summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c182
1 files changed, 116 insertions, 66 deletions
diff --git a/readconf.c b/readconf.c
index 899ff3f0e..0a1788ba0 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -57,7 +57,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
57 Host fascist.blob.com 57 Host fascist.blob.com
58 Port 23123 58 Port 23123
59 User tylonen 59 User tylonen
60 RhostsAuthentication no
61 PasswordAuthentication no 60 PasswordAuthentication no
62 61
63 Host puukko.hut.fi 62 Host puukko.hut.fi
@@ -75,7 +74,6 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
75 Host * 74 Host *
76 ForwardAgent no 75 ForwardAgent no
77 ForwardX11 no 76 ForwardX11 no
78 RhostsAuthentication yes
79 PasswordAuthentication yes 77 PasswordAuthentication yes
80 RSAAuthentication yes 78 RSAAuthentication yes
81 RhostsRSAAuthentication yes 79 RhostsRSAAuthentication yes
@@ -93,18 +91,9 @@ RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
93 91
94typedef enum { 92typedef enum {
95 oBadOption, 93 oBadOption,
96 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, 94 oForwardAgent, oForwardX11, oGatewayPorts,
97 oPasswordAuthentication, oRSAAuthentication, 95 oPasswordAuthentication, oRSAAuthentication,
98 oChallengeResponseAuthentication, oXAuthLocation, 96 oChallengeResponseAuthentication, oXAuthLocation,
99#if defined(KRB4) || defined(KRB5)
100 oKerberosAuthentication,
101#endif
102#if defined(AFS) || defined(KRB5)
103 oKerberosTgtPassing,
104#endif
105#ifdef AFS
106 oAFSTokenPassing,
107#endif
108 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 97 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
109 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 98 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
110 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 99 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -116,9 +105,10 @@ typedef enum {
116 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 105 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
117 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, 106 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
118 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 107 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
119 oEnableSSHKeysign, 108 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
109 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
120 oProtocolKeepAlives, oSetupTimeOut, 110 oProtocolKeepAlives, oSetupTimeOut,
121 oDeprecated 111 oDeprecated, oUnsupported
122} OpCodes; 112} OpCodes;
123 113
124/* Textual representations of the tokens. */ 114/* Textual representations of the tokens. */
@@ -132,7 +122,7 @@ static struct {
132 { "xauthlocation", oXAuthLocation }, 122 { "xauthlocation", oXAuthLocation },
133 { "gatewayports", oGatewayPorts }, 123 { "gatewayports", oGatewayPorts },
134 { "useprivilegedport", oUsePrivilegedPort }, 124 { "useprivilegedport", oUsePrivilegedPort },
135 { "rhostsauthentication", oRhostsAuthentication }, 125 { "rhostsauthentication", oDeprecated },
136 { "passwordauthentication", oPasswordAuthentication }, 126 { "passwordauthentication", oPasswordAuthentication },
137 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
138 { "kbdinteractivedevices", oKbdInteractiveDevices }, 128 { "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -144,14 +134,15 @@ static struct {
144 { "challengeresponseauthentication", oChallengeResponseAuthentication }, 134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
145 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ 135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
146 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ 136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
147#if defined(KRB4) || defined(KRB5) 137 { "kerberosauthentication", oUnsupported },
148 { "kerberosauthentication", oKerberosAuthentication }, 138 { "kerberostgtpassing", oUnsupported },
149#endif 139 { "afstokenpassing", oUnsupported },
150#if defined(AFS) || defined(KRB5) 140#if defined(GSSAPI)
151 { "kerberostgtpassing", oKerberosTgtPassing }, 141 { "gssapiauthentication", oGssAuthentication },
152#endif 142 { "gssapidelegatecredentials", oGssDelegateCreds },
153#ifdef AFS 143#else
154 { "afstokenpassing", oAFSTokenPassing }, 144 { "gssapiauthentication", oUnsupported },
145 { "gssapidelegatecredentials", oUnsupported },
155#endif 146#endif
156 { "fallbacktorsh", oDeprecated }, 147 { "fallbacktorsh", oDeprecated },
157 { "usersh", oDeprecated }, 148 { "usersh", oDeprecated },
@@ -187,10 +178,22 @@ static struct {
187 { "preferredauthentications", oPreferredAuthentications }, 178 { "preferredauthentications", oPreferredAuthentications },
188 { "hostkeyalgorithms", oHostKeyAlgorithms }, 179 { "hostkeyalgorithms", oHostKeyAlgorithms },
189 { "bindaddress", oBindAddress }, 180 { "bindaddress", oBindAddress },
181#ifdef SMARTCARD
190 { "smartcarddevice", oSmartcardDevice }, 182 { "smartcarddevice", oSmartcardDevice },
183#else
184 { "smartcarddevice", oUnsupported },
185#endif
191 { "clearallforwardings", oClearAllForwardings }, 186 { "clearallforwardings", oClearAllForwardings },
192 { "enablesshkeysign", oEnableSSHKeysign }, 187 { "enablesshkeysign", oEnableSSHKeysign },
188#ifdef DNS
189 { "verifyhostkeydns", oVerifyHostKeyDNS },
190#else
191 { "verifyhostkeydns", oUnsupported },
192#endif
193 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, 193 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
194 { "rekeylimit", oRekeyLimit },
195 { "connecttimeout", oConnectTimeout },
196 { "addressfamily", oAddressFamily },
194 { "protocolkeepalives", oProtocolKeepAlives }, 197 { "protocolkeepalives", oProtocolKeepAlives },
195 { "setuptimeout", oSetupTimeOut }, 198 { "setuptimeout", oSetupTimeOut },
196 { NULL, oBadOption } 199 { NULL, oBadOption }
@@ -309,6 +312,20 @@ process_config_line(Options *options, const char *host,
309 /* don't panic, but count bad options */ 312 /* don't panic, but count bad options */
310 return -1; 313 return -1;
311 /* NOTREACHED */ 314 /* NOTREACHED */
315 case oConnectTimeout:
316 intptr = &options->connection_timeout;
317/* parse_time: */
318 arg = strdelim(&s);
319 if (!arg || *arg == '\0')
320 fatal("%s line %d: missing time value.",
321 filename, linenum);
322 if ((value = convtime(arg)) == -1)
323 fatal("%s line %d: invalid time value.",
324 filename, linenum);
325 if (*intptr == -1)
326 *intptr = value;
327 break;
328
312 case oForwardAgent: 329 case oForwardAgent:
313 intptr = &options->forward_agent; 330 intptr = &options->forward_agent;
314parse_flag: 331parse_flag:
@@ -338,10 +355,6 @@ parse_flag:
338 intptr = &options->use_privileged_port; 355 intptr = &options->use_privileged_port;
339 goto parse_flag; 356 goto parse_flag;
340 357
341 case oRhostsAuthentication:
342 intptr = &options->rhosts_authentication;
343 goto parse_flag;
344
345 case oPasswordAuthentication: 358 case oPasswordAuthentication:
346 intptr = &options->password_authentication; 359 intptr = &options->password_authentication;
347 goto parse_flag; 360 goto parse_flag;
@@ -373,21 +386,15 @@ parse_flag:
373 case oChallengeResponseAuthentication: 386 case oChallengeResponseAuthentication:
374 intptr = &options->challenge_response_authentication; 387 intptr = &options->challenge_response_authentication;
375 goto parse_flag; 388 goto parse_flag;
376#if defined(KRB4) || defined(KRB5) 389
377 case oKerberosAuthentication: 390 case oGssAuthentication:
378 intptr = &options->kerberos_authentication; 391 intptr = &options->gss_authentication;
379 goto parse_flag;
380#endif
381#if defined(AFS) || defined(KRB5)
382 case oKerberosTgtPassing:
383 intptr = &options->kerberos_tgt_passing;
384 goto parse_flag; 392 goto parse_flag;
385#endif 393
386#ifdef AFS 394 case oGssDelegateCreds:
387 case oAFSTokenPassing: 395 intptr = &options->gss_deleg_creds;
388 intptr = &options->afs_token_passing;
389 goto parse_flag; 396 goto parse_flag;
390#endif 397
391 case oBatchMode: 398 case oBatchMode:
392 intptr = &options->batch_mode; 399 intptr = &options->batch_mode;
393 goto parse_flag; 400 goto parse_flag;
@@ -396,6 +403,10 @@ parse_flag:
396 intptr = &options->check_host_ip; 403 intptr = &options->check_host_ip;
397 goto parse_flag; 404 goto parse_flag;
398 405
406 case oVerifyHostKeyDNS:
407 intptr = &options->verify_host_key_dns;
408 goto parse_flag;
409
399 case oStrictHostKeyChecking: 410 case oStrictHostKeyChecking:
400 intptr = &options->strict_host_key_checking; 411 intptr = &options->strict_host_key_checking;
