diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-10-11 08:24:09 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-10-11 08:24:09 +0000 |
| commit | 71c688d733c6338fddc0b48a555c52b7b407c840 (patch) | |
| tree | 1071d6061654964111eb6928f75e8b440d1acee3 /usr.bin/ssh/readconf.c | |
| parent | 86a80e300f68c1014752fdb73aa9675f5aa58b7e (diff) | |
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
Diffstat (limited to 'usr.bin/ssh/readconf.c')
| -rw-r--r-- | usr.bin/ssh/readconf.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index cacfef567de..2492ac6c3ed 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.122 2003/10/08 15:21:24 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -89,7 +89,7 @@ RCSID("$OpenBSD: readconf.c,v 1.122 2003/10/08 15:21:24 markus Exp $"); typedef enum { oBadOption, - oForwardAgent, oForwardX11, oGatewayPorts, + oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -116,6 +116,7 @@ static struct { } keywords[] = { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, + { "forwardx11trusted", oForwardX11Trusted }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, @@ -340,6 +341,10 @@ parse_flag: intptr = &options->forward_x11; goto parse_flag; + case oForwardX11Trusted: + intptr = &options->forward_x11_trusted; + goto parse_flag; + case oGatewayPorts: intptr = &options->gateway_ports; goto parse_flag; @@ -804,6 +809,7 @@ initialize_options(Options * options) memset(options, 'X', sizeof(*options)); options->forward_agent = -1; options->forward_x11 = -1; + options->forward_x11_trusted = -1; options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; @@ -870,6 +876,8 @@ fill_default_options(Options * options) options->forward_agent = 0; if (options->forward_x11 == -1) options->forward_x11 = 0; + if (options->forward_x11_trusted == -1) + options->forward_x11_trusted = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->gateway_ports == -1) |