X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/c8d54615d40279fd33e21e6b10a67cca57656cbb..fa649821f19dfa37f4d1aa355cd39047de65fd23:/readconf.c diff --git a/readconf.c b/readconf.c index 4dfeece7..cbcc927c 100644 --- a/readconf.c +++ b/readconf.c @@ -1,16 +1,16 @@ /* - * + * * readconf.c - * + * * Author: Tatu Ylonen - * + * * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * + * * Created: Sat Apr 22 00:03:10 1995 ylo - * + * * Functions for reading the configuration files. - * + * */ #include "includes.h" @@ -19,7 +19,9 @@ RCSID("$Id$"); #include "ssh.h" #include "cipher.h" #include "readconf.h" +#include "match.h" #include "xmalloc.h" +#include "compat.h" /* Format of the configuration file: @@ -90,7 +92,7 @@ typedef enum { oBadOption, oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, - oSkeyAuthentication, + oSkeyAuthentication, oXAuthLocation, #ifdef KRB4 oKerberosAuthentication, #endif /* KRB4 */ @@ -102,7 +104,8 @@ typedef enum { oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, - oUsePrivilegedPort, oLogLevel + oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2, + oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication } OpCodes; /* Textual representations of the tokens. */ @@ -113,11 +116,13 @@ static struct { } keywords[] = { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, + { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, { "rhostsauthentication", oRhostsAuthentication }, { "passwordauthentication", oPasswordAuthentication }, { "rsaauthentication", oRSAAuthentication }, + { "dsaauthentication", oDSAAuthentication }, { "skeyauthentication", oSkeyAuthentication }, #ifdef KRB4 { "kerberosauthentication", oKerberosAuthentication }, @@ -129,10 +134,13 @@ static struct { { "fallbacktorsh", oFallBackToRsh }, { "usersh", oUseRsh }, { "identityfile", oIdentityFile }, + { "identityfile2", oIdentityFile2 }, { "hostname", oHostName }, { "proxycommand", oProxyCommand }, { "port", oPort }, { "cipher", oCipher }, + { "ciphers", oCiphers }, + { "protocol", oProtocol }, { "remoteforward", oRemoteForward }, { "localforward", oLocalForward }, { "user", oUser }, @@ -141,6 +149,8 @@ static struct { { "rhostsrsaauthentication", oRhostsRSAAuthentication }, { "globalknownhostsfile", oGlobalKnownHostsFile }, { "userknownhostsfile", oUserKnownHostsFile }, + { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, + { "userknownhostsfile2", oUserKnownHostsFile2 }, { "connectionattempts", oConnectionAttempts }, { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, @@ -163,7 +173,7 @@ static struct { * error. */ -void +void add_local_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -184,7 +194,7 @@ add_local_forward(Options *options, u_short port, const char *host, * an error. */ -void +void add_remote_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -203,7 +213,7 @@ add_remote_forward(Options *options, u_short port, const char *host, * returns if the token is not known. */ -static OpCodes +static OpCodes parse_token(const char *cp, const char *filename, int linenum) { unsigned int i; @@ -282,6 +292,10 @@ parse_flag: intptr = &options->password_authentication; goto parse_flag; + case oDSAAuthentication: + intptr = &options->dsa_authentication; + goto parse_flag; + case oRSAAuthentication: intptr = &options->rsa_authentication; goto parse_flag; @@ -364,17 +378,29 @@ parse_flag: goto parse_int; case oIdentityFile: + case oIdentityFile2: cp = strtok(NULL, WHITESPACE); if (!cp) fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep) { - if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) + intptr = (opcode == oIdentityFile) ? + &options->num_identity_files : + &options->num_identity_files2; + if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", filename, linenum, SSH_MAX_IDENTITY_FILES); - options->identity_files[options->num_identity_files++] = xstrdup(cp); + charptr = (opcode == oIdentityFile) ? + &options->identity_files[*intptr] : + &options->identity_files2[*intptr]; + *charptr = xstrdup(cp); + *intptr = *intptr + 1; } break; + case oXAuthLocation: + charptr=&options->xauth_location; + goto parse_string; + case oUser: charptr = &options->user; parse_string: @@ -393,6 +419,14 @@ parse_string: charptr = &options->user_hostfile; goto parse_string; + case oGlobalKnownHostsFile2: + charptr = &options->system_hostfile2; + goto parse_string; + + case oUserKnownHostsFile2: + charptr = &options->user_hostfile2; + goto parse_string; + case oHostName: charptr = &options->hostname; goto parse_string; @@ -435,6 +469,8 @@ parse_int: case oCipher: intptr = &options->cipher; cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); value = cipher_number(cp); if (value == -1) fatal("%.200s line %d: Bad cipher '%s'.", @@ -443,6 +479,30 @@ parse_int: *intptr = value; break; + case oCiphers: + cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); + if (!ciphers_valid(cp)) + fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", + filename, linenum, cp ? cp : ""); + if (*activep && options->ciphers == NULL) + options->ciphers = xstrdup(cp); + break; + + case oProtocol: + intptr = &options->protocol; + cp = strtok(NULL, WHITESPACE); + if (!cp) + fatal("%.200s line %d: Missing argument.", filename, linenum); + value = proto_spec(cp); + if (value == SSH_PROTO_UNKNOWN) + fatal("%.200s line %d: Bad protocol spec '%s'.", + filename, linenum, cp ? cp : ""); + if (*activep && *intptr == SSH_PROTO_UNKNOWN) + *intptr = value; + break; + case oLogLevel: intptr = (int *) &options->log_level; cp = strtok(NULL, WHITESPACE); @@ -543,7 +603,7 @@ parse_int: * there is an error. If the file does not exist, this returns immediately. */ -void +void read_config_file(const char *filename, const char *host, Options *options) { FILE *f; @@ -583,16 +643,18 @@ read_config_file(const char *filename, const char *host, Options *options) * system config file. Last, fill_default_options is called. */ -void +void initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); options->forward_agent = -1; options->forward_x11 = -1; + options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; options->rhosts_authentication = -1; options->rsa_authentication = -1; + options->dsa_authentication = -1; options->skey_authentication = -1; #ifdef KRB4 options->kerberos_authentication = -1; @@ -615,13 +677,18 @@ initialize_options(Options * options) options->connection_attempts = -1; options->number_of_password_prompts = -1; options->cipher = -1; + options->ciphers = NULL; + options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_identity_files2 = 0; options->hostname = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; options->system_hostfile = NULL; options->user_hostfile = NULL; + options->system_hostfile2 = NULL; + options->user_hostfile2 = NULL; options->num_local_forwards = 0; options->num_remote_forwards = 0; options->log_level = (LogLevel) - 1; @@ -632,13 +699,17 @@ initialize_options(Options * options) * options for which no value has been specified with their default values. */ -void +void fill_default_options(Options * options) { if (options->forward_agent == -1) - options->forward_agent = 1; + options->forward_agent = 0; if (options->forward_x11 == -1) options->forward_x11 = 0; +#ifdef XAUTH_PATH + if (options->xauth_location == NULL) + options->xauth_location = XAUTH_PATH; +#endif /* XAUTH_PATH */ if (options->gateway_ports == -1) options->gateway_ports = 0; if (options->use_privileged_port == -1) @@ -647,6 +718,8 @@ fill_default_options(Options * options) options->rhosts_authentication = 1; if (options->rsa_authentication == -1) options->rsa_authentication = 1; + if (options->dsa_authentication == -1) + options->dsa_authentication = 1; if (options->skey_authentication == -1) options->skey_authentication = 0; #ifdef KRB4 @@ -688,18 +761,31 @@ fill_default_options(Options * options) /* Selected in ssh_login(). */ if (options->cipher == -1) options->cipher = SSH_CIPHER_NOT_SET; + /* options->ciphers, default set in myproposals.h */ + if (options->protocol == SSH_PROTO_UNKNOWN) + options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; if (options->num_identity_files == 0) { options->identity_files[0] = xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY); options->num_identity_files = 1; } + if (options->num_identity_files2 == 0) { + options->identity_files2[0] = + xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1); + sprintf(options->identity_files2[0], "~/%.100s", SSH_CLIENT_ID_DSA); + options->num_identity_files2 = 1; + } if (options->escape_char == -1) options->escape_char = '~'; if (options->system_hostfile == NULL) options->system_hostfile = SSH_SYSTEM_HOSTFILE; if (options->user_hostfile == NULL) options->user_hostfile = SSH_USER_HOSTFILE; + if (options->system_hostfile2 == NULL) + options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2; + if (options->user_hostfile2 == NULL) + options->user_hostfile2 = SSH_USER_HOSTFILE2; if (options->log_level == (LogLevel) - 1) options->log_level = SYSLOG_LEVEL_INFO; /* options->proxy_command should not be set by default */