diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index cf27a9f41..d2c5a77f7 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -107,6 +107,7 @@ typedef enum { | |||
107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 107 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
108 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 108 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
109 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 109 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
110 | oProtocolKeepAlives, oSetupTimeOut, | ||
110 | oDeprecated, oUnsupported | 111 | oDeprecated, oUnsupported |
111 | } OpCodes; | 112 | } OpCodes; |
112 | 113 | ||
@@ -198,6 +199,8 @@ static struct { | |||
198 | { "controlpath", oControlPath }, | 199 | { "controlpath", oControlPath }, |
199 | { "controlmaster", oControlMaster }, | 200 | { "controlmaster", oControlMaster }, |
200 | { "hashknownhosts", oHashKnownHosts }, | 201 | { "hashknownhosts", oHashKnownHosts }, |
202 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
203 | { "setuptimeout", oSetupTimeOut }, | ||
201 | { NULL, oBadOption } | 204 | { NULL, oBadOption } |
202 | }; | 205 | }; |
203 | 206 | ||
@@ -768,6 +771,7 @@ parse_int: | |||
768 | goto parse_flag; | 771 | goto parse_flag; |
769 | 772 | ||
770 | case oServerAliveInterval: | 773 | case oServerAliveInterval: |
774 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
771 | intptr = &options->server_alive_interval; | 775 | intptr = &options->server_alive_interval; |
772 | goto parse_time; | 776 | goto parse_time; |
773 | 777 | ||
@@ -822,6 +826,10 @@ parse_int: | |||
822 | intptr = &options->hash_known_hosts; | 826 | intptr = &options->hash_known_hosts; |
823 | goto parse_flag; | 827 | goto parse_flag; |
824 | 828 | ||
829 | case oSetupTimeOut: | ||
830 | intptr = &options->setuptimeout; | ||
831 | goto parse_int; | ||
832 | |||
825 | case oDeprecated: | 833 | case oDeprecated: |
826 | debug("%s line %d: Deprecated option \"%s\"", | 834 | debug("%s line %d: Deprecated option \"%s\"", |
827 | filename, linenum, keyword); | 835 | filename, linenum, keyword); |
@@ -866,11 +874,30 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
866 | 874 | ||
867 | if (checkperm) { | 875 | if (checkperm) { |
868 | struct stat sb; | 876 | struct stat sb; |
877 | int bad_modes = 0; | ||
869 | 878 | ||
870 | if (fstat(fileno(f), &sb) == -1) | 879 | if (fstat(fileno(f), &sb) == -1) |
871 | fatal("fstat %s: %s", filename, strerror(errno)); | 880 | fatal("fstat %s: %s", filename, strerror(errno)); |
872 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 881 | if (sb.st_uid != 0 && sb.st_uid != getuid()) |
873 | (sb.st_mode & 022) != 0)) | 882 | bad_modes = 1; |
883 | if ((sb.st_mode & 020) != 0) { | ||
884 | /* If the file is group-writable, the group in | ||
885 | * question must have at most one member, namely the | ||
886 | * file's owner. | ||
887 | */ | ||
888 | struct passwd *pw = getpwuid(sb.st_uid); | ||
889 | struct group *gr = getgrgid(sb.st_gid); | ||
890 | if (!pw || !gr) | ||
891 | bad_modes = 1; | ||
892 | else if (gr->gr_mem[0]) { | ||
893 | if (strcmp(pw->pw_name, gr->gr_mem[0]) || | ||
894 | gr->gr_mem[1]) | ||
895 | bad_modes = 1; | ||
896 | } | ||
897 | } | ||
898 | if ((sb.st_mode & 002) != 0) | ||
899 | bad_modes = 1; | ||
900 | if (bad_modes) | ||
874 | fatal("Bad owner or permissions on %s", filename); | 901 | fatal("Bad owner or permissions on %s", filename); |
875 | } | 902 | } |
876 | 903 | ||
@@ -927,6 +954,7 @@ initialize_options(Options * options) | |||
927 | options->strict_host_key_checking = -1; | 954 | options->strict_host_key_checking = -1; |
928 | options->compression = -1; | 955 | options->compression = -1; |
929 | options->tcp_keep_alive = -1; | 956 | options->tcp_keep_alive = -1; |
957 | options->setuptimeout = -1; | ||
930 | options->compression_level = -1; | 958 | options->compression_level = -1; |
931 | options->port = -1; | 959 | options->port = -1; |
932 | options->address_family = -1; | 960 | options->address_family = -1; |
@@ -983,7 +1011,7 @@ fill_default_options(Options * options) | |||
983 | if (options->forward_x11 == -1) | 1011 | if (options->forward_x11 == -1) |
984 | options->forward_x11 = 0; | 1012 | options->forward_x11 = 0; |
985 | if (options->forward_x11_trusted == -1) | 1013 | if (options->forward_x11_trusted == -1) |
986 | options->forward_x11_trusted = 0; | 1014 | options->forward_x11_trusted = 1; |
987 | if (options->xauth_location == NULL) | 1015 | if (options->xauth_location == NULL) |
988 | options->xauth_location = _PATH_XAUTH; | 1016 | options->xauth_location = _PATH_XAUTH; |
989 | if (options->gateway_ports == -1) | 1017 | if (options->gateway_ports == -1) |
@@ -1082,14 +1110,26 @@ fill_default_options(Options * options) | |||
1082 | options->rekey_limit = 0; | 1110 | options->rekey_limit = 0; |
1083 | if (options->verify_host_key_dns == -1) | 1111 | if (options->verify_host_key_dns == -1) |
1084 | options->verify_host_key_dns = 0; | 1112 | options->verify_host_key_dns = 0; |
1085 | if (options->server_alive_interval == -1) | 1113 | if (options->server_alive_interval == -1) { |
1086 | options->server_alive_interval = 0; | 1114 | /* in batch mode, default is 5mins */ |
1115 | if (options->batch_mode == 1) | ||
1116 | options->server_alive_interval = 300; | ||
1117 | else | ||
1118 | options->server_alive_interval = 0; | ||
1119 | } | ||
1087 | if (options->server_alive_count_max == -1) | 1120 | if (options->server_alive_count_max == -1) |
1088 | options->server_alive_count_max = 3; | 1121 | options->server_alive_count_max = 3; |
1089 | if (options->control_master == -1) | 1122 | if (options->control_master == -1) |
1090 | options->control_master = 0; | 1123 | options->control_master = 0; |
1091 | if (options->hash_known_hosts == -1) | 1124 | if (options->hash_known_hosts == -1) |
1092 | options->hash_known_hosts = 0; | 1125 | options->hash_known_hosts = 0; |
1126 | if (options->setuptimeout == -1) { | ||
1127 | /* in batch mode, default is 5mins */ | ||
1128 | if (options->batch_mode == 1) | ||
1129 | options->setuptimeout = 300; | ||
1130 | else | ||
1131 | options->setuptimeout = 0; | ||
1132 | } | ||
1093 | /* options->proxy_command should not be set by default */ | 1133 | /* options->proxy_command should not be set by default */ |
1094 | /* options->user will be set in the main program if appropriate */ | 1134 | /* options->user will be set in the main program if appropriate */ |
1095 | /* options->hostname will be set in the main program if appropriate */ | 1135 | /* options->hostname will be set in the main program if appropriate */ |