+/* $OpenBSD: readconf.c,v 1.182 2010/01/09 23:04:13 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.147 2006/02/20 17:19:54 stevesk Exp $");
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
-#include "ssh.h"
#include "xmalloc.h"
+#include "ssh.h"
#include "compat.h"
#include "cipher.h"
#include "pathnames.h"
#include "log.h"
+#include "key.h"
#include "readconf.h"
#include "match.h"
#include "misc.h"
+#include "buffer.h"
#include "kex.h"
#include "mac.h"
typedef enum {
oBadOption,
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
+ oExitOnForwardFailure,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
oDeprecated, oUnsupported
} OpCodes;
{ "forwardagent", oForwardAgent },
{ "forwardx11", oForwardX11 },
{ "forwardx11trusted", oForwardX11Trusted },
+ { "exitonforwardfailure", oExitOnForwardFailure },
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
- { "identityfile2", oIdentityFile }, /* alias */
+ { "identityfile2", oIdentityFile }, /* obsolete */
{ "identitiesonly", oIdentitiesOnly },
{ "hostname", oHostName },
{ "hostkeyalias", oHostKeyAlias },
{ "host", oHost },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
- { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
- { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
+ { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
+ { "userknownhostsfile", oUserKnownHostsFile },
{ "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
{ "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode },
{ "tunneldevice", oTunnelDevice },
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
+ { "visualhostkey", oVisualHostKey },
+ { "useroaming", oUseRoaming },
+#ifdef JPAKE
+ { "zeroknowledgepasswordauthentication",
+ oZeroKnowledgePasswordAuthentication },
+#else
+ { "zeroknowledgepasswordauthentication", oUnsupported },
+#endif
+
{ NULL, oBadOption }
};
fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
fwd = &options->local_forwards[options->num_local_forwards++];
- fwd->listen_host = (newfwd->listen_host == NULL) ?
- NULL : xstrdup(newfwd->listen_host);
+ fwd->listen_host = newfwd->listen_host;
fwd->listen_port = newfwd->listen_port;
- fwd->connect_host = xstrdup(newfwd->connect_host);
+ fwd->connect_host = newfwd->connect_host;
fwd->connect_port = newfwd->connect_port;
}
SSH_MAX_FORWARDS_PER_DIRECTION);
fwd = &options->remote_forwards[options->num_remote_forwards++];
- fwd->listen_host = (newfwd->listen_host == NULL) ?
- NULL : xstrdup(newfwd->listen_host);
+ fwd->listen_host = newfwd->listen_host;
fwd->listen_port = newfwd->listen_port;
- fwd->connect_host = xstrdup(newfwd->connect_host);
+ fwd->connect_host = newfwd->connect_host;
fwd->connect_port = newfwd->connect_port;
}
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
int opcode, *intptr, value, value2, scale;
+ LogLevel *log_level_ptr;
long long orig, val64;
size_t len;
Forward fwd;
s = line;
/* Get the keyword. (Each line is supposed to begin with a keyword). */
- keyword = strdelim(&s);
+ if ((keyword = strdelim(&s)) == NULL)
+ return 0;
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
if ((value = convtime(arg)) == -1)
fatal("%s line %d: invalid time value.",
filename, linenum);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
intptr = &options->gateway_ports;
goto parse_flag;
+ case oExitOnForwardFailure:
+ intptr = &options->exit_on_forward_failure;
+ goto parse_flag;
+
case oUsePrivilegedPort:
intptr = &options->use_privileged_port;
goto parse_flag;
intptr = &options->password_authentication;
goto parse_flag;
+ case oZeroKnowledgePasswordAuthentication:
+ intptr = &options->zero_knowledge_password_authentication;
+ goto parse_flag;
+
case oKbdInteractiveAuthentication:
intptr = &options->kbd_interactive_authentication;
goto parse_flag;
goto parse_int;
case oRekeyLimit:
- intptr = &options->rekey_limit;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
}
val64 *= scale;
/* detect integer wrap and too-large limits */
- if ((val64 / scale) != orig || val64 > INT_MAX)
+ if ((val64 / scale) != orig || val64 > UINT_MAX)
fatal("%.200s line %d: RekeyLimit too large",
filename, linenum);
if (val64 < 16)
fatal("%.200s line %d: RekeyLimit too small",
filename, linenum);
- if (*activep && *intptr == -1)
- *intptr = (int)val64;
+ if (*activep && options->rekey_limit == -1)
+ options->rekey_limit = (u_int32_t)val64;
break;
case oIdentityFile:
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
- charptr = &options->identity_files[*intptr];
+ charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
}
break;
case oLogLevel:
- intptr = (int *) &options->log_level;
+ log_level_ptr = &options->log_level;
arg = strdelim(&s);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)
fatal("%.200s line %d: unsupported log level '%s'",
filename, linenum, arg ? arg : "<NONE>");
- if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
- *intptr = (LogLevel) value;
+ if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
+ *log_level_ptr = (LogLevel) value;
break;
case oLocalForward:
case oRemoteForward:
+ case oDynamicForward:
arg = strdelim(&s);
if (arg == NULL || *arg == '\0')
fatal("%.200s line %d: Missing port argument.",
filename, linenum);
- arg2 = strdelim(&s);
- if (arg2 == NULL || *arg2 == '\0')
- fatal("%.200s line %d: Missing target argument.",
- filename, linenum);
- /* construct a string for parse_forward */
- snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+ if (opcode == oLocalForward ||
+ opcode == oRemoteForward) {
+ arg2 = strdelim(&s);
+ if (arg2 == NULL || *arg2 == '\0')
+ fatal("%.200s line %d: Missing target argument.",
+ filename, linenum);
+
+ /* construct a string for parse_forward */
+ snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+ } else if (opcode == oDynamicForward) {
+ strlcpy(fwdarg, arg, sizeof(fwdarg));
+ }
- if (parse_forward(&fwd, fwdarg) == 0)
+ if (parse_forward(&fwd, fwdarg,
+ opcode == oDynamicForward ? 1 : 0,
+ opcode == oRemoteForward ? 1 : 0) == 0)
fatal("%.200s line %d: Bad forwarding specification.",
filename, linenum);
if (*activep) {
- if (opcode == oLocalForward)
+ if (opcode == oLocalForward ||
+ opcode == oDynamicForward)
add_local_forward(options, &fwd);
else if (opcode == oRemoteForward)
add_remote_forward(options, &fwd);
}
break;
- case oDynamicForward:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing port argument.",
- filename, linenum);
- memset(&fwd, '\0', sizeof(fwd));
- fwd.connect_host = "socks";
- fwd.listen_host = hpdelim(&arg);
- if (fwd.listen_host == NULL ||
- strlen(fwd.listen_host) >= NI_MAXHOST)
- fatal("%.200s line %d: Bad forwarding specification.",
- filename, linenum);
- if (arg) {
- fwd.listen_port = a2port(arg);
- fwd.listen_host = cleanhostname(fwd.listen_host);
- } else {
- fwd.listen_port = a2port(fwd.listen_host);
- fwd.listen_host = NULL;
- }
- if (fwd.listen_port == 0)
- fatal("%.200s line %d: Badly formatted port number.",
- filename, linenum);
- if (*activep)
- add_local_forward(options, &fwd);
- break;
-
case oClearAllForwardings:
intptr = &options->clear_forwardings;
goto parse_flag;
intptr = &options->permit_local_command;
goto parse_flag;
+ case oVisualHostKey:
+ intptr = &options->visual_host_key;
+ goto parse_flag;
+
+ case oUseRoaming:
+ intptr = &options->use_roaming;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
int active, linenum;
int bad_options = 0;
- /* Open the file. */
if ((f = fopen(filename, "r")) == NULL)
return 0;
options->forward_agent = -1;
options->forward_x11 = -1;
options->forward_x11_trusted = -1;
+ options->exit_on_forward_failure = -1;
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
+ options->use_roaming = -1;
+ options->visual_host_key = -1;
+ options->zero_knowledge_password_authentication = -1;
}
/*
options->forward_x11 = 0;
if (options->forward_x11_trusted == -1)
options->forward_x11_trusted = 0;
+ if (options->exit_on_forward_failure == -1)
+ options->exit_on_forward_failure = 0;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
if (options->gateway_ports == -1)
/* options->macs, default set in myproposals.h */
/* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
- options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+ options->protocol = SSH_PROTO_2;
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
+ if (options->use_roaming == -1)
+ options->use_roaming = 1;
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
+ if (options->zero_knowledge_password_authentication == -1)
+ options->zero_knowledge_password_authentication = 0;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/*
* parse_forward
* parses a string containing a port forwarding specification of the form:
+ * dynamicfwd == 0
* [listenhost:]listenport:connecthost:connectport
+ * dynamicfwd == 1
+ * [listenhost:]listenport
* returns number of arguments parsed or zero on error
*/
int
-parse_forward(Forward *fwd, const char *fwdspec)
+parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
{
int i;
char *p, *cp, *fwdarg[4];
cp = p = xstrdup(fwdspec);
/* skip leading spaces */
- while (*cp && isspace(*cp))
+ while (isspace(*cp))
cp++;
for (i = 0; i < 4; ++i)
if ((fwdarg[i] = hpdelim(&cp)) == NULL)
break;
- /* Check for trailing garbage in 4-arg case*/
+ /* Check for trailing garbage */
if (cp != NULL)
i = 0; /* failure */
switch (i) {
+ case 1:
+ fwd->listen_host = NULL;
+ fwd->listen_port = a2port(fwdarg[0]);
+ fwd->connect_host = xstrdup("socks");
+ break;
+
+ case 2:
+ fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
+ fwd->listen_port = a2port(fwdarg[1]);
+ fwd->connect_host = xstrdup("socks");
+ break;
+
case 3:
fwd->listen_host = NULL;
fwd->listen_port = a2port(fwdarg[0]);
xfree(p);
- if (fwd->listen_port == 0 && fwd->connect_port == 0)
+ if (dynamicfwd) {
+ if (!(i == 1 || i == 2))
+ goto fail_free;
+ } else {
+ if (!(i == 3 || i == 4))
+ goto fail_free;
+ if (fwd->connect_port <= 0)
+ goto fail_free;
+ }
+
+ if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
goto fail_free;
if (fwd->connect_host != NULL &&
strlen(fwd->connect_host) >= NI_MAXHOST)
goto fail_free;
+ if (fwd->listen_host != NULL &&
+ strlen(fwd->listen_host) >= NI_MAXHOST)
+ goto fail_free;
+
return (i);
fail_free:
- if (fwd->connect_host != NULL)
+ if (fwd->connect_host != NULL) {
xfree(fwd->connect_host);
- if (fwd->listen_host != NULL)
+ fwd->connect_host = NULL;
+ }
+ if (fwd->listen_host != NULL) {
xfree(fwd->listen_host);
+ fwd->listen_host = NULL;
+ }
return (0);
}