summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c74
1 files changed, 63 insertions, 11 deletions
diff --git a/readconf.c b/readconf.c
index b3e14b9d2..6a0ffd634 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,3 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
1/* 2/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -12,17 +13,33 @@
12 */ 13 */
13 14
14#include "includes.h" 15#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
16 16
17#include "ssh.h" 17#include <sys/types.h>
18#include <sys/stat.h>
19#include <sys/socket.h>
20
21#include <netinet/in.h>
22
23#include <ctype.h>
24#include <errno.h>
25#include <netdb.h>
26#include <signal.h>
27#include <stdarg.h>
28#include <stdio.h>
29#include <string.h>
30#include <unistd.h>
31
18#include "xmalloc.h" 32#include "xmalloc.h"
33#include "ssh.h"
19#include "compat.h" 34#include "compat.h"
20#include "cipher.h" 35#include "cipher.h"
21#include "pathnames.h" 36#include "pathnames.h"
22#include "log.h" 37#include "log.h"
38#include "key.h"
23#include "readconf.h" 39#include "readconf.h"
24#include "match.h" 40#include "match.h"
25#include "misc.h" 41#include "misc.h"
42#include "buffer.h"
26#include "kex.h" 43#include "kex.h"
27#include "mac.h" 44#include "mac.h"
28 45
@@ -94,6 +111,7 @@ RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
94typedef enum { 111typedef enum {
95 oBadOption, 112 oBadOption,
96 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, 113 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
114 oExitOnForwardFailure,
97 oPasswordAuthentication, oRSAAuthentication, 115 oPasswordAuthentication, oRSAAuthentication,
98 oChallengeResponseAuthentication, oXAuthLocation, 116 oChallengeResponseAuthentication, oXAuthLocation,
99 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, 117 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
@@ -109,6 +127,7 @@ typedef enum {
109 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
110 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
111 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
130 oGssKeyEx,
112 oGssTrustDns, 131 oGssTrustDns,
113 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
114 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 133 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
@@ -126,6 +145,7 @@ static struct {
126 { "forwardagent", oForwardAgent }, 145 { "forwardagent", oForwardAgent },
127 { "forwardx11", oForwardX11 }, 146 { "forwardx11", oForwardX11 },
128 { "forwardx11trusted", oForwardX11Trusted }, 147 { "forwardx11trusted", oForwardX11Trusted },
148 { "exitonforwardfailure", oExitOnForwardFailure },
129 { "xauthlocation", oXAuthLocation }, 149 { "xauthlocation", oXAuthLocation },
130 { "gatewayports", oGatewayPorts }, 150 { "gatewayports", oGatewayPorts },
131 { "useprivilegedport", oUsePrivilegedPort }, 151 { "useprivilegedport", oUsePrivilegedPort },
@@ -146,10 +166,12 @@ static struct {
146 { "afstokenpassing", oUnsupported }, 166 { "afstokenpassing", oUnsupported },
147#if defined(GSSAPI) 167#if defined(GSSAPI)
148 { "gssapiauthentication", oGssAuthentication }, 168 { "gssapiauthentication", oGssAuthentication },
169 { "gssapikeyexchange", oGssKeyEx },
149 { "gssapidelegatecredentials", oGssDelegateCreds }, 170 { "gssapidelegatecredentials", oGssDelegateCreds },
150 { "gssapitrustdns", oGssTrustDns }, 171 { "gssapitrustdns", oGssTrustDns },
151#else 172#else
152 { "gssapiauthentication", oUnsupported }, 173 { "gssapiauthentication", oUnsupported },
174 { "gssapikeyexchange", oUnsupported },
153 { "gssapidelegatecredentials", oUnsupported }, 175 { "gssapidelegatecredentials", oUnsupported },
154 { "gssapitrustdns", oUnsupported }, 176 { "gssapitrustdns", oUnsupported },
155#endif 177#endif
@@ -312,7 +334,8 @@ process_config_line(Options *options, const char *host,
312 int *activep) 334 int *activep)
313{ 335{
314 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; 336 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
315 int opcode, *intptr, value, value2; 337 int opcode, *intptr, value, value2, scale;
338 long long orig, val64;
316 size_t len; 339 size_t len;
317 Forward fwd; 340 Forward fwd;
318 341
@@ -325,7 +348,8 @@ process_config_line(Options *options, const char *host,
325 348
326 s = line; 349 s = line;
327 /* Get the keyword. (Each line is supposed to begin with a keyword). */ 350 /* Get the keyword. (Each line is supposed to begin with a keyword). */
328 keyword = strdelim(&s); 351 if ((keyword = strdelim(&s)) == NULL)
352 return 0;
329 /* Ignore leading whitespace. */ 353 /* Ignore leading whitespace. */
330 if (*keyword == '\0') 354 if (*keyword == '\0')
331 keyword = strdelim(&s); 355 keyword = strdelim(&s);
@@ -349,7 +373,7 @@ parse_time:
349 if ((value = convtime(arg)) == -1) 373 if ((value = convtime(arg)) == -1)
350 fatal("%s line %d: invalid time value.", 374 fatal("%s line %d: invalid time value.",
351 filename, linenum); 375 filename, linenum);
352 if (*intptr == -1) 376 if (*activep && *intptr == -1)
353 *intptr = value; 377 *intptr = value;
354 break; 378 break;
355 379
@@ -382,6 +406,10 @@ parse_flag:
382 intptr = &options->gateway_ports; 406 intptr = &options->gateway_ports;
383 goto parse_flag; 407 goto parse_flag;
384 408
409 case oExitOnForwardFailure:
410 intptr = &options->exit_on_forward_failure;
411 goto parse_flag;
412
385 case oUsePrivilegedPort: 413 case oUsePrivilegedPort:
386 intptr = &options->use_privileged_port; 414 intptr = &options->use_privileged_port;
387 goto parse_flag; 415 goto parse_flag;
@@ -422,6 +450,10 @@ parse_flag:
422 intptr = &options->gss_authentication; 450 intptr = &options->gss_authentication;
423 goto parse_flag; 451 goto parse_flag;
424 452
453 case oGssKeyEx:
454 intptr = &options->gss_keyex;
455 goto parse_flag;
456
425 case oGssDelegateCreds: 457 case oGssDelegateCreds:
426 intptr = &options->gss_deleg_creds; 458 intptr = &options->gss_deleg_creds;
427 goto parse_flag; 459 goto parse_flag;
@@ -489,22 +521,36 @@ parse_yesnoask:
489 fatal("%.200s line %d: Missing argument.", filename, linenum); 521 fatal("%.200s line %d: Missing argument.", filename, linenum);
490 if (arg[0] < '0' || arg[0] > '9') 522 if (arg[0] < '0' || arg[0] > '9')
491 fatal("%.200s line %d: Bad number.", filename, linenum); 523 fatal("%.200s line %d: Bad number.", filename, linenum);
492 value = strtol(arg, &endofnumber, 10); 524 orig = val64 = strtoll(arg, &endofnumber, 10);
493 if (arg == endofnumber) 525 if (arg == endofnumber)
494 fatal("%.200s line %d: Bad number.", filename, linenum); 526 fatal("%.200s line %d: Bad number.", filename, linenum);
495 switch (toupper(*endofnumber)) { 527 switch (toupper(*endofnumber)) {
528 case '\0':
529 scale = 1;
530 break;
496 case 'K': 531 case 'K':
497 value *= 1<<10; 532 scale = 1<<10;
498 break; 533 break;
499 case 'M': 534 case 'M':
500 value *= 1<<20; 535 scale = 1<<20;
501 break; 536 break;
502 case 'G': 537 case 'G':
503 value *= 1<<30; 538 scale = 1<<30;
504 break; 539 break;
540 default:
541 fatal("%.200s line %d: Invalid RekeyLimit suffix",
542 filename, linenum);
505 } 543 }
544 val64 *= scale;
545 /* detect integer wrap and too-large limits */
546 if ((val64 / scale) != orig || val64 > INT_MAX)
547 fatal("%.200s line %d: RekeyLimit too large",
548 filename, linenum);
549 if (val64 < 16)
550 fatal("%.200s line %d: RekeyLimit too small",
551 filename, linenum);
506 if (*activep && *intptr == -1) 552 if (*activep && *intptr == -1)
507 *intptr = value; 553 *intptr = (int)val64;
508 break; 554 break;
509 555
510 case oIdentityFile: 556 case oIdentityFile:
@@ -516,7 +562,7 @@ parse_yesnoask:
516 if (*intptr >= SSH_MAX_IDENTITY_FILES) 562 if (*intptr >= SSH_MAX_IDENTITY_FILES)
517 fatal("%.200s line %d: Too many identity files specified (max %d).", 563 fatal("%.200s line %d: Too many identity files specified (max %d).",
518 filename, linenum, SSH_MAX_IDENTITY_FILES); 564 filename, linenum, SSH_MAX_IDENTITY_FILES);
519 charptr = &options->identity_files[*intptr]; 565 charptr = &options->identity_files[*intptr];
520 *charptr = xstrdup(arg); 566 *charptr = xstrdup(arg);
521 *intptr = *intptr + 1; 567 *intptr = *intptr + 1;
522 } 568 }
@@ -997,6 +1043,7 @@ initialize_options(Options * options)
997 options->forward_agent = -1; 1043 options->forward_agent = -1;
998 options->forward_x11 = -1; 1044 options->forward_x11 = -1;
999 options->forward_x11_trusted = -1; 1045 options->forward_x11_trusted = -1;
1046 options->exit_on_forward_failure = -1;
1000 options->xauth_location = NULL; 1047 options->xauth_location = NULL;
1001 options->gateway_ports = -1; 1048 options->gateway_ports = -1;
1002 options->use_privileged_port = -1; 1049 options->use_privileged_port = -1;
@@ -1004,6 +1051,7 @@ initialize_options(Options * options)
1004 options->pubkey_authentication = -1; 1051 options->pubkey_authentication = -1;
1005 options->challenge_response_authentication = -1; 1052 options->challenge_response_authentication = -1;
1006 options->gss_authentication = -1; 1053 options->gss_authentication = -1;
1054 options->gss_keyex = -1;
1007 options->gss_deleg_creds = -1; 1055 options->gss_deleg_creds = -1;
1008 options->gss_trust_dns = -1; 1056 options->gss_trust_dns = -1;
1009 options->password_authentication = -1; 1057 options->password_authentication = -1;
@@ -1079,6 +1127,8 @@ fill_default_options(Options * options)
1079 options->forward_x11 = 0; 1127 options->forward_x11 = 0;
1080 if (options->forward_x11_trusted == -1) 1128 if (options->forward_x11_trusted == -1)
1081 options->forward_x11_trusted = 1; 1129 options->forward_x11_trusted = 1;
1130 if (options->exit_on_forward_failure == -1)
1131 options->exit_on_forward_failure = 0;
1082 if (options->xauth_location == NULL) 1132 if (options->xauth_location == NULL)
1083 options->xauth_location = _PATH_XAUTH; 1133 options->xauth_location = _PATH_XAUTH;
1084 if (options->gateway_ports == -1) 1134 if (options->gateway_ports == -1)
@@ -1093,6 +1143,8 @@ fill_default_options(Options * options)
1093 options->challenge_response_authentication = 1; 1143 options->challenge_response_authentication = 1;
1094 if (options->gss_authentication == -1) 1144 if (options->gss_authentication == -1)
1095 options->gss_authentication = 0; 1145 options->gss_authentication = 0;
1146 if (options->gss_keyex == -1)
1147 options->gss_keyex = 0;
1096 if (options->gss_deleg_creds == -1) 1148 if (options->gss_deleg_creds == -1)
1097 options->gss_deleg_creds = 0; 1149 options->gss_deleg_creds = 0;
1098 if (options->gss_trust_dns == -1) 1150 if (options->gss_trust_dns == -1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 23:01:30 +0000