diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 318546290..f68c0d0ae 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -114,7 +114,10 @@ initialize_server_options(ServerOptions *options) | |||
| 114 | options->kerberos_ticket_cleanup = -1; | 114 | options->kerberos_ticket_cleanup = -1; |
| 115 | options->kerberos_get_afs_token = -1; | 115 | options->kerberos_get_afs_token = -1; |
| 116 | options->gss_authentication=-1; | 116 | options->gss_authentication=-1; |
| 117 | options->gss_keyex = -1; | ||
| 117 | options->gss_cleanup_creds = -1; | 118 | options->gss_cleanup_creds = -1; |
| 119 | options->gss_strict_acceptor = -1; | ||
| 120 | options->gss_store_rekey = -1; | ||
| 118 | options->password_authentication = -1; | 121 | options->password_authentication = -1; |
| 119 | options->kbd_interactive_authentication = -1; | 122 | options->kbd_interactive_authentication = -1; |
| 120 | options->challenge_response_authentication = -1; | 123 | options->challenge_response_authentication = -1; |
| @@ -269,8 +272,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 269 | options->kerberos_get_afs_token = 0; | 272 | options->kerberos_get_afs_token = 0; |
| 270 | if (options->gss_authentication == -1) | 273 | if (options->gss_authentication == -1) |
| 271 | options->gss_authentication = 0; | 274 | options->gss_authentication = 0; |
| 275 | if (options->gss_keyex == -1) | ||
| 276 | options->gss_keyex = 0; | ||
| 272 | if (options->gss_cleanup_creds == -1) | 277 | if (options->gss_cleanup_creds == -1) |
| 273 | options->gss_cleanup_creds = 1; | 278 | options->gss_cleanup_creds = 1; |
| 279 | if (options->gss_strict_acceptor == -1) | ||
| 280 | options->gss_strict_acceptor = 1; | ||
| 281 | if (options->gss_store_rekey == -1) | ||
| 282 | options->gss_store_rekey = 0; | ||
| 274 | if (options->password_authentication == -1) | 283 | if (options->password_authentication == -1) |
| 275 | options->password_authentication = 1; | 284 | options->password_authentication = 1; |
| 276 | if (options->kbd_interactive_authentication == -1) | 285 | if (options->kbd_interactive_authentication == -1) |
| @@ -391,7 +400,9 @@ typedef enum { | |||
| 391 | sBanner, sUseDNS, sHostbasedAuthentication, | 400 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 392 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, | 401 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, |
| 393 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 402 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
| 394 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 403 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 404 | sGssKeyEx, sGssStoreRekey, | ||
| 405 | sAcceptEnv, sPermitTunnel, | ||
| 395 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 406 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 396 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 407 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 397 | sHostCertificate, | 408 | sHostCertificate, |
| @@ -462,10 +473,20 @@ static struct { | |||
| 462 | #ifdef GSSAPI | 473 | #ifdef GSSAPI |
| 463 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 474 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 464 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 475 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 476 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 477 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 478 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 479 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 465 | #else | 480 | #else |
| 466 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 481 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 467 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 482 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 483 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 484 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 485 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 486 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 468 | #endif | 487 | #endif |
| 488 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 489 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 469 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 490 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 470 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 491 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 471 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 492 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1166,10 +1187,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1166 | intptr = &options->gss_authentication; | 1187 | intptr = &options->gss_authentication; |
| 1167 | goto parse_flag; | 1188 | goto parse_flag; |
| 1168 | 1189 | ||
| 1190 | case sGssKeyEx: | ||
| 1191 | intptr = &options->gss_keyex; | ||
| 1192 | goto parse_flag; | ||
| 1193 | |||
| 1169 | case sGssCleanupCreds: | 1194 | case sGssCleanupCreds: |
| 1170 | intptr = &options->gss_cleanup_creds; | 1195 | intptr = &options->gss_cleanup_creds; |
| 1171 | goto parse_flag; | 1196 | goto parse_flag; |
| 1172 | 1197 | ||
| 1198 | case sGssStrictAcceptor: | ||
| 1199 | intptr = &options->gss_strict_acceptor; | ||
| 1200 | goto parse_flag; | ||
| 1201 | |||
| 1202 | case sGssStoreRekey: | ||
| 1203 | intptr = &options->gss_store_rekey; | ||
| 1204 | goto parse_flag; | ||
| 1205 | |||
| 1173 | case sPasswordAuthentication: | 1206 | case sPasswordAuthentication: |
| 1174 | intptr = &options->password_authentication; | 1207 | intptr = &options->password_authentication; |
| 1175 | goto parse_flag; | 1208 | goto parse_flag; |
| @@ -2125,7 +2158,10 @@ dump_config(ServerOptions *o) | |||
| 2125 | #endif | 2158 | #endif |
| 2126 | #ifdef GSSAPI | 2159 | #ifdef GSSAPI |
| 2127 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2160 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2161 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 2128 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2162 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2163 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2164 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 2129 | #endif | 2165 | #endif |
| 2130 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2166 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2131 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2167 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |