diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index f4b7dd58b..8e69ea5ce 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.230 2012/09/13 23:37:36 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.231 2012/10/30 21:29:54 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -135,6 +135,8 @@ initialize_server_options(ServerOptions *options) | |||
| 135 | options->num_permitted_opens = -1; | 135 | options->num_permitted_opens = -1; |
| 136 | options->adm_forced_command = NULL; | 136 | options->adm_forced_command = NULL; |
| 137 | options->chroot_directory = NULL; | 137 | options->chroot_directory = NULL; |
| 138 | options->authorized_keys_command = NULL; | ||
| 139 | options->authorized_keys_command_user = NULL; | ||
| 138 | options->zero_knowledge_password_authentication = -1; | 140 | options->zero_knowledge_password_authentication = -1; |
| 139 | options->revoked_keys_file = NULL; | 141 | options->revoked_keys_file = NULL; |
| 140 | options->trusted_user_ca_keys = NULL; | 142 | options->trusted_user_ca_keys = NULL; |
| @@ -329,6 +331,7 @@ typedef enum { | |||
| 329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 331 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| 330 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 332 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 331 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 333 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
| 334 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | ||
| 332 | sDeprecated, sUnsupported | 335 | sDeprecated, sUnsupported |
| 333 | } ServerOpCodes; | 336 | } ServerOpCodes; |
| 334 | 337 | ||
| @@ -453,6 +456,8 @@ static struct { | |||
| 453 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 456 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
| 454 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 457 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
| 455 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 458 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
| 459 | { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, | ||
| 460 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | ||
| 456 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 461 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
| 457 | { NULL, sBadOption, 0 } | 462 | { NULL, sBadOption, 0 } |
| 458 | }; | 463 | }; |
| @@ -1498,6 +1503,25 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1498 | } | 1503 | } |
| 1499 | return 0; | 1504 | return 0; |
| 1500 | 1505 | ||
| 1506 | case sAuthorizedKeysCommand: | ||
| 1507 | len = strspn(cp, WHITESPACE); | ||
| 1508 | if (*activep && options->authorized_keys_command == NULL) { | ||
| 1509 | if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) | ||
| 1510 | fatal("%.200s line %d: AuthorizedKeysCommand " | ||
| 1511 | "must be an absolute path", | ||
| 1512 | filename, linenum); | ||
| 1513 | options->authorized_keys_command = xstrdup(cp + len); | ||
| 1514 | } | ||
| 1515 | return 0; | ||
| 1516 | |||
| 1517 | case sAuthorizedKeysCommandUser: | ||
| 1518 | charptr = &options->authorized_keys_command_user; | ||
| 1519 | |||
| 1520 | arg = strdelim(&cp); | ||
| 1521 | if (*activep && *charptr == NULL) | ||
| 1522 | *charptr = xstrdup(arg); | ||
| 1523 | break; | ||
| 1524 | |||
| 1501 | case sDeprecated: | 1525 | case sDeprecated: |
| 1502 | logit("%s line %d: Deprecated option %s", | 1526 | logit("%s line %d: Deprecated option %s", |
| 1503 | filename, linenum, arg); | 1527 | filename, linenum, arg); |
| @@ -1648,6 +1672,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 1648 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | 1672 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); |
| 1649 | M_CP_INTOPT(kbd_interactive_authentication); | 1673 | M_CP_INTOPT(kbd_interactive_authentication); |
| 1650 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1674 | M_CP_INTOPT(zero_knowledge_password_authentication); |
| 1675 | M_CP_STROPT(authorized_keys_command); | ||
| 1676 | M_CP_STROPT(authorized_keys_command_user); | ||
| 1651 | M_CP_INTOPT(permit_root_login); | 1677 | M_CP_INTOPT(permit_root_login); |
| 1652 | M_CP_INTOPT(permit_empty_passwd); | 1678 | M_CP_INTOPT(permit_empty_passwd); |
| 1653 | 1679 | ||
| @@ -1908,6 +1934,8 @@ dump_config(ServerOptions *o) | |||
| 1908 | dump_cfg_string(sAuthorizedPrincipalsFile, | 1934 | dump_cfg_string(sAuthorizedPrincipalsFile, |
| 1909 | o->authorized_principals_file); | 1935 | o->authorized_principals_file); |
| 1910 | dump_cfg_string(sVersionAddendum, o->version_addendum); | 1936 | dump_cfg_string(sVersionAddendum, o->version_addendum); |
| 1937 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | ||
| 1938 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | ||
| 1911 | 1939 | ||
| 1912 | /* string arguments requiring a lookup */ | 1940 | /* string arguments requiring a lookup */ |
| 1913 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1941 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |