diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index e2f20a3d1..b08772601 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -97,7 +97,10 @@ initialize_server_options(ServerOptions *options) | |||
97 | options->kerberos_ticket_cleanup = -1; | 97 | options->kerberos_ticket_cleanup = -1; |
98 | options->kerberos_get_afs_token = -1; | 98 | options->kerberos_get_afs_token = -1; |
99 | options->gss_authentication=-1; | 99 | options->gss_authentication=-1; |
100 | options->gss_keyex = -1; | ||
100 | options->gss_cleanup_creds = -1; | 101 | options->gss_cleanup_creds = -1; |
102 | options->gss_strict_acceptor = -1; | ||
103 | options->gss_store_rekey = -1; | ||
101 | options->password_authentication = -1; | 104 | options->password_authentication = -1; |
102 | options->kbd_interactive_authentication = -1; | 105 | options->kbd_interactive_authentication = -1; |
103 | options->challenge_response_authentication = -1; | 106 | options->challenge_response_authentication = -1; |
@@ -226,8 +229,14 @@ fill_default_server_options(ServerOptions *options) | |||
226 | options->kerberos_get_afs_token = 0; | 229 | options->kerberos_get_afs_token = 0; |
227 | if (options->gss_authentication == -1) | 230 | if (options->gss_authentication == -1) |
228 | options->gss_authentication = 0; | 231 | options->gss_authentication = 0; |
232 | if (options->gss_keyex == -1) | ||
233 | options->gss_keyex = 0; | ||
229 | if (options->gss_cleanup_creds == -1) | 234 | if (options->gss_cleanup_creds == -1) |
230 | options->gss_cleanup_creds = 1; | 235 | options->gss_cleanup_creds = 1; |
236 | if (options->gss_strict_acceptor == -1) | ||
237 | options->gss_strict_acceptor = 1; | ||
238 | if (options->gss_store_rekey == -1) | ||
239 | options->gss_store_rekey = 0; | ||
231 | if (options->password_authentication == -1) | 240 | if (options->password_authentication == -1) |
232 | options->password_authentication = 1; | 241 | options->password_authentication = 1; |
233 | if (options->kbd_interactive_authentication == -1) | 242 | if (options->kbd_interactive_authentication == -1) |
@@ -322,7 +331,9 @@ typedef enum { | |||
322 | sBanner, sUseDNS, sHostbasedAuthentication, | 331 | sBanner, sUseDNS, sHostbasedAuthentication, |
323 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 332 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
324 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 333 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
325 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 334 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
335 | sGssKeyEx, sGssStoreRekey, | ||
336 | sAcceptEnv, sPermitTunnel, | ||
326 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 337 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
327 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 338 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
328 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 339 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
@@ -386,10 +397,20 @@ static struct { | |||
386 | #ifdef GSSAPI | 397 | #ifdef GSSAPI |
387 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 398 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
388 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 399 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
400 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
401 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
402 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
403 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
389 | #else | 404 | #else |
390 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 405 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
391 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 406 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
407 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
408 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
409 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
410 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
392 | #endif | 411 | #endif |
412 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
413 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
393 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 414 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
394 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 415 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
395 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 416 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -944,10 +965,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
944 | intptr = &options->gss_authentication; | 965 | intptr = &options->gss_authentication; |
945 | goto parse_flag; | 966 | goto parse_flag; |
946 | 967 | ||
968 | case sGssKeyEx: | ||
969 | intptr = &options->gss_keyex; | ||
970 | goto parse_flag; | ||
971 | |||
947 | case sGssCleanupCreds: | 972 | case sGssCleanupCreds: |
948 | intptr = &options->gss_cleanup_creds; | 973 | intptr = &options->gss_cleanup_creds; |
949 | goto parse_flag; | 974 | goto parse_flag; |
950 | 975 | ||
976 | case sGssStrictAcceptor: | ||
977 | intptr = &options->gss_strict_acceptor; | ||
978 | goto parse_flag; | ||
979 | |||
980 | case sGssStoreRekey: | ||
981 | intptr = &options->gss_store_rekey; | ||
982 | goto parse_flag; | ||
983 | |||
951 | case sPasswordAuthentication: | 984 | case sPasswordAuthentication: |
952 | intptr = &options->password_authentication; | 985 | intptr = &options->password_authentication; |
953 | goto parse_flag; | 986 | goto parse_flag; |
@@ -1704,7 +1737,10 @@ dump_config(ServerOptions *o) | |||
1704 | #endif | 1737 | #endif |
1705 | #ifdef GSSAPI | 1738 | #ifdef GSSAPI |
1706 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1739 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
1740 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1707 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1741 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
1742 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
1743 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
1708 | #endif | 1744 | #endif |
1709 | #ifdef JPAKE | 1745 | #ifdef JPAKE |
1710 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1746 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |