diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index f08e37477..ded8f4a87 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -70,6 +70,7 @@ | |||
70 | #include "auth.h" | 70 | #include "auth.h" |
71 | #include "myproposal.h" | 71 | #include "myproposal.h" |
72 | #include "digest.h" | 72 | #include "digest.h" |
73 | #include "ssh-gss.h" | ||
73 | 74 | ||
74 | static void add_listen_addr(ServerOptions *, const char *, | 75 | static void add_listen_addr(ServerOptions *, const char *, |
75 | const char *, int); | 76 | const char *, int); |
@@ -134,8 +135,11 @@ initialize_server_options(ServerOptions *options) | |||
134 | options->kerberos_ticket_cleanup = -1; | 135 | options->kerberos_ticket_cleanup = -1; |
135 | options->kerberos_get_afs_token = -1; | 136 | options->kerberos_get_afs_token = -1; |
136 | options->gss_authentication=-1; | 137 | options->gss_authentication=-1; |
138 | options->gss_keyex = -1; | ||
137 | options->gss_cleanup_creds = -1; | 139 | options->gss_cleanup_creds = -1; |
138 | options->gss_strict_acceptor = -1; | 140 | options->gss_strict_acceptor = -1; |
141 | options->gss_store_rekey = -1; | ||
142 | options->gss_kex_algorithms = NULL; | ||
139 | options->password_authentication = -1; | 143 | options->password_authentication = -1; |
140 | options->kbd_interactive_authentication = -1; | 144 | options->kbd_interactive_authentication = -1; |
141 | options->challenge_response_authentication = -1; | 145 | options->challenge_response_authentication = -1; |
@@ -376,10 +380,18 @@ fill_default_server_options(ServerOptions *options) | |||
376 | options->kerberos_get_afs_token = 0; | 380 | options->kerberos_get_afs_token = 0; |
377 | if (options->gss_authentication == -1) | 381 | if (options->gss_authentication == -1) |
378 | options->gss_authentication = 0; | 382 | options->gss_authentication = 0; |
383 | if (options->gss_keyex == -1) | ||
384 | options->gss_keyex = 0; | ||
379 | if (options->gss_cleanup_creds == -1) | 385 | if (options->gss_cleanup_creds == -1) |
380 | options->gss_cleanup_creds = 1; | 386 | options->gss_cleanup_creds = 1; |
381 | if (options->gss_strict_acceptor == -1) | 387 | if (options->gss_strict_acceptor == -1) |
382 | options->gss_strict_acceptor = 1; | 388 | options->gss_strict_acceptor = 1; |
389 | if (options->gss_store_rekey == -1) | ||
390 | options->gss_store_rekey = 0; | ||
391 | #ifdef GSSAPI | ||
392 | if (options->gss_kex_algorithms == NULL) | ||
393 | options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); | ||
394 | #endif | ||
383 | if (options->password_authentication == -1) | 395 | if (options->password_authentication == -1) |
384 | options->password_authentication = 1; | 396 | options->password_authentication = 1; |
385 | if (options->kbd_interactive_authentication == -1) | 397 | if (options->kbd_interactive_authentication == -1) |
@@ -523,6 +535,7 @@ typedef enum { | |||
523 | sHostKeyAlgorithms, | 535 | sHostKeyAlgorithms, |
524 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 536 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
525 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 537 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
538 | sGssKeyEx, sGssKexAlgorithms, sGssStoreRekey, | ||
526 | sAcceptEnv, sSetEnv, sPermitTunnel, | 539 | sAcceptEnv, sSetEnv, sPermitTunnel, |
527 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, | 540 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, |
528 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 541 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -600,12 +613,22 @@ static struct { | |||
600 | #ifdef GSSAPI | 613 | #ifdef GSSAPI |
601 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 614 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
602 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 615 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
616 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
603 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 617 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
618 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
619 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
620 | { "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL }, | ||
604 | #else | 621 | #else |
605 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 622 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
606 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 623 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
624 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
607 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 625 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
626 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
627 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
628 | { "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL }, | ||
608 | #endif | 629 | #endif |
630 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
631 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
609 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 632 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
610 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 633 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
611 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 634 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1557,6 +1580,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, | |||
1557 | intptr = &options->gss_authentication; | 1580 | intptr = &options->gss_authentication; |
1558 | goto parse_flag; | 1581 | goto parse_flag; |
1559 | 1582 | ||
1583 | case sGssKeyEx: | ||
1584 | intptr = &options->gss_keyex; | ||
1585 | goto parse_flag; | ||
1586 | |||
1560 | case sGssCleanupCreds: | 1587 | case sGssCleanupCreds: |
1561 | intptr = &options->gss_cleanup_creds; | 1588 | intptr = &options->gss_cleanup_creds; |
1562 | goto parse_flag; | 1589 | goto parse_flag; |
@@ -1565,6 +1592,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, | |||
1565 | intptr = &options->gss_strict_acceptor; | 1592 | intptr = &options->gss_strict_acceptor; |
1566 | goto parse_flag; | 1593 | goto parse_flag; |
1567 | 1594 | ||
1595 | case sGssStoreRekey: | ||
1596 | intptr = &options->gss_store_rekey; | ||
1597 | goto parse_flag; | ||
1598 | |||
1599 | case sGssKexAlgorithms: | ||
1600 | arg = strdelim(&cp); | ||
1601 | if (!arg || *arg == '\0') | ||
1602 | fatal("%.200s line %d: Missing argument.", | ||
1603 | filename, linenum); | ||
1604 | if (!kex_gss_names_valid(arg)) | ||
1605 | fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", | ||
1606 | filename, linenum, arg ? arg : "<NONE>"); | ||
1607 | if (*activep && options->gss_kex_algorithms == NULL) | ||
1608 | options->gss_kex_algorithms = xstrdup(arg); | ||
1609 | break; | ||
1610 | |||
1568 | case sPasswordAuthentication: | 1611 | case sPasswordAuthentication: |
1569 | intptr = &options->password_authentication; | 1612 | intptr = &options->password_authentication; |
1570 | goto parse_flag; | 1613 | goto parse_flag; |
@@ -2808,6 +2851,10 @@ dump_config(ServerOptions *o) | |||
2808 | #ifdef GSSAPI | 2851 | #ifdef GSSAPI |
2809 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2852 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2810 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2853 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2854 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2855 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2856 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2857 | dump_cfg_string(sGssKexAlgorithms, o->gss_kex_algorithms); | ||
2811 | #endif | 2858 | #endif |
2812 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2859 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2813 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2860 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |