src - FreeBSD source tree

diff options


context:
space:
mode:

author	Dag-Erling Smørgrav <des@FreeBSD.org>	2002-06-23 14:01:54 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2002-06-23 14:01:54 +0000
commit	545d5eca429a5967b3300cb527d49cae8184e79f (patch)
tree	07d2725bfa4789fc97a184f8beffb275c8c7bdcb /crypto/openssh/servconf.c
parent	556a3fb01ef9b6221d190bb62371a2c28ffd4757 (diff)
download	src-545d5eca429a5967b3300cb527d49cae8184e79f.tar.gz src-545d5eca429a5967b3300cb527d49cae8184e79f.zip

Vendor import of OpenSSH 3.3.

Notes

Notes: svn path=/vendor-crypto/openssh/dist/; revision=98675

Diffstat (limited to 'crypto/openssh/servconf.c')

-rw-r--r--

crypto/openssh/servconf.c

1 files changed, 27 insertions, 4 deletions

diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index cf2042e31006..3537e924d132 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c

@@ -10,7 +10,7 @@

#include "includes.h"

-RCSID("$OpenBSD: servconf.c,v 1.101 2002/02/04 12:15:25 markus Exp $");

+RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");

#if defined(KRB4) || defined(KRB5)

#include <krb.h>

@@ -36,6 +36,8 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);

/* AF_UNSPEC or AF_INET or AF_INET6 */

extern int IPv4or6;

+/* Use of privilege separation or not */

+extern int use_privsep;

/* Initializes the server options to their default values. */

@@ -86,6 +88,7 @@ initialize_server_options(ServerOptions *options)

options->challenge_response_authentication = -1;

options->permit_empty_passwd = -1;

options->use_login = -1;

+ options->compression = -1;

options->allow_tcp_forwarding = -1;

options->num_allow_users = 0;

options->num_deny_users = 0;

@@ -105,6 +108,9 @@ initialize_server_options(ServerOptions *options)

options->client_alive_count_max = -1;

options->authorized_keys_file = NULL;

options->authorized_keys_file2 = NULL;

+ /* Needs to be accessable in many places */

+ use_privsep = -1;

}

void

@@ -176,7 +182,7 @@ fill_default_server_options(ServerOptions *options)

options->pubkey_authentication = 1;

#if defined(KRB4) || defined(KRB5)

if (options->kerberos_authentication == -1)

- options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);

+ options->kerberos_authentication = 0;

if (options->kerberos_or_local_passwd == -1)

options->kerberos_or_local_passwd = 1;

if (options->kerberos_ticket_cleanup == -1)

@@ -188,7 +194,7 @@ fill_default_server_options(ServerOptions *options)

#endif

#ifdef AFS

if (options->afs_token_passing == -1)

- options->afs_token_passing = k_hasafs();

+ options->afs_token_passing = 0;

#endif

if (options->password_authentication == -1)

options->password_authentication = 1;

@@ -200,6 +206,8 @@ fill_default_server_options(ServerOptions *options)

options->permit_empty_passwd = 0;

if (options->use_login == -1)

options->use_login = 0;

+ if (options->compression == -1)

+ options->compression = 1;

if (options->allow_tcp_forwarding == -1)

options->allow_tcp_forwarding = 1;

if (options->gateway_ports == -1)

@@ -225,6 +233,10 @@ fill_default_server_options(ServerOptions *options)

}

if (options->authorized_keys_file == NULL)

options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;

+ /* Turn privilege separation on by default */

+ if (use_privsep == -1)

+ use_privsep = 1;

}

/* Keyword tokens. */

@@ -247,13 +259,14 @@ typedef enum {

sPrintMotd, sPrintLastLog, sIgnoreRhosts,

sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,

sStrictModes, sEmptyPasswd, sKeepAlives,

- sUseLogin, sAllowTcpForwarding,

+ sUseLogin, sAllowTcpForwarding, sCompression,

sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,

sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,

sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,

sBanner, sVerifyReverseMapping, sHostbasedAuthentication,

sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,

sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,

+ sUsePrivilegeSeparation,

sDeprecated

} ServerOpCodes;

@@ -307,6 +320,7 @@ static struct {

{ "strictmodes", sStrictModes },

{ "permitemptypasswords", sEmptyPasswd },

{ "uselogin", sUseLogin },

+ { "compression", sCompression },

{ "keepalive", sKeepAlives },

{ "allowtcpforwarding", sAllowTcpForwarding },

{ "allowusers", sAllowUsers },

@@ -326,6 +340,7 @@ static struct {

{ "clientalivecountmax", sClientAliveCountMax },

{ "authorizedkeysfile", sAuthorizedKeysFile },

{ "authorizedkeysfile2", sAuthorizedKeysFile2 },

+ { "useprivilegeseparation", sUsePrivilegeSeparation},

{ NULL, sBadOption }

};

@@ -662,6 +677,10 @@ parse_flag:

intptr = &options->use_login;

goto parse_flag;

+ case sCompression:

+ intptr = &options->compression;

+ goto parse_flag;

case sGatewayPorts:

intptr = &options->gateway_ports;

goto parse_flag;

@@ -696,6 +715,10 @@ parse_flag:

intptr = &options->allow_tcp_forwarding;

goto parse_flag;

+ case sUsePrivilegeSeparation:

+ intptr = &use_privsep;

+ goto parse_flag;

case sAllowUsers:

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_allow_users >= MAX_ALLOW_USERS)