401 arg = strdelim(&s); 412 arg = strdelim(&s);
@@ -443,6 +454,31 @@ parse_flag:
443 intptr = &options->compression_level; 454 intptr = &options->compression_level;
444 goto parse_int; 455 goto parse_int;
445 456
457 case oRekeyLimit:
458 intptr = &options->rekey_limit;
459 arg = strdelim(&s);
460 if (!arg || *arg == '\0')
461 fatal("%.200s line %d: Missing argument.", filename, linenum);
462 if (arg[0] < '0' || arg[0] > '9')
463 fatal("%.200s line %d: Bad number.", filename, linenum);
464 value = strtol(arg, &endofnumber, 10);
465 if (arg == endofnumber)
466 fatal("%.200s line %d: Bad number.", filename, linenum);
467 switch (toupper(*endofnumber)) {
468 case 'K':
469 value *= 1<<10;
470 break;
471 case 'M':
472 value *= 1<<20;
473 break;
474 case 'G':
475 value *= 1<<30;
476 break;
477 }
478 if (*activep && *intptr == -1)
479 *intptr = value;
480 break;
481
446 case oIdentityFile: 482 case oIdentityFile:
447 arg = strdelim(&s); 483 arg = strdelim(&s);
448 if (!arg || *arg == '\0') 484 if (!arg || *arg == '\0')
@@ -509,6 +545,8 @@ parse_string:
509 goto parse_string; 545 goto parse_string;
510 546
511 case oProxyCommand: 547 case oProxyCommand:
548 if (s == NULL)
549 fatal("%.200s line %d: Missing argument.", filename, linenum);
512 charptr = &options->proxy_command; 550 charptr = &options->proxy_command;
513 len = strspn(s, WHITESPACE "="); 551 len = strspn(s, WHITESPACE "=");
514 if (*activep && *charptr == NULL) 552 if (*activep && *charptr == NULL)
@@ -646,7 +684,7 @@ parse_int:
646 fatal("%.200s line %d: Badly formatted port number.", 684 fatal("%.200s line %d: Badly formatted port number.",
647 filename, linenum); 685 filename, linenum);
648 if (*activep) 686 if (*activep)
649 add_local_forward(options, fwd_port, "socks4", 0); 687 add_local_forward(options, fwd_port, "socks", 0);
650 break; 688 break;
651 689
652 case oClearAllForwardings: 690 case oClearAllForwardings:
@@ -686,6 +724,21 @@ parse_int:
686 *intptr = value; 724 *intptr = value;
687 break; 725 break;
688 726
727 case oAddressFamily:
728 arg = strdelim(&s);
729 intptr = &options->address_family;
730 if (strcasecmp(arg, "inet") == 0)
731 value = AF_INET;
732 else if (strcasecmp(arg, "inet6") == 0)
733 value = AF_INET6;
734 else if (strcasecmp(arg, "any") == 0)
735 value = AF_UNSPEC;
736 else
737 fatal("Unsupported AddressFamily \"%s\"", arg);
738 if (*activep && *intptr == -1)
739 *intptr = value;
740 break;
741
689 case oEnableSSHKeysign: 742 case oEnableSSHKeysign:
690 intptr = &options->enable_ssh_keysign; 743 intptr = &options->enable_ssh_keysign;
691 goto parse_flag; 744 goto parse_flag;
@@ -695,6 +748,11 @@ parse_int:
695 filename, linenum, keyword); 748 filename, linenum, keyword);
696 return 0; 749 return 0;
697 750
751 case oUnsupported:
752 error("%s line %d: Unsupported option \"%s\"",
753 filename, linenum, keyword);
754 return 0;
755
698 default: 756 default:
699 fatal("process_config_line: Unimplemented opcode %d", opcode); 757 fatal("process_config_line: Unimplemented opcode %d", opcode);
700 } 758 }
@@ -764,19 +822,11 @@ initialize_options(Options * options)
764 options->xauth_location = NULL; 822 options->xauth_location = NULL;
765 options->gateway_ports = -1; 823 options->gateway_ports = -1;
766 options->use_privileged_port = -1; 824 options->use_privileged_port = -1;
767 options->rhosts_authentication = -1;
768 options->rsa_authentication = -1; 825 options->rsa_authentication = -1;
769 options->pubkey_authentication = -1; 826 options->pubkey_authentication = -1;
770 options->challenge_response_authentication = -1; 827 options->challenge_response_authentication = -1;
771#if defined(KRB4) || defined(KRB5) 828 options->gss_authentication = -1;
772 options->kerberos_authentication = -1; 829 options->gss_deleg_creds = -1;
773#endif
774#if defined(AFS) || defined(KRB5)
775 options->kerberos_tgt_passing = -1;
776#endif
777#ifdef AFS
778 options->afs_token_passing = -1;
779#endif
780 options->password_authentication = -1; 830 options->password_authentication = -1;
781 options->kbd_interactive_authentication = -1; 831 options->kbd_interactive_authentication = -1;
782 options->kbd_interactive_devices = NULL; 832 options->kbd_interactive_devices = NULL;
@@ -791,7 +841,9 @@ initialize_options(Options * options)
791 options->setuptimeout = -1; 841 options->setuptimeout = -1;
792 options->compression_level = -1; 842 options->compression_level = -1;
793 options->port = -1; 843 options->port = -1;
844 options->address_family = -1;
794 options->connection_attempts = -1; 845 options->connection_attempts = -1;
846 options->connection_timeout = -1;
795 options->number_of_password_prompts = -1; 847 options->number_of_password_prompts = -1;
796 options->cipher = -1; 848 options->cipher = -1;
797 options->ciphers = NULL; 849 options->ciphers = NULL;
@@ -817,6 +869,8 @@ initialize_options(Options * options)
817 options->smartcard_device = NULL; 869 options->smartcard_device = NULL;
818 options->enable_ssh_keysign = - 1; 870 options->enable_ssh_keysign = - 1;
819 options->no_host_authentication_for_localhost = - 1; 871 options->no_host_authentication_for_localhost = - 1;
872 options->rekey_limit = - 1;
873 options->verify_host_key_dns = -1;
820} 874}
821 875
822/* 876/*
@@ -839,26 +893,16 @@ fill_default_options(Options * options)
839 options->gateway_ports = 0; 893 options->gateway_ports = 0;
840 if (options->use_privileged_port == -1) 894 if (options->use_privileged_port == -1)
841 options->use_privileged_port = 0; 895 options->use_privileged_port = 0;
842 if (options->rhosts_authentication == -1)
843 options->rhosts_authentication = 0;
844 if (options->rsa_authentication == -1) 896 if (options->rsa_authentication == -1)
845 options->rsa_authentication = 1; 897 options->rsa_authentication = 1;
846 if (options->pubkey_authentication == -1) 898 if (options->pubkey_authentication == -1)
847 options->pubkey_authentication = 1; 899 options->pubkey_authentication = 1;
848 if (options->challenge_response_authentication == -1) 900 if (options->challenge_response_authentication == -1)
849 options->challenge_response_authentication = 1; 901 options->challenge_response_authentication = 1;
850#if defined(KRB4) || defined(KRB5) 902 if (options->gss_authentication == -1)
851 if (options->kerberos_authentication == -1) 903 options->gss_authentication = 1;
852 options->kerberos_authentication = 1; 904 if (options->gss_deleg_creds == -1)
853#endif 905 options->gss_deleg_creds = 0;
854#if defined(AFS) || defined(KRB5)
855 if (options->kerberos_tgt_passing == -1)
856 options->kerberos_tgt_passing = 1;
857#endif
858#ifdef AFS
859 if (options->afs_token_passing == -1)
860 options->afs_token_passing = 1;
861#endif
862 if (options->password_authentication == -1) 906 if (options->password_authentication == -1)
863 options->password_authentication = 1; 907 options->password_authentication = 1;
864 if (options->kbd_interactive_authentication == -1) 908 if (options->kbd_interactive_authentication == -1)
@@ -889,6 +933,8 @@ fill_default_options(Options * options)
889 options->compression_level = 6; 933 options->compression_level = 6;
890 if (options->port == -1) 934 if (options->port == -1)
891 options->port = 0; /* Filled in ssh_connect. */ 935 options->port = 0; /* Filled in ssh_connect. */
936 if (options->address_family == -1)
937 options->address_family = AF_UNSPEC;
892 if (options->connection_attempts == -1) 938 if (options->connection_attempts == -1)
893 options->connection_attempts = 1; 939 options->connection_attempts = 1;
894 if (options->number_of_password_prompts == -1) 940 if (options->number_of_password_prompts == -1)
@@ -941,6 +987,10 @@ fill_default_options(Options * options)
941 options->no_host_authentication_for_localhost = 0; 987 options->no_host_authentication_for_localhost = 0;
942 if (options->enable_ssh_keysign == -1) 988 if (options->enable_ssh_keysign == -1)
943 options->enable_ssh_keysign = 0; 989 options->enable_ssh_keysign = 0;
990 if (options->rekey_limit == -1)
991 options->rekey_limit = 0;
992 if (options->verify_host_key_dns == -1)
993 options->verify_host_key_dns = 0;
944 /* options->proxy_command should not be set by default */ 994 /* options->proxy_command should not be set by default */
945 /* options->user will be set in the main program if appropriate */ 995 /* options->user will be set in the main program if appropriate */
946 /* options->hostname will be set in the main program if appropriate */ 996 /* options->hostname will be set in the main program if appropriate */