diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 5be0c7bbf..5b8c686c2 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -107,6 +107,7 @@ initialize_server_options(ServerOptions *options) | |||
| 107 | options->password_authentication = -1; | 107 | options->password_authentication = -1; |
| 108 | options->kbd_interactive_authentication = -1; | 108 | options->kbd_interactive_authentication = -1; |
| 109 | options->challenge_response_authentication = -1; | 109 | options->challenge_response_authentication = -1; |
| 110 | options->permit_blacklisted_keys = -1; | ||
| 110 | options->permit_empty_passwd = -1; | 111 | options->permit_empty_passwd = -1; |
| 111 | options->permit_user_env = -1; | 112 | options->permit_user_env = -1; |
| 112 | options->use_login = -1; | 113 | options->use_login = -1; |
| @@ -145,6 +146,7 @@ initialize_server_options(ServerOptions *options) | |||
| 145 | options->ip_qos_interactive = -1; | 146 | options->ip_qos_interactive = -1; |
| 146 | options->ip_qos_bulk = -1; | 147 | options->ip_qos_bulk = -1; |
| 147 | options->version_addendum = NULL; | 148 | options->version_addendum = NULL; |
| 149 | options->debian_banner = -1; | ||
| 148 | } | 150 | } |
| 149 | 151 | ||
| 150 | void | 152 | void |
| @@ -246,6 +248,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 246 | options->kbd_interactive_authentication = 0; | 248 | options->kbd_interactive_authentication = 0; |
| 247 | if (options->challenge_response_authentication == -1) | 249 | if (options->challenge_response_authentication == -1) |
| 248 | options->challenge_response_authentication = 1; | 250 | options->challenge_response_authentication = 1; |
| 251 | if (options->permit_blacklisted_keys == -1) | ||
| 252 | options->permit_blacklisted_keys = 0; | ||
| 249 | if (options->permit_empty_passwd == -1) | 253 | if (options->permit_empty_passwd == -1) |
| 250 | options->permit_empty_passwd = 0; | 254 | options->permit_empty_passwd = 0; |
| 251 | if (options->permit_user_env == -1) | 255 | if (options->permit_user_env == -1) |
| @@ -292,6 +296,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 292 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 296 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
| 293 | if (options->version_addendum == NULL) | 297 | if (options->version_addendum == NULL) |
| 294 | options->version_addendum = xstrdup(""); | 298 | options->version_addendum = xstrdup(""); |
| 299 | if (options->debian_banner == -1) | ||
| 300 | options->debian_banner = 1; | ||
| 295 | /* Turn privilege separation on by default */ | 301 | /* Turn privilege separation on by default */ |
| 296 | if (use_privsep == -1) | 302 | if (use_privsep == -1) |
| 297 | use_privsep = PRIVSEP_NOSANDBOX; | 303 | use_privsep = PRIVSEP_NOSANDBOX; |
| @@ -323,7 +329,7 @@ typedef enum { | |||
| 323 | sListenAddress, sAddressFamily, | 329 | sListenAddress, sAddressFamily, |
| 324 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 330 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 325 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 331 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| 326 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 332 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, |
| 327 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 333 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| 328 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 334 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 329 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 335 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| @@ -340,6 +346,7 @@ typedef enum { | |||
| 340 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 346 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 341 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 347 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 342 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 348 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
| 349 | sDebianBanner, | ||
| 343 | sDeprecated, sUnsupported | 350 | sDeprecated, sUnsupported |
| 344 | } ServerOpCodes; | 351 | } ServerOpCodes; |
| 345 | 352 | ||
| @@ -433,6 +440,7 @@ static struct { | |||
| 433 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 440 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
| 434 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 441 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
| 435 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 442 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
| 443 | { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, | ||
| 436 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 444 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
| 437 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 445 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
| 438 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 446 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
| @@ -475,6 +483,7 @@ static struct { | |||
| 475 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 483 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
| 476 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 484 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
| 477 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 485 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
| 486 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
| 478 | { NULL, sBadOption, 0 } | 487 | { NULL, sBadOption, 0 } |
| 479 | }; | 488 | }; |
| 480 | 489 | ||
| @@ -1116,6 +1125,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1116 | intptr = &options->tcp_keep_alive; | 1125 | intptr = &options->tcp_keep_alive; |
| 1117 | goto parse_flag; | 1126 | goto parse_flag; |
| 1118 | 1127 | ||
| 1128 | case sPermitBlacklistedKeys: | ||
| 1129 | intptr = &options->permit_blacklisted_keys; | ||
| 1130 | goto parse_flag; | ||
| 1131 | |||
| 1119 | case sEmptyPasswd: | 1132 | case sEmptyPasswd: |
| 1120 | intptr = &options->permit_empty_passwd; | 1133 | intptr = &options->permit_empty_passwd; |
| 1121 | goto parse_flag; | 1134 | goto parse_flag; |
| @@ -1530,6 +1543,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1530 | } | 1543 | } |
| 1531 | return 0; | 1544 | return 0; |
| 1532 | 1545 | ||
| 1546 | case sDebianBanner: | ||
| 1547 | intptr = &options->debian_banner; | ||
| 1548 | goto parse_int; | ||
| 1549 | |||
| 1533 | case sDeprecated: | 1550 | case sDeprecated: |
| 1534 | logit("%s line %d: Deprecated option %s", | 1551 | logit("%s line %d: Deprecated option %s", |
| 1535 | filename, linenum, arg); | 1552 | filename, linenum, arg); |
| @@ -1921,6 +1938,7 @@ dump_config(ServerOptions *o) | |||
| 1921 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 1938 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
| 1922 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 1939 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
| 1923 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 1940 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
| 1941 | dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys); | ||
| 1924 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); | 1942 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); |
| 1925 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); | 1943 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
| 1926 | dump_cfg_fmtint(sUseLogin, o->use_login); | 1944 | dump_cfg_fmtint(sUseLogin, o->use_login); |