diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/readconf.c b/readconf.c index a3d42f2ae..661b8bf40 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -174,7 +174,7 @@ typedef enum { | |||
174 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 174 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
175 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 175 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
177 | oPubkeyAcceptedKeyTypes, oProxyJump, | 177 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, |
178 | oProtocolKeepAlives, oSetupTimeOut, | 178 | oProtocolKeepAlives, oSetupTimeOut, |
179 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 179 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
180 | } OpCodes; | 180 | } OpCodes; |
@@ -280,6 +280,7 @@ static struct { | |||
280 | { "dynamicforward", oDynamicForward }, | 280 | { "dynamicforward", oDynamicForward }, |
281 | { "preferredauthentications", oPreferredAuthentications }, | 281 | { "preferredauthentications", oPreferredAuthentications }, |
282 | { "hostkeyalgorithms", oHostKeyAlgorithms }, | 282 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
283 | { "casignaturealgorithms", oCASignatureAlgorithms }, | ||
283 | { "bindaddress", oBindAddress }, | 284 | { "bindaddress", oBindAddress }, |
284 | { "bindinterface", oBindInterface }, | 285 | { "bindinterface", oBindInterface }, |
285 | { "clearallforwardings", oClearAllForwardings }, | 286 | { "clearallforwardings", oClearAllForwardings }, |
@@ -1193,7 +1194,20 @@ parse_command: | |||
1193 | return 0; | 1194 | return 0; |
1194 | 1195 | ||
1195 | case oPort: | 1196 | case oPort: |
1196 | intptr = &options->port; | 1197 | arg = strdelim(&s); |
1198 | if (!arg || *arg == '\0') | ||
1199 | fatal("%.200s line %d: Missing argument.", | ||
1200 | filename, linenum); | ||
1201 | value = a2port(arg); | ||
1202 | if (value <= 0) | ||
1203 | fatal("%.200s line %d: Bad port '%s'.", | ||
1204 | filename, linenum, arg); | ||
1205 | if (*activep && options->port == -1) | ||
1206 | options->port = value; | ||
1207 | break; | ||
1208 | |||
1209 | case oConnectionAttempts: | ||
1210 | intptr = &options->connection_attempts; | ||
1197 | parse_int: | 1211 | parse_int: |
1198 | arg = strdelim(&s); | 1212 | arg = strdelim(&s); |
1199 | if ((errstr = atoi_err(arg, &value)) != NULL) | 1213 | if ((errstr = atoi_err(arg, &value)) != NULL) |
@@ -1203,10 +1217,6 @@ parse_int: | |||
1203 | *intptr = value; | 1217 | *intptr = value; |
1204 | break; | 1218 | break; |
1205 | 1219 | ||
1206 | case oConnectionAttempts: | ||
1207 | intptr = &options->connection_attempts; | ||
1208 | goto parse_int; | ||
1209 | |||
1210 | case oCiphers: | 1220 | case oCiphers: |
1211 | arg = strdelim(&s); | 1221 | arg = strdelim(&s); |
1212 | if (!arg || *arg == '\0') | 1222 | if (!arg || *arg == '\0') |
@@ -1257,6 +1267,10 @@ parse_keytypes: | |||
1257 | *charptr = xstrdup(arg); | 1267 | *charptr = xstrdup(arg); |
1258 | break; | 1268 | break; |
1259 | 1269 | ||
1270 | case oCASignatureAlgorithms: | ||
1271 | charptr = &options->ca_sign_algorithms; | ||
1272 | goto parse_keytypes; | ||
1273 | |||
1260 | case oLogLevel: | 1274 | case oLogLevel: |
1261 | log_level_ptr = &options->log_level; | 1275 | log_level_ptr = &options->log_level; |
1262 | arg = strdelim(&s); | 1276 | arg = strdelim(&s); |
@@ -1733,7 +1747,18 @@ parse_keytypes: | |||
1733 | 1747 | ||
1734 | case oIdentityAgent: | 1748 | case oIdentityAgent: |
1735 | charptr = &options->identity_agent; | 1749 | charptr = &options->identity_agent; |
1736 | goto parse_string; | 1750 | arg = strdelim(&s); |
1751 | if (!arg || *arg == '\0') | ||
1752 | fatal("%.200s line %d: Missing argument.", | ||
1753 | filename, linenum); | ||
1754 | /* Extra validation if the string represents an env var. */ | ||
1755 | if (arg[0] == '$' && !valid_env_name(arg + 1)) { | ||
1756 | fatal("%.200s line %d: Invalid environment name %s.", | ||
1757 | filename, linenum, arg); | ||
1758 | } | ||
1759 | if (*activep && *charptr == NULL) | ||
1760 | *charptr = xstrdup(arg); | ||
1761 | break; | ||
1737 | 1762 | ||
1738 | case oDeprecated: | 1763 | case oDeprecated: |
1739 | debug("%s line %d: Deprecated option \"%s\"", | 1764 | debug("%s line %d: Deprecated option \"%s\"", |
@@ -1878,6 +1903,7 @@ initialize_options(Options * options) | |||
1878 | options->macs = NULL; | 1903 | options->macs = NULL; |
1879 | options->kex_algorithms = NULL; | 1904 | options->kex_algorithms = NULL; |
1880 | options->hostkeyalgorithms = NULL; | 1905 | options->hostkeyalgorithms = NULL; |
1906 | options->ca_sign_algorithms = NULL; | ||
1881 | options->num_identity_files = 0; | 1907 | options->num_identity_files = 0; |
1882 | options->num_certificate_files = 0; | 1908 | options->num_certificate_files = 0; |
1883 | options->hostname = NULL; | 1909 | options->hostname = NULL; |
@@ -1966,7 +1992,7 @@ fill_default_options_for_canonicalization(Options *options) | |||
1966 | void | 1992 | void |
1967 | fill_default_options(Options * options) | 1993 | fill_default_options(Options * options) |
1968 | { | 1994 | { |
1969 | char *all_cipher, *all_mac, *all_kex, *all_key; | 1995 | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
1970 | int r; | 1996 | int r; |
1971 | 1997 | ||
1972 | if (options->forward_agent == -1) | 1998 | if (options->forward_agent == -1) |
@@ -2130,6 +2156,7 @@ fill_default_options(Options * options) | |||
2130 | all_mac = mac_alg_list(','); | 2156 | all_mac = mac_alg_list(','); |
2131 | all_kex = kex_alg_list(','); | 2157 | all_kex = kex_alg_list(','); |
2132 | all_key = sshkey_alg_list(0, 0, 1, ','); | 2158 | all_key = sshkey_alg_list(0, 0, 1, ','); |
2159 | all_sig = sshkey_alg_list(0, 1, 1, ','); | ||
2133 | #define ASSEMBLE(what, defaults, all) \ | 2160 | #define ASSEMBLE(what, defaults, all) \ |
2134 | do { \ | 2161 | do { \ |
2135 | if ((r = kex_assemble_names(&options->what, \ | 2162 | if ((r = kex_assemble_names(&options->what, \ |
@@ -2141,11 +2168,13 @@ fill_default_options(Options * options) | |||
2141 | ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); | 2168 | ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); |
2142 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); | 2169 | ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
2143 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); | 2170 | ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
2171 | ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); | ||
2144 | #undef ASSEMBLE | 2172 | #undef ASSEMBLE |
2145 | free(all_cipher); | 2173 | free(all_cipher); |
2146 | free(all_mac); | 2174 | free(all_mac); |
2147 | free(all_kex); | 2175 | free(all_kex); |
2148 | free(all_key); | 2176 | free(all_key); |
2177 | free(all_sig); | ||
2149 | 2178 | ||
2150 | #define CLEAR_ON_NONE(v) \ | 2179 | #define CLEAR_ON_NONE(v) \ |
2151 | do { \ | 2180 | do { \ |
@@ -2667,6 +2696,7 @@ dump_client_config(Options *o, const char *host) | |||
2667 | dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); | 2696 | dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); |
2668 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); | 2697 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
2669 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); | 2698 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); |
2699 | dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); | ||
2670 | dump_cfg_string(oLocalCommand, o->local_command); | 2700 | dump_cfg_string(oLocalCommand, o->local_command); |
2671 | dump_cfg_string(oRemoteCommand, o->remote_command); | 2701 | dump_cfg_string(oRemoteCommand, o->remote_command); |
2672 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); | 2702 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |