diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 49 |
1 files changed, 42 insertions, 7 deletions
diff --git a/servconf.c b/servconf.c index 2d1a0c362..becd5b7c5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "log.h" | 16 | #include "log.h" |
@@ -72,6 +72,7 @@ initialize_server_options(ServerOptions *options) | |||
72 | options->kerberos_ticket_cleanup = -1; | 72 | options->kerberos_ticket_cleanup = -1; |
73 | options->kerberos_get_afs_token = -1; | 73 | options->kerberos_get_afs_token = -1; |
74 | options->gss_authentication=-1; | 74 | options->gss_authentication=-1; |
75 | options->gss_keyex = -1; | ||
75 | options->gss_cleanup_creds = -1; | 76 | options->gss_cleanup_creds = -1; |
76 | options->password_authentication = -1; | 77 | options->password_authentication = -1; |
77 | options->kbd_interactive_authentication = -1; | 78 | options->kbd_interactive_authentication = -1; |
@@ -186,6 +187,8 @@ fill_default_server_options(ServerOptions *options) | |||
186 | options->kerberos_get_afs_token = 0; | 187 | options->kerberos_get_afs_token = 0; |
187 | if (options->gss_authentication == -1) | 188 | if (options->gss_authentication == -1) |
188 | options->gss_authentication = 0; | 189 | options->gss_authentication = 0; |
190 | if (options->gss_keyex == -1) | ||
191 | options->gss_keyex = 0; | ||
189 | if (options->gss_cleanup_creds == -1) | 192 | if (options->gss_cleanup_creds == -1) |
190 | options->gss_cleanup_creds = 1; | 193 | options->gss_cleanup_creds = 1; |
191 | if (options->password_authentication == -1) | 194 | if (options->password_authentication == -1) |
@@ -201,7 +204,7 @@ fill_default_server_options(ServerOptions *options) | |||
201 | if (options->use_login == -1) | 204 | if (options->use_login == -1) |
202 | options->use_login = 0; | 205 | options->use_login = 0; |
203 | if (options->compression == -1) | 206 | if (options->compression == -1) |
204 | options->compression = 1; | 207 | options->compression = COMP_DELAYED; |
205 | if (options->allow_tcp_forwarding == -1) | 208 | if (options->allow_tcp_forwarding == -1) |
206 | options->allow_tcp_forwarding = 1; | 209 | options->allow_tcp_forwarding = 1; |
207 | if (options->gateway_ports == -1) | 210 | if (options->gateway_ports == -1) |
@@ -270,7 +273,7 @@ typedef enum { | |||
270 | sBanner, sUseDNS, sHostbasedAuthentication, | 273 | sBanner, sUseDNS, sHostbasedAuthentication, |
271 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 274 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
272 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 275 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
273 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, | 276 | sGssAuthentication, sGssKeyEx, sGssCleanupCreds, sAcceptEnv, |
274 | sUsePrivilegeSeparation, | 277 | sUsePrivilegeSeparation, |
275 | sDeprecated, sUnsupported | 278 | sDeprecated, sUnsupported |
276 | } ServerOpCodes; | 279 | } ServerOpCodes; |
@@ -324,9 +327,11 @@ static struct { | |||
324 | { "afstokenpassing", sUnsupported }, | 327 | { "afstokenpassing", sUnsupported }, |
325 | #ifdef GSSAPI | 328 | #ifdef GSSAPI |
326 | { "gssapiauthentication", sGssAuthentication }, | 329 | { "gssapiauthentication", sGssAuthentication }, |
330 | { "gssapikeyexchange", sGssKeyEx }, | ||
327 | { "gssapicleanupcredentials", sGssCleanupCreds }, | 331 | { "gssapicleanupcredentials", sGssCleanupCreds }, |
328 | #else | 332 | #else |
329 | { "gssapiauthentication", sUnsupported }, | 333 | { "gssapiauthentication", sUnsupported }, |
334 | { "gssapikeyexchange", sUnsupported }, | ||
330 | { "gssapicleanupcredentials", sUnsupported }, | 335 | { "gssapicleanupcredentials", sUnsupported }, |
331 | #endif | 336 | #endif |
332 | { "passwordauthentication", sPasswordAuthentication }, | 337 | { "passwordauthentication", sPasswordAuthentication }, |
@@ -398,7 +403,7 @@ parse_token(const char *cp, const char *filename, | |||
398 | static void | 403 | static void |
399 | add_listen_addr(ServerOptions *options, char *addr, u_short port) | 404 | add_listen_addr(ServerOptions *options, char *addr, u_short port) |
400 | { | 405 | { |
401 | int i; | 406 | u_int i; |
402 | 407 | ||
403 | if (options->num_ports == 0) | 408 | if (options->num_ports == 0) |
404 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | 409 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
@@ -438,9 +443,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
438 | const char *filename, int linenum) | 443 | const char *filename, int linenum) |
439 | { | 444 | { |
440 | char *cp, **charptr, *arg, *p; | 445 | char *cp, **charptr, *arg, *p; |
441 | int *intptr, value, i, n; | 446 | int *intptr, value, n; |
442 | ServerOpCodes opcode; | 447 | ServerOpCodes opcode; |
443 | u_short port; | 448 | u_short port; |
449 | u_int i; | ||
444 | 450 | ||
445 | cp = line; | 451 | cp = line; |
446 | arg = strdelim(&cp); | 452 | arg = strdelim(&cp); |
@@ -516,6 +522,12 @@ parse_time: | |||
516 | if (arg == NULL || *arg == '\0') | 522 | if (arg == NULL || *arg == '\0') |
517 | fatal("%s line %d: missing address", | 523 | fatal("%s line %d: missing address", |
518 | filename, linenum); | 524 | filename, linenum); |
525 | /* check for bare IPv6 address: no "[]" and 2 or more ":" */ | ||
526 | if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL | ||
527 | && strchr(p+1, ':') != NULL) { | ||
528 | add_listen_addr(options, arg, 0); | ||
529 | break; | ||
530 | } | ||
519 | p = hpdelim(&arg); | 531 | p = hpdelim(&arg); |
520 | if (p == NULL) | 532 | if (p == NULL) |
521 | fatal("%s line %d: bad address:port usage", | 533 | fatal("%s line %d: bad address:port usage", |
@@ -532,6 +544,9 @@ parse_time: | |||
532 | 544 | ||
533 | case sAddressFamily: | 545 | case sAddressFamily: |
534 | arg = strdelim(&cp); | 546 | arg = strdelim(&cp); |
547 | if (!arg || *arg == '\0') | ||
548 | fatal("%s line %d: missing address family.", | ||
549 | filename, linenum); | ||
535 | intptr = &options->address_family; | 550 | intptr = &options->address_family; |
536 | if (options->listen_addrs != NULL) | 551 | if (options->listen_addrs != NULL) |
537 | fatal("%s line %d: address family must be specified before " | 552 | fatal("%s line %d: address family must be specified before " |
@@ -659,6 +674,10 @@ parse_flag: | |||
659 | intptr = &options->gss_authentication; | 674 | intptr = &options->gss_authentication; |
660 | goto parse_flag; | 675 | goto parse_flag; |
661 | 676 | ||
677 | case sGssKeyEx: | ||
678 | intptr = &options->gss_keyex; | ||
679 | goto parse_flag; | ||
680 | |||
662 | case sGssCleanupCreds: | 681 | case sGssCleanupCreds: |
663 | intptr = &options->gss_cleanup_creds; | 682 | intptr = &options->gss_cleanup_creds; |
664 | goto parse_flag; | 683 | goto parse_flag; |
@@ -721,7 +740,23 @@ parse_flag: | |||
721 | 740 | ||
722 | case sCompression: | 741 | case sCompression: |
723 | intptr = &options->compression; | 742 | intptr = &options->compression; |
724 | goto parse_flag; | 743 | arg = strdelim(&cp); |
744 | if (!arg || *arg == '\0') | ||
745 | fatal("%s line %d: missing yes/no/delayed " | ||
746 | "argument.", filename, linenum); | ||
747 | value = 0; /* silence compiler */ | ||
748 | if (strcmp(arg, "delayed") == 0) | ||
749 | value = COMP_DELAYED; | ||
750 | else if (strcmp(arg, "yes") == 0) | ||
751 | value = COMP_ZLIB; | ||
752 | else if (strcmp(arg, "no") == 0) | ||
753 | value = COMP_NONE; | ||
754 | else | ||
755 | fatal("%s line %d: Bad yes/no/delayed " | ||
756 | "argument: %s", filename, linenum, arg); | ||
757 | if (*intptr == -1) | ||
758 | *intptr = value; | ||
759 | break; | ||
725 | 760 | ||
726 | case sGatewayPorts: | 761 | case sGatewayPorts: |
727 | intptr = &options->gateway_ports; | 762 | intptr = &options->gateway_ports; |
@@ -1001,7 +1036,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) | |||
1001 | 1036 | ||
1002 | obuf = cbuf = xstrdup(buffer_ptr(conf)); | 1037 | obuf = cbuf = xstrdup(buffer_ptr(conf)); |
1003 | linenum = 1; | 1038 | linenum = 1; |
1004 | while((cp = strsep(&cbuf, "\n")) != NULL) { | 1039 | while ((cp = strsep(&cbuf, "\n")) != NULL) { |
1005 | if (process_server_config_line(options, cp, filename, | 1040 | if (process_server_config_line(options, cp, filename, |
1006 | linenum++) != 0) | 1041 | linenum++) != 0) |
1007 | bad_options++; | 1042 | bad_options++; |