| readconf.c (215116) | readconf.c (221420) |
|---|---|
| 1/* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ | 1/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ |
| 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Functions for reading the configuration files. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14 15#include "includes.h" | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * Functions for reading the configuration files. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 */ 14 15#include "includes.h" |
| 16__RCSID("$FreeBSD: head/crypto/openssh/readconf.c 215116 2010-11-11 11:46:19Z des $"); | 16__RCSID("$FreeBSD: head/crypto/openssh/readconf.c 221420 2011-05-04 07:34:44Z des $"); |
| 17 18#include <sys/types.h> 19#include <sys/stat.h> 20#include <sys/socket.h> 21#include <sys/sysctl.h> 22 23#include <netinet/in.h> | 17 18#include <sys/types.h> 19#include <sys/stat.h> 20#include <sys/socket.h> 21#include <sys/sysctl.h> 22 23#include <netinet/in.h> |
| 24#include <netinet/in_systm.h> 25#include <netinet/ip.h> |
|
| 24 25#include <ctype.h> 26#include <errno.h> 27#include <netdb.h> 28#include <signal.h> 29#include <stdarg.h> 30#include <stdio.h> 31#include <string.h> --- 98 unchanged lines hidden (view full) --- 130 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 132 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 133 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 134 oSendEnv, oControlPath, oControlMaster, oControlPersist, 135 oHashKnownHosts, 136 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 137 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 26 27#include <ctype.h> 28#include <errno.h> 29#include <netdb.h> 30#include <signal.h> 31#include <stdarg.h> 32#include <stdio.h> 33#include <string.h> --- 98 unchanged lines hidden (view full) --- 132 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 134 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 135 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 136 oSendEnv, oControlPath, oControlMaster, oControlPersist, 137 oHashKnownHosts, 138 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 139 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
| 140 oKexAlgorithms, oIPQoS, |
|
| 138 oVersionAddendum, 139 oDeprecated, oUnsupported 140} OpCodes; 141 142/* Textual representations of the tokens. */ 143 144static struct { 145 const char *name; --- 93 unchanged lines hidden (view full) --- 239 { "visualhostkey", oVisualHostKey }, 240 { "useroaming", oUseRoaming }, 241#ifdef JPAKE 242 { "zeroknowledgepasswordauthentication", 243 oZeroKnowledgePasswordAuthentication }, 244#else 245 { "zeroknowledgepasswordauthentication", oUnsupported }, 246#endif | 141 oVersionAddendum, 142 oDeprecated, oUnsupported 143} OpCodes; 144 145/* Textual representations of the tokens. */ 146 147static struct { 148 const char *name; --- 93 unchanged lines hidden (view full) --- 242 { "visualhostkey", oVisualHostKey }, 243 { "useroaming", oUseRoaming }, 244#ifdef JPAKE 245 { "zeroknowledgepasswordauthentication", 246 oZeroKnowledgePasswordAuthentication }, 247#else 248 { "zeroknowledgepasswordauthentication", oUnsupported }, 249#endif |
| 250 { "kexalgorithms", oKexAlgorithms }, 251 { "ipqos", oIPQoS }, |
|
| 247 248 { "versionaddendum", oVersionAddendum }, 249 { NULL, oBadOption } 250}; 251 252/* 253 * Adds a local TCP/IP port forward to options. Never returns if there is an 254 * error. --- 456 unchanged lines hidden (view full) --- 711 fatal("%.200s line %d: Missing argument.", filename, linenum); 712 if (!mac_valid(arg)) 713 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", 714 filename, linenum, arg ? arg : "<NONE>"); 715 if (*activep && options->macs == NULL) 716 options->macs = xstrdup(arg); 717 break; 718 | 252 253 { "versionaddendum", oVersionAddendum }, 254 { NULL, oBadOption } 255}; 256 257/* 258 * Adds a local TCP/IP port forward to options. Never returns if there is an 259 * error. --- 456 unchanged lines hidden (view full) --- 716 fatal("%.200s line %d: Missing argument.", filename, linenum); 717 if (!mac_valid(arg)) 718 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", 719 filename, linenum, arg ? arg : "<NONE>"); 720 if (*activep && options->macs == NULL) 721 options->macs = xstrdup(arg); 722 break; 723 |
| 724 case oKexAlgorithms: 725 arg = strdelim(&s); 726 if (!arg || *arg == '\0') 727 fatal("%.200s line %d: Missing argument.", 728 filename, linenum); 729 if (!kex_names_valid(arg)) 730 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", 731 filename, linenum, arg ? arg : "<NONE>"); 732 if (*activep && options->kex_algorithms == NULL) 733 options->kex_algorithms = xstrdup(arg); 734 break; 735 |
|
