tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

- jakob@cvs.openbsd.org 2003/05/15 01:48:10

Browse Source 
[readconf.c readconf.h servconf.c servconf.h]
     always parse kerberos options. ok djm@ markus@
 - (djm) Always parse UsePAM
This commit is contained in:
Damien Miller 2003-05-15 12:05:28 +10:00
parent f842fcb296
commit 2aa0ab463f
6 changed files with 22 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -16,6 +16,10 @@
- markus@cvs.openbsd.org 2003/05/15 00:28:28 - markus@cvs.openbsd.org 2003/05/15 00:28:28
[sshconnect2.c] [sshconnect2.c]
cleanup unregister of per-method packet handlers; ok djm@ cleanup unregister of per-method packet handlers; ok djm@
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
- (djm) Configure glue for DNS support (code doesn't work in portable yet) - (djm) Configure glue for DNS support (code doesn't work in portable yet)
20030514 20030514
@ -1492,4 +1496,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2705 2003/05/15 02:01:28 djm Exp $ $Id: ChangeLog,v 1.2706 2003/05/15 02:05:28 djm Exp $

40
readconf.c
View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $"); RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -94,15 +94,7 @@ typedef enum {
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
oPasswordAuthentication, oRSAAuthentication, oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation, oChallengeResponseAuthentication, oXAuthLocation,
#if defined(KRB4) || defined(KRB5) oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
oKerberosAuthentication,
#endif
#if defined(AFS) || defined(KRB5)
oKerberosTgtPassing,
#endif
#ifdef AFS
oAFSTokenPassing,
#endif
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@ -141,15 +133,9 @@ static struct {
{ "challengeresponseauthentication", oChallengeResponseAuthentication }, { "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", oKerberosAuthentication }, { "kerberosauthentication", oKerberosAuthentication },
#endif
#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", oKerberosTgtPassing }, { "kerberostgtpassing", oKerberosTgtPassing },
#endif
#ifdef AFS
{ "afstokenpassing", oAFSTokenPassing }, { "afstokenpassing", oAFSTokenPassing },
#endif
{ "fallbacktorsh", oDeprecated }, { "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated }, { "usersh", oDeprecated },
{ "identityfile", oIdentityFile }, { "identityfile", oIdentityFile },
@ -370,21 +356,19 @@ parse_flag:
case oChallengeResponseAuthentication: case oChallengeResponseAuthentication:
intptr = &options->challenge_response_authentication; intptr = &options->challenge_response_authentication;
goto parse_flag; goto parse_flag;
#if defined(KRB4) || defined(KRB5)
case oKerberosAuthentication: case oKerberosAuthentication:
intptr = &options->kerberos_authentication; intptr = &options->kerberos_authentication;
goto parse_flag; goto parse_flag;
#endif
#if defined(AFS) || defined(KRB5)
case oKerberosTgtPassing: case oKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing; intptr = &options->kerberos_tgt_passing;
goto parse_flag; goto parse_flag;
#endif
#ifdef AFS
case oAFSTokenPassing: case oAFSTokenPassing:
intptr = &options->afs_token_passing; intptr = &options->afs_token_passing;
goto parse_flag; goto parse_flag;
#endif
case oBatchMode: case oBatchMode:
intptr = &options->batch_mode; intptr = &options->batch_mode;
goto parse_flag; goto parse_flag;
@ -786,15 +770,9 @@ initialize_options(Options * options)
options->rsa_authentication = -1; options->rsa_authentication = -1;
options->pubkey_authentication = -1; options->pubkey_authentication = -1;
options->challenge_response_authentication = -1; options->challenge_response_authentication = -1;
#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1; options->kerberos_authentication = -1;
#endif
#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1; options->kerberos_tgt_passing = -1;
#endif
#ifdef AFS
options->afs_token_passing = -1; options->afs_token_passing = -1;
#endif
options->password_authentication = -1; options->password_authentication = -1;
options->kbd_interactive_authentication = -1; options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL; options->kbd_interactive_devices = NULL;
@ -865,18 +843,12 @@ fill_default_options(Options * options)
options->pubkey_authentication = 1; options->pubkey_authentication = 1;
if (options->challenge_response_authentication == -1) if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1; options->challenge_response_authentication = 1;
#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1) if (options->kerberos_authentication == -1)
options->kerberos_authentication = 1; options->kerberos_authentication = 1;
#endif
#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1) if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 1; options->kerberos_tgt_passing = 1;
#endif
#ifdef AFS
if (options->afs_token_passing == -1) if (options->afs_token_passing == -1)
options->afs_token_passing = 1; options->afs_token_passing = 1;
#endif
if (options->password_authentication == -1) if (options->password_authentication == -1)
options->password_authentication = 1; options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1) if (options->kbd_interactive_authentication == -1)

8
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $ */ /* $OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -41,15 +41,9 @@ typedef struct {
int hostbased_authentication; /* ssh2's rhosts_rsa */ int hostbased_authentication; /* ssh2's rhosts_rsa */
int challenge_response_authentication; int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */ /* Try S/Key or TIS, authentication. */
#if defined(KRB4) || defined(KRB5)
int kerberos_authentication; /* Try Kerberos authentication. */ int kerberos_authentication; /* Try Kerberos authentication. */
#endif
#if defined(AFS) || defined(KRB5)
int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ int kerberos_tgt_passing; /* Try Kerberos TGT passing. */
#endif
#ifdef AFS
int afs_token_passing; /* Try AFS token passing. */ int afs_token_passing; /* Try AFS token passing. */
#endif
int password_authentication; /* Try password int password_authentication; /* Try password
* authentication. */ * authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */

45
servconf.c
View File

@ -10,7 +10,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $"); RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $");
#if defined(KRB4) #if defined(KRB4)
#include <krb.h> #include <krb.h>
@ -59,10 +59,8 @@ initialize_server_options(ServerOptions *options)
{ {
memset(options, 0, sizeof(*options)); memset(options, 0, sizeof(*options));
#ifdef USE_PAM
/* Portable-specific options */ /* Portable-specific options */
options->use_pam = -1; options->use_pam = -1;
#endif
/* Standard Options */ /* Standard Options */
options->num_ports = 0; options->num_ports = 0;
@ -92,17 +90,11 @@ initialize_server_options(ServerOptions *options)
options->hostbased_uses_name_from_packet_only = -1; options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1; options->rsa_authentication = -1;
options->pubkey_authentication = -1; options->pubkey_authentication = -1;
#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1; options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1; options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1; options->kerberos_ticket_cleanup = -1;
#endif
#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1; options->kerberos_tgt_passing = -1;
#endif
#ifdef AFS
options->afs_token_passing = -1; options->afs_token_passing = -1;
#endif
options->password_authentication = -1; options->password_authentication = -1;
options->kbd_interactive_authentication = -1; options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1; options->challenge_response_authentication = -1;
@ -138,10 +130,8 @@ void
fill_default_server_options(ServerOptions *options) fill_default_server_options(ServerOptions *options)
{ {
/* Portable-specific options */ /* Portable-specific options */
#ifdef USE_PAM
if (options->use_pam == -1) if (options->use_pam == -1)
options->use_pam = 1; options->use_pam = 0;
#endif
/* Standard Options */ /* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN) if (options->protocol == SSH_PROTO_UNKNOWN)
@ -208,22 +198,16 @@ fill_default_server_options(ServerOptions *options)
options->rsa_authentication = 1; options->rsa_authentication = 1;
if (options->pubkey_authentication == -1) if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1; options->pubkey_authentication = 1;
#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1) if (options->kerberos_authentication == -1)
options->kerberos_authentication = 0; options->kerberos_authentication = 0;
if (options->kerberos_or_local_passwd == -1) if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1; options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1) if (options->kerberos_ticket_cleanup == -1)
options->kerberos_ticket_cleanup = 1; options->kerberos_ticket_cleanup = 1;
#endif
#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1) if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0; options->kerberos_tgt_passing = 0;
#endif
#ifdef AFS
if (options->afs_token_passing == -1) if (options->afs_token_passing == -1)
options->afs_token_passing = 0; options->afs_token_passing = 0;
#endif
if (options->password_authentication == -1) if (options->password_authentication == -1)
options->password_authentication = 1; options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1) if (options->kbd_interactive_authentication == -1)
@ -288,16 +272,8 @@ typedef enum {
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel, sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#if defined(KRB4) || defined(KRB5)
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
#if defined(AFS) || defined(KRB5)
sKerberosTgtPassing,
#endif
#ifdef AFS
sAFSTokenPassing,
#endif
sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts, sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@ -338,17 +314,11 @@ static struct {
{ "rsaauthentication", sRSAAuthentication }, { "rsaauthentication", sRSAAuthentication },
{ "pubkeyauthentication", sPubkeyAuthentication }, { "pubkeyauthentication", sPubkeyAuthentication },
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */ { "dsaauthentication", sPubkeyAuthentication }, /* alias */
#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", sKerberosAuthentication }, { "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup }, { "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", sKerberosTgtPassing }, { "kerberostgtpassing", sKerberosTgtPassing },
#endif
#ifdef AFS
{ "afstokenpassing", sAFSTokenPassing }, { "afstokenpassing", sAFSTokenPassing },
#endif
{ "passwordauthentication", sPasswordAuthentication }, { "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication },
@ -653,7 +623,7 @@ parse_flag:
case sPubkeyAuthentication: case sPubkeyAuthentication:
intptr = &options->pubkey_authentication; intptr = &options->pubkey_authentication;
goto parse_flag; goto parse_flag;
#if defined(KRB4) || defined(KRB5)
case sKerberosAuthentication: case sKerberosAuthentication:
intptr = &options->kerberos_authentication; intptr = &options->kerberos_authentication;
goto parse_flag; goto parse_flag;
@ -665,17 +635,14 @@ parse_flag:
case sKerberosTicketCleanup: case sKerberosTicketCleanup:
intptr = &options->kerberos_ticket_cleanup; intptr = &options->kerberos_ticket_cleanup;
goto parse_flag; goto parse_flag;
#endif
#if defined(AFS) || defined(KRB5)
case sKerberosTgtPassing: case sKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing; intptr = &options->kerberos_tgt_passing;
goto parse_flag; goto parse_flag;
#endif
#ifdef AFS
case sAFSTokenPassing: case sAFSTokenPassing:
intptr = &options->afs_token_passing; intptr = &options->afs_token_passing;
goto parse_flag; goto parse_flag;
#endif
case sPasswordAuthentication: case sPasswordAuthentication:
intptr = &options->password_authentication; intptr = &options->password_authentication;

8
servconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ /* $OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -73,7 +73,6 @@ typedef struct {
int hostbased_uses_name_from_packet_only; /* experimental */ int hostbased_uses_name_from_packet_only; /* experimental */
int rsa_authentication; /* If true, permit RSA authentication. */ int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
#if defined(KRB4) || defined(KRB5)
int kerberos_authentication; /* If true, permit Kerberos int kerberos_authentication; /* If true, permit Kerberos
* authentication. */ * authentication. */
int kerberos_or_local_passwd; /* If true, permit kerberos int kerberos_or_local_passwd; /* If true, permit kerberos
@ -83,14 +82,9 @@ typedef struct {
* /etc/passwd */ * /etc/passwd */
int kerberos_ticket_cleanup; /* If true, destroy ticket int kerberos_ticket_cleanup; /* If true, destroy ticket
* file on logout. */ * file on logout. */
#endif
#if defined(AFS) || defined(KRB5)
int kerberos_tgt_passing; /* If true, permit Kerberos TGT int kerberos_tgt_passing; /* If true, permit Kerberos TGT
* passing. */ * passing. */
#endif
#ifdef AFS
int afs_token_passing; /* If true, permit AFS token passing. */ int afs_token_passing; /* If true, permit AFS token passing. */
#endif
int password_authentication; /* If true, permit password int password_authentication; /* If true, permit password
* authentication. */ * authentication. */
int kbd_interactive_authentication; /* If true, permit */ int kbd_interactive_authentication; /* If true, permit */

5
sshd_config
View File

@ -69,9 +69,10 @@
# Kerberos TGT Passing only works with the AFS kaserver # Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no #KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication # Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing
# Warning: enabling this may bypass the setting of 'PasswordAuthentication' # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no #UsePAM no
#X11Forwarding no #X11Forwarding no
#X11DisplayOffset 10 #X11DisplayOffset 10