diff options
author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-10-05 23:58:12 +0100 |
commit | 0556ea972b15607b7e13ff31bc05840881c91dd3 (patch) | |
tree | d6b8d48062d0278b5ae0eeff42d0e9afa9f26860 /readconf.c | |
parent | db2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92 (diff) | |
parent | 801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 (diff) |
New upstream release (7.6p1)
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 202 |
1 files changed, 77 insertions, 125 deletions
diff --git a/readconf.c b/readconf.c index 4d92d174b..41f36aa8d 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.279 2017/09/21 19:16:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -152,7 +152,7 @@ typedef enum { | |||
152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, | 153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
154 | oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, | 154 | oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, |
155 | oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, | 155 | oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs, |
156 | oPubkeyAuthentication, | 156 | oPubkeyAuthentication, |
157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
@@ -165,7 +165,8 @@ typedef enum { | |||
165 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 165 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
166 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 166 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
167 | oHashKnownHosts, | 167 | oHashKnownHosts, |
168 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 168 | oTunnel, oTunnelDevice, |
169 | oLocalCommand, oPermitLocalCommand, oRemoteCommand, | ||
169 | oVisualHostKey, | 170 | oVisualHostKey, |
170 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, | 171 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
171 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, | 172 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
@@ -174,7 +175,7 @@ typedef enum { | |||
174 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 175 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
175 | oPubkeyAcceptedKeyTypes, oProxyJump, | 176 | oPubkeyAcceptedKeyTypes, oProxyJump, |
176 | oProtocolKeepAlives, oSetupTimeOut, | 177 | oProtocolKeepAlives, oSetupTimeOut, |
177 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 178 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
178 | } OpCodes; | 179 | } OpCodes; |
179 | 180 | ||
180 | /* Textual representations of the tokens. */ | 181 | /* Textual representations of the tokens. */ |
@@ -184,6 +185,8 @@ static struct { | |||
184 | OpCodes opcode; | 185 | OpCodes opcode; |
185 | } keywords[] = { | 186 | } keywords[] = { |
186 | /* Deprecated options */ | 187 | /* Deprecated options */ |
188 | { "protocol", oIgnore }, /* NB. silently ignored */ | ||
189 | { "cipher", oDeprecated }, | ||
187 | { "fallbacktorsh", oDeprecated }, | 190 | { "fallbacktorsh", oDeprecated }, |
188 | { "globalknownhostsfile2", oDeprecated }, | 191 | { "globalknownhostsfile2", oDeprecated }, |
189 | { "rhostsauthentication", oDeprecated }, | 192 | { "rhostsauthentication", oDeprecated }, |
@@ -222,15 +225,9 @@ static struct { | |||
222 | { "smartcarddevice", oUnsupported }, | 225 | { "smartcarddevice", oUnsupported }, |
223 | { "pkcs11provider", oUnsupported }, | 226 | { "pkcs11provider", oUnsupported }, |
224 | #endif | 227 | #endif |
225 | #ifdef WITH_SSH1 | ||
226 | { "rsaauthentication", oRSAAuthentication }, | ||
227 | { "rhostsrsaauthentication", oRhostsRSAAuthentication }, | ||
228 | { "compressionlevel", oCompressionLevel }, | ||
229 | # else | ||
230 | { "rsaauthentication", oUnsupported }, | 228 | { "rsaauthentication", oUnsupported }, |
231 | { "rhostsrsaauthentication", oUnsupported }, | 229 | { "rhostsrsaauthentication", oUnsupported }, |
232 | { "compressionlevel", oUnsupported }, | 230 | { "compressionlevel", oUnsupported }, |
233 | #endif | ||
234 | 231 | ||
235 | { "forwardagent", oForwardAgent }, | 232 | { "forwardagent", oForwardAgent }, |
236 | { "forwardx11", oForwardX11 }, | 233 | { "forwardx11", oForwardX11 }, |
@@ -259,10 +256,8 @@ static struct { | |||
259 | { "hostkeyalias", oHostKeyAlias }, | 256 | { "hostkeyalias", oHostKeyAlias }, |
260 | { "proxycommand", oProxyCommand }, | 257 | { "proxycommand", oProxyCommand }, |
261 | { "port", oPort }, | 258 | { "port", oPort }, |
262 | { "cipher", oCipher }, | ||
263 | { "ciphers", oCiphers }, | 259 | { "ciphers", oCiphers }, |
264 | { "macs", oMacs }, | 260 | { "macs", oMacs }, |
265 | { "protocol", oProtocol }, | ||
266 | { "remoteforward", oRemoteForward }, | 261 | { "remoteforward", oRemoteForward }, |
267 | { "localforward", oLocalForward }, | 262 | { "localforward", oLocalForward }, |
268 | { "user", oUser }, | 263 | { "user", oUser }, |
@@ -279,6 +274,7 @@ static struct { | |||
279 | { "tcpkeepalive", oTCPKeepAlive }, | 274 | { "tcpkeepalive", oTCPKeepAlive }, |
280 | { "keepalive", oTCPKeepAlive }, /* obsolete */ | 275 | { "keepalive", oTCPKeepAlive }, /* obsolete */ |
281 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, | 276 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
277 | { "syslogfacility", oLogFacility }, | ||
282 | { "loglevel", oLogLevel }, | 278 | { "loglevel", oLogLevel }, |
283 | { "dynamicforward", oDynamicForward }, | 279 | { "dynamicforward", oDynamicForward }, |
284 | { "preferredauthentications", oPreferredAuthentications }, | 280 | { "preferredauthentications", oPreferredAuthentications }, |
@@ -303,6 +299,7 @@ static struct { | |||
303 | { "tunneldevice", oTunnelDevice }, | 299 | { "tunneldevice", oTunnelDevice }, |
304 | { "localcommand", oLocalCommand }, | 300 | { "localcommand", oLocalCommand }, |
305 | { "permitlocalcommand", oPermitLocalCommand }, | 301 | { "permitlocalcommand", oPermitLocalCommand }, |
302 | { "remotecommand", oRemoteCommand }, | ||
306 | { "visualhostkey", oVisualHostKey }, | 303 | { "visualhostkey", oVisualHostKey }, |
307 | { "kexalgorithms", oKexAlgorithms }, | 304 | { "kexalgorithms", oKexAlgorithms }, |
308 | { "ipqos", oIPQoS }, | 305 | { "ipqos", oIPQoS }, |
@@ -459,8 +456,8 @@ add_identity_file(Options *options, const char *dir, const char *filename, | |||
459 | 456 | ||
460 | if (dir == NULL) /* no dir, filename is absolute */ | 457 | if (dir == NULL) /* no dir, filename is absolute */ |
461 | path = xstrdup(filename); | 458 | path = xstrdup(filename); |
462 | else | 459 | else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX) |
463 | (void)xasprintf(&path, "%.100s%.100s", dir, filename); | 460 | fatal("Identity file path %s too long", path); |
464 | 461 | ||
465 | /* Avoid registering duplicates */ | 462 | /* Avoid registering duplicates */ |
466 | for (i = 0; i < options->num_identity_files; i++) { | 463 | for (i = 0; i < options->num_identity_files; i++) { |
@@ -770,6 +767,16 @@ static const struct multistate multistate_yesnoask[] = { | |||
770 | { "ask", 2 }, | 767 | { "ask", 2 }, |
771 | { NULL, -1 } | 768 | { NULL, -1 } |
772 | }; | 769 | }; |
770 | static const struct multistate multistate_strict_hostkey[] = { | ||
771 | { "true", SSH_STRICT_HOSTKEY_YES }, | ||
772 | { "false", SSH_STRICT_HOSTKEY_OFF }, | ||
773 | { "yes", SSH_STRICT_HOSTKEY_YES }, | ||
774 | { "no", SSH_STRICT_HOSTKEY_OFF }, | ||
775 | { "ask", SSH_STRICT_HOSTKEY_ASK }, | ||
776 | { "off", SSH_STRICT_HOSTKEY_OFF }, | ||
777 | { "accept-new", SSH_STRICT_HOSTKEY_NEW }, | ||
778 | { NULL, -1 } | ||
779 | }; | ||
773 | static const struct multistate multistate_yesnoaskconfirm[] = { | 780 | static const struct multistate multistate_yesnoaskconfirm[] = { |
774 | { "true", 1 }, | 781 | { "true", 1 }, |
775 | { "false", 0 }, | 782 | { "false", 0 }, |
@@ -845,7 +852,9 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, | |||
845 | char **cpptr, fwdarg[256]; | 852 | char **cpptr, fwdarg[256]; |
846 | u_int i, *uintptr, max_entries = 0; | 853 | u_int i, *uintptr, max_entries = 0; |
847 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; | 854 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; |
855 | int remotefwd, dynamicfwd; | ||
848 | LogLevel *log_level_ptr; | 856 | LogLevel *log_level_ptr; |
857 | SyslogFacility *log_facility_ptr; | ||
849 | long long val64; | 858 | long long val64; |
850 | size_t len; | 859 | size_t len; |
851 | struct Forward fwd; | 860 | struct Forward fwd; |
@@ -886,6 +895,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, | |||
886 | case oBadOption: | 895 | case oBadOption: |
887 | /* don't panic, but count bad options */ | 896 | /* don't panic, but count bad options */ |
888 | return -1; | 897 | return -1; |
898 | case oIgnore: | ||
899 | return 0; | ||
889 | case oIgnoredUnknownOption: | 900 | case oIgnoredUnknownOption: |
890 | debug("%s line %d: Ignored unknown option \"%s\"", | 901 | debug("%s line %d: Ignored unknown option \"%s\"", |
891 | filename, linenum, keyword); | 902 | filename, linenum, keyword); |
@@ -969,14 +980,6 @@ parse_time: | |||
969 | intptr = &options->pubkey_authentication; | 980 | intptr = &options->pubkey_authentication; |
970 | goto parse_flag; | 981 | goto parse_flag; |
971 | 982 | ||
972 | case oRSAAuthentication: | ||
973 | intptr = &options->rsa_authentication; | ||
974 | goto parse_flag; | ||
975 | |||
976 | case oRhostsRSAAuthentication: | ||
977 | intptr = &options->rhosts_rsa_authentication; | ||
978 | goto parse_flag; | ||
979 | |||
980 | case oHostbasedAuthentication: | 983 | case oHostbasedAuthentication: |
981 | intptr = &options->hostbased_authentication; | 984 | intptr = &options->hostbased_authentication; |
982 | goto parse_flag; | 985 | goto parse_flag; |
@@ -1028,7 +1031,7 @@ parse_time: | |||
1028 | 1031 | ||
1029 | case oStrictHostKeyChecking: | 1032 | case oStrictHostKeyChecking: |
1030 | intptr = &options->strict_host_key_checking; | 1033 | intptr = &options->strict_host_key_checking; |
1031 | multistate_ptr = multistate_yesnoask; | 1034 | multistate_ptr = multistate_strict_hostkey; |
1032 | goto parse_multistate; | 1035 | goto parse_multistate; |
1033 | 1036 | ||
1034 | case oCompression: | 1037 | case oCompression: |
@@ -1047,10 +1050,6 @@ parse_time: | |||
1047 | intptr = &options->number_of_password_prompts; | 1050 | intptr = &options->number_of_password_prompts; |
1048 | goto parse_int; | 1051 | goto parse_int; |
1049 | 1052 | ||
1050 | case oCompressionLevel: | ||
1051 | intptr = &options->compression_level; | ||
1052 | goto parse_int; | ||
1053 | |||
1054 | case oRekeyLimit: | 1053 | case oRekeyLimit: |
1055 | arg = strdelim(&s); | 1054 | arg = strdelim(&s); |
1056 | if (!arg || *arg == '\0') | 1055 | if (!arg || *arg == '\0') |
@@ -1213,19 +1212,6 @@ parse_int: | |||
1213 | intptr = &options->connection_attempts; | 1212 | intptr = &options->connection_attempts; |
1214 | goto parse_int; | 1213 | goto parse_int; |
1215 | 1214 | ||
1216 | case oCipher: | ||
1217 | intptr = &options->cipher; | ||
1218 | arg = strdelim(&s); | ||
1219 | if (!arg || *arg == '\0') | ||
1220 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
1221 | value = cipher_number(arg); | ||
1222 | if (value == -1) | ||
1223 | fatal("%.200s line %d: Bad cipher '%s'.", | ||
1224 | filename, linenum, arg ? arg : "<NONE>"); | ||
1225 | if (*activep && *intptr == -1) | ||
1226 | *intptr = value; | ||
1227 | break; | ||
1228 | |||
1229 | case oCiphers: | 1215 | case oCiphers: |
1230 | arg = strdelim(&s); | 1216 | arg = strdelim(&s); |
1231 | if (!arg || *arg == '\0') | 1217 | if (!arg || *arg == '\0') |
@@ -1276,19 +1262,6 @@ parse_keytypes: | |||
1276 | *charptr = xstrdup(arg); | 1262 | *charptr = xstrdup(arg); |
1277 | break; | 1263 | break; |
1278 | 1264 | ||
1279 | case oProtocol: | ||
1280 | intptr = &options->protocol; | ||
1281 | arg = strdelim(&s); | ||
1282 | if (!arg || *arg == '\0') | ||
