1 files changed, 61 insertions, 86 deletions
diff --git a/servconf.c b/servconf.c
index 2510659ee..71e28b3cb 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,23 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
-#if defined(KRB4)
-#include <krb.h>
-#endif
-#if defined(KRB5)
-#ifdef HEIMDAL
-#include <krb.h>
-#else
-/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
- * keytab */
-#define KEYFILE "/etc/krb5.keytab"
-#endif
-#endif
-#ifdef AFS
-#include <kafs.h>
-#endif
 #include "ssh.h"
 #include "log.h"
@@ -56,7 +40,7 @@ initialize_server_options(ServerOptions *options)
        memset(options, 0, sizeof(*options));
        /* Portable-specific options */
-        options->pam_authentication_via_kbd_int = -1;
+        options->use_pam = -1;
        /* Standard Options */
        options->num_ports = 0;
@@ -80,23 +64,16 @@ initialize_server_options(ServerOptions *options)
        options->keepalives = -1;
        options->log_facility = SYSLOG_FACILITY_NOT_SET;
        options->log_level = SYSLOG_LEVEL_NOT_SET;
-        options->rhosts_authentication = -1;
        options->rhosts_rsa_authentication = -1;
        options->hostbased_authentication = -1;
        options->hostbased_uses_name_from_packet_only = -1;
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
        options->kerberos_authentication = -1;
        options->kerberos_or_local_passwd = -1;
        options->kerberos_ticket_cleanup = -1;
-#endif
+        options->gss_authentication=-1;
-#if defined(AFS) || defined(KRB5)
+        options->gss_cleanup_creds = -1;
-        options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
-        options->afs_token_passing = -1;
-#endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
@@ -118,7 +95,7 @@ initialize_server_options(ServerOptions *options)
        options->max_startups_rate = -1;
        options->max_startups = -1;
        options->banner = NULL;
-        options->verify_reverse_mapping = -1;
+        options->use_dns = -1;
        options->client_alive_interval = -1;
        options->client_alive_count_max = -1;
        options->authorized_keys_file = NULL;
@@ -132,8 +109,8 @@ void
 fill_default_server_options(ServerOptions *options)
 {
        /* Portable-specific options */
-        if (options->pam_authentication_via_kbd_int == -1)
+        if (options->use_pam == -1)
-                options->pam_authentication_via_kbd_int = 0;
+                options->use_pam = 1;
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -188,8 +165,6 @@ fill_default_server_options(ServerOptions *options)
                options->log_facility = SYSLOG_FACILITY_AUTH;
        if (options->log_level == SYSLOG_LEVEL_NOT_SET)
                options->log_level = SYSLOG_LEVEL_INFO;
-        if (options->rhosts_authentication == -1)
-                options->rhosts_authentication = 0;
        if (options->rhosts_rsa_authentication == -1)
                options->rhosts_rsa_authentication = 0;
        if (options->hostbased_authentication == -1)
@@ -200,22 +175,16 @@ fill_default_server_options(ServerOptions *options)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
                options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
        if (options->kerberos_authentication == -1)
                options->kerberos_authentication = 0;
        if (options->kerberos_or_local_passwd == -1)
                options->kerberos_or_local_passwd = 1;
        if (options->kerberos_ticket_cleanup == -1)
                options->kerberos_ticket_cleanup = 1;
-#endif
+        if (options->gss_authentication == -1)
-#if defined(AFS) || defined(KRB5)
+                options->gss_authentication = 0;
-        if (options->kerberos_tgt_passing == -1)
+        if (options->gss_cleanup_creds == -1)
-                options->kerberos_tgt_passing = 0;
+                options->gss_cleanup_creds = 1;
-#endif
-#ifdef AFS
-        if (options->afs_token_passing == -1)
