version 1.340, 2018/08/12 20:19:13 |
version 1.341, 2018/09/20 03:28:06 |
|
|
options->ciphers = NULL; |
options->ciphers = NULL; |
options->macs = NULL; |
options->macs = NULL; |
options->kex_algorithms = NULL; |
options->kex_algorithms = NULL; |
|
options->ca_sign_algorithms = NULL; |
options->fwd_opts.gateway_ports = -1; |
options->fwd_opts.gateway_ports = -1; |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
options->fwd_opts.streamlocal_bind_unlink = -1; |
options->fwd_opts.streamlocal_bind_unlink = -1; |
|
|
static void |
static void |
assemble_algorithms(ServerOptions *o) |
assemble_algorithms(ServerOptions *o) |
{ |
{ |
char *all_cipher, *all_mac, *all_kex, *all_key; |
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
int r; |
int r; |
|
|
all_cipher = cipher_alg_list(',', 0); |
all_cipher = cipher_alg_list(',', 0); |
all_mac = mac_alg_list(','); |
all_mac = mac_alg_list(','); |
all_kex = kex_alg_list(','); |
all_kex = kex_alg_list(','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
|
all_sig = sshkey_alg_list(0, 1, 1, ','); |
#define ASSEMBLE(what, defaults, all) \ |
#define ASSEMBLE(what, defaults, all) \ |
do { \ |
do { \ |
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
|
|
ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
|
ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); |
#undef ASSEMBLE |
#undef ASSEMBLE |
free(all_cipher); |
free(all_cipher); |
free(all_mac); |
free(all_mac); |
free(all_kex); |
free(all_kex); |
free(all_key); |
free(all_key); |
|
free(all_sig); |
} |
} |
|
|
static void |
static void |
|
|
sHostCertificate, |
sHostCertificate, |
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
sKexAlgorithms, sIPQoS, sVersionAddendum, |
sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, |
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
sStreamLocalBindMask, sStreamLocalBindUnlink, |
sStreamLocalBindMask, sStreamLocalBindUnlink, |
|
|
charptr = &options->hostkeyalgorithms; |
charptr = &options->hostkeyalgorithms; |
goto parse_keytypes; |
goto parse_keytypes; |
|
|
|
case sCASignatureAlgorithms: |
|
charptr = &options->ca_sign_algorithms; |
|
goto parse_keytypes; |
|
|
case sPubkeyAuthentication: |
case sPubkeyAuthentication: |
intptr = &options->pubkey_authentication; |
intptr = &options->pubkey_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sKexAlgorithms, |
dump_cfg_string(sKexAlgorithms, |
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
|
dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? |
|
o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); |
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? |
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? |