summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
committerColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
commit99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch)
tree1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /readconf.c
parent87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff)
parent54af7a4ae8d455791a631bdfaade4b64436ae16a (diff)
import openssh-5.2p1-gsskex-all-20090726.patch
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c151
1 files changed, 97 insertions, 54 deletions
diff --git a/readconf.c b/readconf.c
index 3aedd6f5a..484db3e5f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ 1/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -127,12 +127,11 @@ typedef enum {
127 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
129 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
130 oGssKeyEx, 130 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
131 oGssTrustDns,
132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 131 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
133 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 132 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
134 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 133 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
135 oVisualHostKey, 134 oVisualHostKey, oZeroKnowledgePasswordAuthentication,
136 oDeprecated, oUnsupported 135 oDeprecated, oUnsupported
137} OpCodes; 136} OpCodes;
138 137
@@ -169,16 +168,20 @@ static struct {
169 { "gssapikeyexchange", oGssKeyEx }, 168 { "gssapikeyexchange", oGssKeyEx },
170 { "gssapidelegatecredentials", oGssDelegateCreds }, 169 { "gssapidelegatecredentials", oGssDelegateCreds },
171 { "gssapitrustdns", oGssTrustDns }, 170 { "gssapitrustdns", oGssTrustDns },
171 { "gssapiclientidentity", oGssClientIdentity },
172 { "gssapirenewalforcesrekey", oGssRenewalRekey },
172#else 173#else
173 { "gssapiauthentication", oUnsupported }, 174 { "gssapiauthentication", oUnsupported },
174 { "gssapikeyexchange", oUnsupported }, 175 { "gssapikeyexchange", oUnsupported },
175 { "gssapidelegatecredentials", oUnsupported }, 176 { "gssapidelegatecredentials", oUnsupported },
176 { "gssapitrustdns", oUnsupported }, 177 { "gssapitrustdns", oUnsupported },
178 { "gssapiclientidentity", oUnsupported },
179 { "gssapirenewalforcesrekey", oUnsupported },
177#endif 180#endif
178 { "fallbacktorsh", oDeprecated }, 181 { "fallbacktorsh", oDeprecated },
179 { "usersh", oDeprecated }, 182 { "usersh", oDeprecated },
180 { "identityfile", oIdentityFile }, 183 { "identityfile", oIdentityFile },
181 { "identityfile2", oIdentityFile }, /* alias */ 184 { "identityfile2", oIdentityFile }, /* obsolete */
182 { "identitiesonly", oIdentitiesOnly }, 185 { "identitiesonly", oIdentitiesOnly },
183 { "hostname", oHostName }, 186 { "hostname", oHostName },
184 { "hostkeyalias", oHostKeyAlias }, 187 { "hostkeyalias", oHostKeyAlias },
@@ -194,8 +197,8 @@ static struct {
194 { "host", oHost }, 197 { "host", oHost },
195 { "escapechar", oEscapeChar }, 198 { "escapechar", oEscapeChar },
196 { "globalknownhostsfile", oGlobalKnownHostsFile }, 199 { "globalknownhostsfile", oGlobalKnownHostsFile },
197 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ 200 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
198 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, 201 { "userknownhostsfile", oUserKnownHostsFile },
199 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ 202 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
200 { "connectionattempts", oConnectionAttempts }, 203 { "connectionattempts", oConnectionAttempts },
201 { "batchmode", oBatchMode }, 204 { "batchmode", oBatchMode },
@@ -234,6 +237,13 @@ static struct {
234 { "localcommand", oLocalCommand }, 237 { "localcommand", oLocalCommand },
235 { "permitlocalcommand", oPermitLocalCommand }, 238 { "permitlocalcommand", oPermitLocalCommand },
236 { "visualhostkey", oVisualHostKey }, 239 { "visualhostkey", oVisualHostKey },
240#ifdef JPAKE
241 { "zeroknowledgepasswordauthentication",
242 oZeroKnowledgePasswordAuthentication },
243#else
244 { "zeroknowledgepasswordauthentication", oUnsupported },
245#endif
246
237 { NULL, oBadOption } 247 { NULL, oBadOption }
238}; 248};
239 249
@@ -255,10 +265,9 @@ add_local_forward(Options *options, const Forward *newfwd)
255 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); 265 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
256 fwd = &options->local_forwards[options->num_local_forwards++]; 266 fwd = &options->local_forwards[options->num_local_forwards++];
257 267
258 fwd->listen_host = (newfwd->listen_host == NULL) ? 268 fwd->listen_host = newfwd->listen_host;
259 NULL : xstrdup(newfwd->listen_host);
260 fwd->listen_port = newfwd->listen_port; 269 fwd->listen_port = newfwd->listen_port;
261 fwd->connect_host = xstrdup(newfwd->connect_host); 270 fwd->connect_host = newfwd->connect_host;
262 fwd->connect_port = newfwd->connect_port; 271 fwd->connect_port = newfwd->connect_port;
263} 272}
264 273
@@ -276,10 +285,9 @@ add_remote_forward(Options *options, const Forward *newfwd)
276 SSH_MAX_FORWARDS_PER_DIRECTION); 285 SSH_MAX_FORWARDS_PER_DIRECTION);
277 fwd = &options->remote_forwards[options->num_remote_forwards++]; 286 fwd = &options->remote_forwards[options->num_remote_forwards++];
278 287
279 fwd->listen_host = (newfwd->listen_host == NULL) ? 288 fwd->listen_host = newfwd->listen_host;
280 NULL : xstrdup(newfwd->listen_host);
281 fwd->listen_port = newfwd->listen_port; 289 fwd->listen_port = newfwd->listen_port;
282 fwd->connect_host = xstrdup(newfwd->connect_host); 290 fwd->connect_host = newfwd->connect_host;
283 fwd->connect_port = newfwd->connect_port; 291 fwd->connect_port = newfwd->connect_port;
284} 292}
285 293
@@ -418,6 +426,10 @@ parse_flag:
418 intptr = &options->password_authentication; 426 intptr = &options->password_authentication;
419 goto parse_flag; 427 goto parse_flag;
420 428
429 case oZeroKnowledgePasswordAuthentication:
430 intptr = &options->zero_knowledge_password_authentication;
431 goto parse_flag;
432
421 case oKbdInteractiveAuthentication: 433 case oKbdInteractiveAuthentication:
422 intptr = &options->kbd_interactive_authentication; 434 intptr = &options->kbd_interactive_authentication;
423 goto parse_flag; 435 goto parse_flag;
@@ -451,7 +463,7 @@ parse_flag:
451 goto parse_flag; 463 goto parse_flag;
452 464
453 case oGssKeyEx: 465 case oGssKeyEx:
454 intptr = &options->gss_keyex; 466 intptr = &options->gss_keyex;
455 goto parse_flag; 467 goto parse_flag;
456 468
457 case oGssDelegateCreds: 469 case oGssDelegateCreds:
@@ -462,6 +474,14 @@ parse_flag:
462 intptr = &options->gss_trust_dns; 474 intptr = &options->gss_trust_dns;
463 goto parse_flag; 475 goto parse_flag;
464 476
477 case oGssClientIdentity:
478 charptr = &options->gss_client_identity;
479 goto parse_string;
480
481 case oGssRenewalRekey:
482 intptr = &options->gss_renewal_rekey;
483 goto parse_flag;
484
465 case oBatchMode: 485 case oBatchMode:
466 intptr = &options->batch_mode; 486 intptr = &options->batch_mode;
467 goto parse_flag; 487 goto parse_flag;
@@ -720,56 +740,40 @@ parse_int:
720 740
721 case oLocalForward: 741 case oLocalForward:
722 case oRemoteForward: 742 case oRemoteForward:
743 case oDynamicForward:
723 arg = strdelim(&s); 744 arg = strdelim(&s);
724 if (arg == NULL || *arg == '\0') 745 if (arg == NULL || *arg == '\0')
725 fatal("%.200s line %d: Missing port argument.", 746 fatal("%.200s line %d: Missing port argument.",
726 filename, linenum); 747 filename, linenum);
727 arg2 = strdelim(&s);
728 if (arg2 == NULL || *arg2 == '\0')
729 fatal("%.200s line %d: Missing target argument.",
730 filename, linenum);
731 748
732 /* construct a string for parse_forward */ 749 if (opcode == oLocalForward ||
733 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); 750 opcode == oRemoteForward) {
751 arg2 = strdelim(&s);
752 if (arg2 == NULL || *arg2 == '\0')
753 fatal("%.200s line %d: Missing target argument.",
754 filename, linenum);
755
756 /* construct a string for parse_forward */
757 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
758 } else if (opcode == oDynamicForward) {
759 strlcpy(fwdarg, arg, sizeof(fwdarg));
760 }
734 761
735 if (parse_forward(&fwd, fwdarg) == 0) 762 if (parse_forward(&fwd, fwdarg,
763 opcode == oDynamicForward ? 1 : 0,
764 opcode == oRemoteForward ? 1 : 0) == 0)
736 fatal("%.200s line %d: Bad forwarding specification.", 765 fatal("%.200s line %d: Bad forwarding specification.",
737 filename, linenum); 766 filename, linenum);
738 767
739 if (*activep) { 768 if (*activep) {
740 if (opcode == oLocalForward) 769 if (opcode == oLocalForward ||
770 opcode == oDynamicForward)
741 add_local_forward(options, &fwd); 771 add_local_forward(options, &fwd);
742 else if (opcode == oRemoteForward) 772 else if (opcode == oRemoteForward)
743 add_remote_forward(options, &fwd); 773 add_remote_forward(options, &fwd);
744 } 774 }
745 break; 775 break;
746 776
747 case oDynamicForward:
748 arg = strdelim(&s);
749 if (!arg || *arg == '\0')
750 fatal("%.200s line %d: Missing port argument.",
751 filename, linenum);
752 memset(&fwd, '\0', sizeof(fwd));
753 fwd.connect_host = "socks";
754 fwd.listen_host = hpdelim(&arg);
755 if (fwd.listen_host == NULL ||
756 strlen(fwd.listen_host) >= NI_MAXHOST)
757 fatal("%.200s line %d: Bad forwarding specification.",
758 filename, linenum);
759 if (arg) {
760 fwd.listen_port = a2port(arg);
761 fwd.listen_host = cleanhostname(fwd.listen_host);
762 } else {
763 fwd.listen_port = a2port(fwd.listen_host);
764 fwd.listen_host = NULL;
765 }
766 if (fwd.listen_port == 0)
767 fatal("%.200s line %d: Badly formatted port number.",
768 filename, linenum);
769 if (*activep)
770 add_local_forward(options, &fwd);
771 break;
772
773 case oClearAllForwardings: 777 case oClearAllForwardings:
774 intptr = &options->clear_forwardings; 778 intptr = &options->clear_forwardings;
775 goto parse_flag; 779 goto parse_flag;
@@ -973,7 +977,6 @@ read_config_file(const char *filename, const char *host, Options *options,
973 int active, linenum; 977 int active, linenum;
974 int bad_options = 0; 978 int bad_options = 0;
975 979
976 /* Open the file. */
977 if ((f = fopen(filename, "r")) == NULL) 980 if ((f = fopen(filename, "r")) == NULL)
978 return 0; 981 return 0;
979 982
@@ -1033,6 +1036,8 @@ initialize_options(Options * options)
1033 options->gss_keyex = -1; 1036 options->gss_keyex = -1;
1034 options->gss_deleg_creds = -1; 1037 options->gss_deleg_creds = -1;
1035 options->gss_trust_dns = -1; 1038 options->gss_trust_dns = -1;
1039 options->gss_renewal_rekey = -1;
1040 options->gss_client_identity = NULL;
1036 options->password_authentication = -1; 1041 options->password_authentication = -1;
1037 options->kbd_interactive_authentication = -1; 1042 options->kbd_interactive_authentication = -1;
1038 options->kbd_interactive_devices = NULL; 1043 options->kbd_interactive_devices = NULL;
@@ -1088,6 +1093,7 @@ initialize_options(Options * options)
1088 options->local_command = NULL; 1093 options->local_command = NULL;
1089 options->permit_local_command = -1; 1094 options->permit_local_command = -1;
1090 options->visual_host_key = -1; 1095 options->visual_host_key = -1;
1096 options->zero_knowledge_password_authentication = -1;
1091} 1097}
1092 1098
1093/* 1099/*
@@ -1128,6 +1134,8 @@ fill_default_options(Options * options)
1128 options->gss_deleg_creds = 0; 1134 options->gss_deleg_creds = 0;
1129 if (options->gss_trust_dns == -1) 1135 if (options->gss_trust_dns == -1)
1130 options->gss_trust_dns = 0; 1136 options->gss_trust_dns = 0;
1137 if (options->gss_renewal_rekey == -1)
1138 options->gss_renewal_rekey = 0;
1131 if (options->password_authentication == -1) 1139 if (options->password_authentication == -1)
1132 options->password_authentication = 1; 1140 options->password_authentication = 1;
1133 if (options->kbd_interactive_authentication == -1) 1141 if (options->kbd_interactive_authentication == -1)
