search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
utilities - Temporary map out libevtr, ktrdump, and evtranalyze from x86_64
[dragonfly.git] / crypto / openssh / readconf.c
blob7377ab9d684a206851304b0c748fdee04462801d
1 /* $OpenBSD: readconf.c,v 1.177 2009/06/27 09:35:06 andreas Exp $ */
2 /*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Functions for reading the configuration files.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15 #include "includes.h"
16
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/socket.h>
20
21 #include <netinet/in.h>
22
23 #include <ctype.h>
24 #include <errno.h>
25 #include <netdb.h>
26 #include <signal.h>
27 #include <stdarg.h>
28 #include <stdio.h>
29 #include <string.h>
30 #include <unistd.h>
31
32 #include "xmalloc.h"
33 #include "ssh.h"
34 #include "compat.h"
35 #include "cipher.h"
36 #include "pathnames.h"
37 #include "log.h"
38 #include "key.h"
39 #include "readconf.h"
40 #include "match.h"
41 #include "misc.h"
42 #include "buffer.h"
43 #include "kex.h"
44 #include "mac.h"
45 #include "uidswap.h"
46 #include "version.h"
47
48 /* Format of the configuration file:
49
50 # Configuration data is parsed as follows:
51 # 1. command line options
52 # 2. user-specific file
53 # 3. system-wide file
54 # Any configuration value is only changed the first time it is set.
55 # Thus, host-specific definitions should be at the beginning of the
56 # configuration file, and defaults at the end.
57
58 # Host-specific declarations. These may override anything above. A single
59 # host may match multiple declarations; these are processed in the order
60 # that they are given in.
61
62 Host *.ngs.fi ngs.fi
63 User foo
64
65 Host fake.com
66 HostName another.host.name.real.org
67 User blaah
68 Port 34289
69 ForwardX11 no
70 ForwardAgent no
71
72 Host books.com
73 RemoteForward 9999 shadows.cs.hut.fi:9999
74 Cipher 3des
75
76 Host fascist.blob.com
77 Port 23123
78 User tylonen
79 PasswordAuthentication no
80
81 Host puukko.hut.fi
82 User t35124p
83 ProxyCommand ssh-proxy %h %p
84
85 Host *.fr
86 PublicKeyAuthentication no
87
88 Host *.su
89 Cipher none
90 PasswordAuthentication no
91
92 Host vpn.fake.com
93 Tunnel yes
94 TunnelDevice 3
95
96 # Defaults for various options
97 Host *
98 ForwardAgent no
99 ForwardX11 no
100 PasswordAuthentication yes
101 RSAAuthentication yes
102 RhostsRSAAuthentication yes
103 StrictHostKeyChecking yes
104 TcpKeepAlive no
105 IdentityFile ~/.ssh/identity
106 Port 22
107 EscapeChar ~
108
109 */
110
111 /* Keyword tokens. */
112
113 typedef enum {
114 oBadOption,
115 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
116 oExitOnForwardFailure,
117 oPasswordAuthentication, oRSAAuthentication,
118 oChallengeResponseAuthentication, oXAuthLocation,
119 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
120 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
121 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
122 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
123 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
124 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
128 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
129 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
130 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
131 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
133 oVersionAddendum,
134 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
135 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
136 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
137 oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
138 oHPNBufferSize, oDeprecated, oUnsupported
139 } OpCodes;
140
141 /* Textual representations of the tokens. */
142
143 static struct {
144 const char *name;
145 OpCodes opcode;
146 } keywords[] = {
147 { "forwardagent", oForwardAgent },
148 { "forwardx11", oForwardX11 },
149 { "forwardx11trusted", oForwardX11Trusted },
150 { "exitonforwardfailure", oExitOnForwardFailure },
151 { "xauthlocation", oXAuthLocation },
152 { "gatewayports", oGatewayPorts },
153 { "useprivilegedport", oUsePrivilegedPort },
154 { "rhostsauthentication", oDeprecated },
155 { "passwordauthentication", oPasswordAuthentication },
156 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
157 { "kbdinteractivedevices", oKbdInteractiveDevices },
158 { "rsaauthentication", oRSAAuthentication },
159 { "pubkeyauthentication", oPubkeyAuthentication },
160 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
161 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
162 { "hostbasedauthentication", oHostbasedAuthentication },
163 { "challengeresponseauthentication", oChallengeResponseAuthentication },
164 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
165 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
166 { "kerberosauthentication", oUnsupported },
167 { "kerberostgtpassing", oUnsupported },
168 { "afstokenpassing", oUnsupported },
169 #if defined(GSSAPI)
170 { "gssapiauthentication", oGssAuthentication },
171 { "gssapidelegatecredentials", oGssDelegateCreds },
172 #else
173 { "gssapiauthentication", oUnsupported },
174 { "gssapidelegatecredentials", oUnsupported },
175 #endif
176 { "fallbacktorsh", oDeprecated },
177 { "usersh", oDeprecated },
178 { "identityfile", oIdentityFile },
179 { "identityfile2", oIdentityFile }, /* obsolete */