1283 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
1284 | value = proto_spec(arg); | ||
1285 | if (value == SSH_PROTO_UNKNOWN) | ||
1286 | fatal("%.200s line %d: Bad protocol spec '%s'.", | ||
1287 | filename, linenum, arg ? arg : "<NONE>"); | ||
1288 | if (*activep && *intptr == SSH_PROTO_UNKNOWN) | ||
1289 | *intptr = value; | ||
1290 | break; | ||
1291 | |||
1292 | case oLogLevel: | 1265 | case oLogLevel: |
1293 | log_level_ptr = &options->log_level; | 1266 | log_level_ptr = &options->log_level; |
1294 | arg = strdelim(&s); | 1267 | arg = strdelim(&s); |
@@ -1300,6 +1273,17 @@ parse_keytypes: | |||
1300 | *log_level_ptr = (LogLevel) value; | 1273 | *log_level_ptr = (LogLevel) value; |
1301 | break; | 1274 | break; |
1302 | 1275 | ||
1276 | case oLogFacility: | ||
1277 | log_facility_ptr = &options->log_facility; | ||
1278 | arg = strdelim(&s); | ||
1279 | value = log_facility_number(arg); | ||
1280 | if (value == SYSLOG_FACILITY_NOT_SET) | ||
1281 | fatal("%.200s line %d: unsupported log facility '%s'", | ||
1282 | filename, linenum, arg ? arg : "<NONE>"); | ||
1283 | if (*log_facility_ptr == -1) | ||
1284 | *log_facility_ptr = (SyslogFacility) value; | ||
1285 | break; | ||
1286 | |||
1303 | case oLocalForward: | 1287 | case oLocalForward: |
1304 | case oRemoteForward: | 1288 | case oRemoteForward: |
1305 | case oDynamicForward: | 1289 | case oDynamicForward: |
@@ -1308,31 +1292,36 @@ parse_keytypes: | |||
1308 | fatal("%.200s line %d: Missing port argument.", | 1292 | fatal("%.200s line %d: Missing port argument.", |
1309 | filename, linenum); | 1293 | filename, linenum); |
1310 | 1294 | ||
1311 | if (opcode == oLocalForward || | 1295 | remotefwd = (opcode == oRemoteForward); |
1312 | opcode == oRemoteForward) { | 1296 | dynamicfwd = (opcode == oDynamicForward); |
1313 | arg2 = strdelim(&s); | ||
1314 | if (arg2 == NULL || *arg2 == '\0') | ||
1315 | fatal("%.200s line %d: Missing target argument.", | ||
1316 | filename, linenum); | ||
1317 | 1297 | ||
1318 | /* construct a string for parse_forward */ | 1298 | if (!dynamicfwd) { |
1319 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); | 1299 | arg2 = strdelim(&s); |
1320 | } else if (opcode == oDynamicForward) { | 1300 | if (arg2 == NULL || *arg2 == '\0') { |
1321 | strlcpy(fwdarg, arg, sizeof(fwdarg)); | 1301 | if (remotefwd) |
1302 | dynamicfwd = 1; | ||
1303 | else | ||
1304 | fatal("%.200s line %d: Missing target " | ||
1305 | "argument.", filename, linenum); | ||
1306 | } else { | ||
1307 | /* construct a string for parse_forward */ | ||
1308 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, | ||
1309 | arg2); | ||
1310 | } | ||
1322 | } | 1311 | } |
1312 | if (dynamicfwd) | ||
1313 | strlcpy(fwdarg, arg, sizeof(fwdarg)); | ||
1323 | 1314 | ||
1324 | if (parse_forward(&fwd, fwdarg, | 1315 | if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) |
1325 | opcode == oDynamicForward ? 1 : 0, | ||
1326 | opcode == oRemoteForward ? 1 : 0) == 0) | ||
1327 | fatal("%.200s line %d: Bad forwarding specification.", | 1316 | fatal("%.200s line %d: Bad forwarding specification.", |
1328 | filename, linenum); | 1317 | filename, linenum); |
1329 | 1318 | ||
1330 | if (*activep) { | 1319 | if (*activep) { |
1331 | if (opcode == oLocalForward || | 1320 | if (remotefwd) { |
1332 | opcode == oDynamicForward) | ||
1333 | add_local_forward(options, &fwd); | ||
1334 | else if (opcode == oRemoteForward) | ||
1335 | add_remote_forward(options, &fwd); | 1321 | add_remote_forward(options, &fwd); |
1322 | } else { | ||
1323 | add_local_forward(options, &fwd); | ||
1324 | } | ||
1336 | } | 1325 | } |
1337 | break; | 1326 | break; |
1338 | 1327 | ||
@@ -1507,6 +1496,10 @@ parse_keytypes: | |||
1507 | intptr = &options->permit_local_command; | 1496 | intptr = &options->permit_local_command; |
1508 | goto parse_flag; | 1497 | goto parse_flag; |
1509 | 1498 | ||
1499 | case oRemoteCommand: | ||
1500 | charptr = &options->remote_command; | ||
1501 | goto parse_command; | ||
1502 | |||
1510 | case oVisualHostKey: | 1503 | case oVisualHostKey: |
1511 | intptr = &options->visual_host_key; | 1504 | intptr = &options->visual_host_key; |
1512 | goto parse_flag; | 1505 | goto parse_flag; |
@@ -1831,7 +1824,6 @@ initialize_options(Options * options) | |||
1831 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; | 1824 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
1832 | options->fwd_opts.streamlocal_bind_unlink = -1; | 1825 | options->fwd_opts.streamlocal_bind_unlink = -1; |
1833 | options->use_privileged_port = -1; | 1826 | options->use_privileged_port = -1; |
1834 | options->rsa_authentication = -1; | ||
1835 | options->pubkey_authentication = -1; | 1827 | options->pubkey_authentication = -1; |
1836 | options->challenge_response_authentication = -1; | 1828 | options->challenge_response_authentication = -1; |
1837 | options->gss_authentication = -1; | 1829 | options->gss_authentication = -1; |
@@ -1844,25 +1836,21 @@ initialize_options(Options * options) | |||
1844 | options->password_authentication = -1; | 1836 | options->password_authentication = -1; |
1845 | options->kbd_interactive_authentication = -1; | 1837 | options->kbd_interactive_authentication = -1; |
1846 | options->kbd_interactive_devices = NULL; | 1838 | options->kbd_interactive_devices = NULL; |
1847 | options->rhosts_rsa_authentication = -1; | ||
1848 | options->hostbased_authentication = -1; | 1839 | options->hostbased_authentication = -1; |
1849 | options->batch_mode = -1; | 1840 | options->batch_mode = -1; |
1850 | options->check_host_ip = -1; | 1841 | options->check_host_ip = -1; |
1851 | options->strict_host_key_checking = -1; | 1842 | options->strict_host_key_checking = -1; |
1852 | options->compression = -1; | 1843 | options->compression = -1; |
1853 | options->tcp_keep_alive = -1; | 1844 | options->tcp_keep_alive = -1; |
1854 | options->compression_level = -1; | ||
1855 | options->port = -1; | 1845 | options->port = -1; |
1856 | options->address_family = -1; | 1846 | options->address_family = -1; |
1857 | options->connection_attempts = -1; | 1847 | options->connection_attempts = -1; |
1858 | options->connection_timeout = -1; | 1848 | options->connection_timeout = -1; |
1859 | options->number_of_password_prompts = -1; | 1849 | options->number_of_password_prompts = -1; |
1860 | options->cipher = -1; | ||
1861 | options->ciphers = NULL; | 1850 | options->ciphers = NULL; |
1862 | options->macs = NULL; | 1851 | options->macs = NULL; |
1863 | options->kex_algorithms = NULL; | 1852 | options->kex_algorithms = NULL; |
1864 | options->hostkeyalgorithms = NULL; | 1853 | options->hostkeyalgorithms = NULL; |
1865 | options->protocol = SSH_PROTO_UNKNOWN; | ||
1866 | options->num_identity_files = 0; | 1854 | options->num_identity_files = 0; |
1867 | options->num_certificate_files = 0; | 1855 | options->num_certificate_files = 0; |
1868 | options->hostname = NULL; | 1856 | options->hostname = NULL; |
@@ -1880,6 +1868,7 @@ initialize_options(Options * options) | |||
1880 | options->num_local_forwards = 0; | 1868 | options->num_local_forwards = 0; |
1881 | options->remote_forwards = NULL; | 1869 | options->remote_forwards = NULL; |
1882 | options->num_remote_forwards = 0; | 1870 | options->num_remote_forwards = 0; |
1871 | options->log_facility = SYSLOG_FACILITY_NOT_SET; | ||
1883 | options->log_level = SYSLOG_LEVEL_NOT_SET; | 1872 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
1884 | options->preferred_authentications = NULL; | 1873 | options->preferred_authentications = NULL; |
1885 | options->bind_address = NULL; | 1874 | options->bind_address = NULL; |
@@ -1903,6 +1892,7 @@ initialize_options(Options * options) | |||
1903 | options->tun_remote = -1; | 1892 | options->tun_remote = -1; |
1904 | options->local_command = NULL; | 1893 | options->local_command = NULL; |
