- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */
|
1999-10-27 05:42:43 +02:00
|
|
|
/*
|
1999-11-24 14:26:21 +01:00
|
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
* All rights reserved
|
|
|
|
* Functions for reading the configuration files.
|
2000-04-16 03:18:38 +02:00
|
|
|
*
|
2000-09-16 04:29:08 +02:00
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
1999-11-24 14:26:21 +01:00
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
#include "includes.h"
|
2006-03-15 01:45:54 +01:00
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
2006-07-10 12:35:38 +02:00
|
|
|
#include <sys/socket.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2006-03-15 01:53:45 +01:00
|
|
|
#include <ctype.h>
|
2006-07-12 14:22:46 +02:00
|
|
|
#include <errno.h>
|
2006-07-24 06:51:00 +02:00
|
|
|
#include <netdb.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <signal.h>
|
2006-09-01 07:38:36 +02:00
|
|
|
#include <stdarg.h>
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
#include <string.h>
|
2006-07-24 06:01:23 +02:00
|
|
|
#include <unistd.h>
|
2006-03-15 01:53:45 +01:00
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
#include "xmalloc.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "ssh.h"
|
2000-04-12 12:17:38 +02:00
|
|
|
#include "compat.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "cipher.h"
|
|
|
|
#include "pathnames.h"
|
|
|
|
#include "log.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "key.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "readconf.h"
|
|
|
|
#include "match.h"
|
|
|
|
#include "misc.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "buffer.h"
|
2001-02-15 04:01:59 +01:00
|
|
|
#include "kex.h"
|
|
|
|
#include "mac.h"
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
/* Format of the configuration file:
|
|
|
|
|
|
|
|
# Configuration data is parsed as follows:
|
|
|
|
# 1. command line options
|
|
|
|
# 2. user-specific file
|
|
|
|
# 3. system-wide file
|
|
|
|
# Any configuration value is only changed the first time it is set.
|
|
|
|
# Thus, host-specific definitions should be at the beginning of the
|
|
|
|
# configuration file, and defaults at the end.
|
|
|
|
|
|
|
|
# Host-specific declarations. These may override anything above. A single
|
|
|
|
# host may match multiple declarations; these are processed in the order
|
|
|
|
# that they are given in.
|
|
|
|
|
|
|
|
Host *.ngs.fi ngs.fi
|
2002-06-09 22:04:02 +02:00
|
|
|
User foo
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
Host fake.com
|
|
|
|
HostName another.host.name.real.org
|
|
|
|
User blaah
|
|
|
|
Port 34289
|
|
|
|
ForwardX11 no
|
|
|
|
ForwardAgent no
|
|
|
|
|
|
|
|
Host books.com
|
|
|
|
RemoteForward 9999 shadows.cs.hut.fi:9999
|
|
|
|
Cipher 3des
|
|
|
|
|
|
|
|
Host fascist.blob.com
|
|
|
|
Port 23123
|
|
|
|
User tylonen
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
|
|
|
Host puukko.hut.fi
|
|
|
|
User t35124p
|
|
|
|
ProxyCommand ssh-proxy %h %p
|
|
|
|
|
|
|
|
Host *.fr
|
2002-06-09 22:04:02 +02:00
|
|
|
PublicKeyAuthentication no
|
1999-10-27 05:42:43 +02:00
|
|
|
|
|
|
|
Host *.su
|
|
|
|
Cipher none
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
2005-12-13 09:29:02 +01:00
|
|
|
Host vpn.fake.com
|
|
|
|
Tunnel yes
|
|
|
|
TunnelDevice 3
|
|
|
|
|
1999-10-27 05:42:43 +02:00
|
|
|
# Defaults for various options
|
|
|
|
Host *
|
|
|
|
ForwardAgent no
|
2000-11-13 12:57:25 +01:00
|
|
|
ForwardX11 no
|
1999-10-27 05:42:43 +02:00
|
|
|
PasswordAuthentication yes
|
|
|
|
RSAAuthentication yes
|
|
|
|
RhostsRSAAuthentication yes
|
|
|
|
StrictHostKeyChecking yes
|
2003-12-17 06:31:10 +01:00
|
|
|
TcpKeepAlive no
|
1999-10-27 05:42:43 +02:00
|
|
|
IdentityFile ~/.ssh/identity
|
|
|
|
Port 22
|
|
|
|
EscapeChar ~
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Keyword tokens. */
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
typedef enum {
|
|
|
|
oBadOption,
|
2003-10-15 07:54:32 +02:00
|
|
|
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
|
2006-07-12 14:17:10 +02:00
|
|
|
oExitOnForwardFailure,
|
2002-06-21 02:41:51 +02:00
|
|
|
oPasswordAuthentication, oRSAAuthentication,
|
2001-01-23 04:12:10 +01:00
|
|
|
oChallengeResponseAuthentication, oXAuthLocation,
|
1999-11-24 14:26:21 +01:00
|
|
|
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
|
|
|
|
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
|
|
|
|
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
|
|
|
|
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
|
2003-12-17 06:31:10 +01:00
|
|
|
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
|
2001-02-15 04:01:59 +01:00
|
|
|
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
|
2000-11-13 12:57:25 +01:00
|
|
|
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
|
2001-03-11 02:49:19 +01:00
|
|
|
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
2001-04-17 20:11:36 +02:00
|
|
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
2001-09-20 02:57:55 +02:00
|
|
|
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
|
2002-06-09 22:04:02 +02:00
|
|
|
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
2003-05-16 03:39:04 +02:00
|
|
|
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
2003-08-26 03:49:55 +02:00
|
|
|
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
|
2004-03-08 13:12:36 +01:00
|
|
|
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
|
2005-03-01 11:47:37 +01:00
|
|
|
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
|
2005-12-13 09:29:02 +01:00
|
|
|
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
|
2003-05-16 03:38:32 +02:00
|
|
|
oDeprecated, oUnsupported
|
1999-10-27 05:42:43 +02:00
|
|
|
} OpCodes;
|
|
|
|
|
|
|
|
/* Textual representations of the tokens. */
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
static struct {
|
|
|
|
const char *name;
|
|
|
|
OpCodes opcode;
|
|
|
|
} keywords[] = {
|
|
|
|
{ "forwardagent", oForwardAgent },
|
|
|
|
{ "forwardx11", oForwardX11 },
|
2003-10-15 07:54:32 +02:00
|
|
|
{ "forwardx11trusted", oForwardX11Trusted },
|
2006-07-12 14:17:10 +02:00
|
|
|
{ "exitonforwardfailure", oExitOnForwardFailure },
|
2000-06-07 11:55:44 +02:00
|
|
|
{ "xauthlocation", oXAuthLocation },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "gatewayports", oGatewayPorts },
|
|
|
|
{ "useprivilegedport", oUsePrivilegedPort },
|
2003-08-13 12:37:05 +02:00
|
|
|
{ "rhostsauthentication", oDeprecated },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "passwordauthentication", oPasswordAuthentication },
|
2000-10-14 07:23:11 +02:00
|
|
|
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
|
|
|
|
{ "kbdinteractivedevices", oKbdInteractiveDevices },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "rsaauthentication", oRSAAuthentication },
|
2000-11-13 12:57:25 +01:00
|
|
|
{ "pubkeyauthentication", oPubkeyAuthentication },
|
2001-01-23 04:12:10 +01:00
|
|
|
{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
|
2001-04-13 01:34:34 +02:00
|
|
|
{ "rhostsrsaauthentication", oRhostsRSAAuthentication },
|
2001-04-13 01:36:05 +02:00
|
|
|
{ "hostbasedauthentication", oHostbasedAuthentication },
|
2001-01-23 04:12:10 +01:00
|
|
|
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
|
|
|
|
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
|
|
|
|
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
|
2003-05-16 03:38:32 +02:00
|
|
|
{ "kerberosauthentication", oUnsupported },
|
|
|
|
{ "kerberostgtpassing", oUnsupported },
|
|
|
|
{ "afstokenpassing", oUnsupported },
|
2003-08-26 03:49:55 +02:00
|
|
|
#if defined(GSSAPI)
|
|
|
|
{ "gssapiauthentication", oGssAuthentication },
|
|
|
|
{ "gssapidelegatecredentials", oGssDelegateCreds },
|
|
|
|
#else
|
|
|
|
{ "gssapiauthentication", oUnsupported },
|
|
|
|
{ "gssapidelegatecredentials", oUnsupported },
|
|
|
|
#endif
|
2002-06-09 22:04:02 +02:00
|
|
|
{ "fallbacktorsh", oDeprecated },
|
|
|
|
{ "usersh", oDeprecated },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "identityfile", oIdentityFile },
|
2000-11-13 12:57:25 +01:00
|
|
|
{ "identityfile2", oIdentityFile }, /* alias */
|
2004-03-08 13:12:36 +01:00
|
|
|
{ "identitiesonly", oIdentitiesOnly },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "hostname", oHostName },
|
2000-12-28 17:40:05 +01:00
|
|
|
{ "hostkeyalias", oHostKeyAlias },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "proxycommand", oProxyCommand },
|
|
|
|
{ "port", oPort },
|
|
|
|
{ "cipher", oCipher },
|
2000-04-12 12:17:38 +02:00
|
|
|
{ "ciphers", oCiphers },
|
2001-02-15 04:01:59 +01:00
|
|
|
{ "macs", oMacs },
|
2000-04-12 12:17:38 +02:00
|
|
|
{ "protocol", oProtocol },
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "remoteforward", oRemoteForward },
|
|
|
|
{ "localforward", oLocalForward },
|
|
|
|
{ "user", oUser },
|
|
|
|
{ "host", oHost },
|
|
|
|
{ "escapechar", oEscapeChar },
|
|
|
|
{ "globalknownhostsfile", oGlobalKnownHostsFile },
|
2001-06-25 06:37:41 +02:00
|
|
|
{ "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
|
2000-04-29 15:57:08 +02:00
|
|
|
{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },
|
2001-06-25 06:37:41 +02:00
|
|
|
{ "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "connectionattempts", oConnectionAttempts },
|
|
|
|
{ "batchmode", oBatchMode },
|
|
|
|
{ "checkhostip", oCheckHostIP },
|
|
|
|
{ "stricthostkeychecking", oStrictHostKeyChecking },
|
|
|
|
{ "compression", oCompression },
|
|
|
|
{ "compressionlevel", oCompressionLevel },
|
2003-12-17 06:31:10 +01:00
|
|
|
{ "tcpkeepalive", oTCPKeepAlive },
|
|
|
|
{ "keepalive", oTCPKeepAlive }, /* obsolete */
|
1999-11-24 14:26:21 +01:00
|
|
|
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
|
|
|
|
{ "loglevel", oLogLevel },
|
2001-04-08 20:30:26 +02:00
|
|
|
{ "dynamicforward", oDynamicForward },
|
2001-03-11 02:49:19 +01:00
|
|
|
{ "preferredauthentications", oPreferredAuthentications },
|
2001-04-17 20:11:36 +02:00
|
|
|
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
2001-04-30 15:06:24 +02:00
|
|
|
{ "bindaddress", oBindAddress },
|
2003-05-16 03:38:32 +02:00
|
|
|
#ifdef SMARTCARD
|
2001-08-06 23:27:53 +02:00
|
|
|
{ "smartcarddevice", oSmartcardDevice },
|
2003-05-16 03:38:32 +02:00
|
|
|
#else
|
|
|
|
{ "smartcarddevice", oUnsupported },
|
|
|
|
#endif
|
2001-12-21 04:45:46 +01:00
|
|
|
{ "clearallforwardings", oClearAllForwardings },
|
2002-11-09 16:52:31 +01:00
|
|
|
{ "enablesshkeysign", oEnableSSHKeysign },
|
2003-05-15 02:19:46 +02:00
|
|
|
{ "verifyhostkeydns", oVerifyHostKeyDNS },
|
2001-12-21 04:45:46 +01:00
|
|
|
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
2003-04-09 12:50:06 +02:00
|
|
|
{ "rekeylimit", oRekeyLimit },
|
2003-05-16 03:39:04 +02:00
|
|
|
{ "connecttimeout", oConnectTimeout },
|
2003-05-18 12:50:30 +02:00
|
|
|
{ "addressfamily", oAddressFamily },
|
2003-12-17 06:33:10 +01:00
|
|
|
{ "serveraliveinterval", oServerAliveInterval },
|
|
|
|
{ "serveralivecountmax", oServerAliveCountMax },
|
2004-05-02 14:11:30 +02:00
|
|
|
{ "sendenv", oSendEnv },
|
2004-06-15 02:34:08 +02:00
|
|
|
{ "controlpath", oControlPath },
|
|
|
|
{ "controlmaster", oControlMaster },
|
2005-03-01 11:47:37 +01:00
|
|
|
{ "hashknownhosts", oHashKnownHosts },
|
2005-12-13 09:29:02 +01:00
|
|
|
{ "tunnel", oTunnel },
|
|
|
|
{ "tunneldevice", oTunnelDevice },
|
|
|
|
{ "localcommand", oLocalCommand },
|
|
|
|
{ "permitlocalcommand", oPermitLocalCommand },
|
2001-12-06 17:32:47 +01:00
|
|
|
{ NULL, oBadOption }
|
1999-11-11 07:57:39 +01:00
|
|
|
};
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Adds a local TCP/IP port forward to options. Never returns if there is an
|
|
|
|
* error.
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2005-03-01 11:24:33 +01:00
|
|
|
add_local_forward(Options *options, const Forward *newfwd)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
Forward *fwd;
|
2002-07-09 16:06:40 +02:00
|
|
|
#ifndef NO_IPPORT_RESERVED_CONCEPT
|
1999-11-24 14:26:21 +01:00
|
|
|
extern uid_t original_real_uid;
|
2005-03-01 11:24:33 +01:00
|
|
|
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
|
2001-03-05 08:47:23 +01:00
|
|
|
fatal("Privileged ports can only be forwarded by root.");
|
2000-09-05 07:13:06 +02:00
|
|
|
#endif
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
|
|
|
fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
|
|
|
|
fwd = &options->local_forwards[options->num_local_forwards++];
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
fwd->listen_host = (newfwd->listen_host == NULL) ?
|
|
|
|
NULL : xstrdup(newfwd->listen_host);
|
|
|
|
fwd->listen_port = newfwd->listen_port;
|
|
|
|
fwd->connect_host = xstrdup(newfwd->connect_host);
|
|
|
|
fwd->connect_port = newfwd->connect_port;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Adds a remote TCP/IP port forward to options. Never returns if there is
|
|
|
|
* an error.
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
2005-03-01 11:24:33 +01:00
|
|
|
add_remote_forward(Options *options, const Forward *newfwd)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
Forward *fwd;
|
|
|
|
if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
|
|
|
fatal("Too many remote forwards (max %d).",
|
2001-12-21 04:45:46 +01:00
|
|
|
SSH_MAX_FORWARDS_PER_DIRECTION);
|
1999-11-24 14:26:21 +01:00
|
|
|
fwd = &options->remote_forwards[options->num_remote_forwards++];
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
fwd->listen_host = (newfwd->listen_host == NULL) ?
|
|
|
|
NULL : xstrdup(newfwd->listen_host);
|
|
|
|
fwd->listen_port = newfwd->listen_port;
|
|
|
|
fwd->connect_host = xstrdup(newfwd->connect_host);
|
|
|
|
fwd->connect_port = newfwd->connect_port;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
2001-09-20 02:57:55 +02:00
|
|
|
static void
|
|
|
|
clear_forwardings(Options *options)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2005-03-01 11:24:33 +01:00
|
|
|
for (i = 0; i < options->num_local_forwards; i++) {
|
2005-03-14 12:58:40 +01:00
|
|
|
if (options->local_forwards[i].listen_host != NULL)
|
|
|
|
xfree(options->local_forwards[i].listen_host);
|
2005-03-01 11:24:33 +01:00
|
|
|
xfree(options->local_forwards[i].connect_host);
|
|
|
|
}
|
2001-09-20 02:57:55 +02:00
|
|
|
options->num_local_forwards = 0;
|
2005-03-01 11:24:33 +01:00
|
|
|
for (i = 0; i < options->num_remote_forwards; i++) {
|
2005-03-14 12:58:40 +01:00
|
|
|
if (options->remote_forwards[i].listen_host != NULL)
|
|
|
|
xfree(options->remote_forwards[i].listen_host);
|
2005-03-01 11:24:33 +01:00
|
|
|
xfree(options->remote_forwards[i].connect_host);
|
|
|
|
}
|
2001-09-20 02:57:55 +02:00
|
|
|
options->num_remote_forwards = 0;
|
2005-12-13 09:33:19 +01:00
|
|
|
options->tun_open = SSH_TUNMODE_NO;
|
2001-09-20 02:57:55 +02:00
|
|
|
}
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
2001-04-02 20:20:03 +02:00
|
|
|
* Returns the number of the token pointed to by cp or oBadOption.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
static OpCodes
|
1999-11-24 14:26:21 +01:00
|
|
|
parse_token(const char *cp, const char *filename, int linenum)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2000-12-22 02:43:59 +01:00
|
|
|
u_int i;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
for (i = 0; keywords[i].name; i++)
|
1999-11-25 01:54:57 +01:00
|
|
|
if (strcasecmp(cp, keywords[i].name) == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
return keywords[i].opcode;
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-04-16 04:13:26 +02:00
|
|
|
error("%s: line %d: Bad configuration option: %s",
|
|
|
|
filename, linenum, cp);
|
1999-11-24 14:26:21 +01:00
|
|
|
return oBadOption;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Processes a single option line as used in the configuration files. This
|
|
|
|
* only sets those values that have not already been set.
|
|
|
|
*/
|
2003-02-24 01:56:27 +01:00
|
|
|
#define WHITESPACE " \t\r\n"
|
1999-10-27 05:42:43 +02:00
|
|
|
|
1999-11-15 05:25:10 +01:00
|
|
|
int
|
|
|
|
process_config_line(Options *options, const char *host,
|
1999-11-24 14:26:21 +01:00
|
|
|
char *line, const char *filename, int linenum,
|
|
|
|
int *activep)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2005-03-01 11:24:33 +01:00
|
|
|
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
|
2006-03-15 01:30:38 +01:00
|
|
|
int opcode, *intptr, value, value2, scale;
|
2008-01-01 10:32:26 +01:00
|
|
|
LogLevel *log_level_ptr;
|
2006-03-15 01:30:38 +01:00
|
|
|
long long orig, val64;
|
2003-02-24 01:56:27 +01:00
|
|
|
size_t len;
|
2005-03-01 11:24:33 +01:00
|
|
|
Forward fwd;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2003-05-14 05:40:54 +02:00
|
|
|
/* Strip trailing whitespace */
|
2005-03-14 13:08:12 +01:00
|
|
|
for (len = strlen(line) - 1; len > 0; len--) {
|
2003-05-14 05:40:54 +02:00
|
|
|
if (strchr(WHITESPACE, line[len]) == NULL)
|
|
|
|
break;
|
|
|
|
line[len] = '\0';
|
|
|
|
}
|
|
|
|
|
2000-07-15 06:14:16 +02:00
|
|
|
s = line;
|
|
|
|
/* Get the keyword. (Each line is supposed to begin with a keyword). */
|
2006-03-26 04:53:32 +02:00
|
|
|
if ((keyword = strdelim(&s)) == NULL)
|
|
|
|
return 0;
|
2000-07-15 06:14:16 +02:00
|
|
|
/* Ignore leading whitespace. */
|
|
|
|
if (*keyword == '\0')
|
|
|
|
keyword = strdelim(&s);
|
2001-01-22 06:34:40 +01:00
|
|
|
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
|
|
|
|
2000-07-11 09:31:38 +02:00
|
|
|
opcode = parse_token(keyword, filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
|
|
|
|
switch (opcode) {
|
|
|
|
case oBadOption:
|
1999-11-25 01:54:57 +01:00
|
|
|
/* don't panic, but count bad options */
|
|
|
|
return -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
/* NOTREACHED */
|
2003-05-16 03:39:04 +02:00
|
|
|
case oConnectTimeout:
|
|
|
|
intptr = &options->connection_timeout;
|
2003-12-17 06:33:10 +01:00
|
|
|
parse_time:
|
2003-05-16 03:39:04 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%s line %d: missing time value.",
|
|
|
|
filename, linenum);
|
|
|
|
if ((value = convtime(arg)) == -1)
|
|
|
|
fatal("%s line %d: invalid time value.",
|
|
|
|
filename, linenum);
|
2007-02-19 12:09:45 +01:00
|
|
|
if (*activep && *intptr == -1)
|
2003-05-16 03:39:04 +02:00
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oForwardAgent:
|
|
|
|
intptr = &options->forward_agent;
|
|
|
|
parse_flag:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
|
|
|
|
value = 0; /* To avoid compiler warning... */
|
2000-07-11 09:31:38 +02:00
|
|
|
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 1;
|
2000-07-11 09:31:38 +02:00
|
|
|
else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 0;
|
|
|
|
else
|
|
|
|
fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case oForwardX11:
|
|
|
|
intptr = &options->forward_x11;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2003-10-15 07:54:32 +02:00
|
|
|
case oForwardX11Trusted:
|
|
|
|
intptr = &options->forward_x11_trusted;
|
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oGatewayPorts:
|
|
|
|
intptr = &options->gateway_ports;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2006-07-12 14:17:10 +02:00
|
|
|
case oExitOnForwardFailure:
|
|
|
|
intptr = &options->exit_on_forward_failure;
|
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oUsePrivilegedPort:
|
|
|
|
intptr = &options->use_privileged_port;
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
case oPasswordAuthentication:
|
|
|
|
intptr = &options->password_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2000-10-14 07:23:11 +02:00
|
|
|
case oKbdInteractiveAuthentication:
|
|
|
|
intptr = &options->kbd_interactive_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
case oKbdInteractiveDevices:
|
|
|
|
charptr = &options->kbd_interactive_devices;
|
|
|
|
goto parse_string;
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
case oPubkeyAuthentication:
|
|
|
|
intptr = &options->pubkey_authentication;
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oRSAAuthentication:
|
|
|
|
intptr = &options->rsa_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
case oRhostsRSAAuthentication:
|
|
|
|
intptr = &options->rhosts_rsa_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2001-04-13 01:34:34 +02:00
|
|
|
case oHostbasedAuthentication:
|
|
|
|
intptr = &options->hostbased_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2001-01-23 04:12:10 +01:00
|
|
|
case oChallengeResponseAuthentication:
|
2001-06-05 20:56:16 +02:00
|
|
|
intptr = &options->challenge_response_authentication;
|
1999-11-24 14:26:21 +01:00
|
|
|
goto parse_flag;
|
2003-05-15 04:05:28 +02:00
|
|
|
|
2003-08-26 03:49:55 +02:00
|
|
|
case oGssAuthentication:
|
|
|
|
intptr = &options->gss_authentication;
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
case oGssDelegateCreds:
|
|
|
|
intptr = &options->gss_deleg_creds;
|
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oBatchMode:
|
|
|
|
intptr = &options->batch_mode;
|
|
|
|
goto parse_flag;
|
|
|
|
|
|
|
|
case oCheckHostIP:
|
|
|
|
intptr = &options->check_host_ip;
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing CheckHostIP argument.",
|
|
|
|
filename, linenum);
|
|
|
|
value = 0; /* To avoid compiler warning... */
|
|
|
|
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
|
|
|
value = SSHCTL_CHECKHOSTIP_YES;
|
|
|
|
else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
|
|
|
value = SSHCTL_CHECKHOSTIP_NO;
|
|
|
|
else if (strcmp(arg, "fingerprint") == 0)
|
|
|
|
value = SSHCTL_CHECKHOSTIP_FPR;
|
|
|
|
else
|
|
|
|
fatal("%.200s line %d: Bad CheckHostIP argument.",
|
|
|
|
filename, linenum);
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2003-05-15 02:19:46 +02:00
|
|
|
case oVerifyHostKeyDNS:
|
|
|
|
intptr = &options->verify_host_key_dns;
|
2003-11-17 11:19:29 +01:00
|
|
|
goto parse_yesnoask;
|
2003-05-15 02:19:46 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oStrictHostKeyChecking:
|
|
|
|
intptr = &options->strict_host_key_checking;
|
2003-11-17 11:19:29 +01:00
|
|
|
parse_yesnoask:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2001-01-29 09:00:54 +01:00
|
|
|
fatal("%.200s line %d: Missing yes/no/ask argument.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 0; /* To avoid compiler warning... */
|
2000-07-11 09:31:38 +02:00
|
|
|
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 1;
|
2000-07-11 09:31:38 +02:00
|
|
|
else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 0;
|
2000-07-11 09:31:38 +02:00
|
|
|
else if (strcmp(arg, "ask") == 0)
|
1999-11-24 14:26:21 +01:00
|
|
|
value = 2;
|
|
|
|
else
|
|
|
|
fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case oCompression:
|
|
|
|
intptr = &options->compression;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2003-12-17 06:31:10 +01:00
|
|
|
case oTCPKeepAlive:
|
|
|
|
intptr = &options->tcp_keep_alive;
|
1999-11-24 14:26:21 +01:00
|
|
|
goto parse_flag;
|
|
|
|
|
2001-10-03 19:39:38 +02:00
|
|
|
case oNoHostAuthenticationForLocalhost:
|
|
|
|
intptr = &options->no_host_authentication_for_localhost;
|
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oNumberOfPasswordPrompts:
|
|
|
|
intptr = &options->number_of_password_prompts;
|
|
|
|
goto parse_int;
|
|
|
|
|
|
|
|
case oCompressionLevel:
|
|
|
|
intptr = &options->compression_level;
|
|
|
|
goto parse_int;
|
|
|
|
|
2003-04-09 12:50:06 +02:00
|
|
|
case oRekeyLimit:
|
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
if (arg[0] < '0' || arg[0] > '9')
|
|
|
|
fatal("%.200s line %d: Bad number.", filename, linenum);
|
2006-03-15 01:30:38 +01:00
|
|
|
orig = val64 = strtoll(arg, &endofnumber, 10);
|
2003-04-09 12:50:06 +02:00
|
|
|
if (arg == endofnumber)
|
|
|
|
fatal("%.200s line %d: Bad number.", filename, linenum);
|
|
|
|
switch (toupper(*endofnumber)) {
|
2006-03-15 01:30:38 +01:00
|
|
|
case '\0':
|
|
|
|
scale = 1;
|
|
|
|
break;
|
2003-04-09 12:50:06 +02:00
|
|
|
case 'K':
|
2006-03-15 01:30:38 +01:00
|
|
|
scale = 1<<10;
|
2003-04-09 12:50:06 +02:00
|
|
|
break;
|
|
|
|
case 'M':
|
2006-03-15 01:30:38 +01:00
|
|
|
scale = 1<<20;
|
2003-04-09 12:50:06 +02:00
|
|
|
break;
|
|
|
|
case 'G':
|
2006-03-15 01:30:38 +01:00
|
|
|
scale = 1<<30;
|
2003-04-09 12:50:06 +02:00
|
|
|
break;
|
2006-03-15 01:30:38 +01:00
|
|
|
default:
|
|
|
|
fatal("%.200s line %d: Invalid RekeyLimit suffix",
|
|
|
|
filename, linenum);
|
2003-04-09 12:50:06 +02:00
|
|
|
}
|
2006-03-15 01:30:38 +01:00
|
|
|
val64 *= scale;
|
|
|
|
/* detect integer wrap and too-large limits */
|
2008-02-10 12:25:52 +01:00
|
|
|
if ((val64 / scale) != orig || val64 > UINT_MAX)
|
2006-03-15 01:30:38 +01:00
|
|
|
fatal("%.200s line %d: RekeyLimit too large",
|
|
|
|
filename, linenum);
|
|
|
|
if (val64 < 16)
|
|
|
|
fatal("%.200s line %d: RekeyLimit too small",
|
|
|
|
filename, linenum);
|
2008-02-10 12:25:52 +01:00
|
|
|
if (*activep && options->rekey_limit == -1)
|
|
|
|
options->rekey_limit = (u_int32_t)val64;
|
2003-04-09 12:50:06 +02:00
|
|
|
break;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oIdentityFile:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
if (*activep) {
|
2000-11-13 12:57:25 +01:00
|
|
|
intptr = &options->num_identity_files;
|
2000-04-29 15:57:08 +02:00
|
|
|
if (*intptr >= SSH_MAX_IDENTITY_FILES)
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Too many identity files specified (max %d).",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, SSH_MAX_IDENTITY_FILES);
|
2007-02-19 12:12:53 +01:00
|
|
|
charptr = &options->identity_files[*intptr];
|
2000-07-11 09:31:38 +02:00
|
|
|
*charptr = xstrdup(arg);
|
2000-04-29 15:57:08 +02:00
|
|
|
*intptr = *intptr + 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2000-06-07 11:55:44 +02:00
|
|
|
case oXAuthLocation:
|
|
|
|
charptr=&options->xauth_location;
|
|
|
|
goto parse_string;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oUser:
|
|
|
|
charptr = &options->user;
|
|
|
|
parse_string:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
if (*activep && *charptr == NULL)
|
2000-07-11 09:31:38 +02:00
|
|
|
*charptr = xstrdup(arg);
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case oGlobalKnownHostsFile:
|
|
|
|
charptr = &options->system_hostfile;
|
|
|
|
goto parse_string;
|
|
|
|
|
|
|
|
case oUserKnownHostsFile:
|
|
|
|
charptr = &options->user_hostfile;
|
|
|
|
goto parse_string;
|
|
|
|
|
2000-04-29 15:57:08 +02:00
|
|
|
case oGlobalKnownHostsFile2:
|
|
|
|
charptr = &options->system_hostfile2;
|
|
|
|
goto parse_string;
|
|
|
|
|
|
|
|
case oUserKnownHostsFile2:
|
|
|
|
charptr = &options->user_hostfile2;
|
|
|
|
goto parse_string;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oHostName:
|
|
|
|
charptr = &options->hostname;
|
|
|
|
goto parse_string;
|
|
|
|
|
2000-12-28 17:40:05 +01:00
|
|
|
case oHostKeyAlias:
|
|
|
|
charptr = &options->host_key_alias;
|
|
|
|
goto parse_string;
|
|
|
|
|
2001-03-11 02:49:19 +01:00
|
|
|
case oPreferredAuthentications:
|
|
|
|
charptr = &options->preferred_authentications;
|
|
|
|
goto parse_string;
|
|
|
|
|
2001-04-30 15:06:24 +02:00
|
|
|
case oBindAddress:
|
|
|
|
charptr = &options->bind_address;
|
|
|
|
goto parse_string;
|
|
|
|
|
2001-08-06 23:27:53 +02:00
|
|
|
case oSmartcardDevice:
|
2001-08-06 23:35:51 +02:00
|
|
|
charptr = &options->smartcard_device;
|
|
|
|
goto parse_string;
|
2001-08-06 23:27:53 +02:00
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oProxyCommand:
|
2005-12-13 09:29:02 +01:00
|
|
|
charptr = &options->proxy_command;
|
|
|
|
parse_command:
|
2003-06-28 04:40:12 +02:00
|
|
|
if (s == NULL)
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2003-02-24 01:56:27 +01:00
|
|
|
len = strspn(s, WHITESPACE "=");
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *charptr == NULL)
|
2003-02-24 01:56:27 +01:00
|
|
|
*charptr = xstrdup(s + len);
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
case oPort:
|
|
|
|
intptr = &options->port;
|
|
|
|
parse_int:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (arg[0] < '0' || arg[0] > '9')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Bad number.", filename, linenum);
|
1999-11-25 01:54:57 +01:00
|
|
|
|
|
|
|
/* Octal, decimal, or hex format? */
|
2000-07-11 09:31:38 +02:00
|
|
|
value = strtol(arg, &endofnumber, 0);
|
|
|
|
if (arg == endofnumber)
|
1999-11-25 01:54:57 +01:00
|
|
|
fatal("%.200s line %d: Bad number.", filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case oConnectionAttempts:
|
|
|
|
intptr = &options->connection_attempts;
|
|
|
|
goto parse_int;
|
|
|
|
|
|
|
|
case oCipher:
|
|
|
|
intptr = &options->cipher;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2000-05-30 05:44:51 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2000-07-11 09:31:38 +02:00
|
|
|
value = cipher_number(arg);
|
1999-11-24 14:26:21 +01:00
|
|
|
if (value == -1)
|
|
|
|
fatal("%.200s line %d: Bad cipher '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
1999-11-24 14:26:21 +01:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
2000-04-12 12:17:38 +02:00
|
|
|
case oCiphers:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2000-05-30 05:44:51 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!ciphers_valid(arg))
|
2000-05-09 03:02:59 +02:00
|
|
|
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2000-04-12 12:17:38 +02:00
|
|
|
if (*activep && options->ciphers == NULL)
|
2000-07-11 09:31:38 +02:00
|
|
|
options->ciphers = xstrdup(arg);
|
2000-04-12 12:17:38 +02:00
|
|
|
break;
|
|
|
|
|
2001-02-15 04:01:59 +01:00
|
|
|
case oMacs:
|
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
if (!mac_valid(arg))
|
|
|
|
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2001-02-15 04:01:59 +01:00
|
|
|
if (*activep && options->macs == NULL)
|
|
|
|
options->macs = xstrdup(arg);
|
|
|
|
break;
|
|
|
|
|
2001-04-17 20:11:36 +02:00
|
|
|
case oHostKeyAlgorithms:
|
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
if (!key_names_valid2(arg))
|
|
|
|
fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2001-04-17 20:11:36 +02:00
|
|
|
if (*activep && options->hostkeyalgorithms == NULL)
|
|
|
|
options->hostkeyalgorithms = xstrdup(arg);
|
|
|
|
break;
|
|
|
|
|
2000-04-12 12:17:38 +02:00
|
|
|
case oProtocol:
|
|
|
|
intptr = &options->protocol;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
2000-05-30 05:44:51 +02:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2000-07-11 09:31:38 +02:00
|
|
|
value = proto_spec(arg);
|
2000-04-12 12:17:38 +02:00
|
|
|
if (value == SSH_PROTO_UNKNOWN)
|
|
|
|
fatal("%.200s line %d: Bad protocol spec '%s'.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2000-04-12 12:17:38 +02:00
|
|
|
if (*activep && *intptr == SSH_PROTO_UNKNOWN)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oLogLevel:
|
2008-01-01 10:32:26 +01:00
|
|
|
log_level_ptr = &options->log_level;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
value = log_level_number(arg);
|
2002-02-05 02:26:34 +01:00
|
|
|
if (value == SYSLOG_LEVEL_NOT_SET)
|
2001-03-05 08:47:23 +01:00
|
|
|
fatal("%.200s line %d: unsupported log level '%s'",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum, arg ? arg : "<NONE>");
|
2008-01-01 10:32:26 +01:00
|
|
|
if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
|
|
|
|
*log_level_ptr = (LogLevel) value;
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case oLocalForward:
|
2001-09-12 20:01:59 +02:00
|
|
|
case oRemoteForward:
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2005-03-01 11:24:33 +01:00
|
|
|
if (arg == NULL || *arg == '\0')
|
2001-09-12 20:01:59 +02:00
|
|
|
fatal("%.200s line %d: Missing port argument.",
|
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
arg2 = strdelim(&s);
|
|
|
|
if (arg2 == NULL || *arg2 == '\0')
|
|
|
|
fatal("%.200s line %d: Missing target argument.",
|
2001-09-12 20:01:59 +02:00
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
/* construct a string for parse_forward */
|
|
|
|
snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
|
|
|
|
|
|
|
|
if (parse_forward(&fwd, fwdarg) == 0)
|
2001-09-12 20:01:59 +02:00
|
|
|
fatal("%.200s line %d: Bad forwarding specification.",
|
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
|
2001-09-12 20:01:59 +02:00
|
|
|
if (*activep) {
|
|
|
|
if (opcode == oLocalForward)
|
2005-03-01 11:24:33 +01:00
|
|
|
add_local_forward(options, &fwd);
|
2001-09-12 20:01:59 +02:00
|
|
|
else if (opcode == oRemoteForward)
|
2005-03-01 11:24:33 +01:00
|
|
|
add_remote_forward(options, &fwd);
|
2001-09-12 20:01:59 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
break;
|
|
|
|
|
2001-04-08 20:30:26 +02:00
|
|
|
case oDynamicForward:
|
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing port argument.",
|
|
|
|
filename, linenum);
|
2005-03-01 11:24:33 +01:00
|
|
|
memset(&fwd, '\0', sizeof(fwd));
|
|
|
|
fwd.connect_host = "socks";
|
|
|
|
fwd.listen_host = hpdelim(&arg);
|
|
|
|
if (fwd.listen_host == NULL ||
|
|
|
|
strlen(fwd.listen_host) >= NI_MAXHOST)
|
|
|
|
fatal("%.200s line %d: Bad forwarding specification.",
|
|
|
|
filename, linenum);
|
|
|
|
if (arg) {
|
|
|
|
fwd.listen_port = a2port(arg);
|
|
|
|
fwd.listen_host = cleanhostname(fwd.listen_host);
|
|
|
|
} else {
|
|
|
|
fwd.listen_port = a2port(fwd.listen_host);
|
2005-08-12 14:11:18 +02:00
|
|
|
fwd.listen_host = NULL;
|
2005-03-01 11:24:33 +01:00
|
|
|
}
|
|
|
|
if (fwd.listen_port == 0)
|
2001-04-08 20:30:26 +02:00
|
|
|
fatal("%.200s line %d: Badly formatted port number.",
|
|
|
|
filename, linenum);
|
2001-09-12 19:35:27 +02:00
|
|
|
if (*activep)
|
2005-03-01 11:24:33 +01:00
|
|
|
add_local_forward(options, &fwd);
|
2001-04-13 01:34:34 +02:00
|
|
|
break;
|
2001-04-08 20:30:26 +02:00
|
|
|
|
2001-09-20 02:57:55 +02:00
|
|
|
case oClearAllForwardings:
|
|
|
|
intptr = &options->clear_forwardings;
|
|
|
|
goto parse_flag;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
case oHost:
|
|
|
|
*activep = 0;
|
2000-07-15 06:14:16 +02:00
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0')
|
2000-07-11 09:31:38 +02:00
|
|
|
if (match_pattern(host, arg)) {
|
|
|
|
debug("Applying options for %.100s", arg);
|
1999-11-24 14:26:21 +01:00
|
|
|
*activep = 1;
|
|
|
|
break;
|
|
|
|
}
|
2000-07-15 06:14:16 +02:00
|
|
|
/* Avoid garbage check below, as strdelim is done. */
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
case oEscapeChar:
|
|
|
|
intptr = &options->escape_char;
|
2000-07-15 06:14:16 +02:00
|
|
|
arg = strdelim(&s);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (!arg || *arg == '\0')
|
1999-11-24 14:26:21 +01:00
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
2000-07-11 09:31:38 +02:00
|
|
|
if (arg[0] == '^' && arg[2] == 0 &&
|
2000-12-22 02:43:59 +01:00
|
|
|
(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
|
|
|
|
value = (u_char) arg[1] & 31;
|
2000-07-11 09:31:38 +02:00
|
|
|
else if (strlen(arg) == 1)
|
2000-12-22 02:43:59 +01:00
|
|
|
value = (u_char) arg[0];
|
2000-07-11 09:31:38 +02:00
|
|
|
else if (strcmp(arg, "none") == 0)
|
2001-06-05 22:32:21 +02:00
|
|
|
value = SSH_ESCAPECHAR_NONE;
|
1999-11-24 14:26:21 +01:00
|
|
|
else {
|
|
|
|
fatal("%.200s line %d: Bad escape character.",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, linenum);
|
1999-11-24 14:26:21 +01:00
|
|
|
/* NOTREACHED */
|
|
|
|
value = 0; /* Avoid compiler warning. */
|
|
|
|
}
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
|
|
|
|
2003-05-18 12:50:30 +02:00
|
|
|
case oAddressFamily:
|
|
|
|
arg = strdelim(&s);
|
2005-05-26 04:11:56 +02:00
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%s line %d: missing address family.",
|
|
|
|
filename, linenum);
|
2003-07-03 12:37:47 +02:00
|
|
|
intptr = &options->address_family;
|
2003-05-18 12:50:30 +02:00
|
|
|
if (strcasecmp(arg, "inet") == 0)
|
2003-07-03 12:37:47 +02:00
|
|
|
value = AF_INET;
|
2003-05-18 12:50:30 +02:00
|
|
|
else if (strcasecmp(arg, "inet6") == 0)
|
2003-07-03 12:37:47 +02:00
|
|
|
value = AF_INET6;
|
2003-05-18 12:50:30 +02:00
|
|
|
else if (strcasecmp(arg, "any") == 0)
|
2003-07-03 12:37:47 +02:00
|
|
|
value = AF_UNSPEC;
|
2003-05-18 12:50:30 +02:00
|
|
|
else
|
|
|
|
fatal("Unsupported AddressFamily \"%s\"", arg);
|
2003-07-03 12:37:47 +02:00
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
2003-05-18 12:50:30 +02:00
|
|
|
break;
|
|
|
|
|
2002-11-09 16:52:31 +01:00
|
|
|
case oEnableSSHKeysign:
|
|
|
|
intptr = &options->enable_ssh_keysign;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2004-03-08 13:12:36 +01:00
|
|
|
case oIdentitiesOnly:
|
|
|
|
intptr = &options->identities_only;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2003-12-17 06:33:10 +01:00
|
|
|
case oServerAliveInterval:
|
|
|
|
intptr = &options->server_alive_interval;
|
|
|
|
goto parse_time;
|
|
|
|
|
|
|
|
case oServerAliveCountMax:
|
|
|
|
intptr = &options->server_alive_count_max;
|
|
|
|
