diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 7d027ddb9..73e47eacf 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -93,7 +93,10 @@ initialize_server_options(ServerOptions *options) | |||
| 93 | options->kerberos_ticket_cleanup = -1; | 93 | options->kerberos_ticket_cleanup = -1; |
| 94 | options->kerberos_get_afs_token = -1; | 94 | options->kerberos_get_afs_token = -1; |
| 95 | options->gss_authentication=-1; | 95 | options->gss_authentication=-1; |
| 96 | options->gss_keyex = -1; | ||
| 96 | options->gss_cleanup_creds = -1; | 97 | options->gss_cleanup_creds = -1; |
| 98 | options->gss_strict_acceptor = -1; | ||
| 99 | options->gss_store_rekey = -1; | ||
| 97 | options->password_authentication = -1; | 100 | options->password_authentication = -1; |
| 98 | options->kbd_interactive_authentication = -1; | 101 | options->kbd_interactive_authentication = -1; |
| 99 | options->challenge_response_authentication = -1; | 102 | options->challenge_response_authentication = -1; |
| @@ -214,8 +217,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 214 | options->kerberos_get_afs_token = 0; | 217 | options->kerberos_get_afs_token = 0; |
| 215 | if (options->gss_authentication == -1) | 218 | if (options->gss_authentication == -1) |
| 216 | options->gss_authentication = 0; | 219 | options->gss_authentication = 0; |
| 220 | if (options->gss_keyex == -1) | ||
| 221 | options->gss_keyex = 0; | ||
| 217 | if (options->gss_cleanup_creds == -1) | 222 | if (options->gss_cleanup_creds == -1) |
| 218 | options->gss_cleanup_creds = 1; | 223 | options->gss_cleanup_creds = 1; |
| 224 | if (options->gss_strict_acceptor == -1) | ||
| 225 | options->gss_strict_acceptor = 1; | ||
| 226 | if (options->gss_store_rekey == -1) | ||
| 227 | options->gss_store_rekey = 0; | ||
| 219 | if (options->password_authentication == -1) | 228 | if (options->password_authentication == -1) |
| 220 | options->password_authentication = 1; | 229 | options->password_authentication = 1; |
| 221 | if (options->kbd_interactive_authentication == -1) | 230 | if (options->kbd_interactive_authentication == -1) |
| @@ -306,7 +315,9 @@ typedef enum { | |||
| 306 | sBanner, sUseDNS, sHostbasedAuthentication, | 315 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 307 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 316 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 308 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 317 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 309 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 318 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 319 | sGssKeyEx, sGssStoreRekey, | ||
| 320 | sAcceptEnv, sPermitTunnel, | ||
| 310 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 321 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 311 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 322 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 312 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 323 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| @@ -369,9 +380,15 @@ static struct { | |||
| 369 | #ifdef GSSAPI | 380 | #ifdef GSSAPI |
| 370 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 381 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 371 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 382 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 383 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 384 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 385 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 372 | #else | 386 | #else |
| 373 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 387 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 374 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 388 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 389 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 390 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 391 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 375 | #endif | 392 | #endif |
| 376 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 393 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 377 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 394 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| @@ -924,10 +941,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 924 | intptr = &options->gss_authentication; | 941 | intptr = &options->gss_authentication; |
| 925 | goto parse_flag; | 942 | goto parse_flag; |
| 926 | 943 | ||
| 944 | case sGssKeyEx: | ||
| 945 | intptr = &options->gss_keyex; | ||
| 946 | goto parse_flag; | ||
| 947 | |||
| 927 | case sGssCleanupCreds: | 948 | case sGssCleanupCreds: |
| 928 | intptr = &options->gss_cleanup_creds; | 949 | intptr = &options->gss_cleanup_creds; |
| 929 | goto parse_flag; | 950 | goto parse_flag; |
| 930 | 951 | ||
| 952 | case sGssStrictAcceptor: | ||
| 953 | intptr = &options->gss_strict_acceptor; | ||
| 954 | goto parse_flag; | ||
| 955 | |||
| 956 | case sGssStoreRekey: | ||
| 957 | intptr = &options->gss_store_rekey; | ||
| 958 | goto parse_flag; | ||
| 959 | |||
| 931 | case sPasswordAuthentication: | 960 | case sPasswordAuthentication: |
| 932 | intptr = &options->password_authentication; | 961 | intptr = &options->password_authentication; |
| 933 | goto parse_flag; | 962 | goto parse_flag; |