summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c
index 2695fd6c0..2778176c6 100644
--- a/readconf.c
+++ b/readconf.c
@@ -30,6 +30,8 @@
30#include <stdio.h> 30#include <stdio.h>
31#include <string.h> 31#include <string.h>
32#include <unistd.h> 32#include <unistd.h>
33#include <pwd.h>
34#include <grp.h>
33#ifdef HAVE_UTIL_H 35#ifdef HAVE_UTIL_H
34#include <util.h> 36#include <util.h>
35#endif 37#endif
@@ -128,6 +130,7 @@ typedef enum {
128 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 130 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
129 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 131 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
130 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 132 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
133 oUseBlacklistedKeys,
131 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, 134 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
132 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 135 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 136 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -140,6 +143,7 @@ typedef enum {
140 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 143 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
141 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 144 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
142 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, 145 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
146 oProtocolKeepAlives, oSetupTimeOut,
143 oIgnoredUnknownOption, oDeprecated, oUnsupported 147 oIgnoredUnknownOption, oDeprecated, oUnsupported
144} OpCodes; 148} OpCodes;
145 149
@@ -161,6 +165,7 @@ static struct {
161 { "passwordauthentication", oPasswordAuthentication }, 165 { "passwordauthentication", oPasswordAuthentication },
162 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 166 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
163 { "kbdinteractivedevices", oKbdInteractiveDevices }, 167 { "kbdinteractivedevices", oKbdInteractiveDevices },
168 { "useblacklistedkeys", oUseBlacklistedKeys },
164 { "rsaauthentication", oRSAAuthentication }, 169 { "rsaauthentication", oRSAAuthentication },
165 { "pubkeyauthentication", oPubkeyAuthentication }, 170 { "pubkeyauthentication", oPubkeyAuthentication },
166 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 171 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
@@ -261,6 +266,8 @@ static struct {
261 { "ipqos", oIPQoS }, 266 { "ipqos", oIPQoS },
262 { "requesttty", oRequestTTY }, 267 { "requesttty", oRequestTTY },
263 { "ignoreunknown", oIgnoreUnknown }, 268 { "ignoreunknown", oIgnoreUnknown },
269 { "protocolkeepalives", oProtocolKeepAlives },
270 { "setuptimeout", oSetupTimeOut },
264 271
265 { NULL, oBadOption } 272 { NULL, oBadOption }
266}; 273};
@@ -523,6 +530,10 @@ parse_flag:
523 intptr = &options->challenge_response_authentication; 530 intptr = &options->challenge_response_authentication;
524 goto parse_flag; 531 goto parse_flag;
525 532
533 case oUseBlacklistedKeys:
534 intptr = &options->use_blacklisted_keys;
535 goto parse_flag;
536
526 case oGssAuthentication: 537 case oGssAuthentication:
527 intptr = &options->gss_authentication; 538 intptr = &options->gss_authentication;
528 goto parse_flag; 539 goto parse_flag;
@@ -933,6 +944,8 @@ parse_int:
933 goto parse_flag; 944 goto parse_flag;
934 945
935 case oServerAliveInterval: 946 case oServerAliveInterval:
947 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
948 case oSetupTimeOut: /* Debian-specific compatibility alias */
936 intptr = &options->server_alive_interval; 949 intptr = &options->server_alive_interval;
937 goto parse_time; 950 goto parse_time;
938 951
@@ -1149,8 +1162,7 @@ read_config_file(const char *filename, const char *host, Options *options,
1149 1162
1150 if (fstat(fileno(f), &sb) == -1) 1163 if (fstat(fileno(f), &sb) == -1)
1151 fatal("fstat %s: %s", filename, strerror(errno)); 1164 fatal("fstat %s: %s", filename, strerror(errno));
1152 if (((sb.st_uid != 0 && sb.st_uid != getuid()) || 1165 if (!secure_permissions(&sb, getuid()))
1153 (sb.st_mode & 022) != 0))
1154 fatal("Bad owner or permissions on %s", filename); 1166 fatal("Bad owner or permissions on %s", filename);
1155 } 1167 }
1156 1168
@@ -1210,6 +1222,7 @@ initialize_options(Options * options)
1210 options->kbd_interactive_devices = NULL; 1222 options->kbd_interactive_devices = NULL;
1211 options->rhosts_rsa_authentication = -1; 1223 options->rhosts_rsa_authentication = -1;
1212 options->hostbased_authentication = -1; 1224 options->hostbased_authentication = -1;
1225 options->use_blacklisted_keys = -1;
1213 options->batch_mode = -1; 1226 options->batch_mode = -1;
1214 options->check_host_ip = -1; 1227 options->check_host_ip = -1;
1215 options->strict_host_key_checking = -1; 1228 options->strict_host_key_checking = -1;
@@ -1285,7 +1298,7 @@ fill_default_options(Options * options)
1285 if (options->forward_x11 == -1) 1298 if (options->forward_x11 == -1)
1286 options->forward_x11 = 0; 1299 options->forward_x11 = 0;
1287 if (options->forward_x11_trusted == -1) 1300 if (options->forward_x11_trusted == -1)
1288 options->forward_x11_trusted = 0; 1301 options->forward_x11_trusted = 1;
1289 if (options->forward_x11_timeout == -1) 1302 if (options->forward_x11_timeout == -1)
1290 options->forward_x11_timeout = 1200; 1303 options->forward_x11_timeout = 1200;
1291 if (options->exit_on_forward_failure == -1) 1304 if (options->exit_on_forward_failure == -1)
@@ -1320,6 +1333,8 @@ fill_default_options(Options * options)
1320 options->rhosts_rsa_authentication = 0; 1333 options->rhosts_rsa_authentication = 0;
1321 if (options->hostbased_authentication == -1) 1334 if (options->hostbased_authentication == -1)
1322 options->hostbased_authentication = 0; 1335 options->hostbased_authentication = 0;
1336 if (options->use_blacklisted_keys == -1)
1337 options->use_blacklisted_keys = 0;
1323 if (options->batch_mode == -1) 1338 if (options->batch_mode == -1)
1324 options->batch_mode = 0; 1339 options->batch_mode = 0;
1325 if (options->check_host_ip == -1) 1340 if (options->check_host_ip == -1)
@@ -1395,8 +1410,13 @@ fill_default_options(Options * options)
1395 options->rekey_interval = 0; 1410 options->rekey_interval = 0;
1396 if (options->verify_host_key_dns == -1) 1411 if (options->verify_host_key_dns == -1)
1397 options->verify_host_key_dns = 0; 1412 options->verify_host_key_dns = 0;
1398 if (options->server_alive_interval == -1) 1413 if (options->server_alive_interval == -1) {
1399 options->server_alive_interval = 0; 1414 /* in batch mode, default is 5mins */
1415 if (options->batch_mode == 1)
1416 options->server_alive_interval = 300;
1417 else
1418 options->server_alive_interval = 0;
1419 }
1400 if (options->server_alive_count_max == -1) 1420 if (options->server_alive_count_max == -1)
1401 options->server_alive_count_max = 3; 1421 options->server_alive_count_max = 3;
1402 if (options->control_master == -1) 1422 if (options->control_master == -1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 11:21:45 +0000