diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index df93fc450..2f7f41e5c 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -115,8 +115,10 @@ initialize_server_options(ServerOptions *options) | |||
| 115 | options->kerberos_ticket_cleanup = -1; | 115 | options->kerberos_ticket_cleanup = -1; |
| 116 | options->kerberos_get_afs_token = -1; | 116 | options->kerberos_get_afs_token = -1; |
| 117 | options->gss_authentication=-1; | 117 | options->gss_authentication=-1; |
| 118 | options->gss_keyex = -1; | ||
| 118 | options->gss_cleanup_creds = -1; | 119 | options->gss_cleanup_creds = -1; |
| 119 | options->gss_strict_acceptor = -1; | 120 | options->gss_strict_acceptor = -1; |
| 121 | options->gss_store_rekey = -1; | ||
| 120 | options->password_authentication = -1; | 122 | options->password_authentication = -1; |
| 121 | options->kbd_interactive_authentication = -1; | 123 | options->kbd_interactive_authentication = -1; |
| 122 | options->challenge_response_authentication = -1; | 124 | options->challenge_response_authentication = -1; |
| @@ -275,10 +277,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 275 | options->kerberos_get_afs_token = 0; | 277 | options->kerberos_get_afs_token = 0; |
| 276 | if (options->gss_authentication == -1) | 278 | if (options->gss_authentication == -1) |
| 277 | options->gss_authentication = 0; | 279 | options->gss_authentication = 0; |
| 280 | if (options->gss_keyex == -1) | ||
| 281 | options->gss_keyex = 0; | ||
| 278 | if (options->gss_cleanup_creds == -1) | 282 | if (options->gss_cleanup_creds == -1) |
| 279 | options->gss_cleanup_creds = 1; | 283 | options->gss_cleanup_creds = 1; |
| 280 | if (options->gss_strict_acceptor == -1) | 284 | if (options->gss_strict_acceptor == -1) |
| 281 | options->gss_strict_acceptor = 0; | 285 | options->gss_strict_acceptor = 1; |
| 286 | if (options->gss_store_rekey == -1) | ||
| 287 | options->gss_store_rekey = 0; | ||
| 282 | if (options->password_authentication == -1) | 288 | if (options->password_authentication == -1) |
| 283 | options->password_authentication = 1; | 289 | options->password_authentication = 1; |
| 284 | if (options->kbd_interactive_authentication == -1) | 290 | if (options->kbd_interactive_authentication == -1) |
| @@ -401,6 +407,7 @@ typedef enum { | |||
| 401 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, | 407 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, |
| 402 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 408 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
| 403 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 409 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 410 | sGssKeyEx, sGssStoreRekey, | ||
| 404 | sAcceptEnv, sPermitTunnel, | 411 | sAcceptEnv, sPermitTunnel, |
| 405 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 412 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 406 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 413 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| @@ -473,12 +480,20 @@ static struct { | |||
| 473 | #ifdef GSSAPI | 480 | #ifdef GSSAPI |
| 474 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 481 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 475 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 482 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 483 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 476 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 484 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
| 485 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 486 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 477 | #else | 487 | #else |
| 478 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 488 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 479 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 489 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 490 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 480 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 491 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
| 492 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 493 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 481 | #endif | 494 | #endif |
| 495 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 496 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 482 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 497 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 483 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 498 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 484 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 499 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1214,6 +1229,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1214 | intptr = &options->gss_authentication; | 1229 | intptr = &options->gss_authentication; |
| 1215 | goto parse_flag; | 1230 | goto parse_flag; |
| 1216 | 1231 | ||
| 1232 | case sGssKeyEx: | ||
| 1233 | intptr = &options->gss_keyex; | ||
| 1234 | goto parse_flag; | ||
| 1235 | |||
| 1217 | case sGssCleanupCreds: | 1236 | case sGssCleanupCreds: |
| 1218 | intptr = &options->gss_cleanup_creds; | 1237 | intptr = &options->gss_cleanup_creds; |
| 1219 | goto parse_flag; | 1238 | goto parse_flag; |
| @@ -1222,6 +1241,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1222 | intptr = &options->gss_strict_acceptor; | 1241 | intptr = &options->gss_strict_acceptor; |
| 1223 | goto parse_flag; | 1242 | goto parse_flag; |
| 1224 | 1243 | ||
| 1244 | case sGssStoreRekey: | ||
| 1245 | intptr = &options->gss_store_rekey; | ||
| 1246 | goto parse_flag; | ||
| 1247 | |||
| 1225 | case sPasswordAuthentication: | 1248 | case sPasswordAuthentication: |
| 1226 | intptr = &options->password_authentication; | 1249 | intptr = &options->password_authentication; |
| 1227 | goto parse_flag; | 1250 | goto parse_flag; |
| @@ -2229,7 +2252,10 @@ dump_config(ServerOptions *o) | |||
| 2229 | #endif | 2252 | #endif |
| 2230 | #ifdef GSSAPI | 2253 | #ifdef GSSAPI |
| 2231 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2254 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2255 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 2232 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2256 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2257 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2258 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 2233 | #endif | 2259 | #endif |
| 2234 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2260 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2235 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2261 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |