diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index b19d30e18..b8af6dda7 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options) | |||
| 117 | options->kerberos_ticket_cleanup = -1; | 117 | options->kerberos_ticket_cleanup = -1; |
| 118 | options->kerberos_get_afs_token = -1; | 118 | options->kerberos_get_afs_token = -1; |
| 119 | options->gss_authentication=-1; | 119 | options->gss_authentication=-1; |
| 120 | options->gss_keyex = -1; | ||
| 120 | options->gss_cleanup_creds = -1; | 121 | options->gss_cleanup_creds = -1; |
| 121 | options->gss_strict_acceptor = -1; | 122 | options->gss_strict_acceptor = -1; |
| 123 | options->gss_store_rekey = -1; | ||
| 122 | options->password_authentication = -1; | 124 | options->password_authentication = -1; |
| 123 | options->kbd_interactive_authentication = -1; | 125 | options->kbd_interactive_authentication = -1; |
| 124 | options->challenge_response_authentication = -1; | 126 | options->challenge_response_authentication = -1; |
| @@ -287,10 +289,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 287 | options->kerberos_get_afs_token = 0; | 289 | options->kerberos_get_afs_token = 0; |
| 288 | if (options->gss_authentication == -1) | 290 | if (options->gss_authentication == -1) |
| 289 | options->gss_authentication = 0; | 291 | options->gss_authentication = 0; |
| 292 | if (options->gss_keyex == -1) | ||
| 293 | options->gss_keyex = 0; | ||
| 290 | if (options->gss_cleanup_creds == -1) | 294 | if (options->gss_cleanup_creds == -1) |
| 291 | options->gss_cleanup_creds = 1; | 295 | options->gss_cleanup_creds = 1; |
| 292 | if (options->gss_strict_acceptor == -1) | 296 | if (options->gss_strict_acceptor == -1) |
| 293 | options->gss_strict_acceptor = 0; | 297 | options->gss_strict_acceptor = 1; |
| 298 | if (options->gss_store_rekey == -1) | ||
| 299 | options->gss_store_rekey = 0; | ||
| 294 | if (options->password_authentication == -1) | 300 | if (options->password_authentication == -1) |
| 295 | options->password_authentication = 1; | 301 | options->password_authentication = 1; |
| 296 | if (options->kbd_interactive_authentication == -1) | 302 | if (options->kbd_interactive_authentication == -1) |
| @@ -419,6 +425,7 @@ typedef enum { | |||
| 419 | sHostKeyAlgorithms, | 425 | sHostKeyAlgorithms, |
| 420 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 426 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
| 421 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 427 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 428 | sGssKeyEx, sGssStoreRekey, | ||
| 422 | sAcceptEnv, sPermitTunnel, | 429 | sAcceptEnv, sPermitTunnel, |
| 423 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 430 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 424 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 431 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| @@ -492,12 +499,20 @@ static struct { | |||
| 492 | #ifdef GSSAPI | 499 | #ifdef GSSAPI |
| 493 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 500 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 494 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 501 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 502 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 495 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 503 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
| 504 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 505 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 496 | #else | 506 | #else |
| 497 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 507 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 498 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 508 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 509 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 499 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 510 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
| 511 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 512 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 500 | #endif | 513 | #endif |
| 514 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 515 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 501 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 516 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 502 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 517 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 503 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 518 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1242,6 +1257,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1242 | intptr = &options->gss_authentication; | 1257 | intptr = &options->gss_authentication; |
| 1243 | goto parse_flag; | 1258 | goto parse_flag; |
| 1244 | 1259 | ||
| 1260 | case sGssKeyEx: | ||
| 1261 | intptr = &options->gss_keyex; | ||
| 1262 | goto parse_flag; | ||
| 1263 | |||
| 1245 | case sGssCleanupCreds: | 1264 | case sGssCleanupCreds: |
| 1246 | intptr = &options->gss_cleanup_creds; | 1265 | intptr = &options->gss_cleanup_creds; |
| 1247 | goto parse_flag; | 1266 | goto parse_flag; |
| @@ -1250,6 +1269,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1250 | intptr = &options->gss_strict_acceptor; | 1269 | intptr = &options->gss_strict_acceptor; |
| 1251 | goto parse_flag; | 1270 | goto parse_flag; |
| 1252 | 1271 | ||
| 1272 | case sGssStoreRekey: | ||
| 1273 | intptr = &options->gss_store_rekey; | ||
| 1274 | goto parse_flag; | ||
| 1275 | |||
| 1253 | case sPasswordAuthentication: | 1276 | case sPasswordAuthentication: |
| 1254 | intptr = &options->password_authentication; | 1277 | intptr = &options->password_authentication; |
| 1255 | goto parse_flag; | 1278 | goto parse_flag; |
| @@ -2265,7 +2288,10 @@ dump_config(ServerOptions *o) | |||
| 2265 | #endif | 2288 | #endif |
| 2266 | #ifdef GSSAPI | 2289 | #ifdef GSSAPI |
| 2267 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2290 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2291 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 2268 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2292 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2293 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2294 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 2269 | #endif | 2295 | #endif |
| 2270 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2296 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2271 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2297 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |