diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/readconf.c b/readconf.c index ec497e79f..4d699e5f1 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -67,6 +67,7 @@ | |||
67 | #include "uidswap.h" | 67 | #include "uidswap.h" |
68 | #include "myproposal.h" | 68 | #include "myproposal.h" |
69 | #include "digest.h" | 69 | #include "digest.h" |
70 | #include "ssh-gss.h" | ||
70 | 71 | ||
71 | /* Format of the configuration file: | 72 | /* Format of the configuration file: |
72 | 73 | ||
@@ -162,6 +163,8 @@ typedef enum { | |||
162 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 163 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
163 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 164 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
164 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 165 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
166 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
167 | oGssServerIdentity, oGssKexAlgorithms, | ||
165 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 168 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
166 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, | 169 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
167 | oHashKnownHosts, | 170 | oHashKnownHosts, |
@@ -202,10 +205,22 @@ static struct { | |||
202 | /* Sometimes-unsupported options */ | 205 | /* Sometimes-unsupported options */ |
203 | #if defined(GSSAPI) | 206 | #if defined(GSSAPI) |
204 | { "gssapiauthentication", oGssAuthentication }, | 207 | { "gssapiauthentication", oGssAuthentication }, |
208 | { "gssapikeyexchange", oGssKeyEx }, | ||
205 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 209 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
210 | { "gssapitrustdns", oGssTrustDns }, | ||
211 | { "gssapiclientidentity", oGssClientIdentity }, | ||
212 | { "gssapiserveridentity", oGssServerIdentity }, | ||
213 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
214 | { "gssapikexalgorithms", oGssKexAlgorithms }, | ||
206 | # else | 215 | # else |
207 | { "gssapiauthentication", oUnsupported }, | 216 | { "gssapiauthentication", oUnsupported }, |
217 | { "gssapikeyexchange", oUnsupported }, | ||
208 | { "gssapidelegatecredentials", oUnsupported }, | 218 | { "gssapidelegatecredentials", oUnsupported }, |
219 | { "gssapitrustdns", oUnsupported }, | ||
220 | { "gssapiclientidentity", oUnsupported }, | ||
221 | { "gssapiserveridentity", oUnsupported }, | ||
222 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
223 | { "gssapikexalgorithms", oUnsupported }, | ||
209 | #endif | 224 | #endif |
210 | #ifdef ENABLE_PKCS11 | 225 | #ifdef ENABLE_PKCS11 |
211 | { "pkcs11provider", oPKCS11Provider }, | 226 | { "pkcs11provider", oPKCS11Provider }, |
@@ -983,10 +998,42 @@ parse_time: | |||
983 | intptr = &options->gss_authentication; | 998 | intptr = &options->gss_authentication; |
984 | goto parse_flag; | 999 | goto parse_flag; |
985 | 1000 | ||
1001 | case oGssKeyEx: | ||
1002 | intptr = &options->gss_keyex; | ||
1003 | goto parse_flag; | ||
1004 | |||
986 | case oGssDelegateCreds: | 1005 | case oGssDelegateCreds: |
987 | intptr = &options->gss_deleg_creds; | 1006 | intptr = &options->gss_deleg_creds; |
988 | goto parse_flag; | 1007 | goto parse_flag; |
989 | 1008 | ||
1009 | case oGssTrustDns: | ||
1010 | intptr = &options->gss_trust_dns; | ||
1011 | goto parse_flag; | ||
1012 | |||
1013 | case oGssClientIdentity: | ||
1014 | charptr = &options->gss_client_identity; | ||
1015 | goto parse_string; | ||
1016 | |||
1017 | case oGssServerIdentity: | ||
1018 | charptr = &options->gss_server_identity; | ||
1019 | goto parse_string; | ||
1020 | |||
1021 | case oGssRenewalRekey: | ||
1022 | intptr = &options->gss_renewal_rekey; | ||
1023 | goto parse_flag; | ||
1024 | |||
1025 | case oGssKexAlgorithms: | ||
1026 | arg = strdelim(&s); | ||
1027 | if (!arg || *arg == '\0') | ||
1028 | fatal("%.200s line %d: Missing argument.", | ||
1029 | filename, linenum); | ||
1030 | if (!kex_gss_names_valid(arg)) | ||
1031 | fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", | ||
1032 | filename, linenum, arg ? arg : "<NONE>"); | ||
1033 | if (*activep && options->gss_kex_algorithms == NULL) | ||
1034 | options->gss_kex_algorithms = xstrdup(arg); | ||
1035 | break; | ||
1036 | |||
990 | case oBatchMode: | 1037 | case oBatchMode: |
991 | intptr = &options->batch_mode; | 1038 | intptr = &options->batch_mode; |
992 | goto parse_flag; | 1039 | goto parse_flag; |
@@ -1854,7 +1901,13 @@ initialize_options(Options * options) | |||
1854 | options->pubkey_authentication = -1; | 1901 | options->pubkey_authentication = -1; |
1855 | options->challenge_response_authentication = -1; | 1902 | options->challenge_response_authentication = -1; |
1856 | options->gss_authentication = -1; | 1903 | options->gss_authentication = -1; |
1904 | options->gss_keyex = -1; | ||
1857 | options->gss_deleg_creds = -1; | 1905 | options->gss_deleg_creds = -1; |
1906 | options->gss_trust_dns = -1; | ||
1907 | options->gss_renewal_rekey = -1; | ||
1908 | options->gss_client_identity = NULL; | ||
1909 | options->gss_server_identity = NULL; | ||
1910 | options->gss_kex_algorithms = NULL; | ||
1858 | options->password_authentication = -1; | 1911 | options->password_authentication = -1; |
1859 | options->kbd_interactive_authentication = -1; | 1912 | options->kbd_interactive_authentication = -1; |
1860 | options->kbd_interactive_devices = NULL; | 1913 | options->kbd_interactive_devices = NULL; |
@@ -2000,8 +2053,18 @@ fill_default_options(Options * options) | |||
2000 | options->challenge_response_authentication = 1; | 2053 | options->challenge_response_authentication = 1; |
2001 | if (options->gss_authentication == -1) | 2054 | if (options->gss_authentication == -1) |
2002 | options->gss_authentication = 0; | 2055 | options->gss_authentication = 0; |
2056 | if (options->gss_keyex == -1) | ||
2057 | options->gss_keyex = 0; | ||
2003 | if (options->gss_deleg_creds == -1) | 2058 | if (options->gss_deleg_creds == -1) |
2004 | options->gss_deleg_creds = 0; | 2059 | options->gss_deleg_creds = 0; |
2060 | if (options->gss_trust_dns == -1) | ||
2061 | options->gss_trust_dns = 0; | ||
2062 | if (options->gss_renewal_rekey == -1) | ||
2063 | options->gss_renewal_rekey = 0; | ||
2064 | #ifdef GSSAPI | ||
2065 | if (options->gss_kex_algorithms == NULL) | ||
2066 | options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); | ||
2067 | #endif | ||
2005 | if (options->password_authentication == -1) | 2068 | if (options->password_authentication == -1) |
2006 | options->password_authentication = 1; | 2069 | options->password_authentication = 1; |
2007 | if (options->kbd_interactive_authentication == -1) | 2070 | if (options->kbd_interactive_authentication == -1) |
@@ -2616,7 +2679,14 @@ dump_client_config(Options *o, const char *host) | |||
2616 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); | 2679 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
2617 | #ifdef GSSAPI | 2680 | #ifdef GSSAPI |
2618 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); | 2681 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
2682 | dump_cfg_fmtint(oGssKeyEx, o->gss_keyex); | ||
2619 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); | 2683 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
2684 | dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns); | ||
2685 | dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey); | ||
2686 | dump_cfg_string(oGssClientIdentity, o->gss_client_identity); | ||
2687 | dump_cfg_string(oGssServerIdentity, o->gss_server_identity); | ||
2688 | dump_cfg_string(oGssKexAlgorithms, o->gss_kex_algorithms ? | ||
2689 | o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX); | ||
2620 | #endif /* GSSAPI */ | 2690 | #endif /* GSSAPI */ |
2621 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); | 2691 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
2622 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); | 2692 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |