summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
commit62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /readconf.c
parent6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c202
1 files changed, 77 insertions, 125 deletions
diff --git a/readconf.c b/readconf.c
index 9d59493f0..f63894f9c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.279 2017/09/21 19:16:53 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,7 +152,7 @@ typedef enum {
152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, 154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
155 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, 155 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
156 oPubkeyAuthentication, 156 oPubkeyAuthentication,
157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -163,7 +163,8 @@ typedef enum {
163 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 163 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
164 oSendEnv, oControlPath, oControlMaster, oControlPersist, 164 oSendEnv, oControlPath, oControlMaster, oControlPersist,
165 oHashKnownHosts, 165 oHashKnownHosts,
166 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 166 oTunnel, oTunnelDevice,
167 oLocalCommand, oPermitLocalCommand, oRemoteCommand,
167 oVisualHostKey, 168 oVisualHostKey,
168 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, 169 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
169 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, 170 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
@@ -171,7 +172,7 @@ typedef enum {
171 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 172 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
172 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 173 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
173 oPubkeyAcceptedKeyTypes, oProxyJump, 174 oPubkeyAcceptedKeyTypes, oProxyJump,
174 oIgnoredUnknownOption, oDeprecated, oUnsupported 175 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
175} OpCodes; 176} OpCodes;
176 177
177/* Textual representations of the tokens. */ 178/* Textual representations of the tokens. */
@@ -181,6 +182,8 @@ static struct {
181 OpCodes opcode; 182 OpCodes opcode;
182} keywords[] = { 183} keywords[] = {
183 /* Deprecated options */ 184 /* Deprecated options */
185 { "protocol", oIgnore }, /* NB. silently ignored */
186 { "cipher", oDeprecated },
184 { "fallbacktorsh", oDeprecated }, 187 { "fallbacktorsh", oDeprecated },
185 { "globalknownhostsfile2", oDeprecated }, 188 { "globalknownhostsfile2", oDeprecated },
186 { "rhostsauthentication", oDeprecated }, 189 { "rhostsauthentication", oDeprecated },
@@ -208,15 +211,9 @@ static struct {
208 { "smartcarddevice", oUnsupported }, 211 { "smartcarddevice", oUnsupported },
209 { "pkcs11provider", oUnsupported }, 212 { "pkcs11provider", oUnsupported },
210#endif 213#endif
211#ifdef WITH_SSH1
212 { "rsaauthentication", oRSAAuthentication },
213 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
214 { "compressionlevel", oCompressionLevel },
215# else
216 { "rsaauthentication", oUnsupported }, 214 { "rsaauthentication", oUnsupported },
217 { "rhostsrsaauthentication", oUnsupported }, 215 { "rhostsrsaauthentication", oUnsupported },
218 { "compressionlevel", oUnsupported }, 216 { "compressionlevel", oUnsupported },
219#endif
220 217
221 { "forwardagent", oForwardAgent }, 218 { "forwardagent", oForwardAgent },
222 { "forwardx11", oForwardX11 }, 219 { "forwardx11", oForwardX11 },
@@ -245,10 +242,8 @@ static struct {
245 { "hostkeyalias", oHostKeyAlias }, 242 { "hostkeyalias", oHostKeyAlias },
246 { "proxycommand", oProxyCommand }, 243 { "proxycommand", oProxyCommand },
247 { "port", oPort }, 244 { "port", oPort },
248 { "cipher", oCipher },
249 { "ciphers", oCiphers }, 245 { "ciphers", oCiphers },
250 { "macs", oMacs }, 246 { "macs", oMacs },
251 { "protocol", oProtocol },
252 { "remoteforward", oRemoteForward }, 247 { "remoteforward", oRemoteForward },
253 { "localforward", oLocalForward }, 248 { "localforward", oLocalForward },
254 { "user", oUser }, 249 { "user", oUser },
@@ -265,6 +260,7 @@ static struct {
265 { "tcpkeepalive", oTCPKeepAlive }, 260 { "tcpkeepalive", oTCPKeepAlive },
266 { "keepalive", oTCPKeepAlive }, /* obsolete */ 261 { "keepalive", oTCPKeepAlive }, /* obsolete */
267 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 262 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
263 { "syslogfacility", oLogFacility },
268 { "loglevel", oLogLevel }, 264 { "loglevel", oLogLevel },
269 { "dynamicforward", oDynamicForward }, 265 { "dynamicforward", oDynamicForward },
270 { "preferredauthentications", oPreferredAuthentications }, 266 { "preferredauthentications", oPreferredAuthentications },
@@ -289,6 +285,7 @@ static struct {
289 { "tunneldevice", oTunnelDevice }, 285 { "tunneldevice", oTunnelDevice },
290 { "localcommand", oLocalCommand }, 286 { "localcommand", oLocalCommand },
291 { "permitlocalcommand", oPermitLocalCommand }, 287 { "permitlocalcommand", oPermitLocalCommand },
288 { "remotecommand", oRemoteCommand },
292 { "visualhostkey", oVisualHostKey }, 289 { "visualhostkey", oVisualHostKey },
293 { "kexalgorithms", oKexAlgorithms }, 290 { "kexalgorithms", oKexAlgorithms },
294 { "ipqos", oIPQoS }, 291 { "ipqos", oIPQoS },
@@ -443,8 +440,8 @@ add_identity_file(Options *options, const char *dir, const char *filename,
443 440
444 if (dir == NULL) /* no dir, filename is absolute */ 441 if (dir == NULL) /* no dir, filename is absolute */
445 path = xstrdup(filename); 442 path = xstrdup(filename);
446 else 443 else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX)
447 (void)xasprintf(&path, "%.100s%.100s", dir, filename); 444 fatal("Identity file path %s too long", path);
448 445
449 /* Avoid registering duplicates */ 446 /* Avoid registering duplicates */
450 for (i = 0; i < options->num_identity_files; i++) { 447 for (i = 0; i < options->num_identity_files; i++) {
@@ -754,6 +751,16 @@ static const struct multistate multistate_yesnoask[] = {
754 { "ask", 2 }, 751 { "ask", 2 },
755 { NULL, -1 } 752 { NULL, -1 }
756}; 753};
754static const struct multistate multistate_strict_hostkey[] = {
755 { "true", SSH_STRICT_HOSTKEY_YES },
756 { "false", SSH_STRICT_HOSTKEY_OFF },
757 { "yes", SSH_STRICT_HOSTKEY_YES },
758 { "no", SSH_STRICT_HOSTKEY_OFF },
759 { "ask", SSH_STRICT_HOSTKEY_ASK },
760 { "off", SSH_STRICT_HOSTKEY_OFF },
761 { "accept-new", SSH_STRICT_HOSTKEY_NEW },
762 { NULL, -1 }
763};
757static const struct multistate multistate_yesnoaskconfirm[] = { 764static const struct multistate multistate_yesnoaskconfirm[] = {
758 { "true", 1 }, 765 { "true", 1 },
759 { "false", 0 }, 766 { "false", 0 },
@@ -829,7 +836,9 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
829 char **cpptr, fwdarg[256]; 836 char **cpptr, fwdarg[256];
830 u_int i, *uintptr, max_entries = 0; 837 u_int i, *uintptr, max_entries = 0;
831 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; 838 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
839 int remotefwd, dynamicfwd;
832 LogLevel *log_level_ptr; 840 LogLevel *log_level_ptr;
841 SyslogFacility *log_facility_ptr;
833 long long val64; 842 long long val64;
834 size_t len; 843 size_t len;
835 struct Forward fwd; 844 struct Forward fwd;
@@ -870,6 +879,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
870 case oBadOption: 879 case oBadOption:
871 /* don't panic, but count bad options */ 880 /* don't panic, but count bad options */
872 return -1; 881 return -1;
882 case oIgnore:
883 return 0;
873 case oIgnoredUnknownOption: 884 case oIgnoredUnknownOption:
874 debug("%s line %d: Ignored unknown option \"%s\"", 885 debug("%s line %d: Ignored unknown option \"%s\"",
875 filename, linenum, keyword); 886 filename, linenum, keyword);
@@ -953,14 +964,6 @@ parse_time:
953 intptr = &options->pubkey_authentication; 964 intptr = &options->pubkey_authentication;
954 goto parse_flag; 965 goto parse_flag;
955 966
956 case oRSAAuthentication:
957 intptr = &options->rsa_authentication;
958 goto parse_flag;
959
960 case oRhostsRSAAuthentication:
961 intptr = &options->rhosts_rsa_authentication;
962 goto parse_flag;
963
964 case oHostbasedAuthentication: 967 case oHostbasedAuthentication:
965 intptr = &options->hostbased_authentication; 968 intptr = &options->hostbased_authentication;
966 goto parse_flag; 969 goto parse_flag;
@@ -992,7 +995,7 @@ parse_time:
992 995
993 case oStrictHostKeyChecking: 996 case oStrictHostKeyChecking:
994 intptr = &options->strict_host_key_checking; 997 intptr = &options->strict_host_key_checking;
995 multistate_ptr = multistate_yesnoask; 998 multistate_ptr = multistate_strict_hostkey;
996 goto parse_multistate; 999 goto parse_multistate;
997 1000
998 case oCompression: 1001 case oCompression:
@@ -1011,10 +1014,6 @@ parse_time:
1011 intptr = &options->number_of_password_prompts; 1014 intptr = &options->number_of_password_prompts;
1012 goto parse_int; 1015 goto parse_int;
1013 1016
1014 case oCompressionLevel:
1015 intptr = &options->compression_level;
1016 goto parse_int;
1017
1018 case oRekeyLimit: 1017 case oRekeyLimit:
1019 arg = strdelim(&s); 1018 arg = strdelim(&s);
1020 if (!arg || *arg == '\0') 1019 if (!arg || *arg == '\0')
@@ -1177,19 +1176,6 @@ parse_int:
1177 intptr = &options->connection_attempts; 1176 intptr = &options->connection_attempts;
1178 goto parse_int; 1177 goto parse_int;
1179 1178
1180 case oCipher:
1181 intptr = &options->cipher;
1182 arg = strdelim(&s);
1183 if (!arg || *arg == '\0')
1184 fatal("%.200s line %d: Missing argument.", filename, linenum);
1185 value = cipher_number(arg);
1186 if (value == -1)
1187 fatal("%.200s line %d: Bad cipher '%s'.",
1188 filename, linenum, arg ? arg : "<NONE>");
1189 if (*activep && *intptr == -1)
1190 *intptr = value;
1191 break;
1192
1193 case oCiphers: 1179 case oCiphers:
1194 arg = strdelim(&s); 1180 arg = strdelim(&s);
1195 if (!arg || *arg == '\0') 1181 if (!arg || *arg == '\0')
@@ -1240,19 +1226,6 @@ parse_keytypes:
1240 *charptr = xstrdup(arg); 1226 *charptr = xstrdup(arg);
1241 break; 1227 break;
1242 1228
1243 case oProtocol:
1244 intptr = &options->protocol;
1245 arg = strdelim(&s);
1246 if (!arg || *arg == '\0')
1247 fatal("%.200s line %d: Missing argument.", filename, linenum);
1248 value = proto_spec(arg);
1249 if (value == SSH_PROTO_UNKNOWN)
1250 fatal("%.200s line %d: Bad protocol spec '%s'.",
1251 filename, linenum, arg ? arg : "<NONE>");
1252 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
1253 *intptr = value;
1254 break;
1255
1256 case oLogLevel: 1229 case oLogLevel:
1257 log_level_ptr = &options->log_level; 1230 log_level_ptr = &options->log_level;
1258 arg = strdelim(&s); 1231 arg = strdelim(&s);
@@ -1264,6 +1237,17 @@ parse_keytypes:
1264 *log_level_ptr = (LogLevel) value; 1237 *log_level_ptr = (LogLevel) value;
1265 break; 1238 break;
1266 1239
1240 case oLogFacility:
1241 log_facility_ptr = &options->log_facility;
1242 arg = strdelim(&s);
1243 value = log_facility_number(arg);
1244 if (value == SYSLOG_FACILITY_NOT_SET)
1245 fatal("%.200s line %d: unsupported log facility '%s'",
1246 filename, linenum, arg ? arg : "<NONE>");
1247 if (*log_facility_ptr == -1)
1248 *log_facility_ptr = (SyslogFacility) value;
1249 break;
1250
1267 case oLocalForward: 1251 case oLocalForward:
1268 case oRemoteForward: 1252 case oRemoteForward:
1269 case oDynamicForward: 1253 case oDynamicForward:
@@ -1272,31 +1256,36 @@ parse_keytypes:
1272 fatal("%.200s line %d: Missing port argument.", 1256 fatal("%.200s line %d: Missing port argument.",
1273 filename, linenum); 1257 filename, linenum);
1274 1258
1275 if (opcode == oLocalForward || 1259 remotefwd = (opcode == oRemoteForward);
1276 opcode == oRemoteForward) { 1260 dynamicfwd = (opcode == oDynamicForward);
1277 arg2 = strdelim(&s);
1278 if (arg2 == NULL || *arg2 == '\0')
1279 fatal("%.200s line %d: Missing target argument.",
1280 filename, linenum);
1281 1261
