*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.78 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.90 2001/09/19 19:24:18 stevesk Exp $");
#include "ssh.h"
#include "xmalloc.h"
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
oChallengeResponseAuthentication, oXAuthLocation,
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
oKerberosAuthentication,
-#endif /* KRB4 */
+#endif
+#if defined(AFS) || defined(KRB5)
+ oKerberosTgtPassing,
+#endif
#ifdef AFS
- oKerberosTgtPassing, oAFSTokenPassing,
+ oAFSTokenPassing,
#endif
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
- oHostKeyAlgorithms, oBindAddress
+ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
+ oClearAllForwardings
} OpCodes;
/* Textual representations of the tokens. */
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
{ "kerberosauthentication", oKerberosAuthentication },
-#endif /* KRB4 */
-#ifdef AFS
+#endif
+#if defined(AFS) || defined(KRB5)
{ "kerberostgtpassing", oKerberosTgtPassing },
+#endif
+#ifdef AFS
{ "afstokenpassing", oAFSTokenPassing },
#endif
{ "fallbacktorsh", oFallBackToRsh },
{ "host", oHost },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
- { "userknownhostsfile", oUserKnownHostsFile },
+ { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },
- { "userknownhostsfile2", oUserKnownHostsFile2 },
+ { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
{ "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode },
{ "checkhostip", oCheckHostIP },
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+ { "smartcarddevice", oSmartcardDevice },
+ { "clearallforwardings", oClearAllForwardings },
{ NULL, 0 }
};
fwd->host_port = host_port;
}
+static void
+clear_forwardings(Options *options)
+{
+ int i;
+
+ for (i = 0; i < options->num_local_forwards; i++)
+ xfree(options->local_forwards[i].host);
+ options->num_local_forwards = 0;
+ for (i = 0; i < options->num_remote_forwards; i++)
+ xfree(options->remote_forwards[i].host);
+ options->num_remote_forwards = 0;
+}
+
/*
* Returns the number of the token pointed to by cp or oBadOption.
*/
char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
int opcode, *intptr, value;
u_short fwd_port, fwd_host_port;
+ char sfwd_host_port[6];
s = line;
/* Get the keyword. (Each line is supposed to begin with a keyword). */
case oChallengeResponseAuthentication:
intptr = &options->challenge_response_authentication;
goto parse_flag;
-
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
case oKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
-#endif /* KRB4 */
-
-#ifdef AFS
+#endif
+#if defined(AFS) || defined(KRB5)
case oKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
-
+#endif
+#ifdef AFS
case oAFSTokenPassing:
intptr = &options->afs_token_passing;
goto parse_flag;
#endif
-
case oFallBackToRsh:
intptr = &options->fallback_to_rsh;
goto parse_flag;
charptr = &options->bind_address;
goto parse_string;
+ case oSmartcardDevice:
+ charptr = &options->smartcard_device;
+ goto parse_string;
+
case oProxyCommand:
charptr = &options->proxy_command;
string = xstrdup("");
*intptr = (LogLevel) value;
break;
- case oRemoteForward:
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
- fwd_port = a2port(arg);
- if (fwd_port == 0)
- fatal("%.200s line %d: Badly formatted port number.",
- filename, linenum);
- arg = strdelim(&s);
- if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing second argument.",
- filename, linenum);
- if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
- fatal("%.200s line %d: Badly formatted host:port.",
- filename, linenum);
- if (*activep)
- add_remote_forward(options, fwd_port, buf, fwd_host_port);
- break;
-
case oLocalForward:
+ case oRemoteForward:
arg = strdelim(&s);
if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
- fwd_port = a2port(arg);
- if (fwd_port == 0)
- fatal("%.200s line %d: Badly formatted port number.",
- filename, linenum);
+ fatal("%.200s line %d: Missing port argument.",
+ filename, linenum);
+ if ((fwd_port = a2port(arg)) == 0)
+ fatal("%.200s line %d: Bad listen port.",
+ filename, linenum);
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing second argument.",
- filename, linenum);
- if (sscanf(arg, "%255[^:]:%hu", buf, &fwd_host_port) != 2)
- fatal("%.200s line %d: Badly formatted host:port.",
- filename, linenum);
- if (*activep)
- add_local_forward(options, fwd_port, buf, fwd_host_port);
+ filename, linenum);
+ if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
+ sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
+ fatal("%.200s line %d: Bad forwarding specification.",
+ filename, linenum);
+ if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
+ fatal("%.200s line %d: Bad forwarding port.",
+ filename, linenum);
+ if (*activep) {
+ if (opcode == oLocalForward)
+ add_local_forward(options, fwd_port, buf,
+ fwd_host_port);
+ else if (opcode == oRemoteForward)
+ add_remote_forward(options, fwd_port, buf,
+ fwd_host_port);
+ }
break;
case oDynamicForward:
if (fwd_port == 0)
fatal("%.200s line %d: Badly formatted port number.",
filename, linenum);
- add_local_forward(options, fwd_port, "socks4", 0);
+ if (*activep)
+ add_local_forward(options, fwd_port, "socks4", 0);
break;
+ case oClearAllForwardings:
+ intptr = &options->clear_forwardings;
+ goto parse_flag;
+
case oHost:
*activep = 0;
while ((arg = strdelim(&s)) != NULL && *arg != '\0')
else if (strlen(arg) == 1)
value = (u_char) arg[0];
else if (strcmp(arg, "none") == 0)
- value = -2;
+ value = SSH_ESCAPECHAR_NONE;
else {
fatal("%.200s line %d: Bad escape character.",
filename, linenum);
/*
* Reads the config file and modifies the options accordingly. Options
* should already be initialized before this call. This never returns if
- * there is an error. If the file does not exist, this returns immediately.
+ * there is an error. If the file does not exist, this returns 0.
*/
-void
+int
read_config_file(const char *filename, const char *host, Options *options)
{
FILE *f;
/* Open the file. */
f = fopen(filename, "r");
if (!f)
- return;
+ return 0;
debug("Reading configuration data %.200s", filename);
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
+ return 1;
}
/*
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
-#ifdef KRB4
+#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
#endif
-#ifdef AFS
+#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = -1;
+#endif
+#ifdef AFS
options->afs_token_passing = -1;
#endif
options->password_authentication = -1;
options->user_hostfile2 = NULL;
options->num_local_forwards = 0;
options->num_remote_forwards = 0;
+ options->clear_forwardings = -1;
options->log_level = (LogLevel) - 1;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->smartcard_device = NULL;
}
/*
options->forward_agent = 0;
if (options->forward_x11 == -1)
options->forward_x11 = 0;
-#ifdef XAUTH_PATH
+#ifdef _PATH_XAUTH
if (options->xauth_location == NULL)
- options->xauth_location = XAUTH_PATH;
-#endif /* XAUTH_PATH */
+ options->xauth_location = _PATH_XAUTH;
+#endif
if (options->gateway_ports == -1)
options->gateway_ports = 0;
if (options->use_privileged_port == -1)
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
if (options->challenge_response_authentication == -1)
- options->challenge_response_authentication = 0;
-#ifdef KRB4
+ options->challenge_response_authentication = 1;
+#if defined(KRB4) || defined(KRB5)
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 1;
-#endif /* KRB4 */
-#ifdef AFS
+#endif
+#if defined(AFS) || defined(KRB5)
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 1;
+#endif
+#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = 1;
-#endif /* AFS */
+#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
if (options->port == -1)
options->port = 0; /* Filled in ssh_connect. */
if (options->connection_attempts == -1)
- options->connection_attempts = 4;
+ options->connection_attempts = 1;
if (options->number_of_password_prompts == -1)
options->number_of_password_prompts = 3;
/* Selected in ssh_login(). */
options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
if (options->log_level == (LogLevel) - 1)
options->log_level = SYSLOG_LEVEL_INFO;
+ if (options->clear_forwardings == 1)
+ clear_forwardings(options);
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */