]> andersk Git - openssh.git/blame - readconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[openssh.git] / readconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5260325f 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5260325f 5 * Functions for reading the configuration files.
6ae2364d 6 *
bcbf86ec 7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
5260325f 12 */
8efc0c15 13
14#include "includes.h"
b2552997 15RCSID("$OpenBSD: readconf.c,v 1.62 2001/02/11 12:59:25 markus Exp $");
8efc0c15 16
17#include "ssh.h"
8efc0c15 18#include "xmalloc.h"
a8be9f80 19#include "compat.h"
42f11eb2 20#include "cipher.h"
21#include "pathnames.h"
22#include "log.h"
23#include "readconf.h"
24#include "match.h"
25#include "misc.h"
b2552997 26#include "kex.h"
27#include "mac.h"
8efc0c15 28
29/* Format of the configuration file:
30
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
34 # 3. system-wide file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
38
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
42
43 Host *.ngs.fi ngs.fi
44 FallBackToRsh no
45
46 Host fake.com
47 HostName another.host.name.real.org
48 User blaah
49 Port 34289
50 ForwardX11 no
51 ForwardAgent no
52
53 Host books.com
54 RemoteForward 9999 shadows.cs.hut.fi:9999
55 Cipher 3des
56
57 Host fascist.blob.com
58 Port 23123
59 User tylonen
60 RhostsAuthentication no
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
68 UseRsh yes
69
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
fa08c86b 77 ForwardX11 no
8efc0c15 78 RhostsAuthentication yes
79 PasswordAuthentication yes
80 RSAAuthentication yes
81 RhostsRSAAuthentication yes
82 FallBackToRsh no
83 UseRsh no
84 StrictHostKeyChecking yes
85 KeepAlives no
86 IdentityFile ~/.ssh/identity
87 Port 22
88 EscapeChar ~
89
90*/
91
92/* Keyword tokens. */
93
5260325f 94typedef enum {
95 oBadOption,
96 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
97 oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
d464095c 98 oChallengeResponseAuthentication, oXAuthLocation,
8efc0c15 99#ifdef KRB4
5260325f 100 oKerberosAuthentication,
8efc0c15 101#endif /* KRB4 */
102#ifdef AFS
5260325f 103 oKerberosTgtPassing, oAFSTokenPassing,
8efc0c15 104#endif
5260325f 105 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
106 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
107 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
108 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
d464095c 109 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
b2552997 110 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
fa08c86b 111 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
8abcdba4 112 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
8efc0c15 113} OpCodes;
114
115/* Textual representations of the tokens. */
116
5260325f 117static struct {
118 const char *name;
119 OpCodes opcode;
120} keywords[] = {
121 { "forwardagent", oForwardAgent },
122 { "forwardx11", oForwardX11 },
fa649821 123 { "xauthlocation", oXAuthLocation },
5260325f 124 { "gatewayports", oGatewayPorts },
125 { "useprivilegedport", oUsePrivilegedPort },
126 { "rhostsauthentication", oRhostsAuthentication },
127 { "passwordauthentication", oPasswordAuthentication },
94ec8c6b 128 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
129 { "kbdinteractivedevices", oKbdInteractiveDevices },
5260325f 130 { "rsaauthentication", oRSAAuthentication },
fa08c86b 131 { "pubkeyauthentication", oPubkeyAuthentication },
d464095c 132 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
133 { "challengeresponseauthentication", oChallengeResponseAuthentication },
134 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
8efc0c15 136#ifdef KRB4
5260325f 137 { "kerberosauthentication", oKerberosAuthentication },
8efc0c15 138#endif /* KRB4 */
139#ifdef AFS
5260325f 140 { "kerberostgtpassing", oKerberosTgtPassing },
141 { "afstokenpassing", oAFSTokenPassing },
8efc0c15 142#endif
5260325f 143 { "fallbacktorsh", oFallBackToRsh },
144 { "usersh", oUseRsh },
145 { "identityfile", oIdentityFile },
fa08c86b 146 { "identityfile2", oIdentityFile }, /* alias */
5260325f 147 { "hostname", oHostName },
8abcdba4 148 { "hostkeyalias", oHostKeyAlias },
5260325f 149 { "proxycommand", oProxyCommand },
150 { "port", oPort },
151 { "cipher", oCipher },
a8be9f80 152 { "ciphers", oCiphers },
b2552997 153 { "macs", oMacs },
a8be9f80 154 { "protocol", oProtocol },
5260325f 155 { "remoteforward", oRemoteForward },
156 { "localforward", oLocalForward },
157 { "user", oUser },
158 { "host", oHost },
159 { "escapechar", oEscapeChar },
160 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
161 { "globalknownhostsfile", oGlobalKnownHostsFile },
162 { "userknownhostsfile", oUserKnownHostsFile },
a306f2dd 163 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
164 { "userknownhostsfile2", oUserKnownHostsFile2 },
5260325f 165 { "connectionattempts", oConnectionAttempts },
166 { "batchmode", oBatchMode },
167 { "checkhostip", oCheckHostIP },
168 { "stricthostkeychecking", oStrictHostKeyChecking },
169 { "compression", oCompression },
170 { "compressionlevel", oCompressionLevel },
171 { "keepalive", oKeepAlives },
172 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
5260325f 173 { "loglevel", oLogLevel },
174 { NULL, 0 }
6a17f9c2 175};
176
aa3378df 177/*
178 * Adds a local TCP/IP port forward to options. Never returns if there is an
179 * error.
180 */
8efc0c15 181
6ae2364d 182void
57112b5a 183add_local_forward(Options *options, u_short port, const char *host,
184 u_short host_port)
8efc0c15 185{
5260325f 186 Forward *fwd;
3c62e7eb 187#ifndef HAVE_CYGWIN
5260325f 188 extern uid_t original_real_uid;
5260325f 189 if (port < IPPORT_RESERVED && original_real_uid != 0)
190 fatal("Privileged ports can only be forwarded by root.\n");
3c62e7eb 191#endif
5260325f 192 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
193 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
194 fwd = &options->local_forwards[options->num_local_forwards++];
195 fwd->port = port;
196 fwd->host = xstrdup(host);
197 fwd->host_port = host_port;
8efc0c15 198}
199
aa3378df 200/*
201 * Adds a remote TCP/IP port forward to options. Never returns if there is
202 * an error.
203 */
8efc0c15 204
6ae2364d 205void
57112b5a 206add_remote_forward(Options *options, u_short port, const char *host,
207 u_short host_port)
8efc0c15 208{
5260325f 209 Forward *fwd;
210 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
211 fatal("Too many remote forwards (max %d).",
212 SSH_MAX_FORWARDS_PER_DIRECTION);
213 fwd = &options->remote_forwards[options->num_remote_forwards++];
214 fwd->port = port;
215 fwd->host = xstrdup(host);
216 fwd->host_port = host_port;
8efc0c15 217}
218
aa3378df 219/*
220 * Returns the number of the token pointed to by cp of length len. Never
221 * returns if the token is not known.
222 */
8efc0c15 223
6ae2364d 224static OpCodes
5260325f 225parse_token(const char *cp, const char *filename, int linenum)
8efc0c15 226{
1e3b8b07 227 u_int i;
8efc0c15 228
5260325f 229 for (i = 0; keywords[i].name; i++)
aa3378df 230 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 231 return keywords[i].opcode;
8efc0c15 232
5260325f 233 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
234 filename, linenum, cp);
235 return oBadOption;
8efc0c15 236}
237
aa3378df 238/*
239 * Processes a single option line as used in the configuration files. This
240 * only sets those values that have not already been set.
241 */
8efc0c15 242
e7c0f9d5 243int
244process_config_line(Options *options, const char *host,
5260325f 245 char *line, const char *filename, int linenum,
246 int *activep)
8efc0c15 247{
089fbbd2 248 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
57112b5a 249 int opcode, *intptr, value;
250 u_short fwd_port, fwd_host_port;
5260325f 251
704b1659 252 s = line;
253 /* Get the keyword. (Each line is supposed to begin with a keyword). */
254 keyword = strdelim(&s);
255 /* Ignore leading whitespace. */
256 if (*keyword == '\0')
257 keyword = strdelim(&s);
42f11eb2 258 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
5260325f 259 return 0;
260
089fbbd2 261 opcode = parse_token(keyword, filename, linenum);
5260325f 262
263 switch (opcode) {
264 case oBadOption:
aa3378df 265 /* don't panic, but count bad options */
266 return -1;
5260325f 267 /* NOTREACHED */
268 case oForwardAgent:
269 intptr = &options->forward_agent;
270parse_flag:
704b1659 271 arg = strdelim(&s);
089fbbd2 272 if (!arg || *arg == '\0')
5260325f 273 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
274 value = 0; /* To avoid compiler warning... */
089fbbd2 275 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 276 value = 1;
089fbbd2 277 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 278 value = 0;
279 else
280 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
281 if (*activep && *intptr == -1)
282 *intptr = value;
283 break;
284
285 case oForwardX11:
286 intptr = &options->forward_x11;
287 goto parse_flag;
288
289 case oGatewayPorts:
290 intptr = &options->gateway_ports;
291 goto parse_flag;
292
293 case oUsePrivilegedPort:
294 intptr = &options->use_privileged_port;
295 goto parse_flag;
296
297 case oRhostsAuthentication:
298 intptr = &options->rhosts_authentication;
299 goto parse_flag;
300
301 case oPasswordAuthentication:
302 intptr = &options->password_authentication;
303 goto parse_flag;
304
94ec8c6b 305 case oKbdInteractiveAuthentication:
306 intptr = &options->kbd_interactive_authentication;
307 goto parse_flag;
308
309 case oKbdInteractiveDevices:
310 charptr = &options->kbd_interactive_devices;
311 goto parse_string;
312
fa08c86b 313 case oPubkeyAuthentication:
314 intptr = &options->pubkey_authentication;
1d1ffb87 315 goto parse_flag;
316
5260325f 317 case oRSAAuthentication:
318 intptr = &options->rsa_authentication;
319 goto parse_flag;
320
321 case oRhostsRSAAuthentication:
322 intptr = &options->rhosts_rsa_authentication;
323 goto parse_flag;
324
d464095c 325 case oChallengeResponseAuthentication:
326 intptr = &options->challenge_reponse_authentication;
5260325f 327 goto parse_flag;
8efc0c15 328
329#ifdef KRB4
5260325f 330 case oKerberosAuthentication:
331 intptr = &options->kerberos_authentication;
332 goto parse_flag;
8efc0c15 333#endif /* KRB4 */
334
335#ifdef AFS
5260325f 336 case oKerberosTgtPassing:
337 intptr = &options->kerberos_tgt_passing;
338 goto parse_flag;
8efc0c15 339
5260325f 340 case oAFSTokenPassing:
341 intptr = &options->afs_token_passing;
342 goto parse_flag;
8efc0c15 343#endif
5260325f 344
345 case oFallBackToRsh:
346 intptr = &options->fallback_to_rsh;
347 goto parse_flag;
348
349 case oUseRsh:
350 intptr = &options->use_rsh;
351 goto parse_flag;
352
353 case oBatchMode:
354 intptr = &options->batch_mode;
355 goto parse_flag;
356
357 case oCheckHostIP:
358 intptr = &options->check_host_ip;
359 goto parse_flag;
360
361 case oStrictHostKeyChecking:
362 intptr = &options->strict_host_key_checking;
704b1659 363 arg = strdelim(&s);
089fbbd2 364 if (!arg || *arg == '\0')
c76c8819 365 fatal("%.200s line %d: Missing yes/no/ask argument.",
5260325f 366 filename, linenum);
367 value = 0; /* To avoid compiler warning... */
089fbbd2 368 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 369 value = 1;
089fbbd2 370 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 371 value = 0;
089fbbd2 372 else if (strcmp(arg, "ask") == 0)
5260325f 373 value = 2;
374 else
375 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
376 if (*activep && *intptr == -1)
377 *intptr = value;
378 break;
379
380 case oCompression:
381 intptr = &options->compression;
382 goto parse_flag;
383
384 case oKeepAlives:
385 intptr = &options->keepalives;
386 goto parse_flag;
387
388 case oNumberOfPasswordPrompts:
389 intptr = &options->number_of_password_prompts;
390 goto parse_int;
391
392 case oCompressionLevel:
393 intptr = &options->compression_level;
394 goto parse_int;
395
396 case oIdentityFile:
704b1659 397 arg = strdelim(&s);
089fbbd2 398 if (!arg || *arg == '\0')
5260325f 399 fatal("%.200s line %d: Missing argument.", filename, linenum);
400 if (*activep) {
fa08c86b 401 intptr = &options->num_identity_files;
a306f2dd 402 if (*intptr >= SSH_MAX_IDENTITY_FILES)
5260325f 403 fatal("%.200s line %d: Too many identity files specified (max %d).",
404 filename, linenum, SSH_MAX_IDENTITY_FILES);
fa08c86b 405 charptr = &options->identity_files[*intptr];
089fbbd2 406 *charptr = xstrdup(arg);
a306f2dd 407 *intptr = *intptr + 1;
5260325f 408 }
409 break;
410
fa649821 411 case oXAuthLocation:
412 charptr=&options->xauth_location;
413 goto parse_string;
414
5260325f 415 case oUser:
416 charptr = &options->user;
417parse_string:
704b1659 418 arg = strdelim(&s);
089fbbd2 419 if (!arg || *arg == '\0')
5260325f 420 fatal("%.200s line %d: Missing argument.", filename, linenum);
421 if (*activep && *charptr == NULL)
089fbbd2 422 *charptr = xstrdup(arg);
5260325f 423 break;
424
425 case oGlobalKnownHostsFile:
426 charptr = &options->system_hostfile;
427 goto parse_string;
428
429 case oUserKnownHostsFile:
430 charptr = &options->user_hostfile;
431 goto parse_string;
432
a306f2dd 433 case oGlobalKnownHostsFile2:
434 charptr = &options->system_hostfile2;
435 goto parse_string;
436
437 case oUserKnownHostsFile2:
438 charptr = &options->user_hostfile2;
439 goto parse_string;
440
5260325f 441 case oHostName:
442 charptr = &options->hostname;
443 goto parse_string;
444
8abcdba4 445 case oHostKeyAlias:
446 charptr = &options->host_key_alias;
447 goto parse_string;
448
5260325f 449 case oProxyCommand:
450 charptr = &options->proxy_command;
451 string = xstrdup("");
704b1659 452 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
089fbbd2 453 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
5260325f 454 strcat(string, " ");
089fbbd2 455 strcat(string, arg);
5260325f 456 }
457 if (*activep && *charptr == NULL)
458 *charptr = string;
459 else
460 xfree(string);
461 return 0;
462
463 case oPort:
464 intptr = &options->port;
465parse_int:
704b1659 466 arg = strdelim(&s);
089fbbd2 467 if (!arg || *arg == '\0')
5260325f 468 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 469 if (arg[0] < '0' || arg[0] > '9')
5260325f 470 fatal("%.200s line %d: Bad number.", filename, linenum);
aa3378df 471
472 /* Octal, decimal, or hex format? */
089fbbd2 473 value = strtol(arg, &endofnumber, 0);
474 if (arg == endofnumber)
aa3378df 475 fatal("%.200s line %d: Bad number.", filename, linenum);
5260325f 476 if (*activep && *intptr == -1)
477 *intptr = value;
478 break;
479
480 case oConnectionAttempts:
481 intptr = &options->connection_attempts;
482 goto parse_int;
483
484 case oCipher:
485 intptr = &options->cipher;
704b1659 486 arg = strdelim(&s);
089fbbd2 487 if (!arg || *arg == '\0')
71276795 488 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 489 value = cipher_number(arg);
5260325f 490 if (value == -1)
491 fatal("%.200s line %d: Bad cipher '%s'.",
089fbbd2 492 filename, linenum, arg ? arg : "<NONE>");
5260325f 493 if (*activep && *intptr == -1)
494 *intptr = value;
495 break;
496
a8be9f80 497 case oCiphers:
704b1659 498 arg = strdelim(&s);
089fbbd2 499 if (!arg || *arg == '\0')
71276795 500 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 501 if (!ciphers_valid(arg))
d0c832f3 502 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 503 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 504 if (*activep && options->ciphers == NULL)
089fbbd2 505 options->ciphers = xstrdup(arg);
a8be9f80 506 break;
507
b2552997 508 case oMacs:
509 arg = strdelim(&s);
510 if (!arg || *arg == '\0')
511 fatal("%.200s line %d: Missing argument.", filename, linenum);
512 if (!mac_valid(arg))
513 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
514 filename, linenum, arg ? arg : "<NONE>");
515 if (*activep && options->macs == NULL)
516 options->macs = xstrdup(arg);
517 break;
518
a8be9f80 519 case oProtocol:
520 intptr = &options->protocol;
704b1659 521 arg = strdelim(&s);
089fbbd2 522 if (!arg || *arg == '\0')
71276795 523 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 524 value = proto_spec(arg);
a8be9f80 525 if (value == SSH_PROTO_UNKNOWN)
526 fatal("%.200s line %d: Bad protocol spec '%s'.",
089fbbd2 527 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 528 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
529 *intptr = value;
530 break;
531
5260325f 532 case oLogLevel:
533 intptr = (int *) &options->log_level;
704b1659 534 arg = strdelim(&s);
089fbbd2 535 value = log_level_number(arg);
5260325f 536 if (value == (LogLevel) - 1)
537 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 538 filename, linenum, arg ? arg : "<NONE>");
5260325f 539 if (*activep && (LogLevel) * intptr == -1)
540 *intptr = (LogLevel) value;
541 break;
542
543 case oRemoteForward:
704b1659 544 arg = strdelim(&s);
089fbbd2 545 if (!arg || *arg == '\0')
5260325f 546 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 547 if (arg[0] < '0' || arg[0] > '9')
5260325f 548 fatal("%.200s line %d: Badly formatted port number.",
549 filename, linenum);
089fbbd2 550 fwd_port = atoi(arg);
704b1659 551 arg = strdelim(&s);
089fbbd2 552 if (!arg || *arg == '\0')
5260325f 553 fatal("%.200s line %d: Missing second argument.",
554 filename, linenum);
089fbbd2 555 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 556 fatal("%.200s line %d: Badly formatted host:port.",
557 filename, linenum);
558 if (*activep)
559 add_remote_forward(options, fwd_port, buf, fwd_host_port);
560 break;
561
562 case oLocalForward:
704b1659 563 arg = strdelim(&s);
089fbbd2 564 if (!arg || *arg == '\0')
5260325f 565 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 566 if (arg[0] < '0' || arg[0] > '9')
5260325f 567 fatal("%.200s line %d: Badly formatted port number.",
568 filename, linenum);
089fbbd2 569 fwd_port = atoi(arg);
704b1659 570 arg = strdelim(&s);
089fbbd2 571 if (!arg || *arg == '\0')
5260325f 572 fatal("%.200s line %d: Missing second argument.",
573 filename, linenum);
089fbbd2 574 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 575 fatal("%.200s line %d: Badly formatted host:port.",
576 filename, linenum);
577 if (*activep)
578 add_local_forward(options, fwd_port, buf, fwd_host_port);
579 break;
580
581 case oHost:
582 *activep = 0;
704b1659 583 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
089fbbd2 584 if (match_pattern(host, arg)) {
585 debug("Applying options for %.100s", arg);
5260325f 586 *activep = 1;
587 break;
588 }
704b1659 589 /* Avoid garbage check below, as strdelim is done. */
5260325f 590 return 0;
591
592 case oEscapeChar:
593 intptr = &options->escape_char;
704b1659 594 arg = strdelim(&s);
089fbbd2 595 if (!arg || *arg == '\0')
5260325f 596 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 597 if (arg[0] == '^' && arg[2] == 0 &&
1e3b8b07 598 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
599 value = (u_char) arg[1] & 31;
089fbbd2 600 else if (strlen(arg) == 1)
1e3b8b07 601 value = (u_char) arg[0];
089fbbd2 602 else if (strcmp(arg, "none") == 0)
5260325f 603 value = -2;
604 else {
605 fatal("%.200s line %d: Bad escape character.",
606 filename, linenum);
607 /* NOTREACHED */
608 value = 0; /* Avoid compiler warning. */
609 }
610 if (*activep && *intptr == -1)
611 *intptr = value;
612 break;
613
614 default:
615 fatal("process_config_line: Unimplemented opcode %d", opcode);
616 }
617
618 /* Check that there is no garbage at end of line. */
42f11eb2 619 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
089fbbd2 620 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
621 filename, linenum, arg);
622 }
5260325f 623 return 0;
8efc0c15 624}
625
626
aa3378df 627/*
628 * Reads the config file and modifies the options accordingly. Options
629 * should already be initialized before this call. This never returns if
630 * there is an error. If the file does not exist, this returns immediately.
631 */
8efc0c15 632
6ae2364d 633void
5260325f 634read_config_file(const char *filename, const char *host, Options *options)
8efc0c15 635{
5260325f 636 FILE *f;
637 char line[1024];
638 int active, linenum;
639 int bad_options = 0;
640
641 /* Open the file. */
642 f = fopen(filename, "r");
643 if (!f)
644 return;
645
646 debug("Reading configuration data %.200s", filename);
647
aa3378df 648 /*
649 * Mark that we are now processing the options. This flag is turned
650 * on/off by Host specifications.
651 */
5260325f 652 active = 1;
653 linenum = 0;
654 while (fgets(line, sizeof(line), f)) {
655 /* Update line number counter. */
656 linenum++;
657 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
658 bad_options++;
659 }
660 fclose(f);
661 if (bad_options > 0)
662 fatal("%s: terminating, %d bad configuration options\n",
663 filename, bad_options);
8efc0c15 664}
665
aa3378df 666/*
667 * Initializes options to special values that indicate that they have not yet
668 * been set. Read_config_file will only set options with this value. Options
669 * are processed in the following order: command line, user config file,
670 * system config file. Last, fill_default_options is called.
671 */
8efc0c15 672
6ae2364d 673void
5260325f 674initialize_options(Options * options)
8efc0c15 675{
5260325f 676 memset(options, 'X', sizeof(*options));
677 options->forward_agent = -1;
678 options->forward_x11 = -1;
fa649821 679 options->xauth_location = NULL;
5260325f 680 options->gateway_ports = -1;
681 options->use_privileged_port = -1;
682 options->rhosts_authentication = -1;
683 options->rsa_authentication = -1;
fa08c86b 684 options->pubkey_authentication = -1;
d464095c 685 options->challenge_reponse_authentication = -1;
8efc0c15 686#ifdef KRB4
5260325f 687 options->kerberos_authentication = -1;
8efc0c15 688#endif
689#ifdef AFS
5260325f 690 options->kerberos_tgt_passing = -1;
691 options->afs_token_passing = -1;
8efc0c15 692#endif
5260325f 693 options->password_authentication = -1;
94ec8c6b 694 options->kbd_interactive_authentication = -1;
695 options->kbd_interactive_devices = NULL;
5260325f 696 options->rhosts_rsa_authentication = -1;
697 options->fallback_to_rsh = -1;
698 options->use_rsh = -1;
699 options->batch_mode = -1;
700 options->check_host_ip = -1;
701 options->strict_host_key_checking = -1;
702 options->compression = -1;
703 options->keepalives = -1;
704 options->compression_level = -1;
705 options->port = -1;
706 options->connection_attempts = -1;
707 options->number_of_password_prompts = -1;
708 options->cipher = -1;
a8be9f80 709 options->ciphers = NULL;
b2552997 710 options->macs = NULL;
a8be9f80 711 options->protocol = SSH_PROTO_UNKNOWN;
5260325f 712 options->num_identity_files = 0;
713 options->hostname = NULL;
8abcdba4 714 options->host_key_alias = NULL;
5260325f 715 options->proxy_command = NULL;
716 options->user = NULL;
717 options->escape_char = -1;
718 options->system_hostfile = NULL;
719 options->user_hostfile = NULL;
a306f2dd 720 options->system_hostfile2 = NULL;
721 options->user_hostfile2 = NULL;
5260325f 722 options->num_local_forwards = 0;
723 options->num_remote_forwards = 0;
724 options->log_level = (LogLevel) - 1;
8efc0c15 725}
726
aa3378df 727/*
728 * Called after processing other sources of option data, this fills those
729 * options for which no value has been specified with their default values.
