diff options
-rw-r--r-- | servconf.c | 13 | ||||
-rw-r--r-- | sshd_config.5 | 8 |
2 files changed, 18 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 17cb094c7..19c68e2d7 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.282 2015/10/29 08:05:01 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.283 2015/11/13 04:38:06 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -373,6 +373,8 @@ fill_default_server_options(ServerOptions *options) | |||
373 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | 373 | CLEAR_ON_NONE(options->trusted_user_ca_keys); |
374 | CLEAR_ON_NONE(options->revoked_keys_file); | 374 | CLEAR_ON_NONE(options->revoked_keys_file); |
375 | CLEAR_ON_NONE(options->authorized_principals_file); | 375 | CLEAR_ON_NONE(options->authorized_principals_file); |
376 | CLEAR_ON_NONE(options->adm_forced_command); | ||
377 | CLEAR_ON_NONE(options->chroot_directory); | ||
376 | for (i = 0; i < options->num_host_key_files; i++) | 378 | for (i = 0; i < options->num_host_key_files; i++) |
377 | CLEAR_ON_NONE(options->host_key_files[i]); | 379 | CLEAR_ON_NONE(options->host_key_files[i]); |
378 | for (i = 0; i < options->num_host_cert_files; i++) | 380 | for (i = 0; i < options->num_host_cert_files; i++) |
@@ -2034,8 +2036,17 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
2034 | if (preauth) | 2036 | if (preauth) |
2035 | return; | 2037 | return; |
2036 | 2038 | ||
2039 | /* These options may be "none" to clear a global setting */ | ||
2037 | M_CP_STROPT(adm_forced_command); | 2040 | M_CP_STROPT(adm_forced_command); |
2041 | if (option_clear_or_none(dst->adm_forced_command)) { | ||
2042 | free(dst->adm_forced_command); | ||
2043 | dst->adm_forced_command = NULL; | ||
2044 | } | ||
2038 | M_CP_STROPT(chroot_directory); | 2045 | M_CP_STROPT(chroot_directory); |
2046 | if (option_clear_or_none(dst->chroot_directory)) { | ||
2047 | free(dst->chroot_directory); | ||
2048 | dst->chroot_directory = NULL; | ||
2049 | } | ||
2039 | } | 2050 | } |
2040 | 2051 | ||
2041 | #undef M_CP_INTOPT | 2052 | #undef M_CP_INTOPT |
diff --git a/sshd_config.5 b/sshd_config.5 index 3eb1bb8e0..d94c5f5c0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.214 2015/11/13 02:57:46 djm Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.215 2015/11/13 04:38:06 djm Exp $ |
37 | .Dd $Mdocdate: November 13 2015 $ | 37 | .Dd $Mdocdate: November 13 2015 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -432,7 +432,9 @@ Misconfiguration can lead to unsafe environments which | |||
432 | .Xr sshd 8 | 432 | .Xr sshd 8 |
433 | cannot detect. | 433 | cannot detect. |
434 | .Pp | 434 | .Pp |
435 | The default is not to | 435 | The default is |
436 | .Dq none , | ||
437 | indicating not to | ||
436 | .Xr chroot 2 . | 438 | .Xr chroot 2 . |
437 | .It Cm Ciphers | 439 | .It Cm Ciphers |
438 | Specifies the ciphers allowed for protocol version 2. | 440 | Specifies the ciphers allowed for protocol version 2. |
@@ -599,6 +601,8 @@ Specifying a command of | |||
599 | will force the use of an in-process sftp server that requires no support | 601 | will force the use of an in-process sftp server that requires no support |
600 | files when used with | 602 | files when used with |
601 | .Cm ChrootDirectory . | 603 | .Cm ChrootDirectory . |
604 | The default is | ||
605 | .Dq none . | ||
602 | .It Cm GatewayPorts | 606 | .It Cm GatewayPorts |
603 | Specifies whether remote hosts are allowed to connect to ports | 607 | Specifies whether remote hosts are allowed to connect to ports |
604 | forwarded for the client. | 608 | forwarded for the client. |