diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
| commit | 31e30b835fd9695d3b6647cab4867001b092e28f (patch) | |
| tree | 138e715c25661825457c7280cd66e3f4853d474c /servconf.c | |
| parent | 78eedc2c60ff4718200f9271d8ee4f437da3a0c5 (diff) | |
| parent | 43094ebf14c9b16f1ea398bc5b65a7335e947288 (diff) | |
merge 5.6p1
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index 73e47eacf..2aa516b2a 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -134,6 +134,7 @@ initialize_server_options(ServerOptions *options) | |||
| 134 | options->zero_knowledge_password_authentication = -1; | 134 | options->zero_knowledge_password_authentication = -1; |
| 135 | options->revoked_keys_file = NULL; | 135 | options->revoked_keys_file = NULL; |
| 136 | options->trusted_user_ca_keys = NULL; | 136 | options->trusted_user_ca_keys = NULL; |
| 137 | options->authorized_principals_file = NULL; | ||
| 137 | } | 138 | } |
| 138 | 139 | ||
| 139 | void | 140 | void |
| @@ -321,7 +322,7 @@ typedef enum { | |||
| 321 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 322 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 322 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 323 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 323 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 324 | sRevokedKeys, sTrustedUserCAKeys, | 325 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 325 | sDeprecated, sUnsupported | 326 | sDeprecated, sUnsupported |
| 326 | } ServerOpCodes; | 327 | } ServerOpCodes; |
| 327 | 328 | ||
| @@ -356,7 +357,7 @@ static struct { | |||
| 356 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 357 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
| 357 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 358 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
| 358 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 359 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
| 359 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 360 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
| 360 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 361 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
| 361 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 362 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
| 362 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 363 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
| @@ -437,11 +438,11 @@ static struct { | |||
| 437 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 438 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
| 438 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 439 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
| 439 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 440 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
| 440 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 441 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
| 441 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 442 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
| 442 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 443 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
| 443 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 444 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
| 444 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 445 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
| 445 | { "match", sMatch, SSHCFG_ALL }, | 446 | { "match", sMatch, SSHCFG_ALL }, |
| 446 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 447 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
| 447 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 448 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
| @@ -449,6 +450,7 @@ static struct { | |||
| 449 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 450 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
| 450 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 451 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
| 451 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 452 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 453 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
| 452 | { NULL, sBadOption, 0 } | 454 | { NULL, sBadOption, 0 } |
| 453 | }; | 455 | }; |
| 454 | 456 | ||
| @@ -1247,10 +1249,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1247 | * AuthorizedKeysFile /etc/ssh_keys/%u | 1249 | * AuthorizedKeysFile /etc/ssh_keys/%u |
| 1248 | */ | 1250 | */ |
| 1249 | case sAuthorizedKeysFile: | 1251 | case sAuthorizedKeysFile: |
| 1252 | charptr = &options->authorized_keys_file; | ||
| 1253 | goto parse_tilde_filename; | ||
| 1250 | case sAuthorizedKeysFile2: | 1254 | case sAuthorizedKeysFile2: |
| 1251 | charptr = (opcode == sAuthorizedKeysFile) ? | 1255 | charptr = &options->authorized_keys_file2; |
| 1252 | &options->authorized_keys_file : | 1256 | goto parse_tilde_filename; |
| 1253 | &options->authorized_keys_file2; | 1257 | case sAuthorizedPrincipalsFile: |
| 1258 | charptr = &options->authorized_principals_file; | ||
| 1259 | parse_tilde_filename: | ||
| 1254 | arg = strdelim(&cp); | 1260 | arg = strdelim(&cp); |
| 1255 | if (!arg || *arg == '\0') | 1261 | if (!arg || *arg == '\0') |
| 1256 | fatal("%s line %d: missing file name.", | 1262 | fatal("%s line %d: missing file name.", |
| @@ -1469,6 +1475,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1469 | M_CP_INTOPT(pubkey_authentication); | 1475 | M_CP_INTOPT(pubkey_authentication); |
| 1470 | M_CP_INTOPT(kerberos_authentication); | 1476 | M_CP_INTOPT(kerberos_authentication); |
| 1471 | M_CP_INTOPT(hostbased_authentication); | 1477 | M_CP_INTOPT(hostbased_authentication); |
| 1478 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
| 1472 | M_CP_INTOPT(kbd_interactive_authentication); | 1479 | M_CP_INTOPT(kbd_interactive_authentication); |
| 1473 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1480 | M_CP_INTOPT(zero_knowledge_password_authentication); |
| 1474 | M_CP_INTOPT(permit_root_login); | 1481 | M_CP_INTOPT(permit_root_login); |
| @@ -1476,6 +1483,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1476 | 1483 | ||
| 1477 | M_CP_INTOPT(allow_tcp_forwarding); | 1484 | M_CP_INTOPT(allow_tcp_forwarding); |
| 1478 | M_CP_INTOPT(allow_agent_forwarding); | 1485 | M_CP_INTOPT(allow_agent_forwarding); |
| 1486 | M_CP_INTOPT(permit_tun); | ||
| 1479 | M_CP_INTOPT(gateway_ports); | 1487 | M_CP_INTOPT(gateway_ports); |
| 1480 | M_CP_INTOPT(x11_display_offset); | 1488 | M_CP_INTOPT(x11_display_offset); |
| 1481 | M_CP_INTOPT(x11_forwarding); | 1489 | M_CP_INTOPT(x11_forwarding); |
| @@ -1490,6 +1498,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1490 | M_CP_STROPT(chroot_directory); | 1498 | M_CP_STROPT(chroot_directory); |
| 1491 | M_CP_STROPT(trusted_user_ca_keys); | 1499 | M_CP_STROPT(trusted_user_ca_keys); |
| 1492 | M_CP_STROPT(revoked_keys_file); | 1500 | M_CP_STROPT(revoked_keys_file); |
| 1501 | M_CP_STROPT(authorized_keys_file); | ||
| 1502 | M_CP_STROPT(authorized_keys_file2); | ||
| 1503 | M_CP_STROPT(authorized_principals_file); | ||
| 1493 | } | 1504 | } |
| 1494 | 1505 | ||
| 1495 | #undef M_CP_INTOPT | 1506 | #undef M_CP_INTOPT |
| @@ -1711,6 +1722,8 @@ dump_config(ServerOptions *o) | |||
| 1711 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1722 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
| 1712 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1723 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
| 1713 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 1724 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
| 1725 | dump_cfg_string(sAuthorizedPrincipalsFile, | ||
| 1726 | o->authorized_principals_file); | ||
| 1714 | 1727 | ||
| 1715 | /* string arguments requiring a lookup */ | 1728 | /* string arguments requiring a lookup */ |
| 1716 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1729 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |