summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c34
1 files changed, 31 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c
index 1cb45f536..a411bfb6e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.290 2016/05/04 14:00:09 dtucker Exp $ */ 2/* $OpenBSD: servconf.c,v 1.291 2016/06/17 05:03:40 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -381,6 +381,14 @@ fill_default_server_options(ServerOptions *options)
381 CLEAR_ON_NONE(options->host_cert_files[i]); 381 CLEAR_ON_NONE(options->host_cert_files[i]);
382#undef CLEAR_ON_NONE 382#undef CLEAR_ON_NONE
383 383
384 /* Similar handling for AuthenticationMethods=any */
385 if (options->num_auth_methods == 1 &&
386 strcmp(options->auth_methods[0], "any") == 0) {
387 free(options->auth_methods[0]);
388 options->auth_methods[0] = NULL;
389 options->num_auth_methods = 0;
390 }
391
384#ifndef HAVE_MMAP 392#ifndef HAVE_MMAP
385 if (use_privsep && options->compression == 1) { 393 if (use_privsep && options->compression == 1) {
386 error("This platform does not support both privilege " 394 error("This platform does not support both privilege "
@@ -1804,21 +1812,39 @@ process_server_config_line(ServerOptions *options, char *line,
1804 1812
1805 case sAuthenticationMethods: 1813 case sAuthenticationMethods:
1806 if (options->num_auth_methods == 0) { 1814 if (options->num_auth_methods == 0) {
1815 value = 0; /* seen "any" pseudo-method */
1807 while ((arg = strdelim(&cp)) && *arg != '\0') { 1816 while ((arg = strdelim(&cp)) && *arg != '\0') {
1808 if (options->num_auth_methods >= 1817 if (options->num_auth_methods >=
1809 MAX_AUTH_METHODS) 1818 MAX_AUTH_METHODS)
1810 fatal("%s line %d: " 1819 fatal("%s line %d: "
1811 "too many authentication methods.", 1820 "too many authentication methods.",
1812 filename, linenum); 1821 filename, linenum);
1813 if (auth2_methods_valid(arg, 0) != 0) 1822 if (strcmp(arg, "any") == 0) {
1823 if (options->num_auth_methods > 0) {
1824 fatal("%s line %d: \"any\" "
1825 "must appear alone in "
1826 "AuthenticationMethods",
1827 filename, linenum);
1828 }
1829 value = 1;
1830 } else if (value) {
1831 fatal("%s line %d: \"any\" must appear "
1832 "alone in AuthenticationMethods",
1833 filename, linenum);
1834 } else if (auth2_methods_valid(arg, 0) != 0) {
1814 fatal("%s line %d: invalid " 1835 fatal("%s line %d: invalid "
1815 "authentication method list.", 1836 "authentication method list.",
1816 filename, linenum); 1837 filename, linenum);
1838 }
1817 if (!*activep) 1839 if (!*activep)
1818 continue; 1840 continue;
1819 options->auth_methods[ 1841 options->auth_methods[
1820 options->num_auth_methods++] = xstrdup(arg); 1842 options->num_auth_methods++] = xstrdup(arg);
1821 } 1843 }
1844 if (options->num_auth_methods == 0) {
1845 fatal("%s line %d: no AuthenticationMethods "
1846 "specified", filename, linenum);
1847 }
1822 } 1848 }
1823 return 0; 1849 return 0;
1824 1850
@@ -2195,11 +2221,13 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
2195{ 2221{
2196 u_int i; 2222 u_int i;
2197 2223
2198 if (count <= 0) 2224 if (count <= 0 && code != sAuthenticationMethods)
2199 return; 2225 return;
2200 printf("%s", lookup_opcode_name(code)); 2226 printf("%s", lookup_opcode_name(code));
2201 for (i = 0; i < count; i++) 2227 for (i = 0; i < count; i++)
2202 printf(" %s", vals[i]); 2228 printf(" %s", vals[i]);
2229 if (code == sAuthenticationMethods && count == 0)
2230 printf(" any");
2203 printf("\n"); 2231 printf("\n");
2204} 2232}
2205 2233
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 19:24:57 +0000