version 1.218, 2011/05/20 03:25:45 |
version 1.219, 2011/05/23 03:30:07 |
|
|
options->use_dns = -1; |
options->use_dns = -1; |
options->client_alive_interval = -1; |
options->client_alive_interval = -1; |
options->client_alive_count_max = -1; |
options->client_alive_count_max = -1; |
options->authorized_keys_file = NULL; |
options->num_authkeys_files = 0; |
options->num_accept_env = 0; |
options->num_accept_env = 0; |
options->permit_tun = -1; |
options->permit_tun = -1; |
options->num_permitted_opens = -1; |
options->num_permitted_opens = -1; |
|
|
options->client_alive_interval = 0; |
options->client_alive_interval = 0; |
if (options->client_alive_count_max == -1) |
if (options->client_alive_count_max == -1) |
options->client_alive_count_max = 3; |
options->client_alive_count_max = 3; |
if (options->authorized_keys_file == NULL) |
if (options->num_authkeys_files == 0) { |
options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); |
options->authorized_keys_files[options->num_authkeys_files++] = |
|
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); |
|
options->authorized_keys_files[options->num_authkeys_files++] = |
|
xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); |
|
} |
if (options->permit_tun == -1) |
if (options->permit_tun == -1) |
options->permit_tun = SSH_TUNMODE_NO; |
options->permit_tun = SSH_TUNMODE_NO; |
if (options->zero_knowledge_password_authentication == -1) |
if (options->zero_knowledge_password_authentication == -1) |
|
|
sMaxStartups, sMaxAuthTries, sMaxSessions, |
sMaxStartups, sMaxAuthTries, sMaxSessions, |
sBanner, sUseDNS, sHostbasedAuthentication, |
sBanner, sUseDNS, sHostbasedAuthentication, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
sClientAliveCountMax, sAuthorizedKeysFile, |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
|
|
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, |
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, |
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, |
{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, |
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, |
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, |
{ "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
{ "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
|
|
* AuthorizedKeysFile /etc/ssh_keys/%u |
* AuthorizedKeysFile /etc/ssh_keys/%u |
*/ |
*/ |
case sAuthorizedKeysFile: |
case sAuthorizedKeysFile: |
charptr = &options->authorized_keys_file; |
if (*activep && options->num_authkeys_files == 0) { |
goto parse_tilde_filename; |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
|
if (options->num_authkeys_files >= |
|
MAX_AUTHKEYS_FILES) |
|
fatal("%s line %d: " |
|
"too many authorized keys files.", |
|
filename, linenum); |
|
options->authorized_keys_files[ |
|
options->num_authkeys_files++] = |
|
tilde_expand_filename(arg, getuid()); |
|
} |
|
} |
|
return 0; |
|
|
case sAuthorizedPrincipalsFile: |
case sAuthorizedPrincipalsFile: |
charptr = &options->authorized_principals_file; |
charptr = &options->authorized_principals_file; |
parse_tilde_filename: |
|
arg = strdelim(&cp); |
arg = strdelim(&cp); |
if (!arg || *arg == '\0') |
if (!arg || *arg == '\0') |
fatal("%s line %d: missing file name.", |
fatal("%s line %d: missing file name.", |
|
|
dst->n = src->n; \ |
dst->n = src->n; \ |
} \ |
} \ |
} while(0) |
} while(0) |
|
#define M_CP_STRARRAYOPT(n, num_n) do {\ |
|
if (src->num_n != 0) { \ |
|
for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ |
|
dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ |
|
} \ |
|
} while(0) |
|
|
/* |
/* |
* Copy any supported values that are set. |
* Copy any supported values that are set. |
|
|
*/ |
*/ |
if (preauth) |
if (preauth) |
return; |
return; |
|
|
M_CP_STROPT(adm_forced_command); |
M_CP_STROPT(adm_forced_command); |
M_CP_STROPT(chroot_directory); |
M_CP_STROPT(chroot_directory); |
} |
} |
|
|
#undef M_CP_INTOPT |
#undef M_CP_INTOPT |
#undef M_CP_STROPT |
#undef M_CP_STROPT |
|
#undef M_CP_STRARRAYOPT |
|
|
void |
void |
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, |
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, |
|
|
u_int i; |
u_int i; |
|
|
for (i = 0; i < count; i++) |
for (i = 0; i < count; i++) |
printf("%s %s\n", lookup_opcode_name(code), vals[i]); |
printf("%s %s\n", lookup_opcode_name(code), vals[i]); |
} |
} |
|
|
|
static void |
|
dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) |
|
{ |
|
u_int i; |
|
|
|
printf("%s", lookup_opcode_name(code)); |
|
for (i = 0; i < count; i++) |
|
printf(" %s", vals[i]); |
|
printf("\n"); |
|
} |
|
|
void |
void |
dump_config(ServerOptions *o) |
dump_config(ServerOptions *o) |
{ |
{ |
|
|
dump_cfg_string(sCiphers, o->ciphers); |
dump_cfg_string(sCiphers, o->ciphers); |
dump_cfg_string(sMacs, o->macs); |
dump_cfg_string(sMacs, o->macs); |
dump_cfg_string(sBanner, o->banner); |
dump_cfg_string(sBanner, o->banner); |
dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); |
|
dump_cfg_string(sForceCommand, o->adm_forced_command); |
dump_cfg_string(sForceCommand, o->adm_forced_command); |
dump_cfg_string(sChrootDirectory, o->chroot_directory); |
dump_cfg_string(sChrootDirectory, o->chroot_directory); |
dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
|
|
dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); |
dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); |
|
|
/* string array arguments */ |
/* string array arguments */ |
|
dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, |
|
o->authorized_keys_files); |
dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, |
dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, |
o->host_key_files); |
o->host_key_files); |
dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, |
dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, |