summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c70
1 files changed, 65 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c
index 2485146a0..6a0ffd634 100644
--- a/readconf.c
+++ b/readconf.c
@@ -127,9 +127,12 @@ typedef enum {
127 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
129 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
130 oGssKeyEx,
131 oGssTrustDns,
130 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
131 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 133 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
132 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 134 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
135 oProtocolKeepAlives, oSetupTimeOut,
133 oDeprecated, oUnsupported 136 oDeprecated, oUnsupported
134} OpCodes; 137} OpCodes;
135 138
@@ -163,10 +166,14 @@ static struct {
163 { "afstokenpassing", oUnsupported }, 166 { "afstokenpassing", oUnsupported },
164#if defined(GSSAPI) 167#if defined(GSSAPI)
165 { "gssapiauthentication", oGssAuthentication }, 168 { "gssapiauthentication", oGssAuthentication },
169 { "gssapikeyexchange", oGssKeyEx },
166 { "gssapidelegatecredentials", oGssDelegateCreds }, 170 { "gssapidelegatecredentials", oGssDelegateCreds },
171 { "gssapitrustdns", oGssTrustDns },
167#else 172#else
168 { "gssapiauthentication", oUnsupported }, 173 { "gssapiauthentication", oUnsupported },
174 { "gssapikeyexchange", oUnsupported },
169 { "gssapidelegatecredentials", oUnsupported }, 175 { "gssapidelegatecredentials", oUnsupported },
176 { "gssapitrustdns", oUnsupported },
170#endif 177#endif
171 { "fallbacktorsh", oDeprecated }, 178 { "fallbacktorsh", oDeprecated },
172 { "usersh", oDeprecated }, 179 { "usersh", oDeprecated },
@@ -226,6 +233,8 @@ static struct {
226 { "tunneldevice", oTunnelDevice }, 233 { "tunneldevice", oTunnelDevice },
227 { "localcommand", oLocalCommand }, 234 { "localcommand", oLocalCommand },
228 { "permitlocalcommand", oPermitLocalCommand }, 235 { "permitlocalcommand", oPermitLocalCommand },
236 { "protocolkeepalives", oProtocolKeepAlives },
237 { "setuptimeout", oSetupTimeOut },
229 { NULL, oBadOption } 238 { NULL, oBadOption }
230}; 239};
231 240
@@ -441,10 +450,18 @@ parse_flag:
441 intptr = &options->gss_authentication; 450 intptr = &options->gss_authentication;
442 goto parse_flag; 451 goto parse_flag;
443 452
453 case oGssKeyEx:
454 intptr = &options->gss_keyex;
455 goto parse_flag;
456
444 case oGssDelegateCreds: 457 case oGssDelegateCreds:
445 intptr = &options->gss_deleg_creds; 458 intptr = &options->gss_deleg_creds;
446 goto parse_flag; 459 goto parse_flag;
447 460
461 case oGssTrustDns:
462 intptr = &options->gss_trust_dns;
463 goto parse_flag;
464
448 case oBatchMode: 465 case oBatchMode:
449 intptr = &options->batch_mode; 466 intptr = &options->batch_mode;
450 goto parse_flag; 467 goto parse_flag;
@@ -818,6 +835,7 @@ parse_int:
818 goto parse_flag; 835 goto parse_flag;
819 836
820 case oServerAliveInterval: 837 case oServerAliveInterval:
838 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
821 intptr = &options->server_alive_interval; 839 intptr = &options->server_alive_interval;
822 goto parse_time; 840 goto parse_time;
823 841
@@ -915,6 +933,10 @@ parse_int:
915 intptr = &options->permit_local_command; 933 intptr = &options->permit_local_command;
916 goto parse_flag; 934 goto parse_flag;
917 935
936 case oSetupTimeOut:
937 intptr = &options->setuptimeout;
938 goto parse_int;
939
918 case oDeprecated: 940 case oDeprecated:
919 debug("%s line %d: Deprecated option \"%s\"", 941 debug("%s line %d: Deprecated option \"%s\"",
920 filename, linenum, keyword); 942 filename, linenum, keyword);
@@ -959,11 +981,30 @@ read_config_file(const char *filename, const char *host, Options *options,
959 981
960 if (checkperm) { 982 if (checkperm) {
961 struct stat sb; 983 struct stat sb;
984 int bad_modes = 0;
962 985
963 if (fstat(fileno(f), &sb) == -1) 986 if (fstat(fileno(f), &sb) == -1)
964 fatal("fstat %s: %s", filename, strerror(errno)); 987 fatal("fstat %s: %s", filename, strerror(errno));
965 if (((sb.st_uid != 0 && sb.st_uid != getuid()) || 988 if (sb.st_uid != 0 && sb.st_uid != getuid())
966 (sb.st_mode & 022) != 0)) 989 bad_modes = 1;
990 if ((sb.st_mode & 020) != 0) {
991 /* If the file is group-writable, the group in
992 * question must have at most one member, namely the
993 * file's owner.
994 */
995 struct passwd *pw = getpwuid(sb.st_uid);
996 struct group *gr = getgrgid(sb.st_gid);
997 if (!pw || !gr)
998 bad_modes = 1;
999 else if (gr->gr_mem[0]) {
1000 if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
1001 gr->gr_mem[1])
1002 bad_modes = 1;
1003 }
1004 }
1005 if ((sb.st_mode & 002) != 0)
1006 bad_modes = 1;
1007 if (bad_modes)
967 fatal("Bad owner or permissions on %s", filename); 1008 fatal("Bad owner or permissions on %s", filename);
968 } 1009 }
969 1010
@@ -1010,7 +1051,9 @@ initialize_options(Options * options)
1010 options->pubkey_authentication = -1; 1051 options->pubkey_authentication = -1;
1011 options->challenge_response_authentication = -1; 1052 options->challenge_response_authentication = -1;
1012 options->gss_authentication = -1; 1053 options->gss_authentication = -1;
1054 options->gss_keyex = -1;
1013 options->gss_deleg_creds = -1; 1055 options->gss_deleg_creds = -1;
1056 options->gss_trust_dns = -1;
1014 options->password_authentication = -1; 1057 options->password_authentication = -1;
1015 options->kbd_interactive_authentication = -1; 1058 options->kbd_interactive_authentication = -1;
1016 options->kbd_interactive_devices = NULL; 1059 options->kbd_interactive_devices = NULL;
@@ -1021,6 +1064,7 @@ initialize_options(Options * options)
1021 options->strict_host_key_checking = -1; 1064 options->strict_host_key_checking = -1;
1022 options->compression = -1; 1065 options->compression = -1;
1023 options->tcp_keep_alive = -1; 1066 options->tcp_keep_alive = -1;
1067 options->setuptimeout = -1;
1024 options->compression_level = -1; 1068 options->compression_level = -1;
1025 options->port = -1; 1069 options->port = -1;
1026 options->address_family = -1; 1070 options->address_family = -1;
@@ -1082,7 +1126,7 @@ fill_default_options(Options * options)
1082 if (options->forward_x11 == -1) 1126 if (options->forward_x11 == -1)
1083 options->forward_x11 = 0; 1127 options->forward_x11 = 0;
1084 if (options->forward_x11_trusted == -1) 1128 if (options->forward_x11_trusted == -1)
1085 options->forward_x11_trusted = 0; 1129 options->forward_x11_trusted = 1;
1086 if (options->exit_on_forward_failure == -1) 1130 if (options->exit_on_forward_failure == -1)
1087 options->exit_on_forward_failure = 0; 1131 options->exit_on_forward_failure = 0;
1088 if (options->xauth_location == NULL) 1132 if (options->xauth_location == NULL)
@@ -1099,8 +1143,12 @@ fill_default_options(Options * options)
1099 options->challenge_response_authentication = 1; 1143 options->challenge_response_authentication = 1;
1100 if (options->gss_authentication == -1) 1144 if (options->gss_authentication == -1)
1101 options->gss_authentication = 0; 1145 options->gss_authentication = 0;
1146 if (options->gss_keyex == -1)
1147 options->gss_keyex = 0;
1102 if (options->gss_deleg_creds == -1) 1148 if (options->gss_deleg_creds == -1)
1103 options->gss_deleg_creds = 0; 1149 options->gss_deleg_creds = 0;
1150 if (options->gss_trust_dns == -1)
1151 options->gss_trust_dns = 0;
1104 if (options->password_authentication == -1) 1152 if (options->password_authentication == -1)
1105 options->password_authentication = 1; 1153 options->password_authentication = 1;
1106 if (options->kbd_interactive_authentication == -1) 1154 if (options->kbd_interactive_authentication == -1)
@@ -1183,8 +1231,13 @@ fill_default_options(Options * options)
1183 options->rekey_limit = 0; 1231 options->rekey_limit = 0;
1184 if (options->verify_host_key_dns == -1) 1232 if (options->verify_host_key_dns == -1)
1185 options->verify_host_key_dns = 0; 1233 options->verify_host_key_dns = 0;
1186 if (options->server_alive_interval == -1) 1234 if (options->server_alive_interval == -1) {
1187 options->server_alive_interval = 0; 1235 /* in batch mode, default is 5mins */
1236 if (options->batch_mode == 1)
1237 options->server_alive_interval = 300;
1238 else
1239 options->server_alive_interval = 0;
1240 }
1188 if (options->server_alive_count_max == -1) 1241 if (options->server_alive_count_max == -1)
1189 options->server_alive_count_max = 3; 1242 options->server_alive_count_max = 3;
1190 if (options->control_master == -1) 1243 if (options->control_master == -1)
@@ -1199,6 +1252,13 @@ fill_default_options(Options * options)
1199 options->tun_remote = SSH_TUNID_ANY; 1252 options->tun_remote = SSH_TUNID_ANY;
1200 if (options->permit_local_command == -1) 1253 if (options->permit_local_command == -1)
1201 options->permit_local_command = 0; 1254 options->permit_local_command = 0;
1255 if (options->setuptimeout == -1) {
1256 /* in batch mode, default is 5mins */
1257 if (options->batch_mode == 1)
1258 options->setuptimeout = 300;
1259 else
1260 options->setuptimeout = 0;
1261 }
1202 /* options->local_command should not be set by default */ 1262 /* options->local_command should not be set by default */
1203 /* options->proxy_command should not be set by default */ 1263 /* options->proxy_command should not be set by default */
1204 /* options->user will be set in the main program if appropriate */ 1264 /* options->user will be set in the main program if appropriate */
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-31 00:43:20 +0000