summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c35
1 files changed, 18 insertions, 17 deletions
diff --git a/servconf.c b/servconf.c
index 795ddbab7..56b831652 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -270,7 +270,7 @@ fill_default_server_options(ServerOptions *options)
270 if (options->gss_cleanup_creds == -1) 270 if (options->gss_cleanup_creds == -1)
271 options->gss_cleanup_creds = 1; 271 options->gss_cleanup_creds = 1;
272 if (options->gss_strict_acceptor == -1) 272 if (options->gss_strict_acceptor == -1)
273 options->gss_strict_acceptor = 0; 273 options->gss_strict_acceptor = 1;
274 if (options->password_authentication == -1) 274 if (options->password_authentication == -1)
275 options->password_authentication = 1; 275 options->password_authentication = 1;
276 if (options->kbd_interactive_authentication == -1) 276 if (options->kbd_interactive_authentication == -1)
@@ -535,7 +535,7 @@ static struct {
535 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 535 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
536 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 536 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
537 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 537 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
538 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 538 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
539 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 539 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
540 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 540 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
541 { "permittty", sPermitTTY, SSHCFG_ALL }, 541 { "permittty", sPermitTTY, SSHCFG_ALL },
@@ -966,6 +966,15 @@ process_server_config_line(ServerOptions *options, char *line,
966 long long val64; 966 long long val64;
967 const struct multistate *multistate_ptr; 967 const struct multistate *multistate_ptr;
968 968
969 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
970 if ((len = strlen(line)) == 0)
971 return 0;
972 for (len--; len > 0; len--) {
973 if (strchr(WHITESPACE "\f", line[len]) == NULL)
974 break;
975 line[len] = '\0';
976 }
977
969 cp = line; 978 cp = line;
970 if ((arg = strdelim(&cp)) == NULL) 979 if ((arg = strdelim(&cp)) == NULL)
971 return 0; 980 return 0;
@@ -1168,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line,
1168 if (!arg || *arg == '\0') 1177 if (!arg || *arg == '\0')
1169 fatal("%s line %d: Missing argument.", 1178 fatal("%s line %d: Missing argument.",
1170 filename, linenum); 1179 filename, linenum);
1171 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1180 if (*arg != '-' &&
1181 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1172 fatal("%s line %d: Bad key types '%s'.", 1182 fatal("%s line %d: Bad key types '%s'.",
1173 filename, linenum, arg ? arg : "<NONE>"); 1183 filename, linenum, arg ? arg : "<NONE>");
1174 if (*activep && *charptr == NULL) 1184 if (*activep && *charptr == NULL)
@@ -1364,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line,
1364 intptr = &options->disable_forwarding; 1374 intptr = &options->disable_forwarding;
1365 goto parse_flag; 1375 goto parse_flag;
1366 1376
1367 case sUsePrivilegeSeparation:
1368 intptr = &use_privsep;
1369 multistate_ptr = multistate_privsep;
1370 goto parse_multistate;
1371
1372 case sAllowUsers: 1377 case sAllowUsers:
1373 while ((arg = strdelim(&cp)) && *arg != '\0') { 1378 while ((arg = strdelim(&cp)) && *arg != '\0') {
1374 if (options->num_allow_users >= MAX_ALLOW_USERS) 1379 if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1427,7 +1432,7 @@ process_server_config_line(ServerOptions *options, char *line,
1427 arg = strdelim(&cp); 1432 arg = strdelim(&cp);
1428 if (!arg || *arg == '\0') 1433 if (!arg || *arg == '\0')
1429 fatal("%s line %d: Missing argument.", filename, linenum); 1434 fatal("%s line %d: Missing argument.", filename, linenum);
1430 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1435 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1431 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1436 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1432 filename, linenum, arg ? arg : "<NONE>"); 1437 filename, linenum, arg ? arg : "<NONE>");
1433 if (options->ciphers == NULL) 1438 if (options->ciphers == NULL)
@@ -1438,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line,
1438 arg = strdelim(&cp); 1443 arg = strdelim(&cp);
1439 if (!arg || *arg == '\0') 1444 if (!arg || *arg == '\0')
1440 fatal("%s line %d: Missing argument.", filename, linenum); 1445 fatal("%s line %d: Missing argument.", filename, linenum);
1441 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1446 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1442 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1447 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1443 filename, linenum, arg ? arg : "<NONE>"); 1448 filename, linenum, arg ? arg : "<NONE>");
1444 if (options->macs == NULL) 1449 if (options->macs == NULL)
@@ -1450,7 +1455,8 @@ process_server_config_line(ServerOptions *options, char *line,
1450 if (!arg || *arg == '\0') 1455 if (!arg || *arg == '\0')
1451 fatal("%s line %d: Missing argument.", 1456 fatal("%s line %d: Missing argument.",
1452 filename, linenum); 1457 filename, linenum);
1453 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1458 if (*arg != '-' &&
1459 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1454 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1460 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1455 filename, linenum, arg ? arg : "<NONE>"); 1461 filename, linenum, arg ? arg : "<NONE>");
1456 if (options->kex_algorithms == NULL) 1462 if (options->kex_algorithms == NULL)
@@ -2096,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val)
2096 return fmt_multistate_int(val, multistate_gatewayports); 2102 return fmt_multistate_int(val, multistate_gatewayports);
2097 case sCompression: 2103 case sCompression:
2098 return fmt_multistate_int(val, multistate_compression); 2104 return fmt_multistate_int(val, multistate_compression);
2099 case sUsePrivilegeSeparation:
2100 return fmt_multistate_int(val, multistate_privsep);
2101 case sAllowTcpForwarding: 2105 case sAllowTcpForwarding:
2102 return fmt_multistate_int(val, multistate_tcpfwd); 2106 return fmt_multistate_int(val, multistate_tcpfwd);
2103 case sAllowStreamLocalForwarding: 2107 case sAllowStreamLocalForwarding:
@@ -2148,8 +2152,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
2148static void 2152static void
2149dump_cfg_string(ServerOpCodes code, const char *val) 2153dump_cfg_string(ServerOpCodes code, const char *val)
2150{ 2154{
2151 if (val == NULL)
2152 return;
2153 printf("%s %s\n", lookup_opcode_name(code), 2155 printf("%s %s\n", lookup_opcode_name(code),
2154 val == NULL ? "none" : val); 2156 val == NULL ? "none" : val);
2155} 2157}
@@ -2275,7 +2277,6 @@ dump_config(ServerOptions *o)
2275 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2277 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2276 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2278 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2277 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2279 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2278 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2279 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2280 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2280 2281
2281 /* string arguments */ 2282 /* string arguments */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:39:53 +0000