diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 23:52:36 +0100 |
| commit | 78799892cb1858927be02be9737c594052e3f910 (patch) | |
| tree | ac3dc2e848ab9dc62fe4252e01e52c3d456f628f /readconf.c | |
| parent | 3875951bb76a9ec62634ae4026c9cc885d933477 (diff) | |
| parent | 31e30b835fd9695d3b6647cab4867001b092e28f (diff) | |
* New upstream release (http://www.openssh.com/txt/release-5.6):
- Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting. This
connection can stay alive indefinitely, or can be set to automatically
close after a user-specified duration of inactivity (closes: #335697,
#350898, #454787, #500573, #550262).
- Support AuthorizedKeysFile, AuthorizedPrincipalsFile,
HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5)
Match blocks (closes: #549858).
- sftp(1): fix ls in working directories that contain globbing
characters in their pathnames (LP: #530714).
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 71 |
1 files changed, 62 insertions, 9 deletions
diff --git a/readconf.c b/readconf.c index 2a5a706ab..0e83f5809 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.183 2010/02/08 10:50:20 markus Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -112,8 +112,8 @@ | |||
| 112 | 112 | ||
| 113 | typedef enum { | 113 | typedef enum { |
| 114 | oBadOption, | 114 | oBadOption, |
| 115 | oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, | 115 | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, |
| 116 | oExitOnForwardFailure, | 116 | oGatewayPorts, oExitOnForwardFailure, |
| 117 | oPasswordAuthentication, oRSAAuthentication, | 117 | oPasswordAuthentication, oRSAAuthentication, |
| 118 | oChallengeResponseAuthentication, oXAuthLocation, | 118 | oChallengeResponseAuthentication, oXAuthLocation, |
| 119 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 119 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
| @@ -132,7 +132,8 @@ typedef enum { | |||
| 132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
| 133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | 133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
| 134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| 135 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 135 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
| 136 | oHashKnownHosts, | ||
| 136 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
| 137 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
| 138 | oProtocolKeepAlives, oSetupTimeOut, | 139 | oProtocolKeepAlives, oSetupTimeOut, |
| @@ -148,6 +149,7 @@ static struct { | |||
| 148 | { "forwardagent", oForwardAgent }, | 149 | { "forwardagent", oForwardAgent }, |
| 149 | { "forwardx11", oForwardX11 }, | 150 | { "forwardx11", oForwardX11 }, |
| 150 | { "forwardx11trusted", oForwardX11Trusted }, | 151 | { "forwardx11trusted", oForwardX11Trusted }, |
| 152 | { "forwardx11timeout", oForwardX11Timeout }, | ||
| 151 | { "exitonforwardfailure", oExitOnForwardFailure }, | 153 | { "exitonforwardfailure", oExitOnForwardFailure }, |
| 152 | { "xauthlocation", oXAuthLocation }, | 154 | { "xauthlocation", oXAuthLocation }, |
| 153 | { "gatewayports", oGatewayPorts }, | 155 | { "gatewayports", oGatewayPorts }, |
| @@ -238,6 +240,7 @@ static struct { | |||
| 238 | { "sendenv", oSendEnv }, | 240 | { "sendenv", oSendEnv }, |
| 239 | { "controlpath", oControlPath }, | 241 | { "controlpath", oControlPath }, |
| 240 | { "controlmaster", oControlMaster }, | 242 | { "controlmaster", oControlMaster }, |
| 243 | { "controlpersist", oControlPersist }, | ||
| 241 | { "hashknownhosts", oHashKnownHosts }, | 244 | { "hashknownhosts", oHashKnownHosts }, |
| 242 | { "tunnel", oTunnel }, | 245 | { "tunnel", oTunnel }, |
| 243 | { "tunneldevice", oTunnelDevice }, | 246 | { "tunneldevice", oTunnelDevice }, |
| @@ -271,8 +274,9 @@ add_local_forward(Options *options, const Forward *newfwd) | |||
| 271 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) | 274 | if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) |
| 272 | fatal("Privileged ports can only be forwarded by root."); | 275 | fatal("Privileged ports can only be forwarded by root."); |
| 273 | #endif | 276 | #endif |
| 274 | if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) | 277 | options->local_forwards = xrealloc(options->local_forwards, |
| 275 | fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); | 278 | options->num_local_forwards + 1, |
| 279 | sizeof(*options->local_forwards)); | ||
| 276 | fwd = &options->local_forwards[options->num_local_forwards++]; | 280 | fwd = &options->local_forwards[options->num_local_forwards++]; |
| 277 | 281 | ||
| 278 | fwd->listen_host = newfwd->listen_host; | 282 | fwd->listen_host = newfwd->listen_host; |
| @@ -290,15 +294,17 @@ void | |||
| 290 | add_remote_forward(Options *options, const Forward *newfwd) | 294 | add_remote_forward(Options *options, const Forward *newfwd) |
| 291 | { | 295 | { |
| 292 | Forward *fwd; | 296 | Forward *fwd; |
| 293 | if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) | 297 | |
| 294 | fatal("Too many remote forwards (max %d).", | 298 | options->remote_forwards = xrealloc(options->remote_forwards, |
| 295 | SSH_MAX_FORWARDS_PER_DIRECTION); | 299 | options->num_remote_forwards + 1, |
| 300 | sizeof(*options->remote_forwards)); | ||
| 296 | fwd = &options->remote_forwards[options->num_remote_forwards++]; | 301 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
| 297 | 302 | ||
| 298 | fwd->listen_host = newfwd->listen_host; | 303 | fwd->listen_host = newfwd->listen_host; |
| 299 | fwd->listen_port = newfwd->listen_port; | 304 | fwd->listen_port = newfwd->listen_port; |
| 300 | fwd->connect_host = newfwd->connect_host; | 305 | fwd->connect_host = newfwd->connect_host; |
| 301 | fwd->connect_port = newfwd->connect_port; | 306 | fwd->connect_port = newfwd->connect_port; |
| 307 | fwd->allocated_port = 0; | ||
| 302 | } | 308 | } |
| 303 | 309 | ||
| 304 | static void | 310 | static void |
| @@ -311,12 +317,20 @@ clear_forwardings(Options *options) | |||
| 311 | xfree(options->local_forwards[i].listen_host); | 317 | xfree(options->local_forwards[i].listen_host); |
| 312 | xfree(options->local_forwards[i].connect_host); | 318 | xfree(options->local_forwards[i].connect_host); |
| 313 | } | 319 | } |
| 320 | if (options->num_local_forwards > 0) { | ||
| 321 | xfree(options->local_forwards); | ||
| 322 | options->local_forwards = NULL; | ||
| 323 | } | ||
| 314 | options->num_local_forwards = 0; | 324 | options->num_local_forwards = 0; |
| 315 | for (i = 0; i < options->num_remote_forwards; i++) { | 325 | for (i = 0; i < options->num_remote_forwards; i++) { |
| 316 | if (options->remote_forwards[i].listen_host != NULL) | 326 | if (options->remote_forwards[i].listen_host != NULL) |
| 317 | xfree(options->remote_forwards[i].listen_host); | 327 | xfree(options->remote_forwards[i].listen_host); |
| 318 | xfree(options->remote_forwards[i].connect_host); | 328 | xfree(options->remote_forwards[i].connect_host); |
| 319 | } | 329 | } |
| 330 | if (options->num_remote_forwards > 0) { | ||
| 331 | xfree(options->remote_forwards); | ||
| 332 | options->remote_forwards = NULL; | ||
| 333 | } | ||
| 320 | options->num_remote_forwards = 0; | 334 | options->num_remote_forwards = 0; |
| 321 | options->tun_open = SSH_TUNMODE_NO; | 335 | options->tun_open = SSH_TUNMODE_NO; |
| 322 | } | 336 | } |
| @@ -419,6 +433,10 @@ parse_flag: | |||
| 419 | case oForwardX11Trusted: | 433 | case oForwardX11Trusted: |
| 420 | intptr = &options->forward_x11_trusted; | 434 | intptr = &options->forward_x11_trusted; |
| 421 | goto parse_flag; | 435 | goto parse_flag; |
| 436 | |||
| 437 | case oForwardX11Timeout: | ||
| 438 | intptr = &options->forward_x11_timeout; | ||
| 439 | goto parse_time; | ||
| 422 | 440 | ||
| 423 | case oGatewayPorts: | 441 | case oGatewayPorts: |
| 424 | intptr = &options->gateway_ports; | 442 | intptr = &options->gateway_ports; |
| @@ -904,6 +922,30 @@ parse_int: | |||
| 904 | *intptr = value; | 922 | *intptr = value; |
| 905 | break; | 923 | break; |
| 906 | 924 | ||
| 925 | case oControlPersist: | ||
| 926 | /* no/false/yes/true, or a time spec */ | ||
| 927 | intptr = &options->control_persist; | ||
| 928 | arg = strdelim(&s); | ||
| 929 | if (!arg || *arg == '\0') | ||
| 930 | fatal("%.200s line %d: Missing ControlPersist" | ||
| 931 | " argument.", filename, linenum); | ||
| 932 | value = 0; | ||
| 933 | value2 = 0; /* timeout */ | ||
| 934 | if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) | ||
| 935 | value = 0; | ||
| 936 | else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) | ||
| 937 | value = 1; | ||
| 938 | else if ((value2 = convtime(arg)) >= 0) | ||
| 939 | value = 1; | ||
| 940 | else | ||
| 941 | fatal("%.200s line %d: Bad ControlPersist argument.", | ||
| 942 | filename, linenum); | ||
| 943 | if (*activep && *intptr == -1) { | ||
| 944 | *intptr = value; | ||
| 945 | options->control_persist_timeout = value2; | ||
| 946 | } | ||
| 947 | break; | ||
| 948 | |||
| 907 | case oHashKnownHosts: | 949 | case oHashKnownHosts: |
| 908 | intptr = &options->hash_known_hosts; | 950 | intptr = &options->hash_known_hosts; |
| 909 | goto parse_flag; | 951 | goto parse_flag; |
| @@ -1044,6 +1086,7 @@ initialize_options(Options * options) | |||
| 1044 | options->forward_agent = -1; | 1086 | options->forward_agent = -1; |
| 1045 | options->forward_x11 = -1; | 1087 | options->forward_x11 = -1; |
| 1046 | options->forward_x11_trusted = -1; | 1088 | options->forward_x11_trusted = -1; |
| 1089 | options->forward_x11_timeout = -1; | ||
| 1047 | options->exit_on_forward_failure = -1; | 1090 | options->exit_on_forward_failure = -1; |
| 1048 | options->xauth_location = NULL; | 1091 | options->xauth_location = NULL; |
| 1049 | options->gateway_ports = -1; | 1092 | options->gateway_ports = -1; |
| @@ -1089,7 +1132,9 @@ initialize_options(Options * options) | |||
| 1089 | options->user_hostfile = NULL; | 1132 | options->user_hostfile = NULL; |
| 1090 | options->system_hostfile2 = NULL; | 1133 | options->system_hostfile2 = NULL; |
| 1091 | options->user_hostfile2 = NULL; | 1134 | options->user_hostfile2 = NULL; |
| 1135 | options->local_forwards = NULL; | ||
| 1092 | options->num_local_forwards = 0; | 1136 | options->num_local_forwards = 0; |
| 1137 | options->remote_forwards = NULL; | ||
| 1093 | options->num_remote_forwards = 0; | 1138 | options->num_remote_forwards = 0; |
| 1094 | options->clear_forwardings = -1; | 1139 | options->clear_forwardings = -1; |
| 1095 | options->log_level = SYSLOG_LEVEL_NOT_SET; | 1140 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
| @@ -1106,6 +1151,8 @@ initialize_options(Options * options) | |||
| 1106 | options->num_send_env = 0; | 1151 | options->num_send_env = 0; |
| 1107 | options->control_path = NULL; | 1152 | options->control_path = NULL; |
| 1108 | options->control_master = -1; | 1153 | options->control_master = -1; |
| 1154 | options->control_persist = -1; | ||
| 1155 | options->control_persist_timeout = 0; | ||
| 1109 | options->hash_known_hosts = -1; | 1156 | options->hash_known_hosts = -1; |
| 1110 | options->tun_open = -1; | 1157 | options->tun_open = -1; |
| 1111 | options->tun_local = -1; | 1158 | options->tun_local = -1; |
| @@ -1133,6 +1180,8 @@ fill_default_options(Options * options) | |||
| 1133 | options->forward_x11 = 0; | 1180 | options->forward_x11 = 0; |
| 1134 | if (options->forward_x11_trusted == -1) | 1181 | if (options->forward_x11_trusted == -1) |
| 1135 | options->forward_x11_trusted = 1; | 1182 | options->forward_x11_trusted = 1; |
| 1183 | if (options->forward_x11_timeout == -1) | ||
| 1184 | options->forward_x11_timeout = 1200; | ||
| 1136 | if (options->exit_on_forward_failure == -1) | 1185 | if (options->exit_on_forward_failure == -1) |
| 1137 | options->exit_on_forward_failure = 0; | 1186 | options->exit_on_forward_failure = 0; |
| 1138 | if (options->xauth_location == NULL) | 1187 | if (options->xauth_location == NULL) |
| @@ -1252,6 +1301,10 @@ fill_default_options(Options * options) | |||
| 1252 | options->server_alive_count_max = 3; | 1301 | options->server_alive_count_max = 3; |
| 1253 | if (options->control_master == -1) | 1302 | if (options->control_master == -1) |
| 1254 | options->control_master = 0; | 1303 | options->control_master = 0; |
| 1304 | if (options->control_persist == -1) { | ||
| 1305 | options->control_persist = 0; | ||
| 1306 | options->control_persist_timeout = 0; | ||
| 1307 | } | ||
| 1255 | if (options->hash_known_hosts == -1) | 1308 | if (options->hash_known_hosts == -1) |
| 1256 | options->hash_known_hosts = 0; | 1309 | options->hash_known_hosts = 0; |
| 1257 | if (options->tun_open == -1) | 1310 | if (options->tun_open == -1) |