summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c
index 36750a843..0e83f5809 100644
--- a/readconf.c
+++ b/readconf.c
@@ -28,6 +28,8 @@
28#include <stdio.h> 28#include <stdio.h>
29#include <string.h> 29#include <string.h>
30#include <unistd.h> 30#include <unistd.h>
31#include <pwd.h>
32#include <grp.h>
31 33
32#include "xmalloc.h" 34#include "xmalloc.h"
33#include "ssh.h" 35#include "ssh.h"
@@ -123,6 +125,7 @@ typedef enum {
123 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
124 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
125 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
128 oUseBlacklistedKeys,
126 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, 129 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
127 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 130 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -133,6 +136,7 @@ typedef enum {
133 oHashKnownHosts, 136 oHashKnownHosts,
134 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 137 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
135 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 138 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
139 oProtocolKeepAlives, oSetupTimeOut,
136 oDeprecated, oUnsupported 140 oDeprecated, oUnsupported
137} OpCodes; 141} OpCodes;
138 142
@@ -154,6 +158,7 @@ static struct {
154 { "passwordauthentication", oPasswordAuthentication }, 158 { "passwordauthentication", oPasswordAuthentication },
155 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 159 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
156 { "kbdinteractivedevices", oKbdInteractiveDevices }, 160 { "kbdinteractivedevices", oKbdInteractiveDevices },
161 { "useblacklistedkeys", oUseBlacklistedKeys },
157 { "rsaauthentication", oRSAAuthentication }, 162 { "rsaauthentication", oRSAAuthentication },
158 { "pubkeyauthentication", oPubkeyAuthentication }, 163 { "pubkeyauthentication", oPubkeyAuthentication },
159 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 164 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
@@ -249,6 +254,8 @@ static struct {
249#else 254#else
250 { "zeroknowledgepasswordauthentication", oUnsupported }, 255 { "zeroknowledgepasswordauthentication", oUnsupported },
251#endif 256#endif
257 { "protocolkeepalives", oProtocolKeepAlives },
258 { "setuptimeout", oSetupTimeOut },
252 259
253 { NULL, oBadOption } 260 { NULL, oBadOption }
254}; 261};
@@ -479,6 +486,10 @@ parse_flag:
479 intptr = &options->challenge_response_authentication; 486 intptr = &options->challenge_response_authentication;
480 goto parse_flag; 487 goto parse_flag;
481 488
489 case oUseBlacklistedKeys:
490 intptr = &options->use_blacklisted_keys;
491 goto parse_flag;
492
482 case oGssAuthentication: 493 case oGssAuthentication:
483 intptr = &options->gss_authentication; 494 intptr = &options->gss_authentication;
484 goto parse_flag; 495 goto parse_flag;
@@ -859,6 +870,8 @@ parse_int:
859 goto parse_flag; 870 goto parse_flag;
860 871
861 case oServerAliveInterval: 872 case oServerAliveInterval:
873 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
874 case oSetupTimeOut: /* Debian-specific compatibility alias */
862 intptr = &options->server_alive_interval; 875 intptr = &options->server_alive_interval;
863 goto parse_time; 876 goto parse_time;
864 877
@@ -1034,8 +1047,7 @@ read_config_file(const char *filename, const char *host, Options *options,
1034 1047
1035 if (fstat(fileno(f), &sb) == -1) 1048 if (fstat(fileno(f), &sb) == -1)
1036 fatal("fstat %s: %s", filename, strerror(errno)); 1049 fatal("fstat %s: %s", filename, strerror(errno));
1037 if (((sb.st_uid != 0 && sb.st_uid != getuid()) || 1050 if (!secure_permissions(&sb, getuid()))
1038 (sb.st_mode & 022) != 0))
1039 fatal("Bad owner or permissions on %s", filename); 1051 fatal("Bad owner or permissions on %s", filename);
1040 } 1052 }
1041 1053
@@ -1093,6 +1105,7 @@ initialize_options(Options * options)
1093 options->kbd_interactive_devices = NULL; 1105 options->kbd_interactive_devices = NULL;
1094 options->rhosts_rsa_authentication = -1; 1106 options->rhosts_rsa_authentication = -1;
1095 options->hostbased_authentication = -1; 1107 options->hostbased_authentication = -1;
1108 options->use_blacklisted_keys = -1;
1096 options->batch_mode = -1; 1109 options->batch_mode = -1;
1097 options->check_host_ip = -1; 1110 options->check_host_ip = -1;
1098 options->strict_host_key_checking = -1; 1111 options->strict_host_key_checking = -1;
@@ -1166,7 +1179,7 @@ fill_default_options(Options * options)
1166 if (options->forward_x11 == -1) 1179 if (options->forward_x11 == -1)
1167 options->forward_x11 = 0; 1180 options->forward_x11 = 0;
1168 if (options->forward_x11_trusted == -1) 1181 if (options->forward_x11_trusted == -1)
1169 options->forward_x11_trusted = 0; 1182 options->forward_x11_trusted = 1;
1170 if (options->forward_x11_timeout == -1) 1183 if (options->forward_x11_timeout == -1)
1171 options->forward_x11_timeout = 1200; 1184 options->forward_x11_timeout = 1200;
1172 if (options->exit_on_forward_failure == -1) 1185 if (options->exit_on_forward_failure == -1)
@@ -1201,6 +1214,8 @@ fill_default_options(Options * options)
1201 options->rhosts_rsa_authentication = 0; 1214 options->rhosts_rsa_authentication = 0;
1202 if (options->hostbased_authentication == -1) 1215 if (options->hostbased_authentication == -1)
1203 options->hostbased_authentication = 0; 1216 options->hostbased_authentication = 0;
1217 if (options->use_blacklisted_keys == -1)
1218 options->use_blacklisted_keys = 0;
1204 if (options->batch_mode == -1) 1219 if (options->batch_mode == -1)
1205 options->batch_mode = 0; 1220 options->batch_mode = 0;
1206 if (options->check_host_ip == -1) 1221 if (options->check_host_ip == -1)
@@ -1275,8 +1290,13 @@ fill_default_options(Options * options)
1275 options->rekey_limit = 0; 1290 options->rekey_limit = 0;
1276 if (options->verify_host_key_dns == -1) 1291 if (options->verify_host_key_dns == -1)
1277 options->verify_host_key_dns = 0; 1292 options->verify_host_key_dns = 0;
1278 if (options->server_alive_interval == -1) 1293 if (options->server_alive_interval == -1) {
1279 options->server_alive_interval = 0; 1294 /* in batch mode, default is 5mins */
1295 if (options->batch_mode == 1)
1296 options->server_alive_interval = 300;
1297 else
1298 options->server_alive_interval = 0;
1299 }
1280 if (options->server_alive_count_max == -1) 1300 if (options->server_alive_count_max == -1)
1281 options->server_alive_count_max = 3; 1301 options->server_alive_count_max = 3;
1282 if (options->control_master == -1) 1302 if (options->control_master == -1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 08:40:50 +0000