diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index 0f0d09068..cbbea05bf 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options) | |||
123 | options->kerberos_ticket_cleanup = -1; | 123 | options->kerberos_ticket_cleanup = -1; |
124 | options->kerberos_get_afs_token = -1; | 124 | options->kerberos_get_afs_token = -1; |
125 | options->gss_authentication=-1; | 125 | options->gss_authentication=-1; |
126 | options->gss_keyex = -1; | ||
126 | options->gss_cleanup_creds = -1; | 127 | options->gss_cleanup_creds = -1; |
127 | options->gss_strict_acceptor = -1; | 128 | options->gss_strict_acceptor = -1; |
129 | options->gss_store_rekey = -1; | ||
128 | options->password_authentication = -1; | 130 | options->password_authentication = -1; |
129 | options->kbd_interactive_authentication = -1; | 131 | options->kbd_interactive_authentication = -1; |
130 | options->challenge_response_authentication = -1; | 132 | options->challenge_response_authentication = -1; |
@@ -315,10 +317,14 @@ fill_default_server_options(ServerOptions *options) | |||
315 | options->kerberos_get_afs_token = 0; | 317 | options->kerberos_get_afs_token = 0; |
316 | if (options->gss_authentication == -1) | 318 | if (options->gss_authentication == -1) |
317 | options->gss_authentication = 0; | 319 | options->gss_authentication = 0; |
320 | if (options->gss_keyex == -1) | ||
321 | options->gss_keyex = 0; | ||
318 | if (options->gss_cleanup_creds == -1) | 322 | if (options->gss_cleanup_creds == -1) |
319 | options->gss_cleanup_creds = 1; | 323 | options->gss_cleanup_creds = 1; |
320 | if (options->gss_strict_acceptor == -1) | 324 | if (options->gss_strict_acceptor == -1) |
321 | options->gss_strict_acceptor = 1; | 325 | options->gss_strict_acceptor = 1; |
326 | if (options->gss_store_rekey == -1) | ||
327 | options->gss_store_rekey = 0; | ||
322 | if (options->password_authentication == -1) | 328 | if (options->password_authentication == -1) |
323 | options->password_authentication = 1; | 329 | options->password_authentication = 1; |
324 | if (options->kbd_interactive_authentication == -1) | 330 | if (options->kbd_interactive_authentication == -1) |
@@ -461,6 +467,7 @@ typedef enum { | |||
461 | sHostKeyAlgorithms, | 467 | sHostKeyAlgorithms, |
462 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 468 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
463 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 469 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
470 | sGssKeyEx, sGssStoreRekey, | ||
464 | sAcceptEnv, sPermitTunnel, | 471 | sAcceptEnv, sPermitTunnel, |
465 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 472 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
466 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 473 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -535,12 +542,20 @@ static struct { | |||
535 | #ifdef GSSAPI | 542 | #ifdef GSSAPI |
536 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 543 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
537 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 544 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
545 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
538 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 546 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
547 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
548 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
539 | #else | 549 | #else |
540 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 550 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
541 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 551 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
552 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
542 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 553 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
554 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
555 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
543 | #endif | 556 | #endif |
557 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
558 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
544 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 559 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
545 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 560 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
546 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 561 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1407,6 +1422,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1407 | intptr = &options->gss_authentication; | 1422 | intptr = &options->gss_authentication; |
1408 | goto parse_flag; | 1423 | goto parse_flag; |
1409 | 1424 | ||
1425 | case sGssKeyEx: | ||
1426 | intptr = &options->gss_keyex; | ||
1427 | goto parse_flag; | ||
1428 | |||
1410 | case sGssCleanupCreds: | 1429 | case sGssCleanupCreds: |
1411 | intptr = &options->gss_cleanup_creds; | 1430 | intptr = &options->gss_cleanup_creds; |
1412 | goto parse_flag; | 1431 | goto parse_flag; |
@@ -1415,6 +1434,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1415 | intptr = &options->gss_strict_acceptor; | 1434 | intptr = &options->gss_strict_acceptor; |
1416 | goto parse_flag; | 1435 | goto parse_flag; |
1417 | 1436 | ||
1437 | case sGssStoreRekey: | ||
1438 | intptr = &options->gss_store_rekey; | ||
1439 | goto parse_flag; | ||
1440 | |||
1418 | case sPasswordAuthentication: | 1441 | case sPasswordAuthentication: |
1419 | intptr = &options->password_authentication; | 1442 | intptr = &options->password_authentication; |
1420 | goto parse_flag; | 1443 | goto parse_flag; |
@@ -2453,7 +2476,10 @@ dump_config(ServerOptions *o) | |||
2453 | #endif | 2476 | #endif |
2454 | #ifdef GSSAPI | 2477 | #ifdef GSSAPI |
2455 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2478 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2479 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2456 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2480 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2481 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2482 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2457 | #endif | 2483 | #endif |
2458 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2484 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2459 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2485 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |