diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 202 |
1 files changed, 77 insertions, 125 deletions
diff --git a/readconf.c b/readconf.c index 9d59493f0..f63894f9c 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.279 2017/09/21 19:16:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -152,7 +152,7 @@ typedef enum { | |||
152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 152 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, | 153 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
154 | oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, | 154 | oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, |
155 | oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, | 155 | oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs, |
156 | oPubkeyAuthentication, | 156 | oPubkeyAuthentication, |
157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 157 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 158 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
@@ -163,7 +163,8 @@ typedef enum { | |||
163 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 163 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
164 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 164 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
165 | oHashKnownHosts, | 165 | oHashKnownHosts, |
166 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 166 | oTunnel, oTunnelDevice, |
167 | oLocalCommand, oPermitLocalCommand, oRemoteCommand, | ||
167 | oVisualHostKey, | 168 | oVisualHostKey, |
168 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, | 169 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
169 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, | 170 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
@@ -171,7 +172,7 @@ typedef enum { | |||
171 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 172 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
172 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 173 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
173 | oPubkeyAcceptedKeyTypes, oProxyJump, | 174 | oPubkeyAcceptedKeyTypes, oProxyJump, |
174 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 175 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
175 | } OpCodes; | 176 | } OpCodes; |
176 | 177 | ||
177 | /* Textual representations of the tokens. */ | 178 | /* Textual representations of the tokens. */ |
@@ -181,6 +182,8 @@ static struct { | |||
181 | OpCodes opcode; | 182 | OpCodes opcode; |
182 | } keywords[] = { | 183 | } keywords[] = { |
183 | /* Deprecated options */ | 184 | /* Deprecated options */ |
185 | { "protocol", oIgnore }, /* NB. silently ignored */ | ||
186 | { "cipher", oDeprecated }, | ||
184 | { "fallbacktorsh", oDeprecated }, | 187 | { "fallbacktorsh", oDeprecated }, |
185 | { "globalknownhostsfile2", oDeprecated }, | 188 | { "globalknownhostsfile2", oDeprecated }, |
186 | { "rhostsauthentication", oDeprecated }, | 189 | { "rhostsauthentication", oDeprecated }, |
@@ -208,15 +211,9 @@ static struct { | |||
208 | { "smartcarddevice", oUnsupported }, | 211 | { "smartcarddevice", oUnsupported }, |
209 | { "pkcs11provider", oUnsupported }, | 212 | { "pkcs11provider", oUnsupported }, |
210 | #endif | 213 | #endif |
211 | #ifdef WITH_SSH1 | ||
212 | { "rsaauthentication", oRSAAuthentication }, | ||
213 | { "rhostsrsaauthentication", oRhostsRSAAuthentication }, | ||
214 | { "compressionlevel", oCompressionLevel }, | ||
215 | # else | ||
216 | { "rsaauthentication", oUnsupported }, | 214 | { "rsaauthentication", oUnsupported }, |
217 | { "rhostsrsaauthentication", oUnsupported }, | 215 | { "rhostsrsaauthentication", oUnsupported }, |
218 | { "compressionlevel", oUnsupported }, | 216 | { "compressionlevel", oUnsupported }, |
219 | #endif | ||
220 | 217 | ||
221 | { "forwardagent", oForwardAgent }, | 218 | { "forwardagent", oForwardAgent }, |
