blob: 1d6409fdb1faf76d8b6411d259a6f9d1dd19272c [file] [log] [blame]
Darren Tucker1e44c5d2008-01-01 20:32:26 +11001/* $OpenBSD: readconf.c,v 1.164 2007/12/31 10:41:31 dtucker Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11004 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * Functions for reading the configuration files.
Damien Miller4af51302000-04-16 11:18:38 +10007 *
Damien Millere4340be2000-09-16 13:29:08 +11008 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110013 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100014
15#include "includes.h"
Damien Millerf17883e2006-03-15 11:45:54 +110016
17#include <sys/types.h>
18#include <sys/stat.h>
Damien Miller8ec8c3e2006-07-10 20:35:38 +100019#include <sys/socket.h>
20
21#include <netinet/in.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100022
Damien Millerc7b06362006-03-15 11:53:45 +110023#include <ctype.h>
Darren Tucker39972492006-07-12 22:22:46 +100024#include <errno.h>
Damien Millerb8fe89c2006-07-24 14:51:00 +100025#include <netdb.h>
Damien Millerd7834352006-08-05 12:39:39 +100026#include <signal.h>
Damien Millerded319c2006-09-01 15:38:36 +100027#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100028#include <stdio.h>
Damien Millere3476ed2006-07-24 14:13:33 +100029#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100030#include <unistd.h>
Damien Millerc7b06362006-03-15 11:53:45 +110031
Damien Millerd4a8b7e1999-10-27 13:42:43 +100032#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100033#include "ssh.h"
Damien Miller78928792000-04-12 20:17:38 +100034#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000035#include "cipher.h"
36#include "pathnames.h"
37#include "log.h"
Damien Millerd7834352006-08-05 12:39:39 +100038#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000039#include "readconf.h"
40#include "match.h"
41#include "misc.h"
Damien Millerd7834352006-08-05 12:39:39 +100042#include "buffer.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000043#include "kex.h"
44#include "mac.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100045
46/* Format of the configuration file:
47
48 # Configuration data is parsed as follows:
49 # 1. command line options
50 # 2. user-specific file
51 # 3. system-wide file
52 # Any configuration value is only changed the first time it is set.
53 # Thus, host-specific definitions should be at the beginning of the
54 # configuration file, and defaults at the end.
55
56 # Host-specific declarations. These may override anything above. A single
57 # host may match multiple declarations; these are processed in the order
58 # that they are given in.
59
60 Host *.ngs.fi ngs.fi
Ben Lindstrom4daea862002-06-09 20:04:02 +000061 User foo
Damien Millerd4a8b7e1999-10-27 13:42:43 +100062
63 Host fake.com
64 HostName another.host.name.real.org
65 User blaah
66 Port 34289
67 ForwardX11 no
68 ForwardAgent no
69
70 Host books.com
71 RemoteForward 9999 shadows.cs.hut.fi:9999
72 Cipher 3des
73
74 Host fascist.blob.com
75 Port 23123
76 User tylonen
Damien Millerd4a8b7e1999-10-27 13:42:43 +100077 PasswordAuthentication no
78
79 Host puukko.hut.fi
80 User t35124p
81 ProxyCommand ssh-proxy %h %p
82
83 Host *.fr
Ben Lindstrom4daea862002-06-09 20:04:02 +000084 PublicKeyAuthentication no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100085
86 Host *.su
87 Cipher none
88 PasswordAuthentication no
89
Damien Millerd27b9472005-12-13 19:29:02 +110090 Host vpn.fake.com
91 Tunnel yes
92 TunnelDevice 3
93
Damien Millerd4a8b7e1999-10-27 13:42:43 +100094 # Defaults for various options
95 Host *
96 ForwardAgent no
Damien Miller0bc1bd82000-11-13 22:57:25 +110097 ForwardX11 no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100098 PasswordAuthentication yes
99 RSAAuthentication yes
100 RhostsRSAAuthentication yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000101 StrictHostKeyChecking yes
Damien Miller12c150e2003-12-17 16:31:10 +1100102 TcpKeepAlive no
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000103 IdentityFile ~/.ssh/identity
104 Port 22
105 EscapeChar ~
106
107*/
108
109/* Keyword tokens. */
110
Damien Miller95def091999-11-25 00:26:21 +1100111typedef enum {
112 oBadOption,
Darren Tucker0a118da2003-10-15 15:54:32 +1000113 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
Darren Tuckere7d4b192006-07-12 22:17:10 +1000114 oExitOnForwardFailure,
Ben Lindstromcb72e4f2002-06-21 00:41:51 +0000115 oPasswordAuthentication, oRSAAuthentication,
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000116 oChallengeResponseAuthentication, oXAuthLocation,
Damien Miller95def091999-11-25 00:26:21 +1100117 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
118 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
119 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
120 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
Damien Miller12c150e2003-12-17 16:31:10 +1100121 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000122 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100123 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000124 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000125 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000126 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
Ben Lindstrom4daea862002-06-09 20:04:02 +0000127 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
Damien Millerb78d5eb2003-05-16 11:39:04 +1000128 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
Darren Tucker0efd1552003-08-26 11:49:55 +1000129 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
Damien Millerbd394c32004-03-08 23:12:36 +1100130 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
Damien Millere1776152005-03-01 21:47:37 +1100131 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
Damien Millerd27b9472005-12-13 19:29:02 +1100132 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
Damien Millerf9b3feb2003-05-16 11:38:32 +1000133 oDeprecated, oUnsupported
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000134} OpCodes;
135
136/* Textual representations of the tokens. */
137
Damien Miller95def091999-11-25 00:26:21 +1100138static struct {
139 const char *name;
140 OpCodes opcode;
141} keywords[] = {
142 { "forwardagent", oForwardAgent },
143 { "forwardx11", oForwardX11 },
Darren Tucker0a118da2003-10-15 15:54:32 +1000144 { "forwardx11trusted", oForwardX11Trusted },
Darren Tuckere7d4b192006-07-12 22:17:10 +1000145 { "exitonforwardfailure", oExitOnForwardFailure },
Damien Millerd3a18572000-06-07 19:55:44 +1000146 { "xauthlocation", oXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100147 { "gatewayports", oGatewayPorts },
148 { "useprivilegedport", oUsePrivilegedPort },
Darren Tuckerec960f22003-08-13 20:37:05 +1000149 { "rhostsauthentication", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100150 { "passwordauthentication", oPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100151 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
152 { "kbdinteractivedevices", oKbdInteractiveDevices },
Damien Miller95def091999-11-25 00:26:21 +1100153 { "rsaauthentication", oRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100154 { "pubkeyauthentication", oPubkeyAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000155 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000156 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
Ben Lindstromd69dab32001-04-12 23:36:05 +0000157 { "hostbasedauthentication", oHostbasedAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000158 { "challengeresponseauthentication", oChallengeResponseAuthentication },
159 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
160 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
Damien Millerf9b3feb2003-05-16 11:38:32 +1000161 { "kerberosauthentication", oUnsupported },
162 { "kerberostgtpassing", oUnsupported },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000163 { "afstokenpassing", oUnsupported },
Darren Tucker0efd1552003-08-26 11:49:55 +1000164#if defined(GSSAPI)
165 { "gssapiauthentication", oGssAuthentication },
Darren Tucker0efd1552003-08-26 11:49:55 +1000166 { "gssapidelegatecredentials", oGssDelegateCreds },
167#else
168 { "gssapiauthentication", oUnsupported },
169 { "gssapidelegatecredentials", oUnsupported },
170#endif
Ben Lindstrom4daea862002-06-09 20:04:02 +0000171 { "fallbacktorsh", oDeprecated },
172 { "usersh", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100173 { "identityfile", oIdentityFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100174 { "identityfile2", oIdentityFile }, /* alias */
Damien Millerbd394c32004-03-08 23:12:36 +1100175 { "identitiesonly", oIdentitiesOnly },
Damien Miller95def091999-11-25 00:26:21 +1100176 { "hostname", oHostName },
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000177 { "hostkeyalias", oHostKeyAlias },
Damien Miller95def091999-11-25 00:26:21 +1100178 { "proxycommand", oProxyCommand },
179 { "port", oPort },
180 { "cipher", oCipher },
Damien Miller78928792000-04-12 20:17:38 +1000181 { "ciphers", oCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000182 { "macs", oMacs },
Damien Miller78928792000-04-12 20:17:38 +1000183 { "protocol", oProtocol },
Damien Miller95def091999-11-25 00:26:21 +1100184 { "remoteforward", oRemoteForward },
185 { "localforward", oLocalForward },
186 { "user", oUser },
187 { "host", oHost },
188 { "escapechar", oEscapeChar },
Damien Miller95def091999-11-25 00:26:21 +1100189 { "globalknownhostsfile", oGlobalKnownHostsFile },
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000190 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
Damien Millereba71ba2000-04-29 23:57:08 +1000191 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000192 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
Damien Miller95def091999-11-25 00:26:21 +1100193 { "connectionattempts", oConnectionAttempts },
194 { "batchmode", oBatchMode },
195 { "checkhostip", oCheckHostIP },
196 { "stricthostkeychecking", oStrictHostKeyChecking },
197 { "compression", oCompression },
198 { "compressionlevel", oCompressionLevel },
Damien Miller12c150e2003-12-17 16:31:10 +1100199 { "tcpkeepalive", oTCPKeepAlive },
200 { "keepalive", oTCPKeepAlive }, /* obsolete */
Damien Miller95def091999-11-25 00:26:21 +1100201 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
Damien Miller95def091999-11-25 00:26:21 +1100202 { "loglevel", oLogLevel },
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000203 { "dynamicforward", oDynamicForward },
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000204 { "preferredauthentications", oPreferredAuthentications },
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000205 { "hostkeyalgorithms", oHostKeyAlgorithms },
Ben Lindstrome0f88042001-04-30 13:06:24 +0000206 { "bindaddress", oBindAddress },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000207#ifdef SMARTCARD
Ben Lindstromae996bf2001-08-06 21:27:53 +0000208 { "smartcarddevice", oSmartcardDevice },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000209#else
210 { "smartcarddevice", oUnsupported },
211#endif
Damien Miller9f0f5c62001-12-21 14:45:46 +1100212 { "clearallforwardings", oClearAllForwardings },
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000213 { "enablesshkeysign", oEnableSSHKeysign },
Damien Miller37876e92003-05-15 10:19:46 +1000214 { "verifyhostkeydns", oVerifyHostKeyDNS },
Damien Miller9f0f5c62001-12-21 14:45:46 +1100215 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
Damien Millera5539d22003-04-09 20:50:06 +1000216 { "rekeylimit", oRekeyLimit },
Damien Millerb78d5eb2003-05-16 11:39:04 +1000217 { "connecttimeout", oConnectTimeout },
Damien Miller20a8f972003-05-18 20:50:30 +1000218 { "addressfamily", oAddressFamily },
Damien Miller509b0102003-12-17 16:33:10 +1100219 { "serveraliveinterval", oServerAliveInterval },
220 { "serveralivecountmax", oServerAliveCountMax },
Darren Tucker46bc0752004-05-02 22:11:30 +1000221 { "sendenv", oSendEnv },
Damien Miller0e220db2004-06-15 10:34:08 +1000222 { "controlpath", oControlPath },
223 { "controlmaster", oControlMaster },
Damien Millere1776152005-03-01 21:47:37 +1100224 { "hashknownhosts", oHashKnownHosts },
Damien Millerd27b9472005-12-13 19:29:02 +1100225 { "tunnel", oTunnel },
226 { "tunneldevice", oTunnelDevice },
227 { "localcommand", oLocalCommand },
228 { "permitlocalcommand", oPermitLocalCommand },
Ben Lindstrom65366a82001-12-06 16:32:47 +0000229 { NULL, oBadOption }
Damien Miller5ce662a1999-11-11 17:57:39 +1100230};
231
Damien Miller5428f641999-11-25 11:54:57 +1100232/*
233 * Adds a local TCP/IP port forward to options. Never returns if there is an
234 * error.
235 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000236
Damien Miller4af51302000-04-16 11:18:38 +1000237void
Damien Millerf91ee4c2005-03-01 21:24:33 +1100238add_local_forward(Options *options, const Forward *newfwd)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000239{
Damien Miller95def091999-11-25 00:26:21 +1100240 Forward *fwd;
Ben Lindstrom99a4e142002-07-09 14:06:40 +0000241#ifndef NO_IPPORT_RESERVED_CONCEPT
Damien Miller95def091999-11-25 00:26:21 +1100242 extern uid_t original_real_uid;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100243 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000244 fatal("Privileged ports can only be forwarded by root.");
Damien Millerbac2d8a2000-09-05 16:13:06 +1100245#endif
Damien Miller95def091999-11-25 00:26:21 +1100246 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
247 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
248 fwd = &options->local_forwards[options->num_local_forwards++];
Damien Millerf91ee4c2005-03-01 21:24:33 +1100249
250 fwd->listen_host = (newfwd->listen_host == NULL) ?
251 NULL : xstrdup(newfwd->listen_host);
252 fwd->listen_port = newfwd->listen_port;
253 fwd->connect_host = xstrdup(newfwd->connect_host);
254 fwd->connect_port = newfwd->connect_port;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000255}
256
Damien Miller5428f641999-11-25 11:54:57 +1100257/*
258 * Adds a remote TCP/IP port forward to options. Never returns if there is
259 * an error.
260 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000261
Damien Miller4af51302000-04-16 11:18:38 +1000262void
Damien Millerf91ee4c2005-03-01 21:24:33 +1100263add_remote_forward(Options *options, const Forward *newfwd)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000264{
Damien Miller95def091999-11-25 00:26:21 +1100265 Forward *fwd;
266 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
267 fatal("Too many remote forwards (max %d).",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100268 SSH_MAX_FORWARDS_PER_DIRECTION);
Damien Miller95def091999-11-25 00:26:21 +1100269 fwd = &options->remote_forwards[options->num_remote_forwards++];
Damien Millerf91ee4c2005-03-01 21:24:33 +1100270
271 fwd->listen_host = (newfwd->listen_host == NULL) ?
272 NULL : xstrdup(newfwd->listen_host);
273 fwd->listen_port = newfwd->listen_port;
274 fwd->connect_host = xstrdup(newfwd->connect_host);
275 fwd->connect_port = newfwd->connect_port;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000276}
277
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000278static void
279clear_forwardings(Options *options)
280{
281 int i;
282
Damien Millerf91ee4c2005-03-01 21:24:33 +1100283 for (i = 0; i < options->num_local_forwards; i++) {
Darren Tucker1d55ca72005-03-14 22:58:40 +1100284 if (options->local_forwards[i].listen_host != NULL)
285 xfree(options->local_forwards[i].listen_host);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100286 xfree(options->local_forwards[i].connect_host);
287 }
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000288 options->num_local_forwards = 0;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100289 for (i = 0; i < options->num_remote_forwards; i++) {
Darren Tucker1d55ca72005-03-14 22:58:40 +1100290 if (options->remote_forwards[i].listen_host != NULL)
291 xfree(options->remote_forwards[i].listen_host);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100292 xfree(options->remote_forwards[i].connect_host);
293 }
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000294 options->num_remote_forwards = 0;
Damien Miller7b58e802005-12-13 19:33:19 +1100295 options->tun_open = SSH_TUNMODE_NO;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000296}
297
Damien Miller5428f641999-11-25 11:54:57 +1100298/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000299 * Returns the number of the token pointed to by cp or oBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100300 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000301
Damien Miller4af51302000-04-16 11:18:38 +1000302static OpCodes
Damien Miller95def091999-11-25 00:26:21 +1100303parse_token(const char *cp, const char *filename, int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000304{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000305 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000306
Damien Miller95def091999-11-25 00:26:21 +1100307 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100308 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100309 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000310
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000311 error("%s: line %d: Bad configuration option: %s",
312 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100313 return oBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000314}
315
Damien Miller5428f641999-11-25 11:54:57 +1100316/*
317 * Processes a single option line as used in the configuration files. This
318 * only sets those values that have not already been set.
319 */
Damien Miller61f08ac2003-02-24 11:56:27 +1100320#define WHITESPACE " \t\r\n"
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000321
Damien Miller2ccf6611999-11-15 15:25:10 +1100322int
323process_config_line(Options *options, const char *host,
Damien Miller95def091999-11-25 00:26:21 +1100324 char *line, const char *filename, int linenum,
325 int *activep)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000326{
Damien Millerf91ee4c2005-03-01 21:24:33 +1100327 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
Damien Millerb59d4fe2006-03-15 11:30:38 +1100328 int opcode, *intptr, value, value2, scale;
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100329 LogLevel *log_level_ptr;
Damien Millerb59d4fe2006-03-15 11:30:38 +1100330 long long orig, val64;
Damien Miller61f08ac2003-02-24 11:56:27 +1100331 size_t len;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100332 Forward fwd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000333
Damien Millerc652cac2003-05-14 13:40:54 +1000334 /* Strip trailing whitespace */
Darren Tucker47eede72005-03-14 23:08:12 +1100335 for (len = strlen(line) - 1; len > 0; len--) {
Damien Millerc652cac2003-05-14 13:40:54 +1000336 if (strchr(WHITESPACE, line[len]) == NULL)
337 break;
338 line[len] = '\0';
339 }
340
Damien Millerbe484b52000-07-15 14:14:16 +1000341 s = line;
342 /* Get the keyword. (Each line is supposed to begin with a keyword). */
Damien Miller928b2362006-03-26 13:53:32 +1100343 if ((keyword = strdelim(&s)) == NULL)
344 return 0;
Damien Millerbe484b52000-07-15 14:14:16 +1000345 /* Ignore leading whitespace. */
346 if (*keyword == '\0')
347 keyword = strdelim(&s);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000348 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
Damien Miller95def091999-11-25 00:26:21 +1100349 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000350
Damien Miller37023962000-07-11 17:31:38 +1000351 opcode = parse_token(keyword, filename, linenum);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000352
Damien Miller95def091999-11-25 00:26:21 +1100353 switch (opcode) {
354 case oBadOption:
Damien Miller5428f641999-11-25 11:54:57 +1100355 /* don't panic, but count bad options */
356 return -1;
Damien Miller95def091999-11-25 00:26:21 +1100357 /* NOTREACHED */
Damien Millerb78d5eb2003-05-16 11:39:04 +1000358 case oConnectTimeout:
359 intptr = &options->connection_timeout;
Damien Miller509b0102003-12-17 16:33:10 +1100360parse_time:
Damien Millerb78d5eb2003-05-16 11:39:04 +1000361 arg = strdelim(&s);
362 if (!arg || *arg == '\0')
363 fatal("%s line %d: missing time value.",
364 filename, linenum);
365 if ((value = convtime(arg)) == -1)
366 fatal("%s line %d: invalid time value.",
367 filename, linenum);
Darren Tuckera52c5b62007-02-19 22:09:45 +1100368 if (*activep && *intptr == -1)
Damien Millerb78d5eb2003-05-16 11:39:04 +1000369 *intptr = value;
370 break;
371
Damien Miller95def091999-11-25 00:26:21 +1100372 case oForwardAgent:
373 intptr = &options->forward_agent;
374parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000375 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000376 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100377 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
378 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000379 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100380 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000381 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100382 value = 0;
383 else
384 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
385 if (*activep && *intptr == -1)
386 *intptr = value;
387 break;
388
389 case oForwardX11:
390 intptr = &options->forward_x11;
391 goto parse_flag;
392
Darren Tucker0a118da2003-10-15 15:54:32 +1000393 case oForwardX11Trusted:
394 intptr = &options->forward_x11_trusted;
395 goto parse_flag;
396
Damien Miller95def091999-11-25 00:26:21 +1100397 case oGatewayPorts:
398 intptr = &options->gateway_ports;
399 goto parse_flag;
400
Darren Tuckere7d4b192006-07-12 22:17:10 +1000401 case oExitOnForwardFailure:
402 intptr = &options->exit_on_forward_failure;
403 goto parse_flag;
404
Damien Miller95def091999-11-25 00:26:21 +1100405 case oUsePrivilegedPort:
406 intptr = &options->use_privileged_port;
407 goto parse_flag;
408
Damien Miller95def091999-11-25 00:26:21 +1100409 case oPasswordAuthentication:
410 intptr = &options->password_authentication;
411 goto parse_flag;
412
Damien Miller874d77b2000-10-14 16:23:11 +1100413 case oKbdInteractiveAuthentication:
414 intptr = &options->kbd_interactive_authentication;
415 goto parse_flag;
416
417 case oKbdInteractiveDevices:
418 charptr = &options->kbd_interactive_devices;
419 goto parse_string;
420
Damien Miller0bc1bd82000-11-13 22:57:25 +1100421 case oPubkeyAuthentication:
422 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000423 goto parse_flag;
424
Damien Miller95def091999-11-25 00:26:21 +1100425 case oRSAAuthentication:
426 intptr = &options->rsa_authentication;
427 goto parse_flag;
428
429 case oRhostsRSAAuthentication:
430 intptr = &options->rhosts_rsa_authentication;
431 goto parse_flag;
432
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000433 case oHostbasedAuthentication:
434 intptr = &options->hostbased_authentication;
435 goto parse_flag;
436
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000437 case oChallengeResponseAuthentication:
Ben Lindstrom551ea372001-06-05 18:56:16 +0000438 intptr = &options->challenge_response_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100439 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000440
Darren Tucker0efd1552003-08-26 11:49:55 +1000441 case oGssAuthentication:
442 intptr = &options->gss_authentication;
443 goto parse_flag;
444
445 case oGssDelegateCreds:
446 intptr = &options->gss_deleg_creds;
447 goto parse_flag;
448
Damien Miller95def091999-11-25 00:26:21 +1100449 case oBatchMode:
450 intptr = &options->batch_mode;
451 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000452
Damien Miller95def091999-11-25 00:26:21 +1100453 case oCheckHostIP:
454 intptr = &options->check_host_ip;
455 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000456
Damien Miller37876e92003-05-15 10:19:46 +1000457 case oVerifyHostKeyDNS:
458 intptr = &options->verify_host_key_dns;
Damien Miller150b5572003-11-17 21:19:29 +1100459 goto parse_yesnoask;
Damien Miller37876e92003-05-15 10:19:46 +1000460
Damien Miller95def091999-11-25 00:26:21 +1100461 case oStrictHostKeyChecking:
462 intptr = &options->strict_host_key_checking;
Damien Miller150b5572003-11-17 21:19:29 +1100463parse_yesnoask:
Damien Millerbe484b52000-07-15 14:14:16 +1000464 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000465 if (!arg || *arg == '\0')
Ben Lindstrom5ed8acd2001-01-29 08:00:54 +0000466 fatal("%.200s line %d: Missing yes/no/ask argument.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100467 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100468 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000469 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100470 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000471 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100472 value = 0;
Damien Miller37023962000-07-11 17:31:38 +1000473 else if (strcmp(arg, "ask") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100474 value = 2;
475 else
476 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
477 if (*activep && *intptr == -1)
478 *intptr = value;
479 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000480
Damien Miller95def091999-11-25 00:26:21 +1100481 case oCompression:
482 intptr = &options->compression;
483 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000484
Damien Miller12c150e2003-12-17 16:31:10 +1100485 case oTCPKeepAlive:
486 intptr = &options->tcp_keep_alive;
Damien Miller95def091999-11-25 00:26:21 +1100487 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000488
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000489 case oNoHostAuthenticationForLocalhost:
490 intptr = &options->no_host_authentication_for_localhost;
491 goto parse_flag;
492
Damien Miller95def091999-11-25 00:26:21 +1100493 case oNumberOfPasswordPrompts:
494 intptr = &options->number_of_password_prompts;
495 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000496
Damien Miller95def091999-11-25 00:26:21 +1100497 case oCompressionLevel:
498 intptr = &options->compression_level;
499 goto parse_int;
500
Damien Millera5539d22003-04-09 20:50:06 +1000501 case oRekeyLimit:
502 intptr = &options->rekey_limit;
503 arg = strdelim(&s);
504 if (!arg || *arg == '\0')
505 fatal("%.200s line %d: Missing argument.", filename, linenum);
506 if (arg[0] < '0' || arg[0] > '9')
507 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Millerb59d4fe2006-03-15 11:30:38 +1100508 orig = val64 = strtoll(arg, &endofnumber, 10);
Damien Millera5539d22003-04-09 20:50:06 +1000509 if (arg == endofnumber)
510 fatal("%.200s line %d: Bad number.", filename, linenum);
511 switch (toupper(*endofnumber)) {
Damien Millerb59d4fe2006-03-15 11:30:38 +1100512 case '\0':
513 scale = 1;
514 break;
Damien Millera5539d22003-04-09 20:50:06 +1000515 case 'K':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100516 scale = 1<<10;
Damien Millera5539d22003-04-09 20:50:06 +1000517 break;
518 case 'M':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100519 scale = 1<<20;
Damien Millera5539d22003-04-09 20:50:06 +1000520 break;
521 case 'G':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100522 scale = 1<<30;
Damien Millera5539d22003-04-09 20:50:06 +1000523 break;
Damien Millerb59d4fe2006-03-15 11:30:38 +1100524 default:
525 fatal("%.200s line %d: Invalid RekeyLimit suffix",
526 filename, linenum);
Damien Millera5539d22003-04-09 20:50:06 +1000527 }
Damien Millerb59d4fe2006-03-15 11:30:38 +1100528 val64 *= scale;
529 /* detect integer wrap and too-large limits */
530 if ((val64 / scale) != orig || val64 > INT_MAX)
531 fatal("%.200s line %d: RekeyLimit too large",
532 filename, linenum);
533 if (val64 < 16)
534 fatal("%.200s line %d: RekeyLimit too small",
535 filename, linenum);
Damien Millera5539d22003-04-09 20:50:06 +1000536 if (*activep && *intptr == -1)
Damien Millerb59d4fe2006-03-15 11:30:38 +1100537 *intptr = (int)val64;
Damien Millera5539d22003-04-09 20:50:06 +1000538 break;
539
Damien Miller95def091999-11-25 00:26:21 +1100540 case oIdentityFile:
Damien Millerbe484b52000-07-15 14:14:16 +1000541 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000542 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100543 fatal("%.200s line %d: Missing argument.", filename, linenum);
544 if (*activep) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100545 intptr = &options->num_identity_files;
Damien Millereba71ba2000-04-29 23:57:08 +1000546 if (*intptr >= SSH_MAX_IDENTITY_FILES)
Damien Miller95def091999-11-25 00:26:21 +1100547 fatal("%.200s line %d: Too many identity files specified (max %d).",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100548 filename, linenum, SSH_MAX_IDENTITY_FILES);
Darren Tuckercb0e1752007-02-19 22:12:53 +1100549 charptr = &options->identity_files[*intptr];
Damien Miller37023962000-07-11 17:31:38 +1000550 *charptr = xstrdup(arg);
Damien Millereba71ba2000-04-29 23:57:08 +1000551 *intptr = *intptr + 1;
Damien Miller95def091999-11-25 00:26:21 +1100552 }
553 break;
554
Damien Millerd3a18572000-06-07 19:55:44 +1000555 case oXAuthLocation:
556 charptr=&options->xauth_location;
557 goto parse_string;
558
Damien Miller95def091999-11-25 00:26:21 +1100559 case oUser:
560 charptr = &options->user;
561parse_string:
Damien Millerbe484b52000-07-15 14:14:16 +1000562 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000563 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100564 fatal("%.200s line %d: Missing argument.", filename, linenum);
565 if (*activep && *charptr == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000566 *charptr = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100567 break;
568
569 case oGlobalKnownHostsFile:
570 charptr = &options->system_hostfile;
571 goto parse_string;
572
573 case oUserKnownHostsFile:
574 charptr = &options->user_hostfile;
575 goto parse_string;
576
Damien Millereba71ba2000-04-29 23:57:08 +1000577 case oGlobalKnownHostsFile2:
578 charptr = &options->system_hostfile2;
579 goto parse_string;
580
581 case oUserKnownHostsFile2:
582 charptr = &options->user_hostfile2;
583 goto parse_string;
584
Damien Miller95def091999-11-25 00:26:21 +1100585 case oHostName:
586 charptr = &options->hostname;
587 goto parse_string;
588
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000589 case oHostKeyAlias:
590 charptr = &options->host_key_alias;
591 goto parse_string;
592
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000593 case oPreferredAuthentications:
594 charptr = &options->preferred_authentications;
595 goto parse_string;
596
Ben Lindstrome0f88042001-04-30 13:06:24 +0000597 case oBindAddress:
598 charptr = &options->bind_address;
599 goto parse_string;
600
Ben Lindstromae996bf2001-08-06 21:27:53 +0000601 case oSmartcardDevice:
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000602 charptr = &options->smartcard_device;
603 goto parse_string;
Ben Lindstromae996bf2001-08-06 21:27:53 +0000604
Damien Miller95def091999-11-25 00:26:21 +1100605 case oProxyCommand:
Damien Millerd27b9472005-12-13 19:29:02 +1100606 charptr = &options->proxy_command;
607parse_command:
Darren Tuckera99c1b72003-06-28 12:40:12 +1000608 if (s == NULL)
609 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller61f08ac2003-02-24 11:56:27 +1100610 len = strspn(s, WHITESPACE "=");
Damien Miller95def091999-11-25 00:26:21 +1100611 if (*activep && *charptr == NULL)
Damien Miller61f08ac2003-02-24 11:56:27 +1100612 *charptr = xstrdup(s + len);
Damien Miller95def091999-11-25 00:26:21 +1100613 return 0;
614
615 case oPort:
616 intptr = &options->port;
617parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000618 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000619 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100620 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000621 if (arg[0] < '0' || arg[0] > '9')
Damien Miller95def091999-11-25 00:26:21 +1100622 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller5428f641999-11-25 11:54:57 +1100623
624 /* Octal, decimal, or hex format? */
Damien Miller37023962000-07-11 17:31:38 +1000625 value = strtol(arg, &endofnumber, 0);
626 if (arg == endofnumber)
Damien Miller5428f641999-11-25 11:54:57 +1100627 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100628 if (*activep && *intptr == -1)
629 *intptr = value;
630 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000631
Damien Miller95def091999-11-25 00:26:21 +1100632 case oConnectionAttempts:
633 intptr = &options->connection_attempts;
634 goto parse_int;
Damien Miller5ce662a1999-11-11 17:57:39 +1100635
Damien Miller95def091999-11-25 00:26:21 +1100636 case oCipher:
637 intptr = &options->cipher;
Damien Millerbe484b52000-07-15 14:14:16 +1000638 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000639 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000640 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000641 value = cipher_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100642 if (value == -1)
643 fatal("%.200s line %d: Bad cipher '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100644 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100645 if (*activep && *intptr == -1)
646 *intptr = value;
647 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000648
Damien Miller78928792000-04-12 20:17:38 +1000649 case oCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000650 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000651 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000652 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000653 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000654 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100655 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000656 if (*activep && options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000657 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000658 break;
659
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000660 case oMacs:
661 arg = strdelim(&s);
662 if (!arg || *arg == '\0')
663 fatal("%.200s line %d: Missing argument.", filename, linenum);
664 if (!mac_valid(arg))
665 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100666 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000667 if (*activep && options->macs == NULL)
668 options->macs = xstrdup(arg);
669 break;
670
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000671 case oHostKeyAlgorithms:
672 arg = strdelim(&s);
673 if (!arg || *arg == '\0')
674 fatal("%.200s line %d: Missing argument.", filename, linenum);
675 if (!key_names_valid2(arg))
676 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100677 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000678 if (*activep && options->hostkeyalgorithms == NULL)
679 options->hostkeyalgorithms = xstrdup(arg);
680 break;
681
Damien Miller78928792000-04-12 20:17:38 +1000682 case oProtocol:
683 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000684 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000685 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000686 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000687 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000688 if (value == SSH_PROTO_UNKNOWN)
689 fatal("%.200s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100690 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000691 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
692 *intptr = value;
693 break;
694
Damien Miller95def091999-11-25 00:26:21 +1100695 case oLogLevel:
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100696 log_level_ptr = &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000697 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000698 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100699 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000700 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100701 filename, linenum, arg ? arg : "<NONE>");
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100702 if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
703 *log_level_ptr = (LogLevel) value;
Damien Miller95def091999-11-25 00:26:21 +1100704 break;
705
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000706 case oLocalForward:
Damien Miller95def091999-11-25 00:26:21 +1100707 case oRemoteForward:
Damien Millerbe484b52000-07-15 14:14:16 +1000708 arg = strdelim(&s);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100709 if (arg == NULL || *arg == '\0')
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000710 fatal("%.200s line %d: Missing port argument.",
711 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100712 arg2 = strdelim(&s);
713 if (arg2 == NULL || *arg2 == '\0')
714 fatal("%.200s line %d: Missing target argument.",
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000715 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100716
717 /* construct a string for parse_forward */
718 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
719
720 if (parse_forward(&fwd, fwdarg) == 0)
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000721 fatal("%.200s line %d: Bad forwarding specification.",
722 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100723
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000724 if (*activep) {
725 if (opcode == oLocalForward)
Damien Millerf91ee4c2005-03-01 21:24:33 +1100726 add_local_forward(options, &fwd);
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000727 else if (opcode == oRemoteForward)
Damien Millerf91ee4c2005-03-01 21:24:33 +1100728 add_remote_forward(options, &fwd);
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000729 }
Damien Miller95def091999-11-25 00:26:21 +1100730 break;
731
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000732 case oDynamicForward:
733 arg = strdelim(&s);
734 if (!arg || *arg == '\0')
735 fatal("%.200s line %d: Missing port argument.",
736 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100737 memset(&fwd, '\0', sizeof(fwd));
738 fwd.connect_host = "socks";
739 fwd.listen_host = hpdelim(&arg);
740 if (fwd.listen_host == NULL ||
741 strlen(fwd.listen_host) >= NI_MAXHOST)
742 fatal("%.200s line %d: Bad forwarding specification.",
743 filename, linenum);
744 if (arg) {
745 fwd.listen_port = a2port(arg);
746 fwd.listen_host = cleanhostname(fwd.listen_host);
747 } else {
748 fwd.listen_port = a2port(fwd.listen_host);
Damien Miller43f6db62005-08-12 22:11:18 +1000749 fwd.listen_host = NULL;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100750 }
751 if (fwd.listen_port == 0)
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000752 fatal("%.200s line %d: Badly formatted port number.",
753 filename, linenum);
Ben Lindstrom525a0932001-09-12 17:35:27 +0000754 if (*activep)
Damien Millerf91ee4c2005-03-01 21:24:33 +1100755 add_local_forward(options, &fwd);
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000756 break;
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000757
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000758 case oClearAllForwardings:
759 intptr = &options->clear_forwardings;
760 goto parse_flag;
761
Damien Miller95def091999-11-25 00:26:21 +1100762 case oHost:
763 *activep = 0;
Damien Millerbe484b52000-07-15 14:14:16 +1000764 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
Damien Miller37023962000-07-11 17:31:38 +1000765 if (match_pattern(host, arg)) {
766 debug("Applying options for %.100s", arg);
Damien Miller95def091999-11-25 00:26:21 +1100767 *activep = 1;
768 break;
769 }
Damien Millerbe484b52000-07-15 14:14:16 +1000770 /* Avoid garbage check below, as strdelim is done. */
Damien Miller95def091999-11-25 00:26:21 +1100771 return 0;
772
773 case oEscapeChar:
774 intptr = &options->escape_char;
Damien Millerbe484b52000-07-15 14:14:16 +1000775 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000776 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100777 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000778 if (arg[0] == '^' && arg[2] == 0 &&
Ben Lindstrom46c16222000-12-22 01:43:59 +0000779 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
780 value = (u_char) arg[1] & 31;
Damien Miller37023962000-07-11 17:31:38 +1000781 else if (strlen(arg) == 1)
Ben Lindstrom46c16222000-12-22 01:43:59 +0000782 value = (u_char) arg[0];
Damien Miller37023962000-07-11 17:31:38 +1000783 else if (strcmp(arg, "none") == 0)
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +0000784 value = SSH_ESCAPECHAR_NONE;
Damien Miller95def091999-11-25 00:26:21 +1100785 else {
786 fatal("%.200s line %d: Bad escape character.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100787 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100788 /* NOTREACHED */
789 value = 0; /* Avoid compiler warning. */
790 }
791 if (*activep && *intptr == -1)
792 *intptr = value;
793 break;
794
Damien Miller20a8f972003-05-18 20:50:30 +1000795 case oAddressFamily:
796 arg = strdelim(&s);
Damien Miller17b23d82005-05-26 12:11:56 +1000797 if (!arg || *arg == '\0')
798 fatal("%s line %d: missing address family.",
799 filename, linenum);
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000800 intptr = &options->address_family;
Damien Miller20a8f972003-05-18 20:50:30 +1000801 if (strcasecmp(arg, "inet") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000802 value = AF_INET;
Damien Miller20a8f972003-05-18 20:50:30 +1000803 else if (strcasecmp(arg, "inet6") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000804 value = AF_INET6;
Damien Miller20a8f972003-05-18 20:50:30 +1000805 else if (strcasecmp(arg, "any") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000806 value = AF_UNSPEC;
Damien Miller20a8f972003-05-18 20:50:30 +1000807 else
808 fatal("Unsupported AddressFamily \"%s\"", arg);
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000809 if (*activep && *intptr == -1)
810 *intptr = value;
Damien Miller20a8f972003-05-18 20:50:30 +1000811 break;
812
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000813 case oEnableSSHKeysign:
814 intptr = &options->enable_ssh_keysign;
815 goto parse_flag;
816
Damien Millerbd394c32004-03-08 23:12:36 +1100817 case oIdentitiesOnly:
818 intptr = &options->identities_only;
819 goto parse_flag;
820
Damien Miller509b0102003-12-17 16:33:10 +1100821 case oServerAliveInterval:
822 intptr = &options->server_alive_interval;
823 goto parse_time;
824
825 case oServerAliveCountMax:
826 intptr = &options->server_alive_count_max;
827 goto parse_int;
828
Darren Tucker46bc0752004-05-02 22:11:30 +1000829 case oSendEnv:
830 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
831 if (strchr(arg, '=') != NULL)
832 fatal("%s line %d: Invalid environment name.",
833 filename, linenum);
Damien Millerf8e7acc2005-03-05 11:22:50 +1100834 if (!*activep)
835 continue;
Darren Tucker46bc0752004-05-02 22:11:30 +1000836 if (options->num_send_env >= MAX_SEND_ENV)
837 fatal("%s line %d: too many send env.",
838 filename, linenum);
839 options->send_env[options->num_send_env++] =
840 xstrdup(arg);
841 }
842 break;
843
Damien Miller0e220db2004-06-15 10:34:08 +1000844 case oControlPath:
845 charptr = &options->control_path;
846 goto parse_string;
847
848 case oControlMaster:
849 intptr = &options->control_master;
Damien Millerd14b1e72005-06-16 13:19:41 +1000850 arg = strdelim(&s);
851 if (!arg || *arg == '\0')
852 fatal("%.200s line %d: Missing ControlMaster argument.",
853 filename, linenum);
854 value = 0; /* To avoid compiler warning... */
855 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
856 value = SSHCTL_MASTER_YES;
857 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
858 value = SSHCTL_MASTER_NO;
859 else if (strcmp(arg, "auto") == 0)
860 value = SSHCTL_MASTER_AUTO;
861 else if (strcmp(arg, "ask") == 0)
862 value = SSHCTL_MASTER_ASK;
863 else if (strcmp(arg, "autoask") == 0)
864 value = SSHCTL_MASTER_AUTO_ASK;
865 else
866 fatal("%.200s line %d: Bad ControlMaster argument.",
867 filename, linenum);
868 if (*activep && *intptr == -1)
869 *intptr = value;
870 break;
Damien Miller0e220db2004-06-15 10:34:08 +1000871
Damien Millere1776152005-03-01 21:47:37 +1100872 case oHashKnownHosts:
873 intptr = &options->hash_known_hosts;
874 goto parse_flag;
875
Damien Millerd27b9472005-12-13 19:29:02 +1100876 case oTunnel:
877 intptr = &options->tun_open;
Damien Miller7b58e802005-12-13 19:33:19 +1100878 arg = strdelim(&s);
879 if (!arg || *arg == '\0')
880 fatal("%s line %d: Missing yes/point-to-point/"
881 "ethernet/no argument.", filename, linenum);
882 value = 0; /* silence compiler */
883 if (strcasecmp(arg, "ethernet") == 0)
884 value = SSH_TUNMODE_ETHERNET;
885 else if (strcasecmp(arg, "point-to-point") == 0)
886 value = SSH_TUNMODE_POINTOPOINT;
887 else if (strcasecmp(arg, "yes") == 0)
888 value = SSH_TUNMODE_DEFAULT;
889 else if (strcasecmp(arg, "no") == 0)
890 value = SSH_TUNMODE_NO;
891 else
892 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
893 "no argument: %s", filename, linenum, arg);
894 if (*activep)
895 *intptr = value;
896 break;
Damien Millerd27b9472005-12-13 19:29:02 +1100897
898 case oTunnelDevice:
899 arg = strdelim(&s);
900 if (!arg || *arg == '\0')
901 fatal("%.200s line %d: Missing argument.", filename, linenum);
902 value = a2tun(arg, &value2);
Damien Miller7b58e802005-12-13 19:33:19 +1100903 if (value == SSH_TUNID_ERR)
Damien Millerd27b9472005-12-13 19:29:02 +1100904 fatal("%.200s line %d: Bad tun device.", filename, linenum);
905 if (*activep) {
906 options->tun_local = value;
907 options->tun_remote = value2;
908 }
909 break;
910
911 case oLocalCommand:
912 charptr = &options->local_command;
913 goto parse_command;
914
915 case oPermitLocalCommand:
916 intptr = &options->permit_local_command;
917 goto parse_flag;
918
Ben Lindstrom4daea862002-06-09 20:04:02 +0000919 case oDeprecated:
Ben Lindstrom2e17b082002-06-09 20:13:27 +0000920 debug("%s line %d: Deprecated option \"%s\"",
Ben Lindstrom4daea862002-06-09 20:04:02 +0000921 filename, linenum, keyword);
Ben Lindstrom2e17b082002-06-09 20:13:27 +0000922 return 0;
Ben Lindstrom4daea862002-06-09 20:04:02 +0000923
Damien Millerf9b3feb2003-05-16 11:38:32 +1000924 case oUnsupported:
925 error("%s line %d: Unsupported option \"%s\"",
926 filename, linenum, keyword);
927 return 0;
928
Damien Miller95def091999-11-25 00:26:21 +1100929 default:
930 fatal("process_config_line: Unimplemented opcode %d", opcode);
931 }
932
933 /* Check that there is no garbage at end of line. */
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000934 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
Damien Miller37023962000-07-11 17:31:38 +1000935 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
Damien Miller0dc1bef2005-07-17 17:22:45 +1000936 filename, linenum, arg);
Damien Miller37023962000-07-11 17:31:38 +1000937 }
Damien Miller95def091999-11-25 00:26:21 +1100938 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000939}
940
941
Damien Miller5428f641999-11-25 11:54:57 +1100942/*
943 * Reads the config file and modifies the options accordingly. Options
944 * should already be initialized before this call. This never returns if
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000945 * there is an error. If the file does not exist, this returns 0.
Damien Miller5428f641999-11-25 11:54:57 +1100946 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000947
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000948int
Darren Tuckerfc959702004-07-17 16:12:08 +1000949read_config_file(const char *filename, const char *host, Options *options,
Damien Miller57a44762004-04-20 20:11:57 +1000950 int checkperm)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000951{
Damien Miller95def091999-11-25 00:26:21 +1100952 FILE *f;
953 char line[1024];
954 int active, linenum;
955 int bad_options = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000956
Damien Miller95def091999-11-25 00:26:21 +1100957 /* Open the file. */
Damien Miller57a44762004-04-20 20:11:57 +1000958 if ((f = fopen(filename, "r")) == NULL)
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000959 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000960
Damien Miller57a44762004-04-20 20:11:57 +1000961 if (checkperm) {
962 struct stat sb;
Darren Tuckerfc959702004-07-17 16:12:08 +1000963
Damien Miller33793852004-06-15 10:27:55 +1000964 if (fstat(fileno(f), &sb) == -1)
Damien Miller57a44762004-04-20 20:11:57 +1000965 fatal("fstat %s: %s", filename, strerror(errno));
Damien Miller57a44762004-04-20 20:11:57 +1000966 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
Damien Miller33793852004-06-15 10:27:55 +1000967 (sb.st_mode & 022) != 0))
Damien Miller57a44762004-04-20 20:11:57 +1000968 fatal("Bad owner or permissions on %s", filename);
Damien Miller57a44762004-04-20 20:11:57 +1000969 }
970
Damien Miller95def091999-11-25 00:26:21 +1100971 debug("Reading configuration data %.200s", filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000972
Damien Miller5428f641999-11-25 11:54:57 +1100973 /*
974 * Mark that we are now processing the options. This flag is turned
975 * on/off by Host specifications.
976 */
Damien Miller95def091999-11-25 00:26:21 +1100977 active = 1;
978 linenum = 0;
979 while (fgets(line, sizeof(line), f)) {
980 /* Update line number counter. */
981 linenum++;
982 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
983 bad_options++;
984 }
985 fclose(f);
986 if (bad_options > 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000987 fatal("%s: terminating, %d bad configuration options",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100988 filename, bad_options);
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000989 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000990}
991
Damien Miller5428f641999-11-25 11:54:57 +1100992/*
993 * Initializes options to special values that indicate that they have not yet
994 * been set. Read_config_file will only set options with this value. Options
995 * are processed in the following order: command line, user config file,
996 * system config file. Last, fill_default_options is called.
997 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000998
Damien Miller4af51302000-04-16 11:18:38 +1000999void
Damien Miller95def091999-11-25 00:26:21 +11001000initialize_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001001{
Damien Miller95def091999-11-25 00:26:21 +11001002 memset(options, 'X', sizeof(*options));
1003 options->forward_agent = -1;
1004 options->forward_x11 = -1;
Darren Tucker0a118da2003-10-15 15:54:32 +10001005 options->forward_x11_trusted = -1;
Darren Tuckere7d4b192006-07-12 22:17:10 +10001006 options->exit_on_forward_failure = -1;
Damien Millerd3a18572000-06-07 19:55:44 +10001007 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001008 options->gateway_ports = -1;
1009 options->use_privileged_port = -1;
Damien Miller95def091999-11-25 00:26:21 +11001010 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001011 options->pubkey_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +00001012 options->challenge_response_authentication = -1;
Darren Tucker0efd1552003-08-26 11:49:55 +10001013 options->gss_authentication = -1;
1014 options->gss_deleg_creds = -1;
Damien Miller95def091999-11-25 00:26:21 +11001015 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +11001016 options->kbd_interactive_authentication = -1;
1017 options->kbd_interactive_devices = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001018 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +00001019 options->hostbased_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +11001020 options->batch_mode = -1;
1021 options->check_host_ip = -1;
1022 options->strict_host_key_checking = -1;
1023 options->compression = -1;
Damien Miller12c150e2003-12-17 16:31:10 +11001024 options->tcp_keep_alive = -1;
Damien Miller95def091999-11-25 00:26:21 +11001025 options->compression_level = -1;
1026 options->port = -1;
Darren Tucker0a4f04b2003-07-03 20:37:47 +10001027 options->address_family = -1;
Damien Miller95def091999-11-25 00:26:21 +11001028 options->connection_attempts = -1;
Damien Millerb78d5eb2003-05-16 11:39:04 +10001029 options->connection_timeout = -1;
Damien Miller95def091999-11-25 00:26:21 +11001030 options->number_of_password_prompts = -1;
1031 options->cipher = -1;
Damien Miller78928792000-04-12 20:17:38 +10001032 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +00001033 options->macs = NULL;
Ben Lindstrom982dbbc2001-04-17 18:11:36 +00001034 options->hostkeyalgorithms = NULL;
Damien Miller78928792000-04-12 20:17:38 +10001035 options->protocol = SSH_PROTO_UNKNOWN;
Damien Miller95def091999-11-25 00:26:21 +11001036 options->num_identity_files = 0;
1037 options->hostname = NULL;
Ben Lindstrom4dccfa52000-12-28 16:40:05 +00001038 options->host_key_alias = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001039 options->proxy_command = NULL;
1040 options->user = NULL;
1041 options->escape_char = -1;
1042 options->system_hostfile = NULL;
1043 options->user_hostfile = NULL;
Damien Millereba71ba2000-04-29 23:57:08 +10001044 options->system_hostfile2 = NULL;
1045 options->user_hostfile2 = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001046 options->num_local_forwards = 0;
1047 options->num_remote_forwards = 0;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +00001048 options->clear_forwardings = -1;
Damien Millerfcd93202002-02-05 12:26:34 +11001049 options->log_level = SYSLOG_LEVEL_NOT_SET;
Ben Lindstromb9be60a2001-03-11 01:49:19 +00001050 options->preferred_authentications = NULL;
Ben Lindstrome0f88042001-04-30 13:06:24 +00001051 options->bind_address = NULL;
Ben Lindstromf7db3bb2001-08-06 21:35:51 +00001052 options->smartcard_device = NULL;
Ben Lindstromb6df73b2002-11-09 15:52:31 +00001053 options->enable_ssh_keysign = - 1;
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +00001054 options->no_host_authentication_for_localhost = - 1;
Damien Millerbd394c32004-03-08 23:12:36 +11001055 options->identities_only = - 1;
Damien Millera5539d22003-04-09 20:50:06 +10001056 options->rekey_limit = - 1;
Damien Miller37876e92003-05-15 10:19:46 +10001057 options->verify_host_key_dns = -1;
Damien Miller509b0102003-12-17 16:33:10 +11001058 options->server_alive_interval = -1;
1059 options->server_alive_count_max = -1;
Darren Tucker46bc0752004-05-02 22:11:30 +10001060 options->num_send_env = 0;
Damien Miller0e220db2004-06-15 10:34:08 +10001061 options->control_path = NULL;
1062 options->control_master = -1;
Damien Millere1776152005-03-01 21:47:37 +11001063 options->hash_known_hosts = -1;
Damien Millerd27b9472005-12-13 19:29:02 +11001064 options->tun_open = -1;
1065 options->tun_local = -1;
1066 options->tun_remote = -1;
1067 options->local_command = NULL;
1068 options->permit_local_command = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001069}
1070
Damien Miller5428f641999-11-25 11:54:57 +11001071/*
1072 * Called after processing other sources of option data, this fills those
1073 * options for which no value has been specified with their default values.
1074 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001075
Damien Miller4af51302000-04-16 11:18:38 +10001076void
Damien Miller95def091999-11-25 00:26:21 +11001077fill_default_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001078{
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001079 int len;
1080
Damien Miller95def091999-11-25 00:26:21 +11001081 if (options->forward_agent == -1)
Damien Millerb1715dc2000-05-30 13:44:51 +10001082 options->forward_agent = 0;
Damien Miller95def091999-11-25 00:26:21 +11001083 if (options->forward_x11 == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +11001084 options->forward_x11 = 0;
Darren Tucker0a118da2003-10-15 15:54:32 +10001085 if (options->forward_x11_trusted == -1)
1086 options->forward_x11_trusted = 0;
Darren Tuckere7d4b192006-07-12 22:17:10 +10001087 if (options->exit_on_forward_failure == -1)
1088 options->exit_on_forward_failure = 0;
Damien Millerd3a18572000-06-07 19:55:44 +10001089 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +00001090 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +11001091 if (options->gateway_ports == -1)
1092 options->gateway_ports = 0;
1093 if (options->use_privileged_port == -1)
Ben Lindstromcebc8582001-03-08 03:39:10 +00001094 options->use_privileged_port = 0;
Damien Miller95def091999-11-25 00:26:21 +11001095 if (options->rsa_authentication == -1)
1096 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001097 if (options->pubkey_authentication == -1)
1098 options->pubkey_authentication = 1;
Ben Lindstrom551ea372001-06-05 18:56:16 +00001099 if (options->challenge_response_authentication == -1)
Ben Lindstrom0076d752001-08-06 20:53:26 +00001100 options->challenge_response_authentication = 1;
Darren Tucker0efd1552003-08-26 11:49:55 +10001101 if (options->gss_authentication == -1)
Darren Tuckera044f472003-10-15 15:52:03 +10001102 options->gss_authentication = 0;
Darren Tucker0efd1552003-08-26 11:49:55 +10001103 if (options->gss_deleg_creds == -1)
1104 options->gss_deleg_creds = 0;
Damien Miller95def091999-11-25 00:26:21 +11001105 if (options->password_authentication == -1)
1106 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +11001107 if (options->kbd_interactive_authentication == -1)
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +00001108 options->kbd_interactive_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +11001109 if (options->rhosts_rsa_authentication == -1)
Ben Lindstrom2bf82762002-06-11 15:53:05 +00001110 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +00001111 if (options->hostbased_authentication == -1)
1112 options->hostbased_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +11001113 if (options->batch_mode == -1)
1114 options->batch_mode = 0;
1115 if (options->check_host_ip == -1)
1116 options->check_host_ip = 1;
1117 if (options->strict_host_key_checking == -1)
1118 options->strict_host_key_checking = 2; /* 2 is default */
1119 if (options->compression == -1)
1120 options->compression = 0;
Damien Miller12c150e2003-12-17 16:31:10 +11001121 if (options->tcp_keep_alive == -1)
1122 options->tcp_keep_alive = 1;
Damien Miller95def091999-11-25 00:26:21 +11001123 if (options->compression_level == -1)
1124 options->compression_level = 6;
1125 if (options->port == -1)
1126 options->port = 0; /* Filled in ssh_connect. */
Darren Tucker0a4f04b2003-07-03 20:37:47 +10001127 if (options->address_family == -1)
1128 options->address_family = AF_UNSPEC;
Damien Miller95def091999-11-25 00:26:21 +11001129 if (options->connection_attempts == -1)
Ben Lindstromf9cedb92001-08-06 21:07:11 +00001130 options->connection_attempts = 1;
Damien Miller95def091999-11-25 00:26:21 +11001131 if (options->number_of_password_prompts == -1)
1132 options->number_of_password_prompts = 3;
1133 /* Selected in ssh_login(). */
1134 if (options->cipher == -1)
1135 options->cipher = SSH_CIPHER_NOT_SET;
Damien Miller30c3d422000-05-09 11:02:59 +10001136 /* options->ciphers, default set in myproposals.h */
Ben Lindstrom06b33aa2001-02-15 03:01:59 +00001137 /* options->macs, default set in myproposals.h */
Ben Lindstrom982dbbc2001-04-17 18:11:36 +00001138 /* options->hostkeyalgorithms, default set in myproposals.h */
Damien Miller78928792000-04-12 20:17:38 +10001139 if (options->protocol == SSH_PROTO_UNKNOWN)
Ben Lindstrom6b776432001-03-22 01:24:04 +00001140 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
Damien Miller95def091999-11-25 00:26:21 +11001141 if (options->num_identity_files == 0) {
Damien Miller0bc1bd82000-11-13 22:57:25 +11001142 if (options->protocol & SSH_PROTO_1) {
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001143 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001144 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001145 xmalloc(len);
1146 snprintf(options->identity_files[options->num_identity_files++],
1147 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
Damien Miller0bc1bd82000-11-13 22:57:25 +11001148 }
1149 if (options->protocol & SSH_PROTO_2) {
Ben Lindstromb00d4fb2001-03-05 06:03:03 +00001150 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1151 options->identity_files[options->num_identity_files] =
1152 xmalloc(len);
1153 snprintf(options->identity_files[options->num_identity_files++],
1154 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1155
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001156 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001157 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001158 xmalloc(len);
1159 snprintf(options->identity_files[options->num_identity_files++],
1160 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
Damien Miller0bc1bd82000-11-13 22:57:25 +11001161 }
Damien Millereba71ba2000-04-29 23:57:08 +10001162 }
Damien Miller95def091999-11-25 00:26:21 +11001163 if (options->escape_char == -1)
1164 options->escape_char = '~';
1165 if (options->system_hostfile == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +00001166 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
Damien Miller95def091999-11-25 00:26:21 +11001167 if (options->user_hostfile == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +00001168 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
Damien Millereba71ba2000-04-29 23:57:08 +10001169 if (options->system_hostfile2 == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +00001170 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
Damien Millereba71ba2000-04-29 23:57:08 +10001171 if (options->user_hostfile2 == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +00001172 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
Damien Millerfcd93202002-02-05 12:26:34 +11001173 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +00001174 options->log_level = SYSLOG_LEVEL_INFO;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +00001175 if (options->clear_forwardings == 1)
1176 clear_forwardings(options);
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +00001177 if (options->no_host_authentication_for_localhost == - 1)
1178 options->no_host_authentication_for_localhost = 0;
Damien Millerbd394c32004-03-08 23:12:36 +11001179 if (options->identities_only == -1)
1180 options->identities_only = 0;
Ben Lindstromb6df73b2002-11-09 15:52:31 +00001181 if (options->enable_ssh_keysign == -1)
1182 options->enable_ssh_keysign = 0;
Damien Millera5539d22003-04-09 20:50:06 +10001183 if (options->rekey_limit == -1)
1184 options->rekey_limit = 0;
Damien Miller37876e92003-05-15 10:19:46 +10001185 if (options->verify_host_key_dns == -1)
1186 options->verify_host_key_dns = 0;
Damien Miller509b0102003-12-17 16:33:10 +11001187 if (options->server_alive_interval == -1)
1188 options->server_alive_interval = 0;
1189 if (options->server_alive_count_max == -1)
1190 options->server_alive_count_max = 3;
Damien Miller0e220db2004-06-15 10:34:08 +10001191 if (options->control_master == -1)
1192 options->control_master = 0;
Damien Millere1776152005-03-01 21:47:37 +11001193 if (options->hash_known_hosts == -1)
1194 options->hash_known_hosts = 0;
Damien Millerd27b9472005-12-13 19:29:02 +11001195 if (options->tun_open == -1)
Damien Miller7b58e802005-12-13 19:33:19 +11001196 options->tun_open = SSH_TUNMODE_NO;
1197 if (options->tun_local == -1)
1198 options->tun_local = SSH_TUNID_ANY;
1199 if (options->tun_remote == -1)
1200 options->tun_remote = SSH_TUNID_ANY;
Damien Millerd27b9472005-12-13 19:29:02 +11001201 if (options->permit_local_command == -1)
1202 options->permit_local_command = 0;
1203 /* options->local_command should not be set by default */
Damien Miller95def091999-11-25 00:26:21 +11001204 /* options->proxy_command should not be set by default */
1205 /* options->user will be set in the main program if appropriate */
1206 /* options->hostname will be set in the main program if appropriate */
Ben Lindstrom4dccfa52000-12-28 16:40:05 +00001207 /* options->host_key_alias should not be set by default */
Ben Lindstromb9be60a2001-03-11 01:49:19 +00001208 /* options->preferred_authentications will be set in ssh */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001209}
Damien Millerf91ee4c2005-03-01 21:24:33 +11001210
1211/*
1212 * parse_forward
1213 * parses a string containing a port forwarding specification of the form:
1214 * [listenhost:]listenport:connecthost:connectport
1215 * returns number of arguments parsed or zero on error
1216 */
1217int
1218parse_forward(Forward *fwd, const char *fwdspec)
1219{
1220 int i;
1221 char *p, *cp, *fwdarg[4];
1222
1223 memset(fwd, '\0', sizeof(*fwd));
1224
1225 cp = p = xstrdup(fwdspec);
1226
1227 /* skip leading spaces */
Darren Tucker03b1cdb2007-03-21 20:46:03 +11001228 while (isspace(*cp))
Damien Millerf91ee4c2005-03-01 21:24:33 +11001229 cp++;
1230
1231 for (i = 0; i < 4; ++i)
1232 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1233 break;
1234
1235 /* Check for trailing garbage in 4-arg case*/
1236 if (cp != NULL)
1237 i = 0; /* failure */
1238
1239 switch (i) {
1240 case 3:
1241 fwd->listen_host = NULL;
1242 fwd->listen_port = a2port(fwdarg[0]);
1243 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1244 fwd->connect_port = a2port(fwdarg[2]);
1245 break;
1246
1247 case 4:
1248 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1249 fwd->listen_port = a2port(fwdarg[1]);
1250 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1251 fwd->connect_port = a2port(fwdarg[3]);
1252 break;
1253 default:
1254 i = 0; /* failure */
1255 }
1256
1257 xfree(p);
1258
Damien Miller5a4456c2007-10-26 14:27:22 +10001259 if (fwd->listen_port == 0 || fwd->connect_port == 0)
Damien Millerf91ee4c2005-03-01 21:24:33 +11001260 goto fail_free;
1261
1262 if (fwd->connect_host != NULL &&
1263 strlen(fwd->connect_host) >= NI_MAXHOST)
1264 goto fail_free;
1265
1266 return (i);
1267
1268 fail_free:
1269 if (fwd->connect_host != NULL)
1270 xfree(fwd->connect_host);
1271 if (fwd->listen_host != NULL)
1272 xfree(fwd->listen_host);
1273 return (0);
1274}