]> andersk Git - gssapi-openssh.git/blobdiff - openssh/servconf.c
andersk / gssapi-openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
merged OPENSSH_5_2P1_GSSAPI_20090831 to GPT-branch
[gssapi-openssh.git] / openssh / servconf.c
diff --git a/openssh/servconf.c b/openssh/servconf.c
index a693e05aa71b1e9ca6d647b6a7293d099ea6fad7..96a27f3ab196b3b7605ca356cdbafa58b607a181 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -58,6 +58,7 @@ initialize_server_options(ServerOptions *options)
 
        /* Portable-specific options */
        options->use_pam = -1;
+       options->permit_pam_user_change = -1;
 
        /* Standard Options */
        options->num_ports = 0;
@@ -102,6 +103,7 @@ initialize_server_options(ServerOptions *options)
        options->gss_cleanup_creds = -1;
        options->gss_strict_acceptor = -1;
        options->gsi_allow_limited_proxy = -1;
+       options->gss_store_rekey = -1;
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
@@ -136,11 +138,11 @@ initialize_server_options(ServerOptions *options)
        options->num_permitted_opens = -1;
        options->adm_forced_command = NULL;
        options->chroot_directory = NULL;
+       options->zero_knowledge_password_authentication = -1;
        options->none_enabled = -1;
        options->tcp_rcv_buf_poll = -1;
        options->hpn_disabled = -1;
        options->hpn_buffer_size = -1;
-       options->zero_knowledge_password_authentication = -1;
 }
 
 void
@@ -154,6 +156,8 @@ fill_default_server_options(ServerOptions *options)
        /* Portable-specific options */
        if (options->use_pam == -1)
                options->use_pam = 0;
+       if (options->permit_pam_user_change == -1)
+               options->permit_pam_user_change = 0;
 
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -238,6 +242,8 @@ fill_default_server_options(ServerOptions *options)
                options->gss_strict_acceptor = 1;
        if (options->gsi_allow_limited_proxy == -1)
                options->gsi_allow_limited_proxy = 0;
+       if (options->gss_store_rekey == -1)
+               options->gss_store_rekey = 0;
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -343,7 +349,7 @@ fill_default_server_options(ServerOptions *options)
 typedef enum {
        sBadOption,             /* == unknown option */
        /* Portable-specific options */
-       sUsePAM,
+       sUsePAM, sPermitPAMUserChange,
        /* Standard Options */
        sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
        sPermitRootLogin, sLogFacility, sLogLevel,
@@ -367,17 +373,16 @@ typedef enum {
        sBanner, sUseDNS, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-       sGssAuthentication, sGssCleanupCreds,
     sGssDelegateCreds,
-    sGssStrictAcceptor,
-       sGssKeyEx, 
     sGssCredsPath,
        sGsiAllowLimitedProxy,
-    sAcceptEnv, sPermitTunnel,
+       sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+       sGssKeyEx, sGssStoreRekey,
+       sAcceptEnv, sPermitTunnel,
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
-       sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
        sZeroKnowledgePasswordAuthentication,
+       sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -394,8 +399,10 @@ static struct {
        /* Portable-specific options */
 #ifdef USE_PAM
        { "usepam", sUsePAM, SSHCFG_GLOBAL },
+       { "permitpamuserchange", sPermitPAMUserChange, SSHCFG_GLOBAL }
 #else
        { "usepam", sUnsupported, SSHCFG_GLOBAL },
+       { "permitpamuserchange", sUnsupported, SSHCFG_GLOBAL },
 #endif
        { "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
        /* Standard Options */
@@ -437,22 +444,24 @@ static struct {
        { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
        { "gssapidelegatecredentials", sGssDelegateCreds, SSHCFG_ALL },
        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-       { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
        { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
-       { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
 #ifdef GSI
        { "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL },
 #endif
+       { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+       { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
+       { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
 #else
        { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
        { "gssapidelegatecredentials", sUnsupported, SSHCFG_ALL },
        { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-       { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
        { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
-       { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
 #ifdef GSI
        { "gsiallowlimitedproxy", sUnsupported, SSHCFG_GLOBAL },
 #endif
+       { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
 #endif
 #ifdef SESSION_HOOKS
     { "allowsessionhooks", sAllowSessionHooks, SSHCFG_GLOBAL },
@@ -777,6 +786,10 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->use_pam;
                goto parse_flag;
 
+       case sPermitPAMUserChange:
+               intptr = &options->permit_pam_user_change;
+               goto parse_flag;
+
        /* Standard Options */
        case sBadOption:
                return -1;
@@ -1015,17 +1028,23 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->gss_cleanup_creds;
                goto parse_flag;
 
+       case sGssCredsPath:
+               charptr = &options->gss_creds_path;
+               goto parse_filename;
+
        case sGssStrictAcceptor:
                intptr = &options->gss_strict_acceptor;
                goto parse_flag;
 
-       case sGssCredsPath:
-               charptr = &options->gss_creds_path;
-               goto parse_filename;
+       case sGssStoreRekey:
+               intptr = &options->gss_store_rekey;
+               goto parse_flag;
 
+#ifdef GSI
        case sGsiAllowLimitedProxy:
                intptr = &options->gsi_allow_limited_proxy;
                goto parse_flag;
+#endif
 
 #ifdef SESSION_HOOKS
         case sAllowSessionHooks:
git-cvsimport mirror of GSI OpenSSH
This page took 0.07959 seconds and 4 git commands to generate.