]> andersk Git - gssapi-openssh.git/blame - openssh/readconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
remove duplicate HPN lines
[gssapi-openssh.git] / openssh / readconf.c
CommitLineData
5262cbfb 1/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
3c0ef626 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Functions for reading the configuration files.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
3c0ef626 16
30460aeb 17#include <sys/types.h>
18#include <sys/stat.h>
19#include <sys/socket.h>
20
21#include <netinet/in.h>
22
23#include <ctype.h>
24#include <errno.h>
25#include <netdb.h>
26#include <signal.h>
27#include <stdarg.h>
28#include <stdio.h>
29#include <string.h>
30#include <unistd.h>
31
3c0ef626 32#include "xmalloc.h"
30460aeb 33#include "ssh.h"
3c0ef626 34#include "compat.h"
35#include "cipher.h"
36#include "pathnames.h"
37#include "log.h"
30460aeb 38#include "key.h"
3c0ef626 39#include "readconf.h"
40#include "match.h"
41#include "misc.h"
30460aeb 42#include "buffer.h"
3c0ef626 43#include "kex.h"
44#include "mac.h"
45
46/* Format of the configuration file:
47
48 # Configuration data is parsed as follows:
49 # 1. command line options
50 # 2. user-specific file
51 # 3. system-wide file
52 # Any configuration value is only changed the first time it is set.
53 # Thus, host-specific definitions should be at the beginning of the
54 # configuration file, and defaults at the end.
55
56 # Host-specific declarations. These may override anything above. A single
57 # host may match multiple declarations; these are processed in the order
58 # that they are given in.
59
60 Host *.ngs.fi ngs.fi
44a053a3 61 User foo
3c0ef626 62
63 Host fake.com
64 HostName another.host.name.real.org
65 User blaah
66 Port 34289
67 ForwardX11 no
68 ForwardAgent no
69
70 Host books.com
71 RemoteForward 9999 shadows.cs.hut.fi:9999
72 Cipher 3des
73
74 Host fascist.blob.com
75 Port 23123
76 User tylonen
3c0ef626 77 PasswordAuthentication no
78
79 Host puukko.hut.fi
80 User t35124p
81 ProxyCommand ssh-proxy %h %p
82
83 Host *.fr
44a053a3 84 PublicKeyAuthentication no
3c0ef626 85
86 Host *.su
87 Cipher none
88 PasswordAuthentication no
89
08822d99 90 Host vpn.fake.com
91 Tunnel yes
92 TunnelDevice 3
93
3c0ef626 94 # Defaults for various options
95 Host *
96 ForwardAgent no
97 ForwardX11 no
3c0ef626 98 PasswordAuthentication yes
99 RSAAuthentication yes
100 RhostsRSAAuthentication yes
3c0ef626 101 StrictHostKeyChecking yes
540d72c3 102 TcpKeepAlive no
3c0ef626 103 IdentityFile ~/.ssh/identity
104 Port 22
105 EscapeChar ~
106
107*/
108
109/* Keyword tokens. */
110
111typedef enum {
112 oBadOption,
540d72c3 113 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
30460aeb 114 oExitOnForwardFailure,
44a053a3 115 oPasswordAuthentication, oRSAAuthentication,
3c0ef626 116 oChallengeResponseAuthentication, oXAuthLocation,
3c0ef626 117 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
118 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
119 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
120 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
540d72c3 121 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
3c0ef626 122 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
123 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
124 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
125 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
126 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
44a053a3 127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
7cac2b65 128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
f472818d 129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
f97edba6 130 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
12a403af 131 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
dfddba3d 132 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
08822d99 133 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
5262cbfb 134 oVisualHostKey, oZeroKnowledgePasswordAuthentication,
a7213e65 135 oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
136 oHPNBufferSize,
7cac2b65 137 oDeprecated, oUnsupported
3c0ef626 138} OpCodes;
139
140/* Textual representations of the tokens. */
141
142static struct {
143 const char *name;
144 OpCodes opcode;
145} keywords[] = {
146 { "forwardagent", oForwardAgent },
147 { "forwardx11", oForwardX11 },
540d72c3 148 { "forwardx11trusted", oForwardX11Trusted },
30460aeb 149 { "exitonforwardfailure", oExitOnForwardFailure },
3c0ef626 150 { "xauthlocation", oXAuthLocation },
151 { "gatewayports", oGatewayPorts },
152 { "useprivilegedport", oUsePrivilegedPort },
7cac2b65 153 { "rhostsauthentication", oDeprecated },
3c0ef626 154 { "passwordauthentication", oPasswordAuthentication },
155 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
156 { "kbdinteractivedevices", oKbdInteractiveDevices },
157 { "rsaauthentication", oRSAAuthentication },
158 { "pubkeyauthentication", oPubkeyAuthentication },
159 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
160 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
161 { "hostbasedauthentication", oHostbasedAuthentication },
162 { "challengeresponseauthentication", oChallengeResponseAuthentication },
163 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
164 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
7cac2b65 165 { "kerberosauthentication", oUnsupported },
166 { "kerberostgtpassing", oUnsupported },
167 { "afstokenpassing", oUnsupported },
168#if defined(GSSAPI)
5598e598 169 { "gssapiauthentication", oGssAuthentication },
7a056ed1 170 { "gssapikeyexchange", oGssKeyEx },
5598e598 171 { "gssapidelegatecredentials", oGssDelegateCreds },
fe4ad273 172 { "gssapitrustdns", oGssTrustDns },
f97edba6 173 { "gssapiclientidentity", oGssClientIdentity },
174 { "gssapirenewalforcesrekey", oGssRenewalRekey },
7cac2b65 175#else
176 { "gssapiauthentication", oUnsupported },
177 { "gssapikeyexchange", oUnsupported },
178 { "gssapidelegatecredentials", oUnsupported },
fe4ad273 179 { "gssapitrustdns", oUnsupported },
f97edba6 180 { "gssapiclientidentity", oUnsupported },
181 { "gssapirenewalforcesrekey", oUnsupported },
3c0ef626 182#endif
44a053a3 183 { "fallbacktorsh", oDeprecated },
184 { "usersh", oDeprecated },
3c0ef626 185 { "identityfile", oIdentityFile },
5262cbfb 186 { "identityfile2", oIdentityFile }, /* obsolete */
12a403af 187 { "identitiesonly", oIdentitiesOnly },
3c0ef626 188 { "hostname", oHostName },
189 { "hostkeyalias", oHostKeyAlias },
190 { "proxycommand", oProxyCommand },
191 { "port", oPort },
192 { "cipher", oCipher },
193 { "ciphers", oCiphers },
194 { "macs", oMacs },
195 { "protocol", oProtocol },
196 { "remoteforward", oRemoteForward },
197 { "localforward", oLocalForward },
198 { "user", oUser },
199 { "host", oHost },
200 { "escapechar", oEscapeChar },
201 { "globalknownhostsfile", oGlobalKnownHostsFile },
5262cbfb 202 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
203 { "userknownhostsfile", oUserKnownHostsFile },
3c0ef626 204 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
205 { "connectionattempts", oConnectionAttempts },
206 { "batchmode", oBatchMode },
207 { "checkhostip", oCheckHostIP },
208 { "stricthostkeychecking", oStrictHostKeyChecking },
209 { "compression", oCompression },
210 { "compressionlevel", oCompressionLevel },
540d72c3 211 { "tcpkeepalive", oTCPKeepAlive },
212 { "keepalive", oTCPKeepAlive }, /* obsolete */
3c0ef626 213 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
214 { "loglevel", oLogLevel },
215 { "dynamicforward", oDynamicForward },
216 { "preferredauthentications", oPreferredAuthentications },
217 { "hostkeyalgorithms", oHostKeyAlgorithms },
218 { "bindaddress", oBindAddress },
7cac2b65 219#ifdef SMARTCARD
3c0ef626 220 { "smartcarddevice", oSmartcardDevice },
7cac2b65 221#else
222 { "smartcarddevice", oUnsupported },
223#endif
e9702f7d 224 { "clearallforwardings", oClearAllForwardings },
bfe49944 225 { "enablesshkeysign", oEnableSSHKeysign },
7cac2b65 226 { "verifyhostkeydns", oVerifyHostKeyDNS },
e9702f7d 227 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
7cac2b65 228 { "rekeylimit", oRekeyLimit },
229 { "connecttimeout", oConnectTimeout },
230 { "addressfamily", oAddressFamily },
540d72c3 231 { "serveraliveinterval", oServerAliveInterval },
232 { "serveralivecountmax", oServerAliveCountMax },
7e82606e 233 { "sendenv", oSendEnv },
234 { "controlpath", oControlPath },
235 { "controlmaster", oControlMaster },
dfddba3d 236 { "hashknownhosts", oHashKnownHosts },
08822d99 237 { "tunnel", oTunnel },
238 { "tunneldevice", oTunnelDevice },
239 { "localcommand", oLocalCommand },
240 { "permitlocalcommand", oPermitLocalCommand },
5156b1a1 241 { "visualhostkey", oVisualHostKey },
5262cbfb 242#ifdef JPAKE
243 { "zeroknowledgepasswordauthentication",
244 oZeroKnowledgePasswordAuthentication },
245#else
246 { "zeroknowledgepasswordauthentication", oUnsupported },
247#endif
76d45d2f 248 { "noneenabled", oNoneEnabled },
249 { "tcprcvbufpoll", oTcpRcvBufPoll },
250 { "tcprcvbuf", oTcpRcvBuf },
251 { "noneswitch", oNoneSwitch },
252 { "hpndisabled", oHPNDisabled },
253 { "hpnbuffersize", oHPNBufferSize },
e9702f7d 254 { NULL, oBadOption }
3c0ef626 255};
256
257/*
258 * Adds a local TCP/IP port forward to options. Never returns if there is an
259 * error.
260 */
261
262void
dfddba3d 263add_local_forward(Options *options, const Forward *newfwd)
3c0ef626 264{
265 Forward *fwd;
d03f4262 266#ifndef NO_IPPORT_RESERVED_CONCEPT
3c0ef626 267 extern uid_t original_real_uid;
dfddba3d 268 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
3c0ef626 269 fatal("Privileged ports can only be forwarded by root.");
270#endif
271 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
272 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
273 fwd = &options->local_forwards[options->num_local_forwards++];
dfddba3d 274
5262cbfb 275 fwd->listen_host = newfwd->listen_host;
dfddba3d 276 fwd->listen_port = newfwd->listen_port;
5262cbfb 277 fwd->connect_host = newfwd->connect_host;
dfddba3d 278 fwd->connect_port = newfwd->connect_port;
3c0ef626 279}
280
281/*
282 * Adds a remote TCP/IP port forward to options. Never returns if there is
283 * an error.
284 */
285
286void
dfddba3d 287add_remote_forward(Options *options, const Forward *newfwd)
3c0ef626 288{
289 Forward *fwd;
290 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
291 fatal("Too many remote forwards (max %d).",
e9702f7d 292 SSH_MAX_FORWARDS_PER_DIRECTION);
3c0ef626 293 fwd = &options->remote_forwards[options->num_remote_forwards++];
dfddba3d 294
5262cbfb 295 fwd->listen_host = newfwd->listen_host;
dfddba3d 296 fwd->listen_port = newfwd->listen_port;
5262cbfb 297 fwd->connect_host = newfwd->connect_host;
dfddba3d 298 fwd->connect_port = newfwd->connect_port;
3c0ef626 299}
300
301static void
302clear_forwardings(Options *options)
303{
304 int i;
305
dfddba3d 306 for (i = 0; i < options->num_local_forwards; i++) {
8b32eddc 307 if (options->local_forwards[i].listen_host != NULL)
308 xfree(options->local_forwards[i].listen_host);
dfddba3d 309 xfree(options->local_forwards[i].connect_host);
310 }
3c0ef626 311 options->num_local_forwards = 0;
dfddba3d 312 for (i = 0; i < options->num_remote_forwards; i++) {
8b32eddc 313 if (options->remote_forwards[i].listen_host != NULL)
314 xfree(options->remote_forwards[i].listen_host);
dfddba3d 315 xfree(options->remote_forwards[i].connect_host);
316 }
3c0ef626 317 options->num_remote_forwards = 0;
08822d99 318 options->tun_open = SSH_TUNMODE_NO;
3c0ef626 319}
320
321/*
322 * Returns the number of the token pointed to by cp or oBadOption.
323 */
324
325static OpCodes
326parse_token(const char *cp, const char *filename, int linenum)
327{
328 u_int i;
329
330 for (i = 0; keywords[i].name; i++)
331 if (strcasecmp(cp, keywords[i].name) == 0)
332 return keywords[i].opcode;
333
334 error("%s: line %d: Bad configuration option: %s",
335 filename, linenum, cp);
336 return oBadOption;
337}
338
339/*
340 * Processes a single option line as used in the configuration files. This
341 * only sets those values that have not already been set.
342 */
bfe49944 343#define WHITESPACE " \t\r\n"
3c0ef626 344
345int
346process_config_line(Options *options, const char *host,
347 char *line, const char *filename, int linenum,
348 int *activep)
349{
dfddba3d 350 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
30460aeb 351 int opcode, *intptr, value, value2, scale;
e74dc197 352 LogLevel *log_level_ptr;
30460aeb 353 long long orig, val64;
bfe49944 354 size_t len;
dfddba3d 355 Forward fwd;
3c0ef626 356
7cac2b65 357 /* Strip trailing whitespace */
8b32eddc 358 for (len = strlen(line) - 1; len > 0; len--) {
7cac2b65 359 if (strchr(WHITESPACE, line[len]) == NULL)
360 break;
361 line[len] = '\0';
362 }
363
3c0ef626 364 s = line;
365 /* Get the keyword. (Each line is supposed to begin with a keyword). */
30460aeb 366 if ((keyword = strdelim(&s)) == NULL)
367 return 0;
3c0ef626 368 /* Ignore leading whitespace. */
369 if (*keyword == '\0')
370 keyword = strdelim(&s);
371 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
372 return 0;
373
374 opcode = parse_token(keyword, filename, linenum);
375
376 switch (opcode) {
377 case oBadOption:
378 /* don't panic, but count bad options */
379 return -1;
380 /* NOTREACHED */
7cac2b65 381 case oConnectTimeout:
382 intptr = &options->connection_timeout;
540d72c3 383parse_time:
7cac2b65 384 arg = strdelim(&s);
385 if (!arg || *arg == '\0')
386 fatal("%s line %d: missing time value.",
387 filename, linenum);
388 if ((value = convtime(arg)) == -1)
389 fatal("%s line %d: invalid time value.",
390 filename, linenum);
0b90ac93 391 if (*activep && *intptr == -1)
7cac2b65 392 *intptr = value;
393 break;
394
3c0ef626 395 case oForwardAgent:
396 intptr = &options->forward_agent;
397parse_flag:
398 arg = strdelim(&s);
399 if (!arg || *arg == '\0')
400 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
401 value = 0; /* To avoid compiler warning... */
402 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
403 value = 1;
404 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
405 value = 0;
406 else
407 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
408 if (*activep && *intptr == -1)
409 *intptr = value;
410 break;
411
412 case oForwardX11:
413 intptr = &options->forward_x11;
414 goto parse_flag;
415
540d72c3 416 case oForwardX11Trusted:
417 intptr = &options->forward_x11_trusted;
418 goto parse_flag;
419
3c0ef626 420 case oGatewayPorts:
421 intptr = &options->gateway_ports;
422 goto parse_flag;
423
30460aeb 424 case oExitOnForwardFailure:
425 intptr = &options->exit_on_forward_failure;
426 goto parse_flag;
427
3c0ef626 428 case oUsePrivilegedPort:
429 intptr = &options->use_privileged_port;
430 goto parse_flag;
431
3c0ef626 432 case oPasswordAuthentication:
433 intptr = &options->password_authentication;
434 goto parse_flag;
435
5262cbfb 436 case oZeroKnowledgePasswordAuthentication:
437 intptr = &options->zero_knowledge_password_authentication;
438 goto parse_flag;
439
3c0ef626 440 case oKbdInteractiveAuthentication:
441 intptr = &options->kbd_interactive_authentication;
442 goto parse_flag;
443
444 case oKbdInteractiveDevices:
445 charptr = &options->kbd_interactive_devices;
446 goto parse_string;
447
448 case oPubkeyAuthentication:
449 intptr = &options->pubkey_authentication;
450 goto parse_flag;
451
452 case oRSAAuthentication:
453 intptr = &options->rsa_authentication;
454 goto parse_flag;
455
456 case oRhostsRSAAuthentication:
457 intptr = &options->rhosts_rsa_authentication;
458 goto parse_flag;
459
460 case oHostbasedAuthentication:
461 intptr = &options->hostbased_authentication;
462 goto parse_flag;
463
464 case oChallengeResponseAuthentication:
465 intptr = &options->challenge_response_authentication;
466 goto parse_flag;
7cac2b65 467
5598e598 468 case oGssAuthentication:
469 intptr = &options->gss_authentication;
470 goto parse_flag;
7cac2b65 471
7a056ed1 472 case oGssKeyEx:
f97edba6 473 intptr = &options->gss_keyex;
7a056ed1 474 goto parse_flag;
475
5598e598 476 case oGssDelegateCreds:
477 intptr = &options->gss_deleg_creds;
478 goto parse_flag;
5598e598 479
fe4ad273 480 case oGssTrustDns:
481 intptr = &options->gss_trust_dns;
482 goto parse_flag;
483
f97edba6 484 case oGssClientIdentity:
485 charptr = &options->gss_client_identity;
486 goto parse_string;
487
488 case oGssRenewalRekey:
489 intptr = &options->gss_renewal_rekey;
490 goto parse_flag;
491
3c0ef626 492 case oBatchMode:
493 intptr = &options->batch_mode;
494 goto parse_flag;
495
496 case oCheckHostIP:
497 intptr = &options->check_host_ip;
498 goto parse_flag;
499
a7213e65 500 case oNoneEnabled:
501 intptr = &options->none_enabled;
502 goto parse_flag;
231cecf9 503
504 /* we check to see if the command comes from the */
505 /* command line or not. If it does then enable it */
506 /* otherwise fail. NONE should never be a default configuration */
a7213e65 507 case oNoneSwitch:
231cecf9 508 if(strcmp(filename,"command-line")==0)
509 {
510 intptr = &options->none_switch;
511 goto parse_flag;
512 } else {
513 error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
514 error("Continuing...");
515 debug("NoneSwitch directive found in %.200s.", filename);
516 return 0;
517 }
a7213e65 518
519 case oHPNDisabled:
520 intptr = &options->hpn_disabled;
521 goto parse_flag;
522
523 case oHPNBufferSize:
524 intptr = &options->hpn_buffer_size;
525 goto parse_int;
526
527 case oTcpRcvBufPoll:
528 intptr = &options->tcp_rcv_buf_poll;
529 goto parse_flag;
530
7cac2b65 531 case oVerifyHostKeyDNS:
