summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index 73e47eacf..d42dd527b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -100,6 +100,7 @@ initialize_server_options(ServerOptions *options)
100 options->password_authentication = -1; 100 options->password_authentication = -1;
101 options->kbd_interactive_authentication = -1; 101 options->kbd_interactive_authentication = -1;
102 options->challenge_response_authentication = -1; 102 options->challenge_response_authentication = -1;
103 options->permit_blacklisted_keys = -1;
103 options->permit_empty_passwd = -1; 104 options->permit_empty_passwd = -1;
104 options->permit_user_env = -1; 105 options->permit_user_env = -1;
105 options->use_login = -1; 106 options->use_login = -1;
@@ -134,6 +135,7 @@ initialize_server_options(ServerOptions *options)
134 options->zero_knowledge_password_authentication = -1; 135 options->zero_knowledge_password_authentication = -1;
135 options->revoked_keys_file = NULL; 136 options->revoked_keys_file = NULL;
136 options->trusted_user_ca_keys = NULL; 137 options->trusted_user_ca_keys = NULL;
138 options->debian_banner = -1;
137} 139}
138 140
139void 141void
@@ -231,6 +233,8 @@ fill_default_server_options(ServerOptions *options)
231 options->kbd_interactive_authentication = 0; 233 options->kbd_interactive_authentication = 0;
232 if (options->challenge_response_authentication == -1) 234 if (options->challenge_response_authentication == -1)
233 options->challenge_response_authentication = 1; 235 options->challenge_response_authentication = 1;
236 if (options->permit_blacklisted_keys == -1)
237 options->permit_blacklisted_keys = 0;
234 if (options->permit_empty_passwd == -1) 238 if (options->permit_empty_passwd == -1)
235 options->permit_empty_passwd = 0; 239 options->permit_empty_passwd = 0;
236 if (options->permit_user_env == -1) 240 if (options->permit_user_env == -1)
@@ -274,6 +278,8 @@ fill_default_server_options(ServerOptions *options)
274 options->permit_tun = SSH_TUNMODE_NO; 278 options->permit_tun = SSH_TUNMODE_NO;
275 if (options->zero_knowledge_password_authentication == -1) 279 if (options->zero_knowledge_password_authentication == -1)
276 options->zero_knowledge_password_authentication = 0; 280 options->zero_knowledge_password_authentication = 0;
281 if (options->debian_banner == -1)
282 options->debian_banner = 1;
277 283
278 /* Turn privilege separation on by default */ 284 /* Turn privilege separation on by default */
279 if (use_privsep == -1) 285 if (use_privsep == -1)
@@ -306,7 +312,7 @@ typedef enum {
306 sListenAddress, sAddressFamily, 312 sListenAddress, sAddressFamily,
307 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 313 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
308 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 314 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
309 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 315 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
310 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 316 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
311 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 317 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
312 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 318 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -322,6 +328,7 @@ typedef enum {
322 sUsePrivilegeSeparation, sAllowAgentForwarding, 328 sUsePrivilegeSeparation, sAllowAgentForwarding,
323 sZeroKnowledgePasswordAuthentication, sHostCertificate, 329 sZeroKnowledgePasswordAuthentication, sHostCertificate,
324 sRevokedKeys, sTrustedUserCAKeys, 330 sRevokedKeys, sTrustedUserCAKeys,
331 sDebianBanner,
325 sDeprecated, sUnsupported 332 sDeprecated, sUnsupported
326} ServerOpCodes; 333} ServerOpCodes;
327 334
@@ -380,16 +387,20 @@ static struct {
380#ifdef GSSAPI 387#ifdef GSSAPI
381 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 388 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
382 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 389 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
390 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
383 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 391 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
384 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, 392 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
385 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, 393 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
386#else 394#else
387 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 395 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
388 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 396 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
397 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
389 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 398 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
390 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, 399 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
391 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, 400 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
392#endif 401#endif
402 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
403 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
393 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 404 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
394 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 405 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
395 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 406 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -411,6 +422,7 @@ static struct {
411 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 422 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
412 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 423 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
413 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 424 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
425 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
414 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 426 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
415 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 427 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
416 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 428 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -449,6 +461,7 @@ static struct {
449 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 461 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
450 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 462 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
451 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 463 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
464 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
452 { NULL, sBadOption, 0 } 465 { NULL, sBadOption, 0 }
453}; 466};
454 467
@@ -1005,6 +1018,10 @@ process_server_config_line(ServerOptions *options, char *line,
1005 intptr = &options->tcp_keep_alive; 1018 intptr = &options->tcp_keep_alive;
1006 goto parse_flag; 1019 goto parse_flag;
1007 1020
1021 case sPermitBlacklistedKeys:
1022 intptr = &options->permit_blacklisted_keys;
1023 goto parse_flag;
1024
1008 case sEmptyPasswd: 1025 case sEmptyPasswd:
1009 intptr = &options->permit_empty_passwd; 1026 intptr = &options->permit_empty_passwd;
1010 goto parse_flag; 1027 goto parse_flag;
@@ -1374,6 +1391,10 @@ process_server_config_line(ServerOptions *options, char *line,
1374 charptr = &options->revoked_keys_file; 1391 charptr = &options->revoked_keys_file;
1375 goto parse_filename; 1392 goto parse_filename;
1376 1393
1394 case sDebianBanner:
1395 intptr = &options->debian_banner;
1396 goto parse_int;
1397
1377 case sDeprecated: 1398 case sDeprecated:
1378 logit("%s line %d: Deprecated option %s", 1399 logit("%s line %d: Deprecated option %s",
1379 filename, linenum, arg); 1400 filename, linenum, arg);
@@ -1673,7 +1694,10 @@ dump_config(ServerOptions *o)
1673#endif 1694#endif
1674#ifdef GSSAPI 1695#ifdef GSSAPI
1675 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1696 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1697 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1676 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1698 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1699 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1700 dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
1677#endif 1701#endif
1678#ifdef JPAKE 1702#ifdef JPAKE
1679 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1703 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
@@ -1690,6 +1714,7 @@ dump_config(ServerOptions *o)
1690 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1714 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
1691 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1715 dump_cfg_fmtint(sStrictModes, o->strict_modes);
1692 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1716 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1717 dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
1693 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1718 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1694 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1719 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1695 dump_cfg_fmtint(sUseLogin, o->use_login); 1720 dump_cfg_fmtint(sUseLogin, o->use_login);
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-04 08:59:06 +0000