diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-06-24 06:34:38 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-06-24 16:56:11 +1000 |
| commit | 8f574959272ac7fe9239c4f5d10fd913f8920ab0 (patch) | |
| tree | 51ab66a6011af6459e0d4ca15a4b4b78368607a1 /servconf.c | |
| parent | e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba (diff) | |
upstream commit
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index a112798e4..ed1fc71cf 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.308 2017/05/17 01:24:17 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.309 2017/06/24 06:34:38 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -164,6 +164,7 @@ initialize_server_options(ServerOptions *options) | |||
| 164 | options->version_addendum = NULL; | 164 | options->version_addendum = NULL; |
| 165 | options->fingerprint_hash = -1; | 165 | options->fingerprint_hash = -1; |
| 166 | options->disable_forwarding = -1; | 166 | options->disable_forwarding = -1; |
| 167 | options->expose_userauth_info = -1; | ||
| 167 | } | 168 | } |
| 168 | 169 | ||
| 169 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 170 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
| @@ -333,6 +334,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 333 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 334 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 334 | if (options->disable_forwarding == -1) | 335 | if (options->disable_forwarding == -1) |
| 335 | options->disable_forwarding = 0; | 336 | options->disable_forwarding = 0; |
| 337 | if (options->expose_userauth_info == -1) | ||
| 338 | options->expose_userauth_info = 0; | ||
| 336 | 339 | ||
| 337 | assemble_algorithms(options); | 340 | assemble_algorithms(options); |
| 338 | 341 | ||
| @@ -418,6 +421,7 @@ typedef enum { | |||
| 418 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 421 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
| 419 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 422 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
| 420 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, | 423 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
| 424 | sExposeAuthInfo, | ||
| 421 | sDeprecated, sIgnore, sUnsupported | 425 | sDeprecated, sIgnore, sUnsupported |
| 422 | } ServerOpCodes; | 426 | } ServerOpCodes; |
| 423 | 427 | ||
| @@ -561,6 +565,7 @@ static struct { | |||
| 561 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 565 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
| 562 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 566 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
| 563 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, | 567 | { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, |
| 568 | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, | ||
| 564 | { NULL, sBadOption, 0 } | 569 | { NULL, sBadOption, 0 } |
| 565 | }; | 570 | }; |
| 566 | 571 | ||
| @@ -1835,6 +1840,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1835 | options->fingerprint_hash = value; | 1840 | options->fingerprint_hash = value; |
| 1836 | break; | 1841 | break; |
| 1837 | 1842 | ||
| 1843 | case sExposeAuthInfo: | ||
| 1844 | intptr = &options->expose_userauth_info; | ||
| 1845 | goto parse_flag; | ||
| 1846 | |||
| 1838 | case sDeprecated: | 1847 | case sDeprecated: |
| 1839 | case sIgnore: | 1848 | case sIgnore: |
| 1840 | case sUnsupported: | 1849 | case sUnsupported: |
| @@ -1973,6 +1982,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1973 | M_CP_INTOPT(allow_streamlocal_forwarding); | 1982 | M_CP_INTOPT(allow_streamlocal_forwarding); |
| 1974 | M_CP_INTOPT(allow_agent_forwarding); | 1983 | M_CP_INTOPT(allow_agent_forwarding); |
| 1975 | M_CP_INTOPT(disable_forwarding); | 1984 | M_CP_INTOPT(disable_forwarding); |
| 1985 | M_CP_INTOPT(expose_userauth_info); | ||
| 1976 | M_CP_INTOPT(permit_tun); | 1986 | M_CP_INTOPT(permit_tun); |
| 1977 | M_CP_INTOPT(fwd_opts.gateway_ports); | 1987 | M_CP_INTOPT(fwd_opts.gateway_ports); |
| 1978 | M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); | 1988 | M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); |
| @@ -2272,6 +2282,7 @@ dump_config(ServerOptions *o) | |||
| 2272 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2282 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
| 2273 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2283 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
| 2274 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | 2284 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); |
| 2285 | dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); | ||
| 2275 | 2286 | ||
| 2276 | /* string arguments */ | 2287 | /* string arguments */ |
| 2277 | dump_cfg_string(sPidFile, o->pid_file); | 2288 | dump_cfg_string(sPidFile, o->pid_file); |