diff options
| author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:32:03 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:32:03 +0000 |
| commit | 04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (patch) | |
| tree | af8e928bd79d3f2d0219bb5b2c78b573ec31d94c /servconf.c | |
| parent | 9ad7b718d42e43f3a285fcbc8f91193931fce324 (diff) | |
| parent | 16704d57999d987fb8d9ba53379841a79f016d67 (diff) | |
import openssh-4.2p1-gsskex-20050926-2.patch
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 49 |
1 files changed, 42 insertions, 7 deletions
diff --git a/servconf.c b/servconf.c index 2d1a0c362..becd5b7c5 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $"); |
| 14 | 14 | ||
| 15 | #include "ssh.h" | 15 | #include "ssh.h" |
| 16 | #include "log.h" | 16 | #include "log.h" |
| @@ -72,6 +72,7 @@ initialize_server_options(ServerOptions *options) | |||
| 72 | options->kerberos_ticket_cleanup = -1; | 72 | options->kerberos_ticket_cleanup = -1; |
| 73 | options->kerberos_get_afs_token = -1; | 73 | options->kerberos_get_afs_token = -1; |
| 74 | options->gss_authentication=-1; | 74 | options->gss_authentication=-1; |
| 75 | options->gss_keyex = -1; | ||
| 75 | options->gss_cleanup_creds = -1; | 76 | options->gss_cleanup_creds = -1; |
| 76 | options->password_authentication = -1; | 77 | options->password_authentication = -1; |
| 77 | options->kbd_interactive_authentication = -1; | 78 | options->kbd_interactive_authentication = -1; |
| @@ -186,6 +187,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 186 | options->kerberos_get_afs_token = 0; | 187 | options->kerberos_get_afs_token = 0; |
| 187 | if (options->gss_authentication == -1) | 188 | if (options->gss_authentication == -1) |
| 188 | options->gss_authentication = 0; | 189 | options->gss_authentication = 0; |
| 190 | if (options->gss_keyex == -1) | ||
| 191 | options->gss_keyex = 0; | ||
| 189 | if (options->gss_cleanup_creds == -1) | 192 | if (options->gss_cleanup_creds == -1) |
| 190 | options->gss_cleanup_creds = 1; | 193 | options->gss_cleanup_creds = 1; |
| 191 | if (options->password_authentication == -1) | 194 | if (options->password_authentication == -1) |
| @@ -201,7 +204,7 @@ fill_default_server_options(ServerOptions *options) | |||
| 201 | if (options->use_login == -1) | 204 | if (options->use_login == -1) |
| 202 | options->use_login = 0; | 205 | options->use_login = 0; |
| 203 | if (options->compression == -1) | 206 | if (options->compression == -1) |
| 204 | options->compression = 1; | 207 | options->compression = COMP_DELAYED; |
| 205 | if (options->allow_tcp_forwarding == -1) | 208 | if (options->allow_tcp_forwarding == -1) |
| 206 | options->allow_tcp_forwarding = 1; | 209 | options->allow_tcp_forwarding = 1; |
| 207 | if (options->gateway_ports == -1) | 210 | if (options->gateway_ports == -1) |
| @@ -270,7 +273,7 @@ typedef enum { | |||
| 270 | sBanner, sUseDNS, sHostbasedAuthentication, | 273 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 271 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 274 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 272 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 275 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 273 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, | 276 | sGssAuthentication, sGssKeyEx, sGssCleanupCreds, sAcceptEnv, |
| 274 | sUsePrivilegeSeparation, | 277 | sUsePrivilegeSeparation, |
| 275 | sDeprecated, sUnsupported | 278 | sDeprecated, sUnsupported |
| 276 | } ServerOpCodes; | 279 | } ServerOpCodes; |
| @@ -324,9 +327,11 @@ static struct { | |||
| 324 | { "afstokenpassing", sUnsupported }, | 327 | { "afstokenpassing", sUnsupported }, |
| 325 | #ifdef GSSAPI | 328 | #ifdef GSSAPI |
| 326 | { "gssapiauthentication", sGssAuthentication }, | 329 | { "gssapiauthentication", sGssAuthentication }, |
| 330 | { "gssapikeyexchange", sGssKeyEx }, | ||
| 327 | { "gssapicleanupcredentials", sGssCleanupCreds }, | 331 | { "gssapicleanupcredentials", sGssCleanupCreds }, |
| 328 | #else | 332 | #else |
| 329 | { "gssapiauthentication", sUnsupported }, | 333 | { "gssapiauthentication", sUnsupported }, |
| 334 | { "gssapikeyexchange", sUnsupported }, | ||
| 330 | { "gssapicleanupcredentials", sUnsupported }, | 335 | { "gssapicleanupcredentials", sUnsupported }, |
| 331 | #endif | 336 | #endif |
| 332 | { "passwordauthentication", sPasswordAuthentication }, | 337 | { "passwordauthentication", sPasswordAuthentication }, |
| @@ -398,7 +403,7 @@ parse_token(const char *cp, const char *filename, | |||
