diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index e7fc2a781..68c44fc81 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -92,7 +92,10 @@ initialize_server_options(ServerOptions *options) | |||
| 92 | options->kerberos_ticket_cleanup = -1; | 92 | options->kerberos_ticket_cleanup = -1; |
| 93 | options->kerberos_get_afs_token = -1; | 93 | options->kerberos_get_afs_token = -1; |
| 94 | options->gss_authentication=-1; | 94 | options->gss_authentication=-1; |
| 95 | options->gss_keyex = -1; | ||
| 95 | options->gss_cleanup_creds = -1; | 96 | options->gss_cleanup_creds = -1; |
| 97 | options->gss_strict_acceptor = -1; | ||
| 98 | options->gss_store_rekey = -1; | ||
| 96 | options->password_authentication = -1; | 99 | options->password_authentication = -1; |
| 97 | options->kbd_interactive_authentication = -1; | 100 | options->kbd_interactive_authentication = -1; |
| 98 | options->challenge_response_authentication = -1; | 101 | options->challenge_response_authentication = -1; |
| @@ -210,8 +213,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 210 | options->kerberos_get_afs_token = 0; | 213 | options->kerberos_get_afs_token = 0; |
| 211 | if (options->gss_authentication == -1) | 214 | if (options->gss_authentication == -1) |
| 212 | options->gss_authentication = 0; | 215 | options->gss_authentication = 0; |
| 216 | if (options->gss_keyex == -1) | ||
| 217 | options->gss_keyex = 0; | ||
| 213 | if (options->gss_cleanup_creds == -1) | 218 | if (options->gss_cleanup_creds == -1) |
| 214 | options->gss_cleanup_creds = 1; | 219 | options->gss_cleanup_creds = 1; |
| 220 | if (options->gss_strict_acceptor == -1) | ||
| 221 | options->gss_strict_acceptor = 1; | ||
| 222 | if (options->gss_store_rekey == -1) | ||
| 223 | options->gss_store_rekey = 0; | ||
| 215 | if (options->password_authentication == -1) | 224 | if (options->password_authentication == -1) |
| 216 | options->password_authentication = 1; | 225 | options->password_authentication = 1; |
| 217 | if (options->kbd_interactive_authentication == -1) | 226 | if (options->kbd_interactive_authentication == -1) |
| @@ -302,7 +311,9 @@ typedef enum { | |||
| 302 | sBanner, sUseDNS, sHostbasedAuthentication, | 311 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 303 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 312 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 304 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 313 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 305 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 314 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 315 | sGssKeyEx, sGssStoreRekey, | ||
| 316 | sAcceptEnv, sPermitTunnel, | ||
| 306 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 317 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 307 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 318 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 308 | sZeroKnowledgePasswordAuthentication, | 319 | sZeroKnowledgePasswordAuthentication, |
| @@ -364,9 +375,15 @@ static struct { | |||
| 364 | #ifdef GSSAPI | 375 | #ifdef GSSAPI |
| 365 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 366 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 378 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 379 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 380 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 367 | #else | 381 | #else |
| 368 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 382 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 369 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 383 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 384 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 385 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 386 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 370 | #endif | 387 | #endif |
| 371 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 372 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| @@ -891,10 +908,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 891 | intptr = &options->gss_authentication; | 908 | intptr = &options->gss_authentication; |
| 892 | goto parse_flag; | 909 | goto parse_flag; |
| 893 | 910 | ||
| 911 | case sGssKeyEx: | ||
| 912 | intptr = &options->gss_keyex; | ||
| 913 | goto parse_flag; | ||
| 914 | |||
| 894 | case sGssCleanupCreds: | 915 | case sGssCleanupCreds: |
| 895 | intptr = &options->gss_cleanup_creds; | 916 | intptr = &options->gss_cleanup_creds; |
| 896 | goto parse_flag; | 917 | goto parse_flag; |
| 897 | 918 | ||
| 919 | case sGssStrictAcceptor: | ||
| 920 | intptr = &options->gss_strict_acceptor; | ||
| 921 | goto parse_flag; | ||
| 922 | |||
| 923 | case sGssStoreRekey: | ||
| 924 | intptr = &options->gss_store_rekey; | ||
| 925 | goto parse_flag; | ||
| 926 | |||
| 898 | case sPasswordAuthentication: | 927 | case sPasswordAuthentication: |
| 899 | intptr = &options->password_authentication; | 928 | intptr = &options->password_authentication; |
| 900 | goto parse_flag; | 929 | goto parse_flag; |