summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c
index 99c04a9de..a34cbe707 100644
--- a/readconf.c
+++ b/readconf.c
@@ -30,6 +30,8 @@
30#include <stdio.h> 30#include <stdio.h>
31#include <string.h> 31#include <string.h>
32#include <unistd.h> 32#include <unistd.h>
33#include <pwd.h>
34#include <grp.h>
33 35
34#include "xmalloc.h" 36#include "xmalloc.h"
35#include "ssh.h" 37#include "ssh.h"
@@ -125,6 +127,7 @@ typedef enum {
125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 127 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 128 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 129 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
130 oUseBlacklistedKeys,
128 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, 131 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
129 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 132 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
130 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -137,6 +140,7 @@ typedef enum {
137 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 140 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
138 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 141 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
139 oKexAlgorithms, oIPQoS, oRequestTTY, 142 oKexAlgorithms, oIPQoS, oRequestTTY,
143 oProtocolKeepAlives, oSetupTimeOut,
140 oDeprecated, oUnsupported 144 oDeprecated, oUnsupported
141} OpCodes; 145} OpCodes;
142 146
@@ -158,6 +162,7 @@ static struct {
158 { "passwordauthentication", oPasswordAuthentication }, 162 { "passwordauthentication", oPasswordAuthentication },
159 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 163 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
160 { "kbdinteractivedevices", oKbdInteractiveDevices }, 164 { "kbdinteractivedevices", oKbdInteractiveDevices },
165 { "useblacklistedkeys", oUseBlacklistedKeys },
161 { "rsaauthentication", oRSAAuthentication }, 166 { "rsaauthentication", oRSAAuthentication },
162 { "pubkeyauthentication", oPubkeyAuthentication }, 167 { "pubkeyauthentication", oPubkeyAuthentication },
163 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 168 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
@@ -257,6 +262,8 @@ static struct {
257 { "kexalgorithms", oKexAlgorithms }, 262 { "kexalgorithms", oKexAlgorithms },
258 { "ipqos", oIPQoS }, 263 { "ipqos", oIPQoS },
259 { "requesttty", oRequestTTY }, 264 { "requesttty", oRequestTTY },
265 { "protocolkeepalives", oProtocolKeepAlives },
266 { "setuptimeout", oSetupTimeOut },
260 267
261 { NULL, oBadOption } 268 { NULL, oBadOption }
262}; 269};
@@ -490,6 +497,10 @@ parse_flag:
490 intptr = &options->challenge_response_authentication; 497 intptr = &options->challenge_response_authentication;
491 goto parse_flag; 498 goto parse_flag;
492 499
500 case oUseBlacklistedKeys:
501 intptr = &options->use_blacklisted_keys;
502 goto parse_flag;
503
493 case oGssAuthentication: 504 case oGssAuthentication:
494 intptr = &options->gss_authentication; 505 intptr = &options->gss_authentication;
495 goto parse_flag; 506 goto parse_flag;
@@ -909,6 +920,8 @@ parse_int:
909 goto parse_flag; 920 goto parse_flag;
910 921
911 case oServerAliveInterval: 922 case oServerAliveInterval:
923 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
924 case oSetupTimeOut: /* Debian-specific compatibility alias */
912 intptr = &options->server_alive_interval; 925 intptr = &options->server_alive_interval;
913 goto parse_time; 926 goto parse_time;
914 927
@@ -1121,8 +1134,7 @@ read_config_file(const char *filename, const char *host, Options *options,
1121 1134
1122 if (fstat(fileno(f), &sb) == -1) 1135 if (fstat(fileno(f), &sb) == -1)
1123 fatal("fstat %s: %s", filename, strerror(errno)); 1136 fatal("fstat %s: %s", filename, strerror(errno));
1124 if (((sb.st_uid != 0 && sb.st_uid != getuid()) || 1137 if (!secure_permissions(&sb, getuid()))
1125 (sb.st_mode & 022) != 0))
1126 fatal("Bad owner or permissions on %s", filename); 1138 fatal("Bad owner or permissions on %s", filename);
1127 } 1139 }
1128 1140
@@ -1181,6 +1193,7 @@ initialize_options(Options * options)
1181 options->kbd_interactive_devices = NULL; 1193 options->kbd_interactive_devices = NULL;
1182 options->rhosts_rsa_authentication = -1; 1194 options->rhosts_rsa_authentication = -1;
1183 options->hostbased_authentication = -1; 1195 options->hostbased_authentication = -1;
1196 options->use_blacklisted_keys = -1;
1184 options->batch_mode = -1; 1197 options->batch_mode = -1;
1185 options->check_host_ip = -1; 1198 options->check_host_ip = -1;
1186 options->strict_host_key_checking = -1; 1199 options->strict_host_key_checking = -1;
@@ -1256,7 +1269,7 @@ fill_default_options(Options * options)
1256 if (options->forward_x11 == -1) 1269 if (options->forward_x11 == -1)
1257 options->forward_x11 = 0; 1270 options->forward_x11 = 0;
1258 if (options->forward_x11_trusted == -1) 1271 if (options->forward_x11_trusted == -1)
1259 options->forward_x11_trusted = 0; 1272 options->forward_x11_trusted = 1;
1260 if (options->forward_x11_timeout == -1) 1273 if (options->forward_x11_timeout == -1)
1261 options->forward_x11_timeout = 1200; 1274 options->forward_x11_timeout = 1200;
1262 if (options->exit_on_forward_failure == -1) 1275 if (options->exit_on_forward_failure == -1)
@@ -1291,6 +1304,8 @@ fill_default_options(Options * options)
1291 options->rhosts_rsa_authentication = 0; 1304 options->rhosts_rsa_authentication = 0;
1292 if (options->hostbased_authentication == -1) 1305 if (options->hostbased_authentication == -1)
1293 options->hostbased_authentication = 0; 1306 options->hostbased_authentication = 0;
1307 if (options->use_blacklisted_keys == -1)
1308 options->use_blacklisted_keys = 0;
1294 if (options->batch_mode == -1) 1309 if (options->batch_mode == -1)
1295 options->batch_mode = 0; 1310 options->batch_mode = 0;
1296 if (options->check_host_ip == -1) 1311 if (options->check_host_ip == -1)
@@ -1377,8 +1392,13 @@ fill_default_options(Options * options)
1377 options->rekey_limit = 0; 1392 options->rekey_limit = 0;
1378 if (options->verify_host_key_dns == -1) 1393 if (options->verify_host_key_dns == -1)
1379 options->verify_host_key_dns = 0; 1394 options->verify_host_key_dns = 0;
1380 if (options->server_alive_interval == -1) 1395 if (options->server_alive_interval == -1) {
1381 options->server_alive_interval = 0; 1396 /* in batch mode, default is 5mins */
1397 if (options->batch_mode == 1)
1398 options->server_alive_interval = 300;
1399 else
1400 options->server_alive_interval = 0;
1401 }
1382 if (options->server_alive_count_max == -1) 1402 if (options->server_alive_count_max == -1)
1383 options->server_alive_count_max = 3; 1403 options->server_alive_count_max = 3;
1384 if (options->control_master == -1) 1404 if (options->control_master == -1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 15:19:53 +0000