180 { "identitiesonly", oIdentitiesOnly },
181 { "hostname", oHostName },
182 { "hostkeyalias", oHostKeyAlias },
183 { "proxycommand", oProxyCommand },
184 { "port", oPort },
185 { "cipher", oCipher },
186 { "ciphers", oCiphers },
187 { "macs", oMacs },
188 { "protocol", oProtocol },
189 { "remoteforward", oRemoteForward },
190 { "localforward", oLocalForward },
191 { "user", oUser },
192 { "host", oHost },
193 { "escapechar", oEscapeChar },
194 { "globalknownhostsfile", oGlobalKnownHostsFile },
195 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
196 { "userknownhostsfile", oUserKnownHostsFile },
197 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
198 { "connectionattempts", oConnectionAttempts },
199 { "batchmode", oBatchMode },
200 { "checkhostip", oCheckHostIP },
201 { "stricthostkeychecking", oStrictHostKeyChecking },
202 { "compression", oCompression },
203 { "compressionlevel", oCompressionLevel },
204 { "tcpkeepalive", oTCPKeepAlive },
205 { "keepalive", oTCPKeepAlive }, /* obsolete */
206 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
207 { "loglevel", oLogLevel },
208 { "dynamicforward", oDynamicForward },
209 { "preferredauthentications", oPreferredAuthentications },
210 { "hostkeyalgorithms", oHostKeyAlgorithms },
211 { "bindaddress", oBindAddress },
212 #ifdef SMARTCARD
213 { "smartcarddevice", oSmartcardDevice },
214 #else
215 { "smartcarddevice", oUnsupported },
216 #endif
217 { "clearallforwardings", oClearAllForwardings },
218 { "enablesshkeysign", oEnableSSHKeysign },
219 { "verifyhostkeydns", oVerifyHostKeyDNS },
220 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
221 { "rekeylimit", oRekeyLimit },
222 { "connecttimeout", oConnectTimeout },
223 { "addressfamily", oAddressFamily },
224 { "serveraliveinterval", oServerAliveInterval },
225 { "serveralivecountmax", oServerAliveCountMax },
226 { "versionaddendum", oVersionAddendum },
227 { "sendenv", oSendEnv },
228 { "controlpath", oControlPath },
229 { "controlmaster", oControlMaster },
230 { "hashknownhosts", oHashKnownHosts },
231 { "tunnel", oTunnel },
232 { "tunneldevice", oTunnelDevice },
233 { "localcommand", oLocalCommand },
234 { "permitlocalcommand", oPermitLocalCommand },
235 { "visualhostkey", oVisualHostKey },
236 { "useroaming", oUseRoaming },
237 #ifdef JPAKE
238 { "zeroknowledgepasswordauthentication",
239 oZeroKnowledgePasswordAuthentication },
240 #else
241 { "zeroknowledgepasswordauthentication", oUnsupported },
242 #endif
243 { "noneenabled", oNoneEnabled },
244 { "tcprcvbufpoll", oTcpRcvBufPoll },
245 { "tcprcvbuf", oTcpRcvBuf },
246 { "noneswitch", oNoneSwitch },
247 { "hpndisabled", oHPNDisabled },
248 { "hpnbuffersize", oHPNBufferSize },
249
250 { NULL, oBadOption }
251 };
252
253 /*
254 * Adds a local TCP/IP port forward to options. Never returns if there is an
255 * error.
256 */
257
258 void
259 add_local_forward(Options *options, const Forward *newfwd)
260 {
261 Forward *fwd;
262 #ifndef NO_IPPORT_RESERVED_CONCEPT
263 extern uid_t original_real_uid;
264 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
265 fatal("Privileged ports can only be forwarded by root.");
266 #endif
267 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
268 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
269 fwd = &options->local_forwards[options->num_local_forwards++];
270
271 fwd->listen_host = newfwd->listen_host;
272 fwd->listen_port = newfwd->listen_port;
273 fwd->connect_host = newfwd->connect_host;
274 fwd->connect_port = newfwd->connect_port;
275 }
276
277 /*
278 * Adds a remote TCP/IP port forward to options. Never returns if there is
279 * an error.
280 */
281
282 void
283 add_remote_forward(Options *options, const Forward *newfwd)
284 {
285 Forward *fwd;
286 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
287 fatal("Too many remote forwards (max %d).",
288 SSH_MAX_FORWARDS_PER_DIRECTION);
289 fwd = &options->remote_forwards[options->num_remote_forwards++];
290
291 fwd->listen_host = newfwd->listen_host;
292 fwd->listen_port = newfwd->listen_port;
293 fwd->connect_host = newfwd->connect_host;
294 fwd->connect_port = newfwd->connect_port;
295 }
296
297 static void
298 clear_forwardings(Options *options)
299 {
300 int i;
301
302 for (i = 0; i < options->num_local_forwards; i++) {
303 if (options->local_forwards[i].listen_host != NULL)
304 xfree(options->local_forwards[i].listen_host);
305 xfree(options->local_forwards[i].connect_host);
306 }
307 options->num_local_forwards = 0;
308 for (i = 0; i < options->num_remote_forwards; i++) {
309 if (options->remote_forwards[i].listen_host != NULL)
310 xfree(options->remote_forwards[i].listen_host);
311 xfree(options->remote_forwards[i].connect_host);
312 }
313 options->num_remote_forwards = 0;
314 options->tun_open = SSH_TUNMODE_NO;
315 }
316
317 /*
318 * Returns the number of the token pointed to by cp or oBadOption.
319 */
320
321 static OpCodes
322 parse_token(const char *cp, const char *filename, int linenum)
323 {
324 u_int i;
325
326 for (i = 0; keywords[i].name; i++)
327 if (strcasecmp(cp, keywords[i].name) == 0)
328 return keywords[i].opcode;
329
330 error("%s: line %d: Bad configuration option: %s",
331 filename, linenum, cp);
332 return oBadOption;
333 }
334
335 /*
336 * Processes a single option line as used in the configuration files. This
337 * only sets those values that have not already been set.
338 */
339 #define WHITESPACE " \t\r\n"
340
341 int
342 process_config_line(Options *options, const char *host,
343 char *line, const char *filename, int linenum,
344 int *activep)
345 {
346 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
347 int opcode, *intptr, value, value2, scale;
348 LogLevel *log_level_ptr;
349 long long orig, val64;
350 size_t len;
351 Forward fwd;
352
353 /* Strip trailing whitespace */
354 for (len = strlen(line) - 1; len > 0; len--) {
355 if (strchr(WHITESPACE, line[len]) == NULL)
356 break;
357 line[len] = '\0';
358 }
359
360 s = line;
361 /* Get the keyword. (Each line is supposed to begin with a keyword). */
362 if ((keyword = strdelim(&s)) == NULL)
363 return 0;
364 /* Ignore leading whitespace. */
365 if (*keyword == '\0')
366 keyword = strdelim(&s);
367 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
368 return 0;
369
370 opcode = parse_token(keyword, filename, linenum);
371
372 switch (opcode) {
373 case oBadOption:
374 /* don't panic, but count bad options */
375 return -1;
376 /* NOTREACHED */
377 case oConnectTimeout:
378 intptr = &options->connection_timeout;
379 parse_time:
380 arg = strdelim(&s);
381 if (!arg || *arg == '\0')
382 fatal("%s line %d: missing time value.",
383 filename, linenum);
384 if ((value = convtime(arg)) == -1)
385 fatal("%s line %d: invalid time value.",
386 filename, linenum);
387 if (*activep && *intptr == -1)
388 *intptr = value;
389 break;
390
391 case oForwardAgent:
392 intptr = &options->forward_agent;
393 parse_flag:
394 arg = strdelim(&s);
395 if (!arg || *arg == '\0')
396 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
397 value = 0; /* To avoid compiler warning... */
398 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
399 value = 1;
400 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
401 value = 0;
402 else
403 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
404 if (*activep && *intptr == -1)
405 *intptr = value;
406 break;
407
408 case oForwardX11:
409 intptr = &options->forward_x11;
410 goto parse_flag;
411
412 case oForwardX11Trusted:
413 intptr = &options->forward_x11_trusted;
414 goto parse_flag;
415
416 case oGatewayPorts:
417 intptr = &options->gateway_ports;
418 goto parse_flag;
419
420 case oExitOnForwardFailure:
421 intptr = &options->exit_on_forward_failure;
422 goto parse_flag;
423
424 case oUsePrivilegedPort:
425 intptr = &options->use_privileged_port;
426 goto parse_flag;
427
428 case oPasswordAuthentication:
429 intptr = &options->password_authentication;
430 goto parse_flag;
431
432 case oZeroKnowledgePasswordAuthentication:
433 intptr = &options->zero_knowledge_password_authentication;
434 goto parse_flag;
435
436 case oKbdInteractiveAuthentication:
437 intptr = &options->kbd_interactive_authentication;
438 goto parse_flag;
439
440 case oKbdInteractiveDevices:
441 charptr = &options->kbd_interactive_devices;
442 goto parse_string;
443
444 case oPubkeyAuthentication:
445 intptr = &options->pubkey_authentication;
446 goto parse_flag;
447
448 case oRSAAuthentication:
449 intptr = &options->rsa_authentication;
450 goto parse_flag;
451
452 case oRhostsRSAAuthentication:
453 intptr = &options->rhosts_rsa_authentication;
454 goto parse_flag;
455
456 case oHostbasedAuthentication:
457 intptr = &options->hostbased_authentication;
458 goto parse_flag;
459
460 case oChallengeResponseAuthentication:
461 intptr = &options->challenge_response_authentication;
462 goto parse_flag;
463
464 case oGssAuthentication:
465 intptr = &options->gss_authentication;
466 goto parse_flag;
467
468 case oGssDelegateCreds:
469 intptr = &options->gss_deleg_creds;
470 goto parse_flag;
471
472 case oBatchMode:
473 intptr = &options->batch_mode;
474 goto parse_flag;
475
476 case oCheckHostIP:
477 intptr = &options->check_host_ip;
478 goto parse_flag;
479
480 case oNoneEnabled:
481 intptr = &options->none_enabled;
482 goto parse_flag;
483
484 /* we check to see if the command comes from the */
485 /* command line or not. If it does then enable it */
486 /* otherwise fail. NONE should never be a default configuration */
487 case oNoneSwitch:
488 if(strcmp(filename,"command-line")==0)
489 {
490 intptr = &options->none_switch;
491 goto parse_flag;
492 } else {
493 error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
494 error("Continuing...");
495 debug("NoneSwitch directive found in %.200s.", filename);
496 return 0;
497 }
498
499 case oHPNDisabled:
500 intptr = &options->hpn_disabled;
501 goto parse_flag;
502
503 case oHPNBufferSize:
504 intptr = &options->hpn_buffer_size;
505 goto parse_int;
506
507 case oTcpRcvBufPoll:
508 intptr = &options->tcp_rcv_buf_poll;
509 goto parse_flag;
510
511 case oVerifyHostKeyDNS:
512 intptr = &options->verify_host_key_dns;
513 goto parse_yesnoask;
514
515 case oStrictHostKeyChecking:
516 intptr = &options->strict_host_key_checking;
517 parse_yesnoask:
518 arg = strdelim(&s);
519 if (!arg || *arg == '\0')
520 fatal("%.200s line %d: Missing yes/no/ask argument.",
521 filename, linenum);
522 value = 0; /* To avoid compiler warning... */
523 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
524 value = 1;
525 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
526 value = 0;
527 else if (strcmp(arg, "ask") == 0)
528 value = 2;
529 else
530 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
531 if (*activep && *intptr == -1)
532 *intptr = value;
533 break;
534
535 case oCompression:
536 intptr = &options->compression;
537 goto parse_flag;
538
539 case oTCPKeepAlive:
540 intptr = &options->tcp_keep_alive;
541 goto parse_flag;
542
543 case oNoHostAuthenticationForLocalhost:
544 intptr = &options->no_host_authentication_for_localhost;
545 goto parse_flag;
546
547 case oNumberOfPasswordPrompts:
548 intptr = &options->number_of_password_prompts;
549 goto parse_int;
550
551 case oCompressionLevel:
552 intptr = &options->compression_level;
553 goto parse_int;
554
555 case oRekeyLimit:
556 arg = strdelim(&s);
557 if (!arg || *arg == '\0')
558 fatal("%.200s line %d: Missing argument.", filename, linenum);
559 if (arg[0] < '0' || arg[0] > '9')
560 fatal("%.200s line %d: Bad number.", filename, linenum);
561 orig = val64 = strtoll(arg, &endofnumber, 10);
562 if (arg == endofnumber)
563 fatal("%.200s line %d: Bad number.", filename, linenum);
564 switch (toupper(*endofnumber)) {
565 case '\0':
566 scale = 1;
567 break;
568 case 'K':
569 scale = 1<<10;
570 break;
571 case 'M':
572 scale = 1<<20;
573 break;
574 case 'G':
575 scale = 1<<30;
576 break;
577 default:
578 fatal("%.200s line %d: Invalid RekeyLimit suffix",
579 filename, linenum);
580 }
581 val64 *= scale;
582 /* detect integer wrap and too-large limits */
583 if ((val64 / scale) != orig || val64 > UINT_MAX)
584 fatal("%.200s line %d: RekeyLimit too large",
585 filename, linenum);
586 if (val64 < 16)
587 fatal("%.200s line %d: RekeyLimit too small",
588 filename, linenum);
589 if (*activep && options->rekey_limit == -1)
590 options->rekey_limit = (u_int32_t)val64;
591 break;
592
593 case oIdentityFile:
594 arg = strdelim(&s);
595 if (!arg || *arg == '\0')
596 fatal("%.200s line %d: Missing argument.", filename, linenum);
597 if (*activep) {
598 intptr = &options->num_identity_files;
599 if (*intptr >= SSH_MAX_IDENTITY_FILES)
600 fatal("%.200s line %d: Too many identity files specified (max %d).",
601 filename, linenum, SSH_MAX_IDENTITY_FILES);
602 charptr = &options->identity_files[*intptr];
603 *charptr = xstrdup(arg);
604 *intptr = *intptr + 1;
605 }
606 break;
607
608 case oXAuthLocation:
609 charptr=&options->xauth_location;
610 goto parse_string;
611
612 case oUser:
613 charptr = &options->user;
614 parse_string:
615 arg = strdelim(&s);
616 if (!arg || *arg == '\0')
617 fatal("%.200s line %d: Missing argument.", filename, linenum);
618 if (*activep && *charptr == NULL)
619 *charptr = xstrdup(arg);
620 break;
621
622 case oGlobalKnownHostsFile:
623 charptr = &options->system_hostfile;
624 goto parse_string;
625
626 case oUserKnownHostsFile:
627 charptr = &options->user_hostfile;
628 goto parse_string;
629
630 case oGlobalKnownHostsFile2:
631 charptr = &options->system_hostfile2;
632 goto parse_string;
633
634 case oUserKnownHostsFile2:
635 charptr = &options->user_hostfile2;
636 goto parse_string;
637
638 case oHostName:
639 charptr = &options->hostname;
640 goto parse_string;
641
642 case oHostKeyAlias:
643 charptr = &options->host_key_alias;
644 goto parse_string;
645
646 case oPreferredAuthentications:
647 charptr = &options->preferred_authentications;
648 goto parse_string;
649
650 case oBindAddress:
651 charptr = &options->bind_address;
652 goto parse_string;
653
654 case oSmartcardDevice:
655 charptr = &options->smartcard_device;
656 goto parse_string;
657
658 case oProxyCommand:
659 charptr = &options->proxy_command;
660 parse_command:
661 if (s == NULL)
662 fatal("%.200s line %d: Missing argument.", filename, linenum);
663 len = strspn(s, WHITESPACE "=");
664 if (*activep && *charptr == NULL)
665 *charptr = xstrdup(s + len);
666 return 0;
667
668 case oPort:
669 intptr = &options->port;
670 parse_int:
671 arg = strdelim(&s);
672 if (!arg || *arg == '\0')
673 fatal("%.200s line %d: Missing argument.", filename, linenum);
674 if (arg[0] < '0' || arg[0] > '9')
675 fatal("%.200s line %d: Bad number.", filename, linenum);
676
677 /* Octal, decimal, or hex format? */
678 value = strtol(arg, &endofnumber, 0);
679 if (arg == endofnumber)
680 fatal("%.200s line %d: Bad number.", filename, linenum);
681 if (*activep && *intptr == -1)
682 *intptr = value;
683 break;
684
685 case oConnectionAttempts:
686 intptr = &options->connection_attempts;
687 goto parse_int;
688
689 case oTcpRcvBuf:
690 intptr = &options->tcp_rcv_buf;
691 goto parse_int;
692
693 case oCipher:
694 intptr = &options->cipher;
695 arg = strdelim(&s);
696 if (!arg || *arg == '\0')
697 fatal("%.200s line %d: Missing argument.", filename, linenum);
698 value = cipher_number(arg);
699 if (value == -1)
700 fatal("%.200s line %d: Bad cipher '%s'.",
701 filename, linenum, arg ? arg : "<NONE>");
702 if (*activep && *intptr == -1)
703 *intptr = value;
704 break;
705
706 case oCiphers:
707 arg = strdelim(&s);
708 if (!arg || *arg == '\0')
709 fatal("%.200s line %d: Missing argument.", filename, linenum);
710 if (!ciphers_valid(arg))
711 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
712 filename, linenum, arg ? arg : "<NONE>");
713 if (*activep && options->ciphers == NULL)
714 options->ciphers = xstrdup(arg);
715 break;
716
717 case oMacs:
718 arg = strdelim(&s);
719 if (!arg || *arg == '\0')
720 fatal("%.200s line %d: Missing argument.", filename, linenum);
721 if (!mac_valid(arg))
722 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
723 filename, linenum, arg ? arg : "<NONE>");
724 if (*activep && options->macs == NULL)
725 options->macs = xstrdup(arg);
726 break;
727
728 case oHostKeyAlgorithms:
729 arg = strdelim(&s);
730 if (!arg || *arg == '\0')
731 fatal("%.200s line %d: Missing argument.", filename, linenum);
732 if (!key_names_valid2(arg))
733 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
734 filename, linenum, arg ? arg : "<NONE>");
735 if (*activep && options->hostkeyalgorithms == NULL)
736 options->hostkeyalgorithms = xstrdup(arg);
737 break;
738
739 case oProtocol:
740 intptr = &options->protocol;
741 arg = strdelim(&s);
742 if (!arg || *arg == '\0')
743 fatal("%.200s line %d: Missing argument.", filename, linenum);
744 value = proto_spec(arg);
745 if (value == SSH_PROTO_UNKNOWN)
746 fatal("%.200s line %d: Bad protocol spec '%s'.",
747 filename, linenum, arg ? arg : "<NONE>");
748 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
749 *intptr = value;
750 break;
751
752 case oLogLevel:
753 log_level_ptr = &options->log_level;
754 arg = strdelim(&s);
755 value = log_level_number(arg);
756 if (value == SYSLOG_LEVEL_NOT_SET)
757 fatal("%.200s line %d: unsupported log level '%s'",
758 filename, linenum, arg ? arg : "<NONE>");
759 if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
760 *log_level_ptr = (LogLevel) value;
761 break;
762
763 case oLocalForward:
764 case oRemoteForward:
765 case oDynamicForward:
766 arg = strdelim(&s);
767 if (arg == NULL || *arg == '\0')
768 fatal("%.200s line %d: Missing port argument.",
769 filename, linenum);
770
771 if (opcode == oLocalForward ||
772 opcode == oRemoteForward) {
773 arg2 = strdelim(&s);
774 if (arg2 == NULL || *arg2 == '\0')
775 fatal("%.200s line %d: Missing target argument.",
776 filename, linenum);
777
778 /* construct a string for parse_forward */
779 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
780 } else if (opcode == oDynamicForward) {
781 strlcpy(fwdarg, arg, sizeof(fwdarg));
782 }
783
784 if (parse_forward(&fwd, fwdarg,
785 opcode == oDynamicForward ? 1 : 0,
786 opcode == oRemoteForward ? 1 : 0) == 0)
787 fatal("%.200s line %d: Bad forwarding specification.",
788 filename, linenum);
789
790 if (*activep) {
791 if (opcode == oLocalForward ||
792 opcode == oDynamicForward)
793 add_local_forward(options, &fwd);
794 else if (opcode == oRemoteForward)
795 add_remote_forward(options, &fwd);
796 }
797 break;
798
799 case oClearAllForwardings:
800 intptr = &options->clear_forwardings;
801 goto parse_flag;
802
803 case oHost:
804 *activep = 0;
805 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
806 if (match_pattern(host, arg)) {
807 debug("Applying options for %.100s", arg);
808 *activep = 1;
809 break;
810 }
811 /* Avoid garbage check below, as strdelim is done. */
812 return 0;
813
814 case oEscapeChar:
815 intptr = &options->escape_char;
816 arg = strdelim(&s);
817 if (!arg || *arg == '\0')
818 fatal("%.200s line %d: Missing argument.", filename, linenum);
819 if (arg[0] == '^' && arg[2] == 0 &&
820 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
821 value = (u_char) arg[1] & 31;
822 else if (strlen(arg) == 1)
823 value = (u_char) arg[0];
824 else if (strcmp(arg, "none") == 0)
825 value = SSH_ESCAPECHAR_NONE;
826 else {
827 fatal("%.200s line %d: Bad escape character.",
828 filename, linenum);
829 /* NOTREACHED */
830 value = 0; /* Avoid compiler warning. */
831 }
832 if (*activep && *intptr == -1)
833 *intptr = value;
834 break;
835
836 case oAddressFamily:
837 arg = strdelim(&s);
838 if (!arg || *arg == '\0')
839 fatal("%s line %d: missing address family.",
840 filename, linenum);
841 intptr = &options->address_family;
842 if (strcasecmp(arg, "inet") == 0)
843 value = AF_INET;
844 else if (strcasecmp(arg, "inet6") == 0)
845 value = AF_INET6;
846 else if (strcasecmp(arg, "any") == 0)
847 value = AF_UNSPEC;
848 else
849 fatal("Unsupported AddressFamily \"%s\"", arg);
850 if (*activep && *intptr == -1)
851 *intptr = value;
852 break;
853
854 case oEnableSSHKeysign:
855 intptr = &options->enable_ssh_keysign;
856 goto parse_flag;
857
858 case oIdentitiesOnly:
859 intptr = &options->identities_only;
860 goto parse_flag;
861
862 case oServerAliveInterval:
863 intptr = &options->server_alive_interval;
864 goto parse_time;
865
866 case oServerAliveCountMax:
867 intptr = &options->server_alive_count_max;
868 goto parse_int;
869
870 case oVersionAddendum:
871 ssh_version_set_addendum(strtok(s, "\n"));
872 do {
873 arg = strdelim(&s);
874 } while (arg != NULL && *arg != '\0');
875 break;
876
877 case oSendEnv:
878 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
