diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
| commit | 78799892cb1858927be02be9737c594052e3f910 (patch) | |
| tree | ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /servconf.c | |
| parent | 3875951bb76a9ec62634ae4026c9cc885d933477 (diff) | |
| parent | 31e30b835fd9695d3b6647cab4867001b092e28f (diff) | |
* New upstream release (http://www.openssh.com/txt/release-5.6):
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index d42dd527b..c843c97c5 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -135,6 +135,7 @@ initialize_server_options(ServerOptions *options) | |||
| 135 | options->zero_knowledge_password_authentication = -1; | 135 | options->zero_knowledge_password_authentication = -1; |
| 136 | options->revoked_keys_file = NULL; | 136 | options->revoked_keys_file = NULL; |
| 137 | options->trusted_user_ca_keys = NULL; | 137 | options->trusted_user_ca_keys = NULL; |
| 138 | options->authorized_principals_file = NULL; | ||
| 138 | options->debian_banner = -1; | 139 | options->debian_banner = -1; |
| 139 | } | 140 | } |
| 140 | 141 | ||
| @@ -327,7 +328,7 @@ typedef enum { | |||
| 327 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 328 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 328 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 329 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 330 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 330 | sRevokedKeys, sTrustedUserCAKeys, | 331 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 331 | sDebianBanner, | 332 | sDebianBanner, |
| 332 | sDeprecated, sUnsupported | 333 | sDeprecated, sUnsupported |
| 333 | } ServerOpCodes; | 334 | } ServerOpCodes; |
| @@ -363,7 +364,7 @@ static struct { | |||
| 363 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 364 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
| 364 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 365 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
| 365 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 366 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
| 366 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 367 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
| 367 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 368 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
| 368 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 369 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
| 369 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 370 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
| @@ -449,11 +450,11 @@ static struct { | |||
| 449 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 450 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
| 450 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 451 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
| 451 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 452 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
| 452 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 453 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
| 453 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 454 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
| 454 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 455 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
| 455 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 456 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
| 456 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 457 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
| 457 | { "match", sMatch, SSHCFG_ALL }, | 458 | { "match", sMatch, SSHCFG_ALL }, |
| 458 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 459 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
| 459 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 460 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
| @@ -461,6 +462,7 @@ static struct { | |||
| 461 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 462 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
| 462 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 463 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
| 463 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 464 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 465 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
| 464 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 466 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
| 465 | { NULL, sBadOption, 0 } | 467 | { NULL, sBadOption, 0 } |
| 466 | }; | 468 | }; |
| @@ -1264,10 +1266,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1264 | * AuthorizedKeysFile /etc/ssh_keys/%u | 1266 | * AuthorizedKeysFile /etc/ssh_keys/%u |
| 1265 | */ | 1267 | */ |
| 1266 | case sAuthorizedKeysFile: | 1268 | case sAuthorizedKeysFile: |
| 1269 | charptr = &options->authorized_keys_file; | ||
| 1270 | goto parse_tilde_filename; | ||
| 1267 | case sAuthorizedKeysFile2: | 1271 | case sAuthorizedKeysFile2: |
| 1268 | charptr = (opcode == sAuthorizedKeysFile) ? | 1272 | charptr = &options->authorized_keys_file2; |
| 1269 | &options->authorized_keys_file : | 1273 | goto parse_tilde_filename; |
| 1270 | &options->authorized_keys_file2; | 1274 | case sAuthorizedPrincipalsFile: |
| 1275 | charptr = &options->authorized_principals_file; | ||
| 1276 | parse_tilde_filename: | ||
| 1271 | arg = strdelim(&cp); | 1277 | arg = strdelim(&cp); |
| 1272 | if (!arg || *arg == '\0') | 1278 | if (!arg || *arg == '\0') |
| 1273 | fatal("%s line %d: missing file name.", | 1279 | fatal("%s line %d: missing file name.", |
| @@ -1490,6 +1496,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1490 | M_CP_INTOPT(pubkey_authentication); | 1496 | M_CP_INTOPT(pubkey_authentication); |
| 1491 | M_CP_INTOPT(kerberos_authentication); | 1497 | M_CP_INTOPT(kerberos_authentication); |
| 1492 | M_CP_INTOPT(hostbased_authentication); | 1498 | M_CP_INTOPT(hostbased_authentication); |
| 1499 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
| 1493 | M_CP_INTOPT(kbd_interactive_authentication); | 1500 | M_CP_INTOPT(kbd_interactive_authentication); |
| 1494 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1501 | M_CP_INTOPT(zero_knowledge_password_authentication); |
| 1495 | M_CP_INTOPT(permit_root_login); | 1502 | M_CP_INTOPT(permit_root_login); |
| @@ -1497,6 +1504,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1497 | 1504 | ||
| 1498 | M_CP_INTOPT(allow_tcp_forwarding); | 1505 | M_CP_INTOPT(allow_tcp_forwarding); |
| 1499 | M_CP_INTOPT(allow_agent_forwarding); | 1506 | M_CP_INTOPT(allow_agent_forwarding); |
| 1507 | M_CP_INTOPT(permit_tun); | ||
| 1500 | M_CP_INTOPT(gateway_ports); | 1508 | M_CP_INTOPT(gateway_ports); |
| 1501 | M_CP_INTOPT(x11_display_offset); | 1509 | M_CP_INTOPT(x11_display_offset); |
| 1502 | M_CP_INTOPT(x11_forwarding); | 1510 | M_CP_INTOPT(x11_forwarding); |
| @@ -1511,6 +1519,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1511 | M_CP_STROPT(chroot_directory); | 1519 | M_CP_STROPT(chroot_directory); |
| 1512 | M_CP_STROPT(trusted_user_ca_keys); | 1520 | M_CP_STROPT(trusted_user_ca_keys); |
| 1513 | M_CP_STROPT(revoked_keys_file); | 1521 | M_CP_STROPT(revoked_keys_file); |
| 1522 | M_CP_STROPT(authorized_keys_file); | ||
| 1523 | M_CP_STROPT(authorized_keys_file2); | ||
| 1524 | M_CP_STROPT(authorized_principals_file); | ||
| 1514 | } | 1525 | } |
| 1515 | 1526 | ||
| 1516 | #undef M_CP_INTOPT | 1527 | #undef M_CP_INTOPT |
| @@ -1736,6 +1747,8 @@ dump_config(ServerOptions *o) | |||
| 1736 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1747 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
| 1737 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1748 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
| 1738 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 1749 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
| 1750 | dump_cfg_string(sAuthorizedPrincipalsFile, | ||
| 1751 | o->authorized_principals_file); | ||
| 1739 | 1752 | ||
| 1740 | /* string arguments requiring a lookup */ | 1753 | /* string arguments requiring a lookup */ |
| 1741 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1754 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |