X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/c8dfff332831bd68b431027070c66044b990898d..d0335861fab4e15901cab19f1c49cf15a4499897:/readconf.c

diff --git a/readconf.c b/readconf.c
index 4f790e24..40fe8f69 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.155 2006/07/12 22:28:52 stevesk Exp $ */
+/* $OpenBSD: readconf.c,v 1.181 2009/12/29 16:38:41 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -22,19 +22,24 @@
 
 #include <ctype.h>
 #include <errno.h>
-#if defined(HAVE_NETDB_H)
-# include <netdb.h>
-#endif
+#include <netdb.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
 
-#include "ssh.h"
 #include "xmalloc.h"
+#include "ssh.h"
 #include "compat.h"
 #include "cipher.h"
 #include "pathnames.h"
 #include "log.h"
+#include "key.h"
 #include "readconf.h"
 #include "match.h"
 #include "misc.h"
+#include "buffer.h"
 #include "kex.h"
 #include "mac.h"
 
@@ -125,7 +130,8 @@ typedef enum {
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-	oDeprecated, oUnsupported
+	oVisualHostKey, oUseRoaming, oRDomain,
+	oZeroKnowledgePasswordAuthentication, oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -166,7 +172,7 @@ static struct {
 	{ "fallbacktorsh", oDeprecated },
 	{ "usersh", oDeprecated },
 	{ "identityfile", oIdentityFile },
-	{ "identityfile2", oIdentityFile },			/* alias */
+	{ "identityfile2", oIdentityFile },			/* obsolete */
 	{ "identitiesonly", oIdentitiesOnly },
 	{ "hostname", oHostName },
 	{ "hostkeyalias", oHostKeyAlias },
@@ -182,8 +188,8 @@ static struct {
 	{ "host", oHost },
 	{ "escapechar", oEscapeChar },
 	{ "globalknownhostsfile", oGlobalKnownHostsFile },
-	{ "userknownhostsfile", oUserKnownHostsFile },		/* obsolete */
-	{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },
+	{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },	/* obsolete */
+	{ "userknownhostsfile", oUserKnownHostsFile },
 	{ "userknownhostsfile2", oUserKnownHostsFile2 },	/* obsolete */
 	{ "connectionattempts", oConnectionAttempts },
 	{ "batchmode", oBatchMode },
@@ -221,6 +227,16 @@ static struct {
 	{ "tunneldevice", oTunnelDevice },
 	{ "localcommand", oLocalCommand },
 	{ "permitlocalcommand", oPermitLocalCommand },
+	{ "visualhostkey", oVisualHostKey },
+	{ "useroaming", oUseRoaming },
+	{ "routingdomain", oRDomain },
+#ifdef JPAKE
+	{ "zeroknowledgepasswordauthentication",
+	    oZeroKnowledgePasswordAuthentication },
+#else
+	{ "zeroknowledgepasswordauthentication", oUnsupported },
+#endif
+
 	{ NULL, oBadOption }
 };
 
@@ -242,10 +258,9 @@ add_local_forward(Options *options, const Forward *newfwd)
 		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
 	fwd = &options->local_forwards[options->num_local_forwards++];
 
-	fwd->listen_host = (newfwd->listen_host == NULL) ?
-	    NULL : xstrdup(newfwd->listen_host);
+	fwd->listen_host = newfwd->listen_host;
 	fwd->listen_port = newfwd->listen_port;
-	fwd->connect_host = xstrdup(newfwd->connect_host);
+	fwd->connect_host = newfwd->connect_host;
 	fwd->connect_port = newfwd->connect_port;
 }
 
@@ -263,10 +278,9 @@ add_remote_forward(Options *options, const Forward *newfwd)
 		    SSH_MAX_FORWARDS_PER_DIRECTION);
 	fwd = &options->remote_forwards[options->num_remote_forwards++];
 
-	fwd->listen_host = (newfwd->listen_host == NULL) ?
-	    NULL : xstrdup(newfwd->listen_host);
+	fwd->listen_host = newfwd->listen_host;
 	fwd->listen_port = newfwd->listen_port;
-	fwd->connect_host = xstrdup(newfwd->connect_host);
+	fwd->connect_host = newfwd->connect_host;
 	fwd->connect_port = newfwd->connect_port;
 }
 
@@ -321,6 +335,7 @@ process_config_line(Options *options, const char *host,
 {
 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
 	int opcode, *intptr, value, value2, scale;
+	LogLevel *log_level_ptr;
 	long long orig, val64;
 	size_t len;
 	Forward fwd;
@@ -359,7 +374,7 @@ parse_time:
 		if ((value = convtime(arg)) == -1)
 			fatal("%s line %d: invalid time value.",
 			    filename, linenum);
-		if (*intptr == -1)
+		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
 
@@ -404,6 +419,10 @@ parse_flag:
 		intptr = &options->password_authentication;
 		goto parse_flag;
 
+	case oZeroKnowledgePasswordAuthentication:
+		intptr = &options->zero_knowledge_password_authentication;
+		goto parse_flag;
+
 	case oKbdInteractiveAuthentication:
 		intptr = &options->kbd_interactive_authentication;
 		goto parse_flag;
@@ -493,7 +512,6 @@ parse_yesnoask:
 		goto parse_int;
 
 	case oRekeyLimit:
-		intptr = &options->rekey_limit;
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
@@ -521,14 +539,14 @@ parse_yesnoask:
 		}
 		val64 *= scale;
 		/* detect integer wrap and too-large limits */
-		if ((val64 / scale) != orig || val64 > INT_MAX)
+		if ((val64 / scale) != orig || val64 > UINT_MAX)
 			fatal("%.200s line %d: RekeyLimit too large",
 			    filename, linenum);
 		if (val64 < 16)
 			fatal("%.200s line %d: RekeyLimit too small",
 			    filename, linenum);
-		if (*activep && *intptr == -1)
-			*intptr = (int)val64;
+		if (*activep && options->rekey_limit == -1)
+			options->rekey_limit = (u_int32_t)val64;
 		break;
 
 	case oIdentityFile:
@@ -540,7 +558,7 @@ parse_yesnoask:
 			if (*intptr >= SSH_MAX_IDENTITY_FILES)
 				fatal("%.200s line %d: Too many identity files specified (max %d).",
 				    filename, linenum, SSH_MAX_IDENTITY_FILES);
-			charptr =  &options->identity_files[*intptr];
+			charptr = &options->identity_files[*intptr];
 			*charptr = xstrdup(arg);
 			*intptr = *intptr + 1;
 		}
@@ -687,68 +705,52 @@ parse_int:
 		break;
 
 	case oLogLevel:
-		intptr = (int *) &options->log_level;
+		log_level_ptr = &options->log_level;
 		arg = strdelim(&s);
 		value = log_level_number(arg);
 		if (value == SYSLOG_LEVEL_NOT_SET)
 			fatal("%.200s line %d: unsupported log level '%s'",
 			    filename, linenum, arg ? arg : "<NONE>");
-		if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
-			*intptr = (LogLevel) value;
+		if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
+			*log_level_ptr = (LogLevel) value;
 		break;
 
 	case oLocalForward:
 	case oRemoteForward:
+	case oDynamicForward:
 		arg = strdelim(&s);
 		if (arg == NULL || *arg == '\0')
 			fatal("%.200s line %d: Missing port argument.",
 			    filename, linenum);
-		arg2 = strdelim(&s);
-		if (arg2 == NULL || *arg2 == '\0')
-			fatal("%.200s line %d: Missing target argument.",
-			    filename, linenum);
 
-		/* construct a string for parse_forward */
-		snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+		if (opcode == oLocalForward ||
+		    opcode == oRemoteForward) {
+			arg2 = strdelim(&s);
+			if (arg2 == NULL || *arg2 == '\0')
+				fatal("%.200s line %d: Missing target argument.",
+				    filename, linenum);
 
-		if (parse_forward(&fwd, fwdarg) == 0)
+			/* construct a string for parse_forward */
+			snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+		} else if (opcode == oDynamicForward) {
+			strlcpy(fwdarg, arg, sizeof(fwdarg));
+		}
+
+		if (parse_forward(&fwd, fwdarg,
+		    opcode == oDynamicForward ? 1 : 0,
+		    opcode == oRemoteForward ? 1 : 0) == 0)
 			fatal("%.200s line %d: Bad forwarding specification.",
 			    filename, linenum);
 
 		if (*activep) {
-			if (opcode == oLocalForward)
+			if (opcode == oLocalForward ||
+			    opcode == oDynamicForward)
 				add_local_forward(options, &fwd);
 			else if (opcode == oRemoteForward)
 				add_remote_forward(options, &fwd);
 		}
 		break;
 
-	case oDynamicForward:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing port argument.",
-			    filename, linenum);
-		memset(&fwd, '\0', sizeof(fwd));
-		fwd.connect_host = "socks";
-		fwd.listen_host = hpdelim(&arg);
-		if (fwd.listen_host == NULL ||
-		    strlen(fwd.listen_host) >= NI_MAXHOST)
-			fatal("%.200s line %d: Bad forwarding specification.",
-			    filename, linenum);
-		if (arg) {
-			fwd.listen_port = a2port(arg);
-			fwd.listen_host = cleanhostname(fwd.listen_host);
-		} else {
-			fwd.listen_port = a2port(fwd.listen_host);
-			fwd.listen_host = NULL;
-		}
-		if (fwd.listen_port == 0)
-			fatal("%.200s line %d: Badly formatted port number.",
-			    filename, linenum);
-		if (*activep)
-			add_local_forward(options, &fwd);
-		break;
-
 	case oClearAllForwardings:
 		intptr = &options->clear_forwardings;
 		goto parse_flag;
@@ -910,6 +912,27 @@ parse_int:
 		intptr = &options->permit_local_command;
 		goto parse_flag;
 
+	case oVisualHostKey:
+		intptr = &options->visual_host_key;
+		goto parse_flag;
+
+	case oUseRoaming:
+		intptr = &options->use_roaming;
+		goto parse_flag;
+
+	case oRDomain:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.",
+			    filename, linenum);
+		value = a2rdomain(arg);
+		if (value == -1)
+			fatal("%.200s line %d: Bad rdomain.",
+			    filename, linenum);
+		if (*activep)
+			options->rdomain = value;
+		break;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -948,7 +971,6 @@ read_config_file(const char *filename, const char *host, Options *options,
 	int active, linenum;
 	int bad_options = 0;
 
-	/* Open the file. */
 	if ((f = fopen(filename, "r")) == NULL)
 		return 0;
 
@@ -1060,6 +1082,10 @@ initialize_options(Options * options)
 	options->tun_remote = -1;
 	options->local_command = NULL;
 	options->permit_local_command = -1;
+	options->use_roaming = -1;
+	options->rdomain = -1;
+	options->visual_host_key = -1;
+	options->zero_knowledge_password_authentication = -1;
 }
 
 /*
@@ -1131,7 +1157,7 @@ fill_default_options(Options * options)
 	/* options->macs, default set in myproposals.h */
 	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
-		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
+		options->protocol = SSH_PROTO_2;
 	if (options->num_identity_files == 0) {
 		if (options->protocol & SSH_PROTO_1) {
 			len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
@@ -1194,22 +1220,32 @@ fill_default_options(Options * options)
 		options->tun_remote = SSH_TUNID_ANY;
 	if (options->permit_local_command == -1)
 		options->permit_local_command = 0;
+	if (options->use_roaming == -1)
+		options->use_roaming = 1;
+	if (options->visual_host_key == -1)
+		options->visual_host_key = 0;
+	if (options->zero_knowledge_password_authentication == -1)
+		options->zero_knowledge_password_authentication = 0;
 	/* options->local_command should not be set by default */
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
 	/* options->host_key_alias should not be set by default */
 	/* options->preferred_authentications will be set in ssh */
+	/* options->rdomain should not be set by default */
 }
 
 /*
  * parse_forward
  * parses a string containing a port forwarding specification of the form:
+ *   dynamicfwd == 0
  *	[listenhost:]listenport:connecthost:connectport
+ *   dynamicfwd == 1
+ *	[listenhost:]listenport
  * returns number of arguments parsed or zero on error
  */
 int
-parse_forward(Forward *fwd, const char *fwdspec)
+parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
 {
 	int i;
 	char *p, *cp, *fwdarg[4];
@@ -1219,18 +1255,30 @@ parse_forward(Forward *fwd, const char *fwdspec)
 	cp = p = xstrdup(fwdspec);
 
 	/* skip leading spaces */
-	while (*cp && isspace(*cp))
+	while (isspace(*cp))
 		cp++;
 
 	for (i = 0; i < 4; ++i)
 		if ((fwdarg[i] = hpdelim(&cp)) == NULL)
 			break;
 
-	/* Check for trailing garbage in 4-arg case*/
+	/* Check for trailing garbage */
 	if (cp != NULL)
 		i = 0;	/* failure */
 
 	switch (i) {
+	case 1:
+		fwd->listen_host = NULL;
+		fwd->listen_port = a2port(fwdarg[0]);
+		fwd->connect_host = xstrdup("socks");
+		break;
+
+	case 2:
+		fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
+		fwd->listen_port = a2port(fwdarg[1]);
+		fwd->connect_host = xstrdup("socks");
+		break;
+
 	case 3:
 		fwd->listen_host = NULL;
 		fwd->listen_port = a2port(fwdarg[0]);
@@ -1250,19 +1298,37 @@ parse_forward(Forward *fwd, const char *fwdspec)
 
 	xfree(p);
 
-	if (fwd->listen_port == 0 && fwd->connect_port == 0)
+	if (dynamicfwd) {
+		if (!(i == 1 || i == 2))
+			goto fail_free;
+	} else {
+		if (!(i == 3 || i == 4))
+			goto fail_free;
+		if (fwd->connect_port <= 0)
+			goto fail_free;
+	}
+
+	if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
 		goto fail_free;
 
 	if (fwd->connect_host != NULL &&
 	    strlen(fwd->connect_host) >= NI_MAXHOST)
 		goto fail_free;
+	if (fwd->listen_host != NULL &&
+	    strlen(fwd->listen_host) >= NI_MAXHOST)
+		goto fail_free;
+
 
 	return (i);
 
  fail_free:
-	if (fwd->connect_host != NULL)
+	if (fwd->connect_host != NULL) {
 		xfree(fwd->connect_host);
-	if (fwd->listen_host != NULL)
+		fwd->connect_host = NULL;
+	}
+	if (fwd->listen_host != NULL) {
 		xfree(fwd->listen_host);
+		fwd->listen_host = NULL;
+	}
 	return (0);
 }