summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:38:40 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:38:40 +0000
commit1b816ea846aca3ee89e7995373ace609e9518424 (patch)
treeb41cdc8495cae7fa9c2e0f98a5f2e71656b61f9a /readconf.c
parentfa585019a79ebcb4e0202b1c33f87ff1c5c9ce1c (diff)
parent086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
import openssh-4.6p1-gsskex-20070312.patch
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c74
1 files changed, 63 insertions, 11 deletions
diff --git a/readconf.c b/readconf.c
index 355a41ccb..598bab693 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,3 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
1/* 2/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -12,17 +13,33 @@
12 */ 13 */
13 14
14#include "includes.h" 15#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
16 16
17#include "ssh.h" 17#include <sys/types.h>
18#include <sys/stat.h>
19#include <sys/socket.h>
20
21#include <netinet/in.h>
22
23#include <ctype.h>
24#include <errno.h>
25#include <netdb.h>
26#include <signal.h>
27#include <stdarg.h>
28#include <stdio.h>
29#include <string.h>
30#include <unistd.h>
31
18#include "xmalloc.h" 32#include "xmalloc.h"
33#include "ssh.h"
19#include "compat.h" 34#include "compat.h"
20#include "cipher.h" 35#include "cipher.h"
21#include "pathnames.h" 36#include "pathnames.h"
22#include "log.h" 37#include "log.h"
38#include "key.h"
23#include "readconf.h" 39#include "readconf.h"
24#include "match.h" 40#include "match.h"
25#include "misc.h" 41#include "misc.h"
42#include "buffer.h"
26#include "kex.h" 43#include "kex.h"
27#include "mac.h" 44#include "mac.h"
28 45
@@ -94,6 +111,7 @@ RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
94typedef enum { 111typedef enum {
95 oBadOption, 112 oBadOption,
96 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, 113 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
114 oExitOnForwardFailure,
97 oPasswordAuthentication, oRSAAuthentication, 115 oPasswordAuthentication, oRSAAuthentication,
98 oChallengeResponseAuthentication, oXAuthLocation, 116 oChallengeResponseAuthentication, oXAuthLocation,
99 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 117 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
@@ -109,6 +127,7 @@ typedef enum {
109 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
110 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
111 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
130 oGssKeyEx,
112 oGssTrustDns, 131 oGssTrustDns,
113 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
114 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 133 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
@@ -125,6 +144,7 @@ static struct {
125 { "forwardagent", oForwardAgent }, 144 { "forwardagent", oForwardAgent },
126 { "forwardx11", oForwardX11 }, 145 { "forwardx11", oForwardX11 },
127 { "forwardx11trusted", oForwardX11Trusted }, 146 { "forwardx11trusted", oForwardX11Trusted },
147 { "exitonforwardfailure", oExitOnForwardFailure },
128 { "xauthlocation", oXAuthLocation }, 148 { "xauthlocation", oXAuthLocation },
129 { "gatewayports", oGatewayPorts }, 149 { "gatewayports", oGatewayPorts },
130 { "useprivilegedport", oUsePrivilegedPort }, 150 { "useprivilegedport", oUsePrivilegedPort },
@@ -145,10 +165,12 @@ static struct {
145 { "afstokenpassing", oUnsupported }, 165 { "afstokenpassing", oUnsupported },
146#if defined(GSSAPI) 166#if defined(GSSAPI)
147 { "gssapiauthentication", oGssAuthentication }, 167 { "gssapiauthentication", oGssAuthentication },
168 { "gssapikeyexchange", oGssKeyEx },
