]> andersk Git - gssapi-openssh.git/blame - openssh/readconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openssh-3.6.1p2-gssapi-20030430.diff from Simon
[gssapi-openssh.git] / openssh / readconf.c
CommitLineData
3c0ef626 1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Functions for reading the configuration files.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14#include "includes.h"
6a9b3198 15RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
3c0ef626 16
17#include "ssh.h"
18#include "xmalloc.h"
19#include "compat.h"
20#include "cipher.h"
21#include "pathnames.h"
22#include "log.h"
23#include "readconf.h"
24#include "match.h"
25#include "misc.h"
26#include "kex.h"
27#include "mac.h"
28
29/* Format of the configuration file:
30
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
34 # 3. system-wide file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
38
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
42
43 Host *.ngs.fi ngs.fi
f5799ae1 44 User foo
3c0ef626 45
46 Host fake.com
47 HostName another.host.name.real.org
48 User blaah
49 Port 34289
50 ForwardX11 no
51 ForwardAgent no
52
53 Host books.com
54 RemoteForward 9999 shadows.cs.hut.fi:9999
55 Cipher 3des
56
57 Host fascist.blob.com
58 Port 23123
59 User tylonen
60 RhostsAuthentication no
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
f5799ae1 68 PublicKeyAuthentication no
3c0ef626 69
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
77 ForwardX11 no
78 RhostsAuthentication yes
79 PasswordAuthentication yes
80 RSAAuthentication yes
81 RhostsRSAAuthentication yes
3c0ef626 82 StrictHostKeyChecking yes
83 KeepAlives no
84 IdentityFile ~/.ssh/identity
85 Port 22
86 EscapeChar ~
87
88*/
89
90/* Keyword tokens. */
91
92typedef enum {
93 oBadOption,
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
f5799ae1 95 oPasswordAuthentication, oRSAAuthentication,
3c0ef626 96 oChallengeResponseAuthentication, oXAuthLocation,
97#if defined(KRB4) || defined(KRB5)
98 oKerberosAuthentication,
99#endif
c0fc5818 100#ifdef GSSAPI
101 oGssAuthentication, oGssDelegateCreds,
102#ifdef GSI
103 oGssGlobusDelegateLimitedCreds,
104#endif /* GSI */
105#endif /* GSSAPI */
3c0ef626 106#if defined(AFS) || defined(KRB5)
107 oKerberosTgtPassing,
108#endif
109#ifdef AFS
110 oAFSTokenPassing,
111#endif
112 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
113 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
114 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
115 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
116 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
117 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
118 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
119 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
120 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
121 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
f5799ae1 122 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
6a9b3198 123 oEnableSSHKeysign,
f5799ae1 124 oDeprecated
3c0ef626 125} OpCodes;
126
127/* Textual representations of the tokens. */
128
129static struct {
130 const char *name;
131 OpCodes opcode;
132} keywords[] = {
133 { "forwardagent", oForwardAgent },
134 { "forwardx11", oForwardX11 },
135 { "xauthlocation", oXAuthLocation },
136 { "gatewayports", oGatewayPorts },
137 { "useprivilegedport", oUsePrivilegedPort },
138 { "rhostsauthentication", oRhostsAuthentication },
139 { "passwordauthentication", oPasswordAuthentication },
140 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
141 { "kbdinteractivedevices", oKbdInteractiveDevices },
142 { "rsaauthentication", oRSAAuthentication },
143 { "pubkeyauthentication", oPubkeyAuthentication },
144 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
145 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
146 { "hostbasedauthentication", oHostbasedAuthentication },
147 { "challengeresponseauthentication", oChallengeResponseAuthentication },
148 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
149 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
150#if defined(KRB4) || defined(KRB5)
151 { "kerberosauthentication", oKerberosAuthentication },
152#endif
c0fc5818 153#ifdef GSSAPI
154 { "gssapiauthentication", oGssAuthentication },
155 { "gssapidelegatecredentials", oGssDelegateCreds },
156#ifdef GSI
157 /* For backwards compatability with old 1.2.27 client code */
158 { "forwardgssapiglobusproxy", oGssDelegateCreds }, /* alias */
159 { "forwardgssapiglobuslimitedproxy", oGssGlobusDelegateLimitedCreds },
160#endif /* GSI */
161#endif /* GSSAPI */
3c0ef626 162#if defined(AFS) || defined(KRB5)
163 { "kerberostgtpassing", oKerberosTgtPassing },
164#endif
165#ifdef AFS
166 { "afstokenpassing", oAFSTokenPassing },
167#endif
f5799ae1 168 { "fallbacktorsh", oDeprecated },
169 { "usersh", oDeprecated },
3c0ef626 170 { "identityfile", oIdentityFile },
171 { "identityfile2", oIdentityFile }, /* alias */
172 { "hostname", oHostName },
173 { "hostkeyalias", oHostKeyAlias },
174 { "proxycommand", oProxyCommand },
175 { "port", oPort },
176 { "cipher", oCipher },
177 { "ciphers", oCiphers },
178 { "macs", oMacs },
179 { "protocol", oProtocol },
180 { "remoteforward", oRemoteForward },
181 { "localforward", oLocalForward },
182 { "user", oUser },
183 { "host", oHost },
184 { "escapechar", oEscapeChar },
185 { "globalknownhostsfile", oGlobalKnownHostsFile },
186 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
187 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
188 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
189 { "connectionattempts", oConnectionAttempts },
190 { "batchmode", oBatchMode },
191 { "checkhostip", oCheckHostIP },
192 { "stricthostkeychecking", oStrictHostKeyChecking },
193 { "compression", oCompression },
194 { "compressionlevel", oCompressionLevel },
195 { "keepalive", oKeepAlives },
196 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
197 { "loglevel", oLogLevel },
198 { "dynamicforward", oDynamicForward },
199 { "preferredauthentications", oPreferredAuthentications },
200 { "hostkeyalgorithms", oHostKeyAlgorithms },
201 { "bindaddress", oBindAddress },
202 { "smartcarddevice", oSmartcardDevice },
e9a17296 203 { "clearallforwardings", oClearAllForwardings },
6a9b3198 204 { "enablesshkeysign", oEnableSSHKeysign },
e9a17296 205 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
206 { NULL, oBadOption }
3c0ef626 207};
208
209/*
210 * Adds a local TCP/IP port forward to options. Never returns if there is an
211 * error.
212 */
213
214void
215add_local_forward(Options *options, u_short port, const char *host,
216 u_short host_port)
217{
218 Forward *fwd;
41b2f314 219#ifndef NO_IPPORT_RESERVED_CONCEPT
3c0ef626 220 extern uid_t original_real_uid;
221 if (port < IPPORT_RESERVED && original_real_uid != 0)
222 fatal("Privileged ports can only be forwarded by root.");
223#endif
224 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
225 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
226 fwd = &options->local_forwards[options->num_local_forwards++];
227 fwd->port = port;
228 fwd->host = xstrdup(host);
229 fwd->host_port = host_port;
230}
231
232/*
233 * Adds a remote TCP/IP port forward to options. Never returns if there is
234 * an error.
235 */
236
237void
238add_remote_forward(Options *options, u_short port, const char *host,
239 u_short host_port)
240{
241 Forward *fwd;
242 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
243 fatal("Too many remote forwards (max %d).",
e9a17296 244 SSH_MAX_FORWARDS_PER_DIRECTION);
3c0ef626 245 fwd = &options->remote_forwards[options->num_remote_forwards++];
246 fwd->port = port;
247 fwd->host = xstrdup(host);
248 fwd->host_port = host_port;
249}
250
251static void
252clear_forwardings(Options *options)
253{
254 int i;
255
256 for (i = 0; i < options->num_local_forwards; i++)
257 xfree(options->local_forwards[i].host);
258 options->num_local_forwards = 0;
259 for (i = 0; i < options->num_remote_forwards; i++)
260 xfree(options->remote_forwards[i].host);
261 options->num_remote_forwards = 0;
262}
263
264/*
265 * Returns the number of the token pointed to by cp or oBadOption.
266 */
267
268static OpCodes
269parse_token(const char *cp, const char *filename, int linenum)
270{
271 u_int i;
272
273 for (i = 0; keywords[i].name; i++)
274 if (strcasecmp(cp, keywords[i].name) == 0)
275 return keywords[i].opcode;
276
277 error("%s: line %d: Bad configuration option: %s",
278 filename, linenum, cp);
279 return oBadOption;
280}
281
282/*
283 * Processes a single option line as used in the configuration files. This
284 * only sets those values that have not already been set.
285 */
6a9b3198 286#define WHITESPACE " \t\r\n"
3c0ef626 287
288int
289process_config_line(Options *options, const char *host,
290 char *line, const char *filename, int linenum,
291 int *activep)
292{
6a9b3198 293 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
3c0ef626 294 int opcode, *intptr, value;
6a9b3198 295 size_t len;
3c0ef626 296 u_short fwd_port, fwd_host_port;
297 char sfwd_host_port[6];
298
299 s = line;
300 /* Get the keyword. (Each line is supposed to begin with a keyword). */
301 keyword = strdelim(&s);
302 /* Ignore leading whitespace. */
303 if (*keyword == '\0')
304 keyword = strdelim(&s);
305 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
306 return 0;
307
308 opcode = parse_token(keyword, filename, linenum);
309
310 switch (opcode) {
311 case oBadOption:
312 /* don't panic, but count bad options */
313 return -1;
314 /* NOTREACHED */
315 case oForwardAgent:
316 intptr = &options->forward_agent;
317parse_flag:
318 arg = strdelim(&s);
319 if (!arg || *arg == '\0')
320 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
321 value = 0; /* To avoid compiler warning... */
322 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
323 value = 1;
324 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
325 value = 0;
326 else
327 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
328 if (*activep && *intptr == -1)
329 *intptr = value;
330 break;
331
332 case oForwardX11:
333 intptr = &options->forward_x11;
334 goto parse_flag;
335
336 case oGatewayPorts:
337 intptr = &options->gateway_ports;
338 goto parse_flag;
339
340 case oUsePrivilegedPort:
341 intptr = &options->use_privileged_port;
342 goto parse_flag;
343
344 case oRhostsAuthentication:
345 intptr = &options->rhosts_authentication;
346 goto parse_flag;
347
348 case oPasswordAuthentication:
349 intptr = &options->password_authentication;
350 goto parse_flag;
351
352 case oKbdInteractiveAuthentication:
353 intptr = &options->kbd_interactive_authentication;
354 goto parse_flag;
355
356 case oKbdInteractiveDevices:
357 charptr = &options->kbd_interactive_devices;
358 goto parse_string;
359
360 case oPubkeyAuthentication:
361 intptr = &options->pubkey_authentication;
362 goto parse_flag;
363
364 case oRSAAuthentication:
365 intptr = &options->rsa_authentication;
366 goto parse_flag;
367
368 case oRhostsRSAAuthentication:
369 intptr = &options->rhosts_rsa_authentication;
370 goto parse_flag;
371
372 case oHostbasedAuthentication:
373 intptr = &options->hostbased_authentication;
374 goto parse_flag;
375
376 case oChallengeResponseAuthentication:
377 intptr = &options->challenge_response_authentication;
378 goto parse_flag;
379#if defined(KRB4) || defined(KRB5)
380 case oKerberosAuthentication:
381 intptr = &options->kerberos_authentication;
382 goto parse_flag;
383#endif
c0fc5818 384#ifdef GSSAPI
385 case oGssAuthentication:
386 intptr = &options->gss_authentication;
387 goto parse_flag;
388
389 case oGssDelegateCreds:
390 intptr = &options->gss_deleg_creds;
391 goto parse_flag;
392
393#ifdef GSI
394 case oGssGlobusDelegateLimitedCreds:
395 intptr = &options->gss_globus_deleg_limited_proxy;
396 goto parse_flag;
397#endif /* GSI */
398
399#endif /* GSSAPI */
400
3c0ef626 401#if defined(AFS) || defined(KRB5)
402 case oKerberosTgtPassing:
403 intptr = &options->kerberos_tgt_passing;
404 goto parse_flag;
405#endif
406#ifdef AFS
407 case oAFSTokenPassing:
408 intptr = &options->afs_token_passing;
409 goto parse_flag;
410#endif
3c0ef626 411 case oBatchMode:
412 intptr = &options->batch_mode;
413 goto parse_flag;
414
415 case oCheckHostIP:
416 intptr = &options->check_host_ip;
417 goto parse_flag;
418
419 case oStrictHostKeyChecking:
420 intptr = &options->strict_host_key_checking;
421 arg = strdelim(&s);
422 if (!arg || *arg == '\0')
423 fatal("%.200s line %d: Missing yes/no/ask argument.",
e9a17296 424 filename, linenum);
3c0ef626 425 value = 0; /* To avoid compiler warning... */
426 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
427 value = 1;
428 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
429 value = 0;
430 else if (strcmp(arg, "ask") == 0)
431 value = 2;
432 else
433 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
434 if (*activep && *intptr == -1)
435 *intptr = value;
436 break;
437
438 case oCompression:
439 intptr = &options->compression;
440 goto parse_flag;
441
442 case oKeepAlives:
443 intptr = &options->keepalives;
444 goto parse_flag;
445
446 case oNoHostAuthenticationForLocalhost:
447 intptr = &options->no_host_authentication_for_localhost;
448 goto parse_flag;
449
450 case oNumberOfPasswordPrompts:
451 intptr = &options->number_of_password_prompts;
452 goto parse_int;
453
454 case oCompressionLevel:
455 intptr = &options->compression_level;
456 goto parse_int;
457
458 case oIdentityFile:
459 arg = strdelim(&s);
460 if (!arg || *arg == '\0')
461 fatal("%.200s line %d: Missing argument.", filename, linenum);
462 if (*activep) {
463 intptr = &options->num_identity_files;
464 if (*intptr >= SSH_MAX_IDENTITY_FILES)
465 fatal("%.200s line %d: Too many identity files specified (max %d).",
e9a17296 466 filename, linenum, SSH_MAX_IDENTITY_FILES);
3c0ef626 467 charptr = &options->identity_files[*intptr];
468 *charptr = xstrdup(arg);
469 *intptr = *intptr + 1;
470 }
471 break;
472
473 case oXAuthLocation:
474 charptr=&options->xauth_location;
475 goto parse_string;
476
477 case oUser:
478 charptr = &options->user;
479parse_string:
480 arg = strdelim(&s);
481 if (!arg || *arg == '\0')
482 fatal("%.200s line %d: Missing argument.", filename, linenum);
483 if (*activep && *charptr == NULL)
484 *charptr = xstrdup(arg);
485 break;
486
487 case oGlobalKnownHostsFile:
488 charptr = &options->system_hostfile;
489 goto parse_string;
490
491 case oUserKnownHostsFile:
492 charptr = &options->user_hostfile;
493 goto parse_string;
494
495 case oGlobalKnownHostsFile2:
496 charptr = &options->system_hostfile2;
497 goto parse_string;
498
499 case oUserKnownHostsFile2:
500 charptr = &options->user_hostfile2;
501 goto parse_string;
502
503 case oHostName:
504 charptr = &options->hostname;
505 goto parse_string;
506
507 case oHostKeyAlias:
508 charptr = &options->host_key_alias;
509 goto parse_string;
510
511 case oPreferredAuthentications:
512 charptr = &options->preferred_authentications;
513 goto parse_string;
514
515 case oBindAddress:
516 charptr = &options->bind_address;
517 goto parse_string;
518
519 case oSmartcardDevice:
520 charptr = &options->smartcard_device;
521 goto parse_string;
522
523 case oProxyCommand:
524 charptr = &options->proxy_command;
6a9b3198 525 len = strspn(s, WHITESPACE "=");
3c0ef626 526 if (*activep && *charptr == NULL)
6a9b3198 527 *charptr = xstrdup(s + len);
3c0ef626 528 return 0;
529
530 case oPort:
531 intptr = &options->port;
532parse_int:
533 arg = strdelim(&s);
534 if (!arg || *arg == '\0')
535 fatal("%.200s line %d: Missing argument.", filename, linenum);
536 if (arg[0] < '0' || arg[0] > '9')
537 fatal("%.200s line %d: Bad number.", filename, linenum);
538
539 /* Octal, decimal, or hex format? */
540 value = strtol(arg, &endofnumber, 0);
541 if (arg == endofnumber)
542 fatal("%.200s line %d: Bad number.", filename, linenum);
543 if (*activep && *intptr == -1)
544 *intptr = value;
545 break;
546
547 case oConnectionAttempts:
548 intptr = &options->connection_attempts;
549 goto parse_int;
550
551 case oCipher:
552 intptr = &options->cipher;
553 arg = strdelim(&s);
554 if (!arg || *arg == '\0')
555 fatal("%.200s line %d: Missing argument.", filename, linenum);
556 value = cipher_number(arg);
557 if (value == -1)
558 fatal("%.200s line %d: Bad cipher '%s'.",
e9a17296 559 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 560 if (*activep && *intptr == -1)
561 *intptr = value;
562 break;
563
564 case oCiphers:
565 arg = strdelim(&s);
566 if (!arg || *arg == '\0')
567 fatal("%.200s line %d: Missing argument.", filename, linenum);
568 if (!ciphers_valid(arg))
569 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
e9a17296 570 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 571 if (*activep && options->ciphers == NULL)
572 options->ciphers = xstrdup(arg);
573 break;
574
575 case oMacs:
576 arg = strdelim(&s);
577 if (!arg || *arg == '\0')
578 fatal("%.200s line %d: Missing argument.", filename, linenum);
579 if (!mac_valid(arg))
580 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
e9a17296 581 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 582 if (*activep && options->macs == NULL)
583 options->macs = xstrdup(arg);
584 break;
585
586 case oHostKeyAlgorithms:
587 arg = strdelim(&s);
588 if (!arg || *arg == '\0')
589 fatal("%.200s line %d: Missing argument.", filename, linenum);
590 if (!key_names_valid2(arg))
591 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
e9a17296 592 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 593 if (*activep && options->hostkeyalgorithms == NULL)
594 options->hostkeyalgorithms = xstrdup(arg);
595 break;
596
597 case oProtocol:
598 intptr = &options->protocol;
599 arg = strdelim(&s);
600 if (!arg || *arg == '\0')
601 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 value = proto_spec(arg);
603 if (value == SSH_PROTO_UNKNOWN)
604 fatal("%.200s line %d: Bad protocol spec '%s'.",
e9a17296 605 filename, linenum, arg ? arg : "<NONE>");
3c0ef626 606 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
607 *intptr = value;
608 break;
609
610 case oLogLevel:
611 intptr = (int *) &options->log_level;
612 arg = strdelim(&s);
613 value = log_level_number(arg);
e9a17296 614 if (value == SYSLOG_LEVEL_NOT_SET)
3c0ef626 615 fatal("%.200s line %d: unsupported log level '%s'",
e9a17296 616 filename, linenum, arg ? arg : "<NONE>");
617 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
3c0ef626 618 *intptr = (LogLevel) value;
619 break;
620
621 case oLocalForward:
622 case oRemoteForward:
623 arg = strdelim(&s);
624 if (!arg || *arg == '\0')
625 fatal("%.200s line %d: Missing port argument.",
626 filename, linenum);
627 if ((fwd_port = a2port(arg)) == 0)
628 fatal("%.200s line %d: Bad listen port.",
629 filename, linenum);
630 arg = strdelim(&s);
631 if (!arg || *arg == '\0')
632 fatal("%.200s line %d: Missing second argument.",
633 filename, linenum);
634 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
635 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
636 fatal("%.200s line %d: Bad forwarding specification.",
637 filename, linenum);
638 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
639 fatal("%.200s line %d: Bad forwarding port.",
640 filename, linenum);
641 if (*activep) {
642 if (opcode == oLocalForward)
643 add_local_forward(options, fwd_port, buf,
644 fwd_host_port);
645 else if (opcode == oRemoteForward)
646 add_remote_forward(options, fwd_port, buf,
647 fwd_host_port);
648 }
649 break;
650
651 case oDynamicForward:
652 arg = strdelim(&s);
653 if (!arg || *arg == '\0')
654 fatal("%.200s line %d: Missing port argument.",
655 filename, linenum);
656 fwd_port = a2port(arg);
657 if (fwd_port == 0)
658 fatal("%.200s line %d: Badly formatted port number.",
659 filename, linenum);
660 if (*activep)
661 add_local_forward(options, fwd_port, "socks4", 0);
662 break;
663
664 case oClearAllForwardings:
665 intptr = &options->clear_forwardings;
666 goto parse_flag;
667
668 case oHost:
669 *activep = 0;
670 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
671 if (match_pattern(host, arg)) {
672 debug("Applying options for %.100s", arg);
673 *activep = 1;
674 break;
675 }
676 /* Avoid garbage check below, as strdelim is done. */
677 return 0;
678
679 case oEscapeChar:
680 intptr = &options->escape_char;
681 arg = strdelim(&s);
682 if (!arg || *arg == '\0')
683 fatal("%.200s line %d: Missing argument.", filename, linenum);
684 if (arg[0] == '^' && arg[2] == 0 &&
685 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
686 value = (u_char) arg[1] & 31;
687 else if (strlen(arg) == 1)
688 value = (u_char) arg[0];
689 else if (strcmp(arg, "none") == 0)
690 value = SSH_ESCAPECHAR_NONE;
691 else {
692 fatal("%.200s line %d: Bad escape character.",
e9a17296 693 filename, linenum);
3c0ef626 694 /* NOTREACHED */
695 value = 0; /* Avoid compiler warning. */
696 }
697 if (*activep && *intptr == -1)
698 *intptr = value;
699 break;
700
6a9b3198 701 case oEnableSSHKeysign:
702 intptr = &options->enable_ssh_keysign;
703 goto parse_flag;
704
f5799ae1 705 case oDeprecated:
706 debug("%s line %d: Deprecated option \"%s\"",
707 filename, linenum, keyword);
708 return 0;
709
3c0ef626 710 default:
711 fatal("process_config_line: Unimplemented opcode %d", opcode);
712 }
713
714 /* Check that there is no garbage at end of line. */
715 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
716 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
e9a17296 717 filename, linenum, arg);
3c0ef626 718 }
719 return 0;
720}
721
722
723/*
724 * Reads the config file and modifies the options accordingly. Options
725 * should already be initialized before this call. This never returns if
726 * there is an error. If the file does not exist, this returns 0.
727 */
728
729int
730read_config_file(const char *filename, const char *host, Options *options)
731{
732 FILE *f;
733 char line[1024];
734 int active, linenum;
735 int bad_options = 0;
736
737 /* Open the file. */
738 f = fopen(filename, "r");
739 if (!f)
740 return 0;
741
742 debug("Reading configuration data %.200s", filename);
743
744 /*
745 * Mark that we are now processing the options. This flag is turned
746 * on/off by Host specifications.
747 */
748 active = 1;
749 linenum = 0;
750 while (fgets(line, sizeof(line), f)) {
751 /* Update line number counter. */
752 linenum++;
753 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
754 bad_options++;
755 }
756 fclose(f);
757 if (bad_options > 0)
758 fatal("%s: terminating, %d bad configuration options",
e9a17296 759 filename, bad_options);
3c0ef626 760 return 1;
761}
762
763/*
764 * Initializes options to special values that indicate that they have not yet
765 * been set. Read_config_file will only set options with this value. Options
766 * are processed in the following order: command line, user config file,
767 * system config file. Last, fill_default_options is called.
768 */
769
770void
771initialize_options(Options * options)
772{
773 memset(options, 'X', sizeof(*options));
774 options->forward_agent = -1;
775 options->forward_x11 = -1;
776 options->xauth_location = NULL;
777 options->gateway_ports = -1;
778 options->use_privileged_port = -1;
779 options->rhosts_authentication = -1;
780 options->rsa_authentication = -1;
781 options->pubkey_authentication = -1;
782 options->challenge_response_authentication = -1;
c0fc5818 783#ifdef GSSAPI
784 options->gss_authentication = -1;
785 options->gss_deleg_creds = -1;
786#ifdef GSI
787 options->gss_globus_deleg_limited_proxy = -1;
788#endif /* GSI */
789#endif /* GSSAPI */
790
3c0ef626 791#if defined(KRB4) || defined(KRB5)
792 options->kerberos_authentication = -1;
793#endif
794#if defined(AFS) || defined(KRB5)
795 options->kerberos_tgt_passing = -1;
796#endif
797#ifdef AFS
798 options->afs_token_passing = -1;
799#endif
800 options->password_authentication = -1;
801 options->kbd_interactive_authentication = -1;
802 options->kbd_interactive_devices = NULL;
803 options->rhosts_rsa_authentication = -1;
804 options->hostbased_authentication = -1;
3c0ef626 805 options->batch_mode = -1;
806 options->check_host_ip = -1;
807 options->strict_host_key_checking = -1;
808 options->compression = -1;
809 options->keepalives = -1;
810 options->compression_level = -1;
811 options->port = -1;
812 options->connection_attempts = -1;
813 options->number_of_password_prompts = -1;
814 options->cipher = -1;
815 options->ciphers = NULL;
816 options->macs = NULL;
817 options->hostkeyalgorithms = NULL;
818 options->protocol = SSH_PROTO_UNKNOWN;
819 options->num_identity_files = 0;
820 options->hostname = NULL;
821 options->host_key_alias = NULL;
822 options->proxy_command = NULL;
823 options->user = NULL;
824 options->escape_char = -1;
825 options->system_hostfile = NULL;
826 options->user_hostfile = NULL;
827 options->system_hostfile2 = NULL;
828 options->user_hostfile2 = NULL;
829 options->num_local_forwards = 0;
830 options->num_remote_forwards = 0;
831 options->clear_forwardings = -1;
e9a17296 832 options->log_level = SYSLOG_LEVEL_NOT_SET;
3c0ef626 833 options->preferred_authentications = NULL;
834 options->bind_address = NULL;
835 options->smartcard_device = NULL;
6a9b3198 836 options->enable_ssh_keysign = - 1;
3c0ef626 837 options->no_host_authentication_for_localhost = - 1;
838}
839
840/*
841 * Called after processing other sources of option data, this fills those
842 * options for which no value has been specified with their default values.
843 */
844
845void
846fill_default_options(Options * options)
847{
848 int len;
849
850 if (options->forward_agent == -1)
851 options->forward_agent = 0;
852 if (options->forward_x11 == -1)
853 options->forward_x11 = 0;
3c0ef626 854 if (options->xauth_location == NULL)
855 options->xauth_location = _PATH_XAUTH;
3c0ef626 856 if (options->gateway_ports == -1)
857 options->gateway_ports = 0;
858 if (options->use_privileged_port == -1)
859 options->use_privileged_port = 0;
860 if (options->rhosts_authentication == -1)
f5799ae1 861 options->rhosts_authentication = 0;
3c0ef626 862 if (options->rsa_authentication == -1)
863 options->rsa_authentication = 1;
864 if (options->pubkey_authentication == -1)
865 options->pubkey_authentication = 1;
866 if (options->challenge_response_authentication == -1)
867 options->challenge_response_authentication = 1;
c0fc5818 868#ifdef GSSAPI
869 if (options->gss_authentication == -1)
870 options->gss_authentication = 1;
871 if (options->gss_deleg_creds == -1)
872 options->gss_deleg_creds = 1;
873#ifdef GSI
874 if (options->gss_globus_deleg_limited_proxy == -1)
875 options->gss_globus_deleg_limited_proxy = 0;
876#endif /* GSI */
877#endif /* GSSAPI */
3c0ef626 878#if defined(KRB4) || defined(KRB5)
879 if (options->kerberos_authentication == -1)
880 options->kerberos_authentication = 1;
881#endif
882#if defined(AFS) || defined(KRB5)
883 if (options->kerberos_tgt_passing == -1)
884 options->kerberos_tgt_passing = 1;
885#endif
886#ifdef AFS
887 if (options->afs_token_passing == -1)
888 options->afs_token_passing = 1;
889#endif
890 if (options->password_authentication == -1)
891 options->password_authentication = 1;
892 if (options->kbd_interactive_authentication == -1)
893 options->kbd_interactive_authentication = 1;
894 if (options->rhosts_rsa_authentication == -1)
f5799ae1 895 options->rhosts_rsa_authentication = 0;
3c0ef626 896 if (options->hostbased_authentication == -1)
897 options->hostbased_authentication = 0;
3c0ef626 898 if (options->batch_mode == -1)
899 options->batch_mode = 0;
900 if (options->check_host_ip == -1)
901 options->check_host_ip = 1;
902 if (options->strict_host_key_checking == -1)
903 options->strict_host_key_checking = 2; /* 2 is default */
904 if (options->compression == -1)
905 options->compression = 0;
906 if (options->keepalives == -1)
907 options->keepalives = 1;
908 if (options->compression_level == -1)
909 options->compression_level = 6;
910 if (options->port == -1)
911 options->port = 0; /* Filled in ssh_connect. */
912 if (options->connection_attempts == -1)
913 options->connection_attempts = 1;
914 if (options->number_of_password_prompts == -1)
915 options->number_of_password_prompts = 3;
916 /* Selected in ssh_login(). */
917 if (options->cipher == -1)
918 options->cipher = SSH_CIPHER_NOT_SET;
919 /* options->ciphers, default set in myproposals.h */
920 /* options->macs, default set in myproposals.h */
921 /* options->hostkeyalgorithms, default set in myproposals.h */
922 if (options->protocol == SSH_PROTO_UNKNOWN)
923 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
924 if (options->num_identity_files == 0) {
925 if (options->protocol & SSH_PROTO_1) {
926 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
927 options->identity_files[options->num_identity_files] =
928 xmalloc(len);
929 snprintf(options->identity_files[options->num_identity_files++],
930 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
931 }
932 if (options->protocol & SSH_PROTO_2) {
933 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
934 options->identity_files[options->num_identity_files] =
935 xmalloc(len);
936 snprintf(options->identity_files[options->num_identity_files++],
937 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
938
939 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
940 options->identity_files[options->num_identity_files] =
941 xmalloc(len);
942 snprintf(options->identity_files[options->num_identity_files++],
943 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
944 }
945 }
946 if (options->escape_char == -1)
947 options->escape_char = '~';
948 if (options->system_hostfile == NULL)
949 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
950 if (options->user_hostfile == NULL)
951 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
952 if (options->system_hostfile2 == NULL)
953 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
954 if (options->user_hostfile2 == NULL)
955 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
e9a17296 956 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
3c0ef626 957 options->log_level = SYSLOG_LEVEL_INFO;
958 if (options->clear_forwardings == 1)
959 clear_forwardings(options);
960 if (options->no_host_authentication_for_localhost == - 1)
961 options->no_host_authentication_for_localhost = 0;
6a9b3198 962 if (options->enable_ssh_keysign == -1)
963 options->enable_ssh_keysign = 0;
3c0ef626 964 /* options->proxy_command should not be set by default */
965 /* options->user will be set in the main program if appropriate */
966 /* options->hostname will be set in the main program if appropriate */
967 /* options->host_key_alias should not be set by default */
968 /* options->preferred_authentications will be set in ssh */
969}
git-cvsimport mirror of GSI OpenSSH
This page took 0.188624 seconds and 5 git commands to generate.