- jakob@cvs.openbsd.org 2003/05/15 14:02:47

     [readconf.c servconf.c]
     warn for unsupported config option. ok markus@

diff --git a/ChangeLog b/ChangeLog
index a7c135248ef7c0536e0596359170f720ab77d970..86e5ca18a0a8d000cf32114bd5f21db7ac2b00b0 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [ssh.c]
      Make "ssh -V" print the OpenSSL version in a human readable form. Patch
      from Craig Leres (mindrot at ee.lbl.gov); ok markus@
+   - jakob@cvs.openbsd.org 2003/05/15 14:02:47
+     [readconf.c servconf.c]
+     warn for unsupported config option. ok markus@
 
 20030515
  - (djm) OpenBSD CVS Sync

diff --git a/readconf.c b/readconf.c
index 3f2ac4e3e0752700065f13e857ca5359bba53545..fee7a89934be8730d4ff45e950365ee0a151b851 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.109 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.110 2003/05/15 14:02:47 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -107,7 +107,7 @@ typedef enum {
        oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
-       oDeprecated
+       oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -133,9 +133,18 @@ static struct {
        { "challengeresponseauthentication", oChallengeResponseAuthentication },
        { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
        { "tisauthentication", oChallengeResponseAuthentication },  /* alias */
+#if defined(KRB4) || defined(KRB5)
        { "kerberosauthentication", oKerberosAuthentication },
        { "kerberostgtpassing", oKerberosTgtPassing },
+#else
+       { "kerberosauthentication", oUnsupported },
+       { "kerberostgtpassing", oUnsupported },
+#endif
+#if defined(AFS)
        { "afstokenpassing", oAFSTokenPassing },
+#else
+       { "afstokenpassing", oUnsupported },
+#endif
        { "fallbacktorsh", oDeprecated },
        { "usersh", oDeprecated },
        { "identityfile", oIdentityFile },
@@ -170,10 +179,18 @@ static struct {
        { "preferredauthentications", oPreferredAuthentications },
        { "hostkeyalgorithms", oHostKeyAlgorithms },
        { "bindaddress", oBindAddress },
+#ifdef SMARTCARD
        { "smartcarddevice", oSmartcardDevice },
+#else
+       { "smartcarddevice", oUnsupported },
+#endif
        { "clearallforwardings", oClearAllForwardings },
        { "enablesshkeysign", oEnableSSHKeysign },
+#ifdef DNS
        { "verifyhostkeydns", oVerifyHostKeyDNS },
+#else
+       { "verifyhostkeydns", oUnsupported },
+#endif
        { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
        { "rekeylimit", oRekeyLimit },
        { NULL, oBadOption }
@@ -697,6 +714,11 @@ parse_int:
                    filename, linenum, keyword);
                return 0;
 
+       case oUnsupported:
+               error("%s line %d: Unsupported option \"%s\"",
+                   filename, linenum, keyword);
+               return 0;
+
        default:
                fatal("process_config_line: Unimplemented opcode %d", opcode);
        }
@@ -844,23 +866,11 @@ fill_default_options(Options * options)
        if (options->challenge_response_authentication == -1)
                options->challenge_response_authentication = 1;
        if (options->kerberos_authentication == -1)
-#if defined(KRB4) || defined(KRB5)
                options->kerberos_authentication = 1;
-#else
-               options->kerberos_authentication = 0;
-#endif
        if (options->kerberos_tgt_passing == -1)
-#if defined(KRB4) || defined(KRB5)
                options->kerberos_tgt_passing = 1;
-#else
-               options->kerberos_tgt_passing = 0;
-#endif
        if (options->afs_token_passing == -1)
-#if defined(AFS)
                options->afs_token_passing = 1;
-#else
-               options->afs_token_passing = 0;
-#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)

diff --git a/servconf.c b/servconf.c
index 5840961e3870dab529b781d811985c580109a21a..f37193a8feb0b4af55e40823750e04b0abaa2fbb 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.120 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -207,11 +207,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->kerberos_or_local_passwd == -1)
                options->kerberos_or_local_passwd = 1;
        if (options->kerberos_ticket_cleanup == -1)
-#if defined(KRB4) || defined(KRB5)
                options->kerberos_ticket_cleanup = 1;
-#else
-               options->kerberos_ticket_cleanup = 0;
-#endif
        if (options->kerberos_tgt_passing == -1)
                options->kerberos_tgt_passing = 0;
        if (options->afs_token_passing == -1)
@@ -294,7 +290,7 @@ typedef enum {
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
        sUsePrivilegeSeparation,
-       sDeprecated
+       sDeprecated, sUnsupported
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -322,11 +318,22 @@ static struct {
        { "rsaauthentication", sRSAAuthentication },
        { "pubkeyauthentication", sPubkeyAuthentication },
        { "dsaauthentication", sPubkeyAuthentication },                 /* alias */
+#if defined(KRB4) || defined(KRB5)
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
        { "kerberostgtpassing", sKerberosTgtPassing },
+#else
+       { "kerberosauthentication", sUnsupported },
+       { "kerberosorlocalpasswd", sUnsupported },
+       { "kerberosticketcleanup", sUnsupported },
+       { "kerberostgtpassing", sUnsupported },
+#endif
+#if defined(AFS)
        { "afstokenpassing", sAFSTokenPassing },
+#else
+       { "afstokenpassing", sUnsupported },
+#endif
        { "passwordauthentication", sPasswordAuthentication },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
        { "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -899,6 +906,13 @@ parse_flag:
                    arg = strdelim(&cp);
                break;
 
+       case sUnsupported:
+               logit("%s line %d: Unsupported option %s",
+                   filename, linenum, arg);
+               while (arg)
+                   arg = strdelim(&cp);
+               break;
+
        default:
                fatal("%s line %d: Missing handler for opcode %s (%d)",
                    filename, linenum, arg, opcode);