summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-05 23:58:12 +0100
commit0556ea972b15607b7e13ff31bc05840881c91dd3 (patch)
treed6b8d48062d0278b5ae0eeff42d0e9afa9f26860 /readconf.c
parentdb2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92 (diff)
parent801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 (diff)
New upstream release (7.6p1)
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c202
1 files changed, 77 insertions, 125 deletions
diff --git a/readconf.c b/readconf.c
index 4d92d174b..41f36aa8d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.279 2017/09/21 19:16:53 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,7 +152,7 @@ typedef enum {
152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, 154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
155 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, 155 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
156 oPubkeyAuthentication, 156 oPubkeyAuthentication,
157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -165,7 +165,8 @@ typedef enum {
165 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 165 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
166 oSendEnv, oControlPath, oControlMaster, oControlPersist, 166 oSendEnv, oControlPath, oControlMaster, oControlPersist,
167 oHashKnownHosts, 167 oHashKnownHosts,
168 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 168 oTunnel, oTunnelDevice,
169 oLocalCommand, oPermitLocalCommand, oRemoteCommand,
169 oVisualHostKey, 170 oVisualHostKey,
170 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, 171 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
171 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, 172 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
@@ -174,7 +175,7 @@ typedef enum {
174 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 175 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
175 oPubkeyAcceptedKeyTypes, oProxyJump, 176 oPubkeyAcceptedKeyTypes, oProxyJump,
176 oProtocolKeepAlives, oSetupTimeOut, 177 oProtocolKeepAlives, oSetupTimeOut,
177 oIgnoredUnknownOption, oDeprecated, oUnsupported 178 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
178} OpCodes; 179} OpCodes;
179 180
180/* Textual representations of the tokens. */ 181/* Textual representations of the tokens. */
@@ -184,6 +185,8 @@ static struct {
184 OpCodes opcode; 185 OpCodes opcode;
185} keywords[] = { 186} keywords[] = {
186 /* Deprecated options */ 187 /* Deprecated options */
188 { "protocol", oIgnore }, /* NB. silently ignored */
189 { "cipher", oDeprecated },
187 { "fallbacktorsh", oDeprecated }, 190 { "fallbacktorsh", oDeprecated },
188 { "globalknownhostsfile2", oDeprecated }, 191 { "globalknownhostsfile2", oDeprecated },
189 { "rhostsauthentication", oDeprecated }, 192 { "rhostsauthentication", oDeprecated },
@@ -222,15 +225,9 @@ static struct {
222 { "smartcarddevice", oUnsupported }, 225 { "smartcarddevice", oUnsupported },
223 { "pkcs11provider", oUnsupported }, 226 { "pkcs11provider", oUnsupported },
224#endif 227#endif
225#ifdef WITH_SSH1
226 { "rsaauthentication", oRSAAuthentication },
227 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
228 { "compressionlevel", oCompressionLevel },
229# else
230 { "rsaauthentication", oUnsupported }, 228 { "rsaauthentication", oUnsupported },
231 { "rhostsrsaauthentication", oUnsupported }, 229 { "rhostsrsaauthentication", oUnsupported },
232 { "compressionlevel", oUnsupported }, 230 { "compressionlevel", oUnsupported },
233#endif
234 231
235 { "forwardagent", oForwardAgent }, 232 { "forwardagent", oForwardAgent },
236 { "forwardx11", oForwardX11 }, 233 { "forwardx11", oForwardX11 },
@@ -259,10 +256,8 @@ static struct {
259 { "hostkeyalias", oHostKeyAlias }, 256 { "hostkeyalias", oHostKeyAlias },
260 { "proxycommand", oProxyCommand }, 257 { "proxycommand", oProxyCommand },
261 { "port", oPort }, 258 { "port", oPort },
262 { "cipher", oCipher },
263 { "ciphers", oCiphers }, 259 { "ciphers", oCiphers },
264 { "macs", oMacs }, 260 { "macs", oMacs },
265 { "protocol", oProtocol },
266 { "remoteforward", oRemoteForward }, 261 { "remoteforward", oRemoteForward },
267 { "localforward", oLocalForward }, 262 { "localforward", oLocalForward },
268 { "user", oUser }, 263 { "user", oUser },
@@ -279,6 +274,7 @@ static struct {
279 { "tcpkeepalive", oTCPKeepAlive }, 274 { "tcpkeepalive", oTCPKeepAlive },
280 { "keepalive", oTCPKeepAlive }, /* obsolete */ 275 { "keepalive", oTCPKeepAlive }, /* obsolete */
281 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 276 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
277 { "syslogfacility", oLogFacility },
282 { "loglevel", oLogLevel }, 278 { "loglevel", oLogLevel },
283 { "dynamicforward", oDynamicForward }, 279 { "dynamicforward", oDynamicForward },
284 { "preferredauthentications", oPreferredAuthentications }, 280 { "preferredauthentications", oPreferredAuthentications },
@@ -303,6 +299,7 @@ static struct {
303 { "tunneldevice", oTunnelDevice }, 299 { "tunneldevice", oTunnelDevice },
304 { "localcommand", oLocalCommand }, 300 { "localcommand", oLocalCommand },
305 { "permitlocalcommand", oPermitLocalCommand }, 301 { "permitlocalcommand", oPermitLocalCommand },
302 { "remotecommand", oRemoteCommand },
306 { "visualhostkey", oVisualHostKey }, 303 { "visualhostkey", oVisualHostKey },
307 { "kexalgorithms", oKexAlgorithms }, 304 { "kexalgorithms", oKexAlgorithms },
308 { "ipqos", oIPQoS }, 305 { "ipqos", oIPQoS },
@@ -459,8 +456,8 @@ add_identity_file(Options *options, const char *dir, const char *filename,
459 456
460 if (dir == NULL) /* no dir, filename is absolute */ 457 if (dir == NULL) /* no dir, filename is absolute */
461 path = xstrdup(filename); 458 path = xstrdup(filename);
462 else 459 else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX)
463 (void)xasprintf(&path, "%.100s%.100s", dir, filename); 460 fatal("Identity file path %s too long", path);
464 461
465 /* Avoid registering duplicates */ 462 /* Avoid registering duplicates */
466 for (i = 0; i < options->num_identity_files; i++) { 463 for (i = 0; i < options->num_identity_files; i++) {
@@ -770,6 +767,16 @@ static const struct multistate multistate_yesnoask[] = {
770 { "ask", 2 }, 767 { "ask", 2 },
771 { NULL, -1 } 768 { NULL, -1 }
772}; 769};
770static const struct multistate multistate_strict_hostkey[] = {
771 { "true", SSH_STRICT_HOSTKEY_YES },
772 { "false", SSH_STRICT_HOSTKEY_OFF },
773 { "yes", SSH_STRICT_HOSTKEY_YES },
774 { "no", SSH_STRICT_HOSTKEY_OFF },
775 { "ask", SSH_STRICT_HOSTKEY_ASK },
776 { "off", SSH_STRICT_HOSTKEY_OFF },
777 { "accept-new", SSH_STRICT_HOSTKEY_NEW },
778 { NULL, -1 }
779};
773static const struct multistate multistate_yesnoaskconfirm[] = { 780static const struct multistate multistate_yesnoaskconfirm[] = {
774 { "true", 1 }, 781 { "true", 1 },
775 { "false", 0 }, 782 { "false", 0 },
@@ -845,7 +852,9 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
845 char **cpptr, fwdarg[256]; 852 char **cpptr, fwdarg[256];
846 u_int i, *uintptr, max_entries = 0; 853 u_int i, *uintptr, max_entries = 0;
847 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; 854 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
855 int remotefwd, dynamicfwd;
848 LogLevel *log_level_ptr; 856 LogLevel *log_level_ptr;
857 SyslogFacility *log_facility_ptr;
849 long long val64; 858 long long val64;
850 size_t len; 859 size_t len;
851 struct Forward fwd; 860 struct Forward fwd;
@@ -886,6 +895,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
886 case oBadOption: 895 case oBadOption:
887 /* don't panic, but count bad options */ 896 /* don't panic, but count bad options */
888 return -1; 897 return -1;
898 case oIgnore:
899 return 0;
889 case oIgnoredUnknownOption: 900 case oIgnoredUnknownOption:
890 debug("%s line %d: Ignored unknown option \"%s\"", 901 debug("%s line %d: Ignored unknown option \"%s\"",
891 filename, linenum, keyword); 902 filename, linenum, keyword);
@@ -969,14 +980,6 @@ parse_time:
969 intptr = &options->pubkey_authentication; 980 intptr = &options->pubkey_authentication;
970 goto parse_flag; 981 goto parse_flag;
971 982
972 case oRSAAuthentication:
973 intptr = &options->rsa_authentication;
974 goto parse_flag;
975
976 case oRhostsRSAAuthentication:
977 intptr = &options->rhosts_rsa_authentication;
978 goto parse_flag;
979
980 case oHostbasedAuthentication: 983 case oHostbasedAuthentication:
981 intptr = &options->hostbased_authentication; 984 intptr = &options->hostbased_authentication;
982 goto parse_flag; 985 goto parse_flag;
@@ -1028,7 +1031,7 @@ parse_time:
1028 1031
1029 case oStrictHostKeyChecking: 1032 case oStrictHostKeyChecking:
1030 intptr = &options->strict_host_key_checking; 1033 intptr = &options->strict_host_key_checking;
1031 multistate_ptr = multistate_yesnoask; 1034 multistate_ptr = multistate_strict_hostkey;
1032 goto parse_multistate; 1035 goto parse_multistate;
1033 1036
1034 case oCompression: 1037 case oCompression:
@@ -1047,10 +1050,6 @@ parse_time:
1047 intptr = &options->number_of_password_prompts; 1050 intptr = &options->number_of_password_prompts;
1048 goto parse_int; 1051 goto parse_int;
1049 1052
1050 case oCompressionLevel:
1051 intptr = &options->compression_level;
1052 goto parse_int;
1053
1054 case oRekeyLimit: 1053 case oRekeyLimit:
1055 arg = strdelim(&s); 1054 arg = strdelim(&s);
1056 if (!arg || *arg == '\0') 1055 if (!arg || *arg == '\0')
@@ -1213,19 +1212,6 @@ parse_int:
1213 intptr = &options->connection_attempts; 1212 intptr = &options->connection_attempts;
1214 goto parse_int; 1213 goto parse_int;
1215 1214
1216 case oCipher:
1217 intptr = &options->cipher;
1218 arg = strdelim(&s);
1219 if (!arg || *arg == '\0')
1220 fatal("%.200s line %d: Missing argument.", filename, linenum);
1221 value = cipher_number(arg);
1222 if (value == -1)
1223 fatal("%.200s line %d: Bad cipher '%s'.",
1224 filename, linenum, arg ? arg : "<NONE>");
1225 if (*activep && *intptr == -1)
1226 *intptr = value;
1227 break;
1228
1229 case oCiphers: 1215 case oCiphers:
1230 arg = strdelim(&s); 1216 arg = strdelim(&s);
1231 if (!arg || *arg == '\0') 1217 if (!arg || *arg == '\0')
@@ -1276,19 +1262,6 @@ parse_keytypes:
1276 *charptr = xstrdup(arg); 1262 *charptr = xstrdup(arg);
1277 break; 1263 break;
1278 1264
1279 case oProtocol:
1280 intptr = &options->protocol;
1281 arg = strdelim(&s);
1282 if (!arg || *arg == '\0')
1283 fatal("%.200s line %d: Missing argument.", filename, linenum);
1284 value = proto_spec(arg);
1285 if (value == SSH_PROTO_UNKNOWN)
1286 fatal("%.200s line %d: Bad protocol spec '%s'.",
1287 filename, linenum, arg ? arg : "<NONE>");
1288 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
1289 *intptr = value;
1290 break;
1291
1292 case oLogLevel: 1265 case oLogLevel:
1293 log_level_ptr = &options->log_level; 1266 log_level_ptr = &options->log_level;
1294 arg = strdelim(&s); 1267 arg = strdelim(&s);
@@ -1300,6 +1273,17 @@ parse_keytypes:
1300 *log_level_ptr = (LogLevel) value; 1273 *log_level_ptr = (LogLevel) value;
1301 break; 1274 break;
1302 1275
1276 case oLogFacility:
1277 log_facility_ptr = &options->log_facility;
1278 arg = strdelim(&s);
1279 value = log_facility_number(arg);
1280 if (value == SYSLOG_FACILITY_NOT_SET)
1281 fatal("%.200s line %d: unsupported log facility '%s'",
1282 filename, linenum, arg ? arg : "<NONE>");
1283 if (*log_facility_ptr == -1)
1284 *log_facility_ptr = (SyslogFacility) value;
1285 break;
1286
1303 case oLocalForward: 1287 case oLocalForward:
1304 case oRemoteForward: 1288 case oRemoteForward:
1305 case oDynamicForward: 1289 case oDynamicForward:
@@ -1308,31 +1292,36 @@ parse_keytypes:
1308 fatal("%.200s line %d: Missing port argument.", 1292 fatal("%.200s line %d: Missing port argument.",
1309 filename, linenum); 1293 filename, linenum);
1310 1294
1311 if (opcode == oLocalForward || 1295 remotefwd = (opcode == oRemoteForward);
1312 opcode == oRemoteForward) { 1296 dynamicfwd = (opcode == oDynamicForward);
1313 arg2 = strdelim(&s);
