diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:28:16 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:28:16 +1000 |
| commit | c53c2af173cf67fd1c26f98e7900299b1b65b6ec (patch) | |
| tree | 1c83d4abcdec31e4be6d8a2955fdad33b985b976 /readconf.c | |
| parent | 64c6fceecd27e1739040b42de8f3759454260b39 (diff) | |
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
ssh_config.5 packet.h]
Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 80 |
1 files changed, 49 insertions, 31 deletions
diff --git a/readconf.c b/readconf.c index 6e708e02e..d8898a029 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.197 2013/03/06 23:36:53 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.198 2013/05/16 02:00:34 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -562,39 +562,54 @@ parse_yesnoask: | |||
| 562 | case oRekeyLimit: | 562 | case oRekeyLimit: |
| 563 | arg = strdelim(&s); | 563 | arg = strdelim(&s); |
| 564 | if (!arg || *arg == '\0') | 564 | if (!arg || *arg == '\0') |
| 565 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 565 | fatal("%.200s line %d: Missing argument.", filename, |
| 566 | if (arg[0] < '0' || arg[0] > '9') | 566 | linenum); |
| 567 | fatal("%.200s line %d: Bad number.", filename, linenum); | 567 | if (strcmp(arg, "default") == 0) { |
| 568 | orig = val64 = strtoll(arg, &endofnumber, 10); | 568 | val64 = 0; |
| 569 | if (arg == endofnumber) | 569 | } else { |
| 570 | fatal("%.200s line %d: Bad number.", filename, linenum); | 570 | if (arg[0] < '0' || arg[0] > '9') |
| 571 | switch (toupper(*endofnumber)) { | 571 | fatal("%.200s line %d: Bad number.", filename, |
| 572 | case '\0': | 572 | linenum); |
| 573 | scale = 1; | 573 | orig = val64 = strtoll(arg, &endofnumber, 10); |
| 574 | break; | 574 | if (arg == endofnumber) |
| 575 | case 'K': | 575 | fatal("%.200s line %d: Bad number.", filename, |
| 576 | scale = 1<<10; | 576 | linenum); |
| 577 | break; | 577 | switch (toupper(*endofnumber)) { |
| 578 | case 'M': | 578 | case '\0': |
| 579 | scale = 1<<20; | 579 | scale = 1; |
| 580 | break; | 580 | break; |
| 581 | case 'G': | 581 | case 'K': |
| 582 | scale = 1<<30; | 582 | scale = 1<<10; |
| 583 | break; | 583 | break; |
| 584 | default: | 584 | case 'M': |
| 585 | fatal("%.200s line %d: Invalid RekeyLimit suffix", | 585 | scale = 1<<20; |
| 586 | filename, linenum); | 586 | break; |
| 587 | case 'G': | ||
| 588 | scale = 1<<30; | ||
| 589 | break; | ||
| 590 | default: | ||
| 591 | fatal("%.200s line %d: Invalid RekeyLimit " | ||
| 592 | "suffix", filename, linenum); | ||
| 593 | } | ||
| 594 | val64 *= scale; | ||
| 595 | /* detect integer wrap and too-large limits */ | ||
| 596 | if ((val64 / scale) != orig || val64 > UINT_MAX) | ||
| 597 | fatal("%.200s line %d: RekeyLimit too large", | ||
| 598 | filename, linenum); | ||
| 599 | if (val64 != 0 && val64 < 16) | ||
| 600 | fatal("%.200s line %d: RekeyLimit too small", | ||
| 601 | filename, linenum); | ||
| 587 | } | 602 | } |
| 588 | val64 *= scale; | ||
| 589 | /* detect integer wrap and too-large limits */ | ||
| 590 | if ((val64 / scale) != orig || val64 > UINT_MAX) | ||
| 591 | fatal("%.200s line %d: RekeyLimit too large", | ||
| 592 | filename, linenum); | ||
| 593 | if (val64 < 16) | ||
| 594 | fatal("%.200s line %d: RekeyLimit too small", | ||
| 595 | filename, linenum); | ||
| 596 | if (*activep && options->rekey_limit == -1) | 603 | if (*activep && options->rekey_limit == -1) |
| 597 | options->rekey_limit = (u_int32_t)val64; | 604 | options->rekey_limit = (u_int32_t)val64; |
| 605 | if (s != NULL) { /* optional rekey interval present */ | ||
| 606 | if (strcmp(s, "none") == 0) { | ||
| 607 | (void)strdelim(&s); /* discard */ | ||
| 608 | break; | ||
| 609 | } | ||
| 610 | intptr = &options->rekey_interval; | ||
| 611 | goto parse_time; | ||
| 612 | } | ||
| 598 | break; | 613 | break; |
| 599 | 614 | ||
| 600 | case oIdentityFile: | 615 | case oIdentityFile: |
| @@ -1202,6 +1217,7 @@ initialize_options(Options * options) | |||
| 1202 | options->no_host_authentication_for_localhost = - 1; | 1217 | options->no_host_authentication_for_localhost = - 1; |
| 1203 | options->identities_only = - 1; | 1218 | options->identities_only = - 1; |
| 1204 | options->rekey_limit = - 1; | 1219 | options->rekey_limit = - 1; |
| 1220 | options->rekey_interval = -1; | ||
| 1205 | options->verify_host_key_dns = -1; | 1221 | options->verify_host_key_dns = -1; |
| 1206 | options->server_alive_interval = -1; | 1222 | options->server_alive_interval = -1; |
| 1207 | options->server_alive_count_max = -1; | 1223 | options->server_alive_count_max = -1; |
| @@ -1337,6 +1353,8 @@ fill_default_options(Options * options) | |||
| 1337 | options->enable_ssh_keysign = 0; | 1353 | options->enable_ssh_keysign = 0; |
| 1338 | if (options->rekey_limit == -1) | 1354 | if (options->rekey_limit == -1) |
| 1339 | options->rekey_limit = 0; | 1355 | options->rekey_limit = 0; |
| 1356 | if (options->rekey_interval == -1) | ||
| 1357 | options->rekey_interval = 0; | ||
| 1340 | if (options->verify_host_key_dns == -1) | 1358 | if (options->verify_host_key_dns == -1) |
| 1341 | options->verify_host_key_dns = 0; | 1359 | options->verify_host_key_dns = 0; |
| 1342 | if (options->server_alive_interval == -1) | 1360 | if (options->server_alive_interval == -1) |