diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 145 |
1 files changed, 92 insertions, 53 deletions
diff --git a/readconf.c b/readconf.c index 043673ced..be27e75bc 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -130,12 +130,11 @@ typedef enum { | |||
130 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 130 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
131 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 131 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 132 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
133 | oGssKeyEx, | 133 | oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, |
134 | oGssTrustDns, | ||
135 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 134 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
136 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, | 135 | oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 136 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
138 | oVisualHostKey, | 137 | oVisualHostKey, oZeroKnowledgePasswordAuthentication, |
139 | oProtocolKeepAlives, oSetupTimeOut, | 138 | oProtocolKeepAlives, oSetupTimeOut, |
140 | oDeprecated, oUnsupported | 139 | oDeprecated, oUnsupported |
141 | } OpCodes; | 140 | } OpCodes; |
@@ -174,16 +173,20 @@ static struct { | |||
174 | { "gssapikeyexchange", oGssKeyEx }, | 173 | { "gssapikeyexchange", oGssKeyEx }, |
175 | { "gssapidelegatecredentials", oGssDelegateCreds }, | 174 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
176 | { "gssapitrustdns", oGssTrustDns }, | 175 | { "gssapitrustdns", oGssTrustDns }, |
176 | { "gssapiclientidentity", oGssClientIdentity }, | ||
177 | { "gssapirenewalforcesrekey", oGssRenewalRekey }, | ||
177 | #else | 178 | #else |
178 | { "gssapiauthentication", oUnsupported }, | 179 | { "gssapiauthentication", oUnsupported }, |
179 | { "gssapikeyexchange", oUnsupported }, | 180 | { "gssapikeyexchange", oUnsupported }, |
180 | { "gssapidelegatecredentials", oUnsupported }, | 181 | { "gssapidelegatecredentials", oUnsupported }, |
181 | { "gssapitrustdns", oUnsupported }, | 182 | { "gssapitrustdns", oUnsupported }, |
183 | { "gssapiclientidentity", oUnsupported }, | ||
184 | { "gssapirenewalforcesrekey", oUnsupported }, | ||
182 | #endif | 185 | #endif |
183 | { "fallbacktorsh", oDeprecated }, | 186 | { "fallbacktorsh", oDeprecated }, |
184 | { "usersh", oDeprecated }, | 187 | { "usersh", oDeprecated }, |
185 | { "identityfile", oIdentityFile }, | 188 | { "identityfile", oIdentityFile }, |
186 | { "identityfile2", oIdentityFile }, /* alias */ | 189 | { "identityfile2", oIdentityFile }, /* obsolete */ |
187 | { "identitiesonly", oIdentitiesOnly }, | 190 | { "identitiesonly", oIdentitiesOnly }, |
188 | { "hostname", oHostName }, | 191 | { "hostname", oHostName }, |
189 | { "hostkeyalias", oHostKeyAlias }, | 192 | { "hostkeyalias", oHostKeyAlias }, |
@@ -199,8 +202,8 @@ static struct { | |||
199 | { "host", oHost }, | 202 | { "host", oHost }, |
200 | { "escapechar", oEscapeChar }, | 203 | { "escapechar", oEscapeChar }, |
201 | { "globalknownhostsfile", oGlobalKnownHostsFile }, | 204 | { "globalknownhostsfile", oGlobalKnownHostsFile }, |
202 | { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ | 205 | { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */ |
203 | { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, | 206 | { "userknownhostsfile", oUserKnownHostsFile }, |
204 | { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ | 207 | { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ |
205 | { "connectionattempts", oConnectionAttempts }, | 208 | { "connectionattempts", oConnectionAttempts }, |
206 | { "batchmode", oBatchMode }, | 209 | { "batchmode", oBatchMode }, |
@@ -239,8 +242,15 @@ static struct { | |||
239 | { "localcommand", oLocalCommand }, | 242 | { "localcommand", oLocalCommand }, |
240 | { "permitlocalcommand", oPermitLocalCommand }, | 243 | { "permitlocalcommand", oPermitLocalCommand }, |
241 | { "visualhostkey", oVisualHostKey }, | 244 | { "visualhostkey", oVisualHostKey }, |
245 | #ifdef JPAKE | ||
246 | { "zeroknowledgepasswordauthentication", | ||
247 | oZeroKnowledgePasswordAuthentication }, | ||
248 | #else | ||
249 | { "zeroknowledgepasswordauthentication", oUnsupported }, | ||
250 | #endif | ||
242 | { "protocolkeepalives", oProtocolKeepAlives }, | 251 | { "protocolkeepalives", oProtocolKeepAlives }, |
243 | { "setuptimeout", oSetupTimeOut }, | 252 | { "setuptimeout", oSetupTimeOut }, |
253 | |||
244 | { NULL, oBadOption } | 254 | { NULL, oBadOption } |
245 | }; | 255 | }; |
246 | 256 | ||
@@ -262,10 +272,9 @@ add_local_forward(Options *options, const Forward *newfwd) | |||
262 | fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); | 272 | fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); |
263 | fwd = &options->local_forwards[options->num_local_forwards++]; | 273 | fwd = &options->local_forwards[options->num_local_forwards++]; |
264 | 274 | ||
265 | fwd->listen_host = (newfwd->listen_host == NULL) ? | 275 | fwd->listen_host = newfwd->listen_host; |
266 | NULL : xstrdup(newfwd->listen_host); | ||
267 | fwd->listen_port = newfwd->listen_port; | 276 | fwd->listen_port = newfwd->listen_port; |
268 | fwd->connect_host = xstrdup(newfwd->connect_host); | 277 | fwd->connect_host = newfwd->connect_host; |
269 | fwd->connect_port = newfwd->connect_port; | 278 | fwd->connect_port = newfwd->connect_port; |
270 | } | 279 | } |
271 | 280 | ||
@@ -283,10 +292,9 @@ add_remote_forward(Options *options, const Forward *newfwd) | |||
283 | SSH_MAX_FORWARDS_PER_DIRECTION); | 292 | SSH_MAX_FORWARDS_PER_DIRECTION); |
284 | fwd = &options->remote_forwards[options->num_remote_forwards++]; | 293 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
285 | 294 | ||
286 | fwd->listen_host = (newfwd->listen_host == NULL) ? | 295 | fwd->listen_host = newfwd->listen_host; |
287 | NULL : xstrdup(newfwd->listen_host); | ||
288 | fwd->listen_port = newfwd->listen_port; | 296 | fwd->listen_port = newfwd->listen_port; |
289 | fwd->connect_host = xstrdup(newfwd->connect_host); | 297 | fwd->connect_host = newfwd->connect_host; |
290 | fwd->connect_port = newfwd->connect_port; | 298 | fwd->connect_port = newfwd->connect_port; |
291 | } | 299 | } |
292 | 300 | ||
@@ -425,6 +433,10 @@ parse_flag: | |||
425 | intptr = &options->password_authentication; | 433 | intptr = &options->password_authentication; |
426 | goto parse_flag; | 434 | goto parse_flag; |
427 | 435 | ||
436 | case oZeroKnowledgePasswordAuthentication: | ||
437 | intptr = &options->zero_knowledge_password_authentication; | ||
438 | goto parse_flag; | ||
439 | |||
428 | case oKbdInteractiveAuthentication: | 440 | case oKbdInteractiveAuthentication: |
429 | intptr = &options->kbd_interactive_authentication; | 441 | intptr = &options->kbd_interactive_authentication; |
430 | goto parse_flag; | 442 | goto parse_flag; |
@@ -462,7 +474,7 @@ parse_flag: | |||
462 | goto parse_flag; | 474 | goto parse_flag; |
463 | 475 | ||
464 | case oGssKeyEx: | 476 | case oGssKeyEx: |
465 | intptr = &options->gss_keyex; | 477 | intptr = &options->gss_keyex; |
466 | goto parse_flag; | 478 | goto parse_flag; |
467 | 479 | ||
468 | case oGssDelegateCreds: | 480 | case oGssDelegateCreds: |
@@ -473,6 +485,14 @@ parse_flag: | |||
473 | intptr = &options->gss_trust_dns; | 485 | intptr = &options->gss_trust_dns; |
474 | goto parse_flag; | 486 | goto parse_flag; |
475 | 487 | ||
488 | case oGssClientIdentity: | ||
489 | charptr = &options->gss_client_identity; | ||
490 | goto parse_string; | ||
491 | |||
492 | case oGssRenewalRekey: | ||
493 | intptr = &options->gss_renewal_rekey; | ||
494 | goto parse_flag; | ||
495 | |||
476 | case oBatchMode: | 496 | case oBatchMode: |
477 | intptr = &options->batch_mode; | 497 | intptr = &options->batch_mode; |
478 | goto parse_flag; | 498 | goto parse_flag; |
@@ -731,56 +751,40 @@ parse_int: | |||
731 | 751 | ||
732 | case oLocalForward: | 752 | case oLocalForward: |
733 | case oRemoteForward: | 753 | case oRemoteForward: |
754 | case oDynamicForward: | ||
734 | arg = strdelim(&s); | 755 | arg = strdelim(&s); |
735 | if (arg == NULL || *arg == '\0') | 756 | if (arg == NULL || *arg == '\0') |
736 | fatal("%.200s line %d: Missing port argument.", | 757 | fatal("%.200s line %d: Missing port argument.", |
737 | filename, linenum); | 758 | filename, linenum); |
738 | arg2 = strdelim(&s); | ||
739 | if (arg2 == NULL || *arg2 == '\0') | ||
740 | fatal("%.200s line %d: Missing target argument.", | ||
741 | filename, linenum); | ||
742 | 759 | ||
743 | /* construct a string for parse_forward */ | 760 | if (opcode == oLocalForward || |
744 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); | 761 | opcode == oRemoteForward) { |
762 | arg2 = strdelim(&s); | ||
763 | if (arg2 == NULL || *arg2 == '\0') | ||
764 | fatal("%.200s line %d: Missing target argument.", | ||
765 | filename, linenum); | ||
745 | 766 | ||
746 | if (parse_forward(&fwd, fwdarg) == 0) | 767 | /* construct a string for parse_forward */ |
768 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); | ||
769 | } else if (opcode == oDynamicForward) { | ||
770 | strlcpy(fwdarg, arg, sizeof(fwdarg)); | ||
771 | } | ||
772 | |||
773 | if (parse_forward(&fwd, fwdarg, | ||
774 | opcode == oDynamicForward ? 1 : 0, | ||
775 | opcode == oRemoteForward ? 1 : 0) == 0) | ||
747 | fatal("%.200s line %d: Bad forwarding specification.", | 776 | fatal("%.200s line %d: Bad forwarding specification.", |
748 | filename, linenum); | 777 | filename, linenum); |
749 | 778 | ||
750 | if (*activep) { | 779 | if (*activep) { |
751 | if (opcode == oLocalForward) | 780 | if (opcode == oLocalForward || |
781 | opcode == oDynamicForward) | ||
752 | add_local_forward(options, &fwd); | 782 | add_local_forward(options, &fwd); |
753 | else if (opcode == oRemoteForward) | 783 | else if (opcode == oRemoteForward) |
754 | add_remote_forward(options, &fwd); | 784 | add_remote_forward(options, &fwd); |
755 | } | 785 | } |
756 | break; | 786 | break; |
757 | 787 | ||
758 | case oDynamicForward: | ||
759 | arg = strdelim(&s); | ||
760 | if (!arg || *arg == '\0') | ||
761 | fatal("%.200s line %d: Missing port argument.", | ||
762 | filename, linenum); | ||
763 | memset(&fwd, '\0', sizeof(fwd)); | ||
764 | fwd.connect_host = "socks"; | ||
765 | fwd.listen_host = hpdelim(&arg); | ||
766 | if (fwd.listen_host == NULL || | ||
767 | strlen(fwd.listen_host) >= NI_MAXHOST) | ||
768 | fatal("%.200s line %d: Bad forwarding specification.", | ||
769 | filename, linenum); | ||
770 | if (arg) { | ||
771 | fwd.listen_port = a2port(arg); | ||
772 | fwd.listen_host = cleanhostname(fwd.listen_host); | ||
773 | } else { | ||
774 | fwd.listen_port = a2port(fwd.listen_host); | ||
775 | fwd.listen_host = NULL; | ||
776 | } | ||
777 | if (fwd.listen_port == 0) | ||
778 | fatal("%.200s line %d: Badly formatted port number.", | ||
779 | filename, linenum); | ||
780 | if (*activep) | ||
781 | add_local_forward(options, &fwd); | ||
782 | break; | ||
783 | |||
784 | case oClearAllForwardings: | 788 | case oClearAllForwardings: |
785 | intptr = &options->clear_forwardings; | 789 | intptr = &options->clear_forwardings; |
786 | goto parse_flag; | 790 | goto parse_flag; |
@@ -986,7 +990,6 @@ read_config_file(const char *filename, const char *host, Options *options, | |||
986 | int active, linenum; | 990 | int active, linenum; |
987 | int bad_options = 0; | 991 | int bad_options = 0; |
988 | 992 | ||
989 | /* Open the file. */ | ||
990 | if ((f = fopen(filename, "r")) == NULL) | 993 | if ((f = fopen(filename, "r")) == NULL) |
991 | return 0; | 994 | return 0; |
992 | 995 | ||
@@ -1065,6 +1068,8 @@ initialize_options(Options * options) | |||
1065 | options->gss_keyex = -1; | 1068 | options->gss_keyex = -1; |
1066 | options->gss_deleg_creds = -1; | 1069 | options->gss_deleg_creds = -1; |
1067 | options->gss_trust_dns = -1; | 1070 | options->gss_trust_dns = -1; |
1071 | options->gss_renewal_rekey = -1; | ||
1072 | options->gss_client_identity = NULL; | ||
1068 | options->password_authentication = -1; | 1073 | options->password_authentication = -1; |
1069 | options->kbd_interactive_authentication = -1; | 1074 | options->kbd_interactive_authentication = -1; |
1070 | options->kbd_interactive_devices = NULL; | 1075 | options->kbd_interactive_devices = NULL; |
@@ -1121,6 +1126,7 @@ initialize_options(Options * options) | |||
1121 | options->local_command = NULL; | 1126 | options->local_command = NULL; |
1122 | options->permit_local_command = -1; | 1127 | options->permit_local_command = -1; |
1123 | options->visual_host_key = -1; | 1128 | options->visual_host_key = -1; |
1129 | options->zero_knowledge_password_authentication = -1; | ||
1124 | } | 1130 | } |
1125 | 1131 | ||
1126 | /* | 1132 | /* |
@@ -1161,6 +1167,8 @@ fill_default_options(Options * options) | |||
1161 | options->gss_deleg_creds = 0; | 1167 | options->gss_deleg_creds = 0; |
1162 | if (options->gss_trust_dns == -1) | 1168 | if (options->gss_trust_dns == -1) |
1163 | options->gss_trust_dns = 0; | 1169 | options->gss_trust_dns = 0; |
1170 | if (options->gss_renewal_rekey == -1) | ||
1171 | options->gss_renewal_rekey = 0; | ||
1164 | if (options->password_authentication == -1) | 1172 | if (options->password_authentication == -1) |
1165 | options->password_authentication = 1; | 1173 | options->password_authentication = 1; |
1166 | if (options->kbd_interactive_authentication == -1) | 1174 | if (options->kbd_interactive_authentication == -1) |
@@ -1268,6 +1276,8 @@ fill_default_options(Options * options) | |||
1268 | options->permit_local_command = 0; | 1276 | options->permit_local_command = 0; |
1269 | if (options->visual_host_key == -1) | 1277 | if (options->visual_host_key == -1) |
1270 | options->visual_host_key = 0; | 1278 | options->visual_host_key = 0; |
1279 | if (options->zero_knowledge_password_authentication == -1) | ||
1280 | options->zero_knowledge_password_authentication = 0; | ||
1271 | /* options->local_command should not be set by default */ | 1281 | /* options->local_command should not be set by default */ |
1272 | /* options->proxy_command should not be set by default */ | 1282 | /* options->proxy_command should not be set by default */ |
1273 | /* options->user will be set in the main program if appropriate */ | 1283 | /* options->user will be set in the main program if appropriate */ |
@@ -1279,11 +1289,14 @@ fill_default_options(Options * options) | |||
1279 | /* | 1289 | /* |
1280 | * parse_forward | 1290 | * parse_forward |
1281 | * parses a string containing a port forwarding specification of the form: | 1291 | * parses a string containing a port forwarding specification of the form: |
1292 | * dynamicfwd == 0 | ||
1282 | * [listenhost:]listenport:connecthost:connectport | 1293 | * [listenhost:]listenport:connecthost:connectport |
1294 | * dynamicfwd == 1 | ||
1295 | * [listenhost:]listenport | ||
1283 | * returns number of arguments parsed or zero on error | 1296 | * returns number of arguments parsed or zero on error |
1284 | */ | 1297 | */ |
1285 | int | 1298 | int |
1286 | parse_forward(Forward *fwd, const char *fwdspec) | 1299 | parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) |
1287 | { | 1300 | { |
1288 | int i; | 1301 | int i; |
1289 | char *p, *cp, *fwdarg[4]; | 1302 | char *p, *cp, *fwdarg[4]; |
@@ -1300,11 +1313,23 @@ parse_forward(Forward *fwd, const char *fwdspec) | |||
1300 | if ((fwdarg[i] = hpdelim(&cp)) == NULL) | 1313 | if ((fwdarg[i] = hpdelim(&cp)) == NULL) |
1301 | break; | 1314 | break; |
1302 | 1315 | ||
1303 | /* Check for trailing garbage in 4-arg case*/ | 1316 | /* Check for trailing garbage */ |
1304 | if (cp != NULL) | 1317 | if (cp != NULL) |
1305 | i = 0; /* failure */ | 1318 | i = 0; /* failure */ |
1306 | 1319 | ||
1307 | switch (i) { | 1320 | switch (i) { |
1321 | case 1: | ||
1322 | fwd->listen_host = NULL; | ||
1323 | fwd->listen_port = a2port(fwdarg[0]); | ||
1324 | fwd->connect_host = xstrdup("socks"); | ||
1325 | break; | ||
1326 | |||
1327 | case 2: | ||
1328 | fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); | ||
1329 | fwd->listen_port = a2port(fwdarg[1]); | ||
1330 | fwd->connect_host = xstrdup("socks"); | ||
1331 | break; | ||
1332 | |||
1308 | case 3: | 1333 | case 3: |
1309 | fwd->listen_host = NULL; | 1334 | fwd->listen_host = NULL; |
1310 | fwd->listen_port = a2port(fwdarg[0]); | 1335 | fwd->listen_port = a2port(fwdarg[0]); |
@@ -1324,12 +1349,26 @@ parse_forward(Forward *fwd, const char *fwdspec) | |||
1324 | 1349 | ||
1325 | xfree(p); | 1350 | xfree(p); |
1326 | 1351 | ||
1327 | if (fwd->listen_port == 0 || fwd->connect_port == 0) | 1352 | if (dynamicfwd) { |
1353 | if (!(i == 1 || i == 2)) | ||
1354 | goto fail_free; | ||
1355 | } else { | ||
1356 | if (!(i == 3 || i == 4)) | ||
1357 | goto fail_free; | ||
1358 | if (fwd->connect_port <= 0) | ||
1359 | goto fail_free; | ||
1360 | } | ||
1361 | |||
1362 | if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0)) | ||
1328 | goto fail_free; | 1363 | goto fail_free; |
1329 | 1364 | ||
1330 | if (fwd->connect_host != NULL && | 1365 | if (fwd->connect_host != NULL && |
1331 | strlen(fwd->connect_host) >= NI_MAXHOST) | 1366 | strlen(fwd->connect_host) >= NI_MAXHOST) |
1332 | goto fail_free; | 1367 | goto fail_free; |
1368 | if (fwd->listen_host != NULL && | ||
1369 | strlen(fwd->listen_host) >= NI_MAXHOST) | ||
1370 | goto fail_free; | ||
1371 | |||
1333 | 1372 | ||
1334 | return (i); | 1373 | return (i); |
1335 | 1374 | ||
@@ -1340,7 +1379,7 @@ parse_forward(Forward *fwd, const char *fwdspec) | |||
1340 | } | 1379 | } |
1341 | if (fwd->listen_host != NULL) { | 1380 | if (fwd->listen_host != NULL) { |
1342 | xfree(fwd->listen_host); | 1381 | xfree(fwd->listen_host); |
1343 | fwd->connect_host = NULL; | 1382 | fwd->listen_host = NULL; |
1344 | } | 1383 | } |
1345 | return (0); | 1384 | return (0); |
1346 | } | 1385 | } |