summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c164
1 files changed, 131 insertions, 33 deletions
diff --git a/servconf.c b/servconf.c
index bec53e00e..fe3e31157 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,4 @@
1 1/* $OpenBSD: servconf.c,v 1.274 2015/07/01 02:32:17 djm Exp $ */
2/* $OpenBSD: servconf.c,v 1.260 2015/02/02 01:57:44 deraadt Exp $ */
3/* 2/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 4 * All rights reserved
@@ -78,6 +77,8 @@ initialize_server_options(ServerOptions *options)
78 /* Standard Options */ 77 /* Standard Options */
79 options->num_ports = 0; 78 options->num_ports = 0;
80 options->ports_from_cmdline = 0; 79 options->ports_from_cmdline = 0;
80 options->queued_listen_addrs = NULL;
81 options->num_queued_listens = 0;
81 options->listen_addrs = NULL; 82 options->listen_addrs = NULL;
82 options->address_family = -1; 83 options->address_family = -1;
83 options->num_host_key_files = 0; 84 options->num_host_key_files = 0;
@@ -162,6 +163,8 @@ initialize_server_options(ServerOptions *options)
162 options->revoked_keys_file = NULL; 163 options->revoked_keys_file = NULL;
163 options->trusted_user_ca_keys = NULL; 164 options->trusted_user_ca_keys = NULL;
164 options->authorized_principals_file = NULL; 165 options->authorized_principals_file = NULL;
166 options->authorized_principals_command = NULL;
167 options->authorized_principals_command_user = NULL;
165 options->ip_qos_interactive = -1; 168 options->ip_qos_interactive = -1;
166 options->ip_qos_bulk = -1; 169 options->ip_qos_bulk = -1;
167 options->version_addendum = NULL; 170 options->version_addendum = NULL;
@@ -209,6 +212,8 @@ fill_default_server_options(ServerOptions *options)
209 /* No certificates by default */ 212 /* No certificates by default */
210 if (options->num_ports == 0) 213 if (options->num_ports == 0)
211 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 214 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
215 if (options->address_family == -1)
216 options->address_family = AF_UNSPEC;
212 if (options->listen_addrs == NULL) 217 if (options->listen_addrs == NULL)
213 add_listen_addr(options, NULL, 0); 218 add_listen_addr(options, NULL, 0);
214 if (options->pid_file == NULL) 219 if (options->pid_file == NULL)
@@ -361,6 +366,7 @@ fill_default_server_options(ServerOptions *options)
361 CLEAR_ON_NONE(options->banner); 366 CLEAR_ON_NONE(options->banner);
362 CLEAR_ON_NONE(options->trusted_user_ca_keys); 367 CLEAR_ON_NONE(options->trusted_user_ca_keys);
363 CLEAR_ON_NONE(options->revoked_keys_file); 368 CLEAR_ON_NONE(options->revoked_keys_file);
369 CLEAR_ON_NONE(options->authorized_principals_file);
364 for (i = 0; i < options->num_host_key_files; i++) 370 for (i = 0; i < options->num_host_key_files; i++)
365 CLEAR_ON_NONE(options->host_key_files[i]); 371 CLEAR_ON_NONE(options->host_key_files[i]);
366 for (i = 0; i < options->num_host_cert_files; i++) 372 for (i = 0; i < options->num_host_cert_files; i++)
@@ -410,6 +416,7 @@ typedef enum {
410 sUsePrivilegeSeparation, sAllowAgentForwarding, 416 sUsePrivilegeSeparation, sAllowAgentForwarding,
411 sHostCertificate, 417 sHostCertificate,
412 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 418 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
419 sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
413 sKexAlgorithms, sIPQoS, sVersionAddendum, 420 sKexAlgorithms, sIPQoS, sVersionAddendum,
414 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, 421 sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
415 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, 422 sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
@@ -554,6 +561,8 @@ static struct {
554 { "ipqos", sIPQoS, SSHCFG_ALL }, 561 { "ipqos", sIPQoS, SSHCFG_ALL },
555 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, 562 { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
556 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, 563 { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
564 { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
565 { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
557 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, 566 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
558 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, 567 { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
559 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, 568 { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
@@ -618,10 +627,6 @@ add_listen_addr(ServerOptions *options, char *addr, int port)
618{ 627{
619 u_int i; 628 u_int i;
620 629
621 if (options->num_ports == 0)
622 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
623 if (options->address_family == -1)
624 options->address_family = AF_UNSPEC;
625 if (port == 0) 630 if (port == 0)
626 for (i = 0; i < options->num_ports; i++) 631 for (i = 0; i < options->num_ports; i++)
627 add_one_listen_addr(options, addr, options->ports[i]); 632 add_one_listen_addr(options, addr, options->ports[i]);
@@ -651,6 +656,51 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port)
651 options->listen_addrs = aitop; 656 options->listen_addrs = aitop;
652} 657}
653 658
659/*
660 * Queue a ListenAddress to be processed once we have all of the Ports
661 * and AddressFamily options.
662 */
663static void
664queue_listen_addr(ServerOptions *options, char *addr, int port)
665{
666 options->queued_listen_addrs = xreallocarray(
667 options->queued_listen_addrs, options->num_queued_listens + 1,
668 sizeof(addr));
669 options->queued_listen_ports = xreallocarray(
670 options->queued_listen_ports, options->num_queued_listens + 1,
671 sizeof(port));
672 options->queued_listen_addrs[options->num_queued_listens] =
673 xstrdup(addr);
674 options->queued_listen_ports[options->num_queued_listens] = port;
675 options->num_queued_listens++;
676}
677
678/*
679 * Process queued (text) ListenAddress entries.
680 */
681static void
682process_queued_listen_addrs(ServerOptions *options)
683{
684 u_int i;
685
686 if (options->num_ports == 0)
687 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
688 if (options->address_family == -1)
689 options->address_family = AF_UNSPEC;
690
691 for (i = 0; i < options->num_queued_listens; i++) {
692 add_listen_addr(options, options->queued_listen_addrs[i],
693 options->queued_listen_ports[i]);
694 free(options->queued_listen_addrs[i]);
695 options->queued_listen_addrs[i] = NULL;
696 }
697 free(options->queued_listen_addrs);
698 options->queued_listen_addrs = NULL;
699 free(options->queued_listen_ports);
700 options->queued_listen_ports = NULL;
701 options->num_queued_listens = 0;
702}
703
654struct connection_info * 704struct connection_info *
655get_connection_info(int populate, int use_dns) 705get_connection_info(int populate, int use_dns)
656{ 706{
@@ -736,7 +786,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
736{ 786{
737 int result = 1, attributes = 0, port; 787 int result = 1, attributes = 0, port;
738 char *arg, *attrib, *cp = *condition; 788 char *arg, *attrib, *cp = *condition;
739 size_t len;
740 789
741 if (ci == NULL) 790 if (ci == NULL)
742 debug3("checking syntax for 'Match %s'", cp); 791 debug3("checking syntax for 'Match %s'", cp);
@@ -763,13 +812,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
763 error("Missing Match criteria for %s", attrib); 812 error("Missing Match criteria for %s", attrib);
764 return -1; 813 return -1;
765 } 814 }
766 len = strlen(arg);
767 if (strcasecmp(attrib, "user") == 0) { 815 if (strcasecmp(attrib, "user") == 0) {
768 if (ci == NULL || ci->user == NULL) { 816 if (ci == NULL || ci->user == NULL) {
769 result = 0; 817 result = 0;
770 continue; 818 continue;
771 } 819 }
772 if (match_pattern_list(ci->user, arg, len, 0) != 1) 820 if (match_pattern_list(ci->user, arg, 0) != 1)
773 result = 0; 821 result = 0;
774 else 822 else
775 debug("user %.100s matched 'User %.100s' at " 823 debug("user %.100s matched 'User %.100s' at "
@@ -790,7 +838,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
790 result = 0; 838 result = 0;
791 continue; 839 continue;
792 } 840 }
793 if (match_hostname(ci->host, arg, len) != 1) 841 if (match_hostname(ci->host, arg) != 1)
794 result = 0; 842 result = 0;
795 else 843 else
796 debug("connection from %.100s matched 'Host " 844 debug("connection from %.100s matched 'Host "
@@ -967,9 +1015,6 @@ process_server_config_line(ServerOptions *options, char *line,
967 /* ignore ports from configfile if cmdline specifies ports */ 1015 /* ignore ports from configfile if cmdline specifies ports */
968 if (options->ports_from_cmdline) 1016 if (options->ports_from_cmdline)
969 return 0; 1017 return 0;
970 if (options->listen_addrs != NULL)
971 fatal("%s line %d: ports must be specified before "
972 "ListenAddress.", filename, linenum);
973 if (options->num_ports >= MAX_PORTS) 1018 if (options->num_ports >= MAX_PORTS)
974 fatal("%s line %d: too many ports.", 1019 fatal("%s line %d: too many ports.",
975 filename, linenum); 1020 filename, linenum);
@@ -1005,7 +1050,7 @@ process_server_config_line(ServerOptions *options, char *line,
1005 if ((value = convtime(arg)) == -1) 1050 if ((value = convtime(arg)) == -1)
1006 fatal("%s line %d: invalid time value.", 1051 fatal("%s line %d: invalid time value.",
1007 filename, linenum); 1052 filename, linenum);
1008 if (*intptr == -1) 1053 if (*activep && *intptr == -1)
1009 *intptr = value; 1054 *intptr = value;
1010 break; 1055 break;
1011 1056
@@ -1021,7 +1066,7 @@ process_server_config_line(ServerOptions *options, char *line,
1021 /* check for bare IPv6 address: no "[]" and 2 or more ":" */ 1066 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
1022 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL 1067 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
1023 && strchr(p+1, ':') != NULL) { 1068 && strchr(p+1, ':') != NULL) {
1024 add_listen_addr(options, arg, 0); 1069 queue_listen_addr(options, arg, 0);
1025 break; 1070 break;
1026 } 1071 }
1027 p = hpdelim(&arg); 1072 p = hpdelim(&arg);
@@ -1034,16 +1079,13 @@ process_server_config_line(ServerOptions *options, char *line,
1034 else if ((port = a2port(arg)) <= 0) 1079 else if ((port = a2port(arg)) <= 0)
1035 fatal("%s line %d: bad port number", filename, linenum); 1080 fatal("%s line %d: bad port number", filename, linenum);
1036 1081
1037 add_listen_addr(options, p, port); 1082 queue_listen_addr(options, p, port);
1038 1083
1039 break; 1084 break;
1040 1085
1041 case sAddressFamily: 1086 case sAddressFamily:
1042 intptr = &options->address_family; 1087 intptr = &options->address_family;
1043 multistate_ptr = multistate_addressfamily; 1088 multistate_ptr = multistate_addressfamily;
1044 if (options->listen_addrs != NULL)
1045 fatal("%s line %d: address family must be specified "
1046 "before ListenAddress.", filename, linenum);
1047 parse_multistate: 1089 parse_multistate:
1048 arg = strdelim(&cp); 1090 arg = strdelim(&cp);
1049 if (!arg || *arg == '\0') 1091 if (!arg || *arg == '\0')
@@ -1483,7 +1525,7 @@ process_server_config_line(ServerOptions *options, char *line,
1483 len = strlen(p) + 1; 1525 len = strlen(p) + 1;
1484 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') { 1526 while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
1485 len += 1 + strlen(arg); 1527 len += 1 + strlen(arg);
1486 p = xrealloc(p, 1, len); 1528 p = xreallocarray(p, 1, len);
1487 strlcat(p, " ", len); 1529 strlcat(p, " ", len);
1488 strlcat(p, arg, len); 1530 strlcat(p, arg, len);
1489 } 1531 }
@@ -1598,7 +1640,7 @@ process_server_config_line(ServerOptions *options, char *line,
1598 if (value == -1) 1640 if (value == -1)
1599 fatal("%s line %d: Bad yes/point-to-point/ethernet/" 1641 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
1600 "no argument: %s", filename, linenum, arg); 1642 "no argument: %s", filename, linenum, arg);
1601 if (*intptr == -1) 1643 if (*activep && *intptr == -1)
1602 *intptr = value; 1644 *intptr = value;
1603 break; 1645 break;
1604 1646
@@ -1651,7 +1693,7 @@ process_server_config_line(ServerOptions *options, char *line,
1651 break; 1693 break;
1652 1694
1653 case sForceCommand: 1695 case sForceCommand:
1654 if (cp == NULL) 1696 if (cp == NULL || *cp == '\0')
1655 fatal("%.200s line %d: Missing argument.", filename, 1697 fatal("%.200s line %d: Missing argument.", filename,
1656 linenum); 1698 linenum);
1657 len = strspn(cp, WHITESPACE); 1699 len = strspn(cp, WHITESPACE);
@@ -1696,7 +1738,7 @@ process_server_config_line(ServerOptions *options, char *line,
1696 break; 1738 break;
1697 1739
1698 case sVersionAddendum: 1740 case sVersionAddendum:
1699 if (cp == NULL) 1741 if (cp == NULL || *cp == '\0')
1700 fatal("%.200s line %d: Missing argument.", filename, 1742 fatal("%.200s line %d: Missing argument.", filename,
1701 linenum); 1743 linenum);
1702 len = strspn(cp, WHITESPACE); 1744 len = strspn(cp, WHITESPACE);
@@ -1736,8 +1778,36 @@ process_server_config_line(ServerOptions *options, char *line,
1736 *charptr = xstrdup(arg); 1778 *charptr = xstrdup(arg);
1737 break; 1779 break;
1738 1780
1781 case sAuthorizedPrincipalsCommand:
1782 if (cp == NULL)
1783 fatal("%.200s line %d: Missing argument.", filename,
1784 linenum);
1785 len = strspn(cp, WHITESPACE);
1786 if (*activep &&
1787 options->authorized_principals_command == NULL) {
1788 if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
1789 fatal("%.200s line %d: "
1790 "AuthorizedPrincipalsCommand must be "
1791 "an absolute path", filename, linenum);
1792 options->authorized_principals_command =
1793 xstrdup(cp + len);
1794 }
1795 return 0;
1796
1797 case sAuthorizedPrincipalsCommandUser:
1798 charptr = &options->authorized_principals_command_user;
1799
1800 arg = strdelim(&cp);
1801 if (!arg || *arg == '\0')
1802 fatal("%s line %d: missing "
1803 "AuthorizedPrincipalsCommandUser argument.",
1804 filename, linenum);
1805 if (*activep && *charptr == NULL)
1806 *charptr = xstrdup(arg);
1807 break;
1808
1739 case sAuthenticationMethods: 1809 case sAuthenticationMethods:
1740 if (*activep && options->num_auth_methods == 0) { 1810 if (options->num_auth_methods == 0) {
1741 while ((arg = strdelim(&cp)) && *arg != '\0') { 1811 while ((arg = strdelim(&cp)) && *arg != '\0') {
1742 if (options->num_auth_methods >= 1812 if (options->num_auth_methods >=
1743 MAX_AUTH_METHODS) 1813 MAX_AUTH_METHODS)
@@ -1748,6 +1818,8 @@ process_server_config_line(ServerOptions *options, char *line,
1748 fatal("%s line %d: invalid " 1818 fatal("%s line %d: invalid "
1749 "authentication method list.", 1819 "authentication method list.",
1750 filename, linenum); 1820 filename, linenum);
1821 if (!*activep)
1822 continue;
1751 options->auth_methods[ 1823 options->auth_methods[
1752 options->num_auth_methods++] = xstrdup(arg); 1824 options->num_auth_methods++] = xstrdup(arg);
1753 } 1825 }
@@ -1757,13 +1829,14 @@ process_server_config_line(ServerOptions *options, char *line,
