summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c48
1 files changed, 39 insertions, 9 deletions
diff --git a/readconf.c b/readconf.c
index a3d42f2ae..661b8bf40 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -174,7 +174,7 @@ typedef enum {
174 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, 174 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
177 oPubkeyAcceptedKeyTypes, oProxyJump, 177 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
178 oProtocolKeepAlives, oSetupTimeOut, 178 oProtocolKeepAlives, oSetupTimeOut,
179 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 179 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
180} OpCodes; 180} OpCodes;
@@ -280,6 +280,7 @@ static struct {
280 { "dynamicforward", oDynamicForward }, 280 { "dynamicforward", oDynamicForward },
281 { "preferredauthentications", oPreferredAuthentications }, 281 { "preferredauthentications", oPreferredAuthentications },
282 { "hostkeyalgorithms", oHostKeyAlgorithms }, 282 { "hostkeyalgorithms", oHostKeyAlgorithms },
283 { "casignaturealgorithms", oCASignatureAlgorithms },
283 { "bindaddress", oBindAddress }, 284 { "bindaddress", oBindAddress },
284 { "bindinterface", oBindInterface }, 285 { "bindinterface", oBindInterface },
285 { "clearallforwardings", oClearAllForwardings }, 286 { "clearallforwardings", oClearAllForwardings },
@@ -1193,7 +1194,20 @@ parse_command:
1193 return 0; 1194 return 0;
1194 1195
1195 case oPort: 1196 case oPort:
1196 intptr = &options->port; 1197 arg = strdelim(&s);
1198 if (!arg || *arg == '\0')
1199 fatal("%.200s line %d: Missing argument.",
1200 filename, linenum);
1201 value = a2port(arg);
1202 if (value <= 0)
1203 fatal("%.200s line %d: Bad port '%s'.",
1204 filename, linenum, arg);
1205 if (*activep && options->port == -1)
1206 options->port = value;
1207 break;
1208
1209 case oConnectionAttempts:
1210 intptr = &options->connection_attempts;
1197parse_int: 1211parse_int:
1198 arg = strdelim(&s); 1212 arg = strdelim(&s);
1199 if ((errstr = atoi_err(arg, &value)) != NULL) 1213 if ((errstr = atoi_err(arg, &value)) != NULL)
@@ -1203,10 +1217,6 @@ parse_int:
1203 *intptr = value; 1217 *intptr = value;
1204 break; 1218 break;
1205 1219
1206 case oConnectionAttempts:
1207 intptr = &options->connection_attempts;
1208 goto parse_int;
1209
1210 case oCiphers: 1220 case oCiphers:
1211 arg = strdelim(&s); 1221 arg = strdelim(&s);
1212 if (!arg || *arg == '\0') 1222 if (!arg || *arg == '\0')
@@ -1257,6 +1267,10 @@ parse_keytypes:
1257 *charptr = xstrdup(arg); 1267 *charptr = xstrdup(arg);
1258 break; 1268 break;
1259 1269
1270 case oCASignatureAlgorithms:
1271 charptr = &options->ca_sign_algorithms;
1272 goto parse_keytypes;
1273
1260 case oLogLevel: 1274 case oLogLevel:
1261 log_level_ptr = &options->log_level; 1275 log_level_ptr = &options->log_level;
1262 arg = strdelim(&s); 1276 arg = strdelim(&s);
@@ -1733,7 +1747,18 @@ parse_keytypes:
1733 1747
1734 case oIdentityAgent: 1748 case oIdentityAgent:
1735 charptr = &options->identity_agent; 1749 charptr = &options->identity_agent;
1736 goto parse_string; 1750 arg = strdelim(&s);
1751 if (!arg || *arg == '\0')
1752 fatal("%.200s line %d: Missing argument.",
1753 filename, linenum);
1754 /* Extra validation if the string represents an env var. */
1755 if (arg[0] == '$' && !valid_env_name(arg + 1)) {
1756 fatal("%.200s line %d: Invalid environment name %s.",
1757 filename, linenum, arg);
1758 }
1759 if (*activep && *charptr == NULL)
1760 *charptr = xstrdup(arg);
1761 break;
1737 1762
1738 case oDeprecated: 1763 case oDeprecated:
1739 debug("%s line %d: Deprecated option \"%s\"", 1764 debug("%s line %d: Deprecated option \"%s\"",
@@ -1878,6 +1903,7 @@ initialize_options(Options * options)
1878 options->macs = NULL; 1903 options->macs = NULL;
1879 options->kex_algorithms = NULL; 1904 options->kex_algorithms = NULL;
1880 options->hostkeyalgorithms = NULL; 1905 options->hostkeyalgorithms = NULL;
1906 options->ca_sign_algorithms = NULL;
1881 options->num_identity_files = 0; 1907 options->num_identity_files = 0;
1882 options->num_certificate_files = 0; 1908 options->num_certificate_files = 0;
1883 options->hostname = NULL; 1909 options->hostname = NULL;
@@ -1966,7 +1992,7 @@ fill_default_options_for_canonicalization(Options *options)
1966void 1992void
1967fill_default_options(Options * options) 1993fill_default_options(Options * options)
1968{ 1994{
1969 char *all_cipher, *all_mac, *all_kex, *all_key; 1995 char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
1970 int r; 1996 int r;
1971 1997
1972 if (options->forward_agent == -1) 1998 if (options->forward_agent == -1)
@@ -2130,6 +2156,7 @@ fill_default_options(Options * options)
2130 all_mac = mac_alg_list(','); 2156 all_mac = mac_alg_list(',');
2131 all_kex = kex_alg_list(','); 2157 all_kex = kex_alg_list(',');
2132 all_key = sshkey_alg_list(0, 0, 1, ','); 2158 all_key = sshkey_alg_list(0, 0, 1, ',');
2159 all_sig = sshkey_alg_list(0, 1, 1, ',');
2133#define ASSEMBLE(what, defaults, all) \ 2160#define ASSEMBLE(what, defaults, all) \
2134 do { \ 2161 do { \
2135 if ((r = kex_assemble_names(&options->what, \ 2162 if ((r = kex_assemble_names(&options->what, \
@@ -2141,11 +2168,13 @@ fill_default_options(Options * options)
2141 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); 2168 ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
2142 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); 2169 ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
2143 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); 2170 ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
2171 ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
2144#undef ASSEMBLE 2172#undef ASSEMBLE
2145 free(all_cipher); 2173 free(all_cipher);
2146 free(all_mac); 2174 free(all_mac);
2147 free(all_kex); 2175 free(all_kex);
2148 free(all_key); 2176 free(all_key);
2177 free(all_sig);
2149 2178
2150#define CLEAR_ON_NONE(v) \ 2179#define CLEAR_ON_NONE(v) \
2151 do { \ 2180 do { \
@@ -2667,6 +2696,7 @@ dump_client_config(Options *o, const char *host)
2667 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); 2696 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
2668 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); 2697 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2669 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); 2698 dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
2699 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
2670 dump_cfg_string(oLocalCommand, o->local_command); 2700 dump_cfg_string(oLocalCommand, o->local_command);
2671 dump_cfg_string(oRemoteCommand, o->remote_command); 2701 dump_cfg_string(oRemoteCommand, o->remote_command);
2672 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2702 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:29:39 +0000