diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/readconf.c b/readconf.c index 554efd7c9..57dae55d1 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -67,6 +67,7 @@ | |||
67 | #include "uidswap.h" | 67 | #include "uidswap.h" |
68 | #include "myproposal.h" | 68 | #include "myproposal.h" |
69 | #include "digest.h" | 69 | #include "digest.h" |
70 | #include "ssh-gss.h" | ||
70 | 71 | ||
71 | /* Format of the configuration file: | 72 | /* Format of the configuration file: |
72 | 73 | ||
@@ -160,6 +161,8 @@ typedef enum { | |||
160 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 161 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
161 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 162 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
162 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 163 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
164 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | ||
165 | oGssServerIdentity, oGssKexAlgorithms, | ||
163 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 166 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
164 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, | 167 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
165 | oHashKnownHosts, | 168 | oHashKnownHosts, |
@@ -204,10 +207,22 @@ static struct { | |||
204 | /* Sometimes-unsupported options */ | 207 | /* Sometimes-unsupported options */ |
205 | #if defined(GSSAPI) | 208 | #if defined(GSSAPI) |
206 | { "gssapiauthentication", oGssAuthentication }, | 209 | { "gssapiauthentication", oGssAuthentication }, |
210 | { "gssapikeyexchange", oGssKeyEx }, | ||
207 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 211 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
212 | { "gssapitrustdns", oGssTrustDns }, | ||
213 | { "gssapiclientidentity", oGssClientIdentity }, | ||
214 | { "gssapiserveridentity", oGssServerIdentity }, | ||
215 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
216 | { "gssapikexalgorithms", oGssKexAlgorithms }, | ||
208 | # else | 217 | # else |
209 | { "gssapiauthentication", oUnsupported }, | 218 | { "gssapiauthentication", oUnsupported }, |
219 | { "gssapikeyexchange", oUnsupported }, | ||
210 | { "gssapidelegatecredentials", oUnsupported }, | 220 | { "gssapidelegatecredentials", oUnsupported }, |
221 | { "gssapitrustdns", oUnsupported }, | ||
222 | { "gssapiclientidentity", oUnsupported }, | ||
223 | { "gssapiserveridentity", oUnsupported }, | ||
224 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
225 | { "gssapikexalgorithms", oUnsupported }, | ||
211 | #endif | 226 | #endif |
212 | #ifdef ENABLE_PKCS11 | 227 | #ifdef ENABLE_PKCS11 |
213 | { "pkcs11provider", oPKCS11Provider }, | 228 | { "pkcs11provider", oPKCS11Provider }, |
@@ -1068,10 +1083,42 @@ parse_time: | |||
1068 | intptr = &options->gss_authentication; | 1083 | intptr = &options->gss_authentication; |
1069 | goto parse_flag; | 1084 | goto parse_flag; |
1070 | 1085 | ||
1086 | case oGssKeyEx: | ||
1087 | intptr = &options->gss_keyex; | ||
1088 | goto parse_flag; | ||
1089 | |||
1071 | case oGssDelegateCreds: | 1090 | case oGssDelegateCreds: |
1072 | intptr = &options->gss_deleg_creds; | 1091 | intptr = &options->gss_deleg_creds; |
1073 | goto parse_flag; | 1092 | goto parse_flag; |
1074 | 1093 | ||
1094 | case oGssTrustDns: | ||
1095 | intptr = &options->gss_trust_dns; | ||
1096 | goto parse_flag; | ||
1097 | |||
1098 | case oGssClientIdentity: | ||
1099 | charptr = &options->gss_client_identity; | ||
1100 | goto parse_string; | ||
1101 | |||
1102 | case oGssServerIdentity: | ||
1103 | charptr = &options->gss_server_identity; | ||
1104 | goto parse_string; | ||
1105 | |||
1106 | case oGssRenewalRekey: | ||
1107 | intptr = &options->gss_renewal_rekey; | ||
1108 | goto parse_flag; | ||
1109 | |||
1110 | case oGssKexAlgorithms: | ||
1111 | arg = strdelim(&s); | ||
1112 | if (!arg || *arg == '\0') | ||
1113 | fatal("%.200s line %d: Missing argument.", | ||
1114 | filename, linenum); | ||
1115 | if (!kex_gss_names_valid(arg)) | ||
1116 | fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", | ||
1117 | filename, linenum, arg ? arg : "<NONE>"); | ||
1118 | if (*activep && options->gss_kex_algorithms == NULL) | ||
1119 | options->gss_kex_algorithms = xstrdup(arg); | ||
1120 | break; | ||
1121 | |||
1075 | case oBatchMode: | 1122 | case oBatchMode: |
1076 | intptr = &options->batch_mode; | 1123 | intptr = &options->batch_mode; |
1077 | goto parse_flag; | 1124 | goto parse_flag; |
@@ -1976,7 +2023,13 @@ initialize_options(Options * options) | |||
1976 | options->pubkey_authentication = -1; | 2023 | options->pubkey_authentication = -1; |
1977 | options->challenge_response_authentication = -1; | 2024 | options->challenge_response_authentication = -1; |
1978 | options->gss_authentication = -1; | 2025 | options->gss_authentication = -1; |
2026 | options->gss_keyex = -1; | ||
1979 | options->gss_deleg_creds = -1; | 2027 | options->gss_deleg_creds = -1; |
2028 | options->gss_trust_dns = -1; | ||
2029 | options->gss_renewal_rekey = -1; | ||
2030 | options->gss_client_identity = NULL; | ||
2031 | options->gss_server_identity = NULL; | ||
2032 | options->gss_kex_algorithms = NULL; | ||
1980 | options->password_authentication = -1; | 2033 | options->password_authentication = -1; |
1981 | options->kbd_interactive_authentication = -1; | 2034 | options->kbd_interactive_authentication = -1; |
1982 | options->kbd_interactive_devices = NULL; | 2035 | options->kbd_interactive_devices = NULL; |
@@ -2125,8 +2178,18 @@ fill_default_options(Options * options) | |||
2125 | options->challenge_response_authentication = 1; | 2178 | options->challenge_response_authentication = 1; |
2126 | if (options->gss_authentication == -1) | 2179 | if (options->gss_authentication == -1) |
2127 | options->gss_authentication = 0; | 2180 | options->gss_authentication = 0; |
2181 | if (options->gss_keyex == -1) | ||
2182 | options->gss_keyex = 0; | ||
2128 | if (options->gss_deleg_creds == -1) | 2183 | if (options->gss_deleg_creds == -1) |
2129 | options->gss_deleg_creds = 0; | 2184 | options->gss_deleg_creds = 0; |
2185 | if (options->gss_trust_dns == -1) | ||
2186 | options->gss_trust_dns = 0; | ||
2187 | if (options->gss_renewal_rekey == -1) | ||
2188 | options->gss_renewal_rekey = 0; | ||
2189 | #ifdef GSSAPI | ||
2190 | if (options->gss_kex_algorithms == NULL) | ||
2191 | options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); | ||
2192 | #endif | ||
2130 | if (options->password_authentication == -1) | 2193 | if (options->password_authentication == -1) |
2131 | options->password_authentication = 1; | 2194 | options->password_authentication = 1; |
2132 | if (options->kbd_interactive_authentication == -1) | 2195 | if (options->kbd_interactive_authentication == -1) |
@@ -2776,7 +2839,14 @@ dump_client_config(Options *o, const char *host) | |||
2776 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); | 2839 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
2777 | #ifdef GSSAPI | 2840 | #ifdef GSSAPI |
2778 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); | 2841 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
2842 | dump_cfg_fmtint(oGssKeyEx, o->gss_keyex); | ||
2779 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); | 2843 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
2844 | dump_cfg_fmtint(oGssTrustDns, o->gss_trust_dns); | ||
2845 | dump_cfg_fmtint(oGssRenewalRekey, o->gss_renewal_rekey); | ||
2846 | dump_cfg_string(oGssClientIdentity, o->gss_client_identity); | ||
2847 | dump_cfg_string(oGssServerIdentity, o->gss_server_identity); | ||
2848 | dump_cfg_string(oGssKexAlgorithms, o->gss_kex_algorithms ? | ||
2849 | o->gss_kex_algorithms : GSS_KEX_DEFAULT_KEX); | ||
2780 | #endif /* GSSAPI */ | 2850 | #endif /* GSSAPI */ |
2781 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); | 2851 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
2782 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); | 2852 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |