]> andersk Git - openssh.git/blobdiff - servconf.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- (djm) Make portable build with MIT krb5 (some issues remain)
[openssh.git] / servconf.c
diff --git a/servconf.c b/servconf.c
index fb6332c31b6973f2779ec3f9cc8172dcb23d65e8..8e2839085b08a4be114a0cfbe19711b289014be5 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -10,20 +10,24 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
 #endif
+
 #if defined(KRB5)
-#ifdef HEIMDAL
-#include <krb.h>
-#else
-/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
- * keytab */
-#define KEYFILE "/etc/krb5.keytab"
-#endif
+# ifdef HEIMDAL
+#  include <krb.h>
+# else
+/*
+ * XXX: Bodge - but then, so is using the kerberos IV KEYFILE to get a 
+ * Kerberos V keytab
+ */
+#  define KEYFILE "/etc/krb5.keytab"
+# endif
 #endif
+
 #ifdef AFS
 #include <kafs.h>
 #endif
@@ -101,6 +105,7 @@ initialize_server_options(ServerOptions *options)
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
        options->permit_empty_passwd = -1;
+       options->permit_user_env = -1;
        options->use_login = -1;
        options->compression = -1;
        options->allow_tcp_forwarding = -1;
@@ -158,7 +163,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->server_key_bits == -1)
                options->server_key_bits = 768;
        if (options->login_grace_time == -1)
-               options->login_grace_time = 600;
+               options->login_grace_time = 120;
        if (options->key_regeneration_time == -1)
                options->key_regeneration_time = 3600;
        if (options->permit_root_login == PERMIT_NOT_SET)
@@ -223,6 +228,8 @@ fill_default_server_options(ServerOptions *options)
                options->challenge_response_authentication = 1;
        if (options->permit_empty_passwd == -1)
                options->permit_empty_passwd = 0;
+       if (options->permit_user_env == -1)
+               options->permit_user_env = 0;
        if (options->use_login == -1)
                options->use_login = 0;
        if (options->compression == -1)
@@ -257,7 +264,7 @@ fill_default_server_options(ServerOptions *options)
        if (use_privsep == -1)
                use_privsep = 1;
 
-#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
+#ifndef HAVE_MMAP
        if (use_privsep && options->compression == 1) {
                error("This platform does not support both privilege "
                    "separation and compression");
@@ -291,7 +298,7 @@ typedef enum {
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
        sStrictModes, sEmptyPasswd, sKeepAlives,
-       sUseLogin, sAllowTcpForwarding, sCompression,
+       sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
        sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
        sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
@@ -354,6 +361,7 @@ static struct {
        { "xauthlocation", sXAuthLocation },
        { "strictmodes", sStrictModes },
        { "permitemptypasswords", sEmptyPasswd },
+       { "permituserenvironment", sPermitUserEnvironment },
        { "uselogin", sUseLogin },
        { "compression", sCompression },
        { "keepalive", sKeepAlives },
@@ -423,7 +431,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
        hints.ai_family = IPv4or6;
        hints.ai_socktype = SOCK_STREAM;
        hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
-       snprintf(strport, sizeof strport, "%d", port);
+       snprintf(strport, sizeof strport, "%u", port);
        if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
                fatal("bad addr or host: %s (%s)",
                    addr ? addr : "<NULL>",
@@ -439,9 +447,8 @@ process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum)
 {
        char *cp, **charptr, *arg, *p;
-       int *intptr, value;
+       int *intptr, value, i, n;
        ServerOpCodes opcode;
-       int i, n;
 
        cp = line;
        arg = strdelim(&cp);
@@ -714,6 +721,10 @@ parse_flag:
                intptr = &options->permit_empty_passwd;
                goto parse_flag;
 
+       case sPermitUserEnvironment:
+               intptr = &options->permit_user_env;
+               goto parse_flag;
+
        case sUseLogin:
                intptr = &options->use_login;
                goto parse_flag;
@@ -765,7 +776,8 @@ parse_flag:
                        if (options->num_allow_users >= MAX_ALLOW_USERS)
                                fatal("%s line %d: too many allow users.",
                                    filename, linenum);
-                       options->allow_users[options->num_allow_users++] = xstrdup(arg);
+                       options->allow_users[options->num_allow_users++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -774,7 +786,8 @@ parse_flag:
                        if (options->num_deny_users >= MAX_DENY_USERS)
                                fatal( "%s line %d: too many deny users.",
                                    filename, linenum);
-                       options->deny_users[options->num_deny_users++] = xstrdup(arg);
+                       options->deny_users[options->num_deny_users++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -783,7 +796,8 @@ parse_flag:
                        if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
                                fatal("%s line %d: too many allow groups.",
                                    filename, linenum);
-                       options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
+                       options->allow_groups[options->num_allow_groups++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -900,7 +914,7 @@ parse_flag:
                goto parse_int;
 
        case sDeprecated:
-               log("%s line %d: Deprecated option %s",
+               logit("%s line %d: Deprecated option %s",
                    filename, linenum, arg);
                while (arg)
                    arg = strdelim(&cp);
@@ -921,11 +935,11 @@ parse_flag:
 void
 read_server_config(ServerOptions *options, const char *filename)
 {
-       FILE *f;
+       int linenum, bad_options = 0;
        char line[1024];
-       int linenum;
-       int bad_options = 0;
+       FILE *f;
 
+       debug2("read_server_config: filename %s", filename);
        f = fopen(filename, "r");
        if (!f) {
                perror(filename);
git-cvsimport mirror of OpenSSH
This page took 0.050248 seconds and 4 git commands to generate.