goto parse_int;
|
|
|
|
|
2004-05-02 14:11:30 +02:00
|
|
|
case oSendEnv:
|
|
|
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
|
|
|
if (strchr(arg, '=') != NULL)
|
|
|
|
fatal("%s line %d: Invalid environment name.",
|
|
|
|
filename, linenum);
|
2005-03-05 01:22:50 +01:00
|
|
|
if (!*activep)
|
|
|
|
continue;
|
2004-05-02 14:11:30 +02:00
|
|
|
if (options->num_send_env >= MAX_SEND_ENV)
|
|
|
|
fatal("%s line %d: too many send env.",
|
|
|
|
filename, linenum);
|
|
|
|
options->send_env[options->num_send_env++] =
|
|
|
|
xstrdup(arg);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2004-06-15 02:34:08 +02:00
|
|
|
case oControlPath:
|
|
|
|
charptr = &options->control_path;
|
|
|
|
goto parse_string;
|
|
|
|
|
|
|
|
case oControlMaster:
|
|
|
|
intptr = &options->control_master;
|
2005-06-16 05:19:41 +02:00
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing ControlMaster argument.",
|
|
|
|
filename, linenum);
|
|
|
|
value = 0; /* To avoid compiler warning... */
|
|
|
|
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
|
|
|
value = SSHCTL_MASTER_YES;
|
|
|
|
else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
|
|
|
|
value = SSHCTL_MASTER_NO;
|
|
|
|
else if (strcmp(arg, "auto") == 0)
|
|
|
|
value = SSHCTL_MASTER_AUTO;
|
|
|
|
else if (strcmp(arg, "ask") == 0)
|
|
|
|
value = SSHCTL_MASTER_ASK;
|
|
|
|
else if (strcmp(arg, "autoask") == 0)
|
|
|
|
value = SSHCTL_MASTER_AUTO_ASK;
|
|
|
|
else
|
|
|
|
fatal("%.200s line %d: Bad ControlMaster argument.",
|
|
|
|
filename, linenum);
|
|
|
|
if (*activep && *intptr == -1)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
2004-06-15 02:34:08 +02:00
|
|
|
|
2005-03-01 11:47:37 +01:00
|
|
|
case oHashKnownHosts:
|
|
|
|
intptr = &options->hash_known_hosts;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2005-12-13 09:29:02 +01:00
|
|
|
case oTunnel:
|
|
|
|
intptr = &options->tun_open;
|
2005-12-13 09:33:19 +01:00
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%s line %d: Missing yes/point-to-point/"
|
|
|
|
"ethernet/no argument.", filename, linenum);
|
|
|
|
value = 0; /* silence compiler */
|
|
|
|
if (strcasecmp(arg, "ethernet") == 0)
|
|
|
|
value = SSH_TUNMODE_ETHERNET;
|
|
|
|
else if (strcasecmp(arg, "point-to-point") == 0)
|
|
|
|
value = SSH_TUNMODE_POINTOPOINT;
|
|
|
|
else if (strcasecmp(arg, "yes") == 0)
|
|
|
|
value = SSH_TUNMODE_DEFAULT;
|
|
|
|
else if (strcasecmp(arg, "no") == 0)
|
|
|
|
value = SSH_TUNMODE_NO;
|
|
|
|
else
|
|
|
|
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
|
|
|
|
"no argument: %s", filename, linenum, arg);
|
|
|
|
if (*activep)
|
|
|
|
*intptr = value;
|
|
|
|
break;
|
2005-12-13 09:29:02 +01:00
|
|
|
|
|
|
|
case oTunnelDevice:
|
|
|
|
arg = strdelim(&s);
|
|
|
|
if (!arg || *arg == '\0')
|
|
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
|
|
|
value = a2tun(arg, &value2);
|
2005-12-13 09:33:19 +01:00
|
|
|
if (value == SSH_TUNID_ERR)
|
2005-12-13 09:29:02 +01:00
|
|
|
fatal("%.200s line %d: Bad tun device.", filename, linenum);
|
|
|
|
if (*activep) {
|
|
|
|
options->tun_local = value;
|
|
|
|
options->tun_remote = value2;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case oLocalCommand:
|
|
|
|
charptr = &options->local_command;
|
|
|
|
goto parse_command;
|
|
|
|
|
|
|
|
case oPermitLocalCommand:
|
|
|
|
intptr = &options->permit_local_command;
|
|
|
|
goto parse_flag;
|
|
|
|
|
2002-06-09 22:04:02 +02:00
|
|
|
case oDeprecated:
|
2002-06-09 22:13:27 +02:00
|
|
|
debug("%s line %d: Deprecated option \"%s\"",
|
2002-06-09 22:04:02 +02:00
|
|
|
filename, linenum, keyword);
|
2002-06-09 22:13:27 +02:00
|
|
|
return 0;
|
2002-06-09 22:04:02 +02:00
|
|
|
|
2003-05-16 03:38:32 +02:00
|
|
|
case oUnsupported:
|
|
|
|
error("%s line %d: Unsupported option \"%s\"",
|
|
|
|
filename, linenum, keyword);
|
|
|
|
return 0;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
default:
|
|
|
|
fatal("process_config_line: Unimplemented opcode %d", opcode);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check that there is no garbage at end of line. */
|
2001-01-22 06:34:40 +01:00
|
|
|
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
2000-07-11 09:31:38 +02:00
|
|
|
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
2005-07-17 09:22:45 +02:00
|
|
|
filename, linenum, arg);
|
2000-07-11 09:31:38 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
return 0;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Reads the config file and modifies the options accordingly. Options
|
|
|
|
* should already be initialized before this call. This never returns if
|
2001-09-12 20:32:20 +02:00
|
|
|
* there is an error. If the file does not exist, this returns 0.
|
1999-11-25 01:54:57 +01:00
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2001-09-12 20:32:20 +02:00
|
|
|
int
|
2004-07-17 08:12:08 +02:00
|
|
|
read_config_file(const char *filename, const char *host, Options *options,
|
2004-04-20 12:11:57 +02:00
|
|
|
int checkperm)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
FILE *f;
|
|
|
|
char line[1024];
|
|
|
|
int active, linenum;
|
|
|
|
int bad_options = 0;
|
|
|
|
|
|
|
|
/* Open the file. */
|
2004-04-20 12:11:57 +02:00
|
|
|
if ((f = fopen(filename, "r")) == NULL)
|
2001-09-12 20:32:20 +02:00
|
|
|
return 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
|
2004-04-20 12:11:57 +02:00
|
|
|
if (checkperm) {
|
|
|
|
struct stat sb;
|
2004-07-17 08:12:08 +02:00
|
|
|
|
2004-06-15 02:27:55 +02:00
|
|
|
if (fstat(fileno(f), &sb) == -1)
|
2004-04-20 12:11:57 +02:00
|
|
|
fatal("fstat %s: %s", filename, strerror(errno));
|
|
|
|
if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
|
2004-06-15 02:27:55 +02:00
|
|
|
(sb.st_mode & 022) != 0))
|
2004-04-20 12:11:57 +02:00
|
|
|
fatal("Bad owner or permissions on %s", filename);
|
|
|
|
}
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
debug("Reading configuration data %.200s", filename);
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Mark that we are now processing the options. This flag is turned
|
|
|
|
* on/off by Host specifications.
|
|
|
|
*/
|
1999-11-24 14:26:21 +01:00
|
|
|
active = 1;
|
|
|
|
linenum = 0;
|
|
|
|
while (fgets(line, sizeof(line), f)) {
|
|
|
|
/* Update line number counter. */
|
|
|
|
linenum++;
|
|
|
|
if (process_config_line(options, host, line, filename, linenum, &active) != 0)
|
|
|
|
bad_options++;
|
|
|
|
}
|
|
|
|
fclose(f);
|
|
|
|
if (bad_options > 0)
|
2001-03-05 08:47:23 +01:00
|
|
|
fatal("%s: terminating, %d bad configuration options",
|
2001-12-21 04:45:46 +01:00
|
|
|
filename, bad_options);
|
2001-09-12 20:32:20 +02:00
|
|
|
return 1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Initializes options to special values that indicate that they have not yet
|
|
|
|
* been set. Read_config_file will only set options with this value. Options
|
|
|
|
* are processed in the following order: command line, user config file,
|
|
|
|
* system config file. Last, fill_default_options is called.
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
1999-11-24 14:26:21 +01:00
|
|
|
initialize_options(Options * options)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
1999-11-24 14:26:21 +01:00
|
|
|
memset(options, 'X', sizeof(*options));
|
|
|
|
options->forward_agent = -1;
|
|
|
|
options->forward_x11 = -1;
|
2003-10-15 07:54:32 +02:00
|
|
|
options->forward_x11_trusted = -1;
|
2006-07-12 14:17:10 +02:00
|
|
|
options->exit_on_forward_failure = -1;
|
2000-06-07 11:55:44 +02:00
|
|
|
options->xauth_location = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->gateway_ports = -1;
|
|
|
|
options->use_privileged_port = -1;
|
|
|
|
options->rsa_authentication = -1;
|
2000-11-13 12:57:25 +01:00
|
|
|
options->pubkey_authentication = -1;
|
2001-06-05 20:56:16 +02:00
|
|
|
options->challenge_response_authentication = -1;
|
2003-08-26 03:49:55 +02:00
|
|
|
options->gss_authentication = -1;
|
|
|
|
options->gss_deleg_creds = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->password_authentication = -1;
|
2000-10-14 07:23:11 +02:00
|
|
|
options->kbd_interactive_authentication = -1;
|
|
|
|
options->kbd_interactive_devices = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->rhosts_rsa_authentication = -1;
|
2001-04-13 01:34:34 +02:00
|
|
|
options->hostbased_authentication = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->batch_mode = -1;
|
|
|
|
options->check_host_ip = -1;
|
|
|
|
options->strict_host_key_checking = -1;
|
|
|
|
options->compression = -1;
|
2003-12-17 06:31:10 +01:00
|
|
|
options->tcp_keep_alive = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->compression_level = -1;
|
|
|
|
options->port = -1;
|
2003-07-03 12:37:47 +02:00
|
|
|
options->address_family = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->connection_attempts = -1;
|
2003-05-16 03:39:04 +02:00
|
|
|
options->connection_timeout = -1;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->number_of_password_prompts = -1;
|
|
|
|
options->cipher = -1;
|
2000-04-12 12:17:38 +02:00
|
|
|
options->ciphers = NULL;
|
2001-02-15 04:01:59 +01:00
|
|
|
options->macs = NULL;
|
2001-04-17 20:11:36 +02:00
|
|
|
options->hostkeyalgorithms = NULL;
|
2000-04-12 12:17:38 +02:00
|
|
|
options->protocol = SSH_PROTO_UNKNOWN;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->num_identity_files = 0;
|
|
|
|
options->hostname = NULL;
|
2000-12-28 17:40:05 +01:00
|
|
|
options->host_key_alias = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->proxy_command = NULL;
|
|
|
|
options->user = NULL;
|
|
|
|
options->escape_char = -1;
|
|
|
|
options->system_hostfile = NULL;
|
|
|
|
options->user_hostfile = NULL;
|
2000-04-29 15:57:08 +02:00
|
|
|
options->system_hostfile2 = NULL;
|
|
|
|
options->user_hostfile2 = NULL;
|
1999-11-24 14:26:21 +01:00
|
|
|
options->num_local_forwards = 0;
|
|
|
|
options->num_remote_forwards = 0;
|
2001-09-20 02:57:55 +02:00
|
|
|
options->clear_forwardings = -1;
|
2002-02-05 02:26:34 +01:00
|
|
|
options->log_level = SYSLOG_LEVEL_NOT_SET;
|
2001-03-11 02:49:19 +01:00
|
|
|
options->preferred_authentications = NULL;
|
2001-04-30 15:06:24 +02:00
|
|
|
options->bind_address = NULL;
|
2001-08-06 23:35:51 +02:00
|
|
|
options->smartcard_device = NULL;
|
2002-11-09 16:52:31 +01:00
|
|
|
options->enable_ssh_keysign = - 1;
|
2001-10-03 19:39:38 +02:00
|
|
|
options->no_host_authentication_for_localhost = - 1;
|
2004-03-08 13:12:36 +01:00
|
|
|
options->identities_only = - 1;
|
2003-04-09 12:50:06 +02:00
|
|
|
options->rekey_limit = - 1;
|
2003-05-15 02:19:46 +02:00
|
|
|
options->verify_host_key_dns = -1;
|
2003-12-17 06:33:10 +01:00
|
|
|
options->server_alive_interval = -1;
|
|
|
|
options->server_alive_count_max = -1;
|
2004-05-02 14:11:30 +02:00
|
|
|
options->num_send_env = 0;
|
2004-06-15 02:34:08 +02:00
|
|
|
options->control_path = NULL;
|
|
|
|
options->control_master = -1;
|
2005-03-01 11:47:37 +01:00
|
|
|
options->hash_known_hosts = -1;
|
2005-12-13 09:29:02 +01:00
|
|
|
options->tun_open = -1;
|
|
|
|
options->tun_local = -1;
|
|
|
|
options->tun_remote = -1;
|
|
|
|
options->local_command = NULL;
|
|
|
|
options->permit_local_command = -1;
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
|
|
|
|
1999-11-25 01:54:57 +01:00
|
|
|
/*
|
|
|
|
* Called after processing other sources of option data, this fills those
|
|
|
|
* options for which no value has been specified with their default values.
|
|
|
|
*/
|
1999-10-27 05:42:43 +02:00
|
|
|
|
2000-04-16 03:18:38 +02:00
|
|
|
void
|
1999-11-24 14:26:21 +01:00
|
|
|
fill_default_options(Options * options)
|
1999-10-27 05:42:43 +02:00
|
|
|
{
|
2001-02-10 23:50:09 +01:00
|
|
|
int len;
|
|
|
|
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->forward_agent == -1)
|
2000-05-30 05:44:51 +02:00
|
|
|
options->forward_agent = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->forward_x11 == -1)
|
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
- int atomicio -> ssize_t (for alpha). ok deraadt@
[auth-rsa.c]
- delay MD5 computation until client sends response, free() early, cleanup.
[cipher.c]
- void* -> unsigned char*, ok niels@
[hostfile.c]
- remove unused variable 'len'. fix comments.
- remove unused variable
[log-client.c log-server.c]
- rename a cpp symbol, to avoid param.h collision
[packet.c]
- missing xfree()
- getsockname() requires initialized tolen; andy@guildsoftware.com
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
[pty.c pty.h]
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
[readconf.c]
- turn off x11-fwd for the client, too.
[rsa.c]
- PKCS#1 padding
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
[servconf.c]
- typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- sync with sshd_config
[ssh-keygen.c]
- enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
[ssh.1]
- Change invalid 'CHAT' loglevel to 'VERBOSE'
[ssh.c]
- suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- turn off x11-fwd for the client, too.
[sshconnect.c]
- missing xfree()
- retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- read error vs. "Connection closed by remote host"
[sshd.8]
- ie. -> i.e.,
- do not link to a commercial page..
- sync with sshd_config
[sshd.c]
- no need for poll.h; from bright@wintelcom.net
- log with level log() not fatal() if peer behaves badly.
- don't panic if client behaves strange. ok deraadt@
- make no-port-forwarding for RSA keys deny both -L and -R style fwding
- delay close() of pty until the pty has been chowned back to root
- oops, fix comment, too.
- missing xfree()
- move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
- create x11 cookie file
- fix pr 1113, fclose() -> pclose(), todo: remote popen()
- version 1.2.3
- Cleaned up
2000-03-09 11:27:49 +01:00
|
|
|
options->forward_x11 = 0;
|
2003-10-15 07:54:32 +02:00
|
|
|
if (options->forward_x11_trusted == -1)
|
|
|
|
options->forward_x11_trusted = 0;
|
2006-07-12 14:17:10 +02:00
|
|
|
if (options->exit_on_forward_failure == -1)
|
|
|
|
options->exit_on_forward_failure = 0;
|
2000-06-07 11:55:44 +02:00
|
|
|
if (options->xauth_location == NULL)
|
2001-06-09 03:48:01 +02:00
|
|
|
options->xauth_location = _PATH_XAUTH;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->gateway_ports == -1)
|
|
|
|
options->gateway_ports = 0;
|
|
|
|
if (options->use_privileged_port == -1)
|
2001-03-08 04:39:10 +01:00
|
|
|
options->use_privileged_port = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->rsa_authentication == -1)
|
|
|
|
options->rsa_authentication = 1;
|
2000-11-13 12:57:25 +01:00
|
|
|
if (options->pubkey_authentication == -1)
|
|
|
|
options->pubkey_authentication = 1;
|
2001-06-05 20:56:16 +02:00
|
|
|
if (options->challenge_response_authentication == -1)
|
2001-08-06 22:53:26 +02:00
|
|
|
options->challenge_response_authentication = 1;
|
2003-08-26 03:49:55 +02:00
|
|
|
if (options->gss_authentication == -1)
|
2003-10-15 07:52:03 +02:00
|
|
|
options->gss_authentication = 0;
|
2003-08-26 03:49:55 +02:00
|
|
|
if (options->gss_deleg_creds == -1)
|
|
|
|
options->gss_deleg_creds = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->password_authentication == -1)
|
|
|
|
options->password_authentication = 1;
|
2000-10-14 07:23:11 +02:00
|
|
|
if (options->kbd_interactive_authentication == -1)
|
2001-01-23 04:12:10 +01:00
|
|
|
options->kbd_interactive_authentication = 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->rhosts_rsa_authentication == -1)
|
2002-06-11 17:53:05 +02:00
|
|
|
options->rhosts_rsa_authentication = 0;
|
2001-04-13 01:34:34 +02:00
|
|
|
if (options->hostbased_authentication == -1)
|
|
|
|
options->hostbased_authentication = 0;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->batch_mode == -1)
|
|
|
|
options->batch_mode = 0;
|
|
|
|
if (options->check_host_ip == -1)
|
|
|
|
options->check_host_ip = 1;
|
|
|
|
if (options->strict_host_key_checking == -1)
|
|
|
|
options->strict_host_key_checking = 2; /* 2 is default */
|
|
|
|
if (options->compression == -1)
|
|
|
|
options->compression = 0;
|
2003-12-17 06:31:10 +01:00
|
|
|
if (options->tcp_keep_alive == -1)
|
|
|
|
options->tcp_keep_alive = 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->compression_level == -1)
|
|
|
|
options->compression_level = 6;
|
|
|
|
if (options->port == -1)
|
|
|
|
options->port = 0; /* Filled in ssh_connect. */
|
2003-07-03 12:37:47 +02:00
|
|
|
if (options->address_family == -1)
|
|
|
|
options->address_family = AF_UNSPEC;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->connection_attempts == -1)
|
2001-08-06 23:07:11 +02:00
|
|
|
options->connection_attempts = 1;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->number_of_password_prompts == -1)
|
|
|
|
options->number_of_password_prompts = 3;
|
|
|
|
/* Selected in ssh_login(). */
|
|
|
|
if (options->cipher == -1)
|
|
|
|
options->cipher = SSH_CIPHER_NOT_SET;
|
2000-05-09 03:02:59 +02:00
|
|
|
/* options->ciphers, default set in myproposals.h */
|
2001-02-15 04:01:59 +01:00
|
|
|
/* options->macs, default set in myproposals.h */
|
2001-04-17 20:11:36 +02:00
|
|
|
/* options->hostkeyalgorithms, default set in myproposals.h */
|
2000-04-12 12:17:38 +02:00
|
|
|
if (options->protocol == SSH_PROTO_UNKNOWN)
|
2001-03-22 02:24:04 +01:00
|
|
|
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->num_identity_files == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
if (options->protocol & SSH_PROTO_1) {
|
2001-02-10 23:50:09 +01:00
|
|
|
len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
|
2000-11-13 12:57:25 +01:00
|
|
|
options->identity_files[options->num_identity_files] =
|
2001-02-10 23:50:09 +01:00
|
|
|
xmalloc(len);
|
|
|
|
snprintf(options->identity_files[options->num_identity_files++],
|
|
|
|
len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
if (options->protocol & SSH_PROTO_2) {
|
2001-03-05 07:03:03 +01:00
|
|
|
len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
|
|
|
|
options->identity_files[options->num_identity_files] =
|
|
|
|
xmalloc(len);
|
|
|
|
snprintf(options->identity_files[options->num_identity_files++],
|
|
|
|
len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
|
|
|
|
|
2001-02-10 23:50:09 +01:00
|
|
|
len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
|
2000-11-13 12:57:25 +01:00
|
|
|
options->identity_files[options->num_identity_files] =
|
2001-02-10 23:50:09 +01:00
|
|
|
xmalloc(len);
|
|
|
|
snprintf(options->identity_files[options->num_identity_files++],
|
|
|
|
len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2000-04-29 15:57:08 +02:00
|
|
|
}
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->escape_char == -1)
|
|
|
|
options->escape_char = '~';
|
|
|
|
if (options->system_hostfile == NULL)
|
2001-01-22 06:34:40 +01:00
|
|
|
options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
|
1999-11-24 14:26:21 +01:00
|
|
|
if (options->user_hostfile == NULL)
|
2001-01-22 06:34:40 +01:00
|
|
|
options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
|
2000-04-29 15:57:08 +02:00
|
|
|
if (options->system_hostfile2 == NULL)
|
2001-01-22 06:34:40 +01:00
|
|
|
options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
|
2000-04-29 15:57:08 +02:00
|
|
|
if (options->user_hostfile2 == NULL)
|
2001-01-22 06:34:40 +01:00
|
|
|
options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
|
2002-02-05 02:26:34 +01:00
|
|
|
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
|
2001-01-19 05:26:52 +01:00
|
|
|
options->log_level = SYSLOG_LEVEL_INFO;
|
2001-09-20 02:57:55 +02:00
|
|
|
if (options->clear_forwardings == 1)
|
|
|
|
clear_forwardings(options);
|
2001-10-03 19:39:38 +02:00
|
|
|
if (options->no_host_authentication_for_localhost == - 1)
|
|
|
|
options->no_host_authentication_for_localhost = 0;
|
2004-03-08 13:12:36 +01:00
|
|
|
if (options->identities_only == -1)
|
|
|
|
options->identities_only = 0;
|
2002-11-09 16:52:31 +01:00
|
|
|
if (options->enable_ssh_keysign == -1)
|
|
|
|
options->enable_ssh_keysign = 0;
|
2003-04-09 12:50:06 +02:00
|
|
|
if (options->rekey_limit == -1)
|
|
|
|
options->rekey_limit = 0;
|
2003-05-15 02:19:46 +02:00
|
|
|
if (options->verify_host_key_dns == -1)
|
|
|
|
options->verify_host_key_dns = 0;
|
2003-12-17 06:33:10 +01:00
|
|
|
if (options->server_alive_interval == -1)
|
|
|
|
options->server_alive_interval = 0;
|
|
|
|
if (options->server_alive_count_max == -1)
|
|
|
|
options->server_alive_count_max = 3;
|
2004-06-15 02:34:08 +02:00
|
|
|
if (options->control_master == -1)
|
|
|
|
options->control_master = 0;
|
2005-03-01 11:47:37 +01:00
|
|
|
if (options->hash_known_hosts == -1)
|
|
|
|
options->hash_known_hosts = 0;
|
2005-12-13 09:29:02 +01:00
|
|
|
if (options->tun_open == -1)
|
2005-12-13 09:33:19 +01:00
|
|
|
options->tun_open = SSH_TUNMODE_NO;
|
|
|
|
if (options->tun_local == -1)
|
|
|
|
options->tun_local = SSH_TUNID_ANY;
|
|
|
|
if (options->tun_remote == -1)
|
|
|
|
options->tun_remote = SSH_TUNID_ANY;
|
2005-12-13 09:29:02 +01:00
|
|
|
if (options->permit_local_command == -1)
|
|
|
|
options->permit_local_command = 0;
|
|
|
|
/* options->local_command should not be set by default */
|
1999-11-24 14:26:21 +01:00
|
|
|
/* options->proxy_command should not be set by default */
|
|
|
|
/* options->user will be set in the main program if appropriate */
|
|
|
|
/* options->hostname will be set in the main program if appropriate */
|
2000-12-28 17:40:05 +01:00
|
|
|
/* options->host_key_alias should not be set by default */
|
2001-03-11 02:49:19 +01:00
|
|
|
/* options->preferred_authentications will be set in ssh */
|
1999-10-27 05:42:43 +02:00
|
|
|
}
|
2005-03-01 11:24:33 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* parse_forward
|
|
|
|
* parses a string containing a port forwarding specification of the form:
|
|
|
|
* [listenhost:]listenport:connecthost:connectport
|
|
|
|
* returns number of arguments parsed or zero on error
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
parse_forward(Forward *fwd, const char *fwdspec)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
char *p, *cp, *fwdarg[4];
|
|
|
|
|
|
|
|
memset(fwd, '\0', sizeof(*fwd));
|
|
|
|
|
|
|
|
cp = p = xstrdup(fwdspec);
|
|
|
|
|
|
|
|
/* skip leading spaces */
|
2007-03-21 10:46:03 +01:00
|
|
|
while (isspace(*cp))
|
2005-03-01 11:24:33 +01:00
|
|
|
cp++;
|
|
|
|
|
|
|
|
for (i = 0; i < 4; ++i)
|
|
|
|
if ((fwdarg[i] = hpdelim(&cp)) == NULL)
|
|
|
|
break;
|
|
|
|
|
|
|
|
/* Check for trailing garbage in 4-arg case*/
|
|
|
|
if (cp != NULL)
|
|
|
|
i = 0; /* failure */
|
|
|
|
|
|
|
|
switch (i) {
|
|
|
|
case 3:
|
|
|
|
fwd->listen_host = NULL;
|
|
|
|
fwd->listen_port = a2port(fwdarg[0]);
|
|
|
|
fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
|
|
|
|
fwd->connect_port = a2port(fwdarg[2]);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 4:
|
|
|
|
fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
|
|
|
|
fwd->listen_port = a2port(fwdarg[1]);
|
|
|
|
fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
|
|
|
|
fwd->connect_port = a2port(fwdarg[3]);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
i = 0; /* failure */
|
|
|
|
}
|
|
|
|
|
|
|
|
xfree(p);
|
|
|
|
|
2007-10-26 06:27:22 +02:00
|
|
|
if (fwd->listen_port == 0 || fwd->connect_port == 0)
|
2005-03-01 11:24:33 +01:00
|
|
|
goto fail_free;
|
|
|
|
|
|
|
|
if (fwd->connect_host != NULL &&
|
|
|
|
strlen(fwd->connect_host) >= NI_MAXHOST)
|
|
|
|
goto fail_free;
|
|
|
|
|
|
|
|
return (i);
|
|
|
|
|
|
|
|
fail_free:
|
|
|
|
if (fwd->connect_host != NULL)
|
|
|
|
xfree(fwd->connect_host);
|
|
|
|
if (fwd->listen_host != NULL)
|
|
|
|
xfree(fwd->listen_host);
|
|
|
|
return (0);
|
|
|
|
}
|