| readconf.c (76262) | readconf.c (92559) |
|---|---|
| 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Functions for reading the configuration files. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14#include "includes.h" | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Functions for reading the configuration files. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 14#include "includes.h" |
| 15RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $"); 16RCSID("$FreeBSD: head/crypto/openssh/readconf.c 76262 2001-05-04 04:14:23Z green $"); | 15RCSID("$OpenBSD: readconf.c,v 1.95 2002/02/04 12:15:25 markus Exp $"); 16RCSID("$FreeBSD: head/crypto/openssh/readconf.c 92559 2002-03-18 10:09:43Z des $"); |
| 17 18#include "ssh.h" 19#include "xmalloc.h" 20#include "compat.h" 21#include "cipher.h" 22#include "pathnames.h" 23#include "log.h" 24#include "readconf.h" --- 69 unchanged lines hidden (view full) --- 94 95typedef enum { 96 oBadOption, 97 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, 98 oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, 99 oChallengeResponseAuthentication, oXAuthLocation, 100#if defined(KRB4) || defined(KRB5) 101 oKerberosAuthentication, | 17 18#include "ssh.h" 19#include "xmalloc.h" 20#include "compat.h" 21#include "cipher.h" 22#include "pathnames.h" 23#include "log.h" 24#include "readconf.h" --- 69 unchanged lines hidden (view full) --- 94 95typedef enum { 96 oBadOption, 97 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, 98 oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, 99 oChallengeResponseAuthentication, oXAuthLocation, 100#if defined(KRB4) || defined(KRB5) 101 oKerberosAuthentication, |
| 102#endif /* KRB4 */ 103#ifdef KRB5 104 oKrb5TgtPassing, 105#endif /* KRB5 */ | 102#endif 103#if defined(AFS) || defined(KRB5) 104 oKerberosTgtPassing, 105#endif |
| 106#ifdef AFS | 106#ifdef AFS |
| 107 oKrb4TgtPassing, oAFSTokenPassing, | 107 oAFSTokenPassing, |
| 108#endif 109 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 110 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 111 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 112 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 113 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, 114 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, 115 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 116 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 117 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 108#endif 109 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 110 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 111 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 112 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 113 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, 114 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, 115 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 116 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 117 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
| 118 oHostKeyAlgorithms | 118 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, 119 oClearAllForwardings, oNoHostAuthenticationForLocalhost |
| 119} OpCodes; 120 121/* Textual representations of the tokens. */ 122 123static struct { 124 const char *name; 125 OpCodes opcode; 126} keywords[] = { --- 11 unchanged lines hidden (view full) --- 138 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 139 { "rhostsrsaauthentication", oRhostsRSAAuthentication }, 140 { "hostbasedauthentication", oHostbasedAuthentication }, 141 { "challengeresponseauthentication", oChallengeResponseAuthentication }, 142 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ 143 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ 144#if defined(KRB4) || defined(KRB5) 145 { "kerberosauthentication", oKerberosAuthentication }, | 120} OpCodes; 121 122/* Textual representations of the tokens. */ 123 124static struct { 125 const char *name; 126 OpCodes opcode; 127} keywords[] = { --- 11 unchanged lines hidden (view full) --- 139 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 140 { "rhostsrsaauthentication", oRhostsRSAAuthentication }, 141 { "hostbasedauthentication", oHostbasedAuthentication }, 142 { "challengeresponseauthentication", oChallengeResponseAuthentication }, 143 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ 144 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ 145#if defined(KRB4) || defined(KRB5) 146 { "kerberosauthentication", oKerberosAuthentication }, |
| 146#endif /* KRB4 || KRB5 */ 147#ifdef KRB5 148 { "kerberos5tgtpassing", oKrb5TgtPassing }, 149#endif /* KRB5 */ | 147#endif 148#if defined(AFS) || defined(KRB5) 149 { "kerberostgtpassing", oKerberosTgtPassing }, 150#endif |
| 150#ifdef AFS | 151#ifdef AFS |
| 151 { "kerberos4tgtpassing", oKrb4TgtPassing }, | |
| 152 { "afstokenpassing", oAFSTokenPassing }, 153#endif 154 { "fallbacktorsh", oFallBackToRsh }, 155 { "usersh", oUseRsh }, 156 { "identityfile", oIdentityFile }, 157 { "identityfile2", oIdentityFile }, /* alias */ 158 { "hostname", oHostName }, 159 { "hostkeyalias", oHostKeyAlias }, --- 4 unchanged lines hidden (view full) --- 164 { "macs", oMacs }, 165 { "protocol", oProtocol }, 166 { "remoteforward", oRemoteForward }, 167 { "localforward", oLocalForward }, 168 { "user", oUser }, 169 { "host", oHost }, 170 { "escapechar", oEscapeChar }, 171 { "globalknownhostsfile", oGlobalKnownHostsFile }, | 152 { "afstokenpassing", oAFSTokenPassing }, 153#endif 154 { "fallbacktorsh", oFallBackToRsh }, 155 { "usersh", oUseRsh }, 156 { "identityfile", oIdentityFile }, 157 { "identityfile2", oIdentityFile }, /* alias */ 158 { "hostname", oHostName }, 159 { "hostkeyalias", oHostKeyAlias }, --- 4 unchanged lines hidden (view full) --- 164 { "macs", oMacs }, 165 { "protocol", oProtocol }, 166 { "remoteforward", oRemoteForward }, 167 { "localforward", oLocalForward }, 168 { "user", oUser }, 169 { "host", oHost }, 170 { "escapechar", oEscapeChar }, 171 { "globalknownhostsfile", oGlobalKnownHostsFile }, |
| 172 { "userknownhostsfile", oUserKnownHostsFile }, | 172 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ |
| 173 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, | 173 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, |
| 174 { "userknownhostsfile2", oUserKnownHostsFile2 }, | 174 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ |
| 175 { "connectionattempts", oConnectionAttempts }, 176 { "batchmode", oBatchMode }, 177 { "checkhostip", oCheckHostIP }, 178 { "stricthostkeychecking", oStrictHostKeyChecking }, 179 { "compression", oCompression }, 180 { "compressionlevel", oCompressionLevel }, 181 { "keepalive", oKeepAlives }, 182 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 183 { "loglevel", oLogLevel }, 184 { "dynamicforward", oDynamicForward }, 185 { "preferredauthentications", oPreferredAuthentications }, 186 { "hostkeyalgorithms", oHostKeyAlgorithms }, | 175 { "connectionattempts", oConnectionAttempts }, 176 { "batchmode", oBatchMode }, 177 { "checkhostip", oCheckHostIP }, 178 { "stricthostkeychecking", oStrictHostKeyChecking }, 179 { "compression", oCompression }, 180 { "compressionlevel", oCompressionLevel }, 181 { "keepalive", oKeepAlives }, 182 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 183 { "loglevel", oLogLevel }, 184 { "dynamicforward", oDynamicForward }, 185 { "preferredauthentications", oPreferredAuthentications }, 186 { "hostkeyalgorithms", oHostKeyAlgorithms }, |
| 187 { NULL, 0 } | 187 { "bindaddress", oBindAddress }, 188 { "smartcarddevice", oSmartcardDevice }, 189 { "clearallforwardings", oClearAllForwardings }, 190 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, 191 { NULL, oBadOption } |
| 188}; 189 190/* 191 * Adds a local TCP/IP port forward to options. Never returns if there is an 192 * error. 193 */ 194 195void --- 19 unchanged lines hidden (view full) --- 215 216void 217add_remote_forward(Options *options, u_short port, const char *host, 218 u_short host_port) 219{ 220 Forward *fwd; 221 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) 222 fatal("Too many remote forwards (max %d).", | 192}; 193 194/* 195 * Adds a local TCP/IP port forward to options. Never returns if there is an 196 * error. 197 */ 198 199void --- 19 unchanged lines hidden (view full) --- 219 220void 221add_remote_forward(Options *options, u_short port, const char *host, 222 u_short host_port) 223{ 224 Forward *fwd; 225 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) 226 fatal("Too many remote forwards (max %d).", |
| 223 SSH_MAX_FORWARDS_PER_DIRECTION); | 227 SSH_MAX_FORWARDS_PER_DIRECTION); |
| 224 fwd = &options->remote_forwards[options->num_remote_forwards++]; 225 fwd->port = port; 226 fwd->host = xstrdup(host); 227 fwd->host_port = host_port; 228} 229 | 228 fwd = &options->remote_forwards[options->num_remote_forwards++]; 229 fwd->port = port; 230 fwd->host = xstrdup(host); 231 fwd->host_port = host_port; 232} 233 |
| 234static void 235clear_forwardings(Options *options) 236{ 237 int i; 238 239 for (i = 0; i < options->num_local_forwards; i++) 240 xfree(options->local_forwards[i].host); 241 options->num_local_forwards = 0; 242 for (i = 0; i < options->num_remote_forwards; i++) 243 xfree(options->remote_forwards[i].host); 244 options->num_remote_forwards = 0; 245} 246 |
|
| 230/* 231 * Returns the number of the token pointed to by cp or oBadOption. 232 */ 233 234static OpCodes 235parse_token(const char *cp, const char *filename, int linenum) 236{ 237 u_int i; --- 15 unchanged lines hidden (view full) --- 253int 254process_config_line(Options *options, const char *host, 255 char *line, const char *filename, int linenum, 256 int *activep) 257{ 258 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; 259 int opcode, *intptr, value; 260 u_short fwd_port, fwd_host_port; | 247/* 248 * Returns the number of the token pointed to by cp or oBadOption. 249 */ 250 251static OpCodes 252parse_token(const char *cp, const char *filename, int linenum) 253{ 254 u_int i; --- 15 unchanged lines hidden (view full) --- 270int 271process_config_line(Options *options, const char *host, 272 char *line, const char *filename, int linenum, 273 int *activep) 274{ 275 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; 276 int opcode, *intptr, value; 277 u_short fwd_port, fwd_host_port; |
| 278 char sfwd_host_port[6]; |
|
| 261 262 s = line; 263 /* Get the keyword. (Each line is supposed to begin with a keyword). */ 264 keyword = strdelim(&s); 265 /* Ignore leading whitespace. */ 266 if (*keyword == '\0') 267 keyword = strdelim(&s); 268 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') --- 62 unchanged lines hidden (view full) --- 331 case oRhostsRSAAuthentication: 332 intptr = &options->rhosts_rsa_authentication; 333 goto parse_flag; 334 335 case oHostbasedAuthentication: 336 intptr = &options->hostbased_authentication; 337 goto parse_flag; 338 | 279 280 s = line; 281 /* Get the keyword. (Each line is supposed to begin with a keyword). */ 282 keyword = strdelim(&s); 283 /* Ignore leading whitespace. */ 284 if (*keyword == '\0') 285 keyword = strdelim(&s); 286 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') --- 62 unchanged lines hidden (view full) --- 349 case oRhostsRSAAuthentication: 350 intptr = &options->rhosts_rsa_authentication; 351 goto parse_flag; 352 353 case oHostbasedAuthentication: 354 intptr = &options->hostbased_authentication; 355 goto parse_flag; 356 |
| 357 case oChallengeResponseAuthentication: 358 intptr = &options->challenge_response_authentication; 359 goto parse_flag; |
|
| 339#if defined(KRB4) || defined(KRB5) 340 case oKerberosAuthentication: 341 intptr = &options->kerberos_authentication; 342 goto parse_flag; | 360#if defined(KRB4) || defined(KRB5) 361 case oKerberosAuthentication: 362 intptr = &options->kerberos_authentication; 363 goto parse_flag; |
| 343#endif /* KRB4 || KRB5 */ 344 345 case oChallengeResponseAuthentication: 346 intptr = &options->challenge_reponse_authentication; | 364#endif 365#if defined(AFS) || defined(KRB5) 366 case oKerberosTgtPassing: 367 intptr = &options->kerberos_tgt_passing; |
| 347 goto parse_flag; | 368 goto parse_flag; |
| 348 349#ifdef KRB5 350 case oKrb5TgtPassing: 351 intptr = &options->krb5_tgt_passing; 352 goto parse_flag; 353#endif /* KRB5 */ 354 | 369#endif |
| 355#ifdef AFS | 370#ifdef AFS |
| 356 case oKrb4TgtPassing: 357 intptr = &options->krb4_tgt_passing; 358 goto parse_flag; 359 | |
| 360 case oAFSTokenPassing: 361 intptr = &options->afs_token_passing; 362 goto parse_flag; 363#endif | 371 case oAFSTokenPassing: 372 intptr = &options->afs_token_passing; 373 goto parse_flag; 374#endif |
| 364 | |
| 365 case oFallBackToRsh: 366 intptr = &options->fallback_to_rsh; 367 goto parse_flag; 368 369 case oUseRsh: 370 intptr = &options->use_rsh; 371 goto parse_flag; 372 --- 5 unchanged lines hidden (view full) --- 378 intptr = &options->check_host_ip; 379 goto parse_flag; 380 381 case oStrictHostKeyChecking: 382 intptr = &options->strict_host_key_checking; 383 arg = strdelim(&s); 384 if (!arg || *arg == '\0') 385 fatal("%.200s line %d: Missing yes/no/ask argument.", | 375 case oFallBackToRsh: 376 intptr = &options->fallback_to_rsh; 377 goto parse_flag; 378 379 case oUseRsh: 380 intptr = &options->use_rsh; 381 goto parse_flag; 382 --- 5 unchanged lines hidden (view full) --- 388 intptr = &options->check_host_ip; 389 goto parse_flag; 390 391 case oStrictHostKeyChecking: 392 intptr = &options->strict_host_key_checking; 393 arg = strdelim(&s); 394 if (!arg || *arg == '\0') 395 fatal("%.200s line %d: Missing yes/no/ask argument.", |
| 386 filename, linenum); | 396 filename, linenum); |
| 387 value = 0; /* To avoid compiler warning... */ 388 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) 389 value = 1; 390 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) 391 value = 0; 392 else if (strcmp(arg, "ask") == 0) 393 value = 2; 394 else --- 5 unchanged lines hidden (view full) --- 400 case oCompression: 401 intptr = &options->compression; 402 goto parse_flag; 403 404 case oKeepAlives: 405 intptr = &options->keepalives; 406 goto parse_flag; 407 | 397 value = 0; /* To avoid compiler warning... */ 398 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) 399 value = 1; 400 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) 401 value = 0; 402 else if (strcmp(arg, "ask") == 0) 403 value = 2; 404 else --- 5 unchanged lines hidden (view full) --- 410 case oCompression: 411 intptr = &options->compression; 412 goto parse_flag; 413 414 case oKeepAlives: 415 intptr = &options->keepalives; 416 goto parse_flag; 417 |
| 418 case oNoHostAuthenticationForLocalhost: 419 intptr = &options->no_host_authentication_for_localhost; 420 goto parse_flag; 421 |
|
