=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.116.2.2 retrieving revision 1.117 diff -u -r1.116.2.2 -r1.117 --- src/usr.bin/ssh/servconf.c 2004/03/04 18:18:16 1.116.2.2 +++ src/usr.bin/ssh/servconf.c 2003/04/08 20:21:29 1.117 @@ -10,8 +10,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.116.2.2 2004/03/04 18:18:16 brad Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.117 2003/04/08 20:21:29 itojun Exp $"); +#if defined(KRB4) || defined(KRB5) +#include +#endif +#ifdef AFS +#include +#endif + #include "ssh.h" #include "log.h" #include "servconf.h" @@ -56,20 +63,26 @@ options->x11_use_localhost = -1; options->xauth_location = NULL; options->strict_modes = -1; - options->tcp_keep_alive = -1; + options->keepalives = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; options->pubkey_authentication = -1; +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; +#endif +#if defined(AFS) || defined(KRB5) + options->kerberos_tgt_passing = -1; +#endif +#ifdef AFS + options->afs_token_passing = -1; +#endif options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; @@ -91,7 +104,7 @@ options->max_startups_rate = -1; options->max_startups = -1; options->banner = NULL; - options->use_dns = -1; + options->verify_reverse_mapping = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; @@ -150,12 +163,14 @@ options->xauth_location = _PATH_XAUTH; if (options->strict_modes == -1) options->strict_modes = 1; - if (options->tcp_keep_alive == -1) - options->tcp_keep_alive = 1; + if (options->keepalives == -1) + options->keepalives = 1; if (options->log_facility == SYSLOG_FACILITY_NOT_SET) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; + if (options->rhosts_authentication == -1) + options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) options->rhosts_rsa_authentication = 0; if (options->hostbased_authentication == -1) @@ -166,18 +181,22 @@ options->rsa_authentication = 1; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; +#if defined(KRB4) || defined(KRB5) if (options->kerberos_authentication == -1) options->kerberos_authentication = 0; if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) options->kerberos_ticket_cleanup = 1; - if (options->kerberos_get_afs_token == -1) - options->kerberos_get_afs_token = 0; - if (options->gss_authentication == -1) - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; +#endif +#if defined(AFS) || defined(KRB5) + if (options->kerberos_tgt_passing == -1) + options->kerberos_tgt_passing = 0; +#endif +#ifdef AFS + if (options->afs_token_passing == -1) + options->afs_token_passing = 0; +#endif if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) @@ -202,8 +221,8 @@ options->max_startups_rate = 100; /* 100% */ if (options->max_startups_begin == -1) options->max_startups_begin = options->max_startups; - if (options->use_dns == -1) - options->use_dns = 1; + if (options->verify_reverse_mapping == -1) + options->verify_reverse_mapping = 0; if (options->client_alive_interval == -1) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) @@ -228,24 +247,30 @@ sBadOption, /* == unknown option */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, + sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, +#if defined(KRB4) || defined(KRB5) sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosGetAFSToken, - sKerberosTgtPassing, sChallengeResponseAuthentication, +#endif +#if defined(AFS) || defined(KRB5) + sKerberosTgtPassing, +#endif +#ifdef AFS + sAFSTokenPassing, +#endif + sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sTCPKeepAlive, + sStrictModes, sEmptyPasswd, sKeepAlives, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, - sBanner, sUseDNS, sHostbasedAuthentication, + sBanner, sVerifyReverseMapping, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sUsePrivilegeSeparation, - sDeprecated, sUnsupported + sDeprecated } ServerOpCodes; /* Textual representation of the tokens. */ @@ -263,33 +288,24 @@ { "permitrootlogin", sPermitRootLogin }, { "syslogfacility", sLogFacility }, { "loglevel", sLogLevel }, - { "rhostsauthentication", sDeprecated }, + { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "hostbasedauthentication", sHostbasedAuthentication }, { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly }, { "rsaauthentication", sRSAAuthentication }, { "pubkeyauthentication", sPubkeyAuthentication }, { "dsaauthentication", sPubkeyAuthentication }, /* alias */ -#ifdef KRB5 +#if defined(KRB4) || defined(KRB5) { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberosticketcleanup", sKerberosTicketCleanup }, - { "kerberosgetafstoken", sKerberosGetAFSToken }, -#else - { "kerberosauthentication", sUnsupported }, - { "kerberosorlocalpasswd", sUnsupported }, - { "kerberosticketcleanup", sUnsupported }, - { "kerberosgetafstoken", sUnsupported }, #endif - { "kerberostgtpassing", sUnsupported }, - { "afstokenpassing", sUnsupported }, -#ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication }, - { "gssapicleanupcredentials", sGssCleanupCreds }, -#else - { "gssapiauthentication", sUnsupported }, - { "gssapicleanupcredentials", sUnsupported }, +#if defined(AFS) || defined(KRB5) + { "kerberostgtpassing", sKerberosTgtPassing }, #endif +#ifdef AFS + { "afstokenpassing", sAFSTokenPassing }, +#endif { "passwordauthentication", sPasswordAuthentication }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, @@ -309,8 +325,7 @@ { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, - { "tcpkeepalive", sTCPKeepAlive }, - { "keepalive", sTCPKeepAlive }, /* obsolete alias */ + { "keepalive", sKeepAlives }, { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -323,9 +338,8 @@ { "subsystem", sSubsystem }, { "maxstartups", sMaxStartups }, { "banner", sBanner }, - { "usedns", sUseDNS }, - { "verifyreversemapping", sDeprecated }, - { "reversemappingcheck", sDeprecated }, + { "verifyreversemapping", sVerifyReverseMapping }, + { "reversemappingcheck", sVerifyReverseMapping }, { "clientaliveinterval", sClientAliveInterval }, { "clientalivecountmax", sClientAliveCountMax }, { "authorizedkeysfile", sAuthorizedKeysFile }, @@ -567,6 +581,10 @@ intptr = &options->ignore_user_known_hosts; goto parse_flag; + case sRhostsAuthentication: + intptr = &options->rhosts_authentication; + goto parse_flag; + case sRhostsRSAAuthentication: intptr = &options->rhosts_rsa_authentication; goto parse_flag; @@ -586,7 +604,7 @@ case sPubkeyAuthentication: intptr = &options->pubkey_authentication; goto parse_flag; - +#if defined(KRB4) || defined(KRB5) case sKerberosAuthentication: intptr = &options->kerberos_authentication; goto parse_flag; @@ -598,19 +616,18 @@ case sKerberosTicketCleanup: intptr = &options->kerberos_ticket_cleanup; goto parse_flag; - - case sKerberosGetAFSToken: - intptr = &options->kerberos_get_afs_token; +#endif +#if defined(AFS) || defined(KRB5) + case sKerberosTgtPassing: + intptr = &options->kerberos_tgt_passing; goto parse_flag; - - case sGssAuthentication: - intptr = &options->gss_authentication; +#endif +#ifdef AFS + case sAFSTokenPassing: + intptr = &options->afs_token_passing; goto parse_flag; +#endif - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; - goto parse_flag; - case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -651,8 +668,8 @@ intptr = &options->strict_modes; goto parse_flag; - case sTCPKeepAlive: - intptr = &options->tcp_keep_alive; + case sKeepAlives: + intptr = &options->keepalives; goto parse_flag; case sEmptyPasswd: @@ -675,8 +692,8 @@ intptr = &options->gateway_ports; goto parse_flag; - case sUseDNS: - intptr = &options->use_dns; + case sVerifyReverseMapping: + intptr = &options->verify_reverse_mapping; goto parse_flag; case sLogFacility: @@ -853,13 +870,6 @@ case sDeprecated: logit("%s line %d: Deprecated option %s", - filename, linenum, arg); - while (arg) - arg = strdelim(&cp); - break; - - case sUnsupported: - logit("%s line %d: Unsupported option %s", filename, linenum, arg); while (arg) arg = strdelim(&cp);