X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/4feae93d1346dafa08d9b4ed50d990e6ee21d884..d0ec7f42738c32e0df121a4ce4f388b7376282ae:/readconf.c

diff --git a/readconf.c b/readconf.c
index 79c27ae1..4c5d4485 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -92,17 +92,9 @@ RCSID("$OpenBSD: readconf.c,v 1.98 2002/06/08 12:46:14 markus Exp $");
 typedef enum {
 	oBadOption,
 	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
-	oPasswordAuthentication, oRSAAuthentication, 
+	oPasswordAuthentication, oRSAAuthentication,
 	oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
-	oKerberosAuthentication,
-#endif
-#if defined(AFS) || defined(KRB5)
-	oKerberosTgtPassing,
-#endif
-#ifdef AFS
-	oAFSTokenPassing,
-#endif
+	oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
 	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
 	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -114,6 +106,7 @@ typedef enum {
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
 	oDeprecated
 } OpCodes;
 
@@ -140,15 +133,9 @@ static struct {
 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
 	{ "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
 	{ "afstokenpassing", oAFSTokenPassing },
-#endif
 	{ "fallbacktorsh", oDeprecated },
 	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
@@ -185,7 +172,10 @@ static struct {
 	{ "bindaddress", oBindAddress },
 	{ "smartcarddevice", oSmartcardDevice },
 	{ "clearallforwardings", oClearAllForwardings },
+	{ "enablesshkeysign", oEnableSSHKeysign },
+	{ "verifyhostkeydns", oVerifyHostKeyDNS },
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+	{ "rekeylimit", oRekeyLimit },
 	{ NULL, oBadOption }
 };
 
@@ -199,7 +189,7 @@ add_local_forward(Options *options, u_short port, const char *host,
 		  u_short host_port)
 {
 	Forward *fwd;
-#ifndef HAVE_CYGWIN
+#ifndef NO_IPPORT_RESERVED_CONCEPT
 	extern uid_t original_real_uid;
 	if (port < IPPORT_RESERVED && original_real_uid != 0)
 		fatal("Privileged ports can only be forwarded by root.");
@@ -266,17 +256,26 @@ parse_token(const char *cp, const char *filename, int linenum)
  * Processes a single option line as used in the configuration files. This
  * only sets those values that have not already been set.
  */
+#define WHITESPACE " \t\r\n"
 
 int
 process_config_line(Options *options, const char *host,
 		    char *line, const char *filename, int linenum,
 		    int *activep)
 {
-	char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
+	char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
 	int opcode, *intptr, value;
+	size_t len;
 	u_short fwd_port, fwd_host_port;
 	char sfwd_host_port[6];
 
+	/* Strip trailing whitespace */
+	for(len = strlen(line) - 1; len > 0; len--) {
+		if (strchr(WHITESPACE, line[len]) == NULL)
+			break;
+		line[len] = '\0';
+	}
+
 	s = line;
 	/* Get the keyword. (Each line is supposed to begin with a keyword). */
 	keyword = strdelim(&s);
@@ -357,21 +356,19 @@ parse_flag:
 	case oChallengeResponseAuthentication:
 		intptr = &options->challenge_response_authentication;
 		goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
+
 	case oKerberosAuthentication:
 		intptr = &options->kerberos_authentication;
 		goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
+
 	case oKerberosTgtPassing:
 		intptr = &options->kerberos_tgt_passing;
 		goto parse_flag;
-#endif
-#ifdef AFS
+
 	case oAFSTokenPassing:
 		intptr = &options->afs_token_passing;
 		goto parse_flag;
-#endif
+
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
@@ -380,6 +377,10 @@ parse_flag:
 		intptr = &options->check_host_ip;
 		goto parse_flag;
 
+	case oVerifyHostKeyDNS:
+		intptr = &options->verify_host_key_dns;
+		goto parse_flag;
+
 	case oStrictHostKeyChecking:
 		intptr = &options->strict_host_key_checking;
 		arg = strdelim(&s);
@@ -419,6 +420,31 @@ parse_flag:
 		intptr = &options->compression_level;
 		goto parse_int;
 
+	case oRekeyLimit:
+		intptr = &options->rekey_limit;
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (arg[0] < '0' || arg[0] > '9')
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+		value = strtol(arg, &endofnumber, 10);
+		if (arg == endofnumber)
+			fatal("%.200s line %d: Bad number.", filename, linenum);
+		switch (toupper(*endofnumber)) {
+		case 'K':
+			value *= 1<<10;
+			break;
+		case 'M':
+			value *= 1<<20;
+			break;
+		case 'G':
+			value *= 1<<30;
+			break;
+		}
+		if (*activep && *intptr == -1)
+			*intptr = value;
+		break;
+
 	case oIdentityFile:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
@@ -486,16 +512,9 @@ parse_string:
 
 	case oProxyCommand:
 		charptr = &options->proxy_command;
-		string = xstrdup("");
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-			string = xrealloc(string, strlen(string) + strlen(arg) + 2);
-			strcat(string, " ");
-			strcat(string, arg);
-		}
+		len = strspn(s, WHITESPACE "=");
 		if (*activep && *charptr == NULL)
-			*charptr = string;
-		else
-			xfree(string);
+			*charptr = xstrdup(s + len);
 		return 0;
 
 	case oPort:
@@ -669,6 +688,10 @@ parse_int:
 			*intptr = value;
 		break;
 
+	case oEnableSSHKeysign:
+		intptr = &options->enable_ssh_keysign;
+		goto parse_flag;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -747,15 +770,9 @@ initialize_options(Options * options)
 	options->rsa_authentication = -1;
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
 	options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
 	options->afs_token_passing = -1;
-#endif
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
@@ -792,7 +809,10 @@ initialize_options(Options * options)
 	options->preferred_authentications = NULL;
 	options->bind_address = NULL;
 	options->smartcard_device = NULL;
+	options->enable_ssh_keysign = - 1;
 	options->no_host_authentication_for_localhost = - 1;
+	options->rekey_limit = - 1;
+	options->verify_host_key_dns = -1;
 }
 
 /*
@@ -816,31 +836,25 @@ fill_default_options(Options * options)
 	if (options->use_privileged_port == -1)
 		options->use_privileged_port = 0;
 	if (options->rhosts_authentication == -1)
-		options->rhosts_authentication = 1;
+		options->rhosts_authentication = 0;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
 	if (options->challenge_response_authentication == -1)
 		options->challenge_response_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
 	if (options->kerberos_tgt_passing == -1)
 		options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
 	if (options->afs_token_passing == -1)
 		options->afs_token_passing = 1;
-#endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 1;
 	if (options->rhosts_rsa_authentication == -1)
-		options->rhosts_rsa_authentication = 1;
+		options->rhosts_rsa_authentication = 0;
 	if (options->hostbased_authentication == -1)
 		options->hostbased_authentication = 0;
 	if (options->batch_mode == -1)
@@ -907,6 +921,12 @@ fill_default_options(Options * options)
 		clear_forwardings(options);
 	if (options->no_host_authentication_for_localhost == - 1)
 		options->no_host_authentication_for_localhost = 0;
+	if (options->enable_ssh_keysign == -1)
+		options->enable_ssh_keysign = 0;
+	if (options->rekey_limit == -1)
+		options->rekey_limit = 0;
+	if (options->verify_host_key_dns == -1)
+		options->verify_host_key_dns = 0;
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */