summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c
index 018f251ca..7506ad21f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */ 2/* $OpenBSD: servconf.c,v 1.277 2015/07/30 00:01:34 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -259,16 +259,12 @@ fill_default_server_options(ServerOptions *options)
259 options->hostbased_authentication = 0; 259 options->hostbased_authentication = 0;
260 if (options->hostbased_uses_name_from_packet_only == -1) 260 if (options->hostbased_uses_name_from_packet_only == -1)
261 options->hostbased_uses_name_from_packet_only = 0; 261 options->hostbased_uses_name_from_packet_only = 0;
262 if (options->hostbased_key_types == NULL)
263 options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
264 if (options->hostkeyalgorithms == NULL) 262 if (options->hostkeyalgorithms == NULL)
265 options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); 263 options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
266 if (options->rsa_authentication == -1) 264 if (options->rsa_authentication == -1)
267 options->rsa_authentication = 1; 265 options->rsa_authentication = 1;
268 if (options->pubkey_authentication == -1) 266 if (options->pubkey_authentication == -1)
269 options->pubkey_authentication = 1; 267 options->pubkey_authentication = 1;
270 if (options->pubkey_key_types == NULL)
271 options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
272 if (options->kerberos_authentication == -1) 268 if (options->kerberos_authentication == -1)
273 options->kerberos_authentication = 0; 269 options->kerberos_authentication = 0;
274 if (options->kerberos_or_local_passwd == -1) 270 if (options->kerberos_or_local_passwd == -1)
@@ -345,6 +341,16 @@ fill_default_server_options(ServerOptions *options)
345 options->fwd_opts.streamlocal_bind_unlink = 0; 341 options->fwd_opts.streamlocal_bind_unlink = 0;
346 if (options->fingerprint_hash == -1) 342 if (options->fingerprint_hash == -1)
347 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 343 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
344
345 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 ||
346 kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
347 kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
348 kex_assemble_names(KEX_DEFAULT_PK_ALG,
349 &options->hostbased_key_types) != 0 ||
350 kex_assemble_names(KEX_DEFAULT_PK_ALG,
351 &options->pubkey_key_types) != 0)
352 fatal("%s: kex_assemble_names failed", __func__);
353
348 /* Turn privilege separation on by default */ 354 /* Turn privilege separation on by default */
349 if (use_privsep == -1) 355 if (use_privsep == -1)
350 use_privsep = PRIVSEP_NOSANDBOX; 356 use_privsep = PRIVSEP_NOSANDBOX;
@@ -1181,7 +1187,7 @@ process_server_config_line(ServerOptions *options, char *line,
1181 if (!arg || *arg == '\0') 1187 if (!arg || *arg == '\0')
1182 fatal("%s line %d: Missing argument.", 1188 fatal("%s line %d: Missing argument.",
1183 filename, linenum); 1189 filename, linenum);
1184 if (!sshkey_names_valid2(arg, 1)) 1190 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1185 fatal("%s line %d: Bad key types '%s'.", 1191 fatal("%s line %d: Bad key types '%s'.",
1186 filename, linenum, arg ? arg : "<NONE>"); 1192 filename, linenum, arg ? arg : "<NONE>");
1187 if (*activep && *charptr == NULL) 1193 if (*activep && *charptr == NULL)
@@ -1434,7 +1440,7 @@ process_server_config_line(ServerOptions *options, char *line,
1434 arg = strdelim(&cp); 1440 arg = strdelim(&cp);
1435 if (!arg || *arg == '\0') 1441 if (!arg || *arg == '\0')
1436 fatal("%s line %d: Missing argument.", filename, linenum); 1442 fatal("%s line %d: Missing argument.", filename, linenum);
1437 if (!ciphers_valid(arg)) 1443 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
1438 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1444 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1439 filename, linenum, arg ? arg : "<NONE>"); 1445 filename, linenum, arg ? arg : "<NONE>");
1440 if (options->ciphers == NULL) 1446 if (options->ciphers == NULL)
@@ -1445,7 +1451,7 @@ process_server_config_line(ServerOptions *options, char *line,
1445 arg = strdelim(&cp); 1451 arg = strdelim(&cp);
1446 if (!arg || *arg == '\0') 1452 if (!arg || *arg == '\0')
1447 fatal("%s line %d: Missing argument.", filename, linenum); 1453 fatal("%s line %d: Missing argument.", filename, linenum);
1448 if (!mac_valid(arg)) 1454 if (!mac_valid(*arg == '+' ? arg + 1 : arg))
1449 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1455 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1450 filename, linenum, arg ? arg : "<NONE>"); 1456 filename, linenum, arg ? arg : "<NONE>");
1451 if (options->macs == NULL) 1457 if (options->macs == NULL)
@@ -1457,7 +1463,7 @@ process_server_config_line(ServerOptions *options, char *line,
1457 if (!arg || *arg == '\0') 1463 if (!arg || *arg == '\0')
1458 fatal("%s line %d: Missing argument.", 1464 fatal("%s line %d: Missing argument.",
1459 filename, linenum); 1465 filename, linenum);
1460 if (!kex_names_valid(arg)) 1466 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
1461 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1467 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1462 filename, linenum, arg ? arg : "<NONE>"); 1468 filename, linenum, arg ? arg : "<NONE>");
1463 if (options->kex_algorithms == NULL) 1469 if (options->kex_algorithms == NULL)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 10:30:00 +0000