]> andersk Git - openssh.git/blame - readconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Please grep through the source and look for 'ISSUE' comments and verify
[openssh.git] / readconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5260325f 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5260325f 5 * Functions for reading the configuration files.
6ae2364d 6 *
bcbf86ec 7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
5260325f 12 */
8efc0c15 13
14#include "includes.h"
59c97189 15RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $");
8efc0c15 16
17#include "ssh.h"
8efc0c15 18#include "readconf.h"
7368a6c8 19#include "match.h"
8efc0c15 20#include "xmalloc.h"
a8be9f80 21#include "compat.h"
8efc0c15 22
23/* Format of the configuration file:
24
25 # Configuration data is parsed as follows:
26 # 1. command line options
27 # 2. user-specific file
28 # 3. system-wide file
29 # Any configuration value is only changed the first time it is set.
30 # Thus, host-specific definitions should be at the beginning of the
31 # configuration file, and defaults at the end.
32
33 # Host-specific declarations. These may override anything above. A single
34 # host may match multiple declarations; these are processed in the order
35 # that they are given in.
36
37 Host *.ngs.fi ngs.fi
38 FallBackToRsh no
39
40 Host fake.com
41 HostName another.host.name.real.org
42 User blaah
43 Port 34289
44 ForwardX11 no
45 ForwardAgent no
46
47 Host books.com
48 RemoteForward 9999 shadows.cs.hut.fi:9999
49 Cipher 3des
50
51 Host fascist.blob.com
52 Port 23123
53 User tylonen
54 RhostsAuthentication no
55 PasswordAuthentication no
56
57 Host puukko.hut.fi
58 User t35124p
59 ProxyCommand ssh-proxy %h %p
60
61 Host *.fr
62 UseRsh yes
63
64 Host *.su
65 Cipher none
66 PasswordAuthentication no
67
68 # Defaults for various options
69 Host *
70 ForwardAgent no
fa08c86b 71 ForwardX11 no
8efc0c15 72 RhostsAuthentication yes
73 PasswordAuthentication yes
74 RSAAuthentication yes
75 RhostsRSAAuthentication yes
76 FallBackToRsh no
77 UseRsh no
78 StrictHostKeyChecking yes
79 KeepAlives no
80 IdentityFile ~/.ssh/identity
81 Port 22
82 EscapeChar ~
83
84*/
85
86/* Keyword tokens. */
87
5260325f 88typedef enum {
89 oBadOption,
90 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
91 oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
fa649821 92 oSkeyAuthentication, oXAuthLocation,
8efc0c15 93#ifdef KRB4
5260325f 94 oKerberosAuthentication,
8efc0c15 95#endif /* KRB4 */
96#ifdef AFS
5260325f 97 oKerberosTgtPassing, oAFSTokenPassing,
8efc0c15 98#endif
5260325f 99 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
100 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
101 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
102 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
103 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
fa08c86b 104 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
105 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
8abcdba4 106 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
8efc0c15 107} OpCodes;
108
109/* Textual representations of the tokens. */
110
5260325f 111static struct {
112 const char *name;
113 OpCodes opcode;
114} keywords[] = {
115 { "forwardagent", oForwardAgent },
116 { "forwardx11", oForwardX11 },
fa649821 117 { "xauthlocation", oXAuthLocation },
5260325f 118 { "gatewayports", oGatewayPorts },
119 { "useprivilegedport", oUsePrivilegedPort },
120 { "rhostsauthentication", oRhostsAuthentication },
121 { "passwordauthentication", oPasswordAuthentication },
94ec8c6b 122 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
123 { "kbdinteractivedevices", oKbdInteractiveDevices },
5260325f 124 { "rsaauthentication", oRSAAuthentication },
fa08c86b 125 { "pubkeyauthentication", oPubkeyAuthentication },
126 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
5260325f 127 { "skeyauthentication", oSkeyAuthentication },
8efc0c15 128#ifdef KRB4
5260325f 129 { "kerberosauthentication", oKerberosAuthentication },
8efc0c15 130#endif /* KRB4 */
131#ifdef AFS
5260325f 132 { "kerberostgtpassing", oKerberosTgtPassing },
133 { "afstokenpassing", oAFSTokenPassing },
8efc0c15 134#endif
5260325f 135 { "fallbacktorsh", oFallBackToRsh },
136 { "usersh", oUseRsh },
137 { "identityfile", oIdentityFile },
fa08c86b 138 { "identityfile2", oIdentityFile }, /* alias */
5260325f 139 { "hostname", oHostName },
8abcdba4 140 { "hostkeyalias", oHostKeyAlias },
5260325f 141 { "proxycommand", oProxyCommand },
142 { "port", oPort },
143 { "cipher", oCipher },
a8be9f80 144 { "ciphers", oCiphers },
145 { "protocol", oProtocol },
5260325f 146 { "remoteforward", oRemoteForward },
147 { "localforward", oLocalForward },
148 { "user", oUser },
149 { "host", oHost },
150 { "escapechar", oEscapeChar },
151 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
152 { "globalknownhostsfile", oGlobalKnownHostsFile },
153 { "userknownhostsfile", oUserKnownHostsFile },
a306f2dd 154 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
155 { "userknownhostsfile2", oUserKnownHostsFile2 },
5260325f 156 { "connectionattempts", oConnectionAttempts },
157 { "batchmode", oBatchMode },
158 { "checkhostip", oCheckHostIP },
159 { "stricthostkeychecking", oStrictHostKeyChecking },
160 { "compression", oCompression },
161 { "compressionlevel", oCompressionLevel },
162 { "keepalive", oKeepAlives },
163 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
164 { "tisauthentication", oTISAuthentication },
165 { "loglevel", oLogLevel },
166 { NULL, 0 }
6a17f9c2 167};
168
aa3378df 169/*
170 * Adds a local TCP/IP port forward to options. Never returns if there is an
171 * error.
172 */
8efc0c15 173
6ae2364d 174void
57112b5a 175add_local_forward(Options *options, u_short port, const char *host,
176 u_short host_port)
8efc0c15 177{
5260325f 178 Forward *fwd;
3c62e7eb 179#ifndef HAVE_CYGWIN
5260325f 180 extern uid_t original_real_uid;
5260325f 181 if (port < IPPORT_RESERVED && original_real_uid != 0)
182 fatal("Privileged ports can only be forwarded by root.\n");
3c62e7eb 183#endif
5260325f 184 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
185 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
186 fwd = &options->local_forwards[options->num_local_forwards++];
187 fwd->port = port;
188 fwd->host = xstrdup(host);
189 fwd->host_port = host_port;
8efc0c15 190}
191
aa3378df 192/*
193 * Adds a remote TCP/IP port forward to options. Never returns if there is
194 * an error.
195 */
8efc0c15 196
6ae2364d 197void
57112b5a 198add_remote_forward(Options *options, u_short port, const char *host,
199 u_short host_port)
8efc0c15 200{
5260325f 201 Forward *fwd;
202 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
203 fatal("Too many remote forwards (max %d).",
204 SSH_MAX_FORWARDS_PER_DIRECTION);
205 fwd = &options->remote_forwards[options->num_remote_forwards++];
206 fwd->port = port;
207 fwd->host = xstrdup(host);
208 fwd->host_port = host_port;
8efc0c15 209}
210
aa3378df 211/*
212 * Returns the number of the token pointed to by cp of length len. Never
213 * returns if the token is not known.
214 */
8efc0c15 215
6ae2364d 216static OpCodes
5260325f 217parse_token(const char *cp, const char *filename, int linenum)
8efc0c15 218{
1e3b8b07 219 u_int i;
8efc0c15 220
5260325f 221 for (i = 0; keywords[i].name; i++)
aa3378df 222 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 223 return keywords[i].opcode;
8efc0c15 224
5260325f 225 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
226 filename, linenum, cp);
227 return oBadOption;
8efc0c15 228}
229
aa3378df 230/*
231 * Processes a single option line as used in the configuration files. This
232 * only sets those values that have not already been set.
233 */
8efc0c15 234
e7c0f9d5 235int
236process_config_line(Options *options, const char *host,
5260325f 237 char *line, const char *filename, int linenum,
238 int *activep)
8efc0c15 239{
089fbbd2 240 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
57112b5a 241 int opcode, *intptr, value;
242 u_short fwd_port, fwd_host_port;
5260325f 243
704b1659 244 s = line;
245 /* Get the keyword. (Each line is supposed to begin with a keyword). */
246 keyword = strdelim(&s);
247 /* Ignore leading whitespace. */
248 if (*keyword == '\0')
249 keyword = strdelim(&s);
250 if (!*keyword || *keyword == '\n' || *keyword == '#')
5260325f 251 return 0;
252
089fbbd2 253 opcode = parse_token(keyword, filename, linenum);
5260325f 254
255 switch (opcode) {
256 case oBadOption:
aa3378df 257 /* don't panic, but count bad options */
258 return -1;
5260325f 259 /* NOTREACHED */
260 case oForwardAgent:
261 intptr = &options->forward_agent;
262parse_flag:
704b1659 263 arg = strdelim(&s);
089fbbd2 264 if (!arg || *arg == '\0')
5260325f 265 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
266 value = 0; /* To avoid compiler warning... */
089fbbd2 267 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 268 value = 1;
089fbbd2 269 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 270 value = 0;
271 else
272 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
273 if (*activep && *intptr == -1)
274 *intptr = value;
275 break;
276
277 case oForwardX11:
278 intptr = &options->forward_x11;
279 goto parse_flag;
280
281 case oGatewayPorts:
282 intptr = &options->gateway_ports;
283 goto parse_flag;
284
285 case oUsePrivilegedPort:
286 intptr = &options->use_privileged_port;
287 goto parse_flag;
288
289 case oRhostsAuthentication:
290 intptr = &options->rhosts_authentication;
291 goto parse_flag;
292
293 case oPasswordAuthentication:
294 intptr = &options->password_authentication;
295 goto parse_flag;
296
94ec8c6b 297 case oKbdInteractiveAuthentication:
298 intptr = &options->kbd_interactive_authentication;
299 goto parse_flag;
300
301 case oKbdInteractiveDevices:
302 charptr = &options->kbd_interactive_devices;
303 goto parse_string;
304
fa08c86b 305 case oPubkeyAuthentication:
306 intptr = &options->pubkey_authentication;
1d1ffb87 307 goto parse_flag;
308
5260325f 309 case oRSAAuthentication:
310 intptr = &options->rsa_authentication;
311 goto parse_flag;
312
313 case oRhostsRSAAuthentication:
314 intptr = &options->rhosts_rsa_authentication;
315 goto parse_flag;
316
317 case oTISAuthentication:
318 /* fallthrough, there is no difference on the client side */
319 case oSkeyAuthentication:
320 intptr = &options->skey_authentication;
321 goto parse_flag;
8efc0c15 322
323#ifdef KRB4
5260325f 324 case oKerberosAuthentication:
325 intptr = &options->kerberos_authentication;
326 goto parse_flag;
8efc0c15 327#endif /* KRB4 */
328
329#ifdef AFS
5260325f 330 case oKerberosTgtPassing:
331 intptr = &options->kerberos_tgt_passing;
332 goto parse_flag;
8efc0c15 333
5260325f 334 case oAFSTokenPassing:
335 intptr = &options->afs_token_passing;
336 goto parse_flag;
8efc0c15 337#endif
5260325f 338
339 case oFallBackToRsh:
340 intptr = &options->fallback_to_rsh;
341 goto parse_flag;
342
343 case oUseRsh:
344 intptr = &options->use_rsh;
345 goto parse_flag;
346
347 case oBatchMode:
348 intptr = &options->batch_mode;
349 goto parse_flag;
350
351 case oCheckHostIP:
352 intptr = &options->check_host_ip;
353 goto parse_flag;
354
355 case oStrictHostKeyChecking:
356 intptr = &options->strict_host_key_checking;
704b1659 357 arg = strdelim(&s);
089fbbd2 358 if (!arg || *arg == '\0')
5260325f 359 fatal("%.200s line %d: Missing yes/no argument.",
360 filename, linenum);
361 value = 0; /* To avoid compiler warning... */
089fbbd2 362 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 363 value = 1;
089fbbd2 364 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 365 value = 0;
089fbbd2 366 else if (strcmp(arg, "ask") == 0)
5260325f 367 value = 2;
368 else
369 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
