- markus@cvs.openbsd.org 2001/04/03 23:32:12

[openssh.git] / readconf.c
diff --git a/readconf.c b/readconf.c

index f62905c293ae0b90c657a29e3a8afd8d7d20827a..365f67eb0068fcaeb42e27bbea2ac6d42ccc2505 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.70 2001/04/02 14:20:23 stevesk Exp $");
  
  #include "ssh.h"
  #include "xmalloc.h"
@@ -23,6 +23,8 @@ RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
  #include "readconf.h"
  #include "match.h"
  #include "misc.h"
+#include "kex.h"
+#include "mac.h"
  
  /* Format of the configuration file:
  
@@ -105,9 +107,10 @@ typedef enum {
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
         oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
-       oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
+       oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
-       oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
+       oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
+       oPreferredAuthentications
  } OpCodes;
  
  /* Textual representations of the tokens. */
@@ -148,6 +151,7 @@ static struct {
         { "port", oPort },
         { "cipher", oCipher },
         { "ciphers", oCiphers },
+       { "macs", oMacs },
         { "protocol", oProtocol },
         { "remoteforward", oRemoteForward },
         { "localforward", oLocalForward },
@@ -168,6 +172,7 @@ static struct {
         { "keepalive", oKeepAlives },
         { "numberofpasswordprompts", oNumberOfPasswordPrompts },
         { "loglevel", oLogLevel },
+       { "preferredauthentications", oPreferredAuthentications },
         { NULL, 0 }
  };
  
@@ -184,7 +189,7 @@ add_local_forward(Options *options, u_short port, const char *host,
  #ifndef HAVE_CYGWIN
         extern uid_t original_real_uid;
         if (port < IPPORT_RESERVED && original_real_uid != 0)
-               fatal("Privileged ports can only be forwarded by root.\n");
+               fatal("Privileged ports can only be forwarded by root.");
  #endif
         if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
                 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
@@ -214,8 +219,7 @@ add_remote_forward(Options *options, u_short port, const char *host,
  }
  
  /*
- * Returns the number of the token pointed to by cp of length len. Never
- * returns if the token is not known.
+ * Returns the number of the token pointed to by cp or oBadOption.
   */
  
  static OpCodes
@@ -443,6 +447,10 @@ parse_string:
                 charptr = &options->host_key_alias;
                 goto parse_string;
  
+       case oPreferredAuthentications:
+               charptr = &options->preferred_authentications;
+               goto parse_string;
+
         case oProxyCommand:
                 charptr = &options->proxy_command;
                 string = xstrdup("");
@@ -502,6 +510,17 @@ parse_int:
                         options->ciphers = xstrdup(arg);
                 break;
  
+       case oMacs:
+               arg = strdelim(&s);
+               if (!arg || *arg == '\0')
+                       fatal("%.200s line %d: Missing argument.", filename, linenum);
+               if (!mac_valid(arg))
+                       fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
+                             filename, linenum, arg ? arg : "<NONE>");
+               if (*activep && options->macs == NULL)
+                       options->macs = xstrdup(arg);
+               break;
+
         case oProtocol:
                 intptr = &options->protocol;
                 arg = strdelim(&s);
@@ -520,7 +539,7 @@ parse_int:
                 arg = strdelim(&s);
                 value = log_level_number(arg);
                 if (value == (LogLevel) - 1)
-                       fatal("%.200s line %d: unsupported log level '%s'\n",
+                       fatal("%.200s line %d: unsupported log level '%s'",
                               filename, linenum, arg ? arg : "<NONE>");
                 if (*activep && (LogLevel) * intptr == -1)
                         *intptr = (LogLevel) value;
@@ -645,7 +664,7 @@ read_config_file(const char *filename, const char *host, Options *options)
         }
         fclose(f);
         if (bad_options > 0)
-               fatal("%s: terminating, %d bad configuration options\n",
+               fatal("%s: terminating, %d bad configuration options",
                       filename, bad_options);
  }
  
@@ -693,6 +712,7 @@ initialize_options(Options * options)
         options->number_of_password_prompts = -1;
         options->cipher = -1;
         options->ciphers = NULL;
+       options->macs = NULL;
         options->protocol = SSH_PROTO_UNKNOWN;
         options->num_identity_files = 0;
         options->hostname = NULL;
@@ -707,6 +727,7 @@ initialize_options(Options * options)
         options->num_local_forwards = 0;
         options->num_remote_forwards = 0;
         options->log_level = (LogLevel) - 1;
+       options->preferred_authentications = NULL;
  }
  
  /*
@@ -730,7 +751,7 @@ fill_default_options(Options * options)
         if (options->gateway_ports == -1)
                 options->gateway_ports = 0;
         if (options->use_privileged_port == -1)
-               options->use_privileged_port = 1;
+               options->use_privileged_port = 0;
         if (options->rhosts_authentication == -1)
                 options->rhosts_authentication = 1;
         if (options->rsa_authentication == -1)
@@ -781,8 +802,9 @@ fill_default_options(Options * options)
         if (options->cipher == -1)
                 options->cipher = SSH_CIPHER_NOT_SET;
         /* options->ciphers, default set in myproposals.h */
+       /* options->macs, default set in myproposals.h */
         if (options->protocol == SSH_PROTO_UNKNOWN)
-               options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
+               options->protocol = SSH_PROTO_1|SSH_PROTO_2;
         if (options->num_identity_files == 0) {
                 if (options->protocol & SSH_PROTO_1) {
                         len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
@@ -792,6 +814,12 @@ fill_default_options(Options * options)
                             len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
                 }
                 if (options->protocol & SSH_PROTO_2) {
+                       len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
+                       options->identity_files[options->num_identity_files] =
+                           xmalloc(len);
+                       snprintf(options->identity_files[options->num_identity_files++],
+                           len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
+
                         len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
                         options->identity_files[options->num_identity_files] =
                             xmalloc(len);
@@ -815,4 +843,5 @@ fill_default_options(Options * options)
         /* options->user will be set in the main program if appropriate */
         /* options->hostname will be set in the main program if appropriate */
         /* options->host_key_alias should not be set by default */
+       /* options->preferred_authentications will be set in ssh */
  }