| version 1.115.2.2, 2003/09/16 21:20:27 |
version 1.116, 2003/02/21 09:05:53 |
|
|
| #include "includes.h" |
#include "includes.h" |
| RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
| |
|
| |
#if defined(KRB4) || defined(KRB5) |
| |
#include <krb.h> |
| |
#endif |
| |
#ifdef AFS |
| |
#include <kafs.h> |
| |
#endif |
| |
|
| #include "ssh.h" |
#include "ssh.h" |
| #include "log.h" |
#include "log.h" |
| #include "servconf.h" |
#include "servconf.h" |
|
|
| options->keepalives = -1; |
options->keepalives = -1; |
| options->log_facility = SYSLOG_FACILITY_NOT_SET; |
options->log_facility = SYSLOG_FACILITY_NOT_SET; |
| options->log_level = SYSLOG_LEVEL_NOT_SET; |
options->log_level = SYSLOG_LEVEL_NOT_SET; |
| |
options->rhosts_authentication = -1; |
| options->rhosts_rsa_authentication = -1; |
options->rhosts_rsa_authentication = -1; |
| options->hostbased_authentication = -1; |
options->hostbased_authentication = -1; |
| options->hostbased_uses_name_from_packet_only = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
| options->rsa_authentication = -1; |
options->rsa_authentication = -1; |
| options->pubkey_authentication = -1; |
options->pubkey_authentication = -1; |
| |
#if defined(KRB4) || defined(KRB5) |
| options->kerberos_authentication = -1; |
options->kerberos_authentication = -1; |
| options->kerberos_or_local_passwd = -1; |
options->kerberos_or_local_passwd = -1; |
| options->kerberos_ticket_cleanup = -1; |
options->kerberos_ticket_cleanup = -1; |
| options->gss_authentication=-1; |
#endif |
| options->gss_cleanup_creds = -1; |
#if defined(AFS) || defined(KRB5) |
| |
options->kerberos_tgt_passing = -1; |
| |
#endif |
| |
#ifdef AFS |
| |
options->afs_token_passing = -1; |
| |
#endif |
| options->password_authentication = -1; |
options->password_authentication = -1; |
| options->kbd_interactive_authentication = -1; |
options->kbd_interactive_authentication = -1; |
| options->challenge_response_authentication = -1; |
options->challenge_response_authentication = -1; |
|
|
| options->max_startups_rate = -1; |
options->max_startups_rate = -1; |
| options->max_startups = -1; |
options->max_startups = -1; |
| options->banner = NULL; |
options->banner = NULL; |
| options->use_dns = -1; |
options->verify_reverse_mapping = -1; |
| options->client_alive_interval = -1; |
options->client_alive_interval = -1; |
| options->client_alive_count_max = -1; |
options->client_alive_count_max = -1; |
| options->authorized_keys_file = NULL; |
options->authorized_keys_file = NULL; |
|
|
| options->log_facility = SYSLOG_FACILITY_AUTH; |
options->log_facility = SYSLOG_FACILITY_AUTH; |
| if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
| options->log_level = SYSLOG_LEVEL_INFO; |
options->log_level = SYSLOG_LEVEL_INFO; |
| |
if (options->rhosts_authentication == -1) |
| |
options->rhosts_authentication = 0; |
| if (options->rhosts_rsa_authentication == -1) |
if (options->rhosts_rsa_authentication == -1) |
| options->rhosts_rsa_authentication = 0; |
options->rhosts_rsa_authentication = 0; |
| if (options->hostbased_authentication == -1) |
if (options->hostbased_authentication == -1) |
|
|
| options->rsa_authentication = 1; |
options->rsa_authentication = 1; |
| if (options->pubkey_authentication == -1) |
if (options->pubkey_authentication == -1) |
| options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
| |
#if defined(KRB4) || defined(KRB5) |
| if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
| options->kerberos_authentication = 0; |
options->kerberos_authentication = 0; |
| if (options->kerberos_or_local_passwd == -1) |
if (options->kerberos_or_local_passwd == -1) |
| options->kerberos_or_local_passwd = 1; |
options->kerberos_or_local_passwd = 1; |
| if (options->kerberos_ticket_cleanup == -1) |
if (options->kerberos_ticket_cleanup == -1) |
| options->kerberos_ticket_cleanup = 1; |
options->kerberos_ticket_cleanup = 1; |
| if (options->gss_authentication == -1) |
#endif |
| options->gss_authentication = 0; |
#if defined(AFS) || defined(KRB5) |
| if (options->gss_cleanup_creds == -1) |
if (options->kerberos_tgt_passing == -1) |
| options->gss_cleanup_creds = 1; |
options->kerberos_tgt_passing = 0; |
| |
#endif |
| |
#ifdef AFS |
| |
if (options->afs_token_passing == -1) |
| |
options->afs_token_passing = 0; |
| |
#endif |
| if (options->password_authentication == -1) |
if (options->password_authentication == -1) |
| options->password_authentication = 1; |
options->password_authentication = 1; |
| if (options->kbd_interactive_authentication == -1) |
if (options->kbd_interactive_authentication == -1) |
|
|
| options->max_startups_rate = 100; /* 100% */ |
options->max_startups_rate = 100; /* 100% */ |
| if (options->max_startups_begin == -1) |
if (options->max_startups_begin == -1) |
| options->max_startups_begin = options->max_startups; |
options->max_startups_begin = options->max_startups; |
| if (options->use_dns == -1) |
if (options->verify_reverse_mapping == -1) |
| options->use_dns = 1; |
options->verify_reverse_mapping = 0; |
| if (options->client_alive_interval == -1) |
if (options->client_alive_interval == -1) |
| options->client_alive_interval = 0; |
options->client_alive_interval = 0; |
| if (options->client_alive_count_max == -1) |
if (options->client_alive_count_max == -1) |
|
|
| sBadOption, /* == unknown option */ |
sBadOption, /* == unknown option */ |
| sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| sPermitRootLogin, sLogFacility, sLogLevel, |
sPermitRootLogin, sLogFacility, sLogLevel, |
| sRhostsRSAAuthentication, sRSAAuthentication, |
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
| |
#if defined(KRB4) || defined(KRB5) |
| sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
| sKerberosTgtPassing, sChallengeResponseAuthentication, |
#endif |
| |
#if defined(AFS) || defined(KRB5) |
| |
sKerberosTgtPassing, |
| |
#endif |
| |
#ifdef AFS |
| |
sAFSTokenPassing, |
| |
#endif |
| |
sChallengeResponseAuthentication, |
| sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
| sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
|
|
| sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
| sBanner, sUseDNS, sHostbasedAuthentication, |
sBanner, sVerifyReverseMapping, sHostbasedAuthentication, |
| sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| sGssAuthentication, sGssCleanupCreds, |
|
| sUsePrivilegeSeparation, |
sUsePrivilegeSeparation, |
| sDeprecated, sUnsupported |
sDeprecated |
| } ServerOpCodes; |
} ServerOpCodes; |
| |
|
| /* Textual representation of the tokens. */ |
/* Textual representation of the tokens. */ |
|
|
| { "permitrootlogin", sPermitRootLogin }, |
{ "permitrootlogin", sPermitRootLogin }, |
| { "syslogfacility", sLogFacility }, |
{ "syslogfacility", sLogFacility }, |
| { "loglevel", sLogLevel }, |
{ "loglevel", sLogLevel }, |
| { "rhostsauthentication", sDeprecated }, |
{ "rhostsauthentication", sRhostsAuthentication }, |
| { "rhostsrsaauthentication", sRhostsRSAAuthentication }, |
{ "rhostsrsaauthentication", sRhostsRSAAuthentication }, |
| { "hostbasedauthentication", sHostbasedAuthentication }, |
{ "hostbasedauthentication", sHostbasedAuthentication }, |
| { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, |
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, |
| { "rsaauthentication", sRSAAuthentication }, |
{ "rsaauthentication", sRSAAuthentication }, |
| { "pubkeyauthentication", sPubkeyAuthentication }, |
{ "pubkeyauthentication", sPubkeyAuthentication }, |
| { "dsaauthentication", sPubkeyAuthentication }, /* alias */ |
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */ |
| #ifdef KRB5 |
#if defined(KRB4) || defined(KRB5) |
| { "kerberosauthentication", sKerberosAuthentication }, |
{ "kerberosauthentication", sKerberosAuthentication }, |
| { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
| { "kerberosticketcleanup", sKerberosTicketCleanup }, |
{ "kerberosticketcleanup", sKerberosTicketCleanup }, |
| #else |
|
| { "kerberosauthentication", sUnsupported }, |
|
| { "kerberosorlocalpasswd", sUnsupported }, |
|
| { "kerberosticketcleanup", sUnsupported }, |
|
| #endif |
#endif |
| { "kerberostgtpassing", sUnsupported }, |
#if defined(AFS) || defined(KRB5) |
