summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-12-20 00:22:53 +0000
committerColin Watson <cjwatson@debian.org>2016-12-23 19:08:35 +0000
commitee52365e713e546dbd878d73d9590dbaccd760ba (patch)
tree841d0d9ae73e83070bcc3b46218ebdd18142dda3 /servconf.c
parent8a4a5c22e363ad6a110ad9b787170297f5da8f04 (diff)
parent2103d3e5566c54e08a59be750579a249e46747d7 (diff)
New upstream release (7.4p1).
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c174
1 files changed, 57 insertions, 117 deletions
diff --git a/servconf.c b/servconf.c
index a98b30938..1cee3d6c2 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.292 2016/06/23 05:17:51 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -86,9 +86,7 @@ initialize_server_options(ServerOptions *options)
86 options->num_host_cert_files = 0; 86 options->num_host_cert_files = 0;
87 options->host_key_agent = NULL; 87 options->host_key_agent = NULL;
88 options->pid_file = NULL; 88 options->pid_file = NULL;
89 options->server_key_bits = -1;
90 options->login_grace_time = -1; 89 options->login_grace_time = -1;
91 options->key_regeneration_time = -1;
92 options->permit_root_login = PERMIT_NOT_SET; 90 options->permit_root_login = PERMIT_NOT_SET;
93 options->ignore_rhosts = -1; 91 options->ignore_rhosts = -1;
94 options->ignore_user_known_hosts = -1; 92 options->ignore_user_known_hosts = -1;
@@ -104,12 +102,10 @@ initialize_server_options(ServerOptions *options)
104 options->tcp_keep_alive = -1; 102 options->tcp_keep_alive = -1;
105 options->log_facility = SYSLOG_FACILITY_NOT_SET; 103 options->log_facility = SYSLOG_FACILITY_NOT_SET;
106 options->log_level = SYSLOG_LEVEL_NOT_SET; 104 options->log_level = SYSLOG_LEVEL_NOT_SET;
107 options->rhosts_rsa_authentication = -1;
108 options->hostbased_authentication = -1; 105 options->hostbased_authentication = -1;
109 options->hostbased_uses_name_from_packet_only = -1; 106 options->hostbased_uses_name_from_packet_only = -1;
110 options->hostbased_key_types = NULL; 107 options->hostbased_key_types = NULL;
111 options->hostkeyalgorithms = NULL; 108 options->hostkeyalgorithms = NULL;
112 options->rsa_authentication = -1;
113 options->pubkey_authentication = -1; 109 options->pubkey_authentication = -1;
114 options->pubkey_key_types = NULL; 110 options->pubkey_key_types = NULL;
115 options->kerberos_authentication = -1; 111 options->kerberos_authentication = -1;
@@ -126,7 +122,6 @@ initialize_server_options(ServerOptions *options)
126 options->challenge_response_authentication = -1; 122 options->challenge_response_authentication = -1;
127 options->permit_empty_passwd = -1; 123 options->permit_empty_passwd = -1;
128 options->permit_user_env = -1; 124 options->permit_user_env = -1;
129 options->use_login = -1;
130 options->compression = -1; 125 options->compression = -1;
131 options->rekey_limit = -1; 126 options->rekey_limit = -1;
132 options->rekey_interval = -1; 127 options->rekey_interval = -1;
@@ -140,7 +135,6 @@ initialize_server_options(ServerOptions *options)
140 options->ciphers = NULL; 135 options->ciphers = NULL;
141 options->macs = NULL; 136 options->macs = NULL;
142 options->kex_algorithms = NULL; 137 options->kex_algorithms = NULL;
143 options->protocol = SSH_PROTO_UNKNOWN;
144 options->fwd_opts.gateway_ports = -1; 138 options->fwd_opts.gateway_ports = -1;
145 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 139 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
146 options->fwd_opts.streamlocal_bind_unlink = -1; 140 options->fwd_opts.streamlocal_bind_unlink = -1;
@@ -171,6 +165,7 @@ initialize_server_options(ServerOptions *options)
171 options->ip_qos_bulk = -1; 165 options->ip_qos_bulk = -1;
172 options->version_addendum = NULL; 166 options->version_addendum = NULL;
173 options->fingerprint_hash = -1; 167 options->fingerprint_hash = -1;
168 options->disable_forwarding = -1;
174 options->debian_banner = -1; 169 options->debian_banner = -1;
175} 170}
176 171
@@ -205,25 +200,18 @@ fill_default_server_options(ServerOptions *options)
205 options->use_pam = 0; 200 options->use_pam = 0;
206 201
207 /* Standard Options */ 202 /* Standard Options */
208 if (options->protocol == SSH_PROTO_UNKNOWN)
209 options->protocol = SSH_PROTO_2;
210 if (options->num_host_key_files == 0) { 203 if (options->num_host_key_files == 0) {
211 /* fill default hostkeys for protocols */ 204 /* fill default hostkeys for protocols */
212 if (options->protocol & SSH_PROTO_1) 205 options->host_key_files[options->num_host_key_files++] =