1314 if (arg2 == NULL || *arg2 == '\0')
1315 fatal("%.200s line %d: Missing target argument.",
1316 filename, linenum);
1317 1297
1318 /* construct a string for parse_forward */ 1298 if (!dynamicfwd) {
1319 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); 1299 arg2 = strdelim(&s);
1320 } else if (opcode == oDynamicForward) { 1300 if (arg2 == NULL || *arg2 == '\0') {
1321 strlcpy(fwdarg, arg, sizeof(fwdarg)); 1301 if (remotefwd)
1302 dynamicfwd = 1;
1303 else
1304 fatal("%.200s line %d: Missing target "
1305 "argument.", filename, linenum);
1306 } else {
1307 /* construct a string for parse_forward */
1308 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg,
1309 arg2);
1310 }
1322 } 1311 }
1312 if (dynamicfwd)
1313 strlcpy(fwdarg, arg, sizeof(fwdarg));
1323 1314
1324 if (parse_forward(&fwd, fwdarg, 1315 if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0)
1325 opcode == oDynamicForward ? 1 : 0,
1326 opcode == oRemoteForward ? 1 : 0) == 0)
1327 fatal("%.200s line %d: Bad forwarding specification.", 1316 fatal("%.200s line %d: Bad forwarding specification.",
1328 filename, linenum); 1317 filename, linenum);
1329 1318
1330 if (*activep) { 1319 if (*activep) {
1331 if (opcode == oLocalForward || 1320 if (remotefwd) {
1332 opcode == oDynamicForward)
1333 add_local_forward(options, &fwd);
1334 else if (opcode == oRemoteForward)
1335 add_remote_forward(options, &fwd); 1321 add_remote_forward(options, &fwd);
1322 } else {
1323 add_local_forward(options, &fwd);
1324 }
1336 } 1325 }
1337 break; 1326 break;
1338 1327
@@ -1507,6 +1496,10 @@ parse_keytypes:
1507 intptr = &options->permit_local_command; 1496 intptr = &options->permit_local_command;
1508 goto parse_flag; 1497 goto parse_flag;
1509 1498
1499 case oRemoteCommand:
1500 charptr = &options->remote_command;
1501 goto parse_command;
1502
1510 case oVisualHostKey: 1503 case oVisualHostKey:
1511 intptr = &options->visual_host_key; 1504 intptr = &options->visual_host_key;
1512 goto parse_flag; 1505 goto parse_flag;
@@ -1831,7 +1824,6 @@ initialize_options(Options * options)
1831 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 1824 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
1832 options->fwd_opts.streamlocal_bind_unlink = -1; 1825 options->fwd_opts.streamlocal_bind_unlink = -1;
1833 options->use_privileged_port = -1; 1826 options->use_privileged_port = -1;
1834 options->rsa_authentication = -1;
1835 options->pubkey_authentication = -1; 1827 options->pubkey_authentication = -1;
1836 options->challenge_response_authentication = -1; 1828 options->challenge_response_authentication = -1;
1837 options->gss_authentication = -1; 1829 options->gss_authentication = -1;
@@ -1844,25 +1836,21 @@ initialize_options(Options * options)
1844 options->password_authentication = -1; 1836 options->password_authentication = -1;
1845 options->kbd_interactive_authentication = -1; 1837 options->kbd_interactive_authentication = -1;
1846 options->kbd_interactive_devices = NULL; 1838 options->kbd_interactive_devices = NULL;
1847 options->rhosts_rsa_authentication = -1;
1848 options->hostbased_authentication = -1; 1839 options->hostbased_authentication = -1;
1849 options->batch_mode = -1; 1840 options->batch_mode = -1;
1850 options->check_host_ip = -1; 1841 options->check_host_ip = -1;
1851 options->strict_host_key_checking = -1; 1842 options->strict_host_key_checking = -1;
1852 options->compression = -1; 1843 options->compression = -1;
1853 options->tcp_keep_alive = -1; 1844 options->tcp_keep_alive = -1;
1854 options->compression_level = -1;
1855 options->port = -1; 1845 options->port = -1;
1856 options->address_family = -1; 1846 options->address_family = -1;
1857 options->connection_attempts = -1; 1847 options->connection_attempts = -1;
1858 options->connection_timeout = -1; 1848 options->connection_timeout = -1;
1859 options->number_of_password_prompts = -1; 1849 options->number_of_password_prompts = -1;
1860 options->cipher = -1;
1861 options->ciphers = NULL; 1850 options->ciphers = NULL;
1862 options->macs = NULL; 1851 options->macs = NULL;
1863 options->kex_algorithms = NULL; 1852 options->kex_algorithms = NULL;
1864 options->hostkeyalgorithms = NULL; 1853 options->hostkeyalgorithms = NULL;
1865 options->protocol = SSH_PROTO_UNKNOWN;
1866 options->num_identity_files = 0; 1854 options->num_identity_files = 0;
1867 options->num_certificate_files = 0; 1855 options->num_certificate_files = 0;
1868 options->hostname = NULL; 1856 options->hostname = NULL;
@@ -1880,6 +1868,7 @@ initialize_options(Options * options)
1880 options->num_local_forwards = 0; 1868 options->num_local_forwards = 0;
1881 options->remote_forwards = NULL; 1869 options->remote_forwards = NULL;
1882 options->num_remote_forwards = 0; 1870 options->num_remote_forwards = 0;
1871 options->log_facility = SYSLOG_FACILITY_NOT_SET;
1883 options->log_level = SYSLOG_LEVEL_NOT_SET; 1872 options->log_level = SYSLOG_LEVEL_NOT_SET;
1884 options->preferred_authentications = NULL; 1873 options->preferred_authentications = NULL;
1885 options->bind_address = NULL; 1874 options->bind_address = NULL;
@@ -1903,6 +1892,7 @@ initialize_options(Options * options)
1903 options->tun_remote = -1; 1892 options->tun_remote = -1;
1904 options->local_command = NULL; 1893 options->local_command = NULL;
1905 options->permit_local_command = -1; 1894 options->permit_local_command = -1;
1895 options->remote_command = NULL;
1906 options->add_keys_to_agent = -1; 1896 options->add_keys_to_agent = -1;
1907 options->identity_agent = NULL; 1897 options->identity_agent = NULL;
1908 options->visual_host_key = -1; 1898 options->visual_host_key = -1;
@@ -1976,8 +1966,6 @@ fill_default_options(Options * options)
1976 options->fwd_opts.streamlocal_bind_unlink = 0; 1966 options->fwd_opts.streamlocal_bind_unlink = 0;
1977 if (options->use_privileged_port == -1) 1967 if (options->use_privileged_port == -1)
1978 options->use_privileged_port = 0; 1968 options->use_privileged_port = 0;
1979 if (options->rsa_authentication == -1)
1980 options->rsa_authentication = 1;
1981 if (options->pubkey_authentication == -1) 1969 if (options->pubkey_authentication == -1)
1982 options->pubkey_authentication = 1; 1970 options->pubkey_authentication = 1;
1983 if (options->challenge_response_authentication == -1) 1971 if (options->challenge_response_authentication == -1)
@@ -1996,8 +1984,6 @@ fill_default_options(Options * options)
1996 options->password_authentication = 1; 1984 options->password_authentication = 1;
1997 if (options->kbd_interactive_authentication == -1) 1985 if (options->kbd_interactive_authentication == -1)
1998 options->kbd_interactive_authentication = 1; 1986 options->kbd_interactive_authentication = 1;
1999 if (options->rhosts_rsa_authentication == -1)
2000 options->rhosts_rsa_authentication = 0;
2001 if (options->hostbased_authentication == -1) 1987 if (options->hostbased_authentication == -1)
2002 options->hostbased_authentication = 0; 1988 options->hostbased_authentication = 0;
2003 if (options->batch_mode == -1) 1989 if (options->batch_mode == -1)
@@ -2005,13 +1991,11 @@ fill_default_options(Options * options)
2005 if (options->check_host_ip == -1) 1991 if (options->check_host_ip == -1)
2006 options->check_host_ip = 1; 1992 options->check_host_ip = 1;
2007 if (options->strict_host_key_checking == -1) 1993 if (options->strict_host_key_checking == -1)
2008 options->strict_host_key_checking = 2; /* 2 is default */ 1994 options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
2009 if (options->compression == -1) 1995 if (options->compression == -1)
2010 options->compression = 0; 1996 options->compression = 0;
2011 if (options->tcp_keep_alive == -1) 1997 if (options->tcp_keep_alive == -1)
2012 options->tcp_keep_alive = 1; 1998 options->tcp_keep_alive = 1;
2013 if (options->compression_level == -1)
2014 options->compression_level = 6;
2015 if (options->port == -1) 1999 if (options->port == -1)
2016 options->port = 0; /* Filled in ssh_connect. */ 2000 options->port = 0; /* Filled in ssh_connect. */
2017 if (options->address_family == -1) 2001 if (options->address_family == -1)
@@ -2020,31 +2004,17 @@ fill_default_options(Options * options)
2020 options->connection_attempts = 1; 2004 options->connection_attempts = 1;
2021 if (options->number_of_password_prompts == -1) 2005 if (options->number_of_password_prompts == -1)
2022 options->number_of_password_prompts = 3; 2006 options->number_of_password_prompts = 3;
2023 /* Selected in ssh_login(). */
2024 if (options->cipher == -1)
2025 options->cipher = SSH_CIPHER_NOT_SET;
2026 /* options->hostkeyalgorithms, default set in myproposals.h */ 2007 /* options->hostkeyalgorithms, default set in myproposals.h */
2027 if (options->protocol == SSH_PROTO_UNKNOWN)
2028 options->protocol = SSH_PROTO_2;
2029 if (options->add_keys_to_agent == -1) 2008 if (options->add_keys_to_agent == -1)
2030 options->add_keys_to_agent = 0; 2009 options->add_keys_to_agent = 0;
2031 if (options->num_identity_files == 0) { 2010 if (options->num_identity_files == 0) {
2032 if (options->protocol & SSH_PROTO_1) { 2011 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
2033 add_identity_file(options, "~/", 2012 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
2034 _PATH_SSH_CLIENT_IDENTITY, 0);
2035 }
2036 if (options->protocol & SSH_PROTO_2) {
2037 add_identity_file(options, "~/",
2038 _PATH_SSH_CLIENT_ID_RSA, 0);
2039 add_identity_file(options, "~/",
2040 _PATH_SSH_CLIENT_ID_DSA, 0);
2041#ifdef OPENSSL_HAS_ECC 2013#ifdef OPENSSL_HAS_ECC
2042 add_identity_file(options, "~/", 2014 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
2043 _PATH_SSH_CLIENT_ID_ECDSA, 0);
2044#endif 2015#endif
2045 add_identity_file(options, "~/", 2016 add_identity_file(options, "~/",
2046 _PATH_SSH_CLIENT_ID_ED25519, 0); 2017 _PATH_SSH_CLIENT_ID_ED25519, 0);
2047 }
2048 } 2018 }
2049 if (options->escape_char == -1) 2019 if (options->escape_char == -1)
2050 options->escape_char = '~'; 2020 options->escape_char = '~';
@@ -2062,6 +2032,8 @@ fill_default_options(Options * options)
2062 } 2032 }
2063 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 2033 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
2064 options->log_level = SYSLOG_LEVEL_INFO; 2034 options->log_level = SYSLOG_LEVEL_INFO;
2035 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
2036 options->log_facility = SYSLOG_FACILITY_USER;
2065 if (options->no_host_authentication_for_localhost == - 1) 2037 if (options->no_host_authentication_for_localhost == - 1)
2066 options->no_host_authentication_for_localhost = 0; 2038 options->no_host_authentication_for_localhost = 0;
2067 if (options->identities_only == -1) 2039 if (options->identities_only == -1)
@@ -2136,6 +2108,7 @@ fill_default_options(Options * options)
2136 } \ 2108 } \
2137 } while(0) 2109 } while(0)
2138 CLEAR_ON_NONE(options->local_command); 2110 CLEAR_ON_NONE(options->local_command);
2111 CLEAR_ON_NONE(options->remote_command);
2139 CLEAR_ON_NONE(options->proxy_command); 2112 CLEAR_ON_NONE(options->proxy_command);
2140 CLEAR_ON_NONE(options->control_path); 2113 CLEAR_ON_NONE(options->control_path);
2141 CLEAR_ON_NONE(options->revoked_host_keys); 2114 CLEAR_ON_NONE(options->revoked_host_keys);
@@ -2425,9 +2398,10 @@ fmt_intarg(OpCodes code, int val)
2425 case oAddressFamily: 2398 case oAddressFamily:
2426 return fmt_multistate_int(val, multistate_addressfamily); 2399 return fmt_multistate_int(val, multistate_addressfamily);
2427 case oVerifyHostKeyDNS: 2400 case oVerifyHostKeyDNS:
2428 case oStrictHostKeyChecking:
2429 case oUpdateHostkeys: 2401 case oUpdateHostkeys:
2430 return fmt_multistate_int(val, multistate_yesnoask); 2402 return fmt_multistate_int(val, multistate_yesnoask);
2403 case oStrictHostKeyChecking:
2404 return fmt_multistate_int(val, multistate_strict_hostkey);
2431 case oControlMaster: 2405 case oControlMaster:
2432 return fmt_multistate_int(val, multistate_controlmaster); 2406 return fmt_multistate_int(val, multistate_controlmaster);
2433 case oTunnel: 2407 case oTunnel:
@@ -2438,17 +2412,6 @@ fmt_intarg(OpCodes code, int val)
2438 return fmt_multistate_int(val, multistate_canonicalizehostname); 2412 return fmt_multistate_int(val, multistate_canonicalizehostname);
2439 case oFingerprintHash: 2413 case oFingerprintHash:
2440 return ssh_digest_alg_name(val); 2414 return ssh_digest_alg_name(val);
2441 case oProtocol:
2442 switch (val) {
2443 case SSH_PROTO_1:
2444 return "1";
2445 case SSH_PROTO_2:
2446 return "2";
2447 case (SSH_PROTO_1|SSH_PROTO_2):
2448 return "2,1";
2449 default:
2450 return "UNKNOWN";
2451 }
2452 default: 2415 default:
2453 switch (val) { 2416 switch (val) {
2454 case 0: 2417 case 0:
@@ -2593,14 +2556,9 @@ dump_client_config(Options *o, const char *host)
2593 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); 2556 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
2594 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); 2557 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
2595 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); 2558 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
2596 dump_cfg_fmtint(oProtocol, o->protocol);
2597 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); 2559 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2598 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); 2560 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2599 dump_cfg_fmtint(oRequestTTY, o->request_tty); 2561 dump_cfg_fmtint(oRequestTTY, o->request_tty);
2600#ifdef WITH_RSA1
2601 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2602 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
2603#endif
2604 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2562 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2605 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); 2563 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2606 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); 2564 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2612,9 +2570,6 @@ dump_client_config(Options *o, const char *host)
2612 2570
2613 /* Integer options */ 2571 /* Integer options */
2614 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); 2572 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
2615#ifdef WITH_SSH1
2616 dump_cfg_int(oCompressionLevel, o->compression_level);
2617#endif
2618 dump_cfg_int(oConnectionAttempts, o->connection_attempts); 2573 dump_cfg_int(oConnectionAttempts, o->connection_attempts);
2619 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); 2574 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
2620 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); 2575 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
@@ -2632,6 +2587,7 @@ dump_client_config(Options *o, const char *host)
2632 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2587 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2633 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2588 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
2634 dump_cfg_string(oLocalCommand, o->local_command); 2589 dump_cfg_string(oLocalCommand, o->local_command);
2590 dump_cfg_string(oRemoteCommand, o->remote_command);
2635 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2591 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2636 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2592 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2637#ifdef ENABLE_PKCS11 2593#ifdef ENABLE_PKCS11
@@ -2684,10 +2640,6 @@ dump_client_config(Options *o, const char *host)
2684 printf("\n"); 2640 printf("\n");
2685 } 2641 }
2686 2642
2687 /* oCipher */
2688 if (o->cipher != SSH_CIPHER_NOT_SET)
2689 printf("Cipher %s\n", cipher_name(o->cipher));
2690
2691 /* oControlPersist */ 2643 /* oControlPersist */
2692 if (o->control_persist == 0 || o->control_persist_timeout == 0) 2644 if (o->control_persist == 0 || o->control_persist_timeout == 0)
2693 dump_cfg_fmtint(oControlPersist, o->control_persist); 2645 dump_cfg_fmtint(oControlPersist, o->control_persist);