| 398 | static void | 403 | static void |
| 399 | add_listen_addr(ServerOptions *options, char *addr, u_short port) | 404 | add_listen_addr(ServerOptions *options, char *addr, u_short port) |
| 400 | { | 405 | { |
| 401 | int i; | 406 | u_int i; |
| 402 | 407 | ||
| 403 | if (options->num_ports == 0) | 408 | if (options->num_ports == 0) |
| 404 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | 409 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
| @@ -438,9 +443,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 438 | const char *filename, int linenum) | 443 | const char *filename, int linenum) |
| 439 | { | 444 | { |
| 440 | char *cp, **charptr, *arg, *p; | 445 | char *cp, **charptr, *arg, *p; |
| 441 | int *intptr, value, i, n; | 446 | int *intptr, value, n; |
| 442 | ServerOpCodes opcode; | 447 | ServerOpCodes opcode; |
| 443 | u_short port; | 448 | u_short port; |
| 449 | u_int i; | ||
| 444 | 450 | ||
| 445 | cp = line; | 451 | cp = line; |
| 446 | arg = strdelim(&cp); | 452 | arg = strdelim(&cp); |
| @@ -516,6 +522,12 @@ parse_time: | |||
| 516 | if (arg == NULL || *arg == '\0') | 522 | if (arg == NULL || *arg == '\0') |
| 517 | fatal("%s line %d: missing address", | 523 | fatal("%s line %d: missing address", |
| 518 | filename, linenum); | 524 | filename, linenum); |
| 525 | /* check for bare IPv6 address: no "[]" and 2 or more ":" */ | ||
| 526 | if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL | ||
| 527 | && strchr(p+1, ':') != NULL) { | ||
| 528 | add_listen_addr(options, arg, 0); | ||
| 529 | break; | ||
| 530 | } | ||
| 519 | p = hpdelim(&arg); | 531 | p = hpdelim(&arg); |
| 520 | if (p == NULL) | 532 | if (p == NULL) |
| 521 | fatal("%s line %d: bad address:port usage", | 533 | fatal("%s line %d: bad address:port usage", |
| @@ -532,6 +544,9 @@ parse_time: | |||
| 532 | 544 | ||
| 533 | case sAddressFamily: | 545 | case sAddressFamily: |
| 534 | arg = strdelim(&cp); | 546 | arg = strdelim(&cp); |
| 547 | if (!arg || *arg == '\0') | ||
| 548 | fatal("%s line %d: missing address family.", | ||
| 549 | filename, linenum); | ||
| 535 | intptr = &options->address_family; | 550 | intptr = &options->address_family; |
| 536 | if (options->listen_addrs != NULL) | 551 | if (options->listen_addrs != NULL) |
| 537 | fatal("%s line %d: address family must be specified before " | 552 | fatal("%s line %d: address family must be specified before " |
| @@ -659,6 +674,10 @@ parse_flag: | |||
| 659 | intptr = &options->gss_authentication; | 674 | intptr = &options->gss_authentication; |
| 660 | goto parse_flag; | 675 | goto parse_flag; |
| 661 | 676 | ||
| 677 | case sGssKeyEx: | ||
| 678 | intptr = &options->gss_keyex; | ||
| 679 | goto parse_flag; | ||
| 680 | |||
| 662 | case sGssCleanupCreds: | 681 | case sGssCleanupCreds: |
| 663 | intptr = &options->gss_cleanup_creds; | 682 | intptr = &options->gss_cleanup_creds; |
| 664 | goto parse_flag; | 683 | goto parse_flag; |
| @@ -721,7 +740,23 @@ parse_flag: | |||
| 721 | 740 | ||
| 722 | case sCompression: | 741 | case sCompression: |
| 723 | intptr = &options->compression; | 742 | intptr = &options->compression; |
| 724 | goto parse_flag; | 743 | arg = strdelim(&cp); |
| 744 | if (!arg || *arg == '\0') | ||
| 745 | fatal("%s line %d: missing yes/no/delayed " | ||
| 746 | "argument.", filename, linenum); | ||
| 747 | value = 0; /* silence compiler */ | ||
| 748 | if (strcmp(arg, "delayed") == 0) | ||
| 749 | value = COMP_DELAYED; | ||
| 750 | else if (strcmp(arg, "yes") == 0) | ||
| 751 | value = COMP_ZLIB; | ||
| 752 | else if (strcmp(arg, "no") == 0) | ||
| 753 | value = COMP_NONE; | ||
| 754 | else | ||
| 755 | fatal("%s line %d: Bad yes/no/delayed " | ||
| 756 | "argument: %s", filename, linenum, arg); | ||
| 757 | if (*intptr == -1) | ||
| 758 | *intptr = value; | ||
| 759 | break; | ||
| 725 | 760 | ||
| 726 | case sGatewayPorts: | 761 | case sGatewayPorts: |
| 727 | intptr = &options->gateway_ports; | 762 | intptr = &options->gateway_ports; |
| @@ -1001,7 +1036,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) | |||
| 1001 | 1036 | ||
| 1002 | obuf = cbuf = xstrdup(buffer_ptr(conf)); | 1037 | obuf = cbuf = xstrdup(buffer_ptr(conf)); |
| 1003 | linenum = 1; | 1038 | linenum = 1; |
| 1004 | while((cp = strsep(&cbuf, "\n")) != NULL) { | 1039 | while ((cp = strsep(&cbuf, "\n")) != NULL) { |
| 1005 | if (process_server_config_line(options, cp, filename, | 1040 | if (process_server_config_line(options, cp, filename, |
| 1006 | linenum++) != 0) | 1041 | linenum++) != 0) |
| 1007 | bad_options++; | 1042 | bad_options++; |