1 files changed, 86 insertions, 61 deletions
diff --git a/servconf.c b/servconf.c
index 71e28b3cb..2510659ee 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,23 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
+#if defined(KRB4)
+#include <krb.h>
+#endif
+#if defined(KRB5)
+#ifdef HEIMDAL
+#include <krb.h>
+#else
+/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
+ * keytab */
+#define KEYFILE "/etc/krb5.keytab"
+#endif
+#endif
+#ifdef AFS
+#include <kafs.h>
+#endif
 #include "ssh.h"
 #include "log.h"
@@ -40,7 +56,7 @@ initialize_server_options(ServerOptions *options)
        memset(options, 0, sizeof(*options));
        /* Portable-specific options */
-        options->use_pam = -1;
+        options->pam_authentication_via_kbd_int = -1;
        /* Standard Options */
        options->num_ports = 0;
@@ -64,16 +80,23 @@ initialize_server_options(ServerOptions *options)
        options->keepalives = -1;
        options->log_facility = SYSLOG_FACILITY_NOT_SET;
        options->log_level = SYSLOG_LEVEL_NOT_SET;
+        options->rhosts_authentication = -1;
        options->rhosts_rsa_authentication = -1;
        options->hostbased_authentication = -1;
        options->hostbased_uses_name_from_packet_only = -1;
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
+#if defined(KRB4) || defined(KRB5)
        options->kerberos_authentication = -1;
        options->kerberos_or_local_passwd = -1;
        options->kerberos_ticket_cleanup = -1;
-        options->gss_authentication=-1;
+#endif
-        options->gss_cleanup_creds = -1;
+#if defined(AFS) || defined(KRB5)
+        options->kerberos_tgt_passing = -1;
+#endif
+#ifdef AFS
+        options->afs_token_passing = -1;
+#endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
@@ -95,7 +118,7 @@ initialize_server_options(ServerOptions *options)
        options->max_startups_rate = -1;
        options->max_startups = -1;
        options->banner = NULL;
-        options->use_dns = -1;
+        options->verify_reverse_mapping = -1;
        options->client_alive_interval = -1;
        options->client_alive_count_max = -1;
        options->authorized_keys_file = NULL;
@@ -109,8 +132,8 @@ void
 fill_default_server_options(ServerOptions *options)
 {
        /* Portable-specific options */
-        if (options->use_pam == -1)
+        if (options->pam_authentication_via_kbd_int == -1)
-                options->use_pam = 1;
+                options->pam_authentication_via_kbd_int = 0;
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -165,6 +188,8 @@ fill_default_server_options(ServerOptions *options)
                options->log_facility = SYSLOG_FACILITY_AUTH;
        if (options->log_level == SYSLOG_LEVEL_NOT_SET)
                options->log_level = SYSLOG_LEVEL_INFO;
+        if (options->rhosts_authentication == -1)
+                options->rhosts_authentication = 0;
        if (options->rhosts_rsa_authentication == -1)
                options->rhosts_rsa_authentication = 0;
        if (options->hostbased_authentication == -1)
@@ -175,16 +200,22 @@ fill_default_server_options(ServerOptions *options)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
                options->pubkey_authentication = 1;
+#if defined(KRB4) || defined(KRB5)
        if (options->kerberos_authentication == -1)
                options->kerberos_authentication = 0;
        if (options->kerberos_or_local_passwd == -1)
                options->kerberos_or_local_passwd = 1;
        if (options->kerberos_ticket_cleanup == -1)
                options->kerberos_ticket_cleanup = 1;
-        if (options->gss_authentication == -1)
+#endif
-                options->gss_authentication = 0;
+#if defined(AFS) || defined(KRB5)
-        if (options->gss_cleanup_creds == -1)
+        if (options->kerberos_tgt_passing == -1)
-                options->gss_cleanup_creds = 1;
+                options->kerberos_tgt_passing = 0;
+#endif
+#ifdef AFS
+        if (options->afs_token_passing == -1)