1905 | options->permit_local_command = -1; | 1894 | options->permit_local_command = -1; |
1895 | options->remote_command = NULL; | ||
1906 | options->add_keys_to_agent = -1; | 1896 | options->add_keys_to_agent = -1; |
1907 | options->identity_agent = NULL; | 1897 | options->identity_agent = NULL; |
1908 | options->visual_host_key = -1; | 1898 | options->visual_host_key = -1; |
@@ -1976,8 +1966,6 @@ fill_default_options(Options * options) | |||
1976 | options->fwd_opts.streamlocal_bind_unlink = 0; | 1966 | options->fwd_opts.streamlocal_bind_unlink = 0; |
1977 | if (options->use_privileged_port == -1) | 1967 | if (options->use_privileged_port == -1) |
1978 | options->use_privileged_port = 0; | 1968 | options->use_privileged_port = 0; |
1979 | if (options->rsa_authentication == -1) | ||
1980 | options->rsa_authentication = 1; | ||
1981 | if (options->pubkey_authentication == -1) | 1969 | if (options->pubkey_authentication == -1) |
1982 | options->pubkey_authentication = 1; | 1970 | options->pubkey_authentication = 1; |
1983 | if (options->challenge_response_authentication == -1) | 1971 | if (options->challenge_response_authentication == -1) |
@@ -1996,8 +1984,6 @@ fill_default_options(Options * options) | |||
1996 | options->password_authentication = 1; | 1984 | options->password_authentication = 1; |
1997 | if (options->kbd_interactive_authentication == -1) | 1985 | if (options->kbd_interactive_authentication == -1) |
1998 | options->kbd_interactive_authentication = 1; | 1986 | options->kbd_interactive_authentication = 1; |
1999 | if (options->rhosts_rsa_authentication == -1) | ||
2000 | options->rhosts_rsa_authentication = 0; | ||
2001 | if (options->hostbased_authentication == -1) | 1987 | if (options->hostbased_authentication == -1) |
2002 | options->hostbased_authentication = 0; | 1988 | options->hostbased_authentication = 0; |
2003 | if (options->batch_mode == -1) | 1989 | if (options->batch_mode == -1) |
@@ -2005,13 +1991,11 @@ fill_default_options(Options * options) | |||
2005 | if (options->check_host_ip == -1) | 1991 | if (options->check_host_ip == -1) |
2006 | options->check_host_ip = 1; | 1992 | options->check_host_ip = 1; |
2007 | if (options->strict_host_key_checking == -1) | 1993 | if (options->strict_host_key_checking == -1) |
2008 | options->strict_host_key_checking = 2; /* 2 is default */ | 1994 | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; |
2009 | if (options->compression == -1) | 1995 | if (options->compression == -1) |
2010 | options->compression = 0; | 1996 | options->compression = 0; |
2011 | if (options->tcp_keep_alive == -1) | 1997 | if (options->tcp_keep_alive == -1) |
2012 | options->tcp_keep_alive = 1; | 1998 | options->tcp_keep_alive = 1; |
2013 | if (options->compression_level == -1) | ||
2014 | options->compression_level = 6; | ||
2015 | if (options->port == -1) | 1999 | if (options->port == -1) |
2016 | options->port = 0; /* Filled in ssh_connect. */ | 2000 | options->port = 0; /* Filled in ssh_connect. */ |
2017 | if (options->address_family == -1) | 2001 | if (options->address_family == -1) |
@@ -2020,31 +2004,17 @@ fill_default_options(Options * options) | |||
2020 | options->connection_attempts = 1; | 2004 | options->connection_attempts = 1; |
2021 | if (options->number_of_password_prompts == -1) | 2005 | if (options->number_of_password_prompts == -1) |
2022 | options->number_of_password_prompts = 3; | 2006 | options->number_of_password_prompts = 3; |
2023 | /* Selected in ssh_login(). */ | ||
2024 | if (options->cipher == -1) | ||
2025 | options->cipher = SSH_CIPHER_NOT_SET; | ||
2026 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 2007 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
2027 | if (options->protocol == SSH_PROTO_UNKNOWN) | ||
2028 | options->protocol = SSH_PROTO_2; | ||
2029 | if (options->add_keys_to_agent == -1) | 2008 | if (options->add_keys_to_agent == -1) |
2030 | options->add_keys_to_agent = 0; | 2009 | options->add_keys_to_agent = 0; |
