diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 7ba65d51d..0083cf896 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -108,7 +108,10 @@ initialize_server_options(ServerOptions *options) | |||
108 | options->kerberos_ticket_cleanup = -1; | 108 | options->kerberos_ticket_cleanup = -1; |
109 | options->kerberos_get_afs_token = -1; | 109 | options->kerberos_get_afs_token = -1; |
110 | options->gss_authentication=-1; | 110 | options->gss_authentication=-1; |
111 | options->gss_keyex = -1; | ||
111 | options->gss_cleanup_creds = -1; | 112 | options->gss_cleanup_creds = -1; |
113 | options->gss_strict_acceptor = -1; | ||
114 | options->gss_store_rekey = -1; | ||
112 | options->password_authentication = -1; | 115 | options->password_authentication = -1; |
113 | options->kbd_interactive_authentication = -1; | 116 | options->kbd_interactive_authentication = -1; |
114 | options->challenge_response_authentication = -1; | 117 | options->challenge_response_authentication = -1; |
@@ -244,8 +247,14 @@ fill_default_server_options(ServerOptions *options) | |||
244 | options->kerberos_get_afs_token = 0; | 247 | options->kerberos_get_afs_token = 0; |
245 | if (options->gss_authentication == -1) | 248 | if (options->gss_authentication == -1) |
246 | options->gss_authentication = 0; | 249 | options->gss_authentication = 0; |
250 | if (options->gss_keyex == -1) | ||
251 | options->gss_keyex = 0; | ||
247 | if (options->gss_cleanup_creds == -1) | 252 | if (options->gss_cleanup_creds == -1) |
248 | options->gss_cleanup_creds = 1; | 253 | options->gss_cleanup_creds = 1; |
254 | if (options->gss_strict_acceptor == -1) | ||
255 | options->gss_strict_acceptor = 1; | ||
256 | if (options->gss_store_rekey == -1) | ||
257 | options->gss_store_rekey = 0; | ||
249 | if (options->password_authentication == -1) | 258 | if (options->password_authentication == -1) |
250 | options->password_authentication = 1; | 259 | options->password_authentication = 1; |
251 | if (options->kbd_interactive_authentication == -1) | 260 | if (options->kbd_interactive_authentication == -1) |
@@ -340,7 +349,9 @@ typedef enum { | |||
340 | sBanner, sUseDNS, sHostbasedAuthentication, | 349 | sBanner, sUseDNS, sHostbasedAuthentication, |
341 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 350 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
342 | sClientAliveCountMax, sAuthorizedKeysFile, | 351 | sClientAliveCountMax, sAuthorizedKeysFile, |
343 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 352 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
353 | sGssKeyEx, sGssStoreRekey, | ||
354 | sAcceptEnv, sPermitTunnel, | ||
344 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 355 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
345 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 356 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
346 | sHostCertificate, | 357 | sHostCertificate, |
@@ -407,10 +418,20 @@ static struct { | |||
407 | #ifdef GSSAPI | 418 | #ifdef GSSAPI |
408 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 419 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
409 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 420 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
421 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
422 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
423 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
424 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
410 | #else | 425 | #else |
411 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 426 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
412 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 427 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
428 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
429 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
430 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
431 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
413 | #endif | 432 | #endif |
433 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
434 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
414 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 435 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
415 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 436 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
416 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 437 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1086,10 +1107,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1086 | intptr = &options->gss_authentication; | 1107 | intptr = &options->gss_authentication; |
1087 | goto parse_flag; | 1108 | goto parse_flag; |
1088 | 1109 | ||
1110 | case sGssKeyEx: | ||
1111 | intptr = &options->gss_keyex; | ||
1112 | goto parse_flag; | ||
1113 | |||
1089 | case sGssCleanupCreds: | 1114 | case sGssCleanupCreds: |
1090 | intptr = &options->gss_cleanup_creds; | 1115 | intptr = &options->gss_cleanup_creds; |
1091 | goto parse_flag; | 1116 | goto parse_flag; |
1092 | 1117 | ||
1118 | case sGssStrictAcceptor: | ||
1119 | intptr = &options->gss_strict_acceptor; | ||
1120 | goto parse_flag; | ||
1121 | |||
1122 | case sGssStoreRekey: | ||
1123 | intptr = &options->gss_store_rekey; | ||
1124 | goto parse_flag; | ||
1125 | |||
1093 | case sPasswordAuthentication: | 1126 | case sPasswordAuthentication: |
1094 | intptr = &options->password_authentication; | 1127 | intptr = &options->password_authentication; |
1095 | goto parse_flag; | 1128 | goto parse_flag; |
@@ -1995,7 +2028,10 @@ dump_config(ServerOptions *o) | |||
1995 | #endif | 2028 | #endif |
1996 | #ifdef GSSAPI | 2029 | #ifdef GSSAPI |
1997 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2030 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2031 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1998 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2032 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2033 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2034 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
1999 | #endif | 2035 | #endif |
2000 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2036 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2001 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2037 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |