diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index 1fbf59793..7933c5289 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -112,6 +112,7 @@ typedef enum { | |||
112 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 112 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
113 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 113 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
114 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 114 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
115 | oProtocolKeepAlives, oSetupTimeOut, | ||
115 | oDeprecated, oUnsupported | 116 | oDeprecated, oUnsupported |
116 | } OpCodes; | 117 | } OpCodes; |
117 | 118 | ||
@@ -207,6 +208,8 @@ static struct { | |||
207 | { "tunneldevice", oTunnelDevice }, | 208 | { "tunneldevice", oTunnelDevice }, |
208 | { "localcommand", oLocalCommand }, | 209 | { "localcommand", oLocalCommand }, |
209 | { "permitlocalcommand", oPermitLocalCommand }, | 210 | { "permitlocalcommand", oPermitLocalCommand }, |
211 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
212 | { "setuptimeout", oSetupTimeOut }, | ||
210 | { NULL, oBadOption } | 213 | { NULL, oBadOption } |
211 | }; | 214 | }; |
212 | 215 | ||
@@ -779,6 +782,7 @@ parse_int: | |||
779 | goto parse_flag; | 782 | goto parse_flag; |
780 | 783 | ||
781 | case oServerAliveInterval: | 784 | case oServerAliveInterval: |
785 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
782 | intptr = &options->server_alive_interval; | 786 | intptr = &options->server_alive_interval; |
783 | goto parse_time; | 787 | goto parse_time; |
784 | 788 | ||
@@ -876,6 +880,10 @@ parse_int: | |||
876 | intptr = &options->permit_local_command; | 880 | intptr = &options->permit_local_command; |
877 | goto parse_flag; | 881 | goto parse_flag; |
878 | 882 | ||
883 | case oSetupTimeOut: | ||
884 | intptr = &options->setuptimeout; | ||
885 | goto parse_int; | ||
886 | |||
879 | case oDeprecated: | 887 | case oDeprecated: |
880 | debug("%s line %d: Deprecated option \"%s\"", | 888 | debug("%s line %d: Deprecated option \"%s\"", |
881 | filename, linenum, keyword); | 889 | filename, linenum, keyword); |
@@ -920,11 +928,30 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
920 | 928 | ||
921 | if (checkperm) { | 929 | if (checkperm) { |
922 | struct stat sb; | 930 | struct stat sb; |
931 | int bad_modes = 0; | ||
923 | 932 | ||
924 | if (fstat(fileno(f), &sb) == -1) | 933 | if (fstat(fileno(f), &sb) == -1) |
925 | fatal("fstat %s: %s", filename, strerror(errno)); | 934 | fatal("fstat %s: %s", filename, strerror(errno)); |
926 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 935 | if (sb.st_uid != 0 && sb.st_uid != getuid()) |
927 | (sb.st_mode & 022) != 0)) | 936 | bad_modes = 1; |
937 | if ((sb.st_mode & 020) != 0) { | ||
938 | /* If the file is group-writable, the group in | ||
939 | * question must have at most one member, namely the | ||
940 | * file's owner. | ||
941 | */ | ||
942 | struct passwd *pw = getpwuid(sb.st_uid); | ||
943 | struct group *gr = getgrgid(sb.st_gid); | ||
944 | if (!pw || !gr) | ||
945 | bad_modes = 1; | ||
946 | else if (gr->gr_mem[0]) { | ||
947 | if (strcmp(pw->pw_name, gr->gr_mem[0]) || | ||
948 | gr->gr_mem[1]) | ||
949 | bad_modes = 1; | ||
950 | } | ||
951 | } | ||
952 | if ((sb.st_mode & 002) != 0) | ||
953 | bad_modes = 1; | ||
954 | if (bad_modes) | ||
928 | fatal("Bad owner or permissions on %s", filename); | 955 | fatal("Bad owner or permissions on %s", filename); |
929 | } | 956 | } |
930 | 957 | ||
@@ -981,6 +1008,7 @@ initialize_options(Options * options) | |||
981 | options->strict_host_key_checking = -1; | 1008 | options->strict_host_key_checking = -1; |
982 | options->compression = -1; | 1009 | options->compression = -1; |
983 | options->tcp_keep_alive = -1; | 1010 | options->tcp_keep_alive = -1; |
1011 | options->setuptimeout = -1; | ||
984 | options->compression_level = -1; | 1012 | options->compression_level = -1; |
985 | options->port = -1; | 1013 | options->port = -1; |
986 | options->address_family = -1; | 1014 | options->address_family = -1; |
@@ -1042,7 +1070,7 @@ fill_default_options(Options * options) | |||
1042 | if (options->forward_x11 == -1) | 1070 | if (options->forward_x11 == -1) |
1043 | options->forward_x11 = 0; | 1071 | options->forward_x11 = 0; |
1044 | if (options->forward_x11_trusted == -1) | 1072 | if (options->forward_x11_trusted == -1) |
1045 | options->forward_x11_trusted = 0; | 1073 | options->forward_x11_trusted = 1; |
1046 | if (options->xauth_location == NULL) | 1074 | if (options->xauth_location == NULL) |
1047 | options->xauth_location = _PATH_XAUTH; | 1075 | options->xauth_location = _PATH_XAUTH; |
1048 | if (options->gateway_ports == -1) | 1076 | if (options->gateway_ports == -1) |
@@ -1141,8 +1169,13 @@ fill_default_options(Options * options) | |||
1141 | options->rekey_limit = 0; | 1169 | options->rekey_limit = 0; |
1142 | if (options->verify_host_key_dns == -1) | 1170 | if (options->verify_host_key_dns == -1) |
1143 | options->verify_host_key_dns = 0; | 1171 | options->verify_host_key_dns = 0; |
1144 | if (options->server_alive_interval == -1) | 1172 | if (options->server_alive_interval == -1) { |
1145 | options->server_alive_interval = 0; | 1173 | /* in batch mode, default is 5mins */ |
1174 | if (options->batch_mode == 1) | ||
1175 | options->server_alive_interval = 300; | ||
1176 | else | ||
1177 | options->server_alive_interval = 0; | ||
1178 | } | ||
1146 | if (options->server_alive_count_max == -1) | 1179 | if (options->server_alive_count_max == -1) |
1147 | options->server_alive_count_max = 3; | 1180 | options->server_alive_count_max = 3; |
1148 | if (options->control_master == -1) | 1181 | if (options->control_master == -1) |
@@ -1157,6 +1190,13 @@ fill_default_options(Options * options) | |||
1157 | options->tun_remote = SSH_TUNID_ANY; | 1190 | options->tun_remote = SSH_TUNID_ANY; |
1158 | if (options->permit_local_command == -1) | 1191 | if (options->permit_local_command == -1) |
1159 | options->permit_local_command = 0; | 1192 | options->permit_local_command = 0; |
1193 | if (options->setuptimeout == -1) { | ||
1194 | /* in batch mode, default is 5mins */ | ||
1195 | if (options->batch_mode == 1) | ||
1196 | options->setuptimeout = 300; | ||
1197 | else | ||
1198 | options->setuptimeout = 0; | ||
1199 | } | ||
1160 | /* options->local_command should not be set by default */ | 1200 | /* options->local_command should not be set by default */ |
1161 | /* options->proxy_command should not be set by default */ | 1201 | /* options->proxy_command should not be set by default */ |
1162 | /* options->user will be set in the main program if appropriate */ | 1202 | /* options->user will be set in the main program if appropriate */ |