-/* $OpenBSD: servconf.c,v 1.194 2009/01/22 10:02:34 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.195 2009/04/14 21:10:54 jj Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
options->gss_cleanup_creds = -1;
options->gss_strict_acceptor = -1;
options->gsi_allow_limited_proxy = -1;
+ options->gss_store_rekey = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
options->none_enabled = -1;
options->tcp_rcv_buf_poll = -1;
options->hpn_disabled = -1;
options->hpn_buffer_size = -1;
- options->zero_knowledge_password_authentication = -1;
+ options->disable_usage_stats = 0;
+ options->usage_stats_targets = NULL;
}
void
options->gss_strict_acceptor = 1;
if (options->gsi_allow_limited_proxy == -1)
options->gsi_allow_limited_proxy = 0;
+ if (options->gss_store_rekey == -1)
+ options->gss_store_rekey = 0;
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
options->compression = 0;
}
#endif
-
}
/* Keyword tokens. */
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sGssAuthentication, sGssCleanupCreds,
sGssDelegateCreds,
- sGssStrictAcceptor,
- sGssKeyEx,
sGssCredsPath,
sGsiAllowLimitedProxy,
- sAcceptEnv, sPermitTunnel,
+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ sGssKeyEx, sGssStoreRekey,
+ sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
sZeroKnowledgePasswordAuthentication,
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+ sDisUsageStats, sUsageStatsTarg,
sDeprecated, sUnsupported
} ServerOpCodes;
/* Portable-specific options */
#ifdef USE_PAM
{ "usepam", sUsePAM, SSHCFG_GLOBAL },
- { "permitpamuserchange", sPermitPAMUserChange, SSHCFG_GLOBAL }
+ { "permitpamuserchange", sPermitPAMUserChange, SSHCFG_GLOBAL },
#else
{ "usepam", sUnsupported, SSHCFG_GLOBAL },
{ "permitpamuserchange", sUnsupported, SSHCFG_GLOBAL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
{ "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
- { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
+ { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
#ifdef KRB5
{ "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapidelegatecredentials", sGssDelegateCreds, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
- { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
{ "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
- { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
#ifdef GSI
{ "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL },
#endif
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
+ { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapidelegatecredentials", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
- { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
{ "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
- { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSI
{ "gsiallowlimitedproxy", sUnsupported, SSHCFG_GLOBAL },
#endif
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
#endif
#ifdef SESSION_HOOKS
{ "allowsessionhooks", sAllowSessionHooks, SSHCFG_GLOBAL },
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
- { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
+ { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
- { "match", sMatch, SSHCFG_ALL },
+ { "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
{ "hpndisabled", sHPNDisabled },
{ "hpnbuffersize", sHPNBufferSize },
{ "tcprcvbufpoll", sTcpRcvBufPoll },
+ { "disableusagestats", sDisUsageStats, SSHCFG_GLOBAL},
+ { "usagestatstargets", sUsageStatsTarg, SSHCFG_GLOBAL},
{ NULL, sBadOption, 0 }
};
intptr = &options->gss_cleanup_creds;
goto parse_flag;
+ case sGssCredsPath:
+ charptr = &options->gss_creds_path;
+ goto parse_filename;
+
case sGssStrictAcceptor:
intptr = &options->gss_strict_acceptor;
goto parse_flag;
- case sGssCredsPath:
- charptr = &options->gss_creds_path;
- goto parse_filename;
+ case sGssStoreRekey:
+ intptr = &options->gss_store_rekey;
+ goto parse_flag;
+#ifdef GSI
case sGsiAllowLimitedProxy:
intptr = &options->gsi_allow_limited_proxy;
goto parse_flag;
+#endif
#ifdef SESSION_HOOKS
case sAllowSessionHooks:
*charptr = xstrdup(arg);
break;
+ case sDisUsageStats:
+ charptr = &options->chroot_directory;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing value.",
+ filename, linenum);
+ if (!strcasecmp(arg, "true") ||
+ !strcasecmp(arg, "enabled") ||
+ !strcasecmp(arg, "yes") ||
+ !strcasecmp(arg, "on") ||
+ !strcasecmp(arg, "1"))
+ options->disable_usage_stats = 1;
+ else if (!strcasecmp(arg, "false") ||
+ !strcasecmp(arg, "disabled") ||
+ !strcasecmp(arg, "no") ||
+ !strcasecmp(arg, "off") ||
+ !strcasecmp(arg, "0"))
+ options->disable_usage_stats = 0;
+ else
+ fatal("Incorrect value for disable_usage_stats");
+ break;
+
+ case sUsageStatsTarg:
+ charptr = &options->chroot_directory;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing value.",
+ filename, linenum);
+ options->usage_stats_targets = xstrdup(arg);
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
/*
* Copy any supported values that are set.
*
- * If the preauth flag is set, we do not bother copying the the string or
+ * If the preauth flag is set, we do not bother copying the string or
* array values that are not used pre-authentication, because any that we
* do use must be explictly sent in mm_getpwnamallow().
*/