Merge branch 'vendor/OPENSSH'
[dragonfly.git] / crypto / openssh / servconf.c
index e7fc2a7..ec96205 100644 (file)
@@ -96,6 +96,7 @@ initialize_server_options(ServerOptions *options)
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
+       options->permit_blacklisted_keys = -1;
        options->permit_empty_passwd = -1;
        options->permit_user_env = -1;
        options->use_login = -1;
@@ -139,7 +140,7 @@ fill_default_server_options(ServerOptions *options)
 
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
-               options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+               options->protocol = SSH_PROTO_2;
        if (options->num_host_key_files == 0) {
                /* fill default hostkeys for protocols */
                if (options->protocol & SSH_PROTO_1)
@@ -165,7 +166,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->key_regeneration_time == -1)
                options->key_regeneration_time = 3600;
        if (options->permit_root_login == PERMIT_NOT_SET)
-               options->permit_root_login = PERMIT_YES;
+               options->permit_root_login = PERMIT_NO;
        if (options->ignore_rhosts == -1)
                options->ignore_rhosts = 1;
        if (options->ignore_user_known_hosts == -1)
@@ -175,7 +176,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->print_lastlog == -1)
                options->print_lastlog = 1;
        if (options->x11_forwarding == -1)
-               options->x11_forwarding = 0;
+               options->x11_forwarding = 1;
        if (options->x11_display_offset == -1)
                options->x11_display_offset = 10;
        if (options->x11_use_localhost == -1)
@@ -218,6 +219,8 @@ fill_default_server_options(ServerOptions *options)
                options->kbd_interactive_authentication = 0;
        if (options->challenge_response_authentication == -1)
                options->challenge_response_authentication = 1;
+       if (options->permit_blacklisted_keys == -1)
+               options->permit_blacklisted_keys = 0;
        if (options->permit_empty_passwd == -1)
                options->permit_empty_passwd = 0;
        if (options->permit_user_env == -1)
@@ -293,7 +296,7 @@ typedef enum {
        sListenAddress, sAddressFamily,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-       sStrictModes, sEmptyPasswd, sTCPKeepAlive,
+       sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
        sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -306,6 +309,7 @@ typedef enum {
        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
        sZeroKnowledgePasswordAuthentication,
+       sVersionAddendum,
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -389,6 +393,7 @@ static struct {
        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
+       { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -418,6 +423,7 @@ static struct {
        { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
        { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
+       { "versionaddendum", sVersionAddendum , SSHCFG_GLOBAL },
        { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
        { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
        { "match", sMatch, SSHCFG_ALL },
@@ -943,6 +949,10 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->tcp_keep_alive;
                goto parse_flag;
 
+       case sPermitBlacklistedKeys:
+               intptr = &options->permit_blacklisted_keys;
+               goto parse_flag;
+
        case sEmptyPasswd:
                intptr = &options->permit_empty_passwd;
                goto parse_flag;
@@ -1294,6 +1304,13 @@ process_server_config_line(ServerOptions *options, char *line,
                        *charptr = xstrdup(arg);
                break;
 
+       case sVersionAddendum:
+                ssh_version_set_addendum(strtok(cp, "\n"));
+                do {
+                        arg = strdelim(&cp);
+                } while (arg != NULL && *arg != '\0');
+               break;
+
        case sDeprecated:
                logit("%s line %d: Deprecated option %s",
                    filename, linenum, arg);