diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index c0f6af0be..5411640fc 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.341 2018/09/20 03:28:06 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -145,6 +145,7 @@ initialize_server_options(ServerOptions *options) | |||
| 145 | options->ciphers = NULL; | 145 | options->ciphers = NULL; |
| 146 | options->macs = NULL; | 146 | options->macs = NULL; |
| 147 | options->kex_algorithms = NULL; | 147 | options->kex_algorithms = NULL; |
| 148 | options->ca_sign_algorithms = NULL; | ||
| 148 | options->fwd_opts.gateway_ports = -1; | 149 | options->fwd_opts.gateway_ports = -1; |
| 149 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; | 150 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
| 150 | options->fwd_opts.streamlocal_bind_unlink = -1; | 151 | options->fwd_opts.streamlocal_bind_unlink = -1; |
| @@ -191,13 +192,14 @@ option_clear_or_none(const char *o) | |||
| 191 | static void | 192 | static void |
| 192 | assemble_algorithms(ServerOptions *o) | 193 | assemble_algorithms(ServerOptions *o) |
| 193 | { | 194 | { |
| 194 | char *all_cipher, *all_mac, *all_kex, *all_key; | 195 | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
| 195 | int r; | 196 | int r; |
| 196 | 197 | ||
| 197 | all_cipher = cipher_alg_list(',', 0); | 198 | all_cipher = cipher_alg_list(',', 0); |
| 198 | all_mac = mac_alg_list(','); | 199 | all_mac = mac_alg_list(','); |
| 199 | all_kex = kex_alg_list(','); | 200 | all_kex = kex_alg_list(','); |
| 200 | all_key = sshkey_alg_list(0, 0, 1, ','); | 201 | all_key = sshkey_alg_list(0, 0, 1, ','); |
| 202 | all_sig = sshkey_alg_list(0, 1, 1, ','); | ||
| 201 | #define ASSEMBLE(what, defaults, all) \ | 203 | #define ASSEMBLE(what, defaults, all) \ |
| 202 | do { \ | 204 | do { \ |
| 203 | if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ | 205 | if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
| @@ -209,11 +211,13 @@ assemble_algorithms(ServerOptions *o) | |||
| 209 | ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); | 211 | ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); |
| 210 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); | 212 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
| 211 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); | 213 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
| 214 | ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); | ||
| 212 | #undef ASSEMBLE | 215 | #undef ASSEMBLE |
| 213 | free(all_cipher); | 216 | free(all_cipher); |
| 214 | free(all_mac); | 217 | free(all_mac); |
| 215 | free(all_kex); | 218 | free(all_kex); |
| 216 | free(all_key); | 219 | free(all_key); |
| 220 | free(all_sig); | ||
| 217 | } | 221 | } |
| 218 | 222 | ||
| 219 | static void | 223 | static void |
| @@ -487,7 +491,7 @@ typedef enum { | |||
| 487 | sHostCertificate, | 491 | sHostCertificate, |
| 488 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 492 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 489 | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, | 493 | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
| 490 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 494 | sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, |
| 491 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 495 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
| 492 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 496 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
| 493 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 497 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
| @@ -1431,6 +1435,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1431 | charptr = &options->hostkeyalgorithms; | 1435 | charptr = &options->hostkeyalgorithms; |
| 1432 | goto parse_keytypes; | 1436 | goto parse_keytypes; |
| 1433 | 1437 | ||
| 1438 | case sCASignatureAlgorithms: | ||
| 1439 | charptr = &options->ca_sign_algorithms; | ||
| 1440 | goto parse_keytypes; | ||
| 1441 | |||
| 1434 | case sPubkeyAuthentication: | 1442 | case sPubkeyAuthentication: |
| 1435 | intptr = &options->pubkey_authentication; | 1443 | intptr = &options->pubkey_authentication; |
| 1436 | goto parse_flag; | 1444 | goto parse_flag; |
| @@ -2601,6 +2609,8 @@ dump_config(ServerOptions *o) | |||
| 2601 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | 2609 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
| 2602 | dump_cfg_string(sKexAlgorithms, | 2610 | dump_cfg_string(sKexAlgorithms, |
| 2603 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); | 2611 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
| 2612 | dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? | ||
| 2613 | o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); | ||
| 2604 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? | 2614 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
| 2605 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); | 2615 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
| 2606 | dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? | 2616 | dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? |