1/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Functions for reading the configuration files.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
16__RCSID("$FreeBSD: head/crypto/openssh/readconf.c 221420 2011-05-04 07:34:44Z des $");
17
18#include <sys/types.h>
19#include <sys/stat.h>
20#include <sys/socket.h>
21#include <sys/sysctl.h>
22
23#include <netinet/in.h>
24#include <netinet/in_systm.h>
25#include <netinet/ip.h>
26
27#include <ctype.h>
28#include <errno.h>
29#include <netdb.h>
30#include <signal.h>
31#include <stdarg.h>
32#include <stdio.h>
33#include <string.h>
--- 98 unchanged lines hidden (view full) ---
132 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
134 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
135 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
136 oSendEnv, oControlPath, oControlMaster, oControlPersist,
137 oHashKnownHosts,
138 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
139 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
140 oKexAlgorithms, oIPQoS,
141 oVersionAddendum,
142 oDeprecated, oUnsupported
143} OpCodes;
144
145/* Textual representations of the tokens. */
146
147static struct {
148 const char *name;
--- 93 unchanged lines hidden (view full) ---
242 { "visualhostkey", oVisualHostKey },
243 { "useroaming", oUseRoaming },
244#ifdef JPAKE
245 { "zeroknowledgepasswordauthentication",
246 oZeroKnowledgePasswordAuthentication },
247#else
248 { "zeroknowledgepasswordauthentication", oUnsupported },
249#endif
250 { "kexalgorithms", oKexAlgorithms },
251 { "ipqos", oIPQoS },
252
253 { "versionaddendum", oVersionAddendum },
254 { NULL, oBadOption }
255};
256
257/*
258 * Adds a local TCP/IP port forward to options. Never returns if there is an
259 * error.
--- 456 unchanged lines hidden (view full) ---
716 fatal("%.200s line %d: Missing argument.", filename, linenum);
717 if (!mac_valid(arg))
718 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
719 filename, linenum, arg ? arg : "<NONE>");
720 if (*activep && options->macs == NULL)
721 options->macs = xstrdup(arg);
722 break;
723
724 case oKexAlgorithms:
725 arg = strdelim(&s);
726 if (!arg || *arg == '\0')
727 fatal("%.200s line %d: Missing argument.",
728 filename, linenum);
729 if (!kex_names_valid(arg))
730 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
731 filename, linenum, arg ? arg : "<NONE>");
732 if (*activep && options->kex_algorithms == NULL)
733 options->kex_algorithms = xstrdup(arg);
734 break;
735
736 case oHostKeyAlgorithms:
737 arg = strdelim(&s);
738 if (!arg || *arg == '\0')
739 fatal("%.200s line %d: Missing argument.", filename, linenum);
740 if (!key_names_valid2(arg))
741 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
742 filename, linenum, arg ? arg : "<NONE>");
743 if (*activep && options->hostkeyalgorithms == NULL)
--- 244 unchanged lines hidden (view full) ---
988 case oPermitLocalCommand:
989 intptr = &options->permit_local_command;
990 goto parse_flag;
991
992 case oVisualHostKey:
993 intptr = &options->visual_host_key;
994 goto parse_flag;
995
996 case oIPQoS:
997 arg = strdelim(&s);
998 if ((value = parse_ipqos(arg)) == -1)
999 fatal("%s line %d: Bad IPQoS value: %s",
1000 filename, linenum, arg);
1001 arg = strdelim(&s);
1002 if (arg == NULL)
1003 value2 = value;
1004 else if ((value2 = parse_ipqos(arg)) == -1)
1005 fatal("%s line %d: Bad IPQoS value: %s",
1006 filename, linenum, arg);
1007 if (*activep) {
1008 options->ip_qos_interactive = value;
1009 options->ip_qos_bulk = value2;
1010 }
1011 break;
1012
1013 case oUseRoaming:
1014 intptr = &options->use_roaming;
1015 goto parse_flag;
1016
1017 case oVersionAddendum:
1018 ssh_version_set_addendum(strtok(s, "\n"));
1019 do {
1020 arg = strdelim(&s);
--- 110 unchanged lines hidden (view full) ---
1131 options->port = -1;
1132 options->address_family = -1;
1133 options->connection_attempts = -1;
1134 options->connection_timeout = -1;
1135 options->number_of_password_prompts = -1;
1136 options->cipher = -1;
1137 options->ciphers = NULL;
1138 options->macs = NULL;
1139 options->kex_algorithms = NULL;
1140 options->hostkeyalgorithms = NULL;
1141 options->protocol = SSH_PROTO_UNKNOWN;
1142 options->num_identity_files = 0;
1143 options->hostname = NULL;
1144 options->host_key_alias = NULL;
1145 options->proxy_command = NULL;
1146 options->user = NULL;
1147 options->escape_char = -1;
--- 26 unchanged lines hidden (view full) ---
1174 options->tun_open = -1;
1175 options->tun_local = -1;
1176 options->tun_remote = -1;
1177 options->local_command = NULL;
1178 options->permit_local_command = -1;
1179 options->use_roaming = -1;
1180 options->visual_host_key = -1;
1181 options->zero_knowledge_password_authentication = -1;
1182 options->ip_qos_interactive = -1;
1183 options->ip_qos_bulk = -1;
1184}
1185
1186/*
1187 * Called after processing other sources of option data, this fills those
1188 * options for which no value has been specified with their default values.
1189 */
1190
1191void
--- 55 unchanged lines hidden (view full) ---
1247 options->connection_attempts = 1;
1248 if (options->number_of_password_prompts == -1)
1249 options->number_of_password_prompts = 3;
1250 /* Selected in ssh_login(). */
1251 if (options->cipher == -1)
1252 options->cipher = SSH_CIPHER_NOT_SET;
1253 /* options->ciphers, default set in myproposals.h */
1254 /* options->macs, default set in myproposals.h */
1255 /* options->kex_algorithms, default set in myproposals.h */
1256 /* options->hostkeyalgorithms, default set in myproposals.h */
1257 if (options->protocol == SSH_PROTO_UNKNOWN)
1258 options->protocol = SSH_PROTO_2;
1259 if (options->num_identity_files == 0) {
1260 if (options->protocol & SSH_PROTO_1) {
1261 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1262 options->identity_files[options->num_identity_files] =
1263 xmalloc(len);
--- 7 unchanged lines hidden (view full) ---
1271 snprintf(options->identity_files[options->num_identity_files++],
1272 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1273
1274 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1275 options->identity_files[options->num_identity_files] =
1276 xmalloc(len);
1277 snprintf(options->identity_files[options->num_identity_files++],
1278 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1279#ifdef OPENSSL_HAS_ECC
1280 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
1281 options->identity_files[options->num_identity_files] =
1282 xmalloc(len);
1283 snprintf(options->identity_files[options->num_identity_files++],
1284 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
1285#endif
1286 }
1287 }
1288 if (options->escape_char == -1)
1289 options->escape_char = '~';
1290 if (options->system_hostfile == NULL)
1291 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1292 if (options->user_hostfile == NULL)
1293 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
--- 36 unchanged lines hidden (view full) ---
1330 if (options->permit_local_command == -1)
1331 options->permit_local_command = 0;
1332 if (options->use_roaming == -1)
1333 options->use_roaming = 1;
1334 if (options->visual_host_key == -1)
1335 options->visual_host_key = 0;
1336 if (options->zero_knowledge_password_authentication == -1)
1337 options->zero_knowledge_password_authentication = 0;
1338 if (options->ip_qos_interactive == -1)
1339 options->ip_qos_interactive = IPTOS_LOWDELAY;
1340 if (options->ip_qos_bulk == -1)
1341 options->ip_qos_bulk = IPTOS_THROUGHPUT;
1342 /* options->local_command should not be set by default */
1343 /* options->proxy_command should not be set by default */
1344 /* options->user will be set in the main program if appropriate */
1345 /* options->hostname will be set in the main program if appropriate */
1346 /* options->host_key_alias should not be set by default */
1347 /* options->preferred_authentications will be set in ssh */
1348}
1349
--- 97 unchanged lines hidden ---
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Functions for reading the configuration files.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
16__RCSID("$FreeBSD: head/crypto/openssh/readconf.c 221420 2011-05-04 07:34:44Z des $");
17
18#include <sys/types.h>
19#include <sys/stat.h>
20#include <sys/socket.h>
21#include <sys/sysctl.h>
22
23#include <netinet/in.h>
24#include <netinet/in_systm.h>
25#include <netinet/ip.h>
26
27#include <ctype.h>
28#include <errno.h>
29#include <netdb.h>
30#include <signal.h>
31#include <stdarg.h>
32#include <stdio.h>
33#include <string.h>
--- 98 unchanged lines hidden (view full) ---
132 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
134 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
135 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
136 oSendEnv, oControlPath, oControlMaster, oControlPersist,
137 oHashKnownHosts,
138 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
139 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
140 oKexAlgorithms, oIPQoS,
141 oVersionAddendum,
142 oDeprecated, oUnsupported
143} OpCodes;
144
145/* Textual representations of the tokens. */
146
147static struct {
148 const char *name;
--- 93 unchanged lines hidden (view full) ---
242 { "visualhostkey", oVisualHostKey },
243 { "useroaming", oUseRoaming },
244#ifdef JPAKE
245 { "zeroknowledgepasswordauthentication",
246 oZeroKnowledgePasswordAuthentication },
247#else
248 { "zeroknowledgepasswordauthentication", oUnsupported },
249#endif
250 { "kexalgorithms", oKexAlgorithms },
251 { "ipqos", oIPQoS },
252
253 { "versionaddendum", oVersionAddendum },
254 { NULL, oBadOption }
255};
256
257/*
258 * Adds a local TCP/IP port forward to options. Never returns if there is an
259 * error.
--- 456 unchanged lines hidden (view full) ---
716 fatal("%.200s line %d: Missing argument.", filename, linenum);
717 if (!mac_valid(arg))
718 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
719 filename, linenum, arg ? arg : "<NONE>");
720 if (*activep && options->macs == NULL)
721 options->macs = xstrdup(arg);
722 break;
723
724 case oKexAlgorithms:
725 arg = strdelim(&s);
726 if (!arg || *arg == '\0')
727 fatal("%.200s line %d: Missing argument.",
728 filename, linenum);
729 if (!kex_names_valid(arg))
730 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
731 filename, linenum, arg ? arg : "<NONE>");
732 if (*activep && options->kex_algorithms == NULL)
733 options->kex_algorithms = xstrdup(arg);
734 break;
735
736 case oHostKeyAlgorithms:
737 arg = strdelim(&s);
738 if (!arg || *arg == '\0')
739 fatal("%.200s line %d: Missing argument.", filename, linenum);
740 if (!key_names_valid2(arg))
741 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
742 filename, linenum, arg ? arg : "<NONE>");
743 if (*activep && options->hostkeyalgorithms == NULL)
--- 244 unchanged lines hidden (view full) ---
988 case oPermitLocalCommand:
989 intptr = &options->permit_local_command;
990 goto parse_flag;
991
992 case oVisualHostKey:
993 intptr = &options->visual_host_key;
994 goto parse_flag;
995
996 case oIPQoS:
997 arg = strdelim(&s);
998 if ((value = parse_ipqos(arg)) == -1)
999 fatal("%s line %d: Bad IPQoS value: %s",
1000 filename, linenum, arg);
1001 arg = strdelim(&s);
1002 if (arg == NULL)
1003 value2 = value;
1004 else if ((value2 = parse_ipqos(arg)) == -1)
1005 fatal("%s line %d: Bad IPQoS value: %s",
1006 filename, linenum, arg);
1007 if (*activep) {
1008 options->ip_qos_interactive = value;
1009 options->ip_qos_bulk = value2;
1010 }
1011 break;
1012
1013 case oUseRoaming:
1014 intptr = &options->use_roaming;
1015 goto parse_flag;
1016
1017 case oVersionAddendum:
1018 ssh_version_set_addendum(strtok(s, "\n"));
1019 do {
1020 arg = strdelim(&s);
--- 110 unchanged lines hidden (view full) ---
1131 options->port = -1;
1132 options->address_family = -1;
1133 options->connection_attempts = -1;
1134 options->connection_timeout = -1;
1135 options->number_of_password_prompts = -1;
1136 options->cipher = -1;
1137 options->ciphers = NULL;
1138 options->macs = NULL;
1139 options->kex_algorithms = NULL;
1140 options->hostkeyalgorithms = NULL;
1141 options->protocol = SSH_PROTO_UNKNOWN;
1142 options->num_identity_files = 0;
1143 options->hostname = NULL;
1144 options->host_key_alias = NULL;
1145 options->proxy_command = NULL;
1146 options->user = NULL;
1147 options->escape_char = -1;
--- 26 unchanged lines hidden (view full) ---
1174 options->tun_open = -1;
1175 options->tun_local = -1;
1176 options->tun_remote = -1;
1177 options->local_command = NULL;
1178 options->permit_local_command = -1;
1179 options->use_roaming = -1;
1180 options->visual_host_key = -1;
1181 options->zero_knowledge_password_authentication = -1;
1182 options->ip_qos_interactive = -1;
1183 options->ip_qos_bulk = -1;
1184}
1185
1186/*
1187 * Called after processing other sources of option data, this fills those
1188 * options for which no value has been specified with their default values.
1189 */
1190
1191void
--- 55 unchanged lines hidden (view full) ---
1247 options->connection_attempts = 1;
1248 if (options->number_of_password_prompts == -1)
1249 options->number_of_password_prompts = 3;
1250 /* Selected in ssh_login(). */
1251 if (options->cipher == -1)
1252 options->cipher = SSH_CIPHER_NOT_SET;
1253 /* options->ciphers, default set in myproposals.h */
1254 /* options->macs, default set in myproposals.h */
1255 /* options->kex_algorithms, default set in myproposals.h */
1256 /* options->hostkeyalgorithms, default set in myproposals.h */
1257 if (options->protocol == SSH_PROTO_UNKNOWN)
1258 options->protocol = SSH_PROTO_2;
1259 if (options->num_identity_files == 0) {
1260 if (options->protocol & SSH_PROTO_1) {
1261 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1262 options->identity_files[options->num_identity_files] =
1263 xmalloc(len);
--- 7 unchanged lines hidden (view full) ---
1271 snprintf(options->identity_files[options->num_identity_files++],
1272 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1273
1274 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1275 options->identity_files[options->num_identity_files] =
1276 xmalloc(len);
1277 snprintf(options->identity_files[options->num_identity_files++],
1278 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1279#ifdef OPENSSL_HAS_ECC
1280 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
1281 options->identity_files[options->num_identity_files] =
1282 xmalloc(len);
1283 snprintf(options->identity_files[options->num_identity_files++],
1284 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
1285#endif
1286 }
1287 }
1288 if (options->escape_char == -1)
1289 options->escape_char = '~';
1290 if (options->system_hostfile == NULL)
1291 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1292 if (options->user_hostfile == NULL)
1293 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
--- 36 unchanged lines hidden (view full) ---
1330 if (options->permit_local_command == -1)
1331 options->permit_local_command = 0;
1332 if (options->use_roaming == -1)
1333 options->use_roaming = 1;
1334 if (options->visual_host_key == -1)
1335 options->visual_host_key = 0;
1336 if (options->zero_knowledge_password_authentication == -1)
1337 options->zero_knowledge_password_authentication = 0;
1338 if (options->ip_qos_interactive == -1)
1339 options->ip_qos_interactive = IPTOS_LOWDELAY;
1340 if (options->ip_qos_bulk == -1)
1341 options->ip_qos_bulk = IPTOS_THROUGHPUT;
1342 /* options->local_command should not be set by default */
1343 /* options->proxy_command should not be set by default */
1344 /* options->user will be set in the main program if appropriate */
1345 /* options->hostname will be set in the main program if appropriate */
1346 /* options->host_key_alias should not be set by default */
1347 /* options->preferred_authentications will be set in ssh */
1348}
1349
--- 97 unchanged lines hidden ---