diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 8ec5ca0e6..9937f8f2f 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -97,7 +97,10 @@ initialize_server_options(ServerOptions *options) | |||
| 97 | options->kerberos_ticket_cleanup = -1; | 97 | options->kerberos_ticket_cleanup = -1; |
| 98 | options->kerberos_get_afs_token = -1; | 98 | options->kerberos_get_afs_token = -1; |
| 99 | options->gss_authentication=-1; | 99 | options->gss_authentication=-1; |
| 100 | options->gss_keyex = -1; | ||
| 100 | options->gss_cleanup_creds = -1; | 101 | options->gss_cleanup_creds = -1; |
| 102 | options->gss_strict_acceptor = -1; | ||
| 103 | options->gss_store_rekey = -1; | ||
| 101 | options->password_authentication = -1; | 104 | options->password_authentication = -1; |
| 102 | options->kbd_interactive_authentication = -1; | 105 | options->kbd_interactive_authentication = -1; |
| 103 | options->challenge_response_authentication = -1; | 106 | options->challenge_response_authentication = -1; |
| @@ -225,8 +228,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 225 | options->kerberos_get_afs_token = 0; | 228 | options->kerberos_get_afs_token = 0; |
| 226 | if (options->gss_authentication == -1) | 229 | if (options->gss_authentication == -1) |
| 227 | options->gss_authentication = 0; | 230 | options->gss_authentication = 0; |
| 231 | if (options->gss_keyex == -1) | ||
| 232 | options->gss_keyex = 0; | ||
| 228 | if (options->gss_cleanup_creds == -1) | 233 | if (options->gss_cleanup_creds == -1) |
| 229 | options->gss_cleanup_creds = 1; | 234 | options->gss_cleanup_creds = 1; |
| 235 | if (options->gss_strict_acceptor == -1) | ||
| 236 | options->gss_strict_acceptor = 1; | ||
| 237 | if (options->gss_store_rekey == -1) | ||
| 238 | options->gss_store_rekey = 0; | ||
| 230 | if (options->password_authentication == -1) | 239 | if (options->password_authentication == -1) |
| 231 | options->password_authentication = 1; | 240 | options->password_authentication = 1; |
| 232 | if (options->kbd_interactive_authentication == -1) | 241 | if (options->kbd_interactive_authentication == -1) |
| @@ -318,7 +327,9 @@ typedef enum { | |||
| 318 | sBanner, sUseDNS, sHostbasedAuthentication, | 327 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 319 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 328 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 320 | sClientAliveCountMax, sAuthorizedKeysFile, | 329 | sClientAliveCountMax, sAuthorizedKeysFile, |
| 321 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 330 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 331 | sGssKeyEx, sGssStoreRekey, | ||
| 332 | sAcceptEnv, sPermitTunnel, | ||
| 322 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 333 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 323 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 334 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 335 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| @@ -382,10 +393,20 @@ static struct { | |||
| 382 | #ifdef GSSAPI | 393 | #ifdef GSSAPI |
| 383 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 394 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 384 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 395 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 396 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 397 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 398 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 399 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 385 | #else | 400 | #else |
| 386 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 401 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 387 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 402 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 403 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 404 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 405 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 406 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 388 | #endif | 407 | #endif |
| 408 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 409 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 389 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 410 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 390 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 411 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 391 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 412 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -962,10 +983,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 962 | intptr = &options->gss_authentication; | 983 | intptr = &options->gss_authentication; |
| 963 | goto parse_flag; | 984 | goto parse_flag; |
| 964 | 985 | ||
| 986 | case sGssKeyEx: | ||
| 987 | intptr = &options->gss_keyex; | ||
| 988 | goto parse_flag; | ||
| 989 | |||
| 965 | case sGssCleanupCreds: | 990 | case sGssCleanupCreds: |
| 966 | intptr = &options->gss_cleanup_creds; | 991 | intptr = &options->gss_cleanup_creds; |
| 967 | goto parse_flag; | 992 | goto parse_flag; |
| 968 | 993 | ||
| 994 | case sGssStrictAcceptor: | ||
| 995 | intptr = &options->gss_strict_acceptor; | ||
| 996 | goto parse_flag; | ||
| 997 | |||
| 998 | case sGssStoreRekey: | ||
| 999 | intptr = &options->gss_store_rekey; | ||
| 1000 | goto parse_flag; | ||
| 1001 | |||
| 969 | case sPasswordAuthentication: | 1002 | case sPasswordAuthentication: |
| 970 | intptr = &options->password_authentication; | 1003 | intptr = &options->password_authentication; |
| 971 | goto parse_flag; | 1004 | goto parse_flag; |
| @@ -1720,7 +1753,10 @@ dump_config(ServerOptions *o) | |||
| 1720 | #endif | 1753 | #endif |
| 1721 | #ifdef GSSAPI | 1754 | #ifdef GSSAPI |
| 1722 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1755 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 1756 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 1723 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1757 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 1758 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 1759 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 1724 | #endif | 1760 | #endif |
| 1725 | #ifdef JPAKE | 1761 | #ifdef JPAKE |
| 1726 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1762 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |