src - FreeBSD source tree

diff options


context:
space:
mode:

author	Dag-Erling Smørgrav <des@FreeBSD.org>	2010-11-08 10:45:44 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2010-11-08 10:45:44 +0000
commit	3a927e69c380468bb32766c99aa7caf86de401a4 (patch)
tree	a92a6ad754f3ce37585ea89bd5d2693dbc5991ef /servconf.c
parent	f276912e6fa1da1174ba900a7e5d6447d71fc8e7 (diff)
download	src-3a927e69c380468bb32766c99aa7caf86de401a4.tar.gz src-3a927e69c380468bb32766c99aa7caf86de401a4.zip

Vendor import of OpenSSH 5.6p1vendor/openssh/5.6p1

Notes

Notes: svn path=/vendor-crypto/openssh/dist/; revision=214979 svn path=/vendor-crypto/openssh/5.6p1/; revision=214980; tag=vendor/openssh/5.6p1

Diffstat (limited to 'servconf.c')

-rw-r--r--

servconf.c

1 files changed, 22 insertions, 9 deletions

diff --git a/servconf.c b/servconf.c
index 7d027ddb990a..986a5b92f692 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */

+/* $OpenBSD: servconf.c,v 1.209 2010/06/22 04:22:59 djm Exp $ */

@@ -131,6 +131,7 @@ initialize_server_options(ServerOptions *options)

options->zero_knowledge_password_authentication = -1;

options->revoked_keys_file = NULL;

options->trusted_user_ca_keys = NULL;

+ options->authorized_principals_file = NULL;

}

void

@@ -310,7 +311,7 @@ typedef enum {

sMatch, sPermitOpen, sForceCommand, sChrootDirectory,

sUsePrivilegeSeparation, sAllowAgentForwarding,

sZeroKnowledgePasswordAuthentication, sHostCertificate,

- sRevokedKeys, sTrustedUserCAKeys,

+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,

sDeprecated, sUnsupported

} ServerOpCodes;

@@ -345,7 +346,7 @@ static struct {

{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },

{ "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },

{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },

- { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },

+ { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },

{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },

{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },

{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */

@@ -420,11 +421,11 @@ static struct {

{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },

{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },

{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },

- { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },

- { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },

+ { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },

+ { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },

{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},

{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },

- { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },

+ { "permittunnel", sPermitTunnel, SSHCFG_ALL },

{ "match", sMatch, SSHCFG_ALL },

{ "permitopen", sPermitOpen, SSHCFG_ALL },

{ "forcecommand", sForceCommand, SSHCFG_ALL },

@@ -432,6 +433,7 @@ static struct {

{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },

{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },

{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },

+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },

{ NULL, sBadOption, 0 }

};

@@ -1218,10 +1220,14 @@ process_server_config_line(ServerOptions *options, char *line,

* AuthorizedKeysFile /etc/ssh_keys/%u

case sAuthorizedKeysFile:

+ charptr = &options->authorized_keys_file;

+ goto parse_tilde_filename;

case sAuthorizedKeysFile2:

- charptr = (opcode == sAuthorizedKeysFile) ?

- &options->authorized_keys_file :

- &options->authorized_keys_file2;

+ charptr = &options->authorized_keys_file2;

+ goto parse_tilde_filename;

+ case sAuthorizedPrincipalsFile:

+ charptr = &options->authorized_principals_file;

+ parse_tilde_filename:

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: missing file name.",

@@ -1440,6 +1446,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)

M_CP_INTOPT(pubkey_authentication);

M_CP_INTOPT(kerberos_authentication);

M_CP_INTOPT(hostbased_authentication);

+ M_CP_INTOPT(hostbased_uses_name_from_packet_only);

M_CP_INTOPT(kbd_interactive_authentication);

M_CP_INTOPT(zero_knowledge_password_authentication);

M_CP_INTOPT(permit_root_login);

@@ -1447,6 +1454,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)

M_CP_INTOPT(allow_tcp_forwarding);

M_CP_INTOPT(allow_agent_forwarding);

+ M_CP_INTOPT(permit_tun);

M_CP_INTOPT(gateway_ports);

M_CP_INTOPT(x11_display_offset);

M_CP_INTOPT(x11_forwarding);

@@ -1461,6 +1469,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)

M_CP_STROPT(chroot_directory);

M_CP_STROPT(trusted_user_ca_keys);

M_CP_STROPT(revoked_keys_file);

+ M_CP_STROPT(authorized_keys_file);

+ M_CP_STROPT(authorized_keys_file2);

+ M_CP_STROPT(authorized_principals_file);

}

#undef M_CP_INTOPT

@@ -1682,6 +1693,8 @@ dump_config(ServerOptions *o)

dump_cfg_string(sChrootDirectory, o->chroot_directory);

dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);

dump_cfg_string(sRevokedKeys, o->revoked_keys_file);

+ dump_cfg_string(sAuthorizedPrincipalsFile,

+ o->authorized_principals_file);

/* string arguments requiring a lookup */

dump_cfg_string(sLogLevel, log_level_name(o->log_level));