diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/readconf.c b/readconf.c index f78b4d6fe..3c68d1a88 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -67,6 +67,7 @@ | |||
67 | #include "uidswap.h" | 67 | #include "uidswap.h" |
68 | #include "myproposal.h" | 68 | #include "myproposal.h" |
69 | #include "digest.h" | 69 | #include "digest.h" |
70 | #include "ssh-gss.h" | ||
70 | 71 | ||
71 | /* Format of the configuration file: | 72 | /* Format of the configuration file: |
72 | 73 | ||
@@ -162,6 +163,8 @@ typedef enum { | |||
162 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 163 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
163 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 164 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
164 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 165 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
166 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
167 | oGssServerIdentity, oGssKexAlgorithms, | ||
165 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 168 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
166 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, | 169 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
167 | oHashKnownHosts, | 170 | oHashKnownHosts, |
@@ -202,10 +205,22 @@ static struct { | |||
202 | /* Sometimes-unsupported options */ | 205 | /* Sometimes-unsupported options */ |
203 | #if defined(GSSAPI) | 206 | #if defined(GSSAPI) |
204 | { "gssapiauthentication", oGssAuthentication }, | 207 | { "gssapiauthentication", oGssAuthentication }, |
208 | { "gssapikeyexchange", oGssKeyEx }, | ||
205 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 209 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
210 | { "gssapitrustdns", oGssTrustDns }, | ||
211 | { "gssapiclientidentity", oGssClientIdentity }, | ||
212 | { "gssapiserveridentity", oGssServerIdentity }, | ||
213 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
214 | { "gssapikexalgorithms", oGssKexAlgorithms }, | ||
206 | # else | 215 | # else |
207 | { "gssapiauthentication", oUnsupported }, | 216 | { "gssapiauthentication", oUnsupported }, |
217 | { "gssapikeyexchange", oUnsupported }, | ||
208 | { "gssapidelegatecredentials", oUnsupported }, | 218 | { "gssapidelegatecredentials", oUnsupported }, |
219 | { "gssapitrustdns", oUnsupported }, | ||
220 | { "gssapiclientidentity", oUnsupported }, | ||
221 | { "gssapiserveridentity", oUnsupported }, | ||
222 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
223 | { "gssapikexalgorithms", oUnsupported }, | ||
209 | #endif | 224 | #endif |
210 | #ifdef ENABLE_PKCS11 | 225 | #ifdef ENABLE_PKCS11 |
211 | { "pkcs11provider", oPKCS11Provider }, | 226 | { "pkcs11provider", oPKCS11Provider }, |
@@ -988,10 +1003,42 @@ parse_time: | |||
988 | intptr = &options->gss_authentication; | 1003 | intptr = &options->gss_authentication; |
989 | goto parse_flag; | 1004 | goto parse_flag; |
990 | 1005 | ||
1006 | case oGssKeyEx: | ||
1007 | intptr = &options->gss_keyex; | ||
1008 | goto parse_flag; | ||
1009 | |||
991 | case oGssDelegateCreds: | 1010 | case oGssDelegateCreds: |
992 | intptr = &options->gss_deleg_creds; | 1011 | intptr = &options->gss_deleg_creds; |
993 | goto parse_flag; | 1012 | goto parse_flag; |
994 | 1013 | ||
1014 | case oGssTrustDns: | ||
1015 | intptr = &options->gss_trust_dns; | ||
1016 | goto parse_flag; | ||
1017 | |||
1018 | case oGssClientIdentity: | ||
1019 | charptr = &options->gss_client_identity; | ||
1020 | goto parse_string; | ||
1021 | |||
1022 | case oGssServerIdentity: | ||
1023 | charptr = &options->gss_server_identity; | ||
1024 | goto parse_string; | ||
1025 | |||
1026 | case oGssRenewalRekey: | ||
1027 | intptr = &options->gss_renewal_rekey; | ||
1028 | goto parse_flag; | ||
1029 | |||
1030 | case oGssKexAlgorithms: | ||
1031 | arg = strdelim(&s); | ||
1032 | if (!arg || *arg == '\0') | ||
1033 | fatal("%.200s line %d: Missing argument.", | ||
1034 | filename, linenum); | ||
1035 | if (!kex_gss_names_valid(arg)) | ||
1036 | fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", | ||
1037 | filename, linenum, arg ? arg : "<NONE>"); | ||
1038 | if (*activep && options->gss_kex_algorithms == NULL) | ||
1039 | options->gss_kex_algorithms = xstrdup(arg); | ||
1040 | break; | ||
1041 | |||
995 | case oBatchMode: | 1042 | case oBatchMode: |
996 | intptr = &options->batch_mode; | 1043 | intptr = &options->batch_mode; |
997 | goto parse_flag; | 1044 | goto parse_flag; |
@@ -1863,7 +1910,13 @@ initialize_options(Options * options) | |||
1863 | options->pubkey_authentication = -1; | 1910 | options->pubkey_authentication = -1; |
1864 | options->challenge_response_authentication = -1; | 1911 | options->challenge_response_authentication = -1; |
1865 | options->gss_authentication = -1; | 1912 | options->gss_authentication = -1; |
1913 | options->gss_keyex = -1; | ||
1866 | options->gss_deleg_creds = -1; | 1914 | options->gss_deleg_creds = -1; |
1915 | options->gss_trust_dns = -1; | ||
1916 | options->gss_renewal_rekey = -1; | ||
1917 | options->gss_client_identity = NULL; | ||
1918 | options->gss_server_identity = NULL; | ||
1919 | options->gss_kex_algorithms = NULL; | ||
1867 | options->password_authentication = -1; | 1920 | options->password_authentication = -1; |
1868 | options->kbd_interactive_authentication = -1; | 1921 | options->kbd_interactive_authentication = -1; |
1869 | options->kbd_interactive_devices = NULL; | 1922 | options->kbd_interactive_devices = NULL; |
@@ -2009,8 +2062,18 @@ fill_default_options(Options * options) | |||
2009 | options->challenge_response_authentication = 1; | 2062 | options->challenge_response_authentication = 1; |
2010 | if (options->gss_authentication == -1) | 2063 | if (options->gss_authentication == -1) |
2011 | options->gss_authentication = 0; | 2064 | options->gss_authentication = 0; |
2065 | if (options->gss_keyex == -1) | ||
2066 | options->gss_keyex = 0; | ||
2012 | if (options->gss_deleg_creds == -1) | 2067 | if (options->gss_deleg_creds == -1) |
2013 | options->gss_deleg_creds = 0; | 2068 | options->gss_deleg_creds = 0; |
2069 | if (options->gss_trust_dns == -1) | ||
2070 | options->gss_trust_dns = 0; | ||
2071 | if (options->gss_renewal_rekey == -1) | ||
2072 | options->gss_renewal_rekey = 0; | ||
2073 | #ifdef GSSAPI | ||
2074 | if (options->gss_kex_algorithms == NULL) | ||
2075 | options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); | ||
2076 | #endif | ||
2014 | if (options->password_authentication == -1) | 2077 | if (options->password_authentication == -1) |
2015 | options->password_authentication = 1; | 2078 | options->password_authentication = 1; |
2016 | if (options->kbd_interactive_authentication == -1) | 2079 | if (options->kbd_interactive_authentication == -1) |
@@ -2625,7 +2688,14 @@ dump_client_config(Options *o, const char *host) | |||
2625 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); | 2688 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
2626 | #ifdef GSSAPI | 2689 | #ifdef GSSAPI |
2627 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); | 2690 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
2691 | dump_cfg_fmtint(oGssKeyEx, o->gss_keyex); | ||
2628 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); | 2692 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
2693 | dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns); | ||
2694 | dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey); | ||
2695 | dump_cfg_string(oGssClientIdentity, o->gss_client_identity); | ||
2696 | dump_cfg_string(oGssServerIdentity, o->gss_server_identity); | ||
2697 | dump_cfg_string(oGssKexAlgorithms, o->gss_kex_algorithms ? | ||
2698 | o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX); | ||
2629 | #endif /* GSSAPI */ | 2699 | #endif /* GSSAPI */ |
2630 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); | 2700 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
2631 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); | 2701 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |