summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-10-19 21:29:01 +0100
committerColin Watson <cjwatson@debian.org>2018-10-19 21:29:01 +0100
commit3d246f10429fc9a37b98eabef94fe8dc7c61002b (patch)
tree1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /servconf.c
parente6547182a54f0f268ee36e7c99319eeddffbaff2 (diff)
parentaede1c34243a6f7feae2fb2cb686ade5f9be6f3d (diff)
Import openssh_7.9p1.orig.tar.gz
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c
index c0f6af0be..932d363bb 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -145,6 +145,7 @@ initialize_server_options(ServerOptions *options)
145 options->ciphers = NULL; 145 options->ciphers = NULL;
146 options->macs = NULL; 146 options->macs = NULL;
147 options->kex_algorithms = NULL; 147 options->kex_algorithms = NULL;
148 options->ca_sign_algorithms = NULL;
148 options->fwd_opts.gateway_ports = -1; 149 options->fwd_opts.gateway_ports = -1;
149 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 150 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
150 options->fwd_opts.streamlocal_bind_unlink = -1; 151 options->fwd_opts.streamlocal_bind_unlink = -1;
@@ -191,13 +192,14 @@ option_clear_or_none(const char *o)
191static void 192static void
192assemble_algorithms(ServerOptions *o) 193assemble_algorithms(ServerOptions *o)
193{ 194{
194 char *all_cipher, *all_mac, *all_kex, *all_key; 195 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
195 int r; 196 int r;
196 197
197 all_cipher = cipher_alg_list(',', 0); 198 all_cipher = cipher_alg_list(',', 0);
198 all_mac = mac_alg_list(','); 199 all_mac = mac_alg_list(',');
199 all_kex = kex_alg_list(','); 200 all_kex = kex_alg_list(',');
200 all_key = sshkey_alg_list(0, 0, 1, ','); 201 all_key = sshkey_alg_list(0, 0, 1, ',');
202 all_sig = sshkey_alg_list(0, 1, 1, ',');
201#define ASSEMBLE(what, defaults, all) \ 203#define ASSEMBLE(what, defaults, all) \
202 do { \ 204 do { \
203 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ 205 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
@@ -209,11 +211,13 @@ assemble_algorithms(ServerOptions *o)
209 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); 211 ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
210 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); 212 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
211 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); 213 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
214 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
212#undef ASSEMBLE 215#undef ASSEMBLE
213 free(all_cipher); 216 free(all_cipher);
214 free(all_mac); 217 free(all_mac);
215 free(all_kex); 218 free(all_kex);
216 free(all_key); 219 free(all_key);
220 free(all_sig);
217} 221}
218 222
219static void 223static void
@@ -487,7 +491,7 @@ typedef enum {
487 sHostCertificate, 491 sHostCertificate,
488 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 492 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
489 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, 493 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
490 sKexAlgorithms, sIPQoS, sVersionAddendum, 494 sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
491 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 495 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
492 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 496 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
493 sStreamLocalBindMask, sStreamLocalBindUnlink, 497 sStreamLocalBindMask, sStreamLocalBindUnlink,
@@ -640,6 +644,7 @@ static struct {
640 { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, 644 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
641 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, 645 { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
642 { "rdomain", sRDomain, SSHCFG_ALL }, 646 { "rdomain", sRDomain, SSHCFG_ALL },
647 { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
643 { NULL, sBadOption, 0 } 648 { NULL, sBadOption, 0 }
644}; 649};
645 650
@@ -1431,6 +1436,10 @@ process_server_config_line(ServerOptions *options, char *line,
1431 charptr = &options->hostkeyalgorithms; 1436 charptr = &options->hostkeyalgorithms;
1432 goto parse_keytypes; 1437 goto parse_keytypes;
1433 1438
1439 case sCASignatureAlgorithms:
1440 charptr = &options->ca_sign_algorithms;
1441 goto parse_keytypes;
1442
1434 case sPubkeyAuthentication: 1443 case sPubkeyAuthentication:
1435 intptr = &options->pubkey_authentication; 1444 intptr = &options->pubkey_authentication;
1436 goto parse_flag; 1445 goto parse_flag;
@@ -2601,6 +2610,8 @@ dump_config(ServerOptions *o)
2601 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2610 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2602 dump_cfg_string(sKexAlgorithms, 2611 dump_cfg_string(sKexAlgorithms,
2603 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2612 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
2613 dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ?
2614 o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
2604 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? 2615 dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
2605 o->hostbased_key_types : KEX_DEFAULT_PK_ALG); 2616 o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
2606 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? 2617 dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?