Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this will

work.
author: Colin Watson <cjwatson@debian.org> 2003-09-23 18:08:35 +0000
committer: Colin Watson <cjwatson@debian.org> 2003-09-23 18:08:35 +0000
commit: d59fd3e421aa81b8e5e118f3f806081df2aca879 (patch)
tree: 356a4e607edc979c625bb33db63c656d771478bd /readconf.c
parent: 7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff)
parent: 45431c9b4677608680cd071768cbf156b316a7e8 (diff)
1 files changed, 116 insertions, 66 deletions
diff --git a/readconf.c b/readconf.c
index 899ff3f0e..0a1788ba0 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
   Host fascist.blob.com
     Port 23123
     User tylonen
-     RhostsAuthentication no
     PasswordAuthentication no
   Host puukko.hut.fi
@@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
   Host *
     ForwardAgent no
     ForwardX11 no
-     RhostsAuthentication yes
     PasswordAuthentication yes
     RSAAuthentication yes
     RhostsRSAAuthentication yes
@@ -93,18 +91,9 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
 typedef enum {
        oBadOption,
-        oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+        oForwardAgent, oForwardX11, oGatewayPorts,
        oPasswordAuthentication, oRSAAuthentication,
        oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
-        oKerberosAuthentication,
-#endif
-#if defined(AFS) || defined(KRB5)
-        oKerberosTgtPassing,
-#endif
-#ifdef AFS
-        oAFSTokenPassing,
-#endif
        oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
        oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
        oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -116,9 +105,10 @@ typedef enum {
        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
        oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
-        oEnableSSHKeysign,
+        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+        oAddressFamily, oGssAuthentication, oGssDelegateCreds,
        oProtocolKeepAlives, oSetupTimeOut,
-        oDeprecated
+        oDeprecated, oUnsupported
 } OpCodes;
 /* Textual representations of the tokens. */
@@ -132,7 +122,7 @@ static struct {
        { "xauthlocation", oXAuthLocation },
        { "gatewayports", oGatewayPorts },
        { "useprivilegedport", oUsePrivilegedPort },
-        { "rhostsauthentication", oRhostsAuthentication },
+        { "rhostsauthentication", oDeprecated },
        { "passwordauthentication", oPasswordAuthentication },
        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
        { "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -144,14 +134,15 @@ static struct {
        { "challengeresponseauthentication", oChallengeResponseAuthentication },
        { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
        { "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
+        { "kerberosauthentication", oUnsupported },
-        { "kerberosauthentication", oKerberosAuthentication },
+        { "kerberostgtpassing", oUnsupported },
-#endif
+        { "afstokenpassing", oUnsupported },
-#if defined(AFS) || defined(KRB5)
+#if defined(GSSAPI)
-        { "kerberostgtpassing", oKerberosTgtPassing },
+        { "gssapiauthentication", oGssAuthentication },
-#endif
+        { "gssapidelegatecredentials", oGssDelegateCreds },
-#ifdef AFS
+#else
-        { "afstokenpassing", oAFSTokenPassing },
+        { "gssapiauthentication", oUnsupported },
+        { "gssapidelegatecredentials", oUnsupported },
 #endif
        { "fallbacktorsh", oDeprecated },
        { "usersh", oDeprecated },
@@ -187,10 +178,22 @@ static struct {
        { "preferredauthentications", oPreferredAuthentications },
        { "hostkeyalgorithms", oHostKeyAlgorithms },
        { "bindaddress", oBindAddress },
+#ifdef SMARTCARD
        { "smartcarddevice", oSmartcardDevice },
+#else
+        { "smartcarddevice", oUnsupported },
+#endif
        { "clearallforwardings", oClearAllForwardings },
        { "enablesshkeysign", oEnableSSHKeysign },
+#ifdef DNS
+        { "verifyhostkeydns", oVerifyHostKeyDNS },
+#else
+        { "verifyhostkeydns", oUnsupported },
+#endif
        { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+        { "rekeylimit", oRekeyLimit },
+        { "connecttimeout", oConnectTimeout },
+        { "addressfamily", oAddressFamily },
        { "protocolkeepalives", oProtocolKeepAlives },
        { "setuptimeout", oSetupTimeOut },
        { NULL, oBadOption }
@@ -309,6 +312,20 @@ process_config_line(Options *options, const char *host,
                /* don't panic, but count bad options */
                return -1;
                /* NOTREACHED */
+        case oConnectTimeout:
+                intptr = &options->connection_timeout;
+/* parse_time: */
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%s line %d: missing time value.",
+                            filename, linenum);
+                if ((value = convtime(arg)) == -1)
+                        fatal("%s line %d: invalid time value.",
+                            filename, linenum);
+                if (*intptr == -1)
+                        *intptr = value;
+                break;
        case oForwardAgent:
                intptr = &options->forward_agent;
 parse_flag:
@@ -338,10 +355,6 @@ parse_flag:
                intptr = &options->use_privileged_port;
                goto parse_flag;
-        case oRhostsAuthentication:
-                intptr = &options->rhosts_authentication;
-                goto parse_flag;
        case oPasswordAuthentication:
                intptr = &options->password_authentication;
                goto parse_flag;
@@ -373,21 +386,15 @@ parse_flag:
        case oChallengeResponseAuthentication:
                intptr = &options->challenge_response_authentication;
                goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
-        case oKerberosAuthentication:
+        case oGssAuthentication:
-                intptr = &options->kerberos_authentication;
+                intptr = &options->gss_authentication;
-                goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
-        case oKerberosTgtPassing:
-                intptr = &options->kerberos_tgt_passing;
                goto parse_flag;
-#endif
-#ifdef AFS
+        case oGssDelegateCreds:
-        case oAFSTokenPassing:
+                intptr = &options->gss_deleg_creds;
-                intptr = &options->afs_token_passing;
                goto parse_flag;
-#endif
        case oBatchMode:
                intptr = &options->batch_mode;
                goto parse_flag;
@@ -396,6 +403,10 @@ parse_flag:
                intptr = &options->check_host_ip;
                goto parse_flag;
+        case oVerifyHostKeyDNS:
+                intptr = &options->verify_host_key_dns;
+                goto parse_flag;
        case oStrictHostKeyChecking:
                intptr = &options->strict_host_key_checking;
                arg = strdelim(&s);
@@ -443,6 +454,31 @@ parse_flag:
                intptr = &options->compression_level;
                goto parse_int;
+        case oRekeyLimit:
+                intptr = &options->rekey_limit;
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%.200s line %d: Missing argument.", filename, linenum);
+                if (arg[0] < '0' || arg[0] > '9')
+                        fatal("%.200s line %d: Bad number.", filename, linenum);
+                value = strtol(arg, &endofnumber, 10);
+                if (arg == endofnumber)
+                        fatal("%.200s line %d: Bad number.", filename, linenum);
+                switch (toupper(*endofnumber)) {
+                case 'K':
+                        value *= 1<<10;
+                        break;
+                case 'M':
+                        value *= 1<<20;
+                        break;
+                case 'G':
+                        value *= 1<<30;
+                        break;
+                }
+                if (*activep && *intptr == -1)
+                        *intptr = value;
+                break;
        case oIdentityFile:
                arg = strdelim(&s);
                if (!arg || *arg == '\0')
@@ -509,6 +545,8 @@ parse_string:
                goto parse_string;
        case oProxyCommand:
+                if (s == NULL)
+                        fatal("%.200s line %d: Missing argument.", filename, linenum);
                charptr = &options->proxy_command;
                len = strspn(s, WHITESPACE "=");
                if (*activep && *charptr == NULL)
@@ -646,7 +684,7 @@ parse_int:
                        fatal("%.200s line %d: Badly formatted port number.",
                            filename, linenum);
                if (*activep)
-                        add_local_forward(options, fwd_port, "socks4", 0);
+                        add_local_forward(options, fwd_port, "socks", 0);
                break;
        case oClearAllForwardings:
@@ -686,6 +724,21 @@ parse_int:
                        *intptr = value;
                break;
+        case oAddressFamily:
+                arg = strdelim(&s);
+                intptr = &options->address_family;
+                if (strcasecmp(arg, "inet") == 0)
+                        value = AF_INET;
+                else if (strcasecmp(arg, "inet6") == 0)
+                        value = AF_INET6;
+                else if (strcasecmp(arg, "any") == 0)
+                        value = AF_UNSPEC;
+                else
+                        fatal("Unsupported AddressFamily \"%s\"", arg);
+                if (*activep && *intptr == -1)
+                        *intptr = value;
+                break;
        case oEnableSSHKeysign:
                intptr = &options->enable_ssh_keysign;
                goto parse_flag;
@@ -695,6 +748,11 @@ parse_int:
                    filename, linenum, keyword);
                return 0;
+        case oUnsupported:
+                error("%s line %d: Unsupported option \"%s\"",
+                    filename, linenum, keyword);
+                return 0;
        default:
                fatal("process_config_line: Unimplemented opcode %d", opcode);
        }
@@ -764,19 +822,11 @@ initialize_options(Options * options)
        options->xauth_location = NULL;
        options->gateway_ports = -1;
        options->use_privileged_port = -1;
-        options->rhosts_authentication = -1;
        options->rsa_authentication = -1;
        options->pubkey_authentication = -1;
        options->challenge_response_authentication = -1;
-#if defined(KRB4) || defined(KRB5)
+        options->gss_authentication = -1;
-        options->kerberos_authentication = -1;
+        options->gss_deleg_creds = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
-        options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
-        options->afs_token_passing = -1;
-#endif
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->kbd_interactive_devices = NULL;
@@ -791,7 +841,9 @@ initialize_options(Options * options)
        options->setuptimeout = -1;
        options->compression_level = -1;
        options->port = -1;
+        options->address_family = -1;
        options->connection_attempts = -1;
+        options->connection_timeout = -1;
        options->number_of_password_prompts = -1;
        options->cipher = -1;
        options->ciphers = NULL;
@@ -817,6 +869,8 @@ initialize_options(Options * options)
        options->smartcard_device = NULL;
        options->enable_ssh_keysign = - 1;
        options->no_host_authentication_for_localhost = - 1;
+        options->rekey_limit = - 1;
+        options->verify_host_key_dns = -1;
 }
 /*
@@ -839,26 +893,16 @@ fill_default_options(Options * options)
                options->gateway_ports = 0;
        if (options->use_privileged_port == -1)
                options->use_privileged_port = 0;
-        if (options->rhosts_authentication == -1)
-                options->rhosts_authentication = 0;
        if (options->rsa_authentication == -1)
                options->rsa_authentication = 1;
        if (options->pubkey_authentication == -1)
                options->pubkey_authentication = 1;
        if (options->challenge_response_authentication == -1)
                options->challenge_response_authentication = 1;
-#if defined(KRB4) || defined(KRB5)
+        if (options->gss_authentication == -1)
-        if (options->kerberos_authentication == -1)
+                options->gss_authentication = 1;
-                options->kerberos_authentication = 1;
+        if (options->gss_deleg_creds == -1)
-#endif
+                options->gss_deleg_creds = 0;
-#if defined(AFS) || defined(KRB5)
-        if (options->kerberos_tgt_passing == -1)
-                options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
-        if (options->afs_token_passing == -1)
-                options->afs_token_passing = 1;
-#endif
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
@@ -889,6 +933,8 @@ fill_default_options(Options * options)
                options->compression_level = 6;
        if (options->port == -1)
                options->port = 0;      /* Filled in ssh_connect. */
+        if (options->address_family == -1)
+                options->address_family = AF_UNSPEC;
        if (options->connection_attempts == -1)
                options->connection_attempts = 1;
        if (options->number_of_password_prompts == -1)
@@ -941,6 +987,10 @@ fill_default_options(Options * options)
                options->no_host_authentication_for_localhost = 0;
        if (options->enable_ssh_keysign == -1)
                options->enable_ssh_keysign = 0;
+        if (options->rekey_limit == -1)
+                options->rekey_limit = 0;
+        if (options->verify_host_key_dns == -1)
+                options->verify_host_key_dns = 0;
        /* options->proxy_command should not be set by default */
        /* options->user will be set in the main program if appropriate */
        /* options->hostname will be set in the main program if appropriate */
author	Colin Watson <cjwatson@debian.org>	2003-09-23 18:08:35 +0000
committer	Colin Watson <cjwatson@debian.org>	2003-09-23 18:08:35 +0000
commit	d59fd3e421aa81b8e5e118f3f806081df2aca879 (patch)
tree	356a4e607edc979c625bb33db63c656d771478bd /readconf.c
parent	7505658c58e96b8d270f1928a0e1fa7f3e0c266b (diff)
parent	45431c9b4677608680cd071768cbf156b316a7e8 (diff)

diff --git a/readconf.c b/readconf.c index 899ff3f0e..0a1788ba0 100644 --- a/readconf.c +++ b/readconf.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");	15	RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
16		16
17	#include "ssh.h"	17	#include "ssh.h"
18	#include "xmalloc.h"	18	#include "xmalloc.h"
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
57	Host fascist.blob.com	57	Host fascist.blob.com
58	Port 23123	58	Port 23123
59	User tylonen	59	User tylonen
60	RhostsAuthentication no
61	PasswordAuthentication no	60	PasswordAuthentication no
62		61
63	Host puukko.hut.fi	62	Host puukko.hut.fi
@@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
75	Host *	74	Host *
76	ForwardAgent no	75	ForwardAgent no
77	ForwardX11 no	76	ForwardX11 no
78	RhostsAuthentication yes
79	PasswordAuthentication yes	77	PasswordAuthentication yes
80	RSAAuthentication yes	78	RSAAuthentication yes
81	RhostsRSAAuthentication yes	79	RhostsRSAAuthentication yes
@@ -93,18 +91,9 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
93		91
94	typedef enum {	92	typedef enum {
95	oBadOption,	93	oBadOption,
96	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,	94	oForwardAgent, oForwardX11, oGatewayPorts,
97	oPasswordAuthentication, oRSAAuthentication,	95	oPasswordAuthentication, oRSAAuthentication,
98	oChallengeResponseAuthentication, oXAuthLocation,	96	oChallengeResponseAuthentication, oXAuthLocation,
99	#if defined(KRB4) \|\| defined(KRB5)
100	oKerberosAuthentication,
101	#endif
102	#if defined(AFS) \|\| defined(KRB5)
103	oKerberosTgtPassing,
104	#endif
105	#ifdef AFS
106	oAFSTokenPassing,
107	#endif
108	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	97	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
109	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	98	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
110	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	99	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -116,9 +105,10 @@ typedef enum {
116	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,	105	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
117	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,	106	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
118	oClearAllForwardings, oNoHostAuthenticationForLocalhost,	107	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
119	oEnableSSHKeysign,	108	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
		109	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
120	oProtocolKeepAlives, oSetupTimeOut,	110	oProtocolKeepAlives, oSetupTimeOut,
121	oDeprecated	111	oDeprecated, oUnsupported
122	} OpCodes;	112	} OpCodes;
123		113
124	/* Textual representations of the tokens. */	114	/* Textual representations of the tokens. */
@@ -132,7 +122,7 @@ static struct {
132	{ "xauthlocation", oXAuthLocation },	122	{ "xauthlocation", oXAuthLocation },
133	{ "gatewayports", oGatewayPorts },	123	{ "gatewayports", oGatewayPorts },
134	{ "useprivilegedport", oUsePrivilegedPort },	124	{ "useprivilegedport", oUsePrivilegedPort },
135	{ "rhostsauthentication", oRhostsAuthentication },	125	{ "rhostsauthentication", oDeprecated },
136	{ "passwordauthentication", oPasswordAuthentication },	126	{ "passwordauthentication", oPasswordAuthentication },
137	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },	127	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
138	{ "kbdinteractivedevices", oKbdInteractiveDevices },	128	{ "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -144,14 +134,15 @@ static struct {
144	{ "challengeresponseauthentication", oChallengeResponseAuthentication },	134	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
145	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */	135	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
146	{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */	136	{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
147	#if defined(KRB4) \|\| defined(KRB5)	137	{ "kerberosauthentication", oUnsupported },
148	{ "kerberosauthentication", oKerberosAuthentication },	138	{ "kerberostgtpassing", oUnsupported },
149	#endif	139	{ "afstokenpassing", oUnsupported },
150	#if defined(AFS) \|\| defined(KRB5)	140	#if defined(GSSAPI)
151	{ "kerberostgtpassing", oKerberosTgtPassing },	141	{ "gssapiauthentication", oGssAuthentication },
152	#endif	142	{ "gssapidelegatecredentials", oGssDelegateCreds },
153	#ifdef AFS	143	#else
154	{ "afstokenpassing", oAFSTokenPassing },	144	{ "gssapiauthentication", oUnsupported },
		145	{ "gssapidelegatecredentials", oUnsupported },
155	#endif	146	#endif
156	{ "fallbacktorsh", oDeprecated },	147	{ "fallbacktorsh", oDeprecated },
157	{ "usersh", oDeprecated },	148	{ "usersh", oDeprecated },
@@ -187,10 +178,22 @@ static struct {
187	{ "preferredauthentications", oPreferredAuthentications },	178	{ "preferredauthentications", oPreferredAuthentications },
188	{ "hostkeyalgorithms", oHostKeyAlgorithms },	179	{ "hostkeyalgorithms", oHostKeyAlgorithms },
189	{ "bindaddress", oBindAddress },	180	{ "bindaddress", oBindAddress },
		181	#ifdef SMARTCARD
190	{ "smartcarddevice", oSmartcardDevice },	182	{ "smartcarddevice", oSmartcardDevice },
		183	#else
		184	{ "smartcarddevice", oUnsupported },
		185	#endif
191	{ "clearallforwardings", oClearAllForwardings },	186	{ "clearallforwardings", oClearAllForwardings },
192	{ "enablesshkeysign", oEnableSSHKeysign },	187	{ "enablesshkeysign", oEnableSSHKeysign },
		188	#ifdef DNS
		189	{ "verifyhostkeydns", oVerifyHostKeyDNS },
		190	#else
		191	{ "verifyhostkeydns", oUnsupported },
		192	#endif
193	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },	193	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
		194	{ "rekeylimit", oRekeyLimit },
		195	{ "connecttimeout", oConnectTimeout },
		196	{ "addressfamily", oAddressFamily },
194	{ "protocolkeepalives", oProtocolKeepAlives },	197	{ "protocolkeepalives", oProtocolKeepAlives },
195	{ "setuptimeout", oSetupTimeOut },	198	{ "setuptimeout", oSetupTimeOut },
196	{ NULL, oBadOption }	199	{ NULL, oBadOption }
@@ -309,6 +312,20 @@ process_config_line(Options options, const char host,
309	/* don't panic, but count bad options */	312	/* don't panic, but count bad options */
310	return -1;	313	return -1;
311	/* NOTREACHED */	314	/* NOTREACHED */
		315	case oConnectTimeout:
		316	intptr = &options->connection_timeout;
		317	/* parse_time: */
		318	arg = strdelim(&s);
		319	if (!arg \|\| *arg == '\0')
		320	fatal("%s line %d: missing time value.",
		321	filename, linenum);
		322	if ((value = convtime(arg)) == -1)
		323	fatal("%s line %d: invalid time value.",
		324	filename, linenum);
		325	if (*intptr == -1)
		326	*intptr = value;
		327	break;
		328
312	case oForwardAgent:	329	case oForwardAgent:
313	intptr = &options->forward_agent;	330	intptr = &options->forward_agent;
314	parse_flag:	331	parse_flag:
@@ -338,10 +355,6 @@ parse_flag:
338	intptr = &options->use_privileged_port;	355	intptr = &options->use_privileged_port;
339	goto parse_flag;	356	goto parse_flag;
340		357
341	case oRhostsAuthentication:
342	intptr = &options->rhosts_authentication;
343	goto parse_flag;
344
345	case oPasswordAuthentication:	358	case oPasswordAuthentication:
346	intptr = &options->password_authentication;	359	intptr = &options->password_authentication;
347	goto parse_flag;	360	goto parse_flag;
@@ -373,21 +386,15 @@ parse_flag:
373	case oChallengeResponseAuthentication:	386	case oChallengeResponseAuthentication:
374	intptr = &options->challenge_response_authentication;	387	intptr = &options->challenge_response_authentication;
375	goto parse_flag;	388	goto parse_flag;
376	#if defined(KRB4) \|\| defined(KRB5)	389
377	case oKerberosAuthentication:	390	case oGssAuthentication:
378	intptr = &options->kerberos_authentication;	391	intptr = &options->gss_authentication;
379	goto parse_flag;
380	#endif
381	#if defined(AFS) \|\| defined(KRB5)
382	case oKerberosTgtPassing:
383	intptr = &options->kerberos_tgt_passing;
384	goto parse_flag;	392	goto parse_flag;
385	#endif	393
386	#ifdef AFS	394	case oGssDelegateCreds:
387	case oAFSTokenPassing:	395	intptr = &options->gss_deleg_creds;
388	intptr = &options->afs_token_passing;
389	goto parse_flag;	396	goto parse_flag;
390	#endif	397
391	case oBatchMode:	398	case oBatchMode:
392	intptr = &options->batch_mode;	399	intptr = &options->batch_mode;
393	goto parse_flag;	400	goto parse_flag;
@@ -396,6 +403,10 @@ parse_flag:
396	intptr = &options->check_host_ip;	403	intptr = &options->check_host_ip;
397	goto parse_flag;	404	goto parse_flag;
398		405
		406	case oVerifyHostKeyDNS:
		407	intptr = &options->verify_host_key_dns;
		408	goto parse_flag;
		409
399	case oStrictHostKeyChecking:	410	case oStrictHostKeyChecking:
400	intptr = &options->strict_host_key_checking;	411	intptr = &options->strict_host_key_checking;
401	arg = strdelim(&s);	412	arg = strdelim(&s);
@@ -443,6 +454,31 @@ parse_flag:
443	intptr = &options->compression_level;	454	intptr = &options->compression_level;
444	goto parse_int;	455	goto parse_int;
445		456
		457	case oRekeyLimit:
		458	intptr = &options->rekey_limit;
		459	arg = strdelim(&s);
		460	if (!arg \|\| *arg == '\0')
		461	fatal("%.200s line %d: Missing argument.", filename, linenum);
		462	if (arg[0] < '0' \|\| arg[0] > '9')
		463	fatal("%.200s line %d: Bad number.", filename, linenum);
		464	value = strtol(arg, &endofnumber, 10);
		465	if (arg == endofnumber)
		466	fatal("%.200s line %d: Bad number.", filename, linenum);
		467	switch (toupper(*endofnumber)) {
