- jakob@cvs.openbsd.org 2003/05/15 01:48:10

[readconf.c readconf.h servconf.c servconf.h] always parse kerberos options. ok djm@ markus@ - (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00 · 2003-05-15 12:05:28 +10:00 · 2aa0ab463f
parent f842fcb296
commit 2aa0ab463f
6 changed files with 22 additions and 90 deletions
--- a/6
+++ b/6
@ -16,6 +16,10 @@
   - markus@cvs.openbsd.org 2003/05/15 00:28:28
     [sshconnect2.c]
     cleanup unregister of per-method packet handlers; ok djm@
+   - jakob@cvs.openbsd.org 2003/05/15 01:48:10
+     [readconf.c readconf.h servconf.c servconf.h]
+     always parse kerberos options. ok djm@ markus@
+ - (djm) Always parse UsePAM
 - (djm) Configure glue for DNS support (code doesn't work in portable yet)

 20030514
@ -1492,4 +1496,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2705 2003/05/15 02:01:28 djm Exp $
+$Id: ChangeLog,v 1.2706 2003/05/15 02:05:28 djm Exp $
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
@ -94,15 +94,7 @@ typedef enum {
 	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
 	oPasswordAuthentication, oRSAAuthentication,
 	oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
-	oKerberosAuthentication,
-#endif
-#if defined(AFS) || defined(KRB5)
-	oKerberosTgtPassing,
-#endif
-#ifdef AFS
-	oAFSTokenPassing,
-#endif
+	oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
 	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
 	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@ -141,15 +133,9 @@ static struct {
 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
 	{ "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
 	{ "afstokenpassing", oAFSTokenPassing },
-#endif
 	{ "fallbacktorsh", oDeprecated },
 	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
@ -370,21 +356,19 @@ parse_flag:
 	case oChallengeResponseAuthentication:
 		intptr = &options->challenge_response_authentication;
 		goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
 	case oKerberosAuthentication:
 		intptr = &options->kerberos_authentication;
 		goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
 	case oKerberosTgtPassing:
 		intptr = &options->kerberos_tgt_passing;
 		goto parse_flag;
-#endif
-#ifdef AFS
+
 	case oAFSTokenPassing:
 		intptr = &options->afs_token_passing;
 		goto parse_flag;
-#endif
+
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
@ -786,15 +770,9 @@ initialize_options(Options * options)
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
 	options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
 	options->afs_token_passing = -1;
-#endif
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
@ -865,18 +843,12 @@ fill_default_options(Options * options)
 		options->pubkey_authentication = 1;
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	if (options->kerberos_tgt_passing == -1)
 		options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
 	if (options->afs_token_passing == -1)
 		options->afs_token_passing = 1;
-#endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -41,15 +41,9 @@ typedef struct {
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
 	int     challenge_response_authentication;
 					/* Try S/Key or TIS, authentication. */
-#if defined(KRB4) || defined(KRB5)
 	int     kerberos_authentication;	/* Try Kerberos authentication. */
-#endif
-#if defined(AFS) || defined(KRB5)
 	int     kerberos_tgt_passing;	/* Try Kerberos TGT passing. */
-#endif
-#ifdef AFS
 	int     afs_token_passing;	/* Try AFS token passing. */
-#endif
 	int     password_authentication;	/* Try password
 						 * authentication. */
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
--- a/servconf.c
+++ b/servconf.c
@ -10,7 +10,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");

 #if defined(KRB4)
 #include <krb.h>
@ -59,10 +59,8 @@ initialize_server_options(ServerOptions *options)
 {
 	memset(options, 0, sizeof(*options));

-#ifdef USE_PAM
 	/* Portable-specific options */
 	options->use_pam = -1;
-#endif

 	/* Standard Options */
 	options->num_ports = 0;
@ -92,17 +90,11 @@ initialize_server_options(ServerOptions *options)
 	options->hostbased_uses_name_from_packet_only = -1;
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
 	options->kerberos_authentication = -1;
 	options->kerberos_or_local_passwd = -1;
 	options->kerberos_ticket_cleanup = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
 	options->afs_token_passing = -1;
-#endif
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
@ -138,10 +130,8 @@ void
 fill_default_server_options(ServerOptions *options)
 {
 	/* Portable-specific options */
-#ifdef USE_PAM
 	if (options->use_pam == -1)
-		options->use_pam = 1;
-#endif
+		options->use_pam = 0;

 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
@ -208,22 +198,16 @@ fill_default_server_options(ServerOptions *options)
 		options->rsa_authentication = 1;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = 0;
 	if (options->kerberos_or_local_passwd == -1)
 		options->kerberos_or_local_passwd = 1;
 	if (options->kerberos_ticket_cleanup == -1)
 		options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	if (options->kerberos_tgt_passing == -1)
 		options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
 	if (options->afs_token_passing == -1)
 		options->afs_token_passing = 0;
-#endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
@ -288,16 +272,8 @@ typedef enum {
 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
 	sPermitRootLogin, sLogFacility, sLogLevel,
 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#if defined(KRB4) || defined(KRB5)
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-#endif
-#if defined(AFS) || defined(KRB5)
-	sKerberosTgtPassing,
-#endif
-#ifdef AFS
-	sAFSTokenPassing,
-#endif
-	sChallengeResponseAuthentication,
+	sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
 	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@ -338,17 +314,11 @@ static struct {
 	{ "rsaauthentication", sRSAAuthentication },
 	{ "pubkeyauthentication", sPubkeyAuthentication },
 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
-#if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", sKerberosAuthentication },
 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
 	{ "kerberostgtpassing", sKerberosTgtPassing },
-#endif
-#ifdef AFS
 	{ "afstokenpassing", sAFSTokenPassing },
-#endif
 	{ "passwordauthentication", sPasswordAuthentication },
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
@ -653,7 +623,7 @@ parse_flag:
 	case sPubkeyAuthentication:
 		intptr = &options->pubkey_authentication;
 		goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
 	case sKerberosAuthentication:
 		intptr = &options->kerberos_authentication;
 		goto parse_flag;
@ -665,17 +635,14 @@ parse_flag:
 	case sKerberosTicketCleanup:
 		intptr = &options->kerberos_ticket_cleanup;
 		goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
 	case sKerberosTgtPassing:
 		intptr = &options->kerberos_tgt_passing;
 		goto parse_flag;
-#endif
-#ifdef AFS
+
 	case sAFSTokenPassing:
 		intptr = &options->afs_token_passing;
 		goto parse_flag;
-#endif

 	case sPasswordAuthentication:
 		intptr = &options->password_authentication;
--- a/servconf.h
+++ b/servconf.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $	*/
+/*	$OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -73,7 +73,6 @@ typedef struct {
 	int     hostbased_uses_name_from_packet_only; /* experimental */
 	int     rsa_authentication;	/* If true, permit RSA authentication. */
 	int     pubkey_authentication;	/* If true, permit ssh2 pubkey authentication. */
-#if defined(KRB4) || defined(KRB5)
 	int     kerberos_authentication;	/* If true, permit Kerberos
 						 * authentication. */
 	int     kerberos_or_local_passwd;	/* If true, permit kerberos
@ -83,14 +82,9 @@ typedef struct {
 						 * /etc/passwd */
 	int     kerberos_ticket_cleanup;	/* If true, destroy ticket
 						 * file on logout. */
-#endif
-#if defined(AFS) || defined(KRB5)
 	int     kerberos_tgt_passing;	/* If true, permit Kerberos TGT
 					 * passing. */
-#endif
-#ifdef AFS
 	int     afs_token_passing;	/* If true, permit AFS token passing. */
-#endif
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
--- a/5
+++ b/5
@ -69,9 +69,10 @@
 # Kerberos TGT Passing only works with the AFS kaserver
 #KerberosTgtPassing no

-# Set this to 'yes' to enable PAM keyboard-interactive authentication 
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing
 # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt no
+#UsePAM no

 #X11Forwarding no
 #X11DisplayOffset 10