370 if (*activep && *intptr == -1)
371 *intptr = value;
372 break;
373
374 case oCompression:
375 intptr = &options->compression;
376 goto parse_flag;
377
378 case oKeepAlives:
379 intptr = &options->keepalives;
380 goto parse_flag;
381
382 case oNumberOfPasswordPrompts:
383 intptr = &options->number_of_password_prompts;
384 goto parse_int;
385
386 case oCompressionLevel:
387 intptr = &options->compression_level;
388 goto parse_int;
389
390 case oIdentityFile:
704b1659 391 arg = strdelim(&s);
089fbbd2 392 if (!arg || *arg == '\0')
5260325f 393 fatal("%.200s line %d: Missing argument.", filename, linenum);
394 if (*activep) {
fa08c86b 395 intptr = &options->num_identity_files;
a306f2dd 396 if (*intptr >= SSH_MAX_IDENTITY_FILES)
5260325f 397 fatal("%.200s line %d: Too many identity files specified (max %d).",
398 filename, linenum, SSH_MAX_IDENTITY_FILES);
fa08c86b 399 charptr = &options->identity_files[*intptr];
089fbbd2 400 *charptr = xstrdup(arg);
a306f2dd 401 *intptr = *intptr + 1;
5260325f 402 }
403 break;
404
fa649821 405 case oXAuthLocation:
406 charptr=&options->xauth_location;
407 goto parse_string;
408
5260325f 409 case oUser:
410 charptr = &options->user;
411parse_string:
704b1659 412 arg = strdelim(&s);
089fbbd2 413 if (!arg || *arg == '\0')
5260325f 414 fatal("%.200s line %d: Missing argument.", filename, linenum);
415 if (*activep && *charptr == NULL)
089fbbd2 416 *charptr = xstrdup(arg);
5260325f 417 break;
418
419 case oGlobalKnownHostsFile:
420 charptr = &options->system_hostfile;
421 goto parse_string;
422
423 case oUserKnownHostsFile:
424 charptr = &options->user_hostfile;
425 goto parse_string;
426
a306f2dd 427 case oGlobalKnownHostsFile2:
428 charptr = &options->system_hostfile2;
429 goto parse_string;
430
431 case oUserKnownHostsFile2:
432 charptr = &options->user_hostfile2;
433 goto parse_string;
434
5260325f 435 case oHostName:
436 charptr = &options->hostname;
437 goto parse_string;
438
8abcdba4 439 case oHostKeyAlias:
440 charptr = &options->host_key_alias;
441 goto parse_string;
442
5260325f 443 case oProxyCommand:
444 charptr = &options->proxy_command;
445 string = xstrdup("");
704b1659 446 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
089fbbd2 447 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
5260325f 448 strcat(string, " ");
089fbbd2 449 strcat(string, arg);
5260325f 450 }
451 if (*activep && *charptr == NULL)
452 *charptr = string;
453 else
454 xfree(string);
455 return 0;
456
457 case oPort:
458 intptr = &options->port;
459parse_int:
704b1659 460 arg = strdelim(&s);
089fbbd2 461 if (!arg || *arg == '\0')
5260325f 462 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 463 if (arg[0] < '0' || arg[0] > '9')
5260325f 464 fatal("%.200s line %d: Bad number.", filename, linenum);
aa3378df 465
466 /* Octal, decimal, or hex format? */
089fbbd2 467 value = strtol(arg, &endofnumber, 0);
468 if (arg == endofnumber)
aa3378df 469 fatal("%.200s line %d: Bad number.", filename, linenum);
5260325f 470 if (*activep && *intptr == -1)
471 *intptr = value;
472 break;
473
474 case oConnectionAttempts:
475 intptr = &options->connection_attempts;
476 goto parse_int;
477
478 case oCipher:
479 intptr = &options->cipher;
704b1659 480 arg = strdelim(&s);
089fbbd2 481 if (!arg || *arg == '\0')
71276795 482 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 483 value = cipher_number(arg);
5260325f 484 if (value == -1)
485 fatal("%.200s line %d: Bad cipher '%s'.",
089fbbd2 486 filename, linenum, arg ? arg : "<NONE>");
5260325f 487 if (*activep && *intptr == -1)
488 *intptr = value;
489 break;
490
a8be9f80 491 case oCiphers:
704b1659 492 arg = strdelim(&s);
089fbbd2 493 if (!arg || *arg == '\0')
71276795 494 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 495 if (!ciphers_valid(arg))
d0c832f3 496 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 497 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 498 if (*activep && options->ciphers == NULL)
089fbbd2 499 options->ciphers = xstrdup(arg);
a8be9f80 500 break;
501
502 case oProtocol:
503 intptr = &options->protocol;
704b1659 504 arg = strdelim(&s);
089fbbd2 505 if (!arg || *arg == '\0')
71276795 506 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 507 value = proto_spec(arg);
a8be9f80 508 if (value == SSH_PROTO_UNKNOWN)
509 fatal("%.200s line %d: Bad protocol spec '%s'.",
089fbbd2 510 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 511 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
512 *intptr = value;
513 break;
514
5260325f 515 case oLogLevel:
516 intptr = (int *) &options->log_level;
704b1659 517 arg = strdelim(&s);
089fbbd2 518 value = log_level_number(arg);
5260325f 519 if (value == (LogLevel) - 1)
520 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 521 filename, linenum, arg ? arg : "<NONE>");
5260325f 522 if (*activep && (LogLevel) * intptr == -1)
523 *intptr = (LogLevel) value;
524 break;
525
526 case oRemoteForward:
704b1659 527 arg = strdelim(&s);
089fbbd2 528 if (!arg || *arg == '\0')
5260325f 529 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 530 if (arg[0] < '0' || arg[0] > '9')
5260325f 531 fatal("%.200s line %d: Badly formatted port number.",
532 filename, linenum);
089fbbd2 533 fwd_port = atoi(arg);
704b1659 534 arg = strdelim(&s);
089fbbd2 535 if (!arg || *arg == '\0')
5260325f 536 fatal("%.200s line %d: Missing second argument.",
537 filename, linenum);
089fbbd2 538 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 539 fatal("%.200s line %d: Badly formatted host:port.",
540 filename, linenum);
541 if (*activep)
542 add_remote_forward(options, fwd_port, buf, fwd_host_port);
543 break;
544
545 case oLocalForward:
704b1659 546 arg = strdelim(&s);
089fbbd2 547 if (!arg || *arg == '\0')
5260325f 548 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 549 if (arg[0] < '0' || arg[0] > '9')
5260325f 550 fatal("%.200s line %d: Badly formatted port number.",
551 filename, linenum);
089fbbd2 552 fwd_port = atoi(arg);
704b1659 553 arg = strdelim(&s);
089fbbd2 554 if (!arg || *arg == '\0')
5260325f 555 fatal("%.200s line %d: Missing second argument.",
556 filename, linenum);
089fbbd2 557 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 558 fatal("%.200s line %d: Badly formatted host:port.",
559 filename, linenum);
560 if (*activep)
561 add_local_forward(options, fwd_port, buf, fwd_host_port);
562 break;
563
564 case oHost:
565 *activep = 0;
704b1659 566 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
089fbbd2 567 if (match_pattern(host, arg)) {
568 debug("Applying options for %.100s", arg);
5260325f 569 *activep = 1;
570 break;
571 }
704b1659 572 /* Avoid garbage check below, as strdelim is done. */
5260325f 573 return 0;
574
575 case oEscapeChar:
576 intptr = &options->escape_char;
704b1659 577 arg = strdelim(&s);
089fbbd2 578 if (!arg || *arg == '\0')
5260325f 579 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 580 if (arg[0] == '^' && arg[2] == 0 &&
1e3b8b07 581 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
582 value = (u_char) arg[1] & 31;
089fbbd2 583 else if (strlen(arg) == 1)
1e3b8b07 584 value = (u_char) arg[0];
089fbbd2 585 else if (strcmp(arg, "none") == 0)
5260325f 586 value = -2;
587 else {
588 fatal("%.200s line %d: Bad escape character.",
589 filename, linenum);
590 /* NOTREACHED */
591 value = 0; /* Avoid compiler warning. */
592 }
593 if (*activep && *intptr == -1)
594 *intptr = value;
595 break;
596
597 default:
598 fatal("process_config_line: Unimplemented opcode %d", opcode);
599 }
600
601 /* Check that there is no garbage at end of line. */
704b1659 602 if ((arg = strdelim(&s)) != NULL && *arg != '\0')
089fbbd2 603 {
604 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
605 filename, linenum, arg);
606 }
5260325f 607 return 0;
8efc0c15 608}
609
610
aa3378df 611/*
612 * Reads the config file and modifies the options accordingly. Options
613 * should already be initialized before this call. This never returns if
614 * there is an error. If the file does not exist, this returns immediately.
615 */
8efc0c15 616
6ae2364d 617void
5260325f 618read_config_file(const char *filename, const char *host, Options *options)
8efc0c15 619{
5260325f 620 FILE *f;
621 char line[1024];
622 int active, linenum;
623 int bad_options = 0;
624
625 /* Open the file. */
626 f = fopen(filename, "r");
627 if (!f)
628 return;
629
630 debug("Reading configuration data %.200s", filename);
631
aa3378df 632 /*
633 * Mark that we are now processing the options. This flag is turned
634 * on/off by Host specifications.
635 */
5260325f 636 active = 1;
637 linenum = 0;
638 while (fgets(line, sizeof(line), f)) {
639 /* Update line number counter. */
640 linenum++;
641 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
642 bad_options++;
643 }
644 fclose(f);
645 if (bad_options > 0)
646 fatal("%s: terminating, %d bad configuration options\n",
647 filename, bad_options);
8efc0c15 648}
649
aa3378df 650/*
651 * Initializes options to special values that indicate that they have not yet
652 * been set. Read_config_file will only set options with this value. Options
653 * are processed in the following order: command line, user config file,
654 * system config file. Last, fill_default_options is called.
655 */
8efc0c15 656
6ae2364d 657void
5260325f 658initialize_options(Options * options)
8efc0c15 659{
5260325f 660 memset(options, 'X', sizeof(*options));
661 options->forward_agent = -1;
662 options->forward_x11 = -1;
fa649821 663 options->xauth_location = NULL;
5260325f 664 options->gateway_ports = -1;
665 options->use_privileged_port = -1;
666 options->rhosts_authentication = -1;
667 options->rsa_authentication = -1;
fa08c86b 668 options->pubkey_authentication = -1;
5260325f 669 options->skey_authentication = -1;
8efc0c15 670#ifdef KRB4
5260325f 671 options->kerberos_authentication = -1;
8efc0c15 672#endif
673#ifdef AFS
5260325f 674 options->kerberos_tgt_passing = -1;
675 options->afs_token_passing = -1;
8efc0c15 676#endif
5260325f 677 options->password_authentication = -1;
94ec8c6b 678 options->kbd_interactive_authentication = -1;
679 options->kbd_interactive_devices = NULL;
5260325f 680 options->rhosts_rsa_authentication = -1;
681 options->fallback_to_rsh = -1;
682 options->use_rsh = -1;
683 options->batch_mode = -1;
684 options->check_host_ip = -1;
685 options->strict_host_key_checking = -1;
686 options->compression = -1;
687 options->keepalives = -1;
688 options->compression_level = -1;
689 options->port = -1;
690 options->connection_attempts = -1;
691 options->number_of_password_prompts = -1;
692 options->cipher = -1;
a8be9f80 693 options->ciphers = NULL;
694 options->protocol = SSH_PROTO_UNKNOWN;
5260325f 695 options->num_identity_files = 0;
696 options->hostname = NULL;
8abcdba4 697 options->host_key_alias = NULL;
5260325f 698 options->proxy_command = NULL;
699 options->user = NULL;
700 options->escape_char = -1;
701 options->system_hostfile = NULL;
702 options->user_hostfile = NULL;
a306f2dd 703 options->system_hostfile2 = NULL;
704 options->user_hostfile2 = NULL;
5260325f 705 options->num_local_forwards = 0;
706 options->num_remote_forwards = 0;
707 options->log_level = (LogLevel) - 1;
8efc0c15 708}
709
aa3378df 710/*
711 * Called after processing other sources of option data, this fills those
712 * options for which no value has been specified with their default values.
713 */
8efc0c15 714
6ae2364d 715void
5260325f 716fill_default_options(Options * options)
8efc0c15 717{
5260325f 718 if (options->forward_agent == -1)
71276795 719 options->forward_agent = 0;
5260325f 720 if (options->forward_x11 == -1)
c8d54615 721 options->forward_x11 = 0;
fa649821 722#ifdef XAUTH_PATH
723 if (options->xauth_location == NULL)
724 options->xauth_location = XAUTH_PATH;
725#endif /* XAUTH_PATH */
5260325f 726 if (options->gateway_ports == -1)
727 options->gateway_ports = 0;
728 if (options->use_privileged_port == -1)
729 options->use_privileged_port = 1;
730 if (options->rhosts_authentication == -1)
731 options->rhosts_authentication = 1;
732 if (options->rsa_authentication == -1)
733 options->rsa_authentication = 1;
fa08c86b 734 if (options->pubkey_authentication == -1)
735 options->pubkey_authentication = 1;
5260325f 736 if (options->skey_authentication == -1)
737 options->skey_authentication = 0;
8efc0c15 738#ifdef KRB4
5260325f 739 if (options->kerberos_authentication == -1)
740 options->kerberos_authentication = 1;
8efc0c15 741#endif /* KRB4 */
742#ifdef AFS
5260325f 743 if (options->kerberos_tgt_passing == -1)
744 options->kerberos_tgt_passing = 1;
745 if (options->afs_token_passing == -1)
746 options->afs_token_passing = 1;
8efc0c15 747#endif /* AFS */
5260325f 748 if (options->password_authentication == -1)
749 options->password_authentication = 1;
94ec8c6b 750 if (options->kbd_interactive_authentication == -1)
751 options->kbd_interactive_authentication = 0;
5260325f 752 if (options->rhosts_rsa_authentication == -1)
753 options->rhosts_rsa_authentication = 1;
754 if (options->fallback_to_rsh == -1)
3f7a7e4a 755 options->fallback_to_rsh = 0;
5260325f 756 if (options->use_rsh == -1)
757 options->use_rsh = 0;
758 if (options->batch_mode == -1)
759 options->batch_mode = 0;
760 if (options->check_host_ip == -1)
761 options->check_host_ip = 1;
762 if (options->strict_host_key_checking == -1)
763 options->strict_host_key_checking = 2; /* 2 is default */
764 if (options->compression == -1)
765 options->compression = 0;
766 if (options->keepalives == -1)
767 options->keepalives = 1;
768 if (options->compression_level == -1)
769 options->compression_level = 6;
770 if (options->port == -1)
771 options->port = 0; /* Filled in ssh_connect. */
772 if (options->connection_attempts == -1)
773 options->connection_attempts = 4;
774 if (options->number_of_password_prompts == -1)
775 options->number_of_password_prompts = 3;
776 /* Selected in ssh_login(). */
777 if (options->cipher == -1)
778 options->cipher = SSH_CIPHER_NOT_SET;
d0c832f3 779 /* options->ciphers, default set in myproposals.h */
a8be9f80 780 if (options->protocol == SSH_PROTO_UNKNOWN)
a306f2dd 781 options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
5260325f 782 if (options->num_identity_files == 0) {
fa08c86b 783 if (options->protocol & SSH_PROTO_1) {
784 options->identity_files[options->num_identity_files] =
785 xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
786 sprintf(options->identity_files[options->num_identity_files++],
787 "~/%.100s", SSH_CLIENT_IDENTITY);
788 }
789 if (options->protocol & SSH_PROTO_2) {
790 options->identity_files[options->num_identity_files] =
791 xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
792 sprintf(options->identity_files[options->num_identity_files++],
793 "~/%.100s", SSH_CLIENT_ID_DSA);
794 }
a306f2dd 795 }
5260325f 796 if (options->escape_char == -1)
797 options->escape_char = '~';
798 if (options->system_hostfile == NULL)
799 options->system_hostfile = SSH_SYSTEM_HOSTFILE;
800 if (options->user_hostfile == NULL)
801 options->user_hostfile = SSH_USER_HOSTFILE;
a306f2dd 802 if (options->system_hostfile2 == NULL)
803 options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
804 if (options->user_hostfile2 == NULL)
805 options->user_hostfile2 = SSH_USER_HOSTFILE2;
5260325f 806 if (options->log_level == (LogLevel) - 1)
59c97189 807 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 808 /* options->proxy_command should not be set by default */
809 /* options->user will be set in the main program if appropriate */
810 /* options->hostname will be set in the main program if appropriate */
8abcdba4 811 /* options->host_key_alias should not be set by default */
8efc0c15 812}
git-cvsimport mirror of OpenSSH
This page took 0.428775 seconds and 5 git commands to generate.