summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index e7fc2a781..68c44fc81 100644
--- a/servconf.c
+++ b/servconf.c
@@ -92,7 +92,10 @@ initialize_server_options(ServerOptions *options)
92 options->kerberos_ticket_cleanup = -1; 92 options->kerberos_ticket_cleanup = -1;
93 options->kerberos_get_afs_token = -1; 93 options->kerberos_get_afs_token = -1;
94 options->gss_authentication=-1; 94 options->gss_authentication=-1;
95 options->gss_keyex = -1;
95 options->gss_cleanup_creds = -1; 96 options->gss_cleanup_creds = -1;
97 options->gss_strict_acceptor = -1;
98 options->gss_store_rekey = -1;
96 options->password_authentication = -1; 99 options->password_authentication = -1;
97 options->kbd_interactive_authentication = -1; 100 options->kbd_interactive_authentication = -1;
98 options->challenge_response_authentication = -1; 101 options->challenge_response_authentication = -1;
@@ -210,8 +213,14 @@ fill_default_server_options(ServerOptions *options)
210 options->kerberos_get_afs_token = 0; 213 options->kerberos_get_afs_token = 0;
211 if (options->gss_authentication == -1) 214 if (options->gss_authentication == -1)
212 options->gss_authentication = 0; 215 options->gss_authentication = 0;
216 if (options->gss_keyex == -1)
217 options->gss_keyex = 0;
213 if (options->gss_cleanup_creds == -1) 218 if (options->gss_cleanup_creds == -1)
214 options->gss_cleanup_creds = 1; 219 options->gss_cleanup_creds = 1;
220 if (options->gss_strict_acceptor == -1)
221 options->gss_strict_acceptor = 1;
222 if (options->gss_store_rekey == -1)
223 options->gss_store_rekey = 0;
215 if (options->password_authentication == -1) 224 if (options->password_authentication == -1)
216 options->password_authentication = 1; 225 options->password_authentication = 1;
217 if (options->kbd_interactive_authentication == -1) 226 if (options->kbd_interactive_authentication == -1)
@@ -302,7 +311,9 @@ typedef enum {
302 sBanner, sUseDNS, sHostbasedAuthentication, 311 sBanner, sUseDNS, sHostbasedAuthentication,
303 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 312 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
304 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 313 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
305 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 314 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
315 sGssKeyEx, sGssStoreRekey,
316 sAcceptEnv, sPermitTunnel,
306 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 317 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
307 sUsePrivilegeSeparation, sAllowAgentForwarding, 318 sUsePrivilegeSeparation, sAllowAgentForwarding,
308 sZeroKnowledgePasswordAuthentication, 319 sZeroKnowledgePasswordAuthentication,
@@ -364,9 +375,15 @@ static struct {
364#ifdef GSSAPI 375#ifdef GSSAPI
365 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 376 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
366 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 377 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
378 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
379 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
380 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
367#else 381#else
368 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 382 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
369 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 383 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
384 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
385 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
386 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
370#endif 387#endif
371 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 388 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
372 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 389 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -891,10 +908,22 @@ process_server_config_line(ServerOptions *options, char *line,
891 intptr = &options->gss_authentication; 908 intptr = &options->gss_authentication;
892 goto parse_flag; 909 goto parse_flag;
893 910
911 case sGssKeyEx:
912 intptr = &options->gss_keyex;
913 goto parse_flag;
914
894 case sGssCleanupCreds: 915 case sGssCleanupCreds:
895 intptr = &options->gss_cleanup_creds; 916 intptr = &options->gss_cleanup_creds;
896 goto parse_flag; 917 goto parse_flag;
897 918
919 case sGssStrictAcceptor:
920 intptr = &options->gss_strict_acceptor;
921 goto parse_flag;
922
923 case sGssStoreRekey:
924 intptr = &options->gss_store_rekey;
925 goto parse_flag;
926
898 case sPasswordAuthentication: 927 case sPasswordAuthentication:
899 intptr = &options->password_authentication; 928 intptr = &options->password_authentication;
900 goto parse_flag; 929 goto parse_flag;