diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/readconf.c b/readconf.c index 2afcbaeca..fb585e248 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -67,6 +67,7 @@ | |||
67 | #include "uidswap.h" | 67 | #include "uidswap.h" |
68 | #include "myproposal.h" | 68 | #include "myproposal.h" |
69 | #include "digest.h" | 69 | #include "digest.h" |
70 | #include "ssh-gss.h" | ||
70 | 71 | ||
71 | /* Format of the configuration file: | 72 | /* Format of the configuration file: |
72 | 73 | ||
@@ -160,6 +161,8 @@ typedef enum { | |||
160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 161 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 162 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 163 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
164 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
165 | oGssServerIdentity, oGssKexAlgorithms, | ||
163 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 166 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
164 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, | 167 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
165 | oHashKnownHosts, | 168 | oHashKnownHosts, |
@@ -204,10 +207,22 @@ static struct { | |||
204 | /* Sometimes-unsupported options */ | 207 | /* Sometimes-unsupported options */ |
205 | #if defined(GSSAPI) | 208 | #if defined(GSSAPI) |
206 | { "gssapiauthentication", oGssAuthentication }, | 209 | { "gssapiauthentication", oGssAuthentication }, |
210 | { "gssapikeyexchange", oGssKeyEx }, | ||
207 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 211 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
212 | { "gssapitrustdns", oGssTrustDns }, | ||
213 | { "gssapiclientidentity", oGssClientIdentity }, | ||
214 | { "gssapiserveridentity", oGssServerIdentity }, | ||
215 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
216 | { "gssapikexalgorithms", oGssKexAlgorithms }, | ||
208 | # else | 217 | # else |
209 | { "gssapiauthentication", oUnsupported }, | 218 | { "gssapiauthentication", oUnsupported }, |
219 | { "gssapikeyexchange", oUnsupported }, | ||
210 | { "gssapidelegatecredentials", oUnsupported }, | 220 | { "gssapidelegatecredentials", oUnsupported }, |
221 | { "gssapitrustdns", oUnsupported }, | ||
222 | { "gssapiclientidentity", oUnsupported }, | ||
223 | { "gssapiserveridentity", oUnsupported }, | ||
224 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
225 | { "gssapikexalgorithms", oUnsupported }, | ||
211 | #endif | 226 | #endif |
212 | #ifdef ENABLE_PKCS11 | 227 | #ifdef ENABLE_PKCS11 |
213 | { "pkcs11provider", oPKCS11Provider }, | 228 | { "pkcs11provider", oPKCS11Provider }, |
@@ -1053,10 +1068,42 @@ parse_time: | |||
1053 | intptr = &options->gss_authentication; | 1068 | intptr = &options->gss_authentication; |
1054 | goto parse_flag; | 1069 | goto parse_flag; |
1055 | 1070 | ||
1071 | case oGssKeyEx: | ||
1072 | intptr = &options->gss_keyex; | ||
1073 | goto parse_flag; | ||
1074 | |||
1056 | case oGssDelegateCreds: | 1075 | case oGssDelegateCreds: |
1057 | intptr = &options->gss_deleg_creds; | 1076 | intptr = &options->gss_deleg_creds; |
1058 | goto parse_flag; | 1077 | goto parse_flag; |
1059 | 1078 | ||
1079 | case oGssTrustDns: | ||
1080 | intptr = &options->gss_trust_dns; | ||
1081 | goto parse_flag; | ||
1082 | |||
1083 | case oGssClientIdentity: | ||
1084 | charptr = &options->gss_client_identity; | ||
1085 | goto parse_string; | ||
1086 | |||
1087 | case oGssServerIdentity: | ||
1088 | charptr = &options->gss_server_identity; | ||
1089 | goto parse_string; | ||
1090 | |||
1091 | case oGssRenewalRekey: | ||
1092 | intptr = &options->gss_renewal_rekey; | ||
1093 | goto parse_flag; | ||
1094 | |||
1095 | case oGssKexAlgorithms: | ||
1096 | arg = strdelim(&s); | ||
1097 | if (!arg || *arg == '\0') | ||
1098 | fatal("%.200s line %d: Missing argument.", | ||
1099 | filename, linenum); | ||
1100 | if (!kex_gss_names_valid(arg)) | ||
1101 | fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", | ||
1102 | filename, linenum, arg ? arg : "<NONE>"); | ||
1103 | if (*activep && options->gss_kex_algorithms == NULL) | ||
1104 | options->gss_kex_algorithms = xstrdup(arg); | ||
1105 | break; | ||
1106 | |||
1060 | case oBatchMode: | 1107 | case oBatchMode: |
1061 | intptr = &options->batch_mode; | 1108 | intptr = &options->batch_mode; |
1062 | goto parse_flag; | 1109 | goto parse_flag; |
@@ -1935,7 +1982,13 @@ initialize_options(Options * options) | |||
1935 | options->pubkey_authentication = -1; | 1982 | options->pubkey_authentication = -1; |
1936 | options->challenge_response_authentication = -1; | 1983 | options->challenge_response_authentication = -1; |
1937 | options->gss_authentication = -1; | 1984 | options->gss_authentication = -1; |
1985 | options->gss_keyex = -1; | ||
1938 | options->gss_deleg_creds = -1; | 1986 | options->gss_deleg_creds = -1; |
1987 | options->gss_trust_dns = -1; | ||
1988 | options->gss_renewal_rekey = -1; | ||
1989 | options->gss_client_identity = NULL; | ||
1990 | options->gss_server_identity = NULL; | ||
1991 | options->gss_kex_algorithms = NULL; | ||
1939 | options->password_authentication = -1; | 1992 | options->password_authentication = -1; |
1940 | options->kbd_interactive_authentication = -1; | 1993 | options->kbd_interactive_authentication = -1; |
1941 | options->kbd_interactive_devices = NULL; | 1994 | options->kbd_interactive_devices = NULL; |
@@ -2083,8 +2136,18 @@ fill_default_options(Options * options) | |||
2083 | options->challenge_response_authentication = 1; | 2136 | options->challenge_response_authentication = 1; |
2084 | if (options->gss_authentication == -1) | 2137 | if (options->gss_authentication == -1) |
2085 | options->gss_authentication = 0; | 2138 | options->gss_authentication = 0; |
2139 | if (options->gss_keyex == -1) | ||
2140 | options->gss_keyex = 0; | ||
2086 | if (options->gss_deleg_creds == -1) | 2141 | if (options->gss_deleg_creds == -1) |
2087 | options->gss_deleg_creds = 0; | 2142 | options->gss_deleg_creds = 0; |
2143 | if (options->gss_trust_dns == -1) | ||
2144 | options->gss_trust_dns = 0; | ||
2145 | if (options->gss_renewal_rekey == -1) | ||
2146 | options->gss_renewal_rekey = 0; | ||
2147 | #ifdef GSSAPI | ||
2148 | if (options->gss_kex_algorithms == NULL) | ||
2149 | options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); | ||
2150 | #endif | ||
2088 | if (options->password_authentication == -1) | 2151 | if (options->password_authentication == -1) |
2089 | options->password_authentication = 1; | 2152 | options->password_authentication = 1; |
2090 | if (options->kbd_interactive_authentication == -1) | 2153 | if (options->kbd_interactive_authentication == -1) |
@@ -2726,7 +2789,14 @@ dump_client_config(Options *o, const char *host) | |||
2726 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); | 2789 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
2727 | #ifdef GSSAPI | 2790 | #ifdef GSSAPI |
2728 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); | 2791 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
2792 | dump_cfg_fmtint(oGssKeyEx, o->gss_keyex); | ||
2729 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); | 2793 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
2794 | dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns); | ||
2795 | dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey); | ||
2796 | dump_cfg_string(oGssClientIdentity, o->gss_client_identity); | ||
2797 | dump_cfg_string(oGssServerIdentity, o->gss_server_identity); | ||
2798 | dump_cfg_string(oGssKexAlgorithms, o->gss_kex_algorithms ? | ||
2799 | o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX); | ||
2730 | #endif /* GSSAPI */ | 2800 | #endif /* GSSAPI */ |
2731 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); | 2801 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
2732 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); | 2802 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |