search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hammer utility - Add force support to cleanup
[dragonfly.git] / crypto / openssh / readconf.c
blob0da667dbe0905314b9add41f5e6b230cda5ed270
1 /* $OpenBSD: readconf.c,v 1.187 2010/07/19 09:15:12 djm Exp $ */
2 /*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Functions for reading the configuration files.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15 #include "includes.h"
16
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/socket.h>
20
21 #include <netinet/in.h>
22
23 #include <ctype.h>
24 #include <errno.h>
25 #include <netdb.h>
26 #include <signal.h>
27 #include <stdarg.h>
28 #include <stdio.h>
29 #include <string.h>
30 #include <unistd.h>
31
32 #include "xmalloc.h"
33 #include "ssh.h"
34 #include "compat.h"
35 #include "cipher.h"
36 #include "pathnames.h"
37 #include "log.h"
38 #include "key.h"
39 #include "readconf.h"
40 #include "match.h"
41 #include "misc.h"
42 #include "buffer.h"
43 #include "kex.h"
44 #include "mac.h"
45 #include "uidswap.h"
46 #include "version.h"
47
48 /* Format of the configuration file:
49
50 # Configuration data is parsed as follows:
51 # 1. command line options
52 # 2. user-specific file
53 # 3. system-wide file
54 # Any configuration value is only changed the first time it is set.
55 # Thus, host-specific definitions should be at the beginning of the
56 # configuration file, and defaults at the end.
57
58 # Host-specific declarations. These may override anything above. A single
59 # host may match multiple declarations; these are processed in the order
60 # that they are given in.
61
62 Host *.ngs.fi ngs.fi
63 User foo
64
65 Host fake.com
66 HostName another.host.name.real.org
67 User blaah
68 Port 34289
69 ForwardX11 no
70 ForwardAgent no
71
72 Host books.com
73 RemoteForward 9999 shadows.cs.hut.fi:9999
74 Cipher 3des
75
76 Host fascist.blob.com
77 Port 23123
78 User tylonen
79 PasswordAuthentication no
80
81 Host puukko.hut.fi
82 User t35124p
83 ProxyCommand ssh-proxy %h %p
84
85 Host *.fr
86 PublicKeyAuthentication no
87
88 Host *.su
89 Cipher none
90 PasswordAuthentication no
91
92 Host vpn.fake.com
93 Tunnel yes
94 TunnelDevice 3
95
96 # Defaults for various options
97 Host *
98 ForwardAgent no
99 ForwardX11 no
100 PasswordAuthentication yes
101 RSAAuthentication yes
102 RhostsRSAAuthentication yes
103 StrictHostKeyChecking yes
104 TcpKeepAlive no
105 IdentityFile ~/.ssh/identity
106 Port 22
107 EscapeChar ~
108
109 */
110
111 /* Keyword tokens. */
112
113 typedef enum {
114 oBadOption,
115 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
116 oGatewayPorts, oExitOnForwardFailure,
117 oPasswordAuthentication, oRSAAuthentication,
118 oChallengeResponseAuthentication, oXAuthLocation,
119 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
120 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
121 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
122 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
123 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
124 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
128 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
129 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
130 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
131 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
133 oVersionAddendum,
134 oSendEnv, oControlPath, oControlMaster, oControlPersist,
135 oHashKnownHosts,
136 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
137 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
138 oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
139 oHPNBufferSize, oDeprecated, oUnsupported
140 } OpCodes;
141
142 /* Textual representations of the tokens. */
143
144 static struct {
145 const char *name;
146 OpCodes opcode;
147 } keywords[] = {
148 { "forwardagent", oForwardAgent },
149 { "forwardx11", oForwardX11 },
150 { "forwardx11trusted", oForwardX11Trusted },
151 { "forwardx11timeout", oForwardX11Timeout },
152 { "exitonforwardfailure", oExitOnForwardFailure },
153 { "xauthlocation", oXAuthLocation },
154 { "gatewayports", oGatewayPorts },
155 { "useprivilegedport", oUsePrivilegedPort },
156 { "rhostsauthentication", oDeprecated },
157 { "passwordauthentication", oPasswordAuthentication },
158 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
159 { "kbdinteractivedevices", oKbdInteractiveDevices },
160 { "rsaauthentication", oRSAAuthentication },
161 { "pubkeyauthentication", oPubkeyAuthentication },
162 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
163 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
164 { "hostbasedauthentication", oHostbasedAuthentication },
165 { "challengeresponseauthentication", oChallengeResponseAuthentication },
166 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
167 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
168 { "kerberosauthentication", oUnsupported },
169 { "kerberostgtpassing", oUnsupported },
170 { "afstokenpassing", oUnsupported },
171 #if defined(GSSAPI)
172 { "gssapiauthentication", oGssAuthentication },
173 { "gssapidelegatecredentials", oGssDelegateCreds },
174 #else
175 { "gssapiauthentication", oUnsupported },
176 { "gssapidelegatecredentials", oUnsupported },
177 #endif
178 { "fallbacktorsh", oDeprecated },
179 { "usersh", oDeprecated },
180 { "identityfile", oIdentityFile },
181 { "identityfile2", oIdentityFile }, /* obsolete */
182 { "identitiesonly", oIdentitiesOnly },
183 { "hostname", oHostName },
184 { "hostkeyalias", oHostKeyAlias },
185 { "proxycommand", oProxyCommand },
186 { "port", oPort },
187 { "cipher", oCipher },
188 { "ciphers", oCiphers },
189 { "macs", oMacs },
190 { "protocol", oProtocol },
191 { "remoteforward", oRemoteForward },
192 { "localforward", oLocalForward },
193 { "user", oUser },
194 { "host", oHost },
195 { "escapechar", oEscapeChar },
196 { "globalknownhostsfile", oGlobalKnownHostsFile },
197 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
198 { "userknownhostsfile", oUserKnownHostsFile },
199 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
200 { "connectionattempts", oConnectionAttempts },
201 { "batchmode", oBatchMode },
202 { "checkhostip", oCheckHostIP },
203 { "stricthostkeychecking", oStrictHostKeyChecking },
204 { "compression", oCompression },
205 { "compressionlevel", oCompressionLevel },
206 { "tcpkeepalive", oTCPKeepAlive },
207 { "keepalive", oTCPKeepAlive }, /* obsolete */
208 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
209 { "loglevel", oLogLevel },
210 { "dynamicforward", oDynamicForward },
211 { "preferredauthentications", oPreferredAuthentications },
212 { "hostkeyalgorithms", oHostKeyAlgorithms },
213 { "bindaddress", oBindAddress },
214 #ifdef ENABLE_PKCS11
215 { "smartcarddevice", oPKCS11Provider },
216 { "pkcs11provider", oPKCS11Provider },
217 #else
218 { "smartcarddevice", oUnsupported },
219 { "pkcs11provider", oUnsupported },
220 #endif
221 { "clearallforwardings", oClearAllForwardings },
222 { "enablesshkeysign", oEnableSSHKeysign },
223 { "verifyhostkeydns", oVerifyHostKeyDNS },
224 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
225 { "rekeylimit", oRekeyLimit },
226 { "connecttimeout", oConnectTimeout },
227 { "addressfamily", oAddressFamily },
228 { "serveraliveinterval", oServerAliveInterval },
229 { "serveralivecountmax", oServerAliveCountMax },
230 { "versionaddendum", oVersionAddendum },
231 { "sendenv", oSendEnv },
232 { "controlpath", oControlPath },
233 { "controlmaster", oControlMaster },
234 { "controlpersist", oControlPersist },
235 { "hashknownhosts", oHashKnownHosts },
236 { "tunnel", oTunnel },
237 { "tunneldevice", oTunnelDevice },
238 { "localcommand", oLocalCommand },
239 { "permitlocalcommand", oPermitLocalCommand },
240 { "visualhostkey", oVisualHostKey },
241 { "useroaming", oUseRoaming },
242 #ifdef JPAKE
243 { "zeroknowledgepasswordauthentication",
244 oZeroKnowledgePasswordAuthentication },
245 #else
246 { "zeroknowledgepasswordauthentication", oUnsupported },
247 #endif
248 { "noneenabled", oNoneEnabled },
249 { "tcprcvbufpoll", oTcpRcvBufPoll },
250 { "tcprcvbuf", oTcpRcvBuf },
251 { "noneswitch", oNoneSwitch },
252 { "hpndisabled", oHPNDisabled },
253 { "hpnbuffersize", oHPNBufferSize },
254
255 { NULL, oBadOption }
256 };
257
258 /*
259 * Adds a local TCP/IP port forward to options. Never returns if there is an
260 * error.
261 */
262
263 void
264 add_local_forward(Options *options, const Forward *newfwd)
265 {
266 Forward *fwd;
267 #ifndef NO_IPPORT_RESERVED_CONCEPT
268 extern uid_t original_real_uid;
269 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
270 fatal("Privileged ports can only be forwarded by root.");
271 #endif
272 options->local_forwards = xrealloc(options->local_forwards,
273 options->num_local_forwards + 1,
274 sizeof(*options->local_forwards));
275 fwd = &options->local_forwards[options->num_local_forwards++];
276
277 fwd->listen_host = newfwd->listen_host;
278 fwd->listen_port = newfwd->listen_port;
279 fwd->connect_host = newfwd->connect_host;
280 fwd->connect_port = newfwd->connect_port;
281 }
282
283 /*
284 * Adds a remote TCP/IP port forward to options. Never returns if there is
285 * an error.
286 */
287
288 void
289 add_remote_forward(Options *options, const Forward *newfwd)
290 {
291 Forward *fwd;
292
293 options->remote_forwards = xrealloc(options->remote_forwards,
294 options->num_remote_forwards + 1,
295 sizeof(*options->remote_forwards));
296 fwd = &options->remote_forwards[options->num_remote_forwards++];
297
298 fwd->listen_host = newfwd->listen_host;
299 fwd->listen_port = newfwd->listen_port;
300 fwd->connect_host = newfwd->connect_host;
301 fwd->connect_port = newfwd->connect_port;
302 fwd->allocated_port = 0;
303 }
304
305 static void
306 clear_forwardings(Options *options)
307 {
308 int i;
309
310 for (i = 0; i < options->num_local_forwards; i++) {
311 if (options->local_forwards[i].listen_host != NULL)
312 xfree(options->local_forwards[i].listen_host);
313 xfree(options->local_forwards[i].connect_host);
314 }
315 if (options->num_local_forwards > 0) {
316 xfree(options->local_forwards);
317 options->local_forwards = NULL;
318 }
319 options->num_local_forwards = 0;
320 for (i = 0; i < options->num_remote_forwards; i++) {
321 if (options->remote_forwards[i].listen_host != NULL)
322 xfree(options->remote_forwards[i].listen_host);
323 xfree(options->remote_forwards[i].connect_host);
324 }
325 if (options->num_remote_forwards > 0) {
326 xfree(options->remote_forwards);
327 options->remote_forwards = NULL;
328 }
329 options->num_remote_forwards = 0;
330 options->tun_open = SSH_TUNMODE_NO;
331 }
332
333 /*
334 * Returns the number of the token pointed to by cp or oBadOption.
335 */
336
337 static OpCodes
338 parse_token(const char *cp, const char *filename, int linenum)
339 {
340 u_int i;
341
342 for (i = 0; keywords[i].name; i++)
343 if (strcasecmp(cp, keywords[i].name) == 0)
344 return keywords[i].opcode;
345
346 error("%s: line %d: Bad configuration option: %s",
347 filename, linenum, cp);
348 return oBadOption;
349 }
350
351 /*
352 * Processes a single option line as used in the configuration files. This
353 * only sets those values that have not already been set.
354 */
355 #define WHITESPACE " \t\r\n"
356
357 int
358 process_config_line(Options *options, const char *host,
359 char *line, const char *filename, int linenum,
360 int *activep)
361 {
362 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
363 int opcode, *intptr, value, value2, scale;
364 LogLevel *log_level_ptr;
365 long long orig, val64;
366 size_t len;
367 Forward fwd;
368
369 /* Strip trailing whitespace */
370 for (len = strlen(line) - 1; len > 0; len--) {
371 if (strchr(WHITESPACE, line[len]) == NULL)
372 break;
373 line[len] = '\0';
374 }
375
376 s = line;
377 /* Get the keyword. (Each line is supposed to begin with a keyword). */
378 if ((keyword = strdelim(&s)) == NULL)
379 return 0;
380 /* Ignore leading whitespace. */
381 if (*keyword == '\0')
382 keyword = strdelim(&s);
383 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
384 return 0;
385
386 opcode = parse_token(keyword, filename, linenum);
387
388 switch (opcode) {
389 case oBadOption:
390 /* don't panic, but count bad options */
391 return -1;
392 /* NOTREACHED */
393 case oConnectTimeout:
394 intptr = &options->connection_timeout;
395 parse_time:
396 arg = strdelim(&s);
397 if (!arg || *arg == '\0')
398 fatal("%s line %d: missing time value.",
399 filename, linenum);
400 if ((value = convtime(arg)) == -1)
401 fatal("%s line %d: invalid time value.",
402 filename, linenum);
403 if (*activep && *intptr == -1)
404 *intptr = value;
405 break;
406
407 case oForwardAgent:
408 intptr = &options->forward_agent;
409 parse_flag:
410 arg = strdelim(&s);
411 if (!arg || *arg == '\0')
412 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
413 value = 0; /* To avoid compiler warning... */
414 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
415 value = 1;
416 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
417 value = 0;
418 else
419 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
420 if (*activep && *intptr == -1)
421 *intptr = value;
422 break;
423
424 case oForwardX11:
425 intptr = &options->forward_x11;
426 goto parse_flag;
427
428 case oForwardX11Trusted:
429 intptr = &options->forward_x11_trusted;
430 goto parse_flag;
431
432 case oForwardX11Timeout:
433 intptr = &options->forward_x11_timeout;
434 goto parse_time;
435
436 case oGatewayPorts:
437 intptr = &options->gateway_ports;
438 goto parse_flag;
439
440 case oExitOnForwardFailure:
441 intptr = &options->exit_on_forward_failure;
442 goto parse_flag;
443
444 case oUsePrivilegedPort:
445 intptr = &options->use_privileged_port;
446 goto parse_flag;
447
448 case oPasswordAuthentication:
449 intptr = &options->password_authentication;
450 goto parse_flag;
451
452 case oZeroKnowledgePasswordAuthentication:
453 intptr = &options->zero_knowledge_password_authentication;
454 goto parse_flag;
455
456 case oKbdInteractiveAuthentication:
457 intptr = &options->kbd_interactive_authentication;
458 goto parse_flag;
459
460 case oKbdInteractiveDevices:
461 charptr = &options->kbd_interactive_devices;
462 goto parse_string;
463
464 case oPubkeyAuthentication:
465 intptr = &options->pubkey_authentication;
466 goto parse_flag;
467
468 case oRSAAuthentication:
469 intptr = &options->rsa_authentication;
470 goto parse_flag;
471
472 case oRhostsRSAAuthentication:
473 intptr = &options->rhosts_rsa_authentication;
474 goto parse_flag;
475
476 case oHostbasedAuthentication:
477 intptr = &options->hostbased_authentication;
478 goto parse_flag;
479
480 case oChallengeResponseAuthentication:
481 intptr = &options->challenge_response_authentication;
482 goto parse_flag;
483
484 case oGssAuthentication:
485 intptr = &options->gss_authentication;
486 goto parse_flag;
487
488 case oGssDelegateCreds:
489 intptr = &options->gss_deleg_creds;
490 goto parse_flag;
491
492 case oBatchMode:
493 intptr = &options->batch_mode;
494 goto parse_flag;
495
496 case oCheckHostIP:
497 intptr = &options->check_host_ip;
498 goto parse_flag;
499
500 case oNoneEnabled:
501 intptr = &options->none_enabled;
502 goto parse_flag;
503
504 /* we check to see if the command comes from the */
505 /* command line or not. If it does then enable it */
506 /* otherwise fail. NONE should never be a default configuration */
507 case oNoneSwitch:
508 if(strcmp(filename,"command-line")==0)
509 {
510 intptr = &options->none_switch;
511 goto parse_flag;
512 } else {
513 error("NoneSwitch is found in %.200s.\nYou may only use this configuration option from the command line", filename);
514 error("Continuing...");
515 debug("NoneSwitch directive found in %.200s.", filename);
516 return 0;
517 }
518
519 case oHPNDisabled:
520 intptr = &options->hpn_disabled;
521 goto parse_flag;
522
523 case oHPNBufferSize:
524 intptr = &options->hpn_buffer_size;
525 goto parse_int;
526
527 case oTcpRcvBufPoll:
528 intptr = &options->tcp_rcv_buf_poll;
529 goto parse_flag;
530
531 case oVerifyHostKeyDNS:
532 intptr = &options->verify_host_key_dns;
533 goto parse_yesnoask;
534
535 case oStrictHostKeyChecking:
536 intptr = &options->strict_host_key_checking;
537 parse_yesnoask:
538 arg = strdelim(&s);
539 if (!arg || *arg == '\0')
540 fatal("%.200s line %d: Missing yes/no/ask argument.",
541 filename, linenum);
542 value = 0; /* To avoid compiler warning... */
543 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
544 value = 1;
545 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
546 value = 0;
547 else if (strcmp(arg, "ask") == 0)
548 value = 2;
549 else
550 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
551 if (*activep && *intptr == -1)
552 *intptr = value;
553 break;
554
555 case oCompression:
556 intptr = &options->compression;
557 goto parse_flag;
558
559 case oTCPKeepAlive:
560 intptr = &options->tcp_keep_alive;
561 goto parse_flag;
562
563 case oNoHostAuthenticationForLocalhost:
564 intptr = &options->no_host_authentication_for_localhost;
565 goto parse_flag;
566
567 case oNumberOfPasswordPrompts:
568 intptr = &options->number_of_password_prompts;
569 goto parse_int;
570
571 case oCompressionLevel:
572 intptr = &options->compression_level;
573 goto parse_int;
574
575 case oRekeyLimit:
576 arg = strdelim(&s);
577 if (!arg || *arg == '\0')
578 fatal("%.200s line %d: Missing argument.", filename, linenum);
579 if (arg[0] < '0' || arg[0] > '9')
580 fatal("%.200s line %d: Bad number.", filename, linenum);
581 orig = val64 = strtoll(arg, &endofnumber, 10);
582 if (arg == endofnumber)
583 fatal("%.200s line %d: Bad number.", filename, linenum);
584 switch (toupper(*endofnumber)) {
585 case '\0':
586 scale = 1;
587 break;
588 case 'K':
589 scale = 1<<10;
590 break;
591 case 'M':
592 scale = 1<<20;
593 break;
594 case 'G':
595 scale = 1<<30;
596 break;
597 default:
598 fatal("%.200s line %d: Invalid RekeyLimit suffix",
599 filename, linenum);
600 }
601 val64 *= scale;
602 /* detect integer wrap and too-large limits */
603 if ((val64 / scale) != orig || val64 > UINT_MAX)
604 fatal("%.200s line %d: RekeyLimit too large",
605 filename, linenum);
606 if (val64 < 16)
607 fatal("%.200s line %d: RekeyLimit too small",
608 filename, linenum);
609 if (*activep && options->rekey_limit == -1)
610 options->rekey_limit = (u_int32_t)val64;
611 break;
612
613 case oIdentityFile:
614 arg = strdelim(&s);
615 if (!arg || *arg == '\0')
616 fatal("%.200s line %d: Missing argument.", filename, linenum);
617 if (*activep) {
618 intptr = &options->num_identity_files;
619 if (*intptr >= SSH_MAX_IDENTITY_FILES)
620 fatal("%.200s line %d: Too many identity files specified (max %d).",
621 filename, linenum, SSH_MAX_IDENTITY_FILES);
622 charptr = &options->identity_files[*intptr];
623 *charptr = xstrdup(arg);
624 *intptr = *intptr + 1;
625 }
626 break;
627
628 case oXAuthLocation:
629 charptr=&options->xauth_location;
630 goto parse_string;
631
632 case oUser:
633 charptr = &options->user;
634 parse_string:
635 arg = strdelim(&s);
636 if (!arg || *arg == '\0')
637 fatal("%.200s line %d: Missing argument.", filename, linenum);
638 if (*activep && *charptr == NULL)
639 *charptr = xstrdup(arg);
640 break;
641
642 case oGlobalKnownHostsFile:
643 charptr = &options->system_hostfile;
644 goto parse_string;
645
646 case oUserKnownHostsFile:
647 charptr = &options->user_hostfile;
648 goto parse_string;
649
650 case oGlobalKnownHostsFile2:
651 charptr = &options->system_hostfile2;
652 goto parse_string;
653
654 case oUserKnownHostsFile2:
655 charptr = &options->user_hostfile2;
656 goto parse_string;
657
658 case oHostName:
659 charptr = &options->hostname;
660 goto parse_string;
661
662 case oHostKeyAlias:
663 charptr = &options->host_key_alias;
664 goto parse_string;
665
666 case oPreferredAuthentications:
667 charptr = &options->preferred_authentications;
668 goto parse_string;
669
670 case oBindAddress:
671 charptr = &options->bind_address;
672 goto parse_string;
673
674 case oPKCS11Provider:
675 charptr = &options->pkcs11_provider;
676 goto parse_string;
677
678 case oProxyCommand:
679 charptr = &options->proxy_command;
680 parse_command:
681 if (s == NULL)
682 fatal("%.200s line %d: Missing argument.", filename, linenum);
683 len = strspn(s, WHITESPACE "=");
684 if (*activep && *charptr == NULL)
685 *charptr = xstrdup(s + len);
686 return 0;
687
688 case oPort:
689 intptr = &options->port;
690 parse_int:
691 arg = strdelim(&s);
692 if (!arg || *arg == '\0')
693 fatal("%.200s line %d: Missing argument.", filename, linenum);
694 if (arg[0] < '0' || arg[0] > '9')
695 fatal("%.200s line %d: Bad number.", filename, linenum);
696
697 /* Octal, decimal, or hex format? */
698 value = strtol(arg, &endofnumber, 0);
699 if (arg == endofnumber)
700 fatal("%.200s line %d: Bad number.", filename, linenum);
701 if (*activep && *intptr == -1)
702 *intptr = value;
703 break;
704
705 case oConnectionAttempts:
706 intptr = &options->connection_attempts;
707 goto parse_int;
708
709 case oTcpRcvBuf:
710 intptr = &options->tcp_rcv_buf;
711 goto parse_int;
712
713 case oCipher:
714 intptr = &options->cipher;
715 arg = strdelim(&s);
716 if (!arg || *arg == '\0')
717 fatal("%.200s line %d: Missing argument.", filename, linenum);
718 value = cipher_number(arg);
719 if (value == -1)
720 fatal("%.200s line %d: Bad cipher '%s'.",
721 filename, linenum, arg ? arg : "<NONE>");
722 if (*activep && *intptr == -1)
723 *intptr = value;
724 break;
725
726 case oCiphers:
727 arg = strdelim(&s);
728 if (!arg || *arg == '\0')
729 fatal("%.200s line %d: Missing argument.", filename, linenum);
730 if (!ciphers_valid(arg))
731 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
732 filename, linenum, arg ? arg : "<NONE>");
733 if (*activep && options->ciphers == NULL)
734 options->ciphers = xstrdup(arg);
735 break;
736
737 case oMacs:
738 arg = strdelim(&s);
739 if (!arg || *arg == '\0')
740 fatal("%.200s line %d: Missing argument.", filename, linenum);
741 if (!mac_valid(arg))
742 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
743 filename, linenum, arg ? arg : "<NONE>");
744 if (*activep && options->macs == NULL)
745 options->macs = xstrdup(arg);
746 break;
747
748 case oHostKeyAlgorithms:
749 arg = strdelim(&s);
750 if (!arg || *arg == '\0')
751 fatal("%.200s line %d: Missing argument.", filename, linenum);
752 if (!key_names_valid2(arg))
753 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
754 filename, linenum, arg ? arg : "<NONE>");
755 if (*activep && options->hostkeyalgorithms == NULL)
756 options->hostkeyalgorithms = xstrdup(arg);
757 break;
758
759 case oProtocol:
760 intptr = &options->protocol;
761 arg = strdelim(&s);
762 if (!arg || *arg == '\0')
763 fatal("%.200s line %d: Missing argument.", filename, linenum);
764 value = proto_spec(arg);
765 if (value == SSH_PROTO_UNKNOWN)
766 fatal("%.200s line %d: Bad protocol spec '%s'.",
767 filename, linenum, arg ? arg : "<NONE>");
768 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
769 *intptr = value;
770 break;
771
772 case oLogLevel:
773 log_level_ptr = &options->log_level;
774 arg = strdelim(&s);
775 value = log_level_number(arg);
776 if (value == SYSLOG_LEVEL_NOT_SET)
777 fatal("%.200s line %d: unsupported log level '%s'",
778 filename, linenum, arg ? arg : "<NONE>");
779 if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
780 *log_level_ptr = (LogLevel) value;
781 break;
782
783 case oLocalForward:
784 case oRemoteForward:
785 case oDynamicForward:
786 arg = strdelim(&s);
787 if (arg == NULL || *arg == '\0')
788 fatal("%.200s line %d: Missing port argument.",
789 filename, linenum);
790
791 if (opcode == oLocalForward ||
792 opcode == oRemoteForward) {
793 arg2 = strdelim(&s);
794 if (arg2 == NULL || *arg2 == '\0')
795 fatal("%.200s line %d: Missing target argument.",
796 filename, linenum);
797
798 /* construct a string for parse_forward */
799 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
800 } else if (opcode == oDynamicForward) {
801 strlcpy(fwdarg, arg, sizeof(fwdarg));
802 }
803
804 if (parse_forward(&fwd, fwdarg,
805 opcode == oDynamicForward ? 1 : 0,
806 opcode == oRemoteForward ? 1 : 0) == 0)
807 fatal("%.200s line %d: Bad forwarding specification.",
808 filename, linenum);
809
810 if (*activep) {
811 if (opcode == oLocalForward ||
812 opcode == oDynamicForward)
813 add_local_forward(options, &fwd);
814 else if (opcode == oRemoteForward)
815 add_remote_forward(options, &fwd);
816 }
817 break;
818
819 case oClearAllForwardings:
820 intptr = &options->clear_forwardings;
821 goto parse_flag;
822
823 case oHost:
824 *activep = 0;
825 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
826 if (match_pattern(host, arg)) {
827 debug("Applying options for %.100s", arg);
828 *activep = 1;
829 break;
830 }
831 /* Avoid garbage check below, as strdelim is done. */
832 return 0;
833
834 case oEscapeChar:
835 intptr = &options->escape_char;
836 arg = strdelim(&s);
837 if (!arg || *arg == '\0')
838 fatal("%.200s line %d: Missing argument.", filename, linenum);
839 if (arg[0] == '^' && arg[2] == 0 &&
840 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
841 value = (u_char) arg[1] & 31;
842 else if (strlen(arg) == 1)
843 value = (u_char) arg[0];
844 else if (strcmp(arg, "none") == 0)
845 value = SSH_ESCAPECHAR_NONE;
846 else {
847 fatal("%.200s line %d: Bad escape character.",
848 filename, linenum);
849 /* NOTREACHED */
850 value = 0; /* Avoid compiler warning. */
851 }
852 if (*activep && *intptr == -1)
853 *intptr = value;
854 break;
855
856 case oAddressFamily:
857 arg = strdelim(&s);
858 if (!arg || *arg == '\0')
859 fatal("%s line %d: missing address family.",
860 filename, linenum);
861 intptr = &options->address_family;
862 if (strcasecmp(arg, "inet") == 0)
863 value = AF_INET;
864 else if (strcasecmp(arg, "inet6") == 0)
865 value = AF_INET6;
866 else if (strcasecmp(arg, "any") == 0)
867 value = AF_UNSPEC;
868 else
869 fatal("Unsupported AddressFamily \"%s\"", arg);
870 if (*activep && *intptr == -1)
871 *intptr = value;
872 break;
873
874 case oEnableSSHKeysign:
875 intptr = &options->enable_ssh_keysign;
876 goto parse_flag;
877
878 case oIdentitiesOnly:
879 intptr = &options->identities_only;
880 goto parse_flag;
881
882 case oServerAliveInterval:
883 intptr = &options->server_alive_interval;
884 goto parse_time;
885
886 case oServerAliveCountMax:
887 intptr = &options->server_alive_count_max;
888 goto parse_int;
889
890 case oVersionAddendum:
891 ssh_version_set_addendum(strtok(s, "\n"));
892 do {
893 arg = strdelim(&s);
894 } while (arg != NULL && *arg != '\0');
895 break;
896
897 case oSendEnv:
898 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
899 if (strchr(arg, '=') != NULL)
900 fatal("%s line %d: Invalid environment name.",
901 filename, linenum);
902 if (!*activep)
903 continue;
904 if (options->num_send_env >= MAX_SEND_ENV)
905 fatal("%s line %d: too many send env.",
906 filename, linenum);
907 options->send_env[options->num_send_env++] =
908 xstrdup(arg);
909 }
910 break;
911
912 case oControlPath:
913 charptr = &options->control_path;
914 goto parse_string;
915
916 case oControlMaster:
917 intptr = &options->control_master;
918 arg = strdelim(&s);
