Attachment #1809 for bug #1733




# define IPTOS_MINCOST           IPTOS_LOWCOST
#endif /* IPTOS_LOWDELAY */

/* in glibc 2.12 */
#ifndef IPTOS_CLASS_CS0
#define IPTOS_CLASS_CS0         0x00
#define IPTOS_CLASS_CS1         0x20
#define IPTOS_CLASS_CS2         0x40
#define IPTOS_CLASS_CS3         0x60
#define IPTOS_CLASS_CS4         0x80
#define IPTOS_CLASS_CS5         0xa0
#define IPTOS_CLASS_CS6         0xc0
#define IPTOS_CLASS_CS7         0xe0
#endif

/* in glibc 2.11 */
#ifndef IPTOS_DSCP_AF11
#define IPTOS_DSCP_AF11         0x28
#define IPTOS_DSCP_AF12         0x30
#define IPTOS_DSCP_AF13         0x38
#define IPTOS_DSCP_AF21         0x48
#define IPTOS_DSCP_AF22         0x50
#define IPTOS_DSCP_AF23         0x58
#define IPTOS_DSCP_AF31         0x68
#define IPTOS_DSCP_AF32         0x70
#define IPTOS_DSCP_AF33         0x78
#define IPTOS_DSCP_AF41         0x88
#define IPTOS_DSCP_AF42         0x90
#define IPTOS_DSCP_AF43         0x98
#define IPTOS_DSCP_EF           0xb8
#endif

#ifndef MAXPATHLEN
# ifdef PATH_MAX
#  define MAXPATHLEN PATH_MAX

Lines 78-83 Link Here

(-)packet.c (-5 / +6 lines)
78	#include "misc.h"	78	#include "misc.h"
79	#include "ssh.h"	79	#include "ssh.h"
80	#include "roaming.h"	80	#include "roaming.h"
		81	#include "readconf.h"
81		82
82	#ifdef PACKET_DEBUG	83	#ifdef PACKET_DEBUG
83	#define DBG(x) x	84	#define DBG(x) x
Lines 87-92 Link Here
87		88
88	#define PACKET_MAX_SIZE (256 * 1024)	89	#define PACKET_MAX_SIZE (256 * 1024)
89		90
		91	extern Options options;
		92
90	struct packet_state {	93	struct packet_state {
91	u_int32_t seqnr;	94	u_int32_t seqnr;
92	u_int32_t packets;	95	u_int32_t packets;
Lines 1728-1738 packet_not_very_much_data_to_write(void) Link Here
1728	}	1731	}
1729		1732
1730	static void	1733	static void
1731	packet_set_tos(int interactive)	1734	packet_set_tos(int tos)
1732	{	1735	{
1733	#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)	1736	#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
1734	int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
1735
1736	if (!packet_connection_is_on_socket() \|\|	1737	if (!packet_connection_is_on_socket() \|\|
1737	!packet_connection_is_ipv4())	1738	!packet_connection_is_ipv4())
1738	return;	1739	return;
Lines 1746-1752 packet_set_tos(int interactive) Link Here
1746	/* Informs that the current session is interactive. Sets IP flags for that. */	1747	/* Informs that the current session is interactive. Sets IP flags for that. */
1747		1748
1748	void	1749	void
1749	packet_set_interactive(int interactive)	1750	packet_set_interactive(int interactive, u_char qos[2])
1750	{	1751	{
1751	if (active_state->set_interactive_called)	1752	if (active_state->set_interactive_called)
1752	return;	1753	return;
Lines 1759-1765 packet_set_interactive(int interactive) Link Here
1759	if (!packet_connection_is_on_socket())	1760	if (!packet_connection_is_on_socket())
1760	return;	1761	return;
1761	set_nodelay(active_state->connection_in);	1762	set_nodelay(active_state->connection_in);
1762	packet_set_tos(interactive);	1763	packet_set_tos(interactive ? qos[1] : qos[0]);
1763	}	1764	}
1764		1765
1765	/* Returns true if the current connection is interactive. */	1766	/* Returns true if the current connection is interactive. */

Lines 31-37 u_int packet_get_encryption_key(u_char Link Here

(-)packet.h (-1 / +1 lines)
31	void packet_set_protocol_flags(u_int);	31	void packet_set_protocol_flags(u_int);
32	u_int packet_get_protocol_flags(void);	32	u_int packet_get_protocol_flags(void);
33	void packet_start_compression(int);	33	void packet_start_compression(int);
34	void packet_set_interactive(int);	34	void packet_set_interactive(int, u_char []);
35	int packet_is_interactive(void);	35	int packet_is_interactive(void);
36	void packet_set_server(void);	36	void packet_set_server(void);
37	void packet_set_authenticated(void);	37	void packet_set_authenticated(void);




	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
	oUseQoS,
	oDeprecated, oUnsupported
} OpCodes;



static struct {
	const char *name;
	int restricted;
	OpCodes opcode;
} keywords[] = {
	{ "forwardagent",		0, oForwardAgent },
	{ "forwardx11",			0, oForwardX11 },
	{ "forwardx11trusted",		0, oForwardX11Trusted },
	{ "exitonforwardfailure",	0, oExitOnForwardFailure },
	{ "xauthlocation",		0, oXAuthLocation },
	{ "gatewayports",		0, oGatewayPorts },
	{ "useprivilegedport",		0, oUsePrivilegedPort },
	{ "rhostsauthentication",	0, oDeprecated },
	{ "passwordauthentication",	0, oPasswordAuthentication },
	{ "kbdinteractiveauthentication", 0, oKbdInteractiveAuthentication },
	{ "kbdinteractivedevices",	0, oKbdInteractiveDevices },
	{ "rsaauthentication",		0, oRSAAuthentication },
	{ "pubkeyauthentication",	0, oPubkeyAuthentication },
	{ "dsaauthentication",		0, oPubkeyAuthentication },		    /* alias */
	{ "rhostsrsaauthentication",	0, oRhostsRSAAuthentication },
	{ "hostbasedauthentication",	0, oHostbasedAuthentication },
	{ "challengeresponseauthentication", 0, oChallengeResponseAuthentication },
	{ "skeyauthentication",		0, oChallengeResponseAuthentication }, /* alias */
	{ "tisauthentication",		0, oChallengeResponseAuthentication },  /* alias */
	{ "kerberosauthentication",	0, oUnsupported },
	{ "kerberostgtpassing",		0, oUnsupported },
	{ "afstokenpassing",		0, oUnsupported },
#if defined(GSSAPI)
	{ "gssapiauthentication",	0, oGssAuthentication },
	{ "gssapidelegatecredentials",	0, oGssDelegateCreds },
#else
	{ "gssapiauthentication",	0, oUnsupported },
	{ "gssapidelegatecredentials",	0, oUnsupported },
#endif
	{ "fallbacktorsh",		0, oDeprecated },
	{ "usersh",			0, oDeprecated },
	{ "identityfile",		0, oIdentityFile },
	{ "identityfile2",		0, oIdentityFile },			/* obsolete */
	{ "identitiesonly",		0, oIdentitiesOnly },
	{ "hostname",			0, oHostName },
	{ "hostkeyalias",		0, oHostKeyAlias },
	{ "proxycommand",		0, oProxyCommand },
	{ "port",			0, oPort },
	{ "cipher",			0, oCipher },
	{ "ciphers",			0, oCiphers },
	{ "macs",			0, oMacs },
	{ "protocol",			0, oProtocol },
	{ "remoteforward",		0, oRemoteForward },
	{ "localforward",		0, oLocalForward },
	{ "user",			0, oUser },
	{ "host",			0, oHost },
	{ "escapechar",			0, oEscapeChar },
	{ "globalknownhostsfile",	0, oGlobalKnownHostsFile },
	{ "globalknownhostsfile2",	0, oGlobalKnownHostsFile2 },	/* obsolete */
	{ "userknownhostsfile",		0, oUserKnownHostsFile },
	{ "userknownhostsfile2",	0, oUserKnownHostsFile2 },	/* obsolete */
	{ "connectionattempts",		0, oConnectionAttempts },
	{ "batchmode",			0, oBatchMode },
	{ "checkhostip",		0, oCheckHostIP },
	{ "stricthostkeychecking",	0, oStrictHostKeyChecking },
	{ "compression",		0, oCompression },
	{ "compressionlevel",		0, oCompressionLevel },
	{ "tcpkeepalive",		0, oTCPKeepAlive },
	{ "keepalive",			0, oTCPKeepAlive },				/* obsolete */
	{ "numberofpasswordprompts",	0, oNumberOfPasswordPrompts },
	{ "loglevel",			0, oLogLevel },
	{ "dynamicforward",		0, oDynamicForward },
	{ "preferredauthentications",	0, oPreferredAuthentications },
	{ "hostkeyalgorithms",		0, oHostKeyAlgorithms },
	{ "bindaddress",		0, oBindAddress },
#ifdef ENABLE_PKCS11
	{ "smartcarddevice",		0, oPKCS11Provider },
	{ "pkcs11provider",		0, oPKCS11Provider },
#else
	{ "smartcarddevice",		0, oUnsupported },
	{ "pkcs11provider",		0, oUnsupported },
#endif
	{ "clearallforwardings",	0, oClearAllForwardings },
	{ "enablesshkeysign",		0, oEnableSSHKeysign },
	{ "verifyhostkeydns",		0, oVerifyHostKeyDNS },
	{ "nohostauthenticationforlocalhost", 0, oNoHostAuthenticationForLocalhost },
	{ "rekeylimit",			0, oRekeyLimit },
	{ "connecttimeout",		0, oConnectTimeout },
	{ "addressfamily",		0, oAddressFamily },
	{ "serveraliveinterval",	0, oServerAliveInterval },
	{ "serveralivecountmax",	0, oServerAliveCountMax },
	{ "sendenv",			0, oSendEnv },
	{ "controlpath",		0, oControlPath },
	{ "controlmaster",		0, oControlMaster },
	{ "hashknownhosts",		0, oHashKnownHosts },
	{ "tunnel",			0, oTunnel },
	{ "tunneldevice",		0, oTunnelDevice },
	{ "localcommand",		0, oLocalCommand },
	{ "permitlocalcommand",		0, oPermitLocalCommand },
	{ "visualhostkey",		0, oVisualHostKey },
	{ "useroaming",			0, oUseRoaming },
	{ "useqos",			1, oUseQoS},
#ifdef JPAKE
	{ "zeroknowledgepasswordauthentication", 0,
	    oZeroKnowledgePasswordAuthentication },
#else
	{ "zeroknowledgepasswordauthentication", 0, oUnsupported },
#endif

	{ NULL,				0, oBadOption }
};

/*

 */

static OpCodes
parse_token(const char *cp, const char *filename, int linenum, int *restricted)
{
	u_int i;

	for (i = 0; keywords[i].name; i++)
		if (strcasecmp(cp, keywords[i].name) == 0) {
			*restricted= keywords[i].restricted;
			return keywords[i].opcode;
		}

	error("%s: line %d: Bad configuration option: %s",
	    filename, linenum, cp);
	return oBadOption;
}

struct {
	const char *name;
	int value;
} qos[] = {
	{ "cs0",	IPTOS_CLASS_CS0 },
	{ "cs1",	IPTOS_CLASS_CS1 },
	{ "cs2",	IPTOS_CLASS_CS2 },
	{ "cs3",	IPTOS_CLASS_CS3 },
	{ "cs4",	IPTOS_CLASS_CS4 },
	{ "cs5",	IPTOS_CLASS_CS5 },
	{ "cs6",	IPTOS_CLASS_CS6 },
	{ "cs7",	IPTOS_CLASS_CS7 },
	{ "af11",	IPTOS_DSCP_AF11 },
	{ "af12",	IPTOS_DSCP_AF12 },
	{ "af13",	IPTOS_DSCP_AF13 },
	{ "af21",	IPTOS_DSCP_AF21 },
	{ "af22",	IPTOS_DSCP_AF22 },
	{ "af23",	IPTOS_DSCP_AF23 },
	{ "af31",	IPTOS_DSCP_AF31 },
	{ "af32",	IPTOS_DSCP_AF32 },
	{ "af33",	IPTOS_DSCP_AF33 },
	{ "af41",	IPTOS_DSCP_AF41 },
	{ "af42",	IPTOS_DSCP_AF42 },
	{ "af43",	IPTOS_DSCP_AF43 },
	{ "ef",	  	IPTOS_DSCP_EF   },
	{ "lowdelay",	IPTOS_LOWDELAY  },
	{ "throughput",	IPTOS_THROUGHPUT },
	{ "reliability", IPTOS_RELIABILITY },
	{ "lowcost",	IPTOS_LOWCOST   },
	{ "mincost",	IPTOS_MINCOST   },
	{ NULL,		-1              },
};

static int parse_qos(const char *cp)
{
	u_int i;

	for (i = 0; qos[i].name; i++)
		if (strcasecmp(cp, qos[i].name) == 0)
			return qos[i].value;
	return -1;
}

/*
 * Processes a single option line as used in the configuration files. This
 * only sets those values that have not already been set.

int
process_config_line(Options *options, const char *host,
		    char *line, const char *filename, int linenum,
		    int *activep, int systemwide)
{
	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
	int opcode, *intptr, value, value2, scale, restricted;
	LogLevel *log_level_ptr;
	long long orig, val64;
	size_t len;

	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
		return 0;

	opcode = parse_token(keyword, filename, linenum, &restricted);

	if (restricted && !systemwide) {
		fatal("%s line %d: not permitted in user profile.", filename, linenum);
	}

	switch (opcode) {
	case oBadOption:

		intptr = &options->use_roaming;
		goto parse_flag;

	case oUseQoS:
		arg = strdelim(&s);
		if (arg == NULL || *arg == '\0')
			fatal("%.200s line %d: Missing non-interactive QoS argument.",
			    filename, linenum);

		arg2 = strdelim(&s);
		if (arg2 == NULL || *arg2 == '\0')
			fatal("%.200s line %d: Missing interactive QoS argument.",
			    filename, linenum);

		value = parse_qos(arg);
		value2 = parse_qos(arg2);
		if (value == -1 || value2 == -1)
			fatal("%.200s line %d: Bad QoS argument.",
			    filename, linenum);

		options->use_qos[0] = value;
		options->use_qos[1] = value2;
		break;

	case oDeprecated:
		debug("%s line %d: Deprecated option \"%s\"",
		    filename, linenum, keyword);


int
read_config_file(const char *filename, const char *host, Options *options,
    int checkperm, int systemwide)
{
	FILE *f;
	char line[1024];

	while (fgets(line, sizeof(line), f)) {
		/* Update line number counter. */
		linenum++;
		if (process_config_line(options, host, line, filename, linenum, &active, systemwide) != 0)
			bad_options++;
	}
	fclose(f);

	options->local_command = NULL;
	options->permit_local_command = -1;
	options->use_roaming = -1;
	options->use_qos[0] = -1;
	options->use_qos[1] = -1;
	options->visual_host_key = -1;
	options->zero_knowledge_password_authentication = -1;
}

	/* options->hostname will be set in the main program if appropriate */
	/* options->host_key_alias should not be set by default */
	/* options->preferred_authentications will be set in ssh */
	if (options->use_qos[0] == -1)
		options->use_qos[0] = IPTOS_THROUGHPUT;
	if (options->use_qos[1] == -1)
		options->use_qos[1] = IPTOS_LOWDELAY;
}

/*

Lines 125-130 typedef struct { Link Here

(-)readconf.h (-2 / +4 lines)
125		125
126	int use_roaming;	126	int use_roaming;
127		127
		128	u_char use_qos[2];
		129
128	} Options;	130	} Options;
129		131
130	#define SSHCTL_MASTER_NO 0	132	#define SSHCTL_MASTER_NO 0
Lines 135-145 typedef struct { Link Here
135		137
136	void initialize_options(Options *);	138	void initialize_options(Options *);
137	void fill_default_options(Options *);	139	void fill_default_options(Options *);
138	int read_config_file(const char , const char , Options *, int);	140	int read_config_file(const char , const char , Options *, int, int);
139	int parse_forward(Forward , const char , int, int);	141	int parse_forward(Forward , const char , int, int);
140		142
141	int	143	int
142	process_config_line(Options , const char , char , const char , int, int *);	144	process_config_line(Options , const char , char , const char , int, int *, int);
143		145
144	void add_local_forward(Options , const Forward );	146	void add_local_forward(Options , const Forward );
145	void add_remote_forward(Options , const Forward );	147	void add_remote_forward(Options , const Forward );

Lines 131-136 initialize_server_options(ServerOptions Link Here

(-)servconf.c (-3 / +74 lines)
131	options->zero_knowledge_password_authentication = -1;	131	options->zero_knowledge_password_authentication = -1;
132	options->revoked_keys_file = NULL;	132	options->revoked_keys_file = NULL;
133	options->trusted_user_ca_keys = NULL;	133	options->trusted_user_ca_keys = NULL;
		134	options->use_qos[0] = -1;
		135	options->use_qos[1] = -1;
134	}	136	}
135		137
136	void	138	void
Lines 265-270 fill_default_server_options(ServerOption Link Here
265	options->permit_tun = SSH_TUNMODE_NO;	267	options->permit_tun = SSH_TUNMODE_NO;
266	if (options->zero_knowledge_password_authentication == -1)	268	if (options->zero_knowledge_password_authentication == -1)
267	options->zero_knowledge_password_authentication = 0;	269	options->zero_knowledge_password_authentication = 0;
		270	if (options->use_qos[0] == -1)
		271	options->use_qos[0] = IPTOS_THROUGHPUT;
		272	if (options->use_qos[1] == -1)
		273	options->use_qos[1] = IPTOS_LOWDELAY;
268		274
269	/* Turn privilege separation on by default */	275	/* Turn privilege separation on by default */
270	if (use_privsep == -1)	276	if (use_privsep == -1)
Lines 310-316 typedef enum { Link Here
310	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,	316	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
311	sUsePrivilegeSeparation, sAllowAgentForwarding,	317	sUsePrivilegeSeparation, sAllowAgentForwarding,
312	sZeroKnowledgePasswordAuthentication, sHostCertificate,	318	sZeroKnowledgePasswordAuthentication, sHostCertificate,
313	sRevokedKeys, sTrustedUserCAKeys,	319	sRevokedKeys, sTrustedUserCAKeys, sUseQoS,
314	sDeprecated, sUnsupported	320	sDeprecated, sUnsupported
315	} ServerOpCodes;	321	} ServerOpCodes;
316		322
Lines 432-437 static struct { Link Here
432	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },	438	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
433	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },	439	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
434	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },	440	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
		441	{ "useqos", sUseQoS, SSHCFG_ALL },
435	{ NULL, sBadOption, 0 }	442	{ NULL, sBadOption, 0 }
436	};	443	};
437		444
Lines 467-472 parse_token(const char cp, const char Link Here
467	return sBadOption;	474	return sBadOption;
468	}	475	}
469		476
		477	struct {
		478	const char *name;
		479	int value;
		480	} qos[] = {
		481	{ "cs0", IPTOS_CLASS_CS0 },
		482	{ "cs1", IPTOS_CLASS_CS1 },
		483	{ "cs2", IPTOS_CLASS_CS2 },
		484	{ "cs3", IPTOS_CLASS_CS3 },
		485	{ "cs4", IPTOS_CLASS_CS4 },
		486	{ "cs5", IPTOS_CLASS_CS5 },
		487	{ "cs6", IPTOS_CLASS_CS6 },
		488	{ "cs7", IPTOS_CLASS_CS7 },
		489	{ "af11", IPTOS_DSCP_AF11 },
		490	{ "af12", IPTOS_DSCP_AF12 },
		491	{ "af13", IPTOS_DSCP_AF13 },
		492	{ "af21", IPTOS_DSCP_AF21 },
		493	{ "af22", IPTOS_DSCP_AF22 },
		494	{ "af23", IPTOS_DSCP_AF23 },
		495	{ "af31", IPTOS_DSCP_AF31 },
		496	{ "af32", IPTOS_DSCP_AF32 },
		497	{ "af33", IPTOS_DSCP_AF33 },
		498	{ "af41", IPTOS_DSCP_AF41 },
		499	{ "af42", IPTOS_DSCP_AF42 },
		500	{ "af43", IPTOS_DSCP_AF43 },
		501	{ "ef", IPTOS_DSCP_EF },
		502	{ "lowdelay", IPTOS_LOWDELAY },
		503	{ "throughput", IPTOS_THROUGHPUT },
		504	{ "reliability", IPTOS_RELIABILITY },
		505	{ "lowcost", IPTOS_LOWCOST },
		506	{ "mincost", IPTOS_MINCOST },
		507	{ NULL, -1 },
		508	};
		509
		510	static int parse_qos(const char *cp)
		511	{
		512	u_int i;
		513
		514	for (i = 0; qos[i].name; i++)
		515	if (strcasecmp(cp, qos[i].name) == 0)
		516	return qos[i].value;
		517	return -1;
		518	}
		519
470	char *	520	char *
471	derelativise_path(const char *path)	521	derelativise_path(const char *path)
472	{	522	{
Lines 661-668 process_server_config_line(ServerOptions Link Here
661	const char filename, int linenum, int activep, const char *user,	711	const char filename, int linenum, int activep, const char *user,
662	const char host, const char address)	712	const char host, const char address)
663	{	713	{
664	char cp, charptr, arg, *p;	714	char cp, charptr, arg, arg2, p;
665	int cmdline = 0, *intptr, value, n;	715	int cmdline = 0, *intptr, value, value2, n;
666	SyslogFacility *log_facility_ptr;	716	SyslogFacility *log_facility_ptr;
667	LogLevel *log_level_ptr;	717	LogLevel *log_level_ptr;
668	ServerOpCodes opcode;	718	ServerOpCodes opcode;
Lines 1335-1340 process_server_config_line(ServerOptions Link Here
1335	case sRevokedKeys:	1385	case sRevokedKeys:
1336	charptr = &options->revoked_keys_file;	1386	charptr = &options->revoked_keys_file;
1337	goto parse_filename;	1387	goto parse_filename;
		1388
		1389	case sUseQoS:
		1390	arg = strdelim(&cp);
		1391	if (arg == NULL \|\| *arg == '\0')
		1392	fatal("%.200s line %d: Missing non-interactive QoS argument.",
		1393	filename, linenum);
		1394
		1395	arg2 = strdelim(&cp);
		1396	if (arg2 == NULL \|\| *arg2 == '\0')
		1397	fatal("%.200s line %d: Missing interactive QoS argument.",
		1398	filename, linenum);
		1399
		1400	value = parse_qos(arg);
		1401	value2 = parse_qos(arg2);
		1402	if (value == -1 \|\| value2 == -1)
		1403	fatal("%.200s line %d: Bad QoS argument.",
		1404	filename, linenum);
		1405
		1406	options->use_qos[0] = value;
		1407	options->use_qos[1] = value2;
		1408	break;
1338		1409
1339	case sDeprecated:	1410	case sDeprecated:
1340	logit("%s line %d: Deprecated option %s",	1411	logit("%s line %d: Deprecated option %s",

Lines 156-161 typedef struct { Link Here

(-)servconf.h (+2 lines)
156	char *chroot_directory;	156	char *chroot_directory;
157	char *revoked_keys_file;	157	char *revoked_keys_file;
158	char *trusted_user_ca_keys;	158	char *trusted_user_ca_keys;
		159
		160	u_char use_qos[2];
159	} ServerOptions;	161	} ServerOptions;
160		162
161	void initialize_server_options(ServerOptions *);	163	void initialize_server_options(ServerOptions *);

Lines 579-585 do_exec_no_pty(Session s, const char c Link Here

(-)session.c (-2 / +2 lines)
579		579
580	s->pid = pid;	580	s->pid = pid;
581	/* Set interactive/non-interactive mode. */	581	/* Set interactive/non-interactive mode. */
582	packet_set_interactive(s->display != NULL);	582	packet_set_interactive(s->display != NULL, options.use_qos);
583		583
584	/*	584	/*
585	* Clear loginmsg, since it's the child's responsibility to display	585	* Clear loginmsg, since it's the child's responsibility to display
Lines 738-744 do_exec_pty(Session s, const char comm Link Here
738		738
739	/* Enter interactive session. */	739	/* Enter interactive session. */
740	s->ptymaster = ptymaster;	740	s->ptymaster = ptymaster;
741	packet_set_interactive(1);	741	packet_set_interactive(1, options.use_qos);
742	if (compat20) {	742	if (compat20) {
743	session_set_fds(s, ptyfd, fdout, -1, 1);	743	session_set_fds(s, ptyfd, fdout, -1, 1);
744	} else {	744	} else {

Lines 185-191 main(int argc, char **argv) Link Here

(-)ssh-keysign.c (-1 / +1 lines)
185		185
186	/* verify that ssh-keysign is enabled by the admin */	186	/* verify that ssh-keysign is enabled by the admin */
187	initialize_options(&options);	187	initialize_options(&options);
188	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);	188	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0, 1);
189	fill_default_options(&options);	189	fill_default_options(&options);
190	if (options.enable_ssh_keysign != 1)	190	if (options.enable_ssh_keysign != 1)
191	fatal("ssh-keysign not enabled in %s",	191	fatal("ssh-keysign not enabled in %s",




			dummy = 1;
			line = xstrdup(optarg);
			if (process_config_line(&options, host ? host : "",
			    line, "command-line", 0, &dummy, 0) != 0)
				exit(255);
			xfree(line);
			break;

	 * file if the user specifies a config file on the command line.
	 */
	if (config != NULL) {
		if (!read_config_file(config, host, &options, 0, 0))
			fatal("Can't open user config file %.100s: "
			    "%.100s", config, strerror(errno));
	} else {
		r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
		    _PATH_SSH_USER_CONFFILE);
		if (r > 0 && (size_t)r < sizeof(buf))
			(void)read_config_file(buf, host, &options, 1, 0);

		/* Read systemwide configuration file after use config. */
		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
		    &options, 0, 1);
	}

	/* Fill configuration defaults. */

		}
	}
	/* Tell the packet module whether this is an interactive session. */
	packet_set_interactive(interactive, options.use_qos);

	/* Request authentication agent forwarding if appropriate. */
	check_agent_present();

	client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
	    NULL, fileno(stdin), &command, environ);

	packet_set_interactive(interactive, options.use_qos);
}

/* open new channel for a session */

Lines 45-47 Link Here

(-)ssh_config (+1 lines)
45	# PermitLocalCommand no	45	# PermitLocalCommand no
46	# VisualHostKey no	46	# VisualHostKey no
47	# ProxyCommand ssh -q -W %h:%p gateway.example.com	47	# ProxyCommand ssh -q -W %h:%p gateway.example.com
		48	# UseQoS throughput lowdelay

Lines 107-112 Link Here

(-)sshd_config (+3 lines)
107	# no default banner path	107	# no default banner path
108	#Banner none	108	#Banner none
109		109
		110	# traditional ToS (deprecated: consider using af12 and cs2)
		111	#UseQoS throughput lowdelay
		112
110	# override default of no subsystems	113	# override default of no subsystems
111	Subsystem sftp /usr/libexec/sftp-server	114	Subsystem sftp /usr/libexec/sftp-server
112		115

Return to bug 1733

Lines 533-539 main(int ac, char **av) Link Here

(-)ssh.c (-6 / +6 lines)
533	dummy = 1;	533	dummy = 1;
534	line = xstrdup(optarg);	534	line = xstrdup(optarg);
535	if (process_config_line(&options, host ? host : "",	535	if (process_config_line(&options, host ? host : "",
536	line, "command-line", 0, &dummy) != 0)	536	line, "command-line", 0, &dummy, 0) != 0)
537	exit(255);	537	exit(255);
538	xfree(line);	538	xfree(line);
539	break;	539	break;
Lines 643-660 main(int ac, char **av) Link Here
643	* file if the user specifies a config file on the command line.	643	* file if the user specifies a config file on the command line.
644	*/	644	*/
645	if (config != NULL) {	645	if (config != NULL) {
646	if (!read_config_file(config, host, &options, 0))	646	if (!read_config_file(config, host, &options, 0, 0))
647	fatal("Can't open user config file %.100s: "	647	fatal("Can't open user config file %.100s: "
648	"%.100s", config, strerror(errno));	648	"%.100s", config, strerror(errno));
649	} else {	649	} else {
650	r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,	650	r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
651	_PATH_SSH_USER_CONFFILE);	651	_PATH_SSH_USER_CONFFILE);
652	if (r > 0 && (size_t)r < sizeof(buf))	652	if (r > 0 && (size_t)r < sizeof(buf))
653	(void)read_config_file(buf, host, &options, 1);	653	(void)read_config_file(buf, host, &options, 1, 0);
654		654
655	/* Read systemwide configuration file after use config. */	655	/* Read systemwide configuration file after use config. */
656	(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,	656	(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
657	&options, 0);	657	&options, 0, 1);
658	}	658	}
659		659
660	/* Fill configuration defaults. */	660	/* Fill configuration defaults. */
Lines 1111-1117 ssh_session(void) Link Here
1111	}	1111	}
1112	}	1112	}
1113	/* Tell the packet module whether this is an interactive session. */	1113	/* Tell the packet module whether this is an interactive session. */
1114	packet_set_interactive(interactive);	1114	packet_set_interactive(interactive, options.use_qos);
1115		1115
1116	/* Request authentication agent forwarding if appropriate. */	1116	/* Request authentication agent forwarding if appropriate. */
1117	check_agent_present();	1117	check_agent_present();
Lines 1205-1211 ssh_session2_setup(int id, void *arg) Link Here
1205	client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),	1205	client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
1206	NULL, fileno(stdin), &command, environ);	1206	NULL, fileno(stdin), &command, environ);
1207		1207
1208	packet_set_interactive(interactive);	1208	packet_set_interactive(interactive, options.use_qos);
1209	}	1209	}
1210		1210
1211	/* open new channel for a session */	1211	/* open new channel for a session */

Lines 50-55 enum Link Here

(-)defines.h (+29 lines)
50	# define IPTOS_MINCOST IPTOS_LOWCOST	50	# define IPTOS_MINCOST IPTOS_LOWCOST
51	#endif /* IPTOS_LOWDELAY */	51	#endif /* IPTOS_LOWDELAY */
52		52
		53	/* in glibc 2.12 */
		54	#ifndef IPTOS_CLASS_CS0
		55	#define IPTOS_CLASS_CS0 0x00
		56	#define IPTOS_CLASS_CS1 0x20
		57	#define IPTOS_CLASS_CS2 0x40
		58	#define IPTOS_CLASS_CS3 0x60
		59	#define IPTOS_CLASS_CS4 0x80
		60	#define IPTOS_CLASS_CS5 0xa0
		61	#define IPTOS_CLASS_CS6 0xc0
		62	#define IPTOS_CLASS_CS7 0xe0
		63	#endif
		64
		65	/* in glibc 2.11 */
		66	#ifndef IPTOS_DSCP_AF11
		67	#define IPTOS_DSCP_AF11 0x28
		68	#define IPTOS_DSCP_AF12 0x30
		69	#define IPTOS_DSCP_AF13 0x38
		70	#define IPTOS_DSCP_AF21 0x48
		71	#define IPTOS_DSCP_AF22 0x50
		72	#define IPTOS_DSCP_AF23 0x58
		73	#define IPTOS_DSCP_AF31 0x68
		74	#define IPTOS_DSCP_AF32 0x70
		75	#define IPTOS_DSCP_AF33 0x78
		76	#define IPTOS_DSCP_AF41 0x88
		77	#define IPTOS_DSCP_AF42 0x90
		78	#define IPTOS_DSCP_AF43 0x98
		79	#define IPTOS_DSCP_EF 0xb8
		80	#endif
		81
53	#ifndef MAXPATHLEN	82	#ifndef MAXPATHLEN
54	# ifdef PATH_MAX	83	# ifdef PATH_MAX
55	# define MAXPATHLEN PATH_MAX	84	# define MAXPATHLEN PATH_MAX

Lines 131-136 typedef enum { Link Here

(-)readconf.c (-95 / +174 lines)
131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,	131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,	132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
133	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,	133	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
		134	oUseQoS,
134	oDeprecated, oUnsupported	135	oDeprecated, oUnsupported
135	} OpCodes;	136	} OpCodes;
136		137
Lines 138-244 typedef enum { Link Here
138		139
139	static struct {	140	static struct {
140	const char *name;	141	const char *name;
		142	int restricted;
141	OpCodes opcode;	143	OpCodes opcode;
142	} keywords[] = {	144	} keywords[] = {
143	{ "forwardagent", oForwardAgent },	145	{ "forwardagent", 0, oForwardAgent },
144	{ "forwardx11", oForwardX11 },	146	{ "forwardx11", 0, oForwardX11 },
145	{ "forwardx11trusted", oForwardX11Trusted },	147	{ "forwardx11trusted", 0, oForwardX11Trusted },
146	{ "exitonforwardfailure", oExitOnForwardFailure },	148	{ "exitonforwardfailure", 0, oExitOnForwardFailure },
147	{ "xauthlocation", oXAuthLocation },	149	{ "xauthlocation", 0, oXAuthLocation },
148	{ "gatewayports", oGatewayPorts },	150	{ "gatewayports", 0, oGatewayPorts },
149	{ "useprivilegedport", oUsePrivilegedPort },	151	{ "useprivilegedport", 0, oUsePrivilegedPort },
150	{ "rhostsauthentication", oDeprecated },	152	{ "rhostsauthentication", 0, oDeprecated },
151	{ "passwordauthentication", oPasswordAuthentication },	153	{ "passwordauthentication", 0, oPasswordAuthentication },
152	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },	154	{ "kbdinteractiveauthentication", 0, oKbdInteractiveAuthentication },
153	{ "kbdinteractivedevices", oKbdInteractiveDevices },	155	{ "kbdinteractivedevices", 0, oKbdInteractiveDevices },
154	{ "rsaauthentication", oRSAAuthentication },	156	{ "rsaauthentication", 0, oRSAAuthentication },
155	{ "pubkeyauthentication", oPubkeyAuthentication },	157	{ "pubkeyauthentication", 0, oPubkeyAuthentication },
156	{ "dsaauthentication", oPubkeyAuthentication }, /* alias */	158	{ "dsaauthentication", 0, oPubkeyAuthentication }, /* alias */
157	{ "rhostsrsaauthentication", oRhostsRSAAuthentication },	159	{ "rhostsrsaauthentication", 0, oRhostsRSAAuthentication },
158	{ "hostbasedauthentication", oHostbasedAuthentication },	160	{ "hostbasedauthentication", 0, oHostbasedAuthentication },
159	{ "challengeresponseauthentication", oChallengeResponseAuthentication },	161	{ "challengeresponseauthentication", 0, oChallengeResponseAuthentication },
160	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */	162	{ "skeyauthentication", 0, oChallengeResponseAuthentication }, /* alias */
161	{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */	163	{ "tisauthentication", 0, oChallengeResponseAuthentication }, /* alias */
162	{ "kerberosauthentication", oUnsupported },	164	{ "kerberosauthentication", 0, oUnsupported },
163	{ "kerberostgtpassing", oUnsupported },	165	{ "kerberostgtpassing", 0, oUnsupported },
164	{ "afstokenpassing", oUnsupported },	166	{ "afstokenpassing", 0, oUnsupported },
165	#if defined(GSSAPI)	167	#if defined(GSSAPI)
166	{ "gssapiauthentication", oGssAuthentication },	168	{ "gssapiauthentication", 0, oGssAuthentication },
167	{ "gssapidelegatecredentials", oGssDelegateCreds },	169	{ "gssapidelegatecredentials", 0, oGssDelegateCreds },
168	#else	170	#else
169	{ "gssapiauthentication", oUnsupported },	171	{ "gssapiauthentication", 0, oUnsupported },
170	{ "gssapidelegatecredentials", oUnsupported },	172	{ "gssapidelegatecredentials", 0, oUnsupported },
171	#endif	173	#endif
172	{ "fallbacktorsh", oDeprecated },	174	{ "fallbacktorsh", 0, oDeprecated },
173	{ "usersh", oDeprecated },	175	{ "usersh", 0, oDeprecated },
174	{ "identityfile", oIdentityFile },	176	{ "identityfile", 0, oIdentityFile },
175	{ "identityfile2", oIdentityFile }, /* obsolete */	177	{ "identityfile2", 0, oIdentityFile }, /* obsolete */
176	{ "identitiesonly", oIdentitiesOnly },	178	{ "identitiesonly", 0, oIdentitiesOnly },
177	{ "hostname", oHostName },	179	{ "hostname", 0, oHostName },
178	{ "hostkeyalias", oHostKeyAlias },	180	{ "hostkeyalias", 0, oHostKeyAlias },
179	{ "proxycommand", oProxyCommand },	181	{ "proxycommand", 0, oProxyCommand },
180	{ "port", oPort },	182	{ "port", 0, oPort },
181	{ "cipher", oCipher },	183	{ "cipher", 0, oCipher },
182	{ "ciphers", oCiphers },	184	{ "ciphers", 0, oCiphers },
183	{ "macs", oMacs },	185	{ "macs", 0, oMacs },
184	{ "protocol", oProtocol },	186	{ "protocol", 0, oProtocol },
185	{ "remoteforward", oRemoteForward },	187	{ "remoteforward", 0, oRemoteForward },
186	{ "localforward", oLocalForward },	188	{ "localforward", 0, oLocalForward },
187	{ "user", oUser },	189	{ "user", 0, oUser },
188	{ "host", oHost },	190	{ "host", 0, oHost },
189	{ "escapechar", oEscapeChar },	191	{ "escapechar", 0, oEscapeChar },
190	{ "globalknownhostsfile", oGlobalKnownHostsFile },	192	{ "globalknownhostsfile", 0, oGlobalKnownHostsFile },
191	{ "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */	193	{ "globalknownhostsfile2", 0, oGlobalKnownHostsFile2 }, /* obsolete */
192	{ "userknownhostsfile", oUserKnownHostsFile },	194	{ "userknownhostsfile", 0, oUserKnownHostsFile },
193	{ "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */	195	{ "userknownhostsfile2", 0, oUserKnownHostsFile2 }, /* obsolete */
194	{ "connectionattempts", oConnectionAttempts },	196	{ "connectionattempts", 0, oConnectionAttempts },
195	{ "batchmode", oBatchMode },	197	{ "batchmode", 0, oBatchMode },
196	{ "checkhostip", oCheckHostIP },	198	{ "checkhostip", 0, oCheckHostIP },
197	{ "stricthostkeychecking", oStrictHostKeyChecking },	199	{ "stricthostkeychecking", 0, oStrictHostKeyChecking },
198	{ "compression", oCompression },	200	{ "compression", 0, oCompression },
199	{ "compressionlevel", oCompressionLevel },	201	{ "compressionlevel", 0, oCompressionLevel },
200	{ "tcpkeepalive", oTCPKeepAlive },	202	{ "tcpkeepalive", 0, oTCPKeepAlive },
201	{ "keepalive", oTCPKeepAlive }, /* obsolete */	203	{ "keepalive", 0, oTCPKeepAlive }, /* obsolete */
202	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },	204	{ "numberofpasswordprompts", 0, oNumberOfPasswordPrompts },
203	{ "loglevel", oLogLevel },	205	{ "loglevel", 0, oLogLevel },
204	{ "dynamicforward", oDynamicForward },	206	{ "dynamicforward", 0, oDynamicForward },
205	{ "preferredauthentications", oPreferredAuthentications },	207	{ "preferredauthentications", 0, oPreferredAuthentications },
206	{ "hostkeyalgorithms", oHostKeyAlgorithms },	208	{ "hostkeyalgorithms", 0, oHostKeyAlgorithms },
207	{ "bindaddress", oBindAddress },	209	{ "bindaddress", 0, oBindAddress },
208	#ifdef ENABLE_PKCS11	210	#ifdef ENABLE_PKCS11
209	{ "smartcarddevice", oPKCS11Provider },	211	{ "smartcarddevice", 0, oPKCS11Provider },
210	{ "pkcs11provider", oPKCS11Provider },	212	{ "pkcs11provider", 0, oPKCS11Provider },
211	#else	213	#else
212	{ "smartcarddevice", oUnsupported },	214	{ "smartcarddevice", 0, oUnsupported },
213	{ "pkcs11provider", oUnsupported },	215	{ "pkcs11provider", 0, oUnsupported },
214	#endif	216	#endif
215	{ "clearallforwardings", oClearAllForwardings },	217	{ "clearallforwardings", 0, oClearAllForwardings },
216	{ "enablesshkeysign", oEnableSSHKeysign },	218	{ "enablesshkeysign", 0, oEnableSSHKeysign },
217	{ "verifyhostkeydns", oVerifyHostKeyDNS },	219	{ "verifyhostkeydns", 0, oVerifyHostKeyDNS },
218	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },	220	{ "nohostauthenticationforlocalhost", 0, oNoHostAuthenticationForLocalhost },
219	{ "rekeylimit", oRekeyLimit },	221	{ "rekeylimit", 0, oRekeyLimit },
220	{ "connecttimeout", oConnectTimeout },	222	{ "connecttimeout", 0, oConnectTimeout },
221	{ "addressfamily", oAddressFamily },	223	{ "addressfamily", 0, oAddressFamily },
222	{ "serveraliveinterval", oServerAliveInterval },	224	{ "serveraliveinterval", 0, oServerAliveInterval },
223	{ "serveralivecountmax", oServerAliveCountMax },	225	{ "serveralivecountmax", 0, oServerAliveCountMax },
224	{ "sendenv", oSendEnv },	226	{ "sendenv", 0, oSendEnv },
225	{ "controlpath", oControlPath },	227	{ "controlpath", 0, oControlPath },
226	{ "controlmaster", oControlMaster },	228	{ "controlmaster", 0, oControlMaster },
227	{ "hashknownhosts", oHashKnownHosts },	229	{ "hashknownhosts", 0, oHashKnownHosts },
228	{ "tunnel", oTunnel },	230	{ "tunnel", 0, oTunnel },
229	{ "tunneldevice", oTunnelDevice },	231	{ "tunneldevice", 0, oTunnelDevice },
230	{ "localcommand", oLocalCommand },	232	{ "localcommand", 0, oLocalCommand },
231	{ "permitlocalcommand", oPermitLocalCommand },	233	{ "permitlocalcommand", 0, oPermitLocalCommand },
232	{ "visualhostkey", oVisualHostKey },	234	{ "visualhostkey", 0, oVisualHostKey },
233	{ "useroaming", oUseRoaming },	235	{ "useroaming", 0, oUseRoaming },
		236	{ "useqos", 1, oUseQoS},
234	#ifdef JPAKE	237	#ifdef JPAKE
235	{ "zeroknowledgepasswordauthentication",	238	{ "zeroknowledgepasswordauthentication", 0,
236	oZeroKnowledgePasswordAuthentication },	239	oZeroKnowledgePasswordAuthentication },
237	#else	240	#else
238	{ "zeroknowledgepasswordauthentication", oUnsupported },	241	{ "zeroknowledgepasswordauthentication", 0, oUnsupported },
239	#endif	242	#endif
240		243
241	{ NULL, oBadOption }	244	{ NULL, 0, oBadOption }
242	};	245	};
243		246
244	/*	247	/*
Lines 310-328 clear_forwardings(Options *options) Link Here
310	*/	313	*/
311		314
312	static OpCodes	315	static OpCodes
313	parse_token(const char cp, const char filename, int linenum)	316	parse_token(const char cp, const char filename, int linenum, int *restricted)
314	{	317	{
315	u_int i;	318	u_int i;
316		319
317	for (i = 0; keywords[i].name; i++)	320	for (i = 0; keywords[i].name; i++)
318	if (strcasecmp(cp, keywords[i].name) == 0)	321	if (strcasecmp(cp, keywords[i].name) == 0) {
		322	*restricted= keywords[i].restricted;
319	return keywords[i].opcode;	323	return keywords[i].opcode;
		324	}
320		325
321	error("%s: line %d: Bad configuration option: %s",	326	error("%s: line %d: Bad configuration option: %s",
322	filename, linenum, cp);	327	filename, linenum, cp);
323	return oBadOption;	328	return oBadOption;
324	}	329	}
325		330
		331	struct {
		332	const char *name;
		333	int value;
		334	} qos[] = {
		335	{ "cs0", IPTOS_CLASS_CS0 },
		336	{ "cs1", IPTOS_CLASS_CS1 },
		337	{ "cs2", IPTOS_CLASS_CS2 },
		338	{ "cs3", IPTOS_CLASS_CS3 },
		339	{ "cs4", IPTOS_CLASS_CS4 },
		340	{ "cs5", IPTOS_CLASS_CS5 },
		341	{ "cs6", IPTOS_CLASS_CS6 },
		342	{ "cs7", IPTOS_CLASS_CS7 },
		343	{ "af11", IPTOS_DSCP_AF11 },
		344	{ "af12", IPTOS_DSCP_AF12 },
		345	{ "af13", IPTOS_DSCP_AF13 },
		346	{ "af21", IPTOS_DSCP_AF21 },
		347	{ "af22", IPTOS_DSCP_AF22 },
		348	{ "af23", IPTOS_DSCP_AF23 },
		349	{ "af31", IPTOS_DSCP_AF31 },
		350	{ "af32", IPTOS_DSCP_AF32 },
		351	{ "af33", IPTOS_DSCP_AF33 },
		352	{ "af41", IPTOS_DSCP_AF41 },
		353	{ "af42", IPTOS_DSCP_AF42 },
		354	{ "af43", IPTOS_DSCP_AF43 },
		355	{ "ef", IPTOS_DSCP_EF },
		356	{ "lowdelay", IPTOS_LOWDELAY },
		357	{ "throughput", IPTOS_THROUGHPUT },
		358	{ "reliability", IPTOS_RELIABILITY },
		359	{ "lowcost", IPTOS_LOWCOST },
		360	{ "mincost", IPTOS_MINCOST },
		361	{ NULL, -1 },
		362	};
		363
		364	static int parse_qos(const char *cp)
		365	{
		366	u_int i;
		367
		368	for (i = 0; qos[i].name; i++)
		369	if (strcasecmp(cp, qos[i].name) == 0)
		370	return qos[i].value;
		371	return -1;
		372	}
		373
326	/*	374	/*
327	* Processes a single option line as used in the configuration files. This	375	* Processes a single option line as used in the configuration files. This
328	* only sets those values that have not already been set.	376	* only sets those values that have not already been set.
Lines 332-341 parse_token(const char cp, const char Link Here
332	int	380	int
333	process_config_line(Options options, const char host,	381	process_config_line(Options options, const char host,
334	char line, const char filename, int linenum,	382	char line, const char filename, int linenum,
335	int *activep)	383	int *activep, int systemwide)
336	{	384	{
337	char s, charptr, endofnumber, keyword, arg, *arg2, fwdarg[256];	385	char s, charptr, endofnumber, keyword, arg, *arg2, fwdarg[256];
338	int opcode, *intptr, value, value2, scale;	386	int opcode, *intptr, value, value2, scale, restricted;
339	LogLevel *log_level_ptr;	387	LogLevel *log_level_ptr;
340	long long orig, val64;	388	long long orig, val64;
341	size_t len;	389	size_t len;
Lines 358-364 process_config_line(Options *options, co Link Here
358	if (keyword == NULL \|\| !keyword \|\| keyword == '\n' \|\| *keyword == '#')	406	if (keyword == NULL \|\| !keyword \|\| keyword == '\n' \|\| *keyword == '#')
359	return 0;	407	return 0;
360		408
361	opcode = parse_token(keyword, filename, linenum);	409	opcode = parse_token(keyword, filename, linenum, &restricted);
		410
		411	if (restricted && !systemwide) {
		412	fatal("%s line %d: not permitted in user profile.", filename, linenum);
		413	}
362		414
363	switch (opcode) {	415	switch (opcode) {
364	case oBadOption:	416	case oBadOption:
Lines 921-926 parse_int: Link Here
921	intptr = &options->use_roaming;	973	intptr = &options->use_roaming;
922	goto parse_flag;	974	goto parse_flag;
923		975
		976	case oUseQoS:
		977	arg = strdelim(&s);
		978	if (arg == NULL \|\| *arg == '\0')
		979	fatal("%.200s line %d: Missing non-interactive QoS argument.",
		980	filename, linenum);
		981
		982	arg2 = strdelim(&s);
		983	if (arg2 == NULL \|\| *arg2 == '\0')
		984	fatal("%.200s line %d: Missing interactive QoS argument.",
		985	filename, linenum);
		986
		987	value = parse_qos(arg);
		988	value2 = parse_qos(arg2);
		989	if (value == -1 \|\| value2 == -1)
		990	fatal("%.200s line %d: Bad QoS argument.",
		991	filename, linenum);
		992
		993	options->use_qos[0] = value;
		994	options->use_qos[1] = value2;
		995	break;
		996
924	case oDeprecated:	997	case oDeprecated:
925	debug("%s line %d: Deprecated option \"%s\"",	998	debug("%s line %d: Deprecated option \"%s\"",
926	filename, linenum, keyword);	999	filename, linenum, keyword);
Lines 952-958 parse_int: Link Here
952		1025
953	int	1026	int
954	read_config_file(const char filename, const char host, Options *options,	1027	read_config_file(const char filename, const char host, Options *options,
955	int checkperm)	1028	int checkperm, int systemwide)
956	{	1029	{
957	FILE *f;	1030	FILE *f;
958	char line[1024];	1031	char line[1024];
Lines 983-989 read_config_file(const char *filename, c Link Here
983	while (fgets(line, sizeof(line), f)) {	1056	while (fgets(line, sizeof(line), f)) {
984	/* Update line number counter. */	1057	/* Update line number counter. */
985	linenum++;	1058	linenum++;
986	if (process_config_line(options, host, line, filename, linenum, &active) != 0)	1059	if (process_config_line(options, host, line, filename, linenum, &active, systemwide) != 0)
987	bad_options++;	1060	bad_options++;
988	}	1061	}
989	fclose(f);	1062	fclose(f);
Lines 1071-1076 initialize_options(Options * options) Link Here
1071	options->local_command = NULL;	1144	options->local_command = NULL;
1072	options->permit_local_command = -1;	1145	options->permit_local_command = -1;
1073	options->use_roaming = -1;	1146	options->use_roaming = -1;
		1147	options->use_qos[0] = -1;
		1148	options->use_qos[1] = -1;
1074	options->visual_host_key = -1;	1149	options->visual_host_key = -1;
1075	options->zero_knowledge_password_authentication = -1;	1150	options->zero_knowledge_password_authentication = -1;
1076	}	1151	}
Lines 1219-1224 fill_default_options(Options * options) Link Here
1219	/* options->hostname will be set in the main program if appropriate */	1294	/* options->hostname will be set in the main program if appropriate */
1220	/* options->host_key_alias should not be set by default */	1295	/* options->host_key_alias should not be set by default */
1221	/* options->preferred_authentications will be set in ssh */	1296	/* options->preferred_authentications will be set in ssh */
		1297	if (options->use_qos[0] == -1)
		1298	options->use_qos[0] = IPTOS_THROUGHPUT;
		1299	if (options->use_qos[1] == -1)
		1300	options->use_qos[1] = IPTOS_LOWDELAY;
1222	}	1301	}
1223		1302
1224	/*	1303	/*