1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Functions for reading the configuration files.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
| 1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Functions for reading the configuration files.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
|
15RCSID("$FreeBSD: head/crypto/openssh/readconf.c 128461 2004-04-20 09:47:13Z des $");
16RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
| 15RCSID("$OpenBSD: readconf.c,v 1.134 2004/07/11 17:48:47 deraadt Exp $");
16RCSID("$FreeBSD: head/crypto/openssh/readconf.c 137019 2004-10-28 16:11:31Z des $");
|
17
18#include "ssh.h"
19#include "xmalloc.h"
20#include "compat.h"
21#include "cipher.h"
22#include "pathnames.h"
23#include "log.h"
24#include "readconf.h"
25#include "match.h"
26#include "misc.h"
27#include "kex.h"
28#include "mac.h"
29
30/* Format of the configuration file:
31
32 # Configuration data is parsed as follows:
33 # 1. command line options
34 # 2. user-specific file
35 # 3. system-wide file
36 # Any configuration value is only changed the first time it is set.
37 # Thus, host-specific definitions should be at the beginning of the
38 # configuration file, and defaults at the end.
39
40 # Host-specific declarations. These may override anything above. A single
41 # host may match multiple declarations; these are processed in the order
42 # that they are given in.
43
44 Host *.ngs.fi ngs.fi
45 User foo
46
47 Host fake.com
48 HostName another.host.name.real.org
49 User blaah
50 Port 34289
51 ForwardX11 no
52 ForwardAgent no
53
54 Host books.com
55 RemoteForward 9999 shadows.cs.hut.fi:9999
56 Cipher 3des
57
58 Host fascist.blob.com
59 Port 23123
60 User tylonen
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
68 PublicKeyAuthentication no
69
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
77 ForwardX11 no
78 PasswordAuthentication yes
79 RSAAuthentication yes
80 RhostsRSAAuthentication yes
81 StrictHostKeyChecking yes
82 TcpKeepAlive no
83 IdentityFile ~/.ssh/identity
84 Port 22
85 EscapeChar ~
86
87*/
88
89/* Keyword tokens. */
90
91typedef enum {
92 oBadOption,
93 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
94 oPasswordAuthentication, oRSAAuthentication,
95 oChallengeResponseAuthentication, oXAuthLocation,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
108 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
109 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
| 17
18#include "ssh.h"
19#include "xmalloc.h"
20#include "compat.h"
21#include "cipher.h"
22#include "pathnames.h"
23#include "log.h"
24#include "readconf.h"
25#include "match.h"
26#include "misc.h"
27#include "kex.h"
28#include "mac.h"
29
30/* Format of the configuration file:
31
32 # Configuration data is parsed as follows:
33 # 1. command line options
34 # 2. user-specific file
35 # 3. system-wide file
36 # Any configuration value is only changed the first time it is set.
37 # Thus, host-specific definitions should be at the beginning of the
38 # configuration file, and defaults at the end.
39
40 # Host-specific declarations. These may override anything above. A single
41 # host may match multiple declarations; these are processed in the order
42 # that they are given in.
43
44 Host *.ngs.fi ngs.fi
45 User foo
46
47 Host fake.com
48 HostName another.host.name.real.org
49 User blaah
50 Port 34289
51 ForwardX11 no
52 ForwardAgent no
53
54 Host books.com
55 RemoteForward 9999 shadows.cs.hut.fi:9999
56 Cipher 3des
57
58 Host fascist.blob.com
59 Port 23123
60 User tylonen
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
68 PublicKeyAuthentication no
69
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
77 ForwardX11 no
78 PasswordAuthentication yes
79 RSAAuthentication yes
80 RhostsRSAAuthentication yes
81 StrictHostKeyChecking yes
82 TcpKeepAlive no
83 IdentityFile ~/.ssh/identity
84 Port 22
85 EscapeChar ~
86
87*/
88
89/* Keyword tokens. */
90
91typedef enum {
92 oBadOption,
93 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
94 oPasswordAuthentication, oRSAAuthentication,
95 oChallengeResponseAuthentication, oXAuthLocation,
96 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
97 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
98 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
99 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
100 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
101 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
102 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
103 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
104 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
105 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
106 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
107 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
108 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
109 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
|
| 110 oSendEnv, oControlPath, oControlMaster,
|
110 oVersionAddendum,
111 oDeprecated, oUnsupported
112} OpCodes;
113
114/* Textual representations of the tokens. */
115
116static struct {
117 const char *name;
118 OpCodes opcode;
119} keywords[] = {
120 { "forwardagent", oForwardAgent },
121 { "forwardx11", oForwardX11 },
122 { "forwardx11trusted", oForwardX11Trusted },
123 { "xauthlocation", oXAuthLocation },
124 { "gatewayports", oGatewayPorts },
125 { "useprivilegedport", oUsePrivilegedPort },
126 { "rhostsauthentication", oDeprecated },
127 { "passwordauthentication", oPasswordAuthentication },
128 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
129 { "kbdinteractivedevices", oKbdInteractiveDevices },
130 { "rsaauthentication", oRSAAuthentication },
131 { "pubkeyauthentication", oPubkeyAuthentication },
132 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
133 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
134 { "hostbasedauthentication", oHostbasedAuthentication },
135 { "challengeresponseauthentication", oChallengeResponseAuthentication },
136 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
138 { "kerberosauthentication", oUnsupported },
139 { "kerberostgtpassing", oUnsupported },
140 { "afstokenpassing", oUnsupported },
141#if defined(GSSAPI)
142 { "gssapiauthentication", oGssAuthentication },
143 { "gssapidelegatecredentials", oGssDelegateCreds },
144#else
145 { "gssapiauthentication", oUnsupported },
146 { "gssapidelegatecredentials", oUnsupported },
147#endif
148 { "fallbacktorsh", oDeprecated },
149 { "usersh", oDeprecated },
150 { "identityfile", oIdentityFile },
151 { "identityfile2", oIdentityFile }, /* alias */
152 { "identitiesonly", oIdentitiesOnly },
153 { "hostname", oHostName },
154 { "hostkeyalias", oHostKeyAlias },
155 { "proxycommand", oProxyCommand },
156 { "port", oPort },
157 { "cipher", oCipher },
158 { "ciphers", oCiphers },
159 { "macs", oMacs },
160 { "protocol", oProtocol },
161 { "remoteforward", oRemoteForward },
162 { "localforward", oLocalForward },
163 { "user", oUser },
164 { "host", oHost },
165 { "escapechar", oEscapeChar },
166 { "globalknownhostsfile", oGlobalKnownHostsFile },
167 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
168 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
169 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
170 { "connectionattempts", oConnectionAttempts },
171 { "batchmode", oBatchMode },
172 { "checkhostip", oCheckHostIP },
173 { "stricthostkeychecking", oStrictHostKeyChecking },
174 { "compression", oCompression },
175 { "compressionlevel", oCompressionLevel },
176 { "tcpkeepalive", oTCPKeepAlive },
177 { "keepalive", oTCPKeepAlive }, /* obsolete */
178 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
179 { "loglevel", oLogLevel },
180 { "dynamicforward", oDynamicForward },
181 { "preferredauthentications", oPreferredAuthentications },
182 { "hostkeyalgorithms", oHostKeyAlgorithms },
183 { "bindaddress", oBindAddress },
184#ifdef SMARTCARD
185 { "smartcarddevice", oSmartcardDevice },
186#else
187 { "smartcarddevice", oUnsupported },
188#endif
189 { "clearallforwardings", oClearAllForwardings },
190 { "enablesshkeysign", oEnableSSHKeysign },
191 { "verifyhostkeydns", oVerifyHostKeyDNS },
192 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
193 { "rekeylimit", oRekeyLimit },
194 { "connecttimeout", oConnectTimeout },
195 { "addressfamily", oAddressFamily },
196 { "serveraliveinterval", oServerAliveInterval },
197 { "serveralivecountmax", oServerAliveCountMax },
| 111 oVersionAddendum,
112 oDeprecated, oUnsupported
113} OpCodes;
114
115/* Textual representations of the tokens. */
116
117static struct {
118 const char *name;
119 OpCodes opcode;
120} keywords[] = {
121 { "forwardagent", oForwardAgent },
122 { "forwardx11", oForwardX11 },
123 { "forwardx11trusted", oForwardX11Trusted },
124 { "xauthlocation", oXAuthLocation },
125 { "gatewayports", oGatewayPorts },
126 { "useprivilegedport", oUsePrivilegedPort },
127 { "rhostsauthentication", oDeprecated },
128 { "passwordauthentication", oPasswordAuthentication },
129 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
130 { "kbdinteractivedevices", oKbdInteractiveDevices },
131 { "rsaauthentication", oRSAAuthentication },
132 { "pubkeyauthentication", oPubkeyAuthentication },
133 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
134 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
135 { "hostbasedauthentication", oHostbasedAuthentication },
136 { "challengeresponseauthentication", oChallengeResponseAuthentication },
137 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
138 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
139 { "kerberosauthentication", oUnsupported },
140 { "kerberostgtpassing", oUnsupported },
141 { "afstokenpassing", oUnsupported },
142#if defined(GSSAPI)
143 { "gssapiauthentication", oGssAuthentication },
144 { "gssapidelegatecredentials", oGssDelegateCreds },
145#else
146 { "gssapiauthentication", oUnsupported },
147 { "gssapidelegatecredentials", oUnsupported },
148#endif
149 { "fallbacktorsh", oDeprecated },
150 { "usersh", oDeprecated },
151 { "identityfile", oIdentityFile },
152 { "identityfile2", oIdentityFile }, /* alias */
153 { "identitiesonly", oIdentitiesOnly },
154 { "hostname", oHostName },
155 { "hostkeyalias", oHostKeyAlias },
156 { "proxycommand", oProxyCommand },
157 { "port", oPort },
158 { "cipher", oCipher },
159 { "ciphers", oCiphers },
160 { "macs", oMacs },
161 { "protocol", oProtocol },
162 { "remoteforward", oRemoteForward },
163 { "localforward", oLocalForward },
164 { "user", oUser },
165 { "host", oHost },
166 { "escapechar", oEscapeChar },
167 { "globalknownhostsfile", oGlobalKnownHostsFile },
168 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
169 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
170 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
171 { "connectionattempts", oConnectionAttempts },
172 { "batchmode", oBatchMode },
173 { "checkhostip", oCheckHostIP },
174 { "stricthostkeychecking", oStrictHostKeyChecking },
175 { "compression", oCompression },
176 { "compressionlevel", oCompressionLevel },
177 { "tcpkeepalive", oTCPKeepAlive },
178 { "keepalive", oTCPKeepAlive }, /* obsolete */
179 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
180 { "loglevel", oLogLevel },
181 { "dynamicforward", oDynamicForward },
182 { "preferredauthentications", oPreferredAuthentications },
183 { "hostkeyalgorithms", oHostKeyAlgorithms },
184 { "bindaddress", oBindAddress },
185#ifdef SMARTCARD
186 { "smartcarddevice", oSmartcardDevice },
187#else
188 { "smartcarddevice", oUnsupported },
189#endif
190 { "clearallforwardings", oClearAllForwardings },
191 { "enablesshkeysign", oEnableSSHKeysign },
192 { "verifyhostkeydns", oVerifyHostKeyDNS },
193 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
194 { "rekeylimit", oRekeyLimit },
195 { "connecttimeout", oConnectTimeout },
196 { "addressfamily", oAddressFamily },
197 { "serveraliveinterval", oServerAliveInterval },
198 { "serveralivecountmax", oServerAliveCountMax },
|
| 199 { "sendenv", oSendEnv },
200 { "controlpath", oControlPath },
201 { "controlmaster", oControlMaster },
|
198 { "versionaddendum", oVersionAddendum },
199 { NULL, oBadOption }
200};
201
202/*
203 * Adds a local TCP/IP port forward to options. Never returns if there is an
204 * error.
205 */
206
207void
208add_local_forward(Options *options, u_short port, const char *host,
209 u_short host_port)
210{
211 Forward *fwd;
212#ifndef NO_IPPORT_RESERVED_CONCEPT
213 extern uid_t original_real_uid;
214 if (port < IPPORT_RESERVED && original_real_uid != 0)
215 fatal("Privileged ports can only be forwarded by root.");
216#endif
217 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
218 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
219 fwd = &options->local_forwards[options->num_local_forwards++];
220 fwd->port = port;
221 fwd->host = xstrdup(host);
222 fwd->host_port = host_port;
223}
224
225/*
226 * Adds a remote TCP/IP port forward to options. Never returns if there is
227 * an error.
228 */
229
230void
231add_remote_forward(Options *options, u_short port, const char *host,
232 u_short host_port)
233{
234 Forward *fwd;
235 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
236 fatal("Too many remote forwards (max %d).",
237 SSH_MAX_FORWARDS_PER_DIRECTION);
238 fwd = &options->remote_forwards[options->num_remote_forwards++];
239 fwd->port = port;
240 fwd->host = xstrdup(host);
241 fwd->host_port = host_port;
242}
243
244static void
245clear_forwardings(Options *options)
246{
247 int i;
248
249 for (i = 0; i < options->num_local_forwards; i++)
250 xfree(options->local_forwards[i].host);
251 options->num_local_forwards = 0;
252 for (i = 0; i < options->num_remote_forwards; i++)
253 xfree(options->remote_forwards[i].host);
254 options->num_remote_forwards = 0;
255}
256
257/*
258 * Returns the number of the token pointed to by cp or oBadOption.
259 */
260
261static OpCodes
262parse_token(const char *cp, const char *filename, int linenum)
263{
264 u_int i;
265
266 for (i = 0; keywords[i].name; i++)
267 if (strcasecmp(cp, keywords[i].name) == 0)
268 return keywords[i].opcode;
269
270 error("%s: line %d: Bad configuration option: %s",
271 filename, linenum, cp);
272 return oBadOption;
273}
274
275/*
276 * Processes a single option line as used in the configuration files. This
277 * only sets those values that have not already been set.
278 */
279#define WHITESPACE " \t\r\n"
280
281int
282process_config_line(Options *options, const char *host,
283 char *line, const char *filename, int linenum,
284 int *activep)
285{
286 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
287 int opcode, *intptr, value;
288 size_t len;
289 u_short fwd_port, fwd_host_port;
290 char sfwd_host_port[6];
291
292 /* Strip trailing whitespace */
293 for(len = strlen(line) - 1; len > 0; len--) {
294 if (strchr(WHITESPACE, line[len]) == NULL)
295 break;
296 line[len] = '\0';
297 }
298
299 s = line;
300 /* Get the keyword. (Each line is supposed to begin with a keyword). */
301 keyword = strdelim(&s);
302 /* Ignore leading whitespace. */
303 if (*keyword == '\0')
304 keyword = strdelim(&s);
305 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
306 return 0;
307
308 opcode = parse_token(keyword, filename, linenum);
309
310 switch (opcode) {
311 case oBadOption:
312 /* don't panic, but count bad options */
313 return -1;
314 /* NOTREACHED */
315 case oConnectTimeout:
316 intptr = &options->connection_timeout;
317parse_time:
318 arg = strdelim(&s);
319 if (!arg || *arg == '\0')
320 fatal("%s line %d: missing time value.",
321 filename, linenum);
322 if ((value = convtime(arg)) == -1)
323 fatal("%s line %d: invalid time value.",
324 filename, linenum);
325 if (*intptr == -1)
326 *intptr = value;
327 break;
328
329 case oForwardAgent:
330 intptr = &options->forward_agent;
331parse_flag:
332 arg = strdelim(&s);
333 if (!arg || *arg == '\0')
334 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
335 value = 0; /* To avoid compiler warning... */
336 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
337 value = 1;
338 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
339 value = 0;
340 else
341 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
342 if (*activep && *intptr == -1)
343 *intptr = value;
344 break;
345
346 case oForwardX11:
347 intptr = &options->forward_x11;
348 goto parse_flag;
349
350 case oForwardX11Trusted:
351 intptr = &options->forward_x11_trusted;
352 goto parse_flag;
353
354 case oGatewayPorts:
355 intptr = &options->gateway_ports;
356 goto parse_flag;
357
358 case oUsePrivilegedPort:
359 intptr = &options->use_privileged_port;
360 goto parse_flag;
361
362 case oPasswordAuthentication:
363 intptr = &options->password_authentication;
364 goto parse_flag;
365
366 case oKbdInteractiveAuthentication:
367 intptr = &options->kbd_interactive_authentication;
368 goto parse_flag;
369
370 case oKbdInteractiveDevices:
371 charptr = &options->kbd_interactive_devices;
372 goto parse_string;
373
374 case oPubkeyAuthentication:
375 intptr = &options->pubkey_authentication;
376 goto parse_flag;
377
378 case oRSAAuthentication:
379 intptr = &options->rsa_authentication;
380 goto parse_flag;
381
382 case oRhostsRSAAuthentication:
383 intptr = &options->rhosts_rsa_authentication;
384 goto parse_flag;
385
386 case oHostbasedAuthentication:
387 intptr = &options->hostbased_authentication;
388 goto parse_flag;
389
390 case oChallengeResponseAuthentication:
391 intptr = &options->challenge_response_authentication;
392 goto parse_flag;
393
394 case oGssAuthentication:
395 intptr = &options->gss_authentication;
396 goto parse_flag;
397
398 case oGssDelegateCreds:
399 intptr = &options->gss_deleg_creds;
400 goto parse_flag;
401
402 case oBatchMode:
403 intptr = &options->batch_mode;
404 goto parse_flag;
405
406 case oCheckHostIP:
407 intptr = &options->check_host_ip;
408 goto parse_flag;
409
410 case oVerifyHostKeyDNS:
411 intptr = &options->verify_host_key_dns;
412 goto parse_yesnoask;
413
414 case oStrictHostKeyChecking:
415 intptr = &options->strict_host_key_checking;
416parse_yesnoask:
417 arg = strdelim(&s);
418 if (!arg || *arg == '\0')
419 fatal("%.200s line %d: Missing yes/no/ask argument.",
420 filename, linenum);
421 value = 0; /* To avoid compiler warning... */
422 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
423 value = 1;
424 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
425 value = 0;
426 else if (strcmp(arg, "ask") == 0)
427 value = 2;
428 else
429 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
430 if (*activep && *intptr == -1)
431 *intptr = value;
432 break;
433
434 case oCompression:
435 intptr = &options->compression;
436 goto parse_flag;
437
438 case oTCPKeepAlive:
439 intptr = &options->tcp_keep_alive;
440 goto parse_flag;
441
442 case oNoHostAuthenticationForLocalhost:
443 intptr = &options->no_host_authentication_for_localhost;
444 goto parse_flag;
445
446 case oNumberOfPasswordPrompts:
447 intptr = &options->number_of_password_prompts;
448 goto parse_int;
449
450 case oCompressionLevel:
451 intptr = &options->compression_level;
452 goto parse_int;
453
454 case oRekeyLimit:
455 intptr = &options->rekey_limit;
456 arg = strdelim(&s);
457 if (!arg || *arg == '\0')
458 fatal("%.200s line %d: Missing argument.", filename, linenum);
459 if (arg[0] < '0' || arg[0] > '9')
460 fatal("%.200s line %d: Bad number.", filename, linenum);
461 value = strtol(arg, &endofnumber, 10);
462 if (arg == endofnumber)
463 fatal("%.200s line %d: Bad number.", filename, linenum);
464 switch (toupper(*endofnumber)) {
465 case 'K':
466 value *= 1<<10;
467 break;
468 case 'M':
469 value *= 1<<20;
470 break;
471 case 'G':
472 value *= 1<<30;
473 break;
474 }
475 if (*activep && *intptr == -1)
476 *intptr = value;
477 break;
478
479 case oIdentityFile:
480 arg = strdelim(&s);
481 if (!arg || *arg == '\0')
482 fatal("%.200s line %d: Missing argument.", filename, linenum);
483 if (*activep) {
484 intptr = &options->num_identity_files;
485 if (*intptr >= SSH_MAX_IDENTITY_FILES)
486 fatal("%.200s line %d: Too many identity files specified (max %d).",
487 filename, linenum, SSH_MAX_IDENTITY_FILES);
488 charptr = &options->identity_files[*intptr];
489 *charptr = xstrdup(arg);
490 *intptr = *intptr + 1;
491 }
492 break;
493
494 case oXAuthLocation:
495 charptr=&options->xauth_location;
496 goto parse_string;
497
498 case oUser:
499 charptr = &options->user;
500parse_string:
501 arg = strdelim(&s);
502 if (!arg || *arg == '\0')
503 fatal("%.200s line %d: Missing argument.", filename, linenum);
504 if (*activep && *charptr == NULL)
505 *charptr = xstrdup(arg);
506 break;
507
508 case oGlobalKnownHostsFile:
509 charptr = &options->system_hostfile;
510 goto parse_string;
511
512 case oUserKnownHostsFile:
513 charptr = &options->user_hostfile;
514 goto parse_string;
515
516 case oGlobalKnownHostsFile2:
517 charptr = &options->system_hostfile2;
518 goto parse_string;
519
520 case oUserKnownHostsFile2:
521 charptr = &options->user_hostfile2;
522 goto parse_string;
523
524 case oHostName:
525 charptr = &options->hostname;
526 goto parse_string;
527
528 case oHostKeyAlias:
529 charptr = &options->host_key_alias;
530 goto parse_string;
531
532 case oPreferredAuthentications:
533 charptr = &options->preferred_authentications;
534 goto parse_string;
535
536 case oBindAddress:
537 charptr = &options->bind_address;
538 goto parse_string;
539
540 case oSmartcardDevice:
541 charptr = &options->smartcard_device;
542 goto parse_string;
543
544 case oProxyCommand:
545 if (s == NULL)
546 fatal("%.200s line %d: Missing argument.", filename, linenum);
547 charptr = &options->proxy_command;
548 len = strspn(s, WHITESPACE "=");
549 if (*activep && *charptr == NULL)
550 *charptr = xstrdup(s + len);
551 return 0;
552
553 case oPort:
554 intptr = &options->port;
555parse_int:
556 arg = strdelim(&s);
557 if (!arg || *arg == '\0')
558 fatal("%.200s line %d: Missing argument.", filename, linenum);
559 if (arg[0] < '0' || arg[0] > '9')
560 fatal("%.200s line %d: Bad number.", filename, linenum);
561
562 /* Octal, decimal, or hex format? */
563 value = strtol(arg, &endofnumber, 0);
564 if (arg == endofnumber)
565 fatal("%.200s line %d: Bad number.", filename, linenum);
566 if (*activep && *intptr == -1)
567 *intptr = value;
568 break;
