src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2000-04-12 07:45:45 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2000-04-12 07:45:45 +0000
commit	02bf74bb72f8e68721c80fd5ee6c50a599ca9350 (patch)
tree	bf0e02e49adb6b8d3f28a70df49a365f0ef01d8c /usr.bin/ssh/servconf.c
parent	3f6547314a456d02e3306664e55213db57f93a14 (diff)

add Cipher and Protocol options to ssh/sshd, e.g.:

ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers arcfour,3des-cbc'

Diffstat (limited to 'usr.bin/ssh/servconf.c')

-rw-r--r--

usr.bin/ssh/servconf.c

1 files changed, 43 insertions, 24 deletions

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 14d351c8a4b..a67c440e61e 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c

@@ -12,11 +12,12 @@

#include "includes.h"

-RCSID("$Id: servconf.c,v 1.32 2000/04/06 08:55:22 markus Exp $");

+RCSID("$Id: servconf.c,v 1.33 2000/04/12 07:45:44 markus Exp $");

#include "ssh.h"

#include "servconf.h"

#include "xmalloc.h"

+#include "compat.h"

/* add listen address */

void add_listen_addr(ServerOptions *options, char *addr);

@@ -68,6 +69,8 @@ initialize_server_options(ServerOptions *options)

options->num_deny_users = 0;

options->num_allow_groups = 0;

options->num_deny_groups = 0;

+ options->ciphers = NULL;

+ options->protocol = SSH_PROTO_UNKNOWN;

}

void

@@ -139,6 +142,8 @@ fill_default_server_options(ServerOptions *options)

options->permit_empty_passwd = 0;

if (options->use_login == -1)

options->use_login = 0;

+ if (options->protocol == SSH_PROTO_UNKNOWN)

+ options->protocol = SSH_PROTO_1;

}

#define WHITESPACE " \t\r\n"

@@ -162,7 +167,7 @@ typedef enum {

sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,

sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,

sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,

- sIgnoreUserKnownHosts, sDSAKeyFile

+ sIgnoreUserKnownHosts, sDSAKeyFile, sCiphers, sProtocol

} ServerOpCodes;

/* Textual representation of the tokens. */

@@ -211,6 +216,8 @@ static struct {

{ "denyusers", sDenyUsers },

{ "allowgroups", sAllowGroups },

{ "denygroups", sDenyGroups },

+ { "ciphers", sCiphers },

+ { "protocol", sProtocol },

{ NULL, 0 }

};

@@ -494,7 +501,7 @@ parse_flag:

value = log_facility_number(cp);

if (value == (SyslogFacility) - 1)

fatal("%.200s line %d: unsupported log facility '%s'\n",

- filename, linenum, cp ? cp : "<NONE>");

+ filename, linenum, cp ? cp : "<NONE>");

if (*intptr == -1)

*intptr = (SyslogFacility) value;

break;

@@ -505,55 +512,67 @@ parse_flag:

value = log_level_number(cp);

if (value == (LogLevel) - 1)

fatal("%.200s line %d: unsupported log level '%s'\n",

- filename, linenum, cp ? cp : "<NONE>");

+ filename, linenum, cp ? cp : "<NONE>");

if (*intptr == -1)

*intptr = (LogLevel) value;

break;

case sAllowUsers:

while ((cp = strtok(NULL, WHITESPACE))) {

- if (options->num_allow_users >= MAX_ALLOW_USERS) {

- fprintf(stderr, "%s line %d: too many allow users.\n",

- filename, linenum);

- exit(1);

- }

+ if (options->num_allow_users >= MAX_ALLOW_USERS)

+ fatal("%s line %d: too many allow users.\n",

+ filename, linenum);

options->allow_users[options->num_allow_users++] = xstrdup(cp);

}

break;

case sDenyUsers:

while ((cp = strtok(NULL, WHITESPACE))) {

- if (options->num_deny_users >= MAX_DENY_USERS) {

- fprintf(stderr, "%s line %d: too many deny users.\n",

- filename, linenum);

- exit(1);

- }

+ if (options->num_deny_users >= MAX_DENY_USERS)

+ fatal( "%s line %d: too many deny users.\n",

+ filename, linenum);

options->deny_users[options->num_deny_users++] = xstrdup(cp);

}

break;

case sAllowGroups:

while ((cp = strtok(NULL, WHITESPACE))) {

- if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {

- fprintf(stderr, "%s line %d: too many allow groups.\n",

- filename, linenum);

- exit(1);

- }

+ if (options->num_allow_groups >= MAX_ALLOW_GROUPS)

+ fatal("%s line %d: too many allow groups.\n",

+ filename, linenum);

options->allow_groups[options->num_allow_groups++] = xstrdup(cp);

}

break;

case sDenyGroups:

while ((cp = strtok(NULL, WHITESPACE))) {

- if (options->num_deny_groups >= MAX_DENY_GROUPS) {

- fprintf(stderr, "%s line %d: too many deny groups.\n",

- filename, linenum);

- exit(1);

- }

+ if (options->num_deny_groups >= MAX_DENY_GROUPS)

+ fatal("%s line %d: too many deny groups.\n",

+ filename, linenum);

options->deny_groups[options->num_deny_groups++] = xstrdup(cp);

}

break;

+ case sCiphers:

+ cp = strtok(NULL, WHITESPACE);

+ if (!ciphers_valid(cp))

+ fatal("%s line %d: Bad cipher spec '%s'.",

+ filename, linenum, cp ? cp : "<NONE>");

+ if (options->ciphers == NULL)

+ options->ciphers = xstrdup(cp);

+ break;

+ case sProtocol:

+ intptr = &options->protocol;

+ cp = strtok(NULL, WHITESPACE);

+ value = proto_spec(cp);

+ if (value == SSH_PROTO_UNKNOWN)

+ fatal("%s line %d: Bad protocol spec '%s'.",

+ filename, linenum, cp ? cp : "<NONE>");

+ if (*intptr == SSH_PROTO_UNKNOWN)

+ *intptr = value;

+ break;

default:

fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",

filename, linenum, cp, opcode);