summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c58
1 files changed, 57 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c
index 0e83f5809..656a2519f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -19,6 +19,8 @@
19#include <sys/socket.h> 19#include <sys/socket.h>
20 20
21#include <netinet/in.h> 21#include <netinet/in.h>
22#include <netinet/in_systm.h>
23#include <netinet/ip.h>
22 24
23#include <ctype.h> 25#include <ctype.h>
24#include <errno.h> 26#include <errno.h>
@@ -131,11 +133,13 @@ typedef enum {
131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 133 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
132 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 134 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
133 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, 135 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
136 oGssServerIdentity,
134 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 137 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
135 oSendEnv, oControlPath, oControlMaster, oControlPersist, 138 oSendEnv, oControlPath, oControlMaster, oControlPersist,
136 oHashKnownHosts, 139 oHashKnownHosts,
137 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 140 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
138 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 141 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
142 oKexAlgorithms, oIPQoS,
139 oProtocolKeepAlives, oSetupTimeOut, 143 oProtocolKeepAlives, oSetupTimeOut,
140 oDeprecated, oUnsupported 144 oDeprecated, oUnsupported
141} OpCodes; 145} OpCodes;
@@ -176,6 +180,7 @@ static struct {
176 { "gssapidelegatecredentials", oGssDelegateCreds }, 180 { "gssapidelegatecredentials", oGssDelegateCreds },
177 { "gssapitrustdns", oGssTrustDns }, 181 { "gssapitrustdns", oGssTrustDns },
178 { "gssapiclientidentity", oGssClientIdentity }, 182 { "gssapiclientidentity", oGssClientIdentity },
183 { "gssapiserveridentity", oGssServerIdentity },
179 { "gssapirenewalforcesrekey", oGssRenewalRekey }, 184 { "gssapirenewalforcesrekey", oGssRenewalRekey },
180#else 185#else
181 { "gssapiauthentication", oUnsupported }, 186 { "gssapiauthentication", oUnsupported },
@@ -254,6 +259,8 @@ static struct {
254#else 259#else
255 { "zeroknowledgepasswordauthentication", oUnsupported }, 260 { "zeroknowledgepasswordauthentication", oUnsupported },
256#endif 261#endif
262 { "kexalgorithms", oKexAlgorithms },
263 { "ipqos", oIPQoS },
257 { "protocolkeepalives", oProtocolKeepAlives }, 264 { "protocolkeepalives", oProtocolKeepAlives },
258 { "setuptimeout", oSetupTimeOut }, 265 { "setuptimeout", oSetupTimeOut },
259 266
@@ -510,6 +517,10 @@ parse_flag:
510 charptr = &options->gss_client_identity; 517 charptr = &options->gss_client_identity;
511 goto parse_string; 518 goto parse_string;
512 519
520 case oGssServerIdentity:
521 charptr = &options->gss_server_identity;
522 goto parse_string;
523
513 case oGssRenewalRekey: 524 case oGssRenewalRekey:
514 intptr = &options->gss_renewal_rekey; 525 intptr = &options->gss_renewal_rekey;
515 goto parse_flag; 526 goto parse_flag;
@@ -735,6 +746,18 @@ parse_int:
735 options->macs = xstrdup(arg); 746 options->macs = xstrdup(arg);
736 break; 747 break;
737 748
749 case oKexAlgorithms:
750 arg = strdelim(&s);
751 if (!arg || *arg == '\0')
752 fatal("%.200s line %d: Missing argument.",
753 filename, linenum);
754 if (!kex_names_valid(arg))
755 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
756 filename, linenum, arg ? arg : "<NONE>");
757 if (*activep && options->kex_algorithms == NULL)
758 options->kex_algorithms = xstrdup(arg);
759 break;
760
738 case oHostKeyAlgorithms: 761 case oHostKeyAlgorithms:
739 arg = strdelim(&s); 762 arg = strdelim(&s);
740 if (!arg || *arg == '\0') 763 if (!arg || *arg == '\0')
@@ -997,6 +1020,23 @@ parse_int:
997 intptr = &options->visual_host_key; 1020 intptr = &options->visual_host_key;
998 goto parse_flag; 1021 goto parse_flag;
999 1022
1023 case oIPQoS:
1024 arg = strdelim(&s);
1025 if ((value = parse_ipqos(arg)) == -1)
1026 fatal("%s line %d: Bad IPQoS value: %s",
1027 filename, linenum, arg);
1028 arg = strdelim(&s);
1029 if (arg == NULL)
1030 value2 = value;
1031 else if ((value2 = parse_ipqos(arg)) == -1)
1032 fatal("%s line %d: Bad IPQoS value: %s",
1033 filename, linenum, arg);
1034 if (*activep) {
1035 options->ip_qos_interactive = value;
1036 options->ip_qos_bulk = value2;
1037 }
1038 break;
1039
1000 case oUseRoaming: 1040 case oUseRoaming:
1001 intptr = &options->use_roaming; 1041 intptr = &options->use_roaming;
1002 goto parse_flag; 1042 goto parse_flag;
@@ -1100,6 +1140,7 @@ initialize_options(Options * options)
1100 options->gss_trust_dns = -1; 1140 options->gss_trust_dns = -1;
1101 options->gss_renewal_rekey = -1; 1141 options->gss_renewal_rekey = -1;
1102 options->gss_client_identity = NULL; 1142 options->gss_client_identity = NULL;
1143 options->gss_server_identity = NULL;
1103 options->password_authentication = -1; 1144 options->password_authentication = -1;
1104 options->kbd_interactive_authentication = -1; 1145 options->kbd_interactive_authentication = -1;
1105 options->kbd_interactive_devices = NULL; 1146 options->kbd_interactive_devices = NULL;
@@ -1120,6 +1161,7 @@ initialize_options(Options * options)
1120 options->cipher = -1; 1161 options->cipher = -1;
1121 options->ciphers = NULL; 1162 options->ciphers = NULL;
1122 options->macs = NULL; 1163 options->macs = NULL;
1164 options->kex_algorithms = NULL;
1123 options->hostkeyalgorithms = NULL; 1165 options->hostkeyalgorithms = NULL;
1124 options->protocol = SSH_PROTO_UNKNOWN; 1166 options->protocol = SSH_PROTO_UNKNOWN;
1125 options->num_identity_files = 0; 1167 options->num_identity_files = 0;
@@ -1162,6 +1204,8 @@ initialize_options(Options * options)
1162 options->use_roaming = -1; 1204 options->use_roaming = -1;
1163 options->visual_host_key = -1; 1205 options->visual_host_key = -1;
1164 options->zero_knowledge_password_authentication = -1; 1206 options->zero_knowledge_password_authentication = -1;
1207 options->ip_qos_interactive = -1;
1208 options->ip_qos_bulk = -1;
1165} 1209}
1166 1210
1167/* 1211/*
@@ -1241,6 +1285,7 @@ fill_default_options(Options * options)
1241 options->cipher = SSH_CIPHER_NOT_SET; 1285 options->cipher = SSH_CIPHER_NOT_SET;
1242 /* options->ciphers, default set in myproposals.h */ 1286 /* options->ciphers, default set in myproposals.h */
1243 /* options->macs, default set in myproposals.h */ 1287 /* options->macs, default set in myproposals.h */
1288 /* options->kex_algorithms, default set in myproposals.h */
1244 /* options->hostkeyalgorithms, default set in myproposals.h */ 1289 /* options->hostkeyalgorithms, default set in myproposals.h */
1245 if (options->protocol == SSH_PROTO_UNKNOWN) 1290 if (options->protocol == SSH_PROTO_UNKNOWN)
1246 options->protocol = SSH_PROTO_2; 1291 options->protocol = SSH_PROTO_2;
@@ -1264,6 +1309,13 @@ fill_default_options(Options * options)
1264 xmalloc(len); 1309 xmalloc(len);
1265 snprintf(options->identity_files[options->num_identity_files++], 1310 snprintf(options->identity_files[options->num_identity_files++],
1266 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); 1311 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1312#ifdef OPENSSL_HAS_ECC
1313 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
1314 options->identity_files[options->num_identity_files] =
1315 xmalloc(len);
1316 snprintf(options->identity_files[options->num_identity_files++],
1317 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
1318#endif
1267 } 1319 }
1268 } 1320 }
1269 if (options->escape_char == -1) 1321 if (options->escape_char == -1)
@@ -1321,6 +1373,10 @@ fill_default_options(Options * options)
1321 options->visual_host_key = 0; 1373 options->visual_host_key = 0;
1322 if (options->zero_knowledge_password_authentication == -1) 1374 if (options->zero_knowledge_password_authentication == -1)
1323 options->zero_knowledge_password_authentication = 0; 1375 options->zero_knowledge_password_authentication = 0;
1376 if (options->ip_qos_interactive == -1)
1377 options->ip_qos_interactive = IPTOS_LOWDELAY;
1378 if (options->ip_qos_bulk == -1)
1379 options->ip_qos_bulk = IPTOS_THROUGHPUT;
1324 /* options->local_command should not be set by default */ 1380 /* options->local_command should not be set by default */
1325 /* options->proxy_command should not be set by default */ 1381 /* options->proxy_command should not be set by default */
1326 /* options->user will be set in the main program if appropriate */ 1382 /* options->user will be set in the main program if appropriate */