Page MenuHomeFreeBSD
Differential D7051 Diff 19569 crypto/openssh/servconf.c

Changeset View

Standalone View

View Options

crypto/openssh/servconf.c

Show First 20 LinesShow All 166 Lines▼ Show 20 Linesinitialize_server_options(ServerOptions *options)
options->trusted_user_ca_keys = NULL; options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL; options->authorized_principals_file = NULL;
options->authorized_principals_command = NULL; options->authorized_principals_command = NULL;
options->authorized_principals_command_user = NULL; options->authorized_principals_command_user = NULL;
options->ip_qos_interactive = -1; options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1; options->ip_qos_bulk = -1;
options->version_addendum = NULL; options->version_addendum = NULL;
options->fingerprint_hash = -1; options->fingerprint_hash = -1;
options->use_blacklist = -1;
} }
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
static int static int
option_clear_or_none(const char *o) option_clear_or_none(const char *o)
{ {
return o == NULL || strcasecmp(o, "none") == 0; return o == NULL || strcasecmp(o, "none") == 0;
} }
▲ Show 20 LinesShow All 172 Lines▼ Show 20 Lines#undef add_host_key_file
if (options->version_addendum == NULL) if (options->version_addendum == NULL)
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
options->fwd_opts.streamlocal_bind_mask = 0177; options->fwd_opts.streamlocal_bind_mask = 0177;
if (options->fwd_opts.streamlocal_bind_unlink == -1) if (options->fwd_opts.streamlocal_bind_unlink == -1)
options->fwd_opts.streamlocal_bind_unlink = 0; options->fwd_opts.streamlocal_bind_unlink = 0;
if (options->fingerprint_hash == -1) if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT; options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
if (options->use_blacklist == -1)
options->use_blacklist = 0;
assemble_algorithms(options); assemble_algorithms(options);
/* Turn privilege separation and sandboxing on by default */ /* Turn privilege separation and sandboxing on by default */
if (use_privsep == -1) if (use_privsep == -1)
use_privsep = PRIVSEP_ON; use_privsep = PRIVSEP_ON;
#define CLEAR_ON_NONE(v) \ #define CLEAR_ON_NONE(v) \
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Linestypedef enum {
sHostCertificate, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
sKexAlgorithms, sIPQoS, sVersionAddendum, sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink, sStreamLocalBindMask, sStreamLocalBindUnlink,
sAllowStreamLocalForwarding, sFingerprintHash, sAllowStreamLocalForwarding, sFingerprintHash,
sUseBlacklist,
sDeprecated, sUnsupported sDeprecated, sUnsupported
} ServerOpCodes; } ServerOpCodes;
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */
#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH)
/* Textual representation of the tokens. */ /* Textual representation of the tokens. */
▲ Show 20 LinesShow All 126 Lines▼ Show 20 Lines#endif
{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL },
{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL },
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
{ "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
{ "noneenabled", sUnsupported, SSHCFG_ALL }, { "noneenabled", sUnsupported, SSHCFG_ALL },
{ "hpndisabled", sDeprecated, SSHCFG_ALL }, { "hpndisabled", sDeprecated, SSHCFG_ALL },
{ "hpnbuffersize", sDeprecated, SSHCFG_ALL }, { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
{ NULL, sBadOption, 0 } { NULL, sBadOption, 0 }
}; };
static struct { static struct {
▲ Show 20 LinesShow All 1,266 Lines▼ Show 20 Lines if (!arg || *arg == '\0')
filename, linenum); filename, linenum);
if ((value = ssh_digest_alg_by_name(arg)) == -1) if ((value = ssh_digest_alg_by_name(arg)) == -1)
fatal("%.200s line %d: Invalid hash algorithm \"%s\".", fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
filename, linenum, arg); filename, linenum, arg);
if (*activep) if (*activep)
options->fingerprint_hash = value; options->fingerprint_hash = value;
break; break;
case sUseBlacklist:
intptr = &options->use_blacklist;
goto parse_flag;
case sDeprecated: case sDeprecated:
logit("%s line %d: Deprecated option %s", logit("%s line %d: Deprecated option %s",
filename, linenum, arg); filename, linenum, arg);
while (arg) while (arg)
arg = strdelim(&cp); arg = strdelim(&cp);
break; break;
case sUnsupported: case sUnsupported:
▲ Show 20 LinesShow All 427 Lines▼ Show 20 Lines#endif
dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
/* string arguments */ /* string arguments */
dump_cfg_string(sPidFile, o->pid_file); dump_cfg_string(sPidFile, o->pid_file);
dump_cfg_string(sXAuthLocation, o->xauth_location); dump_cfg_string(sXAuthLocation, o->xauth_location);
dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
dump_cfg_string(sBanner, o->banner); dump_cfg_string(sBanner, o->banner);
dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sForceCommand, o->adm_forced_command);
▲ Show 20 LinesShow All 63 LinesShow Last 20 Lines