diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index 091029a19..656a2519f 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -30,6 +30,8 @@ | |||
30 | #include <stdio.h> | 30 | #include <stdio.h> |
31 | #include <string.h> | 31 | #include <string.h> |
32 | #include <unistd.h> | 32 | #include <unistd.h> |
33 | #include <pwd.h> | ||
34 | #include <grp.h> | ||
33 | 35 | ||
34 | #include "xmalloc.h" | 36 | #include "xmalloc.h" |
35 | #include "ssh.h" | 37 | #include "ssh.h" |
@@ -125,6 +127,7 @@ typedef enum { | |||
125 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 127 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
126 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 128 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
127 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 129 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
130 | oUseBlacklistedKeys, | ||
128 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 131 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
129 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 132 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
130 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 133 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
@@ -137,6 +140,7 @@ typedef enum { | |||
137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
139 | oKexAlgorithms, oIPQoS, | 142 | oKexAlgorithms, oIPQoS, |
143 | oProtocolKeepAlives, oSetupTimeOut, | ||
140 | oDeprecated, oUnsupported | 144 | oDeprecated, oUnsupported |
141 | } OpCodes; | 145 | } OpCodes; |
142 | 146 | ||
@@ -158,6 +162,7 @@ static struct { | |||
158 | { "passwordauthentication", oPasswordAuthentication }, | 162 | { "passwordauthentication", oPasswordAuthentication }, |
159 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 163 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
160 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 164 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
165 | { "useblacklistedkeys", oUseBlacklistedKeys }, | ||
161 | { "rsaauthentication", oRSAAuthentication }, | 166 | { "rsaauthentication", oRSAAuthentication }, |
162 | { "pubkeyauthentication", oPubkeyAuthentication }, | 167 | { "pubkeyauthentication", oPubkeyAuthentication }, |
163 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 168 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
@@ -256,6 +261,8 @@ static struct { | |||
256 | #endif | 261 | #endif |
257 | { "kexalgorithms", oKexAlgorithms }, | 262 | { "kexalgorithms", oKexAlgorithms }, |
258 | { "ipqos", oIPQoS }, | 263 | { "ipqos", oIPQoS }, |
264 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
265 | { "setuptimeout", oSetupTimeOut }, | ||
259 | 266 | ||
260 | { NULL, oBadOption } | 267 | { NULL, oBadOption } |
261 | }; | 268 | }; |
@@ -486,6 +493,10 @@ parse_flag: | |||
486 | intptr = &options->challenge_response_authentication; | 493 | intptr = &options->challenge_response_authentication; |
487 | goto parse_flag; | 494 | goto parse_flag; |
488 | 495 | ||
496 | case oUseBlacklistedKeys: | ||
497 | intptr = &options->use_blacklisted_keys; | ||
498 | goto parse_flag; | ||
499 | |||
489 | case oGssAuthentication: | 500 | case oGssAuthentication: |
490 | intptr = &options->gss_authentication; | 501 | intptr = &options->gss_authentication; |
491 | goto parse_flag; | 502 | goto parse_flag; |
@@ -882,6 +893,8 @@ parse_int: | |||
882 | goto parse_flag; | 893 | goto parse_flag; |
883 | 894 | ||
884 | case oServerAliveInterval: | 895 | case oServerAliveInterval: |
896 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
897 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
885 | intptr = &options->server_alive_interval; | 898 | intptr = &options->server_alive_interval; |
886 | goto parse_time; | 899 | goto parse_time; |
887 | 900 | ||
@@ -1074,8 +1087,7 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
1074 | 1087 | ||
1075 | if (fstat(fileno(f), &sb) == -1) | 1088 | if (fstat(fileno(f), &sb) == -1) |
1076 | fatal("fstat %s: %s", filename, strerror(errno)); | 1089 | fatal("fstat %s: %s", filename, strerror(errno)); |
1077 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 1090 | if (!secure_permissions(&sb, getuid())) |
1078 | (sb.st_mode & 022) != 0)) | ||
1079 | fatal("Bad owner or permissions on %s", filename); | 1091 | fatal("Bad owner or permissions on %s", filename); |
1080 | } | 1092 | } |
1081 | 1093 | ||
@@ -1134,6 +1146,7 @@ initialize_options(Options * options) | |||
1134 | options->kbd_interactive_devices = NULL; | 1146 | options->kbd_interactive_devices = NULL; |
1135 | options->rhosts_rsa_authentication = -1; | 1147 | options->rhosts_rsa_authentication = -1; |
1136 | options->hostbased_authentication = -1; | 1148 | options->hostbased_authentication = -1; |
1149 | options->use_blacklisted_keys = -1; | ||
1137 | options->batch_mode = -1; | 1150 | options->batch_mode = -1; |
1138 | options->check_host_ip = -1; | 1151 | options->check_host_ip = -1; |
1139 | options->strict_host_key_checking = -1; | 1152 | options->strict_host_key_checking = -1; |
@@ -1210,7 +1223,7 @@ fill_default_options(Options * options) | |||
1210 | if (options->forward_x11 == -1) | 1223 | if (options->forward_x11 == -1) |
1211 | options->forward_x11 = 0; | 1224 | options->forward_x11 = 0; |
1212 | if (options->forward_x11_trusted == -1) | 1225 | if (options->forward_x11_trusted == -1) |
1213 | options->forward_x11_trusted = 0; | 1226 | options->forward_x11_trusted = 1; |
1214 | if (options->forward_x11_timeout == -1) | 1227 | if (options->forward_x11_timeout == -1) |
1215 | options->forward_x11_timeout = 1200; | 1228 | options->forward_x11_timeout = 1200; |
1216 | if (options->exit_on_forward_failure == -1) | 1229 | if (options->exit_on_forward_failure == -1) |
@@ -1245,6 +1258,8 @@ fill_default_options(Options * options) | |||
1245 | options->rhosts_rsa_authentication = 0; | 1258 | options->rhosts_rsa_authentication = 0; |
1246 | if (options->hostbased_authentication == -1) | 1259 | if (options->hostbased_authentication == -1) |
1247 | options->hostbased_authentication = 0; | 1260 | options->hostbased_authentication = 0; |
1261 | if (options->use_blacklisted_keys == -1) | ||
1262 | options->use_blacklisted_keys = 0; | ||
1248 | if (options->batch_mode == -1) | 1263 | if (options->batch_mode == -1) |
1249 | options->batch_mode = 0; | 1264 | options->batch_mode = 0; |
1250 | if (options->check_host_ip == -1) | 1265 | if (options->check_host_ip == -1) |
@@ -1327,8 +1342,13 @@ fill_default_options(Options * options) | |||
1327 | options->rekey_limit = 0; | 1342 | options->rekey_limit = 0; |
1328 | if (options->verify_host_key_dns == -1) | 1343 | if (options->verify_host_key_dns == -1) |
1329 | options->verify_host_key_dns = 0; | 1344 | options->verify_host_key_dns = 0; |
1330 | if (options->server_alive_interval == -1) | 1345 | if (options->server_alive_interval == -1) { |
1331 | options->server_alive_interval = 0; | 1346 | /* in batch mode, default is 5mins */ |
1347 | if (options->batch_mode == 1) | ||
1348 | options->server_alive_interval = 300; | ||
1349 | else | ||
1350 | options->server_alive_interval = 0; | ||
1351 | } | ||
1332 | if (options->server_alive_count_max == -1) | 1352 | if (options->server_alive_count_max == -1) |
1333 | options->server_alive_count_max = 3; | 1353 | options->server_alive_count_max = 3; |
1334 | if (options->control_master == -1) | 1354 | if (options->control_master == -1) |