- jakob@cvs.openbsd.org 2003/05/15 14:02:47
[readconf.c servconf.c]
warn for unsupported config option. ok markus@
diff --git a/ChangeLog b/ChangeLog
index 801ca5a..be3c48c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
[ssh.c]
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
+ - jakob@cvs.openbsd.org 2003/05/15 14:02:47
+ [readconf.c servconf.c]
+ warn for unsupported config option. ok markus@
20030515
- (djm) OpenBSD CVS Sync
@@ -1535,4 +1538,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
-$Id: ChangeLog,v 1.2724 2003/05/16 01:38:00 djm Exp $
+$Id: ChangeLog,v 1.2725 2003/05/16 01:38:32 djm Exp $
diff --git a/readconf.c b/readconf.c
index 3f2ac4e..fee7a89 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.109 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.110 2003/05/15 14:02:47 jakob Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -107,7 +107,7 @@
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
- oDeprecated
+ oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@@ -133,9 +133,18 @@
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
+#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", oKerberosAuthentication },
{ "kerberostgtpassing", oKerberosTgtPassing },
+#else
+ { "kerberosauthentication", oUnsupported },
+ { "kerberostgtpassing", oUnsupported },
+#endif
+#if defined(AFS)
{ "afstokenpassing", oAFSTokenPassing },
+#else
+ { "afstokenpassing", oUnsupported },
+#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
@@ -170,10 +179,18 @@
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+#ifdef SMARTCARD
{ "smartcarddevice", oSmartcardDevice },
+#else
+ { "smartcarddevice", oUnsupported },
+#endif
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
+#ifdef DNS
{ "verifyhostkeydns", oVerifyHostKeyDNS },
+#else
+ { "verifyhostkeydns", oUnsupported },
+#endif
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ "rekeylimit", oRekeyLimit },
{ NULL, oBadOption }
@@ -697,6 +714,11 @@
filename, linenum, keyword);
return 0;
+ case oUnsupported:
+ error("%s line %d: Unsupported option \"%s\"",
+ filename, linenum, keyword);
+ return 0;
+
default:
fatal("process_config_line: Unimplemented opcode %d", opcode);
}
@@ -844,23 +866,11 @@
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
if (options->kerberos_authentication == -1)
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = 1;
-#else
- options->kerberos_authentication = 0;
-#endif
if (options->kerberos_tgt_passing == -1)
-#if defined(KRB4) || defined(KRB5)
options->kerberos_tgt_passing = 1;
-#else
- options->kerberos_tgt_passing = 0;
-#endif
if (options->afs_token_passing == -1)
-#if defined(AFS)
options->afs_token_passing = 1;
-#else
- options->afs_token_passing = 0;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
diff --git a/servconf.c b/servconf.c
index 5840961..f37193a 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.120 2003/05/15 04:08:44 jakob Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.121 2003/05/15 14:02:47 jakob Exp $");
#if defined(KRB4)
#include <krb.h>
@@ -207,11 +207,7 @@
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 1;
if (options->kerberos_ticket_cleanup == -1)
-#if defined(KRB4) || defined(KRB5)
options->kerberos_ticket_cleanup = 1;
-#else
- options->kerberos_ticket_cleanup = 0;
-#endif
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
if (options->afs_token_passing == -1)
@@ -294,7 +290,7 @@
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sUsePrivilegeSeparation,
- sDeprecated
+ sDeprecated, sUnsupported
} ServerOpCodes;
/* Textual representation of the tokens. */
@@ -322,11 +318,22 @@
{ "rsaauthentication", sRSAAuthentication },
{ "pubkeyauthentication", sPubkeyAuthentication },
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
+#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberosticketcleanup", sKerberosTicketCleanup },
{ "kerberostgtpassing", sKerberosTgtPassing },
+#else
+ { "kerberosauthentication", sUnsupported },
+ { "kerberosorlocalpasswd", sUnsupported },
+ { "kerberosticketcleanup", sUnsupported },
+ { "kerberostgtpassing", sUnsupported },
+#endif
+#if defined(AFS)
{ "afstokenpassing", sAFSTokenPassing },
+#else
+ { "afstokenpassing", sUnsupported },
+#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication },
@@ -899,6 +906,13 @@
arg = strdelim(&cp);
break;
+ case sUnsupported:
+ logit("%s line %d: Unsupported option %s",
+ filename, linenum, arg);
+ while (arg)
+ arg = strdelim(&cp);
+ break;
+
default:
fatal("%s line %d: Missing handler for opcode %s (%d)",
filename, linenum, arg, opcode);