summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index cbbb20052..62417def7 100644
--- a/servconf.c
+++ b/servconf.c
@@ -100,6 +100,7 @@ initialize_server_options(ServerOptions *options)
100 options->password_authentication = -1; 100 options->password_authentication = -1;
101 options->kbd_interactive_authentication = -1; 101 options->kbd_interactive_authentication = -1;
102 options->challenge_response_authentication = -1; 102 options->challenge_response_authentication = -1;
103 options->permit_blacklisted_keys = -1;
103 options->permit_empty_passwd = -1; 104 options->permit_empty_passwd = -1;
104 options->permit_user_env = -1; 105 options->permit_user_env = -1;
105 options->use_login = -1; 106 options->use_login = -1;
@@ -134,6 +135,7 @@ initialize_server_options(ServerOptions *options)
134 options->zero_knowledge_password_authentication = -1; 135 options->zero_knowledge_password_authentication = -1;
135 options->revoked_keys_file = NULL; 136 options->revoked_keys_file = NULL;
136 options->trusted_user_ca_keys = NULL; 137 options->trusted_user_ca_keys = NULL;
138 options->debian_banner = -1;
137} 139}
138 140
139void 141void
@@ -231,6 +233,8 @@ fill_default_server_options(ServerOptions *options)
231 options->kbd_interactive_authentication = 0; 233 options->kbd_interactive_authentication = 0;
232 if (options->challenge_response_authentication == -1) 234 if (options->challenge_response_authentication == -1)
233 options->challenge_response_authentication = 1; 235 options->challenge_response_authentication = 1;
236 if (options->permit_blacklisted_keys == -1)
237 options->permit_blacklisted_keys = 0;
234 if (options->permit_empty_passwd == -1) 238 if (options->permit_empty_passwd == -1)
235 options->permit_empty_passwd = 0; 239 options->permit_empty_passwd = 0;
236 if (options->permit_user_env == -1) 240 if (options->permit_user_env == -1)
@@ -274,6 +278,8 @@ fill_default_server_options(ServerOptions *options)
274 options->permit_tun = SSH_TUNMODE_NO; 278 options->permit_tun = SSH_TUNMODE_NO;
275 if (options->zero_knowledge_password_authentication == -1) 279 if (options->zero_knowledge_password_authentication == -1)
276 options->zero_knowledge_password_authentication = 0; 280 options->zero_knowledge_password_authentication = 0;
281 if (options->debian_banner == -1)
282 options->debian_banner = 1;
277 283
278 /* Turn privilege separation on by default */ 284 /* Turn privilege separation on by default */
279 if (use_privsep == -1) 285 if (use_privsep == -1)
@@ -306,7 +312,7 @@ typedef enum {
306 sListenAddress, sAddressFamily, 312 sListenAddress, sAddressFamily,
307 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 313 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
308 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 314 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
309 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 315 sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
310 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 316 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
311 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 317 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
312 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 318 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -322,6 +328,7 @@ typedef enum {
322 sUsePrivilegeSeparation, sAllowAgentForwarding, 328 sUsePrivilegeSeparation, sAllowAgentForwarding,
323 sZeroKnowledgePasswordAuthentication, sHostCertificate, 329 sZeroKnowledgePasswordAuthentication, sHostCertificate,
324 sRevokedKeys, sTrustedUserCAKeys, 330 sRevokedKeys, sTrustedUserCAKeys,
331 sDebianBanner,
325 sDeprecated, sUnsupported 332 sDeprecated, sUnsupported
326} ServerOpCodes; 333} ServerOpCodes;
327 334
@@ -380,16 +387,20 @@ static struct {
380#ifdef GSSAPI 387#ifdef GSSAPI
381 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 388 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
382 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 389 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
390 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
383 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 391 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
384 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, 392 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
385 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, 393 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
386#else 394#else
387 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 395 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
388 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 396 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
397 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
389 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 398 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
390 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, 399 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
391 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, 400 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
392#endif 401#endif
402 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
403 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
393 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 404 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
394 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 405 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
395 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 406 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
@@ -411,6 +422,7 @@ static struct {
411 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 422 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
412 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 423 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
413 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 424 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
425 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
414 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 426 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
415 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 427 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
416 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 428 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -449,6 +461,7 @@ static struct {
449 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, 461 { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
450 { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, 462 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
451 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, 463 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
464 { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
452 { NULL, sBadOption, 0 } 465 { NULL, sBadOption, 0 }
453}; 466};
454 467
@@ -1006,6 +1019,10 @@ process_server_config_line(ServerOptions *options, char *line,
1006 intptr = &options->tcp_keep_alive; 1019 intptr = &options->tcp_keep_alive;
1007 goto parse_flag; 1020 goto parse_flag;
1008 1021
1022 case sPermitBlacklistedKeys:
1023 intptr = &options->permit_blacklisted_keys;
1024 goto parse_flag;
1025
1009 case sEmptyPasswd: 1026 case sEmptyPasswd:
1010 intptr = &options->permit_empty_passwd; 1027 intptr = &options->permit_empty_passwd;
1011 goto parse_flag; 1028 goto parse_flag;
@@ -1365,6 +1382,10 @@ process_server_config_line(ServerOptions *options, char *line,
1365 charptr = &options->revoked_keys_file; 1382 charptr = &options->revoked_keys_file;
1366 goto parse_filename; 1383 goto parse_filename;
1367 1384
1385 case sDebianBanner:
1386 intptr = &options->debian_banner;
1387 goto parse_int;
1388
1368 case sDeprecated: 1389 case sDeprecated:
1369 logit("%s line %d: Deprecated option %s", 1390 logit("%s line %d: Deprecated option %s",
1370 filename, linenum, arg); 1391 filename, linenum, arg);
@@ -1664,7 +1685,10 @@ dump_config(ServerOptions *o)
1664#endif 1685#endif
1665#ifdef GSSAPI 1686#ifdef GSSAPI
1666 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1687 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1688 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1667 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1689 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1690 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1691 dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
1668#endif 1692#endif
1669#ifdef JPAKE 1693#ifdef JPAKE
1670 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, 1694 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
@@ -1681,6 +1705,7 @@ dump_config(ServerOptions *o)
1681 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 1705 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
1682 dump_cfg_fmtint(sStrictModes, o->strict_modes); 1706 dump_cfg_fmtint(sStrictModes, o->strict_modes);
1683 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 1707 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
1708 dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
1684 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); 1709 dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
1685 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); 1710 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
1686 dump_cfg_fmtint(sUseLogin, o->use_login); 1711 dump_cfg_fmtint(sUseLogin, o->use_login);
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 09:12:13 +0000