=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.105.2.6 retrieving revision 1.106 diff -u -r1.105.2.6 -r1.106 --- src/usr.bin/ssh/servconf.c 2003/04/03 22:35:17 1.105.2.6 +++ src/usr.bin/ssh/servconf.c 2002/04/20 09:02:03 1.106 @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.105.2.6 2003/04/03 22:35:17 miod Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.106 2002/04/20 09:02:03 deraadt Exp $"); #if defined(KRB4) || defined(KRB5) #include @@ -87,9 +87,7 @@ options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; - options->permit_user_env = -1; options->use_login = -1; - options->compression = -1; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; @@ -140,7 +138,7 @@ if (options->server_key_bits == -1) options->server_key_bits = 768; if (options->login_grace_time == -1) - options->login_grace_time = 120; + options->login_grace_time = 600; if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) @@ -183,7 +181,7 @@ options->pubkey_authentication = 1; #if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) - options->kerberos_authentication = 0; + options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) @@ -205,12 +203,8 @@ options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; - if (options->permit_user_env == -1) - options->permit_user_env = 0; if (options->use_login == -1) options->use_login = 0; - if (options->compression == -1) - options->compression = 1; if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->gateway_ports == -1) @@ -237,9 +231,9 @@ if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - /* Turn privilege separation on by default */ + /* Turn privilege separation _off_ by default */ if (use_privsep == -1) - use_privsep = 1; + use_privsep = 0; } /* Keyword tokens. */ @@ -262,7 +256,7 @@ sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, + sUseLogin, sAllowTcpForwarding, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -322,9 +316,7 @@ { "xauthlocation", sXAuthLocation }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, - { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, - { "compression", sCompression }, { "keepalive", sKeepAlives }, { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, @@ -392,7 +384,7 @@ hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; - snprintf(strport, sizeof strport, "%u", port); + snprintf(strport, sizeof strport, "%d", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", addr ? addr : "", @@ -408,8 +400,9 @@ const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value, i, n; + int *intptr, value; ServerOpCodes opcode; + int i, n; cp = line; arg = strdelim(&cp); @@ -676,18 +669,10 @@ intptr = &options->permit_empty_passwd; goto parse_flag; - case sPermitUserEnvironment: - intptr = &options->permit_user_env; - goto parse_flag; - case sUseLogin: intptr = &options->use_login; goto parse_flag; - case sCompression: - intptr = &options->compression; - goto parse_flag; - case sGatewayPorts: intptr = &options->gateway_ports; goto parse_flag; @@ -731,8 +716,7 @@ if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); - options->allow_users[options->num_allow_users++] = - xstrdup(arg); + options->allow_users[options->num_allow_users++] = xstrdup(arg); } break; @@ -741,8 +725,7 @@ if (options->num_deny_users >= MAX_DENY_USERS) fatal( "%s line %d: too many deny users.", filename, linenum); - options->deny_users[options->num_deny_users++] = - xstrdup(arg); + options->deny_users[options->num_deny_users++] = xstrdup(arg); } break; @@ -751,8 +734,7 @@ if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); - options->allow_groups[options->num_allow_groups++] = - xstrdup(arg); + options->allow_groups[options->num_allow_groups++] = xstrdup(arg); } break; @@ -890,11 +872,11 @@ void read_server_config(ServerOptions *options, const char *filename) { - int linenum, bad_options = 0; - char line[1024]; FILE *f; + char line[1024]; + int linenum; + int bad_options = 0; - debug2("read_server_config: filename %s", filename); f = fopen(filename, "r"); if (!f) { perror(filename);