1 files changed, 12 insertions, 3 deletions

diff --git a/servconf.c b/servconf.c
index 03b974617..91986e55d 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.221 2011/06/22 21:47:28 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.222 2011/06/22 21:57:01 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -280,7 +280,7 @@ fill_default_server_options(ServerOptions *options)
 
         /* Turn privilege separation on by default */
         if (use_privsep == -1)
-                use_privsep = 1;
+                use_privsep = PRIVSEP_ON;
 
 #ifndef HAVE_MMAP
         if (use_privsep && options->compression == 1) {
@@ -701,6 +701,12 @@ static const struct multistate multistate_gatewayports[] = {
         { "no",                         0 },
         { NULL, -1 }
 };
+static const struct multistate multistate_privsep[] = {
+        { "sandbox",                    PRIVSEP_SANDBOX },
+        { "yes",                        PRIVSEP_ON },
+        { "no",                         PRIVSEP_OFF },
+        { NULL, -1 }
+};
 
 int
 process_server_config_line(ServerOptions *options, char *line,
@@ -1066,7 +1072,8 @@ process_server_config_line(ServerOptions *options, char *line,
 
         case sUsePrivilegeSeparation:
                 intptr = &use_privsep;
-                goto parse_flag;
+                multistate_ptr = multistate_privsep;
+                goto parse_multistate;
 
         case sAllowUsers:
                 while ((arg = strdelim(&cp)) && *arg != '\0') {
@@ -1574,6 +1581,8 @@ fmt_intarg(ServerOpCodes code, int val)
                 return fmt_multistate_int(val, multistate_gatewayports);
         case sCompression:
                 return fmt_multistate_int(val, multistate_compression);
+        case sUsePrivilegeSeparation:
+                return fmt_multistate_int(val, multistate_privsep);
         case sProtocol:
                 switch (val) {
                 case SSH_PROTO_1: