diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index 9bbd994ca..c3f1253e8 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -36,6 +36,8 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short); | |||
| 36 | 36 | ||
| 37 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | 37 | /* AF_UNSPEC or AF_INET or AF_INET6 */ |
| 38 | extern int IPv4or6; | 38 | extern int IPv4or6; |
| 39 | /* Use of privilege separation or not */ | ||
| 40 | extern int use_privsep; | ||
| 39 | 41 | ||
| 40 | /* Initializes the server options to their default values. */ | 42 | /* Initializes the server options to their default values. */ |
| 41 | 43 | ||
| @@ -110,6 +112,9 @@ initialize_server_options(ServerOptions *options) | |||
| 110 | options->client_alive_count_max = -1; | 112 | options->client_alive_count_max = -1; |
| 111 | options->authorized_keys_file = NULL; | 113 | options->authorized_keys_file = NULL; |
| 112 | options->authorized_keys_file2 = NULL; | 114 | options->authorized_keys_file2 = NULL; |
| 115 | |||
| 116 | /* Needs to be accessable in many places */ | ||
| 117 | use_privsep = -1; | ||
| 113 | } | 118 | } |
| 114 | 119 | ||
| 115 | void | 120 | void |
| @@ -235,6 +240,10 @@ fill_default_server_options(ServerOptions *options) | |||
| 235 | } | 240 | } |
| 236 | if (options->authorized_keys_file == NULL) | 241 | if (options->authorized_keys_file == NULL) |
| 237 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; | 242 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
| 243 | |||
| 244 | /* Turn privilege separation on by default */ | ||
| 245 | if (use_privsep == -1) | ||
| 246 | use_privsep = 1; | ||
| 238 | } | 247 | } |
| 239 | 248 | ||
| 240 | /* Keyword tokens. */ | 249 | /* Keyword tokens. */ |
| @@ -267,6 +276,7 @@ typedef enum { | |||
| 267 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, | 276 | sBanner, sVerifyReverseMapping, sHostbasedAuthentication, |
| 268 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 277 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 269 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 278 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 279 | sUsePrivilegeSeparation, | ||
| 270 | sDeprecated | 280 | sDeprecated |
| 271 | } ServerOpCodes; | 281 | } ServerOpCodes; |
| 272 | 282 | ||
| @@ -342,6 +352,7 @@ static struct { | |||
| 342 | { "clientalivecountmax", sClientAliveCountMax }, | 352 | { "clientalivecountmax", sClientAliveCountMax }, |
| 343 | { "authorizedkeysfile", sAuthorizedKeysFile }, | 353 | { "authorizedkeysfile", sAuthorizedKeysFile }, |
| 344 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, | 354 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
| 355 | { "useprivilegeseparation", sUsePrivilegeSeparation}, | ||
| 345 | { NULL, sBadOption } | 356 | { NULL, sBadOption } |
| 346 | }; | 357 | }; |
| 347 | 358 | ||
| @@ -718,6 +729,10 @@ parse_flag: | |||
| 718 | intptr = &options->allow_tcp_forwarding; | 729 | intptr = &options->allow_tcp_forwarding; |
| 719 | goto parse_flag; | 730 | goto parse_flag; |
| 720 | 731 | ||
| 732 | case sUsePrivilegeSeparation: | ||
| 733 | intptr = &use_privsep; | ||
| 734 | goto parse_flag; | ||
| 735 | |||
| 721 | case sAllowUsers: | 736 | case sAllowUsers: |
| 722 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 737 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
| 723 | if (options->num_allow_users >= MAX_ALLOW_USERS) | 738 | if (options->num_allow_users >= MAX_ALLOW_USERS) |