diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/servconf.c b/servconf.c index 795ddbab7..56b831652 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -270,7 +270,7 @@ fill_default_server_options(ServerOptions *options) | |||
270 | if (options->gss_cleanup_creds == -1) | 270 | if (options->gss_cleanup_creds == -1) |
271 | options->gss_cleanup_creds = 1; | 271 | options->gss_cleanup_creds = 1; |
272 | if (options->gss_strict_acceptor == -1) | 272 | if (options->gss_strict_acceptor == -1) |
273 | options->gss_strict_acceptor = 0; | 273 | options->gss_strict_acceptor = 1; |
274 | if (options->password_authentication == -1) | 274 | if (options->password_authentication == -1) |
275 | options->password_authentication = 1; | 275 | options->password_authentication = 1; |
276 | if (options->kbd_interactive_authentication == -1) | 276 | if (options->kbd_interactive_authentication == -1) |
@@ -535,7 +535,7 @@ static struct { | |||
535 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, | 535 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, |
536 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, | 536 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
537 | { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, | 537 | { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, |
538 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 538 | { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, |
539 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, | 539 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, |
540 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, | 540 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
541 | { "permittty", sPermitTTY, SSHCFG_ALL }, | 541 | { "permittty", sPermitTTY, SSHCFG_ALL }, |
@@ -966,6 +966,15 @@ process_server_config_line(ServerOptions *options, char *line, | |||
966 | long long val64; | 966 | long long val64; |
967 | const struct multistate *multistate_ptr; | 967 | const struct multistate *multistate_ptr; |
968 | 968 | ||
969 | /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ | ||
970 | if ((len = strlen(line)) == 0) | ||
971 | return 0; | ||
972 | for (len--; len > 0; len--) { | ||
973 | if (strchr(WHITESPACE "\f", line[len]) == NULL) | ||
974 | break; | ||
975 | line[len] = '\0'; | ||
976 | } | ||
977 | |||
969 | cp = line; | 978 | cp = line; |
970 | if ((arg = strdelim(&cp)) == NULL) | 979 | if ((arg = strdelim(&cp)) == NULL) |
971 | return 0; | 980 | return 0; |
@@ -1168,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1168 | if (!arg || *arg == '\0') | 1177 | if (!arg || *arg == '\0') |
1169 | fatal("%s line %d: Missing argument.", | 1178 | fatal("%s line %d: Missing argument.", |
1170 | filename, linenum); | 1179 | filename, linenum); |
1171 | if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) | 1180 | if (*arg != '-' && |
1181 | !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) | ||
1172 | fatal("%s line %d: Bad key types '%s'.", | 1182 | fatal("%s line %d: Bad key types '%s'.", |
1173 | filename, linenum, arg ? arg : "<NONE>"); | 1183 | filename, linenum, arg ? arg : "<NONE>"); |
1174 | if (*activep && *charptr == NULL) | 1184 | if (*activep && *charptr == NULL) |
@@ -1364,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1364 | intptr = &options->disable_forwarding; | 1374 | intptr = &options->disable_forwarding; |
1365 | goto parse_flag; | 1375 | goto parse_flag; |
1366 | 1376 | ||
1367 | case sUsePrivilegeSeparation: | ||
1368 | intptr = &use_privsep; | ||
1369 | multistate_ptr = multistate_privsep; | ||
1370 | goto parse_multistate; | ||
1371 | |||
1372 | case sAllowUsers: | 1377 | case sAllowUsers: |
1373 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 1378 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
1374 | if (options->num_allow_users >= MAX_ALLOW_USERS) | 1379 | if (options->num_allow_users >= MAX_ALLOW_USERS) |
@@ -1427,7 +1432,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1427 | arg = strdelim(&cp); | 1432 | arg = strdelim(&cp); |
1428 | if (!arg || *arg == '\0') | 1433 | if (!arg || *arg == '\0') |
1429 | fatal("%s line %d: Missing argument.", filename, linenum); | 1434 | fatal("%s line %d: Missing argument.", filename, linenum); |
1430 | if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) | 1435 | if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) |
1431 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", | 1436 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
1432 | filename, linenum, arg ? arg : "<NONE>"); | 1437 | filename, linenum, arg ? arg : "<NONE>"); |
1433 | if (options->ciphers == NULL) | 1438 | if (options->ciphers == NULL) |
@@ -1438,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1438 | arg = strdelim(&cp); | 1443 | arg = strdelim(&cp); |
1439 | if (!arg || *arg == '\0') | 1444 | if (!arg || *arg == '\0') |
1440 | fatal("%s line %d: Missing argument.", filename, linenum); | 1445 | fatal("%s line %d: Missing argument.", filename, linenum); |
1441 | if (!mac_valid(*arg == '+' ? arg + 1 : arg)) | 1446 | if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) |
1442 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", | 1447 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", |
1443 | filename, linenum, arg ? arg : "<NONE>"); | 1448 | filename, linenum, arg ? arg : "<NONE>"); |
1444 | if (options->macs == NULL) | 1449 | if (options->macs == NULL) |
@@ -1450,7 +1455,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1450 | if (!arg || *arg == '\0') | 1455 | if (!arg || *arg == '\0') |
1451 | fatal("%s line %d: Missing argument.", | 1456 | fatal("%s line %d: Missing argument.", |
1452 | filename, linenum); | 1457 | filename, linenum); |
1453 | if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) | 1458 | if (*arg != '-' && |
1459 | !kex_names_valid(*arg == '+' ? arg + 1 : arg)) | ||
1454 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", | 1460 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", |
1455 | filename, linenum, arg ? arg : "<NONE>"); | 1461 | filename, linenum, arg ? arg : "<NONE>"); |
1456 | if (options->kex_algorithms == NULL) | 1462 | if (options->kex_algorithms == NULL) |
@@ -2096,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val) | |||
2096 | return fmt_multistate_int(val, multistate_gatewayports); | 2102 | return fmt_multistate_int(val, multistate_gatewayports); |
2097 | case sCompression: | 2103 | case sCompression: |
2098 | return fmt_multistate_int(val, multistate_compression); | 2104 | return fmt_multistate_int(val, multistate_compression); |
2099 | case sUsePrivilegeSeparation: | ||
2100 | return fmt_multistate_int(val, multistate_privsep); | ||
2101 | case sAllowTcpForwarding: | 2105 | case sAllowTcpForwarding: |
2102 | return fmt_multistate_int(val, multistate_tcpfwd); | 2106 | return fmt_multistate_int(val, multistate_tcpfwd); |
2103 | case sAllowStreamLocalForwarding: | 2107 | case sAllowStreamLocalForwarding: |
@@ -2148,8 +2152,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val) | |||
2148 | static void | 2152 | static void |
2149 | dump_cfg_string(ServerOpCodes code, const char *val) | 2153 | dump_cfg_string(ServerOpCodes code, const char *val) |
2150 | { | 2154 | { |
2151 | if (val == NULL) | ||
2152 | return; | ||
2153 | printf("%s %s\n", lookup_opcode_name(code), | 2155 | printf("%s %s\n", lookup_opcode_name(code), |
2154 | val == NULL ? "none" : val); | 2156 | val == NULL ? "none" : val); |
2155 | } | 2157 | } |
@@ -2275,7 +2277,6 @@ dump_config(ServerOptions *o) | |||
2275 | dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); | 2277 | dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); |
2276 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2278 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
2277 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2279 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
2278 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | ||
2279 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | 2280 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); |
2280 | 2281 | ||
2281 | /* string arguments */ | 2282 | /* string arguments */ |