diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index b7f329447..cb3c831ab 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -109,7 +109,10 @@ initialize_server_options(ServerOptions *options) | |||
| 109 | options->kerberos_ticket_cleanup = -1; | 109 | options->kerberos_ticket_cleanup = -1; |
| 110 | options->kerberos_get_afs_token = -1; | 110 | options->kerberos_get_afs_token = -1; |
| 111 | options->gss_authentication=-1; | 111 | options->gss_authentication=-1; |
| 112 | options->gss_keyex = -1; | ||
| 112 | options->gss_cleanup_creds = -1; | 113 | options->gss_cleanup_creds = -1; |
| 114 | options->gss_strict_acceptor = -1; | ||
| 115 | options->gss_store_rekey = -1; | ||
| 113 | options->password_authentication = -1; | 116 | options->password_authentication = -1; |
| 114 | options->kbd_interactive_authentication = -1; | 117 | options->kbd_interactive_authentication = -1; |
| 115 | options->challenge_response_authentication = -1; | 118 | options->challenge_response_authentication = -1; |
| @@ -250,8 +253,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 250 | options->kerberos_get_afs_token = 0; | 253 | options->kerberos_get_afs_token = 0; |
| 251 | if (options->gss_authentication == -1) | 254 | if (options->gss_authentication == -1) |
| 252 | options->gss_authentication = 0; | 255 | options->gss_authentication = 0; |
| 256 | if (options->gss_keyex == -1) | ||
| 257 | options->gss_keyex = 0; | ||
| 253 | if (options->gss_cleanup_creds == -1) | 258 | if (options->gss_cleanup_creds == -1) |
| 254 | options->gss_cleanup_creds = 1; | 259 | options->gss_cleanup_creds = 1; |
| 260 | if (options->gss_strict_acceptor == -1) | ||
| 261 | options->gss_strict_acceptor = 1; | ||
| 262 | if (options->gss_store_rekey == -1) | ||
| 263 | options->gss_store_rekey = 0; | ||
| 255 | if (options->password_authentication == -1) | 264 | if (options->password_authentication == -1) |
| 256 | options->password_authentication = 1; | 265 | options->password_authentication = 1; |
| 257 | if (options->kbd_interactive_authentication == -1) | 266 | if (options->kbd_interactive_authentication == -1) |
| @@ -352,7 +361,9 @@ typedef enum { | |||
| 352 | sBanner, sUseDNS, sHostbasedAuthentication, | 361 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 353 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 362 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 354 | sClientAliveCountMax, sAuthorizedKeysFile, | 363 | sClientAliveCountMax, sAuthorizedKeysFile, |
| 355 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 364 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 365 | sGssKeyEx, sGssStoreRekey, | ||
| 366 | sAcceptEnv, sPermitTunnel, | ||
| 356 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 367 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 357 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 368 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 358 | sHostCertificate, | 369 | sHostCertificate, |
| @@ -421,10 +432,20 @@ static struct { | |||
| 421 | #ifdef GSSAPI | 432 | #ifdef GSSAPI |
| 422 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 433 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 423 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 434 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 435 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 436 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 437 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 438 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 424 | #else | 439 | #else |
| 425 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 440 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 426 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 441 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 442 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 443 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 444 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 445 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 427 | #endif | 446 | #endif |
| 447 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 448 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 428 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 449 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 429 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 450 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 430 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 451 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1104,10 +1125,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1104 | intptr = &options->gss_authentication; | 1125 | intptr = &options->gss_authentication; |
| 1105 | goto parse_flag; | 1126 | goto parse_flag; |
| 1106 | 1127 | ||
| 1128 | case sGssKeyEx: | ||
| 1129 | intptr = &options->gss_keyex; | ||
| 1130 | goto parse_flag; | ||
| 1131 | |||
| 1107 | case sGssCleanupCreds: | 1132 | case sGssCleanupCreds: |
| 1108 | intptr = &options->gss_cleanup_creds; | 1133 | intptr = &options->gss_cleanup_creds; |
| 1109 | goto parse_flag; | 1134 | goto parse_flag; |
| 1110 | 1135 | ||
| 1136 | case sGssStrictAcceptor: | ||
| 1137 | intptr = &options->gss_strict_acceptor; | ||
| 1138 | goto parse_flag; | ||
| 1139 | |||
| 1140 | case sGssStoreRekey: | ||
| 1141 | intptr = &options->gss_store_rekey; | ||
| 1142 | goto parse_flag; | ||
| 1143 | |||
| 1111 | case sPasswordAuthentication: | 1144 | case sPasswordAuthentication: |
| 1112 | intptr = &options->password_authentication; | 1145 | intptr = &options->password_authentication; |
| 1113 | goto parse_flag; | 1146 | goto parse_flag; |
| @@ -2042,7 +2075,10 @@ dump_config(ServerOptions *o) | |||
| 2042 | #endif | 2075 | #endif |
| 2043 | #ifdef GSSAPI | 2076 | #ifdef GSSAPI |
| 2044 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2077 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2078 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 2045 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2079 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2080 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2081 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 2046 | #endif | 2082 | #endif |
| 2047 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2083 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2048 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2084 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |