diff options
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index 1fbf59793..7933c5289 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -112,6 +112,7 @@ typedef enum { | |||
| 112 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 112 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| 113 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 113 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
| 114 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 114 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
| 115 | oProtocolKeepAlives, oSetupTimeOut, | ||
| 115 | oDeprecated, oUnsupported | 116 | oDeprecated, oUnsupported |
| 116 | } OpCodes; | 117 | } OpCodes; |
| 117 | 118 | ||
| @@ -207,6 +208,8 @@ static struct { | |||
| 207 | { "tunneldevice", oTunnelDevice }, | 208 | { "tunneldevice", oTunnelDevice }, |
| 208 | { "localcommand", oLocalCommand }, | 209 | { "localcommand", oLocalCommand }, |
| 209 | { "permitlocalcommand", oPermitLocalCommand }, | 210 | { "permitlocalcommand", oPermitLocalCommand }, |
| 211 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
| 212 | { "setuptimeout", oSetupTimeOut }, | ||
| 210 | { NULL, oBadOption } | 213 | { NULL, oBadOption } |
| 211 | }; | 214 | }; |
| 212 | 215 | ||
| @@ -779,6 +782,7 @@ parse_int: | |||
| 779 | goto parse_flag; | 782 | goto parse_flag; |
| 780 | 783 | ||
| 781 | case oServerAliveInterval: | 784 | case oServerAliveInterval: |
| 785 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
| 782 | intptr = &options->server_alive_interval; | 786 | intptr = &options->server_alive_interval; |
| 783 | goto parse_time; | 787 | goto parse_time; |
| 784 | 788 | ||
| @@ -876,6 +880,10 @@ parse_int: | |||
| 876 | intptr = &options->permit_local_command; | 880 | intptr = &options->permit_local_command; |
| 877 | goto parse_flag; | 881 | goto parse_flag; |
| 878 | 882 | ||
| 883 | case oSetupTimeOut: | ||
| 884 | intptr = &options->setuptimeout; | ||
| 885 | goto parse_int; | ||
| 886 | |||
| 879 | case oDeprecated: | 887 | case oDeprecated: |
| 880 | debug("%s line %d: Deprecated option \"%s\"", | 888 | debug("%s line %d: Deprecated option \"%s\"", |
| 881 | filename, linenum, keyword); | 889 | filename, linenum, keyword); |
| @@ -920,11 +928,30 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
| 920 | 928 | ||
| 921 | if (checkperm) { | 929 | if (checkperm) { |
| 922 | struct stat sb; | 930 | struct stat sb; |
| 931 | int bad_modes = 0; | ||
| 923 | 932 | ||
| 924 | if (fstat(fileno(f), &sb) == -1) | 933 | if (fstat(fileno(f), &sb) == -1) |
| 925 | fatal("fstat %s: %s", filename, strerror(errno)); | 934 | fatal("fstat %s: %s", filename, strerror(errno)); |
| 926 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 935 | if (sb.st_uid != 0 && sb.st_uid != getuid()) |
| 927 | (sb.st_mode & 022) != 0)) | 936 | bad_modes = 1; |
| 937 | if ((sb.st_mode & 020) != 0) { | ||
| 938 | /* If the file is group-writable, the group in | ||
| 939 | * question must have at most one member, namely the | ||
| 940 | * file's owner. | ||
| 941 | */ | ||
| 942 | struct passwd *pw = getpwuid(sb.st_uid); | ||
| 943 | struct group *gr = getgrgid(sb.st_gid); | ||
| 944 | if (!pw || !gr) | ||
| 945 | bad_modes = 1; | ||
| 946 | else if (gr->gr_mem[0]) { | ||
| 947 | if (strcmp(pw->pw_name, gr->gr_mem[0]) || | ||
| 948 | gr->gr_mem[1]) | ||
| 949 | bad_modes = 1; | ||
| 950 | } | ||
| 951 | } | ||
| 952 | if ((sb.st_mode & 002) != 0) | ||
| 953 | bad_modes = 1; | ||
| 954 | if (bad_modes) | ||
| 928 | fatal("Bad owner or permissions on %s", filename); | 955 | fatal("Bad owner or permissions on %s", filename); |
| 929 | } | 956 | } |
| 930 | 957 | ||
| @@ -981,6 +1008,7 @@ initialize_options(Options * options) | |||
| 981 | options->strict_host_key_checking = -1; | 1008 | options->strict_host_key_checking = -1; |
| 982 | options->compression = -1; | 1009 | options->compression = -1; |
| 983 | options->tcp_keep_alive = -1; | 1010 | options->tcp_keep_alive = -1; |
| 1011 | options->setuptimeout = -1; | ||
| 984 | options->compression_level = -1; | 1012 | options->compression_level = -1; |
| 985 | options->port = -1; | 1013 | options->port = -1; |
| 986 | options->address_family = -1; | 1014 | options->address_family = -1; |
| @@ -1042,7 +1070,7 @@ fill_default_options(Options * options) | |||
| 1042 | if (options->forward_x11 == -1) | 1070 | if (options->forward_x11 == -1) |
| 1043 | options->forward_x11 = 0; | 1071 | options->forward_x11 = 0; |
| 1044 | if (options->forward_x11_trusted == -1) | 1072 | if (options->forward_x11_trusted == -1) |
| 1045 | options->forward_x11_trusted = 0; | 1073 | options->forward_x11_trusted = 1; |
| 1046 | if (options->xauth_location == NULL) | 1074 | if (options->xauth_location == NULL) |
| 1047 | options->xauth_location = _PATH_XAUTH; | 1075 | options->xauth_location = _PATH_XAUTH; |
| 1048 | if (options->gateway_ports == -1) | 1076 | if (options->gateway_ports == -1) |
| @@ -1141,8 +1169,13 @@ fill_default_options(Options * options) | |||
| 1141 | options->rekey_limit = 0; | 1169 | options->rekey_limit = 0; |
| 1142 | if (options->verify_host_key_dns == -1) | 1170 | if (options->verify_host_key_dns == -1) |
| 1143 | options->verify_host_key_dns = 0; | 1171 | options->verify_host_key_dns = 0; |
| 1144 | if (options->server_alive_interval == -1) | 1172 | if (options->server_alive_interval == -1) { |
| 1145 | options->server_alive_interval = 0; | 1173 | /* in batch mode, default is 5mins */ |
| 1174 | if (options->batch_mode == 1) | ||
| 1175 | options->server_alive_interval = 300; | ||
| 1176 | else | ||
| 1177 | options->server_alive_interval = 0; | ||
| 1178 | } | ||
| 1146 | if (options->server_alive_count_max == -1) | 1179 | if (options->server_alive_count_max == -1) |
| 1147 | options->server_alive_count_max = 3; | 1180 | options->server_alive_count_max = 3; |
| 1148 | if (options->control_master == -1) | 1181 | if (options->control_master == -1) |
| @@ -1157,6 +1190,13 @@ fill_default_options(Options * options) | |||
| 1157 | options->tun_remote = SSH_TUNID_ANY; | 1190 | options->tun_remote = SSH_TUNID_ANY; |
| 1158 | if (options->permit_local_command == -1) | 1191 | if (options->permit_local_command == -1) |
| 1159 | options->permit_local_command = 0; | 1192 | options->permit_local_command = 0; |
| 1193 | if (options->setuptimeout == -1) { | ||
| 1194 | /* in batch mode, default is 5mins */ | ||
| 1195 | if (options->batch_mode == 1) | ||
| 1196 | options->setuptimeout = 300; | ||
| 1197 | else | ||
| 1198 | options->setuptimeout = 0; | ||
| 1199 | } | ||
| 1160 | /* options->local_command should not be set by default */ | 1200 | /* options->local_command should not be set by default */ |
| 1161 | /* options->proxy_command should not be set by default */ | 1201 | /* options->proxy_command should not be set by default */ |
| 1162 | /* options->user will be set in the main program if appropriate */ | 1202 | /* options->user will be set in the main program if appropriate */ |