222 | { "forwardx11", oForwardX11 }, | 219 | { "forwardx11", oForwardX11 }, |
@@ -245,10 +242,8 @@ static struct { | |||
245 | { "hostkeyalias", oHostKeyAlias }, | 242 | { "hostkeyalias", oHostKeyAlias }, |
246 | { "proxycommand", oProxyCommand }, | 243 | { "proxycommand", oProxyCommand }, |
247 | { "port", oPort }, | 244 | { "port", oPort }, |
248 | { "cipher", oCipher }, | ||
249 | { "ciphers", oCiphers }, | 245 | { "ciphers", oCiphers }, |
250 | { "macs", oMacs }, | 246 | { "macs", oMacs }, |
251 | { "protocol", oProtocol }, | ||
252 | { "remoteforward", oRemoteForward }, | 247 | { "remoteforward", oRemoteForward }, |
253 | { "localforward", oLocalForward }, | 248 | { "localforward", oLocalForward }, |
254 | { "user", oUser }, | 249 | { "user", oUser }, |
@@ -265,6 +260,7 @@ static struct { | |||
265 | { "tcpkeepalive", oTCPKeepAlive }, | 260 | { "tcpkeepalive", oTCPKeepAlive }, |
266 | { "keepalive", oTCPKeepAlive }, /* obsolete */ | 261 | { "keepalive", oTCPKeepAlive }, /* obsolete */ |
267 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, | 262 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
263 | { "syslogfacility", oLogFacility }, | ||
268 | { "loglevel", oLogLevel }, | 264 | { "loglevel", oLogLevel }, |
269 | { "dynamicforward", oDynamicForward }, | 265 | { "dynamicforward", oDynamicForward }, |
270 | { "preferredauthentications", oPreferredAuthentications }, | 266 | { "preferredauthentications", oPreferredAuthentications }, |
@@ -289,6 +285,7 @@ static struct { | |||
289 | { "tunneldevice", oTunnelDevice }, | 285 | { "tunneldevice", oTunnelDevice }, |
290 | { "localcommand", oLocalCommand }, | 286 | { "localcommand", oLocalCommand }, |
291 | { "permitlocalcommand", oPermitLocalCommand }, | 287 | { "permitlocalcommand", oPermitLocalCommand }, |
288 | { "remotecommand", oRemoteCommand }, | ||
292 | { "visualhostkey", oVisualHostKey }, | 289 | { "visualhostkey", oVisualHostKey }, |
293 | { "kexalgorithms", oKexAlgorithms }, | 290 | { "kexalgorithms", oKexAlgorithms }, |
294 | { "ipqos", oIPQoS }, | 291 | { "ipqos", oIPQoS }, |
@@ -443,8 +440,8 @@ add_identity_file(Options *options, const char *dir, const char *filename, | |||
443 | 440 | ||
444 | if (dir == NULL) /* no dir, filename is absolute */ | 441 | if (dir == NULL) /* no dir, filename is absolute */ |
445 | path = xstrdup(filename); | 442 | path = xstrdup(filename); |
446 | else | 443 | else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX) |
447 | (void)xasprintf(&path, "%.100s%.100s", dir, filename); | 444 | fatal("Identity file path %s too long", path); |
448 | 445 | ||
449 | /* Avoid registering duplicates */ | 446 | /* Avoid registering duplicates */ |
450 | for (i = 0; i < options->num_identity_files; i++) { | 447 | for (i = 0; i < options->num_identity_files; i++) { |
@@ -754,6 +751,16 @@ static const struct multistate multistate_yesnoask[] = { | |||
754 | { "ask", 2 }, | 751 | { "ask", 2 }, |
755 | { NULL, -1 } | 752 | { NULL, -1 } |
756 | }; | 753 | }; |
754 | static const struct multistate multistate_strict_hostkey[] = { | ||
755 | { "true", SSH_STRICT_HOSTKEY_YES }, | ||
756 | { "false", SSH_STRICT_HOSTKEY_OFF }, | ||
757 | { "yes", SSH_STRICT_HOSTKEY_YES }, | ||
758 | { "no", SSH_STRICT_HOSTKEY_OFF }, | ||
759 | { "ask", SSH_STRICT_HOSTKEY_ASK }, | ||
760 | { "off", SSH_STRICT_HOSTKEY_OFF }, | ||
761 | { "accept-new", SSH_STRICT_HOSTKEY_NEW }, | ||
762 | { NULL, -1 } | ||
763 | }; | ||
757 | static const struct multistate multistate_yesnoaskconfirm[] = { | 764 | static const struct multistate multistate_yesnoaskconfirm[] = { |
758 | { "true", 1 }, | 765 | { "true", 1 }, |
759 | { "false", 0 }, | 766 | { "false", 0 }, |
@@ -829,7 +836,9 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, | |||
829 | char **cpptr, fwdarg[256]; | 836 | char **cpptr, fwdarg[256]; |
830 | u_int i, *uintptr, max_entries = 0; | 837 | u_int i, *uintptr, max_entries = 0; |
