version 1.250, 2014/07/03 22:40:43 |
version 1.251, 2014/07/15 15:54:14 |
|
|
#include "ssh.h" |
#include "ssh.h" |
#include "log.h" |
#include "log.h" |
#include "buffer.h" |
#include "buffer.h" |
|
#include "misc.h" |
#include "servconf.h" |
#include "servconf.h" |
#include "compat.h" |
#include "compat.h" |
#include "pathnames.h" |
#include "pathnames.h" |
#include "misc.h" |
|
#include "cipher.h" |
#include "cipher.h" |
#include "key.h" |
#include "key.h" |
#include "kex.h" |
#include "kex.h" |
|
|
options->rekey_limit = -1; |
options->rekey_limit = -1; |
options->rekey_interval = -1; |
options->rekey_interval = -1; |
options->allow_tcp_forwarding = -1; |
options->allow_tcp_forwarding = -1; |
|
options->allow_streamlocal_forwarding = -1; |
options->allow_agent_forwarding = -1; |
options->allow_agent_forwarding = -1; |
options->num_allow_users = 0; |
options->num_allow_users = 0; |
options->num_deny_users = 0; |
options->num_deny_users = 0; |
|
|
options->macs = NULL; |
options->macs = NULL; |
options->kex_algorithms = NULL; |
options->kex_algorithms = NULL; |
options->protocol = SSH_PROTO_UNKNOWN; |
options->protocol = SSH_PROTO_UNKNOWN; |
options->gateway_ports = -1; |
options->fwd_opts.gateway_ports = -1; |
|
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
|
options->fwd_opts.streamlocal_bind_unlink = -1; |
options->num_subsystems = 0; |
options->num_subsystems = 0; |
options->max_startups_begin = -1; |
options->max_startups_begin = -1; |
options->max_startups_rate = -1; |
options->max_startups_rate = -1; |
|
|
options->rekey_interval = 0; |
options->rekey_interval = 0; |
if (options->allow_tcp_forwarding == -1) |
if (options->allow_tcp_forwarding == -1) |
options->allow_tcp_forwarding = FORWARD_ALLOW; |
options->allow_tcp_forwarding = FORWARD_ALLOW; |
|
if (options->allow_streamlocal_forwarding == -1) |
|
options->allow_streamlocal_forwarding = FORWARD_ALLOW; |
if (options->allow_agent_forwarding == -1) |
if (options->allow_agent_forwarding == -1) |
options->allow_agent_forwarding = 1; |
options->allow_agent_forwarding = 1; |
if (options->gateway_ports == -1) |
if (options->fwd_opts.gateway_ports == -1) |
options->gateway_ports = 0; |
options->fwd_opts.gateway_ports = 0; |
if (options->max_startups == -1) |
if (options->max_startups == -1) |
options->max_startups = 100; |
options->max_startups = 100; |
if (options->max_startups_rate == -1) |
if (options->max_startups_rate == -1) |
|
|
options->ip_qos_bulk = IPTOS_THROUGHPUT; |
options->ip_qos_bulk = IPTOS_THROUGHPUT; |
if (options->version_addendum == NULL) |
if (options->version_addendum == NULL) |
options->version_addendum = xstrdup(""); |
options->version_addendum = xstrdup(""); |
|
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) |
|
options->fwd_opts.streamlocal_bind_mask = 0177; |
|
if (options->fwd_opts.streamlocal_bind_unlink == -1) |
|
options->fwd_opts.streamlocal_bind_unlink = 0; |
/* Turn privilege separation on by default */ |
/* Turn privilege separation on by default */ |
if (use_privsep == -1) |
if (use_privsep == -1) |
use_privsep = PRIVSEP_NOSANDBOX; |
use_privsep = PRIVSEP_NOSANDBOX; |
|
|
sKexAlgorithms, sIPQoS, sVersionAddendum, |
sKexAlgorithms, sIPQoS, sVersionAddendum, |
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
|
sStreamLocalBindMask, sStreamLocalBindUnlink, |
|
sAllowStreamLocalForwarding, |
sDeprecated, sUnsupported |
sDeprecated, sUnsupported |
} ServerOpCodes; |
} ServerOpCodes; |
|
|
|
|
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
|
{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, |
|
{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
|
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
{ NULL, sBadOption, 0 } |
{ NULL, sBadOption, 0 } |
}; |
}; |
|
|
|
|
break; |
break; |
|
|
case sGatewayPorts: |
case sGatewayPorts: |
intptr = &options->gateway_ports; |
intptr = &options->fwd_opts.gateway_ports; |
multistate_ptr = multistate_gatewayports; |
multistate_ptr = multistate_gatewayports; |
goto parse_multistate; |
goto parse_multistate; |
|
|
|
|
multistate_ptr = multistate_tcpfwd; |
multistate_ptr = multistate_tcpfwd; |
goto parse_multistate; |
goto parse_multistate; |
|
|
|
case sAllowStreamLocalForwarding: |
|
intptr = &options->allow_streamlocal_forwarding; |
|
multistate_ptr = multistate_tcpfwd; |
|
goto parse_multistate; |
|
|
case sAllowAgentForwarding: |
case sAllowAgentForwarding: |
intptr = &options->allow_agent_forwarding; |
intptr = &options->allow_agent_forwarding; |
goto parse_flag; |
goto parse_flag; |
|
|
} |
} |
return 0; |
return 0; |
|
|
|
case sStreamLocalBindMask: |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: missing StreamLocalBindMask argument.", |
|
filename, linenum); |
|
/* Parse mode in octal format */ |
|
value = strtol(arg, &p, 8); |
|
if (arg == p || value < 0 || value > 0777) |
|
fatal("%s line %d: Bad mask.", filename, linenum); |
|
options->fwd_opts.streamlocal_bind_mask = (mode_t)value; |
|
break; |
|
|
|
case sStreamLocalBindUnlink: |
|
intptr = &options->fwd_opts.streamlocal_bind_unlink; |
|
goto parse_flag; |
|
|
case sDeprecated: |
case sDeprecated: |
logit("%s line %d: Deprecated option %s", |
logit("%s line %d: Deprecated option %s", |
filename, linenum, arg); |
filename, linenum, arg); |
|
|
M_CP_INTOPT(permit_empty_passwd); |
M_CP_INTOPT(permit_empty_passwd); |
|
|
M_CP_INTOPT(allow_tcp_forwarding); |
M_CP_INTOPT(allow_tcp_forwarding); |
|
M_CP_INTOPT(allow_streamlocal_forwarding); |
M_CP_INTOPT(allow_agent_forwarding); |
M_CP_INTOPT(allow_agent_forwarding); |
M_CP_INTOPT(permit_tun); |
M_CP_INTOPT(permit_tun); |
M_CP_INTOPT(gateway_ports); |
M_CP_INTOPT(fwd_opts.gateway_ports); |
M_CP_INTOPT(x11_display_offset); |
M_CP_INTOPT(x11_display_offset); |
M_CP_INTOPT(x11_forwarding); |
M_CP_INTOPT(x11_forwarding); |
M_CP_INTOPT(x11_use_localhost); |
M_CP_INTOPT(x11_use_localhost); |
|
|
return fmt_multistate_int(val, multistate_privsep); |
return fmt_multistate_int(val, multistate_privsep); |
case sAllowTcpForwarding: |
case sAllowTcpForwarding: |
return fmt_multistate_int(val, multistate_tcpfwd); |
return fmt_multistate_int(val, multistate_tcpfwd); |
|
case sAllowStreamLocalForwarding: |
|
return fmt_multistate_int(val, multistate_tcpfwd); |
case sProtocol: |
case sProtocol: |
switch (val) { |
switch (val) { |
case SSH_PROTO_1: |
case SSH_PROTO_1: |
|
|
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); |
dump_cfg_fmtint(sUseLogin, o->use_login); |
dump_cfg_fmtint(sUseLogin, o->use_login); |
dump_cfg_fmtint(sCompression, o->compression); |
dump_cfg_fmtint(sCompression, o->compression); |
dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); |
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); |
dump_cfg_fmtint(sUseDNS, o->use_dns); |
dump_cfg_fmtint(sUseDNS, o->use_dns); |
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
|
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); |
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); |
|
|
/* string arguments */ |
/* string arguments */ |