730 */
8efc0c15 731
6ae2364d 732void
5260325f 733fill_default_options(Options * options)
8efc0c15 734{
d2c46e77 735 int len;
736
5260325f 737 if (options->forward_agent == -1)
71276795 738 options->forward_agent = 0;
5260325f 739 if (options->forward_x11 == -1)
c8d54615 740 options->forward_x11 = 0;
fa649821 741#ifdef XAUTH_PATH
742 if (options->xauth_location == NULL)
743 options->xauth_location = XAUTH_PATH;
744#endif /* XAUTH_PATH */
5260325f 745 if (options->gateway_ports == -1)
746 options->gateway_ports = 0;
747 if (options->use_privileged_port == -1)
748 options->use_privileged_port = 1;
749 if (options->rhosts_authentication == -1)
750 options->rhosts_authentication = 1;
751 if (options->rsa_authentication == -1)
752 options->rsa_authentication = 1;
fa08c86b 753 if (options->pubkey_authentication == -1)
754 options->pubkey_authentication = 1;
d464095c 755 if (options->challenge_reponse_authentication == -1)
756 options->challenge_reponse_authentication = 0;
8efc0c15 757#ifdef KRB4
5260325f 758 if (options->kerberos_authentication == -1)
759 options->kerberos_authentication = 1;
8efc0c15 760#endif /* KRB4 */
761#ifdef AFS
5260325f 762 if (options->kerberos_tgt_passing == -1)
763 options->kerberos_tgt_passing = 1;
764 if (options->afs_token_passing == -1)
765 options->afs_token_passing = 1;
8efc0c15 766#endif /* AFS */
5260325f 767 if (options->password_authentication == -1)
768 options->password_authentication = 1;
94ec8c6b 769 if (options->kbd_interactive_authentication == -1)
d464095c 770 options->kbd_interactive_authentication = 1;
5260325f 771 if (options->rhosts_rsa_authentication == -1)
772 options->rhosts_rsa_authentication = 1;
773 if (options->fallback_to_rsh == -1)
3f7a7e4a 774 options->fallback_to_rsh = 0;
5260325f 775 if (options->use_rsh == -1)
776 options->use_rsh = 0;
777 if (options->batch_mode == -1)
778 options->batch_mode = 0;
779 if (options->check_host_ip == -1)
780 options->check_host_ip = 1;
781 if (options->strict_host_key_checking == -1)
782 options->strict_host_key_checking = 2; /* 2 is default */
783 if (options->compression == -1)
784 options->compression = 0;
785 if (options->keepalives == -1)
786 options->keepalives = 1;
787 if (options->compression_level == -1)
788 options->compression_level = 6;
789 if (options->port == -1)
790 options->port = 0; /* Filled in ssh_connect. */
791 if (options->connection_attempts == -1)
792 options->connection_attempts = 4;
793 if (options->number_of_password_prompts == -1)
794 options->number_of_password_prompts = 3;
795 /* Selected in ssh_login(). */
796 if (options->cipher == -1)
797 options->cipher = SSH_CIPHER_NOT_SET;
d0c832f3 798 /* options->ciphers, default set in myproposals.h */
b2552997 799 /* options->macs, default set in myproposals.h */
a8be9f80 800 if (options->protocol == SSH_PROTO_UNKNOWN)
a306f2dd 801 options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
5260325f 802 if (options->num_identity_files == 0) {
fa08c86b 803 if (options->protocol & SSH_PROTO_1) {
d2c46e77 804 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
fa08c86b 805 options->identity_files[options->num_identity_files] =
d2c46e77 806 xmalloc(len);
807 snprintf(options->identity_files[options->num_identity_files++],
808 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
fa08c86b 809 }
810 if (options->protocol & SSH_PROTO_2) {
d2c46e77 811 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
fa08c86b 812 options->identity_files[options->num_identity_files] =
d2c46e77 813 xmalloc(len);
814 snprintf(options->identity_files[options->num_identity_files++],
815 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
fa08c86b 816 }
a306f2dd 817 }
5260325f 818 if (options->escape_char == -1)
819 options->escape_char = '~';
820 if (options->system_hostfile == NULL)
42f11eb2 821 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
5260325f 822 if (options->user_hostfile == NULL)
42f11eb2 823 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
a306f2dd 824 if (options->system_hostfile2 == NULL)
42f11eb2 825 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
a306f2dd 826 if (options->user_hostfile2 == NULL)
42f11eb2 827 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
5260325f 828 if (options->log_level == (LogLevel) - 1)
59c97189 829 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 830 /* options->proxy_command should not be set by default */
831 /* options->user will be set in the main program if appropriate */
832 /* options->hostname will be set in the main program if appropriate */
8abcdba4 833 /* options->host_key_alias should not be set by default */
8efc0c15 834}
git-cvsimport mirror of OpenSSH
This page took 5.535579 seconds and 5 git commands to generate.