831 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; | 838 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; |
839 | int remotefwd, dynamicfwd; | ||
832 | LogLevel *log_level_ptr; | 840 | LogLevel *log_level_ptr; |
841 | SyslogFacility *log_facility_ptr; | ||
833 | long long val64; | 842 | long long val64; |
834 | size_t len; | 843 | size_t len; |
835 | struct Forward fwd; | 844 | struct Forward fwd; |
@@ -870,6 +879,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, | |||
870 | case oBadOption: | 879 | case oBadOption: |
871 | /* don't panic, but count bad options */ | 880 | /* don't panic, but count bad options */ |
872 | return -1; | 881 | return -1; |
882 | case oIgnore: | ||
883 | return 0; | ||
873 | case oIgnoredUnknownOption: | 884 | case oIgnoredUnknownOption: |
874 | debug("%s line %d: Ignored unknown option \"%s\"", | 885 | debug("%s line %d: Ignored unknown option \"%s\"", |
875 | filename, linenum, keyword); | 886 | filename, linenum, keyword); |
@@ -953,14 +964,6 @@ parse_time: | |||
953 | intptr = &options->pubkey_authentication; | 964 | intptr = &options->pubkey_authentication; |
954 | goto parse_flag; | 965 | goto parse_flag; |
955 | 966 | ||
956 | case oRSAAuthentication: | ||
957 | intptr = &options->rsa_authentication; | ||
958 | goto parse_flag; | ||
959 | |||
960 | case oRhostsRSAAuthentication: | ||
961 | intptr = &options->rhosts_rsa_authentication; | ||
962 | goto parse_flag; | ||
963 | |||
964 | case oHostbasedAuthentication: | 967 | case oHostbasedAuthentication: |
965 | intptr = &options->hostbased_authentication; | 968 | intptr = &options->hostbased_authentication; |
966 | goto parse_flag; | 969 | goto parse_flag; |
@@ -992,7 +995,7 @@ parse_time: | |||
992 | 995 | ||
993 | case oStrictHostKeyChecking: | 996 | case oStrictHostKeyChecking: |
994 | intptr = &options->strict_host_key_checking; | 997 | intptr = &options->strict_host_key_checking; |
995 | multistate_ptr = multistate_yesnoask; | 998 | multistate_ptr = multistate_strict_hostkey; |
996 | goto parse_multistate; | 999 | goto parse_multistate; |
997 | 1000 | ||
998 | case oCompression: | 1001 | case oCompression: |
@@ -1011,10 +1014,6 @@ parse_time: | |||
1011 | intptr = &options->number_of_password_prompts; | 1014 | intptr = &options->number_of_password_prompts; |
1012 | goto parse_int; | 1015 | goto parse_int; |
1013 | 1016 | ||
1014 | case oCompressionLevel: | ||
1015 | intptr = &options->compression_level; | ||
1016 | goto parse_int; | ||
1017 | |||
1018 | case oRekeyLimit: | 1017 | case oRekeyLimit: |
1019 | arg = strdelim(&s); | 1018 | arg = strdelim(&s); |
1020 | if (!arg || *arg == '\0') | 1019 | if (!arg || *arg == '\0') |
@@ -1177,19 +1176,6 @@ parse_int: | |||
1177 | intptr = &options->connection_attempts; | 1176 | intptr = &options->connection_attempts; |
1178 | goto parse_int; | 1177 | goto parse_int; |
1179 | 1178 | ||
1180 | case oCipher: | ||
1181 | intptr = &options->cipher; | ||
1182 | arg = strdelim(&s); | ||
1183 | if (!arg || *arg == '\0') | ||
1184 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
1185 | value = cipher_number(arg); | ||
1186 | if (value == -1) | ||
1187 | fatal("%.200s line %d: Bad cipher '%s'.", | ||
1188 | filename, linenum, arg ? arg : "<NONE>"); | ||
1189 | if (*activep && *intptr == -1) | ||
1190 | *intptr = value; | ||
1191 | break; | ||
1192 | |||
1193 | case oCiphers: | 1179 | case oCiphers: |
1194 | arg = strdelim(&s); | 1180 | arg = strdelim(&s); |
1195 | if (!arg || *arg == '\0') | 1181 | if (!arg || *arg == '\0') |
@@ -1240,19 +1226,6 @@ parse_keytypes: | |||
1240 | *charptr = xstrdup(arg); | 1226 | *charptr = xstrdup(arg); |
1241 | break; | 1227 | break; |
1242 | 1228 | ||
1243 | case oProtocol: | ||
1244 | intptr = &options->protocol; | ||
1245 | arg = strdelim(&s); | ||
1246 | if (!arg || *arg == '\0') | ||
1247 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
1248 | value = proto_spec(arg); | ||
1249 | if (value == SSH_PROTO_UNKNOWN) | ||
1250 | fatal("%.200s line %d: Bad protocol spec '%s'.", | ||
1251 | filename, linenum, arg ? arg : "<NONE>"); | ||
1252 | if (*activep && *intptr == SSH_PROTO_UNKNOWN) | ||
1253 | *intptr = value; | ||
1254 | break; | ||
1255 | |||
1256 | case oLogLevel: | 1229 | case oLogLevel: |
1257 | log_level_ptr = &options->log_level; | 1230 | log_level_ptr = &options->log_level; |
1258 | arg = strdelim(&s); | 1231 | arg = strdelim(&s); |
@@ -1264,6 +1237,17 @@ parse_keytypes: | |||
1264 | *log_level_ptr = (LogLevel) value; | 1237 | *log_level_ptr = (LogLevel) value; |
1265 | break; | 1238 | break; |
1266 | 1239 | ||
1240 | case oLogFacility: | ||
1241 | log_facility_ptr = &options->log_facility; | ||
1242 | arg = strdelim(&s); | ||
1243 | value = log_facility_number(arg); | ||
1244 | if (value == SYSLOG_FACILITY_NOT_SET) | ||
1245 | fatal("%.200s line %d: unsupported log facility '%s'", | ||
1246 | filename, linenum, arg ? arg : "<NONE>"); | ||
1247 | if (*log_facility_ptr == -1) | ||
1248 | *log_facility_ptr = (SyslogFacility) value; | ||
1249 | break; | ||
1250 | |||
1267 | case oLocalForward: | 1251 | case oLocalForward: |
1268 | case oRemoteForward: | 1252 | case oRemoteForward: |
1269 | case oDynamicForward: | 1253 | case oDynamicForward: |
@@ -1272,31 +1256,36 @@ parse_keytypes: | |||
1272 | fatal("%.200s line %d: Missing port argument.", | 1256 | fatal("%.200s line %d: Missing port argument.", |
1273 | filename, linenum); | 1257 | filename, linenum); |
1274 | 1258 | ||
1275 | if (opcode == oLocalForward || | 1259 | remotefwd = (opcode == oRemoteForward); |
1276 | opcode == oRemoteForward) { | 1260 | dynamicfwd = (opcode == oDynamicForward); |
1277 | arg2 = strdelim(&s); | ||
1278 | if (arg2 == NULL || *arg2 == '\0') | ||
1279 | fatal("%.200s line %d: Missing target argument.", | ||
1280 | filename, linenum); | ||
1281 | 1261 | ||
1282 | /* construct a string for parse_forward */ | 1262 | if (!dynamicfwd) { |
1283 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); | 1263 | arg2 = strdelim(&s); |
1284 | } else if (opcode == oDynamicForward) { | 1264 | if (arg2 == NULL || *arg2 == '\0') { |
1285 | strlcpy(fwdarg, arg, sizeof(fwdarg)); | 1265 | if (remotefwd) |
1266 | dynamicfwd = 1; | ||
1267 | else | ||
1268 | fatal("%.200s line %d: Missing target " | ||
1269 | "argument.", filename, linenum); | ||
1270 | } else { | ||
1271 | /* construct a string for parse_forward */ | ||
1272 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, | ||
1273 | arg2); | ||
1274 | } | ||
1286 | } | 1275 | } |
1276 | if (dynamicfwd) | ||
1277 | strlcpy(fwdarg, arg, sizeof(fwdarg)); | ||
1287 | 1278 | ||
1288 | if (parse_forward(&fwd, fwdarg, | 1279 | if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) |
1289 | opcode == oDynamicForward ? 1 : 0, | ||
1290 | opcode == oRemoteForward ? 1 : 0) == 0) | ||
1291 | fatal("%.200s line %d: Bad forwarding specification.", | 1280 | fatal("%.200s line %d: Bad forwarding specification.", |
1292 | filename, linenum); | 1281 | filename, linenum); |
1293 | 1282 | ||
1294 | if (*activep) { | 1283 | if (*activep) { |
1295 | if (opcode == oLocalForward || | 1284 | if (remotefwd) { |
1296 | opcode == oDynamicForward) | ||
1297 | add_local_forward(options, &fwd); | ||
1298 | else if (opcode == oRemoteForward) | ||
1299 | add_remote_forward(options, &fwd); | 1285 | add_remote_forward(options, &fwd); |
1286 | } else { | ||
1287 | add_local_forward(options, &fwd); | ||
1288 | } | ||
1300 | } | 1289 | } |
1301 | break; | 1290 | break; |
1302 | 1291 | ||
@@ -1469,6 +1458,10 @@ parse_keytypes: | |||
1469 | intptr = &options->permit_local_command; | 1458 | intptr = &options->permit_local_command; |
1470 | goto parse_flag; | 1459 | goto parse_flag; |
1471 | 1460 | ||
1461 | case oRemoteCommand: | ||
1462 | charptr = &options->remote_command; | ||
1463 | goto parse_command; | ||
1464 | |||
1472 | case oVisualHostKey: | 1465 | case oVisualHostKey: |
1473 | intptr = &options->visual_host_key; | 1466 | intptr = &options->visual_host_key; |
1474 | goto parse_flag; | 1467 | goto parse_flag; |
@@ -1794,7 +1787,6 @@ initialize_options(Options * options) | |||
1794 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; | 1787 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
1795 | options->fwd_opts.streamlocal_bind_unlink = -1; | 1788 | options->fwd_opts.streamlocal_bind_unlink = -1; |
1796 | options->use_privileged_port = -1; | 1789 | options->use_privileged_port = -1; |
1797 | options->rsa_authentication = -1; | ||
1798 | options->pubkey_authentication = -1; | 1790 | options->pubkey_authentication = -1; |
1799 | options->challenge_response_authentication = -1; | 1791 | options->challenge_response_authentication = -1; |
1800 | options->gss_authentication = -1; | 1792 | options->gss_authentication = -1; |
@@ -1802,25 +1794,21 @@ initialize_options(Options * options) | |||
1802 | options->password_authentication = -1; | 1794 | options->password_authentication = -1; |
1803 | options->kbd_interactive_authentication = -1; | 1795 | options->kbd_interactive_authentication = -1; |
1804 | options->kbd_interactive_devices = NULL; | 1796 | options->kbd_interactive_devices = NULL; |
1805 | options->rhosts_rsa_authentication = -1; | ||
1806 | options->hostbased_authentication = -1; | 1797 | options->hostbased_authentication = -1; |
1807 | options->batch_mode = -1; | 1798 | options->batch_mode = -1; |
1808 | options->check_host_ip = -1; | 1799 | options->check_host_ip = -1; |
1809 | options->strict_host_key_checking = -1; | 1800 | options->strict_host_key_checking = -1; |
1810 | options->compression = -1; | 1801 | options->compression = -1; |
1811 | options->tcp_keep_alive = -1; | 1802 | options->tcp_keep_alive = -1; |
1812 | options->compression_level = -1; | ||
1813 | options->port = -1; | 1803 | options->port = -1; |
1814 | options->address_family = -1; | 1804 | options->address_family = -1; |
1815 | options->connection_attempts = -1; | 1805 | options->connection_attempts = -1; |
1816 | options->connection_timeout = -1; | 1806 | options->connection_timeout = -1; |
1817 | options->number_of_password_prompts = -1; | 1807 | options->number_of_password_prompts = -1; |
1818 | options->cipher = -1; | ||
1819 | options->ciphers = NULL; | 1808 | options->ciphers = NULL; |
1820 | options->macs = NULL; | 1809 | options->macs = NULL; |
1821 | options->kex_algorithms = NULL; | 1810 | options->kex_algorithms = NULL; |
1822 | options->hostkeyalgorithms = NULL; | 1811 | options->hostkeyalgorithms = NULL; |
1823 | options->protocol = SSH_PROTO_UNKNOWN; | ||
1824 | options->num_identity_files = 0; | 1812 | options->num_identity_files = 0; |
1825 | options->num_certificate_files = 0; | 1813 | options->num_certificate_files = 0; |
1826 | options->hostname = NULL; | 1814 | options->hostname = NULL; |
@@ -1838,6 +1826,7 @@ initialize_options(Options * options) | |||
1838 | options->num_local_forwards = 0; | 1826 | options->num_local_forwards = 0; |
1839 | options->remote_forwards = NULL; | 1827 | options->remote_forwards = NULL; |
1840 | options->num_remote_forwards = 0; | 1828 | options->num_remote_forwards = 0; |
1829 | options->log_facility = SYSLOG_FACILITY_NOT_SET; | ||
1841 | options->log_level = SYSLOG_LEVEL_NOT_SET; | 1830 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
1842 | options->preferred_authentications = NULL; | 1831 | options->preferred_authentications = NULL; |
1843 | options->bind_address = NULL; | 1832 | options->bind_address = NULL; |
@@ -1861,6 +1850,7 @@ initialize_options(Options * options) | |||
1861 | options->tun_remote = -1; | 1850 | options->tun_remote = -1; |
1862 | options->local_command = NULL; | 1851 | options->local_command = NULL; |
1863 | options->permit_local_command = -1; | 1852 | options->permit_local_command = -1; |
1853 | options->remote_command = NULL; | ||
1864 | options->add_keys_to_agent = -1; | 1854 | options->add_keys_to_agent = -1; |
1865 | options->identity_agent = NULL; | 1855 | options->identity_agent = NULL; |
1866 | options->visual_host_key = -1; | 1856 | options->visual_host_key = -1; |
@@ -1934,8 +1924,6 @@ fill_default_options(Options * options) | |||
1934 | options->fwd_opts.streamlocal_bind_unlink = 0; | 1924 | options->fwd_opts.streamlocal_bind_unlink = 0; |
1935 | if (options->use_privileged_port == -1) | 1925 | if (options->use_privileged_port == -1) |
1936 | options->use_privileged_port = 0; | 1926 | options->use_privileged_port = 0; |
1937 | if (options->rsa_authentication == -1) | ||
1938 | options->rsa_authentication = 1; | ||
1939 | if (options->pubkey_authentication == -1) | 1927 | if (options->pubkey_authentication == -1) |
1940 | options->pubkey_authentication = 1; | 1928 | options->pubkey_authentication = 1; |
1941 | if (options->challenge_response_authentication == -1) | 1929 | if (options->challenge_response_authentication == -1) |
@@ -1948,8 +1936,6 @@ fill_default_options(Options * options) | |||
1948 | options->password_authentication = 1; | 1936 | options->password_authentication = 1; |
1949 | if (options->kbd_interactive_authentication == -1) | 1937 | if (options->kbd_interactive_authentication == -1) |
1950 | options->kbd_interactive_authentication = 1; | 1938 | options->kbd_interactive_authentication = 1; |
1951 | if (options->rhosts_rsa_authentication == -1) | ||
1952 | options->rhosts_rsa_authentication = 0; | ||
1953 | if (options->hostbased_authentication == -1) | 1939 | if (options->hostbased_authentication == -1) |
1954 | options->hostbased_authentication = 0; | 1940 | options->hostbased_authentication = 0; |
1955 | if (options->batch_mode == -1) | 1941 | if (options->batch_mode == -1) |
@@ -1957,13 +1943,11 @@ fill_default_options(Options * options) | |||
1957 | if (options->check_host_ip == -1) | 1943 | if (options->check_host_ip == -1) |
1958 | options->check_host_ip = 1; | 1944 | options->check_host_ip = 1; |
1959 | if (options->strict_host_key_checking == -1) | 1945 | if (options->strict_host_key_checking == -1) |
1960 | options->strict_host_key_checking = 2; /* 2 is default */ | 1946 | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; |
1961 | if (options->compression == -1) | 1947 | if (options->compression == -1) |
1962 | options->compression = 0; | 1948 | options->compression = 0; |
1963 | if (options->tcp_keep_alive == -1) | 1949 | if (options->tcp_keep_alive == -1) |
1964 | options->tcp_keep_alive = 1; | 1950 | options->tcp_keep_alive = 1; |
1965 | if (options->compression_level == -1) | ||
1966 | options->compression_level = 6; | ||
1967 | if (options->port == -1) | 1951 | if (options->port == -1) |
1968 | options->port = 0; /* Filled in ssh_connect. */ | 1952 | options->port = 0; /* Filled in ssh_connect. */ |
1969 | if (options->address_family == -1) | 1953 | if (options->address_family == -1) |
@@ -1972,31 +1956,17 @@ fill_default_options(Options * options) | |||
1972 | options->connection_attempts = 1; | 1956 | options->connection_attempts = 1; |
1973 | if (options->number_of_password_prompts == -1) | 1957 | if (options->number_of_password_prompts == -1) |
1974 | options->number_of_password_prompts = 3; | 1958 | options->number_of_password_prompts = 3; |
1975 | /* Selected in ssh_login(). */ | ||
1976 | if (options->cipher == -1) | ||
1977 | options->cipher = SSH_CIPHER_NOT_SET; | ||
1978 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1959 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
1979 | if (options->protocol == SSH_PROTO_UNKNOWN) | ||
1980 | options->protocol = SSH_PROTO_2; | ||
1981 | if (options->add_keys_to_agent == -1) | 1960 | if (options->add_keys_to_agent == -1) |
1982 | options->add_keys_to_agent = 0; | 1961 | options->add_keys_to_agent = 0; |
1983 | if (options->num_identity_files == 0) { | 1962 | if (options->num_identity_files == 0) { |
1984 | if (options->protocol & SSH_PROTO_1) { | 1963 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0); |
1985 | add_identity_file(options, "~/", | 1964 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); |
1986 | _PATH_SSH_CLIENT_IDENTITY, 0); | ||
1987 | } | ||
1988 | if (options->protocol & SSH_PROTO_2) { | ||
1989 | add_identity_file(options, "~/", | ||
1990 | _PATH_SSH_CLIENT_ID_RSA, 0); | ||
1991 | add_identity_file(options, "~/", | ||
1992 | _PATH_SSH_CLIENT_ID_DSA, 0); | ||
1993 | #ifdef OPENSSL_HAS_ECC | 1965 | #ifdef OPENSSL_HAS_ECC |
1994 | add_identity_file(options, "~/", | 1966 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0); |
1995 | _PATH_SSH_CLIENT_ID_ECDSA, 0); | ||
1996 | #endif | 1967 | #endif |
1997 | add_identity_file(options, "~/", | 1968 | add_identity_file(options, "~/", |
1998 | _PATH_SSH_CLIENT_ID_ED25519, 0); | 1969 | _PATH_SSH_CLIENT_ID_ED25519, 0); |
1999 | } | ||
2000 | } | 1970 | } |
2001 | if (options->escape_char == -1) | 1971 | if (options->escape_char == -1) |
2002 | options->escape_char = '~'; | 1972 | options->escape_char = '~'; |
@@ -2014,6 +1984,8 @@ fill_default_options(Options * options) | |||
2014 | } | 1984 | } |
2015 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) | 1985 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
2016 | options->log_level = SYSLOG_LEVEL_INFO; | 1986 | options->log_level = SYSLOG_LEVEL_INFO; |
1987 | if (options->log_facility == SYSLOG_FACILITY_NOT_SET) | ||
1988 | options->log_facility = SYSLOG_FACILITY_USER; | ||
2017 | if (options->no_host_authentication_for_localhost == - 1) | 1989 | if (options->no_host_authentication_for_localhost == - 1) |
2018 | options->no_host_authentication_for_localhost = 0; | 1990 | options->no_host_authentication_for_localhost = 0; |
2019 | if (options->identities_only == -1) | 1991 | if (options->identities_only == -1) |
@@ -2083,6 +2055,7 @@ fill_default_options(Options * options) | |||
2083 | } \ | 2055 | } \ |
2084 | } while(0) | 2056 | } while(0) |
2085 | CLEAR_ON_NONE(options->local_command); | 2057 | CLEAR_ON_NONE(options->local_command); |
2058 | CLEAR_ON_NONE(options->remote_command); | ||
2086 | CLEAR_ON_NONE(options->proxy_command); | 2059 | CLEAR_ON_NONE(options->proxy_command); |
2087 | CLEAR_ON_NONE(options->control_path); | 2060 | CLEAR_ON_NONE(options->control_path); |
2088 | CLEAR_ON_NONE(options->revoked_host_keys); | 2061 | CLEAR_ON_NONE(options->revoked_host_keys); |
@@ -2372,9 +2345,10 @@ fmt_intarg(OpCodes code, int val) | |||
2372 | case oAddressFamily: | 2345 | case oAddressFamily: |
2373 | return fmt_multistate_int(val, multistate_addressfamily); | 2346 | return fmt_multistate_int(val, multistate_addressfamily); |
2374 | case oVerifyHostKeyDNS: | 2347 | case oVerifyHostKeyDNS: |
2375 | case oStrictHostKeyChecking: | ||
2376 | case oUpdateHostkeys: | 2348 | case oUpdateHostkeys: |
2377 | return fmt_multistate_int(val, multistate_yesnoask); | 2349 | return fmt_multistate_int(val, multistate_yesnoask); |
2350 | case oStrictHostKeyChecking: | ||
2351 | return fmt_multistate_int(val, multistate_strict_hostkey); | ||
2378 | case oControlMaster: | 2352 | case oControlMaster: |
2379 | return fmt_multistate_int(val, multistate_controlmaster); | 2353 | return fmt_multistate_int(val, multistate_controlmaster); |
2380 | case oTunnel: | 2354 | case oTunnel: |
@@ -2385,17 +2359,6 @@ fmt_intarg(OpCodes code, int val) | |||
2385 | return fmt_multistate_int(val, multistate_canonicalizehostname); | 2359 | return fmt_multistate_int(val, multistate_canonicalizehostname); |
2386 | case oFingerprintHash: | 2360 | case oFingerprintHash: |
2387 | return ssh_digest_alg_name(val); | 2361 | return ssh_digest_alg_name(val); |
2388 | case oProtocol: | ||
2389 | switch (val) { | ||
2390 | case SSH_PROTO_1: | ||
2391 | return "1"; | ||
2392 | case SSH_PROTO_2: | ||
2393 | return "2"; | ||
2394 | case (SSH_PROTO_1|SSH_PROTO_2): | ||
2395 | return "2,1"; | ||
2396 | default: | ||
2397 | return "UNKNOWN"; | ||
2398 | } | ||
2399 | default: | 2362 | default: |
2400 | switch (val) { | 2363 | switch (val) { |
2401 | case 0: | 2364 | case 0: |
@@ -2540,14 +2503,9 @@ dump_client_config(Options *o, const char *host) | |||
2540 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); | 2503 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); |
2541 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); | 2504 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); |
2542 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); | 2505 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); |
2543 | dump_cfg_fmtint(oProtocol, o->protocol); | ||
2544 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); | 2506 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); |
2545 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); | 2507 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); |
2546 | dump_cfg_fmtint(oRequestTTY, o->request_tty); | 2508 | dump_cfg_fmtint(oRequestTTY, o->request_tty); |
2547 | #ifdef WITH_RSA1 | ||
2548 | dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); | ||
2549 | dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); | ||
2550 | #endif | ||
2551 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2509 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
2552 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); | 2510 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); |
2553 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); | 2511 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); |
@@ -2559,9 +2517,6 @@ dump_client_config(Options *o, const char *host) | |||
2559 | 2517 | ||
2560 | /* Integer options */ | 2518 | /* Integer options */ |
2561 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); | 2519 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); |
2562 | #ifdef WITH_SSH1 | ||
2563 | dump_cfg_int(oCompressionLevel, o->compression_level); | ||
2564 | #endif | ||
2565 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); | 2520 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); |
2566 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); | 2521 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); |
2567 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); | 2522 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); |
@@ -2579,6 +2534,7 @@ dump_client_config(Options *o, const char *host) | |||
2579 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); | 2534 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
2580 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); | 2535 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); |
2581 | dump_cfg_string(oLocalCommand, o->local_command); | 2536 | dump_cfg_string(oLocalCommand, o->local_command); |
2537 | dump_cfg_string(oRemoteCommand, o->remote_command); | ||
2582 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); | 2538 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
2583 | dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); | 2539 | dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); |
2584 | #ifdef ENABLE_PKCS11 | 2540 | #ifdef ENABLE_PKCS11 |
@@ -2631,10 +2587,6 @@ dump_client_config(Options *o, const char *host) | |||
2631 | printf("\n"); | 2587 | printf("\n"); |
2632 | } | 2588 | } |
2633 | 2589 | ||
2634 | /* oCipher */ | ||
2635 | if (o->cipher != SSH_CIPHER_NOT_SET) | ||
2636 | printf("Cipher %s\n", cipher_name(o->cipher)); | ||
2637 | |||
2638 | /* oControlPersist */ | 2590 | /* oControlPersist */ |
2639 | if (o->control_persist == 0 || o->control_persist_timeout == 0) | 2591 | if (o->control_persist == 0 || o->control_persist_timeout == 0) |
2640 | dump_cfg_fmtint(oControlPersist, o->control_persist); | 2592 | dump_cfg_fmtint(oControlPersist, o->control_persist); |