]> andersk Git - gssapi-openssh.git/blame - openssh/readconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
o Bump version to 2.7.
[gssapi-openssh.git] / openssh / readconf.c
CommitLineData
3c0ef626 1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Functions for reading the configuration files.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
bfe49944 15RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
3c0ef626 16
17#include "ssh.h"
18#include "xmalloc.h"
19#include "compat.h"
20#include "cipher.h"
21#include "pathnames.h"
22#include "log.h"
23#include "readconf.h"
24#include "match.h"
25#include "misc.h"
26#include "kex.h"
27#include "mac.h"
28
29/* Format of the configuration file:
30
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
34 # 3. system-wide file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
38
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
42
43 Host *.ngs.fi ngs.fi
44a053a3 44 User foo
3c0ef626 45
46 Host fake.com
47 HostName another.host.name.real.org
48 User blaah
49 Port 34289
50 ForwardX11 no
51 ForwardAgent no
52
53 Host books.com
54 RemoteForward 9999 shadows.cs.hut.fi:9999
55 Cipher 3des
56
57 Host fascist.blob.com
58 Port 23123
59 User tylonen
60 RhostsAuthentication no
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
44a053a3 68 PublicKeyAuthentication no
3c0ef626 69
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
77 ForwardX11 no
78 RhostsAuthentication yes
79 PasswordAuthentication yes
80 RSAAuthentication yes
81 RhostsRSAAuthentication yes
3c0ef626 82 StrictHostKeyChecking yes
83 KeepAlives no
84 IdentityFile ~/.ssh/identity
85 Port 22
86 EscapeChar ~
87
88*/
89
90/* Keyword tokens. */
91
92typedef enum {
93 oBadOption,
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
44a053a3 95 oPasswordAuthentication, oRSAAuthentication,
3c0ef626 96 oChallengeResponseAuthentication, oXAuthLocation,
97#if defined(KRB4) || defined(KRB5)
98 oKerberosAuthentication,
99#endif
5598e598 100#ifdef GSSAPI
7a056ed1 101 oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
5598e598 102#ifdef GSI
103 oGssGlobusDelegateLimitedCreds,
104#endif /* GSI */
105#endif /* GSSAPI */
3c0ef626 106#if defined(AFS) || defined(KRB5)
107 oKerberosTgtPassing,
108#endif
109#ifdef AFS
110 oAFSTokenPassing,
111#endif
112 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
113 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
114 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
115 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
116 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
117 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
118 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
119 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
120 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
121 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
44a053a3 122 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
bfe49944 123 oEnableSSHKeysign,
44a053a3 124 oDeprecated
3c0ef626 125} OpCodes;
126
127/* Textual representations of the tokens. */
128
129static struct {
130 const char *name;
131 OpCodes opcode;
132} keywords[] = {
133 { "forwardagent", oForwardAgent },
134 { "forwardx11", oForwardX11 },
135 { "xauthlocation", oXAuthLocation },
136 { "gatewayports", oGatewayPorts },
137 { "useprivilegedport", oUsePrivilegedPort },
138 { "rhostsauthentication", oRhostsAuthentication },
139 { "passwordauthentication", oPasswordAuthentication },
140 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
141 { "kbdinteractivedevices", oKbdInteractiveDevices },
142 { "rsaauthentication", oRSAAuthentication },
143 { "pubkeyauthentication", oPubkeyAuthentication },
144 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
145 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
146 { "hostbasedauthentication", oHostbasedAuthentication },
147 { "challengeresponseauthentication", oChallengeResponseAuthentication },
148 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
149 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
150#if defined(KRB4) || defined(KRB5)
151 { "kerberosauthentication", oKerberosAuthentication },
152#endif
5598e598 153#ifdef GSSAPI
154 { "gssapiauthentication", oGssAuthentication },
7a056ed1 155 { "gssapikeyexchange", oGssKeyEx },
5598e598 156 { "gssapidelegatecredentials", oGssDelegateCreds },
157#ifdef GSI
158 /* For backwards compatability with old 1.2.27 client code */
159 { "forwardgssapiglobusproxy", oGssDelegateCreds }, /* alias */
160 { "forwardgssapiglobuslimitedproxy", oGssGlobusDelegateLimitedCreds },
161#endif /* GSI */
162#endif /* GSSAPI */
3c0ef626 163#if defined(AFS) || defined(KRB5)
164 { "kerberostgtpassing", oKerberosTgtPassing },
165#endif
166#ifdef AFS
167 { "afstokenpassing", oAFSTokenPassing },
168#endif
44a053a3 169 { "fallbacktorsh", oDeprecated },
170 { "usersh", oDeprecated },
3c0ef626 171 { "identityfile", oIdentityFile },
172 { "identityfile2", oIdentityFile }, /* alias */
173 { "hostname", oHostName },
174 { "hostkeyalias", oHostKeyAlias },
175 { "proxycommand", oProxyCommand },
176 { "port", oPort },
177 { "cipher", oCipher },
178 { "ciphers", oCiphers },
179 { "macs", oMacs },
180 { "protocol", oProtocol },
181 { "remoteforward", oRemoteForward },
182 { "localforward", oLocalForward },
183 { "user", oUser },
184 { "host", oHost },
185 { "escapechar", oEscapeChar },
186 { "globalknownhostsfile", oGlobalKnownHostsFile },
187 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
188 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
189 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
190 { "connectionattempts", oConnectionAttempts },
191 { "batchmode", oBatchMode },
192 { "checkhostip", oCheckHostIP },
193 { "stricthostkeychecking", oStrictHostKeyChecking },
194 { "compression", oCompression },
195 { "compressionlevel", oCompressionLevel },
196 { "keepalive", oKeepAlives },
197 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
198 { "loglevel", oLogLevel },
199 { "dynamicforward", oDynamicForward },
200 { "preferredauthentications", oPreferredAuthentications },
201 { "hostkeyalgorithms", oHostKeyAlgorithms },
202 { "bindaddress", oBindAddress },
203 { "smartcarddevice", oSmartcardDevice },
e9702f7d 204 { "clearallforwardings", oClearAllForwardings },
bfe49944 205 { "enablesshkeysign", oEnableSSHKeysign },
e9702f7d 206 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
207 { NULL, oBadOption }
3c0ef626 208};
209
210/*
211 * Adds a local TCP/IP port forward to options. Never returns if there is an
212 * error.
213 */
214
215void
216add_local_forward(Options *options, u_short port, const char *host,
217 u_short host_port)
218{
219 Forward *fwd;
d03f4262 220#ifndef NO_IPPORT_RESERVED_CONCEPT
3c0ef626 221 extern uid_t original_real_uid;
222 if (port < IPPORT_RESERVED && original_real_uid != 0)
223 fatal("Privileged ports can only be forwarded by root.");
224#endif
225 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
226 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
227 fwd = &options->local_forwards[options->num_local_forwards++];
228 fwd->port = port;
229 fwd->host = xstrdup(host);
230 fwd->host_port = host_port;
231}
232
233/*
234 * Adds a remote TCP/IP port forward to options. Never returns if there is
235 * an error.
236 */
237
238void
239add_remote_forward(Options *options, u_short port, const char *host,
240 u_short host_port)
241{
242 Forward *fwd;
243 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
244 fatal("Too many remote forwards (max %d).",
e9702f7d 245 SSH_MAX_FORWARDS_PER_DIRECTION);
3c0ef626 246 fwd = &options->remote_forwards[options->num_remote_forwards++];
247 fwd->port = port;
248 fwd->host = xstrdup(host);
249 fwd->host_port = host_port;
250}
251
252static void
253clear_forwardings(Options *options)
254{
255 int i;
256
257 for (i = 0; i < options->num_local_forwards; i++)
258 xfree(options->local_forwards[i].host);
259 options->num_local_forwards = 0;
260 for (i = 0; i < options->num_remote_forwards; i++)
261 xfree(options->remote_forwards[i].host);
262 options->num_remote_forwards = 0;
263}
264
265/*
266 * Returns the number of the token pointed to by cp or oBadOption.
267 */
268
269static OpCodes
270parse_token(const char *cp, const char *filename, int linenum)
271{
272 u_int i;
273
274 for (i = 0; keywords[i].name; i++)
275 if (strcasecmp(cp, keywords[i].name) == 0)
276 return keywords[i].opcode;
277
278 error("%s: line %d: Bad configuration option: %s",
279 filename, linenum, cp);
280 return oBadOption;
281}
282
283/*
284 * Processes a single option line as used in the configuration files. This
285 * only sets those values that have not already been set.
286 */
bfe49944 287#define WHITESPACE " \t\r\n"
3c0ef626 288
289int
290process_config_line(Options *options, const char *host,
291 char *line, const char *filename, int linenum,
292 int *activep)
293{
bfe49944 294 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
3c0ef626 295 int opcode, *intptr, value;
bfe49944 296 size_t len;
3c0ef626 297 u_short fwd_port, fwd_host_port;
298 char sfwd_host_port[6];
299
300 s = line;
301 /* Get the keyword. (Each line is supposed to begin with a keyword). */
302 keyword = strdelim(&s);
303 /* Ignore leading whitespace. */
304 if (*keyword == '\0')
305 keyword = strdelim(&s);
306 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
307 return 0;
308
309 opcode = parse_token(keyword, filename, linenum);
310
311 switch (opcode) {
312 case oBadOption:
313 /* don't panic, but count bad options */
314 return -1;
315 /* NOTREACHED */
316 case oForwardAgent:
317 intptr = &options->forward_agent;
318parse_flag:
319 arg = strdelim(&s);
320 if (!arg || *arg == '\0')
321 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
322 value = 0; /* To avoid compiler warning... */
323 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
324 value = 1;
325 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
326 value = 0;
327 else
328 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
329 if (*activep && *intptr == -1)
330 *intptr = value;
331 break;
332
333 case oForwardX11:
334 intptr = &options->forward_x11;
335 goto parse_flag;
336
337 case oGatewayPorts:
338 intptr = &options->gateway_ports;
339 goto parse_flag;
340
341 case oUsePrivilegedPort:
342 intptr = &options->use_privileged_port;
343 goto parse_flag;
344
345 case oRhostsAuthentication:
346 intptr = &options->rhosts_authentication;
347 goto parse_flag;
348
349 case oPasswordAuthentication:
350 intptr = &options->password_authentication;
351 goto parse_flag;
352
353 case oKbdInteractiveAuthentication:
354 intptr = &options->kbd_interactive_authentication;
355 goto parse_flag;
356
357 case oKbdInteractiveDevices:
358 charptr = &options->kbd_interactive_devices;
359 goto parse_string;
360
361 case oPubkeyAuthentication:
362 intptr = &options->pubkey_authentication;
363 goto parse_flag;
364
365 case oRSAAuthentication:
366 intptr = &options->rsa_authentication;
367 goto parse_flag;
368
369 case oRhostsRSAAuthentication:
370 intptr = &options->rhosts_rsa_authentication;
371 goto parse_flag;
372
373 case oHostbasedAuthentication:
374 intptr = &options->hostbased_authentication;
375 goto parse_flag;
376
377 case oChallengeResponseAuthentication:
378 intptr = &options->challenge_response_authentication;
379 goto parse_flag;
380#if defined(KRB4) || defined(KRB5)
381 case oKerberosAuthentication:
382 intptr = &options->kerberos_authentication;
383 goto parse_flag;
384#endif
5598e598 385#ifdef GSSAPI
386 case oGssAuthentication:
387 intptr = &options->gss_authentication;
388 goto parse_flag;
389
7a056ed1 390 case oGssKeyEx:
391 intptr = &options->gss_keyex;
392 goto parse_flag;
393
5598e598 394 case oGssDelegateCreds:
395 intptr = &options->gss_deleg_creds;
396 goto parse_flag;
397
398#ifdef GSI
399 case oGssGlobusDelegateLimitedCreds:
400 intptr = &options->gss_globus_deleg_limited_proxy;
