diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index 73e47eacf..2aa516b2a 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -134,6 +134,7 @@ initialize_server_options(ServerOptions *options) | |||
134 | options->zero_knowledge_password_authentication = -1; | 134 | options->zero_knowledge_password_authentication = -1; |
135 | options->revoked_keys_file = NULL; | 135 | options->revoked_keys_file = NULL; |
136 | options->trusted_user_ca_keys = NULL; | 136 | options->trusted_user_ca_keys = NULL; |
137 | options->authorized_principals_file = NULL; | ||
137 | } | 138 | } |
138 | 139 | ||
139 | void | 140 | void |
@@ -321,7 +322,7 @@ typedef enum { | |||
321 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 322 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
322 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 323 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
323 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
324 | sRevokedKeys, sTrustedUserCAKeys, | 325 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
325 | sDeprecated, sUnsupported | 326 | sDeprecated, sUnsupported |
326 | } ServerOpCodes; | 327 | } ServerOpCodes; |
327 | 328 | ||
@@ -356,7 +357,7 @@ static struct { | |||
356 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 357 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
357 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 358 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
358 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 359 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
359 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 360 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
360 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 361 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
361 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 362 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
362 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 363 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
@@ -437,11 +438,11 @@ static struct { | |||
437 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 438 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
438 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 439 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
439 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 440 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
440 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 441 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
441 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 442 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
442 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 443 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
443 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 444 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
444 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 445 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
445 | { "match", sMatch, SSHCFG_ALL }, | 446 | { "match", sMatch, SSHCFG_ALL }, |
446 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 447 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
447 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 448 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
@@ -449,6 +450,7 @@ static struct { | |||
449 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 450 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
450 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 451 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
451 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 452 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
453 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
452 | { NULL, sBadOption, 0 } | 454 | { NULL, sBadOption, 0 } |
453 | }; | 455 | }; |
454 | 456 | ||
@@ -1247,10 +1249,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1247 | * AuthorizedKeysFile /etc/ssh_keys/%u | 1249 | * AuthorizedKeysFile /etc/ssh_keys/%u |
1248 | */ | 1250 | */ |
1249 | case sAuthorizedKeysFile: | 1251 | case sAuthorizedKeysFile: |
1252 | charptr = &options->authorized_keys_file; | ||
1253 | goto parse_tilde_filename; | ||
1250 | case sAuthorizedKeysFile2: | 1254 | case sAuthorizedKeysFile2: |
1251 | charptr = (opcode == sAuthorizedKeysFile) ? | 1255 | charptr = &options->authorized_keys_file2; |
1252 | &options->authorized_keys_file : | 1256 | goto parse_tilde_filename; |
1253 | &options->authorized_keys_file2; | 1257 | case sAuthorizedPrincipalsFile: |
1258 | charptr = &options->authorized_principals_file; | ||
1259 | parse_tilde_filename: | ||
1254 | arg = strdelim(&cp); | 1260 | arg = strdelim(&cp); |
1255 | if (!arg || *arg == '\0') | 1261 | if (!arg || *arg == '\0') |
1256 | fatal("%s line %d: missing file name.", | 1262 | fatal("%s line %d: missing file name.", |
@@ -1469,6 +1475,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1469 | M_CP_INTOPT(pubkey_authentication); | 1475 | M_CP_INTOPT(pubkey_authentication); |
1470 | M_CP_INTOPT(kerberos_authentication); | 1476 | M_CP_INTOPT(kerberos_authentication); |
1471 | M_CP_INTOPT(hostbased_authentication); | 1477 | M_CP_INTOPT(hostbased_authentication); |
1478 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
1472 | M_CP_INTOPT(kbd_interactive_authentication); | 1479 | M_CP_INTOPT(kbd_interactive_authentication); |
1473 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1480 | M_CP_INTOPT(zero_knowledge_password_authentication); |
1474 | M_CP_INTOPT(permit_root_login); | 1481 | M_CP_INTOPT(permit_root_login); |
@@ -1476,6 +1483,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1476 | 1483 | ||
1477 | M_CP_INTOPT(allow_tcp_forwarding); | 1484 | M_CP_INTOPT(allow_tcp_forwarding); |
1478 | M_CP_INTOPT(allow_agent_forwarding); | 1485 | M_CP_INTOPT(allow_agent_forwarding); |
1486 | M_CP_INTOPT(permit_tun); | ||
1479 | M_CP_INTOPT(gateway_ports); | 1487 | M_CP_INTOPT(gateway_ports); |
1480 | M_CP_INTOPT(x11_display_offset); | 1488 | M_CP_INTOPT(x11_display_offset); |
1481 | M_CP_INTOPT(x11_forwarding); | 1489 | M_CP_INTOPT(x11_forwarding); |
@@ -1490,6 +1498,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1490 | M_CP_STROPT(chroot_directory); | 1498 | M_CP_STROPT(chroot_directory); |
1491 | M_CP_STROPT(trusted_user_ca_keys); | 1499 | M_CP_STROPT(trusted_user_ca_keys); |
1492 | M_CP_STROPT(revoked_keys_file); | 1500 | M_CP_STROPT(revoked_keys_file); |
1501 | M_CP_STROPT(authorized_keys_file); | ||
1502 | M_CP_STROPT(authorized_keys_file2); | ||
1503 | M_CP_STROPT(authorized_principals_file); | ||
1493 | } | 1504 | } |
1494 | 1505 | ||
1495 | #undef M_CP_INTOPT | 1506 | #undef M_CP_INTOPT |
@@ -1711,6 +1722,8 @@ dump_config(ServerOptions *o) | |||
1711 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1722 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
1712 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1723 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
1713 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 1724 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
1725 | dump_cfg_string(sAuthorizedPrincipalsFile, | ||
1726 | o->authorized_principals_file); | ||
1714 | 1727 | ||
1715 | /* string arguments requiring a lookup */ | 1728 | /* string arguments requiring a lookup */ |
1716 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1729 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |