]> andersk Git - openssh.git/blame - readconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (stevesk) OpenBSD CVS updates:
[openssh.git] / readconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5260325f 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5260325f 5 * Functions for reading the configuration files.
6ae2364d 6 *
bcbf86ec 7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
5260325f 12 */
8efc0c15 13
14#include "includes.h"
fa08c86b 15RCSID("$OpenBSD: readconf.c,v 1.50 2000/11/12 19:50:37 markus Exp $");
8efc0c15 16
17#include "ssh.h"
8efc0c15 18#include "readconf.h"
7368a6c8 19#include "match.h"
8efc0c15 20#include "xmalloc.h"
a8be9f80 21#include "compat.h"
8efc0c15 22
23/* Format of the configuration file:
24
25 # Configuration data is parsed as follows:
26 # 1. command line options
27 # 2. user-specific file
28 # 3. system-wide file
29 # Any configuration value is only changed the first time it is set.
30 # Thus, host-specific definitions should be at the beginning of the
31 # configuration file, and defaults at the end.
32
33 # Host-specific declarations. These may override anything above. A single
34 # host may match multiple declarations; these are processed in the order
35 # that they are given in.
36
37 Host *.ngs.fi ngs.fi
38 FallBackToRsh no
39
40 Host fake.com
41 HostName another.host.name.real.org
42 User blaah
43 Port 34289
44 ForwardX11 no
45 ForwardAgent no
46
47 Host books.com
48 RemoteForward 9999 shadows.cs.hut.fi:9999
49 Cipher 3des
50
51 Host fascist.blob.com
52 Port 23123
53 User tylonen
54 RhostsAuthentication no
55 PasswordAuthentication no
56
57 Host puukko.hut.fi
58 User t35124p
59 ProxyCommand ssh-proxy %h %p
60
61 Host *.fr
62 UseRsh yes
63
64 Host *.su
65 Cipher none
66 PasswordAuthentication no
67
68 # Defaults for various options
69 Host *
70 ForwardAgent no
fa08c86b 71 ForwardX11 no
8efc0c15 72 RhostsAuthentication yes
73 PasswordAuthentication yes
74 RSAAuthentication yes
75 RhostsRSAAuthentication yes
76 FallBackToRsh no
77 UseRsh no
78 StrictHostKeyChecking yes
79 KeepAlives no
80 IdentityFile ~/.ssh/identity
81 Port 22
82 EscapeChar ~
83
84*/
85
86/* Keyword tokens. */
87
5260325f 88typedef enum {
89 oBadOption,
90 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
91 oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
fa649821 92 oSkeyAuthentication, oXAuthLocation,
8efc0c15 93#ifdef KRB4
5260325f 94 oKerberosAuthentication,
8efc0c15 95#endif /* KRB4 */
96#ifdef AFS
5260325f 97 oKerberosTgtPassing, oAFSTokenPassing,
8efc0c15 98#endif
5260325f 99 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
100 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
101 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
102 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
103 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
fa08c86b 104 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
105 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
94ec8c6b 106 oKbdInteractiveAuthentication, oKbdInteractiveDevices
8efc0c15 107} OpCodes;
108
109/* Textual representations of the tokens. */
110
5260325f 111static struct {
112 const char *name;
113 OpCodes opcode;
114} keywords[] = {
115 { "forwardagent", oForwardAgent },
116 { "forwardx11", oForwardX11 },
fa649821 117 { "xauthlocation", oXAuthLocation },
5260325f 118 { "gatewayports", oGatewayPorts },
119 { "useprivilegedport", oUsePrivilegedPort },
120 { "rhostsauthentication", oRhostsAuthentication },
121 { "passwordauthentication", oPasswordAuthentication },
94ec8c6b 122 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
123 { "kbdinteractivedevices", oKbdInteractiveDevices },
5260325f 124 { "rsaauthentication", oRSAAuthentication },
fa08c86b 125 { "pubkeyauthentication", oPubkeyAuthentication },
126 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
5260325f 127 { "skeyauthentication", oSkeyAuthentication },
8efc0c15 128#ifdef KRB4
5260325f 129 { "kerberosauthentication", oKerberosAuthentication },
8efc0c15 130#endif /* KRB4 */
131#ifdef AFS
5260325f 132 { "kerberostgtpassing", oKerberosTgtPassing },
133 { "afstokenpassing", oAFSTokenPassing },
8efc0c15 134#endif
5260325f 135 { "fallbacktorsh", oFallBackToRsh },
136 { "usersh", oUseRsh },
137 { "identityfile", oIdentityFile },
fa08c86b 138 { "identityfile2", oIdentityFile }, /* alias */
5260325f 139 { "hostname", oHostName },
140 { "proxycommand", oProxyCommand },
141 { "port", oPort },
142 { "cipher", oCipher },
a8be9f80 143 { "ciphers", oCiphers },
144 { "protocol", oProtocol },
5260325f 145 { "remoteforward", oRemoteForward },
146 { "localforward", oLocalForward },
147 { "user", oUser },
148 { "host", oHost },
149 { "escapechar", oEscapeChar },
150 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
151 { "globalknownhostsfile", oGlobalKnownHostsFile },
152 { "userknownhostsfile", oUserKnownHostsFile },
a306f2dd 153 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
154 { "userknownhostsfile2", oUserKnownHostsFile2 },
5260325f 155 { "connectionattempts", oConnectionAttempts },
156 { "batchmode", oBatchMode },
157 { "checkhostip", oCheckHostIP },
158 { "stricthostkeychecking", oStrictHostKeyChecking },
159 { "compression", oCompression },
160 { "compressionlevel", oCompressionLevel },
161 { "keepalive", oKeepAlives },
162 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
163 { "tisauthentication", oTISAuthentication },
164 { "loglevel", oLogLevel },
165 { NULL, 0 }
6a17f9c2 166};
167
aa3378df 168/*
169 * Adds a local TCP/IP port forward to options. Never returns if there is an
170 * error.
171 */
8efc0c15 172
6ae2364d 173void
57112b5a 174add_local_forward(Options *options, u_short port, const char *host,
175 u_short host_port)
8efc0c15 176{
5260325f 177 Forward *fwd;
3c62e7eb 178#ifndef HAVE_CYGWIN
5260325f 179 extern uid_t original_real_uid;
5260325f 180 if (port < IPPORT_RESERVED && original_real_uid != 0)
181 fatal("Privileged ports can only be forwarded by root.\n");
3c62e7eb 182#endif
5260325f 183 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
184 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
185 fwd = &options->local_forwards[options->num_local_forwards++];
186 fwd->port = port;
187 fwd->host = xstrdup(host);
188 fwd->host_port = host_port;
8efc0c15 189}
190
aa3378df 191/*
192 * Adds a remote TCP/IP port forward to options. Never returns if there is
193 * an error.
194 */
8efc0c15 195
6ae2364d 196void
57112b5a 197add_remote_forward(Options *options, u_short port, const char *host,
198 u_short host_port)
8efc0c15 199{
5260325f 200 Forward *fwd;
201 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
202 fatal("Too many remote forwards (max %d).",
203 SSH_MAX_FORWARDS_PER_DIRECTION);
204 fwd = &options->remote_forwards[options->num_remote_forwards++];
205 fwd->port = port;
206 fwd->host = xstrdup(host);
207 fwd->host_port = host_port;
8efc0c15 208}
209
aa3378df 210/*
211 * Returns the number of the token pointed to by cp of length len. Never
212 * returns if the token is not known.
213 */
8efc0c15 214
6ae2364d 215static OpCodes
5260325f 216parse_token(const char *cp, const char *filename, int linenum)
8efc0c15 217{
5260325f 218 unsigned int i;
8efc0c15 219
5260325f 220 for (i = 0; keywords[i].name; i++)
aa3378df 221 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 222 return keywords[i].opcode;
8efc0c15 223
5260325f 224 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
225 filename, linenum, cp);
226 return oBadOption;
8efc0c15 227}
228
aa3378df 229/*
230 * Processes a single option line as used in the configuration files. This
231 * only sets those values that have not already been set.
232 */
8efc0c15 233
e7c0f9d5 234int
235process_config_line(Options *options, const char *host,
5260325f 236 char *line, const char *filename, int linenum,
237 int *activep)
8efc0c15 238{
089fbbd2 239 char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
57112b5a 240 int opcode, *intptr, value;
241 u_short fwd_port, fwd_host_port;
5260325f 242
704b1659 243 s = line;
244 /* Get the keyword. (Each line is supposed to begin with a keyword). */
245 keyword = strdelim(&s);
246 /* Ignore leading whitespace. */
247 if (*keyword == '\0')
248 keyword = strdelim(&s);
249 if (!*keyword || *keyword == '\n' || *keyword == '#')
5260325f 250 return 0;
251
089fbbd2 252 opcode = parse_token(keyword, filename, linenum);
5260325f 253
254 switch (opcode) {
255 case oBadOption:
aa3378df 256 /* don't panic, but count bad options */
257 return -1;
5260325f 258 /* NOTREACHED */
259 case oForwardAgent:
260 intptr = &options->forward_agent;
261parse_flag:
704b1659 262 arg = strdelim(&s);
089fbbd2 263 if (!arg || *arg == '\0')
5260325f 264 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
265 value = 0; /* To avoid compiler warning... */
089fbbd2 266 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 267 value = 1;
089fbbd2 268 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 269 value = 0;
270 else
271 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
272 if (*activep && *intptr == -1)
273 *intptr = value;
274 break;
275
276 case oForwardX11:
277 intptr = &options->forward_x11;
278 goto parse_flag;
279
280 case oGatewayPorts:
281 intptr = &options->gateway_ports;
282 goto parse_flag;
283
284 case oUsePrivilegedPort:
285 intptr = &options->use_privileged_port;
286 goto parse_flag;
287
288 case oRhostsAuthentication:
289 intptr = &options->rhosts_authentication;
290 goto parse_flag;
291
292 case oPasswordAuthentication:
293 intptr = &options->password_authentication;
294 goto parse_flag;
295
94ec8c6b 296 case oKbdInteractiveAuthentication:
297 intptr = &options->kbd_interactive_authentication;
298 goto parse_flag;
299
300 case oKbdInteractiveDevices:
301 charptr = &options->kbd_interactive_devices;
302 goto parse_string;
303
fa08c86b 304 case oPubkeyAuthentication:
305 intptr = &options->pubkey_authentication;
1d1ffb87 306 goto parse_flag;
307
5260325f 308 case oRSAAuthentication:
309 intptr = &options->rsa_authentication;
310 goto parse_flag;
311
312 case oRhostsRSAAuthentication:
313 intptr = &options->rhosts_rsa_authentication;
314 goto parse_flag;
315
316 case oTISAuthentication:
317 /* fallthrough, there is no difference on the client side */
318 case oSkeyAuthentication:
319 intptr = &options->skey_authentication;
320 goto parse_flag;
8efc0c15 321
322#ifdef KRB4
5260325f 323 case oKerberosAuthentication:
324 intptr = &options->kerberos_authentication;
325 goto parse_flag;
8efc0c15 326#endif /* KRB4 */
327
328#ifdef AFS
5260325f 329 case oKerberosTgtPassing:
330 intptr = &options->kerberos_tgt_passing;
331 goto parse_flag;
8efc0c15 332
5260325f 333 case oAFSTokenPassing:
334 intptr = &options->afs_token_passing;
335 goto parse_flag;
8efc0c15 336#endif
5260325f 337
338 case oFallBackToRsh:
339 intptr = &options->fallback_to_rsh;
340 goto parse_flag;
341
342 case oUseRsh:
343 intptr = &options->use_rsh;
344 goto parse_flag;
345
346 case oBatchMode:
347 intptr = &options->batch_mode;
348 goto parse_flag;
349
350 case oCheckHostIP:
351 intptr = &options->check_host_ip;
352 goto parse_flag;
353
354 case oStrictHostKeyChecking:
355 intptr = &options->strict_host_key_checking;
704b1659 356 arg = strdelim(&s);
089fbbd2 357 if (!arg || *arg == '\0')
5260325f 358 fatal("%.200s line %d: Missing yes/no argument.",
359 filename, linenum);
360 value = 0; /* To avoid compiler warning... */
089fbbd2 361 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
5260325f 362 value = 1;
089fbbd2 363 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
5260325f 364 value = 0;
089fbbd2 365 else if (strcmp(arg, "ask") == 0)
5260325f 366 value = 2;
367 else
368 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
369 if (*activep && *intptr == -1)
370 *intptr = value;
371 break;
372
373 case oCompression:
374 intptr = &options->compression;
375 goto parse_flag;
376
377 case oKeepAlives:
378 intptr = &options->keepalives;
379 goto parse_flag;
380
381 case oNumberOfPasswordPrompts:
382 intptr = &options->number_of_password_prompts;
383 goto parse_int;
384
385 case oCompressionLevel:
386 intptr = &options->compression_level;
387 goto parse_int;
388
389 case oIdentityFile:
704b1659 390 arg = strdelim(&s);
089fbbd2 391 if (!arg || *arg == '\0')
5260325f 392 fatal("%.200s line %d: Missing argument.", filename, linenum);
393 if (*activep) {
fa08c86b 394 intptr = &options->num_identity_files;
a306f2dd 395 if (*intptr >= SSH_MAX_IDENTITY_FILES)
5260325f 396 fatal("%.200s line %d: Too many identity files specified (max %d).",
397 filename, linenum, SSH_MAX_IDENTITY_FILES);
fa08c86b 398 charptr = &options->identity_files[*intptr];
089fbbd2 399 *charptr = xstrdup(arg);
a306f2dd 400 *intptr = *intptr + 1;
5260325f 401 }
402 break;
403
fa649821 404 case oXAuthLocation:
405 charptr=&options->xauth_location;
406 goto parse_string;
407
5260325f 408 case oUser:
409 charptr = &options->user;
410parse_string:
704b1659 411 arg = strdelim(&s);
089fbbd2 412 if (!arg || *arg == '\0')
5260325f 413 fatal("%.200s line %d: Missing argument.", filename, linenum);
414 if (*activep && *charptr == NULL)
089fbbd2 415 *charptr = xstrdup(arg);
5260325f 416 break;
417
418 case oGlobalKnownHostsFile:
419 charptr = &options->system_hostfile;
420 goto parse_string;
421
422 case oUserKnownHostsFile:
423 charptr = &options->user_hostfile;
424 goto parse_string;
425
a306f2dd 426 case oGlobalKnownHostsFile2:
427 charptr = &options->system_hostfile2;
428 goto parse_string;
429
430 case oUserKnownHostsFile2:
431 charptr = &options->user_hostfile2;
432 goto parse_string;
433
5260325f 434 case oHostName:
435 charptr = &options->hostname;
436 goto parse_string;
437
438 case oProxyCommand:
439 charptr = &options->proxy_command;
440 string = xstrdup("");
704b1659 441 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
089fbbd2 442 string = xrealloc(string, strlen(string) + strlen(arg) + 2);
5260325f 443 strcat(string, " ");
089fbbd2 444 strcat(string, arg);
5260325f 445 }
446 if (*activep && *charptr == NULL)
447 *charptr = string;
448 else
449 xfree(string);
450 return 0;
451
452 case oPort:
453 intptr = &options->port;
454parse_int:
704b1659 455 arg = strdelim(&s);
089fbbd2 456 if (!arg || *arg == '\0')
5260325f 457 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 458 if (arg[0] < '0' || arg[0] > '9')
5260325f 459 fatal("%.200s line %d: Bad number.", filename, linenum);
aa3378df 460
461 /* Octal, decimal, or hex format? */
089fbbd2 462 value = strtol(arg, &endofnumber, 0);
463 if (arg == endofnumber)
aa3378df 464 fatal("%.200s line %d: Bad number.", filename, linenum);
5260325f 465 if (*activep && *intptr == -1)
466 *intptr = value;
467 break;
468
469 case oConnectionAttempts:
470 intptr = &options->connection_attempts;
471 goto parse_int;
472
473 case oCipher:
474 intptr = &options->cipher;
704b1659 475 arg = strdelim(&s);
089fbbd2 476 if (!arg || *arg == '\0')
71276795 477 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 478 value = cipher_number(arg);
5260325f 479 if (value == -1)
480 fatal("%.200s line %d: Bad cipher '%s'.",
089fbbd2 481 filename, linenum, arg ? arg : "<NONE>");
5260325f 482 if (*activep && *intptr == -1)
483 *intptr = value;
484 break;
485
a8be9f80 486 case oCiphers:
704b1659 487 arg = strdelim(&s);
089fbbd2 488 if (!arg || *arg == '\0')
71276795 489 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 490 if (!ciphers_valid(arg))
d0c832f3 491 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 492 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 493 if (*activep && options->ciphers == NULL)
089fbbd2 494 options->ciphers = xstrdup(arg);
a8be9f80 495 break;
496
497 case oProtocol:
