diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index c0f6af0be..e1ae07fb7 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -124,8 +124,10 @@ initialize_server_options(ServerOptions *options) | |||
| 124 | options->kerberos_ticket_cleanup = -1; | 124 | options->kerberos_ticket_cleanup = -1; |
| 125 | options->kerberos_get_afs_token = -1; | 125 | options->kerberos_get_afs_token = -1; |
| 126 | options->gss_authentication=-1; | 126 | options->gss_authentication=-1; |
| 127 | options->gss_keyex = -1; | ||
| 127 | options->gss_cleanup_creds = -1; | 128 | options->gss_cleanup_creds = -1; |
| 128 | options->gss_strict_acceptor = -1; | 129 | options->gss_strict_acceptor = -1; |
| 130 | options->gss_store_rekey = -1; | ||
| 129 | options->password_authentication = -1; | 131 | options->password_authentication = -1; |
| 130 | options->kbd_interactive_authentication = -1; | 132 | options->kbd_interactive_authentication = -1; |
| 131 | options->challenge_response_authentication = -1; | 133 | options->challenge_response_authentication = -1; |
| @@ -333,10 +335,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 333 | options->kerberos_get_afs_token = 0; | 335 | options->kerberos_get_afs_token = 0; |
| 334 | if (options->gss_authentication == -1) | 336 | if (options->gss_authentication == -1) |
| 335 | options->gss_authentication = 0; | 337 | options->gss_authentication = 0; |
| 338 | if (options->gss_keyex == -1) | ||
| 339 | options->gss_keyex = 0; | ||
| 336 | if (options->gss_cleanup_creds == -1) | 340 | if (options->gss_cleanup_creds == -1) |
| 337 | options->gss_cleanup_creds = 1; | 341 | options->gss_cleanup_creds = 1; |
| 338 | if (options->gss_strict_acceptor == -1) | 342 | if (options->gss_strict_acceptor == -1) |
| 339 | options->gss_strict_acceptor = 1; | 343 | options->gss_strict_acceptor = 1; |
| 344 | if (options->gss_store_rekey == -1) | ||
| 345 | options->gss_store_rekey = 0; | ||
| 340 | if (options->password_authentication == -1) | 346 | if (options->password_authentication == -1) |
| 341 | options->password_authentication = 1; | 347 | options->password_authentication = 1; |
| 342 | if (options->kbd_interactive_authentication == -1) | 348 | if (options->kbd_interactive_authentication == -1) |
| @@ -481,6 +487,7 @@ typedef enum { | |||
| 481 | sHostKeyAlgorithms, | 487 | sHostKeyAlgorithms, |
| 482 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 488 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
| 483 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 489 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 490 | sGssKeyEx, sGssStoreRekey, | ||
| 484 | sAcceptEnv, sSetEnv, sPermitTunnel, | 491 | sAcceptEnv, sSetEnv, sPermitTunnel, |
| 485 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, | 492 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, |
| 486 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 493 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| @@ -555,12 +562,20 @@ static struct { | |||
| 555 | #ifdef GSSAPI | 562 | #ifdef GSSAPI |
| 556 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 563 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 557 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 564 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 565 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 558 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 566 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
| 567 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 568 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 559 | #else | 569 | #else |
| 560 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 570 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 561 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 571 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 572 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 562 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 573 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
| 574 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 575 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 563 | #endif | 576 | #endif |
| 577 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 578 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 564 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 579 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 565 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 580 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 566 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 581 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1459,6 +1474,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1459 | intptr = &options->gss_authentication; | 1474 | intptr = &options->gss_authentication; |
| 1460 | goto parse_flag; | 1475 | goto parse_flag; |
| 1461 | 1476 | ||
| 1477 | case sGssKeyEx: | ||
| 1478 | intptr = &options->gss_keyex; | ||
| 1479 | goto parse_flag; | ||
| 1480 | |||
| 1462 | case sGssCleanupCreds: | 1481 | case sGssCleanupCreds: |
| 1463 | intptr = &options->gss_cleanup_creds; | 1482 | intptr = &options->gss_cleanup_creds; |
| 1464 | goto parse_flag; | 1483 | goto parse_flag; |
| @@ -1467,6 +1486,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1467 | intptr = &options->gss_strict_acceptor; | 1486 | intptr = &options->gss_strict_acceptor; |
| 1468 | goto parse_flag; | 1487 | goto parse_flag; |
| 1469 | 1488 | ||
| 1489 | case sGssStoreRekey: | ||
| 1490 | intptr = &options->gss_store_rekey; | ||
| 1491 | goto parse_flag; | ||
| 1492 | |||
| 1470 | case sPasswordAuthentication: | 1493 | case sPasswordAuthentication: |
| 1471 | intptr = &options->password_authentication; | 1494 | intptr = &options->password_authentication; |
| 1472 | goto parse_flag; | 1495 | goto parse_flag; |
| @@ -2551,7 +2574,10 @@ dump_config(ServerOptions *o) | |||
| 2551 | #endif | 2574 | #endif |
| 2552 | #ifdef GSSAPI | 2575 | #ifdef GSSAPI |
| 2553 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2576 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2577 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 2554 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2578 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2579 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2580 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 2555 | #endif | 2581 | #endif |
| 2556 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2582 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2557 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2583 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |