summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c38
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index 91986e55d..9bff59de3 100644
--- a/servconf.c
+++ b/servconf.c
@@ -97,7 +97,10 @@ initialize_server_options(ServerOptions *options)
97 options->kerberos_ticket_cleanup = -1; 97 options->kerberos_ticket_cleanup = -1;
98 options->kerberos_get_afs_token = -1; 98 options->kerberos_get_afs_token = -1;
99 options->gss_authentication=-1; 99 options->gss_authentication=-1;
100 options->gss_keyex = -1;
100 options->gss_cleanup_creds = -1; 101 options->gss_cleanup_creds = -1;
102 options->gss_strict_acceptor = -1;
103 options->gss_store_rekey = -1;
101 options->password_authentication = -1; 104 options->password_authentication = -1;
102 options->kbd_interactive_authentication = -1; 105 options->kbd_interactive_authentication = -1;
103 options->challenge_response_authentication = -1; 106 options->challenge_response_authentication = -1;
@@ -225,8 +228,14 @@ fill_default_server_options(ServerOptions *options)
225 options->kerberos_get_afs_token = 0; 228 options->kerberos_get_afs_token = 0;
226 if (options->gss_authentication == -1) 229 if (options->gss_authentication == -1)
227 options->gss_authentication = 0; 230 options->gss_authentication = 0;
231 if (options->gss_keyex == -1)
232 options->gss_keyex = 0;
228 if (options->gss_cleanup_creds == -1) 233 if (options->gss_cleanup_creds == -1)
229 options->gss_cleanup_creds = 1; 234 options->gss_cleanup_creds = 1;
235 if (options->gss_strict_acceptor == -1)
236 options->gss_strict_acceptor = 1;
237 if (options->gss_store_rekey == -1)
238 options->gss_store_rekey = 0;
230 if (options->password_authentication == -1) 239 if (options->password_authentication == -1)
231 options->password_authentication = 1; 240 options->password_authentication = 1;
232 if (options->kbd_interactive_authentication == -1) 241 if (options->kbd_interactive_authentication == -1)
@@ -318,7 +327,9 @@ typedef enum {
318 sBanner, sUseDNS, sHostbasedAuthentication, 327 sBanner, sUseDNS, sHostbasedAuthentication,
319 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 328 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
320 sClientAliveCountMax, sAuthorizedKeysFile, 329 sClientAliveCountMax, sAuthorizedKeysFile,
321 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, 330 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
331 sGssKeyEx, sGssStoreRekey,
332 sAcceptEnv, sPermitTunnel,
322 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 333 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
323 sUsePrivilegeSeparation, sAllowAgentForwarding, 334 sUsePrivilegeSeparation, sAllowAgentForwarding,
324 sZeroKnowledgePasswordAuthentication, sHostCertificate, 335 sZeroKnowledgePasswordAuthentication, sHostCertificate,
@@ -382,10 +393,20 @@ static struct {
382#ifdef GSSAPI 393#ifdef GSSAPI
383 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 394 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
384 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 395 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
396 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
397 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
398 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
399 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
385#else 400#else
386 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 401 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
387 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 402 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
403 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
404 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
405 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
406 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
388#endif 407#endif
408 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
409 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
389 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 410 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
390 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 411 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
391 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 412 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -962,10 +983,22 @@ process_server_config_line(ServerOptions *options, char *line,
962 intptr = &options->gss_authentication; 983 intptr = &options->gss_authentication;
963 goto parse_flag; 984 goto parse_flag;
964 985
986 case sGssKeyEx:
987 intptr = &options->gss_keyex;
988 goto parse_flag;
989
965 case sGssCleanupCreds: 990 case sGssCleanupCreds:
966 intptr = &options->gss_cleanup_creds; 991 intptr = &options->gss_cleanup_creds;
967 goto parse_flag; 992 goto parse_flag;
968 993
994 case sGssStrictAcceptor:
995 intptr = &options->gss_strict_acceptor;
996 goto parse_flag;
997
998 case sGssStoreRekey:
999 intptr = &options->gss_store_rekey;
1000 goto parse_flag;
1001
969 case sPasswordAuthentication: 1002 case sPasswordAuthentication:
970 intptr = &options->password_authentication; 1003 intptr = &options->password_authentication;
971 goto parse_flag; 1004 goto parse_flag;
@@ -1720,7 +1753,10 @@ dump_config(ServerOptions *o)
1720#endif 1753#endif
1721#ifdef GSSAPI 1754#ifdef GSSAPI
1722 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1755 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1756 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1723 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1757 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1758 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1759 dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
1724#endif 1760#endif
1725#ifdef JPAKE 1761#ifdef JPAKE
1726 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1762 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,