1282 /* construct a string for parse_forward */ 1262 if (!dynamicfwd) {
1283 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); 1263 arg2 = strdelim(&s);
1284 } else if (opcode == oDynamicForward) { 1264 if (arg2 == NULL || *arg2 == '\0') {
1285 strlcpy(fwdarg, arg, sizeof(fwdarg)); 1265 if (remotefwd)
1266 dynamicfwd = 1;
1267 else
1268 fatal("%.200s line %d: Missing target "
1269 "argument.", filename, linenum);
1270 } else {
1271 /* construct a string for parse_forward */
1272 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg,
1273 arg2);
1274 }
1286 } 1275 }
1276 if (dynamicfwd)
1277 strlcpy(fwdarg, arg, sizeof(fwdarg));
1287 1278
1288 if (parse_forward(&fwd, fwdarg, 1279 if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0)
1289 opcode == oDynamicForward ? 1 : 0,
1290 opcode == oRemoteForward ? 1 : 0) == 0)
1291 fatal("%.200s line %d: Bad forwarding specification.", 1280 fatal("%.200s line %d: Bad forwarding specification.",
1292 filename, linenum); 1281 filename, linenum);
1293 1282
1294 if (*activep) { 1283 if (*activep) {
1295 if (opcode == oLocalForward || 1284 if (remotefwd) {
1296 opcode == oDynamicForward)
1297 add_local_forward(options, &fwd);
1298 else if (opcode == oRemoteForward)
1299 add_remote_forward(options, &fwd); 1285 add_remote_forward(options, &fwd);
1286 } else {
1287 add_local_forward(options, &fwd);
1288 }
1300 } 1289 }
1301 break; 1290 break;
1302 1291
@@ -1469,6 +1458,10 @@ parse_keytypes:
1469 intptr = &options->permit_local_command; 1458 intptr = &options->permit_local_command;
1470 goto parse_flag; 1459 goto parse_flag;
1471 1460
1461 case oRemoteCommand:
1462 charptr = &options->remote_command;
1463 goto parse_command;
1464
1472 case oVisualHostKey: 1465 case oVisualHostKey:
1473 intptr = &options->visual_host_key; 1466 intptr = &options->visual_host_key;
1474 goto parse_flag; 1467 goto parse_flag;
@@ -1794,7 +1787,6 @@ initialize_options(Options * options)
1794 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; 1787 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
1795 options->fwd_opts.streamlocal_bind_unlink = -1; 1788 options->fwd_opts.streamlocal_bind_unlink = -1;
1796 options->use_privileged_port = -1; 1789 options->use_privileged_port = -1;
1797 options->rsa_authentication = -1;
1798 options->pubkey_authentication = -1; 1790 options->pubkey_authentication = -1;
1799 options->challenge_response_authentication = -1; 1791 options->challenge_response_authentication = -1;
1800 options->gss_authentication = -1; 1792 options->gss_authentication = -1;
@@ -1802,25 +1794,21 @@ initialize_options(Options * options)
1802 options->password_authentication = -1; 1794 options->password_authentication = -1;
1803 options->kbd_interactive_authentication = -1; 1795 options->kbd_interactive_authentication = -1;
1804 options->kbd_interactive_devices = NULL; 1796 options->kbd_interactive_devices = NULL;
1805 options->rhosts_rsa_authentication = -1;
1806 options->hostbased_authentication = -1; 1797 options->hostbased_authentication = -1;
1807 options->batch_mode = -1; 1798 options->batch_mode = -1;
1808 options->check_host_ip = -1; 1799 options->check_host_ip = -1;
1809 options->strict_host_key_checking = -1; 1800 options->strict_host_key_checking = -1;
1810 options->compression = -1; 1801 options->compression = -1;
1811 options->tcp_keep_alive = -1; 1802 options->tcp_keep_alive = -1;
1812 options->compression_level = -1;
1813 options->port = -1; 1803 options->port = -1;
1814 options->address_family = -1; 1804 options->address_family = -1;
1815 options->connection_attempts = -1; 1805 options->connection_attempts = -1;
1816 options->connection_timeout = -1; 1806 options->connection_timeout = -1;
1817 options->number_of_password_prompts = -1; 1807 options->number_of_password_prompts = -1;
1818 options->cipher = -1;
1819 options->ciphers = NULL; 1808 options->ciphers = NULL;
1820 options->macs = NULL; 1809 options->macs = NULL;
1821 options->kex_algorithms = NULL; 1810 options->kex_algorithms = NULL;
1822 options->hostkeyalgorithms = NULL; 1811 options->hostkeyalgorithms = NULL;
1823 options->protocol = SSH_PROTO_UNKNOWN;
1824 options->num_identity_files = 0; 1812 options->num_identity_files = 0;
1825 options->num_certificate_files = 0; 1813 options->num_certificate_files = 0;
1826 options->hostname = NULL; 1814 options->hostname = NULL;
@@ -1838,6 +1826,7 @@ initialize_options(Options * options)
1838 options->num_local_forwards = 0; 1826 options->num_local_forwards = 0;
1839 options->remote_forwards = NULL; 1827 options->remote_forwards = NULL;
1840 options->num_remote_forwards = 0; 1828 options->num_remote_forwards = 0;
1829 options->log_facility = SYSLOG_FACILITY_NOT_SET;
1841 options->log_level = SYSLOG_LEVEL_NOT_SET; 1830 options->log_level = SYSLOG_LEVEL_NOT_SET;
1842 options->preferred_authentications = NULL; 1831 options->preferred_authentications = NULL;
1843 options->bind_address = NULL; 1832 options->bind_address = NULL;
@@ -1861,6 +1850,7 @@ initialize_options(Options * options)
1861 options->tun_remote = -1; 1850 options->tun_remote = -1;
1862 options->local_command = NULL; 1851 options->local_command = NULL;
1863 options->permit_local_command = -1; 1852 options->permit_local_command = -1;
1853 options->remote_command = NULL;
1864 options->add_keys_to_agent = -1; 1854 options->add_keys_to_agent = -1;
1865 options->identity_agent = NULL; 1855 options->identity_agent = NULL;
1866 options->visual_host_key = -1; 1856 options->visual_host_key = -1;
@@ -1934,8 +1924,6 @@ fill_default_options(Options * options)
1934 options->fwd_opts.streamlocal_bind_unlink = 0; 1924 options->fwd_opts.streamlocal_bind_unlink = 0;
1935 if (options->use_privileged_port == -1) 1925 if (options->use_privileged_port == -1)
1936 options->use_privileged_port = 0; 1926 options->use_privileged_port = 0;
1937 if (options->rsa_authentication == -1)
1938 options->rsa_authentication = 1;
1939 if (options->pubkey_authentication == -1) 1927 if (options->pubkey_authentication == -1)
1940 options->pubkey_authentication = 1; 1928 options->pubkey_authentication = 1;
1941 if (options->challenge_response_authentication == -1) 1929 if (options->challenge_response_authentication == -1)
@@ -1948,8 +1936,6 @@ fill_default_options(Options * options)
1948 options->password_authentication = 1; 1936 options->password_authentication = 1;
1949 if (options->kbd_interactive_authentication == -1) 1937 if (options->kbd_interactive_authentication == -1)
1950 options->kbd_interactive_authentication = 1; 1938 options->kbd_interactive_authentication = 1;
1951 if (options->rhosts_rsa_authentication == -1)
1952 options->rhosts_rsa_authentication = 0;
1953 if (options->hostbased_authentication == -1) 1939 if (options->hostbased_authentication == -1)
1954 options->hostbased_authentication = 0; 1940 options->hostbased_authentication = 0;
1955 if (options->batch_mode == -1) 1941 if (options->batch_mode == -1)
@@ -1957,13 +1943,11 @@ fill_default_options(Options * options)
1957 if (options->check_host_ip == -1) 1943 if (options->check_host_ip == -1)
1958 options->check_host_ip = 1; 1944 options->check_host_ip = 1;
1959 if (options->strict_host_key_checking == -1) 1945 if (options->strict_host_key_checking == -1)
1960 options->strict_host_key_checking = 2; /* 2 is default */ 1946 options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
1961 if (options->compression == -1) 1947 if (options->compression == -1)
1962 options->compression = 0; 1948 options->compression = 0;
1963 if (options->tcp_keep_alive == -1) 1949 if (options->tcp_keep_alive == -1)
1964 options->tcp_keep_alive = 1; 1950 options->tcp_keep_alive = 1;
1965 if (options->compression_level == -1)
1966 options->compression_level = 6;
1967 if (options->port == -1) 1951 if (options->port == -1)
1968 options->port = 0; /* Filled in ssh_connect. */ 1952 options->port = 0; /* Filled in ssh_connect. */
1969 if (options->address_family == -1) 1953 if (options->address_family == -1)
@@ -1972,31 +1956,17 @@ fill_default_options(Options * options)
1972 options->connection_attempts = 1; 1956 options->connection_attempts = 1;
1973 if (options->number_of_password_prompts == -1) 1957 if (options->number_of_password_prompts == -1)
1974 options->number_of_password_prompts = 3; 1958 options->number_of_password_prompts = 3;
1975 /* Selected in ssh_login(). */
1976 if (options->cipher == -1)
1977 options->cipher = SSH_CIPHER_NOT_SET;
1978 /* options->hostkeyalgorithms, default set in myproposals.h */ 1959 /* options->hostkeyalgorithms, default set in myproposals.h */
1979 if (options->protocol == SSH_PROTO_UNKNOWN)
1980 options->protocol = SSH_PROTO_2;
1981 if (options->add_keys_to_agent == -1) 1960 if (options->add_keys_to_agent == -1)
1982 options->add_keys_to_agent = 0; 1961 options->add_keys_to_agent = 0;
1983 if (options->num_identity_files == 0) { 1962 if (options->num_identity_files == 0) {
1984 if (options->protocol & SSH_PROTO_1) { 1963 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
1985 add_identity_file(options, "~/", 1964 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
1986 _PATH_SSH_CLIENT_IDENTITY, 0);
1987 }
1988 if (options->protocol & SSH_PROTO_2) {
1989 add_identity_file(options, "~/",
1990 _PATH_SSH_CLIENT_ID_RSA, 0);
1991 add_identity_file(options, "~/",
1992 _PATH_SSH_CLIENT_ID_DSA, 0);
1993#ifdef OPENSSL_HAS_ECC 1965#ifdef OPENSSL_HAS_ECC
1994 add_identity_file(options, "~/", 1966 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
1995 _PATH_SSH_CLIENT_ID_ECDSA, 0);
1996#endif 1967#endif
1997 add_identity_file(options, "~/", 1968 add_identity_file(options, "~/",
1998 _PATH_SSH_CLIENT_ID_ED25519, 0); 1969 _PATH_SSH_CLIENT_ID_ED25519, 0);
1999 }
2000 } 1970 }
2001 if (options->escape_char == -1) 1971 if (options->escape_char == -1)
2002 options->escape_char = '~'; 1972 options->escape_char = '~';
@@ -2014,6 +1984,8 @@ fill_default_options(Options * options)
2014 } 1984 }
2015 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 1985 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
2016 options->log_level = SYSLOG_LEVEL_INFO; 1986 options->log_level = SYSLOG_LEVEL_INFO;
1987 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
1988 options->log_facility = SYSLOG_FACILITY_USER;
2017 if (options->no_host_authentication_for_localhost == - 1) 1989 if (options->no_host_authentication_for_localhost == - 1)
2018 options->no_host_authentication_for_localhost = 0; 1990 options->no_host_authentication_for_localhost = 0;
2019 if (options->identities_only == -1) 1991 if (options->identities_only == -1)
@@ -2083,6 +2055,7 @@ fill_default_options(Options * options)
2083 } \ 2055 } \
2084 } while(0) 2056 } while(0)
2085 CLEAR_ON_NONE(options->local_command); 2057 CLEAR_ON_NONE(options->local_command);
2058 CLEAR_ON_NONE(options->remote_command);
2086 CLEAR_ON_NONE(options->proxy_command); 2059 CLEAR_ON_NONE(options->proxy_command);
2087 CLEAR_ON_NONE(options->control_path); 2060 CLEAR_ON_NONE(options->control_path);
2088 CLEAR_ON_NONE(options->revoked_host_keys); 2061 CLEAR_ON_NONE(options->revoked_host_keys);
@@ -2372,9 +2345,10 @@ fmt_intarg(OpCodes code, int val)
2372 case oAddressFamily: 2345 case oAddressFamily:
2373 return fmt_multistate_int(val, multistate_addressfamily); 2346 return fmt_multistate_int(val, multistate_addressfamily);
2374 case oVerifyHostKeyDNS: 2347 case oVerifyHostKeyDNS:
2375 case oStrictHostKeyChecking:
2376 case oUpdateHostkeys: 2348 case oUpdateHostkeys:
2377 return fmt_multistate_int(val, multistate_yesnoask); 2349 return fmt_multistate_int(val, multistate_yesnoask);
2350 case oStrictHostKeyChecking:
2351 return fmt_multistate_int(val, multistate_strict_hostkey);
2378 case oControlMaster: 2352 case oControlMaster:
2379 return fmt_multistate_int(val, multistate_controlmaster); 2353 return fmt_multistate_int(val, multistate_controlmaster);
2380 case oTunnel: 2354 case oTunnel:
@@ -2385,17 +2359,6 @@ fmt_intarg(OpCodes code, int val)
2385 return fmt_multistate_int(val, multistate_canonicalizehostname); 2359 return fmt_multistate_int(val, multistate_canonicalizehostname);
2386 case oFingerprintHash: 2360 case oFingerprintHash:
2387 return ssh_digest_alg_name(val); 2361 return ssh_digest_alg_name(val);
2388 case oProtocol:
2389 switch (val) {
2390 case SSH_PROTO_1:
2391 return "1";
2392 case SSH_PROTO_2:
2393 return "2";
2394 case (SSH_PROTO_1|SSH_PROTO_2):
2395 return "2,1";
2396 default:
2397 return "UNKNOWN";
2398 }
2399 default: 2362 default:
2400 switch (val) { 2363 switch (val) {
2401 case 0: 2364 case 0:
@@ -2540,14 +2503,9 @@ dump_client_config(Options *o, const char *host)
2540 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); 2503 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
2541 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); 2504 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
2542 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); 2505 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
2543 dump_cfg_fmtint(oProtocol, o->protocol);
2544 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); 2506 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2545 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); 2507 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2546 dump_cfg_fmtint(oRequestTTY, o->request_tty); 2508 dump_cfg_fmtint(oRequestTTY, o->request_tty);
2547#ifdef WITH_RSA1
2548 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2549 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
2550#endif
2551 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2509 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2552 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); 2510 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2553 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); 2511 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2559,9 +2517,6 @@ dump_client_config(Options *o, const char *host)
2559 2517
2560 /* Integer options */ 2518 /* Integer options */
2561 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); 2519 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
2562#ifdef WITH_SSH1
2563 dump_cfg_int(oCompressionLevel, o->compression_level);
2564#endif
2565 dump_cfg_int(oConnectionAttempts, o->connection_attempts); 2520 dump_cfg_int(oConnectionAttempts, o->connection_attempts);
2566 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); 2521 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
2567 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); 2522 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
@@ -2579,6 +2534,7 @@ dump_client_config(Options *o, const char *host)
2579 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2534 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2580 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2535 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
2581 dump_cfg_string(oLocalCommand, o->local_command); 2536 dump_cfg_string(oLocalCommand, o->local_command);
2537 dump_cfg_string(oRemoteCommand, o->remote_command);
2582 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2538 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2583 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2539 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2584#ifdef ENABLE_PKCS11 2540#ifdef ENABLE_PKCS11
@@ -2631,10 +2587,6 @@ dump_client_config(Options *o, const char *host)
2631 printf("\n"); 2587 printf("\n");
2632 } 2588 }
2633 2589
2634 /* oCipher */
2635 if (o->cipher != SSH_CIPHER_NOT_SET)
2636 printf("Cipher %s\n", cipher_name(o->cipher));
2637
2638 /* oControlPersist */ 2590 /* oControlPersist */
2639 if (o->control_persist == 0 || o->control_persist_timeout == 0) 2591 if (o->control_persist == 0 || o->control_persist_timeout == 0)
2640 dump_cfg_fmtint(oControlPersist, o->control_persist); 2592 dump_cfg_fmtint(oControlPersist, o->control_persist);
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 03:14:46 +0000