498 intptr = &options->protocol;
704b1659 499 arg = strdelim(&s);
089fbbd2 500 if (!arg || *arg == '\0')
71276795 501 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 502 value = proto_spec(arg);
a8be9f80 503 if (value == SSH_PROTO_UNKNOWN)
504 fatal("%.200s line %d: Bad protocol spec '%s'.",
089fbbd2 505 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 506 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
507 *intptr = value;
508 break;
509
5260325f 510 case oLogLevel:
511 intptr = (int *) &options->log_level;
704b1659 512 arg = strdelim(&s);
089fbbd2 513 value = log_level_number(arg);
5260325f 514 if (value == (LogLevel) - 1)
515 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 516 filename, linenum, arg ? arg : "<NONE>");
5260325f 517 if (*activep && (LogLevel) * intptr == -1)
518 *intptr = (LogLevel) value;
519 break;
520
521 case oRemoteForward:
704b1659 522 arg = strdelim(&s);
089fbbd2 523 if (!arg || *arg == '\0')
5260325f 524 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 525 if (arg[0] < '0' || arg[0] > '9')
5260325f 526 fatal("%.200s line %d: Badly formatted port number.",
527 filename, linenum);
089fbbd2 528 fwd_port = atoi(arg);
704b1659 529 arg = strdelim(&s);
089fbbd2 530 if (!arg || *arg == '\0')
5260325f 531 fatal("%.200s line %d: Missing second argument.",
532 filename, linenum);
089fbbd2 533 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 534 fatal("%.200s line %d: Badly formatted host:port.",
535 filename, linenum);
536 if (*activep)
537 add_remote_forward(options, fwd_port, buf, fwd_host_port);
538 break;
539
540 case oLocalForward:
704b1659 541 arg = strdelim(&s);
089fbbd2 542 if (!arg || *arg == '\0')
5260325f 543 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 544 if (arg[0] < '0' || arg[0] > '9')
5260325f 545 fatal("%.200s line %d: Badly formatted port number.",
546 filename, linenum);
089fbbd2 547 fwd_port = atoi(arg);
704b1659 548 arg = strdelim(&s);
089fbbd2 549 if (!arg || *arg == '\0')
5260325f 550 fatal("%.200s line %d: Missing second argument.",
551 filename, linenum);
089fbbd2 552 if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
5260325f 553 fatal("%.200s line %d: Badly formatted host:port.",
554 filename, linenum);
555 if (*activep)
556 add_local_forward(options, fwd_port, buf, fwd_host_port);
557 break;
558
559 case oHost:
560 *activep = 0;
704b1659 561 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
089fbbd2 562 if (match_pattern(host, arg)) {
563 debug("Applying options for %.100s", arg);
5260325f 564 *activep = 1;
565 break;
566 }
704b1659 567 /* Avoid garbage check below, as strdelim is done. */
5260325f 568 return 0;
569
570 case oEscapeChar:
571 intptr = &options->escape_char;
704b1659 572 arg = strdelim(&s);
089fbbd2 573 if (!arg || *arg == '\0')
5260325f 574 fatal("%.200s line %d: Missing argument.", filename, linenum);
089fbbd2 575 if (arg[0] == '^' && arg[2] == 0 &&
576 (unsigned char) arg[1] >= 64 && (unsigned char) arg[1] < 128)
577 value = (unsigned char) arg[1] & 31;
578 else if (strlen(arg) == 1)
579 value = (unsigned char) arg[0];
580 else if (strcmp(arg, "none") == 0)
5260325f 581 value = -2;
582 else {
583 fatal("%.200s line %d: Bad escape character.",
584 filename, linenum);
585 /* NOTREACHED */
586 value = 0; /* Avoid compiler warning. */
587 }
588 if (*activep && *intptr == -1)
589 *intptr = value;
590 break;
591
592 default:
593 fatal("process_config_line: Unimplemented opcode %d", opcode);
594 }
595
596 /* Check that there is no garbage at end of line. */
704b1659 597 if ((arg = strdelim(&s)) != NULL && *arg != '\0')
089fbbd2 598 {
599 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
600 filename, linenum, arg);
601 }
5260325f 602 return 0;
8efc0c15 603}
604
605
aa3378df 606/*
607 * Reads the config file and modifies the options accordingly. Options
608 * should already be initialized before this call. This never returns if
609 * there is an error. If the file does not exist, this returns immediately.
610 */
8efc0c15 611
6ae2364d 612void
5260325f 613read_config_file(const char *filename, const char *host, Options *options)
8efc0c15 614{
5260325f 615 FILE *f;
616 char line[1024];
617 int active, linenum;
618 int bad_options = 0;
619
620 /* Open the file. */
621 f = fopen(filename, "r");
622 if (!f)
623 return;
624
625 debug("Reading configuration data %.200s", filename);
626
aa3378df 627 /*
628 * Mark that we are now processing the options. This flag is turned
629 * on/off by Host specifications.
630 */
5260325f 631 active = 1;
632 linenum = 0;
633 while (fgets(line, sizeof(line), f)) {
634 /* Update line number counter. */
635 linenum++;
636 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
637 bad_options++;
638 }
639 fclose(f);
640 if (bad_options > 0)
641 fatal("%s: terminating, %d bad configuration options\n",
642 filename, bad_options);
8efc0c15 643}
644
aa3378df 645/*
646 * Initializes options to special values that indicate that they have not yet
647 * been set. Read_config_file will only set options with this value. Options
648 * are processed in the following order: command line, user config file,
649 * system config file. Last, fill_default_options is called.
650 */
8efc0c15 651
6ae2364d 652void
5260325f 653initialize_options(Options * options)
8efc0c15 654{
5260325f 655 memset(options, 'X', sizeof(*options));
656 options->forward_agent = -1;
657 options->forward_x11 = -1;
fa649821 658 options->xauth_location = NULL;
5260325f 659 options->gateway_ports = -1;
660 options->use_privileged_port = -1;
661 options->rhosts_authentication = -1;
662 options->rsa_authentication = -1;
fa08c86b 663 options->pubkey_authentication = -1;
5260325f 664 options->skey_authentication = -1;
8efc0c15 665#ifdef KRB4
5260325f 666 options->kerberos_authentication = -1;
8efc0c15 667#endif
668#ifdef AFS
5260325f 669 options->kerberos_tgt_passing = -1;
670 options->afs_token_passing = -1;
8efc0c15 671#endif
5260325f 672 options->password_authentication = -1;
94ec8c6b 673 options->kbd_interactive_authentication = -1;
674 options->kbd_interactive_devices = NULL;
5260325f 675 options->rhosts_rsa_authentication = -1;
676 options->fallback_to_rsh = -1;
677 options->use_rsh = -1;
678 options->batch_mode = -1;
679 options->check_host_ip = -1;
680 options->strict_host_key_checking = -1;
681 options->compression = -1;
682 options->keepalives = -1;
683 options->compression_level = -1;
684 options->port = -1;
685 options->connection_attempts = -1;
686 options->number_of_password_prompts = -1;
687 options->cipher = -1;
a8be9f80 688 options->ciphers = NULL;
689 options->protocol = SSH_PROTO_UNKNOWN;
5260325f 690 options->num_identity_files = 0;
691 options->hostname = NULL;
692 options->proxy_command = NULL;
693 options->user = NULL;
694 options->escape_char = -1;
695 options->system_hostfile = NULL;
696 options->user_hostfile = NULL;
a306f2dd 697 options->system_hostfile2 = NULL;
698 options->user_hostfile2 = NULL;
5260325f 699 options->num_local_forwards = 0;
700 options->num_remote_forwards = 0;
701 options->log_level = (LogLevel) - 1;
8efc0c15 702}
703
aa3378df 704/*
705 * Called after processing other sources of option data, this fills those
706 * options for which no value has been specified with their default values.
707 */
8efc0c15 708
6ae2364d 709void
5260325f 710fill_default_options(Options * options)
8efc0c15 711{
5260325f 712 if (options->forward_agent == -1)
71276795 713 options->forward_agent = 0;
5260325f 714 if (options->forward_x11 == -1)
c8d54615 715 options->forward_x11 = 0;
fa649821 716#ifdef XAUTH_PATH
717 if (options->xauth_location == NULL)
718 options->xauth_location = XAUTH_PATH;
719#endif /* XAUTH_PATH */
5260325f 720 if (options->gateway_ports == -1)
721 options->gateway_ports = 0;
722 if (options->use_privileged_port == -1)
723 options->use_privileged_port = 1;
724 if (options->rhosts_authentication == -1)
725 options->rhosts_authentication = 1;
726 if (options->rsa_authentication == -1)
727 options->rsa_authentication = 1;
fa08c86b 728 if (options->pubkey_authentication == -1)
729 options->pubkey_authentication = 1;
5260325f 730 if (options->skey_authentication == -1)
731 options->skey_authentication = 0;
8efc0c15 732#ifdef KRB4
5260325f 733 if (options->kerberos_authentication == -1)
734 options->kerberos_authentication = 1;
8efc0c15 735#endif /* KRB4 */
736#ifdef AFS
5260325f 737 if (options->kerberos_tgt_passing == -1)
738 options->kerberos_tgt_passing = 1;
739 if (options->afs_token_passing == -1)
740 options->afs_token_passing = 1;
8efc0c15 741#endif /* AFS */
5260325f 742 if (options->password_authentication == -1)
743 options->password_authentication = 1;
94ec8c6b 744 if (options->kbd_interactive_authentication == -1)
745 options->kbd_interactive_authentication = 0;
5260325f 746 if (options->rhosts_rsa_authentication == -1)
747 options->rhosts_rsa_authentication = 1;
748 if (options->fallback_to_rsh == -1)
3f7a7e4a 749 options->fallback_to_rsh = 0;
5260325f 750 if (options->use_rsh == -1)
751 options->use_rsh = 0;
752 if (options->batch_mode == -1)
753 options->batch_mode = 0;
754 if (options->check_host_ip == -1)
755 options->check_host_ip = 1;
756 if (options->strict_host_key_checking == -1)
757 options->strict_host_key_checking = 2; /* 2 is default */
758 if (options->compression == -1)
759 options->compression = 0;
760 if (options->keepalives == -1)
761 options->keepalives = 1;
762 if (options->compression_level == -1)
763 options->compression_level = 6;
764 if (options->port == -1)
765 options->port = 0; /* Filled in ssh_connect. */
766 if (options->connection_attempts == -1)
767 options->connection_attempts = 4;
768 if (options->number_of_password_prompts == -1)
769 options->number_of_password_prompts = 3;
770 /* Selected in ssh_login(). */
771 if (options->cipher == -1)
772 options->cipher = SSH_CIPHER_NOT_SET;
d0c832f3 773 /* options->ciphers, default set in myproposals.h */
a8be9f80 774 if (options->protocol == SSH_PROTO_UNKNOWN)
a306f2dd 775 options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
5260325f 776 if (options->num_identity_files == 0) {
fa08c86b 777 if (options->protocol & SSH_PROTO_1) {
778 options->identity_files[options->num_identity_files] =
779 xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
780 sprintf(options->identity_files[options->num_identity_files++],
781 "~/%.100s", SSH_CLIENT_IDENTITY);
782 }
783 if (options->protocol & SSH_PROTO_2) {
784 options->identity_files[options->num_identity_files] =
785 xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
786 sprintf(options->identity_files[options->num_identity_files++],
787 "~/%.100s", SSH_CLIENT_ID_DSA);
788 }
a306f2dd 789 }
5260325f 790 if (options->escape_char == -1)
791 options->escape_char = '~';
792 if (options->system_hostfile == NULL)
793 options->system_hostfile = SSH_SYSTEM_HOSTFILE;
794 if (options->user_hostfile == NULL)
795 options->user_hostfile = SSH_USER_HOSTFILE;
a306f2dd 796 if (options->system_hostfile2 == NULL)
797 options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
798 if (options->user_hostfile2 == NULL)
799 options->user_hostfile2 = SSH_USER_HOSTFILE2;
5260325f 800 if (options->log_level == (LogLevel) - 1)
801 options->log_level = SYSLOG_LEVEL_INFO;
802 /* options->proxy_command should not be set by default */
803 /* options->user will be set in the main program if appropriate */
804 /* options->hostname will be set in the main program if appropriate */
8efc0c15 805}
git-cvsimport mirror of OpenSSH
This page took 0.248646 seconds and 5 git commands to generate.