version 1.357, 2019/12/15 20:59:23 |
version 1.358, 2020/01/23 02:46:49 |
|
|
assemble_algorithms(ServerOptions *o) |
assemble_algorithms(ServerOptions *o) |
{ |
{ |
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
|
char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; |
int r; |
int r; |
|
|
all_cipher = cipher_alg_list(',', 0); |
all_cipher = cipher_alg_list(',', 0); |
|
|
all_kex = kex_alg_list(','); |
all_kex = kex_alg_list(','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
all_sig = sshkey_alg_list(0, 1, 1, ','); |
all_sig = sshkey_alg_list(0, 1, 1, ','); |
|
/* remove unsupported algos from default lists */ |
|
def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); |
|
def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); |
|
def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); |
|
def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); |
|
def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); |
#define ASSEMBLE(what, defaults, all) \ |
#define ASSEMBLE(what, defaults, all) \ |
do { \ |
do { \ |
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ |
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ |
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ |
} while (0) |
} while (0) |
ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher); |
ASSEMBLE(ciphers, def_cipher, all_cipher); |
ASSEMBLE(macs, KEX_SERVER_MAC, all_mac); |
ASSEMBLE(macs, def_mac, all_mac); |
ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); |
ASSEMBLE(kex_algorithms, def_kex, all_kex); |
ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostkeyalgorithms, def_key, all_key); |
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostbased_key_types, def_key, all_key); |
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(pubkey_key_types, def_key, all_key); |
ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); |
ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); |
#undef ASSEMBLE |
#undef ASSEMBLE |
free(all_cipher); |
free(all_cipher); |
free(all_mac); |
free(all_mac); |
free(all_kex); |
free(all_kex); |
free(all_key); |
free(all_key); |
free(all_sig); |
free(all_sig); |
|
free(def_cipher); |
|
free(def_mac); |
|
free(def_kex); |
|
free(def_key); |
|
free(def_sig); |
} |
} |
|
|
static void |
static void |
|
|
/* string arguments */ |
/* string arguments */ |
dump_cfg_string(sPidFile, o->pid_file); |
dump_cfg_string(sPidFile, o->pid_file); |
dump_cfg_string(sXAuthLocation, o->xauth_location); |
dump_cfg_string(sXAuthLocation, o->xauth_location); |
dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); |
dump_cfg_string(sCiphers, o->ciphers); |
dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); |
dump_cfg_string(sMacs, o->macs); |
dump_cfg_string(sBanner, o->banner); |
dump_cfg_string(sBanner, o->banner); |
dump_cfg_string(sForceCommand, o->adm_forced_command); |
dump_cfg_string(sForceCommand, o->adm_forced_command); |
dump_cfg_string(sChrootDirectory, o->chroot_directory); |
dump_cfg_string(sChrootDirectory, o->chroot_directory); |
|
|
dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); |
dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); |
dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); |
dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); |
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
dump_cfg_string(sKexAlgorithms, |
dump_cfg_string(sKexAlgorithms, o->kex_algorithms); |
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms); |
dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ? |
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types); |
o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); |
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms); |
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types); |
o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
|
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? |
|
o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); |
|
dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? |
|
o->pubkey_key_types : KEX_DEFAULT_PK_ALG); |
|
dump_cfg_string(sRDomain, o->routing_domain); |
dump_cfg_string(sRDomain, o->routing_domain); |
|
|
/* string arguments requiring a lookup */ |
/* string arguments requiring a lookup */ |