Attachment #2751 for bug #2486

View | Details | Raw Unified | Return to bug 2486
Collapse All | Expand All

Lines 373-378 fill_default_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (+11 lines)
373	CLEAR_ON_NONE(options->trusted_user_ca_keys);	373	CLEAR_ON_NONE(options->trusted_user_ca_keys);
374	CLEAR_ON_NONE(options->revoked_keys_file);	374	CLEAR_ON_NONE(options->revoked_keys_file);
375	CLEAR_ON_NONE(options->authorized_principals_file);	375	CLEAR_ON_NONE(options->authorized_principals_file);
		376	CLEAR_ON_NONE(options->adm_forced_command);
		377	CLEAR_ON_NONE(options->chroot_directory);
376	for (i = 0; i < options->num_host_key_files; i++)	378	for (i = 0; i < options->num_host_key_files; i++)
377	CLEAR_ON_NONE(options->host_key_files[i]);	379	CLEAR_ON_NONE(options->host_key_files[i]);
378	for (i = 0; i < options->num_host_cert_files; i++)	380	for (i = 0; i < options->num_host_cert_files; i++)
Lines 2034-2041 copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth) Link Here
2034	if (preauth)	2036	if (preauth)
2035	return;	2037	return;
2036		2038
		2039	/* These options may be "none" to clear a global setting */
2037	M_CP_STROPT(adm_forced_command);	2040	M_CP_STROPT(adm_forced_command);
		2041	if (option_clear_or_none(dst->adm_forced_command)) {
		2042	free(dst->adm_forced_command);
		2043	dst->adm_forced_command = NULL;
		2044	}
2038	M_CP_STROPT(chroot_directory);	2045	M_CP_STROPT(chroot_directory);
		2046	if (option_clear_or_none(dst->chroot_directory)) {
		2047	free(dst->chroot_directory);
		2048	dst->chroot_directory = NULL;
		2049	}
2039	}	2050	}
2040		2051
2041	#undef M_CP_INTOPT	2052	#undef M_CP_INTOPT

Lines 432-438 Misconfiguration can lead to unsafe environments which Link Here

(-)a/sshd_config.5 (-1 / +5 lines)
432	.Xr sshd 8	432	.Xr sshd 8
433	cannot detect.	433	cannot detect.
434	.Pp	434	.Pp
435	The default is not to	435	The default is
		436	.Dq none ,
		437	indicating not to
436	.Xr chroot 2 .	438	.Xr chroot 2 .
437	.It Cm Ciphers	439	.It Cm Ciphers
438	Specifies the ciphers allowed for protocol version 2.	440	Specifies the ciphers allowed for protocol version 2.
Lines 599-604 Specifying a command of Link Here
599	will force the use of an in-process sftp server that requires no support	601	will force the use of an in-process sftp server that requires no support
600	files when used with	602	files when used with
601	.Cm ChrootDirectory .	603	.Cm ChrootDirectory .
		604	The default is
		605	.Dq none .
602	.It Cm GatewayPorts	606	.It Cm GatewayPorts
603	Specifies whether remote hosts are allowed to connect to ports	607	Specifies whether remote hosts are allowed to connect to ports
604	forwarded for the client.	608	forwarded for the client.

Return to bug 2486