148 { "gssapidelegatecredentials", oGssDelegateCreds }, 169 { "gssapidelegatecredentials", oGssDelegateCreds },
149 { "gssapitrustdns", oGssTrustDns }, 170 { "gssapitrustdns", oGssTrustDns },
150#else 171#else
151 { "gssapiauthentication", oUnsupported }, 172 { "gssapiauthentication", oUnsupported },
173 { "gssapikeyexchange", oUnsupported },
152 { "gssapidelegatecredentials", oUnsupported }, 174 { "gssapidelegatecredentials", oUnsupported },
153 { "gssapitrustdns", oUnsupported }, 175 { "gssapitrustdns", oUnsupported },
154#endif 176#endif
@@ -309,7 +331,8 @@ process_config_line(Options *options, const char *host,
309 int *activep) 331 int *activep)
310{ 332{
311 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; 333 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
312 int opcode, *intptr, value, value2; 334 int opcode, *intptr, value, value2, scale;
335 long long orig, val64;
313 size_t len; 336 size_t len;
314 Forward fwd; 337 Forward fwd;
315 338
@@ -322,7 +345,8 @@ process_config_line(Options *options, const char *host,
322 345
323 s = line; 346 s = line;
324 /* Get the keyword. (Each line is supposed to begin with a keyword). */ 347 /* Get the keyword. (Each line is supposed to begin with a keyword). */
325 keyword = strdelim(&s); 348 if ((keyword = strdelim(&s)) == NULL)
349 return 0;
326 /* Ignore leading whitespace. */ 350 /* Ignore leading whitespace. */
327 if (*keyword == '\0') 351 if (*keyword == '\0')
328 keyword = strdelim(&s); 352 keyword = strdelim(&s);
@@ -346,7 +370,7 @@ parse_time:
346 if ((value = convtime(arg)) == -1) 370 if ((value = convtime(arg)) == -1)
347 fatal("%s line %d: invalid time value.", 371 fatal("%s line %d: invalid time value.",
348 filename, linenum); 372 filename, linenum);
349 if (*intptr == -1) 373 if (*activep && *intptr == -1)
350 *intptr = value; 374 *intptr = value;
351 break; 375 break;
352 376
@@ -379,6 +403,10 @@ parse_flag:
379 intptr = &options->gateway_ports; 403 intptr = &options->gateway_ports;
380 goto parse_flag; 404 goto parse_flag;
381 405
406 case oExitOnForwardFailure:
407 intptr = &options->exit_on_forward_failure;
408 goto parse_flag;
409
382 case oUsePrivilegedPort: 410 case oUsePrivilegedPort:
383 intptr = &options->use_privileged_port; 411 intptr = &options->use_privileged_port;
384 goto parse_flag; 412 goto parse_flag;
@@ -419,6 +447,10 @@ parse_flag:
419 intptr = &options->gss_authentication; 447 intptr = &options->gss_authentication;
420 goto parse_flag; 448 goto parse_flag;
421 449
450 case oGssKeyEx:
451 intptr = &options->gss_keyex;
452 goto parse_flag;
453
422 case oGssDelegateCreds: 454 case oGssDelegateCreds:
423 intptr = &options->gss_deleg_creds; 455 intptr = &options->gss_deleg_creds;
424 goto parse_flag; 456 goto parse_flag;
@@ -486,22 +518,36 @@ parse_yesnoask:
486 fatal("%.200s line %d: Missing argument.", filename, linenum); 518 fatal("%.200s line %d: Missing argument.", filename, linenum);
487 if (arg[0] < '0' || arg[0] > '9') 519 if (arg[0] < '0' || arg[0] > '9')
488 fatal("%.200s line %d: Bad number.", filename, linenum); 520 fatal("%.200s line %d: Bad number.", filename, linenum);
489 value = strtol(arg, &endofnumber, 10); 521 orig = val64 = strtoll(arg, &endofnumber, 10);
490 if (arg == endofnumber) 522 if (arg == endofnumber)
491 fatal("%.200s line %d: Bad number.", filename, linenum); 523 fatal("%.200s line %d: Bad number.", filename, linenum);
492 switch (toupper(*endofnumber)) { 524 switch (toupper(*endofnumber)) {
525 case '\0':
526 scale = 1;
527 break;
493 case 'K': 528 case 'K':
494 value *= 1<<10; 529 scale = 1<<10;
495 break; 530 break;
496 case 'M': 531 case 'M':
497 value *= 1<<20; 532 scale = 1<<20;
498 break; 533 break;
499 case 'G': 534 case 'G':
500 value *= 1<<30; 535 scale = 1<<30;
501 break; 536 break;
537 default:
538 fatal("%.200s line %d: Invalid RekeyLimit suffix",
539 filename, linenum);
502 } 540 }
541 val64 *= scale;
542 /* detect integer wrap and too-large limits */
543 if ((val64 / scale) != orig || val64 > INT_MAX)
544 fatal("%.200s line %d: RekeyLimit too large",
545 filename, linenum);
546 if (val64 < 16)
547 fatal("%.200s line %d: RekeyLimit too small",
548 filename, linenum);
503 if (*activep && *intptr == -1) 549 if (*activep && *intptr == -1)
504 *intptr = value; 550 *intptr = (int)val64;
505 break; 551 break;
506 552
507 case oIdentityFile: 553 case oIdentityFile:
@@ -513,7 +559,7 @@ parse_yesnoask:
513 if (*intptr >= SSH_MAX_IDENTITY_FILES) 559 if (*intptr >= SSH_MAX_IDENTITY_FILES)
514 fatal("%.200s line %d: Too many identity files specified (max %d).", 560 fatal("%.200s line %d: Too many identity files specified (max %d).",
515 filename, linenum, SSH_MAX_IDENTITY_FILES); 561 filename, linenum, SSH_MAX_IDENTITY_FILES);
516 charptr = &options->identity_files[*intptr]; 562 charptr = &options->identity_files[*intptr];
517 *charptr = xstrdup(arg); 563 *charptr = xstrdup(arg);
518 *intptr = *intptr + 1; 564 *intptr = *intptr + 1;
519 } 565 }
@@ -970,6 +1016,7 @@ initialize_options(Options * options)
970 options->forward_agent = -1; 1016 options->forward_agent = -1;
971 options->forward_x11 = -1; 1017 options->forward_x11 = -1;
972 options->forward_x11_trusted = -1; 1018 options->forward_x11_trusted = -1;
1019 options->exit_on_forward_failure = -1;
973 options->xauth_location = NULL; 1020 options->xauth_location = NULL;
974 options->gateway_ports = -1; 1021 options->gateway_ports = -1;
975 options->use_privileged_port = -1; 1022 options->use_privileged_port = -1;
@@ -977,6 +1024,7 @@ initialize_options(Options * options)
977 options->pubkey_authentication = -1; 1024 options->pubkey_authentication = -1;
978 options->challenge_response_authentication = -1; 1025 options->challenge_response_authentication = -1;
979 options->gss_authentication = -1; 1026 options->gss_authentication = -1;
1027 options->gss_keyex = -1;
980 options->gss_deleg_creds = -1; 1028 options->gss_deleg_creds = -1;
981 options->gss_trust_dns = -1; 1029 options->gss_trust_dns = -1;
982 options->password_authentication = -1; 1030 options->password_authentication = -1;
@@ -1051,6 +1099,8 @@ fill_default_options(Options * options)
1051 options->forward_x11 = 0; 1099 options->forward_x11 = 0;
1052 if (options->forward_x11_trusted == -1) 1100 if (options->forward_x11_trusted == -1)
1053 options->forward_x11_trusted = 0; 1101 options->forward_x11_trusted = 0;
1102 if (options->exit_on_forward_failure == -1)
1103 options->exit_on_forward_failure = 0;
1054 if (options->xauth_location == NULL) 1104 if (options->xauth_location == NULL)
1055 options->xauth_location = _PATH_XAUTH; 1105 options->xauth_location = _PATH_XAUTH;
1056 if (options->gateway_ports == -1) 1106 if (options->gateway_ports == -1)
@@ -1065,6 +1115,8 @@ fill_default_options(Options * options)
1065 options->challenge_response_authentication = 1; 1115 options->challenge_response_authentication = 1;
1066 if (options->gss_authentication == -1) 1116 if (options->gss_authentication == -1)
1067 options->gss_authentication = 0; 1117 options->gss_authentication = 0;
1118 if (options->gss_keyex == -1)
1119 options->gss_keyex = 0;
1068 if (options->gss_deleg_creds == -1) 1120 if (options->gss_deleg_creds == -1)
1069 options->gss_deleg_creds = 0; 1121 options->gss_deleg_creds = 0;
1070 if (options->gss_trust_dns == -1) 1122 if (options->gss_trust_dns == -1)