
| @@ -112,6 +116,7 @@ initialize_server_options(ServerOptions *options) | |||
| 112 | options->num_deny_groups = 0; | 116 | options->num_deny_groups = 0; |
| 113 | options->ciphers = NULL; | 117 | options->ciphers = NULL; |
| 114 | options->macs = NULL; | 118 | options->macs = NULL; |
| 119 | options->kex_algorithms = NULL; | ||
| 115 | options->protocol = SSH_PROTO_UNKNOWN; | 120 | options->protocol = SSH_PROTO_UNKNOWN; |
| 116 | options->gateway_ports = -1; | 121 | options->gateway_ports = -1; |
| 117 | options->num_subsystems = 0; | 122 | options->num_subsystems = 0; |
| @@ -135,6 +140,8 @@ initialize_server_options(ServerOptions *options) | |||
| 135 | options->revoked_keys_file = NULL; | 140 | options->revoked_keys_file = NULL; |
| 136 | options->trusted_user_ca_keys = NULL; | 141 | options->trusted_user_ca_keys = NULL; |
| 137 | options->authorized_principals_file = NULL; | 142 | options->authorized_principals_file = NULL; |
| 143 | options->ip_qos_interactive = -1; | ||
| 144 | options->ip_qos_bulk = -1; | ||
| 138 | } | 145 | } |
| 139 | 146 | ||
| 140 | void | 147 | void |
| @@ -157,6 +164,10 @@ fill_default_server_options(ServerOptions *options) | |||
| 157 | _PATH_HOST_RSA_KEY_FILE; | 164 | _PATH_HOST_RSA_KEY_FILE; |
| 158 | options->host_key_files[options->num_host_key_files++] = | 165 | options->host_key_files[options->num_host_key_files++] = |
| 159 | _PATH_HOST_DSA_KEY_FILE; | 166 | _PATH_HOST_DSA_KEY_FILE; |
| 167 | #ifdef OPENSSL_HAS_ECC | ||
| 168 | options->host_key_files[options->num_host_key_files++] = | ||
| 169 | _PATH_HOST_ECDSA_KEY_FILE; | ||
| 170 | #endif | ||
| 160 | } | 171 | } |
| 161 | } | 172 | } |
| 162 | /* No certificates by default */ | 173 | /* No certificates by default */ |
| @@ -265,16 +276,20 @@ fill_default_server_options(ServerOptions *options) | |||
| 265 | if (options->authorized_keys_file2 == NULL) { | 276 | if (options->authorized_keys_file2 == NULL) { |
| 266 | /* authorized_keys_file2 falls back to authorized_keys_file */ | 277 | /* authorized_keys_file2 falls back to authorized_keys_file */ |
| 267 | if (options->authorized_keys_file != NULL) | 278 | if (options->authorized_keys_file != NULL) |
| 268 | options->authorized_keys_file2 = options->authorized_keys_file; | 279 | options->authorized_keys_file2 = xstrdup(options->authorized_keys_file); |
| 269 | else | 280 | else |
| 270 | options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; | 281 | options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); |
| 271 | } | 282 | } |
| 272 | if (options->authorized_keys_file == NULL) | 283 | if (options->authorized_keys_file == NULL) |
| 273 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; | 284 | options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); |
| 274 | if (options->permit_tun == -1) | 285 | if (options->permit_tun == -1) |
| 275 | options->permit_tun = SSH_TUNMODE_NO; | 286 | options->permit_tun = SSH_TUNMODE_NO; |
| 276 | if (options->zero_knowledge_password_authentication == -1) | 287 | if (options->zero_knowledge_password_authentication == -1) |
| 277 | options->zero_knowledge_password_authentication = 0; | 288 | options->zero_knowledge_password_authentication = 0; |
| 289 | if (options->ip_qos_interactive == -1) | ||
| 290 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
| 291 | if (options->ip_qos_bulk == -1) | ||
| 292 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
| 278 | 293 | ||
| 279 | /* Turn privilege separation on by default */ | 294 | /* Turn privilege separation on by default */ |
| 280 | if (use_privsep == -1) | 295 | if (use_privsep == -1) |
| @@ -323,6 +338,7 @@ typedef enum { | |||
| 323 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 338 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 339 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 325 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 340 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 341 | sKexAlgorithms, sIPQoS, | ||
| 326 | sDeprecated, sUnsupported | 342 | sDeprecated, sUnsupported |
| 327 | } ServerOpCodes; | 343 | } ServerOpCodes; |
| 328 | 344 | ||
