diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 986a5b92f..2aa516b2a 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -93,7 +93,10 @@ initialize_server_options(ServerOptions *options) | |||
93 | options->kerberos_ticket_cleanup = -1; | 93 | options->kerberos_ticket_cleanup = -1; |
94 | options->kerberos_get_afs_token = -1; | 94 | options->kerberos_get_afs_token = -1; |
95 | options->gss_authentication=-1; | 95 | options->gss_authentication=-1; |
96 | options->gss_keyex = -1; | ||
96 | options->gss_cleanup_creds = -1; | 97 | options->gss_cleanup_creds = -1; |
98 | options->gss_strict_acceptor = -1; | ||
99 | options->gss_store_rekey = -1; | ||
97 | options->password_authentication = -1; | 100 | options->password_authentication = -1; |
98 | options->kbd_interactive_authentication = -1; | 101 | options->kbd_interactive_authentication = -1; |
99 | options->challenge_response_authentication = -1; | 102 | options->challenge_response_authentication = -1; |
@@ -215,8 +218,14 @@ fill_default_server_options(ServerOptions *options) | |||
215 | options->kerberos_get_afs_token = 0; | 218 | options->kerberos_get_afs_token = 0; |
216 | if (options->gss_authentication == -1) | 219 | if (options->gss_authentication == -1) |
217 | options->gss_authentication = 0; | 220 | options->gss_authentication = 0; |
221 | if (options->gss_keyex == -1) | ||
222 | options->gss_keyex = 0; | ||
218 | if (options->gss_cleanup_creds == -1) | 223 | if (options->gss_cleanup_creds == -1) |
219 | options->gss_cleanup_creds = 1; | 224 | options->gss_cleanup_creds = 1; |
225 | if (options->gss_strict_acceptor == -1) | ||
226 | options->gss_strict_acceptor = 1; | ||
227 | if (options->gss_store_rekey == -1) | ||
228 | options->gss_store_rekey = 0; | ||
220 | if (options->password_authentication == -1) | 229 | if (options->password_authentication == -1) |
221 | options->password_authentication = 1; | 230 | options->password_authentication = 1; |
222 | if (options->kbd_interactive_authentication == -1) | 231 | if (options->kbd_interactive_authentication == -1) |
@@ -307,7 +316,9 @@ typedef enum { | |||
307 | sBanner, sUseDNS, sHostbasedAuthentication, | 316 | sBanner, sUseDNS, sHostbasedAuthentication, |
308 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 317 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
309 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 318 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
310 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 319 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
320 | sGssKeyEx, sGssStoreRekey, | ||
321 | sAcceptEnv, sPermitTunnel, | ||
311 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 322 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
312 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 323 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
313 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
@@ -370,9 +381,15 @@ static struct { | |||
370 | #ifdef GSSAPI | 381 | #ifdef GSSAPI |
371 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 382 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
372 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 383 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
384 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
385 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
386 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
373 | #else | 387 | #else |
374 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 388 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
375 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 389 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
390 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
391 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
392 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
376 | #endif | 393 | #endif |
377 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 394 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
378 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 395 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
@@ -926,10 +943,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
926 | intptr = &options->gss_authentication; | 943 | intptr = &options->gss_authentication; |
927 | goto parse_flag; | 944 | goto parse_flag; |
928 | 945 | ||
946 | case sGssKeyEx: | ||
947 | intptr = &options->gss_keyex; | ||
948 | goto parse_flag; | ||
949 | |||
929 | case sGssCleanupCreds: | 950 | case sGssCleanupCreds: |
930 | intptr = &options->gss_cleanup_creds; | 951 | intptr = &options->gss_cleanup_creds; |
931 | goto parse_flag; | 952 | goto parse_flag; |
932 | 953 | ||
954 | case sGssStrictAcceptor: | ||
955 | intptr = &options->gss_strict_acceptor; | ||
956 | goto parse_flag; | ||
957 | |||
958 | case sGssStoreRekey: | ||
959 | intptr = &options->gss_store_rekey; | ||
960 | goto parse_flag; | ||
961 | |||
933 | case sPasswordAuthentication: | 962 | case sPasswordAuthentication: |
934 | intptr = &options->password_authentication; | 963 | intptr = &options->password_authentication; |
935 | goto parse_flag; | 964 | goto parse_flag; |