2031 | if (options->num_identity_files == 0) { | 2010 | if (options->num_identity_files == 0) { |
2032 | if (options->protocol & SSH_PROTO_1) { | 2011 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0); |
2033 | add_identity_file(options, "~/", | 2012 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); |
2034 | _PATH_SSH_CLIENT_IDENTITY, 0); | ||
2035 | } | ||
2036 | if (options->protocol & SSH_PROTO_2) { | ||
2037 | add_identity_file(options, "~/", | ||
2038 | _PATH_SSH_CLIENT_ID_RSA, 0); | ||
2039 | add_identity_file(options, "~/", | ||
2040 | _PATH_SSH_CLIENT_ID_DSA, 0); | ||
2041 | #ifdef OPENSSL_HAS_ECC | 2013 | #ifdef OPENSSL_HAS_ECC |
2042 | add_identity_file(options, "~/", | 2014 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); |
2043 | _PATH_SSH_CLIENT_ID_ECDSA, 0); | ||
2044 | #endif | 2015 | #endif |
2045 | add_identity_file(options, "~/", | 2016 | add_identity_file(options, "~/", |
2046 | _PATH_SSH_CLIENT_ID_ED25519, 0); | 2017 | _PATH_SSH_CLIENT_ID_ED25519, 0); |
2047 | } | ||
2048 | } | 2018 | } |
2049 | if (options->escape_char == -1) | 2019 | if (options->escape_char == -1) |
2050 | options->escape_char = '~'; | 2020 | options->escape_char = '~'; |
@@ -2062,6 +2032,8 @@ fill_default_options(Options * options) | |||
2062 | } | 2032 | } |
2063 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) | 2033 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
2064 | options->log_level = SYSLOG_LEVEL_INFO; | 2034 | options->log_level = SYSLOG_LEVEL_INFO; |
2035 | if (options->log_facility == SYSLOG_FACILITY_NOT_SET) | ||
2036 | options->log_facility = SYSLOG_FACILITY_USER; | ||
2065 | if (options->no_host_authentication_for_localhost == - 1) | 2037 | if (options->no_host_authentication_for_localhost == - 1) |
2066 | options->no_host_authentication_for_localhost = 0; | 2038 | options->no_host_authentication_for_localhost = 0; |
2067 | if (options->identities_only == -1) | 2039 | if (options->identities_only == -1) |
@@ -2136,6 +2108,7 @@ fill_default_options(Options * options) | |||
2136 | } \ | 2108 | } \ |
2137 | } while(0) | 2109 | } while(0) |
2138 | CLEAR_ON_NONE(options->local_command); | 2110 | CLEAR_ON_NONE(options->local_command); |
2111 | CLEAR_ON_NONE(options->remote_command); | ||
2139 | CLEAR_ON_NONE(options->proxy_command); | 2112 | CLEAR_ON_NONE(options->proxy_command); |
2140 | CLEAR_ON_NONE(options->control_path); | 2113 | CLEAR_ON_NONE(options->control_path); |
2141 | CLEAR_ON_NONE(options->revoked_host_keys); | 2114 | CLEAR_ON_NONE(options->revoked_host_keys); |
@@ -2425,9 +2398,10 @@ fmt_intarg(OpCodes code, int val) | |||
2425 | case oAddressFamily: | 2398 | case oAddressFamily: |
2426 | return fmt_multistate_int(val, multistate_addressfamily); | 2399 | return fmt_multistate_int(val, multistate_addressfamily); |
2427 | case oVerifyHostKeyDNS: | 2400 | case oVerifyHostKeyDNS: |
2428 | case oStrictHostKeyChecking: | ||
2429 | case oUpdateHostkeys: | 2401 | case oUpdateHostkeys: |
2430 | return fmt_multistate_int(val, multistate_yesnoask); | 2402 | return fmt_multistate_int(val, multistate_yesnoask); |
2403 | case oStrictHostKeyChecking: | ||
2404 | return fmt_multistate_int(val, multistate_strict_hostkey); | ||
2431 | case oControlMaster: | 2405 | case oControlMaster: |
2432 | return fmt_multistate_int(val, multistate_controlmaster); | 2406 | return fmt_multistate_int(val, multistate_controlmaster); |
2433 | case oTunnel: | 2407 | case oTunnel: |
@@ -2438,17 +2412,6 @@ fmt_intarg(OpCodes code, int val) | |||
2438 | return fmt_multistate_int(val, multistate_canonicalizehostname); | 2412 | return fmt_multistate_int(val, multistate_canonicalizehostname); |
2439 | case oFingerprintHash: | 2413 | case oFingerprintHash: |
2440 | return ssh_digest_alg_name(val); | 2414 | return ssh_digest_alg_name(val); |
2441 | case oProtocol: | ||
2442 | switch (val) { | ||
2443 | case SSH_PROTO_1: | ||
2444 | return "1"; | ||
2445 | case SSH_PROTO_2: | ||
2446 | return "2"; | ||
2447 | case (SSH_PROTO_1|SSH_PROTO_2): | ||
2448 | return "2,1"; | ||
2449 | default: | ||
2450 | return "UNKNOWN"; | ||
2451 | } | ||
2452 | default: | 2415 | default: |
2453 | switch (val) { | 2416 | switch (val) { |
2454 | case 0: | 2417 | case 0: |
@@ -2593,14 +2556,9 @@ dump_client_config(Options *o, const char *host) | |||
2593 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); | 2556 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); |
2594 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); | 2557 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); |
2595 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); | 2558 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); |
2596 | dump_cfg_fmtint(oProtocol, o->protocol); | ||
2597 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); | 2559 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); |
2598 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); | 2560 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); |
2599 | dump_cfg_fmtint(oRequestTTY, o->request_tty); | 2561 | dump_cfg_fmtint(oRequestTTY, o->request_tty); |
2600 | #ifdef WITH_RSA1 | ||
2601 | dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); | ||
2602 | dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); | ||
2603 | #endif | ||
2604 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2562 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
2605 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); | 2563 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); |
2606 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); | 2564 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); |
@@ -2612,9 +2570,6 @@ dump_client_config(Options *o, const char *host) | |||
2612 | 2570 | ||
2613 | /* Integer options */ | 2571 | /* Integer options */ |
2614 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); | 2572 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); |
2615 | #ifdef WITH_SSH1 | ||
2616 | dump_cfg_int(oCompressionLevel, o->compression_level); | ||
2617 | #endif | ||
2618 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); | 2573 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); |
2619 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); | 2574 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); |
2620 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); | 2575 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); |
@@ -2632,6 +2587,7 @@ dump_client_config(Options *o, const char *host) | |||
2632 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); | 2587 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
2633 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); | 2588 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); |
2634 | dump_cfg_string(oLocalCommand, o->local_command); | 2589 | dump_cfg_string(oLocalCommand, o->local_command); |
2590 | dump_cfg_string(oRemoteCommand, o->remote_command); | ||
2635 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); | 2591 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
2636 | dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); | 2592 | dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); |
2637 | #ifdef ENABLE_PKCS11 | 2593 | #ifdef ENABLE_PKCS11 |
@@ -2684,10 +2640,6 @@ dump_client_config(Options *o, const char *host) | |||
2684 | printf("\n"); | 2640 | printf("\n"); |
2685 | } | 2641 | } |
2686 | 2642 | ||
2687 | /* oCipher */ | ||
2688 | if (o->cipher != SSH_CIPHER_NOT_SET) | ||
2689 | printf("Cipher %s\n", cipher_name(o->cipher)); | ||
2690 | |||
2691 | /* oControlPersist */ | 2643 | /* oControlPersist */ |
2692 | if (o->control_persist == 0 || o->control_persist_timeout == 0) | 2644 | if (o->control_persist == 0 || o->control_persist_timeout == 0) |
2693 | dump_cfg_fmtint(oControlPersist, o->control_persist); | 2645 | dump_cfg_fmtint(oControlPersist, o->control_persist); |