*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.113 2002/07/30 17:03:55 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $");
#if defined(KRB4)
#include <krb.h>
#endif
+
#if defined(KRB5)
-#ifdef HEIMDAL
-#include <krb.h>
-#else
-/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
- * keytab */
-#define KEYFILE "/etc/krb5.keytab"
-#endif
+# ifdef HEIMDAL
+# include <krb.h>
+# else
+/*
+ * XXX: Bodge - but then, so is using the kerberos IV KEYFILE to get a
+ * Kerberos V keytab
+ */
+# define KEYFILE "/etc/krb5.keytab"
+# endif
#endif
+
#ifdef AFS
#include <kafs.h>
#endif
memset(options, 0, sizeof(*options));
/* Portable-specific options */
- options->pam_authentication_via_kbd_int = -1;
+ options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
options->afs_token_passing = -1;
-#endif
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
fill_default_server_options(ServerOptions *options)
{
/* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
+ if (options->use_pam == -1)
+#ifdef USE_PAM
+ options->use_pam = 1;
+#else
+ options->use_pam = 0;
+#endif
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
- options->login_grace_time = 600;
+ options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
options->key_regeneration_time = 3600;
if (options->permit_root_login == PERMIT_NOT_SET)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = 0;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
+ sUsePAM,
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
-#if defined(AFS) || defined(KRB5)
- sKerberosTgtPassing,
-#endif
-#ifdef AFS
- sAFSTokenPassing,
-#endif
- sChallengeResponseAuthentication,
+ sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sUsePrivilegeSeparation,
- sDeprecated
+ sDeprecated, sUnsupported
} ServerOpCodes;
/* Textual representation of the tokens. */
ServerOpCodes opcode;
} keywords[] = {
/* Portable-specific options */
- { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+ { "UsePAM", sUsePAM },
/* Standard Options */
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", sKerberosTgtPassing },
+#else
+ { "kerberosauthentication", sUnsupported },
+ { "kerberosorlocalpasswd", sUnsupported },
+ { "kerberosticketcleanup", sUnsupported },
+ { "kerberostgtpassing", sUnsupported },
#endif
-#ifdef AFS
+#if defined(AFS)
{ "afstokenpassing", sAFSTokenPassing },
+#else
+ { "afstokenpassing", sUnsupported },
#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
opcode = parse_token(arg, filename, linenum);
switch (opcode) {
/* Portable-specific options */
- case sPAMAuthenticationViaKbdInt:
- intptr = &options->pam_authentication_via_kbd_int;
+ case sUsePAM:
+ intptr = &options->use_pam;
goto parse_flag;
/* Standard Options */
case sPubkeyAuthentication:
intptr = &options->pubkey_authentication;
goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
case sKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
case sKerberosTicketCleanup:
intptr = &options->kerberos_ticket_cleanup;
goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
case sKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
-#endif
-#ifdef AFS
+
case sAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
-#endif
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_int;
case sDeprecated:
- log("%s line %d: Deprecated option %s",
+ logit("%s line %d: Deprecated option %s",
+ filename, linenum, arg);
+ while (arg)
+ arg = strdelim(&cp);
+ break;
+
+ case sUnsupported:
+ logit("%s line %d: Unsupported option %s",
filename, linenum, arg);
while (arg)
arg = strdelim(&cp);
char line[1024];
FILE *f;
+ debug2("read_server_config: filename %s", filename);
f = fopen(filename, "r");
if (!f) {
perror(filename);