213 options->host_key_files[options->num_host_key_files++] = 206 _PATH_HOST_RSA_KEY_FILE;
214 _PATH_HOST_KEY_FILE; 207 options->host_key_files[options->num_host_key_files++] =
215 if (options->protocol & SSH_PROTO_2) { 208 _PATH_HOST_DSA_KEY_FILE;
216 options->host_key_files[options->num_host_key_files++] =
217 _PATH_HOST_RSA_KEY_FILE;
218 options->host_key_files[options->num_host_key_files++] =
219 _PATH_HOST_DSA_KEY_FILE;
220#ifdef OPENSSL_HAS_ECC 209#ifdef OPENSSL_HAS_ECC
221 options->host_key_files[options->num_host_key_files++] = 210 options->host_key_files[options->num_host_key_files++] =
222 _PATH_HOST_ECDSA_KEY_FILE; 211 _PATH_HOST_ECDSA_KEY_FILE;
223#endif 212#endif
224 options->host_key_files[options->num_host_key_files++] = 213 options->host_key_files[options->num_host_key_files++] =
225 _PATH_HOST_ED25519_KEY_FILE; 214 _PATH_HOST_ED25519_KEY_FILE;
226 }
227 } 215 }
228 /* No certificates by default */ 216 /* No certificates by default */
229 if (options->num_ports == 0) 217 if (options->num_ports == 0)
@@ -234,12 +222,8 @@ fill_default_server_options(ServerOptions *options)
234 add_listen_addr(options, NULL, 0); 222 add_listen_addr(options, NULL, 0);
235 if (options->pid_file == NULL) 223 if (options->pid_file == NULL)
236 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); 224 options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
237 if (options->server_key_bits == -1)
238 options->server_key_bits = 1024;
239 if (options->login_grace_time == -1) 225 if (options->login_grace_time == -1)
240 options->login_grace_time = 120; 226 options->login_grace_time = 120;
241 if (options->key_regeneration_time == -1)
242 options->key_regeneration_time = 3600;
243 if (options->permit_root_login == PERMIT_NOT_SET) 227 if (options->permit_root_login == PERMIT_NOT_SET)
244 options->permit_root_login = PERMIT_NO_PASSWD; 228 options->permit_root_login = PERMIT_NO_PASSWD;
245 if (options->ignore_rhosts == -1) 229 if (options->ignore_rhosts == -1)
@@ -270,14 +254,10 @@ fill_default_server_options(ServerOptions *options)
270 options->log_facility = SYSLOG_FACILITY_AUTH; 254 options->log_facility = SYSLOG_FACILITY_AUTH;
271 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 255 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
272 options->log_level = SYSLOG_LEVEL_INFO; 256 options->log_level = SYSLOG_LEVEL_INFO;
273 if (options->rhosts_rsa_authentication == -1)
274 options->rhosts_rsa_authentication = 0;
275 if (options->hostbased_authentication == -1) 257 if (options->hostbased_authentication == -1)
276 options->hostbased_authentication = 0; 258 options->hostbased_authentication = 0;
277 if (options->hostbased_uses_name_from_packet_only == -1) 259 if (options->hostbased_uses_name_from_packet_only == -1)
278 options->hostbased_uses_name_from_packet_only = 0; 260 options->hostbased_uses_name_from_packet_only = 0;
279 if (options->rsa_authentication == -1)
280 options->rsa_authentication = 1;
281 if (options->pubkey_authentication == -1) 261 if (options->pubkey_authentication == -1)
282 options->pubkey_authentication = 1; 262 options->pubkey_authentication = 1;
283 if (options->kerberos_authentication == -1) 263 if (options->kerberos_authentication == -1)
@@ -308,8 +288,6 @@ fill_default_server_options(ServerOptions *options)
308 options->permit_empty_passwd = 0; 288 options->permit_empty_passwd = 0;
309 if (options->permit_user_env == -1) 289 if (options->permit_user_env == -1)
310 options->permit_user_env = 0; 290 options->permit_user_env = 0;
311 if (options->use_login == -1)
312 options->use_login = 0;
313 if (options->compression == -1) 291 if (options->compression == -1)
314 options->compression = COMP_DELAYED; 292 options->compression = COMP_DELAYED;
315 if (options->rekey_limit == -1) 293 if (options->rekey_limit == -1)
@@ -360,6 +338,8 @@ fill_default_server_options(ServerOptions *options)
360 options->fwd_opts.streamlocal_bind_unlink = 0; 338 options->fwd_opts.streamlocal_bind_unlink = 0;
361 if (options->fingerprint_hash == -1) 339 if (options->fingerprint_hash == -1)
362 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 340 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
341 if (options->disable_forwarding == -1)
342 options->disable_forwarding = 0;
363 if (options->debian_banner == -1) 343 if (options->debian_banner == -1)
364 options->debian_banner = 1; 344 options->debian_banner = 1;
365 345
@@ -415,8 +395,8 @@ typedef enum {
