1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Move things around so hpn applies cleanly when using X509.
--- openssh-5.2p1+x509/Makefile.in
+++ openssh-5.2p1+x509/Makefile.in
@@ -44,11 +44,12 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS += @LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-5.2p1+x509/servconf.c
+++ openssh-5.2p1+x509/servconf.c
@@ -108,6 +108,17 @@
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
+ options->hostbased_algorithms = NULL;
+ options->pubkey_algorithms = NULL;
+ ssh_x509flags_initialize(&options->x509flags, 1);
+#ifndef SSH_X509STORE_DISABLED
+ ssh_x509store_initialize(&options->ca);
+#endif /*ndef SSH_X509STORE_DISABLED*/
+#ifdef SSH_OCSP_ENABLED
+ options->va.type = -1;
+ options->va.certificate_file = NULL;
+ options->va.responder_url = NULL;
+#endif /*def SSH_OCSP_ENABLED*/
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
@@ -152,18 +163,6 @@
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->zero_knowledge_password_authentication = -1;
-
- options->hostbased_algorithms = NULL;
- options->pubkey_algorithms = NULL;
- ssh_x509flags_initialize(&options->x509flags, 1);
-#ifndef SSH_X509STORE_DISABLED
- ssh_x509store_initialize(&options->ca);
-#endif /*ndef SSH_X509STORE_DISABLED*/
-#ifdef SSH_OCSP_ENABLED
- options->va.type = -1;
- options->va.certificate_file = NULL;
- options->va.responder_url = NULL;
-#endif /*def SSH_OCSP_ENABLED*/
}
void
@@ -341,6 +340,16 @@
/* Portable-specific options */
sUsePAM,
/* Standard Options */
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+ sAllowedClientCertPurpose,
+ sKeyAllowSelfIssued, sMandatoryCRL,
+ sCACertificateFile, sCACertificatePath,
+ sCARevocationFile, sCARevocationPath,
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
@@ -364,16 +373,6 @@
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication,
- sHostbasedAlgorithms,
- sPubkeyAlgorithms,
- sX509KeyAlgorithm,
- sAllowedClientCertPurpose,
- sKeyAllowSelfIssued, sMandatoryCRL,
- sCACertificateFile, sCACertificatePath,
- sCARevocationFile, sCARevocationPath,
- sCAldapVersion, sCAldapURL,
- sVAType, sVACertificateFile,
- sVAOCSPResponderURL,
sDeprecated, sUnsupported
} ServerOpCodes;
|