diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 88 |
1 files changed, 57 insertions, 31 deletions
diff --git a/servconf.c b/servconf.c index 872ff4a87..86949c33f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.167 2006/12/14 10:01:14 dtucker Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.168 2007/02/19 10:45:58 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -325,14 +325,14 @@ static struct { | |||
325 | { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, | 325 | { "syslogfacility", sLogFacility, SSHCFG_GLOBAL }, |
326 | { "loglevel", sLogLevel, SSHCFG_GLOBAL }, | 326 | { "loglevel", sLogLevel, SSHCFG_GLOBAL }, |
327 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 327 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
328 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL }, | 328 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
329 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL }, | 329 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
330 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 330 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, |
331 | { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL }, | 331 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
332 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, | 332 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
333 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 333 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
334 | #ifdef KRB5 | 334 | #ifdef KRB5 |
335 | { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL }, | 335 | { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, |
336 | { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, | 336 | { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL }, |
337 | { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, | 337 | { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL }, |
338 | #ifdef USE_AFS | 338 | #ifdef USE_AFS |
@@ -341,7 +341,7 @@ static struct { | |||
341 | { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, | 341 | { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, |
342 | #endif | 342 | #endif |
343 | #else | 343 | #else |
344 | { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL }, | 344 | { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, |
345 | { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, | 345 | { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, |
346 | { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, | 346 | { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, |
347 | { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, | 347 | { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, |
@@ -349,15 +349,15 @@ static struct { | |||
349 | { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, | 349 | { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, |
350 | { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, | 350 | { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, |
351 | #ifdef GSSAPI | 351 | #ifdef GSSAPI |
352 | { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL }, | 352 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
353 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 353 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
354 | #else | 354 | #else |
355 | { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL }, | 355 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
356 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 356 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
357 | #endif | 357 | #endif |
358 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL }, | 358 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
359 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL }, | 359 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
360 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 360 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, |
361 | { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ | 361 | { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ |
362 | { "checkmail", sDeprecated, SSHCFG_GLOBAL }, | 362 | { "checkmail", sDeprecated, SSHCFG_GLOBAL }, |
363 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, | 363 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, |
@@ -389,7 +389,7 @@ static struct { | |||
389 | { "subsystem", sSubsystem, SSHCFG_GLOBAL }, | 389 | { "subsystem", sSubsystem, SSHCFG_GLOBAL }, |
390 | { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, | 390 | { "maxstartups", sMaxStartups, SSHCFG_GLOBAL }, |
391 | { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL }, | 391 | { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL }, |
392 | { "banner", sBanner, SSHCFG_GLOBAL }, | 392 | { "banner", sBanner, SSHCFG_ALL }, |
393 | { "usedns", sUseDNS, SSHCFG_GLOBAL }, | 393 | { "usedns", sUseDNS, SSHCFG_GLOBAL }, |
394 | { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, | 394 | { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, |
395 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 395 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
@@ -1317,30 +1317,56 @@ parse_server_match_config(ServerOptions *options, const char *user, | |||
1317 | 1317 | ||
1318 | initialize_server_options(&mo); | 1318 | initialize_server_options(&mo); |
1319 | parse_server_config(&mo, "reprocess config", &cfg, user, host, address); | 1319 | parse_server_config(&mo, "reprocess config", &cfg, user, host, address); |
1320 | copy_set_server_options(options, &mo); | 1320 | copy_set_server_options(options, &mo, 0); |
1321 | } | 1321 | } |
1322 | 1322 | ||
1323 | /* Copy any (supported) values that are set */ | 1323 | /* Helper macros */ |
1324 | #define M_CP_INTOPT(n) do {\ | ||
1325 | if (src->n != -1) \ | ||
1326 | dst->n = src->n; \ | ||
1327 | } while (0) | ||
1328 | #define M_CP_STROPT(n) do {\ | ||
1329 | if (src->n != NULL) { \ | ||
1330 | if (dst->n != NULL) \ | ||
1331 | xfree(dst->n); \ | ||
1332 | dst->n = src->n; \ | ||
1333 | } \ | ||
1334 | } while(0) | ||
1335 | |||
1336 | /* | ||
1337 | * Copy any supported values that are set. | ||
1338 | * | ||
1339 | * If the preauth flag is set, we do not bother copying the the string or | ||
1340 | * array values that are not used pre-authentication, because any that we | ||
1341 | * do use must be explictly sent in mm_getpwnamallow(). | ||
1342 | */ | ||
1324 | void | 1343 | void |
1325 | copy_set_server_options(ServerOptions *dst, ServerOptions *src) | 1344 | copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) |
1326 | { | 1345 | { |
1327 | if (src->allow_tcp_forwarding != -1) | 1346 | M_CP_INTOPT(password_authentication); |
1328 | dst->allow_tcp_forwarding = src->allow_tcp_forwarding; | 1347 | M_CP_INTOPT(gss_authentication); |
1329 | if (src->gateway_ports != -1) | 1348 | M_CP_INTOPT(rsa_authentication); |
1330 | dst->gateway_ports = src->gateway_ports; | 1349 | M_CP_INTOPT(pubkey_authentication); |
1331 | if (src->adm_forced_command != NULL) { | 1350 | M_CP_INTOPT(kerberos_authentication); |
1332 | if (dst->adm_forced_command != NULL) | 1351 | M_CP_INTOPT(hostbased_authentication); |
1333 | xfree(dst->adm_forced_command); | 1352 | M_CP_INTOPT(kbd_interactive_authentication); |
1334 | dst->adm_forced_command = src->adm_forced_command; | 1353 | M_CP_INTOPT(challenge_response_authentication); |
1335 | } | 1354 | |
1336 | if (src->x11_display_offset != -1) | 1355 | M_CP_INTOPT(allow_tcp_forwarding); |
1337 | dst->x11_display_offset = src->x11_display_offset; | 1356 | M_CP_INTOPT(gateway_ports); |
1338 | if (src->x11_forwarding != -1) | 1357 | M_CP_INTOPT(x11_display_offset); |
1339 | dst->x11_forwarding = src->x11_forwarding; | 1358 | M_CP_INTOPT(x11_forwarding); |
1340 | if (src->x11_use_localhost != -1) | 1359 | M_CP_INTOPT(x11_use_localhost); |
1341 | dst->x11_use_localhost = src->x11_use_localhost; | 1360 | |
1361 | M_CP_STROPT(banner); | ||
1362 | if (preauth) | ||
1363 | return; | ||
1364 | M_CP_STROPT(adm_forced_command); | ||
1342 | } | 1365 | } |
1343 | 1366 | ||
1367 | #undef M_CP_INTOPT | ||
1368 | #undef M_CP_STROPT | ||
1369 | |||
1344 | void | 1370 | void |
1345 | parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | 1371 | parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, |
1346 | const char *user, const char *host, const char *address) | 1372 | const char *user, const char *host, const char *address) |