| 719 case oHostKeyAlgorithms: 720 arg = strdelim(&s); 721 if (!arg || *arg == '\0') 722 fatal("%.200s line %d: Missing argument.", filename, linenum); 723 if (!key_names_valid2(arg)) 724 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", 725 filename, linenum, arg ? arg : "<NONE>"); 726 if (*activep && options->hostkeyalgorithms == NULL) --- 244 unchanged lines hidden (view full) --- 971 case oPermitLocalCommand: 972 intptr = &options->permit_local_command; 973 goto parse_flag; 974 975 case oVisualHostKey: 976 intptr = &options->visual_host_key; 977 goto parse_flag; 978 | 736 case oHostKeyAlgorithms: 737 arg = strdelim(&s); 738 if (!arg || *arg == '\0') 739 fatal("%.200s line %d: Missing argument.", filename, linenum); 740 if (!key_names_valid2(arg)) 741 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", 742 filename, linenum, arg ? arg : "<NONE>"); 743 if (*activep && options->hostkeyalgorithms == NULL) --- 244 unchanged lines hidden (view full) --- 988 case oPermitLocalCommand: 989 intptr = &options->permit_local_command; 990 goto parse_flag; 991 992 case oVisualHostKey: 993 intptr = &options->visual_host_key; 994 goto parse_flag; 995 |
| 996 case oIPQoS: 997 arg = strdelim(&s); 998 if ((value = parse_ipqos(arg)) == -1) 999 fatal("%s line %d: Bad IPQoS value: %s", 1000 filename, linenum, arg); 1001 arg = strdelim(&s); 1002 if (arg == NULL) 1003 value2 = value; 1004 else if ((value2 = parse_ipqos(arg)) == -1) 1005 fatal("%s line %d: Bad IPQoS value: %s", 1006 filename, linenum, arg); 1007 if (*activep) { 1008 options->ip_qos_interactive = value; 1009 options->ip_qos_bulk = value2; 1010 } 1011 break; 1012 |
|
| 979 case oUseRoaming: 980 intptr = &options->use_roaming; 981 goto parse_flag; 982 983 case oVersionAddendum: 984 ssh_version_set_addendum(strtok(s, "\n")); 985 do { 986 arg = strdelim(&s); --- 110 unchanged lines hidden (view full) --- 1097 options->port = -1; 1098 options->address_family = -1; 1099 options->connection_attempts = -1; 1100 options->connection_timeout = -1; 1101 options->number_of_password_prompts = -1; 1102 options->cipher = -1; 1103 options->ciphers = NULL; 1104 options->macs = NULL; | 1013 case oUseRoaming: 1014 intptr = &options->use_roaming; 1015 goto parse_flag; 1016 1017 case oVersionAddendum: 1018 ssh_version_set_addendum(strtok(s, "\n")); 1019 do { 1020 arg = strdelim(&s); --- 110 unchanged lines hidden (view full) --- 1131 options->port = -1; 1132 options->address_family = -1; 1133 options->connection_attempts = -1; 1134 options->connection_timeout = -1; 1135 options->number_of_password_prompts = -1; 1136 options->cipher = -1; 1137 options->ciphers = NULL; 1138 options->macs = NULL; |
| 1139 options->kex_algorithms = NULL; |
|
| 1105 options->hostkeyalgorithms = NULL; 1106 options->protocol = SSH_PROTO_UNKNOWN; 1107 options->num_identity_files = 0; 1108 options->hostname = NULL; 1109 options->host_key_alias = NULL; 1110 options->proxy_command = NULL; 1111 options->user = NULL; 1112 options->escape_char = -1; --- 26 unchanged lines hidden (view full) --- 1139 options->tun_open = -1; 1140 options->tun_local = -1; 1141 options->tun_remote = -1; 1142 options->local_command = NULL; 1143 options->permit_local_command = -1; 1144 options->use_roaming = -1; 1145 options->visual_host_key = -1; 1146 options->zero_knowledge_password_authentication = -1; | 1140 options->hostkeyalgorithms = NULL; 1141 options->protocol = SSH_PROTO_UNKNOWN; 1142 options->num_identity_files = 0; 1143 options->hostname = NULL; 1144 options->host_key_alias = NULL; 1145 options->proxy_command = NULL; 1146 options->user = NULL; 1147 options->escape_char = -1; --- 26 unchanged lines hidden (view full) --- 1174 options->tun_open = -1; 1175 options->tun_local = -1; 1176 options->tun_remote = -1; 1177 options->local_command = NULL; 1178 options->permit_local_command = -1; 1179 options->use_roaming = -1; 1180 options->visual_host_key = -1; 1181 options->zero_knowledge_password_authentication = -1; |
| 1182 options->ip_qos_interactive = -1; 1183 options->ip_qos_bulk = -1; |
|
| 1147} 1148 1149/* 1150 * Called after processing other sources of option data, this fills those 1151 * options for which no value has been specified with their default values. 1152 */ 1153 1154void --- 55 unchanged lines hidden (view full) --- 1210 options->connection_attempts = 1; 1211 if (options->number_of_password_prompts == -1) 1212 options->number_of_password_prompts = 3; 1213 /* Selected in ssh_login(). */ 1214 if (options->cipher == -1) 1215 options->cipher = SSH_CIPHER_NOT_SET; 1216 /* options->ciphers, default set in myproposals.h */ 1217 /* options->macs, default set in myproposals.h */ | 1184} 1185 1186/* 1187 * Called after processing other sources of option data, this fills those 1188 * options for which no value has been specified with their default values. 1189 */ 1190 1191void --- 55 unchanged lines hidden (view full) --- 1247 options->connection_attempts = 1; 1248 if (options->number_of_password_prompts == -1) 1249 options->number_of_password_prompts = 3; 1250 /* Selected in ssh_login(). */ 1251 if (options->cipher == -1) 1252 options->cipher = SSH_CIPHER_NOT_SET; 1253 /* options->ciphers, default set in myproposals.h */ 1254 /* options->macs, default set in myproposals.h */ |
| 1255 /* options->kex_algorithms, default set in myproposals.h */ |
|
| 1218 /* options->hostkeyalgorithms, default set in myproposals.h */ 1219 if (options->protocol == SSH_PROTO_UNKNOWN) 1220 options->protocol = SSH_PROTO_2; 1221 if (options->num_identity_files == 0) { 1222 if (options->protocol & SSH_PROTO_1) { 1223 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; 1224 options->identity_files[options->num_identity_files] = 1225 xmalloc(len); --- 7 unchanged lines hidden (view full) --- 1233 snprintf(options->identity_files[options->num_identity_files++], 1234 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA); 1235 1236 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1; 1237 options->identity_files[options->num_identity_files] = 1238 xmalloc(len); 1239 snprintf(options->identity_files[options->num_identity_files++], 1240 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); | 1256 /* options->hostkeyalgorithms, default set in myproposals.h */ 1257 if (options->protocol == SSH_PROTO_UNKNOWN) 1258 options->protocol = SSH_PROTO_2; 1259 if (options->num_identity_files == 0) { 1260 if (options->protocol & SSH_PROTO_1) { 1261 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; 1262 options->identity_files[options->num_identity_files] = 1263 xmalloc(len); --- 7 unchanged lines hidden (view full) --- 1271 snprintf(options->identity_files[options->num_identity_files++], 1272 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA); 1273 1274 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1; 1275 options->identity_files[options->num_identity_files] = 1276 xmalloc(len); 1277 snprintf(options->identity_files[options->num_identity_files++], 1278 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); |
| 1279#ifdef OPENSSL_HAS_ECC 1280 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; 1281 options->identity_files[options->num_identity_files] = 1282 xmalloc(len); 1283 snprintf(options->identity_files[options->num_identity_files++], 1284 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); 1285#endif |
|
| 1241 } 1242 } 1243 if (options->escape_char == -1) 1244 options->escape_char = '~'; 1245 if (options->system_hostfile == NULL) 1246 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; 1247 if (options->user_hostfile == NULL) 1248 options->user_hostfile = _PATH_SSH_USER_HOSTFILE; --- 36 unchanged lines hidden (view full) --- 1285 if (options->permit_local_command == -1) 1286 options->permit_local_command = 0; 1287 if (options->use_roaming == -1) 1288 options->use_roaming = 1; 1289 if (options->visual_host_key == -1) 1290 options->visual_host_key = 0; 1291 if (options->zero_knowledge_password_authentication == -1) 1292 options->zero_knowledge_password_authentication = 0; | 1286 } 1287 } 1288 if (options->escape_char == -1) 1289 options->escape_char = '~'; 1290 if (options->system_hostfile == NULL) 1291 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; 1292 if (options->user_hostfile == NULL) 1293 options->user_hostfile = _PATH_SSH_USER_HOSTFILE; --- 36 unchanged lines hidden (view full) --- 1330 if (options->permit_local_command == -1) 1331 options->permit_local_command = 0; 1332 if (options->use_roaming == -1) 1333 options->use_roaming = 1; 1334 if (options->visual_host_key == -1) 1335 options->visual_host_key = 0; 1336 if (options->zero_knowledge_password_authentication == -1) 1337 options->zero_knowledge_password_authentication = 0; |
| 1338 if (options->ip_qos_interactive == -1) 1339 options->ip_qos_interactive = IPTOS_LOWDELAY; 1340 if (options->ip_qos_bulk == -1) 1341 options->ip_qos_bulk = IPTOS_THROUGHPUT; |
|
| 1293 /* options->local_command should not be set by default */ 1294 /* options->proxy_command should not be set by default */ 1295 /* options->user will be set in the main program if appropriate */ 1296 /* options->hostname will be set in the main program if appropriate */ 1297 /* options->host_key_alias should not be set by default */ 1298 /* options->preferred_authentications will be set in ssh */ 1299} 1300 --- 97 unchanged lines hidden --- | 1342 /* options->local_command should not be set by default */ 1343 /* options->proxy_command should not be set by default */ 1344 /* options->user will be set in the main program if appropriate */ 1345 /* options->hostname will be set in the main program if appropriate */ 1346 /* options->host_key_alias should not be set by default */ 1347 /* options->preferred_authentications will be set in ssh */ 1348} 1349 --- 97 unchanged lines hidden --- |