		468	case 'K':
		469	value *= 1<<10;
		470	break;
		471	case 'M':
		472	value *= 1<<20;
		473	break;
		474	case 'G':
		475	value *= 1<<30;
		476	break;
		477	}
		478	if (activep && intptr == -1)
		479	*intptr = value;
		480	break;
		481
446	case oIdentityFile:	482	case oIdentityFile:
447	arg = strdelim(&s);	483	arg = strdelim(&s);
448	if (!arg \|\| *arg == '\0')	484	if (!arg \|\| *arg == '\0')
@@ -509,6 +545,8 @@ parse_string:
509	goto parse_string;	545	goto parse_string;
510		546
511	case oProxyCommand:	547	case oProxyCommand:
		548	if (s == NULL)
		549	fatal("%.200s line %d: Missing argument.", filename, linenum);
512	charptr = &options->proxy_command;	550	charptr = &options->proxy_command;
513	len = strspn(s, WHITESPACE "=");	551	len = strspn(s, WHITESPACE "=");
514	if (activep && charptr == NULL)	552	if (activep && charptr == NULL)
@@ -646,7 +684,7 @@ parse_int:
646	fatal("%.200s line %d: Badly formatted port number.",	684	fatal("%.200s line %d: Badly formatted port number.",
647	filename, linenum);	685	filename, linenum);
648	if (*activep)	686	if (*activep)
649	add_local_forward(options, fwd_port, "socks4", 0);	687	add_local_forward(options, fwd_port, "socks", 0);
650	break;	688	break;
651		689
652	case oClearAllForwardings:	690	case oClearAllForwardings:
@@ -686,6 +724,21 @@ parse_int:
686	*intptr = value;	724	*intptr = value;
687	break;	725	break;
688		726
		727	case oAddressFamily:
		728	arg = strdelim(&s);
		729	intptr = &options->address_family;
		730	if (strcasecmp(arg, "inet") == 0)
		731	value = AF_INET;
		732	else if (strcasecmp(arg, "inet6") == 0)
		733	value = AF_INET6;
		734	else if (strcasecmp(arg, "any") == 0)
		735	value = AF_UNSPEC;
		736	else
		737	fatal("Unsupported AddressFamily \"%s\"", arg);
		738	if (activep && intptr == -1)
		739	*intptr = value;
		740	break;
		741
689	case oEnableSSHKeysign:	742	case oEnableSSHKeysign:
690	intptr = &options->enable_ssh_keysign;	743	intptr = &options->enable_ssh_keysign;
691	goto parse_flag;	744	goto parse_flag;
@@ -695,6 +748,11 @@ parse_int:
695	filename, linenum, keyword);	748	filename, linenum, keyword);
696	return 0;	749	return 0;
697		750
		751	case oUnsupported:
		752	error("%s line %d: Unsupported option \"%s\"",
		753	filename, linenum, keyword);
		754	return 0;
		755
698	default:	756	default:
699	fatal("process_config_line: Unimplemented opcode %d", opcode);	757	fatal("process_config_line: Unimplemented opcode %d", opcode);
700	}	758	}
@@ -764,19 +822,11 @@ initialize_options(Options * options)
764	options->xauth_location = NULL;	822	options->xauth_location = NULL;
765	options->gateway_ports = -1;	823	options->gateway_ports = -1;
766	options->use_privileged_port = -1;	824	options->use_privileged_port = -1;
767	options->rhosts_authentication = -1;
768	options->rsa_authentication = -1;	825	options->rsa_authentication = -1;
769	options->pubkey_authentication = -1;	826	options->pubkey_authentication = -1;
770	options->challenge_response_authentication = -1;	827	options->challenge_response_authentication = -1;
771	#if defined(KRB4) \|\| defined(KRB5)	828	options->gss_authentication = -1;
772	options->kerberos_authentication = -1;	829	options->gss_deleg_creds = -1;
773	#endif
774	#if defined(AFS) \|\| defined(KRB5)
775	options->kerberos_tgt_passing = -1;
776	#endif
777	#ifdef AFS
778	options->afs_token_passing = -1;
779	#endif
780	options->password_authentication = -1;	830	options->password_authentication = -1;
781	options->kbd_interactive_authentication = -1;	831	options->kbd_interactive_authentication = -1;
782	options->kbd_interactive_devices = NULL;	832	options->kbd_interactive_devices = NULL;
@@ -791,7 +841,9 @@ initialize_options(Options * options)
791	options->setuptimeout = -1;	841	options->setuptimeout = -1;
792	options->compression_level = -1;	842	options->compression_level = -1;
793	options->port = -1;	843	options->port = -1;
		844	options->address_family = -1;
794	options->connection_attempts = -1;	845	options->connection_attempts = -1;
		846	options->connection_timeout = -1;
795	options->number_of_password_prompts = -1;	847	options->number_of_password_prompts = -1;
796	options->cipher = -1;	848	options->cipher = -1;
797	options->ciphers = NULL;	849	options->ciphers = NULL;
@@ -817,6 +869,8 @@ initialize_options(Options * options)
817	options->smartcard_device = NULL;	869	options->smartcard_device = NULL;
818	options->enable_ssh_keysign = - 1;	870	options->enable_ssh_keysign = - 1;
819	options->no_host_authentication_for_localhost = - 1;	871	options->no_host_authentication_for_localhost = - 1;
		872	options->rekey_limit = - 1;
		873	options->verify_host_key_dns = -1;
820	}	874	}
821		875
822	/*	876	/*
@@ -839,26 +893,16 @@ fill_default_options(Options * options)
839	options->gateway_ports = 0;	893	options->gateway_ports = 0;
840	if (options->use_privileged_port == -1)	894	if (options->use_privileged_port == -1)
841	options->use_privileged_port = 0;	895	options->use_privileged_port = 0;
842	if (options->rhosts_authentication == -1)
843	options->rhosts_authentication = 0;
844	if (options->rsa_authentication == -1)	896	if (options->rsa_authentication == -1)
845	options->rsa_authentication = 1;	897	options->rsa_authentication = 1;
846	if (options->pubkey_authentication == -1)	898	if (options->pubkey_authentication == -1)
847	options->pubkey_authentication = 1;	899	options->pubkey_authentication = 1;
848	if (options->challenge_response_authentication == -1)	900	if (options->challenge_response_authentication == -1)
849	options->challenge_response_authentication = 1;	901	options->challenge_response_authentication = 1;
850	#if defined(KRB4) \|\| defined(KRB5)	902	if (options->gss_authentication == -1)
851	if (options->kerberos_authentication == -1)	903	options->gss_authentication = 1;
852	options->kerberos_authentication = 1;	904	if (options->gss_deleg_creds == -1)
853	#endif	905	options->gss_deleg_creds = 0;
854	#if defined(AFS) \|\| defined(KRB5)
855	if (options->kerberos_tgt_passing == -1)
856	options->kerberos_tgt_passing = 1;
857	#endif
858	#ifdef AFS
859	if (options->afs_token_passing == -1)
860	options->afs_token_passing = 1;
861	#endif
862	if (options->password_authentication == -1)	906	if (options->password_authentication == -1)
863	options->password_authentication = 1;	907	options->password_authentication = 1;
864	if (options->kbd_interactive_authentication == -1)	908	if (options->kbd_interactive_authentication == -1)
@@ -889,6 +933,8 @@ fill_default_options(Options * options)
889	options->compression_level = 6;	933	options->compression_level = 6;
890	if (options->port == -1)	934	if (options->port == -1)
891	options->port = 0; /* Filled in ssh_connect. */	935	options->port = 0; /* Filled in ssh_connect. */
		936	if (options->address_family == -1)
		937	options->address_family = AF_UNSPEC;
892	if (options->connection_attempts == -1)	938	if (options->connection_attempts == -1)
893	options->connection_attempts = 1;	939	options->connection_attempts = 1;
894	if (options->number_of_password_prompts == -1)	940	if (options->number_of_password_prompts == -1)
@@ -941,6 +987,10 @@ fill_default_options(Options * options)
941	options->no_host_authentication_for_localhost = 0;	987	options->no_host_authentication_for_localhost = 0;
942	if (options->enable_ssh_keysign == -1)	988	if (options->enable_ssh_keysign == -1)
943	options->enable_ssh_keysign = 0;	989	options->enable_ssh_keysign = 0;
		990	if (options->rekey_limit == -1)
		991	options->rekey_limit = 0;
		992	if (options->verify_host_key_dns == -1)
		993	options->verify_host_key_dns = 0;
944	/* options->proxy_command should not be set by default */	994	/* options->proxy_command should not be set by default */
945	/* options->user will be set in the main program if appropriate */	995	/* options->user will be set in the main program if appropriate */
946	/* options->hostname will be set in the main program if appropriate */	996	/* options->hostname will be set in the main program if appropriate */