| @@ -455,6 +471,8 @@ static struct { | |||
| 455 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 471 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
| 456 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 472 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 457 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 473 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
| 474 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | ||
| 475 | { "ipqos", sIPQoS, SSHCFG_ALL }, | ||
| 458 | { NULL, sBadOption, 0 } | 476 | { NULL, sBadOption, 0 } |
| 459 | }; | 477 | }; |
| 460 | 478 | ||
| @@ -684,7 +702,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 684 | const char *host, const char *address) | 702 | const char *host, const char *address) |
| 685 | { | 703 | { |
| 686 | char *cp, **charptr, *arg, *p; | 704 | char *cp, **charptr, *arg, *p; |
| 687 | int cmdline = 0, *intptr, value, n; | 705 | int cmdline = 0, *intptr, value, value2, n; |
| 688 | SyslogFacility *log_facility_ptr; | 706 | SyslogFacility *log_facility_ptr; |
| 689 | LogLevel *log_level_ptr; | 707 | LogLevel *log_level_ptr; |
| 690 | ServerOpCodes opcode; | 708 | ServerOpCodes opcode; |
| @@ -1162,6 +1180,18 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1162 | options->macs = xstrdup(arg); | 1180 | options->macs = xstrdup(arg); |
| 1163 | break; | 1181 | break; |
| 1164 | 1182 | ||
| 1183 | case sKexAlgorithms: | ||
| 1184 | arg = strdelim(&cp); | ||
| 1185 | if (!arg || *arg == '\0') | ||
| 1186 | fatal("%s line %d: Missing argument.", | ||
| 1187 | filename, linenum); | ||
| 1188 | if (!kex_names_valid(arg)) | ||
| 1189 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", | ||
| 1190 | filename, linenum, arg ? arg : "<NONE>"); | ||
| 1191 | if (options->kex_algorithms == NULL) | ||
| 1192 | options->kex_algorithms = xstrdup(arg); | ||
| 1193 | break; | ||
| 1194 | |||
| 1165 | case sProtocol: | 1195 | case sProtocol: |
| 1166 | intptr = &options->protocol; | 1196 | intptr = &options->protocol; |
| 1167 | arg = strdelim(&cp); | 1197 | arg = strdelim(&cp); |
| @@ -1384,6 +1414,23 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1384 | charptr = &options->revoked_keys_file; | 1414 | charptr = &options->revoked_keys_file; |
| 1385 | goto parse_filename; | 1415 | goto parse_filename; |
| 1386 | 1416 | ||
| 1417 | case sIPQoS: | ||
| 1418 | arg = strdelim(&cp); | ||
| 1419 | if ((value = parse_ipqos(arg)) == -1) | ||
| 1420 | fatal("%s line %d: Bad IPQoS value: %s", | ||
| 1421 | filename, linenum, arg); | ||
| 1422 | arg = strdelim(&cp); | ||
| 1423 | if (arg == NULL) | ||
| 1424 | value2 = value; | ||
| 1425 | else if ((value2 = parse_ipqos(arg)) == -1) | ||
| 1426 | fatal("%s line %d: Bad IPQoS value: %s", | ||
| 1427 | filename, linenum, arg); | ||
| 1428 | if (*activep) { | ||
| 1429 | options->ip_qos_interactive = value; | ||
| 1430 | options->ip_qos_bulk = value2; | ||
| 1431 | } | ||
| 1432 | break; | ||
| 1433 | |||
| 1387 | case sDeprecated: | 1434 | case sDeprecated: |
| 1388 | logit("%s line %d: Deprecated option %s", | 1435 | logit("%s line %d: Deprecated option %s", |
| 1389 | filename, linenum, arg); | 1436 | filename, linenum, arg); |
| @@ -1494,6 +1541,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1494 | M_CP_INTOPT(x11_use_localhost); | 1541 | M_CP_INTOPT(x11_use_localhost); |
| 1495 | M_CP_INTOPT(max_sessions); | 1542 | M_CP_INTOPT(max_sessions); |
| 1496 | M_CP_INTOPT(max_authtries); | 1543 | M_CP_INTOPT(max_authtries); |
| 1544 | M_CP_INTOPT(ip_qos_interactive); | ||
| 1545 | M_CP_INTOPT(ip_qos_bulk); | ||
| 1497 | 1546 | ||
| 1498 | M_CP_STROPT(banner); | 1547 | M_CP_STROPT(banner); |
| 1499 | if (preauth) | 1548 | if (preauth) |
| @@ -1762,5 +1811,7 @@ dump_config(ServerOptions *o) | |||
| 1762 | } | 1811 | } |
| 1763 | dump_cfg_string(sPermitTunnel, s); | 1812 | dump_cfg_string(sPermitTunnel, s); |
| 1764 | 1813 | ||
| 1814 | printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); | ||
| 1815 | |||
| 1765 | channel_print_adm_permitted_opens(); | 1816 | channel_print_adm_permitted_opens(); |
| 1766 | } | 1817 | } |