| 408 case oNumberOfPasswordPrompts: 409 intptr = &options->number_of_password_prompts; 410 goto parse_int; 411 412 case oCompressionLevel: 413 intptr = &options->compression_level; 414 goto parse_int; 415 416 case oIdentityFile: 417 arg = strdelim(&s); 418 if (!arg || *arg == '\0') 419 fatal("%.200s line %d: Missing argument.", filename, linenum); 420 if (*activep) { 421 intptr = &options->num_identity_files; 422 if (*intptr >= SSH_MAX_IDENTITY_FILES) 423 fatal("%.200s line %d: Too many identity files specified (max %d).", | 422 case oNumberOfPasswordPrompts: 423 intptr = &options->number_of_password_prompts; 424 goto parse_int; 425 426 case oCompressionLevel: 427 intptr = &options->compression_level; 428 goto parse_int; 429 430 case oIdentityFile: 431 arg = strdelim(&s); 432 if (!arg || *arg == '\0') 433 fatal("%.200s line %d: Missing argument.", filename, linenum); 434 if (*activep) { 435 intptr = &options->num_identity_files; 436 if (*intptr >= SSH_MAX_IDENTITY_FILES) 437 fatal("%.200s line %d: Too many identity files specified (max %d).", |
| 424 filename, linenum, SSH_MAX_IDENTITY_FILES); | 438 filename, linenum, SSH_MAX_IDENTITY_FILES); |
| 425 charptr = &options->identity_files[*intptr]; 426 *charptr = xstrdup(arg); 427 *intptr = *intptr + 1; 428 } 429 break; 430 431 case oXAuthLocation: 432 charptr=&options->xauth_location; --- 32 unchanged lines hidden (view full) --- 465 case oHostKeyAlias: 466 charptr = &options->host_key_alias; 467 goto parse_string; 468 469 case oPreferredAuthentications: 470 charptr = &options->preferred_authentications; 471 goto parse_string; 472 | 439 charptr = &options->identity_files[*intptr]; 440 *charptr = xstrdup(arg); 441 *intptr = *intptr + 1; 442 } 443 break; 444 445 case oXAuthLocation: 446 charptr=&options->xauth_location; --- 32 unchanged lines hidden (view full) --- 479 case oHostKeyAlias: 480 charptr = &options->host_key_alias; 481 goto parse_string; 482 483 case oPreferredAuthentications: 484 charptr = &options->preferred_authentications; 485 goto parse_string; 486 |
| 487 case oBindAddress: 488 charptr = &options->bind_address; 489 goto parse_string; 490 491 case oSmartcardDevice: 492 charptr = &options->smartcard_device; 493 goto parse_string; 494 |
|
| 473 case oProxyCommand: 474 charptr = &options->proxy_command; 475 string = xstrdup(""); 476 while ((arg = strdelim(&s)) != NULL && *arg != '\0') { 477 string = xrealloc(string, strlen(string) + strlen(arg) + 2); 478 strcat(string, " "); 479 strcat(string, arg); 480 } --- 27 unchanged lines hidden (view full) --- 508 case oCipher: 509 intptr = &options->cipher; 510 arg = strdelim(&s); 511 if (!arg || *arg == '\0') 512 fatal("%.200s line %d: Missing argument.", filename, linenum); 513 value = cipher_number(arg); 514 if (value == -1) 515 fatal("%.200s line %d: Bad cipher '%s'.", | 495 case oProxyCommand: 496 charptr = &options->proxy_command; 497 string = xstrdup(""); 498 while ((arg = strdelim(&s)) != NULL && *arg != '\0') { 499 string = xrealloc(string, strlen(string) + strlen(arg) + 2); 500 strcat(string, " "); 501 strcat(string, arg); 502 } --- 27 unchanged lines hidden (view full) --- 530 case oCipher: 531 intptr = &options->cipher; 532 arg = strdelim(&s); 533 if (!arg || *arg == '\0') 534 fatal("%.200s line %d: Missing argument.", filename, linenum); 535 value = cipher_number(arg); 536 if (value == -1) 537 fatal("%.200s line %d: Bad cipher '%s'.", |
| 516 filename, linenum, arg ? arg : "<NONE>"); | 538 filename, linenum, arg ? arg : " |
| 517 if (*activep && *intptr == -1) 518 *intptr = value; 519 break; 520 521 case oCiphers: 522 arg = strdelim(&s); 523 if (!arg || *arg == '\0') 524 fatal("%.200s line %d: Missing argument.", filename, linenum); 525 if (!ciphers_valid(arg)) 526 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", | 539 if (*activep && *intptr == -1) 540 *intptr = value; 541 break; 542 543 case oCiphers: 544 arg = strdelim(&s); 545 if (!arg || *arg == '\0') 546 fatal("%.200s line %d: Missing argument.", filename, linenum); 547 if (!ciphers_valid(arg)) 548 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", |
| 527 filename, linenum, arg ? arg : "<NONE>"); | 549 filename, linenum, arg ? arg : " |
| 528 if (*activep && options->ciphers == NULL) 529 options->ciphers = xstrdup(arg); 530 break; 531 532 case oMacs: 533 arg = strdelim(&s); 534 if (!arg || *arg == '\0') 535 fatal("%.200s line %d: Missing argument.", filename, linenum); 536 if (!mac_valid(arg)) 537 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", | 550 if (*activep && options->ciphers == NULL) 551 options->ciphers = xstrdup(arg); 552 break; 553 554 case oMacs: 555 arg = strdelim(&s); 556 if (!arg || *arg == '\0') 557 fatal("%.200s line %d: Missing argument.", filename, linenum); 558 if (!mac_valid(arg)) 559 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", |
| 538 filename, linenum, arg ? arg : "<NONE>"); | 560 filename, linenum, arg ? arg : " |
| 539 if (*activep && options->macs == NULL) 540 options->macs = xstrdup(arg); 541 break; 542 543 case oHostKeyAlgorithms: 544 arg = strdelim(&s); 545 if (!arg || *arg == '\0') 546 fatal("%.200s line %d: Missing argument.", filename, linenum); 547 if (!key_names_valid2(arg)) 548 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", | 561 if (*activep && options->macs == NULL) 562 options->macs = xstrdup(arg); 563 break; 564 565 case oHostKeyAlgorithms: 566 arg = strdelim(&s); 567 if (!arg || *arg == '\0') 568 fatal("%.200s line %d: Missing argument.", filename, linenum); 569 if (!key_names_valid2(arg)) 570 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", |
| 549 filename, linenum, arg ? arg : "<NONE>"); | 571 filename, linenum, arg ? arg : " |
| 550 if (*activep && options->hostkeyalgorithms == NULL) 551 options->hostkeyalgorithms = xstrdup(arg); 552 break; 553 554 case oProtocol: 555 intptr = &options->protocol; 556 arg = strdelim(&s); 557 if (!arg || *arg == '\0') 558 fatal("%.200s line %d: Missing argument.", filename, linenum); 559 value = proto_spec(arg); 560 if (value == SSH_PROTO_UNKNOWN) 561 fatal("%.200s line %d: Bad protocol spec '%s'.", | 572 if (*activep && options->hostkeyalgorithms == NULL) 573 options->hostkeyalgorithms = xstrdup(arg); 574 break; 575 576 case oProtocol: 577 intptr = &options->protocol; 578 arg = strdelim(&s); 579 if (!arg || *arg == '\0') 580 fatal("%.200s line %d: Missing argument.", filename, linenum); 581 value = proto_spec(arg); 582 if (value == SSH_PROTO_UNKNOWN) 583 fatal("%.200s line %d: Bad protocol spec '%s'.", |
| 562 filename, linenum, arg ? arg : "<NONE>"); | 584 filename, linenum, arg ? arg : " |
| 563 if (*activep && *intptr == SSH_PROTO_UNKNOWN) 564 *intptr = value; 565 break; 566 567 case oLogLevel: 568 intptr = (int *) &options->log_level; 569 arg = strdelim(&s); 570 value = log_level_number(arg); | 585 if (*activep && *intptr == SSH_PROTO_UNKNOWN) 586 *intptr = value; 587 break; 588 589 case oLogLevel: 590 intptr = (int *) &options->log_level; 591 arg = strdelim(&s); 592 value = log_level_number(arg); |
| 571 if (value == (LogLevel) - 1) | 593 if (value == SYSLOG_LEVEL_NOT_SET) |
| 572 fatal("%.200s line %d: unsupported log level '%s'", | 594 fatal("%.200s line %d: unsupported log level '%s'", |
| 573 filename, linenum, arg ? arg : "<NONE>"); 574 if (*activep && (LogLevel) * intptr == -1) | 595 filename, linenum, arg ? arg : " 596 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET) |
| 575 *intptr = (LogLevel) value; 576 break; 577 | 597 *intptr = (LogLevel) value; 598 break; 599 |
| 600 case oLocalForward: |
|
| 578 case oRemoteForward: 579 arg = strdelim(&s); 580 if (!arg || *arg == '\0') | 601 case oRemoteForward: 602 arg = strdelim(&s); 603 if (!arg || *arg == '\0') |
| 581 fatal("%.200s line %d: Missing argument.", filename, linenum); 582 fwd_port = a2port(arg); 583 if (fwd_port == 0) 584 fatal("%.200s line %d: Badly formatted port number.", 585 filename, linenum); | 604 fatal("%.200s line %d: Missing port argument.", 605 filename, linenum); 606 if ((fwd_port = a2port(arg)) == 0) 607 fatal("%.200s line %d: Bad listen port.", 608 filename, linenum); |
| 586 arg = strdelim(&s); 587 if (!arg || *arg == '\0') 588 fatal("%.200s line %d: Missing second argument.", | 609 arg = strdelim(&s); 610 if (!arg || *arg == '\0') 611 fatal("%.200s line %d: Missing second argument.", |
| 589 filename, linenum); 590 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) 591 fatal("%.200s line %d: Badly formatted host:port.", 592 filename, linenum); 593 if (*activep) 594 add_remote_forward(options, fwd_port, buf, fwd_host_port); | 612 filename, linenum); 613 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && 614 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) 615 fatal("%.200s line %d: Bad forwarding specification.", 616 filename, linenum); 617 if ((fwd_host_port = a2port(sfwd_host_port)) == 0) 618 fatal("%.200s line %d: Bad forwarding port.", 619 filename, linenum); 620 if (*activep) { 621 if (opcode == oLocalForward) 622 add_local_forward(options, fwd_port, buf, 623 fwd_host_port); 624 else if (opcode == oRemoteForward) 625 add_remote_forward(options, fwd_port, buf, 626 fwd_host_port); 627 } |
| 595 break; 596 | 628 break; 629 |
| 597 case oLocalForward: 598 arg = strdelim(&s); 599 if (!arg || *arg == '\0') 600 fatal("%.200s line %d: Missing argument.", filename, linenum); 601 fwd_port = a2port(arg); 602 if (fwd_port == 0) 603 fatal("%.200s line %d: Badly formatted port number.", 604 filename, linenum); 605 arg = strdelim(&s); 606 if (!arg || *arg == '\0') 607 fatal("%.200s line %d: Missing second argument.", 608 filename, linenum); 609 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2) 610 fatal("%.200s line %d: Badly formatted host:port.", 611 filename, linenum); 612 if (*activep) 613 add_local_forward(options, fwd_port, buf, fwd_host_port); 614 break; 615 | |
| 616 case oDynamicForward: 617 arg = strdelim(&s); 618 if (!arg || *arg == '\0') 619 fatal("%.200s line %d: Missing port argument.", 620 filename, linenum); 621 fwd_port = a2port(arg); 622 if (fwd_port == 0) 623 fatal("%.200s line %d: Badly formatted port number.", 624 filename, linenum); | 630 case oDynamicForward: 631 arg = strdelim(&s); 632 if (!arg || *arg == '\0') 633 fatal("%.200s line %d: Missing port argument.", 634 filename, linenum); 635 fwd_port = a2port(arg); 636 if (fwd_port == 0) 637 fatal("%.200s line %d: Badly formatted port number.", 638 filename, linenum); |
| 625 add_local_forward(options, fwd_port, "socks4", 0); | 639 if (*activep) 640 add_local_forward(options, fwd_port, "socks4", 0); |
| 626 break; 627 | 641 break; 642 |
| 643 case oClearAllForwardings: 644 intptr = &options->clear_forwardings; 645 goto parse_flag; 646 |
|
| 628 case oHost: 629 *activep = 0; 630 while ((arg = strdelim(&s)) != NULL && *arg != '\0') 631 if (match_pattern(host, arg)) { 632 debug("Applying options for %.100s", arg); 633 *activep = 1; 634 break; 635 } --- 6 unchanged lines hidden (view full) --- 642 if (!arg || *arg == '\0') 643 fatal("%.200s line %d: Missing argument.", filename, linenum); 644 if (arg[0] == '^' && arg[2] == 0 && 645 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) 646 value = (u_char) arg[1] & 31; 647 else if (strlen(arg) == 1) 648 value = (u_char) arg[0]; 649 else if (strcmp(arg, "none") == 0) | 647 case oHost: 648 *activep = 0; 649 while ((arg = strdelim(&s)) != NULL && *arg != '\0') 650 if (match_pattern(host, arg)) { 651 debug("Applying options for %.100s", arg); 652 *activep = 1; 653 break; 654 } --- 6 unchanged lines hidden (view full) --- 661 if (!arg || *arg == '\0') 662 fatal("%.200s line %d: Missing argument.", filename, linenum); 663 if (arg[0] == '^' && arg[2] == 0 && 664 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) 665 value = (u_char) arg[1] & 31; 666 else if (strlen(arg) == 1) 667 value = (u_char) arg[0]; 668 else if (strcmp(arg, "none") == 0) |
| 650 value = -2; | 669 value = SSH_ESCAPECHAR_NONE; |
| 651 else { 652 fatal("%.200s line %d: Bad escape character.", | 670 else { 671 fatal("%.200s line %d: Bad escape character.", |
| 653 filename, linenum); | 672 filename, linenum); |
| 654 /* NOTREACHED */ 655 value = 0; /* Avoid compiler warning. */ 656 } 657 if (*activep && *intptr == -1) 658 *intptr = value; 659 break; 660 661 default: 662 fatal("process_config_line: Unimplemented opcode %d", opcode); 663 } 664 665 /* Check that there is no garbage at end of line. */ 666 if ((arg = strdelim(&s)) != NULL && *arg != '\0') { 667 fatal("%.200s line %d: garbage at end of line; \"%.200s\".", | 673 /* NOTREACHED */ 674 value = 0; /* Avoid compiler warning. */ 675 } 676 if (*activep && *intptr == -1) 677 *intptr = value; 678 break; 679 680 default: 681 fatal("process_config_line: Unimplemented opcode %d", opcode); 682 } 683 684 /* Check that there is no garbage at end of line. */ 685 if ((arg = strdelim(&s)) != NULL && *arg != '\0') { 686 fatal("%.200s line %d: garbage at end of line; \"%.200s\".", |
| 668 filename, linenum, arg); | 687 filename, linenum, arg); |
| 669 } 670 return 0; 671} 672 673 674/* 675 * Reads the config file and modifies the options accordingly. Options 676 * should already be initialized before this call. This never returns if | 688 } 689 return 0; 690} 691 692 693/* 694 * Reads the config file and modifies the options accordingly. Options 695 * should already be initialized before this call. This never returns if |
| 677 * there is an error. If the file does not exist, this returns immediately. | 696 * there is an error. If the file does not exist, this returns 0. |
| 678 */ 679 | 697 */ 698 |
| 680void | 699int |
| 681read_config_file(const char *filename, const char *host, Options *options) 682{ 683 FILE *f; 684 char line[1024]; 685 int active, linenum; 686 int bad_options = 0; 687 688 /* Open the file. */ 689 f = fopen(filename, "r"); 690 if (!f) | 700read_config_file(const char *filename, const char *host, Options *options) 701{ 702 FILE *f; 703 char line[1024]; 704 int active, linenum; 705 int bad_options = 0; 706 707 /* Open the file. */ 708 f = fopen(filename, "r"); 709 if (!f) |
| 691 return; | 710 return 0; |
| 692 693 debug("Reading configuration data %.200s", filename); 694 695 /* 696 * Mark that we are now processing the options. This flag is turned 697 * on/off by Host specifications. 698 */ 699 active = 1; 700 linenum = 0; 701 while (fgets(line, sizeof(line), f)) { 702 /* Update line number counter. */ 703 linenum++; 704 if (process_config_line(options, host, line, filename, linenum, &active) != 0) 705 bad_options++; 706 } 707 fclose(f); 708 if (bad_options > 0) 709 fatal("%s: terminating, %d bad configuration options", | 711 712 debug("Reading configuration data %.200s", filename); 713 714 /* 715 * Mark that we are now processing the options. This flag is turned 716 * on/off by Host specifications. 717 */ 718 active = 1; 719 linenum = 0; 720 while (fgets(line, sizeof(line), f)) { 721 /* Update line number counter. */ 722 linenum++; 723 if (process_config_line(options, host, line, filename, linenum, &active) != 0) 724 bad_options++; 725 } 726 fclose(f); 727 if (bad_options > 0) 728 fatal("%s: terminating, %d bad configuration options", |
| 710 filename, bad_options); | 729 filename, bad_options); 730 return 1; |
| 711} 712 713/* 714 * Initializes options to special values that indicate that they have not yet 715 * been set. Read_config_file will only set options with this value. Options 716 * are processed in the following order: command line, user config file, 717 * system config file. Last, fill_default_options is called. 718 */ --- 5 unchanged lines hidden (view full) --- 724 options->forward_agent = -1; 725 options->forward_x11 = -1; 726 options->xauth_location = NULL; 727 options->gateway_ports = -1; 728 options->use_privileged_port = -1; 729 options->rhosts_authentication = -1; 730 options->rsa_authentication = -1; 731 options->pubkey_authentication = -1; | 731} 732 733/* 734 * Initializes options to special values that indicate that they have not yet 735 * been set. Read_config_file will only set options with this value. Options 736 * are processed in the following order: command line, user config file, 737 * system config file. Last, fill_default_options is called. 738 */ --- 5 unchanged lines hidden (view full) --- 744 options->forward_agent = -1; 745 options->forward_x11 = -1; 746 options->xauth_location = NULL; 747 options->gateway_ports = -1; 748 options->use_privileged_port = -1; 749 options->rhosts_authentication = -1; 750 options->rsa_authentication = -1; 751 options->pubkey_authentication = -1; |
| 732 options->challenge_reponse_authentication = -1; | 752 options->challenge_response_authentication = -1; |
| 733#if defined(KRB4) || defined(KRB5) 734 options->kerberos_authentication = -1; 735#endif | 753#if defined(KRB4) || defined(KRB5) 754 options->kerberos_authentication = -1; 755#endif |
| 736#ifdef KRB5 737 options->krb5_tgt_passing = -1; 738#endif /* KRB5 */ | 756#if defined(AFS) || defined(KRB5) 757 options->kerberos_tgt_passing = -1; 758#endif |
| 739#ifdef AFS | 759#ifdef AFS |
| 740 options->krb4_tgt_passing = -1; | |
| 741 options->afs_token_passing = -1; 742#endif 743 options->password_authentication = -1; 744 options->kbd_interactive_authentication = -1; 745 options->kbd_interactive_devices = NULL; 746 options->rhosts_rsa_authentication = -1; 747 options->hostbased_authentication = -1; 748 options->fallback_to_rsh = -1; --- 19 unchanged lines hidden (view full) --- 768 options->user = NULL; 769 options->escape_char = -1; 770 options->system_hostfile = NULL; 771 options->user_hostfile = NULL; 772 options->system_hostfile2 = NULL; 773 options->user_hostfile2 = NULL; 774 options->num_local_forwards = 0; 775 options->num_remote_forwards = 0; | 760 options->afs_token_passing = -1; 761#endif 762 options->password_authentication = -1; 763 options->kbd_interactive_authentication = -1; 764 options->kbd_interactive_devices = NULL; 765 options->rhosts_rsa_authentication = -1; 766 options->hostbased_authentication = -1; 767 options->fallback_to_rsh = -1; --- 19 unchanged lines hidden (view full) --- 787 options->user = NULL; 788 options->escape_char = -1; 789 options->system_hostfile = NULL; 790 options->user_hostfile = NULL; 791 options->system_hostfile2 = NULL; 792 options->user_hostfile2 = NULL; 793 options->num_local_forwards = 0; 794 options->num_remote_forwards = 0; |
| 776 options->log_level = (LogLevel) - 1; | 795 options->clear_forwardings = -1; 796 options->log_level = SYSLOG_LEVEL_NOT_SET; |
| 777 options->preferred_authentications = NULL; | 797 options->preferred_authentications = NULL; |
| 798 options->bind_address = NULL; 799 options->smartcard_device = NULL; 800 options->no_host_authentication_for_localhost = - 1; |
|
| 778} 779 780/* 781 * Called after processing other sources of option data, this fills those 782 * options for which no value has been specified with their default values. 783 */ 784 785void 786fill_default_options(Options * options) 787{ 788 int len; 789 790 if (options->forward_agent == -1) 791 options->forward_agent = 0; 792 if (options->forward_x11 == -1) 793 options->forward_x11 = 0; | 801} 802 803/* 804 * Called after processing other sources of option data, this fills those 805 * options for which no value has been specified with their default values. 806 */ 807 808void 809fill_default_options(Options * options) 810{ 811 int len; 812 813 if (options->forward_agent == -1) 814 options->forward_agent = 0; 815 if (options->forward_x11 == -1) 816 options->forward_x11 = 0; |
| 794#ifdef XAUTH_PATH | |
| 795 if (options->xauth_location == NULL) | 817 if (options->xauth_location == NULL) |
| 796 options->xauth_location = XAUTH_PATH; 797#endif /* XAUTH_PATH */ | 818 options->xauth_location = _PATH_XAUTH; |
| 798 if (options->gateway_ports == -1) 799 options->gateway_ports = 0; 800 if (options->use_privileged_port == -1) 801 options->use_privileged_port = 0; 802 if (options->rhosts_authentication == -1) 803 options->rhosts_authentication = 1; 804 if (options->rsa_authentication == -1) 805 options->rsa_authentication = 1; 806 if (options->pubkey_authentication == -1) 807 options->pubkey_authentication = 1; | 819 if (options->gateway_ports == -1) 820 options->gateway_ports = 0; 821 if (options->use_privileged_port == -1) 822 options->use_privileged_port = 0; 823 if (options->rhosts_authentication == -1) 824 options->rhosts_authentication = 1; 825 if (options->rsa_authentication == -1) 826 options->rsa_authentication = 1; 827 if (options->pubkey_authentication == -1) 828 options->pubkey_authentication = 1; |
| 808 if (options->challenge_reponse_authentication == -1) 809 options->challenge_reponse_authentication = 0; | 829 if (options->challenge_response_authentication == -1) 830 options->challenge_response_authentication = 1; |
| 810#if defined(KRB4) || defined(KRB5) 811 if (options->kerberos_authentication == -1) 812 options->kerberos_authentication = 1; | 831#if defined(KRB4) || defined(KRB5) 832 if (options->kerberos_authentication == -1) 833 options->kerberos_authentication = 1; |
| 813#endif /* KRB4 || KRB5 */ 814#ifdef KRB5 815 if (options->krb5_tgt_passing == -1) 816 options->krb5_tgt_passing = 1; 817#endif /* KRB5 */ | 834#endif 835#if defined(AFS) || defined(KRB5) 836 if (options->kerberos_tgt_passing == -1) 837 options->kerberos_tgt_passing = 1; 838#endif |
| 818#ifdef AFS | 839#ifdef AFS |
| 819 if (options->krb4_tgt_passing == -1) 820 options->krb4_tgt_passing = 1; | |
| 821 if (options->afs_token_passing == -1) 822 options->afs_token_passing = 1; | 840 if (options->afs_token_passing == -1) 841 options->afs_token_passing = 1; |
| 823#endif /* AFS */ | 842#endif |
| 824 if (options->password_authentication == -1) 825 options->password_authentication = 1; 826 if (options->kbd_interactive_authentication == -1) 827 options->kbd_interactive_authentication = 1; 828 if (options->rhosts_rsa_authentication == -1) 829 options->rhosts_rsa_authentication = 1; 830 if (options->hostbased_authentication == -1) 831 options->hostbased_authentication = 0; --- 11 unchanged lines hidden (view full) --- 843 options->compression = 0; 844 if (options->keepalives == -1) 845 options->keepalives = 1; 846 if (options->compression_level == -1) 847 options->compression_level = 6; 848 if (options->port == -1) 849 options->port = 0; /* Filled in ssh_connect. */ 850 if (options->connection_attempts == -1) | 843 if (options->password_authentication == -1) 844 options->password_authentication = 1; 845 if (options->kbd_interactive_authentication == -1) 846 options->kbd_interactive_authentication = 1; 847 if (options->rhosts_rsa_authentication == -1) 848 options->rhosts_rsa_authentication = 1; 849 if (options->hostbased_authentication == -1) 850 options->hostbased_authentication = 0; --- 11 unchanged lines hidden (view full) --- 862 options->compression = 0; 863 if (options->keepalives == -1) 864 options->keepalives = 1; 865 if (options->compression_level == -1) 866 options->compression_level = 6; 867 if (options->port == -1) 868 options->port = 0; /* Filled in ssh_connect. */ 869 if (options->connection_attempts == -1) |
| 851 options->connection_attempts = 4; | 870 options->connection_attempts = 1; |
| 852 if (options->number_of_password_prompts == -1) 853 options->number_of_password_prompts = 3; 854 /* Selected in ssh_login(). */ 855 if (options->cipher == -1) 856 options->cipher = SSH_CIPHER_NOT_SET; 857 /* options->ciphers, default set in myproposals.h */ 858 /* options->macs, default set in myproposals.h */ 859 /* options->hostkeyalgorithms, default set in myproposals.h */ --- 26 unchanged lines hidden (view full) --- 886 if (options->system_hostfile == NULL) 887 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; 888 if (options->user_hostfile == NULL) 889 options->user_hostfile = _PATH_SSH_USER_HOSTFILE; 890 if (options->system_hostfile2 == NULL) 891 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2; 892 if (options->user_hostfile2 == NULL) 893 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; | 871 if (options->number_of_password_prompts == -1) 872 options->number_of_password_prompts = 3; 873 /* Selected in ssh_login(). */ 874 if (options->cipher == -1) 875 options->cipher = SSH_CIPHER_NOT_SET; 876 /* options->ciphers, default set in myproposals.h */ 877 /* options->macs, default set in myproposals.h */ 878 /* options->hostkeyalgorithms, default set in myproposals.h */ --- 26 unchanged lines hidden (view full) --- 905 if (options->system_hostfile == NULL) 906 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; 907 if (options->user_hostfile == NULL) 908 options->user_hostfile = _PATH_SSH_USER_HOSTFILE; 909 if (options->system_hostfile2 == NULL) 910 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2; 911 if (options->user_hostfile2 == NULL) 912 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; |
| 894 if (options->log_level == (LogLevel) - 1) | 913 if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
| 895 options->log_level = SYSLOG_LEVEL_INFO; | 914 options->log_level = SYSLOG_LEVEL_INFO; |
| 915 if (options->clear_forwardings == 1) 916 clear_forwardings(options); 917 if (options->no_host_authentication_for_localhost == - 1) 918 options->no_host_authentication_for_localhost = 0; |
|
| 896 /* options->proxy_command should not be set by default */ 897 /* options->user will be set in the main program if appropriate */ 898 /* options->hostname will be set in the main program if appropriate */ 899 /* options->host_key_alias should not be set by default */ 900 /* options->preferred_authentications will be set in ssh */ 901} | 919 /* options->proxy_command should not be set by default */ 920 /* options->user will be set in the main program if appropriate */ 921 /* options->hostname will be set in the main program if appropriate */ 922 /* options->host_key_alias should not be set by default */ 923 /* options->preferred_authentications will be set in ssh */ 924} |