919 if (!arg || *arg == '\0')
920 fatal("%.200s line %d: Missing ControlMaster argument.",
921 filename, linenum);
922 value = 0; /* To avoid compiler warning... */
923 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
924 value = SSHCTL_MASTER_YES;
925 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
926 value = SSHCTL_MASTER_NO;
927 else if (strcmp(arg, "auto") == 0)
928 value = SSHCTL_MASTER_AUTO;
929 else if (strcmp(arg, "ask") == 0)
930 value = SSHCTL_MASTER_ASK;
931 else if (strcmp(arg, "autoask") == 0)
932 value = SSHCTL_MASTER_AUTO_ASK;
933 else
934 fatal("%.200s line %d: Bad ControlMaster argument.",
935 filename, linenum);
936 if (*activep && *intptr == -1)
937 *intptr = value;
938 break;
939
940 case oControlPersist:
941 /* no/false/yes/true, or a time spec */
942 intptr = &options->control_persist;
943 arg = strdelim(&s);
944 if (!arg || *arg == '\0')
945 fatal("%.200s line %d: Missing ControlPersist"
946 " argument.", filename, linenum);
947 value = 0;
948 value2 = 0; /* timeout */
949 if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
950 value = 0;
951 else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
952 value = 1;
953 else if ((value2 = convtime(arg)) >= 0)
954 value = 1;
955 else
956 fatal("%.200s line %d: Bad ControlPersist argument.",
957 filename, linenum);
958 if (*activep && *intptr == -1) {
959 *intptr = value;
960 options->control_persist_timeout = value2;
961 }
962 break;
963
964 case oHashKnownHosts:
965 intptr = &options->hash_known_hosts;
966 goto parse_flag;
967
968 case oTunnel:
969 intptr = &options->tun_open;
970 arg = strdelim(&s);
971 if (!arg || *arg == '\0')
972 fatal("%s line %d: Missing yes/point-to-point/"
973 "ethernet/no argument.", filename, linenum);
974 value = 0; /* silence compiler */
975 if (strcasecmp(arg, "ethernet") == 0)
976 value = SSH_TUNMODE_ETHERNET;
977 else if (strcasecmp(arg, "point-to-point") == 0)
978 value = SSH_TUNMODE_POINTOPOINT;
979 else if (strcasecmp(arg, "yes") == 0)
980 value = SSH_TUNMODE_DEFAULT;
981 else if (strcasecmp(arg, "no") == 0)
982 value = SSH_TUNMODE_NO;
983 else
984 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
985 "no argument: %s", filename, linenum, arg);
986 if (*activep)
987 *intptr = value;
988 break;
989
990 case oTunnelDevice:
991 arg = strdelim(&s);
992 if (!arg || *arg == '\0')
993 fatal("%.200s line %d: Missing argument.", filename, linenum);
994 value = a2tun(arg, &value2);
995 if (value == SSH_TUNID_ERR)
996 fatal("%.200s line %d: Bad tun device.", filename, linenum);
997 if (*activep) {
998 options->tun_local = value;
999 options->tun_remote = value2;
1000 }
1001 break;
1002
1003 case oLocalCommand:
1004 charptr = &options->local_command;
1005 goto parse_command;
1006
1007 case oPermitLocalCommand:
1008 intptr = &options->permit_local_command;
1009 goto parse_flag;
1010
1011 case oVisualHostKey:
1012 intptr = &options->visual_host_key;
1013 goto parse_flag;
1014
1015 case oUseRoaming:
1016 intptr = &options->use_roaming;
1017 goto parse_flag;
1018
1019 case oDeprecated:
1020 debug("%s line %d: Deprecated option \"%s\"",
1021 filename, linenum, keyword);
1022 return 0;
1023
1024 case oUnsupported:
1025 error("%s line %d: Unsupported option \"%s\"",
1026 filename, linenum, keyword);
1027 return 0;
1028
1029 default:
1030 fatal("process_config_line: Unimplemented opcode %d", opcode);
1031 }
1032
1033 /* Check that there is no garbage at end of line. */
1034 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1035 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
1036 filename, linenum, arg);
1037 }
1038 return 0;
1039 }
1040
1041
1042 /*
1043 * Reads the config file and modifies the options accordingly. Options
1044 * should already be initialized before this call. This never returns if
1045 * there is an error. If the file does not exist, this returns 0.
1046 */
1047
1048 int
1049 read_config_file(const char *filename, const char *host, Options *options,
1050 int checkperm)
1051 {
1052 FILE *f;
1053 char line[1024];
1054 int active, linenum;
1055 int bad_options = 0;
1056
1057 if ((f = fopen(filename, "r")) == NULL)
1058 return 0;
1059
1060 if (checkperm) {
1061 struct stat sb;
1062
1063 if (fstat(fileno(f), &sb) == -1)
1064 fatal("fstat %s: %s", filename, strerror(errno));
1065 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
1066 (sb.st_mode & 022) != 0))
1067 fatal("Bad owner or permissions on %s", filename);
1068 }
1069
1070 debug("Reading configuration data %.200s", filename);
1071
1072 /*
1073 * Mark that we are now processing the options. This flag is turned
1074 * on/off by Host specifications.
1075 */
1076 active = 1;
1077 linenum = 0;
1078 while (fgets(line, sizeof(line), f)) {
1079 /* Update line number counter. */
1080 linenum++;
1081 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
1082 bad_options++;
1083 }
1084 fclose(f);
1085 if (bad_options > 0)
1086 fatal("%s: terminating, %d bad configuration options",
1087 filename, bad_options);
1088 return 1;
1089 }
1090
1091 /*
1092 * Initializes options to special values that indicate that they have not yet
1093 * been set. Read_config_file will only set options with this value. Options
1094 * are processed in the following order: command line, user config file,
1095 * system config file. Last, fill_default_options is called.
