diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 182 |
1 files changed, 116 insertions, 66 deletions
diff --git a/readconf.c b/readconf.c index 899ff3f0e..0a1788ba0 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); | |||
57 | Host fascist.blob.com | 57 | Host fascist.blob.com |
58 | Port 23123 | 58 | Port 23123 |
59 | User tylonen | 59 | User tylonen |
60 | RhostsAuthentication no | ||
61 | PasswordAuthentication no | 60 | PasswordAuthentication no |
62 | 61 | ||
63 | Host puukko.hut.fi | 62 | Host puukko.hut.fi |
@@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); | |||
75 | Host * | 74 | Host * |
76 | ForwardAgent no | 75 | ForwardAgent no |
77 | ForwardX11 no | 76 | ForwardX11 no |
78 | RhostsAuthentication yes | ||
79 | PasswordAuthentication yes | 77 | PasswordAuthentication yes |
80 | RSAAuthentication yes | 78 | RSAAuthentication yes |
81 | RhostsRSAAuthentication yes | 79 | RhostsRSAAuthentication yes |
@@ -93,18 +91,9 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); | |||
93 | 91 | ||
94 | typedef enum { | 92 | typedef enum { |
95 | oBadOption, | 93 | oBadOption, |
96 | oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, | 94 | oForwardAgent, oForwardX11, oGatewayPorts, |
97 | oPasswordAuthentication, oRSAAuthentication, | 95 | oPasswordAuthentication, oRSAAuthentication, |
98 | oChallengeResponseAuthentication, oXAuthLocation, | 96 | oChallengeResponseAuthentication, oXAuthLocation, |
99 | #if defined(KRB4) || defined(KRB5) | ||
100 | oKerberosAuthentication, | ||
101 | #endif | ||
102 | #if defined(AFS) || defined(KRB5) | ||
103 | oKerberosTgtPassing, | ||
104 | #endif | ||
105 | #ifdef AFS | ||
106 | oAFSTokenPassing, | ||
107 | #endif | ||
108 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 97 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
109 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | 98 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
110 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 99 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
@@ -116,9 +105,10 @@ typedef enum { | |||
116 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 105 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
117 | oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, | 106 | oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, |
118 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 107 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
119 | oEnableSSHKeysign, | 108 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
109 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | ||
120 | oProtocolKeepAlives, oSetupTimeOut, | 110 | oProtocolKeepAlives, oSetupTimeOut, |
121 | oDeprecated | 111 | oDeprecated, oUnsupported |
122 | } OpCodes; | 112 | } OpCodes; |
123 | 113 | ||
124 | /* Textual representations of the tokens. */ | 114 | /* Textual representations of the tokens. */ |
@@ -132,7 +122,7 @@ static struct { | |||
132 | { "xauthlocation", oXAuthLocation }, | 122 | { "xauthlocation", oXAuthLocation }, |
133 | { "gatewayports", oGatewayPorts }, | 123 | { "gatewayports", oGatewayPorts }, |
134 | { "useprivilegedport", oUsePrivilegedPort }, | 124 | { "useprivilegedport", oUsePrivilegedPort }, |
135 | { "rhostsauthentication", oRhostsAuthentication }, | 125 | { "rhostsauthentication", oDeprecated }, |
136 | { "passwordauthentication", oPasswordAuthentication }, | 126 | { "passwordauthentication", oPasswordAuthentication }, |
137 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 127 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
138 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 128 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
@@ -144,14 +134,15 @@ static struct { | |||
144 | { "challengeresponseauthentication", oChallengeResponseAuthentication }, | 134 | { "challengeresponseauthentication", oChallengeResponseAuthentication }, |
145 | { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ | 135 | { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ |
146 | { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ | 136 | { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ |
147 | #if defined(KRB4) || defined(KRB5) | 137 | { "kerberosauthentication", oUnsupported }, |
148 | { "kerberosauthentication", oKerberosAuthentication }, | 138 | { "kerberostgtpassing", oUnsupported }, |
149 | #endif | 139 | { "afstokenpassing", oUnsupported }, |
150 | #if defined(AFS) || defined(KRB5) | 140 | #if defined(GSSAPI) |
151 | { "kerberostgtpassing", oKerberosTgtPassing }, | 141 | { "gssapiauthentication", oGssAuthentication }, |
152 | #endif | 142 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
153 | #ifdef AFS | 143 | #else |
154 | { "afstokenpassing", oAFSTokenPassing }, | 144 | { "gssapiauthentication", oUnsupported }, |
145 | { "gssapidelegatecredentials", oUnsupported }, | ||
155 | #endif | 146 | #endif |
156 | { "fallbacktorsh", oDeprecated }, | 147 | { "fallbacktorsh", oDeprecated }, |
157 | { "usersh", oDeprecated }, | 148 | { "usersh", oDeprecated }, |
@@ -187,10 +178,22 @@ static struct { | |||
187 | { "preferredauthentications", oPreferredAuthentications }, | 178 | { "preferredauthentications", oPreferredAuthentications }, |
188 | { "hostkeyalgorithms", oHostKeyAlgorithms }, | 179 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
189 | { "bindaddress", oBindAddress }, | 180 | { "bindaddress", oBindAddress }, |
181 | #ifdef SMARTCARD | ||
190 | { "smartcarddevice", oSmartcardDevice }, | 182 | { "smartcarddevice", oSmartcardDevice }, |
183 | #else | ||
184 | { "smartcarddevice", oUnsupported }, | ||
185 | #endif | ||
191 | { "clearallforwardings", oClearAllForwardings }, | 186 | { "clearallforwardings", oClearAllForwardings }, |
192 | { "enablesshkeysign", oEnableSSHKeysign }, | 187 | { "enablesshkeysign", oEnableSSHKeysign }, |
188 | #ifdef DNS | ||
189 | { "verifyhostkeydns", oVerifyHostKeyDNS }, | ||
190 | #else | ||
191 | { "verifyhostkeydns", oUnsupported }, | ||
192 | #endif | ||
193 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, | 193 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
194 | { "rekeylimit", oRekeyLimit }, | ||
195 | { "connecttimeout", oConnectTimeout }, | ||
196 | { "addressfamily", oAddressFamily }, | ||
194 | { "protocolkeepalives", oProtocolKeepAlives }, | 197 | { "protocolkeepalives", oProtocolKeepAlives }, |
195 | { "setuptimeout", oSetupTimeOut }, | 198 | { "setuptimeout", oSetupTimeOut }, |
196 | { NULL, oBadOption } | 199 | { NULL, oBadOption } |
@@ -309,6 +312,20 @@ process_config_line(Options *options, const char *host, | |||
309 | /* don't panic, but count bad options */ | 312 | /* don't panic, but count bad options */ |
310 | return -1; | 313 | return -1; |
311 | /* NOTREACHED */ | 314 | /* NOTREACHED */ |
315 | case oConnectTimeout: | ||
316 | intptr = &options->connection_timeout; | ||
317 | /* parse_time: */ | ||
318 | arg = strdelim(&s); | ||
319 | if (!arg || *arg == '\0') | ||
320 | fatal("%s line %d: missing time value.", | ||
321 | filename, linenum); | ||
322 | if ((value = convtime(arg)) == -1) | ||
323 | fatal("%s line %d: invalid time value.", | ||
324 | filename, linenum); | ||
325 | if (*intptr == -1) | ||
326 | *intptr = value; | ||
327 | break; | ||
328 | |||
312 | case oForwardAgent: | 329 | case oForwardAgent: |
313 | intptr = &options->forward_agent; | 330 | intptr = &options->forward_agent; |
314 | parse_flag: | 331 | parse_flag: |
@@ -338,10 +355,6 @@ parse_flag: | |||
338 | intptr = &options->use_privileged_port; | 355 | intptr = &options->use_privileged_port; |
339 | goto parse_flag; | 356 | goto parse_flag; |
340 | 357 | ||
341 | case oRhostsAuthentication: | ||
342 | intptr = &options->rhosts_authentication; | ||
343 | goto parse_flag; | ||
344 | |||
345 | case oPasswordAuthentication: | 358 | case oPasswordAuthentication: |
346 | intptr = &options->password_authentication; | 359 | intptr = &options->password_authentication; |
347 | goto parse_flag; | 360 | goto parse_flag; |
@@ -373,21 +386,15 @@ parse_flag: | |||
373 | case oChallengeResponseAuthentication: | 386 | case oChallengeResponseAuthentication: |
374 | intptr = &options->challenge_response_authentication; | 387 | intptr = &options->challenge_response_authentication; |
375 | goto parse_flag; | 388 | goto parse_flag; |
376 | #if defined(KRB4) || defined(KRB5) | 389 | |
377 | case oKerberosAuthentication: | 390 | case oGssAuthentication: |
378 | intptr = &options->kerberos_authentication; | 391 | intptr = &options->gss_authentication; |
379 | goto parse_flag; | ||
380 | #endif | ||
381 | #if defined(AFS) || defined(KRB5) | ||
382 | case oKerberosTgtPassing: | ||
383 | intptr = &options->kerberos_tgt_passing; | ||
384 | goto parse_flag; | 392 | goto parse_flag; |
385 | #endif | 393 | |
386 | #ifdef AFS | 394 | case oGssDelegateCreds: |
387 | case oAFSTokenPassing: | 395 | intptr = &options->gss_deleg_creds; |
388 | intptr = &options->afs_token_passing; | ||
389 | goto parse_flag; | 396 | goto parse_flag; |
390 | #endif | 397 | |
391 | case oBatchMode: | 398 | case oBatchMode: |
392 | intptr = &options->batch_mode; | 399 | intptr = &options->batch_mode; |
393 | goto parse_flag; | 400 | goto parse_flag; |
@@ -396,6 +403,10 @@ parse_flag: | |||
396 | intptr = &options->check_host_ip; | 403 | intptr = &options->check_host_ip; |
397 | goto parse_flag; | 404 | goto parse_flag; |
398 | 405 | ||
406 | case oVerifyHostKeyDNS: | ||
407 | intptr = &options->verify_host_key_dns; | ||
408 | goto parse_flag; | ||
409 | |||
399 | case oStrictHostKeyChecking: | 410 | case oStrictHostKeyChecking: |
400 | intptr = &options->strict_host_key_checking; | 411 | intptr = &options->strict_host_key_checking; |
401 | arg = strdelim(&s); | 412 | arg = strdelim(&s); |
@@ -443,6 +454,31 @@ parse_flag: | |||
443 | intptr = &options->compression_level; | 454 | intptr = &options->compression_level; |
444 | goto parse_int; | 455 | goto parse_int; |
445 | 456 | ||
457 | case oRekeyLimit: | ||
458 | intptr = &options->rekey_limit; | ||
459 | arg = strdelim(&s); | ||
460 | if (!arg || *arg == '\0') | ||
461 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
462 | if (arg[0] < '0' || arg[0] > '9') | ||
463 | fatal("%.200s line %d: Bad number.", filename, linenum); | ||
464 | value = strtol(arg, &endofnumber, 10); | ||
465 | if (arg == endofnumber) | ||
466 | fatal("%.200s line %d: Bad number.", filename, linenum); | ||
467 | switch (toupper(*endofnumber)) { | ||
468 | case 'K': | ||
469 | value *= 1<<10; | ||
470 | break; | ||
471 | case 'M': | ||
472 | value *= 1<<20; | ||
473 | break; | ||
474 | case 'G': | ||
475 | value *= 1<<30; | ||
476 | break; | ||
477 | } | ||
478 | if (*activep && *intptr == -1) | ||
479 | *intptr = value; | ||
480 | break; | ||
481 | |||
446 | case oIdentityFile: | 482 | case oIdentityFile: |
447 | arg = strdelim(&s); | 483 | arg = strdelim(&s); |
448 | if (!arg || *arg == '\0') | 484 | if (!arg || *arg == '\0') |
@@ -509,6 +545,8 @@ parse_string: | |||
509 | goto parse_string; | 545 | goto parse_string; |
510 | 546 | ||
511 | case oProxyCommand: | 547 | case oProxyCommand: |
548 | if (s == NULL) | ||
549 | fatal("%.200s line %d: Missing argument.", filename, linenum); | ||
512 | charptr = &options->proxy_command; | 550 | charptr = &options->proxy_command; |
513 | len = strspn(s, WHITESPACE "="); | 551 | len = strspn(s, WHITESPACE "="); |
514 | if (*activep && *charptr == NULL) | 552 | if (*activep && *charptr == NULL) |
@@ -646,7 +684,7 @@ parse_int: | |||
646 | fatal("%.200s line %d: Badly formatted port number.", | 684 | fatal("%.200s line %d: Badly formatted port number.", |
647 | filename, linenum); | 685 | filename, linenum); |
648 | if (*activep) | 686 | if (*activep) |
649 | add_local_forward(options, fwd_port, "socks4", 0); | 687 | add_local_forward(options, fwd_port, "socks", 0); |
650 | break; | 688 | break; |
651 | 689 | ||
652 | case oClearAllForwardings: | 690 | case oClearAllForwardings: |
@@ -686,6 +724,21 @@ parse_int: | |||
686 | *intptr = value; | 724 | *intptr = value; |
687 | break; | 725 | break; |
688 | 726 | ||
727 | case oAddressFamily: | ||
728 | arg = strdelim(&s); | ||
729 | intptr = &options->address_family; | ||
730 | if (strcasecmp(arg, "inet") == 0) | ||
731 | value = AF_INET; | ||
732 | else if (strcasecmp(arg, "inet6") == 0) | ||
733 | value = AF_INET6; | ||
734 | else if (strcasecmp(arg, "any") == 0) | ||
735 | value = AF_UNSPEC; | ||
736 | else | ||
737 | fatal("Unsupported AddressFamily \"%s\"", arg); | ||
738 | if (*activep && *intptr == -1) | ||
739 | *intptr = value; | ||
740 | break; | ||
741 | |||
689 | case oEnableSSHKeysign: | 742 | case oEnableSSHKeysign: |
690 | intptr = &options->enable_ssh_keysign; | 743 | intptr = &options->enable_ssh_keysign; |
691 | goto parse_flag; | 744 | goto parse_flag; |
@@ -695,6 +748,11 @@ parse_int: | |||
695 | filename, linenum, keyword); | 748 | filename, linenum, keyword); |
696 | return 0; | 749 | return 0; |
697 | 750 | ||
751 | case oUnsupported: | ||
752 | error("%s line %d: Unsupported option \"%s\"", | ||
753 | filename, linenum, keyword); | ||
754 | return 0; | ||
755 | |||
698 | default: | 756 | default: |
699 | fatal("process_config_line: Unimplemented opcode %d", opcode); | 757 | fatal("process_config_line: Unimplemented opcode %d", opcode); |
700 | } | 758 | } |
@@ -764,19 +822,11 @@ initialize_options(Options * options) | |||
764 | options->xauth_location = NULL; | 822 | options->xauth_location = NULL; |
765 | options->gateway_ports = -1; | 823 | options->gateway_ports = -1; |
766 | options->use_privileged_port = -1; | 824 | options->use_privileged_port = -1; |
767 | options->rhosts_authentication = -1; | ||
768 | options->rsa_authentication = -1; | 825 | options->rsa_authentication = -1; |
769 | options->pubkey_authentication = -1; | 826 | options->pubkey_authentication = -1; |
770 | options->challenge_response_authentication = -1; | 827 | options->challenge_response_authentication = -1; |
771 | #if defined(KRB4) || defined(KRB5) | 828 | options->gss_authentication = -1; |
772 | options->kerberos_authentication = -1; | 829 | options->gss_deleg_creds = -1; |
773 | #endif | ||
774 | #if defined(AFS) || defined(KRB5) | ||
775 | options->kerberos_tgt_passing = -1; | ||
776 | #endif | ||
777 | #ifdef AFS | ||
778 | options->afs_token_passing = -1; | ||
779 | #endif | ||
780 | options->password_authentication = -1; | 830 | options->password_authentication = -1; |
781 | options->kbd_interactive_authentication = -1; | 831 | options->kbd_interactive_authentication = -1; |
782 | options->kbd_interactive_devices = NULL; | 832 | options->kbd_interactive_devices = NULL; |
@@ -791,7 +841,9 @@ initialize_options(Options * options) | |||
791 | options->setuptimeout = -1; | 841 | options->setuptimeout = -1; |
792 | options->compression_level = -1; | 842 | options->compression_level = -1; |
793 | options->port = -1; | 843 | options->port = -1; |
844 | options->address_family = -1; | ||
794 | options->connection_attempts = -1; | 845 | options->connection_attempts = -1; |
846 | options->connection_timeout = -1; | ||
795 | options->number_of_password_prompts = -1; | 847 | options->number_of_password_prompts = -1; |
796 | options->cipher = -1; | 848 | options->cipher = -1; |
797 | options->ciphers = NULL; | 849 | options->ciphers = NULL; |
@@ -817,6 +869,8 @@ initialize_options(Options * options) | |||
817 | options->smartcard_device = NULL; | 869 | options->smartcard_device = NULL; |
818 | options->enable_ssh_keysign = - 1; | 870 | options->enable_ssh_keysign = - 1; |
819 | options->no_host_authentication_for_localhost = - 1; | 871 | options->no_host_authentication_for_localhost = - 1; |
872 | options->rekey_limit = - 1; | ||
873 | options->verify_host_key_dns = -1; | ||
820 | } | 874 | } |
821 | 875 | ||
822 | /* | 876 | /* |
@@ -839,26 +893,16 @@ fill_default_options(Options * options) | |||
839 | options->gateway_ports = 0; | 893 | options->gateway_ports = 0; |
840 | if (options->use_privileged_port == -1) | 894 | if (options->use_privileged_port == -1) |
841 | options->use_privileged_port = 0; | 895 | options->use_privileged_port = 0; |
842 | if (options->rhosts_authentication == -1) | ||
843 | options->rhosts_authentication = 0; | ||
844 | if (options->rsa_authentication == -1) | 896 | if (options->rsa_authentication == -1) |
845 | options->rsa_authentication = 1; | 897 | options->rsa_authentication = 1; |
846 | if (options->pubkey_authentication == -1) | 898 | if (options->pubkey_authentication == -1) |
847 | options->pubkey_authentication = 1; | 899 | options->pubkey_authentication = 1; |
848 | if (options->challenge_response_authentication == -1) | 900 | if (options->challenge_response_authentication == -1) |
849 | options->challenge_response_authentication = 1; | 901 | options->challenge_response_authentication = 1; |
850 | #if defined(KRB4) || defined(KRB5) | 902 | if (options->gss_authentication == -1) |
851 | if (options->kerberos_authentication == -1) | 903 | options->gss_authentication = 1; |
852 | options->kerberos_authentication = 1; | 904 | if (options->gss_deleg_creds == -1) |
853 | #endif | 905 | options->gss_deleg_creds = 0; |
854 | #if defined(AFS) || defined(KRB5) | ||
855 | if (options->kerberos_tgt_passing == -1) | ||
856 | options->kerberos_tgt_passing = 1; | ||
857 | #endif | ||
858 | #ifdef AFS | ||
859 | if (options->afs_token_passing == -1) | ||
860 | options->afs_token_passing = 1; | ||
861 | #endif | ||
862 | if (options->password_authentication == -1) | 906 | if (options->password_authentication == -1) |
863 | options->password_authentication = 1; | 907 | options->password_authentication = 1; |
864 | if (options->kbd_interactive_authentication == -1) | 908 | if (options->kbd_interactive_authentication == -1) |
@@ -889,6 +933,8 @@ fill_default_options(Options * options) | |||
889 | options->compression_level = 6; | 933 | options->compression_level = 6; |
890 | if (options->port == -1) | 934 | if (options->port == -1) |
891 | options->port = 0; /* Filled in ssh_connect. */ | 935 | options->port = 0; /* Filled in ssh_connect. */ |
936 | if (options->address_family == -1) | ||
937 | options->address_family = AF_UNSPEC; | ||
892 | if (options->connection_attempts == -1) | 938 | if (options->connection_attempts == -1) |
893 | options->connection_attempts = 1; | 939 | options->connection_attempts = 1; |
894 | if (options->number_of_password_prompts == -1) | 940 | if (options->number_of_password_prompts == -1) |
@@ -941,6 +987,10 @@ fill_default_options(Options * options) | |||
941 | options->no_host_authentication_for_localhost = 0; | 987 | options->no_host_authentication_for_localhost = 0; |
942 | if (options->enable_ssh_keysign == -1) | 988 | if (options->enable_ssh_keysign == -1) |
943 | options->enable_ssh_keysign = 0; | 989 | options->enable_ssh_keysign = 0; |
990 | if (options->rekey_limit == -1) | ||
991 | options->rekey_limit = 0; | ||
992 | if (options->verify_host_key_dns == -1) | ||
993 | options->verify_host_key_dns = 0; | ||
944 | /* options->proxy_command should not be set by default */ | 994 | /* options->proxy_command should not be set by default */ |
945 | /* options->user will be set in the main program if appropriate */ | 995 | /* options->user will be set in the main program if appropriate */ |
946 | /* options->hostname will be set in the main program if appropriate */ | 996 | /* options->hostname will be set in the main program if appropriate */ |