commit 78928793fb23a3a4c80ae62eca6a7826b2987690
author Damien Miller <djm@mindrot.org> Wed Apr 12 20:17:38 2000 +1000
committer Damien Miller <djm@mindrot.org> Wed Apr 12 20:17:38 2000 +1000
tree add8a953ac4cf06877b91624fe7f647b17e6cf6f
parent efb4afe0265333ce554f699c2a19ae249dd8d1b5

 - OpenBSD CVS updates:
   - [channels.c]
     repair x11-fwd
   - [sshconnect.c]
     fix passwd prompt for ssh2, less debugging output.
   - [clientloop.c compat.c dsa.c kex.c sshd.c]
     less debugging output
   - [kex.c kex.h sshconnect.c sshd.c]
     check for reasonable public DH values
   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
     add Cipher and Protocol options to ssh/sshd, e.g.:
     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
     arcfour,3des-cbc'
   - [sshd.c]
     print 1.99 only if server supports both

servconf.c

diff --git a/servconf.c b/servconf.c
index 800c4d5..918fb8e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,11 +12,12 @@
  */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.10 2000/04/12 08:45:06 damien Exp $");
+RCSID("$Id: servconf.c,v 1.11 2000/04/12 10:17:40 damien Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
 #include "xmalloc.h"
+#include "compat.h"
 
 /* add listen address */
 void add_listen_addr(ServerOptions *options, char *addr);
@@ -68,6 +69,8 @@
 	options->num_deny_users = 0;
 	options->num_allow_groups = 0;
 	options->num_deny_groups = 0;
+	options->ciphers = NULL;
+	options->protocol = SSH_PROTO_UNKNOWN;
 }
 
 void 
@@ -139,6 +142,8 @@
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
 		options->use_login = 0;
+	if (options->protocol == SSH_PROTO_UNKNOWN)
+		options->protocol = SSH_PROTO_1;
 }
 
 #define WHITESPACE " \t\r\n"
@@ -162,7 +167,7 @@
 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-	sIgnoreUserKnownHosts, sDSAKeyFile
+	sIgnoreUserKnownHosts, sDSAKeyFile, sCiphers, sProtocol
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -211,6 +216,8 @@
 	{ "denyusers", sDenyUsers },
 	{ "allowgroups", sAllowGroups },
 	{ "denygroups", sDenyGroups },
+	{ "ciphers", sCiphers },
+	{ "protocol", sProtocol },
 	{ NULL, 0 }
 };
 
@@ -494,7 +501,7 @@
 			value = log_facility_number(cp);
 			if (value == (SyslogFacility) - 1)
 				fatal("%.200s line %d: unsupported log facility '%s'\n",
-				  filename, linenum, cp ? cp : "<NONE>");
+				    filename, linenum, cp ? cp : "<NONE>");
 			if (*intptr == -1)
 				*intptr = (SyslogFacility) value;
 			break;
@@ -505,55 +512,67 @@
 			value = log_level_number(cp);
 			if (value == (LogLevel) - 1)
 				fatal("%.200s line %d: unsupported log level '%s'\n",
-				  filename, linenum, cp ? cp : "<NONE>");
+				    filename, linenum, cp ? cp : "<NONE>");
 			if (*intptr == -1)
 				*intptr = (LogLevel) value;
 			break;
 
 		case sAllowUsers:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_allow_users >= MAX_ALLOW_USERS) {
-					fprintf(stderr, "%s line %d: too many allow users.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_allow_users >= MAX_ALLOW_USERS)
+					fatal("%s line %d: too many allow users.\n",
+					    filename, linenum);
 				options->allow_users[options->num_allow_users++] = xstrdup(cp);
 			}
 			break;
 
 		case sDenyUsers:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_deny_users >= MAX_DENY_USERS) {
-					fprintf(stderr, "%s line %d: too many deny users.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_deny_users >= MAX_DENY_USERS)
+					fatal( "%s line %d: too many deny users.\n",
+					    filename, linenum);
 				options->deny_users[options->num_deny_users++] = xstrdup(cp);
 			}
 			break;
 
 		case sAllowGroups:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
-					fprintf(stderr, "%s line %d: too many allow groups.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
+					fatal("%s line %d: too many allow groups.\n",
+					    filename, linenum);
 				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
 			}
 			break;
 
 		case sDenyGroups:
 			while ((cp = strtok(NULL, WHITESPACE))) {
-				if (options->num_deny_groups >= MAX_DENY_GROUPS) {
-					fprintf(stderr, "%s line %d: too many deny groups.\n",
-						filename, linenum);
-					exit(1);
-				}
+				if (options->num_deny_groups >= MAX_DENY_GROUPS)
+					fatal("%s line %d: too many deny groups.\n",
+					    filename, linenum);
 				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
 			}
 			break;
 
+		case sCiphers:
+			cp = strtok(NULL, WHITESPACE);
+			if (!ciphers_valid(cp))
+				fatal("%s line %d: Bad cipher spec '%s'.",
+				    filename, linenum, cp ? cp : "<NONE>");
+			if (options->ciphers == NULL)
+				options->ciphers = xstrdup(cp);
+			break;
+
+		case sProtocol:
+			intptr = &options->protocol;
+			cp = strtok(NULL, WHITESPACE);
+			value = proto_spec(cp);
+			if (value == SSH_PROTO_UNKNOWN)
+				fatal("%s line %d: Bad protocol spec '%s'.",
+				      filename, linenum, cp ? cp : "<NONE>");
+			if (*intptr == SSH_PROTO_UNKNOWN)
+				*intptr = value;
+			break;
+
 		default:
 			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
 				filename, linenum, cp, opcode);