Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1ab6a51f9b258a6e844f1ee442c15aec7fcb6a72^! / . / readconf.c
commit1ab6a51f9b258a6e844f1ee442c15aec7fcb6a72[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sat Jun 26 10:02:24 2010 +1000
committerDamien Miller <djm@mindrot.org>Sat Jun 26 10:02:24 2010 +1000
tree708954349afa3ef3f1294934443d5773c1b6b53f
parent383ffe6c5f31d3ecd89caadc8aef1bc2b821d63a [diff] [blame]
   - djm@cvs.openbsd.org 2010/06/25 23:10:30
     [ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@

diff --git a/readconf.c b/readconf.c
index aae9cef..da48ae7 100644
--- a/readconf.c
+++ b/readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.185 2010/06/25 07:14:46 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.186 2010/06/25 23:15:36 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -110,8 +110,8 @@
 
 typedef enum {
 	oBadOption,
-	oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
-	oExitOnForwardFailure,
+	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
+	oGatewayPorts, oExitOnForwardFailure,
 	oPasswordAuthentication, oRSAAuthentication,
 	oChallengeResponseAuthentication, oXAuthLocation,
 	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
@@ -143,6 +143,7 @@
 	{ "forwardagent", oForwardAgent },
 	{ "forwardx11", oForwardX11 },
 	{ "forwardx11trusted", oForwardX11Trusted },
+	{ "forwardx11timeout", oForwardX11Timeout },
 	{ "exitonforwardfailure", oExitOnForwardFailure },
 	{ "xauthlocation", oXAuthLocation },
 	{ "gatewayports", oGatewayPorts },
@@ -414,6 +415,10 @@
 	case oForwardX11Trusted:
 		intptr = &options->forward_x11_trusted;
 		goto parse_flag;
+	
+	case oForwardX11Timeout:
+		intptr = &options->forward_x11_timeout;
+		goto parse_time;
 
 	case oGatewayPorts:
 		intptr = &options->gateway_ports;
@@ -1018,6 +1023,7 @@
 	options->forward_agent = -1;
 	options->forward_x11 = -1;
 	options->forward_x11_trusted = -1;
+	options->forward_x11_timeout = -1;
 	options->exit_on_forward_failure = -1;
 	options->xauth_location = NULL;
 	options->gateway_ports = -1;
@@ -1104,6 +1110,8 @@
 		options->forward_x11 = 0;
 	if (options->forward_x11_trusted == -1)
 		options->forward_x11_trusted = 0;
+	if (options->forward_x11_timeout == -1)
+		options->forward_x11_timeout = 1200;
 	if (options->exit_on_forward_failure == -1)
 		options->exit_on_forward_failure = 0;
 	if (options->xauth_location == NULL)