- jakob@cvs.openbsd.org 2003/05/15 14:02:47

[readconf.c servconf.c]
     warn for unsupported config option. ok markus@

ChangeLog

@@ -4,6 +4,9 @@
      [ssh.c]
      Make "ssh -V" print the OpenSSL version in a human readable form. Patch
      from Craig Leres (mindrot at ee.lbl.gov); ok markus@
+   - jakob@cvs.openbsd.org 2003/05/15 14:02:47
+     [readconf.c servconf.c]
+     warn for unsupported config option. ok markus@
 
 20030515
  - (djm) OpenBSD CVS Sync
@@ -1535,4 +1538,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2724 2003/05/16 01:38:00 djm Exp $
+$Id: ChangeLog,v 1.2725 2003/05/16 01:38:32 djm Exp $

readconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.109 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.110 2003/05/15 14:02:47 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -107,7 +107,7 @@ typedef enum {
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
-	oDeprecated
+	oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -133,9 +133,18 @@ static struct {
 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
+#if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", oKerberosAuthentication },
 	{ "kerberostgtpassing", oKerberosTgtPassing },
+#else
+	{ "kerberosauthentication", oUnsupported },
+	{ "kerberostgtpassing", oUnsupported },
+#endif
+#if defined(AFS)
 	{ "afstokenpassing", oAFSTokenPassing },
+#else
+	{ "afstokenpassing", oUnsupported },
+#endif
 	{ "fallbacktorsh", oDeprecated },
 	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
@@ -170,10 +179,18 @@ static struct {
 	{ "preferredauthentications", oPreferredAuthentications },
 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ "bindaddress", oBindAddress },
+#ifdef SMARTCARD
 	{ "smartcarddevice", oSmartcardDevice },
+#else
+	{ "smartcarddevice", oUnsupported },
+#endif
 	{ "clearallforwardings", oClearAllForwardings },
 	{ "enablesshkeysign", oEnableSSHKeysign },
+#ifdef DNS
 	{ "verifyhostkeydns", oVerifyHostKeyDNS },
+#else
+	{ "verifyhostkeydns", oUnsupported },
+#endif
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
 	{ "rekeylimit", oRekeyLimit },
 	{ NULL, oBadOption }
@@ -697,6 +714,11 @@ parse_int:
 		    filename, linenum, keyword);
 		return 0;
 
+	case oUnsupported:
+		error("%s line %d: Unsupported option \"%s\"",
+		    filename, linenum, keyword);
+		return 0;
+
 	default:
 		fatal("process_config_line: Unimplemented opcode %d", opcode);
 	}
@@ -844,23 +866,11 @@ fill_default_options(Options * options)
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
 	if (options->kerberos_authentication == -1)
-#if defined(KRB4) || defined(KRB5)
 		options->kerberos_authentication = 1;
-#else
-		options->kerberos_authentication = 0;
-#endif
 	if (options->kerberos_tgt_passing == -1)
-#if defined(KRB4) || defined(KRB5)
 		options->kerberos_tgt_passing = 1;
-#else
-		options->kerberos_tgt_passing = 0;
-#endif
 	if (options->afs_token_passing == -1)
-#if defined(AFS)
 		options->afs_token_passing = 1;
-#else
-		options->afs_token_passing = 0;
-#endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)

servconf.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.120 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -207,11 +207,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->kerberos_or_local_passwd == -1)
 		options->kerberos_or_local_passwd = 1;
 	if (options->kerberos_ticket_cleanup == -1)
-#if defined(KRB4) || defined(KRB5)
 		options->kerberos_ticket_cleanup = 1;
-#else
-		options->kerberos_ticket_cleanup = 0;
-#endif
 	if (options->kerberos_tgt_passing == -1)
 		options->kerberos_tgt_passing = 0;
 	if (options->afs_token_passing == -1)
@@ -294,7 +290,7 @@ typedef enum {
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sUsePrivilegeSeparation,
-	sDeprecated
+	sDeprecated, sUnsupported
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -322,11 +318,22 @@ static struct {
 	{ "rsaauthentication", sRSAAuthentication },
 	{ "pubkeyauthentication", sPubkeyAuthentication },
 	{ "dsaauthentication", sPubkeyAuthentication },			/* alias */
+#if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", sKerberosAuthentication },
 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
 	{ "kerberostgtpassing", sKerberosTgtPassing },
+#else
+	{ "kerberosauthentication", sUnsupported },
+	{ "kerberosorlocalpasswd", sUnsupported },
+	{ "kerberosticketcleanup", sUnsupported },
+	{ "kerberostgtpassing", sUnsupported },
+#endif
+#if defined(AFS)
 	{ "afstokenpassing", sAFSTokenPassing },
+#else
+	{ "afstokenpassing", sUnsupported },
+#endif
 	{ "passwordauthentication", sPasswordAuthentication },
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
 	{ "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -899,6 +906,13 @@ parse_flag:
 		    arg = strdelim(&cp);
 		break;
 
+	case sUnsupported:
+		logit("%s line %d: Unsupported option %s",
+		    filename, linenum, arg);
+		while (arg)
+		    arg = strdelim(&cp);
+		break;
+
 	default:
 		fatal("%s line %d: Missing handler for opcode %s (%d)",
 		    filename, linenum, arg, opcode);