1096 */
1097
1098 void
1099 initialize_options(Options * options)
1100 {
1101 memset(options, 'X', sizeof(*options));
1102 options->forward_agent = -1;
1103 options->forward_x11 = -1;
1104 options->forward_x11_trusted = -1;
1105 options->forward_x11_timeout = -1;
1106 options->exit_on_forward_failure = -1;
1107 options->xauth_location = NULL;
1108 options->gateway_ports = -1;
1109 options->use_privileged_port = -1;
1110 options->rsa_authentication = -1;
1111 options->pubkey_authentication = -1;
1112 options->challenge_response_authentication = -1;
1113 options->gss_authentication = -1;
1114 options->gss_deleg_creds = -1;
1115 options->password_authentication = -1;
1116 options->kbd_interactive_authentication = -1;
1117 options->kbd_interactive_devices = NULL;
1118 options->rhosts_rsa_authentication = -1;
1119 options->hostbased_authentication = -1;
1120 options->batch_mode = -1;
1121 options->check_host_ip = -1;
1122 options->strict_host_key_checking = -1;
1123 options->compression = -1;
1124 options->tcp_keep_alive = -1;
1125 options->compression_level = -1;
1126 options->port = -1;
1127 options->address_family = -1;
1128 options->connection_attempts = -1;
1129 options->connection_timeout = -1;
1130 options->number_of_password_prompts = -1;
1131 options->cipher = -1;
1132 options->ciphers = NULL;
1133 options->macs = NULL;
1134 options->hostkeyalgorithms = NULL;
1135 options->protocol = SSH_PROTO_UNKNOWN;
1136 options->num_identity_files = 0;
1137 options->hostname = NULL;
1138 options->host_key_alias = NULL;
1139 options->proxy_command = NULL;
1140 options->user = NULL;
1141 options->escape_char = -1;
1142 options->system_hostfile = NULL;
1143 options->user_hostfile = NULL;
1144 options->system_hostfile2 = NULL;
1145 options->user_hostfile2 = NULL;
1146 options->local_forwards = NULL;
1147 options->num_local_forwards = 0;
1148 options->remote_forwards = NULL;
1149 options->num_remote_forwards = 0;
1150 options->clear_forwardings = -1;
1151 options->log_level = SYSLOG_LEVEL_NOT_SET;
1152 options->preferred_authentications = NULL;
1153 options->bind_address = NULL;
1154 options->pkcs11_provider = NULL;
1155 options->enable_ssh_keysign = - 1;
1156 options->no_host_authentication_for_localhost = - 1;
1157 options->identities_only = - 1;
1158 options->rekey_limit = - 1;
1159 options->verify_host_key_dns = -1;
1160 options->server_alive_interval = -1;
1161 options->server_alive_count_max = -1;
1162 options->num_send_env = 0;
1163 options->control_path = NULL;
1164 options->control_master = -1;
1165 options->control_persist = -1;
1166 options->control_persist_timeout = 0;
1167 options->hash_known_hosts = -1;
1168 options->tun_open = -1;
1169 options->tun_local = -1;
1170 options->tun_remote = -1;
1171 options->local_command = NULL;
1172 options->permit_local_command = -1;
1173 options->use_roaming = -1;
1174 options->visual_host_key = -1;
1175 options->zero_knowledge_password_authentication = -1;
1176 options->none_switch = -1;
1177 options->none_enabled = -1;
1178 options->hpn_disabled = -1;
1179 options->hpn_buffer_size = -1;
1180 options->tcp_rcv_buf_poll = -1;
1181 options->tcp_rcv_buf = -1;
1182 }
1183
1184 /*
1185 * Called after processing other sources of option data, this fills those
1186 * options for which no value has been specified with their default values.
1187 */
1188
1189 void
1190 fill_default_options(Options * options)
1191 {
1192 int len;
1193
1194 if (options->forward_agent == -1)
1195 options->forward_agent = 0;
1196 if (options->forward_x11 == -1)
1197 options->forward_x11 = 0;
1198 if (options->forward_x11_trusted == -1)
1199 options->forward_x11_trusted = 0;
1200 if (options->forward_x11_timeout == -1)
1201 options->forward_x11_timeout = 1200;
1202 if (options->exit_on_forward_failure == -1)
1203 options->exit_on_forward_failure = 0;
1204 if (options->xauth_location == NULL)
1205 options->xauth_location = _PATH_XAUTH;
1206 if (options->gateway_ports == -1)
1207 options->gateway_ports = 0;
1208 if (options->use_privileged_port == -1)
1209 options->use_privileged_port = 0;
1210 if (options->rsa_authentication == -1)
1211 options->rsa_authentication = 1;
1212 if (options->pubkey_authentication == -1)
1213 options->pubkey_authentication = 1;
1214 if (options->challenge_response_authentication == -1)
1215 options->challenge_response_authentication = 1;
1216 if (options->gss_authentication == -1)
1217 options->gss_authentication = 0;
1218 if (options->gss_deleg_creds == -1)
1219 options->gss_deleg_creds = 0;
1220 if (options->password_authentication == -1)
1221 options->password_authentication = 1;
1222 if (options->kbd_interactive_authentication == -1)
1223 options->kbd_interactive_authentication = 1;
1224 if (options->rhosts_rsa_authentication == -1)
1225 options->rhosts_rsa_authentication = 0;
1226 if (options->hostbased_authentication == -1)
1227 options->hostbased_authentication = 0;
1228 if (options->batch_mode == -1)
1229 options->batch_mode = 0;
1230 if (options->check_host_ip == -1)
1231 options->check_host_ip = 0;
1232 if (options->strict_host_key_checking == -1)
1233 options->strict_host_key_checking = 2; /* 2 is default */
1234 if (options->compression == -1)
1235 options->compression = 0;
1236 if (options->tcp_keep_alive == -1)
1237 options->tcp_keep_alive = 1;
1238 if (options->compression_level == -1)
1239 options->compression_level = 6;
1240 if (options->port == -1)
1241 options->port = 0; /* Filled in ssh_connect. */
1242 if (options->address_family == -1)
1243 options->address_family = AF_UNSPEC;
1244 if (options->connection_attempts == -1)
1245 options->connection_attempts = 1;
1246 if (options->number_of_password_prompts == -1)
1247 options->number_of_password_prompts = 3;
1248 /* Selected in ssh_login(). */
1249 if (options->cipher == -1)
1250 options->cipher = SSH_CIPHER_NOT_SET;
1251 /* options->ciphers, default set in myproposals.h */
1252 /* options->macs, default set in myproposals.h */
1253 /* options->hostkeyalgorithms, default set in myproposals.h */
1254 if (options->protocol == SSH_PROTO_UNKNOWN)
1255 options->protocol = SSH_PROTO_2;
1256 if (options->num_identity_files == 0) {
1257 if (options->protocol & SSH_PROTO_1) {
1258 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1259 options->identity_files[options->num_identity_files] =
1260 xmalloc(len);
1261 snprintf(options->identity_files[options->num_identity_files++],
