Displaying 20 results from an estimated 23 matches for "process_server_config_line".
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
...GLOBAL },
+ { "kexalgorithms", sKexAlgorithms, SSHCFG_ALL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
@@ -1239,7 +1239,7 @@ process_server_config_line(ServerOptions
if (!ciphers_valid(arg))
fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
- if (options->ciphers == NULL)
+ if (*activep && options->ciphers == NULL)
options->ciphers = xst...
2006 Mar 29
7
sshd config parser
Hi All.
For various reasons, we're currently looking at extending (or even
overhauling) the config parser used for sshd_config.
Right now the syntax I'm looking at is a cumulative "Match" keyword that
matches when all of the specified criteria are met. This would be
similar the the Host directive used in ssh_config, although it's still
limiting (eg you can't easily
2014 Sep 08
1
possible deadcodes in sources
...d it found several
issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources
too.
* servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;"
--- a/servconf.c
+++ b/servconf.c
@@ -1451,12 +1451,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
filename, linenum);
- if (*activep && *charptr == NULL) {
+ if (*activep &a...
2007 Aug 15
2
[Bug 1355] New: pointer arithmetic/gcc strict-aliasing warnings
...ReportedBy: dtucker at zip.com.au
Blocks: 1353
Recent versions of gcc emit a the following warnings:
readconf.c: In function 'process_config_line':
readconf.c:695: warning: dereferencing type-punned pointer will break
strict-aliasing rules
servconf.c: In function 'process_server_config_line':
servconf.c:979: warning: dereferencing type-punned pointer will break
strict-aliasing rules
servconf.c:990: warning: dereferencing type-punned pointer will break
strict-aliasing rules
Dmitry V. Levin has posted a diff to fix these (see URL).
--
Configure bugmail: http://bugzilla.mindrot....
2014 Jun 19
1
AuthenticationMethods in sshd_config accepting empty method list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone,
I just came across a contradiction between the man page of AuthenticationMethods and the accepted
methods list.
According to the sshd_config manual page:
"""
AuthenticationMethods
Specifies the authentication methods that must be successfully completed for a user to be granted
access. This option must be followed by one
2015 Jun 25
5
Call for testing: OpenSSH 6.9
On 01/06/15 22:17, Tom G. Christensen wrote:
> On sparc-sun-solaris2.6 and sparc-sun-solaris2.7 the testsuite fails:
> run test cfgparse.sh ...
> reparse minimal config
> reparse regress config
> listenaddress order
> bad addr or host: ::1 (no address associated with name)
> listenaddress order 1
> bad addr or host: ::1 (no address associated with name)
> listenaddress
2016 Jun 03
3
[Bug 2581] New: Coverity patches from Fedora
...log, when the key pointer is
always null (it is ensured that it is freed before) the call.
2. mm_pty_allocate contains Dead code (if the second dup fails, it
can't be different than -1) and comparison of the return dup() return
value should be >=0 instead of >0 -- 0 is also valid FD.
3. process_server_config_line: sAuthorizedPrincipalsFile option handles
intptr, without any possible label (therefore always null), which is
dead code (probably copy-paste error from sHostKeyFile)
4. box variable for sandbox context is not freed in the child process
after calling ssh_sandbox_child(), which makes it memory leak...
2002 Nov 24
1
[PATCH] PamServiceNameAppend
...rds[] = {
/* Portable-specific options */
{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+ { "PAMServiceNameAppend", sPAMServiceNameAppend },
/* Standard Options */
{ "port", sPort },
{ "hostkey", sHostKeyFile },
@@ -461,6 +469,15 @@ process_server_config_line(ServerOptions
case sPAMAuthenticationViaKbdInt:
intptr = &options->pam_authentication_via_kbd_int;
goto parse_flag;
+#ifdef USE_PAM
+ case sPAMServiceNameAppend:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: Missing argument.", file...
2002 Dec 05
1
patch to add a PAMServiceName config option
...keys_file; /* File containing public keys */
char *authorized_keys_file2;
int pam_authentication_via_kbd_int;
+ char *pam_service_name;
} ServerOptions;
void initialize_server_options(ServerOptions *);
@@ -139,5 +140,8 @@
void fill_default_server_options(ServerOptions *);
int process_server_config_line(ServerOptions *, char *, const char *, int);
+#if !defined(SSHD_PAM_SERVICE)
+# define SSHD_PAM_SERVICE __progname
+#endif
#endif /* SERVCONF_H */
diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5
--- openssh-3.5p1.orig/sshd_config.5 Thu Sep 19 02:51:22 2002
+++ openssh...
2007 Apr 10
6
[PATCH 0/6] openssh V_4_6: minor fixes/cleanups
This patch series consists of minor fixes and cleanups I made during
update to openssh V_4_6 branch.
openssh/auth-pam.c | 9 ++++-----
openssh/auth2.c | 2 --
openssh/readconf.c | 7 ++++---
openssh/servconf.c | 14 ++++++++------
openssh/sftp-server.c | 9 ++++++---
openssh/sshd.c | 2 +-
6 files changed, 23 insertions(+), 20 deletions(-)
--
ldv
2015 Jan 09
12
[Bug 2335] New: Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Bug ID: 2335
Summary: Config parser accepts ip/port in ListenAddress and
PermitOpen
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2013 Jan 31
2
OpenSSH NoPty patch
...ocation, SSHCFG_GLOBAL },
+ { "nopty", sNoPty, SSHCFG_ALL },
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
@@ -1075,6 +1079,10 @@ process_server_config_line(ServerOptions
charptr = &options->xauth_location;
goto parse_filename;
+ case sNoPty:
+ intptr = &options->no_pty;
+ goto parse_flag;
+
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
@@ -1657,6 +1665,7 @@ copy_set_server_options(ServerOpt...
2011 Jun 22
3
sandbox pre-auth privsep child
...,12 @@ static const struct multistate multistat
{ "no", 0 },
{ NULL, -1 }
};
+static const struct multistate multistate_privsep[] = {
+ { "sandbox", PRIVSEP_SANDBOX },
+ { "yes", PRIVSEP_ON },
+ { "no", PRIVSEP_OFF },
+ { NULL, -1 }
+};
int
process_server_config_line(ServerOptions *options, char *line,
@@ -1066,7 +1072,8 @@ process_server_config_line(ServerOptions
case sUsePrivilegeSeparation:
intptr = &use_privsep;
- goto parse_flag;
+ multistate_ptr = multistate_privsep;
+ goto parse_multistate;
case sAllowUsers:
while ((arg = strdelim(&a...
2015 Jun 25
3
Call for testing: OpenSSH 6.9
On Thu, 25 Jun 2015, Michael Felt wrote:
> Just running a standard make, and then a make install to a packaging
> directory. It seems to be complaining about missing keys - not sure yet if
> this is a show stopper
For packaging you want the install-nokeys rule not install.
--
Tim Rice Multitalents
tim at multitalents.net
2014 Jun 23
2
ListenAdress Exclusion
I was wondering what everyone's thoughts were on a simpler way to exclude
addresses from having listeners on them.
I know a lot of people have multiple subnets, especially larger
corporations.
Some networks are non-route-able, and therefor unsuitable for use with SSH,
aside from communication between other servers on the same subnet.
Given that we may want to exclude those non-route-able
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
...e = SOCK_STREAM;
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
+ hints.ai_protocol = proto;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
fatal("bad addr or host: %s (%s)",
@@ -949,6 +972,12 @@ process_server_config_line(ServerOptions *options, char *line,
break;
+#ifdef USE_SCTP
+ case sListenViaSCTP:
+ intptr = &options->listen_via_sctp;
+ goto parse_flag;
+#endif
+
case sAddressFamily:
intptr = &options->address_family;
multistate_ptr = multistate_addressfamily;
@@ -1974,6 +2003,9...
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2007 Aug 15
9
OpenSSH 4.7: call for testing.
Hi All.
OpenSSH 4.7 is preparing for release so we are asking for any interested
folks to please test a snapshot. The main changes are:
* sshd(8) in new installations defaults to SSH Protocol 2 only.
Existing installations are unchanged.
* The SSH channel window size has been increased, which improves
performance on high-BDP networks.
* ssh(1) and sshd(8) now preserve MAC
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...", sStreamLocalBindRootDirectory, SSHCFG_ALL },
{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
@@ -1823,6 +1827,17 @@ process_server_config_line(ServerOptions *options, char *line,
intptr = &options->fwd_opts.streamlocal_bind_unlink;
goto parse_flag;
+ case sStreamLocalBindRootDirectory:
+ charptr = &options->fwd_opts.streamlocal_bind_root_directory;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+...
2015 Mar 24
12
[Bug 2370] New: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=2370
Bug ID: 2370
Summary: make fails with "rmd160.c", line 35.10: 1506-296 (S)
#include file <endian.h> not found. when using
--without-openssl on AIX
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: AIX