415 /* Portable-specific options */ 395 /* Portable-specific options */
416 sUsePAM, 396 sUsePAM,
417 /* Standard Options */ 397 /* Standard Options */
418 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, 398 sPort, sHostKeyFile, sLoginGraceTime,
419 sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, 399 sPermitRootLogin, sLogFacility, sLogLevel,
420 sRhostsRSAAuthentication, sRSAAuthentication, 400 sRhostsRSAAuthentication, sRSAAuthentication,
421 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 401 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
422 sKerberosGetAFSToken, 402 sKerberosGetAFSToken,
@@ -426,9 +406,9 @@ typedef enum {
426 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 406 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
427 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 407 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
428 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, 408 sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
429 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 409 sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
430 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 410 sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
431 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 411 sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
432 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, 412 sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
433 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, 413 sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
434 sBanner, sUseDNS, sHostbasedAuthentication, 414 sBanner, sUseDNS, sHostbasedAuthentication,
@@ -447,9 +427,9 @@ typedef enum {
447 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 427 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
448 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 428 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
449 sStreamLocalBindMask, sStreamLocalBindUnlink, 429 sStreamLocalBindMask, sStreamLocalBindUnlink,
450 sAllowStreamLocalForwarding, sFingerprintHash, 430 sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
451 sDebianBanner, 431 sDebianBanner,
452 sDeprecated, sUnsupported 432 sDeprecated, sIgnore, sUnsupported
453} ServerOpCodes; 433} ServerOpCodes;
454 434
455#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ 435#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
@@ -475,19 +455,19 @@ static struct {
475 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ 455 { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
476 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, 456 { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
477 { "pidfile", sPidFile, SSHCFG_GLOBAL }, 457 { "pidfile", sPidFile, SSHCFG_GLOBAL },
478 { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, 458 { "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
479 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, 459 { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
480 { "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL }, 460 { "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
481 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL }, 461 { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
482 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, 462 { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
483 { "loglevel", sLogLevel, SSHCFG_GLOBAL }, 463 { "loglevel", sLogLevel, SSHCFG_GLOBAL },
484 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, 464 { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
485 { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, 465 { "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
486 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, 466 { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
487 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, 467 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
488 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, 468 { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
489 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, 469 { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
490 { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, 470 { "rsaauthentication", sDeprecated, SSHCFG_ALL },
491 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, 471 { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
492 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, 472 { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
493 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ 473 { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
@@ -548,7 +528,7 @@ static struct {
548 { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL }, 528 { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
549 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 529 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
550 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 530 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
551 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 531 { "uselogin", sDeprecated, SSHCFG_GLOBAL },
552 { "compression", sCompression, SSHCFG_GLOBAL }, 532 { "compression", sCompression, SSHCFG_GLOBAL },
553 { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, 533 { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
554 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, 534 { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
@@ -561,7 +541,7 @@ static struct {
561 { "denygroups", sDenyGroups, SSHCFG_ALL }, 541 { "denygroups", sDenyGroups, SSHCFG_ALL },
562 { "ciphers", sCiphers, SSHCFG_GLOBAL }, 542 { "ciphers", sCiphers, SSHCFG_GLOBAL },
563 { "macs", sMacs, SSHCFG_GLOBAL }, 543 { "macs", sMacs, SSHCFG_GLOBAL },
564 { "protocol", sProtocol, SSHCFG_GLOBAL }, 544 { "protocol", sIgnore, SSHCFG_GLOBAL },
565 { "gatewayports", sGatewayPorts, SSHCFG_ALL }, 545 { "gatewayports", sGatewayPorts, SSHCFG_ALL },
566 { "subsystem", sSubsystem, SSHCFG_GLOBAL }, 546 { "subsystem", sSubsystem, SSHCFG_GLOBAL },
567 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, 547 { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
@@ -571,8 +551,8 @@ static struct {
571 { "usedns", sUseDNS, SSHCFG_GLOBAL }, 551 { "usedns", sUseDNS, SSHCFG_GLOBAL },
572 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, 552 { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
573 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, 553 { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
574 { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, 554 { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
575 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, 555 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
576 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 556 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
577 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 557 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
578 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 558 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
@@ -600,6 +580,7 @@ static struct {
600 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, 580 { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
601 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, 581 { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
602 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, 582 { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
583 { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
603 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, 584 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
604 { NULL, sBadOption, 0 } 585 { NULL, sBadOption, 0 }
605}; 586};
@@ -763,7 +744,7 @@ get_connection_info(int populate, int use_dns)
763 * options set are copied into the main server config. 744 * options set are copied into the main server config.
764 * 745 *
765 * Potential additions/improvements: 746 * Potential additions/improvements:
766 * - Add Match support for pre-kex directives, eg Protocol, Ciphers. 747 * - Add Match support for pre-kex directives, eg. Ciphers.
767 * 748 *
768 * - Add a Tag directive (idea from David Leonard) ala pf, eg: 749 * - Add a Tag directive (idea from David Leonard) ala pf, eg:
769 * Match Address 192.168.0.* 750 * Match Address 192.168.0.*
@@ -964,8 +945,8 @@ static const struct multistate multistate_permitrootlogin[] = {
964 { NULL, -1 } 945 { NULL, -1 }
965}; 946};
966static const struct multistate multistate_compression[] = { 947static const struct multistate multistate_compression[] = {
948 { "yes", COMP_DELAYED },
967 { "delayed", COMP_DELAYED }, 949 { "delayed", COMP_DELAYED },
968 { "yes", COMP_ZLIB },
969 { "no", COMP_NONE }, 950 { "no", COMP_NONE },
970 { NULL, -1 } 951 { NULL, -1 }
971}; 952};
@@ -1061,18 +1042,6 @@ process_server_config_line(ServerOptions *options, char *line,
1061 filename, linenum); 1042 filename, linenum);
1062 break; 1043 break;
1063 1044
1064 case sServerKeyBits:
1065 intptr = &options->server_key_bits;
1066 parse_int:
1067 arg = strdelim(&cp);
1068 if (!arg || *arg == '\0')
1069 fatal("%s line %d: missing integer value.",
1070 filename, linenum);
1071 value = atoi(arg);
1072 if (*activep && *intptr == -1)
1073 *intptr = value;
1074 break;
1075
1076 case sLoginGraceTime: 1045 case sLoginGraceTime:
1077 intptr = &options->login_grace_time; 1046 intptr = &options->login_grace_time;
1078 parse_time: 1047 parse_time:
@@ -1087,10 +1056,6 @@ process_server_config_line(ServerOptions *options, char *line,
1087 *intptr = value; 1056 *intptr = value;
1088 break; 1057 break;
1089 1058
1090 case sKeyRegenerationTime:
1091 intptr = &options->key_regeneration_time;
1092 goto parse_time;
1093
1094 case sListenAddress: 1059 case sListenAddress:
1095 arg = strdelim(&cp); 1060 arg = strdelim(&cp);
1096 if (arg == NULL || *arg == '\0') 1061 if (arg == NULL || *arg == '\0')
@@ -1176,7 +1141,6 @@ process_server_config_line(ServerOptions *options, char *line,
1176 MAX_HOSTCERTS); 1141 MAX_HOSTCERTS);
1177 charptr = &options->host_cert_files[*intptr]; 1142 charptr = &options->host_cert_files[*intptr];
1178 goto parse_filename; 1143 goto parse_filename;
1179 break;
1180 1144
1181 case sPidFile: 1145 case sPidFile:
1182 charptr = &options->pid_file; 1146 charptr = &options->pid_file;
@@ -1210,10 +1174,6 @@ process_server_config_line(ServerOptions *options, char *line,
1210 intptr = &options->ignore_user_known_hosts; 1174 intptr = &options->ignore_user_known_hosts;
1211 goto parse_flag; 1175 goto parse_flag;
1212 1176
1213 case sRhostsRSAAuthentication:
1214 intptr = &options->rhosts_rsa_authentication;
1215 goto parse_flag;
1216
1217 case sHostbasedAuthentication: 1177 case sHostbasedAuthentication:
1218 intptr = &options->hostbased_authentication; 1178 intptr = &options->hostbased_authentication;
1219 goto parse_flag; 1179 goto parse_flag;
@@ -1240,10 +1200,6 @@ process_server_config_line(ServerOptions *options, char *line,
1240 charptr = &options->hostkeyalgorithms; 1200 charptr = &options->hostkeyalgorithms;
1241 goto parse_keytypes; 1201 goto parse_keytypes;
1242 1202
1243 case sRSAAuthentication:
1244 intptr = &options->rsa_authentication;
1245 goto parse_flag;
1246
1247 case sPubkeyAuthentication: 1203 case sPubkeyAuthentication:
1248 intptr = &options->pubkey_authentication; 1204 intptr = &options->pubkey_authentication;
1249 goto parse_flag; 1205 goto parse_flag;
@@ -1314,7 +1270,15 @@ process_server_config_line(ServerOptions *options, char *line,
1314 1270
1315 case sX11DisplayOffset: 1271 case sX11DisplayOffset:
1316 intptr = &options->x11_display_offset; 1272 intptr = &options->x11_display_offset;
1317 goto parse_int; 1273 parse_int:
1274 arg = strdelim(&cp);
1275 if (!arg || *arg == '\0')
1276 fatal("%s line %d: missing integer value.",
1277 filename, linenum);
1278 value = atoi(arg);
1279 if (*activep && *intptr == -1)
1280 *intptr = value;
1281 break;
1318 1282
1319 case sX11UseLocalhost: 1283 case sX11UseLocalhost:
1320 intptr = &options->x11_use_localhost; 1284 intptr = &options->x11_use_localhost;
@@ -1348,10 +1312,6 @@ process_server_config_line(ServerOptions *options, char *line,
1348 intptr = &options->permit_user_env; 1312 intptr = &options->permit_user_env;
1349 goto parse_flag; 1313 goto parse_flag;
1350 1314
1351 case sUseLogin:
1352 intptr = &options->use_login;
1353 goto parse_flag;
1354
1355 case sCompression: 1315 case sCompression:
1356 intptr = &options->compression; 1316 intptr = &options->compression;
1357 multistate_ptr = multistate_compression; 1317 multistate_ptr = multistate_compression;
@@ -1429,6 +1389,10 @@ process_server_config_line(ServerOptions *options, char *line,
1429 intptr = &options->allow_agent_forwarding; 1389 intptr = &options->allow_agent_forwarding;
1430 goto parse_flag; 1390 goto parse_flag;
1431 1391
1392 case sDisableForwarding:
1393 intptr = &options->disable_forwarding;
1394 goto parse_flag;
1395
1432 case sUsePrivilegeSeparation: 1396 case sUsePrivilegeSeparation:
1433 intptr = &use_privsep; 1397 intptr = &use_privsep;
1434 multistate_ptr = multistate_privsep; 1398 multistate_ptr = multistate_privsep;
@@ -1439,6 +1403,9 @@ process_server_config_line(ServerOptions *options, char *line,
1439 if (options->num_allow_users >= MAX_ALLOW_USERS) 1403 if (options->num_allow_users >= MAX_ALLOW_USERS)
1440 fatal("%s line %d: too many allow users.", 1404 fatal("%s line %d: too many allow users.",
1441 filename, linenum); 1405 filename, linenum);
1406 if (match_user(NULL, NULL, NULL, arg) == -1)
1407 fatal("%s line %d: invalid AllowUsers pattern: "
1408 "\"%.100s\"", filename, linenum, arg);
1442 if (!*activep) 1409 if (!*activep)
1443 continue; 1410 continue;
1444 options->allow_users[options->num_allow_users++] = 1411 options->allow_users[options->num_allow_users++] =
@@ -1451,6 +1418,9 @@ process_server_config_line(ServerOptions *options, char *line,
1451 if (options->num_deny_users >= MAX_DENY_USERS) 1418 if (options->num_deny_users >= MAX_DENY_USERS)
1452 fatal("%s line %d: too many deny users.", 1419 fatal("%s line %d: too many deny users.",
1453 filename, linenum); 1420 filename, linenum);
1421 if (match_user(NULL, NULL, NULL, arg) == -1)
1422 fatal("%s line %d: invalid DenyUsers pattern: "
1423 "\"%.100s\"", filename, linenum, arg);
1454 if (!*activep) 1424 if (!*activep)
1455 continue; 1425 continue;
1456 options->deny_users[options->num_deny_users++] = 1426 options->deny_users[options->num_deny_users++] =
@@ -1516,19 +1486,6 @@ process_server_config_line(ServerOptions *options, char *line,
1516 options->kex_algorithms = xstrdup(arg); 1486 options->kex_algorithms = xstrdup(arg);
1517 break; 1487 break;
1518 1488
1519 case sProtocol:
1520 intptr = &options->protocol;
1521 arg = strdelim(&cp);
1522 if (!arg || *arg == '\0')
1523 fatal("%s line %d: Missing argument.", filename, linenum);
1524 value = proto_spec(arg);
1525 if (value == SSH_PROTO_UNKNOWN)
1526 fatal("%s line %d: Bad protocol spec '%s'.",
1527 filename, linenum, arg ? arg : "<NONE>");
1528 if (*intptr == SSH_PROTO_UNKNOWN)
1529 *intptr = value;
1530 break;
1531
1532 case sSubsystem: 1489 case sSubsystem:
1533 if (options->num_subsystems >= MAX_SUBSYSTEMS) { 1490 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
1534 fatal("%s line %d: too many subsystems defined.", 1491 fatal("%s line %d: too many subsystems defined.",
@@ -1913,15 +1870,12 @@ process_server_config_line(ServerOptions *options, char *line,
1913 goto parse_int; 1870 goto parse_int;
1914 1871
1915 case sDeprecated: 1872 case sDeprecated:
1916 logit("%s line %d: Deprecated option %s", 1873 case sIgnore:
1917 filename, linenum, arg);
1918 while (arg)
1919 arg = strdelim(&cp);
1920 break;
1921
1922 case sUnsupported: 1874 case sUnsupported:
1923 logit("%s line %d: Unsupported option %s", 1875 do_log2(opcode == sIgnore ?
1924 filename, linenum, arg); 1876 SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
1877 "%s line %d: %s option %s", filename, linenum,
1878 opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
1925 while (arg) 1879 while (arg)
1926 arg = strdelim(&cp); 1880 arg = strdelim(&cp);
1927 break; 1881 break;
@@ -2041,7 +1995,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2041 1995
2042 M_CP_INTOPT(password_authentication); 1996 M_CP_INTOPT(password_authentication);
2043 M_CP_INTOPT(gss_authentication); 1997 M_CP_INTOPT(gss_authentication);
2044 M_CP_INTOPT(rsa_authentication);
2045 M_CP_INTOPT(pubkey_authentication); 1998 M_CP_INTOPT(pubkey_authentication);
2046 M_CP_INTOPT(kerberos_authentication); 1999 M_CP_INTOPT(kerberos_authentication);
2047 M_CP_INTOPT(hostbased_authentication); 2000 M_CP_INTOPT(hostbased_authentication);
@@ -2053,6 +2006,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2053 M_CP_INTOPT(allow_tcp_forwarding); 2006 M_CP_INTOPT(allow_tcp_forwarding);
2054 M_CP_INTOPT(allow_streamlocal_forwarding); 2007 M_CP_INTOPT(allow_streamlocal_forwarding);
2055 M_CP_INTOPT(allow_agent_forwarding); 2008 M_CP_INTOPT(allow_agent_forwarding);
2009 M_CP_INTOPT(disable_forwarding);
2056 M_CP_INTOPT(permit_tun); 2010 M_CP_INTOPT(permit_tun);
2057 M_CP_INTOPT(fwd_opts.gateway_ports); 2011 M_CP_INTOPT(fwd_opts.gateway_ports);
2058 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); 2012 M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink);
@@ -2063,6 +2017,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2063 M_CP_INTOPT(permit_user_rc); 2017 M_CP_INTOPT(permit_user_rc);
2064 M_CP_INTOPT(max_sessions); 2018 M_CP_INTOPT(max_sessions);
2065 M_CP_INTOPT(max_authtries); 2019 M_CP_INTOPT(max_authtries);
2020 M_CP_INTOPT(client_alive_count_max);
2021 M_CP_INTOPT(client_alive_interval);
2066 M_CP_INTOPT(ip_qos_interactive); 2022 M_CP_INTOPT(ip_qos_interactive);
2067 M_CP_INTOPT(ip_qos_bulk); 2023 M_CP_INTOPT(ip_qos_bulk);
2068 M_CP_INTOPT(rekey_limit); 2024 M_CP_INTOPT(rekey_limit);
@@ -2181,17 +2137,6 @@ fmt_intarg(ServerOpCodes code, int val)
2181 return fmt_multistate_int(val, multistate_tcpfwd); 2137 return fmt_multistate_int(val, multistate_tcpfwd);
2182 case sFingerprintHash: 2138 case sFingerprintHash:
2183 return ssh_digest_alg_name(val); 2139 return ssh_digest_alg_name(val);
2184 case sProtocol:
2185 switch (val) {
2186 case SSH_PROTO_1:
2187 return "1";
2188 case SSH_PROTO_2:
2189 return "2";
2190 case (SSH_PROTO_1|SSH_PROTO_2):
2191 return "2,1";
2192 default:
2193 return "UNKNOWN";
2194 }
2195 default: 2140 default:
2196 switch (val) { 2141 switch (val) {
2197 case 0: 2142 case 0:
@@ -2278,7 +2223,6 @@ dump_config(ServerOptions *o)
2278 /* these are usually at the top of the config */ 2223 /* these are usually at the top of the config */
2279 for (i = 0; i < o->num_ports; i++) 2224 for (i = 0; i < o->num_ports; i++)
2280 printf("port %d\n", o->ports[i]); 2225 printf("port %d\n", o->ports[i]);
2281 dump_cfg_fmtint(sProtocol, o->protocol);
2282 dump_cfg_fmtint(sAddressFamily, o->address_family); 2226 dump_cfg_fmtint(sAddressFamily, o->address_family);
2283 2227
2284 /* 2228 /*
@@ -2311,9 +2255,7 @@ dump_config(ServerOptions *o)
2311#ifdef USE_PAM 2255#ifdef USE_PAM
2312 dump_cfg_fmtint(sUsePAM, o->use_pam); 2256 dump_cfg_fmtint(sUsePAM, o->use_pam);
2313#endif 2257#endif
2314 dump_cfg_int(sServerKeyBits, o->server_key_bits);
2315 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2258 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
2316 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
2317 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 2259 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
2318 dump_cfg_int(sMaxAuthTries, o->max_authtries); 2260 dump_cfg_int(sMaxAuthTries, o->max_authtries);
2319 dump_cfg_int(sMaxSessions, o->max_sessions); 2261 dump_cfg_int(sMaxSessions, o->max_sessions);
@@ -2325,11 +2267,9 @@ dump_config(ServerOptions *o)
2325 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2267 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
2326 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts); 2268 dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
2327 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts); 2269 dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
2328 dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2329 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication); 2270 dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
2330 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly, 2271 dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
2331 o->hostbased_uses_name_from_packet_only); 2272 o->hostbased_uses_name_from_packet_only);
2332 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
2333 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 2273 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
2334#ifdef KRB5 2274#ifdef KRB5
2335 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 2275 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
@@ -2363,12 +2303,12 @@ dump_config(ServerOptions *o)
2363 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 2303 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
2364 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 2304 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2365 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 2305 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2366 dump_cfg_fmtint(sUseLogin, o->use_login);
2367 dump_cfg_fmtint(sCompression, o->compression); 2306 dump_cfg_fmtint(sCompression, o->compression);
2368 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2307 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2369 dump_cfg_fmtint(sUseDNS, o->use_dns); 2308 dump_cfg_fmtint(sUseDNS, o->use_dns);
2370 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2309 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2371 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); 2310 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2311 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2372 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2312 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2373 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2313 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2374 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2314 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-28 07:26:07 +0000