diff options
author | Colin Watson <cjwatson@debian.org> | 2018-10-19 21:29:01 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-10-19 21:29:01 +0100 |
commit | 3d246f10429fc9a37b98eabef94fe8dc7c61002b (patch) | |
tree | 1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /servconf.c | |
parent | e6547182a54f0f268ee36e7c99319eeddffbaff2 (diff) | |
parent | aede1c34243a6f7feae2fb2cb686ade5f9be6f3d (diff) |
Import openssh_7.9p1.orig.tar.gz
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index c0f6af0be..932d363bb 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -145,6 +145,7 @@ initialize_server_options(ServerOptions *options) | |||
145 | options->ciphers = NULL; | 145 | options->ciphers = NULL; |
146 | options->macs = NULL; | 146 | options->macs = NULL; |
147 | options->kex_algorithms = NULL; | 147 | options->kex_algorithms = NULL; |
148 | options->ca_sign_algorithms = NULL; | ||
148 | options->fwd_opts.gateway_ports = -1; | 149 | options->fwd_opts.gateway_ports = -1; |
149 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; | 150 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
150 | options->fwd_opts.streamlocal_bind_unlink = -1; | 151 | options->fwd_opts.streamlocal_bind_unlink = -1; |
@@ -191,13 +192,14 @@ option_clear_or_none(const char *o) | |||
191 | static void | 192 | static void |
192 | assemble_algorithms(ServerOptions *o) | 193 | assemble_algorithms(ServerOptions *o) |
193 | { | 194 | { |
194 | char *all_cipher, *all_mac, *all_kex, *all_key; | 195 | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
195 | int r; | 196 | int r; |
196 | 197 | ||
197 | all_cipher = cipher_alg_list(',', 0); | 198 | all_cipher = cipher_alg_list(',', 0); |
198 | all_mac = mac_alg_list(','); | 199 | all_mac = mac_alg_list(','); |
199 | all_kex = kex_alg_list(','); | 200 | all_kex = kex_alg_list(','); |
200 | all_key = sshkey_alg_list(0, 0, 1, ','); | 201 | all_key = sshkey_alg_list(0, 0, 1, ','); |
202 | all_sig = sshkey_alg_list(0, 1, 1, ','); | ||
201 | #define ASSEMBLE(what, defaults, all) \ | 203 | #define ASSEMBLE(what, defaults, all) \ |
202 | do { \ | 204 | do { \ |
203 | if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ | 205 | if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
@@ -209,11 +211,13 @@ assemble_algorithms(ServerOptions *o) | |||
209 | ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); | 211 | ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); |
210 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); | 212 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
211 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); | 213 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
214 | ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); | ||
212 | #undef ASSEMBLE | 215 | #undef ASSEMBLE |
213 | free(all_cipher); | 216 | free(all_cipher); |
214 | free(all_mac); | 217 | free(all_mac); |
215 | free(all_kex); | 218 | free(all_kex); |
216 | free(all_key); | 219 | free(all_key); |
220 | free(all_sig); | ||
217 | } | 221 | } |
218 | 222 | ||
219 | static void | 223 | static void |
@@ -487,7 +491,7 @@ typedef enum { | |||
487 | sHostCertificate, | 491 | sHostCertificate, |
488 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 492 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
489 | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, | 493 | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
490 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 494 | sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, |
491 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 495 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
492 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 496 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
493 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 497 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
@@ -640,6 +644,7 @@ static struct { | |||
640 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, | 644 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, |
641 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, | 645 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, |
642 | { "rdomain", sRDomain, SSHCFG_ALL }, | 646 | { "rdomain", sRDomain, SSHCFG_ALL }, |
647 | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, | ||
643 | { NULL, sBadOption, 0 } | 648 | { NULL, sBadOption, 0 } |
644 | }; | 649 | }; |
645 | 650 | ||
@@ -1431,6 +1436,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1431 | charptr = &options->hostkeyalgorithms; | 1436 | charptr = &options->hostkeyalgorithms; |
1432 | goto parse_keytypes; | 1437 | goto parse_keytypes; |
1433 | 1438 | ||
1439 | case sCASignatureAlgorithms: | ||
1440 | charptr = &options->ca_sign_algorithms; | ||
1441 | goto parse_keytypes; | ||
1442 | |||
1434 | case sPubkeyAuthentication: | 1443 | case sPubkeyAuthentication: |
1435 | intptr = &options->pubkey_authentication; | 1444 | intptr = &options->pubkey_authentication; |
1436 | goto parse_flag; | 1445 | goto parse_flag; |
@@ -2601,6 +2610,8 @@ dump_config(ServerOptions *o) | |||
2601 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | 2610 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
2602 | dump_cfg_string(sKexAlgorithms, | 2611 | dump_cfg_string(sKexAlgorithms, |
2603 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); | 2612 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
2613 | dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? | ||
2614 | o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); | ||
2604 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? | 2615 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
2605 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); | 2616 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
2606 | dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? | 2617 | dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? |