merged OpenSSH 5.2p1 to trunk

[gssapi-openssh.git] / openssh / servconf.c

diff --git a/openssh/servconf.c b/openssh/servconf.c
index 8b8b9954fa063ee7a7a6cecbd05f563416ba7100..a693e05aa71b1e9ca6d647b6a7293d099ea6fad7 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.186 2008/07/04 03:44:59 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.194 2009/01/22 10:02:34 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -42,8 +42,8 @@
 #include "channels.h"
 #include "groupaccess.h"
 
-static void add_listen_addr(ServerOptions *, char *, u_short);
-static void add_one_listen_addr(ServerOptions *, char *, u_short);
+static void add_listen_addr(ServerOptions *, char *, int);
+static void add_one_listen_addr(ServerOptions *, char *, int);
 
 /* Use of privilege separation or not */
 extern int use_privsep;
@@ -140,6 +140,7 @@ initialize_server_options(ServerOptions *options)
        options->tcp_rcv_buf_poll = -1;
        options->hpn_disabled = -1;
        options->hpn_buffer_size = -1;
+       options->zero_knowledge_password_authentication = -1;
 }
 
 void
@@ -284,6 +285,8 @@ fill_default_server_options(ServerOptions *options)
                options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
        if (options->permit_tun == -1)
                options->permit_tun = SSH_TUNMODE_NO;
+       if (options->zero_knowledge_password_authentication == -1)
+               options->zero_knowledge_password_authentication = 0;
 
        if (options->hpn_disabled == -1) 
                options->hpn_disabled = 0;
@@ -374,6 +377,7 @@ typedef enum {
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
        sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+       sZeroKnowledgePasswordAuthentication,
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -459,6 +463,11 @@ static struct {
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
        { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
+#ifdef JPAKE
+       { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL },
+#else
+       { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL },
+#endif
        { "checkmail", sDeprecated, SSHCFG_GLOBAL },
        { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
        { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
@@ -471,7 +480,7 @@ static struct {
        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
-       { "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL },
+       { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
        { "compression", sCompression, SSHCFG_GLOBAL },
@@ -547,7 +556,7 @@ parse_token(const char *cp, const char *filename,
 }
 
 static void
-add_listen_addr(ServerOptions *options, char *addr, u_short port)
+add_listen_addr(ServerOptions *options, char *addr, int port)
 {
        u_int i;
 
@@ -563,7 +572,7 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
 }
 
 static void
-add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
+add_one_listen_addr(ServerOptions *options, char *addr, int port)
 {
        struct addrinfo hints, *ai, *aitop;
        char strport[NI_MAXSERV];
@@ -573,7 +582,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
        hints.ai_family = options->address_family;
        hints.ai_socktype = SOCK_STREAM;
        hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
-       snprintf(strport, sizeof strport, "%u", port);
+       snprintf(strport, sizeof strport, "%d", port);
        if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
                fatal("bad addr or host: %s (%s)",
                    addr ? addr : "<NULL>",
@@ -729,7 +738,7 @@ process_server_config_line(ServerOptions *options, char *line,
        SyslogFacility *log_facility_ptr;
        LogLevel *log_level_ptr;
        ServerOpCodes opcode;
-       u_short port;
+       int port;
        u_int i, flags = 0;
        size_t len;
 
@@ -786,7 +795,7 @@ process_server_config_line(ServerOptions *options, char *line,
                        fatal("%s line %d: missing port number.",
                            filename, linenum);
                options->ports[options->num_ports++] = a2port(arg);
-               if (options->ports[options->num_ports-1] == 0)
+               if (options->ports[options->num_ports-1] <= 0)
                        fatal("%s line %d: Badly formatted port number.",
                            filename, linenum);
                break;
@@ -839,7 +848,7 @@ process_server_config_line(ServerOptions *options, char *line,
                p = cleanhostname(p);
                if (arg == NULL)
                        port = 0;
-               else if ((port = a2port(arg)) == 0)
+               else if ((port = a2port(arg)) <= 0)
                        fatal("%s line %d: bad port number", filename, linenum);
 
                add_listen_addr(options, p, port);
@@ -1039,6 +1048,10 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->password_authentication;
                goto parse_flag;
 
+       case sZeroKnowledgePasswordAuthentication:
+               intptr = &options->zero_knowledge_password_authentication;
+               goto parse_flag;
+
        case sKbdInteractiveAuthentication:
                intptr = &options->kbd_interactive_authentication;
                goto parse_flag;
@@ -1401,7 +1414,7 @@ process_server_config_line(ServerOptions *options, char *line,
                                fatal("%s line %d: missing host in PermitOpen",
                                    filename, linenum);
                        p = cleanhostname(p);
-                       if (arg == NULL || (port = a2port(arg)) == 0)
+                       if (arg == NULL || (port = a2port(arg)) <= 0)
                                fatal("%s line %d: bad port number in "
                                    "PermitOpen", filename, linenum);
                        if (*activep && n == -1)
@@ -1527,7 +1540,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(kerberos_authentication);
        M_CP_INTOPT(hostbased_authentication);
        M_CP_INTOPT(kbd_interactive_authentication);
+       M_CP_INTOPT(zero_knowledge_password_authentication);
        M_CP_INTOPT(permit_root_login);
+       M_CP_INTOPT(permit_empty_passwd);
 
        M_CP_INTOPT(allow_tcp_forwarding);
        M_CP_INTOPT(allow_agent_forwarding);
@@ -1589,7 +1604,7 @@ fmt_intarg(ServerOpCodes code, int val)
        if (code == sPermitRootLogin) {
                switch (val) {
                case PERMIT_NO_PASSWD:
-                       return "without-passord";
+                       return "without-password";
                case PERMIT_FORCED_ONLY:
                        return "forced-commands-only";
                case PERMIT_YES:
@@ -1694,11 +1709,15 @@ dump_config(ServerOptions *o)
        }
 
        /* integer arguments */
+#ifdef USE_PAM
+       dump_cfg_int(sUsePAM, o->use_pam);
+#endif
        dump_cfg_int(sServerKeyBits, o->server_key_bits);
        dump_cfg_int(sLoginGraceTime, o->login_grace_time);
        dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
        dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
        dump_cfg_int(sMaxAuthTries, o->max_authtries);
+       dump_cfg_int(sMaxSessions, o->max_sessions);
        dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
        dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
 
@@ -1712,12 +1731,22 @@ dump_config(ServerOptions *o)
            o->hostbased_uses_name_from_packet_only);
        dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
        dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
+#ifdef KRB5
        dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
        dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
        dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
+# ifdef USE_AFS
        dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
+# endif
+#endif
+#ifdef GSSAPI
        dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
        dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
+#endif
+#ifdef JPAKE
+       dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
+           o->zero_knowledge_password_authentication);
+#endif
        dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
        dump_cfg_fmtint(sKbdInteractiveAuthentication,
            o->kbd_interactive_authentication);
@@ -1776,7 +1805,5 @@ dump_config(ServerOptions *o)
                }
        dump_cfg_string(sPermitTunnel, s);
 
-       printf("permitopen");
        channel_print_adm_permitted_opens();
-       printf("\n");
 }