diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 2aa516b2a..c843c97c5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -100,6 +100,7 @@ initialize_server_options(ServerOptions *options) | |||
100 | options->password_authentication = -1; | 100 | options->password_authentication = -1; |
101 | options->kbd_interactive_authentication = -1; | 101 | options->kbd_interactive_authentication = -1; |
102 | options->challenge_response_authentication = -1; | 102 | options->challenge_response_authentication = -1; |
103 | options->permit_blacklisted_keys = -1; | ||
103 | options->permit_empty_passwd = -1; | 104 | options->permit_empty_passwd = -1; |
104 | options->permit_user_env = -1; | 105 | options->permit_user_env = -1; |
105 | options->use_login = -1; | 106 | options->use_login = -1; |
@@ -135,6 +136,7 @@ initialize_server_options(ServerOptions *options) | |||
135 | options->revoked_keys_file = NULL; | 136 | options->revoked_keys_file = NULL; |
136 | options->trusted_user_ca_keys = NULL; | 137 | options->trusted_user_ca_keys = NULL; |
137 | options->authorized_principals_file = NULL; | 138 | options->authorized_principals_file = NULL; |
139 | options->debian_banner = -1; | ||
138 | } | 140 | } |
139 | 141 | ||
140 | void | 142 | void |
@@ -232,6 +234,8 @@ fill_default_server_options(ServerOptions *options) | |||
232 | options->kbd_interactive_authentication = 0; | 234 | options->kbd_interactive_authentication = 0; |
233 | if (options->challenge_response_authentication == -1) | 235 | if (options->challenge_response_authentication == -1) |
234 | options->challenge_response_authentication = 1; | 236 | options->challenge_response_authentication = 1; |
237 | if (options->permit_blacklisted_keys == -1) | ||
238 | options->permit_blacklisted_keys = 0; | ||
235 | if (options->permit_empty_passwd == -1) | 239 | if (options->permit_empty_passwd == -1) |
236 | options->permit_empty_passwd = 0; | 240 | options->permit_empty_passwd = 0; |
237 | if (options->permit_user_env == -1) | 241 | if (options->permit_user_env == -1) |
@@ -275,6 +279,8 @@ fill_default_server_options(ServerOptions *options) | |||
275 | options->permit_tun = SSH_TUNMODE_NO; | 279 | options->permit_tun = SSH_TUNMODE_NO; |
276 | if (options->zero_knowledge_password_authentication == -1) | 280 | if (options->zero_knowledge_password_authentication == -1) |
277 | options->zero_knowledge_password_authentication = 0; | 281 | options->zero_knowledge_password_authentication = 0; |
282 | if (options->debian_banner == -1) | ||
283 | options->debian_banner = 1; | ||
278 | 284 | ||
279 | /* Turn privilege separation on by default */ | 285 | /* Turn privilege separation on by default */ |
280 | if (use_privsep == -1) | 286 | if (use_privsep == -1) |
@@ -307,7 +313,7 @@ typedef enum { | |||
307 | sListenAddress, sAddressFamily, | 313 | sListenAddress, sAddressFamily, |
308 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 314 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
309 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 315 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
310 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 316 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, |
311 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 317 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
312 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 318 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
313 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 319 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
@@ -323,6 +329,7 @@ typedef enum { | |||
323 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 329 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
324 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 330 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
325 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 331 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
332 | sDebianBanner, | ||
326 | sDeprecated, sUnsupported | 333 | sDeprecated, sUnsupported |
327 | } ServerOpCodes; | 334 | } ServerOpCodes; |
328 | 335 | ||
@@ -381,16 +388,20 @@ static struct { | |||
381 | #ifdef GSSAPI | 388 | #ifdef GSSAPI |
382 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 389 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
383 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 390 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
391 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
384 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 392 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
385 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | 393 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, |
386 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | 394 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, |
387 | #else | 395 | #else |
388 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 396 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
389 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 397 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
398 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
390 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 399 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
391 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | 400 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, |
392 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | 401 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, |
393 | #endif | 402 | #endif |
403 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
404 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
394 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 405 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
395 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 406 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
396 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 407 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -412,6 +423,7 @@ static struct { | |||
412 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 423 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
413 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 424 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
414 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 425 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
426 | { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, | ||
415 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 427 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
416 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 428 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
417 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 429 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
@@ -451,6 +463,7 @@ static struct { | |||
451 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, | 463 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
452 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, | 464 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
453 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 465 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
466 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
454 | { NULL, sBadOption, 0 } | 467 | { NULL, sBadOption, 0 } |
455 | }; | 468 | }; |
456 | 469 | ||
@@ -1007,6 +1020,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1007 | intptr = &options->tcp_keep_alive; | 1020 | intptr = &options->tcp_keep_alive; |
1008 | goto parse_flag; | 1021 | goto parse_flag; |
1009 | 1022 | ||
1023 | case sPermitBlacklistedKeys: | ||
1024 | intptr = &options->permit_blacklisted_keys; | ||
1025 | goto parse_flag; | ||
1026 | |||
1010 | case sEmptyPasswd: | 1027 | case sEmptyPasswd: |
1011 | intptr = &options->permit_empty_passwd; | 1028 | intptr = &options->permit_empty_passwd; |
1012 | goto parse_flag; | 1029 | goto parse_flag; |
@@ -1380,6 +1397,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1380 | charptr = &options->revoked_keys_file; | 1397 | charptr = &options->revoked_keys_file; |
1381 | goto parse_filename; | 1398 | goto parse_filename; |
1382 | 1399 | ||
1400 | case sDebianBanner: | ||
1401 | intptr = &options->debian_banner; | ||
1402 | goto parse_int; | ||
1403 | |||
1383 | case sDeprecated: | 1404 | case sDeprecated: |
1384 | logit("%s line %d: Deprecated option %s", | 1405 | logit("%s line %d: Deprecated option %s", |
1385 | filename, linenum, arg); | 1406 | filename, linenum, arg); |
@@ -1684,7 +1705,10 @@ dump_config(ServerOptions *o) | |||
1684 | #endif | 1705 | #endif |
1685 | #ifdef GSSAPI | 1706 | #ifdef GSSAPI |
1686 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1707 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
1708 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1687 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1709 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
1710 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
1711 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
1688 | #endif | 1712 | #endif |
1689 | #ifdef JPAKE | 1713 | #ifdef JPAKE |
1690 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1714 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |
@@ -1701,6 +1725,7 @@ dump_config(ServerOptions *o) | |||
1701 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 1725 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
1702 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 1726 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
1703 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 1727 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
1728 | dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys); | ||
1704 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); | 1729 | dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); |
1705 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); | 1730 | dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
1706 | dump_cfg_fmtint(sUseLogin, o->use_login); | 1731 | dump_cfg_fmtint(sUseLogin, o->use_login); |