diff options
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 747edde6c..c938ae399 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -107,7 +107,10 @@ initialize_server_options(ServerOptions *options) | |||
| 107 | options->kerberos_ticket_cleanup = -1; | 107 | options->kerberos_ticket_cleanup = -1; |
| 108 | options->kerberos_get_afs_token = -1; | 108 | options->kerberos_get_afs_token = -1; |
| 109 | options->gss_authentication=-1; | 109 | options->gss_authentication=-1; |
| 110 | options->gss_keyex = -1; | ||
| 110 | options->gss_cleanup_creds = -1; | 111 | options->gss_cleanup_creds = -1; |
| 112 | options->gss_strict_acceptor = -1; | ||
| 113 | options->gss_store_rekey = -1; | ||
| 111 | options->password_authentication = -1; | 114 | options->password_authentication = -1; |
| 112 | options->kbd_interactive_authentication = -1; | 115 | options->kbd_interactive_authentication = -1; |
| 113 | options->challenge_response_authentication = -1; | 116 | options->challenge_response_authentication = -1; |
| @@ -240,8 +243,14 @@ fill_default_server_options(ServerOptions *options) | |||
| 240 | options->kerberos_get_afs_token = 0; | 243 | options->kerberos_get_afs_token = 0; |
| 241 | if (options->gss_authentication == -1) | 244 | if (options->gss_authentication == -1) |
| 242 | options->gss_authentication = 0; | 245 | options->gss_authentication = 0; |
| 246 | if (options->gss_keyex == -1) | ||
| 247 | options->gss_keyex = 0; | ||
| 243 | if (options->gss_cleanup_creds == -1) | 248 | if (options->gss_cleanup_creds == -1) |
| 244 | options->gss_cleanup_creds = 1; | 249 | options->gss_cleanup_creds = 1; |
| 250 | if (options->gss_strict_acceptor == -1) | ||
| 251 | options->gss_strict_acceptor = 1; | ||
| 252 | if (options->gss_store_rekey == -1) | ||
| 253 | options->gss_store_rekey = 0; | ||
| 245 | if (options->password_authentication == -1) | 254 | if (options->password_authentication == -1) |
| 246 | options->password_authentication = 1; | 255 | options->password_authentication = 1; |
| 247 | if (options->kbd_interactive_authentication == -1) | 256 | if (options->kbd_interactive_authentication == -1) |
| @@ -338,7 +347,9 @@ typedef enum { | |||
| 338 | sBanner, sUseDNS, sHostbasedAuthentication, | 347 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 339 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 348 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 340 | sClientAliveCountMax, sAuthorizedKeysFile, | 349 | sClientAliveCountMax, sAuthorizedKeysFile, |
| 341 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 350 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
| 351 | sGssKeyEx, sGssStoreRekey, | ||
| 352 | sAcceptEnv, sPermitTunnel, | ||
| 342 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 353 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 343 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 354 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 344 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 355 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
| @@ -405,10 +416,20 @@ static struct { | |||
| 405 | #ifdef GSSAPI | 416 | #ifdef GSSAPI |
| 406 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 417 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 407 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 418 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| 419 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
| 420 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
| 421 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
| 422 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
| 408 | #else | 423 | #else |
| 409 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 424 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
| 410 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 425 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
| 426 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
| 427 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
| 428 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
| 429 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
| 411 | #endif | 430 | #endif |
| 431 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 432 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
| 412 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 433 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 413 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 434 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 414 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 435 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| @@ -1073,10 +1094,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1073 | intptr = &options->gss_authentication; | 1094 | intptr = &options->gss_authentication; |
| 1074 | goto parse_flag; | 1095 | goto parse_flag; |
| 1075 | 1096 | ||
| 1097 | case sGssKeyEx: | ||
| 1098 | intptr = &options->gss_keyex; | ||
| 1099 | goto parse_flag; | ||
| 1100 | |||
| 1076 | case sGssCleanupCreds: | 1101 | case sGssCleanupCreds: |
| 1077 | intptr = &options->gss_cleanup_creds; | 1102 | intptr = &options->gss_cleanup_creds; |
| 1078 | goto parse_flag; | 1103 | goto parse_flag; |
| 1079 | 1104 | ||
| 1105 | case sGssStrictAcceptor: | ||
| 1106 | intptr = &options->gss_strict_acceptor; | ||
| 1107 | goto parse_flag; | ||
| 1108 | |||
| 1109 | case sGssStoreRekey: | ||
| 1110 | intptr = &options->gss_store_rekey; | ||
| 1111 | goto parse_flag; | ||
| 1112 | |||
| 1080 | case sPasswordAuthentication: | 1113 | case sPasswordAuthentication: |
| 1081 | intptr = &options->password_authentication; | 1114 | intptr = &options->password_authentication; |
| 1082 | goto parse_flag; | 1115 | goto parse_flag; |
| @@ -1983,7 +2016,10 @@ dump_config(ServerOptions *o) | |||
| 1983 | #endif | 2016 | #endif |
| 1984 | #ifdef GSSAPI | 2017 | #ifdef GSSAPI |
| 1985 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2018 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| 2019 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
| 1986 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2020 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
| 2021 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
| 2022 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
| 1987 | #endif | 2023 | #endif |
| 1988 | #ifdef JPAKE | 2024 | #ifdef JPAKE |
| 1989 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 2025 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |