Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/servconf.c
Show First 20 Lines • Show All 166 Lines • ▼ Show 20 Lines | initialize_server_options(ServerOptions *options) | ||||
options->trusted_user_ca_keys = NULL; | options->trusted_user_ca_keys = NULL; | ||||
options->authorized_principals_file = NULL; | options->authorized_principals_file = NULL; | ||||
options->authorized_principals_command = NULL; | options->authorized_principals_command = NULL; | ||||
options->authorized_principals_command_user = NULL; | options->authorized_principals_command_user = NULL; | ||||
options->ip_qos_interactive = -1; | options->ip_qos_interactive = -1; | ||||
options->ip_qos_bulk = -1; | options->ip_qos_bulk = -1; | ||||
options->version_addendum = NULL; | options->version_addendum = NULL; | ||||
options->fingerprint_hash = -1; | options->fingerprint_hash = -1; | ||||
options->use_blacklist = -1; | |||||
} | } | ||||
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | ||||
static int | static int | ||||
option_clear_or_none(const char *o) | option_clear_or_none(const char *o) | ||||
{ | { | ||||
return o == NULL || strcasecmp(o, "none") == 0; | return o == NULL || strcasecmp(o, "none") == 0; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 172 Lines • ▼ Show 20 Lines | #undef add_host_key_file | ||||
if (options->version_addendum == NULL) | if (options->version_addendum == NULL) | ||||
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); | options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); | ||||
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) | if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) | ||||
options->fwd_opts.streamlocal_bind_mask = 0177; | options->fwd_opts.streamlocal_bind_mask = 0177; | ||||
if (options->fwd_opts.streamlocal_bind_unlink == -1) | if (options->fwd_opts.streamlocal_bind_unlink == -1) | ||||
options->fwd_opts.streamlocal_bind_unlink = 0; | options->fwd_opts.streamlocal_bind_unlink = 0; | ||||
if (options->fingerprint_hash == -1) | if (options->fingerprint_hash == -1) | ||||
options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||||
if (options->use_blacklist == -1) | |||||
options->use_blacklist = 0; | |||||
assemble_algorithms(options); | assemble_algorithms(options); | ||||
/* Turn privilege separation and sandboxing on by default */ | /* Turn privilege separation and sandboxing on by default */ | ||||
if (use_privsep == -1) | if (use_privsep == -1) | ||||
use_privsep = PRIVSEP_ON; | use_privsep = PRIVSEP_ON; | ||||
#define CLEAR_ON_NONE(v) \ | #define CLEAR_ON_NONE(v) \ | ||||
▲ Show 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | typedef enum { | ||||
sHostCertificate, | sHostCertificate, | ||||
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | ||||
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, | sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, | ||||
sKexAlgorithms, sIPQoS, sVersionAddendum, | sKexAlgorithms, sIPQoS, sVersionAddendum, | ||||
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | ||||
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | ||||
sStreamLocalBindMask, sStreamLocalBindUnlink, | sStreamLocalBindMask, sStreamLocalBindUnlink, | ||||
sAllowStreamLocalForwarding, sFingerprintHash, | sAllowStreamLocalForwarding, sFingerprintHash, | ||||
sUseBlacklist, | |||||
sDeprecated, sUnsupported | sDeprecated, sUnsupported | ||||
} ServerOpCodes; | } ServerOpCodes; | ||||
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ | #define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */ | ||||
#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ | #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ | ||||
#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) | #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) | ||||
/* Textual representation of the tokens. */ | /* Textual representation of the tokens. */ | ||||
▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | #endif | ||||
{ "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, | { "authorizedprincipalscommand", sAuthorizedPrincipalsCommand, SSHCFG_ALL }, | ||||
{ "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, | { "authorizedprincipalscommanduser", sAuthorizedPrincipalsCommandUser, SSHCFG_ALL }, | ||||
{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | ||||
{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | ||||
{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, | ||||
{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | ||||
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | ||||
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | ||||
{ "useblacklist", sUseBlacklist, SSHCFG_GLOBAL }, | |||||
{ "noneenabled", sUnsupported, SSHCFG_ALL }, | { "noneenabled", sUnsupported, SSHCFG_ALL }, | ||||
{ "hpndisabled", sDeprecated, SSHCFG_ALL }, | { "hpndisabled", sDeprecated, SSHCFG_ALL }, | ||||
{ "hpnbuffersize", sDeprecated, SSHCFG_ALL }, | { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, | ||||
{ "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, | { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL }, | ||||
{ NULL, sBadOption, 0 } | { NULL, sBadOption, 0 } | ||||
}; | }; | ||||
static struct { | static struct { | ||||
▲ Show 20 Lines • Show All 1,266 Lines • ▼ Show 20 Lines | if (!arg || *arg == '\0') | ||||
filename, linenum); | filename, linenum); | ||||
if ((value = ssh_digest_alg_by_name(arg)) == -1) | if ((value = ssh_digest_alg_by_name(arg)) == -1) | ||||
fatal("%.200s line %d: Invalid hash algorithm \"%s\".", | fatal("%.200s line %d: Invalid hash algorithm \"%s\".", | ||||
filename, linenum, arg); | filename, linenum, arg); | ||||
if (*activep) | if (*activep) | ||||
options->fingerprint_hash = value; | options->fingerprint_hash = value; | ||||
break; | break; | ||||
case sUseBlacklist: | |||||
intptr = &options->use_blacklist; | |||||
goto parse_flag; | |||||
case sDeprecated: | case sDeprecated: | ||||
logit("%s line %d: Deprecated option %s", | logit("%s line %d: Deprecated option %s", | ||||
filename, linenum, arg); | filename, linenum, arg); | ||||
while (arg) | while (arg) | ||||
arg = strdelim(&cp); | arg = strdelim(&cp); | ||||
break; | break; | ||||
case sUnsupported: | case sUnsupported: | ||||
▲ Show 20 Lines • Show All 427 Lines • ▼ Show 20 Lines | #endif | ||||
dump_cfg_fmtint(sCompression, o->compression); | dump_cfg_fmtint(sCompression, o->compression); | ||||
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); | dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); | ||||
dump_cfg_fmtint(sUseDNS, o->use_dns); | dump_cfg_fmtint(sUseDNS, o->use_dns); | ||||
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | ||||
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); | dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); | ||||
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | ||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | ||||
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | ||||
dump_cfg_fmtint(sUseBlacklist, o->use_blacklist); | |||||
/* string arguments */ | /* string arguments */ | ||||
dump_cfg_string(sPidFile, o->pid_file); | dump_cfg_string(sPidFile, o->pid_file); | ||||
dump_cfg_string(sXAuthLocation, o->xauth_location); | dump_cfg_string(sXAuthLocation, o->xauth_location); | ||||
dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); | dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); | ||||
dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); | dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); | ||||
dump_cfg_string(sBanner, o->banner); | dump_cfg_string(sBanner, o->banner); | ||||
dump_cfg_string(sForceCommand, o->adm_forced_command); | dump_cfg_string(sForceCommand, o->adm_forced_command); | ||||
▲ Show 20 Lines • Show All 63 Lines • Show Last 20 Lines |