-                options->afs_token_passing = 0;
-#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -240,8 +209,8 @@ fill_default_server_options(ServerOptions *options)
                options->max_startups_rate = 100;               /* 100% */
        if (options->max_startups_begin == -1)
                options->max_startups_begin = options->max_startups;
-        if (options->verify_reverse_mapping == -1)
+        if (options->use_dns == -1)
-                options->verify_reverse_mapping = 0;
+                options->use_dns = 1;
        if (options->client_alive_interval == -1)
                options->client_alive_interval = 0;
        if (options->client_alive_count_max == -1)
@@ -275,21 +244,13 @@ fill_default_server_options(ServerOptions *options)
 typedef enum {
        sBadOption,             /* == unknown option */
        /* Portable-specific options */
-        sPAMAuthenticationViaKbdInt,
+        sUsePAM,
        /* Standard Options */
        sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
        sPermitRootLogin, sLogFacility, sLogLevel,
-        sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
+        sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
        sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
+        sKerberosTgtPassing, sChallengeResponseAuthentication,
-#if defined(AFS) || defined(KRB5)
-        sKerberosTgtPassing,
-#endif
-#ifdef AFS
-        sAFSTokenPassing,
-#endif
-        sChallengeResponseAuthentication,
        sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -298,11 +259,12 @@ typedef enum {
        sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
        sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
-        sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
+        sBanner, sUseDNS, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+        sGssAuthentication, sGssCleanupCreds,
        sUsePrivilegeSeparation,
-        sDeprecated
+        sDeprecated, sUnsupported
 } ServerOpCodes;
 /* Textual representation of the tokens. */
@@ -311,7 +273,12 @@ static struct {
        ServerOpCodes opcode;
 } keywords[] = {
        /* Portable-specific options */
-        { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+#ifdef USE_PAM
+        { "usepam", sUsePAM },
+#else
+        { "usepam", sUnsupported },
+#endif
+        { "pamauthenticationviakbdint", sDeprecated },
        /* Standard Options */
        { "port", sPort },
        { "hostkey", sHostKeyFile },
@@ -323,23 +290,30 @@ static struct {
        { "permitrootlogin", sPermitRootLogin },
        { "syslogfacility", sLogFacility },
        { "loglevel", sLogLevel },
-        { "rhostsauthentication", sRhostsAuthentication },
+        { "rhostsauthentication", sDeprecated },
        { "rhostsrsaauthentication", sRhostsRSAAuthentication },
        { "hostbasedauthentication", sHostbasedAuthentication },
        { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
        { "rsaauthentication", sRSAAuthentication },
        { "pubkeyauthentication", sPubkeyAuthentication },
        { "dsaauthentication", sPubkeyAuthentication },                 /* alias */
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
+#else
+        { "kerberosauthentication", sUnsupported },
+        { "kerberosorlocalpasswd", sUnsupported },
+        { "kerberosticketcleanup", sUnsupported },
 #endif
-#if defined(AFS) || defined(KRB5)
+        { "kerberostgtpassing", sUnsupported },
-        { "kerberostgtpassing", sKerberosTgtPassing },
+        { "afstokenpassing", sUnsupported },
-#endif
+#ifdef GSSAPI
-#ifdef AFS
+        { "gssapiauthentication", sGssAuthentication },
-        { "afstokenpassing", sAFSTokenPassing },
+        { "gssapicleanupcreds", sGssCleanupCreds },
+#else
+        { "gssapiauthentication", sUnsupported },
+        { "gssapicleanupcreds", sUnsupported },
 #endif
        { "passwordauthentication", sPasswordAuthentication },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
@@ -373,8 +347,9 @@ static struct {
        { "subsystem", sSubsystem },
        { "maxstartups", sMaxStartups },
        { "banner", sBanner },
-        { "verifyreversemapping", sVerifyReverseMapping },
+        { "usedns", sUseDNS },
-        { "reversemappingcheck", sVerifyReverseMapping },
+        { "verifyreversemapping", sDeprecated },
+        { "reversemappingcheck", sDeprecated },
        { "clientaliveinterval", sClientAliveInterval },
        { "clientalivecountmax", sClientAliveCountMax },
        { "authorizedkeysfile", sAuthorizedKeysFile },
@@ -458,8 +433,8 @@ process_server_config_line(ServerOptions *options, char *line,
        opcode = parse_token(arg, filename, linenum);
        switch (opcode) {
        /* Portable-specific options */
-        case sPAMAuthenticationViaKbdInt:
+        case sUsePAM:
-                intptr = &options->pam_authentication_via_kbd_int;
+                intptr = &options->use_pam;
                goto parse_flag;
        /* Standard Options */
@@ -622,10 +597,6 @@ parse_flag:
                intptr = &options->ignore_user_known_hosts;
                goto parse_flag;
-        case sRhostsAuthentication:
-                intptr = &options->rhosts_authentication;
-                goto parse_flag;
        case sRhostsRSAAuthentication:
                intptr = &options->rhosts_rsa_authentication;
                goto parse_flag;
@@ -645,7 +616,7 @@ parse_flag:
        case sPubkeyAuthentication:
                intptr = &options->pubkey_authentication;
                goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
        case sKerberosAuthentication:
                intptr = &options->kerberos_authentication;
                goto parse_flag;
@@ -657,17 +628,14 @@ parse_flag:
        case sKerberosTicketCleanup:
                intptr = &options->kerberos_ticket_cleanup;
                goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+        case sGssAuthentication:
-        case sKerberosTgtPassing:
+                intptr = &options->gss_authentication;
-                intptr = &options->kerberos_tgt_passing;
                goto parse_flag;
-#endif
-#ifdef AFS
+        case sGssCleanupCreds:
-        case sAFSTokenPassing:
+                intptr = &options->gss_cleanup_creds;
-                intptr = &options->afs_token_passing;
                goto parse_flag;
-#endif
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
@@ -733,8 +701,8 @@ parse_flag:
                intptr = &options->gateway_ports;
                goto parse_flag;
-        case sVerifyReverseMapping:
+        case sUseDNS:
-                intptr = &options->verify_reverse_mapping;
+                intptr = &options->use_dns;
                goto parse_flag;
        case sLogFacility:
@@ -910,7 +878,14 @@ parse_flag:
                goto parse_int;
        case sDeprecated:
-                log("%s line %d: Deprecated option %s",
+                logit("%s line %d: Deprecated option %s",
+                    filename, linenum, arg);
+                while (arg)
+                    arg = strdelim(&cp);
+                break;
+        case sUnsupported:
+                logit("%s line %d: Unsupported option %s",
                    filename, linenum, arg);
                while (arg)
                    arg = strdelim(&cp);

diff --git a/servconf.c b/servconf.c index 2510659ee..71e28b3cb 100644 --- a/servconf.c +++ b/servconf.c
@@ -10,23 +10,7 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");	13	RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
14
15	#if defined(KRB4)
16	#include <krb.h>
17	#endif
18	#if defined(KRB5)
19	#ifdef HEIMDAL
20	#include <krb.h>
21	#else
22	/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
23	* keytab */
24	#define KEYFILE "/etc/krb5.keytab"
25	#endif
26	#endif
27	#ifdef AFS
28	#include <kafs.h>
29	#endif
30		14
31	#include "ssh.h"	15	#include "ssh.h"
32	#include "log.h"	16	#include "log.h"
@@ -56,7 +40,7 @@ initialize_server_options(ServerOptions *options)
56	memset(options, 0, sizeof(*options));	40	memset(options, 0, sizeof(*options));
57		41
58	/* Portable-specific options */	42	/* Portable-specific options */
59	options->pam_authentication_via_kbd_int = -1;	43	options->use_pam = -1;
60		44
61	/* Standard Options */	45	/* Standard Options */
62	options->num_ports = 0;	46	options->num_ports = 0;
@@ -80,23 +64,16 @@ initialize_server_options(ServerOptions *options)
80	options->keepalives = -1;	64	options->keepalives = -1;
81	options->log_facility = SYSLOG_FACILITY_NOT_SET;	65	options->log_facility = SYSLOG_FACILITY_NOT_SET;
82	options->log_level = SYSLOG_LEVEL_NOT_SET;	66	options->log_level = SYSLOG_LEVEL_NOT_SET;
83	options->rhosts_authentication = -1;
84	options->rhosts_rsa_authentication = -1;	67	options->rhosts_rsa_authentication = -1;
85	options->hostbased_authentication = -1;	68	options->hostbased_authentication = -1;
86	options->hostbased_uses_name_from_packet_only = -1;	69	options->hostbased_uses_name_from_packet_only = -1;
87	options->rsa_authentication = -1;	70	options->rsa_authentication = -1;
88	options->pubkey_authentication = -1;	71	options->pubkey_authentication = -1;
89	#if defined(KRB4) \|\| defined(KRB5)
90	options->kerberos_authentication = -1;	72	options->kerberos_authentication = -1;
91	options->kerberos_or_local_passwd = -1;	73	options->kerberos_or_local_passwd = -1;
92	options->kerberos_ticket_cleanup = -1;	74	options->kerberos_ticket_cleanup = -1;
93	#endif	75	options->gss_authentication=-1;
94	#if defined(AFS) \|\| defined(KRB5)	76	options->gss_cleanup_creds = -1;
95	options->kerberos_tgt_passing = -1;
96	#endif
97	#ifdef AFS
98	options->afs_token_passing = -1;
99	#endif
100	options->password_authentication = -1;	77	options->password_authentication = -1;
101	options->kbd_interactive_authentication = -1;	78	options->kbd_interactive_authentication = -1;
102	options->challenge_response_authentication = -1;	79	options->challenge_response_authentication = -1;
@@ -118,7 +95,7 @@ initialize_server_options(ServerOptions *options)
118	options->max_startups_rate = -1;	95	options->max_startups_rate = -1;
119	options->max_startups = -1;	96	options->max_startups = -1;
120	options->banner = NULL;	97	options->banner = NULL;
121	options->verify_reverse_mapping = -1;	98	options->use_dns = -1;
122	options->client_alive_interval = -1;	99	options->client_alive_interval = -1;
123	options->client_alive_count_max = -1;	100	options->client_alive_count_max = -1;
124	options->authorized_keys_file = NULL;	101	options->authorized_keys_file = NULL;
@@ -132,8 +109,8 @@ void
132	fill_default_server_options(ServerOptions *options)	109	fill_default_server_options(ServerOptions *options)
133	{	110	{
134	/* Portable-specific options */	111	/* Portable-specific options */
135	if (options->pam_authentication_via_kbd_int == -1)	112	if (options->use_pam == -1)
136	options->pam_authentication_via_kbd_int = 0;	113	options->use_pam = 1;
137		114
138	/* Standard Options */	115	/* Standard Options */
139	if (options->protocol == SSH_PROTO_UNKNOWN)	116	if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -188,8 +165,6 @@ fill_default_server_options(ServerOptions *options)
188	options->log_facility = SYSLOG_FACILITY_AUTH;	165	options->log_facility = SYSLOG_FACILITY_AUTH;
189	if (options->log_level == SYSLOG_LEVEL_NOT_SET)	166	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
190	options->log_level = SYSLOG_LEVEL_INFO;	167	options->log_level = SYSLOG_LEVEL_INFO;
191	if (options->rhosts_authentication == -1)
192	options->rhosts_authentication = 0;
193	if (options->rhosts_rsa_authentication == -1)	168	if (options->rhosts_rsa_authentication == -1)
194	options->rhosts_rsa_authentication = 0;	169	options->rhosts_rsa_authentication = 0;
195	if (options->hostbased_authentication == -1)	170	if (options->hostbased_authentication == -1)
@@ -200,22 +175,16 @@ fill_default_server_options(ServerOptions *options)
200	options->rsa_authentication = 1;	175	options->rsa_authentication = 1;
201	if (options->pubkey_authentication == -1)	176	if (options->pubkey_authentication == -1)
202	options->pubkey_authentication = 1;	177	options->pubkey_authentication = 1;
203	#if defined(KRB4) \|\| defined(KRB5)
204	if (options->kerberos_authentication == -1)	178	if (options->kerberos_authentication == -1)
205	options->kerberos_authentication = 0;	179	options->kerberos_authentication = 0;
206	if (options->kerberos_or_local_passwd == -1)	180	if (options->kerberos_or_local_passwd == -1)
207	options->kerberos_or_local_passwd = 1;	181	options->kerberos_or_local_passwd = 1;
208	if (options->kerberos_ticket_cleanup == -1)	182	if (options->kerberos_ticket_cleanup == -1)
209	options->kerberos_ticket_cleanup = 1;	183	options->kerberos_ticket_cleanup = 1;
210	#endif	184	if (options->gss_authentication == -1)
211	#if defined(AFS) \|\| defined(KRB5)	185	options->gss_authentication = 0;
212	if (options->kerberos_tgt_passing == -1)	186	if (options->gss_cleanup_creds == -1)
213	options->kerberos_tgt_passing = 0;	187	options->gss_cleanup_creds = 1;
214	#endif
215	#ifdef AFS
216	if (options->afs_token_passing == -1)
217	options->afs_token_passing = 0;
218	#endif
219	if (options->password_authentication == -1)	188	if (options->password_authentication == -1)
220	options->password_authentication = 1;	189	options->password_authentication = 1;
221	if (options->kbd_interactive_authentication == -1)	190	if (options->kbd_interactive_authentication == -1)
@@ -240,8 +209,8 @@ fill_default_server_options(ServerOptions *options)
240	options->max_startups_rate = 100; /* 100% */	209	options->max_startups_rate = 100; /* 100% */
241	if (options->max_startups_begin == -1)	210	if (options->max_startups_begin == -1)
242	options->max_startups_begin = options->max_startups;	211	options->max_startups_begin = options->max_startups;
243	if (options->verify_reverse_mapping == -1)	212	if (options->use_dns == -1)
244	options->verify_reverse_mapping = 0;	213	options->use_dns = 1;
245	if (options->client_alive_interval == -1)	214	if (options->client_alive_interval == -1)
246	options->client_alive_interval = 0;	215	options->client_alive_interval = 0;
247	if (options->client_alive_count_max == -1)	216	if (options->client_alive_count_max == -1)
@@ -275,21 +244,13 @@ fill_default_server_options(ServerOptions *options)
275	typedef enum {	244	typedef enum {
276	sBadOption, /* == unknown option */	245	sBadOption, /* == unknown option */
277	/* Portable-specific options */	246	/* Portable-specific options */
278	sPAMAuthenticationViaKbdInt,	247	sUsePAM,
279	/* Standard Options */	248	/* Standard Options */
280	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	249	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
281	sPermitRootLogin, sLogFacility, sLogLevel,	250	sPermitRootLogin, sLogFacility, sLogLevel,
282	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,	251	sRhostsRSAAuthentication, sRSAAuthentication,
283	#if defined(KRB4) \|\| defined(KRB5)
284	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	252	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
285	#endif	253	sKerberosTgtPassing, sChallengeResponseAuthentication,
286	#if defined(AFS) \|\| defined(KRB5)
287	sKerberosTgtPassing,
288	#endif
289	#ifdef AFS
290	sAFSTokenPassing,
291	#endif
292	sChallengeResponseAuthentication,
293	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	254	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
294	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	255	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
295	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	256	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -298,11 +259,12 @@ typedef enum {
298	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	259	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
299	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,	260	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
300	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,	261	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
301	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,	262	sBanner, sUseDNS, sHostbasedAuthentication,
302	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,	263	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
303	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,	264	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
		265	sGssAuthentication, sGssCleanupCreds,
304	sUsePrivilegeSeparation,	266	sUsePrivilegeSeparation,
305	sDeprecated	267	sDeprecated, sUnsupported
306	} ServerOpCodes;	268	} ServerOpCodes;
307		269
308	/* Textual representation of the tokens. */	270	/* Textual representation of the tokens. */
@@ -311,7 +273,12 @@ static struct {
311	ServerOpCodes opcode;	273	ServerOpCodes opcode;
312	} keywords[] = {	274	} keywords[] = {
313	/* Portable-specific options */	275	/* Portable-specific options */
314	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },	276	#ifdef USE_PAM
		277	{ "usepam", sUsePAM },
		278	#else
		279	{ "usepam", sUnsupported },
		280	#endif
		281	{ "pamauthenticationviakbdint", sDeprecated },
315	/* Standard Options */	282	/* Standard Options */
316	{ "port", sPort },	283	{ "port", sPort },
317	{ "hostkey", sHostKeyFile },	284	{ "hostkey", sHostKeyFile },
@@ -323,23 +290,30 @@ static struct {
323	{ "permitrootlogin", sPermitRootLogin },	290	{ "permitrootlogin", sPermitRootLogin },
324	{ "syslogfacility", sLogFacility },	291	{ "syslogfacility", sLogFacility },
325	{ "loglevel", sLogLevel },	292	{ "loglevel", sLogLevel },
326	{ "rhostsauthentication", sRhostsAuthentication },	293	{ "rhostsauthentication", sDeprecated },
327	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },	294	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
328	{ "hostbasedauthentication", sHostbasedAuthentication },	295	{ "hostbasedauthentication", sHostbasedAuthentication },
329	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },	296	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
330	{ "rsaauthentication", sRSAAuthentication },	297	{ "rsaauthentication", sRSAAuthentication },
331	{ "pubkeyauthentication", sPubkeyAuthentication },	298	{ "pubkeyauthentication", sPubkeyAuthentication },
332	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */	299	{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
333	#if defined(KRB4) \|\| defined(KRB5)	300	#ifdef KRB5
334	{ "kerberosauthentication", sKerberosAuthentication },	301	{ "kerberosauthentication", sKerberosAuthentication },
335	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },	302	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
336	{ "kerberosticketcleanup", sKerberosTicketCleanup },	303	{ "kerberosticketcleanup", sKerberosTicketCleanup },
		304	#else
		305	{ "kerberosauthentication", sUnsupported },
		306	{ "kerberosorlocalpasswd", sUnsupported },
		307	{ "kerberosticketcleanup", sUnsupported },
337	#endif	308	#endif
338	#if defined(AFS) \|\| defined(KRB5)	309	{ "kerberostgtpassing", sUnsupported },
339	{ "kerberostgtpassing", sKerberosTgtPassing },	310	{ "afstokenpassing", sUnsupported },
340	#endif	311	#ifdef GSSAPI
341	#ifdef AFS	312	{ "gssapiauthentication", sGssAuthentication },
342	{ "afstokenpassing", sAFSTokenPassing },	313	{ "gssapicleanupcreds", sGssCleanupCreds },
		314	#else
		315	{ "gssapiauthentication", sUnsupported },
		316	{ "gssapicleanupcreds", sUnsupported },
343	#endif	317	#endif
344	{ "passwordauthentication", sPasswordAuthentication },	318	{ "passwordauthentication", sPasswordAuthentication },
345	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },	319	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
@@ -373,8 +347,9 @@ static struct {
373	{ "subsystem", sSubsystem },	347	{ "subsystem", sSubsystem },
374	{ "maxstartups", sMaxStartups },	348	{ "maxstartups", sMaxStartups },
375	{ "banner", sBanner },	349	{ "banner", sBanner },
376	{ "verifyreversemapping", sVerifyReverseMapping },	350	{ "usedns", sUseDNS },
377	{ "reversemappingcheck", sVerifyReverseMapping },	351	{ "verifyreversemapping", sDeprecated },
		352	{ "reversemappingcheck", sDeprecated },
378	{ "clientaliveinterval", sClientAliveInterval },	353	{ "clientaliveinterval", sClientAliveInterval },
379	{ "clientalivecountmax", sClientAliveCountMax },	354	{ "clientalivecountmax", sClientAliveCountMax },
380	{ "authorizedkeysfile", sAuthorizedKeysFile },	355	{ "authorizedkeysfile", sAuthorizedKeysFile },
@@ -458,8 +433,8 @@ process_server_config_line(ServerOptions options, char line,
458	opcode = parse_token(arg, filename, linenum);	433	opcode = parse_token(arg, filename, linenum);
459	switch (opcode) {	434	switch (opcode) {
460	/* Portable-specific options */	435	/* Portable-specific options */
461	case sPAMAuthenticationViaKbdInt:	436	case sUsePAM:
462	intptr = &options->pam_authentication_via_kbd_int;	437	intptr = &options->use_pam;
463	goto parse_flag;	438	goto parse_flag;
464		439
465	/* Standard Options */	440	/* Standard Options */
@@ -622,10 +597,6 @@ parse_flag:
622	intptr = &options->ignore_user_known_hosts;	597	intptr = &options->ignore_user_known_hosts;
623	goto parse_flag;	598	goto parse_flag;
624		599
625	case sRhostsAuthentication:
626	intptr = &options->rhosts_authentication;
627	goto parse_flag;
628
629	case sRhostsRSAAuthentication:	600	case sRhostsRSAAuthentication:
630	intptr = &options->rhosts_rsa_authentication;	601	intptr = &options->rhosts_rsa_authentication;
631	goto parse_flag;	602	goto parse_flag;
@@ -645,7 +616,7 @@ parse_flag:
645	case sPubkeyAuthentication:	616	case sPubkeyAuthentication:
646	intptr = &options->pubkey_authentication;	617	intptr = &options->pubkey_authentication;
647	goto parse_flag;	618	goto parse_flag;
648	#if defined(KRB4) \|\| defined(KRB5)	619
649	case sKerberosAuthentication:	620	case sKerberosAuthentication:
650	intptr = &options->kerberos_authentication;	621	intptr = &options->kerberos_authentication;
651	goto parse_flag;	622	goto parse_flag;
@@ -657,17 +628,14 @@ parse_flag:
657	case sKerberosTicketCleanup:	628	case sKerberosTicketCleanup:
658	intptr = &options->kerberos_ticket_cleanup;	629	intptr = &options->kerberos_ticket_cleanup;
659	goto parse_flag;	630	goto parse_flag;
660	#endif	631
661	#if defined(AFS) \|\| defined(KRB5)	632	case sGssAuthentication:
662	case sKerberosTgtPassing:	633	intptr = &options->gss_authentication;
663	intptr = &options->kerberos_tgt_passing;
664	goto parse_flag;	634	goto parse_flag;
665	#endif	635
666	#ifdef AFS	636	case sGssCleanupCreds:
667	case sAFSTokenPassing:	637	intptr = &options->gss_cleanup_creds;
668	intptr = &options->afs_token_passing;
669	goto parse_flag;	638	goto parse_flag;
670	#endif
671		639
672	case sPasswordAuthentication:	640	case sPasswordAuthentication:
673	intptr = &options->password_authentication;	641	intptr = &options->password_authentication;
@@ -733,8 +701,8 @@ parse_flag:
733	intptr = &options->gateway_ports;	701	intptr = &options->gateway_ports;
734	goto parse_flag;	702	goto parse_flag;
735		703
736	case sVerifyReverseMapping:	704	case sUseDNS:
737	intptr = &options->verify_reverse_mapping;	705	intptr = &options->use_dns;
738	goto parse_flag;	706	goto parse_flag;
739		707
740	case sLogFacility:	708	case sLogFacility:
@@ -910,7 +878,14 @@ parse_flag:
910	goto parse_int;	878	goto parse_int;
911		879
912	case sDeprecated:	880	case sDeprecated:
913	log("%s line %d: Deprecated option %s",	881	logit("%s line %d: Deprecated option %s",
		882	filename, linenum, arg);
		883	while (arg)
		884	arg = strdelim(&cp);
		885	break;
		886
		887	case sUnsupported:
		888	logit("%s line %d: Unsupported option %s",
914	filename, linenum, arg);	889	filename, linenum, arg);
915	while (arg)	890	while (arg)
916	arg = strdelim(&cp);	891	arg = strdelim(&cp);