summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index 2aa516b2a..c843c97c5 100644
--- a/servconf.c
+++ b/servconf.c
@@ -100,6 +100,7 @@ initialize_server_options(ServerOptions *options)
100 options->password_authentication = -1; 100 options->password_authentication = -1;
101 options->kbd_interactive_authentication = -1; 101 options->kbd_interactive_authentication = -1;
102 options->challenge_response_authentication = -1; 102 options->challenge_response_authentication = -1;
103 options->permit_blacklisted_keys = -1;
103 options->permit_empty_passwd = -1; 104 options->permit_empty_passwd = -1;
104 options->permit_user_env = -1; 105 options->permit_user_env = -1;
105 options->use_login = -1; 106 options->use_login = -1;
@@ -135,6 +136,7 @@ initialize_server_options(ServerOptions *options)
135 options->revoked_keys_file = NULL; 136 options->revoked_keys_file = NULL;
136 options->trusted_user_ca_keys = NULL; 137 options->trusted_user_ca_keys = NULL;
137 options->authorized_principals_file = NULL; 138 options->authorized_principals_file = NULL;
139 options->debian_banner = -1;
138} 140}
139 141
140void 142void
@@ -232,6 +234,8 @@ fill_default_server_options(ServerOptions *options)
232 options->kbd_interactive_authentication = 0; 234 options->kbd_interactive_authentication = 0;
233 if (options->challenge_response_authentication == -1) 235 if (options->challenge_response_authentication == -1)
234 options->challenge_response_authentication = 1; 236 options->challenge_response_authentication = 1;
237 if (options->permit_blacklisted_keys == -1)
238 options->permit_blacklisted_keys = 0;
235 if (options->permit_empty_passwd == -1) 239 if (options->permit_empty_passwd == -1)
236 options->permit_empty_passwd = 0; 240 options->permit_empty_passwd = 0;
237 if (options->permit_user_env == -1) 241 if (options->permit_user_env == -1)
@@ -275,6 +279,8 @@ fill_default_server_options(ServerOptions *options)
275 options->permit_tun = SSH_TUNMODE_NO; 279 options->permit_tun = SSH_TUNMODE_NO;
276 if (options->zero_knowledge_password_authentication == -1) 280 if (options->zero_knowledge_password_authentication == -1)
277 options->zero_knowledge_password_authentication = 0; 281 options->zero_knowledge_password_authentication = 0;
282 if (options->debian_banner == -1)
283 options->debian_banner = 1;
278 284
279 /* Turn privilege separation on by default */ 285 /* Turn privilege separation on by default */
280 if (use_privsep == -1) 286 if (use_privsep == -1)
@@ -307,7 +313,7 @@ typedef enum {
307 sListenAddress, sAddressFamily, 313 sListenAddress, sAddressFamily,
308 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 314 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
309 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 315 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
310 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 316 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
311 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 317 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
312 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 318 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
313 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 319 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -323,6 +329,7 @@ typedef enum {
323 sUsePrivilegeSeparation, sAllowAgentForwarding, 329 sUsePrivilegeSeparation, sAllowAgentForwarding,
324 sZeroKnowledgePasswordAuthentication, sHostCertificate, 330 sZeroKnowledgePasswordAuthentication, sHostCertificate,
325 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 331 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
332 sDebianBanner,
326 sDeprecated, sUnsupported 333 sDeprecated, sUnsupported
327} ServerOpCodes; 334} ServerOpCodes;
328 335
@@ -381,16 +388,20 @@ static struct {
381#ifdef GSSAPI 388#ifdef GSSAPI
382 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 389 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
383 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 390 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
391 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
384 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 392 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
385 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, 393 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
386 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, 394 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
387#else 395#else
388 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 396 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
389 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 397 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
398 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
390 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 399 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
391 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, 400 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
392 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, 401 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
393#endif 402#endif
403 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
404 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
394 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 405 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
395 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 406 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
396 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 407 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -412,6 +423,7 @@ static struct {
412 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 423 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
413 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 424 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
414 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 425 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
426 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
415 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 427 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
416 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 428 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
417 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 429 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -451,6 +463,7 @@ static struct {
451 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 463 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
452 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 464 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
453 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, 465 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
466 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
454 { NULL, sBadOption, 0 } 467 { NULL, sBadOption, 0 }
455}; 468};
456 469
@@ -1007,6 +1020,10 @@ process_server_config_line(ServerOptions *options, char *line,
1007 intptr = &options->tcp_keep_alive; 1020 intptr = &options->tcp_keep_alive;
1008 goto parse_flag; 1021 goto parse_flag;
1009 1022
1023 case sPermitBlacklistedKeys:
1024 intptr = &options->permit_blacklisted_keys;
1025 goto parse_flag;
1026
1010 case sEmptyPasswd: 1027 case sEmptyPasswd:
1011 intptr = &options->permit_empty_passwd; 1028 intptr = &options->permit_empty_passwd;
1012 goto parse_flag; 1029 goto parse_flag;
@@ -1380,6 +1397,10 @@ process_server_config_line(ServerOptions *options, char *line,
1380 charptr = &options->revoked_keys_file; 1397 charptr = &options->revoked_keys_file;
1381 goto parse_filename; 1398 goto parse_filename;
1382 1399
1400 case sDebianBanner:
1401 intptr = &options->debian_banner;
1402 goto parse_int;
1403
1383 case sDeprecated: 1404 case sDeprecated:
1384 logit("%s line %d: Deprecated option %s", 1405 logit("%s line %d: Deprecated option %s",
1385 filename, linenum, arg); 1406 filename, linenum, arg);
@@ -1684,7 +1705,10 @@ dump_config(ServerOptions *o)
1684#endif 1705#endif
1685#ifdef GSSAPI 1706#ifdef GSSAPI
1686 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1707 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1708 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1687 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1709 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1710 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1711 dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
1688#endif 1712#endif
1689#ifdef JPAKE 1713#ifdef JPAKE
1690 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1714 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
@@ -1701,6 +1725,7 @@ dump_config(ServerOptions *o)
1701 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1725 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
1702 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1726 dump_cfg_fmtint(sStrictModes, o->strict_modes);
1703 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1727 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1728 dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
1704 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1729 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1705 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1730 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1706 dump_cfg_fmtint(sUseLogin, o->use_login); 1731 dump_cfg_fmtint(sUseLogin, o->use_login);
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-06 02:15:22 +0000