http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch commi...

[gssapi-openssh.git] / openssh / servconf.c

diff --git a/openssh/servconf.c b/openssh/servconf.c
index e7fc2a7812a78a0343a8012d5b084a328d6b586c..68c44fc81cf47621fcea5b84ea6202742f02c340 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -92,7 +92,10 @@ initialize_server_options(ServerOptions *options)
        options->kerberos_ticket_cleanup = -1;
        options->kerberos_get_afs_token = -1;
        options->gss_authentication=-1;
+       options->gss_keyex = -1;
        options->gss_cleanup_creds = -1;
+       options->gss_strict_acceptor = -1;
+       options->gss_store_rekey = -1;
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
@@ -210,8 +213,14 @@ fill_default_server_options(ServerOptions *options)
                options->kerberos_get_afs_token = 0;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
+       if (options->gss_keyex == -1)
+               options->gss_keyex = 0;
        if (options->gss_cleanup_creds == -1)
                options->gss_cleanup_creds = 1;
+       if (options->gss_strict_acceptor == -1)
+               options->gss_strict_acceptor = 1;
+       if (options->gss_store_rekey == -1)
+               options->gss_store_rekey = 0;
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -302,7 +311,9 @@ typedef enum {
        sBanner, sUseDNS, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-       sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+       sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+       sGssKeyEx, sGssStoreRekey,
+       sAcceptEnv, sPermitTunnel,
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
        sZeroKnowledgePasswordAuthentication,
@@ -364,9 +375,15 @@ static struct {
 #ifdef GSSAPI
        { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+       { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+       { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
+       { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
 #else
        { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
        { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
 #endif
        { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -891,10 +908,22 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->gss_authentication;
                goto parse_flag;
 
+       case sGssKeyEx:
+               intptr = &options->gss_keyex;
+               goto parse_flag;
+
        case sGssCleanupCreds:
                intptr = &options->gss_cleanup_creds;
                goto parse_flag;
 
+       case sGssStrictAcceptor:
+               intptr = &options->gss_strict_acceptor;
+               goto parse_flag;
+
+       case sGssStoreRekey:
+               intptr = &options->gss_store_rekey;
+               goto parse_flag;
+
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
                goto parse_flag;