blob: 91dfa566f6f8ce2aa9bc18a9306a9553c2ec4ce3 [file] [log] [blame]
Damien Miller295ee632011-05-29 21:42:31 +10001/* $OpenBSD: readconf.c,v 1.193 2011/05/24 07:15:47 djm Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11004 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * Functions for reading the configuration files.
Damien Miller4af51302000-04-16 11:18:38 +10007 *
Damien Millere4340be2000-09-16 13:29:08 +11008 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110013 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100014
15#include "includes.h"
Damien Millerf17883e2006-03-15 11:45:54 +110016
17#include <sys/types.h>
18#include <sys/stat.h>
Damien Miller8ec8c3e2006-07-10 20:35:38 +100019#include <sys/socket.h>
20
21#include <netinet/in.h>
Damien Miller0dac6fb2010-11-20 15:19:38 +110022#include <netinet/in_systm.h>
23#include <netinet/ip.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100024
Damien Millerc7b06362006-03-15 11:53:45 +110025#include <ctype.h>
Darren Tucker39972492006-07-12 22:22:46 +100026#include <errno.h>
Damien Millerb8fe89c2006-07-24 14:51:00 +100027#include <netdb.h>
Damien Millerd7834352006-08-05 12:39:39 +100028#include <signal.h>
Damien Millerded319c2006-09-01 15:38:36 +100029#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100030#include <stdio.h>
Damien Millere3476ed2006-07-24 14:13:33 +100031#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100032#include <unistd.h>
Damien Millerc7b06362006-03-15 11:53:45 +110033
Damien Millerd4a8b7e1999-10-27 13:42:43 +100034#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100035#include "ssh.h"
Damien Miller78928792000-04-12 20:17:38 +100036#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000037#include "cipher.h"
38#include "pathnames.h"
39#include "log.h"
Damien Millerd7834352006-08-05 12:39:39 +100040#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000041#include "readconf.h"
42#include "match.h"
43#include "misc.h"
Damien Millerd7834352006-08-05 12:39:39 +100044#include "buffer.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000045#include "kex.h"
46#include "mac.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100047
48/* Format of the configuration file:
49
50 # Configuration data is parsed as follows:
51 # 1. command line options
52 # 2. user-specific file
53 # 3. system-wide file
54 # Any configuration value is only changed the first time it is set.
55 # Thus, host-specific definitions should be at the beginning of the
56 # configuration file, and defaults at the end.
57
58 # Host-specific declarations. These may override anything above. A single
59 # host may match multiple declarations; these are processed in the order
60 # that they are given in.
61
62 Host *.ngs.fi ngs.fi
Ben Lindstrom4daea862002-06-09 20:04:02 +000063 User foo
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064
65 Host fake.com
66 HostName another.host.name.real.org
67 User blaah
68 Port 34289
69 ForwardX11 no
70 ForwardAgent no
71
72 Host books.com
73 RemoteForward 9999 shadows.cs.hut.fi:9999
74 Cipher 3des
75
76 Host fascist.blob.com
77 Port 23123
78 User tylonen
Damien Millerd4a8b7e1999-10-27 13:42:43 +100079 PasswordAuthentication no
80
81 Host puukko.hut.fi
82 User t35124p
83 ProxyCommand ssh-proxy %h %p
84
85 Host *.fr
Ben Lindstrom4daea862002-06-09 20:04:02 +000086 PublicKeyAuthentication no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100087
88 Host *.su
89 Cipher none
90 PasswordAuthentication no
91
Damien Millerd27b9472005-12-13 19:29:02 +110092 Host vpn.fake.com
93 Tunnel yes
94 TunnelDevice 3
95
Damien Millerd4a8b7e1999-10-27 13:42:43 +100096 # Defaults for various options
97 Host *
98 ForwardAgent no
Damien Miller0bc1bd82000-11-13 22:57:25 +110099 ForwardX11 no
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000100 PasswordAuthentication yes
101 RSAAuthentication yes
102 RhostsRSAAuthentication yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000103 StrictHostKeyChecking yes
Damien Miller12c150e2003-12-17 16:31:10 +1100104 TcpKeepAlive no
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000105 IdentityFile ~/.ssh/identity
106 Port 22
107 EscapeChar ~
108
109*/
110
111/* Keyword tokens. */
112
Damien Miller95def091999-11-25 00:26:21 +1100113typedef enum {
114 oBadOption,
Damien Miller1ab6a512010-06-26 10:02:24 +1000115 oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
116 oGatewayPorts, oExitOnForwardFailure,
Ben Lindstromcb72e4f2002-06-21 00:41:51 +0000117 oPasswordAuthentication, oRSAAuthentication,
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000118 oChallengeResponseAuthentication, oXAuthLocation,
Damien Miller95def091999-11-25 00:26:21 +1100119 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
120 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
121 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
122 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
Damien Miller12c150e2003-12-17 16:31:10 +1100123 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000124 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100125 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000126 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000127 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
Damien Miller7ea845e2010-02-12 09:21:02 +1100128 oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
Ben Lindstrom4daea862002-06-09 20:04:02 +0000129 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
Damien Millerb78d5eb2003-05-16 11:39:04 +1000130 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
Darren Tucker0efd1552003-08-26 11:49:55 +1000131 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
Damien Millerbd394c32004-03-08 23:12:36 +1100132 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
Damien Millere11e1ea2010-08-03 16:04:46 +1000133 oSendEnv, oControlPath, oControlMaster, oControlPersist,
134 oHashKnownHosts,
Damien Millerd27b9472005-12-13 19:29:02 +1100135 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
Darren Tucker7bd98e72010-01-10 10:31:12 +1100136 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
Damien Miller21771e22011-05-15 08:45:50 +1000137 oKexAlgorithms, oIPQoS, oRequestTTY,
Darren Tucker7bd98e72010-01-10 10:31:12 +1100138 oDeprecated, oUnsupported
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000139} OpCodes;
140
141/* Textual representations of the tokens. */
142
Damien Miller95def091999-11-25 00:26:21 +1100143static struct {
144 const char *name;
145 OpCodes opcode;
146} keywords[] = {
147 { "forwardagent", oForwardAgent },
148 { "forwardx11", oForwardX11 },
Darren Tucker0a118da2003-10-15 15:54:32 +1000149 { "forwardx11trusted", oForwardX11Trusted },
Damien Miller1ab6a512010-06-26 10:02:24 +1000150 { "forwardx11timeout", oForwardX11Timeout },
Darren Tuckere7d4b192006-07-12 22:17:10 +1000151 { "exitonforwardfailure", oExitOnForwardFailure },
Damien Millerd3a18572000-06-07 19:55:44 +1000152 { "xauthlocation", oXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100153 { "gatewayports", oGatewayPorts },
154 { "useprivilegedport", oUsePrivilegedPort },
Darren Tuckerec960f22003-08-13 20:37:05 +1000155 { "rhostsauthentication", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100156 { "passwordauthentication", oPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100157 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
158 { "kbdinteractivedevices", oKbdInteractiveDevices },
Damien Miller95def091999-11-25 00:26:21 +1100159 { "rsaauthentication", oRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100160 { "pubkeyauthentication", oPubkeyAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000161 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000162 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
Ben Lindstromd69dab32001-04-12 23:36:05 +0000163 { "hostbasedauthentication", oHostbasedAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000164 { "challengeresponseauthentication", oChallengeResponseAuthentication },
165 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
166 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
Damien Millerf9b3feb2003-05-16 11:38:32 +1000167 { "kerberosauthentication", oUnsupported },
168 { "kerberostgtpassing", oUnsupported },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000169 { "afstokenpassing", oUnsupported },
Darren Tucker0efd1552003-08-26 11:49:55 +1000170#if defined(GSSAPI)
171 { "gssapiauthentication", oGssAuthentication },
Darren Tucker0efd1552003-08-26 11:49:55 +1000172 { "gssapidelegatecredentials", oGssDelegateCreds },
173#else
174 { "gssapiauthentication", oUnsupported },
175 { "gssapidelegatecredentials", oUnsupported },
176#endif
Ben Lindstrom4daea862002-06-09 20:04:02 +0000177 { "fallbacktorsh", oDeprecated },
178 { "usersh", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100179 { "identityfile", oIdentityFile },
Damien Miller5bc6aae2009-01-28 16:27:31 +1100180 { "identityfile2", oIdentityFile }, /* obsolete */
Damien Millerbd394c32004-03-08 23:12:36 +1100181 { "identitiesonly", oIdentitiesOnly },
Damien Miller95def091999-11-25 00:26:21 +1100182 { "hostname", oHostName },
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000183 { "hostkeyalias", oHostKeyAlias },
Damien Miller95def091999-11-25 00:26:21 +1100184 { "proxycommand", oProxyCommand },
185 { "port", oPort },
186 { "cipher", oCipher },
Damien Miller78928792000-04-12 20:17:38 +1000187 { "ciphers", oCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000188 { "macs", oMacs },
Damien Miller78928792000-04-12 20:17:38 +1000189 { "protocol", oProtocol },
Damien Miller95def091999-11-25 00:26:21 +1100190 { "remoteforward", oRemoteForward },
191 { "localforward", oLocalForward },
192 { "user", oUser },
193 { "host", oHost },
194 { "escapechar", oEscapeChar },
Damien Miller95def091999-11-25 00:26:21 +1100195 { "globalknownhostsfile", oGlobalKnownHostsFile },
Damien Miller295ee632011-05-29 21:42:31 +1000196 { "globalknownhostsfile2", oDeprecated },
Damien Miller5bc6aae2009-01-28 16:27:31 +1100197 { "userknownhostsfile", oUserKnownHostsFile },
Damien Miller295ee632011-05-29 21:42:31 +1000198 { "userknownhostsfile2", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100199 { "connectionattempts", oConnectionAttempts },
200 { "batchmode", oBatchMode },
201 { "checkhostip", oCheckHostIP },
202 { "stricthostkeychecking", oStrictHostKeyChecking },
203 { "compression", oCompression },
204 { "compressionlevel", oCompressionLevel },
Damien Miller12c150e2003-12-17 16:31:10 +1100205 { "tcpkeepalive", oTCPKeepAlive },
206 { "keepalive", oTCPKeepAlive }, /* obsolete */
Damien Miller95def091999-11-25 00:26:21 +1100207 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
Damien Miller95def091999-11-25 00:26:21 +1100208 { "loglevel", oLogLevel },
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000209 { "dynamicforward", oDynamicForward },
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000210 { "preferredauthentications", oPreferredAuthentications },
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000211 { "hostkeyalgorithms", oHostKeyAlgorithms },
Ben Lindstrome0f88042001-04-30 13:06:24 +0000212 { "bindaddress", oBindAddress },
Damien Miller7ea845e2010-02-12 09:21:02 +1100213#ifdef ENABLE_PKCS11
214 { "smartcarddevice", oPKCS11Provider },
215 { "pkcs11provider", oPKCS11Provider },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000216#else
217 { "smartcarddevice", oUnsupported },
Damien Miller7ea845e2010-02-12 09:21:02 +1100218 { "pkcs11provider", oUnsupported },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000219#endif
Damien Miller9f0f5c62001-12-21 14:45:46 +1100220 { "clearallforwardings", oClearAllForwardings },
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000221 { "enablesshkeysign", oEnableSSHKeysign },
Damien Miller37876e92003-05-15 10:19:46 +1000222 { "verifyhostkeydns", oVerifyHostKeyDNS },
Damien Miller9f0f5c62001-12-21 14:45:46 +1100223 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
Damien Millera5539d22003-04-09 20:50:06 +1000224 { "rekeylimit", oRekeyLimit },
Damien Millerb78d5eb2003-05-16 11:39:04 +1000225 { "connecttimeout", oConnectTimeout },
Damien Miller20a8f972003-05-18 20:50:30 +1000226 { "addressfamily", oAddressFamily },
Damien Miller509b0102003-12-17 16:33:10 +1100227 { "serveraliveinterval", oServerAliveInterval },
228 { "serveralivecountmax", oServerAliveCountMax },
Darren Tucker46bc0752004-05-02 22:11:30 +1000229 { "sendenv", oSendEnv },
Damien Miller0e220db2004-06-15 10:34:08 +1000230 { "controlpath", oControlPath },
231 { "controlmaster", oControlMaster },
Damien Millere11e1ea2010-08-03 16:04:46 +1000232 { "controlpersist", oControlPersist },
Damien Millere1776152005-03-01 21:47:37 +1100233 { "hashknownhosts", oHashKnownHosts },
Damien Millerd27b9472005-12-13 19:29:02 +1100234 { "tunnel", oTunnel },
235 { "tunneldevice", oTunnelDevice },
236 { "localcommand", oLocalCommand },
237 { "permitlocalcommand", oPermitLocalCommand },
Damien Miller10288242008-06-30 00:04:03 +1000238 { "visualhostkey", oVisualHostKey },
Darren Tucker71e4d542009-07-06 07:12:27 +1000239 { "useroaming", oUseRoaming },
Damien Miller01ed2272008-11-05 16:20:46 +1100240#ifdef JPAKE
241 { "zeroknowledgepasswordauthentication",
242 oZeroKnowledgePasswordAuthentication },
243#else
244 { "zeroknowledgepasswordauthentication", oUnsupported },
245#endif
Damien Millerd5f62bf2010-09-24 22:11:14 +1000246 { "kexalgorithms", oKexAlgorithms },
Damien Miller0dac6fb2010-11-20 15:19:38 +1100247 { "ipqos", oIPQoS },
Damien Miller21771e22011-05-15 08:45:50 +1000248 { "requesttty", oRequestTTY },
Damien Miller01ed2272008-11-05 16:20:46 +1100249
Ben Lindstrom65366a82001-12-06 16:32:47 +0000250 { NULL, oBadOption }
Damien Miller5ce662a1999-11-11 17:57:39 +1100251};
252
Damien Miller5428f641999-11-25 11:54:57 +1100253/*
254 * Adds a local TCP/IP port forward to options. Never returns if there is an
255 * error.
256 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000257
Damien Miller4af51302000-04-16 11:18:38 +1000258void
Damien Millerf91ee4c2005-03-01 21:24:33 +1100259add_local_forward(Options *options, const Forward *newfwd)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000260{
Damien Miller95def091999-11-25 00:26:21 +1100261 Forward *fwd;
Ben Lindstrom99a4e142002-07-09 14:06:40 +0000262#ifndef NO_IPPORT_RESERVED_CONCEPT
Damien Miller95def091999-11-25 00:26:21 +1100263 extern uid_t original_real_uid;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100264 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000265 fatal("Privileged ports can only be forwarded by root.");
Damien Millerbac2d8a2000-09-05 16:13:06 +1100266#endif
Damien Miller232cfb12010-06-26 09:50:30 +1000267 options->local_forwards = xrealloc(options->local_forwards,
268 options->num_local_forwards + 1,
269 sizeof(*options->local_forwards));
Damien Miller95def091999-11-25 00:26:21 +1100270 fwd = &options->local_forwards[options->num_local_forwards++];
Damien Millerf91ee4c2005-03-01 21:24:33 +1100271
Damien Miller1a0442f2008-11-05 16:30:06 +1100272 fwd->listen_host = newfwd->listen_host;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100273 fwd->listen_port = newfwd->listen_port;
Damien Miller1a0442f2008-11-05 16:30:06 +1100274 fwd->connect_host = newfwd->connect_host;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100275 fwd->connect_port = newfwd->connect_port;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000276}
277
Damien Miller5428f641999-11-25 11:54:57 +1100278/*
279 * Adds a remote TCP/IP port forward to options. Never returns if there is
280 * an error.
281 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000282
Damien Miller4af51302000-04-16 11:18:38 +1000283void
Damien Millerf91ee4c2005-03-01 21:24:33 +1100284add_remote_forward(Options *options, const Forward *newfwd)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000285{
Damien Miller95def091999-11-25 00:26:21 +1100286 Forward *fwd;
Damien Miller232cfb12010-06-26 09:50:30 +1000287
288 options->remote_forwards = xrealloc(options->remote_forwards,
289 options->num_remote_forwards + 1,
290 sizeof(*options->remote_forwards));
Damien Miller95def091999-11-25 00:26:21 +1100291 fwd = &options->remote_forwards[options->num_remote_forwards++];
Damien Millerf91ee4c2005-03-01 21:24:33 +1100292
Damien Miller1a0442f2008-11-05 16:30:06 +1100293 fwd->listen_host = newfwd->listen_host;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100294 fwd->listen_port = newfwd->listen_port;
Damien Miller1a0442f2008-11-05 16:30:06 +1100295 fwd->connect_host = newfwd->connect_host;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100296 fwd->connect_port = newfwd->connect_port;
Damien Miller388f6fc2010-05-21 14:57:35 +1000297 fwd->allocated_port = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000298}
299
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000300static void
301clear_forwardings(Options *options)
302{
303 int i;
304
Damien Millerf91ee4c2005-03-01 21:24:33 +1100305 for (i = 0; i < options->num_local_forwards; i++) {
Darren Tucker1d55ca72005-03-14 22:58:40 +1100306 if (options->local_forwards[i].listen_host != NULL)
307 xfree(options->local_forwards[i].listen_host);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100308 xfree(options->local_forwards[i].connect_host);
309 }
Damien Miller232cfb12010-06-26 09:50:30 +1000310 if (options->num_local_forwards > 0) {
311 xfree(options->local_forwards);
312 options->local_forwards = NULL;
313 }
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000314 options->num_local_forwards = 0;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100315 for (i = 0; i < options->num_remote_forwards; i++) {
Darren Tucker1d55ca72005-03-14 22:58:40 +1100316 if (options->remote_forwards[i].listen_host != NULL)
317 xfree(options->remote_forwards[i].listen_host);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100318 xfree(options->remote_forwards[i].connect_host);
319 }
Damien Miller232cfb12010-06-26 09:50:30 +1000320 if (options->num_remote_forwards > 0) {
321 xfree(options->remote_forwards);
322 options->remote_forwards = NULL;
323 }
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000324 options->num_remote_forwards = 0;
Damien Miller7b58e802005-12-13 19:33:19 +1100325 options->tun_open = SSH_TUNMODE_NO;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000326}
327
Damien Miller5428f641999-11-25 11:54:57 +1100328/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000329 * Returns the number of the token pointed to by cp or oBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100330 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000331
Damien Miller4af51302000-04-16 11:18:38 +1000332static OpCodes
Damien Miller95def091999-11-25 00:26:21 +1100333parse_token(const char *cp, const char *filename, int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000334{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000335 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000336
Damien Miller95def091999-11-25 00:26:21 +1100337 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100338 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100339 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000340
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000341 error("%s: line %d: Bad configuration option: %s",
342 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100343 return oBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000344}
345
Damien Miller5428f641999-11-25 11:54:57 +1100346/*
347 * Processes a single option line as used in the configuration files. This
348 * only sets those values that have not already been set.
349 */
Damien Miller61f08ac2003-02-24 11:56:27 +1100350#define WHITESPACE " \t\r\n"
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000351
Damien Miller2ccf6611999-11-15 15:25:10 +1100352int
353process_config_line(Options *options, const char *host,
Damien Miller95def091999-11-25 00:26:21 +1100354 char *line, const char *filename, int linenum,
355 int *activep)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000356{
Damien Miller295ee632011-05-29 21:42:31 +1000357 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
358 char **cpptr, fwdarg[256];
359 u_int *uintptr, max_entries = 0;
Damien Millerfe924212011-05-15 08:44:45 +1000360 int negated, opcode, *intptr, value, value2, scale;
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100361 LogLevel *log_level_ptr;
Damien Millerb59d4fe2006-03-15 11:30:38 +1100362 long long orig, val64;
Damien Miller61f08ac2003-02-24 11:56:27 +1100363 size_t len;
Damien Millerf91ee4c2005-03-01 21:24:33 +1100364 Forward fwd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000365
Damien Millerc652cac2003-05-14 13:40:54 +1000366 /* Strip trailing whitespace */
Darren Tucker47eede72005-03-14 23:08:12 +1100367 for (len = strlen(line) - 1; len > 0; len--) {
Damien Millerc652cac2003-05-14 13:40:54 +1000368 if (strchr(WHITESPACE, line[len]) == NULL)
369 break;
370 line[len] = '\0';
371 }
372
Damien Millerbe484b52000-07-15 14:14:16 +1000373 s = line;
374 /* Get the keyword. (Each line is supposed to begin with a keyword). */
Damien Miller928b2362006-03-26 13:53:32 +1100375 if ((keyword = strdelim(&s)) == NULL)
376 return 0;
Damien Millerbe484b52000-07-15 14:14:16 +1000377 /* Ignore leading whitespace. */
378 if (*keyword == '\0')
379 keyword = strdelim(&s);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000380 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
Damien Miller95def091999-11-25 00:26:21 +1100381 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000382
Damien Miller37023962000-07-11 17:31:38 +1000383 opcode = parse_token(keyword, filename, linenum);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000384
Damien Miller95def091999-11-25 00:26:21 +1100385 switch (opcode) {
386 case oBadOption:
Damien Miller5428f641999-11-25 11:54:57 +1100387 /* don't panic, but count bad options */
388 return -1;
Damien Miller95def091999-11-25 00:26:21 +1100389 /* NOTREACHED */
Damien Millerb78d5eb2003-05-16 11:39:04 +1000390 case oConnectTimeout:
391 intptr = &options->connection_timeout;
Damien Miller509b0102003-12-17 16:33:10 +1100392parse_time:
Damien Millerb78d5eb2003-05-16 11:39:04 +1000393 arg = strdelim(&s);
394 if (!arg || *arg == '\0')
395 fatal("%s line %d: missing time value.",
396 filename, linenum);
397 if ((value = convtime(arg)) == -1)
398 fatal("%s line %d: invalid time value.",
399 filename, linenum);
Darren Tuckera52c5b62007-02-19 22:09:45 +1100400 if (*activep && *intptr == -1)
Damien Millerb78d5eb2003-05-16 11:39:04 +1000401 *intptr = value;
402 break;
403
Damien Miller95def091999-11-25 00:26:21 +1100404 case oForwardAgent:
405 intptr = &options->forward_agent;
406parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000407 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000408 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100409 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
410 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000411 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100412 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000413 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100414 value = 0;
415 else
416 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
417 if (*activep && *intptr == -1)
418 *intptr = value;
419 break;
420
421 case oForwardX11:
422 intptr = &options->forward_x11;
423 goto parse_flag;
424
Darren Tucker0a118da2003-10-15 15:54:32 +1000425 case oForwardX11Trusted:
426 intptr = &options->forward_x11_trusted;
427 goto parse_flag;
Damien Miller1ab6a512010-06-26 10:02:24 +1000428
429 case oForwardX11Timeout:
430 intptr = &options->forward_x11_timeout;
431 goto parse_time;
Darren Tucker0a118da2003-10-15 15:54:32 +1000432
Damien Miller95def091999-11-25 00:26:21 +1100433 case oGatewayPorts:
434 intptr = &options->gateway_ports;
435 goto parse_flag;
436
Darren Tuckere7d4b192006-07-12 22:17:10 +1000437 case oExitOnForwardFailure:
438 intptr = &options->exit_on_forward_failure;
439 goto parse_flag;
440
Damien Miller95def091999-11-25 00:26:21 +1100441 case oUsePrivilegedPort:
442 intptr = &options->use_privileged_port;
443 goto parse_flag;
444
Damien Miller95def091999-11-25 00:26:21 +1100445 case oPasswordAuthentication:
446 intptr = &options->password_authentication;
