summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c26
1 files changed, 25 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index d9726c435..da8c3d0a5 100644
--- a/servconf.c
+++ b/servconf.c
@@ -99,6 +99,7 @@ initialize_server_options(ServerOptions *options)
99 options->password_authentication = -1; 99 options->password_authentication = -1;
100 options->kbd_interactive_authentication = -1; 100 options->kbd_interactive_authentication = -1;
101 options->challenge_response_authentication = -1; 101 options->challenge_response_authentication = -1;
102 options->permit_blacklisted_keys = -1;
102 options->permit_empty_passwd = -1; 103 options->permit_empty_passwd = -1;
103 options->permit_user_env = -1; 104 options->permit_user_env = -1;
104 options->use_login = -1; 105 options->use_login = -1;
@@ -131,6 +132,7 @@ initialize_server_options(ServerOptions *options)
131 options->adm_forced_command = NULL; 132 options->adm_forced_command = NULL;
132 options->chroot_directory = NULL; 133 options->chroot_directory = NULL;
133 options->zero_knowledge_password_authentication = -1; 134 options->zero_knowledge_password_authentication = -1;
135 options->debian_banner = -1;
134} 136}
135 137
136void 138void
@@ -227,6 +229,8 @@ fill_default_server_options(ServerOptions *options)
227 options->kbd_interactive_authentication = 0; 229 options->kbd_interactive_authentication = 0;
228 if (options->challenge_response_authentication == -1) 230 if (options->challenge_response_authentication == -1)
229 options->challenge_response_authentication = 1; 231 options->challenge_response_authentication = 1;
232 if (options->permit_blacklisted_keys == -1)
233 options->permit_blacklisted_keys = 0;
230 if (options->permit_empty_passwd == -1) 234 if (options->permit_empty_passwd == -1)
231 options->permit_empty_passwd = 0; 235 options->permit_empty_passwd = 0;
232 if (options->permit_user_env == -1) 236 if (options->permit_user_env == -1)
@@ -270,6 +274,8 @@ fill_default_server_options(ServerOptions *options)
270 options->permit_tun = SSH_TUNMODE_NO; 274 options->permit_tun = SSH_TUNMODE_NO;
271 if (options->zero_knowledge_password_authentication == -1) 275 if (options->zero_knowledge_password_authentication == -1)
272 options->zero_knowledge_password_authentication = 0; 276 options->zero_knowledge_password_authentication = 0;
277 if (options->debian_banner == -1)
278 options->debian_banner = 1;
273 279
274 /* Turn privilege separation on by default */ 280 /* Turn privilege separation on by default */
275 if (use_privsep == -1) 281 if (use_privsep == -1)
@@ -302,7 +308,7 @@ typedef enum {
302 sListenAddress, sAddressFamily, 308 sListenAddress, sAddressFamily,
303 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 309 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
304 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 310 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
305 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 311 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
306 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 312 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
307 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 313 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
308 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 314 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -317,6 +323,7 @@ typedef enum {
317 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 323 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
318 sUsePrivilegeSeparation, sAllowAgentForwarding, 324 sUsePrivilegeSeparation, sAllowAgentForwarding,
319 sZeroKnowledgePasswordAuthentication, 325 sZeroKnowledgePasswordAuthentication,
326 sDebianBanner,
320 sDeprecated, sUnsupported 327 sDeprecated, sUnsupported
321} ServerOpCodes; 328} ServerOpCodes;
322 329
@@ -375,16 +382,20 @@ static struct {
375#ifdef GSSAPI 382#ifdef GSSAPI
376 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 383 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
377 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 384 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
385 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
378 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 386 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
379 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, 387 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
380 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, 388 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
381#else 389#else
382 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 390 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
383 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 391 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
392 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
384 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 393 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
385 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, 394 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
386 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, 395 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
387#endif 396#endif
397 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
398 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
388 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 399 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
389 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 400 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
390 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 401 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -406,6 +417,7 @@ static struct {
406 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 417 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
407 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 418 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
408 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 419 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
420 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
409 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 421 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
410 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 422 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
411 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 423 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -441,6 +453,7 @@ static struct {
441 { "permitopen", sPermitOpen, SSHCFG_ALL }, 453 { "permitopen", sPermitOpen, SSHCFG_ALL },
442 { "forcecommand", sForceCommand, SSHCFG_ALL }, 454 { "forcecommand", sForceCommand, SSHCFG_ALL },
443 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, 455 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
456 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
444 { NULL, sBadOption, 0 } 457 { NULL, sBadOption, 0 }
445}; 458};
446 459
@@ -972,6 +985,10 @@ process_server_config_line(ServerOptions *options, char *line,
972 intptr = &options->tcp_keep_alive; 985 intptr = &options->tcp_keep_alive;
973 goto parse_flag; 986 goto parse_flag;
974 987
988 case sPermitBlacklistedKeys:
989 intptr = &options->permit_blacklisted_keys;
990 goto parse_flag;
991
975 case sEmptyPasswd: 992 case sEmptyPasswd:
976 intptr = &options->permit_empty_passwd; 993 intptr = &options->permit_empty_passwd;
977 goto parse_flag; 994 goto parse_flag;
@@ -1323,6 +1340,10 @@ process_server_config_line(ServerOptions *options, char *line,
1323 *charptr = xstrdup(arg); 1340 *charptr = xstrdup(arg);
1324 break; 1341 break;
1325 1342
1343 case sDebianBanner:
1344 intptr = &options->debian_banner;
1345 goto parse_int;
1346
1326 case sDeprecated: 1347 case sDeprecated:
1327 logit("%s line %d: Deprecated option %s", 1348 logit("%s line %d: Deprecated option %s",
1328 filename, linenum, arg); 1349 filename, linenum, arg);
@@ -1620,7 +1641,9 @@ dump_config(ServerOptions *o)
1620#endif 1641#endif
1621#ifdef GSSAPI 1642#ifdef GSSAPI
1622 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1643 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1644 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1623 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1645 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1646 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1624#endif 1647#endif
1625#ifdef JPAKE 1648#ifdef JPAKE
1626 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1649 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
@@ -1637,6 +1660,7 @@ dump_config(ServerOptions *o)
1637 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1660 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
1638 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1661 dump_cfg_fmtint(sStrictModes, o->strict_modes);
1639 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1662 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1663 dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
1640 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1664 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1641 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1665 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1642 dump_cfg_fmtint(sUseLogin, o->use_login); 1666 dump_cfg_fmtint(sUseLogin, o->use_login);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 18:42:17 +0000