+                options->afs_token_passing = 0;
+#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -209,8 +240,8 @@ fill_default_server_options(ServerOptions *options)
                options->max_startups_rate = 100;               /* 100% */
        if (options->max_startups_begin == -1)
                options->max_startups_begin = options->max_startups;
-        if (options->use_dns == -1)
+        if (options->verify_reverse_mapping == -1)
-                options->use_dns = 1;
+                options->verify_reverse_mapping = 0;
        if (options->client_alive_interval == -1)
                options->client_alive_interval = 0;
        if (options->client_alive_count_max == -1)
@@ -244,13 +275,21 @@ fill_default_server_options(ServerOptions *options)
 typedef enum {
        sBadOption,             /* == unknown option */
        /* Portable-specific options */
-        sUsePAM,
+        sPAMAuthenticationViaKbdInt,
        /* Standard Options */
        sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
        sPermitRootLogin, sLogFacility, sLogLevel,
-        sRhostsRSAAuthentication, sRSAAuthentication,
+        sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
+#if defined(KRB4) || defined(KRB5)
        sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-        sKerberosTgtPassing, sChallengeResponseAuthentication,
+#endif
+#if defined(AFS) || defined(KRB5)
+        sKerberosTgtPassing,
+#endif
+#ifdef AFS
+        sAFSTokenPassing,
+#endif
+        sChallengeResponseAuthentication,
        sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -259,12 +298,11 @@ typedef enum {
        sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
        sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
-        sBanner, sUseDNS, sHostbasedAuthentication,
+        sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-        sGssAuthentication, sGssCleanupCreds,
        sUsePrivilegeSeparation,
-        sDeprecated, sUnsupported
+        sDeprecated
 } ServerOpCodes;
 /* Textual representation of the tokens. */
@@ -273,12 +311,7 @@ static struct {
        ServerOpCodes opcode;
 } keywords[] = {
        /* Portable-specific options */
-#ifdef USE_PAM
+        { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
-        { "usepam", sUsePAM },
-#else
-        { "usepam", sUnsupported },
-#endif
-        { "pamauthenticationviakbdint", sDeprecated },
        /* Standard Options */
        { "port", sPort },
        { "hostkey", sHostKeyFile },
@@ -290,30 +323,23 @@ static struct {
        { "permitrootlogin", sPermitRootLogin },
        { "syslogfacility", sLogFacility },
        { "loglevel", sLogLevel },
-        { "rhostsauthentication", sDeprecated },
+        { "rhostsauthentication", sRhostsAuthentication },
        { "rhostsrsaauthentication", sRhostsRSAAuthentication },
        { "hostbasedauthentication", sHostbasedAuthentication },
        { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
        { "rsaauthentication", sRSAAuthentication },
        { "pubkeyauthentication", sPubkeyAuthentication },
        { "dsaauthentication", sPubkeyAuthentication },                 /* alias */
-#ifdef KRB5
+#if defined(KRB4) || defined(KRB5)
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
-#else
-        { "kerberosauthentication", sUnsupported },
-        { "kerberosorlocalpasswd", sUnsupported },
-        { "kerberosticketcleanup", sUnsupported },
 #endif
-        { "kerberostgtpassing", sUnsupported },
+#if defined(AFS) || defined(KRB5)
-        { "afstokenpassing", sUnsupported },
+        { "kerberostgtpassing", sKerberosTgtPassing },
-#ifdef GSSAPI
+#endif
-        { "gssapiauthentication", sGssAuthentication },
+#ifdef AFS
-        { "gssapicleanupcreds", sGssCleanupCreds },
+        { "afstokenpassing", sAFSTokenPassing },
-#else
-        { "gssapiauthentication", sUnsupported },
-        { "gssapicleanupcreds", sUnsupported },
 #endif
        { "passwordauthentication", sPasswordAuthentication },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
@@ -347,9 +373,8 @@ static struct {
        { "subsystem", sSubsystem },
        { "maxstartups", sMaxStartups },
        { "banner", sBanner },
-        { "usedns", sUseDNS },
+        { "verifyreversemapping", sVerifyReverseMapping },
-        { "verifyreversemapping", sDeprecated },
+        { "reversemappingcheck", sVerifyReverseMapping },
-        { "reversemappingcheck", sDeprecated },
        { "clientaliveinterval", sClientAliveInterval },
        { "clientalivecountmax", sClientAliveCountMax },
        { "authorizedkeysfile", sAuthorizedKeysFile },
@@ -433,8 +458,8 @@ process_server_config_line(ServerOptions *options, char *line,
        opcode = parse_token(arg, filename, linenum);
        switch (opcode) {
        /* Portable-specific options */
-        case sUsePAM:
+        case sPAMAuthenticationViaKbdInt:
-                intptr = &options->use_pam;
+                intptr = &options->pam_authentication_via_kbd_int;
                goto parse_flag;
        /* Standard Options */
@@ -597,6 +622,10 @@ parse_flag:
                intptr = &options->ignore_user_known_hosts;
                goto parse_flag;
+        case sRhostsAuthentication:
+                intptr = &options->rhosts_authentication;
+                goto parse_flag;
        case sRhostsRSAAuthentication:
                intptr = &options->rhosts_rsa_authentication;
                goto parse_flag;
@@ -616,7 +645,7 @@ parse_flag:
        case sPubkeyAuthentication:
                intptr = &options->pubkey_authentication;
                goto parse_flag;
+#if defined(KRB4) || defined(KRB5)
        case sKerberosAuthentication:
                intptr = &options->kerberos_authentication;
                goto parse_flag;
@@ -628,14 +657,17 @@ parse_flag:
        case sKerberosTicketCleanup:
                intptr = &options->kerberos_ticket_cleanup;
                goto parse_flag;
+#endif
-        case sGssAuthentication:
+#if defined(AFS) || defined(KRB5)
-                intptr = &options->gss_authentication;
+        case sKerberosTgtPassing:
+                intptr = &options->kerberos_tgt_passing;
                goto parse_flag;
+#endif
-        case sGssCleanupCreds:
+#ifdef AFS
-                intptr = &options->gss_cleanup_creds;
+        case sAFSTokenPassing:
+                intptr = &options->afs_token_passing;
                goto parse_flag;
+#endif
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
@@ -701,8 +733,8 @@ parse_flag:
                intptr = &options->gateway_ports;
                goto parse_flag;
-        case sUseDNS:
+        case sVerifyReverseMapping:
-                intptr = &options->use_dns;
+                intptr = &options->verify_reverse_mapping;
                goto parse_flag;
        case sLogFacility:
@@ -878,14 +910,7 @@ parse_flag:
                goto parse_int;
        case sDeprecated:
-                logit("%s line %d: Deprecated option %s",
+                log("%s line %d: Deprecated option %s",
-                    filename, linenum, arg);
-                while (arg)
-                    arg = strdelim(&cp);
-                break;
-        case sUnsupported:
-                logit("%s line %d: Unsupported option %s",
                    filename, linenum, arg);
                while (arg)
                    arg = strdelim(&cp);

diff --git a/servconf.c b/servconf.c index 71e28b3cb..2510659ee 100644 --- a/servconf.c +++ b/servconf.c
@@ -10,7 +10,23 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");	13	RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
		14
		15	#if defined(KRB4)
		16	#include <krb.h>
		17	#endif
		18	#if defined(KRB5)
		19	#ifdef HEIMDAL
		20	#include <krb.h>
		21	#else
		22	/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
		23	* keytab */
		24	#define KEYFILE "/etc/krb5.keytab"
		25	#endif
		26	#endif
		27	#ifdef AFS