@@ -1228,6 +1236,8 @@ fill_default_options(Options * options)
1228 options->permit_local_command = 0; 1236 options->permit_local_command = 0;
1229 if (options->visual_host_key == -1) 1237 if (options->visual_host_key == -1)
1230 options->visual_host_key = 0; 1238 options->visual_host_key = 0;
1239 if (options->zero_knowledge_password_authentication == -1)
1240 options->zero_knowledge_password_authentication = 0;
1231 /* options->local_command should not be set by default */ 1241 /* options->local_command should not be set by default */
1232 /* options->proxy_command should not be set by default */ 1242 /* options->proxy_command should not be set by default */
1233 /* options->user will be set in the main program if appropriate */ 1243 /* options->user will be set in the main program if appropriate */
@@ -1239,11 +1249,14 @@ fill_default_options(Options * options)
1239/* 1249/*
1240 * parse_forward 1250 * parse_forward
1241 * parses a string containing a port forwarding specification of the form: 1251 * parses a string containing a port forwarding specification of the form:
1252 * dynamicfwd == 0
1242 * [listenhost:]listenport:connecthost:connectport 1253 * [listenhost:]listenport:connecthost:connectport
1254 * dynamicfwd == 1
1255 * [listenhost:]listenport
1243 * returns number of arguments parsed or zero on error 1256 * returns number of arguments parsed or zero on error
1244 */ 1257 */
1245int 1258int
1246parse_forward(Forward *fwd, const char *fwdspec) 1259parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1247{ 1260{
1248 int i; 1261 int i;
1249 char *p, *cp, *fwdarg[4]; 1262 char *p, *cp, *fwdarg[4];
@@ -1260,11 +1273,23 @@ parse_forward(Forward *fwd, const char *fwdspec)
1260 if ((fwdarg[i] = hpdelim(&cp)) == NULL) 1273 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1261 break; 1274 break;
1262 1275
1263 /* Check for trailing garbage in 4-arg case*/ 1276 /* Check for trailing garbage */
1264 if (cp != NULL) 1277 if (cp != NULL)
1265 i = 0; /* failure */ 1278 i = 0; /* failure */
1266 1279
1267 switch (i) { 1280 switch (i) {
1281 case 1:
1282 fwd->listen_host = NULL;
1283 fwd->listen_port = a2port(fwdarg[0]);
1284 fwd->connect_host = xstrdup("socks");
1285 break;
1286
1287 case 2:
1288 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1289 fwd->listen_port = a2port(fwdarg[1]);
1290 fwd->connect_host = xstrdup("socks");
1291 break;
1292
1268 case 3: 1293 case 3:
1269 fwd->listen_host = NULL; 1294 fwd->listen_host = NULL;
1270 fwd->listen_port = a2port(fwdarg[0]); 1295 fwd->listen_port = a2port(fwdarg[0]);
@@ -1284,19 +1309,37 @@ parse_forward(Forward *fwd, const char *fwdspec)
1284 1309
1285 xfree(p); 1310 xfree(p);
1286 1311
1287 if (fwd->listen_port == 0 || fwd->connect_port == 0) 1312 if (dynamicfwd) {
1313 if (!(i == 1 || i == 2))
1314 goto fail_free;
1315 } else {
1316 if (!(i == 3 || i == 4))
1317 goto fail_free;
1318 if (fwd->connect_port <= 0)
1319 goto fail_free;
1320 }
1321
1322 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
1288 goto fail_free; 1323 goto fail_free;
1289 1324
1290 if (fwd->connect_host != NULL && 1325 if (fwd->connect_host != NULL &&
1291 strlen(fwd->connect_host) >= NI_MAXHOST) 1326 strlen(fwd->connect_host) >= NI_MAXHOST)
1292 goto fail_free; 1327 goto fail_free;
1328 if (fwd->listen_host != NULL &&
1329 strlen(fwd->listen_host) >= NI_MAXHOST)
1330 goto fail_free;
1331
1293 1332
1294 return (i); 1333 return (i);
1295 1334
1296 fail_free: 1335 fail_free:
1297 if (fwd->connect_host != NULL) 1336 if (fwd->connect_host != NULL) {
1298 xfree(fwd->connect_host); 1337 xfree(fwd->connect_host);
1299 if (fwd->listen_host != NULL) 1338 fwd->connect_host = NULL;
1339 }
1340 if (fwd->listen_host != NULL) {
1300 xfree(fwd->listen_host); 1341 xfree(fwd->listen_host);
1342 fwd->listen_host = NULL;
1343 }
1301 return (0); 1344 return (0);
1302} 1345}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 00:20:39 +0000