569
570 case oConnectionAttempts:
571 intptr = &options->connection_attempts;
572 goto parse_int;
573
574 case oCipher:
575 intptr = &options->cipher;
576 arg = strdelim(&s);
577 if (!arg || *arg == '\0')
578 fatal("%.200s line %d: Missing argument.", filename, linenum);
579 value = cipher_number(arg);
580 if (value == -1)
581 fatal("%.200s line %d: Bad cipher '%s'.",
582 filename, linenum, arg ? arg : "<NONE>");
583 if (*activep && *intptr == -1)
584 *intptr = value;
585 break;
586
587 case oCiphers:
588 arg = strdelim(&s);
589 if (!arg || *arg == '\0')
590 fatal("%.200s line %d: Missing argument.", filename, linenum);
591 if (!ciphers_valid(arg))
592 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
593 filename, linenum, arg ? arg : "<NONE>");
594 if (*activep && options->ciphers == NULL)
595 options->ciphers = xstrdup(arg);
596 break;
597
598 case oMacs:
599 arg = strdelim(&s);
600 if (!arg || *arg == '\0')
601 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 if (!mac_valid(arg))
603 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
604 filename, linenum, arg ? arg : "<NONE>");
605 if (*activep && options->macs == NULL)
606 options->macs = xstrdup(arg);
607 break;
608
609 case oHostKeyAlgorithms:
610 arg = strdelim(&s);
611 if (!arg || *arg == '\0')
612 fatal("%.200s line %d: Missing argument.", filename, linenum);
613 if (!key_names_valid2(arg))
614 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
615 filename, linenum, arg ? arg : "<NONE>");
616 if (*activep && options->hostkeyalgorithms == NULL)
617 options->hostkeyalgorithms = xstrdup(arg);
618 break;
619
620 case oProtocol:
621 intptr = &options->protocol;
622 arg = strdelim(&s);
623 if (!arg || *arg == '\0')
624 fatal("%.200s line %d: Missing argument.", filename, linenum);
625 value = proto_spec(arg);
626 if (value == SSH_PROTO_UNKNOWN)
627 fatal("%.200s line %d: Bad protocol spec '%s'.",
628 filename, linenum, arg ? arg : "<NONE>");
629 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
630 *intptr = value;
631 break;
632
633 case oLogLevel:
634 intptr = (int *) &options->log_level;
635 arg = strdelim(&s);
636 value = log_level_number(arg);
637 if (value == SYSLOG_LEVEL_NOT_SET)
638 fatal("%.200s line %d: unsupported log level '%s'",
639 filename, linenum, arg ? arg : "<NONE>");
640 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
641 *intptr = (LogLevel) value;
642 break;
643
644 case oLocalForward:
645 case oRemoteForward:
646 arg = strdelim(&s);
647 if (!arg || *arg == '\0')
648 fatal("%.200s line %d: Missing port argument.",
649 filename, linenum);
650 if ((fwd_port = a2port(arg)) == 0)
651 fatal("%.200s line %d: Bad listen port.",
652 filename, linenum);
653 arg = strdelim(&s);
654 if (!arg || *arg == '\0')
655 fatal("%.200s line %d: Missing second argument.",
656 filename, linenum);
657 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
658 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
659 fatal("%.200s line %d: Bad forwarding specification.",
660 filename, linenum);
661 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
662 fatal("%.200s line %d: Bad forwarding port.",
663 filename, linenum);
664 if (*activep) {
665 if (opcode == oLocalForward)
666 add_local_forward(options, fwd_port, buf,
667 fwd_host_port);
668 else if (opcode == oRemoteForward)
669 add_remote_forward(options, fwd_port, buf,
670 fwd_host_port);
671 }
672 break;
673
674 case oDynamicForward:
675 arg = strdelim(&s);
676 if (!arg || *arg == '\0')
677 fatal("%.200s line %d: Missing port argument.",
678 filename, linenum);
679 fwd_port = a2port(arg);
680 if (fwd_port == 0)
681 fatal("%.200s line %d: Badly formatted port number.",
682 filename, linenum);
683 if (*activep)
684 add_local_forward(options, fwd_port, "socks", 0);
685 break;
686
687 case oClearAllForwardings:
688 intptr = &options->clear_forwardings;
689 goto parse_flag;
690
691 case oHost:
692 *activep = 0;
693 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
694 if (match_pattern(host, arg)) {
695 debug("Applying options for %.100s", arg);
696 *activep = 1;
697 break;
698 }
699 /* Avoid garbage check below, as strdelim is done. */
700 return 0;
701
702 case oEscapeChar:
703 intptr = &options->escape_char;
704 arg = strdelim(&s);
705 if (!arg || *arg == '\0')
706 fatal("%.200s line %d: Missing argument.", filename, linenum);
707 if (arg[0] == '^' && arg[2] == 0 &&
708 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
709 value = (u_char) arg[1] & 31;
710 else if (strlen(arg) == 1)
711 value = (u_char) arg[0];
712 else if (strcmp(arg, "none") == 0)
713 value = SSH_ESCAPECHAR_NONE;
714 else {
715 fatal("%.200s line %d: Bad escape character.",
716 filename, linenum);
717 /* NOTREACHED */
718 value = 0; /* Avoid compiler warning. */
719 }
720 if (*activep && *intptr == -1)
721 *intptr = value;
722 break;
723
724 case oAddressFamily:
725 arg = strdelim(&s);
726 intptr = &options->address_family;
727 if (strcasecmp(arg, "inet") == 0)
728 value = AF_INET;
729 else if (strcasecmp(arg, "inet6") == 0)
730 value = AF_INET6;
731 else if (strcasecmp(arg, "any") == 0)
732 value = AF_UNSPEC;
733 else
734 fatal("Unsupported AddressFamily \"%s\"", arg);
735 if (*activep && *intptr == -1)
736 *intptr = value;
737 break;
738
739 case oEnableSSHKeysign:
740 intptr = &options->enable_ssh_keysign;
741 goto parse_flag;
742
743 case oIdentitiesOnly:
744 intptr = &options->identities_only;
745 goto parse_flag;
746
747 case oServerAliveInterval:
748 intptr = &options->server_alive_interval;
749 goto parse_time;
750
751 case oServerAliveCountMax:
752 intptr = &options->server_alive_count_max;
753 goto parse_int;
754
| 202 { "versionaddendum", oVersionAddendum },
203 { NULL, oBadOption }
204};
205
206/*
207 * Adds a local TCP/IP port forward to options. Never returns if there is an
208 * error.
209 */
210
211void
212add_local_forward(Options *options, u_short port, const char *host,
213 u_short host_port)
214{
215 Forward *fwd;
216#ifndef NO_IPPORT_RESERVED_CONCEPT
217 extern uid_t original_real_uid;
218 if (port < IPPORT_RESERVED && original_real_uid != 0)
219 fatal("Privileged ports can only be forwarded by root.");
220#endif
221 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
222 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
223 fwd = &options->local_forwards[options->num_local_forwards++];
224 fwd->port = port;
225 fwd->host = xstrdup(host);
226 fwd->host_port = host_port;
227}
228
229/*
230 * Adds a remote TCP/IP port forward to options. Never returns if there is
231 * an error.
232 */
233
234void
235add_remote_forward(Options *options, u_short port, const char *host,
236 u_short host_port)
237{
238 Forward *fwd;
239 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
240 fatal("Too many remote forwards (max %d).",
241 SSH_MAX_FORWARDS_PER_DIRECTION);
242 fwd = &options->remote_forwards[options->num_remote_forwards++];
243 fwd->port = port;
244 fwd->host = xstrdup(host);
245 fwd->host_port = host_port;
246}
247
248static void
249clear_forwardings(Options *options)
250{
251 int i;
252
253 for (i = 0; i < options->num_local_forwards; i++)
254 xfree(options->local_forwards[i].host);
255 options->num_local_forwards = 0;
256 for (i = 0; i < options->num_remote_forwards; i++)
257 xfree(options->remote_forwards[i].host);
258 options->num_remote_forwards = 0;
259}
260
261/*
262 * Returns the number of the token pointed to by cp or oBadOption.
263 */
264
265static OpCodes
266parse_token(const char *cp, const char *filename, int linenum)
267{
268 u_int i;
269
270 for (i = 0; keywords[i].name; i++)
271 if (strcasecmp(cp, keywords[i].name) == 0)
272 return keywords[i].opcode;
273
274 error("%s: line %d: Bad configuration option: %s",
275 filename, linenum, cp);
276 return oBadOption;
277}
278
279/*
280 * Processes a single option line as used in the configuration files. This
281 * only sets those values that have not already been set.
282 */
283#define WHITESPACE " \t\r\n"
284
285int
286process_config_line(Options *options, const char *host,
287 char *line, const char *filename, int linenum,
288 int *activep)
289{
290 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
291 int opcode, *intptr, value;
292 size_t len;
293 u_short fwd_port, fwd_host_port;
294 char sfwd_host_port[6];
295
296 /* Strip trailing whitespace */
297 for(len = strlen(line) - 1; len > 0; len--) {
298 if (strchr(WHITESPACE, line[len]) == NULL)
299 break;
300 line[len] = '\0';
301 }
302
303 s = line;
304 /* Get the keyword. (Each line is supposed to begin with a keyword). */
305 keyword = strdelim(&s);
306 /* Ignore leading whitespace. */
307 if (*keyword == '\0')
308 keyword = strdelim(&s);
309 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
310 return 0;
311
312 opcode = parse_token(keyword, filename, linenum);
313
314 switch (opcode) {
315 case oBadOption:
316 /* don't panic, but count bad options */
317 return -1;
318 /* NOTREACHED */
319 case oConnectTimeout:
320 intptr = &options->connection_timeout;
321parse_time:
322 arg = strdelim(&s);
323 if (!arg || *arg == '\0')
324 fatal("%s line %d: missing time value.",
325 filename, linenum);
326 if ((value = convtime(arg)) == -1)
327 fatal("%s line %d: invalid time value.",
328 filename, linenum);
329 if (*intptr == -1)
330 *intptr = value;
331 break;
332
333 case oForwardAgent:
334 intptr = &options->forward_agent;
335parse_flag:
336 arg = strdelim(&s);
337 if (!arg || *arg == '\0')
338 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
339 value = 0; /* To avoid compiler warning... */
340 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
341 value = 1;
342 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
343 value = 0;
344 else
345 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
346 if (*activep && *intptr == -1)
347 *intptr = value;
348 break;
349
350 case oForwardX11:
351 intptr = &options->forward_x11;
352 goto parse_flag;
353
354 case oForwardX11Trusted:
355 intptr = &options->forward_x11_trusted;
356 goto parse_flag;
357
358 case oGatewayPorts:
359 intptr = &options->gateway_ports;
360 goto parse_flag;
361
362 case oUsePrivilegedPort:
363 intptr = &options->use_privileged_port;
364 goto parse_flag;
365
366 case oPasswordAuthentication:
367 intptr = &options->password_authentication;
368 goto parse_flag;
369
370 case oKbdInteractiveAuthentication:
371 intptr = &options->kbd_interactive_authentication;
372 goto parse_flag;
373
374 case oKbdInteractiveDevices:
375 charptr = &options->kbd_interactive_devices;
376 goto parse_string;
377
378 case oPubkeyAuthentication:
379 intptr = &options->pubkey_authentication;
380 goto parse_flag;
381
382 case oRSAAuthentication:
383 intptr = &options->rsa_authentication;
384 goto parse_flag;
385
386 case oRhostsRSAAuthentication:
387 intptr = &options->rhosts_rsa_authentication;
388 goto parse_flag;
389
390 case oHostbasedAuthentication:
391 intptr = &options->hostbased_authentication;
392 goto parse_flag;
393
394 case oChallengeResponseAuthentication:
395 intptr = &options->challenge_response_authentication;
396 goto parse_flag;
397
398 case oGssAuthentication:
399 intptr = &options->gss_authentication;
400 goto parse_flag;
401
402 case oGssDelegateCreds:
403 intptr = &options->gss_deleg_creds;
404 goto parse_flag;
405
406 case oBatchMode:
407 intptr = &options->batch_mode;
408 goto parse_flag;
409
410 case oCheckHostIP:
411 intptr = &options->check_host_ip;
412 goto parse_flag;
413
414 case oVerifyHostKeyDNS:
415 intptr = &options->verify_host_key_dns;
416 goto parse_yesnoask;
417
418 case oStrictHostKeyChecking:
419 intptr = &options->strict_host_key_checking;
420parse_yesnoask:
421 arg = strdelim(&s);
422 if (!arg || *arg == '\0')
423 fatal("%.200s line %d: Missing yes/no/ask argument.",
424 filename, linenum);
425 value = 0; /* To avoid compiler warning... */
426 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
427 value = 1;
428 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
429 value = 0;
430 else if (strcmp(arg, "ask") == 0)
431 value = 2;
432 else
433 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
434 if (*activep && *intptr == -1)
435 *intptr = value;
436 break;
437
438 case oCompression:
439 intptr = &options->compression;
440 goto parse_flag;
441
442 case oTCPKeepAlive:
443 intptr = &options->tcp_keep_alive;
444 goto parse_flag;
445
446 case oNoHostAuthenticationForLocalhost:
447 intptr = &options->no_host_authentication_for_localhost;
448 goto parse_flag;
449
450 case oNumberOfPasswordPrompts:
451 intptr = &options->number_of_password_prompts;
452 goto parse_int;
453
454 case oCompressionLevel:
455 intptr = &options->compression_level;
456 goto parse_int;
457
458 case oRekeyLimit:
459 intptr = &options->rekey_limit;
460 arg = strdelim(&s);
461 if (!arg || *arg == '\0')
462 fatal("%.200s line %d: Missing argument.", filename, linenum);
463 if (arg[0] < '0' || arg[0] > '9')
464 fatal("%.200s line %d: Bad number.", filename, linenum);
465 value = strtol(arg, &endofnumber, 10);
466 if (arg == endofnumber)
467 fatal("%.200s line %d: Bad number.", filename, linenum);
468 switch (toupper(*endofnumber)) {
469 case 'K':
470 value *= 1<<10;
471 break;
472 case 'M':
473 value *= 1<<20;
474 break;
475 case 'G':
476 value *= 1<<30;
477 break;
478 }
479 if (*activep && *intptr == -1)
480 *intptr = value;
481 break;
482
483 case oIdentityFile:
484 arg = strdelim(&s);
485 if (!arg || *arg == '\0')
486 fatal("%.200s line %d: Missing argument.", filename, linenum);
487 if (*activep) {
488 intptr = &options->num_identity_files;
489 if (*intptr >= SSH_MAX_IDENTITY_FILES)
490 fatal("%.200s line %d: Too many identity files specified (max %d).",
491 filename, linenum, SSH_MAX_IDENTITY_FILES);
492 charptr = &options->identity_files[*intptr];
493 *charptr = xstrdup(arg);
494 *intptr = *intptr + 1;
495 }
496 break;
497
498 case oXAuthLocation:
499 charptr=&options->xauth_location;
500 goto parse_string;
501
502 case oUser:
503 charptr = &options->user;
504parse_string:
505 arg = strdelim(&s);
506 if (!arg || *arg == '\0')
507 fatal("%.200s line %d: Missing argument.", filename, linenum);
508 if (*activep && *charptr == NULL)
509 *charptr = xstrdup(arg);
510 break;
511
512 case oGlobalKnownHostsFile:
513 charptr = &options->system_hostfile;
514 goto parse_string;
515
516 case oUserKnownHostsFile:
517 charptr = &options->user_hostfile;
518 goto parse_string;
519
520 case oGlobalKnownHostsFile2:
521 charptr = &options->system_hostfile2;
522 goto parse_string;
523
524 case oUserKnownHostsFile2:
525 charptr = &options->user_hostfile2;
526 goto parse_string;
527
528 case oHostName:
529 charptr = &options->hostname;
530 goto parse_string;
531
532 case oHostKeyAlias:
533 charptr = &options->host_key_alias;
534 goto parse_string;
535
536 case oPreferredAuthentications:
537 charptr = &options->preferred_authentications;
538 goto parse_string;
539
540 case oBindAddress:
541 charptr = &options->bind_address;
542 goto parse_string;
543
544 case oSmartcardDevice:
545 charptr = &options->smartcard_device;
546 goto parse_string;
547
548 case oProxyCommand:
549 if (s == NULL)
550 fatal("%.200s line %d: Missing argument.", filename, linenum);
551 charptr = &options->proxy_command;
552 len = strspn(s, WHITESPACE "=");
553 if (*activep && *charptr == NULL)
554 *charptr = xstrdup(s + len);
555 return 0;
556
557 case oPort:
558 intptr = &options->port;
559parse_int:
560 arg = strdelim(&s);
561 if (!arg || *arg == '\0')
562 fatal("%.200s line %d: Missing argument.", filename, linenum);
563 if (arg[0] < '0' || arg[0] > '9')
564 fatal("%.200s line %d: Bad number.", filename, linenum);
565
566 /* Octal, decimal, or hex format? */
567 value = strtol(arg, &endofnumber, 0);
568 if (arg == endofnumber)
569 fatal("%.200s line %d: Bad number.", filename, linenum);
570 if (*activep && *intptr == -1)
571 *intptr = value;
572 break;
573
574 case oConnectionAttempts:
575 intptr = &options->connection_attempts;
576 goto parse_int;
577
578 case oCipher:
579 intptr = &options->cipher;
580 arg = strdelim(&s);
581 if (!arg || *arg == '\0')
582 fatal("%.200s line %d: Missing argument.", filename, linenum);
583 value = cipher_number(arg);
584 if (value == -1)
585 fatal("%.200s line %d: Bad cipher '%s'.",
586 filename, linenum, arg ? arg : "<NONE>");
587 if (*activep && *intptr == -1)
588 *intptr = value;
589 break;
590
591 case oCiphers:
592 arg = strdelim(&s);
593 if (!arg || *arg == '\0')
594 fatal("%.200s line %d: Missing argument.", filename, linenum);
595 if (!ciphers_valid(arg))
596 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
597 filename, linenum, arg ? arg : "<NONE>");
598 if (*activep && options->ciphers == NULL)
599 options->ciphers = xstrdup(arg);
600 break;
601
602 case oMacs:
603 arg = strdelim(&s);
604 if (!arg || *arg == '\0')
605 fatal("%.200s line %d: Missing argument.", filename, linenum);
606 if (!mac_valid(arg))
607 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
608 filename, linenum, arg ? arg : "<NONE>");
609 if (*activep && options->macs == NULL)
610 options->macs = xstrdup(arg);
611 break;
612
613 case oHostKeyAlgorithms:
614 arg = strdelim(&s);
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
617 if (!key_names_valid2(arg))
618 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
619 filename, linenum, arg ? arg : "<NONE>");
620 if (*activep && options->hostkeyalgorithms == NULL)
621 options->hostkeyalgorithms = xstrdup(arg);
622 break;
623
624 case oProtocol:
625 intptr = &options->protocol;
626 arg = strdelim(&s);
627 if (!arg || *arg == '\0')
628 fatal("%.200s line %d: Missing argument.", filename, linenum);
629 value = proto_spec(arg);
630 if (value == SSH_PROTO_UNKNOWN)
631 fatal("%.200s line %d: Bad protocol spec '%s'.",
632 filename, linenum, arg ? arg : "<NONE>");
633 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
634 *intptr = value;
635 break;
636
637 case oLogLevel:
638 intptr = (int *) &options->log_level;
639 arg = strdelim(&s);
640 value = log_level_number(arg);
641 if (value == SYSLOG_LEVEL_NOT_SET)
642 fatal("%.200s line %d: unsupported log level '%s'",
643 filename, linenum, arg ? arg : "<NONE>");
644 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
645 *intptr = (LogLevel) value;
646 break;
647
648 case oLocalForward:
649 case oRemoteForward:
650 arg = strdelim(&s);
651 if (!arg || *arg == '\0')
652 fatal("%.200s line %d: Missing port argument.",
653 filename, linenum);
654 if ((fwd_port = a2port(arg)) == 0)
655 fatal("%.200s line %d: Bad listen port.",
656 filename, linenum);
657 arg = strdelim(&s);
658 if (!arg || *arg == '\0')
659 fatal("%.200s line %d: Missing second argument.",
660 filename, linenum);
661 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
662 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
663 fatal("%.200s line %d: Bad forwarding specification.",
664 filename, linenum);
665 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
666 fatal("%.200s line %d: Bad forwarding port.",
667 filename, linenum);
668 if (*activep) {
669 if (opcode == oLocalForward)
670 add_local_forward(options, fwd_port, buf,
671 fwd_host_port);
672 else if (opcode == oRemoteForward)
673 add_remote_forward(options, fwd_port, buf,
674 fwd_host_port);
675 }
676 break;
677
678 case oDynamicForward:
679 arg = strdelim(&s);
680 if (!arg || *arg == '\0')
681 fatal("%.200s line %d: Missing port argument.",
682 filename, linenum);
683 fwd_port = a2port(arg);
684 if (fwd_port == 0)
685 fatal("%.200s line %d: Badly formatted port number.",
686 filename, linenum);
687 if (*activep)
688 add_local_forward(options, fwd_port, "socks", 0);
689 break;
690
691 case oClearAllForwardings:
692 intptr = &options->clear_forwardings;
693 goto parse_flag;
694
695 case oHost:
696 *activep = 0;
697 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
698 if (match_pattern(host, arg)) {
699 debug("Applying options for %.100s", arg);
700 *activep = 1;
701 break;
702 }
703 /* Avoid garbage check below, as strdelim is done. */
704 return 0;
705
706 case oEscapeChar:
707 intptr = &options->escape_char;
708 arg = strdelim(&s);
709 if (!arg || *arg == '\0')
710 fatal("%.200s line %d: Missing argument.", filename, linenum);
711 if (arg[0] == '^' && arg[2] == 0 &&
712 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
713 value = (u_char) arg[1] & 31;
714 else if (strlen(arg) == 1)
715 value = (u_char) arg[0];
716 else if (strcmp(arg, "none") == 0)
717 value = SSH_ESCAPECHAR_NONE;
718 else {
719 fatal("%.200s line %d: Bad escape character.",
720 filename, linenum);
721 /* NOTREACHED */
722 value = 0; /* Avoid compiler warning. */
723 }
724 if (*activep && *intptr == -1)
725 *intptr = value;
726 break;
727
728 case oAddressFamily:
729 arg = strdelim(&s);
730 intptr = &options->address_family;
731 if (strcasecmp(arg, "inet") == 0)
732 value = AF_INET;
733 else if (strcasecmp(arg, "inet6") == 0)
734 value = AF_INET6;
735 else if (strcasecmp(arg, "any") == 0)
736 value = AF_UNSPEC;
737 else
738 fatal("Unsupported AddressFamily \"%s\"", arg);
739 if (*activep && *intptr == -1)
740 *intptr = value;
741 break;
742
743 case oEnableSSHKeysign:
744 intptr = &options->enable_ssh_keysign;
745 goto parse_flag;
746
747 case oIdentitiesOnly:
748 intptr = &options->identities_only;
749 goto parse_flag;
750
751 case oServerAliveInterval:
752 intptr = &options->server_alive_interval;
753 goto parse_time;
754
755 case oServerAliveCountMax:
756 intptr = &options->server_alive_count_max;
757 goto parse_int;
758
|
| 759 case oSendEnv:
760 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
761 if (strchr(arg, '=') != NULL)
762 fatal("%s line %d: Invalid environment name.",
763 filename, linenum);
764 if (options->num_send_env >= MAX_SEND_ENV)
765 fatal("%s line %d: too many send env.",
766 filename, linenum);
767 options->send_env[options->num_send_env++] =
768 xstrdup(arg);
769 }
770 break;
771
772 case oControlPath:
773 charptr = &options->control_path;
774 goto parse_string;
775
776 case oControlMaster:
777 intptr = &options->control_master;
778 goto parse_yesnoask;
779
|
755 case oVersionAddendum:
756 ssh_version_set_addendum(strtok(s, "\n"));
757 do {
758 arg = strdelim(&s);
759 } while (arg != NULL && *arg != '\0');
760 break;
761
762 case oDeprecated:
763 debug("%s line %d: Deprecated option \"%s\"",
764 filename, linenum, keyword);
765 return 0;
766
767 case oUnsupported:
768 error("%s line %d: Unsupported option \"%s\"",
769 filename, linenum, keyword);
770 return 0;
771
772 default:
773 fatal("process_config_line: Unimplemented opcode %d", opcode);
774 }
775
776 /* Check that there is no garbage at end of line. */
777 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
778 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
779 filename, linenum, arg);
780 }
781 return 0;
782}
783
784
785/*
786 * Reads the config file and modifies the options accordingly. Options
787 * should already be initialized before this call. This never returns if
788 * there is an error. If the file does not exist, this returns 0.
789 */
790
791int
| 780 case oVersionAddendum:
781 ssh_version_set_addendum(strtok(s, "\n"));
782 do {
783 arg = strdelim(&s);
784 } while (arg != NULL && *arg != '\0');
785 break;
786
787 case oDeprecated:
788 debug("%s line %d: Deprecated option \"%s\"",
789 filename, linenum, keyword);
790 return 0;
791
792 case oUnsupported:
793 error("%s line %d: Unsupported option \"%s\"",
794 filename, linenum, keyword);
795 return 0;
796
797 default:
798 fatal("process_config_line: Unimplemented opcode %d", opcode);
799 }
800
801 /* Check that there is no garbage at end of line. */
802 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
803 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
804 filename, linenum, arg);
805 }
806 return 0;
807}
808
809
810/*
811 * Reads the config file and modifies the options accordingly. Options
812 * should already be initialized before this call. This never returns if
813 * there is an error. If the file does not exist, this returns 0.