401 goto parse_flag;
402#endif /* GSI */
403
404#endif /* GSSAPI */
405
3c0ef626 406#if defined(AFS) || defined(KRB5)
407 case oKerberosTgtPassing:
408 intptr = &options->kerberos_tgt_passing;
409 goto parse_flag;
410#endif
411#ifdef AFS
412 case oAFSTokenPassing:
413 intptr = &options->afs_token_passing;
414 goto parse_flag;
415#endif
3c0ef626 416 case oBatchMode:
417 intptr = &options->batch_mode;
418 goto parse_flag;
419
420 case oCheckHostIP:
421 intptr = &options->check_host_ip;
422 goto parse_flag;
423
424 case oStrictHostKeyChecking:
425 intptr = &options->strict_host_key_checking;
426 arg = strdelim(&s);
427 if (!arg || *arg == '\0')
428 fatal("%.200s line %d: Missing yes/no/ask argument.",
e9702f7d 429 filename, linenum);
3c0ef626 430 value = 0; /* To avoid compiler warning... */
431 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
432 value = 1;
433 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
434 value = 0;
435 else if (strcmp(arg, "ask") == 0)
436 value = 2;
437 else
438 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
439 if (*activep && *intptr == -1)
440 *intptr = value;
441 break;
442
443 case oCompression:
444 intptr = &options->compression;
445 goto parse_flag;
446
447 case oKeepAlives:
448 intptr = &options->keepalives;
449 goto parse_flag;
450
451 case oNoHostAuthenticationForLocalhost:
452 intptr = &options->no_host_authentication_for_localhost;
453 goto parse_flag;
454
455 case oNumberOfPasswordPrompts:
456 intptr = &options->number_of_password_prompts;
457 goto parse_int;
458
459 case oCompressionLevel:
460 intptr = &options->compression_level;
461 goto parse_int;
462
463 case oIdentityFile:
464 arg = strdelim(&s);
465 if (!arg || *arg == '\0')
466 fatal("%.200s line %d: Missing argument.", filename, linenum);
467 if (*activep) {
468 intptr = &options->num_identity_files;
469 if (*intptr >= SSH_MAX_IDENTITY_FILES)
470 fatal("%.200s line %d: Too many identity files specified (max %d).",
e9702f7d 471 filename, linenum, SSH_MAX_IDENTITY_FILES);
3c0ef626 472 charptr = &options->identity_files[*intptr];
473 *charptr = xstrdup(arg);
474 *intptr = *intptr + 1;
475 }
476 break;
477
478 case oXAuthLocation:
479 charptr=&options->xauth_location;
480 goto parse_string;
481
482 case oUser:
483 charptr = &options->user;
484parse_string:
485 arg = strdelim(&s);
486 if (!arg || *arg == '\0')
487 fatal("%.200s line %d: Missing argument.", filename, linenum);
488 if (*activep && *charptr == NULL)
489 *charptr = xstrdup(arg);
490 break;
491
492 case oGlobalKnownHostsFile:
493 charptr = &options->system_hostfile;
494 goto parse_string;
495
496 case oUserKnownHostsFile:
497 charptr = &options->user_hostfile;
498 goto parse_string;
499
500 case oGlobalKnownHostsFile2:
501 charptr = &options->system_hostfile2;
502 goto parse_string;
503
504 case oUserKnownHostsFile2:
505 charptr = &options->user_hostfile2;
506 goto parse_string;
507
508 case oHostName:
509 charptr = &options->hostname;
510 goto parse_string;
511
512 case oHostKeyAlias:
513 charptr = &options->host_key_alias;
514 goto parse_string;
515
516 case oPreferredAuthentications:
517 charptr = &options->preferred_authentications;
518 goto parse_string;
519
520 case oBindAddress:
521 charptr = &options->bind_address;
522 goto parse_string;
523
524 case oSmartcardDevice:
525 charptr = &options->smartcard_device;
526 goto parse_string;
527
528 case oProxyCommand:
529 charptr = &options->proxy_command;
bfe49944 530 len = strspn(s, WHITESPACE "=");
3c0ef626 531 if (*activep && *charptr == NULL)
bfe49944 532 *charptr = xstrdup(s + len);
3c0ef626 533 return 0;
534
535 case oPort:
536 intptr = &options->port;
537parse_int:
538 arg = strdelim(&s);
539 if (!arg || *arg == '\0')
540 fatal("%.200s line %d: Missing argument.", filename, linenum);
541 if (arg[0] < '0' || arg[0] > '9')
542 fatal("%.200s line %d: Bad number.", filename, linenum);
543
544 /* Octal, decimal, or hex format? */
545 value = strtol(arg, &endofnumber, 0);
546 if (arg == endofnumber)
547 fatal("%.200s line %d: Bad number.", filename, linenum);
548 if (*activep && *intptr == -1)
549 *intptr = value;
550 break;
551
552 case oConnectionAttempts:
553 intptr = &options->connection_attempts;
554 goto parse_int;
555
556 case oCipher:
557 intptr = &options->cipher;
558 arg = strdelim(&s);
559 if (!arg || *arg == '\0')
560 fatal("%.200s line %d: Missing argument.", filename, linenum);
561 value = cipher_number(arg);
562 if (value == -1)
563 fatal("%.200s line %d: Bad cipher '%s'.",
e9702f7d 564 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 565 if (*activep && *intptr == -1)
566 *intptr = value;
567 break;
568
569 case oCiphers:
570 arg = strdelim(&s);
571 if (!arg || *arg == '\0')
572 fatal("%.200s line %d: Missing argument.", filename, linenum);
573 if (!ciphers_valid(arg))
574 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
e9702f7d 575 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 576 if (*activep && options->ciphers == NULL)
577 options->ciphers = xstrdup(arg);
578 break;
579
580 case oMacs:
581 arg = strdelim(&s);
582 if (!arg || *arg == '\0')
583 fatal("%.200s line %d: Missing argument.", filename, linenum);
584 if (!mac_valid(arg))
585 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
e9702f7d 586 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 587 if (*activep && options->macs == NULL)
588 options->macs = xstrdup(arg);
589 break;
590
591 case oHostKeyAlgorithms:
592 arg = strdelim(&s);
593 if (!arg || *arg == '\0')
594 fatal("%.200s line %d: Missing argument.", filename, linenum);
595 if (!key_names_valid2(arg))
596 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
e9702f7d 597 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 598 if (*activep && options->hostkeyalgorithms == NULL)
599 options->hostkeyalgorithms = xstrdup(arg);
600 break;
601
602 case oProtocol:
603 intptr = &options->protocol;
604 arg = strdelim(&s);
605 if (!arg || *arg == '\0')
606 fatal("%.200s line %d: Missing argument.", filename, linenum);
607 value = proto_spec(arg);
608 if (value == SSH_PROTO_UNKNOWN)
609 fatal("%.200s line %d: Bad protocol spec '%s'.",
e9702f7d 610 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 611 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
612 *intptr = value;
613 break;
614
615 case oLogLevel:
616 intptr = (int *) &options->log_level;
617 arg = strdelim(&s);
618 value = log_level_number(arg);
e9702f7d 619 if (value == SYSLOG_LEVEL_NOT_SET)
3c0ef626 620 fatal("%.200s line %d: unsupported log level '%s'",
e9702f7d 621 filename, linenum, arg ? arg : "<NONE>");
622 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
3c0ef626 623 *intptr = (LogLevel) value;
624 break;
625
626 case oLocalForward:
627 case oRemoteForward:
628 arg = strdelim(&s);
629 if (!arg || *arg == '\0')
630 fatal("%.200s line %d: Missing port argument.",
631 filename, linenum);
632 if ((fwd_port = a2port(arg)) == 0)
633 fatal("%.200s line %d: Bad listen port.",
634 filename, linenum);
635 arg = strdelim(&s);
636 if (!arg || *arg == '\0')
637 fatal("%.200s line %d: Missing second argument.",
638 filename, linenum);
639 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
640 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
641 fatal("%.200s line %d: Bad forwarding specification.",
642 filename, linenum);
643 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
644 fatal("%.200s line %d: Bad forwarding port.",
645 filename, linenum);
646 if (*activep) {
647 if (opcode == oLocalForward)
648 add_local_forward(options, fwd_port, buf,
649 fwd_host_port);
650 else if (opcode == oRemoteForward)
651 add_remote_forward(options, fwd_port, buf,
652 fwd_host_port);
653 }
654 break;
655
656 case oDynamicForward:
657 arg = strdelim(&s);
658 if (!arg || *arg == '\0')
659 fatal("%.200s line %d: Missing port argument.",
660 filename, linenum);
661 fwd_port = a2port(arg);
662 if (fwd_port == 0)
663 fatal("%.200s line %d: Badly formatted port number.",
664 filename, linenum);
665 if (*activep)
666 add_local_forward(options, fwd_port, "socks4", 0);
667 break;
668
669 case oClearAllForwardings:
670 intptr = &options->clear_forwardings;
671 goto parse_flag;
672
673 case oHost:
674 *activep = 0;
675 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
676 if (match_pattern(host, arg)) {
677 debug("Applying options for %.100s", arg);
678 *activep = 1;
679 break;
680 }
681 /* Avoid garbage check below, as strdelim is done. */
682 return 0;
683
684 case oEscapeChar:
685 intptr = &options->escape_char;
686 arg = strdelim(&s);
687 if (!arg || *arg == '\0')
688 fatal("%.200s line %d: Missing argument.", filename, linenum);
689 if (arg[0] == '^' && arg[2] == 0 &&
690 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
691 value = (u_char) arg[1] & 31;
692 else if (strlen(arg) == 1)
693 value = (u_char) arg[0];
694 else if (strcmp(arg, "none") == 0)
695 value = SSH_ESCAPECHAR_NONE;
696 else {
697 fatal("%.200s line %d: Bad escape character.",
e9702f7d 698 filename, linenum);
3c0ef626 699 /* NOTREACHED */
700 value = 0; /* Avoid compiler warning. */
701 }
702 if (*activep && *intptr == -1)
703 *intptr = value;
704 break;
705
bfe49944 706 case oEnableSSHKeysign:
707 intptr = &options->enable_ssh_keysign;
708 goto parse_flag;
709
44a053a3 710 case oDeprecated:
711 debug("%s line %d: Deprecated option \"%s\"",
712 filename, linenum, keyword);
713 return 0;
714
3c0ef626 715 default:
716 fatal("process_config_line: Unimplemented opcode %d", opcode);
717 }
718
719 /* Check that there is no garbage at end of line. */
720 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
721 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
e9702f7d 722 filename, linenum, arg);
3c0ef626 723 }
724 return 0;
725}
726
727
728/*
729 * Reads the config file and modifies the options accordingly. Options
730 * should already be initialized before this call. This never returns if
731 * there is an error. If the file does not exist, this returns 0.
732 */
733
734int
735read_config_file(const char *filename, const char *host, Options *options)
736{
737 FILE *f;
738 char line[1024];
739 int active, linenum;
740 int bad_options = 0;
741
742 /* Open the file. */
743 f = fopen(filename, "r");
744 if (!f)
745 return 0;
746
747 debug("Reading configuration data %.200s", filename);
748
749 /*
750 * Mark that we are now processing the options. This flag is turned
751 * on/off by Host specifications.
752 */
753 active = 1;
754 linenum = 0;
755 while (fgets(line, sizeof(line), f)) {
756 /* Update line number counter. */
757 linenum++;
758 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
759 bad_options++;
760 }
761 fclose(f);
762 if (bad_options > 0)
763 fatal("%s: terminating, %d bad configuration options",
e9702f7d 764 filename, bad_options);
3c0ef626 765 return 1;
766}
767
768/*
769 * Initializes options to special values that indicate that they have not yet
770 * been set. Read_config_file will only set options with this value. Options
771 * are processed in the following order: command line, user config file,
772 * system config file. Last, fill_default_options is called.
773 */
774
775void
776initialize_options(Options * options)
777{
778 memset(options, 'X', sizeof(*options));
779 options->forward_agent = -1;
780 options->forward_x11 = -1;
781 options->xauth_location = NULL;
782 options->gateway_ports = -1;
783 options->use_privileged_port = -1;
784 options->rhosts_authentication = -1;
785 options->rsa_authentication = -1;
786 options->pubkey_authentication = -1;
787 options->challenge_response_authentication = -1;
5598e598 788#ifdef GSSAPI
789 options->gss_authentication = -1;
7a056ed1 790 options->gss_keyex = -1;
5598e598 791 options->gss_deleg_creds = -1;
792#ifdef GSI
793 options->gss_globus_deleg_limited_proxy = -1;
794#endif /* GSI */
795#endif /* GSSAPI */
796
3c0ef626 797#if defined(KRB4) || defined(KRB5)
798 options->kerberos_authentication = -1;
799#endif
800#if defined(AFS) || defined(KRB5)
801 options->kerberos_tgt_passing = -1;
802#endif
803#ifdef AFS
804 options->afs_token_passing = -1;
805#endif
806 options->password_authentication = -1;
807 options->kbd_interactive_authentication = -1;
808 options->kbd_interactive_devices = NULL;
809 options->rhosts_rsa_authentication = -1;
810 options->hostbased_authentication = -1;
3c0ef626 811 options->batch_mode = -1;
812 options->check_host_ip = -1;
813 options->strict_host_key_checking = -1;
814 options->compression = -1;
815 options->keepalives = -1;
816 options->compression_level = -1;
817 options->port = -1;
818 options->connection_attempts = -1;
819 options->number_of_password_prompts = -1;
820 options->cipher = -1;
821 options->ciphers = NULL;
822 options->macs = NULL;
823 options->hostkeyalgorithms = NULL;
824 options->protocol = SSH_PROTO_UNKNOWN;
825 options->num_identity_files = 0;
826 options->hostname = NULL;
827 options->host_key_alias = NULL;
828 options->proxy_command = NULL;
829 options->user = NULL;
830 options->escape_char = -1;
831 options->system_hostfile = NULL;
832 options->user_hostfile = NULL;
833 options->system_hostfile2 = NULL;
834 options->user_hostfile2 = NULL;
835 options->num_local_forwards = 0;
836 options->num_remote_forwards = 0;
837 options->clear_forwardings = -1;
e9702f7d 838 options->log_level = SYSLOG_LEVEL_NOT_SET;
3c0ef626 839 options->preferred_authentications = NULL;
840 options->bind_address = NULL;
841 options->smartcard_device = NULL;
bfe49944 842 options->enable_ssh_keysign = - 1;
3c0ef626 843 options->no_host_authentication_for_localhost = - 1;
844}
845
846/*
847 * Called after processing other sources of option data, this fills those
848 * options for which no value has been specified with their default values.
849 */
850
851void
852fill_default_options(Options * options)
853{
854 int len;
855
856 if (options->forward_agent == -1)
857 options->forward_agent = 0;
858 if (options->forward_x11 == -1)
859 options->forward_x11 = 0;
3c0ef626 860 if (options->xauth_location == NULL)
861 options->xauth_location = _PATH_XAUTH;
3c0ef626 862 if (options->gateway_ports == -1)
863 options->gateway_ports = 0;
864 if (options->use_privileged_port == -1)
865 options->use_privileged_port = 0;
866 if (options->rhosts_authentication == -1)
44a053a3 867 options->rhosts_authentication = 0;
3c0ef626 868 if (options->rsa_authentication == -1)
869 options->rsa_authentication = 1;
870 if (options->pubkey_authentication == -1)
871 options->pubkey_authentication = 1;
872 if (options->challenge_response_authentication == -1)
873 options->challenge_response_authentication = 1;
5598e598 874#ifdef GSSAPI
875 if (options->gss_authentication == -1)
876 options->gss_authentication = 1;
7a056ed1 877 if (options->gss_keyex == -1)
878 options->gss_keyex = 1;
5598e598 879 if (options->gss_deleg_creds == -1)
880 options->gss_deleg_creds = 1;
881#ifdef GSI
882 if (options->gss_globus_deleg_limited_proxy == -1)
883 options->gss_globus_deleg_limited_proxy = 0;
884#endif /* GSI */
885#endif /* GSSAPI */
3c0ef626 886#if defined(KRB4) || defined(KRB5)
887 if (options->kerberos_authentication == -1)
888 options->kerberos_authentication = 1;
889#endif
890#if defined(AFS) || defined(KRB5)
891 if (options->kerberos_tgt_passing == -1)
892 options->kerberos_tgt_passing = 1;
893#endif
894#ifdef AFS
895 if (options->afs_token_passing == -1)
896 options->afs_token_passing = 1;
897#endif
898 if (options->password_authentication == -1)
899 options->password_authentication = 1;
900 if (options->kbd_interactive_authentication == -1)
901 options->kbd_interactive_authentication = 1;
902 if (options->rhosts_rsa_authentication == -1)
44a053a3 903 options->rhosts_rsa_authentication = 0;
3c0ef626 904 if (options->hostbased_authentication == -1)
905 options->hostbased_authentication = 0;
3c0ef626 906 if (options->batch_mode == -1)
907 options->batch_mode = 0;
908 if (options->check_host_ip == -1)
909 options->check_host_ip = 1;
910 if (options->strict_host_key_checking == -1)
911 options->strict_host_key_checking = 2; /* 2 is default */
912 if (options->compression == -1)
913 options->compression = 0;
914 if (options->keepalives == -1)
915 options->keepalives = 1;
916 if (options->compression_level == -1)
917 options->compression_level = 6;
918 if (options->port == -1)
919 options->port = 0; /* Filled in ssh_connect. */
920 if (options->connection_attempts == -1)
921 options->connection_attempts = 1;
922 if (options->number_of_password_prompts == -1)
923 options->number_of_password_prompts = 3;
924 /* Selected in ssh_login(). */
925 if (options->cipher == -1)
926 options->cipher = SSH_CIPHER_NOT_SET;
927 /* options->ciphers, default set in myproposals.h */
928 /* options->macs, default set in myproposals.h */
929 /* options->hostkeyalgorithms, default set in myproposals.h */
930 if (options->protocol == SSH_PROTO_UNKNOWN)
931 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
932 if (options->num_identity_files == 0) {
933 if (options->protocol & SSH_PROTO_1) {
934 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
935 options->identity_files[options->num_identity_files] =
936 xmalloc(len);
937 snprintf(options->identity_files[options->num_identity_files++],
938 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
939 }
940 if (options->protocol & SSH_PROTO_2) {
941 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
942 options->identity_files[options->num_identity_files] =
943 xmalloc(len);
944 snprintf(options->identity_files[options->num_identity_files++],
945 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
946
947 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
948 options->identity_files[options->num_identity_files] =
949 xmalloc(len);
950 snprintf(options->identity_files[options->num_identity_files++],
951 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
952 }
953 }
954 if (options->escape_char == -1)
955 options->escape_char = '~';
956 if (options->system_hostfile == NULL)
957 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
958 if (options->user_hostfile == NULL)
959 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
960 if (options->system_hostfile2 == NULL)
961 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
962 if (options->user_hostfile2 == NULL)
963 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
e9702f7d 964 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
3c0ef626 965 options->log_level = SYSLOG_LEVEL_INFO;
966 if (options->clear_forwardings == 1)
967 clear_forwardings(options);
968 if (options->no_host_authentication_for_localhost == - 1)
969 options->no_host_authentication_for_localhost = 0;
bfe49944 970 if (options->enable_ssh_keysign == -1)
971 options->enable_ssh_keysign = 0;
3c0ef626 972 /* options->proxy_command should not be set by default */
973 /* options->user will be set in the main program if appropriate */
974 /* options->hostname will be set in the main program if appropriate */
975 /* options->host_key_alias should not be set by default */
976 /* options->preferred_authentications will be set in ssh */
977}
git-cvsimport mirror of GSI OpenSSH
This page took 2.3816 seconds and 5 git commands to generate.