diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 1cb45f536..a411bfb6e 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.290 2016/05/04 14:00:09 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.291 2016/06/17 05:03:40 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -381,6 +381,14 @@ fill_default_server_options(ServerOptions *options) | |||
381 | CLEAR_ON_NONE(options->host_cert_files[i]); | 381 | CLEAR_ON_NONE(options->host_cert_files[i]); |
382 | #undef CLEAR_ON_NONE | 382 | #undef CLEAR_ON_NONE |
383 | 383 | ||
384 | /* Similar handling for AuthenticationMethods=any */ | ||
385 | if (options->num_auth_methods == 1 && | ||
386 | strcmp(options->auth_methods[0], "any") == 0) { | ||
387 | free(options->auth_methods[0]); | ||
388 | options->auth_methods[0] = NULL; | ||
389 | options->num_auth_methods = 0; | ||
390 | } | ||
391 | |||
384 | #ifndef HAVE_MMAP | 392 | #ifndef HAVE_MMAP |
385 | if (use_privsep && options->compression == 1) { | 393 | if (use_privsep && options->compression == 1) { |
386 | error("This platform does not support both privilege " | 394 | error("This platform does not support both privilege " |
@@ -1804,21 +1812,39 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1804 | 1812 | ||
1805 | case sAuthenticationMethods: | 1813 | case sAuthenticationMethods: |
1806 | if (options->num_auth_methods == 0) { | 1814 | if (options->num_auth_methods == 0) { |
1815 | value = 0; /* seen "any" pseudo-method */ | ||
1807 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 1816 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
1808 | if (options->num_auth_methods >= | 1817 | if (options->num_auth_methods >= |
1809 | MAX_AUTH_METHODS) | 1818 | MAX_AUTH_METHODS) |
1810 | fatal("%s line %d: " | 1819 | fatal("%s line %d: " |
1811 | "too many authentication methods.", | 1820 | "too many authentication methods.", |
1812 | filename, linenum); | 1821 | filename, linenum); |
1813 | if (auth2_methods_valid(arg, 0) != 0) | 1822 | if (strcmp(arg, "any") == 0) { |
1823 | if (options->num_auth_methods > 0) { | ||
1824 | fatal("%s line %d: \"any\" " | ||
1825 | "must appear alone in " | ||
1826 | "AuthenticationMethods", | ||
1827 | filename, linenum); | ||
1828 | } | ||
1829 | value = 1; | ||
1830 | } else if (value) { | ||
1831 | fatal("%s line %d: \"any\" must appear " | ||
1832 | "alone in AuthenticationMethods", | ||
1833 | filename, linenum); | ||
1834 | } else if (auth2_methods_valid(arg, 0) != 0) { | ||
1814 | fatal("%s line %d: invalid " | 1835 | fatal("%s line %d: invalid " |
1815 | "authentication method list.", | 1836 | "authentication method list.", |
1816 | filename, linenum); | 1837 | filename, linenum); |
1838 | } | ||
1817 | if (!*activep) | 1839 | if (!*activep) |
1818 | continue; | 1840 | continue; |
1819 | options->auth_methods[ | 1841 | options->auth_methods[ |
1820 | options->num_auth_methods++] = xstrdup(arg); | 1842 | options->num_auth_methods++] = xstrdup(arg); |
1821 | } | 1843 | } |
1844 | if (options->num_auth_methods == 0) { | ||
1845 | fatal("%s line %d: no AuthenticationMethods " | ||
1846 | "specified", filename, linenum); | ||
1847 | } | ||
1822 | } | 1848 | } |
1823 | return 0; | 1849 | return 0; |
1824 | 1850 | ||
@@ -2195,11 +2221,13 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) | |||
2195 | { | 2221 | { |
2196 | u_int i; | 2222 | u_int i; |
2197 | 2223 | ||
2198 | if (count <= 0) | 2224 | if (count <= 0 && code != sAuthenticationMethods) |
2199 | return; | 2225 | return; |
2200 | printf("%s", lookup_opcode_name(code)); | 2226 | printf("%s", lookup_opcode_name(code)); |
2201 | for (i = 0; i < count; i++) | 2227 | for (i = 0; i < count; i++) |
2202 | printf(" %s", vals[i]); | 2228 | printf(" %s", vals[i]); |
2229 | if (code == sAuthenticationMethods && count == 0) | ||
2230 | printf(" any"); | ||
2203 | printf("\n"); | 2231 | printf("\n"); |
2204 | } | 2232 | } |
2205 | 2233 | ||