diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c index 0e83f5809..656a2519f 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -19,6 +19,8 @@ | |||
19 | #include <sys/socket.h> | 19 | #include <sys/socket.h> |
20 | 20 | ||
21 | #include <netinet/in.h> | 21 | #include <netinet/in.h> |
22 | #include <netinet/in_systm.h> | ||
23 | #include <netinet/ip.h> | ||
22 | 24 | ||
23 | #include <ctype.h> | 25 | #include <ctype.h> |
24 | #include <errno.h> | 26 | #include <errno.h> |
@@ -131,11 +133,13 @@ typedef enum { | |||
131 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 133 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 134 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, | 135 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
136 | oGssServerIdentity, | ||
134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 137 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
135 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 138 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
136 | oHashKnownHosts, | 139 | oHashKnownHosts, |
137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
142 | oKexAlgorithms, oIPQoS, | ||
139 | oProtocolKeepAlives, oSetupTimeOut, | 143 | oProtocolKeepAlives, oSetupTimeOut, |
140 | oDeprecated, oUnsupported | 144 | oDeprecated, oUnsupported |
141 | } OpCodes; | 145 | } OpCodes; |
@@ -176,6 +180,7 @@ static struct { | |||
176 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 180 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
177 | { "gssapitrustdns", oGssTrustDns }, | 181 | { "gssapitrustdns", oGssTrustDns }, |
178 | { "gssapiclientidentity", oGssClientIdentity }, | 182 | { "gssapiclientidentity", oGssClientIdentity }, |
183 | { "gssapiserveridentity", oGssServerIdentity }, | ||
179 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | 184 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, |
180 | #else | 185 | #else |
181 | { "gssapiauthentication", oUnsupported }, | 186 | { "gssapiauthentication", oUnsupported }, |
@@ -254,6 +259,8 @@ static struct { | |||
254 | #else | 259 | #else |
255 | { "zeroknowledgepasswordauthentication", oUnsupported }, | 260 | { "zeroknowledgepasswordauthentication", oUnsupported }, |
256 | #endif | 261 | #endif |
262 | { "kexalgorithms", oKexAlgorithms }, | ||
263 | { "ipqos", oIPQoS }, | ||
257 | { "protocolkeepalives", oProtocolKeepAlives }, | 264 | { "protocolkeepalives", oProtocolKeepAlives }, |
258 | { "setuptimeout", oSetupTimeOut }, | 265 | { "setuptimeout", oSetupTimeOut }, |
259 | 266 | ||
@@ -510,6 +517,10 @@ parse_flag: | |||
510 | charptr = &options->gss_client_identity; | 517 | charptr = &options->gss_client_identity; |
511 | goto parse_string; | 518 | goto parse_string; |
512 | 519 | ||
520 | case oGssServerIdentity: | ||
521 | charptr = &options->gss_server_identity; | ||
522 | goto parse_string; | ||
523 | |||
513 | case oGssRenewalRekey: | 524 | case oGssRenewalRekey: |
514 | intptr = &options->gss_renewal_rekey; | 525 | intptr = &options->gss_renewal_rekey; |
515 | goto parse_flag; | 526 | goto parse_flag; |
@@ -735,6 +746,18 @@ parse_int: | |||
735 | options->macs = xstrdup(arg); | 746 | options->macs = xstrdup(arg); |
736 | break; | 747 | break; |
737 | 748 | ||
749 | case oKexAlgorithms: | ||
750 | arg = strdelim(&s); | ||
751 | if (!arg || *arg == '\0') | ||
752 | fatal("%.200s line %d: Missing argument.", | ||
753 | filename, linenum); | ||
754 | if (!kex_names_valid(arg)) | ||
755 | fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", | ||
756 | filename, linenum, arg ? arg : "<NONE>"); | ||
757 | if (*activep && options->kex_algorithms == NULL) | ||
758 | options->kex_algorithms = xstrdup(arg); | ||
759 | break; | ||
760 | |||
738 | case oHostKeyAlgorithms: | 761 | case oHostKeyAlgorithms: |
739 | arg = strdelim(&s); | 762 | arg = strdelim(&s); |
740 | if (!arg || *arg == '\0') | 763 | if (!arg || *arg == '\0') |
@@ -997,6 +1020,23 @@ parse_int: | |||
997 | intptr = &options->visual_host_key; | 1020 | intptr = &options->visual_host_key; |
998 | goto parse_flag; | 1021 | goto parse_flag; |
999 | 1022 | ||
1023 | case oIPQoS: | ||
1024 | arg = strdelim(&s); | ||
1025 | if ((value = parse_ipqos(arg)) == -1) | ||
1026 | fatal("%s line %d: Bad IPQoS value: %s", | ||
1027 | filename, linenum, arg); | ||
1028 | arg = strdelim(&s); | ||
1029 | if (arg == NULL) | ||
1030 | value2 = value; | ||
1031 | else if ((value2 = parse_ipqos(arg)) == -1) | ||
1032 | fatal("%s line %d: Bad IPQoS value: %s", | ||
1033 | filename, linenum, arg); | ||
1034 | if (*activep) { | ||
1035 | options->ip_qos_interactive = value; | ||
1036 | options->ip_qos_bulk = value2; | ||
1037 | } | ||
1038 | break; | ||
1039 | |||
1000 | case oUseRoaming: | 1040 | case oUseRoaming: |
1001 | intptr = &options->use_roaming; | 1041 | intptr = &options->use_roaming; |
1002 | goto parse_flag; | 1042 | goto parse_flag; |
@@ -1100,6 +1140,7 @@ initialize_options(Options * options) | |||
1100 | options->gss_trust_dns = -1; | 1140 | options->gss_trust_dns = -1; |
1101 | options->gss_renewal_rekey = -1; | 1141 | options->gss_renewal_rekey = -1; |
1102 | options->gss_client_identity = NULL; | 1142 | options->gss_client_identity = NULL; |
1143 | options->gss_server_identity = NULL; | ||
1103 | options->password_authentication = -1; | 1144 | options->password_authentication = -1; |
1104 | options->kbd_interactive_authentication = -1; | 1145 | options->kbd_interactive_authentication = -1; |
1105 | options->kbd_interactive_devices = NULL; | 1146 | options->kbd_interactive_devices = NULL; |
@@ -1120,6 +1161,7 @@ initialize_options(Options * options) | |||
1120 | options->cipher = -1; | 1161 | options->cipher = -1; |
1121 | options->ciphers = NULL; | 1162 | options->ciphers = NULL; |
1122 | options->macs = NULL; | 1163 | options->macs = NULL; |
1164 | options->kex_algorithms = NULL; | ||
1123 | options->hostkeyalgorithms = NULL; | 1165 | options->hostkeyalgorithms = NULL; |
1124 | options->protocol = SSH_PROTO_UNKNOWN; | 1166 | options->protocol = SSH_PROTO_UNKNOWN; |
1125 | options->num_identity_files = 0; | 1167 | options->num_identity_files = 0; |
@@ -1162,6 +1204,8 @@ initialize_options(Options * options) | |||
1162 | options->use_roaming = -1; | 1204 | options->use_roaming = -1; |
1163 | options->visual_host_key = -1; | 1205 | options->visual_host_key = -1; |
1164 | options->zero_knowledge_password_authentication = -1; | 1206 | options->zero_knowledge_password_authentication = -1; |
1207 | options->ip_qos_interactive = -1; | ||
1208 | options->ip_qos_bulk = -1; | ||
1165 | } | 1209 | } |
1166 | 1210 | ||
1167 | /* | 1211 | /* |
@@ -1241,6 +1285,7 @@ fill_default_options(Options * options) | |||
1241 | options->cipher = SSH_CIPHER_NOT_SET; | 1285 | options->cipher = SSH_CIPHER_NOT_SET; |
1242 | /* options->ciphers, default set in myproposals.h */ | 1286 | /* options->ciphers, default set in myproposals.h */ |
1243 | /* options->macs, default set in myproposals.h */ | 1287 | /* options->macs, default set in myproposals.h */ |
1288 | /* options->kex_algorithms, default set in myproposals.h */ | ||
1244 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1289 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
1245 | if (options->protocol == SSH_PROTO_UNKNOWN) | 1290 | if (options->protocol == SSH_PROTO_UNKNOWN) |
1246 | options->protocol = SSH_PROTO_2; | 1291 | options->protocol = SSH_PROTO_2; |
@@ -1264,6 +1309,13 @@ fill_default_options(Options * options) | |||
1264 | xmalloc(len); | 1309 | xmalloc(len); |
1265 | snprintf(options->identity_files[options->num_identity_files++], | 1310 | snprintf(options->identity_files[options->num_identity_files++], |
1266 | len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); | 1311 | len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); |
1312 | #ifdef OPENSSL_HAS_ECC | ||
1313 | len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; | ||
1314 | options->identity_files[options->num_identity_files] = | ||
1315 | xmalloc(len); | ||
1316 | snprintf(options->identity_files[options->num_identity_files++], | ||
1317 | len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); | ||
1318 | #endif | ||
1267 | } | 1319 | } |
1268 | } | 1320 | } |
1269 | if (options->escape_char == -1) | 1321 | if (options->escape_char == -1) |
@@ -1321,6 +1373,10 @@ fill_default_options(Options * options) | |||
1321 | options->visual_host_key = 0; | 1373 | options->visual_host_key = 0; |
1322 | if (options->zero_knowledge_password_authentication == -1) | 1374 | if (options->zero_knowledge_password_authentication == -1) |
1323 | options->zero_knowledge_password_authentication = 0; | 1375 | options->zero_knowledge_password_authentication = 0; |
1376 | if (options->ip_qos_interactive == -1) | ||
1377 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
1378 | if (options->ip_qos_bulk == -1) | ||
1379 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
1324 | /* options->local_command should not be set by default */ | 1380 | /* options->local_command should not be set by default */ |
1325 | /* options->proxy_command should not be set by default */ | 1381 | /* options->proxy_command should not be set by default */ |
1326 | /* options->user will be set in the main program if appropriate */ | 1382 | /* options->user will be set in the main program if appropriate */ |