diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index d9726c435..da8c3d0a5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -99,6 +99,7 @@ initialize_server_options(ServerOptions *options) | |||
99 | options->password_authentication = -1; | 99 | options->password_authentication = -1; |
100 | options->kbd_interactive_authentication = -1; | 100 | options->kbd_interactive_authentication = -1; |
101 | options->challenge_response_authentication = -1; | 101 | options->challenge_response_authentication = -1; |
102 | options->permit_blacklisted_keys = -1; | ||
102 | options->permit_empty_passwd = -1; | 103 | options->permit_empty_passwd = -1; |
103 | options->permit_user_env = -1; | 104 | options->permit_user_env = -1; |
104 | options->use_login = -1; | 105 | options->use_login = -1; |
@@ -131,6 +132,7 @@ initialize_server_options(ServerOptions *options) | |||
131 | options->adm_forced_command = NULL; | 132 | options->adm_forced_command = NULL; |
132 | options->chroot_directory = NULL; | 133 | options->chroot_directory = NULL; |
133 | options->zero_knowledge_password_authentication = -1; | 134 | options->zero_knowledge_password_authentication = -1; |
135 | options->debian_banner = -1; | ||
134 | } | 136 | } |
135 | 137 | ||
136 | void | 138 | void |
@@ -227,6 +229,8 @@ fill_default_server_options(ServerOptions *options) | |||
227 | options->kbd_interactive_authentication = 0; | 229 | options->kbd_interactive_authentication = 0; |
228 | if (options->challenge_response_authentication == -1) | 230 | if (options->challenge_response_authentication == -1) |
229 | options->challenge_response_authentication = 1; | 231 | options->challenge_response_authentication = 1; |
232 | if (options->permit_blacklisted_keys == -1) | ||
233 | options->permit_blacklisted_keys = 0; | ||
230 | if (options->permit_empty_passwd == -1) | 234 | if (options->permit_empty_passwd == -1) |
231 | options->permit_empty_passwd = 0; | 235 | options->permit_empty_passwd = 0; |
232 | if (options->permit_user_env == -1) | 236 | if (options->permit_user_env == -1) |
@@ -270,6 +274,8 @@ fill_default_server_options(ServerOptions *options) | |||
270 | options->permit_tun = SSH_TUNMODE_NO; | 274 | options->permit_tun = SSH_TUNMODE_NO; |
271 | if (options->zero_knowledge_password_authentication == -1) | 275 | if (options->zero_knowledge_password_authentication == -1) |
272 | options->zero_knowledge_password_authentication = 0; | 276 | options->zero_knowledge_password_authentication = 0; |
277 | if (options->debian_banner == -1) | ||
278 | options->debian_banner = 1; | ||
273 | 279 | ||
274 | /* Turn privilege separation on by default */ | 280 | /* Turn privilege separation on by default */ |
275 | if (use_privsep == -1) | 281 | if (use_privsep == -1) |
@@ -302,7 +308,7 @@ typedef enum { | |||
302 | sListenAddress, sAddressFamily, | 308 | sListenAddress, sAddressFamily, |
303 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 309 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
304 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 310 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
305 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 311 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, |
306 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 312 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
307 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 313 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
308 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 314 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
@@ -317,6 +323,7 @@ typedef enum { | |||
317 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 323 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
318 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 324 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
319 | sZeroKnowledgePasswordAuthentication, | 325 | sZeroKnowledgePasswordAuthentication, |
326 | sDebianBanner, | ||
320 | sDeprecated, sUnsupported | 327 | sDeprecated, sUnsupported |
321 | } ServerOpCodes; | 328 | } ServerOpCodes; |
322 | 329 | ||
@@ -375,16 +382,20 @@ static struct { | |||
375 | #ifdef GSSAPI | 382 | #ifdef GSSAPI |
376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 383 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 384 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
385 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
378 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 386 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
379 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | 387 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, |
380 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | 388 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, |
381 | #else | 389 | #else |
382 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 390 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
383 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 391 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
392 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
384 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 393 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
385 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | 394 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, |
386 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | 395 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, |
387 | #endif | 396 | #endif |
397 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
398 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 399 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 400 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
390 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 401 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -406,6 +417,7 @@ static struct { | |||
406 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 417 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
407 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 418 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
408 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 419 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
420 | { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, | ||
409 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 421 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
410 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 422 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
411 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 423 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
@@ -441,6 +453,7 @@ static struct { | |||
441 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 453 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
442 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 454 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
443 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, | 455 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, |
456 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
444 | { NULL, sBadOption, 0 } | 457 | { NULL, sBadOption, 0 } |
445 | }; | 458 | }; |
446 | 459 | ||
@@ -972,6 +985,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
972 | intptr = &options->tcp_keep_alive; | 985 | intptr = &options->tcp_keep_alive; |
973 | goto parse_flag; | 986 | goto parse_flag; |
974 | 987 | ||
988 | case sPermitBlacklistedKeys: | ||
989 | intptr = &options->permit_blacklisted_keys; | ||
990 | goto parse_flag; | ||
991 | |||
975 | case sEmptyPasswd: | 992 | case sEmptyPasswd: |
976 | intptr = &options->permit_empty_passwd; | 993 | intptr = &options->permit_empty_passwd; |
977 | goto parse_flag; | 994 | goto parse_flag; |
@@ -1323,6 +1340,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1323 | *charptr = xstrdup(arg); | 1340 | *charptr = xstrdup(arg); |
1324 | break; | 1341 | break; |
1325 | 1342 | ||
1343 | case sDebianBanner: | ||
1344 | intptr = &options->debian_banner; | ||
1345 | goto parse_int; | ||
1346 | |||
1326 | case sDeprecated: | 1347 | case sDeprecated: |
1327 | logit("%s line %d: Deprecated option %s", | 1348 | logit("%s line %d: Deprecated option %s", |
1328 | filename, linenum, arg); | 1349 | filename, linenum, arg); |
@@ -1620,7 +1641,9 @@ dump_config(ServerOptions *o) | |||
1620 | #endif | 1641 | #endif |
1621 | #ifdef GSSAPI | 1642 | #ifdef GSSAPI |
1622 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1643 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
1644 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1623 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1645 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
1646 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
1624 | #endif | 1647 | #endif |
1625 | #ifdef JPAKE | 1648 | #ifdef JPAKE |
1626 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1649 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |
@@ -1637,6 +1660,7 @@ dump_config(ServerOptions *o) | |||
1637 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 1660 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
1638 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 1661 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
1639 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 1662 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
1663 | dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys); | ||
1640 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); | 1664 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); |
1641 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); | 1665 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
1642 | dump_cfg_fmtint(sUseLogin, o->use_login); | 1666 | dump_cfg_fmtint(sUseLogin, o->use_login); |