814 */
815
816int
|
792read_config_file(const char *filename, const char *host, Options *options)
| 817read_config_file(const char *filename, const char *host, Options *options,
818 int checkperm)
|
793{
794 FILE *f;
795 char line[1024];
796 int active, linenum;
797 int bad_options = 0;
798
799 /* Open the file. */
| 819{
820 FILE *f;
821 char line[1024];
822 int active, linenum;
823 int bad_options = 0;
824
825 /* Open the file. */
|
800 f = fopen(filename, "r");
801 if (!f)
| 826 if ((f = fopen(filename, "r")) == NULL)
|
802 return 0;
803
| 827 return 0;
828
|
| 829 if (checkperm) {
830 struct stat sb;
831
832 if (fstat(fileno(f), &sb) == -1)
833 fatal("fstat %s: %s", filename, strerror(errno));
834 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
835 (sb.st_mode & 022) != 0))
836 fatal("Bad owner or permissions on %s", filename);
837 }
838
|
804 debug("Reading configuration data %.200s", filename);
805
806 /*
807 * Mark that we are now processing the options. This flag is turned
808 * on/off by Host specifications.
809 */
810 active = 1;
811 linenum = 0;
812 while (fgets(line, sizeof(line), f)) {
813 /* Update line number counter. */
814 linenum++;
815 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
816 bad_options++;
817 }
818 fclose(f);
819 if (bad_options > 0)
820 fatal("%s: terminating, %d bad configuration options",
821 filename, bad_options);
822 return 1;
823}
824
825/*
826 * Initializes options to special values that indicate that they have not yet
827 * been set. Read_config_file will only set options with this value. Options
828 * are processed in the following order: command line, user config file,
829 * system config file. Last, fill_default_options is called.
830 */
831
832void
833initialize_options(Options * options)
834{
835 memset(options, 'X', sizeof(*options));
836 options->forward_agent = -1;
837 options->forward_x11 = -1;
838 options->forward_x11_trusted = -1;
839 options->xauth_location = NULL;
840 options->gateway_ports = -1;
841 options->use_privileged_port = -1;
842 options->rsa_authentication = -1;
843 options->pubkey_authentication = -1;
844 options->challenge_response_authentication = -1;
845 options->gss_authentication = -1;
846 options->gss_deleg_creds = -1;
847 options->password_authentication = -1;
848 options->kbd_interactive_authentication = -1;
849 options->kbd_interactive_devices = NULL;
850 options->rhosts_rsa_authentication = -1;
851 options->hostbased_authentication = -1;
852 options->batch_mode = -1;
853 options->check_host_ip = -1;
854 options->strict_host_key_checking = -1;
855 options->compression = -1;
856 options->tcp_keep_alive = -1;
857 options->compression_level = -1;
858 options->port = -1;
859 options->address_family = -1;
860 options->connection_attempts = -1;
861 options->connection_timeout = -1;
862 options->number_of_password_prompts = -1;
863 options->cipher = -1;
864 options->ciphers = NULL;
865 options->macs = NULL;
866 options->hostkeyalgorithms = NULL;
867 options->protocol = SSH_PROTO_UNKNOWN;
868 options->num_identity_files = 0;
869 options->hostname = NULL;
870 options->host_key_alias = NULL;
871 options->proxy_command = NULL;
872 options->user = NULL;
873 options->escape_char = -1;
874 options->system_hostfile = NULL;
875 options->user_hostfile = NULL;
876 options->system_hostfile2 = NULL;
877 options->user_hostfile2 = NULL;
878 options->num_local_forwards = 0;
879 options->num_remote_forwards = 0;
880 options->clear_forwardings = -1;
881 options->log_level = SYSLOG_LEVEL_NOT_SET;
882 options->preferred_authentications = NULL;
883 options->bind_address = NULL;
884 options->smartcard_device = NULL;
885 options->enable_ssh_keysign = - 1;
886 options->no_host_authentication_for_localhost = - 1;
887 options->identities_only = - 1;
888 options->rekey_limit = - 1;
889 options->verify_host_key_dns = -1;
890 options->server_alive_interval = -1;
891 options->server_alive_count_max = -1;
| 839 debug("Reading configuration data %.200s", filename);
840
841 /*
842 * Mark that we are now processing the options. This flag is turned
843 * on/off by Host specifications.
844 */
845 active = 1;
846 linenum = 0;
847 while (fgets(line, sizeof(line), f)) {
848 /* Update line number counter. */
849 linenum++;
850 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
851 bad_options++;
852 }
853 fclose(f);
854 if (bad_options > 0)
855 fatal("%s: terminating, %d bad configuration options",
856 filename, bad_options);
857 return 1;
858}
859
860/*
861 * Initializes options to special values that indicate that they have not yet
862 * been set. Read_config_file will only set options with this value. Options
863 * are processed in the following order: command line, user config file,
864 * system config file. Last, fill_default_options is called.
865 */
866
867void
868initialize_options(Options * options)
869{
870 memset(options, 'X', sizeof(*options));
871 options->forward_agent = -1;
872 options->forward_x11 = -1;
873 options->forward_x11_trusted = -1;
874 options->xauth_location = NULL;
875 options->gateway_ports = -1;
876 options->use_privileged_port = -1;
877 options->rsa_authentication = -1;
878 options->pubkey_authentication = -1;
879 options->challenge_response_authentication = -1;
880 options->gss_authentication = -1;
881 options->gss_deleg_creds = -1;
882 options->password_authentication = -1;
883 options->kbd_interactive_authentication = -1;
884 options->kbd_interactive_devices = NULL;
885 options->rhosts_rsa_authentication = -1;
886 options->hostbased_authentication = -1;
887 options->batch_mode = -1;
888 options->check_host_ip = -1;
889 options->strict_host_key_checking = -1;
890 options->compression = -1;
891 options->tcp_keep_alive = -1;
892 options->compression_level = -1;
893 options->port = -1;
894 options->address_family = -1;
895 options->connection_attempts = -1;
896 options->connection_timeout = -1;
897 options->number_of_password_prompts = -1;
898 options->cipher = -1;
899 options->ciphers = NULL;
900 options->macs = NULL;
901 options->hostkeyalgorithms = NULL;
902 options->protocol = SSH_PROTO_UNKNOWN;
903 options->num_identity_files = 0;
904 options->hostname = NULL;
905 options->host_key_alias = NULL;
906 options->proxy_command = NULL;
907 options->user = NULL;
908 options->escape_char = -1;
909 options->system_hostfile = NULL;
910 options->user_hostfile = NULL;
911 options->system_hostfile2 = NULL;
912 options->user_hostfile2 = NULL;
913 options->num_local_forwards = 0;
914 options->num_remote_forwards = 0;
915 options->clear_forwardings = -1;
916 options->log_level = SYSLOG_LEVEL_NOT_SET;
917 options->preferred_authentications = NULL;
918 options->bind_address = NULL;
919 options->smartcard_device = NULL;
920 options->enable_ssh_keysign = - 1;
921 options->no_host_authentication_for_localhost = - 1;
922 options->identities_only = - 1;
923 options->rekey_limit = - 1;
924 options->verify_host_key_dns = -1;
925 options->server_alive_interval = -1;
926 options->server_alive_count_max = -1;
|
| 927 options->num_send_env = 0;
928 options->control_path = NULL;
929 options->control_master = -1;
|
892}
893
894/*
895 * Called after processing other sources of option data, this fills those
896 * options for which no value has been specified with their default values.
897 */
898
899void
900fill_default_options(Options * options)
901{
902 int len;
903
904 if (options->forward_agent == -1)
905 options->forward_agent = 0;
906 if (options->forward_x11 == -1)
907 options->forward_x11 = 0;
908 if (options->forward_x11_trusted == -1)
909 options->forward_x11_trusted = 0;
910 if (options->xauth_location == NULL)
911 options->xauth_location = _PATH_XAUTH;
912 if (options->gateway_ports == -1)
913 options->gateway_ports = 0;
914 if (options->use_privileged_port == -1)
915 options->use_privileged_port = 0;
916 if (options->rsa_authentication == -1)
917 options->rsa_authentication = 1;
918 if (options->pubkey_authentication == -1)
919 options->pubkey_authentication = 1;
920 if (options->challenge_response_authentication == -1)
921 options->challenge_response_authentication = 1;
922 if (options->gss_authentication == -1)
923 options->gss_authentication = 0;
924 if (options->gss_deleg_creds == -1)
925 options->gss_deleg_creds = 0;
926 if (options->password_authentication == -1)
927 options->password_authentication = 1;
928 if (options->kbd_interactive_authentication == -1)
929 options->kbd_interactive_authentication = 1;
930 if (options->rhosts_rsa_authentication == -1)
931 options->rhosts_rsa_authentication = 0;
932 if (options->hostbased_authentication == -1)
933 options->hostbased_authentication = 0;
934 if (options->batch_mode == -1)
935 options->batch_mode = 0;
936 if (options->check_host_ip == -1)
937 options->check_host_ip = 0;
938 if (options->strict_host_key_checking == -1)
939 options->strict_host_key_checking = 2; /* 2 is default */
940 if (options->compression == -1)
941 options->compression = 0;
942 if (options->tcp_keep_alive == -1)
943 options->tcp_keep_alive = 1;
944 if (options->compression_level == -1)
945 options->compression_level = 6;
946 if (options->port == -1)
947 options->port = 0; /* Filled in ssh_connect. */
948 if (options->address_family == -1)
949 options->address_family = AF_UNSPEC;
950 if (options->connection_attempts == -1)
951 options->connection_attempts = 1;
952 if (options->number_of_password_prompts == -1)
953 options->number_of_password_prompts = 3;
954 /* Selected in ssh_login(). */
955 if (options->cipher == -1)
956 options->cipher = SSH_CIPHER_NOT_SET;
957 /* options->ciphers, default set in myproposals.h */
958 /* options->macs, default set in myproposals.h */
959 /* options->hostkeyalgorithms, default set in myproposals.h */
960 if (options->protocol == SSH_PROTO_UNKNOWN)
961 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
962 if (options->num_identity_files == 0) {
963 if (options->protocol & SSH_PROTO_1) {
964 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
965 options->identity_files[options->num_identity_files] =
966 xmalloc(len);
967 snprintf(options->identity_files[options->num_identity_files++],
968 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
969 }
970 if (options->protocol & SSH_PROTO_2) {
971 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
972 options->identity_files[options->num_identity_files] =
973 xmalloc(len);
974 snprintf(options->identity_files[options->num_identity_files++],
975 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
976
977 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
978 options->identity_files[options->num_identity_files] =
979 xmalloc(len);
980 snprintf(options->identity_files[options->num_identity_files++],
981 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
982 }
983 }
984 if (options->escape_char == -1)
985 options->escape_char = '~';
986 if (options->system_hostfile == NULL)
987 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
988 if (options->user_hostfile == NULL)
989 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
990 if (options->system_hostfile2 == NULL)
991 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
992 if (options->user_hostfile2 == NULL)
993 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
994 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
995 options->log_level = SYSLOG_LEVEL_INFO;
996 if (options->clear_forwardings == 1)
997 clear_forwardings(options);
998 if (options->no_host_authentication_for_localhost == - 1)
999 options->no_host_authentication_for_localhost = 0;
1000 if (options->identities_only == -1)
1001 options->identities_only = 0;
1002 if (options->enable_ssh_keysign == -1)
1003 options->enable_ssh_keysign = 0;
1004 if (options->rekey_limit == -1)
1005 options->rekey_limit = 0;
1006 if (options->verify_host_key_dns == -1)
1007 options->verify_host_key_dns = 0;
1008 if (options->server_alive_interval == -1)
1009 options->server_alive_interval = 0;
1010 if (options->server_alive_count_max == -1)
1011 options->server_alive_count_max = 3;
| 930}
931
932/*
933 * Called after processing other sources of option data, this fills those
934 * options for which no value has been specified with their default values.
935 */
936
937void
938fill_default_options(Options * options)
939{
940 int len;
941
942 if (options->forward_agent == -1)
943 options->forward_agent = 0;
944 if (options->forward_x11 == -1)
945 options->forward_x11 = 0;
946 if (options->forward_x11_trusted == -1)
947 options->forward_x11_trusted = 0;
948 if (options->xauth_location == NULL)
949 options->xauth_location = _PATH_XAUTH;
950 if (options->gateway_ports == -1)
951 options->gateway_ports = 0;
952 if (options->use_privileged_port == -1)
953 options->use_privileged_port = 0;
954 if (options->rsa_authentication == -1)
955 options->rsa_authentication = 1;
956 if (options->pubkey_authentication == -1)
957 options->pubkey_authentication = 1;
958 if (options->challenge_response_authentication == -1)
959 options->challenge_response_authentication = 1;
960 if (options->gss_authentication == -1)
961 options->gss_authentication = 0;
962 if (options->gss_deleg_creds == -1)
963 options->gss_deleg_creds = 0;
964 if (options->password_authentication == -1)
965 options->password_authentication = 1;
966 if (options->kbd_interactive_authentication == -1)
967 options->kbd_interactive_authentication = 1;
968 if (options->rhosts_rsa_authentication == -1)
969 options->rhosts_rsa_authentication = 0;
970 if (options->hostbased_authentication == -1)
971 options->hostbased_authentication = 0;
972 if (options->batch_mode == -1)
973 options->batch_mode = 0;
974 if (options->check_host_ip == -1)
975 options->check_host_ip = 0;
976 if (options->strict_host_key_checking == -1)
977 options->strict_host_key_checking = 2; /* 2 is default */
978 if (options->compression == -1)
979 options->compression = 0;
980 if (options->tcp_keep_alive == -1)
981 options->tcp_keep_alive = 1;
982 if (options->compression_level == -1)
983 options->compression_level = 6;
984 if (options->port == -1)
985 options->port = 0; /* Filled in ssh_connect. */
986 if (options->address_family == -1)
987 options->address_family = AF_UNSPEC;
988 if (options->connection_attempts == -1)
989 options->connection_attempts = 1;
990 if (options->number_of_password_prompts == -1)
991 options->number_of_password_prompts = 3;
992 /* Selected in ssh_login(). */
993 if (options->cipher == -1)
994 options->cipher = SSH_CIPHER_NOT_SET;
995 /* options->ciphers, default set in myproposals.h */
996 /* options->macs, default set in myproposals.h */
997 /* options->hostkeyalgorithms, default set in myproposals.h */
998 if (options->protocol == SSH_PROTO_UNKNOWN)
999 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1000 if (options->num_identity_files == 0) {
1001 if (options->protocol & SSH_PROTO_1) {
1002 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1003 options->identity_files[options->num_identity_files] =
1004 xmalloc(len);
1005 snprintf(options->identity_files[options->num_identity_files++],
1006 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1007 }
1008 if (options->protocol & SSH_PROTO_2) {
1009 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1010 options->identity_files[options->num_identity_files] =
1011 xmalloc(len);
1012 snprintf(options->identity_files[options->num_identity_files++],
1013 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1014
1015 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1016 options->identity_files[options->num_identity_files] =
1017 xmalloc(len);
1018 snprintf(options->identity_files[options->num_identity_files++],
1019 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1020 }
1021 }
1022 if (options->escape_char == -1)
1023 options->escape_char = '~';
1024 if (options->system_hostfile == NULL)
1025 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1026 if (options->user_hostfile == NULL)
1027 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1028 if (options->system_hostfile2 == NULL)
1029 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1030 if (options->user_hostfile2 == NULL)
1031 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1032 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1033 options->log_level = SYSLOG_LEVEL_INFO;
1034 if (options->clear_forwardings == 1)
1035 clear_forwardings(options);
1036 if (options->no_host_authentication_for_localhost == - 1)
1037 options->no_host_authentication_for_localhost = 0;
1038 if (options->identities_only == -1)
1039 options->identities_only = 0;
1040 if (options->enable_ssh_keysign == -1)
1041 options->enable_ssh_keysign = 0;
1042 if (options->rekey_limit == -1)
1043 options->rekey_limit = 0;
1044 if (options->verify_host_key_dns == -1)
1045 options->verify_host_key_dns = 0;
1046 if (options->server_alive_interval == -1)
1047 options->server_alive_interval = 0;
1048 if (options->server_alive_count_max == -1)
1049 options->server_alive_count_max = 3;
|
| 1050 if (options->control_master == -1)
1051 options->control_master = 0;
|
1012 /* options->proxy_command should not be set by default */
1013 /* options->user will be set in the main program if appropriate */
1014 /* options->hostname will be set in the main program if appropriate */
1015 /* options->host_key_alias should not be set by default */
1016 /* options->preferred_authentications will be set in ssh */
1017}
| 1052 /* options->proxy_command should not be set by default */
1053 /* options->user will be set in the main program if appropriate */
1054 /* options->hostname will be set in the main program if appropriate */
1055 /* options->host_key_alias should not be set by default */
1056 /* options->preferred_authentications will be set in ssh */
1057}
|