=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.115.2.2 retrieving revision 1.116 diff -u -r1.115.2.2 -r1.116 --- src/usr.bin/ssh/servconf.c 2003/09/16 21:20:27 1.115.2.2 +++ src/usr.bin/ssh/servconf.c 2003/02/21 09:05:53 1.116 @@ -10,8 +10,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.115.2.2 2003/09/16 21:20:27 brad Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $"); +#if defined(KRB4) || defined(KRB5) +#include +#endif +#ifdef AFS +#include +#endif + #include "ssh.h" #include "log.h" #include "servconf.h" @@ -59,16 +66,23 @@ options->keepalives = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; +#endif +#if defined(AFS) || defined(KRB5) + options->kerberos_tgt_passing = -1; +#endif +#ifdef AFS + options->afs_token_passing = -1; +#endif options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; @@ -90,7 +104,7 @@ options->max_startups_rate = -1; options->max_startups = -1; options->banner = NULL; - options->use_dns = -1; + options->verify_reverse_mapping = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; @@ -155,6 +169,8 @@ options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; + if (options->rhosts_authentication == -1) + options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) @@ -165,16 +181,22 @@ options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; +#if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) options->kerberos_authentication = 0; if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) options->kerberos_ticket_cleanup = 1; - if (options->gss_authentication == -1) - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; +#endif +#if defined(AFS) || defined(KRB5) + if (options->kerberos_tgt_passing == -1) + options->kerberos_tgt_passing = 0; +#endif +#ifdef AFS + if (options->afs_token_passing == -1) + options->afs_token_passing = 0; +#endif if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) @@ -199,8 +221,8 @@ options->max_startups_rate = 100; /* 100% */ if (options->max_startups_begin == -1) options->max_startups_begin = options->max_startups; - if (options->use_dns == -1) - options->use_dns = 1; + if (options->verify_reverse_mapping == -1) + options->verify_reverse_mapping = 0; if (options->client_alive_interval == -1) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) @@ -225,9 +247,17 @@ sBadOption, /* == unknown option */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, + sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, +#if defined(KRB4) || defined(KRB5) sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosTgtPassing, sChallengeResponseAuthentication, +#endif +#if defined(AFS) || defined(KRB5) + sKerberosTgtPassing, +#endif +#ifdef AFS + sAFSTokenPassing, +#endif + sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, @@ -236,12 +266,11 @@ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, - sBanner, sUseDNS, sHostbasedAuthentication, + sBanner, sVerifyReverseMapping, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sUsePrivilegeSeparation, - sDeprecated, sUnsupported + sDeprecated } ServerOpCodes; /* Textual representation of the tokens. */ @@ -259,31 +288,24 @@ { "permitrootlogin", sPermitRootLogin }, { "syslogfacility", sLogFacility }, { "loglevel", sLogLevel }, - { "rhostsauthentication", sDeprecated }, + { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "hostbasedauthentication", sHostbasedAuthentication }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, { "rsaauthentication", sRSAAuthentication }, { "pubkeyauthentication", sPubkeyAuthentication }, { "dsaauthentication", sPubkeyAuthentication }, /* alias */ -#ifdef KRB5 +#if defined(KRB4) || defined(KRB5) { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberosticketcleanup", sKerberosTicketCleanup }, -#else - { "kerberosauthentication", sUnsupported }, - { "kerberosorlocalpasswd", sUnsupported }, - { "kerberosticketcleanup", sUnsupported }, #endif - { "kerberostgtpassing", sUnsupported }, - { "afstokenpassing", sUnsupported }, -#ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication }, - { "gssapicleanupcreds", sGssCleanupCreds }, -#else - { "gssapiauthentication", sUnsupported }, - { "gssapicleanupcreds", sUnsupported }, +#if defined(AFS) || defined(KRB5) + { "kerberostgtpassing", sKerberosTgtPassing }, #endif +#ifdef AFS + { "afstokenpassing", sAFSTokenPassing }, +#endif { "passwordauthentication", sPasswordAuthentication }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, @@ -316,9 +338,8 @@ { "subsystem", sSubsystem }, { "maxstartups", sMaxStartups }, { "banner", sBanner }, - { "usedns", sUseDNS }, - { "verifyreversemapping", sDeprecated }, - { "reversemappingcheck", sDeprecated }, + { "verifyreversemapping", sVerifyReverseMapping }, + { "reversemappingcheck", sVerifyReverseMapping }, { "clientaliveinterval", sClientAliveInterval }, { "clientalivecountmax", sClientAliveCountMax }, { "authorizedkeysfile", sAuthorizedKeysFile }, @@ -560,6 +581,10 @@ intptr = &options->ignore_user_known_hosts; goto parse_flag; + case sRhostsAuthentication: + intptr = &options->rhosts_authentication; + goto parse_flag; + case sRhostsRSAAuthentication: intptr = &options->rhosts_rsa_authentication; goto parse_flag; @@ -579,7 +604,7 @@ case sPubkeyAuthentication: intptr = &options->pubkey_authentication; goto parse_flag; - +#if defined(KRB4) || defined(KRB5) case sKerberosAuthentication: intptr = &options->kerberos_authentication; goto parse_flag; @@ -591,14 +616,17 @@ case sKerberosTicketCleanup: intptr = &options->kerberos_ticket_cleanup; goto parse_flag; - - case sGssAuthentication: - intptr = &options->gss_authentication; +#endif +#if defined(AFS) || defined(KRB5) + case sKerberosTgtPassing: + intptr = &options->kerberos_tgt_passing; goto parse_flag; - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; +#endif +#ifdef AFS + case sAFSTokenPassing: + intptr = &options->afs_token_passing; goto parse_flag; +#endif case sPasswordAuthentication: intptr = &options->password_authentication; @@ -664,8 +692,8 @@ intptr = &options->gateway_ports; goto parse_flag; - case sUseDNS: - intptr = &options->use_dns; + case sVerifyReverseMapping: + intptr = &options->verify_reverse_mapping; goto parse_flag; case sLogFacility: @@ -841,14 +869,7 @@ goto parse_int; case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); - while (arg) - arg = strdelim(&cp); - break; - - case sUnsupported: - logit("%s line %d: Unsupported option %s", + log("%s line %d: Deprecated option %s", filename, linenum, arg); while (arg) arg = strdelim(&cp);