532 intptr = &options->verify_host_key_dns;
540d72c3 533 goto parse_yesnoask;
7cac2b65 534
3c0ef626 535 case oStrictHostKeyChecking:
536 intptr = &options->strict_host_key_checking;
540d72c3 537parse_yesnoask:
3c0ef626 538 arg = strdelim(&s);
539 if (!arg || *arg == '\0')
540 fatal("%.200s line %d: Missing yes/no/ask argument.",
e9702f7d 541 filename, linenum);
3c0ef626 542 value = 0; /* To avoid compiler warning... */
543 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
544 value = 1;
545 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
546 value = 0;
547 else if (strcmp(arg, "ask") == 0)
548 value = 2;
549 else
550 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
551 if (*activep && *intptr == -1)
552 *intptr = value;
553 break;
554
555 case oCompression:
556 intptr = &options->compression;
557 goto parse_flag;
558
540d72c3 559 case oTCPKeepAlive:
560 intptr = &options->tcp_keep_alive;
3c0ef626 561 goto parse_flag;
562
563 case oNoHostAuthenticationForLocalhost:
564 intptr = &options->no_host_authentication_for_localhost;
565 goto parse_flag;
566
567 case oNumberOfPasswordPrompts:
568 intptr = &options->number_of_password_prompts;
569 goto parse_int;
570
571 case oCompressionLevel:
572 intptr = &options->compression_level;
573 goto parse_int;
574
7cac2b65 575 case oRekeyLimit:
7cac2b65 576 arg = strdelim(&s);
577 if (!arg || *arg == '\0')
578 fatal("%.200s line %d: Missing argument.", filename, linenum);
579 if (arg[0] < '0' || arg[0] > '9')
580 fatal("%.200s line %d: Bad number.", filename, linenum);
30460aeb 581 orig = val64 = strtoll(arg, &endofnumber, 10);
7cac2b65 582 if (arg == endofnumber)
583 fatal("%.200s line %d: Bad number.", filename, linenum);
584 switch (toupper(*endofnumber)) {
30460aeb 585 case '\0':
586 scale = 1;
587 break;
7cac2b65 588 case 'K':
30460aeb 589 scale = 1<<10;
7cac2b65 590 break;
591 case 'M':
30460aeb 592 scale = 1<<20;
7cac2b65 593 break;
594 case 'G':
30460aeb 595 scale = 1<<30;
7cac2b65 596 break;
30460aeb 597 default:
598 fatal("%.200s line %d: Invalid RekeyLimit suffix",
599 filename, linenum);
7cac2b65 600 }
30460aeb 601 val64 *= scale;
602 /* detect integer wrap and too-large limits */
e74dc197 603 if ((val64 / scale) != orig || val64 > UINT_MAX)
30460aeb 604 fatal("%.200s line %d: RekeyLimit too large",
605 filename, linenum);
606 if (val64 < 16)
607 fatal("%.200s line %d: RekeyLimit too small",
608 filename, linenum);
e74dc197 609 if (*activep && options->rekey_limit == -1)
610 options->rekey_limit = (u_int32_t)val64;
7cac2b65 611 break;
612
3c0ef626 613 case oIdentityFile:
614 arg = strdelim(&s);
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
617 if (*activep) {
618 intptr = &options->num_identity_files;
619 if (*intptr >= SSH_MAX_IDENTITY_FILES)
620 fatal("%.200s line %d: Too many identity files specified (max %d).",
e9702f7d 621 filename, linenum, SSH_MAX_IDENTITY_FILES);
0b90ac93 622 charptr = &options->identity_files[*intptr];
3c0ef626 623 *charptr = xstrdup(arg);
624 *intptr = *intptr + 1;
625 }
626 break;
627
628 case oXAuthLocation:
629 charptr=&options->xauth_location;
630 goto parse_string;
631
632 case oUser:
633 charptr = &options->user;
634parse_string:
635 arg = strdelim(&s);
636 if (!arg || *arg == '\0')
637 fatal("%.200s line %d: Missing argument.", filename, linenum);
638 if (*activep && *charptr == NULL)
639 *charptr = xstrdup(arg);
640 break;
641
642 case oGlobalKnownHostsFile:
643 charptr = &options->system_hostfile;
644 goto parse_string;
645
646 case oUserKnownHostsFile:
647 charptr = &options->user_hostfile;
648 goto parse_string;
649
650 case oGlobalKnownHostsFile2:
651 charptr = &options->system_hostfile2;
652 goto parse_string;
653
654 case oUserKnownHostsFile2:
655 charptr = &options->user_hostfile2;
656 goto parse_string;
657
658 case oHostName:
659 charptr = &options->hostname;
660 goto parse_string;
661
662 case oHostKeyAlias:
663 charptr = &options->host_key_alias;
664 goto parse_string;
665
666 case oPreferredAuthentications:
667 charptr = &options->preferred_authentications;
668 goto parse_string;
669
670 case oBindAddress:
671 charptr = &options->bind_address;
672 goto parse_string;
673
674 case oSmartcardDevice:
675 charptr = &options->smartcard_device;
676 goto parse_string;
677
678 case oProxyCommand:
08822d99 679 charptr = &options->proxy_command;
680parse_command:
7cac2b65 681 if (s == NULL)
682 fatal("%.200s line %d: Missing argument.", filename, linenum);
bfe49944 683 len = strspn(s, WHITESPACE "=");
3c0ef626 684 if (*activep && *charptr == NULL)
bfe49944 685 *charptr = xstrdup(s + len);
3c0ef626 686 return 0;
687
688 case oPort:
689 intptr = &options->port;
690parse_int:
691 arg = strdelim(&s);
692 if (!arg || *arg == '\0')
693 fatal("%.200s line %d: Missing argument.", filename, linenum);
694 if (arg[0] < '0' || arg[0] > '9')
695 fatal("%.200s line %d: Bad number.", filename, linenum);
696
697 /* Octal, decimal, or hex format? */
698 value = strtol(arg, &endofnumber, 0);
699 if (arg == endofnumber)
700 fatal("%.200s line %d: Bad number.", filename, linenum);
701 if (*activep && *intptr == -1)
702 *intptr = value;
703 break;
704
705 case oConnectionAttempts:
706 intptr = &options->connection_attempts;
707 goto parse_int;
708
a7213e65 709 case oTcpRcvBuf:
710 intptr = &options->tcp_rcv_buf;
711 goto parse_int;
712
3c0ef626 713 case oCipher:
714 intptr = &options->cipher;
715 arg = strdelim(&s);
716 if (!arg || *arg == '\0')
717 fatal("%.200s line %d: Missing argument.", filename, linenum);
718 value = cipher_number(arg);
719 if (value == -1)
720 fatal("%.200s line %d: Bad cipher '%s'.",
e9702f7d 721 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 722 if (*activep && *intptr == -1)
723 *intptr = value;
724 break;
725
726 case oCiphers:
727 arg = strdelim(&s);
728 if (!arg || *arg == '\0')
729 fatal("%.200s line %d: Missing argument.", filename, linenum);
730 if (!ciphers_valid(arg))
731 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
e9702f7d 732 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 733 if (*activep && options->ciphers == NULL)
734 options->ciphers = xstrdup(arg);
735 break;
736
737 case oMacs:
738 arg = strdelim(&s);
739 if (!arg || *arg == '\0')
740 fatal("%.200s line %d: Missing argument.", filename, linenum);
741 if (!mac_valid(arg))
742 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
e9702f7d 743 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 744 if (*activep && options->macs == NULL)
745 options->macs = xstrdup(arg);
746 break;
747
748 case oHostKeyAlgorithms:
749 arg = strdelim(&s);
750 if (!arg || *arg == '\0')
751 fatal("%.200s line %d: Missing argument.", filename, linenum);
752 if (!key_names_valid2(arg))
753 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
e9702f7d 754 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 755 if (*activep && options->hostkeyalgorithms == NULL)
756 options->hostkeyalgorithms = xstrdup(arg);
757 break;
758
759 case oProtocol:
760 intptr = &options->protocol;
761 arg = strdelim(&s);
762 if (!arg || *arg == '\0')
763 fatal("%.200s line %d: Missing argument.", filename, linenum);
764 value = proto_spec(arg);
765 if (value == SSH_PROTO_UNKNOWN)
766 fatal("%.200s line %d: Bad protocol spec '%s'.",
e9702f7d 767 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 768 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
769 *intptr = value;
770 break;
771
772 case oLogLevel:
e74dc197 773 log_level_ptr = &options->log_level;
3c0ef626 774 arg = strdelim(&s);
775 value = log_level_number(arg);
e9702f7d 776 if (value == SYSLOG_LEVEL_NOT_SET)
3c0ef626 777 fatal("%.200s line %d: unsupported log level '%s'",
e9702f7d 778 filename, linenum, arg ? arg : "<NONE>");
e74dc197 779 if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
780 *log_level_ptr = (LogLevel) value;
3c0ef626 781 break;
782
783 case oLocalForward:
784 case oRemoteForward:
5262cbfb 785 case oDynamicForward:
3c0ef626 786 arg = strdelim(&s);
dfddba3d 787 if (arg == NULL || *arg == '\0')
3c0ef626 788 fatal("%.200s line %d: Missing port argument.",
789 filename, linenum);
dfddba3d 790
5262cbfb 791 if (opcode == oLocalForward ||
792 opcode == oRemoteForward) {
793 arg2 = strdelim(&s);
794 if (arg2 == NULL || *arg2 == '\0')
795 fatal("%.200s line %d: Missing target argument.",
796 filename, linenum);
dfddba3d 797
5262cbfb 798 /* construct a string for parse_forward */
799 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
800 } else if (opcode == oDynamicForward) {
801 strlcpy(fwdarg, arg, sizeof(fwdarg));
802 }
803
804 if (parse_forward(&fwd, fwdarg,
805 opcode == oDynamicForward ? 1 : 0,
806 opcode == oRemoteForward ? 1 : 0) == 0)
3c0ef626 807 fatal("%.200s line %d: Bad forwarding specification.",
808 filename, linenum);
dfddba3d 809
3c0ef626 810 if (*activep) {
5262cbfb 811 if (opcode == oLocalForward ||
812 opcode == oDynamicForward)
dfddba3d 813 add_local_forward(options, &fwd);
3c0ef626 814 else if (opcode == oRemoteForward)
dfddba3d 815 add_remote_forward(options, &fwd);
3c0ef626 816 }
817 break;
818
3c0ef626 819 case oClearAllForwardings:
820 intptr = &options->clear_forwardings;
821 goto parse_flag;
822
823 case oHost:
824 *activep = 0;
825 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
826 if (match_pattern(host, arg)) {
827 debug("Applying options for %.100s", arg);
828 *activep = 1;
829 break;
830 }
831 /* Avoid garbage check below, as strdelim is done. */
832 return 0;
833
834 case oEscapeChar:
835 intptr = &options->escape_char;
836 arg = strdelim(&s);
837 if (!arg || *arg == '\0')
838 fatal("%.200s line %d: Missing argument.", filename, linenum);
839 if (arg[0] == '^' && arg[2] == 0 &&
840 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
841 value = (u_char) arg[1] & 31;
842 else if (strlen(arg) == 1)
843 value = (u_char) arg[0];
844 else if (strcmp(arg, "none") == 0)
845 value = SSH_ESCAPECHAR_NONE;
846 else {
847 fatal("%.200s line %d: Bad escape character.",
e9702f7d 848 filename, linenum);
3c0ef626 849 /* NOTREACHED */
850 value = 0; /* Avoid compiler warning. */
851 }
852 if (*activep && *intptr == -1)
853 *intptr = value;
854 break;
855
7cac2b65 856 case oAddressFamily:
857 arg = strdelim(&s);
2ce0bfe4 858 if (!arg || *arg == '\0')
859 fatal("%s line %d: missing address family.",
860 filename, linenum);
7cac2b65 861 intptr = &options->address_family;
862 if (strcasecmp(arg, "inet") == 0)
863 value = AF_INET;
864 else if (strcasecmp(arg, "inet6") == 0)
865 value = AF_INET6;
866 else if (strcasecmp(arg, "any") == 0)
867 value = AF_UNSPEC;
868 else
869 fatal("Unsupported AddressFamily \"%s\"", arg);
870 if (*activep && *intptr == -1)
871 *intptr = value;
872 break;
873
bfe49944 874 case oEnableSSHKeysign:
875 intptr = &options->enable_ssh_keysign;
876 goto parse_flag;
877
12a403af 878 case oIdentitiesOnly:
879 intptr = &options->identities_only;
880 goto parse_flag;
881
540d72c3 882 case oServerAliveInterval:
883 intptr = &options->server_alive_interval;
884 goto parse_time;
885
886 case oServerAliveCountMax:
887 intptr = &options->server_alive_count_max;
888 goto parse_int;
889
7e82606e 890 case oSendEnv:
891 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
892 if (strchr(arg, '=') != NULL)
893 fatal("%s line %d: Invalid environment name.",
894 filename, linenum);
dfddba3d 895 if (!*activep)
896 continue;
7e82606e 897 if (options->num_send_env >= MAX_SEND_ENV)
898 fatal("%s line %d: too many send env.",
899 filename, linenum);
900 options->send_env[options->num_send_env++] =
901 xstrdup(arg);
902 }
903 break;
904
905 case oControlPath:
906 charptr = &options->control_path;
907 goto parse_string;
908
909 case oControlMaster:
910 intptr = &options->control_master;
2ce0bfe4 911 arg = strdelim(&s);
912 if (!arg || *arg == '\0')
913 fatal("%.200s line %d: Missing ControlMaster argument.",
914 filename, linenum);
915 value = 0; /* To avoid compiler warning... */
916 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
917 value = SSHCTL_MASTER_YES;
918 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
919 value = SSHCTL_MASTER_NO;
920 else if (strcmp(arg, "auto") == 0)
921 value = SSHCTL_MASTER_AUTO;
922 else if (strcmp(arg, "ask") == 0)
923 value = SSHCTL_MASTER_ASK;
924 else if (strcmp(arg, "autoask") == 0)
925 value = SSHCTL_MASTER_AUTO_ASK;
926 else
927 fatal("%.200s line %d: Bad ControlMaster argument.",
928 filename, linenum);
929 if (*activep && *intptr == -1)
930 *intptr = value;
931 break;
7e82606e 932
dfddba3d 933 case oHashKnownHosts:
934 intptr = &options->hash_known_hosts;
935 goto parse_flag;
936
08822d99 937 case oTunnel:
938 intptr = &options->tun_open;
939 arg = strdelim(&s);
940 if (!arg || *arg == '\0')
941 fatal("%s line %d: Missing yes/point-to-point/"
942 "ethernet/no argument.", filename, linenum);
943 value = 0; /* silence compiler */
944 if (strcasecmp(arg, "ethernet") == 0)
945 value = SSH_TUNMODE_ETHERNET;
946 else if (strcasecmp(arg, "point-to-point") == 0)
947 value = SSH_TUNMODE_POINTOPOINT;
948 else if (strcasecmp(arg, "yes") == 0)
949 value = SSH_TUNMODE_DEFAULT;
950 else if (strcasecmp(arg, "no") == 0)
951 value = SSH_TUNMODE_NO;
952 else
953 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
954 "no argument: %s", filename, linenum, arg);
955 if (*activep)
956 *intptr = value;
957 break;
958
959 case oTunnelDevice:
960 arg = strdelim(&s);
961 if (!arg || *arg == '\0')
962 fatal("%.200s line %d: Missing argument.", filename, linenum);
963 value = a2tun(arg, &value2);
964 if (value == SSH_TUNID_ERR)
965 fatal("%.200s line %d: Bad tun device.", filename, linenum);
966 if (*activep) {
967 options->tun_local = value;
968 options->tun_remote = value2;
969 }
970 break;
971
972 case oLocalCommand:
973 charptr = &options->local_command;
974 goto parse_command;
975
976 case oPermitLocalCommand:
977 intptr = &options->permit_local_command;
978 goto parse_flag;
979
5156b1a1 980 case oVisualHostKey:
981 intptr = &options->visual_host_key;
982 goto parse_flag;
983
44a053a3 984 case oDeprecated:
985 debug("%s line %d: Deprecated option \"%s\"",
986 filename, linenum, keyword);
987 return 0;
988
7cac2b65 989 case oUnsupported:
990 error("%s line %d: Unsupported option \"%s\"",
991 filename, linenum, keyword);
992 return 0;
993
3c0ef626 994 default:
995 fatal("process_config_line: Unimplemented opcode %d", opcode);
996 }
997
998 /* Check that there is no garbage at end of line. */
999 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1000 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
2ce0bfe4 1001 filename, linenum, arg);
3c0ef626 1002 }
1003 return 0;
1004}
1005
1006
1007/*
1008 * Reads the config file and modifies the options accordingly. Options
1009 * should already be initialized before this call. This never returns if
1010 * there is an error. If the file does not exist, this returns 0.
1011 */
1012
1013int
7e82606e 1014read_config_file(const char *filename, const char *host, Options *options,
1015 int checkperm)
3c0ef626 1016{
1017 FILE *f;
1018 char line[1024];
1019 int active, linenum;
1020 int bad_options = 0;
1021
7e82606e 1022 if ((f = fopen(filename, "r")) == NULL)
3c0ef626 1023 return 0;
1024
7e82606e 1025 if (checkperm) {
1026 struct stat sb;
1027
1028 if (fstat(fileno(f), &sb) == -1)
1029 fatal("fstat %s: %s", filename, strerror(errno));
1030 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
1031 (sb.st_mode & 022) != 0))
1032 fatal("Bad owner or permissions on %s", filename);
1033 }
1034
3c0ef626 1035 debug("Reading configuration data %.200s", filename);
1036
1037 /*
1038 * Mark that we are now processing the options. This flag is turned
1039 * on/off by Host specifications.
1040 */
1041 active = 1;
1042 linenum = 0;
1043 while (fgets(line, sizeof(line), f)) {
1044 /* Update line number counter. */
1045 linenum++;
1046 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
1047 bad_options++;
1048 }
1049 fclose(f);
1050 if (bad_options > 0)
1051 fatal("%s: terminating, %d bad configuration options",
e9702f7d 1052 filename, bad_options);
3c0ef626 1053 return 1;
1054}
1055
1056/*
1057 * Initializes options to special values that indicate that they have not yet
1058 * been set. Read_config_file will only set options with this value. Options
1059 * are processed in the following order: command line, user config file,
1060 * system config file. Last, fill_default_options is called.
1061 */
1062
1063void
1064initialize_options(Options * options)
1065{
1066 memset(options, 'X', sizeof(*options));
1067 options->forward_agent = -1;
1068 options->forward_x11 = -1;
540d72c3 1069 options->forward_x11_trusted = -1;
30460aeb 1070 options->exit_on_forward_failure = -1;
3c0ef626 1071 options->xauth_location = NULL;
1072 options->gateway_ports = -1;
1073 options->use_privileged_port = -1;
3c0ef626 1074 options->rsa_authentication = -1;
1075 options->pubkey_authentication = -1;
1076 options->challenge_response_authentication = -1;
7cac2b65 1077 options->gss_authentication = -1;
7a056ed1 1078 options->gss_keyex = -1;
7cac2b65 1079 options->gss_deleg_creds = -1;
fe4ad273 1080 options->gss_trust_dns = -1;
f97edba6 1081 options->gss_renewal_rekey = -1;
1082 options->gss_client_identity = NULL;
3c0ef626 1083 options->password_authentication = -1;
1084 options->kbd_interactive_authentication = -1;
1085 options->kbd_interactive_devices = NULL;
1086 options->rhosts_rsa_authentication = -1;
1087 options->hostbased_authentication = -1;
3c0ef626 1088 options->batch_mode = -1;
1089 options->check_host_ip = -1;
1090 options->strict_host_key_checking = -1;
1091 options->compression = -1;
540d72c3 1092 options->tcp_keep_alive = -1;
3c0ef626 1093 options->compression_level = -1;
1094 options->port = -1;
7cac2b65 1095 options->address_family = -1;
3c0ef626 1096 options->connection_attempts = -1;
7cac2b65 1097 options->connection_timeout = -1;
3c0ef626 1098 options->number_of_password_prompts = -1;
1099 options->cipher = -1;
1100 options->ciphers = NULL;
1101 options->macs = NULL;
1102 options->hostkeyalgorithms = NULL;
1103 options->protocol = SSH_PROTO_UNKNOWN;
1104 options->num_identity_files = 0;
1105 options->hostname = NULL;
1106 options->host_key_alias = NULL;
1107 options->proxy_command = NULL;
1108 options->user = NULL;
1109 options->escape_char = -1;
1110 options->system_hostfile = NULL;
1111 options->user_hostfile = NULL;
1112 options->system_hostfile2 = NULL;
1113 options->user_hostfile2 = NULL;
1114 options->num_local_forwards = 0;
1115 options->num_remote_forwards = 0;
1116 options->clear_forwardings = -1;
e9702f7d 1117 options->log_level = SYSLOG_LEVEL_NOT_SET;
3c0ef626 1118 options->preferred_authentications = NULL;
1119 options->bind_address = NULL;
1120 options->smartcard_device = NULL;
bfe49944 1121 options->enable_ssh_keysign = - 1;
3c0ef626 1122 options->no_host_authentication_for_localhost = - 1;
12a403af 1123 options->identities_only = - 1;
7cac2b65 1124 options->rekey_limit = - 1;
1125 options->verify_host_key_dns = -1;
540d72c3 1126 options->server_alive_interval = -1;
1127 options->server_alive_count_max = -1;
7e82606e 1128 options->num_send_env = 0;
1129 options->control_path = NULL;
1130 options->control_master = -1;
dfddba3d 1131 options->hash_known_hosts = -1;
08822d99 1132 options->tun_open = -1;
1133 options->tun_local = -1;
1134 options->tun_remote = -1;
1135 options->local_command = NULL;
1136 options->permit_local_command = -1;
5156b1a1 1137 options->visual_host_key = -1;
5262cbfb 1138 options->zero_knowledge_password_authentication = -1;
76d45d2f 1139 options->none_switch = -1;
1140 options->none_enabled = -1;
1141 options->hpn_disabled = -1;
1142 options->hpn_buffer_size = -1;
1143 options->tcp_rcv_buf_poll = -1;
1144 options->tcp_rcv_buf = -1;
3c0ef626 1145}
1146
1147/*
1148 * Called after processing other sources of option data, this fills those
1149 * options for which no value has been specified with their default values.
1150 */
1151
1152void
1153fill_default_options(Options * options)
1154{
1155 int len;
1156
1157 if (options->forward_agent == -1)
1158 options->forward_agent = 0;
1159 if (options->forward_x11 == -1)
1160 options->forward_x11 = 0;
540d72c3 1161 if (options->forward_x11_trusted == -1)
1162 options->forward_x11_trusted = 0;
30460aeb 1163 if (options->exit_on_forward_failure == -1)
1164 options->exit_on_forward_failure = 0;
3c0ef626 1165 if (options->xauth_location == NULL)
1166 options->xauth_location = _PATH_XAUTH;
3c0ef626 1167 if (options->gateway_ports == -1)
1168 options->gateway_ports = 0;
1169 if (options->use_privileged_port == -1)
1170 options->use_privileged_port = 0;
3c0ef626 1171 if (options->rsa_authentication == -1)
1172 options->rsa_authentication = 1;
1173 if (options->pubkey_authentication == -1)
1174 options->pubkey_authentication = 1;
1175 if (options->challenge_response_authentication == -1)
1176 options->challenge_response_authentication = 1;
5598e598 1177 if (options->gss_authentication == -1)
1178 options->gss_authentication = 1;
7a056ed1 1179 if (options->gss_keyex == -1)
1180 options->gss_keyex = 1;
5598e598 1181 if (options->gss_deleg_creds == -1)
1182 options->gss_deleg_creds = 1;
fe4ad273 1183 if (options->gss_trust_dns == -1)
1184 options->gss_trust_dns = 1;
f97edba6 1185 if (options->gss_renewal_rekey == -1)
1186 options->gss_renewal_rekey = 0;
3c0ef626 1187 if (options->password_authentication == -1)
1188 options->password_authentication = 1;
1189 if (options->kbd_interactive_authentication == -1)
1190 options->kbd_interactive_authentication = 1;
1191 if (options->rhosts_rsa_authentication == -1)
44a053a3 1192 options->rhosts_rsa_authentication = 0;
3c0ef626 1193 if (options->hostbased_authentication == -1)
1194 options->hostbased_authentication = 0;
3c0ef626 1195 if (options->batch_mode == -1)
1196 options->batch_mode = 0;
1197 if (options->check_host_ip == -1)
1198 options->check_host_ip = 1;
1199 if (options->strict_host_key_checking == -1)
1200 options->strict_host_key_checking = 2; /* 2 is default */
1201 if (options->compression == -1)
1202 options->compression = 0;
540d72c3 1203 if (options->tcp_keep_alive == -1)
1204 options->tcp_keep_alive = 1;
3c0ef626 1205 if (options->compression_level == -1)
1206 options->compression_level = 6;
1207 if (options->port == -1)
1208 options->port = 0; /* Filled in ssh_connect. */
7cac2b65 1209 if (options->address_family == -1)
1210 options->address_family = AF_UNSPEC;
3c0ef626 1211 if (options->connection_attempts == -1)
1212 options->connection_attempts = 1;
1213 if (options->number_of_password_prompts == -1)
1214 options->number_of_password_prompts = 3;
1215 /* Selected in ssh_login(). */
1216 if (options->cipher == -1)
1217 options->cipher = SSH_CIPHER_NOT_SET;
1218 /* options->ciphers, default set in myproposals.h */
1219 /* options->macs, default set in myproposals.h */
1220 /* options->hostkeyalgorithms, default set in myproposals.h */
1221 if (options->protocol == SSH_PROTO_UNKNOWN)
1222 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1223 if (options->num_identity_files == 0) {
1224 if (options->protocol & SSH_PROTO_1) {
1225 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1226 options->identity_files[options->num_identity_files] =
1227 xmalloc(len);
1228 snprintf(options->identity_files[options->num_identity_files++],
1229 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1230 }
1231 if (options->protocol & SSH_PROTO_2) {
1232 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1233 options->identity_files[options->num_identity_files] =
1234 xmalloc(len);
1235 snprintf(options->identity_files[options->num_identity_files++],
1236 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1237
1238 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1239 options->identity_files[options->num_identity_files] =
1240 xmalloc(len);
1241 snprintf(options->identity_files[options->num_identity_files++],
1242 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1243 }
1244 }
1245 if (options->escape_char == -1)
1246 options->escape_char = '~';
1247 if (options->system_hostfile == NULL)
1248 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1249 if (options->user_hostfile == NULL)
1250 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1251 if (options->system_hostfile2 == NULL)
1252 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1253 if (options->user_hostfile2 == NULL)
1254 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
e9702f7d 1255 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
3c0ef626 1256 options->log_level = SYSLOG_LEVEL_INFO;
1257 if (options->clear_forwardings == 1)
1258 clear_forwardings(options);
1259 if (options->no_host_authentication_for_localhost == - 1)
1260 options->no_host_authentication_for_localhost = 0;
12a403af 1261 if (options->identities_only == -1)
1262 options->identities_only = 0;
bfe49944 1263 if (options->enable_ssh_keysign == -1)
1264 options->enable_ssh_keysign = 0;
7cac2b65 1265 if (options->rekey_limit == -1)
1266 options->rekey_limit = 0;
1267 if (options->verify_host_key_dns == -1)
1268 options->verify_host_key_dns = 0;
540d72c3 1269 if (options->server_alive_interval == -1)
1270 options->server_alive_interval = 0;
1271 if (options->server_alive_count_max == -1)
1272 options->server_alive_count_max = 3;
473db5ab 1273 if (options->none_switch == -1)
1274 options->none_switch = 0;
a7213e65 1275 if (options->hpn_disabled == -1)
1276 options->hpn_disabled = 0;
f713db99 1277 if (options->hpn_buffer_size > -1)
1278 {
6df46d40 1279 /* if a user tries to set the size to 0 set it to 1KB */
a7213e65 1280 if (options->hpn_buffer_size == 0)
6df46d40 1281 options->hpn_buffer_size = 1024;
231cecf9 1282 /*limit the buffer to 64MB*/
6df46d40 1283 if (options->hpn_buffer_size > 65536)
f713db99 1284 {
6df46d40 1285 options->hpn_buffer_size = 65536*1024;
231cecf9 1286 debug("User requested buffer larger than 64MB. Request reverted to 64MB");
f713db99 1287 }
f713db99 1288 debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
1289 }
a7213e65 1290 if (options->tcp_rcv_buf == 0)
1291 options->tcp_rcv_buf = 1;
1292 if (options->tcp_rcv_buf > -1)
1293 options->tcp_rcv_buf *=1024;
6df46d40 1294 if (options->tcp_rcv_buf_poll == -1)
1295 options->tcp_rcv_buf_poll = 1;
7e82606e 1296 if (options->control_master == -1)
1297 options->control_master = 0;
dfddba3d 1298 if (options->hash_known_hosts == -1)
1299 options->hash_known_hosts = 0;
08822d99 1300 if (options->tun_open == -1)
1301 options->tun_open = SSH_TUNMODE_NO;
1302 if (options->tun_local == -1)
1303 options->tun_local = SSH_TUNID_ANY;
1304 if (options->tun_remote == -1)
1305 options->tun_remote = SSH_TUNID_ANY;
1306 if (options->permit_local_command == -1)
1307 options->permit_local_command = 0;
5156b1a1 1308 if (options->visual_host_key == -1)
1309 options->visual_host_key = 0;
5262cbfb 1310 if (options->zero_knowledge_password_authentication == -1)
1311 options->zero_knowledge_password_authentication = 0;
08822d99 1312 /* options->local_command should not be set by default */
3c0ef626 1313 /* options->proxy_command should not be set by default */
1314 /* options->user will be set in the main program if appropriate */
1315 /* options->hostname will be set in the main program if appropriate */
1316 /* options->host_key_alias should not be set by default */
1317 /* options->preferred_authentications will be set in ssh */
1318}
dfddba3d 1319
1320/*
1321 * parse_forward
1322 * parses a string containing a port forwarding specification of the form:
5262cbfb 1323 * dynamicfwd == 0
dfddba3d 1324 * [listenhost:]listenport:connecthost:connectport
5262cbfb 1325 * dynamicfwd == 1
1326 * [listenhost:]listenport
dfddba3d 1327 * returns number of arguments parsed or zero on error
1328 */
1329int
5262cbfb 1330parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
dfddba3d 1331{
1332 int i;
1333 char *p, *cp, *fwdarg[4];
1334
1335 memset(fwd, '\0', sizeof(*fwd));
1336
1337 cp = p = xstrdup(fwdspec);
1338
1339 /* skip leading spaces */
fa0f0f45 1340 while (isspace(*cp))
dfddba3d 1341 cp++;
1342
1343 for (i = 0; i < 4; ++i)
1344 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1345 break;
1346
5262cbfb 1347 /* Check for trailing garbage */
dfddba3d 1348 if (cp != NULL)
1349 i = 0; /* failure */
1350
1351 switch (i) {
5262cbfb 1352 case 1:
1353 fwd->listen_host = NULL;
1354 fwd->listen_port = a2port(fwdarg[0]);
1355 fwd->connect_host = xstrdup("socks");
1356 break;
1357
1358 case 2:
1359 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1360 fwd->listen_port = a2port(fwdarg[1]);
1361 fwd->connect_host = xstrdup("socks");
1362 break;
1363
dfddba3d 1364 case 3:
1365 fwd->listen_host = NULL;
1366 fwd->listen_port = a2port(fwdarg[0]);
1367 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1368 fwd->connect_port = a2port(fwdarg[2]);
1369 break;
1370
1371 case 4:
1372 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1373 fwd->listen_port = a2port(fwdarg[1]);
1374 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1375 fwd->connect_port = a2port(fwdarg[3]);
1376 break;
1377 default:
1378 i = 0; /* failure */
1379 }
1380
1381 xfree(p);
1382
5262cbfb 1383 if (dynamicfwd) {
1384 if (!(i == 1 || i == 2))
1385 goto fail_free;
1386 } else {
1387 if (!(i == 3 || i == 4))
1388 goto fail_free;
1389 if (fwd->connect_port <= 0)
1390 goto fail_free;
1391 }
1392
1393 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
dfddba3d 1394 goto fail_free;
1395
1396 if (fwd->connect_host != NULL &&
1397 strlen(fwd->connect_host) >= NI_MAXHOST)
1398 goto fail_free;
5262cbfb 1399 if (fwd->listen_host != NULL &&
1400 strlen(fwd->listen_host) >= NI_MAXHOST)
1401 goto fail_free;
1402
dfddba3d 1403
1404 return (i);
1405
1406 fail_free:
5262cbfb 1407 if (fwd->connect_host != NULL) {
dfddba3d 1408 xfree(fwd->connect_host);
5262cbfb 1409 fwd->connect_host = NULL;
1410 }
1411 if (fwd->listen_host != NULL) {
dfddba3d 1412 xfree(fwd->listen_host);
5262cbfb 1413 fwd->listen_host = NULL;
1414 }
dfddba3d 1415 return (0);
1416}
git-cvsimport mirror of GSI OpenSSH
This page took 0.359734 seconds and 5 git commands to generate.