summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c145
1 files changed, 92 insertions, 53 deletions
diff --git a/readconf.c b/readconf.c
index 043673ced..be27e75bc 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ 1/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,12 +130,11 @@ typedef enum {
130 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 130 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
132 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 132 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
133 oGssKeyEx, 133 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
134 oGssTrustDns,
135 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 134 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
136 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 135 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
137 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 136 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
138 oVisualHostKey, 137 oVisualHostKey, oZeroKnowledgePasswordAuthentication,
139 oProtocolKeepAlives, oSetupTimeOut, 138 oProtocolKeepAlives, oSetupTimeOut,
140 oDeprecated, oUnsupported 139 oDeprecated, oUnsupported
141} OpCodes; 140} OpCodes;
@@ -174,16 +173,20 @@ static struct {
174 { "gssapikeyexchange", oGssKeyEx }, 173 { "gssapikeyexchange", oGssKeyEx },
175 { "gssapidelegatecredentials", oGssDelegateCreds }, 174 { "gssapidelegatecredentials", oGssDelegateCreds },
176 { "gssapitrustdns", oGssTrustDns }, 175 { "gssapitrustdns", oGssTrustDns },
176 { "gssapiclientidentity", oGssClientIdentity },
177 { "gssapirenewalforcesrekey", oGssRenewalRekey },
177#else 178#else
178 { "gssapiauthentication", oUnsupported }, 179 { "gssapiauthentication", oUnsupported },
179 { "gssapikeyexchange", oUnsupported }, 180 { "gssapikeyexchange", oUnsupported },
180 { "gssapidelegatecredentials", oUnsupported }, 181 { "gssapidelegatecredentials", oUnsupported },
181 { "gssapitrustdns", oUnsupported }, 182 { "gssapitrustdns", oUnsupported },
183 { "gssapiclientidentity", oUnsupported },
184 { "gssapirenewalforcesrekey", oUnsupported },
182#endif 185#endif
183 { "fallbacktorsh", oDeprecated }, 186 { "fallbacktorsh", oDeprecated },
184 { "usersh", oDeprecated }, 187 { "usersh", oDeprecated },
185 { "identityfile", oIdentityFile }, 188 { "identityfile", oIdentityFile },
186 { "identityfile2", oIdentityFile }, /* alias */ 189 { "identityfile2", oIdentityFile }, /* obsolete */
187 { "identitiesonly", oIdentitiesOnly }, 190 { "identitiesonly", oIdentitiesOnly },
188 { "hostname", oHostName }, 191 { "hostname", oHostName },
189 { "hostkeyalias", oHostKeyAlias }, 192 { "hostkeyalias", oHostKeyAlias },
@@ -199,8 +202,8 @@ static struct {
199 { "host", oHost }, 202 { "host", oHost },
200 { "escapechar", oEscapeChar }, 203 { "escapechar", oEscapeChar },
201 { "globalknownhostsfile", oGlobalKnownHostsFile }, 204 { "globalknownhostsfile", oGlobalKnownHostsFile },
202 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ 205 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
203 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, 206 { "userknownhostsfile", oUserKnownHostsFile },
204 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ 207 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
205 { "connectionattempts", oConnectionAttempts }, 208 { "connectionattempts", oConnectionAttempts },
206 { "batchmode", oBatchMode }, 209 { "batchmode", oBatchMode },
@@ -239,8 +242,15 @@ static struct {
239 { "localcommand", oLocalCommand }, 242 { "localcommand", oLocalCommand },
240 { "permitlocalcommand", oPermitLocalCommand }, 243 { "permitlocalcommand", oPermitLocalCommand },
241 { "visualhostkey", oVisualHostKey }, 244 { "visualhostkey", oVisualHostKey },
245#ifdef JPAKE
246 { "zeroknowledgepasswordauthentication",
247 oZeroKnowledgePasswordAuthentication },
248#else
249 { "zeroknowledgepasswordauthentication", oUnsupported },
250#endif
242 { "protocolkeepalives", oProtocolKeepAlives }, 251 { "protocolkeepalives", oProtocolKeepAlives },
243 { "setuptimeout", oSetupTimeOut }, 252 { "setuptimeout", oSetupTimeOut },
253
244 { NULL, oBadOption } 254 { NULL, oBadOption }
245}; 255};
246 256
@@ -262,10 +272,9 @@ add_local_forward(Options *options, const Forward *newfwd)
262 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); 272 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
263 fwd = &options->local_forwards[options->num_local_forwards++]; 273 fwd = &options->local_forwards[options->num_local_forwards++];
264 274
265 fwd->listen_host = (newfwd->listen_host == NULL) ? 275 fwd->listen_host = newfwd->listen_host;
266 NULL : xstrdup(newfwd->listen_host);
267 fwd->listen_port = newfwd->listen_port; 276 fwd->listen_port = newfwd->listen_port;
268 fwd->connect_host = xstrdup(newfwd->connect_host); 277 fwd->connect_host = newfwd->connect_host;
269 fwd->connect_port = newfwd->connect_port; 278 fwd->connect_port = newfwd->connect_port;
270} 279}
271 280
@@ -283,10 +292,9 @@ add_remote_forward(Options *options, const Forward *newfwd)
283 SSH_MAX_FORWARDS_PER_DIRECTION); 292 SSH_MAX_FORWARDS_PER_DIRECTION);
284 fwd = &options->remote_forwards[options->num_remote_forwards++]; 293 fwd = &options->remote_forwards[options->num_remote_forwards++];
285 294
286 fwd->listen_host = (newfwd->listen_host == NULL) ? 295 fwd->listen_host = newfwd->listen_host;
287 NULL : xstrdup(newfwd->listen_host);
288 fwd->listen_port = newfwd->listen_port; 296 fwd->listen_port = newfwd->listen_port;
289 fwd->connect_host = xstrdup(newfwd->connect_host); 297 fwd->connect_host = newfwd->connect_host;
290 fwd->connect_port = newfwd->connect_port; 298 fwd->connect_port = newfwd->connect_port;
291} 299}
292 300
@@ -425,6 +433,10 @@ parse_flag:
425 intptr = &options->password_authentication; 433 intptr = &options->password_authentication;
426 goto parse_flag; 434 goto parse_flag;
427 435
436 case oZeroKnowledgePasswordAuthentication:
437 intptr = &options->zero_knowledge_password_authentication;
438 goto parse_flag;
439
428 case oKbdInteractiveAuthentication: 440 case oKbdInteractiveAuthentication:
429 intptr = &options->kbd_interactive_authentication; 441 intptr = &options->kbd_interactive_authentication;
430 goto parse_flag; 442 goto parse_flag;
@@ -462,7 +474,7 @@ parse_flag:
462 goto parse_flag; 474 goto parse_flag;
463 475
464 case oGssKeyEx: 476 case oGssKeyEx:
465 intptr = &options->gss_keyex; 477 intptr = &options->gss_keyex;
466 goto parse_flag; 478 goto parse_flag;
467 479
468 case oGssDelegateCreds: 480 case oGssDelegateCreds:
@@ -473,6 +485,14 @@ parse_flag:
473 intptr = &options->gss_trust_dns; 485 intptr = &options->gss_trust_dns;
474 goto parse_flag; 486 goto parse_flag;
475 487
488 case oGssClientIdentity:
489 charptr = &options->gss_client_identity;
490 goto parse_string;
491
492 case oGssRenewalRekey:
493 intptr = &options->gss_renewal_rekey;
494 goto parse_flag;
495
476 case oBatchMode: 496 case oBatchMode:
477 intptr = &options->batch_mode; 497 intptr = &options->batch_mode;
478 goto parse_flag; 498 goto parse_flag;
@@ -731,56 +751,40 @@ parse_int:
731 751
732 case oLocalForward: 752 case oLocalForward:
733 case oRemoteForward: 753 case oRemoteForward:
754 case oDynamicForward:
734 arg = strdelim(&s); 755 arg = strdelim(&s);
735 if (arg == NULL || *arg == '\0') 756 if (arg == NULL || *arg == '\0')
736 fatal("%.200s line %d: Missing port argument.", 757 fatal("%.200s line %d: Missing port argument.",
737 filename, linenum); 758 filename, linenum);
738 arg2 = strdelim(&s);
739 if (arg2 == NULL || *arg2 == '\0')
740 fatal("%.200s line %d: Missing target argument.",
741 filename, linenum);
742 759
743 /* construct a string for parse_forward */ 760 if (opcode == oLocalForward ||
744 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); 761 opcode == oRemoteForward) {
762 arg2 = strdelim(&s);
763 if (arg2 == NULL || *arg2 == '\0')
764 fatal("%.200s line %d: Missing target argument.",
765 filename, linenum);
745 766
746 if (parse_forward(&fwd, fwdarg) == 0) 767 /* construct a string for parse_forward */
768 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
769 } else if (opcode == oDynamicForward) {
770 strlcpy(fwdarg, arg, sizeof(fwdarg));
771 }
772
773 if (parse_forward(&fwd, fwdarg,
774 opcode == oDynamicForward ? 1 : 0,
775 opcode == oRemoteForward ? 1 : 0) == 0)
747 fatal("%.200s line %d: Bad forwarding specification.", 776 fatal("%.200s line %d: Bad forwarding specification.",
748 filename, linenum); 777 filename, linenum);
749 778
750 if (*activep) { 779 if (*activep) {
751 if (opcode == oLocalForward) 780 if (opcode == oLocalForward ||
781 opcode == oDynamicForward)
752 add_local_forward(options, &fwd); 782 add_local_forward(options, &fwd);
753 else if (opcode == oRemoteForward) 783 else if (opcode == oRemoteForward)
754 add_remote_forward(options, &fwd); 784 add_remote_forward(options, &fwd);
755 } 785 }
756 break; 786 break;
757 787
758 case oDynamicForward:
759 arg = strdelim(&s);
760 if (!arg || *arg == '\0')
761 fatal("%.200s line %d: Missing port argument.",
762 filename, linenum);
763 memset(&fwd, '\0', sizeof(fwd));
764 fwd.connect_host = "socks";
765 fwd.listen_host = hpdelim(&arg);
766 if (fwd.listen_host == NULL ||
767 strlen(fwd.listen_host) >= NI_MAXHOST)
768 fatal("%.200s line %d: Bad forwarding specification.",
769 filename, linenum);
770 if (arg) {
771 fwd.listen_port = a2port(arg);
772 fwd.listen_host = cleanhostname(fwd.listen_host);
773 } else {
774 fwd.listen_port = a2port(fwd.listen_host);
775 fwd.listen_host = NULL;
776 }
777 if (fwd.listen_port == 0)
778 fatal("%.200s line %d: Badly formatted port number.",
779 filename, linenum);
780 if (*activep)
781 add_local_forward(options, &fwd);
782 break;
783
784 case oClearAllForwardings: 788 case oClearAllForwardings:
785 intptr = &options->clear_forwardings; 789 intptr = &options->clear_forwardings;
786 goto parse_flag; 790 goto parse_flag;
@@ -986,7 +990,6 @@ read_config_file(const char *filename, const char *host, Options *options,
986 int active, linenum; 990 int active, linenum;
987 int bad_options = 0; 991 int bad_options = 0;
988 992
989 /* Open the file. */
990 if ((f = fopen(filename, "r")) == NULL) 993 if ((f = fopen(filename, "r")) == NULL)
991 return 0; 994 return 0;
992 995
@@ -1065,6 +1068,8 @@ initialize_options(Options * options)
1065 options->gss_keyex = -1; 1068 options->gss_keyex = -1;
1066 options->gss_deleg_creds = -1; 1069 options->gss_deleg_creds = -1;
1067 options->gss_trust_dns = -1; 1070 options->gss_trust_dns = -1;
1071 options->gss_renewal_rekey = -1;
1072 options->gss_client_identity = NULL;
1068 options->password_authentication = -1; 1073 options->password_authentication = -1;
1069 options->kbd_interactive_authentication = -1; 1074 options->kbd_interactive_authentication = -1;
1070 options->kbd_interactive_devices = NULL; 1075 options->kbd_interactive_devices = NULL;
@@ -1121,6 +1126,7 @@ initialize_options(Options * options)
1121 options->local_command = NULL; 1126 options->local_command = NULL;
1122 options->permit_local_command = -1; 1127 options->permit_local_command = -1;
1123 options->visual_host_key = -1; 1128 options->visual_host_key = -1;
1129 options->zero_knowledge_password_authentication = -1;
1124} 1130}
1125 1131
1126/* 1132/*
@@ -1161,6 +1167,8 @@ fill_default_options(Options * options)
1161 options->gss_deleg_creds = 0; 1167 options->gss_deleg_creds = 0;
1162 if (options->gss_trust_dns == -1) 1168 if (options->gss_trust_dns == -1)
1163 options->gss_trust_dns = 0; 1169 options->gss_trust_dns = 0;
1170 if (options->gss_renewal_rekey == -1)
1171 options->gss_renewal_rekey = 0;
1164 if (options->password_authentication == -1) 1172 if (options->password_authentication == -1)
1165 options->password_authentication = 1; 1173 options->password_authentication = 1;
1166 if (options->kbd_interactive_authentication == -1) 1174 if (options->kbd_interactive_authentication == -1)
@@ -1268,6 +1276,8 @@ fill_default_options(Options * options)
1268 options->permit_local_command = 0; 1276 options->permit_local_command = 0;
1269 if (options->visual_host_key == -1) 1277 if (options->visual_host_key == -1)
1270 options->visual_host_key = 0; 1278 options->visual_host_key = 0;
1279 if (options->zero_knowledge_password_authentication == -1)
1280 options->zero_knowledge_password_authentication = 0;
1271 /* options->local_command should not be set by default */ 1281 /* options->local_command should not be set by default */
1272 /* options->proxy_command should not be set by default */ 1282 /* options->proxy_command should not be set by default */
1273 /* options->user will be set in the main program if appropriate */ 1283 /* options->user will be set in the main program if appropriate */
@@ -1279,11 +1289,14 @@ fill_default_options(Options * options)
1279/* 1289/*
1280 * parse_forward 1290 * parse_forward
1281 * parses a string containing a port forwarding specification of the form: 1291 * parses a string containing a port forwarding specification of the form:
1292 * dynamicfwd == 0
1282 * [listenhost:]listenport:connecthost:connectport 1293 * [listenhost:]listenport:connecthost:connectport
1294 * dynamicfwd == 1
1295 * [listenhost:]listenport
1283 * returns number of arguments parsed or zero on error 1296 * returns number of arguments parsed or zero on error
1284 */ 1297 */
1285int 1298int
1286parse_forward(Forward *fwd, const char *fwdspec) 1299parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1287{ 1300{
1288 int i; 1301 int i;
1289 char *p, *cp, *fwdarg[4]; 1302 char *p, *cp, *fwdarg[4];
@@ -1300,11 +1313,23 @@ parse_forward(Forward *fwd, const char *fwdspec)
1300 if ((fwdarg[i] = hpdelim(&cp)) == NULL) 1313 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1301 break; 1314 break;
1302 1315
1303 /* Check for trailing garbage in 4-arg case*/ 1316 /* Check for trailing garbage */
1304 if (cp != NULL) 1317 if (cp != NULL)
1305 i = 0; /* failure */ 1318 i = 0; /* failure */
1306 1319
1307 switch (i) { 1320 switch (i) {
1321 case 1:
1322 fwd->listen_host = NULL;
1323 fwd->listen_port = a2port(fwdarg[0]);
1324 fwd->connect_host = xstrdup("socks");
1325 break;
1326
1327 case 2:
1328 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1329 fwd->listen_port = a2port(fwdarg[1]);
1330 fwd->connect_host = xstrdup("socks");
1331 break;
1332
1308 case 3: 1333 case 3:
1309 fwd->listen_host = NULL; 1334 fwd->listen_host = NULL;
1310 fwd->listen_port = a2port(fwdarg[0]); 1335 fwd->listen_port = a2port(fwdarg[0]);
@@ -1324,12 +1349,26 @@ parse_forward(Forward *fwd, const char *fwdspec)
1324 1349
1325 xfree(p); 1350 xfree(p);
1326 1351
1327 if (fwd->listen_port == 0 || fwd->connect_port == 0) 1352 if (dynamicfwd) {
1353 if (!(i == 1 || i == 2))
1354 goto fail_free;
1355 } else {
1356 if (!(i == 3 || i == 4))
1357 goto fail_free;
1358 if (fwd->connect_port <= 0)
1359 goto fail_free;
1360 }
1361
1362 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
1328 goto fail_free; 1363 goto fail_free;
1329 1364
1330 if (fwd->connect_host != NULL && 1365 if (fwd->connect_host != NULL &&
1331 strlen(fwd->connect_host) >= NI_MAXHOST) 1366 strlen(fwd->connect_host) >= NI_MAXHOST)
1332 goto fail_free; 1367 goto fail_free;
1368 if (fwd->listen_host != NULL &&
1369 strlen(fwd->listen_host) >= NI_MAXHOST)
1370 goto fail_free;
1371
1333 1372
1334 return (i); 1373 return (i);
1335 1374
@@ -1340,7 +1379,7 @@ parse_forward(Forward *fwd, const char *fwdspec)
1340 } 1379 }
1341 if (fwd->listen_host != NULL) { 1380 if (fwd->listen_host != NULL) {
1342 xfree(fwd->listen_host); 1381 xfree(fwd->listen_host);
1343 fwd->connect_host = NULL; 1382 fwd->listen_host = NULL;
1344 } 1383 }
1345 return (0); 1384 return (0);
1346} 1385}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 19:53:17 +0000