| { "afstokenpassing", sUnsupported }, |
{ "kerberostgtpassing", sKerberosTgtPassing }, |
| #ifdef GSSAPI |
|
| { "gssapiauthentication", sGssAuthentication }, |
|
| { "gssapicleanupcreds", sGssCleanupCreds }, |
|
| #else |
|
| { "gssapiauthentication", sUnsupported }, |
|
| { "gssapicleanupcreds", sUnsupported }, |
|
| #endif |
#endif |
| |
#ifdef AFS |
| |
{ "afstokenpassing", sAFSTokenPassing }, |
| |
#endif |
| { "passwordauthentication", sPasswordAuthentication }, |
{ "passwordauthentication", sPasswordAuthentication }, |
| { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
| { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
{ "challengeresponseauthentication", sChallengeResponseAuthentication }, |
|
|
| { "subsystem", sSubsystem }, |
{ "subsystem", sSubsystem }, |
| { "maxstartups", sMaxStartups }, |
{ "maxstartups", sMaxStartups }, |
| { "banner", sBanner }, |
{ "banner", sBanner }, |
| { "usedns", sUseDNS }, |
{ "verifyreversemapping", sVerifyReverseMapping }, |
| { "verifyreversemapping", sDeprecated }, |
{ "reversemappingcheck", sVerifyReverseMapping }, |
| { "reversemappingcheck", sDeprecated }, |
|
| { "clientaliveinterval", sClientAliveInterval }, |
{ "clientaliveinterval", sClientAliveInterval }, |
| { "clientalivecountmax", sClientAliveCountMax }, |
{ "clientalivecountmax", sClientAliveCountMax }, |
| { "authorizedkeysfile", sAuthorizedKeysFile }, |
{ "authorizedkeysfile", sAuthorizedKeysFile }, |
|
|
| intptr = &options->ignore_user_known_hosts; |
intptr = &options->ignore_user_known_hosts; |
| goto parse_flag; |
goto parse_flag; |
| |
|
| |
case sRhostsAuthentication: |
| |
intptr = &options->rhosts_authentication; |
| |
goto parse_flag; |
| |
|
| case sRhostsRSAAuthentication: |
case sRhostsRSAAuthentication: |
| intptr = &options->rhosts_rsa_authentication; |
intptr = &options->rhosts_rsa_authentication; |
| goto parse_flag; |
goto parse_flag; |
|
|
| case sPubkeyAuthentication: |
case sPubkeyAuthentication: |
| intptr = &options->pubkey_authentication; |
intptr = &options->pubkey_authentication; |
| goto parse_flag; |
goto parse_flag; |
| |
#if defined(KRB4) || defined(KRB5) |
| case sKerberosAuthentication: |
case sKerberosAuthentication: |
| intptr = &options->kerberos_authentication; |
intptr = &options->kerberos_authentication; |
| goto parse_flag; |
goto parse_flag; |
|
|
| case sKerberosTicketCleanup: |
case sKerberosTicketCleanup: |
| intptr = &options->kerberos_ticket_cleanup; |
intptr = &options->kerberos_ticket_cleanup; |
| goto parse_flag; |
goto parse_flag; |
| |
#endif |
| case sGssAuthentication: |
#if defined(AFS) || defined(KRB5) |
| intptr = &options->gss_authentication; |
case sKerberosTgtPassing: |
| |
intptr = &options->kerberos_tgt_passing; |
| goto parse_flag; |
goto parse_flag; |
| |
#endif |
| case sGssCleanupCreds: |
#ifdef AFS |
| intptr = &options->gss_cleanup_creds; |
case sAFSTokenPassing: |
| |
intptr = &options->afs_token_passing; |
| goto parse_flag; |
goto parse_flag; |
| |
#endif |
| |
|
| case sPasswordAuthentication: |
case sPasswordAuthentication: |
| intptr = &options->password_authentication; |
intptr = &options->password_authentication; |
|
|
| intptr = &options->gateway_ports; |
intptr = &options->gateway_ports; |
| goto parse_flag; |
goto parse_flag; |
| |
|
| case sUseDNS: |
case sVerifyReverseMapping: |
| intptr = &options->use_dns; |
intptr = &options->verify_reverse_mapping; |
| goto parse_flag; |
goto parse_flag; |
| |
|
| case sLogFacility: |
case sLogFacility: |
|
|
| goto parse_int; |
goto parse_int; |
| |
|
| case sDeprecated: |
case sDeprecated: |
| logit("%s line %d: Deprecated option %s", |
log("%s line %d: Deprecated option %s", |
| filename, linenum, arg); |
|
| while (arg) |
|
| arg = strdelim(&cp); |
|
| break; |
|
| |
|
| case sUnsupported: |
|
| logit("%s line %d: Unsupported option %s", |
|
| filename, linenum, arg); |
filename, linenum, arg); |
| while (arg) |
while (arg) |
| arg = strdelim(&cp); |
arg = strdelim(&cp); |
![[BACK]](/icons/back.gif){kind=icon}
Return to servconf.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh