version 1.257, 2014/12/22 07:55:51 |
version 1.258, 2015/01/13 07:39:19 |
|
|
options->rhosts_rsa_authentication = -1; |
options->rhosts_rsa_authentication = -1; |
options->hostbased_authentication = -1; |
options->hostbased_authentication = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
|
options->hostbased_key_types = NULL; |
options->rsa_authentication = -1; |
options->rsa_authentication = -1; |
options->pubkey_authentication = -1; |
options->pubkey_authentication = -1; |
|
options->pubkey_key_types = NULL; |
options->kerberos_authentication = -1; |
options->kerberos_authentication = -1; |
options->kerberos_or_local_passwd = -1; |
options->kerberos_or_local_passwd = -1; |
options->kerberos_ticket_cleanup = -1; |
options->kerberos_ticket_cleanup = -1; |
|
|
options->hostbased_authentication = 0; |
options->hostbased_authentication = 0; |
if (options->hostbased_uses_name_from_packet_only == -1) |
if (options->hostbased_uses_name_from_packet_only == -1) |
options->hostbased_uses_name_from_packet_only = 0; |
options->hostbased_uses_name_from_packet_only = 0; |
|
if (options->hostbased_key_types == NULL) |
|
options->hostbased_key_types = xstrdup("*"); |
if (options->rsa_authentication == -1) |
if (options->rsa_authentication == -1) |
options->rsa_authentication = 1; |
options->rsa_authentication = 1; |
if (options->pubkey_authentication == -1) |
if (options->pubkey_authentication == -1) |
options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
|
if (options->pubkey_key_types == NULL) |
|
options->pubkey_key_types = xstrdup("*"); |
if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
options->kerberos_authentication = 0; |
options->kerberos_authentication = 0; |
if (options->kerberos_or_local_passwd == -1) |
if (options->kerberos_or_local_passwd == -1) |
|
|
/* Keyword tokens. */ |
/* Keyword tokens. */ |
typedef enum { |
typedef enum { |
sBadOption, /* == unknown option */ |
sBadOption, /* == unknown option */ |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, |
sPermitRootLogin, sLogFacility, sLogLevel, |
sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, |
sRhostsRSAAuthentication, sRSAAuthentication, |
sRhostsRSAAuthentication, sRSAAuthentication, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosGetAFSToken, |
sKerberosGetAFSToken, |
|
|
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, |
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, |
sMaxStartups, sMaxAuthTries, sMaxSessions, |
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, |
sBanner, sUseDNS, sHostbasedAuthentication, |
sBanner, sUseDNS, sHostbasedAuthentication, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, |
sClientAliveCountMax, sAuthorizedKeysFile, |
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
|
|
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
|
{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, |
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
|
{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, |
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
#ifdef KRB5 |
#ifdef KRB5 |
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, |
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, |
|
|
intptr = &options->hostbased_uses_name_from_packet_only; |
intptr = &options->hostbased_uses_name_from_packet_only; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case sHostbasedAcceptedKeyTypes: |
|
charptr = &options->hostbased_key_types; |
|
parse_keytypes: |
|
arg = strdelim(&cp); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: Missing argument.", |
|
filename, linenum); |
|
if (!sshkey_names_valid2(arg, 1)) |
|
fatal("%s line %d: Bad key types '%s'.", |
|
filename, linenum, arg ? arg : "<NONE>"); |
|
if (*activep && *charptr == NULL) |
|
*charptr = xstrdup(arg); |
|
break; |
|
|
case sRSAAuthentication: |
case sRSAAuthentication: |
intptr = &options->rsa_authentication; |
intptr = &options->rsa_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
intptr = &options->pubkey_authentication; |
intptr = &options->pubkey_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case sPubkeyAcceptedKeyTypes: |
|
charptr = &options->pubkey_key_types; |
|
goto parse_keytypes; |
|
|
case sKerberosAuthentication: |
case sKerberosAuthentication: |
intptr = &options->kerberos_authentication; |
intptr = &options->kerberos_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sKexAlgorithms, |
dump_cfg_string(sKexAlgorithms, |
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
|
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
|
o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
|
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? |
|
o->pubkey_key_types : KEX_DEFAULT_PK_ALG); |
|
|
/* string arguments requiring a lookup */ |
/* string arguments requiring a lookup */ |
dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |
dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |