diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-07-30 00:01:34 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-07-30 12:32:16 +1000 |
| commit | f9eca249d4961f28ae4b09186d7dc91de74b5895 (patch) | |
| tree | f4c86ae2043499a6ed7f8c736f0cd5e1f483102c /ssh.c | |
| parent | 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 (diff) | |
upstream commit
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 35 |
1 files changed, 18 insertions, 17 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh.c,v 1.419 2015/07/20 18:42:35 millert Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -108,6 +108,7 @@ | |||
| 108 | #include "roaming.h" | 108 | #include "roaming.h" |
| 109 | #include "version.h" | 109 | #include "version.h" |
| 110 | #include "ssherr.h" | 110 | #include "ssherr.h" |
| 111 | #include "myproposal.h" | ||
| 111 | 112 | ||
| 112 | #ifdef ENABLE_PKCS11 | 113 | #ifdef ENABLE_PKCS11 |
| 113 | #include "ssh-pkcs11.h" | 114 | #include "ssh-pkcs11.h" |
| @@ -794,26 +795,26 @@ main(int ac, char **av) | |||
| 794 | } | 795 | } |
| 795 | break; | 796 | break; |
| 796 | case 'c': | 797 | case 'c': |
| 797 | if (ciphers_valid(optarg)) { | 798 | if (ciphers_valid(*optarg == '+' ? |
| 799 | optarg + 1 : optarg)) { | ||
| 798 | /* SSH2 only */ | 800 | /* SSH2 only */ |
| 799 | options.ciphers = xstrdup(optarg); | 801 | options.ciphers = xstrdup(optarg); |
| 800 | options.cipher = SSH_CIPHER_INVALID; | 802 | options.cipher = SSH_CIPHER_INVALID; |
| 801 | } else { | 803 | break; |
| 802 | /* SSH1 only */ | 804 | } |
| 803 | options.cipher = cipher_number(optarg); | 805 | /* SSH1 only */ |
| 804 | if (options.cipher == -1) { | 806 | options.cipher = cipher_number(optarg); |
| 805 | fprintf(stderr, | 807 | if (options.cipher == -1) { |
| 806 | "Unknown cipher type '%s'\n", | 808 | fprintf(stderr, "Unknown cipher type '%s'\n", |
| 807 | optarg); | 809 | optarg); |
| 808 | exit(255); | 810 | exit(255); |
| 809 | } | ||
| 810 | if (options.cipher == SSH_CIPHER_3DES) | ||
| 811 | options.ciphers = "3des-cbc"; | ||
| 812 | else if (options.cipher == SSH_CIPHER_BLOWFISH) | ||
| 813 | options.ciphers = "blowfish-cbc"; | ||
| 814 | else | ||
| 815 | options.ciphers = (char *)-1; | ||
| 816 | } | 811 | } |
| 812 | if (options.cipher == SSH_CIPHER_3DES) | ||
| 813 | options.ciphers = xstrdup("3des-cbc"); | ||
| 814 | else if (options.cipher == SSH_CIPHER_BLOWFISH) | ||
| 815 | options.ciphers = xstrdup("blowfish-cbc"); | ||
| 816 | else | ||
| 817 | options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); | ||
| 817 | break; | 818 | break; |
| 818 | case 'm': | 819 | case 'm': |
| 819 | if (mac_valid(optarg)) | 820 | if (mac_valid(optarg)) |