879 if (strchr(arg, '=') != NULL)
880 fatal("%s line %d: Invalid environment name.",
881 filename, linenum);
882 if (!*activep)
883 continue;
884 if (options->num_send_env >= MAX_SEND_ENV)
885 fatal("%s line %d: too many send env.",
886 filename, linenum);
887 options->send_env[options->num_send_env++] =
888 xstrdup(arg);
889 }
890 break;
891
892 case oControlPath:
893 charptr = &options->control_path;
894 goto parse_string;
895
896 case oControlMaster:
897 intptr = &options->control_master;
898 arg = strdelim(&s);
899 if (!arg || *arg == '\0')
900 fatal("%.200s line %d: Missing ControlMaster argument.",
901 filename, linenum);
902 value = 0; /* To avoid compiler warning... */
903 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
904 value = SSHCTL_MASTER_YES;
905 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
906 value = SSHCTL_MASTER_NO;
907 else if (strcmp(arg, "auto") == 0)
908 value = SSHCTL_MASTER_AUTO;
909 else if (strcmp(arg, "ask") == 0)
910 value = SSHCTL_MASTER_ASK;
911 else if (strcmp(arg, "autoask") == 0)
912 value = SSHCTL_MASTER_AUTO_ASK;
913 else
914 fatal("%.200s line %d: Bad ControlMaster argument.",
915 filename, linenum);
916 if (*activep && *intptr == -1)
917 *intptr = value;
918 break;
919
920 case oHashKnownHosts:
921 intptr = &options->hash_known_hosts;
922 goto parse_flag;
923
924 case oTunnel:
925 intptr = &options->tun_open;
926 arg = strdelim(&s);
927 if (!arg || *arg == '\0')
928 fatal("%s line %d: Missing yes/point-to-point/"
929 "ethernet/no argument.", filename, linenum);
930 value = 0; /* silence compiler */
931 if (strcasecmp(arg, "ethernet") == 0)
932 value = SSH_TUNMODE_ETHERNET;
933 else if (strcasecmp(arg, "point-to-point") == 0)
934 value = SSH_TUNMODE_POINTOPOINT;
935 else if (strcasecmp(arg, "yes") == 0)
936 value = SSH_TUNMODE_DEFAULT;
937 else if (strcasecmp(arg, "no") == 0)
938 value = SSH_TUNMODE_NO;
939 else
940 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
941 "no argument: %s", filename, linenum, arg);
942 if (*activep)
943 *intptr = value;
944 break;
945
946 case oTunnelDevice:
947 arg = strdelim(&s);
948 if (!arg || *arg == '\0')
949 fatal("%.200s line %d: Missing argument.", filename, linenum);
950 value = a2tun(arg, &value2);
951 if (value == SSH_TUNID_ERR)
952 fatal("%.200s line %d: Bad tun device.", filename, linenum);
953 if (*activep) {
954 options->tun_local = value;
955 options->tun_remote = value2;
956 }
957 break;
958
959 case oLocalCommand:
960 charptr = &options->local_command;
961 goto parse_command;
962
963 case oPermitLocalCommand:
964 intptr = &options->permit_local_command;
965 goto parse_flag;
966
967 case oVisualHostKey:
968 intptr = &options->visual_host_key;
969 goto parse_flag;
970
971 case oUseRoaming:
972 intptr = &options->use_roaming;
973 goto parse_flag;
974
975 case oDeprecated:
976 debug("%s line %d: Deprecated option \"%s\"",
977 filename, linenum, keyword);
978 return 0;
979
980 case oUnsupported:
981 error("%s line %d: Unsupported option \"%s\"",
982 filename, linenum, keyword);
983 return 0;
984
985 default:
986 fatal("process_config_line: Unimplemented opcode %d", opcode);
987 }
988
989 /* Check that there is no garbage at end of line. */
990 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
991 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
992 filename, linenum, arg);
993 }
994 return 0;
995 }
996
997
998 /*
999 * Reads the config file and modifies the options accordingly. Options
1000 * should already be initialized before this call. This never returns if
1001 * there is an error. If the file does not exist, this returns 0.
1002 */
1003
1004 int
1005 read_config_file(const char *filename, const char *host, Options *options,
1006 int checkperm)
1007 {
1008 FILE *f;
1009 char line[1024];
1010 int active, linenum;
1011 int bad_options = 0;
1012
1013 if ((f = fopen(filename, "r")) == NULL)
1014 return 0;
1015
1016 if (checkperm) {
1017 struct stat sb;
1018
1019 if (fstat(fileno(f), &sb) == -1)
1020 fatal("fstat %s: %s", filename, strerror(errno));
1021 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
1022 (sb.st_mode & 022) != 0))
1023 fatal("Bad owner or permissions on %s", filename);
1024 }
1025
1026 debug("Reading configuration data %.200s", filename);
1027
1028 /*
1029 * Mark that we are now processing the options. This flag is turned
1030 * on/off by Host specifications.
1031 */
1032 active = 1;
1033 linenum = 0;
1034 while (fgets(line, sizeof(line), f)) {
1035 /* Update line number counter. */
1036 linenum++;
1037 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
1038 bad_options++;
1039 }
1040 fclose(f);
1041 if (bad_options > 0)
1042 fatal("%s: terminating, %d bad configuration options",
1043 filename, bad_options);
1044 return 1;
1045 }
1046
1047 /*
1048 * Initializes options to special values that indicate that they have not yet
1049 * been set. Read_config_file will only set options with this value. Options
1050 * are processed in the following order: command line, user config file,
1051 * system config file. Last, fill_default_options is called.
1052 */
1053
1054 void
1055 initialize_options(Options * options)
1056 {
1057 memset(options, 'X', sizeof(*options));
1058 options->forward_agent = -1;
1059 options->forward_x11 = -1;
1060 options->forward_x11_trusted = -1;
1061 options->exit_on_forward_failure = -1;
1062 options->xauth_location = NULL;
1063 options->gateway_ports = -1;
1064 options->use_privileged_port = -1;
1065 options->rsa_authentication = -1;
1066 options->pubkey_authentication = -1;
1067 options->challenge_response_authentication = -1;
1068 options->gss_authentication = -1;
1069 options->gss_deleg_creds = -1;
1070 options->password_authentication = -1;
1071 options->kbd_interactive_authentication = -1;
1072 options->kbd_interactive_devices = NULL;
1073 options->rhosts_rsa_authentication = -1;
1074 options->hostbased_authentication = -1;
1075 options->batch_mode = -1;
1076 options->check_host_ip = -1;
1077 options->strict_host_key_checking = -1;
1078 options->compression = -1;
1079 options->tcp_keep_alive = -1;
1080 options->compression_level = -1;
1081 options->port = -1;
1082 options->address_family = -1;
1083 options->connection_attempts = -1;
1084 options->connection_timeout = -1;
1085 options->number_of_password_prompts = -1;
1086 options->cipher = -1;
1087 options->ciphers = NULL;
1088 options->macs = NULL;
1089 options->hostkeyalgorithms = NULL;
1090 options->protocol = SSH_PROTO_UNKNOWN;
1091 options->num_identity_files = 0;
1092 options->hostname = NULL;
1093 options->host_key_alias = NULL;
1094 options->proxy_command = NULL;
1095 options->user = NULL;
1096 options->escape_char = -1;
1097 options->system_hostfile = NULL;
1098 options->user_hostfile = NULL;
1099 options->system_hostfile2 = NULL;
1100 options->user_hostfile2 = NULL;
1101 options->num_local_forwards = 0;
1102 options->num_remote_forwards = 0;
1103 options->clear_forwardings = -1;
1104 options->log_level = SYSLOG_LEVEL_NOT_SET;
1105 options->preferred_authentications = NULL;
1106 options->bind_address = NULL;
1107 options->smartcard_device = NULL;
1108 options->enable_ssh_keysign = - 1;
1109 options->no_host_authentication_for_localhost = - 1;
1110 options->identities_only = - 1;
1111 options->rekey_limit = - 1;
1112 options->verify_host_key_dns = -1;
1113 options->server_alive_interval = -1;
1114 options->server_alive_count_max = -1;
1115 options->num_send_env = 0;
1116 options->control_path = NULL;
1117 options->control_master = -1;
1118 options->hash_known_hosts = -1;
1119 options->tun_open = -1;
1120 options->tun_local = -1;
1121 options->tun_remote = -1;
1122 options->local_command = NULL;
1123 options->permit_local_command = -1;
1124 options->use_roaming = -1;
1125 options->visual_host_key = -1;
1126 options->zero_knowledge_password_authentication = -1;
1127 options->none_switch = -1;
1128 options->none_enabled = -1;
1129 options->hpn_disabled = -1;
1130 options->hpn_buffer_size = -1;
1131 options->tcp_rcv_buf_poll = -1;
1132 options->tcp_rcv_buf = -1;
1133 }
1134
1135 /*
1136 * Called after processing other sources of option data, this fills those
1137 * options for which no value has been specified with their default values.
1138 */
1139
1140 void
1141 fill_default_options(Options * options)
1142 {
1143 int len;
1144
1145 if (options->forward_agent == -1)
1146 options->forward_agent = 0;
1147 if (options->forward_x11 == -1)
1148 options->forward_x11 = 0;
1149 if (options->forward_x11_trusted == -1)
1150 options->forward_x11_trusted = 0;
1151 if (options->exit_on_forward_failure == -1)
1152 options->exit_on_forward_failure = 0;
1153 if (options->xauth_location == NULL)
1154 options->xauth_location = _PATH_XAUTH;
1155 if (options->gateway_ports == -1)
1156 options->gateway_ports = 0;
1157 if (options->use_privileged_port == -1)
1158 options->use_privileged_port = 0;
1159 if (options->rsa_authentication == -1)
1160 options->rsa_authentication = 1;
1161 if (options->pubkey_authentication == -1)
1162 options->pubkey_authentication = 1;
1163 if (options->challenge_response_authentication == -1)
1164 options->challenge_response_authentication = 1;
1165 if (options->gss_authentication == -1)
1166 options->gss_authentication = 0;
1167 if (options->gss_deleg_creds == -1)
1168 options->gss_deleg_creds = 0;
1169 if (options->password_authentication == -1)
1170 options->password_authentication = 1;
1171 if (options->kbd_interactive_authentication == -1)
1172 options->kbd_interactive_authentication = 1;
1173 if (options->rhosts_rsa_authentication == -1)
1174 options->rhosts_rsa_authentication = 0;
1175 if (options->hostbased_authentication == -1)
1176 options->hostbased_authentication = 0;
1177 if (options->batch_mode == -1)
1178 options->batch_mode = 0;
1179 if (options->check_host_ip == -1)
1180 options->check_host_ip = 0;
1181 if (options->strict_host_key_checking == -1)
1182 options->strict_host_key_checking = 2; /* 2 is default */
1183 if (options->compression == -1)
1184 options->compression = 0;
1185 if (options->tcp_keep_alive == -1)
1186 options->tcp_keep_alive = 1;
1187 if (options->compression_level == -1)
1188 options->compression_level = 6;
1189 if (options->port == -1)
1190 options->port = 0; /* Filled in ssh_connect. */
1191 if (options->address_family == -1)
1192 options->address_family = AF_UNSPEC;
1193 if (options->connection_attempts == -1)
1194 options->connection_attempts = 1;
1195 if (options->number_of_password_prompts == -1)
1196 options->number_of_password_prompts = 3;
1197 /* Selected in ssh_login(). */
1198 if (options->cipher == -1)
1199 options->cipher = SSH_CIPHER_NOT_SET;
1200 /* options->ciphers, default set in myproposals.h */
1201 /* options->macs, default set in myproposals.h */
1202 /* options->hostkeyalgorithms, default set in myproposals.h */
1203 if (options->protocol == SSH_PROTO_UNKNOWN)
1204 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1205 if (options->num_identity_files == 0) {
1206 if (options->protocol & SSH_PROTO_1) {
1207 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1208 options->identity_files[options->num_identity_files] =
1209 xmalloc(len);
1210 snprintf(options->identity_files[options->num_identity_files++],
1211 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1212 }
1213 if (options->protocol & SSH_PROTO_2) {
1214 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1215 options->identity_files[options->num_identity_files] =
1216 xmalloc(len);
1217 snprintf(options->identity_files[options->num_identity_files++],
1218 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1219
1220 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1221 options->identity_files[options->num_identity_files] =
1222 xmalloc(len);
1223 snprintf(options->identity_files[options->num_identity_files++],
1224 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1225 }
1226 }
1227 if (options->escape_char == -1)
1228 options->escape_char = '~';
1229 if (options->system_hostfile == NULL)
1230 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1231 if (options->user_hostfile == NULL)
1232 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1233 if (options->system_hostfile2 == NULL)
1234 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1235 if (options->user_hostfile2 == NULL)
1236 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1237 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1238 options->log_level = SYSLOG_LEVEL_INFO;
1239 if (options->clear_forwardings == 1)
1240 clear_forwardings(options);
1241 if (options->no_host_authentication_for_localhost == - 1)
1242 options->no_host_authentication_for_localhost = 0;
1243 if (options->identities_only == -1)
1244 options->identities_only = 0;
1245 if (options->enable_ssh_keysign == -1)
1246 options->enable_ssh_keysign = 0;
1247 if (options->rekey_limit == -1)
1248 options->rekey_limit = 0;
1249 if (options->verify_host_key_dns == -1)
1250 options->verify_host_key_dns = 0;
1251 if (options->server_alive_interval == -1)
1252 options->server_alive_interval = 0;
1253 if (options->server_alive_count_max == -1)
1254 options->server_alive_count_max = 3;
1255 if (options->none_switch == -1)
1256 options->none_switch = 0;
1257 if (options->hpn_disabled == -1)
1258 options->hpn_disabled = 0;
1259 if (options->hpn_buffer_size > -1)
1260 {
1261 /* if a user tries to set the size to 0 set it to 1KB */
1262 if (options->hpn_buffer_size == 0)
1263 options->hpn_buffer_size = 1024;
1264 /*limit the buffer to 64MB*/
1265 if (options->hpn_buffer_size > 65536)
1266 {
1267 options->hpn_buffer_size = 65536*1024;
1268 debug("User requested buffer larger than 64MB. Request reverted to 64MB");
1269 }
1270 debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
1271 }
1272 if (options->tcp_rcv_buf == 0)
1273 options->tcp_rcv_buf = 1;
1274 if (options->tcp_rcv_buf > -1)
1275 options->tcp_rcv_buf *=1024;
1276 if (options->tcp_rcv_buf_poll == -1)
1277 options->tcp_rcv_buf_poll = 1;
1278 if (options->control_master == -1)
1279 options->control_master = 0;
1280 if (options->hash_known_hosts == -1)
1281 options->hash_known_hosts = 0;
1282 if (options->tun_open == -1)
1283 options->tun_open = SSH_TUNMODE_NO;
1284 if (options->tun_local == -1)
1285 options->tun_local = SSH_TUNID_ANY;
1286 if (options->tun_remote == -1)
1287 options->tun_remote = SSH_TUNID_ANY;
1288 if (options->permit_local_command == -1)
1289 options->permit_local_command = 0;
1290 if (options->use_roaming == -1)
1291 options->use_roaming = 1;
1292 if (options->visual_host_key == -1)
1293 options->visual_host_key = 0;
1294 if (options->zero_knowledge_password_authentication == -1)
1295 options->zero_knowledge_password_authentication = 0;
1296 /* options->local_command should not be set by default */
1297 /* options->proxy_command should not be set by default */
1298 /* options->user will be set in the main program if appropriate */
1299 /* options->hostname will be set in the main program if appropriate */
1300 /* options->host_key_alias should not be set by default */
1301 /* options->preferred_authentications will be set in ssh */
1302 }
1303
1304 /*
1305 * parse_forward
1306 * parses a string containing a port forwarding specification of the form:
1307 * dynamicfwd == 0
1308 * [listenhost:]listenport:connecthost:connectport
1309 * dynamicfwd == 1
1310 * [listenhost:]listenport
1311 * returns number of arguments parsed or zero on error
1312 */
1313 int
1314 parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1315 {
1316 int i;
1317 char *p, *cp, *fwdarg[4];
1318
1319 memset(fwd, '\0', sizeof(*fwd));
1320
1321 cp = p = xstrdup(fwdspec);
1322
1323 /* skip leading spaces */
1324 while (isspace(*cp))
1325 cp++;
1326
1327 for (i = 0; i < 4; ++i)
1328 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1329 break;
1330
1331 /* Check for trailing garbage */
1332 if (cp != NULL)
1333 i = 0; /* failure */
1334
1335 switch (i) {
1336 case 1:
1337 fwd->listen_host = NULL;
1338 fwd->listen_port = a2port(fwdarg[0]);
1339 fwd->connect_host = xstrdup("socks");
1340 break;
1341
1342 case 2:
1343 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1344 fwd->listen_port = a2port(fwdarg[1]);
1345 fwd->connect_host = xstrdup("socks");
1346 break;
1347
1348 case 3:
1349 fwd->listen_host = NULL;
1350 fwd->listen_port = a2port(fwdarg[0]);
1351 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1352 fwd->connect_port = a2port(fwdarg[2]);
1353 break;
1354
1355 case 4:
1356 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1357 fwd->listen_port = a2port(fwdarg[1]);
1358 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1359 fwd->connect_port = a2port(fwdarg[3]);
1360 break;
1361 default:
1362 i = 0; /* failure */
1363 }
1364
1365 xfree(p);
1366
1367 if (dynamicfwd) {
1368 if (!(i == 1 || i == 2))
1369 goto fail_free;
1370 } else {
1371 if (!(i == 3 || i == 4))
1372 goto fail_free;
1373 if (fwd->connect_port <= 0)
1374 goto fail_free;
1375 }
1376
1377 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
1378 goto fail_free;
1379
1380 if (fwd->connect_host != NULL &&
1381 strlen(fwd->connect_host) >= NI_MAXHOST)
1382 goto fail_free;
1383 if (fwd->listen_host != NULL &&
1384 strlen(fwd->listen_host) >= NI_MAXHOST)
1385 goto fail_free;
1386
1387
1388 return (i);
1389
1390 fail_free:
1391 if (fwd->connect_host != NULL) {
1392 xfree(fwd->connect_host);
1393 fwd->connect_host = NULL;
1394 }
1395 if (fwd->listen_host != NULL) {
1396 xfree(fwd->listen_host);
1397 fwd->listen_host = NULL;
1398 }
1399 return (0);
1400 }
DragonFly BSD