diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index f4b7dd58b..8e69ea5ce 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.230 2012/09/13 23:37:36 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.231 2012/10/30 21:29:54 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -135,6 +135,8 @@ initialize_server_options(ServerOptions *options) | |||
135 | options->num_permitted_opens = -1; | 135 | options->num_permitted_opens = -1; |
136 | options->adm_forced_command = NULL; | 136 | options->adm_forced_command = NULL; |
137 | options->chroot_directory = NULL; | 137 | options->chroot_directory = NULL; |
138 | options->authorized_keys_command = NULL; | ||
139 | options->authorized_keys_command_user = NULL; | ||
138 | options->zero_knowledge_password_authentication = -1; | 140 | options->zero_knowledge_password_authentication = -1; |
139 | options->revoked_keys_file = NULL; | 141 | options->revoked_keys_file = NULL; |
140 | options->trusted_user_ca_keys = NULL; | 142 | options->trusted_user_ca_keys = NULL; |
@@ -329,6 +331,7 @@ typedef enum { | |||
329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 331 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
330 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 332 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
331 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 333 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
334 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | ||
332 | sDeprecated, sUnsupported | 335 | sDeprecated, sUnsupported |
333 | } ServerOpCodes; | 336 | } ServerOpCodes; |
334 | 337 | ||
@@ -453,6 +456,8 @@ static struct { | |||
453 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 456 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
454 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 457 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
455 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 458 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
459 | { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, | ||
460 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | ||
456 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 461 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
457 | { NULL, sBadOption, 0 } | 462 | { NULL, sBadOption, 0 } |
458 | }; | 463 | }; |
@@ -1498,6 +1503,25 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1498 | } | 1503 | } |
1499 | return 0; | 1504 | return 0; |
1500 | 1505 | ||
1506 | case sAuthorizedKeysCommand: | ||
1507 | len = strspn(cp, WHITESPACE); | ||
1508 | if (*activep && options->authorized_keys_command == NULL) { | ||
1509 | if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) | ||
1510 | fatal("%.200s line %d: AuthorizedKeysCommand " | ||
1511 | "must be an absolute path", | ||
1512 | filename, linenum); | ||
1513 | options->authorized_keys_command = xstrdup(cp + len); | ||
1514 | } | ||
1515 | return 0; | ||
1516 | |||
1517 | case sAuthorizedKeysCommandUser: | ||
1518 | charptr = &options->authorized_keys_command_user; | ||
1519 | |||
1520 | arg = strdelim(&cp); | ||
1521 | if (*activep && *charptr == NULL) | ||
1522 | *charptr = xstrdup(arg); | ||
1523 | break; | ||
1524 | |||
1501 | case sDeprecated: | 1525 | case sDeprecated: |
1502 | logit("%s line %d: Deprecated option %s", | 1526 | logit("%s line %d: Deprecated option %s", |
1503 | filename, linenum, arg); | 1527 | filename, linenum, arg); |
@@ -1648,6 +1672,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1648 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | 1672 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); |
1649 | M_CP_INTOPT(kbd_interactive_authentication); | 1673 | M_CP_INTOPT(kbd_interactive_authentication); |
1650 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1674 | M_CP_INTOPT(zero_knowledge_password_authentication); |
1675 | M_CP_STROPT(authorized_keys_command); | ||
1676 | M_CP_STROPT(authorized_keys_command_user); | ||
1651 | M_CP_INTOPT(permit_root_login); | 1677 | M_CP_INTOPT(permit_root_login); |
1652 | M_CP_INTOPT(permit_empty_passwd); | 1678 | M_CP_INTOPT(permit_empty_passwd); |
1653 | 1679 | ||
@@ -1908,6 +1934,8 @@ dump_config(ServerOptions *o) | |||
1908 | dump_cfg_string(sAuthorizedPrincipalsFile, | 1934 | dump_cfg_string(sAuthorizedPrincipalsFile, |
1909 | o->authorized_principals_file); | 1935 | o->authorized_principals_file); |
1910 | dump_cfg_string(sVersionAddendum, o->version_addendum); | 1936 | dump_cfg_string(sVersionAddendum, o->version_addendum); |
1937 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | ||
1938 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | ||
1911 | 1939 | ||
1912 | /* string arguments requiring a lookup */ | 1940 | /* string arguments requiring a lookup */ |
1913 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1941 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |