diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 873b0d02a..9b0628181 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options) | |||
117 | options->kerberos_ticket_cleanup = -1; | 117 | options->kerberos_ticket_cleanup = -1; |
118 | options->kerberos_get_afs_token = -1; | 118 | options->kerberos_get_afs_token = -1; |
119 | options->gss_authentication=-1; | 119 | options->gss_authentication=-1; |
120 | options->gss_keyex = -1; | ||
120 | options->gss_cleanup_creds = -1; | 121 | options->gss_cleanup_creds = -1; |
121 | options->gss_strict_acceptor = -1; | 122 | options->gss_strict_acceptor = -1; |
123 | options->gss_store_rekey = -1; | ||
122 | options->password_authentication = -1; | 124 | options->password_authentication = -1; |
123 | options->kbd_interactive_authentication = -1; | 125 | options->kbd_interactive_authentication = -1; |
124 | options->challenge_response_authentication = -1; | 126 | options->challenge_response_authentication = -1; |
@@ -287,10 +289,14 @@ fill_default_server_options(ServerOptions *options) | |||
287 | options->kerberos_get_afs_token = 0; | 289 | options->kerberos_get_afs_token = 0; |
288 | if (options->gss_authentication == -1) | 290 | if (options->gss_authentication == -1) |
289 | options->gss_authentication = 0; | 291 | options->gss_authentication = 0; |
292 | if (options->gss_keyex == -1) | ||
293 | options->gss_keyex = 0; | ||
290 | if (options->gss_cleanup_creds == -1) | 294 | if (options->gss_cleanup_creds == -1) |
291 | options->gss_cleanup_creds = 1; | 295 | options->gss_cleanup_creds = 1; |
292 | if (options->gss_strict_acceptor == -1) | 296 | if (options->gss_strict_acceptor == -1) |
293 | options->gss_strict_acceptor = 0; | 297 | options->gss_strict_acceptor = 1; |
298 | if (options->gss_store_rekey == -1) | ||
299 | options->gss_store_rekey = 0; | ||
294 | if (options->password_authentication == -1) | 300 | if (options->password_authentication == -1) |
295 | options->password_authentication = 1; | 301 | options->password_authentication = 1; |
296 | if (options->kbd_interactive_authentication == -1) | 302 | if (options->kbd_interactive_authentication == -1) |
@@ -427,6 +433,7 @@ typedef enum { | |||
427 | sHostKeyAlgorithms, | 433 | sHostKeyAlgorithms, |
428 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 434 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
429 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 435 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
436 | sGssKeyEx, sGssStoreRekey, | ||
430 | sAcceptEnv, sPermitTunnel, | 437 | sAcceptEnv, sPermitTunnel, |
431 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 438 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
432 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 439 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -500,12 +507,20 @@ static struct { | |||
500 | #ifdef GSSAPI | 507 | #ifdef GSSAPI |
501 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 508 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
502 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 509 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
510 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
503 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 511 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
512 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
513 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
504 | #else | 514 | #else |
505 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 515 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
506 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 516 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
517 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
507 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 518 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
519 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
520 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
508 | #endif | 521 | #endif |
522 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
523 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
509 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 524 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
510 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 525 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
511 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 526 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1251,6 +1266,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1251 | intptr = &options->gss_authentication; | 1266 | intptr = &options->gss_authentication; |
1252 | goto parse_flag; | 1267 | goto parse_flag; |
1253 | 1268 | ||
1269 | case sGssKeyEx: | ||
1270 | intptr = &options->gss_keyex; | ||
1271 | goto parse_flag; | ||
1272 | |||
1254 | case sGssCleanupCreds: | 1273 | case sGssCleanupCreds: |
1255 | intptr = &options->gss_cleanup_creds; | 1274 | intptr = &options->gss_cleanup_creds; |
1256 | goto parse_flag; | 1275 | goto parse_flag; |
@@ -1259,6 +1278,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1259 | intptr = &options->gss_strict_acceptor; | 1278 | intptr = &options->gss_strict_acceptor; |
1260 | goto parse_flag; | 1279 | goto parse_flag; |
1261 | 1280 | ||
1281 | case sGssStoreRekey: | ||
1282 | intptr = &options->gss_store_rekey; | ||
1283 | goto parse_flag; | ||
1284 | |||
1262 | case sPasswordAuthentication: | 1285 | case sPasswordAuthentication: |
1263 | intptr = &options->password_authentication; | 1286 | intptr = &options->password_authentication; |
1264 | goto parse_flag; | 1287 | goto parse_flag; |
@@ -2308,7 +2331,10 @@ dump_config(ServerOptions *o) | |||
2308 | #endif | 2331 | #endif |
2309 | #ifdef GSSAPI | 2332 | #ifdef GSSAPI |
2310 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2333 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2334 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2311 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2335 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2336 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2337 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2312 | #endif | 2338 | #endif |
2313 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2339 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2314 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2340 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |