diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-11-28 01:37:36 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2022-11-30 12:16:08 +1100 |
commit | f7cebbbf407d772ed71403d314343766782fe540 (patch) | |
tree | dfda77bb010623650d4ae80ae539d6542e52641d /readconf.c | |
parent | d323f7ecf52e3d4ec1f4939bf31693e02f891dca (diff) |
upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -175,6 +175,7 @@ typedef enum { oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, + oEnableEscapeCommandline, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -321,6 +322,7 @@ static struct { { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, { "requiredrsasize", oRequiredRSASize }, + { "enableescapecommandline", oEnableEscapeCommandline }, { NULL, oBadOption } }; @@ -2177,6 +2179,10 @@ parse_pubkey_algos: *charptr = xstrdup(arg); break; + case oEnableEscapeCommandline: + intptr = &options->enable_escape_commandline; + goto parse_flag; + case oRequiredRSASize: intptr = &options->required_rsa_size; goto parse_int; @@ -2429,6 +2435,7 @@ initialize_options(Options * options) options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; options->required_rsa_size = -1; + options->enable_escape_commandline = -1; } /* @@ -2627,6 +2634,8 @@ fill_default_options(Options * options) #endif if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->enable_escape_commandline == -1) + options->enable_escape_commandline = 0; /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -3308,6 +3317,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); + dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); |