1757 case sStreamLocalBindMask: 1829 case sStreamLocalBindMask:
1758 arg = strdelim(&cp); 1830 arg = strdelim(&cp);
1759 if (!arg || *arg == '\0') 1831 if (!arg || *arg == '\0')
1760 fatal("%s line %d: missing StreamLocalBindMask argument.", 1832 fatal("%s line %d: missing StreamLocalBindMask "
1761 filename, linenum); 1833 "argument.", filename, linenum);
1762 /* Parse mode in octal format */ 1834 /* Parse mode in octal format */
1763 value = strtol(arg, &p, 8); 1835 value = strtol(arg, &p, 8);
1764 if (arg == p || value < 0 || value > 0777) 1836 if (arg == p || value < 0 || value > 0777)
1765 fatal("%s line %d: Bad mask.", filename, linenum); 1837 fatal("%s line %d: Bad mask.", filename, linenum);
1766 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; 1838 if (*activep)
1839 options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
1767 break; 1840 break;
1768 1841
1769 case sStreamLocalBindUnlink: 1842 case sStreamLocalBindUnlink:
@@ -1994,6 +2067,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
1994 if (bad_options > 0) 2067 if (bad_options > 0)
1995 fatal("%s: terminating, %d bad configuration options", 2068 fatal("%s: terminating, %d bad configuration options",
1996 filename, bad_options); 2069 filename, bad_options);
2070 process_queued_listen_addrs(options);
1997} 2071}
1998 2072
1999static const char * 2073static const char *
@@ -2071,6 +2145,12 @@ dump_cfg_int(ServerOpCodes code, int val)
2071} 2145}
2072 2146
2073static void 2147static void
2148dump_cfg_oct(ServerOpCodes code, int val)
2149{
2150 printf("%s 0%o\n", lookup_opcode_name(code), val);
2151}
2152
2153static void
2074dump_cfg_fmtint(ServerOpCodes code, int val) 2154dump_cfg_fmtint(ServerOpCodes code, int val)
2075{ 2155{
2076 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); 2156 printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
@@ -2099,6 +2179,8 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2099{ 2179{
2100 u_int i; 2180 u_int i;
2101 2181
2182 if (count <= 0)
2183 return;
2102 printf("%s", lookup_opcode_name(code)); 2184 printf("%s", lookup_opcode_name(code));
2103 for (i = 0; i < count; i++) 2185 for (i = 0; i < count; i++)
2104 printf(" %s", vals[i]); 2186 printf(" %s", vals[i]);
@@ -2112,6 +2194,7 @@ dump_config(ServerOptions *o)
2112 int ret; 2194 int ret;
2113 struct addrinfo *ai; 2195 struct addrinfo *ai;
2114 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; 2196 char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
2197 char *laddr1 = xstrdup(""), *laddr2 = NULL;
2115 2198
2116 /* these are usually at the top of the config */ 2199 /* these are usually at the top of the config */
2117 for (i = 0; i < o->num_ports; i++) 2200 for (i = 0; i < o->num_ports; i++)
@@ -2119,7 +2202,11 @@ dump_config(ServerOptions *o)
2119 dump_cfg_fmtint(sProtocol, o->protocol); 2202 dump_cfg_fmtint(sProtocol, o->protocol);
2120 dump_cfg_fmtint(sAddressFamily, o->address_family); 2203 dump_cfg_fmtint(sAddressFamily, o->address_family);
2121 2204
2122 /* ListenAddress must be after Port */ 2205 /*
2206 * ListenAddress must be after Port. add_one_listen_addr pushes
2207 * addresses onto a stack, so to maintain ordering we need to
2208 * print these in reverse order.
2209 */
2123 for (ai = o->listen_addrs; ai; ai = ai->ai_next) { 2210 for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
2124 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, 2211 if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
2125 sizeof(addr), port, sizeof(port), 2212 sizeof(addr), port, sizeof(port),
@@ -2128,16 +2215,22 @@ dump_config(ServerOptions *o)
2128 (ret != EAI_SYSTEM) ? gai_strerror(ret) : 2215 (ret != EAI_SYSTEM) ? gai_strerror(ret) :
2129 strerror(errno)); 2216 strerror(errno));
2130 } else { 2217 } else {
2218 laddr2 = laddr1;
2131 if (ai->ai_family == AF_INET6) 2219 if (ai->ai_family == AF_INET6)
2132 printf("listenaddress [%s]:%s\n", addr, port); 2220 xasprintf(&laddr1, "listenaddress [%s]:%s\n%s",
2221 addr, port, laddr2);
2133 else 2222 else
2134 printf("listenaddress %s:%s\n", addr, port); 2223 xasprintf(&laddr1, "listenaddress %s:%s\n%s",
2224 addr, port, laddr2);
2225 free(laddr2);
2135 } 2226 }
2136 } 2227 }
2228 printf("%s", laddr1);
2229 free(laddr1);
2137 2230
2138 /* integer arguments */ 2231 /* integer arguments */
2139#ifdef USE_PAM 2232#ifdef USE_PAM
2140 dump_cfg_int(sUsePAM, o->use_pam); 2233 dump_cfg_fmtint(sUsePAM, o->use_pam);
2141#endif 2234#endif
2142 dump_cfg_int(sServerKeyBits, o->server_key_bits); 2235 dump_cfg_int(sServerKeyBits, o->server_key_bits);
2143 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 2236 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
@@ -2147,6 +2240,7 @@ dump_config(ServerOptions *o)
2147 dump_cfg_int(sMaxSessions, o->max_sessions); 2240 dump_cfg_int(sMaxSessions, o->max_sessions);
2148 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 2241 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
2149 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 2242 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
2243 dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
2150 2244
2151 /* formatted integer arguments */ 2245 /* formatted integer arguments */
2152 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); 2246 dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
@@ -2193,6 +2287,7 @@ dump_config(ServerOptions *o)
2193 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); 2287 dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2194 dump_cfg_fmtint(sUseDNS, o->use_dns); 2288 dump_cfg_fmtint(sUseDNS, o->use_dns);
2195 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); 2289 dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2290 dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2196 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2291 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2197 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); 2292 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2198 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2293 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
@@ -2209,9 +2304,12 @@ dump_config(ServerOptions *o)
2209 dump_cfg_string(sRevokedKeys, o->revoked_keys_file); 2304 dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
2210 dump_cfg_string(sAuthorizedPrincipalsFile, 2305 dump_cfg_string(sAuthorizedPrincipalsFile,
2211 o->authorized_principals_file); 2306 o->authorized_principals_file);
2212 dump_cfg_string(sVersionAddendum, o->version_addendum); 2307 dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
2308 ? "none" : o->version_addendum);
2213 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); 2309 dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
2214 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); 2310 dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
2311 dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command);
2312 dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user);
2215 dump_cfg_string(sHostKeyAgent, o->host_key_agent); 2313 dump_cfg_string(sHostKeyAgent, o->host_key_agent);
2216 dump_cfg_string(sKexAlgorithms, 2314 dump_cfg_string(sKexAlgorithms,
2217 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); 2315 o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
@@ -2229,7 +2327,7 @@ dump_config(ServerOptions *o)
2229 o->authorized_keys_files); 2327 o->authorized_keys_files);
2230 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, 2328 dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
2231 o->host_key_files); 2329 o->host_key_files);
2232 dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, 2330 dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
2233 o->host_cert_files); 2331 o->host_cert_files);
2234 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); 2332 dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
2235 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); 2333 dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 19:39:51 +0000