diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index b2a60fd6c..cdc029308 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -102,7 +102,10 @@ initialize_server_options(ServerOptions *options) | |||
102 | options->kerberos_ticket_cleanup = -1; | 102 | options->kerberos_ticket_cleanup = -1; |
103 | options->kerberos_get_afs_token = -1; | 103 | options->kerberos_get_afs_token = -1; |
104 | options->gss_authentication=-1; | 104 | options->gss_authentication=-1; |
105 | options->gss_keyex = -1; | ||
105 | options->gss_cleanup_creds = -1; | 106 | options->gss_cleanup_creds = -1; |
107 | options->gss_strict_acceptor = -1; | ||
108 | options->gss_store_rekey = -1; | ||
106 | options->password_authentication = -1; | 109 | options->password_authentication = -1; |
107 | options->kbd_interactive_authentication = -1; | 110 | options->kbd_interactive_authentication = -1; |
108 | options->challenge_response_authentication = -1; | 111 | options->challenge_response_authentication = -1; |
@@ -233,8 +236,14 @@ fill_default_server_options(ServerOptions *options) | |||
233 | options->kerberos_get_afs_token = 0; | 236 | options->kerberos_get_afs_token = 0; |
234 | if (options->gss_authentication == -1) | 237 | if (options->gss_authentication == -1) |
235 | options->gss_authentication = 0; | 238 | options->gss_authentication = 0; |
239 | if (options->gss_keyex == -1) | ||
240 | options->gss_keyex = 0; | ||
236 | if (options->gss_cleanup_creds == -1) | 241 | if (options->gss_cleanup_creds == -1) |
237 | options->gss_cleanup_creds = 1; | 242 | options->gss_cleanup_creds = 1; |
243 | if (options->gss_strict_acceptor == -1) | ||
244 | options->gss_strict_acceptor = 1; | ||
245 | if (options->gss_store_rekey == -1) | ||
246 | options->gss_store_rekey = 0; | ||
238 | if (options->password_authentication == -1) | 247 | if (options->password_authentication == -1) |
239 | options->password_authentication = 1; | 248 | options->password_authentication = 1; |
240 | if (options->kbd_interactive_authentication == -1) | 249 | if (options->kbd_interactive_authentication == -1) |
@@ -327,7 +336,9 @@ typedef enum { | |||
327 | sBanner, sUseDNS, sHostbasedAuthentication, | 336 | sBanner, sUseDNS, sHostbasedAuthentication, |
328 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 337 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
329 | sClientAliveCountMax, sAuthorizedKeysFile, | 338 | sClientAliveCountMax, sAuthorizedKeysFile, |
330 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 339 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
340 | sGssKeyEx, sGssStoreRekey, | ||
341 | sAcceptEnv, sPermitTunnel, | ||
331 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 342 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
332 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 343 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
333 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 344 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
@@ -393,10 +404,20 @@ static struct { | |||
393 | #ifdef GSSAPI | 404 | #ifdef GSSAPI |
394 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 405 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
395 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 406 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
407 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
408 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
409 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
410 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
396 | #else | 411 | #else |
397 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 412 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
398 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 413 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
414 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
415 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
416 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
417 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
399 | #endif | 418 | #endif |
419 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
420 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
400 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 421 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
401 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 422 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
402 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 423 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1049,10 +1070,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1049 | intptr = &options->gss_authentication; | 1070 | intptr = &options->gss_authentication; |
1050 | goto parse_flag; | 1071 | goto parse_flag; |
1051 | 1072 | ||
1073 | case sGssKeyEx: | ||
1074 | intptr = &options->gss_keyex; | ||
1075 | goto parse_flag; | ||
1076 | |||
1052 | case sGssCleanupCreds: | 1077 | case sGssCleanupCreds: |
1053 | intptr = &options->gss_cleanup_creds; | 1078 | intptr = &options->gss_cleanup_creds; |
1054 | goto parse_flag; | 1079 | goto parse_flag; |
1055 | 1080 | ||
1081 | case sGssStrictAcceptor: | ||
1082 | intptr = &options->gss_strict_acceptor; | ||
1083 | goto parse_flag; | ||
1084 | |||
1085 | case sGssStoreRekey: | ||
1086 | intptr = &options->gss_store_rekey; | ||
1087 | goto parse_flag; | ||
1088 | |||
1056 | case sPasswordAuthentication: | 1089 | case sPasswordAuthentication: |
1057 | intptr = &options->password_authentication; | 1090 | intptr = &options->password_authentication; |
1058 | goto parse_flag; | 1091 | goto parse_flag; |
@@ -1927,7 +1960,10 @@ dump_config(ServerOptions *o) | |||
1927 | #endif | 1960 | #endif |
1928 | #ifdef GSSAPI | 1961 | #ifdef GSSAPI |
1929 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1962 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
1963 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1930 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1964 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
1965 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
1966 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
1931 | #endif | 1967 | #endif |
1932 | #ifdef JPAKE | 1968 | #ifdef JPAKE |
1933 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1969 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |