diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c index d42dd527b..c843c97c5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -135,6 +135,7 @@ initialize_server_options(ServerOptions *options) | |||
135 | options->zero_knowledge_password_authentication = -1; | 135 | options->zero_knowledge_password_authentication = -1; |
136 | options->revoked_keys_file = NULL; | 136 | options->revoked_keys_file = NULL; |
137 | options->trusted_user_ca_keys = NULL; | 137 | options->trusted_user_ca_keys = NULL; |
138 | options->authorized_principals_file = NULL; | ||
138 | options->debian_banner = -1; | 139 | options->debian_banner = -1; |
139 | } | 140 | } |
140 | 141 | ||
@@ -327,7 +328,7 @@ typedef enum { | |||
327 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 328 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
328 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 329 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 330 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
330 | sRevokedKeys, sTrustedUserCAKeys, | 331 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
331 | sDebianBanner, | 332 | sDebianBanner, |
332 | sDeprecated, sUnsupported | 333 | sDeprecated, sUnsupported |
333 | } ServerOpCodes; | 334 | } ServerOpCodes; |
@@ -363,7 +364,7 @@ static struct { | |||
363 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, | 364 | { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL }, |
364 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 365 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
365 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 366 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
366 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL }, | 367 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
367 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 368 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
368 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 369 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
369 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 370 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
@@ -449,11 +450,11 @@ static struct { | |||
449 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | 450 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, |
450 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, | 451 | { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
451 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, | 452 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
452 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, | 453 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
453 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, | 454 | { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
454 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 455 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
455 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, | 456 | { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
456 | { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, | 457 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
457 | { "match", sMatch, SSHCFG_ALL }, | 458 | { "match", sMatch, SSHCFG_ALL }, |
458 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 459 | { "permitopen", sPermitOpen, SSHCFG_ALL }, |
459 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 460 | { "forcecommand", sForceCommand, SSHCFG_ALL }, |
@@ -461,6 +462,7 @@ static struct { | |||
461 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, | 462 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
462 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 463 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
463 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 464 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
465 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
464 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 466 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
465 | { NULL, sBadOption, 0 } | 467 | { NULL, sBadOption, 0 } |
466 | }; | 468 | }; |
@@ -1264,10 +1266,14 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1264 | * AuthorizedKeysFile /etc/ssh_keys/%u | 1266 | * AuthorizedKeysFile /etc/ssh_keys/%u |
1265 | */ | 1267 | */ |
1266 | case sAuthorizedKeysFile: | 1268 | case sAuthorizedKeysFile: |
1269 | charptr = &options->authorized_keys_file; | ||
1270 | goto parse_tilde_filename; | ||
1267 | case sAuthorizedKeysFile2: | 1271 | case sAuthorizedKeysFile2: |
1268 | charptr = (opcode == sAuthorizedKeysFile) ? | 1272 | charptr = &options->authorized_keys_file2; |
1269 | &options->authorized_keys_file : | 1273 | goto parse_tilde_filename; |
1270 | &options->authorized_keys_file2; | 1274 | case sAuthorizedPrincipalsFile: |
1275 | charptr = &options->authorized_principals_file; | ||
1276 | parse_tilde_filename: | ||
1271 | arg = strdelim(&cp); | 1277 | arg = strdelim(&cp); |
1272 | if (!arg || *arg == '\0') | 1278 | if (!arg || *arg == '\0') |
1273 | fatal("%s line %d: missing file name.", | 1279 | fatal("%s line %d: missing file name.", |
@@ -1490,6 +1496,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1490 | M_CP_INTOPT(pubkey_authentication); | 1496 | M_CP_INTOPT(pubkey_authentication); |
1491 | M_CP_INTOPT(kerberos_authentication); | 1497 | M_CP_INTOPT(kerberos_authentication); |
1492 | M_CP_INTOPT(hostbased_authentication); | 1498 | M_CP_INTOPT(hostbased_authentication); |
1499 | M_CP_INTOPT(hostbased_uses_name_from_packet_only); | ||
1493 | M_CP_INTOPT(kbd_interactive_authentication); | 1500 | M_CP_INTOPT(kbd_interactive_authentication); |
1494 | M_CP_INTOPT(zero_knowledge_password_authentication); | 1501 | M_CP_INTOPT(zero_knowledge_password_authentication); |
1495 | M_CP_INTOPT(permit_root_login); | 1502 | M_CP_INTOPT(permit_root_login); |
@@ -1497,6 +1504,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1497 | 1504 | ||
1498 | M_CP_INTOPT(allow_tcp_forwarding); | 1505 | M_CP_INTOPT(allow_tcp_forwarding); |
1499 | M_CP_INTOPT(allow_agent_forwarding); | 1506 | M_CP_INTOPT(allow_agent_forwarding); |
1507 | M_CP_INTOPT(permit_tun); | ||
1500 | M_CP_INTOPT(gateway_ports); | 1508 | M_CP_INTOPT(gateway_ports); |
1501 | M_CP_INTOPT(x11_display_offset); | 1509 | M_CP_INTOPT(x11_display_offset); |
1502 | M_CP_INTOPT(x11_forwarding); | 1510 | M_CP_INTOPT(x11_forwarding); |
@@ -1511,6 +1519,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1511 | M_CP_STROPT(chroot_directory); | 1519 | M_CP_STROPT(chroot_directory); |
1512 | M_CP_STROPT(trusted_user_ca_keys); | 1520 | M_CP_STROPT(trusted_user_ca_keys); |
1513 | M_CP_STROPT(revoked_keys_file); | 1521 | M_CP_STROPT(revoked_keys_file); |
1522 | M_CP_STROPT(authorized_keys_file); | ||
1523 | M_CP_STROPT(authorized_keys_file2); | ||
1524 | M_CP_STROPT(authorized_principals_file); | ||
1514 | } | 1525 | } |
1515 | 1526 | ||
1516 | #undef M_CP_INTOPT | 1527 | #undef M_CP_INTOPT |
@@ -1736,6 +1747,8 @@ dump_config(ServerOptions *o) | |||
1736 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1747 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
1737 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1748 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
1738 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); | 1749 | dump_cfg_string(sRevokedKeys, o->revoked_keys_file); |
1750 | dump_cfg_string(sAuthorizedPrincipalsFile, | ||
1751 | o->authorized_principals_file); | ||
1739 | 1752 | ||
1740 | /* string arguments requiring a lookup */ | 1753 | /* string arguments requiring a lookup */ |
1741 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 1754 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |