2018-10-05 16:26:09 +02:00
|
|
|
/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
|
1999-10-27 05:42:43 +02:00
|
|
|
/*
|
1999-11-24 14:26:21 +01:00
|
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
|
* All rights reserved
|
|
|
|
|
* Functions for reading the configuration files.
|
2000-04-16 03:18:38 +02:00
|
|
|
*
|
2000-09-16 04:29:08 +02:00
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
1999-11-24 14:26:21 +01:00
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
#include "includes.h"
|
2006-03-15 01:45:54 +01:00
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
2006-07-10 12:35:38 +02:00
|
|
|
#include <sys/socket.h>
|
2013-10-15 03:13:05 +02:00
|
|
|
#include <sys/wait.h>
|
2014-07-18 06:11:24 +02:00
|
|
|
#include <sys/un.h>
|
2006-07-10 12:35:38 +02:00
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
2010-11-20 05:19:38 +01:00
|
|
|
#include <netinet/in_systm.h>
|
|
|
|
|
#include <netinet/ip.h>
|
2014-01-31 04:18:51 +01:00
|
|
|
#include <arpa/inet.h>
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2006-03-15 01:53:45 +01:00
|
|
|
#include <ctype.h>
|
2006-07-12 14:22:46 +02:00
|
|
|
#include <errno.h>
|
2013-10-15 03:13:05 +02:00
|
|
|
#include <fcntl.h>
|
2015-01-16 07:40:12 +01:00
|
|
|
#include <limits.h>
|
2006-07-24 06:51:00 +02:00
|
|
|
#include <netdb.h>
|
2014-01-17 14:03:57 +01:00
|
|
|
#ifdef HAVE_PATHS_H
|
|
|
|
|
# include <paths.h>
|
|
|
|
|
#endif
|
2013-10-15 03:13:05 +02:00
|
|
|
#include <pwd.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <signal.h>
|
2006-09-01 07:38:36 +02:00
|
|
|
#include <stdarg.h>
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
#include <string.h>
|
2006-07-24 06:01:23 +02:00
|
|
|
#include <unistd.h>
|
file permission on ssh_config, authorized_keys, private keys, host keys, public keys. (#110)
1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,.
2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe
3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine.
4. add OpenSSHBinPath to path.
5. change indents in agentconfig.c
6. update test script to represent the changes
7. Add tests for:
* authorized_keys and ssh-keygen testing
* host keys file perm testing
* user private key file perm testing
* ssh-add test
* user ssh_config
2017-05-01 23:18:20 +02:00
|
|
|
#include <sshfileperm.h>
|
2016-04-15 02:30:19 +02:00
|
|
|
#ifdef USE_SYSTEM_GLOB
|
|
|
|
|
# include <glob.h>
|
|
|
|
|
#else
|
|
|
|
|
# include "openbsd-compat/glob.h"
|
|
|
|
|
#endif
|
2013-05-16 12:47:31 +02:00
|
|
|
#ifdef HAVE_UTIL_H
|
2013-05-16 12:33:10 +02:00
|
|
|
#include <util.h>
|
2013-05-16 12:47:31 +02:00
|
|
|
#endif
|
2014-10-09 00:20:25 +02:00
|
|
|
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
|
|
|
|
|
# include <vis.h>
|
|
|
|
|
#endif
|
2006-03-15 01:53:45 +01:00
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
#include "xmalloc.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "ssh.h"
|
2018-08-12 22:19:13 +02:00
|
|
|
#include "ssherr.h"
|
2000-04-12 12:17:38 +02:00
|
|
|
#include "compat.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "cipher.h"
|
|
|
|
|
#include "pathnames.h"
|
|
|
|
|
#include "log.h"
|
2015-01-15 10:40:00 +01:00
|
|
|
#include "sshkey.h"
|
2014-07-18 06:11:24 +02:00
|
|
|
#include "misc.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "readconf.h"
|
|
|
|
|
#include "match.h"
|
2001-02-15 04:01:59 +01:00
|
|
|
#include "kex.h"
|
|
|
|
|
#include "mac.h"
|
2013-10-15 03:13:05 +02:00
|
|
|
#include "uidswap.h"
|
2014-10-09 00:20:25 +02:00
|
|
|
#include "myproposal.h"
|
2014-12-21 23:27:55 +01:00
|
|
|
#include "digest.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
/* Format of the configuration file:
|
|
|
|
|
|
|
|
|
|
# Configuration data is parsed as follows:
|
|
|
|
|
# 1. command line options
|
|
|
|
|
# 2. user-specific file
|
|
|
|
|
# 3. system-wide file
|
|
|
|
|
# Any configuration value is only changed the first time it is set.
|
|
|
|
|
# Thus, host-specific definitions should be at the beginning of the
|
|
|
|
|
# configuration file, and defaults at the end.
|
|
|
|
|
|
|
|
|
|
# Host-specific declarations. These may override anything above. A single
|
|
|
|
|
# host may match multiple declarations; these are processed in the order
|
|
|
|
|
# that they are given in.
|
|
|
|
|
|
|
|
|
|
Host *.ngs.fi ngs.fi
|
2002-06-09 22:04:02 +02:00
|
|
|
User foo
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
Host fake.com
|
|
|
|
|
HostName another.host.name.real.org
|
|
|
|
|
User blaah
|
|
|
|
|
Port 34289
|
|
|
|
|
ForwardX11 no
|
|
|
|
|
ForwardAgent no
|
|
|
|
|
|
|
|
|
|
Host books.com
|
|
|
|
|
RemoteForward 9999 shadows.cs.hut.fi:9999
|
2017-01-30 01:38:50 +01:00
|
|
|
Ciphers 3des-cbc
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
Host fascist.blob.com
|
|
|
|
|
Port 23123
|
|
|
|
|
User tylonen
|
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
|
|
|
|
|
Host puukko.hut.fi
|
|
|
|
|
User t35124p
|
|
|
|
|
ProxyCommand ssh-proxy %h %p
|
|
|
|
|
|
|
|
|
|
Host *.fr
|
2002-06-09 22:04:02 +02:00
|
|
|
PublicKeyAuthentication no
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
|
Host *.su
|
2017-01-30 01:38:50 +01:00
|
|
|
Ciphers aes128-ctr
|
1999-10-27 05:42:43 +02:00
|
|
|
PasswordAuthentication no
|
|
|
|
|
|
2005-12-13 09:29:02 +01:00
|
|
|
Host vpn.fake.com
|
|
|
|
|
Tunnel yes
|
|
|
|
|
TunnelDevice 3
|
|
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
# Defaults for various options
|
|
|
|
|
Host *
|
|
|
|
|
ForwardAgent no
|
2000-11-13 12:57:25 +01:00
|
|
|
ForwardX11 no
|
1999-10-27 05:42:43 +02:00
|
|
|
PasswordAuthentication yes
|
|
|
|
|
RSAAuthentication yes
|
|
|
|
|
RhostsRSAAuthentication yes
|
|
|
|
|
StrictHostKeyChecking yes
|
2003-12-17 06:31:10 +01:00
|
|
|
TcpKeepAlive no
|
1999-10-27 05:42:43 +02:00
|
|
|
IdentityFile ~/.ssh/identity
|
|
|
|
|
Port 22
|
|
|
|
|
EscapeChar ~
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
2016-04-15 02:30:19 +02:00
|
|
|
static int read_config_file_depth(const char *filename, struct passwd *pw,
|
|
|
|
|
const char *host, const char *original_host, Options *options,
|
|
|
|
|
int flags, int *activep, int depth);
|
|
|
|
|
static int process_config_line_depth(Options *options, struct passwd *pw,
|
|
|
|
|
const char *host, const char *original_host, char *line,
|
|
|
|
|
const char *filename, int linenum, int *activep, int flags, int depth);
|
|
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
/* Keyword tokens. */
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
typedef enum {
|
|
|
|
|
oBadOption,
|
2016-04-15 02:30:19 +02:00
|
|
|
oHost, oMatch, oInclude,
|
2010-06-26 02:02:24 +02:00
|
|
|
oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
|
|
|
|
|
oGatewayPorts, oExitOnForwardFailure,
|
2002-06-21 02:41:51 +02:00
|
|
|
oPasswordAuthentication, oRSAAuthentication,
|
2001-01-23 04:12:10 +01:00
|
|
|
oChallengeResponseAuthentication, oXAuthLocation,
|
1999-11-24 14:26:21 +01:00
|
|
|
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
|
2016-05-04 14:21:53 +02:00
|
|
|
oCertificateFile, oAddKeysToAgent, oIdentityAgent,
|
2013-10-15 03:13:05 +02:00
|
|
|
oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
|
1999-11-24 14:26:21 +01:00
|
|
|
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
|
|
|
|
|
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
|
2003-12-17 06:31:10 +01:00
|
|
|
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
|
2017-05-01 01:11:45 +02:00
|
|
|
oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
|
2014-10-09 00:20:25 +02:00
|
|
|
oPubkeyAuthentication,
|
2001-03-11 02:49:19 +01:00
|
|
|
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
2001-04-17 20:11:36 +02:00
|
|
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
2018-02-23 03:34:33 +01:00
|
|
|
oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,
|
2002-06-09 22:04:02 +02:00
|
|
|
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
2003-05-16 03:39:04 +02:00
|
|
|
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
2003-08-26 03:49:55 +02:00
|
|
|
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
|
2004-03-08 13:12:36 +01:00
|
|
|
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
|
2018-06-09 05:01:12 +02:00
|
|
|
oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
|
2010-08-03 08:04:46 +02:00
|
|
|
oHashKnownHosts,
|
2017-05-30 20:58:37 +02:00
|
|
|
oTunnel, oTunnelDevice,
|
|
|
|
|
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
|
2016-01-14 17:17:39 +01:00
|
|
|
oVisualHostKey,
|
2013-08-20 18:44:24 +02:00
|
|
|
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
|
2013-10-17 02:48:13 +02:00
|
|
|
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
|
|
|
|
|
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
|
2014-12-04 03:24:32 +01:00
|
|
|
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
|
2015-01-30 12:43:14 +01:00
|
|
|
oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
|
2018-09-20 05:30:44 +02:00
|
|
|
oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
|
2017-05-01 01:11:45 +02:00
|
|
|
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
|
1999-10-27 05:42:43 +02:00
|
|
|
} OpCodes;
|
|
|
|
|
|
|
|
|
|
/* Textual representations of the tokens. */
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
static struct {
|
|
|
|
|
const char *name;
|
|
|
|
|
OpCodes opcode;
|
|
|
|
|
} keywords[] = {
|
2017-01-30 01:38:50 +01:00
|
|
|
/* Deprecated options */
|
2017-05-01 01:11:45 +02:00
|
|
|
{ "protocol", oIgnore }, /* NB. silently ignored */
|
2017-05-01 01:15:04 +02:00
|
|
|
{ "cipher", oDeprecated },
|
2017-01-30 01:38:50 +01:00
|
|
|
{ "fallbacktorsh", oDeprecated },
|
|
|
|
|
{ "globalknownhostsfile2", oDeprecated },
|
|
|
|
|
{ "rhostsauthentication", oDeprecated },
|
|
|
|
|
{ "userknownhostsfile2", oDeprecated },
|
|
|
|
|
{ "useroaming", oDeprecated },
|
|
|
|
|
{ "usersh", oDeprecated },
|
2018-07-19 12:28:47 +02:00
|
|
|
{ "useprivilegedport", oDeprecated },
|
2017-01-30 01:38:50 +01:00
|
|
|
|
|
|
|
|
/* Unsupported options */
|
|
|
|
|
{ "afstokenpassing", oUnsupported },
|
|
|
|
|
{ "kerberosauthentication", oUnsupported },
|
|
|
|
|
{ "kerberostgtpassing", oUnsupported },
|
|
|
|
|
|
|
|
|
|
/* Sometimes-unsupported options */
|
|
|
|
|
#if defined(GSSAPI)
|
|
|
|
|
{ "gssapiauthentication", oGssAuthentication },
|
|
|
|
|
{ "gssapidelegatecredentials", oGssDelegateCreds },
|
|
|
|
|
# else
|
|
|
|
|
{ "gssapiauthentication", oUnsupported },
|
|
|
|
|
{ "gssapidelegatecredentials", oUnsupported },
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef ENABLE_PKCS11
|
|
|
|
|
{ "smartcarddevice", oPKCS11Provider },
|
|
|
|
|
{ "pkcs11provider", oPKCS11Provider },
|
|
|
|
|
# else
|
|
|
|
|
{ "smartcarddevice", oUnsupported },
|
|
|
|
|
{ "pkcs11provider", oUnsupported },
|
|
|
|
|
#endif
|
|
|
|
|
{ "rsaauthentication", oUnsupported },
|
|
|
|
|
{ "rhostsrsaauthentication", oUnsupported },
|
|
|
|
|
{ "compressionlevel", oUnsupported },
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "forwardagent", oForwardAgent },
|
|
|
|
|
{ "forwardx11", oForwardX11 },
|
2003-10-15 07:54:32 +02:00
|
|
|
{ "forwardx11trusted", oForwardX11Trusted },
|
2010-06-26 02:02:24 +02:00
|
|
|
{ "forwardx11timeout", oForwardX11Timeout },
|
2006-07-12 14:17:10 +02:00
|
|
|
{ "exitonforwardfailure", oExitOnForwardFailure },
|
2000-06-07 11:55:44 +02:00
|
|
|
{ "xauthlocation", oXAuthLocation },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "gatewayports", oGatewayPorts },
|
|
|
|
|
{ "passwordauthentication", oPasswordAuthentication },
|
2000-10-14 07:23:11 +02:00
|
|
|
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
|
|
|
|
|
{ "kbdinteractivedevices", oKbdInteractiveDevices },
|
2000-11-13 12:57:25 +01:00
|
|
|
{ "pubkeyauthentication", oPubkeyAuthentication },
|
2001-01-23 04:12:10 +01:00
|
|
|
{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
|
2001-04-13 01:36:05 +02:00
|
|
|
{ "hostbasedauthentication", oHostbasedAuthentication },
|
2001-01-23 04:12:10 +01:00
|
|
|
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
|
2018-07-20 05:18:28 +02:00
|
|
|
{ "skeyauthentication", oUnsupported },
|
2001-01-23 04:12:10 +01:00
|
|
|
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "identityfile", oIdentityFile },
|
2009-01-28 06:27:31 +01:00
|
|
|
{ "identityfile2", oIdentityFile }, /* obsolete */
|
2004-03-08 13:12:36 +01:00
|
|
|
{ "identitiesonly", oIdentitiesOnly },
|
2015-09-24 08:15:11 +02:00
|
|
|
{ "certificatefile", oCertificateFile },
|
2015-11-15 23:26:49 +01:00
|
|
|
{ "addkeystoagent", oAddKeysToAgent },
|
2016-05-04 14:21:53 +02:00
|
|
|
{ "identityagent", oIdentityAgent },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "hostname", oHostName },
|
2000-12-28 17:40:05 +01:00
|
|
|
{ "hostkeyalias", oHostKeyAlias },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "proxycommand", oProxyCommand },
|
|
|
|
|
{ "port", oPort },
|
2000-04-12 12:17:38 +02:00
|
|
|
{ "ciphers", oCiphers },
|
2001-02-15 04:01:59 +01:00
|
|
|
{ "macs", oMacs },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "remoteforward", oRemoteForward },
|
|
|
|
|
{ "localforward", oLocalForward },
|
|
|
|
|
{ "user", oUser },
|
|
|
|
|
{ "host", oHost },
|
2013-10-15 03:13:05 +02:00
|
|
|
{ "match", oMatch },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "escapechar", oEscapeChar },
|
|
|
|
|
{ "globalknownhostsfile", oGlobalKnownHostsFile },
|
2009-01-28 06:27:31 +01:00
|
|
|
{ "userknownhostsfile", oUserKnownHostsFile },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "connectionattempts", oConnectionAttempts },
|
|
|
|
|
{ "batchmode", oBatchMode },
|
|
|
|
|
{ "checkhostip", oCheckHostIP },
|
|
|
|
|
{ "stricthostkeychecking", oStrictHostKeyChecking },
|
|
|
|
|
{ "compression", oCompression },
|
2003-12-17 06:31:10 +01:00
|
|
|
{ "tcpkeepalive", oTCPKeepAlive },
|
|
|
|
|
{ "keepalive", oTCPKeepAlive }, /* obsolete */
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
|
2017-04-28 05:20:27 +02:00
|
|
|
{ "syslogfacility", oLogFacility },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "loglevel", oLogLevel },
|
2001-04-08 20:30:26 +02:00
|
|
|
{ "dynamicforward", oDynamicForward },
|
2001-03-11 02:49:19 +01:00
|
|
|
{ "preferredauthentications", oPreferredAuthentications },
|
2001-04-17 20:11:36 +02:00
|
|
|
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
2018-09-20 05:30:44 +02:00
|
|
|
{ "casignaturealgorithms", oCASignatureAlgorithms },
|
2001-04-30 15:06:24 +02:00
|
|
|
{ "bindaddress", oBindAddress },
|
2018-02-23 03:34:33 +01:00
|
|
|
{ "bindinterface", oBindInterface },
|
2001-12-21 04:45:46 +01:00
|
|
|
{ "clearallforwardings", oClearAllForwardings },
|
2002-11-09 16:52:31 +01:00
|
|
|
{ "enablesshkeysign", oEnableSSHKeysign },
|
2003-05-15 02:19:46 +02:00
|
|
|
{ "verifyhostkeydns", oVerifyHostKeyDNS },
|
2001-12-21 04:45:46 +01:00
|
|
|
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
2003-04-09 12:50:06 +02:00
|
|
|
{ "rekeylimit", oRekeyLimit },
|
2003-05-16 03:39:04 +02:00
|
|
|
{ "connecttimeout", oConnectTimeout },
|
2003-05-18 12:50:30 +02:00
|
|
|
{ "addressfamily", oAddressFamily },
|
2003-12-17 06:33:10 +01:00
|
|
|
{ "serveraliveinterval", oServerAliveInterval },
|
|
|
|
|
{ "serveralivecountmax", oServerAliveCountMax },
|
2004-05-02 14:11:30 +02:00
|
|
|
{ "sendenv", oSendEnv },
|
2018-06-09 05:01:12 +02:00
|
|
|
{ "setenv", oSetEnv },
|
2004-06-15 02:34:08 +02:00
|
|
|
{ "controlpath", oControlPath },
|
|
|
|
|
{ "controlmaster", oControlMaster },
|
2010-08-03 08:04:46 +02:00
|
|
|
{ "controlpersist", oControlPersist },
|
2005-03-01 11:47:37 +01:00
|
|
|
{ "hashknownhosts", oHashKnownHosts },
|
2016-04-15 02:30:19 +02:00
|
|
|
{ "include", oInclude },
|
2005-12-13 09:29:02 +01:00
|
|
|
{ "tunnel", oTunnel },
|
|
|
|
|
{ "tunneldevice", oTunnelDevice },
|
|
|
|
|
{ "localcommand", oLocalCommand },
|
|
|
|
|
{ "permitlocalcommand", oPermitLocalCommand },
|
2017-05-30 20:58:37 +02:00
|
|
|
{ "remotecommand", oRemoteCommand },
|
2008-06-29 16:04:03 +02:00
|
|
|
{ "visualhostkey", oVisualHostKey },
|
2010-09-24 14:11:14 +02:00
|
|
|
{ "kexalgorithms", oKexAlgorithms },
|
2010-11-20 05:19:38 +01:00
|
|
|
{ "ipqos", oIPQoS },
|
2011-05-15 00:45:50 +02:00
|
|
|
{ "requesttty", oRequestTTY },
|
2013-08-20 18:44:24 +02:00
|
|
|
{ "proxyusefdpass", oProxyUseFdpass },
|
2013-10-17 02:47:23 +02:00
|
|
|
{ "canonicaldomains", oCanonicalDomains },
|
2013-10-17 02:48:13 +02:00
|
|
|
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
|
|
|
|
|
{ "canonicalizehostname", oCanonicalizeHostname },
|
|
|
|
|
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
|
|
|
|
|
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
|
2014-07-18 06:11:24 +02:00
|
|
|
{ "streamlocalbindmask", oStreamLocalBindMask },
|
|
|
|
|
{ "streamlocalbindunlink", oStreamLocalBindUnlink },
|
2014-12-04 03:24:32 +01:00
|
|
|
{ "revokedhostkeys", oRevokedHostKeys },
|
2014-12-21 23:27:55 +01:00
|
|
|
{ "fingerprinthash", oFingerprintHash },
|
2015-01-26 04:04:45 +01:00
|
|
|
{ "updatehostkeys", oUpdateHostkeys },
|
2015-01-30 12:43:14 +01:00
|
|
|
{ "hostbasedkeytypes", oHostbasedKeyTypes },
|
2015-07-10 08:21:53 +02:00
|
|
|
{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
|
2013-05-16 12:30:03 +02:00
|
|
|
{ "ignoreunknown", oIgnoreUnknown },
|
2016-07-15 02:24:30 +02:00
|
|
|
{ "proxyjump", oProxyJump },
|
2008-11-05 06:20:46 +01:00
|
|
|
|
2001-12-06 17:32:47 +01:00
|
|
|
{ NULL, oBadOption }
|
1999-11-11 07:57:39 +01:00
|
|
|
};
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Adds a local TCP/IP port forward to options. Never returns if there is an
|
|
|
|
|
* error.
|
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2014-07-18 06:11:24 +02:00
|
|
|
add_local_forward(Options *options, const struct Forward *newfwd)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2014-07-18 06:11:24 +02:00
|
|
|
struct Forward *fwd;
|
2016-04-08 13:14:13 +02:00
|
|
|
int i;
|
2016-04-06 08:42:17 +02:00
|
|
|
|
|
|
|
|
/* Don't add duplicates */
|
|
|
|
|
for (i = 0; i < options->num_local_forwards; i++) {
|
|
|
|
|
if (forward_equals(newfwd, options->local_forwards + i))
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-04-24 03:36:00 +02:00
|
|
|
options->local_forwards = xreallocarray(options->local_forwards,
|
2010-06-26 01:50:30 +02:00
|
|
|
options->num_local_forwards + 1,
|
|
|
|
|
sizeof(*options->local_forwards));
|
1999-11-24 14:26:21 +01:00
|
|
|
fwd = &options->local_forwards[options->num_local_forwards++];
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2008-11-05 06:30:06 +01:00
|
|
|
fwd->listen_host = newfwd->listen_host;
|
2005-03-01 11:24:33 +01:00
|
|
|
fwd->listen_port = newfwd->listen_port;
|
2014-07-18 06:11:24 +02:00
|
|
|
fwd->listen_path = newfwd->listen_path;
|
2008-11-05 06:30:06 +01:00
|
|
|
fwd->connect_host = newfwd->connect_host;
|
2005-03-01 11:24:33 +01:00
|
|
|
fwd->connect_port = newfwd->connect_port;
|
2014-07-18 06:11:24 +02:00
|
|
|
fwd->connect_path = newfwd->connect_path;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Adds a remote TCP/IP port forward to options. Never returns if there is
|
|
|
|
|
* an error.
|
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2014-07-18 06:11:24 +02:00
|
|
|
add_remote_forward(Options *options, const struct Forward *newfwd)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2014-07-18 06:11:24 +02:00
|
|
|
struct Forward *fwd;
|
2016-04-06 08:42:17 +02:00
|
|
|
int i;
|
2010-06-26 01:50:30 +02:00
|
|
|
|
2016-04-06 08:42:17 +02:00
|
|
|
/* Don't add duplicates */
|
|
|
|
|
for (i = 0; i < options->num_remote_forwards; i++) {
|
|
|
|
|
if (forward_equals(newfwd, options->remote_forwards + i))
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-04-24 03:36:00 +02:00
|
|
|
options->remote_forwards = xreallocarray(options->remote_forwards,
|
2010-06-26 01:50:30 +02:00
|
|
|
options->num_remote_forwards + 1,
|
|
|
|
|
sizeof(*options->remote_forwards));
|
1999-11-24 14:26:21 +01:00
|
|
|
fwd = &options->remote_forwards[options->num_remote_forwards++];
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2008-11-05 06:30:06 +01:00
|
|
|
fwd->listen_host = newfwd->listen_host;
|
2005-03-01 11:24:33 +01:00
|
|
|
fwd->listen_port = newfwd->listen_port;
|
2014-07-18 06:11:24 +02:00
|
|
|
fwd->listen_path = newfwd->listen_path;
|
2008-11-05 06:30:06 +01:00
|
|
|
fwd->connect_host = newfwd->connect_host;
|
2005-03-01 11:24:33 +01:00
|
|
|
fwd->connect_port = newfwd->connect_port;
|
2014-07-18 06:11:24 +02:00
|
|
|
fwd->connect_path = newfwd->connect_path;
|
2011-10-02 09:59:03 +02:00
|
|
|
fwd->handle = newfwd->handle;
|
2010-05-21 06:57:35 +02:00
|
|
|
fwd->allocated_port = 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2001-09-20 02:57:55 +02:00
|
|
|
static void
|
|
|
|
|
clear_forwardings(Options *options)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
for (i = 0; i < options->num_local_forwards; i++) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->local_forwards[i].listen_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(options->local_forwards[i].listen_path);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->local_forwards[i].connect_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(options->local_forwards[i].connect_path);
|
2005-03-01 11:24:33 +01:00
|
|
|
}
|
2010-06-26 01:50:30 +02:00
|
|
|
if (options->num_local_forwards > 0) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->local_forwards);
|
2010-06-26 01:50:30 +02:00
|
|
|
options->local_forwards = NULL;
|
|
|
|
|
}
|
2001-09-20 02:57:55 +02:00
|
|
|
options->num_local_forwards = 0;
|
2005-03-01 11:24:33 +01:00
|
|
|
for (i = 0; i < options->num_remote_forwards; i++) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->remote_forwards[i].listen_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(options->remote_forwards[i].listen_path);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->remote_forwards[i].connect_host);
|
2014-07-18 06:11:24 +02:00
|
|
|
free(options->remote_forwards[i].connect_path);
|
2005-03-01 11:24:33 +01:00
|
|
|
}
|
2010-06-26 01:50:30 +02:00
|
|
|
if (options->num_remote_forwards > 0) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(options->remote_forwards);
|
2010-06-26 01:50:30 +02:00
|
|
|
options->remote_forwards = NULL;
|
|
|
|
|
}
|
2001-09-20 02:57:55 +02:00
|
|
|
options->num_remote_forwards = 0;
|
2005-12-13 09:33:19 +01:00
|
|
|
options->tun_open = SSH_TUNMODE_NO;
|
2001-09-20 02:57:55 +02:00
|
|
|
}
|
|
|
|
|
|
2015-09-24 08:15:11 +02:00
|
|
|
void
|
|
|
|
|
add_certificate_file(Options *options, const char *path, int userprovided)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES)
|
|
|
|
|
fatal("Too many certificate files specified (max %d)",
|
|
|
|
|
SSH_MAX_CERTIFICATE_FILES);
|
|
|
|
|
|
|
|
|
|
/* Avoid registering duplicates */
|
|
|
|
|
for (i = 0; i < options->num_certificate_files; i++) {
|
|
|
|
|
if (options->certificate_file_userprovided[i] == userprovided &&
|
|
|
|
|
strcmp(options->certificate_files[i], path) == 0) {
|
|
|
|
|
debug2("%s: ignoring duplicate key %s", __func__, path);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options->certificate_file_userprovided[options->num_certificate_files] =
|
|
|
|
|
userprovided;
|
|
|
|
|
options->certificate_files[options->num_certificate_files++] =
|
|
|
|
|
xstrdup(path);
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-05 02:13:08 +02:00
|
|
|
void
|
|
|
|
|
add_identity_file(Options *options, const char *dir, const char *filename,
|
|
|
|
|
int userprovided)
|
|
|
|
|
{
|
|
|
|
|
char *path;
|
2014-05-15 05:47:56 +02:00
|
|
|
int i;
|
2013-04-05 02:13:08 +02:00
|
|
|
|
|
|
|
|
if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
|
|
|
|
|
fatal("Too many identity files specified (max %d)",
|
|
|
|
|
SSH_MAX_IDENTITY_FILES);
|
|
|
|
|
|
|
|
|
|
if (dir == NULL) /* no dir, filename is absolute */
|
|
|
|
|
path = xstrdup(filename);
|
2017-05-20 04:35:47 +02:00
|
|
|
else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX)
|
|
|
|
|
fatal("Identity file path %s too long", path);
|
2013-04-05 02:13:08 +02:00
|
|
|
|
2014-05-15 05:47:56 +02:00
|
|
|
/* Avoid registering duplicates */
|
|
|
|
|
for (i = 0; i < options->num_identity_files; i++) {
|
|
|
|
|
if (options->identity_file_userprovided[i] == userprovided &&
|
|
|
|
|
strcmp(options->identity_files[i], path) == 0) {
|
|
|
|
|
debug2("%s: ignoring duplicate key %s", __func__, path);
|
|
|
|
|
free(path);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-05 02:13:08 +02:00
|
|
|
options->identity_file_userprovided[options->num_identity_files] =
|
|
|
|
|
userprovided;
|
|
|
|
|
options->identity_files[options->num_identity_files++] = path;
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
int
|
|
|
|
|
default_ssh_port(void)
|
|
|
|
|
{
|
|
|
|
|
static int port;
|
|
|
|
|
struct servent *sp;
|
|
|
|
|
|
|
|
|
|
if (port == 0) {
|
|
|
|
|
sp = getservbyname(SSH_SERVICE_NAME, "tcp");
|
|
|
|
|
port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
|
|
|
|
|
}
|
|
|
|
|
return port;
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
2013-10-15 03:13:05 +02:00
|
|
|
* Execute a command in a shell.
|
|
|
|
|
* Return its exit status or -1 on abnormal exit.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2013-10-15 03:13:05 +02:00
|
|
|
static int
|
|
|
|
|
execute_in_shell(const char *cmd)
|
|
|
|
|
{
|
2018-10-04 23:16:02 +02:00
|
|
|
char *shell;
|
2013-10-15 03:13:05 +02:00
|
|
|
pid_t pid;
|
|
|
|
|
int devnull, status;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2018-10-30 22:54:13 +01:00
|
|
|
#ifdef WINDOWS
|
|
|
|
|
return system(cmd);
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
if ((shell = getenv("SHELL")) == NULL)
|
|
|
|
|
shell = _PATH_BSHELL;
|
|
|
|
|
|
|
|
|
|
/* Need this to redirect subprocess stdin/out */
|
|
|
|
|
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
|
|
|
|
|
fatal("open(/dev/null): %s", strerror(errno));
|
|
|
|
|
|
|
|
|
|
debug("Executing command: '%.500s'", cmd);
|
|
|
|
|
|
|
|
|
|
/* Fork and execute the command. */
|
|
|
|
|
if ((pid = fork()) == 0) {
|
2015-10-27 09:54:52 +01:00
|
|
|
char *argv[4];
|
2013-10-15 03:13:05 +02:00
|
|
|
|
|
|
|
|
/* Redirect child stdin and stdout. Leave stderr */
|
|
|
|
|
if (dup2(devnull, STDIN_FILENO) == -1)
|
|
|
|
|
fatal("dup2: %s", strerror(errno));
|
|
|
|
|
if (dup2(devnull, STDOUT_FILENO) == -1)
|
|
|
|
|
fatal("dup2: %s", strerror(errno));
|
|
|
|
|
if (devnull > STDERR_FILENO)
|
|
|
|
|
close(devnull);
|
|
|
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
|
|
2015-10-27 09:54:52 +01:00
|
|
|
argv[0] = shell;
|
|
|
|
|
argv[1] = "-c";
|
|
|
|
|
argv[2] = xstrdup(cmd);
|
|
|
|
|
argv[3] = NULL;
|
|
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
execv(argv[0], argv);
|
|
|
|
|
error("Unable to execute '%.100s': %s", cmd, strerror(errno));
|
|
|
|
|
/* Die with signal to make this error apparent to parent. */
|
|
|
|
|
signal(SIGTERM, SIG_DFL);
|
|
|
|
|
kill(getpid(), SIGTERM);
|
|
|
|
|
_exit(1);
|
|
|
|
|
}
|
|
|
|
|
/* Parent. */
|
|
|
|
|
if (pid < 0)
|
|
|
|
|
fatal("%s: fork: %.100s", __func__, strerror(errno));
|
|
|
|
|
|
|
|
|
|
close(devnull);
|
|
|
|
|
|
|
|
|
|
while (waitpid(pid, &status, 0) == -1) {
|
|
|
|
|
if (errno != EINTR && errno != EAGAIN)
|
|
|
|
|
fatal("%s: waitpid: %s", __func__, strerror(errno));
|
|
|
|
|
}
|
|
|
|
|
if (!WIFEXITED(status)) {
|
|
|
|
|
error("command '%.100s' exited abnormally", cmd);
|
|
|
|
|
return -1;
|
2014-10-09 00:20:25 +02:00
|
|
|
}
|
2013-10-15 03:13:05 +02:00
|
|
|
debug3("command returned status %d", WEXITSTATUS(status));
|
|
|
|
|
return WEXITSTATUS(status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parse and execute a Match directive.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
match_cfg_line(Options *options, char **condition, struct passwd *pw,
|
2014-10-09 00:20:25 +02:00
|
|
|
const char *host_arg, const char *original_host, int post_canon,
|
|
|
|
|
const char *filename, int linenum)
|
2013-10-15 03:13:05 +02:00
|
|
|
{
|
2014-10-09 00:20:25 +02:00
|
|
|
char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
|
2013-10-23 07:30:51 +02:00
|
|
|
const char *ruser;
|
2014-10-09 00:20:25 +02:00
|
|
|
int r, port, this_result, result = 1, attributes = 0, negate;
|
2013-10-15 03:13:05 +02:00
|
|
|
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
|
2018-06-01 05:33:53 +02:00
|
|
|
char uidstr[32];
|
2013-10-15 03:13:05 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Configuration is likely to be incomplete at this point so we
|
|
|
|
|
* must be prepared to use default values.
|
|
|
|
|
*/
|
|
|
|
|
port = options->port <= 0 ? default_ssh_port() : options->port;
|
|
|
|
|
ruser = options->user == NULL ? pw->pw_name : options->user;
|
2016-02-09 00:40:12 +01:00
|
|
|
if (post_canon) {
|
|
|
|
|
host = xstrdup(options->hostname);
|
|
|
|
|
} else if (options->hostname != NULL) {
|
2013-10-23 07:31:10 +02:00
|
|
|
/* NB. Please keep in sync with ssh.c:main() */
|
2013-10-23 07:30:51 +02:00
|
|
|
host = percent_expand(options->hostname,
|
|
|
|
|
"h", host_arg, (char *)NULL);
|
2016-02-09 00:40:12 +01:00
|
|
|
} else {
|
2013-10-23 07:30:51 +02:00
|
|
|
host = xstrdup(host_arg);
|
2016-02-09 00:40:12 +01:00
|
|
|
}
|
2013-10-15 03:13:05 +02:00
|
|
|
|
2014-10-09 00:20:25 +02:00
|
|
|
debug2("checking match for '%s' host %s originally %s",
|
|
|
|
|
cp, host, original_host);
|
|
|
|
|
while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') {
|
|
|
|
|
criteria = NULL;
|
|
|
|
|
this_result = 1;
|
|
|
|
|
if ((negate = attrib[0] == '!'))
|
|
|
|
|
attrib++;
|
|
|
|
|
/* criteria "all" and "canonical" have no argument */
|
2013-10-24 12:02:56 +02:00
|
|
|
if (strcasecmp(attrib, "all") == 0) {
|
2014-10-09 00:20:25 +02:00
|
|
|
if (attributes > 1 ||
|
2013-10-24 12:02:56 +02:00
|
|
|
((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
|
2014-10-09 00:20:25 +02:00
|
|
|
error("%.200s line %d: '%s' cannot be combined "
|
|
|
|
|
"with other Match attributes",
|
|
|
|
|
filename, linenum, oattrib);
|
2013-10-24 12:02:56 +02:00
|
|
|
result = -1;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
if (result)
|
|
|
|
|
result = negate ? 0 : 1;
|
2013-10-24 12:02:56 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
attributes++;
|
|
|
|
|
if (strcasecmp(attrib, "canonical") == 0) {
|
|
|
|
|
r = !!post_canon; /* force bitmask member to boolean */
|
|
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
|
|
|
|
debug3("%.200s line %d: %smatched '%s'",
|
|
|
|
|
filename, linenum,
|
|
|
|
|
this_result ? "" : "not ", oattrib);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* All other criteria require an argument */
|
2013-10-15 03:13:05 +02:00
|
|
|
if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
|
|
|
|
|
error("Missing Match criteria for %s", attrib);
|
2013-10-23 07:30:51 +02:00
|
|
|
result = -1;
|
|
|
|
|
goto out;
|
2013-10-15 03:13:05 +02:00
|
|
|
}
|
|
|
|
|
if (strcasecmp(attrib, "host") == 0) {
|
2014-10-09 00:20:25 +02:00
|
|
|
criteria = xstrdup(host);
|
2015-05-04 08:10:48 +02:00
|
|
|
r = match_hostname(host, arg) == 1;
|
2014-10-09 00:20:25 +02:00
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
2013-10-15 03:13:05 +02:00
|
|
|
} else if (strcasecmp(attrib, "originalhost") == 0) {
|
2014-10-09 00:20:25 +02:00
|
|
|
criteria = xstrdup(original_host);
|
2015-05-04 08:10:48 +02:00
|
|
|
r = match_hostname(original_host, arg) == 1;
|
2014-10-09 00:20:25 +02:00
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
2013-10-15 03:13:05 +02:00
|
|
|
} else if (strcasecmp(attrib, "user") == 0) {
|
2014-10-09 00:20:25 +02:00
|
|
|
criteria = xstrdup(ruser);
|
2015-05-04 08:10:48 +02:00
|
|
|
r = match_pattern_list(ruser, arg, 0) == 1;
|
2014-10-09 00:20:25 +02:00
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
2013-10-15 03:13:05 +02:00
|
|
|
} else if (strcasecmp(attrib, "localuser") == 0) {
|
2014-10-09 00:20:25 +02:00
|
|
|
criteria = xstrdup(pw->pw_name);
|
2015-05-04 08:10:48 +02:00
|
|
|
r = match_pattern_list(pw->pw_name, arg, 0) == 1;
|
2014-10-09 00:20:25 +02:00
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
2013-10-23 07:29:40 +02:00
|
|
|
} else if (strcasecmp(attrib, "exec") == 0) {
|
2013-10-15 03:13:05 +02:00
|
|
|
if (gethostname(thishost, sizeof(thishost)) == -1)
|
|
|
|
|
fatal("gethostname: %s", strerror(errno));
|
|
|
|
|
strlcpy(shorthost, thishost, sizeof(shorthost));
|
|
|
|
|
shorthost[strcspn(thishost, ".")] = '\0';
|
|
|
|
|
snprintf(portstr, sizeof(portstr), "%d", port);
|
2018-06-01 05:33:53 +02:00
|
|
|
snprintf(uidstr, sizeof(uidstr), "%llu",
|
|
|
|
|
(unsigned long long)pw->pw_uid);
|
2013-10-15 03:13:05 +02:00
|
|
|
|
|
|
|
|
cmd = percent_expand(arg,
|
|
|
|
|
"L", shorthost,
|
|
|
|
|
"d", pw->pw_dir,
|
|
|
|
|
"h", host,
|
|
|
|
|
"l", thishost,
|
2014-10-09 00:20:25 +02:00
|
|
|
"n", original_host,
|
2013-10-15 03:13:05 +02:00
|
|
|
"p", portstr,
|
|
|
|
|
"r", ruser,
|
|
|
|
|
"u", pw->pw_name,
|
2018-06-01 05:33:53 +02:00
|
|
|
"i", uidstr,
|
2013-10-15 03:13:05 +02:00
|
|
|
(char *)NULL);
|
2014-02-24 05:56:45 +01:00
|
|
|
if (result != 1) {
|
|
|
|
|
/* skip execution if prior predicate failed */
|
2014-10-09 00:20:25 +02:00
|
|
|
debug3("%.200s line %d: skipped exec "
|
|
|
|
|
"\"%.100s\"", filename, linenum, cmd);
|
|
|
|
|
free(cmd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
r = execute_in_shell(cmd);
|
|
|
|
|
if (r == -1) {
|
|
|
|
|
fatal("%.200s line %d: match exec "
|
|
|
|
|
"'%.100s' error", filename,
|
|
|
|
|
linenum, cmd);
|
2014-02-24 05:56:45 +01:00
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
criteria = xstrdup(cmd);
|
2013-10-15 03:13:05 +02:00
|
|
|
free(cmd);
|
2014-10-09 00:20:25 +02:00
|
|
|
/* Force exit status to boolean */
|
|
|
|
|
r = r == 0;
|
|
|
|
|
if (r == (negate ? 1 : 0))
|
|
|
|
|
this_result = result = 0;
|
2013-10-15 03:13:05 +02:00
|
|
|
} else {
|
|
|
|
|
error("Unsupported Match attribute %s", attrib);
|
2013-10-23 07:30:51 +02:00
|
|
|
result = -1;
|
|
|
|
|
goto out;
|
2013-10-15 03:13:05 +02:00
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
debug3("%.200s line %d: %smatched '%s \"%.100s\"' ",
|
|
|
|
|
filename, linenum, this_result ? "": "not ",
|
|
|
|
|
oattrib, criteria);
|
|
|
|
|
free(criteria);
|
2013-10-15 03:13:05 +02:00
|
|
|
}
|
2013-10-24 12:02:56 +02:00
|
|
|
if (attributes == 0) {
|
|
|
|
|
error("One or more attributes required for Match");
|
|
|
|
|
result = -1;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2013-10-23 07:30:51 +02:00
|
|
|
out:
|
2014-10-09 00:20:25 +02:00
|
|
|
if (result != -1)
|
|
|
|
|
debug2("match %sfound", result ? "" : "not ");
|
|
|
|
|
*condition = cp;
|
2013-10-23 07:30:51 +02:00
|
|
|
free(host);
|
2013-10-15 03:13:05 +02:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-06 15:02:39 +02:00
|
|
|
/* Remove environment variable by pattern */
|
|
|
|
|
static void
|
|
|
|
|
rm_env(Options *options, const char *arg, const char *filename, int linenum)
|
|
|
|
|
{
|
|
|
|
|
int i, j;
|
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
|
|
/* Remove an environment variable */
|
|
|
|
|
for (i = 0; i < options->num_send_env; ) {
|
|
|
|
|
cp = xstrdup(options->send_env[i]);
|
|
|
|
|
if (!match_pattern(cp, arg + 1)) {
|
|
|
|
|
free(cp);
|
|
|
|
|
i++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
debug3("%s line %d: removing environment %s",
|
|
|
|
|
filename, linenum, cp);
|
|
|
|
|
free(cp);
|
|
|
|
|
free(options->send_env[i]);
|
|
|
|
|
options->send_env[i] = NULL;
|
|
|
|
|
for (j = i; j < options->num_send_env - 1; j++) {
|
|
|
|
|
options->send_env[j] = options->send_env[j + 1];
|
|
|
|
|
options->send_env[j + 1] = NULL;
|
|
|
|
|
}
|
|
|
|
|
options->num_send_env--;
|
|
|
|
|
/* NB. don't increment i */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
/*
|
|
|
|
|
* Returns the number of the token pointed to by cp or oBadOption.
|
|
|
|
|
*/
|
2000-04-16 03:18:38 +02:00
|
|
|
static OpCodes
|
2013-05-16 12:30:03 +02:00
|
|
|
parse_token(const char *cp, const char *filename, int linenum,
|
|
|
|
|
const char *ignored_unknown)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2013-05-16 12:30:03 +02:00
|
|
|
int i;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
for (i = 0; keywords[i].name; i++)
|
2013-05-16 12:30:03 +02:00
|
|
|
if (strcmp(cp, keywords[i].name) == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
return keywords[i].opcode;
|
2015-05-04 08:10:48 +02:00
|
|
|
if (ignored_unknown != NULL &&
|
|
|
|
|
match_pattern_list(cp, ignored_unknown, 1) == 1)
|
2013-05-16 12:30:03 +02:00
|
|
|
return oIgnoredUnknownOption;
|
2001-04-16 04:13:26 +02:00
|
|
|
error("%s: line %d: Bad configuration option: %s",
|
|
|
|
|
filename, linenum, cp);
|
1999-11-24 14:26:21 +01:00
|
|
|
return oBadOption;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2013-10-15 03:14:12 +02:00
|
|
|
/* Multistate option parsing */
|
|
|
|
|
struct multistate {
|
|
|
|
|
char *key;
|
|
|
|
|
int value;
|
|
|
|
|
};
|
|
|
|
|
static const struct multistate multistate_flag[] = {
|
|
|
|
|
{ "true", 1 },
|
|
|
|
|
{ "false", 0 },
|
|
|
|
|
{ "yes", 1 },
|
|
|
|
|
{ "no", 0 },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
|
|
|
|
static const struct multistate multistate_yesnoask[] = {
|
|
|
|
|
{ "true", 1 },
|
|
|
|
|
{ "false", 0 },
|
|
|
|
|
{ "yes", 1 },
|
|
|
|
|
{ "no", 0 },
|
|
|
|
|
{ "ask", 2 },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
2017-09-04 01:33:13 +02:00
|
|
|
static const struct multistate multistate_strict_hostkey[] = {
|
|
|
|
|
{ "true", SSH_STRICT_HOSTKEY_YES },
|
|
|
|
|
{ "false", SSH_STRICT_HOSTKEY_OFF },
|
|
|
|
|
{ "yes", SSH_STRICT_HOSTKEY_YES },
|
|
|
|
|
{ "no", SSH_STRICT_HOSTKEY_OFF },
|
|
|
|
|
{ "ask", SSH_STRICT_HOSTKEY_ASK },
|
|
|
|
|
{ "off", SSH_STRICT_HOSTKEY_OFF },
|
|
|
|
|
{ "accept-new", SSH_STRICT_HOSTKEY_NEW },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
2015-11-15 23:26:49 +01:00
|
|
|
static const struct multistate multistate_yesnoaskconfirm[] = {
|
|
|
|
|
{ "true", 1 },
|
|
|
|
|
{ "false", 0 },
|
|
|
|
|
{ "yes", 1 },
|
|
|
|
|
{ "no", 0 },
|
|
|
|
|
{ "ask", 2 },
|
|
|
|
|
{ "confirm", 3 },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
2013-10-15 03:14:12 +02:00
|
|
|
static const struct multistate multistate_addressfamily[] = {
|
|
|
|
|
{ "inet", AF_INET },
|
|
|
|
|
{ "inet6", AF_INET6 },
|
|
|
|
|
{ "any", AF_UNSPEC },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
|
|
|
|
static const struct multistate multistate_controlmaster[] = {
|
|
|
|
|
{ "true", SSHCTL_MASTER_YES },
|
|
|
|
|
{ "yes", SSHCTL_MASTER_YES },
|
|
|
|
|
{ "false", SSHCTL_MASTER_NO },
|
|
|
|
|
{ "no", SSHCTL_MASTER_NO },
|
|
|
|
|
{ "auto", SSHCTL_MASTER_AUTO },
|
|
|
|
|
{ "ask", SSHCTL_MASTER_ASK },
|
|
|
|
|
{ "autoask", SSHCTL_MASTER_AUTO_ASK },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
|
|
|
|
static const struct multistate multistate_tunnel[] = {
|
|
|
|
|
{ "ethernet", SSH_TUNMODE_ETHERNET },
|
|
|
|
|
{ "point-to-point", SSH_TUNMODE_POINTOPOINT },
|
|
|
|
|
{ "true", SSH_TUNMODE_DEFAULT },
|
|
|
|
|
{ "yes", SSH_TUNMODE_DEFAULT },
|
|
|
|
|
{ "false", SSH_TUNMODE_NO },
|
|
|
|
|
{ "no", SSH_TUNMODE_NO },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
|
|
|
|
static const struct multistate multistate_requesttty[] = {
|
|
|
|
|
{ "true", REQUEST_TTY_YES },
|
|
|
|
|
{ "yes", REQUEST_TTY_YES },
|
|
|
|
|
{ "false", REQUEST_TTY_NO },
|
|
|
|
|
{ "no", REQUEST_TTY_NO },
|
|
|
|
|
{ "force", REQUEST_TTY_FORCE },
|
|
|
|
|
{ "auto", REQUEST_TTY_AUTO },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
2013-10-17 02:48:13 +02:00
|
|
|
static const struct multistate multistate_canonicalizehostname[] = {
|
2013-10-17 02:47:23 +02:00
|
|
|
{ "true", SSH_CANONICALISE_YES },
|
|
|
|
|
{ "false", SSH_CANONICALISE_NO },
|
|
|
|
|
{ "yes", SSH_CANONICALISE_YES },
|
|
|
|
|
{ "no", SSH_CANONICALISE_NO },
|
|
|
|
|
{ "always", SSH_CANONICALISE_ALWAYS },
|
|
|
|
|
{ NULL, -1 }
|
|
|
|
|
};
|
2013-10-15 03:14:12 +02:00
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Processes a single option line as used in the configuration files. This
|
|
|
|
|
* only sets those values that have not already been set.
|
|
|
|
|
*/
|
1999-11-15 05:25:10 +01:00
|
|
|
int
|
2013-10-15 03:13:05 +02:00
|
|
|
process_config_line(Options *options, struct passwd *pw, const char *host,
|
2014-10-09 00:20:25 +02:00
|
|
|
const char *original_host, char *line, const char *filename,
|
|
|
|
|
int linenum, int *activep, int flags)
|
2016-04-15 02:30:19 +02:00
|
|
|
{
|
|
|
|
|
return process_config_line_depth(options, pw, host, original_host,
|
|
|
|
|
line, filename, linenum, activep, flags, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define WHITESPACE " \t\r\n"
|
|
|
|
|
static int
|
|
|
|
|
process_config_line_depth(Options *options, struct passwd *pw, const char *host,
|
|
|
|
|
const char *original_host, char *line, const char *filename,
|
|
|
|
|
int linenum, int *activep, int flags, int depth)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2011-05-29 13:42:31 +02:00
|
|
|
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
|
|
|
|
|
char **cpptr, fwdarg[256];
|
2013-05-16 12:30:03 +02:00
|
|
|
u_int i, *uintptr, max_entries = 0;
|
2016-04-15 02:30:19 +02:00
|
|
|
int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
|
2017-09-21 21:16:53 +02:00
|
|
|
int remotefwd, dynamicfwd;
|
2008-01-01 10:32:26 +01:00
|
|
|
LogLevel *log_level_ptr;
|
2017-04-28 05:20:27 +02:00
|
|
|
SyslogFacility *log_facility_ptr;
|
2013-05-16 12:48:14 +02:00
|
|
|
long long val64;
|
2003-02-24 01:56:27 +01:00
|
|
|
size_t len;
|
2014-07-18 06:11:24 +02:00
|
|
|
struct Forward fwd;
|
2013-10-15 03:14:12 +02:00
|
|
|
const struct multistate *multistate_ptr;
|
2013-10-17 02:47:23 +02:00
|
|
|
struct allowed_cname *cname;
|
2016-04-15 02:30:19 +02:00
|
|
|
glob_t gl;
|
2017-12-06 00:59:47 +01:00
|
|
|
const char *errstr;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
if (activep == NULL) { /* We are processing a command line directive */
|
|
|
|
|
cmdline = 1;
|
|
|
|
|
activep = &cmdline;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-03 06:05:56 +01:00
|
|
|
/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
|
2015-03-30 02:00:29 +02:00
|
|
|
if ((len = strlen(line)) == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
for (len--; len > 0; len--) {
|
2017-02-03 06:05:56 +01:00
|
|
|
if (strchr(WHITESPACE "\f", line[len]) == NULL)
|
2003-05-14 05:40:54 +02:00
|
|
|
break;
|
|
|
|
|
line[len] = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
2000-07-15 06:14:16 +02:00
|
|
|
s = line;
|
|
|
|
|
/* Get the keyword. (Each line is supposed to begin with a keyword). */
|
2006-03-26 04:53:32 +02:00
|
|
|
if ((keyword = strdelim(&s)) == NULL)
|
|
|
|
|
return 0;
|
2000-07-15 06:14:16 +02:00
|
|
|
/* Ignore leading whitespace. */
|
|
|
|
|
if (*keyword == '\0')
|
|
|
|
|
keyword = strdelim(&s);
|
2001-01-22 06:34:40 +01:00
|
|
|
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
2013-05-16 12:30:03 +02:00
|
|
|
/* Match lowercase keyword */
|
2013-10-15 03:14:12 +02:00
|
|
|
lowercase(keyword);
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2013-05-16 12:30:03 +02:00
|
|
|
opcode = parse_token(keyword, filename, linenum,
|
|
|
|
|
options->ignored_unknown);
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
switch (opcode) {
|
|
|
|
|
case oBadOption:
|
1999-11-25 01:54:57 +01:00
|
|
|
/* don't panic, but count bad options */
|
|
|
|
|
return -1;
|
2017-05-01 01:11:45 +02:00
|
|
|
case oIgnore:
|
|
|
|
|
return 0;
|
2013-05-16 12:30:03 +02:00
|
|
|
case oIgnoredUnknownOption:
|
|
|
|
|
debug("%s line %d: Ignored unknown option \"%s\"",
|
|
|
|
|
filename, linenum, keyword);
|
|
|
|
|
return 0;
|
2003-05-16 03:39:04 +02:00
|
|
|
case oConnectTimeout:
|
|
|
|
|
intptr = &options->connection_timeout;
|
2003-12-17 06:33:10 +01:00
|
|
|
parse_time:
|
2003-05-16 03:39:04 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%s line %d: missing time value.",
|
|
|
|
|
filename, linenum);
|
2014-10-09 00:20:25 +02:00
|
|
|
if (strcmp(arg, "none") == 0)
|
|
|
|
|
value = -1;
|
|
|
|
|
else if ((value = convtime(arg)) == -1)
|
2003-05-16 03:39:04 +02:00
|
|
|
fatal("%s line %d: invalid time value.",
|
|
|
|
|
filename, linenum);
|
2007-02-19 12:09:45 +01:00
|
|
|
if (*activep && *intptr == -1)
|
2003-05-16 03:39:04 +02:00
|
|
|
*intptr = value;
|
|
|
|
|
break;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oForwardAgent:
|
|
|
|
|
intptr = &options->forward_agent;
|
2013-10-15 03:14:12 +02:00
|
|
|
parse_flag:
|
|
|
|
|
multistate_ptr = multistate_flag;
|
|
|
|
|
parse_multistate:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2013-10-15 03:14:12 +02:00
|
|
|
fatal("%s line %d: missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
value = -1;
|
|
|
|
|
for (i = 0; multistate_ptr[i].key != NULL; i++) {
|
|
|
|
|
if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
|
|
|
|
|
value = multistate_ptr[i].value;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (value == -1)
|
|
|
|
|
fatal("%s line %d: unsupported option \"%s\".",
|
|
|
|
|
filename, linenum, arg);
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
|
*intptr = value;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case oForwardX11:
|
|
|
|
|
intptr = &options->forward_x11;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2003-10-15 07:54:32 +02:00
|
|
|
case oForwardX11Trusted:
|
|
|
|
|
intptr = &options->forward_x11_trusted;
|
|
|
|
|
goto parse_flag;
|
2014-10-09 00:20:25 +02:00
|
|
|
|
2010-06-26 02:02:24 +02:00
|
|
|
case oForwardX11Timeout:
|
|
|
|
|
intptr = &options->forward_x11_timeout;
|
|
|
|
|
goto parse_time;
|
2003-10-15 07:54:32 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oGatewayPorts:
|
2014-07-18 06:11:24 +02:00
|
|
|
intptr = &options->fwd_opts.gateway_ports;
|
1999-11-24 14:26:21 +01:00
|
|
|
goto parse_flag;
|
|
|
|
|
|
2006-07-12 14:17:10 +02:00
|
|
|
case oExitOnForwardFailure:
|
|
|
|
|
intptr = &options->exit_on_forward_failure;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oPasswordAuthentication:
|
|
|
|
|
intptr = &options->password_authentication;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2000-10-14 07:23:11 +02:00
|
|
|
case oKbdInteractiveAuthentication:
|
|
|
|
|
intptr = &options->kbd_interactive_authentication;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
|
|
case oKbdInteractiveDevices:
|
|
|
|
|
charptr = &options->kbd_interactive_devices;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
case oPubkeyAuthentication:
|
|
|
|
|
intptr = &options->pubkey_authentication;
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
goto parse_flag;
|
|
|
|
|
|
2001-04-13 01:34:34 +02:00
|
|
|
case oHostbasedAuthentication:
|
|
|
|
|
intptr = &options->hostbased_authentication;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2001-01-23 04:12:10 +01:00
|
|
|
case oChallengeResponseAuthentication:
|
2001-06-05 20:56:16 +02:00
|
|
|
intptr = &options->challenge_response_authentication;
|
1999-11-24 14:26:21 +01:00
|
|
|
goto parse_flag;
|
2003-05-15 04:05:28 +02:00
|
|
|
|
2003-08-26 03:49:55 +02:00
|
|
|
case oGssAuthentication:
|
|
|
|
|
intptr = &options->gss_authentication;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
|
|
case oGssDelegateCreds:
|
|
|
|
|
intptr = &options->gss_deleg_creds;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oBatchMode:
|
|
|
|
|
intptr = &options->batch_mode;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
|
|
case oCheckHostIP:
|
|
|
|
|
intptr = &options->check_host_ip;
|
2008-06-29 16:04:03 +02:00
|
|
|
goto parse_flag;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2003-05-15 02:19:46 +02:00
|
|
|
case oVerifyHostKeyDNS:
|
|
|
|
|
intptr = &options->verify_host_key_dns;
|
2013-10-15 03:14:12 +02:00
|
|
|
multistate_ptr = multistate_yesnoask;
|
|
|
|
|
goto parse_multistate;
|
2003-05-15 02:19:46 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oStrictHostKeyChecking:
|
|
|
|
|
intptr = &options->strict_host_key_checking;
|
2017-09-04 01:33:13 +02:00
|
|
|
multistate_ptr = multistate_strict_hostkey;
|
2013-10-15 03:14:12 +02:00
|
|
|
goto parse_multistate;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
case oCompression:
|
|
|
|
|
intptr = &options->compression;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2003-12-17 06:31:10 +01:00
|
|
|
case oTCPKeepAlive:
|
|
|
|
|
intptr = &options->tcp_keep_alive;
|
1999-11-24 14:26:21 +01:00
|
|
|
goto parse_flag;
|
|
|
|
|
|
2001-10-03 19:39:38 +02:00
|
|
|
case oNoHostAuthenticationForLocalhost:
|
|
|
|
|
intptr = &options->no_host_authentication_for_localhost;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oNumberOfPasswordPrompts:
|
|
|
|
|
intptr = &options->number_of_password_prompts;
|
|
|
|
|
goto parse_int;
|
|
|
|
|
|
2003-04-09 12:50:06 +02:00
|
|
|
case oRekeyLimit:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
2013-05-16 12:28:16 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename,
|
|
|
|
|
linenum);
|
|
|
|
|
if (strcmp(arg, "default") == 0) {
|
|
|
|
|
val64 = 0;
|
|
|
|
|
} else {
|
2013-05-16 12:33:10 +02:00
|
|
|
if (scan_scaled(arg, &val64) == -1)
|
|
|
|
|
fatal("%.200s line %d: Bad number '%s': %s",
|
|
|
|
|
filename, linenum, arg, strerror(errno));
|
2013-05-16 12:28:16 +02:00
|
|
|
if (val64 != 0 && val64 < 16)
|
|
|
|
|
fatal("%.200s line %d: RekeyLimit too small",
|
|
|
|
|
filename, linenum);
|
2003-04-09 12:50:06 +02:00
|
|
|
}
|
2008-02-10 12:25:52 +01:00
|
|
|
if (*activep && options->rekey_limit == -1)
|
2016-01-29 03:54:45 +01:00
|
|
|
options->rekey_limit = val64;
|
2013-05-16 12:28:16 +02:00
|
|
|
if (s != NULL) { /* optional rekey interval present */
|
|
|
|
|
if (strcmp(s, "none") == 0) {
|
|
|
|
|
(void)strdelim(&s); /* discard */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
intptr = &options->rekey_interval;
|
|
|
|
|
goto parse_time;
|
|
|
|
|
}
|
2003-04-09 12:50:06 +02:00
|
|
|
break;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oIdentityFile:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
|
if (*activep) {
|
2000-11-13 12:57:25 +01:00
|
|
|
intptr = &options->num_identity_files;
|
2000-04-29 15:57:08 +02:00
|
|
|
if (*intptr >= SSH_MAX_IDENTITY_FILES)
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Too many identity files specified (max %d).",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, SSH_MAX_IDENTITY_FILES);
|
2014-10-09 00:20:25 +02:00
|
|
|
add_identity_file(options, NULL,
|
|
|
|
|
arg, flags & SSHCONF_USERCONF);
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2015-09-24 08:15:11 +02:00
|
|
|
case oCertificateFile:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
if (*activep) {
|
|
|
|
|
intptr = &options->num_certificate_files;
|
|
|
|
|
if (*intptr >= SSH_MAX_CERTIFICATE_FILES) {
|
|
|
|
|
fatal("%.200s line %d: Too many certificate "
|
|
|
|
|
"files specified (max %d).",
|
|
|
|
|
filename, linenum,
|
|
|
|
|
SSH_MAX_CERTIFICATE_FILES);
|
|
|
|
|
}
|
|
|
|
|
add_certificate_file(options, arg,
|
|
|
|
|
flags & SSHCONF_USERCONF);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2000-06-07 11:55:44 +02:00
|
|
|
case oXAuthLocation:
|
|
|
|
|
charptr=&options->xauth_location;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oUser:
|
|
|
|
|
charptr = &options->user;
|
|
|
|
|
parse_string:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2011-05-29 13:42:31 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *charptr == NULL)
|
2000-07-11 09:31:38 +02:00
|
|
|
*charptr = xstrdup(arg);
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case oGlobalKnownHostsFile:
|
2011-05-29 13:42:31 +02:00
|
|
|
cpptr = (char **)&options->system_hostfiles;
|
|
|
|
|
uintptr = &options->num_system_hostfiles;
|
|
|
|
|
max_entries = SSH_MAX_HOSTS_FILES;
|
|
|
|
|
parse_char_array:
|
|
|
|
|
if (*activep && *uintptr == 0) {
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
|
|
|
|
if ((*uintptr) >= max_entries)
|
|
|
|
|
fatal("%s line %d: "
|
|
|
|
|
"too many authorized keys files.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
cpptr[(*uintptr)++] = xstrdup(arg);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
|
case oUserKnownHostsFile:
|
2011-05-29 13:42:31 +02:00
|
|
|
cpptr = (char **)&options->user_hostfiles;
|
|
|
|
|
uintptr = &options->num_user_hostfiles;
|
|
|
|
|
max_entries = SSH_MAX_HOSTS_FILES;
|
|
|
|
|
goto parse_char_array;
|
2000-04-29 15:57:08 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oHostName:
|
|
|
|
|
charptr = &options->hostname;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2000-12-28 17:40:05 +01:00
|
|
|
case oHostKeyAlias:
|
|
|
|
|
charptr = &options->host_key_alias;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2001-03-11 02:49:19 +01:00
|
|
|
case oPreferredAuthentications:
|
|
|
|
|
charptr = &options->preferred_authentications;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2001-04-30 15:06:24 +02:00
|
|
|
case oBindAddress:
|
|
|
|
|
charptr = &options->bind_address;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2018-02-23 03:34:33 +01:00
|
|
|
case oBindInterface:
|
|
|
|
|
charptr = &options->bind_interface;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2010-02-11 23:21:02 +01:00
|
|
|
case oPKCS11Provider:
|
|
|
|
|
charptr = &options->pkcs11_provider;
|
2001-08-06 23:35:51 +02:00
|
|
|
goto parse_string;
|
2001-08-06 23:27:53 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oProxyCommand:
|
2005-12-13 09:29:02 +01:00
|
|
|
charptr = &options->proxy_command;
|
2016-07-15 02:24:30 +02:00
|
|
|
/* Ignore ProxyCommand if ProxyJump already specified */
|
|
|
|
|
if (options->jump_host != NULL)
|
|
|
|
|
charptr = &options->jump_host; /* Skip below */
|
2005-12-13 09:29:02 +01:00
|
|
|
parse_command:
|
2003-06-28 04:40:12 +02:00
|
|
|
if (s == NULL)
|
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2003-02-24 01:56:27 +01:00
|
|
|
len = strspn(s, WHITESPACE "=");
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *charptr == NULL)
|
2003-02-24 01:56:27 +01:00
|
|
|
*charptr = xstrdup(s + len);
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
|
|
|
|
|
2016-07-15 02:24:30 +02:00
|
|
|
case oProxyJump:
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
}
|
|
|
|
|
len = strspn(s, WHITESPACE "=");
|
|
|
|
|
if (parse_jump(s + len, options, *activep) == -1) {
|
|
|
|
|
fatal("%.200s line %d: Invalid ProxyJump \"%s\"",
|
|
|
|
|
filename, linenum, s + len);
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oPort:
|
2018-10-05 16:26:09 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
value = a2port(arg);
|
|
|
|
|
if (value <= 0)
|
|
|
|
|
fatal("%.200s line %d: Bad port '%s'.",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
if (*activep && options->port == -1)
|
|
|
|
|
options->port = value;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case oConnectionAttempts:
|
|
|
|
|
intptr = &options->connection_attempts;
|
1999-11-24 14:26:21 +01:00
|
|
|
parse_int:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2017-12-06 00:59:47 +01:00
|
|
|
if ((errstr = atoi_err(arg, &value)) != NULL)
|
|
|
|
|
fatal("%s line %d: integer value %s.",
|
|
|
|
|
filename, linenum, errstr);
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
|
*intptr = value;
|
|
|
|
|
break;
|
|
|
|
|
|
2000-04-12 12:17:38 +02:00
|
|
|
case oCiphers:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2000-05-30 05:44:51 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2017-02-04 00:01:19 +01:00
|
|
|
if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
|
2000-05-09 03:02:59 +02:00
|
|
|
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2000-04-12 12:17:38 +02:00
|
|
|
if (*activep && options->ciphers == NULL)
|
2000-07-11 09:31:38 +02:00
|
|
|
options->ciphers = xstrdup(arg);
|
2000-04-12 12:17:38 +02:00
|
|
|
break;
|
|
|
|
|
|
2001-02-15 04:01:59 +01:00
|
|
|
case oMacs:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2017-02-04 00:01:19 +01:00
|
|
|
if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
|
2001-02-15 04:01:59 +01:00
|
|
|
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2001-02-15 04:01:59 +01:00
|
|
|
if (*activep && options->macs == NULL)
|
|
|
|
|
options->macs = xstrdup(arg);
|
|
|
|
|
break;
|
|
|
|
|
|
2010-09-24 14:11:14 +02:00
|
|
|
case oKexAlgorithms:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
2017-02-04 00:01:19 +01:00
|
|
|
if (*arg != '-' &&
|
|
|
|
|
!kex_names_valid(*arg == '+' ? arg + 1 : arg))
|
2010-09-24 14:11:14 +02:00
|
|
|
fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
|
|
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
|
|
|
|
if (*activep && options->kex_algorithms == NULL)
|
|
|
|
|
options->kex_algorithms = xstrdup(arg);
|
|
|
|
|
break;
|
|
|
|
|
|
2001-04-17 20:11:36 +02:00
|
|
|
case oHostKeyAlgorithms:
|
2015-07-10 08:21:53 +02:00
|
|
|
charptr = &options->hostkeyalgorithms;
|
|
|
|
|
parse_keytypes:
|
2001-04-17 20:11:36 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
2015-07-10 08:21:53 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
2017-02-04 00:01:19 +01:00
|
|
|
if (*arg != '-' &&
|
|
|
|
|
!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
|
2015-07-10 08:21:53 +02:00
|
|
|
fatal("%s line %d: Bad key types '%s'.",
|
|
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
|
|
|
|
if (*activep && *charptr == NULL)
|
|
|
|
|
*charptr = xstrdup(arg);
|
2001-04-17 20:11:36 +02:00
|
|
|
break;
|
|
|
|
|
|
2018-09-20 05:30:44 +02:00
|
|
|
case oCASignatureAlgorithms:
|
|
|
|
|
charptr = &options->ca_sign_algorithms;
|
|
|
|
|
goto parse_keytypes;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oLogLevel:
|
2008-01-01 10:32:26 +01:00
|
|
|
log_level_ptr = &options->log_level;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
value = log_level_number(arg);
|
2002-02-05 02:26:34 +01:00
|
|
|
if (value == SYSLOG_LEVEL_NOT_SET)
|
2001-03-05 08:47:23 +01:00
|
|
|
fatal("%.200s line %d: unsupported log level '%s'",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2008-01-01 10:32:26 +01:00
|
|
|
if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
|
|
|
|
|
*log_level_ptr = (LogLevel) value;
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
|
2017-04-28 05:20:27 +02:00
|
|
|
case oLogFacility:
|
|
|
|
|
log_facility_ptr = &options->log_facility;
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
value = log_facility_number(arg);
|
|
|
|
|
if (value == SYSLOG_FACILITY_NOT_SET)
|
|
|
|
|
fatal("%.200s line %d: unsupported log facility '%s'",
|
|
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
|
|
|
|
if (*log_facility_ptr == -1)
|
|
|
|
|
*log_facility_ptr = (SyslogFacility) value;
|
|
|
|
|
break;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oLocalForward:
|
2001-09-12 20:01:59 +02:00
|
|
|
case oRemoteForward:
|
2008-11-03 09:27:34 +01:00
|
|
|
case oDynamicForward:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2005-03-01 11:24:33 +01:00
|
|
|
if (arg == NULL || *arg == '\0')
|
2001-09-12 20:01:59 +02:00
|
|
|
fatal("%.200s line %d: Missing port argument.",
|
|
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2017-09-21 21:16:53 +02:00
|
|
|
remotefwd = (opcode == oRemoteForward);
|
|
|
|
|
dynamicfwd = (opcode == oDynamicForward);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2017-09-21 21:16:53 +02:00
|
|
|
if (!dynamicfwd) {
|
|
|
|
|
arg2 = strdelim(&s);
|
|
|
|
|
if (arg2 == NULL || *arg2 == '\0') {
|
|
|
|
|
if (remotefwd)
|
|
|
|
|
dynamicfwd = 1;
|
|
|
|
|
else
|
|
|
|
|
fatal("%.200s line %d: Missing target "
|
|
|
|
|
"argument.", filename, linenum);
|
|
|
|
|
} else {
|
|
|
|
|
/* construct a string for parse_forward */
|
|
|
|
|
snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg,
|
|
|
|
|
arg2);
|
|
|
|
|
}
|
2008-11-03 09:27:34 +01:00
|
|
|
}
|
2017-09-21 21:16:53 +02:00
|
|
|
if (dynamicfwd)
|
|
|
|
|
strlcpy(fwdarg, arg, sizeof(fwdarg));
|
2008-11-03 09:27:34 +01:00
|
|
|
|
2017-09-21 21:16:53 +02:00
|
|
|
if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0)
|
2001-09-12 20:01:59 +02:00
|
|
|
fatal("%.200s line %d: Bad forwarding specification.",
|
|
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2001-09-12 20:01:59 +02:00
|
|
|
if (*activep) {
|
2017-09-21 21:16:53 +02:00
|
|
|
if (remotefwd) {
|
2005-03-01 11:24:33 +01:00
|
|
|
add_remote_forward(options, &fwd);
|
2017-09-21 21:16:53 +02:00
|
|
|
} else {
|
|
|
|
|
add_local_forward(options, &fwd);
|
|
|
|
|
}
|
2001-09-12 20:01:59 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
|
2001-09-20 02:57:55 +02:00
|
|
|
case oClearAllForwardings:
|
|
|
|
|
intptr = &options->clear_forwardings;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oHost:
|
2013-10-15 03:13:05 +02:00
|
|
|
if (cmdline)
|
|
|
|
|
fatal("Host directive not supported as a command-line "
|
|
|
|
|
"option");
|
1999-11-24 14:26:21 +01:00
|
|
|
*activep = 0;
|
2011-05-15 00:44:45 +02:00
|
|
|
arg2 = NULL;
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
2016-04-15 02:30:19 +02:00
|
|
|
if ((flags & SSHCONF_NEVERMATCH) != 0)
|
|
|
|
|
break;
|
2011-05-15 00:44:45 +02:00
|
|
|
negated = *arg == '!';
|
|
|
|
|
if (negated)
|
|
|
|
|
arg++;
|
2000-07-11 09:31:38 +02:00
|
|
|
if (match_pattern(host, arg)) {
|
2011-05-15 00:44:45 +02:00
|
|
|
if (negated) {
|
|
|
|
|
debug("%.200s line %d: Skipping Host "
|
|
|
|
|
"block because of negated match "
|
|
|
|
|
"for %.100s", filename, linenum,
|
|
|
|
|
arg);
|
|
|
|
|
*activep = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (!*activep)
|
|
|
|
|
arg2 = arg; /* logged below */
|
1999-11-24 14:26:21 +01:00
|
|
|
*activep = 1;
|
|
|
|
|
}
|
2011-05-15 00:44:45 +02:00
|
|
|
}
|
|
|
|
|
if (*activep)
|
|
|
|
|
debug("%.200s line %d: Applying options for %.100s",
|
|
|
|
|
filename, linenum, arg2);
|
2000-07-15 06:14:16 +02:00
|
|
|
/* Avoid garbage check below, as strdelim is done. */
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
|
|
|
|
|
2013-10-15 03:13:05 +02:00
|
|
|
case oMatch:
|
|
|
|
|
if (cmdline)
|
|
|
|
|
fatal("Host directive not supported as a command-line "
|
|
|
|
|
"option");
|
2014-10-09 00:20:25 +02:00
|
|
|
value = match_cfg_line(options, &s, pw, host, original_host,
|
|
|
|
|
flags & SSHCONF_POSTCANON, filename, linenum);
|
2013-10-15 03:13:05 +02:00
|
|
|
if (value < 0)
|
|
|
|
|
fatal("%.200s line %d: Bad Match condition", filename,
|
|
|
|
|
linenum);
|
2016-04-15 02:30:19 +02:00
|
|
|
*activep = (flags & SSHCONF_NEVERMATCH) ? 0 : value;
|
2013-10-15 03:13:05 +02:00
|
|
|
break;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oEscapeChar:
|
|
|
|
|
intptr = &options->escape_char;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2015-05-22 06:45:52 +02:00
|
|
|
if (strcmp(arg, "none") == 0)
|
|
|
|
|
value = SSH_ESCAPECHAR_NONE;
|
|
|
|
|
else if (arg[1] == '\0')
|
|
|
|
|
value = (u_char) arg[0];
|
|
|
|
|
else if (arg[0] == '^' && arg[2] == 0 &&
|
2000-12-22 02:43:59 +01:00
|
|
|
(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
|
|
|
|
|
value = (u_char) arg[1] & 31;
|
1999-11-24 14:26:21 +01:00
|
|
|
else {
|
|
|
|
|
fatal("%.200s line %d: Bad escape character.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
/* NOTREACHED */
|
|
|
|
|
value = 0; /* Avoid compiler warning. */
|
|
|
|
|
}
|
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
|
*intptr = value;
|
|
|
|
|
break;
|
|
|
|
|
|
2003-05-18 12:50:30 +02:00
|
|
|
case oAddressFamily:
|
2003-07-03 12:37:47 +02:00
|
|
|
intptr = &options->address_family;
|
2013-10-15 03:14:12 +02:00
|
|
|
multistate_ptr = multistate_addressfamily;
|
|
|
|
|
goto parse_multistate;
|
2003-05-18 12:50:30 +02:00
|
|
|
|
2002-11-09 16:52:31 +01:00
|
|
|
case oEnableSSHKeysign:
|
|
|
|
|
intptr = &options->enable_ssh_keysign;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2004-03-08 13:12:36 +01:00
|
|
|
case oIdentitiesOnly:
|
|
|
|
|
intptr = &options->identities_only;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2003-12-17 06:33:10 +01:00
|
|
|
case oServerAliveInterval:
|
|
|
|
|
intptr = &options->server_alive_interval;
|
|
|
|
|
goto parse_time;
|
|
|
|
|
|
|
|
|
|
case oServerAliveCountMax:
|
|
|
|
|
intptr = &options->server_alive_count_max;
|
|
|
|
|
goto parse_int;
|
|
|
|
|
|
2004-05-02 14:11:30 +02:00
|
|
|
case oSendEnv:
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
|
|
|
|
if (strchr(arg, '=') != NULL)
|
|
|
|
|
fatal("%s line %d: Invalid environment name.",
|
|
|
|
|
filename, linenum);
|
2005-03-05 01:22:50 +01:00
|
|
|
if (!*activep)
|
|
|
|
|
continue;
|
2018-04-06 15:02:39 +02:00
|
|
|
if (*arg == '-') {
|
|
|
|
|
/* Removing an env var */
|
|
|
|
|
rm_env(options, arg, filename, linenum);
|
|
|
|
|
continue;
|
|
|
|
|
} else {
|
|
|
|
|
/* Adding an env var */
|
2018-06-09 05:01:12 +02:00
|
|
|
if (options->num_send_env >= INT_MAX)
|
2018-04-06 15:02:39 +02:00
|
|
|
fatal("%s line %d: too many send env.",
|
|
|
|
|
filename, linenum);
|
2018-06-09 05:01:12 +02:00
|
|
|
options->send_env = xrecallocarray(
|
|
|
|
|
options->send_env, options->num_send_env,
|
2018-06-11 01:45:41 +02:00
|
|
|
options->num_send_env + 1,
|
2018-06-09 05:01:12 +02:00
|
|
|
sizeof(*options->send_env));
|
2018-04-06 15:02:39 +02:00
|
|
|
options->send_env[options->num_send_env++] =
|
|
|
|
|
xstrdup(arg);
|
|
|
|
|
}
|
2004-05-02 14:11:30 +02:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2018-06-09 05:01:12 +02:00
|
|
|
case oSetEnv:
|
|
|
|
|
value = options->num_setenv;
|
|
|
|
|
while ((arg = strdelimw(&s)) != NULL && *arg != '\0') {
|
|
|
|
|
if (strchr(arg, '=') == NULL)
|
|
|
|
|
fatal("%s line %d: Invalid SetEnv.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
if (!*activep || value != 0)
|
|
|
|
|
continue;
|
|
|
|
|
/* Adding a setenv var */
|
|
|
|
|
if (options->num_setenv >= INT_MAX)
|
|
|
|
|
fatal("%s line %d: too many SetEnv.",
|
2004-05-02 14:11:30 +02:00
|
|
|
filename, linenum);
|
2018-06-09 05:01:12 +02:00
|
|
|
options->setenv = xrecallocarray(
|
|
|
|
|
options->setenv, options->num_setenv,
|
|
|
|
|
options->num_setenv + 1, sizeof(*options->setenv));
|
|
|
|
|
options->setenv[options->num_setenv++] = xstrdup(arg);
|
2004-05-02 14:11:30 +02:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2004-06-15 02:34:08 +02:00
|
|
|
case oControlPath:
|
|
|
|
|
charptr = &options->control_path;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
|
|
|
|
case oControlMaster:
|
|
|
|
|
intptr = &options->control_master;
|
2013-10-15 03:14:12 +02:00
|
|
|
multistate_ptr = multistate_controlmaster;
|
|
|
|
|
goto parse_multistate;
|
2004-06-15 02:34:08 +02:00
|
|
|
|
2010-08-03 08:04:46 +02:00
|
|
|
case oControlPersist:
|
|
|
|
|
/* no/false/yes/true, or a time spec */
|
|
|
|
|
intptr = &options->control_persist;
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing ControlPersist"
|
|
|
|
|
" argument.", filename, linenum);
|
|
|
|
|
value = 0;
|
|
|
|
|
value2 = 0; /* timeout */
|
|
|
|
|
if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
|
|
|
|
value = 0;
|
|
|
|
|
else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
|
|
|
|
value = 1;
|
|
|
|
|
else if ((value2 = convtime(arg)) >= 0)
|
|
|
|
|
value = 1;
|
|
|
|
|
else
|
|
|
|
|
fatal("%.200s line %d: Bad ControlPersist argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
if (*activep && *intptr == -1) {
|
|
|
|
|
*intptr = value;
|
|
|
|
|
options->control_persist_timeout = value2;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2005-03-01 11:47:37 +01:00
|
|
|
case oHashKnownHosts:
|
|
|
|
|
intptr = &options->hash_known_hosts;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2005-12-13 09:29:02 +01:00
|
|
|
case oTunnel:
|
|
|
|
|
intptr = &options->tun_open;
|
2013-10-15 03:14:12 +02:00
|
|
|
multistate_ptr = multistate_tunnel;
|
|
|
|
|
goto parse_multistate;
|
2005-12-13 09:29:02 +01:00
|
|
|
|
|
|
|
|
case oTunnelDevice:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
|
value = a2tun(arg, &value2);
|
2005-12-13 09:33:19 +01:00
|
|
|
if (value == SSH_TUNID_ERR)
|
2005-12-13 09:29:02 +01:00
|
|
|
fatal("%.200s line %d: Bad tun device.", filename, linenum);
|
|
|
|
|
if (*activep) {
|
|
|
|
|
options->tun_local = value;
|
|
|
|
|
options->tun_remote = value2;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case oLocalCommand:
|
|
|
|
|
charptr = &options->local_command;
|
|
|
|
|
goto parse_command;
|
|
|
|
|
|
|
|
|
|
case oPermitLocalCommand:
|
|
|
|
|
intptr = &options->permit_local_command;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2017-05-30 20:58:37 +02:00
|
|
|
case oRemoteCommand:
|
|
|
|
|
charptr = &options->remote_command;
|
|
|
|
|
goto parse_command;
|
|
|
|
|
|
2008-06-29 16:04:03 +02:00
|
|
|
case oVisualHostKey:
|
|
|
|
|
intptr = &options->visual_host_key;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2016-04-15 02:30:19 +02:00
|
|
|
case oInclude:
|
|
|
|
|
if (cmdline)
|
|
|
|
|
fatal("Include directive not supported as a "
|
|
|
|
|
"command-line option");
|
|
|
|
|
value = 0;
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
|
|
|
|
/*
|
|
|
|
|
* Ensure all paths are anchored. User configuration
|
|
|
|
|
* files may begin with '~/' but system configurations
|
|
|
|
|
* must not. If the path is relative, then treat it
|
|
|
|
|
* as living in ~/.ssh for user configurations or
|
|
|
|
|
* /etc/ssh for system ones.
|
|
|
|
|
*/
|
|
|
|
|
if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
|
|
|
|
|
fatal("%.200s line %d: bad include path %s.",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
if (*arg != '/' && *arg != '~') {
|
|
|
|
|
xasprintf(&arg2, "%s/%s",
|
|
|
|
|
(flags & SSHCONF_USERCONF) ?
|
|
|
|
|
"~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
|
|
|
|
|
} else
|
|
|
|
|
arg2 = xstrdup(arg);
|
|
|
|
|
memset(&gl, 0, sizeof(gl));
|
|
|
|
|
r = glob(arg2, GLOB_TILDE, NULL, &gl);
|
|
|
|
|
if (r == GLOB_NOMATCH) {
|
|
|
|
|
debug("%.200s line %d: include %s matched no "
|
|
|
|
|
"files",filename, linenum, arg2);
|
2017-03-10 04:24:48 +01:00
|
|
|
free(arg2);
|
2016-04-15 02:30:19 +02:00
|
|
|
continue;
|
|
|
|
|
} else if (r != 0 || gl.gl_pathc < 0)
|
|
|
|
|
fatal("%.200s line %d: glob failed for %s.",
|
|
|
|
|
filename, linenum, arg2);
|
|
|
|
|
free(arg2);
|
|
|
|
|
oactive = *activep;
|
|
|
|
|
for (i = 0; i < (u_int)gl.gl_pathc; i++) {
|
|
|
|
|
debug3("%.200s line %d: Including file %s "
|
|
|
|
|
"depth %d%s", filename, linenum,
|
|
|
|
|
gl.gl_pathv[i], depth,
|
|
|
|
|
oactive ? "" : " (parse only)");
|
|
|
|
|
r = read_config_file_depth(gl.gl_pathv[i],
|
|
|
|
|
pw, host, original_host, options,
|
|
|
|
|
flags | SSHCONF_CHECKPERM |
|
|
|
|
|
(oactive ? 0 : SSHCONF_NEVERMATCH),
|
|
|
|
|
activep, depth + 1);
|
2017-01-06 10:27:52 +01:00
|
|
|
if (r != 1 && errno != ENOENT) {
|
2017-01-06 04:53:58 +01:00
|
|
|
fatal("Can't open user config file "
|
|
|
|
|
"%.100s: %.100s", gl.gl_pathv[i],
|
|
|
|
|
strerror(errno));
|
|
|
|
|
}
|
2016-04-15 02:30:19 +02:00
|
|
|
/*
|
|
|
|
|
* don't let Match in includes clobber the
|
|
|
|
|
* containing file's Match state.
|
|
|
|
|
*/
|
|
|
|
|
*activep = oactive;
|
|
|
|
|
if (r != 1)
|
|
|
|
|
value = -1;
|
|
|
|
|
}
|
|
|
|
|
globfree(&gl);
|
|
|
|
|
}
|
|
|
|
|
if (value != 0)
|
|
|
|
|
return value;
|
|
|
|
|
break;
|
|
|
|
|
|
2010-11-20 05:19:38 +01:00
|
|
|
case oIPQoS:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if ((value = parse_ipqos(arg)) == -1)
|
|
|
|
|
fatal("%s line %d: Bad IPQoS value: %s",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (arg == NULL)
|
|
|
|
|
value2 = value;
|
|
|
|
|
else if ((value2 = parse_ipqos(arg)) == -1)
|
|
|
|
|
fatal("%s line %d: Bad IPQoS value: %s",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
if (*activep) {
|
|
|
|
|
options->ip_qos_interactive = value;
|
|
|
|
|
options->ip_qos_bulk = value2;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2011-05-15 00:45:50 +02:00
|
|
|
case oRequestTTY:
|
|
|
|
|
intptr = &options->request_tty;
|
2013-10-15 03:14:12 +02:00
|
|
|
multistate_ptr = multistate_requesttty;
|
|
|
|
|
goto parse_multistate;
|
2011-05-15 00:45:50 +02:00
|
|
|
|
2013-05-16 12:30:03 +02:00
|
|
|
case oIgnoreUnknown:
|
|
|
|
|
charptr = &options->ignored_unknown;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2013-08-20 18:44:24 +02:00
|
|
|
case oProxyUseFdpass:
|
|
|
|
|
intptr = &options->proxy_use_fdpass;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2013-10-17 02:47:23 +02:00
|
|
|
case oCanonicalDomains:
|
|
|
|
|
value = options->num_canonical_domains != 0;
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
2017-10-22 01:06:24 +02:00
|
|
|
if (!valid_domain(arg, 1, &errstr)) {
|
|
|
|
|
fatal("%s line %d: %s", filename, linenum,
|
|
|
|
|
errstr);
|
|
|
|
|
}
|
2013-10-17 02:47:23 +02:00
|
|
|
if (!*activep || value)
|
|
|
|
|
continue;
|
|
|
|
|
if (options->num_canonical_domains >= MAX_CANON_DOMAINS)
|
|
|
|
|
fatal("%s line %d: too many hostname suffixes.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
options->canonical_domains[
|
|
|
|
|
options->num_canonical_domains++] = xstrdup(arg);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2013-10-17 02:48:13 +02:00
|
|
|
case oCanonicalizePermittedCNAMEs:
|
2013-10-17 02:47:23 +02:00
|
|
|
value = options->num_permitted_cnames != 0;
|
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
|
|
|
|
/* Either '*' for everything or 'list:list' */
|
|
|
|
|
if (strcmp(arg, "*") == 0)
|
|
|
|
|
arg2 = arg;
|
|
|
|
|
else {
|
|
|
|
|
lowercase(arg);
|
|
|
|
|
if ((arg2 = strchr(arg, ':')) == NULL ||
|
|
|
|
|
arg2[1] == '\0') {
|
|
|
|
|
fatal("%s line %d: "
|
|
|
|
|
"Invalid permitted CNAME \"%s\"",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
}
|
|
|
|
|
*arg2 = '\0';
|
|
|
|
|
arg2++;
|
|
|
|
|
}
|
|
|
|
|
if (!*activep || value)
|
|
|
|
|
continue;
|
|
|
|
|
if (options->num_permitted_cnames >= MAX_CANON_DOMAINS)
|
|
|
|
|
fatal("%s line %d: too many permitted CNAMEs.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
cname = options->permitted_cnames +
|
|
|
|
|
options->num_permitted_cnames++;
|
|
|
|
|
cname->source_list = xstrdup(arg);
|
|
|
|
|
cname->target_list = xstrdup(arg2);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2013-10-17 02:48:13 +02:00
|
|
|
case oCanonicalizeHostname:
|
|
|
|
|
intptr = &options->canonicalize_hostname;
|
|
|
|
|
multistate_ptr = multistate_canonicalizehostname;
|
2013-10-17 02:47:23 +02:00
|
|
|
goto parse_multistate;
|
|
|
|
|
|
2013-10-17 02:48:13 +02:00
|
|
|
case oCanonicalizeMaxDots:
|
|
|
|
|
intptr = &options->canonicalize_max_dots;
|
2013-10-17 02:47:23 +02:00
|
|
|
goto parse_int;
|
|
|
|
|
|
2013-10-17 02:48:13 +02:00
|
|
|
case oCanonicalizeFallbackLocal:
|
|
|
|
|
intptr = &options->canonicalize_fallback_local;
|
2013-10-17 02:47:23 +02:00
|
|
|
goto parse_flag;
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
case oStreamLocalBindMask:
|
|
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing StreamLocalBindMask argument.", filename, linenum);
|
|
|
|
|
/* Parse mode in octal format */
|
|
|
|
|
value = strtol(arg, &endofnumber, 8);
|
|
|
|
|
if (arg == endofnumber || value < 0 || value > 0777)
|
|
|
|
|
fatal("%.200s line %d: Bad mask.", filename, linenum);
|
|
|
|
|
options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case oStreamLocalBindUnlink:
|
|
|
|
|
intptr = &options->fwd_opts.streamlocal_bind_unlink;
|
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
2014-12-04 03:24:32 +01:00
|
|
|
case oRevokedHostKeys:
|
|
|
|
|
charptr = &options->revoked_host_keys;
|
|
|
|
|
goto parse_string;
|
|
|
|
|
|
2014-12-21 23:27:55 +01:00
|
|
|
case oFingerprintHash:
|
2015-01-08 14:44:36 +01:00
|
|
|
intptr = &options->fingerprint_hash;
|
2014-12-21 23:27:55 +01:00
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
if ((value = ssh_digest_alg_by_name(arg)) == -1)
|
|
|
|
|
fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
|
|
|
|
|
filename, linenum, arg);
|
2015-01-08 14:44:36 +01:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
|
*intptr = value;
|
2014-12-21 23:27:55 +01:00
|
|
|
break;
|
|
|
|
|
|
2015-01-26 04:04:45 +01:00
|
|
|
case oUpdateHostkeys:
|
|
|
|
|
intptr = &options->update_hostkeys;
|
2015-02-16 23:13:32 +01:00
|
|
|
multistate_ptr = multistate_yesnoask;
|
|
|
|
|
goto parse_multistate;
|
2015-01-26 04:04:45 +01:00
|
|
|
|
2015-01-30 12:43:14 +01:00
|
|
|
case oHostbasedKeyTypes:
|
|
|
|
|
charptr = &options->hostbased_key_types;
|
2015-07-10 08:21:53 +02:00
|
|
|
goto parse_keytypes;
|
|
|
|
|
|
|
|
|
|
case oPubkeyAcceptedKeyTypes:
|
|
|
|
|
charptr = &options->pubkey_key_types;
|
|
|
|
|
goto parse_keytypes;
|
2015-01-30 12:43:14 +01:00
|
|
|
|
2015-11-15 23:26:49 +01:00
|
|
|
case oAddKeysToAgent:
|
|
|
|
|
intptr = &options->add_keys_to_agent;
|
|
|
|
|
multistate_ptr = multistate_yesnoaskconfirm;
|
|
|
|
|
goto parse_multistate;
|
|
|
|
|
|
2016-05-04 14:21:53 +02:00
|
|
|
case oIdentityAgent:
|
|
|
|
|
charptr = &options->identity_agent;
|
2018-10-03 08:38:35 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
|
fatal("%.200s line %d: Missing argument.",
|
|
|
|
|
filename, linenum);
|
|
|
|
|
/* Extra validation if the string represents an env var. */
|
|
|
|
|
if (arg[0] == '$' && !valid_env_name(arg + 1)) {
|
|
|
|
|
fatal("%.200s line %d: Invalid environment name %s.",
|
|
|
|
|
filename, linenum, arg);
|
|
|
|
|
}
|
|
|
|
|
if (*activep && *charptr == NULL)
|
|
|
|
|
*charptr = xstrdup(arg);
|
|
|
|
|
break;
|
2016-05-04 14:21:53 +02:00
|
|
|
|
2002-06-09 22:04:02 +02:00
|
|
|
case oDeprecated:
|
2002-06-09 22:13:27 +02:00
|
|
|
debug("%s line %d: Deprecated option \"%s\"",
|
2002-06-09 22:04:02 +02:00
|
|
|
filename, linenum, keyword);
|
2002-06-09 22:13:27 +02:00
|
|
|
return 0;
|
2002-06-09 22:04:02 +02:00
|
|
|
|
2003-05-16 03:38:32 +02:00
|
|
|
case oUnsupported:
|
|
|
|
|
error("%s line %d: Unsupported option \"%s\"",
|
|
|
|
|
filename, linenum, keyword);
|
|
|
|
|
return 0;
|
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
default:
|
2014-10-09 00:20:25 +02:00
|
|
|
fatal("%s: Unimplemented opcode %d", __func__, opcode);
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that there is no garbage at end of line. */
|
2001-01-22 06:34:40 +01:00
|
|
|
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
2000-07-11 09:31:38 +02:00
|
|
|
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
2005-07-17 09:22:45 +02:00
|
|
|
filename, linenum, arg);
|
2000-07-11 09:31:38 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Reads the config file and modifies the options accordingly. Options
|
|
|
|
|
* should already be initialized before this call. This never returns if
|
2001-09-12 20:32:20 +02:00
|
|
|
* there is an error. If the file does not exist, this returns 0.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
2001-09-12 20:32:20 +02:00
|
|
|
int
|
2013-10-15 03:13:05 +02:00
|
|
|
read_config_file(const char *filename, struct passwd *pw, const char *host,
|
2014-10-09 00:20:25 +02:00
|
|
|
const char *original_host, Options *options, int flags)
|
2016-04-15 02:30:19 +02:00
|
|
|
{
|
|
|
|
|
int active = 1;
|
|
|
|
|
|
|
|
|
|
return read_config_file_depth(filename, pw, host, original_host,
|
|
|
|
|
options, flags, &active, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define READCONF_MAX_DEPTH 16
|
|
|
|
|
static int
|
|
|
|
|
read_config_file_depth(const char *filename, struct passwd *pw,
|
|
|
|
|
const char *host, const char *original_host, Options *options,
|
|
|
|
|
int flags, int *activep, int depth)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
FILE *f;
|
2018-06-06 20:29:18 +02:00
|
|
|
char *line = NULL;
|
|
|
|
|
size_t linesize = 0;
|
2016-04-15 02:30:19 +02:00
|
|
|
int linenum;
|
1999-11-24 14:26:21 +01:00
|
|
|
int bad_options = 0;
|
|
|
|
|
|
2016-04-15 02:30:19 +02:00
|
|
|
if (depth < 0 || depth > READCONF_MAX_DEPTH)
|
|
|
|
|
fatal("Too many recursive configuration includes");
|
|
|
|
|
|
2004-04-20 12:11:57 +02:00
|
|
|
if ((f = fopen(filename, "r")) == NULL)
|
2001-09-12 20:32:20 +02:00
|
|
|
return 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
file permission on ssh_config, authorized_keys, private keys, host keys, public keys. (#110)
1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,.
2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe
3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine.
4. add OpenSSHBinPath to path.
5. change indents in agentconfig.c
6. update test script to represent the changes
7. Add tests for:
* authorized_keys and ssh-keygen testing
* host keys file perm testing
* user private key file perm testing
* ssh-add test
* user ssh_config
2017-05-01 23:18:20 +02:00
|
|
|
if (flags & SSHCONF_CHECKPERM) {
|
|
|
|
|
#if WINDOWS
|
|
|
|
|
/*
|
2017-05-24 06:45:38 +02:00
|
|
|
file permissions are designed differently on windows.
|
|
|
|
|
implementation on windows to make sure the config file is owned by a user, administrators group, or LOCALSYSTEM account
|
|
|
|
|
and nobody else except Administrators group, LOCALSYSTEM, and file owner account has the write permission
|
file permission on ssh_config, authorized_keys, private keys, host keys, public keys. (#110)
1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,.
2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe
3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine.
4. add OpenSSHBinPath to path.
5. change indents in agentconfig.c
6. update test script to represent the changes
7. Add tests for:
* authorized_keys and ssh-keygen testing
* host keys file perm testing
* user private key file perm testing
* ssh-add test
* user ssh_config
2017-05-01 23:18:20 +02:00
|
|
|
*/
|
|
|
|
|
if (check_secure_file_permission(filename, pw) != 0)
|
|
|
|
|
fatal("Bad owner or permissions on %s", filename);
|
|
|
|
|
#else
|
2004-04-20 12:11:57 +02:00
|
|
|
struct stat sb;
|
2004-07-17 08:12:08 +02:00
|
|
|
|
2004-06-15 02:27:55 +02:00
|
|
|
if (fstat(fileno(f), &sb) == -1)
|
2004-04-20 12:11:57 +02:00
|
|
|
fatal("fstat %s: %s", filename, strerror(errno));
|
|
|
|
|
if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
|
2004-06-15 02:27:55 +02:00
|
|
|
(sb.st_mode & 022) != 0))
|
2004-04-20 12:11:57 +02:00
|
|
|
fatal("Bad owner or permissions on %s", filename);
|
2016-12-19 23:46:28 +01:00
|
|
|
#endif /* !WINDOWS */
|
file permission on ssh_config, authorized_keys, private keys, host keys, public keys. (#110)
1. Add file permission check when load or add ssh_config, authorized_keys, private keys, host keys,.
2. set the owner and ACE for create secure file, ex, private key in ssh-keygen.exe
3. Update script OpenSSHTestHelper.psm1 to be able to run Install-OpenSSH if the sshd is running on the machine.
4. add OpenSSHBinPath to path.
5. change indents in agentconfig.c
6. update test script to represent the changes
7. Add tests for:
* authorized_keys and ssh-keygen testing
* host keys file perm testing
* user private key file perm testing
* ssh-add test
* user ssh_config
2017-05-01 23:18:20 +02:00
|
|
|
}
|
|
|
|
|
|
2004-04-20 12:11:57 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
debug("Reading configuration data %.200s", filename);
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Mark that we are now processing the options. This flag is turned
|
|
|
|
|
* on/off by Host specifications.
|
|
|
|
|
*/
|
1999-11-24 14:26:21 +01:00
|
|
|
linenum = 0;
|
2018-06-06 20:29:18 +02:00
|
|
|
while (getline(&line, &linesize, f) != -1) {
|
1999-11-24 14:26:21 +01:00
|
|
|
/* Update line number counter. */
|
|
|
|
|
linenum++;
|
2016-04-15 02:30:19 +02:00
|
|
|
if (process_config_line_depth(options, pw, host, original_host,
|
|
|
|
|
line, filename, linenum, activep, flags, depth) != 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
bad_options++;
|
|
|
|
|
}
|
2018-06-06 20:29:18 +02:00
|
|
|
free(line);
|
1999-11-24 14:26:21 +01:00
|
|
|
fclose(f);
|
|
|
|
|
if (bad_options > 0)
|
2001-03-05 08:47:23 +01:00
|
|
|
fatal("%s: terminating, %d bad configuration options",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, bad_options);
|
2001-09-12 20:32:20 +02:00
|
|
|
return 1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2014-02-24 05:57:55 +01:00
|
|
|
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
|
|
|
|
|
int
|
|
|
|
|
option_clear_or_none(const char *o)
|
|
|
|
|
{
|
|
|
|
|
return o == NULL || strcasecmp(o, "none") == 0;
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Initializes options to special values that indicate that they have not yet
|
|
|
|
|
* been set. Read_config_file will only set options with this value. Options
|
|
|
|
|
* are processed in the following order: command line, user config file,
|
|
|
|
|
* system config file. Last, fill_default_options is called.
|
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
1999-11-24 14:26:21 +01:00
|
|
|
initialize_options(Options * options)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
memset(options, 'X', sizeof(*options));
|
|
|
|
|
options->forward_agent = -1;
|
|
|
|
|
options->forward_x11 = -1;
|
2003-10-15 07:54:32 +02:00
|
|
|
options->forward_x11_trusted = -1;
|
2010-06-26 02:02:24 +02:00
|
|
|
options->forward_x11_timeout = -1;
|
2016-06-03 05:14:41 +02:00
|
|
|
options->stdio_forward_host = NULL;
|
|
|
|
|
options->stdio_forward_port = 0;
|
2016-06-03 06:09:38 +02:00
|
|
|
options->clear_forwardings = -1;
|
2006-07-12 14:17:10 +02:00
|
|
|
options->exit_on_forward_failure = -1;
|
2000-06-07 11:55:44 +02:00
|
|
|
options->xauth_location = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
options->fwd_opts.gateway_ports = -1;
|
|
|
|
|
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
|
|
|
|
|
options->fwd_opts.streamlocal_bind_unlink = -1;
|
2000-11-13 12:57:25 +01:00
|
|
|
options->pubkey_authentication = -1;
|
2001-06-05 20:56:16 +02:00
|
|
|
options->challenge_response_authentication = -1;
|
2003-08-26 03:49:55 +02:00
|
|
|
options->gss_authentication = -1;
|
|
|
|
|
options->gss_deleg_creds = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->password_authentication = -1;
|
2000-10-14 07:23:11 +02:00
|
|
|
options->kbd_interactive_authentication = -1;
|
|
|
|
|
options->kbd_interactive_devices = NULL;
|
2001-04-13 01:34:34 +02:00
|
|
|
options->hostbased_authentication = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->batch_mode = -1;
|
|
|
|
|
options->check_host_ip = -1;
|
|
|
|
|
options->strict_host_key_checking = -1;
|
|
|
|
|
options->compression = -1;
|
2003-12-17 06:31:10 +01:00
|
|
|
options->tcp_keep_alive = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->port = -1;
|
2003-07-03 12:37:47 +02:00
|
|
|
options->address_family = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->connection_attempts = -1;
|
2003-05-16 03:39:04 +02:00
|
|
|
options->connection_timeout = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->number_of_password_prompts = -1;
|
2000-04-12 12:17:38 +02:00
|
|
|
options->ciphers = NULL;
|
2001-02-15 04:01:59 +01:00
|
|
|
options->macs = NULL;
|
2010-09-24 14:11:14 +02:00
|
|
|
options->kex_algorithms = NULL;
|
2001-04-17 20:11:36 +02:00
|
|
|
options->hostkeyalgorithms = NULL;
|
2018-09-20 05:30:44 +02:00
|
|
|
options->ca_sign_algorithms = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->num_identity_files = 0;
|
2015-09-24 08:15:11 +02:00
|
|
|
options->num_certificate_files = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->hostname = NULL;
|
2000-12-28 17:40:05 +01:00
|
|
|
options->host_key_alias = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->proxy_command = NULL;
|
2016-07-15 02:24:30 +02:00
|
|
|
options->jump_user = NULL;
|
|
|
|
|
options->jump_host = NULL;
|
|
|
|
|
options->jump_port = -1;
|
|
|
|
|
options->jump_extra = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->user = NULL;
|
|
|
|
|
options->escape_char = -1;
|
2011-05-29 13:42:31 +02:00
|
|
|
options->num_system_hostfiles = 0;
|
|
|
|
|
options->num_user_hostfiles = 0;
|
2010-06-26 01:50:30 +02:00
|
|
|
options->local_forwards = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->num_local_forwards = 0;
|
2010-06-26 01:50:30 +02:00
|
|
|
options->remote_forwards = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->num_remote_forwards = 0;
|
2017-04-28 05:20:27 +02:00
|
|
|
options->log_facility = SYSLOG_FACILITY_NOT_SET;
|
2002-02-05 02:26:34 +01:00
|
|
|
options->log_level = SYSLOG_LEVEL_NOT_SET;
|
2001-03-11 02:49:19 +01:00
|
|
|
options->preferred_authentications = NULL;
|
2001-04-30 15:06:24 +02:00
|
|
|
options->bind_address = NULL;
|
2018-02-23 03:34:33 +01:00
|
|
|
options->bind_interface = NULL;
|
2010-02-11 23:21:02 +01:00
|
|
|
options->pkcs11_provider = NULL;
|
2002-11-09 16:52:31 +01:00
|
|
|
options->enable_ssh_keysign = - 1;
|
2001-10-03 19:39:38 +02:00
|
|
|
options->no_host_authentication_for_localhost = - 1;
|
2004-03-08 13:12:36 +01:00
|
|
|
options->identities_only = - 1;
|
2003-04-09 12:50:06 +02:00
|
|
|
options->rekey_limit = - 1;
|
2013-05-16 12:28:16 +02:00
|
|
|
options->rekey_interval = -1;
|
2003-05-15 02:19:46 +02:00
|
|
|
options->verify_host_key_dns = -1;
|
2003-12-17 06:33:10 +01:00
|
|
|
options->server_alive_interval = -1;
|
|
|
|
|
options->server_alive_count_max = -1;
|
2018-06-09 05:01:12 +02:00
|
|
|
options->send_env = NULL;
|
2004-05-02 14:11:30 +02:00
|
|
|
options->num_send_env = 0;
|
2018-06-09 05:01:12 +02:00
|
|
|
options->setenv = NULL;
|
|
|
|
|
options->num_setenv = 0;
|
2004-06-15 02:34:08 +02:00
|
|
|
options->control_path = NULL;
|
|
|
|
|
options->control_master = -1;
|
2010-08-03 08:04:46 +02:00
|
|
|
options->control_persist = -1;
|
|
|
|
|
options->control_persist_timeout = 0;
|
2005-03-01 11:47:37 +01:00
|
|
|
options->hash_known_hosts = -1;
|
2005-12-13 09:29:02 +01:00
|
|
|
options->tun_open = -1;
|
|
|
|
|
options->tun_local = -1;
|
|
|
|
|
options->tun_remote = -1;
|
|
|
|
|
options->local_command = NULL;
|
|
|
|
|
options->permit_local_command = -1;
|
2017-05-30 20:58:37 +02:00
|
|
|
options->remote_command = NULL;
|
2015-11-15 23:26:49 +01:00
|
|
|
options->add_keys_to_agent = -1;
|
2016-05-04 14:21:53 +02:00
|
|
|
options->identity_agent = NULL;
|
2008-06-29 16:04:03 +02:00
|
|
|
options->visual_host_key = -1;
|
2010-11-20 05:19:38 +01:00
|
|
|
options->ip_qos_interactive = -1;
|
|
|
|
|
options->ip_qos_bulk = -1;
|
2011-05-15 00:45:50 +02:00
|
|
|
options->request_tty = -1;
|
2013-08-20 18:44:24 +02:00
|
|
|
options->proxy_use_fdpass = -1;
|
2013-05-16 12:30:03 +02:00
|
|
|
options->ignored_unknown = NULL;
|
2013-10-17 02:47:23 +02:00
|
|
|
options->num_canonical_domains = 0;
|
|
|
|
|
options->num_permitted_cnames = 0;
|
2013-10-17 02:48:13 +02:00
|
|
|
options->canonicalize_max_dots = -1;
|
|
|
|
|
options->canonicalize_fallback_local = -1;
|
|
|
|
|
options->canonicalize_hostname = -1;
|
2014-12-04 03:24:32 +01:00
|
|
|
options->revoked_host_keys = NULL;
|
2014-12-21 23:27:55 +01:00
|
|
|
options->fingerprint_hash = -1;
|
2015-01-26 04:04:45 +01:00
|
|
|
options->update_hostkeys = -1;
|
2015-01-30 12:43:14 +01:00
|
|
|
options->hostbased_key_types = NULL;
|
2015-07-10 08:21:53 +02:00
|
|
|
options->pubkey_key_types = NULL;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
2014-02-24 05:57:55 +01:00
|
|
|
/*
|
|
|
|
|
* A petite version of fill_default_options() that just fills the options
|
|
|
|
|
* needed for hostname canonicalization to proceed.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
fill_default_options_for_canonicalization(Options *options)
|
|
|
|
|
{
|
|
|
|
|
if (options->canonicalize_max_dots == -1)
|
|
|
|
|
options->canonicalize_max_dots = 1;
|
|
|
|
|
if (options->canonicalize_fallback_local == -1)
|
|
|
|
|
options->canonicalize_fallback_local = 1;
|
|
|
|
|
if (options->canonicalize_hostname == -1)
|
|
|
|
|
options->canonicalize_hostname = SSH_CANONICALISE_NO;
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
|
* Called after processing other sources of option data, this fills those
|
|
|
|
|
* options for which no value has been specified with their default values.
|
|
|
|
|
*/
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
1999-11-24 14:26:21 +01:00
|
|
|
fill_default_options(Options * options)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2018-09-20 05:30:44 +02:00
|
|
|
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
|
2018-08-12 22:19:13 +02:00
|
|
|
int r;
|
2018-07-04 15:49:31 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->forward_agent == -1)
|
2000-05-30 05:44:51 +02:00
|
|
|
options->forward_agent = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->forward_x11 == -1)
|
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
- int atomicio -> ssize_t (for alpha). ok deraadt@
[auth-rsa.c]
- delay MD5 computation until client sends response, free() early, cleanup.
[cipher.c]
- void* -> unsigned char*, ok niels@
[hostfile.c]
- remove unused variable 'len'. fix comments.
- remove unused variable
[log-client.c log-server.c]
- rename a cpp symbol, to avoid param.h collision
[packet.c]
- missing xfree()
- getsockname() requires initialized tolen; andy@guildsoftware.com
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
[pty.c pty.h]
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
[readconf.c]
- turn off x11-fwd for the client, too.
[rsa.c]
- PKCS#1 padding
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
[servconf.c]
- typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- sync with sshd_config
[ssh-keygen.c]
- enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
[ssh.1]
- Change invalid 'CHAT' loglevel to 'VERBOSE'
[ssh.c]
- suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- turn off x11-fwd for the client, too.
[sshconnect.c]
- missing xfree()
- retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- read error vs. "Connection closed by remote host"
[sshd.8]
- ie. -> i.e.,
- do not link to a commercial page..
- sync with sshd_config
[sshd.c]
- no need for poll.h; from bright@wintelcom.net
- log with level log() not fatal() if peer behaves badly.
- don't panic if client behaves strange. ok deraadt@
- make no-port-forwarding for RSA keys deny both -L and -R style fwding
- delay close() of pty until the pty has been chowned back to root
- oops, fix comment, too.
- missing xfree()
- move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
- create x11 cookie file
- fix pr 1113, fclose() -> pclose(), todo: remote popen()
- version 1.2.3
- Cleaned up
2000-03-09 11:27:49 +01:00
|
|
|
options->forward_x11 = 0;
|
2003-10-15 07:54:32 +02:00
|
|
|
if (options->forward_x11_trusted == -1)
|
|
|
|
|
options->forward_x11_trusted = 0;
|
2010-06-26 02:02:24 +02:00
|
|
|
if (options->forward_x11_timeout == -1)
|
|
|
|
|
options->forward_x11_timeout = 1200;
|
2016-06-03 06:09:38 +02:00
|
|
|
/*
|
|
|
|
|
* stdio forwarding (-W) changes the default for these but we defer
|
|
|
|
|
* setting the values so they can be overridden.
|
|
|
|
|
*/
|
2006-07-12 14:17:10 +02:00
|
|
|
if (options->exit_on_forward_failure == -1)
|
2016-06-03 06:09:38 +02:00
|
|
|
options->exit_on_forward_failure =
|
|
|
|
|
options->stdio_forward_host != NULL ? 1 : 0;
|
|
|
|
|
if (options->clear_forwardings == -1)
|
|
|
|
|
options->clear_forwardings =
|
|
|
|
|
options->stdio_forward_host != NULL ? 1 : 0;
|
|
|
|
|
if (options->clear_forwardings == 1)
|
|
|
|
|
clear_forwardings(options);
|
|
|
|
|
|
2000-06-07 11:55:44 +02:00
|
|
|
if (options->xauth_location == NULL)
|
2001-06-09 03:48:01 +02:00
|
|
|
options->xauth_location = _PATH_XAUTH;
|
2014-07-18 06:11:24 +02:00
|
|
|
if (options->fwd_opts.gateway_ports == -1)
|
|
|
|
|
options->fwd_opts.gateway_ports = 0;
|
|
|
|
|
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
|
|
|
|
|
options->fwd_opts.streamlocal_bind_mask = 0177;
|
|
|
|
|
if (options->fwd_opts.streamlocal_bind_unlink == -1)
|
|
|
|
|
options->fwd_opts.streamlocal_bind_unlink = 0;
|
2000-11-13 12:57:25 +01:00
|
|
|
if (options->pubkey_authentication == -1)
|
|
|
|
|
options->pubkey_authentication = 1;
|
2001-06-05 20:56:16 +02:00
|
|
|
if (options->challenge_response_authentication == -1)
|
2001-08-06 22:53:26 +02:00
|
|
|
options->challenge_response_authentication = 1;
|
2003-08-26 03:49:55 +02:00
|
|
|
if (options->gss_authentication == -1)
|
2003-10-15 07:52:03 +02:00
|
|
|
options->gss_authentication = 0;
|
2003-08-26 03:49:55 +02:00
|
|
|
if (options->gss_deleg_creds == -1)
|
|
|
|
|
options->gss_deleg_creds = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->password_authentication == -1)
|
|
|
|
|
options->password_authentication = 1;
|
2000-10-14 07:23:11 +02:00
|
|
|
if (options->kbd_interactive_authentication == -1)
|
2001-01-23 04:12:10 +01:00
|
|
|
options->kbd_interactive_authentication = 1;
|
2001-04-13 01:34:34 +02:00
|
|
|
if (options->hostbased_authentication == -1)
|
|
|
|
|
options->hostbased_authentication = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->batch_mode == -1)
|
|
|
|
|
options->batch_mode = 0;
|
|
|
|
|
if (options->check_host_ip == -1)
|
|
|
|
|
options->check_host_ip = 1;
|
|
|
|
|
if (options->strict_host_key_checking == -1)
|
2017-09-04 01:33:13 +02:00
|
|
|
options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->compression == -1)
|
|
|
|
|
options->compression = 0;
|
2003-12-17 06:31:10 +01:00
|
|
|
if (options->tcp_keep_alive == -1)
|
|
|
|
|
options->tcp_keep_alive = 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->port == -1)
|
|
|
|
|
options->port = 0; /* Filled in ssh_connect. */
|
2003-07-03 12:37:47 +02:00
|
|
|
if (options->address_family == -1)
|
|
|
|
|
options->address_family = AF_UNSPEC;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->connection_attempts == -1)
|
2001-08-06 23:07:11 +02:00
|
|
|
options->connection_attempts = 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->number_of_password_prompts == -1)
|
|
|
|
|
options->number_of_password_prompts = 3;
|
2001-04-17 20:11:36 +02:00
|
|
|
/* options->hostkeyalgorithms, default set in myproposals.h */
|
2015-11-15 23:26:49 +01:00
|
|
|
if (options->add_keys_to_agent == -1)
|
|
|
|
|
options->add_keys_to_agent = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->num_identity_files == 0) {
|
2017-05-01 01:11:45 +02:00
|
|
|
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
|
|
|
|
|
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
|
2010-09-10 03:39:26 +02:00
|
|
|
#ifdef OPENSSL_HAS_ECC
|
2017-05-01 01:11:45 +02:00
|
|
|
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
|
2010-09-10 03:39:26 +02:00
|
|
|
#endif
|
2017-05-01 01:11:45 +02:00
|
|
|
add_identity_file(options, "~/",
|
|
|
|
|
_PATH_SSH_CLIENT_ID_ED25519, 0);
|
2018-02-23 16:58:37 +01:00
|
|
|
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
|
2000-04-29 15:57:08 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->escape_char == -1)
|
|
|
|
|
options->escape_char = '~';
|
2011-05-29 13:42:31 +02:00
|
|
|
if (options->num_system_hostfiles == 0) {
|
|
|
|
|
options->system_hostfiles[options->num_system_hostfiles++] =
|
|
|
|
|
xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
|
|
|
|
|
options->system_hostfiles[options->num_system_hostfiles++] =
|
|
|
|
|
xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
|
|
|
|
|
}
|
|
|
|
|
if (options->num_user_hostfiles == 0) {
|
|
|
|
|
options->user_hostfiles[options->num_user_hostfiles++] =
|
|
|
|
|
xstrdup(_PATH_SSH_USER_HOSTFILE);
|
|
|
|
|
options->user_hostfiles[options->num_user_hostfiles++] =
|
|
|
|
|
xstrdup(_PATH_SSH_USER_HOSTFILE2);
|
|
|
|
|
}
|
2002-02-05 02:26:34 +01:00
|
|
|
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
|
2001-01-19 05:26:52 +01:00
|
|
|
options->log_level = SYSLOG_LEVEL_INFO;
|
2017-04-28 05:20:27 +02:00
|
|
|
if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
|
|
|
|
|
options->log_facility = SYSLOG_FACILITY_USER;
|
2001-10-03 19:39:38 +02:00
|
|
|
if (options->no_host_authentication_for_localhost == - 1)
|
|
|
|
|
options->no_host_authentication_for_localhost = 0;
|
2004-03-08 13:12:36 +01:00
|
|
|
if (options->identities_only == -1)
|
|
|
|
|
options->identities_only = 0;
|
2002-11-09 16:52:31 +01:00
|
|
|
if (options->enable_ssh_keysign == -1)
|
|
|
|
|
options->enable_ssh_keysign = 0;
|
2003-04-09 12:50:06 +02:00
|
|
|
if (options->rekey_limit == -1)
|
|
|
|
|
options->rekey_limit = 0;
|
2013-05-16 12:28:16 +02:00
|
|
|
if (options->rekey_interval == -1)
|
|
|
|
|
options->rekey_interval = 0;
|
2003-05-15 02:19:46 +02:00
|
|
|
if (options->verify_host_key_dns == -1)
|
|
|
|
|
options->verify_host_key_dns = 0;
|
2003-12-17 06:33:10 +01:00
|
|
|
if (options->server_alive_interval == -1)
|
|
|
|
|
options->server_alive_interval = 0;
|
|
|
|
|
if (options->server_alive_count_max == -1)
|
|
|
|
|
options->server_alive_count_max = 3;
|
2004-06-15 02:34:08 +02:00
|
|
|
if (options->control_master == -1)
|
|
|
|
|
options->control_master = 0;
|
2010-08-03 08:04:46 +02:00
|
|
|
if (options->control_persist == -1) {
|
|
|
|
|
options->control_persist = 0;
|
|
|
|
|
options->control_persist_timeout = 0;
|
|
|
|
|
}
|
2005-03-01 11:47:37 +01:00
|
|
|
if (options->hash_known_hosts == -1)
|
|
|
|
|
options->hash_known_hosts = 0;
|
2005-12-13 09:29:02 +01:00
|
|
|
if (options->tun_open == -1)
|
2005-12-13 09:33:19 +01:00
|
|
|
options->tun_open = SSH_TUNMODE_NO;
|
|
|
|
|
if (options->tun_local == -1)
|
|
|
|
|
options->tun_local = SSH_TUNID_ANY;
|
|
|
|
|
if (options->tun_remote == -1)
|
|
|
|
|
options->tun_remote = SSH_TUNID_ANY;
|
2005-12-13 09:29:02 +01:00
|
|
|
if (options->permit_local_command == -1)
|
|
|
|
|
options->permit_local_command = 0;
|
2008-06-29 16:04:03 +02:00
|
|
|
if (options->visual_host_key == -1)
|
|
|
|
|
options->visual_host_key = 0;
|
2010-11-20 05:19:38 +01:00
|
|
|
if (options->ip_qos_interactive == -1)
|
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-04 17:12:17 +02:00
|
|
|
options->ip_qos_interactive = IPTOS_DSCP_AF21;
|
2010-11-20 05:19:38 +01:00
|
|
|
if (options->ip_qos_bulk == -1)
|
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-04 17:12:17 +02:00
|
|
|
options->ip_qos_bulk = IPTOS_DSCP_CS1;
|
2011-05-15 00:45:50 +02:00
|
|
|
if (options->request_tty == -1)
|
|
|
|
|
options->request_tty = REQUEST_TTY_AUTO;
|
2013-08-20 18:44:24 +02:00
|
|
|
if (options->proxy_use_fdpass == -1)
|
|
|
|
|
options->proxy_use_fdpass = 0;
|
2013-10-17 02:48:13 +02:00
|
|
|
if (options->canonicalize_max_dots == -1)
|
|
|
|
|
options->canonicalize_max_dots = 1;
|
|
|
|
|
if (options->canonicalize_fallback_local == -1)
|
|
|
|
|
options->canonicalize_fallback_local = 1;
|
|
|
|
|
if (options->canonicalize_hostname == -1)
|
|
|
|
|
options->canonicalize_hostname = SSH_CANONICALISE_NO;
|
2014-12-21 23:27:55 +01:00
|
|
|
if (options->fingerprint_hash == -1)
|
|
|
|
|
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
|
2015-01-26 04:04:45 +01:00
|
|
|
if (options->update_hostkeys == -1)
|
2015-02-02 08:41:40 +01:00
|
|
|
options->update_hostkeys = 0;
|
2018-07-04 15:49:31 +02:00
|
|
|
|
|
|
|
|
/* Expand KEX name lists */
|
|
|
|
|
all_cipher = cipher_alg_list(',', 0);
|
|
|
|
|
all_mac = mac_alg_list(',');
|
|
|
|
|
all_kex = kex_alg_list(',');
|
|
|
|
|
all_key = sshkey_alg_list(0, 0, 1, ',');
|
2018-09-20 05:30:44 +02:00
|
|
|
all_sig = sshkey_alg_list(0, 1, 1, ',');
|
2018-08-12 22:19:13 +02:00
|
|
|
#define ASSEMBLE(what, defaults, all) \
|
|
|
|
|
do { \
|
|
|
|
|
if ((r = kex_assemble_names(&options->what, \
|
|
|
|
|
defaults, all)) != 0) \
|
|
|
|
|
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
|
|
|
|
|
} while (0)
|
|
|
|
|
ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
|
|
|
|
|
ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
|
|
|
|
|
ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
|
|
|
|
|
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
|
|
|
|
|
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
|
2018-09-20 05:30:44 +02:00
|
|
|
ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
|
2018-08-12 22:19:13 +02:00
|
|
|
#undef ASSEMBLE
|
2018-07-04 15:49:31 +02:00
|
|
|
free(all_cipher);
|
|
|
|
|
free(all_mac);
|
|
|
|
|
free(all_kex);
|
|
|
|
|
free(all_key);
|
2018-09-20 05:30:44 +02:00
|
|
|
free(all_sig);
|
2014-12-21 23:27:55 +01:00
|
|
|
|
2013-10-15 03:14:12 +02:00
|
|
|
#define CLEAR_ON_NONE(v) \
|
|
|
|
|
do { \
|
2014-02-24 05:57:55 +01:00
|
|
|
if (option_clear_or_none(v)) { \
|
2013-10-15 03:14:12 +02:00
|
|
|
free(v); \
|
|
|
|
|
v = NULL; \
|
|
|
|
|
} \
|
|
|
|
|
} while(0)
|
|
|
|
|
CLEAR_ON_NONE(options->local_command);
|
2017-05-30 20:58:37 +02:00
|
|
|
CLEAR_ON_NONE(options->remote_command);
|
2013-10-15 03:14:12 +02:00
|
|
|
CLEAR_ON_NONE(options->proxy_command);
|
|
|
|
|
CLEAR_ON_NONE(options->control_path);
|
2014-12-04 03:24:32 +01:00
|
|
|
CLEAR_ON_NONE(options->revoked_host_keys);
|
2018-05-22 02:13:26 +02:00
|
|
|
if (options->jump_host != NULL &&
|
|
|
|
|
strcmp(options->jump_host, "none") == 0 &&
|
|
|
|
|
options->jump_port == 0 && options->jump_user == NULL) {
|
|
|
|
|
free(options->jump_host);
|
|
|
|
|
options->jump_host = NULL;
|
|
|
|
|
}
|
2016-05-04 16:29:58 +02:00
|
|
|
/* options->identity_agent distinguishes NULL from 'none' */
|
1999-11-24 14:26:21 +01:00
|
|
|
/* options->user will be set in the main program if appropriate */
|
|
|
|
|
/* options->hostname will be set in the main program if appropriate */
|
2000-12-28 17:40:05 +01:00
|
|
|
/* options->host_key_alias should not be set by default */
|
2001-03-11 02:49:19 +01:00
|
|
|
/* options->preferred_authentications will be set in ssh */
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
struct fwdarg {
|
|
|
|
|
char *arg;
|
|
|
|
|
int ispath;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* parse_fwd_field
|
|
|
|
|
* parses the next field in a port forwarding specification.
|
|
|
|
|
* sets fwd to the parsed field and advances p past the colon
|
|
|
|
|
* or sets it to NULL at end of string.
|
|
|
|
|
* returns 0 on success, else non-zero.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
parse_fwd_field(char **p, struct fwdarg *fwd)
|
|
|
|
|
{
|
|
|
|
|
char *ep, *cp = *p;
|
|
|
|
|
int ispath = 0;
|
|
|
|
|
|
|
|
|
|
if (*cp == '\0') {
|
|
|
|
|
*p = NULL;
|
|
|
|
|
return -1; /* end of string */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* A field escaped with square brackets is used literally.
|
|
|
|
|
* XXX - allow ']' to be escaped via backslash?
|
|
|
|
|
*/
|
|
|
|
|
if (*cp == '[') {
|
|
|
|
|
/* find matching ']' */
|
|
|
|
|
for (ep = cp + 1; *ep != ']' && *ep != '\0'; ep++) {
|
|
|
|
|
if (*ep == '/')
|
|
|
|
|
ispath = 1;
|
|
|
|
|
}
|
|
|
|
|
/* no matching ']' or not at end of field. */
|
|
|
|
|
if (ep[0] != ']' || (ep[1] != ':' && ep[1] != '\0'))
|
|
|
|
|
return -1;
|
|
|
|
|
/* NUL terminate the field and advance p past the colon */
|
|
|
|
|
*ep++ = '\0';
|
|
|
|
|
if (*ep != '\0')
|
|
|
|
|
*ep++ = '\0';
|
|
|
|
|
fwd->arg = cp + 1;
|
|
|
|
|
fwd->ispath = ispath;
|
|
|
|
|
*p = ep;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (cp = *p; *cp != '\0'; cp++) {
|
|
|
|
|
switch (*cp) {
|
|
|
|
|
case '\\':
|
|
|
|
|
memmove(cp, cp + 1, strlen(cp + 1) + 1);
|
2015-06-26 07:13:20 +02:00
|
|
|
if (*cp == '\0')
|
|
|
|
|
return -1;
|
2014-07-18 06:11:24 +02:00
|
|
|
break;
|
|
|
|
|
case '/':
|
|
|
|
|
ispath = 1;
|
|
|
|
|
break;
|
|
|
|
|
case ':':
|
|
|
|
|
*cp++ = '\0';
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
done:
|
|
|
|
|
fwd->arg = *p;
|
|
|
|
|
fwd->ispath = ispath;
|
|
|
|
|
*p = cp;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
/*
|
|
|
|
|
* parse_forward
|
|
|
|
|
* parses a string containing a port forwarding specification of the form:
|
2008-11-03 09:27:34 +01:00
|
|
|
* dynamicfwd == 0
|
2014-07-18 06:11:24 +02:00
|
|
|
* [listenhost:]listenport|listenpath:connecthost:connectport|connectpath
|
|
|
|
|
* listenpath:connectpath
|
2008-11-03 09:27:34 +01:00
|
|
|
* dynamicfwd == 1
|
|
|
|
|
* [listenhost:]listenport
|
2005-03-01 11:24:33 +01:00
|
|
|
* returns number of arguments parsed or zero on error
|
|
|
|
|
*/
|
|
|
|
|
int
|
2014-07-18 06:11:24 +02:00
|
|
|
parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
|
2005-03-01 11:24:33 +01:00
|
|
|
{
|
2014-07-18 06:11:24 +02:00
|
|
|
struct fwdarg fwdargs[4];
|
|
|
|
|
char *p, *cp;
|
2005-03-01 11:24:33 +01:00
|
|
|
int i;
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
memset(fwd, 0, sizeof(*fwd));
|
|
|
|
|
memset(fwdargs, 0, sizeof(fwdargs));
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
|
cp = p = xstrdup(fwdspec);
|
|
|
|
|
|
|
|
|
|
/* skip leading spaces */
|
2013-11-21 03:57:15 +01:00
|
|
|
while (isspace((u_char)*cp))
|
2005-03-01 11:24:33 +01:00
|
|
|
cp++;
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
for (i = 0; i < 4; ++i) {
|
|
|
|
|
if (parse_fwd_field(&cp, &fwdargs[i]) != 0)
|
2005-03-01 11:24:33 +01:00
|
|
|
break;
|
2014-07-18 06:11:24 +02:00
|
|
|
}
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2008-11-03 09:28:21 +01:00
|
|
|
/* Check for trailing garbage */
|
2014-07-18 06:11:24 +02:00
|
|
|
if (cp != NULL && *cp != '\0') {
|
2005-03-01 11:24:33 +01:00
|
|
|
i = 0; /* failure */
|
2014-07-18 06:11:24 +02:00
|
|
|
}
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
|
switch (i) {
|
2008-11-03 09:27:34 +01:00
|
|
|
case 1:
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwdargs[0].ispath) {
|
|
|
|
|
fwd->listen_path = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
fwd->listen_host = NULL;
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[0].arg);
|
|
|
|
|
}
|
2008-11-03 09:27:34 +01:00
|
|
|
fwd->connect_host = xstrdup("socks");
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 2:
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwdargs[0].ispath && fwdargs[1].ispath) {
|
|
|
|
|
fwd->listen_path = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = PORT_STREAMLOCAL;
|
|
|
|
|
fwd->connect_path = xstrdup(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_port = PORT_STREAMLOCAL;
|
|
|
|
|
} else if (fwdargs[1].ispath) {
|
|
|
|
|
fwd->listen_host = NULL;
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[0].arg);
|
|
|
|
|
fwd->connect_path = xstrdup(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_port = PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
fwd->listen_host = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_host = xstrdup("socks");
|
|
|
|
|
}
|
2008-11-03 09:27:34 +01:00
|
|
|
break;
|
|
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
case 3:
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwdargs[0].ispath) {
|
|
|
|
|
fwd->listen_path = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = PORT_STREAMLOCAL;
|
|
|
|
|
fwd->connect_host = xstrdup(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_port = a2port(fwdargs[2].arg);
|
|
|
|
|
} else if (fwdargs[2].ispath) {
|
|
|
|
|
fwd->listen_host = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_path = xstrdup(fwdargs[2].arg);
|
|
|
|
|
fwd->connect_port = PORT_STREAMLOCAL;
|
|
|
|
|
} else {
|
|
|
|
|
fwd->listen_host = NULL;
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[0].arg);
|
|
|
|
|
fwd->connect_host = xstrdup(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_port = a2port(fwdargs[2].arg);
|
|
|
|
|
}
|
2005-03-01 11:24:33 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 4:
|
2014-07-18 06:11:24 +02:00
|
|
|
fwd->listen_host = xstrdup(fwdargs[0].arg);
|
|
|
|
|
fwd->listen_port = a2port(fwdargs[1].arg);
|
|
|
|
|
fwd->connect_host = xstrdup(fwdargs[2].arg);
|
|
|
|
|
fwd->connect_port = a2port(fwdargs[3].arg);
|
2005-03-01 11:24:33 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
i = 0; /* failure */
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-01 23:31:17 +02:00
|
|
|
free(p);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2008-11-03 09:27:34 +01:00
|
|
|
if (dynamicfwd) {
|
|
|
|
|
if (!(i == 1 || i == 2))
|
|
|
|
|
goto fail_free;
|
|
|
|
|
} else {
|
2014-07-18 06:11:24 +02:00
|
|
|
if (!(i == 3 || i == 4)) {
|
|
|
|
|
if (fwd->connect_path == NULL &&
|
|
|
|
|
fwd->listen_path == NULL)
|
|
|
|
|
goto fail_free;
|
|
|
|
|
}
|
|
|
|
|
if (fwd->connect_port <= 0 && fwd->connect_path == NULL)
|
2008-11-03 09:27:34 +01:00
|
|
|
goto fail_free;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
if ((fwd->listen_port < 0 && fwd->listen_path == NULL) ||
|
|
|
|
|
(!remotefwd && fwd->listen_port == 0))
|
2005-03-01 11:24:33 +01:00
|
|
|
goto fail_free;
|
|
|
|
|
if (fwd->connect_host != NULL &&
|
|
|
|
|
strlen(fwd->connect_host) >= NI_MAXHOST)
|
|
|
|
|
goto fail_free;
|
2014-07-18 06:11:24 +02:00
|
|
|
/* XXX - if connecting to a remote socket, max sun len may not match this host */
|
|
|
|
|
if (fwd->connect_path != NULL &&
|
|
|
|
|
strlen(fwd->connect_path) >= PATH_MAX_SUN)
|
|
|
|
|
goto fail_free;
|
2009-02-14 06:28:21 +01:00
|
|
|
if (fwd->listen_host != NULL &&
|
|
|
|
|
strlen(fwd->listen_host) >= NI_MAXHOST)
|
|
|
|
|
goto fail_free;
|
2014-07-18 06:11:24 +02:00
|
|
|
if (fwd->listen_path != NULL &&
|
|
|
|
|
strlen(fwd->listen_path) >= PATH_MAX_SUN)
|
|
|
|
|
goto fail_free;
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
|
return (i);
|
|
|
|
|
|
|
|
|
|
fail_free:
|
2013-06-01 23:31:17 +02:00
|
|
|
free(fwd->connect_host);
|
|
|
|
|
fwd->connect_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
free(fwd->connect_path);
|
|
|
|
|
fwd->connect_path = NULL;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(fwd->listen_host);
|
|
|
|
|
fwd->listen_host = NULL;
|
2014-07-18 06:11:24 +02:00
|
|
|
free(fwd->listen_path);
|
|
|
|
|
fwd->listen_path = NULL;
|
2005-03-01 11:24:33 +01:00
|
|
|
return (0);
|
|
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
|
2016-07-15 02:24:30 +02:00
|
|
|
int
|
|
|
|
|
parse_jump(const char *s, Options *o, int active)
|
|
|
|
|
{
|
|
|
|
|
char *orig, *sdup, *cp;
|
|
|
|
|
char *host = NULL, *user = NULL;
|
2016-07-20 12:45:27 +02:00
|
|
|
int ret = -1, port = -1, first;
|
2016-07-15 02:24:30 +02:00
|
|
|
|
|
|
|
|
active &= o->proxy_command == NULL && o->jump_host == NULL;
|
|
|
|
|
|
|
|
|
|
orig = sdup = xstrdup(s);
|
2016-07-20 12:45:27 +02:00
|
|
|
first = active;
|
2016-07-22 05:35:11 +02:00
|
|
|
do {
|
2018-05-22 02:13:26 +02:00
|
|
|
if (strcasecmp(s, "none") == 0)
|
|
|
|
|
break;
|
2016-07-22 05:35:11 +02:00
|
|
|
if ((cp = strrchr(sdup, ',')) == NULL)
|
|
|
|
|
cp = sdup; /* last */
|
|
|
|
|
else
|
|
|
|
|
*cp++ = '\0';
|
|
|
|
|
|
2016-07-20 12:45:27 +02:00
|
|
|
if (first) {
|
2016-07-15 02:24:30 +02:00
|
|
|
/* First argument and configuration is active */
|
2017-10-22 01:06:24 +02:00
|
|
|
if (parse_ssh_uri(cp, &user, &host, &port) == -1 ||
|
|
|
|
|
parse_user_host_port(cp, &user, &host, &port) != 0)
|
2016-07-15 02:24:30 +02:00
|
|
|
goto out;
|
|
|
|
|
} else {
|
|
|
|
|
/* Subsequent argument or inactive configuration */
|
2017-10-22 01:06:24 +02:00
|
|
|
if (parse_ssh_uri(cp, NULL, NULL, NULL) == -1 ||
|
|
|
|
|
parse_user_host_port(cp, NULL, NULL, NULL) != 0)
|
2016-07-15 02:24:30 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
2016-07-20 12:45:27 +02:00
|
|
|
first = 0; /* only check syntax for subsequent hosts */
|
2016-07-22 05:35:11 +02:00
|
|
|
} while (cp != sdup);
|
2016-07-15 02:24:30 +02:00
|
|
|
/* success */
|
2016-07-20 12:45:27 +02:00
|
|
|
if (active) {
|
2018-05-22 02:13:26 +02:00
|
|
|
if (strcasecmp(s, "none") == 0) {
|
|
|
|
|
o->jump_host = xstrdup("none");
|
|
|
|
|
o->jump_port = 0;
|
|
|
|
|
} else {
|
|
|
|
|
o->jump_user = user;
|
|
|
|
|
o->jump_host = host;
|
|
|
|
|
o->jump_port = port;
|
|
|
|
|
o->proxy_command = xstrdup("none");
|
|
|
|
|
user = host = NULL;
|
|
|
|
|
if ((cp = strrchr(s, ',')) != NULL && cp != s) {
|
|
|
|
|
o->jump_extra = xstrdup(s);
|
|
|
|
|
o->jump_extra[cp - s] = '\0';
|
|
|
|
|
}
|
2016-07-22 05:35:11 +02:00
|
|
|
}
|
2016-07-20 12:45:27 +02:00
|
|
|
}
|
2016-07-15 02:24:30 +02:00
|
|
|
ret = 0;
|
|
|
|
|
out:
|
2016-07-20 12:45:27 +02:00
|
|
|
free(orig);
|
2016-07-15 02:24:30 +02:00
|
|
|
free(user);
|
|
|
|
|
free(host);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-22 01:06:24 +02:00
|
|
|
int
|
|
|
|
|
parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
|
|
|
|
|
{
|
|
|
|
|
char *path;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
r = parse_uri("ssh", uri, userp, hostp, portp, &path);
|
|
|
|
|
if (r == 0 && path != NULL)
|
|
|
|
|
r = -1; /* path not allowed */
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-09 00:20:25 +02:00
|
|
|
/* XXX the following is a near-vebatim copy from servconf.c; refactor */
|
|
|
|
|
static const char *
|
|
|
|
|
fmt_multistate_int(int val, const struct multistate *m)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; m[i].key != NULL; i++) {
|
|
|
|
|
if (m[i].value == val)
|
|
|
|
|
return m[i].key;
|
|
|
|
|
}
|
|
|
|
|
return "UNKNOWN";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
|
fmt_intarg(OpCodes code, int val)
|
|
|
|
|
{
|
|
|
|
|
if (val == -1)
|
|
|
|
|
return "unset";
|
|
|
|
|
switch (code) {
|
|
|
|
|
case oAddressFamily:
|
|
|
|
|
return fmt_multistate_int(val, multistate_addressfamily);
|
|
|
|
|
case oVerifyHostKeyDNS:
|
2015-02-16 23:13:32 +01:00
|
|
|
case oUpdateHostkeys:
|
2014-10-09 00:20:25 +02:00
|
|
|
return fmt_multistate_int(val, multistate_yesnoask);
|
2017-09-04 01:33:13 +02:00
|
|
|
case oStrictHostKeyChecking:
|
|
|
|
|
return fmt_multistate_int(val, multistate_strict_hostkey);
|
2014-10-09 00:20:25 +02:00
|
|
|
case oControlMaster:
|
|
|
|
|
return fmt_multistate_int(val, multistate_controlmaster);
|
|
|
|
|
case oTunnel:
|
|
|
|
|
return fmt_multistate_int(val, multistate_tunnel);
|
|
|
|
|
case oRequestTTY:
|
|
|
|
|
return fmt_multistate_int(val, multistate_requesttty);
|
|
|
|
|
case oCanonicalizeHostname:
|
|
|
|
|
return fmt_multistate_int(val, multistate_canonicalizehostname);
|
2018-04-06 05:51:27 +02:00
|
|
|
case oAddKeysToAgent:
|
|
|
|
|
return fmt_multistate_int(val, multistate_yesnoaskconfirm);
|
2014-12-21 23:27:55 +01:00
|
|
|
case oFingerprintHash:
|
|
|
|
|
return ssh_digest_alg_name(val);
|
2014-10-09 00:20:25 +02:00
|
|
|
default:
|
|
|
|
|
switch (val) {
|
|
|
|
|
case 0:
|
|
|
|
|
return "no";
|
|
|
|
|
case 1:
|
|
|
|
|
return "yes";
|
|
|
|
|
default:
|
|
|
|
|
return "UNKNOWN";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
|
lookup_opcode_name(OpCodes code)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; keywords[i].name != NULL; i++)
|
|
|
|
|
if (keywords[i].opcode == code)
|
|
|
|
|
return(keywords[i].name);
|
|
|
|
|
return "UNKNOWN";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_int(OpCodes code, int val)
|
|
|
|
|
{
|
|
|
|
|
printf("%s %d\n", lookup_opcode_name(code), val);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_fmtint(OpCodes code, int val)
|
|
|
|
|
{
|
|
|
|
|
printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_string(OpCodes code, const char *val)
|
|
|
|
|
{
|
|
|
|
|
if (val == NULL)
|
|
|
|
|
return;
|
|
|
|
|
printf("%s %s\n", lookup_opcode_name(code), val);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_strarray(OpCodes code, u_int count, char **vals)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
|
printf("%s %s\n", lookup_opcode_name(code), vals[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
|
|
|
|
|
{
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
printf("%s", lookup_opcode_name(code));
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
|
printf(" %s", vals[i]);
|
|
|
|
|
printf("\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
|
|
|
|
|
{
|
|
|
|
|
const struct Forward *fwd;
|
|
|
|
|
u_int i;
|
|
|
|
|
|
|
|
|
|
/* oDynamicForward */
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
|
fwd = &fwds[i];
|
2017-01-30 01:34:01 +01:00
|
|
|
if (code == oDynamicForward && fwd->connect_host != NULL &&
|
2014-10-09 00:20:25 +02:00
|
|
|
strcmp(fwd->connect_host, "socks") != 0)
|
|
|
|
|
continue;
|
2017-01-30 01:34:01 +01:00
|
|
|
if (code == oLocalForward && fwd->connect_host != NULL &&
|
2014-10-09 00:20:25 +02:00
|
|
|
strcmp(fwd->connect_host, "socks") == 0)
|
|
|
|
|
continue;
|
|
|
|
|
printf("%s", lookup_opcode_name(code));
|
|
|
|
|
if (fwd->listen_port == PORT_STREAMLOCAL)
|
|
|
|
|
printf(" %s", fwd->listen_path);
|
|
|
|
|
else if (fwd->listen_host == NULL)
|
|
|
|
|
printf(" %d", fwd->listen_port);
|
|
|
|
|
else {
|
|
|
|
|
printf(" [%s]:%d",
|
|
|
|
|
fwd->listen_host, fwd->listen_port);
|
|
|
|
|
}
|
|
|
|
|
if (code != oDynamicForward) {
|
|
|
|
|
if (fwd->connect_port == PORT_STREAMLOCAL)
|
|
|
|
|
printf(" %s", fwd->connect_path);
|
|
|
|
|
else if (fwd->connect_host == NULL)
|
|
|
|
|
printf(" %d", fwd->connect_port);
|
|
|
|
|
else {
|
|
|
|
|
printf(" [%s]:%d",
|
|
|
|
|
fwd->connect_host, fwd->connect_port);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
printf("\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dump_client_config(Options *o, const char *host)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2018-07-04 15:49:31 +02:00
|
|
|
char buf[8], *all_key;
|
2014-10-09 00:20:25 +02:00
|
|
|
|
2015-08-22 01:53:08 +02:00
|
|
|
/* This is normally prepared in ssh_kex2 */
|
2018-07-04 15:49:31 +02:00
|
|
|
all_key = sshkey_alg_list(0, 0, 1, ',');
|
|
|
|
|
if (kex_assemble_names( &o->hostkeyalgorithms,
|
|
|
|
|
KEX_DEFAULT_PK_ALG, all_key) != 0)
|
2015-08-22 01:53:08 +02:00
|
|
|
fatal("%s: kex_assemble_names failed", __func__);
|
2018-07-04 15:49:31 +02:00
|
|
|
free(all_key);
|
2015-08-22 01:53:08 +02:00
|
|
|
|
2014-10-09 00:20:25 +02:00
|
|
|
/* Most interesting options first: user, host, port */
|
|
|
|
|
dump_cfg_string(oUser, o->user);
|
|
|
|
|
dump_cfg_string(oHostName, host);
|
|
|
|
|
dump_cfg_int(oPort, o->port);
|
|
|
|
|
|
|
|
|
|
/* Flag options */
|
2018-04-06 05:51:27 +02:00
|
|
|
dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_fmtint(oAddressFamily, o->address_family);
|
|
|
|
|
dump_cfg_fmtint(oBatchMode, o->batch_mode);
|
|
|
|
|
dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);
|
|
|
|
|
dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname);
|
|
|
|
|
dump_cfg_fmtint(oChallengeResponseAuthentication, o->challenge_response_authentication);
|
|
|
|
|
dump_cfg_fmtint(oCheckHostIP, o->check_host_ip);
|
|
|
|
|
dump_cfg_fmtint(oCompression, o->compression);
|
|
|
|
|
dump_cfg_fmtint(oControlMaster, o->control_master);
|
|
|
|
|
dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
|
2016-06-03 06:09:38 +02:00
|
|
|
dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
|
2014-12-21 23:27:55 +01:00
|
|
|
dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_fmtint(oForwardAgent, o->forward_agent);
|
|
|
|
|
dump_cfg_fmtint(oForwardX11, o->forward_x11);
|
|
|
|
|
dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
|
|
|
|
|
dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
|
|
|
|
|
#ifdef GSSAPI
|
|
|
|
|
dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
|
|
|
|
|
dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds);
|
|
|
|
|
#endif /* GSSAPI */
|
|
|
|
|
dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
|
|
|
|
|
dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
|
|
|
|
|
dump_cfg_fmtint(oIdentitiesOnly, o->identities_only);
|
|
|
|
|
dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication);
|
|
|
|
|
dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
|
|
|
|
|
dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
|
|
|
|
|
dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
|
|
|
|
|
dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
|
|
|
|
|
dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
|
|
|
|
|
dump_cfg_fmtint(oRequestTTY, o->request_tty);
|
|
|
|
|
dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
|
|
|
|
|
dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
|
|
|
|
|
dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
|
|
|
|
|
dump_cfg_fmtint(oTunnel, o->tun_open);
|
|
|
|
|
dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);
|
|
|
|
|
dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);
|
2015-01-26 04:04:45 +01:00
|
|
|
dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);
|
2014-10-09 00:20:25 +02:00
|
|
|
|
|
|
|
|
/* Integer options */
|
|
|
|
|
dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
|
|
|
|
|
dump_cfg_int(oConnectionAttempts, o->connection_attempts);
|
|
|
|
|
dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
|
|
|
|
|
dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
|
|
|
|
|
dump_cfg_int(oServerAliveCountMax, o->server_alive_count_max);
|
|
|
|
|
dump_cfg_int(oServerAliveInterval, o->server_alive_interval);
|
|
|
|
|
|
|
|
|
|
/* String options */
|
|
|
|
|
dump_cfg_string(oBindAddress, o->bind_address);
|
2018-02-23 03:34:33 +01:00
|
|
|
dump_cfg_string(oBindInterface, o->bind_interface);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT);
|
|
|
|
|
dump_cfg_string(oControlPath, o->control_path);
|
2015-08-22 01:53:08 +02:00
|
|
|
dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oHostKeyAlias, o->host_key_alias);
|
2015-01-30 12:43:14 +01:00
|
|
|
dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
|
2016-05-04 14:21:53 +02:00
|
|
|
dump_cfg_string(oIdentityAgent, o->identity_agent);
|
2018-04-06 05:51:27 +02:00
|
|
|
dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
|
|
|
|
|
dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
|
2018-09-20 05:30:44 +02:00
|
|
|
dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oLocalCommand, o->local_command);
|
2017-05-30 20:58:37 +02:00
|
|
|
dump_cfg_string(oRemoteCommand, o->remote_command);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oLogLevel, log_level_name(o->log_level));
|
|
|
|
|
dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
|
2017-01-30 01:38:50 +01:00
|
|
|
#ifdef ENABLE_PKCS11
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
|
2017-01-30 01:38:50 +01:00
|
|
|
#endif
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
|
2015-10-07 17:59:12 +02:00
|
|
|
dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
|
2014-12-04 03:24:32 +01:00
|
|
|
dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
|
2015-01-30 12:43:14 +01:00
|
|
|
dump_cfg_string(oXAuthLocation, o->xauth_location);
|
2014-10-09 00:20:25 +02:00
|
|
|
|
2015-01-30 12:43:14 +01:00
|
|
|
/* Forwards */
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);
|
|
|
|
|
dump_cfg_forwards(oLocalForward, o->num_local_forwards, o->local_forwards);
|
|
|
|
|
dump_cfg_forwards(oRemoteForward, o->num_remote_forwards, o->remote_forwards);
|
|
|
|
|
|
|
|
|
|
/* String array options */
|
|
|
|
|
dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files);
|
|
|
|
|
dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains);
|
2018-04-06 05:51:27 +02:00
|
|
|
dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files);
|
2014-10-09 00:20:25 +02:00
|
|
|
dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
|
|
|
|
|
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
|
|
|
|
|
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
|
2018-06-09 05:01:12 +02:00
|
|
|
dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv);
|
2014-10-09 00:20:25 +02:00
|
|
|
|
|
|
|
|
/* Special cases */
|
|
|
|
|
|
|
|
|
|
/* oConnectTimeout */
|
|
|
|
|
if (o->connection_timeout == -1)
|
|
|
|
|
printf("connecttimeout none\n");
|
|
|
|
|
else
|
|
|
|
|
dump_cfg_int(oConnectTimeout, o->connection_timeout);
|
|
|
|
|
|
|
|
|
|
/* oTunnelDevice */
|
|
|
|
|
printf("tunneldevice");
|
|
|
|
|
if (o->tun_local == SSH_TUNID_ANY)
|
|
|
|
|
printf(" any");
|
|
|
|
|
else
|
|
|
|
|
printf(" %d", o->tun_local);
|
|
|
|
|
if (o->tun_remote == SSH_TUNID_ANY)
|
|
|
|
|
printf(":any");
|
|
|
|
|
else
|
|
|
|
|
printf(":%d", o->tun_remote);
|
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
|
|
/* oCanonicalizePermittedCNAMEs */
|
|
|
|
|
if ( o->num_permitted_cnames > 0) {
|
|
|
|
|
printf("canonicalizePermittedcnames");
|
|
|
|
|
for (i = 0; i < o->num_permitted_cnames; i++) {
|
|
|
|
|
printf(" %s:%s", o->permitted_cnames[i].source_list,
|
|
|
|
|
o->permitted_cnames[i].target_list);
|
|
|
|
|
}
|
|
|
|
|
printf("\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* oControlPersist */
|
|
|
|
|
if (o->control_persist == 0 || o->control_persist_timeout == 0)
|
|
|
|
|
dump_cfg_fmtint(oControlPersist, o->control_persist);
|
|
|
|
|
else
|
|
|
|
|
dump_cfg_int(oControlPersist, o->control_persist_timeout);
|
|
|
|
|
|
|
|
|
|
/* oEscapeChar */
|
|
|
|
|
if (o->escape_char == SSH_ESCAPECHAR_NONE)
|
|
|
|
|
printf("escapechar none\n");
|
|
|
|
|
else {
|
2016-07-15 02:24:30 +02:00
|
|
|
vis(buf, o->escape_char, VIS_WHITE, 0);
|
|
|
|
|
printf("escapechar %s\n", buf);
|
2014-10-09 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* oIPQoS */
|
|
|
|
|
printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
|
|
|
|
|
printf("%s\n", iptos2str(o->ip_qos_bulk));
|
|
|
|
|
|
|
|
|
|
/* oRekeyLimit */
|
2016-01-29 03:54:45 +01:00
|
|
|
printf("rekeylimit %llu %d\n",
|
|
|
|
|
(unsigned long long)o->rekey_limit, o->rekey_interval);
|
2014-10-09 00:20:25 +02:00
|
|
|
|
|
|
|
|
/* oStreamLocalBindMask */
|
|
|
|
|
printf("streamlocalbindmask 0%o\n",
|
|
|
|
|
o->fwd_opts.streamlocal_bind_mask);
|
2016-07-15 02:24:30 +02:00
|
|
|
|
2018-04-06 05:51:27 +02:00
|
|
|
/* oLogFacility */
|
|
|
|
|
printf("syslogfacility %s\n", log_facility_name(o->log_facility));
|
|
|
|
|
|
2016-07-15 02:24:30 +02:00
|
|
|
/* oProxyCommand / oProxyJump */
|
|
|
|
|
if (o->jump_host == NULL)
|
|
|
|
|
dump_cfg_string(oProxyCommand, o->proxy_command);
|
|
|
|
|
else {
|
|
|
|
|
/* Check for numeric addresses */
|
|
|
|
|
i = strchr(o->jump_host, ':') != NULL ||
|
|
|
|
|
strspn(o->jump_host, "1234567890.") == strlen(o->jump_host);
|
|
|
|
|
snprintf(buf, sizeof(buf), "%d", o->jump_port);
|
|
|
|
|
printf("proxyjump %s%s%s%s%s%s%s%s%s\n",
|
2016-07-22 05:35:11 +02:00
|
|
|
/* optional additional jump spec */
|
|
|
|
|
o->jump_extra == NULL ? "" : o->jump_extra,
|
|
|
|
|
o->jump_extra == NULL ? "" : ",",
|
2016-07-15 02:24:30 +02:00
|
|
|
/* optional user */
|
|
|
|
|
o->jump_user == NULL ? "" : o->jump_user,
|
|
|
|
|
o->jump_user == NULL ? "" : "@",
|
|
|
|
|
/* opening [ if hostname is numeric */
|
|
|
|
|
i ? "[" : "",
|
|
|
|
|
/* mandatory hostname */
|
|
|
|
|
o->jump_host,
|
|
|
|
|
/* closing ] if hostname is numeric */
|
|
|
|
|
i ? "]" : "",
|
|
|
|
|
/* optional port number */
|
|
|
|
|
o->jump_port <= 0 ? "" : ":",
|
2016-07-22 05:35:11 +02:00
|
|
|
o->jump_port <= 0 ? "" : buf);
|
2016-07-15 02:24:30 +02:00
|
|
|
}
|
2014-10-09 00:20:25 +02:00
|
|
|
}
|
