NCSA_GSSAPI_20040713

[gssapi-openssh.git] / openssh / readconf.c
diff --git a/openssh/readconf.c b/openssh/readconf.c

index 211075d6f94b17637726ad09fde75d4268a703af..a51848e559b41cf492913939120057ab66211d2b 100644 (file)
--- a/openssh/readconf.c
+++ b/openssh/readconf.c
@@ -12,7 +12,7 @@
   */
  
  #include "includes.h"
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
  
  #include "ssh.h"
  #include "xmalloc.h"
  
  #include "ssh.h"
  #include "xmalloc.h"
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
     Host fascist.blob.com
       Port 23123
       User tylonen
     Host fascist.blob.com
       Port 23123
       User tylonen
-     RhostsAuthentication no
       PasswordAuthentication no
  
     Host puukko.hut.fi
       PasswordAuthentication no
  
     Host puukko.hut.fi
@@ -75,12 +74,11 @@ RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
     Host *
       ForwardAgent no
       ForwardX11 no
     Host *
       ForwardAgent no
       ForwardX11 no
-     RhostsAuthentication yes
       PasswordAuthentication yes
       RSAAuthentication yes
       RhostsRSAAuthentication yes
       StrictHostKeyChecking yes
       PasswordAuthentication yes
       RSAAuthentication yes
       RhostsRSAAuthentication yes
       StrictHostKeyChecking yes
-     KeepAlives no
+     TcpKeepAlive no
       IdentityFile ~/.ssh/identity
       Port 22
       EscapeChar ~
       IdentityFile ~/.ssh/identity
       Port 22
       EscapeChar ~
@@ -91,36 +89,24 @@ RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
  
  typedef enum {
         oBadOption,
  
  typedef enum {
         oBadOption,
-       oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+       oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
         oPasswordAuthentication, oRSAAuthentication,
         oChallengeResponseAuthentication, oXAuthLocation,
         oPasswordAuthentication, oRSAAuthentication,
         oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
-       oKerberosAuthentication,
-#endif
-#ifdef GSSAPI
-       oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
-#ifdef GSI
-       oGssGlobusDelegateLimitedCreds,
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(AFS) || defined(KRB5)
-       oKerberosTgtPassing,
-#endif
-#ifdef AFS
-       oAFSTokenPassing,
-#endif
         oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
         oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
         oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
         oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
-       oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+       oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
         oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
         oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
         oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
         oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
         oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
-       oDeprecated
+       oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+       oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
+       oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+       oDeprecated, oUnsupported
  } OpCodes;
  
  /* Textual representations of the tokens. */
  } OpCodes;
  
  /* Textual representations of the tokens. */
@@ -131,10 +117,11 @@ static struct {
  } keywords[] = {
         { "forwardagent", oForwardAgent },
         { "forwardx11", oForwardX11 },
  } keywords[] = {
         { "forwardagent", oForwardAgent },
         { "forwardx11", oForwardX11 },
+       { "forwardx11trusted", oForwardX11Trusted },
         { "xauthlocation", oXAuthLocation },
         { "gatewayports", oGatewayPorts },
         { "useprivilegedport", oUsePrivilegedPort },
         { "xauthlocation", oXAuthLocation },
         { "gatewayports", oGatewayPorts },
         { "useprivilegedport", oUsePrivilegedPort },
-       { "rhostsauthentication", oRhostsAuthentication },
+       { "rhostsauthentication", oDeprecated },
         { "passwordauthentication", oPasswordAuthentication },
         { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
         { "kbdinteractivedevices", oKbdInteractiveDevices },
         { "passwordauthentication", oPasswordAuthentication },
         { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
         { "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -146,29 +133,23 @@ static struct {
         { "challengeresponseauthentication", oChallengeResponseAuthentication },
         { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
         { "tisauthentication", oChallengeResponseAuthentication },  /* alias */
         { "challengeresponseauthentication", oChallengeResponseAuthentication },
         { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
         { "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
-       { "kerberosauthentication", oKerberosAuthentication },
-#endif
-#ifdef GSSAPI
+       { "kerberosauthentication", oUnsupported },
+       { "kerberostgtpassing", oUnsupported },
+       { "afstokenpassing", oUnsupported },
+#if defined(GSSAPI)
         { "gssapiauthentication", oGssAuthentication },
         { "gssapikeyexchange", oGssKeyEx },
         { "gssapidelegatecredentials", oGssDelegateCreds },
         { "gssapiauthentication", oGssAuthentication },
         { "gssapikeyexchange", oGssKeyEx },
         { "gssapidelegatecredentials", oGssDelegateCreds },
-#ifdef GSI
-       /* For backwards compatability with old 1.2.27 client code */
-       { "forwardgssapiglobusproxy", oGssDelegateCreds }, /* alias */
-       { "forwardgssapiglobuslimitedproxy", oGssGlobusDelegateLimitedCreds },
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(AFS) || defined(KRB5)
-       { "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
-       { "afstokenpassing", oAFSTokenPassing },
+#else
+       { "gssapiauthentication", oUnsupported },
+       { "gssapikeyexchange", oUnsupported },
+       { "gssapidelegatecredentials", oUnsupported },
  #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
         { "identityfile", oIdentityFile },
         { "identityfile2", oIdentityFile },                     /* alias */
  #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
         { "identityfile", oIdentityFile },
         { "identityfile2", oIdentityFile },                     /* alias */
+       { "identitiesonly", oIdentitiesOnly },
         { "hostname", oHostName },
         { "hostkeyalias", oHostKeyAlias },
         { "proxycommand", oProxyCommand },
         { "hostname", oHostName },
         { "hostkeyalias", oHostKeyAlias },
         { "proxycommand", oProxyCommand },
@@ -192,16 +173,28 @@ static struct {
         { "stricthostkeychecking", oStrictHostKeyChecking },
         { "compression", oCompression },
         { "compressionlevel", oCompressionLevel },
         { "stricthostkeychecking", oStrictHostKeyChecking },
         { "compression", oCompression },
         { "compressionlevel", oCompressionLevel },
-       { "keepalive", oKeepAlives },
+       { "tcpkeepalive", oTCPKeepAlive },
+       { "keepalive", oTCPKeepAlive },                         /* obsolete */
         { "numberofpasswordprompts", oNumberOfPasswordPrompts },
         { "loglevel", oLogLevel },
         { "dynamicforward", oDynamicForward },
         { "preferredauthentications", oPreferredAuthentications },
         { "hostkeyalgorithms", oHostKeyAlgorithms },
         { "bindaddress", oBindAddress },
         { "numberofpasswordprompts", oNumberOfPasswordPrompts },
         { "loglevel", oLogLevel },
         { "dynamicforward", oDynamicForward },
         { "preferredauthentications", oPreferredAuthentications },
         { "hostkeyalgorithms", oHostKeyAlgorithms },
         { "bindaddress", oBindAddress },
+#ifdef SMARTCARD
         { "smartcarddevice", oSmartcardDevice },
         { "smartcarddevice", oSmartcardDevice },
+#else
+       { "smartcarddevice", oUnsupported },
+#endif
         { "clearallforwardings", oClearAllForwardings },
         { "clearallforwardings", oClearAllForwardings },
+       { "enablesshkeysign", oEnableSSHKeysign },
+       { "verifyhostkeydns", oVerifyHostKeyDNS },
         { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
         { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+       { "rekeylimit", oRekeyLimit },
+       { "connecttimeout", oConnectTimeout },
+       { "addressfamily", oAddressFamily },
+       { "serveraliveinterval", oServerAliveInterval },
+       { "serveralivecountmax", oServerAliveCountMax },
         { NULL, oBadOption }
  };
  
         { NULL, oBadOption }
  };
  
@@ -215,7 +208,7 @@ add_local_forward(Options *options, u_short port, const char *host,
                   u_short host_port)
  {
         Forward *fwd;
                   u_short host_port)
  {
         Forward *fwd;
-#ifndef HAVE_CYGWIN
+#ifndef NO_IPPORT_RESERVED_CONCEPT
         extern uid_t original_real_uid;
         if (port < IPPORT_RESERVED && original_real_uid != 0)
                 fatal("Privileged ports can only be forwarded by root.");
         extern uid_t original_real_uid;
         if (port < IPPORT_RESERVED && original_real_uid != 0)
                 fatal("Privileged ports can only be forwarded by root.");
@@ -282,17 +275,26 @@ parse_token(const char *cp, const char *filename, int linenum)
   * Processes a single option line as used in the configuration files. This
   * only sets those values that have not already been set.
   */
   * Processes a single option line as used in the configuration files. This
   * only sets those values that have not already been set.
   */
+#define WHITESPACE " \t\r\n"
  
  int
  process_config_line(Options *options, const char *host,
                     char *line, const char *filename, int linenum,
                     int *activep)
  {
  
  int
  process_config_line(Options *options, const char *host,
                     char *line, const char *filename, int linenum,
                     int *activep)
  {
-       char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
+       char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
         int opcode, *intptr, value;
         int opcode, *intptr, value;
+       size_t len;
         u_short fwd_port, fwd_host_port;
         char sfwd_host_port[6];
  
         u_short fwd_port, fwd_host_port;
         char sfwd_host_port[6];
  
+       /* Strip trailing whitespace */
+       for(len = strlen(line) - 1; len > 0; len--) {
+               if (strchr(WHITESPACE, line[len]) == NULL)
+                       break;
+               line[len] = '\0';
+       }
+
         s = line;
         /* Get the keyword. (Each line is supposed to begin with a keyword). */
         keyword = strdelim(&s);
         s = line;
         /* Get the keyword. (Each line is supposed to begin with a keyword). */
         keyword = strdelim(&s);
@@ -309,6 +311,20 @@ process_config_line(Options *options, const char *host,
                 /* don't panic, but count bad options */
                 return -1;
                 /* NOTREACHED */
                 /* don't panic, but count bad options */
                 return -1;
                 /* NOTREACHED */
+       case oConnectTimeout:
+               intptr = &options->connection_timeout;
+parse_time:
+               arg = strdelim(&s);
+               if (!arg || *arg == '\0')
+                       fatal("%s line %d: missing time value.",
+                           filename, linenum);
+               if ((value = convtime(arg)) == -1)
+                       fatal("%s line %d: invalid time value.",
+                           filename, linenum);
+               if (*intptr == -1)
+                       *intptr = value;
+               break;
+
         case oForwardAgent:
                 intptr = &options->forward_agent;
  parse_flag:
         case oForwardAgent:
                 intptr = &options->forward_agent;
  parse_flag:
@@ -330,6 +346,10 @@ parse_flag:
                 intptr = &options->forward_x11;
                 goto parse_flag;
  
                 intptr = &options->forward_x11;
                 goto parse_flag;
  
+       case oForwardX11Trusted:
+               intptr = &options->forward_x11_trusted;
+               goto parse_flag;
+
         case oGatewayPorts:
                 intptr = &options->gateway_ports;
                 goto parse_flag;
         case oGatewayPorts:
                 intptr = &options->gateway_ports;
                 goto parse_flag;
@@ -338,10 +358,6 @@ parse_flag:
                 intptr = &options->use_privileged_port;
                 goto parse_flag;
  
                 intptr = &options->use_privileged_port;
                 goto parse_flag;
  
-       case oRhostsAuthentication:
-               intptr = &options->rhosts_authentication;
-               goto parse_flag;
-
         case oPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
         case oPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
@@ -373,16 +389,11 @@ parse_flag:
         case oChallengeResponseAuthentication:
                 intptr = &options->challenge_response_authentication;
                 goto parse_flag;
         case oChallengeResponseAuthentication:
                 intptr = &options->challenge_response_authentication;
                 goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
-       case oKerberosAuthentication:
-               intptr = &options->kerberos_authentication;
-               goto parse_flag;
-#endif
-#ifdef GSSAPI
+
         case oGssAuthentication:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
         case oGssAuthentication:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
-      
+
         case oGssKeyEx:
                 intptr = &options->gss_keyex;
                 goto parse_flag;
         case oGssKeyEx:
                 intptr = &options->gss_keyex;
                 goto parse_flag;
@@ -390,25 +401,7 @@ parse_flag:
         case oGssDelegateCreds:
                 intptr = &options->gss_deleg_creds;
                 goto parse_flag;
         case oGssDelegateCreds:
                 intptr = &options->gss_deleg_creds;
                 goto parse_flag;
- 
-#ifdef GSI
-       case oGssGlobusDelegateLimitedCreds:
-               intptr = &options->gss_globus_deleg_limited_proxy;
-               goto parse_flag;
-#endif /* GSI */
  
  
-#endif /* GSSAPI */
-
-#if defined(AFS) || defined(KRB5)
-       case oKerberosTgtPassing:
-               intptr = &options->kerberos_tgt_passing;
-               goto parse_flag;
-#endif
-#ifdef AFS
-       case oAFSTokenPassing:
-               intptr = &options->afs_token_passing;
-               goto parse_flag;
-#endif
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
@@ -417,8 +410,13 @@ parse_flag:
                 intptr = &options->check_host_ip;
                 goto parse_flag;
  
                 intptr = &options->check_host_ip;
                 goto parse_flag;
  
+       case oVerifyHostKeyDNS:
+               intptr = &options->verify_host_key_dns;
+               goto parse_yesnoask;
+
         case oStrictHostKeyChecking:
                 intptr = &options->strict_host_key_checking;
         case oStrictHostKeyChecking:
                 intptr = &options->strict_host_key_checking;
+parse_yesnoask:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
                         fatal("%.200s line %d: Missing yes/no/ask argument.",
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
                         fatal("%.200s line %d: Missing yes/no/ask argument.",
@@ -440,8 +438,8 @@ parse_flag:
                 intptr = &options->compression;
                 goto parse_flag;
  
                 intptr = &options->compression;
                 goto parse_flag;
  
-       case oKeepAlives:
-               intptr = &options->keepalives;
+       case oTCPKeepAlive:
+               intptr = &options->tcp_keep_alive;
                 goto parse_flag;
  
         case oNoHostAuthenticationForLocalhost:
                 goto parse_flag;
  
         case oNoHostAuthenticationForLocalhost:
@@ -456,6 +454,31 @@ parse_flag:
                 intptr = &options->compression_level;
                 goto parse_int;
  
                 intptr = &options->compression_level;
                 goto parse_int;
  
+       case oRekeyLimit:
+               intptr = &options->rekey_limit;
+               arg = strdelim(&s);
+               if (!arg || *arg == '\0')
+                       fatal("%.200s line %d: Missing argument.", filename, linenum);
+               if (arg[0] < '0' || arg[0] > '9')
+                       fatal("%.200s line %d: Bad number.", filename, linenum);
+               value = strtol(arg, &endofnumber, 10);
+               if (arg == endofnumber)
+                       fatal("%.200s line %d: Bad number.", filename, linenum);
+               switch (toupper(*endofnumber)) {
+               case 'K':
+                       value *= 1<<10;
+                       break;
+               case 'M':
+                       value *= 1<<20;
+                       break;
+               case 'G':
+                       value *= 1<<30;
+                       break;
+               }
+               if (*activep && *intptr == -1)
+                       *intptr = value;
+               break;
+
         case oIdentityFile:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
         case oIdentityFile:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
@@ -522,17 +545,12 @@ parse_string:
                 goto parse_string;
  
         case oProxyCommand:
                 goto parse_string;
  
         case oProxyCommand:
+               if (s == NULL)
+                       fatal("%.200s line %d: Missing argument.", filename, linenum);
                 charptr = &options->proxy_command;
                 charptr = &options->proxy_command;
-               string = xstrdup("");
-               while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-                       string = xrealloc(string, strlen(string) + strlen(arg) + 2);
-                       strcat(string, " ");
-                       strcat(string, arg);
-               }
+               len = strspn(s, WHITESPACE "=");
                 if (*activep && *charptr == NULL)
                 if (*activep && *charptr == NULL)
-                       *charptr = string;
-               else
-                       xfree(string);
+                       *charptr = xstrdup(s + len);
                 return 0;
  
         case oPort:
                 return 0;
  
         case oPort:
@@ -666,7 +684,7 @@ parse_int:
                         fatal("%.200s line %d: Badly formatted port number.",
                             filename, linenum);
                 if (*activep)
                         fatal("%.200s line %d: Badly formatted port number.",
                             filename, linenum);
                 if (*activep)
-                       add_local_forward(options, fwd_port, "socks4", 0);
+                       add_local_forward(options, fwd_port, "socks", 0);
                 break;
  
         case oClearAllForwardings:
                 break;
  
         case oClearAllForwardings:
@@ -706,11 +724,47 @@ parse_int:
                         *intptr = value;
                 break;
  
                         *intptr = value;
                 break;
  
+       case oAddressFamily:
+               arg = strdelim(&s);
+               intptr = &options->address_family;
+               if (strcasecmp(arg, "inet") == 0)
+                       value = AF_INET;
+               else if (strcasecmp(arg, "inet6") == 0)
+                       value = AF_INET6;
+               else if (strcasecmp(arg, "any") == 0)
+                       value = AF_UNSPEC;
+               else
+                       fatal("Unsupported AddressFamily \"%s\"", arg);
+               if (*activep && *intptr == -1)
+                       *intptr = value;
+               break;
+
+       case oEnableSSHKeysign:
+               intptr = &options->enable_ssh_keysign;
+               goto parse_flag;
+
+       case oIdentitiesOnly:
+               intptr = &options->identities_only;
+               goto parse_flag;
+
+       case oServerAliveInterval:
+               intptr = &options->server_alive_interval;
+               goto parse_time;
+
+       case oServerAliveCountMax:
+               intptr = &options->server_alive_count_max;
+               goto parse_int;
+
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
                 return 0;
  
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
                 return 0;
  
+       case oUnsupported:
+               error("%s line %d: Unsupported option \"%s\"",
+                   filename, linenum, keyword);
+               return 0;
+
         default:
                 fatal("process_config_line: Unimplemented opcode %d", opcode);
         }
         default:
                 fatal("process_config_line: Unimplemented opcode %d", opcode);
         }
@@ -777,31 +831,16 @@ initialize_options(Options * options)
         memset(options, 'X', sizeof(*options));
         options->forward_agent = -1;
         options->forward_x11 = -1;
         memset(options, 'X', sizeof(*options));
         options->forward_agent = -1;
         options->forward_x11 = -1;
+       options->forward_x11_trusted = -1;
         options->xauth_location = NULL;
         options->gateway_ports = -1;
         options->use_privileged_port = -1;
         options->xauth_location = NULL;
         options->gateway_ports = -1;
         options->use_privileged_port = -1;
-       options->rhosts_authentication = -1;
         options->rsa_authentication = -1;
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
         options->rsa_authentication = -1;
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
-#ifdef GSSAPI
-        options->gss_authentication = -1;
+       options->gss_authentication = -1;
         options->gss_keyex = -1;
         options->gss_keyex = -1;
-        options->gss_deleg_creds = -1;
-#ifdef GSI
-        options->gss_globus_deleg_limited_proxy = -1;
-#endif /* GSI */
-#endif /* GSSAPI */
-
-#if defined(KRB4) || defined(KRB5)
-       options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
-       options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
-       options->afs_token_passing = -1;
-#endif
+       options->gss_deleg_creds = -1;
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
@@ -811,10 +850,12 @@ initialize_options(Options * options)
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
         options->compression = -1;
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
         options->compression = -1;
-       options->keepalives = -1;
+       options->tcp_keep_alive = -1;
         options->compression_level = -1;
         options->port = -1;
         options->compression_level = -1;
         options->port = -1;
+       options->address_family = -1;
         options->connection_attempts = -1;
         options->connection_attempts = -1;
+       options->connection_timeout = -1;
         options->number_of_password_prompts = -1;
         options->cipher = -1;
         options->ciphers = NULL;
         options->number_of_password_prompts = -1;
         options->cipher = -1;
         options->ciphers = NULL;
@@ -838,7 +879,13 @@ initialize_options(Options * options)
         options->preferred_authentications = NULL;
         options->bind_address = NULL;
         options->smartcard_device = NULL;
         options->preferred_authentications = NULL;
         options->bind_address = NULL;
         options->smartcard_device = NULL;
+       options->enable_ssh_keysign = - 1;
         options->no_host_authentication_for_localhost = - 1;
         options->no_host_authentication_for_localhost = - 1;
+       options->identities_only = - 1;
+       options->rekey_limit = - 1;
+       options->verify_host_key_dns = -1;
+       options->server_alive_interval = -1;
+       options->server_alive_count_max = -1;
  }
  
  /*
  }
  
  /*
@@ -855,44 +902,26 @@ fill_default_options(Options * options)
                 options->forward_agent = 0;
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
                 options->forward_agent = 0;
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
+       if (options->forward_x11_trusted == -1)
+               options->forward_x11_trusted = 0;
         if (options->xauth_location == NULL)
                 options->xauth_location = _PATH_XAUTH;
         if (options->gateway_ports == -1)
                 options->gateway_ports = 0;
         if (options->use_privileged_port == -1)
                 options->use_privileged_port = 0;
         if (options->xauth_location == NULL)
                 options->xauth_location = _PATH_XAUTH;
         if (options->gateway_ports == -1)
                 options->gateway_ports = 0;
         if (options->use_privileged_port == -1)
                 options->use_privileged_port = 0;
-       if (options->rhosts_authentication == -1)
-               options->rhosts_authentication = 0;
         if (options->rsa_authentication == -1)
                 options->rsa_authentication = 1;
         if (options->pubkey_authentication == -1)
                 options->pubkey_authentication = 1;
         if (options->challenge_response_authentication == -1)
                 options->challenge_response_authentication = 1;
         if (options->rsa_authentication == -1)
                 options->rsa_authentication = 1;
         if (options->pubkey_authentication == -1)
                 options->pubkey_authentication = 1;
         if (options->challenge_response_authentication == -1)
                 options->challenge_response_authentication = 1;
-#ifdef GSSAPI
         if (options->gss_authentication == -1)
                 options->gss_authentication = 1;
         if (options->gss_keyex == -1)
                 options->gss_keyex = 1;
         if (options->gss_deleg_creds == -1)
                 options->gss_deleg_creds = 1;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 1;
         if (options->gss_keyex == -1)
                 options->gss_keyex = 1;
         if (options->gss_deleg_creds == -1)
                 options->gss_deleg_creds = 1;
-#ifdef GSI
-       if (options->gss_globus_deleg_limited_proxy == -1)
-               options->gss_globus_deleg_limited_proxy = 0;
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(KRB4) || defined(KRB5)
-       if (options->kerberos_authentication == -1)
-               options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
-       if (options->kerberos_tgt_passing == -1)
-               options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
-       if (options->afs_token_passing == -1)
-               options->afs_token_passing = 1;
-#endif
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
@@ -909,12 +938,14 @@ fill_default_options(Options * options)
                 options->strict_host_key_checking = 2;  /* 2 is default */
         if (options->compression == -1)
                 options->compression = 0;
                 options->strict_host_key_checking = 2;  /* 2 is default */
         if (options->compression == -1)
                 options->compression = 0;
-       if (options->keepalives == -1)
-               options->keepalives = 1;
+       if (options->tcp_keep_alive == -1)
+               options->tcp_keep_alive = 1;
         if (options->compression_level == -1)
                 options->compression_level = 6;
         if (options->port == -1)
                 options->port = 0;      /* Filled in ssh_connect. */
         if (options->compression_level == -1)
                 options->compression_level = 6;
         if (options->port == -1)
                 options->port = 0;      /* Filled in ssh_connect. */
+       if (options->address_family == -1)
+               options->address_family = AF_UNSPEC;
         if (options->connection_attempts == -1)
                 options->connection_attempts = 1;
         if (options->number_of_password_prompts == -1)
         if (options->connection_attempts == -1)
                 options->connection_attempts = 1;
         if (options->number_of_password_prompts == -1)
@@ -965,6 +996,18 @@ fill_default_options(Options * options)
                 clear_forwardings(options);
         if (options->no_host_authentication_for_localhost == - 1)
                 options->no_host_authentication_for_localhost = 0;
                 clear_forwardings(options);
         if (options->no_host_authentication_for_localhost == - 1)
                 options->no_host_authentication_for_localhost = 0;
+       if (options->identities_only == -1)
+               options->identities_only = 0;
+       if (options->enable_ssh_keysign == -1)
+               options->enable_ssh_keysign = 0;
+       if (options->rekey_limit == -1)
+               options->rekey_limit = 0;
+       if (options->verify_host_key_dns == -1)
+               options->verify_host_key_dns = 0;
+       if (options->server_alive_interval == -1)
+               options->server_alive_interval = 0;
+       if (options->server_alive_count_max == -1)
+               options->server_alive_count_max = 3;
         /* options->proxy_command should not be set by default */
         /* options->user will be set in the main program if appropriate */
         /* options->hostname will be set in the main program if appropriate */
         /* options->proxy_command should not be set by default */
         /* options->user will be set in the main program if appropriate */
         /* options->hostname will be set in the main program if appropriate */