		28	#include <kafs.h>
		29	#endif
14		30
15	#include "ssh.h"	31	#include "ssh.h"
16	#include "log.h"	32	#include "log.h"
@@ -40,7 +56,7 @@ initialize_server_options(ServerOptions *options)
40	memset(options, 0, sizeof(*options));	56	memset(options, 0, sizeof(*options));
41		57
42	/* Portable-specific options */	58	/* Portable-specific options */
43	options->use_pam = -1;	59	options->pam_authentication_via_kbd_int = -1;
44		60
45	/* Standard Options */	61	/* Standard Options */
46	options->num_ports = 0;	62	options->num_ports = 0;
@@ -64,16 +80,23 @@ initialize_server_options(ServerOptions *options)
64	options->keepalives = -1;	80	options->keepalives = -1;
65	options->log_facility = SYSLOG_FACILITY_NOT_SET;	81	options->log_facility = SYSLOG_FACILITY_NOT_SET;
66	options->log_level = SYSLOG_LEVEL_NOT_SET;	82	options->log_level = SYSLOG_LEVEL_NOT_SET;
		83	options->rhosts_authentication = -1;
67	options->rhosts_rsa_authentication = -1;	84	options->rhosts_rsa_authentication = -1;
68	options->hostbased_authentication = -1;	85	options->hostbased_authentication = -1;
69	options->hostbased_uses_name_from_packet_only = -1;	86	options->hostbased_uses_name_from_packet_only = -1;
70	options->rsa_authentication = -1;	87	options->rsa_authentication = -1;
71	options->pubkey_authentication = -1;	88	options->pubkey_authentication = -1;
		89	#if defined(KRB4) \|\| defined(KRB5)
72	options->kerberos_authentication = -1;	90	options->kerberos_authentication = -1;
73	options->kerberos_or_local_passwd = -1;	91	options->kerberos_or_local_passwd = -1;
74	options->kerberos_ticket_cleanup = -1;	92	options->kerberos_ticket_cleanup = -1;
75	options->gss_authentication=-1;	93	#endif
76	options->gss_cleanup_creds = -1;	94	#if defined(AFS) \|\| defined(KRB5)
		95	options->kerberos_tgt_passing = -1;
		96	#endif
		97	#ifdef AFS
		98	options->afs_token_passing = -1;
		99	#endif
77	options->password_authentication = -1;	100	options->password_authentication = -1;
78	options->kbd_interactive_authentication = -1;	101	options->kbd_interactive_authentication = -1;
79	options->challenge_response_authentication = -1;	102	options->challenge_response_authentication = -1;
@@ -95,7 +118,7 @@ initialize_server_options(ServerOptions *options)
95	options->max_startups_rate = -1;	118	options->max_startups_rate = -1;
96	options->max_startups = -1;	119	options->max_startups = -1;
97	options->banner = NULL;	120	options->banner = NULL;
98	options->use_dns = -1;	121	options->verify_reverse_mapping = -1;
99	options->client_alive_interval = -1;	122	options->client_alive_interval = -1;
100	options->client_alive_count_max = -1;	123	options->client_alive_count_max = -1;
101	options->authorized_keys_file = NULL;	124	options->authorized_keys_file = NULL;
@@ -109,8 +132,8 @@ void
109	fill_default_server_options(ServerOptions *options)	132	fill_default_server_options(ServerOptions *options)
110	{	133	{
111	/* Portable-specific options */	134	/* Portable-specific options */
112	if (options->use_pam == -1)	135	if (options->pam_authentication_via_kbd_int == -1)
113	options->use_pam = 1;	136	options->pam_authentication_via_kbd_int = 0;
114		137
115	/* Standard Options */	138	/* Standard Options */
116	if (options->protocol == SSH_PROTO_UNKNOWN)	139	if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -165,6 +188,8 @@ fill_default_server_options(ServerOptions *options)
165	options->log_facility = SYSLOG_FACILITY_AUTH;	188	options->log_facility = SYSLOG_FACILITY_AUTH;
166	if (options->log_level == SYSLOG_LEVEL_NOT_SET)	189	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
167	options->log_level = SYSLOG_LEVEL_INFO;	190	options->log_level = SYSLOG_LEVEL_INFO;
		191	if (options->rhosts_authentication == -1)
		192	options->rhosts_authentication = 0;
168	if (options->rhosts_rsa_authentication == -1)	193	if (options->rhosts_rsa_authentication == -1)
169	options->rhosts_rsa_authentication = 0;	194	options->rhosts_rsa_authentication = 0;
170	if (options->hostbased_authentication == -1)	195	if (options->hostbased_authentication == -1)
@@ -175,16 +200,22 @@ fill_default_server_options(ServerOptions *options)
175	options->rsa_authentication = 1;	200	options->rsa_authentication = 1;
176	if (options->pubkey_authentication == -1)	201	if (options->pubkey_authentication == -1)
177	options->pubkey_authentication = 1;	202	options->pubkey_authentication = 1;
		203	#if defined(KRB4) \|\| defined(KRB5)
178	if (options->kerberos_authentication == -1)	204	if (options->kerberos_authentication == -1)
179	options->kerberos_authentication = 0;	205	options->kerberos_authentication = 0;
180	if (options->kerberos_or_local_passwd == -1)	206	if (options->kerberos_or_local_passwd == -1)
181	options->kerberos_or_local_passwd = 1;	207	options->kerberos_or_local_passwd = 1;
182	if (options->kerberos_ticket_cleanup == -1)	208	if (options->kerberos_ticket_cleanup == -1)
183	options->kerberos_ticket_cleanup = 1;	209	options->kerberos_ticket_cleanup = 1;
184	if (options->gss_authentication == -1)	210	#endif
185	options->gss_authentication = 0;	211	#if defined(AFS) \|\| defined(KRB5)
186	if (options->gss_cleanup_creds == -1)	212	if (options->kerberos_tgt_passing == -1)
187	options->gss_cleanup_creds = 1;	213	options->kerberos_tgt_passing = 0;
		214	#endif
		215	#ifdef AFS
		216	if (options->afs_token_passing == -1)
		217	options->afs_token_passing = 0;
		218	#endif
188	if (options->password_authentication == -1)	219	if (options->password_authentication == -1)
189	options->password_authentication = 1;	220	options->password_authentication = 1;
190	if (options->kbd_interactive_authentication == -1)	221	if (options->kbd_interactive_authentication == -1)
@@ -209,8 +240,8 @@ fill_default_server_options(ServerOptions *options)
209	options->max_startups_rate = 100; /* 100% */	240	options->max_startups_rate = 100; /* 100% */
210	if (options->max_startups_begin == -1)	241	if (options->max_startups_begin == -1)
211	options->max_startups_begin = options->max_startups;	242	options->max_startups_begin = options->max_startups;
212	if (options->use_dns == -1)	243	if (options->verify_reverse_mapping == -1)
213	options->use_dns = 1;	244	options->verify_reverse_mapping = 0;
214	if (options->client_alive_interval == -1)	245	if (options->client_alive_interval == -1)
215	options->client_alive_interval = 0;	246	options->client_alive_interval = 0;
216	if (options->client_alive_count_max == -1)	247	if (options->client_alive_count_max == -1)
@@ -244,13 +275,21 @@ fill_default_server_options(ServerOptions *options)
244	typedef enum {	275	typedef enum {
245	sBadOption, /* == unknown option */	276	sBadOption, /* == unknown option */
246	/* Portable-specific options */	277	/* Portable-specific options */
247	sUsePAM,	278	sPAMAuthenticationViaKbdInt,
248	/* Standard Options */	279	/* Standard Options */
249	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	280	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
250	sPermitRootLogin, sLogFacility, sLogLevel,	281	sPermitRootLogin, sLogFacility, sLogLevel,
251	sRhostsRSAAuthentication, sRSAAuthentication,	282	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
		283	#if defined(KRB4) \|\| defined(KRB5)
252	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	284	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
253	sKerberosTgtPassing, sChallengeResponseAuthentication,	285	#endif
		286	#if defined(AFS) \|\| defined(KRB5)
		287	sKerberosTgtPassing,
		288	#endif
		289	#ifdef AFS
		290	sAFSTokenPassing,
		291	#endif
		292	sChallengeResponseAuthentication,
254	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	293	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
255	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	294	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
256	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	295	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -259,12 +298,11 @@ typedef enum {
259	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	298	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
260	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	299	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
261	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,	300	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
262	sBanner, sUseDNS, sHostbasedAuthentication,	301	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
263	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	302	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
264	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	303	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
265	sGssAuthentication, sGssCleanupCreds,
266	sUsePrivilegeSeparation,	304	sUsePrivilegeSeparation,
267	sDeprecated, sUnsupported	305	sDeprecated
268	} ServerOpCodes;	306	} ServerOpCodes;
269		307
270	/* Textual representation of the tokens. */	308	/* Textual representation of the tokens. */
@@ -273,12 +311,7 @@ static struct {
273	ServerOpCodes opcode;	311	ServerOpCodes opcode;
274	} keywords[] = {	312	} keywords[] = {
275	/* Portable-specific options */	313	/* Portable-specific options */
276	#ifdef USE_PAM	314	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
277	{ "usepam", sUsePAM },
278	#else
279	{ "usepam", sUnsupported },
280	#endif
281	{ "pamauthenticationviakbdint", sDeprecated },
282	/* Standard Options */	315	/* Standard Options */
283	{ "port", sPort },	316	{ "port", sPort },
284	{ "hostkey", sHostKeyFile },	317	{ "hostkey", sHostKeyFile },
@@ -290,30 +323,23 @@ static struct {
290	{ "permitrootlogin", sPermitRootLogin },	323	{ "permitrootlogin", sPermitRootLogin },
291	{ "syslogfacility", sLogFacility },	324	{ "syslogfacility", sLogFacility },
292	{ "loglevel", sLogLevel },	325	{ "loglevel", sLogLevel },
293	{ "rhostsauthentication", sDeprecated },	326	{ "rhostsauthentication", sRhostsAuthentication },
294	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },	327	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
295	{ "hostbasedauthentication", sHostbasedAuthentication },	328	{ "hostbasedauthentication", sHostbasedAuthentication },
296	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },	329	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
297	{ "rsaauthentication", sRSAAuthentication },	330	{ "rsaauthentication", sRSAAuthentication },
298	{ "pubkeyauthentication", sPubkeyAuthentication },	331	{ "pubkeyauthentication", sPubkeyAuthentication },
299	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */	332	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
300	#ifdef KRB5	333	#if defined(KRB4) \|\| defined(KRB5)
301	{ "kerberosauthentication", sKerberosAuthentication },	334	{ "kerberosauthentication", sKerberosAuthentication },
302	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },	335	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
303	{ "kerberosticketcleanup", sKerberosTicketCleanup },	336	{ "kerberosticketcleanup", sKerberosTicketCleanup },
304	#else
305	{ "kerberosauthentication", sUnsupported },
306	{ "kerberosorlocalpasswd", sUnsupported },
307	{ "kerberosticketcleanup", sUnsupported },
308	#endif	337	#endif
309	{ "kerberostgtpassing", sUnsupported },	338	#if defined(AFS) \|\| defined(KRB5)
310	{ "afstokenpassing", sUnsupported },	339	{ "kerberostgtpassing", sKerberosTgtPassing },
311	#ifdef GSSAPI	340	#endif
312	{ "gssapiauthentication", sGssAuthentication },	341	#ifdef AFS
313	{ "gssapicleanupcreds", sGssCleanupCreds },	342	{ "afstokenpassing", sAFSTokenPassing },
314	#else
315	{ "gssapiauthentication", sUnsupported },
316	{ "gssapicleanupcreds", sUnsupported },
317	#endif	343	#endif
318	{ "passwordauthentication", sPasswordAuthentication },	344	{ "passwordauthentication", sPasswordAuthentication },
319	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },	345	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
@@ -347,9 +373,8 @@ static struct {
347	{ "subsystem", sSubsystem },	373	{ "subsystem", sSubsystem },
348	{ "maxstartups", sMaxStartups },	374	{ "maxstartups", sMaxStartups },
349	{ "banner", sBanner },	375	{ "banner", sBanner },
350	{ "usedns", sUseDNS },	376	{ "verifyreversemapping", sVerifyReverseMapping },
351	{ "verifyreversemapping", sDeprecated },	377	{ "reversemappingcheck", sVerifyReverseMapping },
352	{ "reversemappingcheck", sDeprecated },
353	{ "clientaliveinterval", sClientAliveInterval },	378	{ "clientaliveinterval", sClientAliveInterval },
354	{ "clientalivecountmax", sClientAliveCountMax },	379	{ "clientalivecountmax", sClientAliveCountMax },
355	{ "authorizedkeysfile", sAuthorizedKeysFile },	380	{ "authorizedkeysfile", sAuthorizedKeysFile },
@@ -433,8 +458,8 @@ process_server_config_line(ServerOptions options, char line,
433	opcode = parse_token(arg, filename, linenum);	458	opcode = parse_token(arg, filename, linenum);
434	switch (opcode) {	459	switch (opcode) {
435	/* Portable-specific options */	460	/* Portable-specific options */
436	case sUsePAM:	461	case sPAMAuthenticationViaKbdInt:
437	intptr = &options->use_pam;	462	intptr = &options->pam_authentication_via_kbd_int;
438	goto parse_flag;	463	goto parse_flag;
439		464
440	/* Standard Options */	465	/* Standard Options */
@@ -597,6 +622,10 @@ parse_flag:
597	intptr = &options->ignore_user_known_hosts;	622	intptr = &options->ignore_user_known_hosts;
598	goto parse_flag;	623	goto parse_flag;
599		624
		625	case sRhostsAuthentication:
		626	intptr = &options->rhosts_authentication;
		627	goto parse_flag;
		628
600	case sRhostsRSAAuthentication:	629	case sRhostsRSAAuthentication:
601	intptr = &options->rhosts_rsa_authentication;	630	intptr = &options->rhosts_rsa_authentication;
602	goto parse_flag;	631	goto parse_flag;
@@ -616,7 +645,7 @@ parse_flag:
616	case sPubkeyAuthentication:	645	case sPubkeyAuthentication:
617	intptr = &options->pubkey_authentication;	646	intptr = &options->pubkey_authentication;
618	goto parse_flag;	647	goto parse_flag;
619		648	#if defined(KRB4) \|\| defined(KRB5)
620	case sKerberosAuthentication:	649	case sKerberosAuthentication:
621	intptr = &options->kerberos_authentication;	650	intptr = &options->kerberos_authentication;
622	goto parse_flag;	651	goto parse_flag;
@@ -628,14 +657,17 @@ parse_flag:
628	case sKerberosTicketCleanup:	657	case sKerberosTicketCleanup:
629	intptr = &options->kerberos_ticket_cleanup;	658	intptr = &options->kerberos_ticket_cleanup;
630	goto parse_flag;	659	goto parse_flag;
631		660	#endif
632	case sGssAuthentication:	661	#if defined(AFS) \|\| defined(KRB5)
633	intptr = &options->gss_authentication;	662	case sKerberosTgtPassing:
		663	intptr = &options->kerberos_tgt_passing;
634	goto parse_flag;	664	goto parse_flag;
635		665	#endif
636	case sGssCleanupCreds:	666	#ifdef AFS
637	intptr = &options->gss_cleanup_creds;	667	case sAFSTokenPassing:
		668	intptr = &options->afs_token_passing;
638	goto parse_flag;	669	goto parse_flag;
		670	#endif
639		671
640	case sPasswordAuthentication:	672	case sPasswordAuthentication:
641	intptr = &options->password_authentication;	673	intptr = &options->password_authentication;
@@ -701,8 +733,8 @@ parse_flag:
701	intptr = &options->gateway_ports;	733	intptr = &options->gateway_ports;
702	goto parse_flag;	734	goto parse_flag;
703		735
704	case sUseDNS:	736	case sVerifyReverseMapping:
705	intptr = &options->use_dns;	737	intptr = &options->verify_reverse_mapping;
706	goto parse_flag;	738	goto parse_flag;
707		739
708	case sLogFacility:	740	case sLogFacility:
@@ -878,14 +910,7 @@ parse_flag:
878	goto parse_int;	910	goto parse_int;
879		911
880	case sDeprecated:	912	case sDeprecated:
881	logit("%s line %d: Deprecated option %s",	913	log("%s line %d: Deprecated option %s",
882	filename, linenum, arg);
883	while (arg)
884	arg = strdelim(&cp);
885	break;
886
887	case sUnsupported:
888	logit("%s line %d: Unsupported option %s",
889	filename, linenum, arg);	914	filename, linenum, arg);
890	while (arg)	915	while (arg)
891	arg = strdelim(&cp);	916	arg = strdelim(&cp);