diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/servconf.c b/servconf.c index 99396fb1d..abc3c72fb 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.255 2014/11/24 03:39:22 jsg Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -55,6 +55,7 @@ | |||
55 | #include "hostfile.h" | 55 | #include "hostfile.h" |
56 | #include "auth.h" | 56 | #include "auth.h" |
57 | #include "myproposal.h" | 57 | #include "myproposal.h" |
58 | #include "digest.h" | ||
58 | 59 | ||
59 | static void add_listen_addr(ServerOptions *, char *, int); | 60 | static void add_listen_addr(ServerOptions *, char *, int); |
60 | static void add_one_listen_addr(ServerOptions *, char *, int); | 61 | static void add_one_listen_addr(ServerOptions *, char *, int); |
@@ -158,6 +159,7 @@ initialize_server_options(ServerOptions *options) | |||
158 | options->ip_qos_interactive = -1; | 159 | options->ip_qos_interactive = -1; |
159 | options->ip_qos_bulk = -1; | 160 | options->ip_qos_bulk = -1; |
160 | options->version_addendum = NULL; | 161 | options->version_addendum = NULL; |
162 | options->fingerprint_hash = -1; | ||
161 | } | 163 | } |
162 | 164 | ||
163 | void | 165 | void |
@@ -313,6 +315,8 @@ fill_default_server_options(ServerOptions *options) | |||
313 | options->fwd_opts.streamlocal_bind_mask = 0177; | 315 | options->fwd_opts.streamlocal_bind_mask = 0177; |
314 | if (options->fwd_opts.streamlocal_bind_unlink == -1) | 316 | if (options->fwd_opts.streamlocal_bind_unlink == -1) |
315 | options->fwd_opts.streamlocal_bind_unlink = 0; | 317 | options->fwd_opts.streamlocal_bind_unlink = 0; |
318 | if (options->fingerprint_hash == -1) | ||
319 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||
316 | /* Turn privilege separation on by default */ | 320 | /* Turn privilege separation on by default */ |
317 | if (use_privsep == -1) | 321 | if (use_privsep == -1) |
318 | use_privsep = PRIVSEP_NOSANDBOX; | 322 | use_privsep = PRIVSEP_NOSANDBOX; |
@@ -362,7 +366,7 @@ typedef enum { | |||
362 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 366 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
363 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 367 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
364 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 368 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
365 | sAllowStreamLocalForwarding, | 369 | sAllowStreamLocalForwarding, sFingerprintHash, |
366 | sDeprecated, sUnsupported | 370 | sDeprecated, sUnsupported |
367 | } ServerOpCodes; | 371 | } ServerOpCodes; |
368 | 372 | ||
@@ -493,6 +497,7 @@ static struct { | |||
493 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, | 497 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, |
494 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | 498 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
495 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 499 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
500 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | ||
496 | { NULL, sBadOption, 0 } | 501 | { NULL, sBadOption, 0 } |
497 | }; | 502 | }; |
498 | 503 | ||
@@ -1670,6 +1675,18 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1670 | intptr = &options->fwd_opts.streamlocal_bind_unlink; | 1675 | intptr = &options->fwd_opts.streamlocal_bind_unlink; |
1671 | goto parse_flag; | 1676 | goto parse_flag; |
1672 | 1677 | ||
1678 | case sFingerprintHash: | ||
1679 | arg = strdelim(&cp); | ||
1680 | if (!arg || *arg == '\0') | ||
1681 | fatal("%.200s line %d: Missing argument.", | ||
1682 | filename, linenum); | ||
1683 | if ((value = ssh_digest_alg_by_name(arg)) == -1) | ||
1684 | fatal("%.200s line %d: Invalid hash algorithm \"%s\".", | ||
1685 | filename, linenum, arg); | ||
1686 | if (*activep) | ||
1687 | options->fingerprint_hash = value; | ||
1688 | break; | ||
1689 | |||
1673 | case sDeprecated: | 1690 | case sDeprecated: |
1674 | logit("%s line %d: Deprecated option %s", | 1691 | logit("%s line %d: Deprecated option %s", |
1675 | filename, linenum, arg); | 1692 | filename, linenum, arg); |
@@ -1912,6 +1929,8 @@ fmt_intarg(ServerOpCodes code, int val) | |||
1912 | return fmt_multistate_int(val, multistate_tcpfwd); | 1929 | return fmt_multistate_int(val, multistate_tcpfwd); |
1913 | case sAllowStreamLocalForwarding: | 1930 | case sAllowStreamLocalForwarding: |
1914 | return fmt_multistate_int(val, multistate_tcpfwd); | 1931 | return fmt_multistate_int(val, multistate_tcpfwd); |
1932 | case sFingerprintHash: | ||
1933 | return ssh_digest_alg_name(val); | ||
1915 | case sProtocol: | 1934 | case sProtocol: |
1916 | switch (val) { | 1935 | switch (val) { |
1917 | case SSH_PROTO_1: | 1936 | case SSH_PROTO_1: |
@@ -2073,6 +2092,7 @@ dump_config(ServerOptions *o) | |||
2073 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | 2092 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
2074 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2093 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
2075 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | 2094 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); |
2095 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | ||
2076 | 2096 | ||
2077 | /* string arguments */ | 2097 | /* string arguments */ |
2078 | dump_cfg_string(sPidFile, o->pid_file); | 2098 | dump_cfg_string(sPidFile, o->pid_file); |