diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index 36750a843..0e83f5809 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -28,6 +28,8 @@ | |||
28 | #include <stdio.h> | 28 | #include <stdio.h> |
29 | #include <string.h> | 29 | #include <string.h> |
30 | #include <unistd.h> | 30 | #include <unistd.h> |
31 | #include <pwd.h> | ||
32 | #include <grp.h> | ||
31 | 33 | ||
32 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
33 | #include "ssh.h" | 35 | #include "ssh.h" |
@@ -123,6 +125,7 @@ typedef enum { | |||
123 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 125 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
124 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 126 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
125 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 127 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
128 | oUseBlacklistedKeys, | ||
126 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 129 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
127 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 130 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
128 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 131 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
@@ -133,6 +136,7 @@ typedef enum { | |||
133 | oHashKnownHosts, | 136 | oHashKnownHosts, |
134 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
135 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
139 | oProtocolKeepAlives, oSetupTimeOut, | ||
136 | oDeprecated, oUnsupported | 140 | oDeprecated, oUnsupported |
137 | } OpCodes; | 141 | } OpCodes; |
138 | 142 | ||
@@ -154,6 +158,7 @@ static struct { | |||
154 | { "passwordauthentication", oPasswordAuthentication }, | 158 | { "passwordauthentication", oPasswordAuthentication }, |
155 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 159 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
156 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 160 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
161 | { "useblacklistedkeys", oUseBlacklistedKeys }, | ||
157 | { "rsaauthentication", oRSAAuthentication }, | 162 | { "rsaauthentication", oRSAAuthentication }, |
158 | { "pubkeyauthentication", oPubkeyAuthentication }, | 163 | { "pubkeyauthentication", oPubkeyAuthentication }, |
159 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 164 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
@@ -249,6 +254,8 @@ static struct { | |||
249 | #else | 254 | #else |
250 | { "zeroknowledgepasswordauthentication", oUnsupported }, | 255 | { "zeroknowledgepasswordauthentication", oUnsupported }, |
251 | #endif | 256 | #endif |
257 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
258 | { "setuptimeout", oSetupTimeOut }, | ||
252 | 259 | ||
253 | { NULL, oBadOption } | 260 | { NULL, oBadOption } |
254 | }; | 261 | }; |
@@ -479,6 +486,10 @@ parse_flag: | |||
479 | intptr = &options->challenge_response_authentication; | 486 | intptr = &options->challenge_response_authentication; |
480 | goto parse_flag; | 487 | goto parse_flag; |
481 | 488 | ||
489 | case oUseBlacklistedKeys: | ||
490 | intptr = &options->use_blacklisted_keys; | ||
491 | goto parse_flag; | ||
492 | |||
482 | case oGssAuthentication: | 493 | case oGssAuthentication: |
483 | intptr = &options->gss_authentication; | 494 | intptr = &options->gss_authentication; |
484 | goto parse_flag; | 495 | goto parse_flag; |
@@ -859,6 +870,8 @@ parse_int: | |||
859 | goto parse_flag; | 870 | goto parse_flag; |
860 | 871 | ||
861 | case oServerAliveInterval: | 872 | case oServerAliveInterval: |
873 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
874 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
862 | intptr = &options->server_alive_interval; | 875 | intptr = &options->server_alive_interval; |
863 | goto parse_time; | 876 | goto parse_time; |
864 | 877 | ||
@@ -1034,8 +1047,7 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
1034 | 1047 | ||
1035 | if (fstat(fileno(f), &sb) == -1) | 1048 | if (fstat(fileno(f), &sb) == -1) |
1036 | fatal("fstat %s: %s", filename, strerror(errno)); | 1049 | fatal("fstat %s: %s", filename, strerror(errno)); |
1037 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | 1050 | if (!secure_permissions(&sb, getuid())) |
1038 | (sb.st_mode & 022) != 0)) | ||
1039 | fatal("Bad owner or permissions on %s", filename); | 1051 | fatal("Bad owner or permissions on %s", filename); |
1040 | } | 1052 | } |
1041 | 1053 | ||
@@ -1093,6 +1105,7 @@ initialize_options(Options * options) | |||
1093 | options->kbd_interactive_devices = NULL; | 1105 | options->kbd_interactive_devices = NULL; |
1094 | options->rhosts_rsa_authentication = -1; | 1106 | options->rhosts_rsa_authentication = -1; |
1095 | options->hostbased_authentication = -1; | 1107 | options->hostbased_authentication = -1; |
1108 | options->use_blacklisted_keys = -1; | ||
1096 | options->batch_mode = -1; | 1109 | options->batch_mode = -1; |
1097 | options->check_host_ip = -1; | 1110 | options->check_host_ip = -1; |
1098 | options->strict_host_key_checking = -1; | 1111 | options->strict_host_key_checking = -1; |
@@ -1166,7 +1179,7 @@ fill_default_options(Options * options) | |||
1166 | if (options->forward_x11 == -1) | 1179 | if (options->forward_x11 == -1) |
1167 | options->forward_x11 = 0; | 1180 | options->forward_x11 = 0; |
1168 | if (options->forward_x11_trusted == -1) | 1181 | if (options->forward_x11_trusted == -1) |
1169 | options->forward_x11_trusted = 0; | 1182 | options->forward_x11_trusted = 1; |
1170 | if (options->forward_x11_timeout == -1) | 1183 | if (options->forward_x11_timeout == -1) |
1171 | options->forward_x11_timeout = 1200; | 1184 | options->forward_x11_timeout = 1200; |
1172 | if (options->exit_on_forward_failure == -1) | 1185 | if (options->exit_on_forward_failure == -1) |
@@ -1201,6 +1214,8 @@ fill_default_options(Options * options) | |||
1201 | options->rhosts_rsa_authentication = 0; | 1214 | options->rhosts_rsa_authentication = 0; |
1202 | if (options->hostbased_authentication == -1) | 1215 | if (options->hostbased_authentication == -1) |
1203 | options->hostbased_authentication = 0; | 1216 | options->hostbased_authentication = 0; |
1217 | if (options->use_blacklisted_keys == -1) | ||
1218 | options->use_blacklisted_keys = 0; | ||
1204 | if (options->batch_mode == -1) | 1219 | if (options->batch_mode == -1) |
1205 | options->batch_mode = 0; | 1220 | options->batch_mode = 0; |
1206 | if (options->check_host_ip == -1) | 1221 | if (options->check_host_ip == -1) |
@@ -1275,8 +1290,13 @@ fill_default_options(Options * options) | |||
1275 | options->rekey_limit = 0; | 1290 | options->rekey_limit = 0; |
1276 | if (options->verify_host_key_dns == -1) | 1291 | if (options->verify_host_key_dns == -1) |
1277 | options->verify_host_key_dns = 0; | 1292 | options->verify_host_key_dns = 0; |
1278 | if (options->server_alive_interval == -1) | 1293 | if (options->server_alive_interval == -1) { |
1279 | options->server_alive_interval = 0; | 1294 | /* in batch mode, default is 5mins */ |
1295 | if (options->batch_mode == 1) | ||
1296 | options->server_alive_interval = 300; | ||
1297 | else | ||
1298 | options->server_alive_interval = 0; | ||
1299 | } | ||
1280 | if (options->server_alive_count_max == -1) | 1300 | if (options->server_alive_count_max == -1) |
1281 | options->server_alive_count_max = 3; | 1301 | options->server_alive_count_max = 3; |
1282 | if (options->control_master == -1) | 1302 | if (options->control_master == -1) |