diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index ee2e531a0..5be0c7bbf 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -100,7 +100,10 @@ initialize_server_options(ServerOptions *options) | |||
100 | options->kerberos_ticket_cleanup = -1; | 100 | options->kerberos_ticket_cleanup = -1; |
101 | options->kerberos_get_afs_token = -1; | 101 | options->kerberos_get_afs_token = -1; |
102 | options->gss_authentication=-1; | 102 | options->gss_authentication=-1; |
103 | options->gss_keyex = -1; | ||
103 | options->gss_cleanup_creds = -1; | 104 | options->gss_cleanup_creds = -1; |
105 | options->gss_strict_acceptor = -1; | ||
106 | options->gss_store_rekey = -1; | ||
104 | options->password_authentication = -1; | 107 | options->password_authentication = -1; |
105 | options->kbd_interactive_authentication = -1; | 108 | options->kbd_interactive_authentication = -1; |
106 | options->challenge_response_authentication = -1; | 109 | options->challenge_response_authentication = -1; |
@@ -229,8 +232,14 @@ fill_default_server_options(ServerOptions *options) | |||
229 | options->kerberos_get_afs_token = 0; | 232 | options->kerberos_get_afs_token = 0; |
230 | if (options->gss_authentication == -1) | 233 | if (options->gss_authentication == -1) |
231 | options->gss_authentication = 0; | 234 | options->gss_authentication = 0; |
235 | if (options->gss_keyex == -1) | ||
236 | options->gss_keyex = 0; | ||
232 | if (options->gss_cleanup_creds == -1) | 237 | if (options->gss_cleanup_creds == -1) |
233 | options->gss_cleanup_creds = 1; | 238 | options->gss_cleanup_creds = 1; |
239 | if (options->gss_strict_acceptor == -1) | ||
240 | options->gss_strict_acceptor = 1; | ||
241 | if (options->gss_store_rekey == -1) | ||
242 | options->gss_store_rekey = 0; | ||
234 | if (options->password_authentication == -1) | 243 | if (options->password_authentication == -1) |
235 | options->password_authentication = 1; | 244 | options->password_authentication = 1; |
236 | if (options->kbd_interactive_authentication == -1) | 245 | if (options->kbd_interactive_authentication == -1) |
@@ -323,7 +332,9 @@ typedef enum { | |||
323 | sBanner, sUseDNS, sHostbasedAuthentication, | 332 | sBanner, sUseDNS, sHostbasedAuthentication, |
324 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 333 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
325 | sClientAliveCountMax, sAuthorizedKeysFile, | 334 | sClientAliveCountMax, sAuthorizedKeysFile, |
326 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 335 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
336 | sGssKeyEx, sGssStoreRekey, | ||
337 | sAcceptEnv, sPermitTunnel, | ||
327 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 338 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
328 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 339 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
329 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 340 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
@@ -387,10 +398,20 @@ static struct { | |||
387 | #ifdef GSSAPI | 398 | #ifdef GSSAPI |
388 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 399 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
389 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 400 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
401 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
402 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | ||
403 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
404 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
390 | #else | 405 | #else |
391 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 406 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
392 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 407 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
408 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
409 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | ||
410 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
411 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
393 | #endif | 412 | #endif |
413 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
414 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
394 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 415 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
395 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 416 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
396 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 417 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1031,10 +1052,22 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1031 | intptr = &options->gss_authentication; | 1052 | intptr = &options->gss_authentication; |
1032 | goto parse_flag; | 1053 | goto parse_flag; |
1033 | 1054 | ||
1055 | case sGssKeyEx: | ||
1056 | intptr = &options->gss_keyex; | ||
1057 | goto parse_flag; | ||
1058 | |||
1034 | case sGssCleanupCreds: | 1059 | case sGssCleanupCreds: |
1035 | intptr = &options->gss_cleanup_creds; | 1060 | intptr = &options->gss_cleanup_creds; |
1036 | goto parse_flag; | 1061 | goto parse_flag; |
1037 | 1062 | ||
1063 | case sGssStrictAcceptor: | ||
1064 | intptr = &options->gss_strict_acceptor; | ||
1065 | goto parse_flag; | ||
1066 | |||
1067 | case sGssStoreRekey: | ||
1068 | intptr = &options->gss_store_rekey; | ||
1069 | goto parse_flag; | ||
1070 | |||
1038 | case sPasswordAuthentication: | 1071 | case sPasswordAuthentication: |
1039 | intptr = &options->password_authentication; | 1072 | intptr = &options->password_authentication; |
1040 | goto parse_flag; | 1073 | goto parse_flag; |
@@ -1868,7 +1901,10 @@ dump_config(ServerOptions *o) | |||
1868 | #endif | 1901 | #endif |
1869 | #ifdef GSSAPI | 1902 | #ifdef GSSAPI |
1870 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 1903 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
1904 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
1871 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 1905 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
1906 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
1907 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
1872 | #endif | 1908 | #endif |
1873 | #ifdef JPAKE | 1909 | #ifdef JPAKE |
1874 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 1910 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, |