*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.126 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.132 2004/05/08 00:01:37 deraadt Exp $");
#include "ssh.h"
#include "log.h"
#include "xmalloc.h"
#include "compat.h"
#include "pathnames.h"
-#include "tildexpand.h"
#include "misc.h"
#include "cipher.h"
#include "kex.h"
options->x11_use_localhost = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
- options->keepalives = -1;
+ options->tcp_keep_alive = -1;
options->log_facility = SYSLOG_FACILITY_NOT_SET;
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->rhosts_rsa_authentication = -1;
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1;
- options->kerberos_tgt_passing = -1;
+ options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
options->password_authentication = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->num_accept_env = 0;
/* Needs to be accessable in many places */
use_privsep = -1;
{
/* Portable-specific options */
if (options->use_pam == -1)
- options->use_pam = 1;
+ options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->xauth_location = _PATH_XAUTH;
if (options->strict_modes == -1)
options->strict_modes = 1;
- if (options->keepalives == -1)
- options->keepalives = 1;
+ if (options->tcp_keep_alive == -1)
+ options->tcp_keep_alive = 1;
if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
options->log_facility = SYSLOG_FACILITY_AUTH;
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
options->kerberos_ticket_cleanup = 1;
- if (options->kerberos_tgt_passing == -1)
- options->kerberos_tgt_passing = 0;
+ if (options->kerberos_get_afs_token == -1)
+ options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+ sKerberosGetAFSToken,
sKerberosTgtPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
- sStrictModes, sEmptyPasswd, sKeepAlives,
+ sStrictModes, sEmptyPasswd, sTCPKeepAlive,
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
- sGssAuthentication, sGssCleanupCreds,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
sUsePrivilegeSeparation,
sDeprecated, sUnsupported
} ServerOpCodes;
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup },
+#ifdef USE_AFS
+ { "kerberosgetafstoken", sKerberosGetAFSToken },
+#else
+ { "kerberosgetafstoken", sUnsupported },
+#endif
#else
{ "kerberosauthentication", sUnsupported },
{ "kerberosorlocalpasswd", sUnsupported },
{ "kerberosticketcleanup", sUnsupported },
+ { "kerberosgetafstoken", sUnsupported },
#endif
{ "kerberostgtpassing", sUnsupported },
{ "afstokenpassing", sUnsupported },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication },
- { "gssapicleanupcreds", sGssCleanupCreds },
+ { "gssapicleanupcredentials", sGssCleanupCreds },
#else
{ "gssapiauthentication", sUnsupported },
- { "gssapicleanupcreds", sUnsupported },
+ { "gssapicleanupcredentials", sUnsupported },
#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "permituserenvironment", sPermitUserEnvironment },
{ "uselogin", sUseLogin },
{ "compression", sCompression },
- { "keepalive", sKeepAlives },
+ { "tcpkeepalive", sTCPKeepAlive },
+ { "keepalive", sTCPKeepAlive }, /* obsolete alias */
{ "allowtcpforwarding", sAllowTcpForwarding },
{ "allowusers", sAllowUsers },
{ "denyusers", sDenyUsers },
{ "authorizedkeysfile", sAuthorizedKeysFile },
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
+ { "acceptenv", sAcceptEnv },
{ NULL, sBadOption }
};
intptr = &options->kerberos_ticket_cleanup;
goto parse_flag;
- case sKerberosTgtPassing:
- intptr = &options->kerberos_tgt_passing;
+ case sKerberosGetAFSToken:
+ intptr = &options->kerberos_get_afs_token;
goto parse_flag;
case sGssAuthentication:
intptr = &options->strict_modes;
goto parse_flag;
- case sKeepAlives:
- intptr = &options->keepalives;
+ case sTCPKeepAlive:
+ intptr = &options->tcp_keep_alive;
goto parse_flag;
case sEmptyPasswd:
intptr = &options->client_alive_count_max;
goto parse_int;
+ case sAcceptEnv:
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (strchr(arg, '=') != NULL)
+ fatal("%s line %d: Invalid environment name.",
+ filename, linenum);
+ if (options->num_accept_env >= MAX_ACCEPT_ENV)
+ fatal("%s line %d: too many allow env.",
+ filename, linenum);
+ options->accept_env[options->num_accept_env++] =
+ xstrdup(arg);
+ }
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
andersk / openssh.git / blobdiff