1262 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1263 }
1264 if (options->protocol & SSH_PROTO_2) {
1265 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1266 options->identity_files[options->num_identity_files] =
1267 xmalloc(len);
1268 snprintf(options->identity_files[options->num_identity_files++],
1269 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1270
1271 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1272 options->identity_files[options->num_identity_files] =
1273 xmalloc(len);
1274 snprintf(options->identity_files[options->num_identity_files++],
1275 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1276 }
1277 }
1278 if (options->escape_char == -1)
1279 options->escape_char = '~';
1280 if (options->system_hostfile == NULL)
1281 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1282 if (options->user_hostfile == NULL)
1283 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1284 if (options->system_hostfile2 == NULL)
1285 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1286 if (options->user_hostfile2 == NULL)
1287 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1288 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1289 options->log_level = SYSLOG_LEVEL_INFO;
1290 if (options->clear_forwardings == 1)
1291 clear_forwardings(options);
1292 if (options->no_host_authentication_for_localhost == - 1)
1293 options->no_host_authentication_for_localhost = 0;
1294 if (options->identities_only == -1)
1295 options->identities_only = 0;
1296 if (options->enable_ssh_keysign == -1)
1297 options->enable_ssh_keysign = 0;
1298 if (options->rekey_limit == -1)
1299 options->rekey_limit = 0;
1300 if (options->verify_host_key_dns == -1)
1301 options->verify_host_key_dns = 0;
1302 if (options->server_alive_interval == -1)
1303 options->server_alive_interval = 0;
1304 if (options->server_alive_count_max == -1)
1305 options->server_alive_count_max = 3;
1306 if (options->none_switch == -1)
1307 options->none_switch = 0;
1308 if (options->hpn_disabled == -1)
1309 options->hpn_disabled = 0;
1310 if (options->hpn_buffer_size > -1)
1311 {
1312 /* if a user tries to set the size to 0 set it to 1KB */
1313 if (options->hpn_buffer_size == 0)
1314 options->hpn_buffer_size = 1024;
1315 /*limit the buffer to 64MB*/
1316 if (options->hpn_buffer_size > 65536)
1317 {
1318 options->hpn_buffer_size = 65536*1024;
1319 debug("User requested buffer larger than 64MB. Request reverted to 64MB");
1320 }
1321 debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
1322 }
1323 if (options->tcp_rcv_buf == 0)
1324 options->tcp_rcv_buf = 1;
1325 if (options->tcp_rcv_buf > -1)
1326 options->tcp_rcv_buf *=1024;
1327 if (options->tcp_rcv_buf_poll == -1)
1328 options->tcp_rcv_buf_poll = 1;
1329 if (options->control_master == -1)
1330 options->control_master = 0;
1331 if (options->control_persist == -1) {
1332 options->control_persist = 0;
1333 options->control_persist_timeout = 0;
1334 }
1335 if (options->hash_known_hosts == -1)
1336 options->hash_known_hosts = 0;
1337 if (options->tun_open == -1)
1338 options->tun_open = SSH_TUNMODE_NO;
1339 if (options->tun_local == -1)
1340 options->tun_local = SSH_TUNID_ANY;
1341 if (options->tun_remote == -1)
1342 options->tun_remote = SSH_TUNID_ANY;
1343 if (options->permit_local_command == -1)
1344 options->permit_local_command = 0;
1345 if (options->use_roaming == -1)
1346 options->use_roaming = 1;
1347 if (options->visual_host_key == -1)
1348 options->visual_host_key = 0;
1349 if (options->zero_knowledge_password_authentication == -1)
1350 options->zero_knowledge_password_authentication = 0;
1351 /* options->local_command should not be set by default */
1352 /* options->proxy_command should not be set by default */
1353 /* options->user will be set in the main program if appropriate */
1354 /* options->hostname will be set in the main program if appropriate */
1355 /* options->host_key_alias should not be set by default */
1356 /* options->preferred_authentications will be set in ssh */
1357 }
1358
1359 /*
1360 * parse_forward
1361 * parses a string containing a port forwarding specification of the form:
1362 * dynamicfwd == 0
1363 * [listenhost:]listenport:connecthost:connectport
1364 * dynamicfwd == 1
1365 * [listenhost:]listenport
1366 * returns number of arguments parsed or zero on error
1367 */
1368 int
1369 parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1370 {
1371 int i;
1372 char *p, *cp, *fwdarg[4];
1373
1374 memset(fwd, '\0', sizeof(*fwd));
1375
1376 cp = p = xstrdup(fwdspec);
1377
1378 /* skip leading spaces */
1379 while (isspace(*cp))
1380 cp++;
1381
1382 for (i = 0; i < 4; ++i)
1383 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1384 break;
1385
1386 /* Check for trailing garbage */
1387 if (cp != NULL)
1388 i = 0; /* failure */
1389
1390 switch (i) {
1391 case 1:
1392 fwd->listen_host = NULL;
1393 fwd->listen_port = a2port(fwdarg[0]);
1394 fwd->connect_host = xstrdup("socks");
1395 break;
1396
1397 case 2:
1398 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1399 fwd->listen_port = a2port(fwdarg[1]);
1400 fwd->connect_host = xstrdup("socks");
1401 break;
1402
1403 case 3:
1404 fwd->listen_host = NULL;
1405 fwd->listen_port = a2port(fwdarg[0]);
1406 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1407 fwd->connect_port = a2port(fwdarg[2]);
1408 break;
1409
1410 case 4:
1411 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1412 fwd->listen_port = a2port(fwdarg[1]);
1413 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1414 fwd->connect_port = a2port(fwdarg[3]);
1415 break;
1416 default:
1417 i = 0; /* failure */
1418 }
1419
1420 xfree(p);
1421
1422 if (dynamicfwd) {
1423 if (!(i == 1 || i == 2))
1424 goto fail_free;
1425 } else {
1426 if (!(i == 3 || i == 4))
1427 goto fail_free;
1428 if (fwd->connect_port <= 0)
1429 goto fail_free;
1430 }
1431
1432 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
1433 goto fail_free;
1434
1435 if (fwd->connect_host != NULL &&
1436 strlen(fwd->connect_host) >= NI_MAXHOST)
1437 goto fail_free;
1438 if (fwd->listen_host != NULL &&
1439 strlen(fwd->listen_host) >= NI_MAXHOST)
1440 goto fail_free;
1441
1442
1443 return (i);
1444
1445 fail_free:
1446 if (fwd->connect_host != NULL) {
1447 xfree(fwd->connect_host);
1448 fwd->connect_host = NULL;
1449 }
1450 if (fwd->listen_host != NULL) {
1451 xfree(fwd->listen_host);
1452 fwd->listen_host = NULL;
1453 }
1454 return (0);
1455 }
DragonFly BSD