447 goto parse_flag;
448
Damien Miller01ed2272008-11-05 16:20:46 +1100449 case oZeroKnowledgePasswordAuthentication:
450 intptr = &options->zero_knowledge_password_authentication;
451 goto parse_flag;
452
Damien Miller874d77b2000-10-14 16:23:11 +1100453 case oKbdInteractiveAuthentication:
454 intptr = &options->kbd_interactive_authentication;
455 goto parse_flag;
456
457 case oKbdInteractiveDevices:
458 charptr = &options->kbd_interactive_devices;
459 goto parse_string;
460
Damien Miller0bc1bd82000-11-13 22:57:25 +1100461 case oPubkeyAuthentication:
462 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000463 goto parse_flag;
464
Damien Miller95def091999-11-25 00:26:21 +1100465 case oRSAAuthentication:
466 intptr = &options->rsa_authentication;
467 goto parse_flag;
468
469 case oRhostsRSAAuthentication:
470 intptr = &options->rhosts_rsa_authentication;
471 goto parse_flag;
472
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000473 case oHostbasedAuthentication:
474 intptr = &options->hostbased_authentication;
475 goto parse_flag;
476
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000477 case oChallengeResponseAuthentication:
Ben Lindstrom551ea372001-06-05 18:56:16 +0000478 intptr = &options->challenge_response_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100479 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000480
Darren Tucker0efd1552003-08-26 11:49:55 +1000481 case oGssAuthentication:
482 intptr = &options->gss_authentication;
483 goto parse_flag;
484
485 case oGssDelegateCreds:
486 intptr = &options->gss_deleg_creds;
487 goto parse_flag;
488
Damien Miller95def091999-11-25 00:26:21 +1100489 case oBatchMode:
490 intptr = &options->batch_mode;
491 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000492
Damien Miller95def091999-11-25 00:26:21 +1100493 case oCheckHostIP:
494 intptr = &options->check_host_ip;
Damien Miller10288242008-06-30 00:04:03 +1000495 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000496
Damien Miller37876e92003-05-15 10:19:46 +1000497 case oVerifyHostKeyDNS:
498 intptr = &options->verify_host_key_dns;
Damien Miller150b5572003-11-17 21:19:29 +1100499 goto parse_yesnoask;
Damien Miller37876e92003-05-15 10:19:46 +1000500
Damien Miller95def091999-11-25 00:26:21 +1100501 case oStrictHostKeyChecking:
502 intptr = &options->strict_host_key_checking;
Damien Miller150b5572003-11-17 21:19:29 +1100503parse_yesnoask:
Damien Millerbe484b52000-07-15 14:14:16 +1000504 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000505 if (!arg || *arg == '\0')
Ben Lindstrom5ed8acd2001-01-29 08:00:54 +0000506 fatal("%.200s line %d: Missing yes/no/ask argument.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100507 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100508 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000509 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100510 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000511 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100512 value = 0;
Damien Miller37023962000-07-11 17:31:38 +1000513 else if (strcmp(arg, "ask") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100514 value = 2;
515 else
516 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
517 if (*activep && *intptr == -1)
518 *intptr = value;
519 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000520
Damien Miller95def091999-11-25 00:26:21 +1100521 case oCompression:
522 intptr = &options->compression;
523 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000524
Damien Miller12c150e2003-12-17 16:31:10 +1100525 case oTCPKeepAlive:
526 intptr = &options->tcp_keep_alive;
Damien Miller95def091999-11-25 00:26:21 +1100527 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000528
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000529 case oNoHostAuthenticationForLocalhost:
530 intptr = &options->no_host_authentication_for_localhost;
531 goto parse_flag;
532
Damien Miller95def091999-11-25 00:26:21 +1100533 case oNumberOfPasswordPrompts:
534 intptr = &options->number_of_password_prompts;
535 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000536
Damien Miller95def091999-11-25 00:26:21 +1100537 case oCompressionLevel:
538 intptr = &options->compression_level;
539 goto parse_int;
540
Damien Millera5539d22003-04-09 20:50:06 +1000541 case oRekeyLimit:
Damien Millera5539d22003-04-09 20:50:06 +1000542 arg = strdelim(&s);
543 if (!arg || *arg == '\0')
544 fatal("%.200s line %d: Missing argument.", filename, linenum);
545 if (arg[0] < '0' || arg[0] > '9')
546 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Millerb59d4fe2006-03-15 11:30:38 +1100547 orig = val64 = strtoll(arg, &endofnumber, 10);
Damien Millera5539d22003-04-09 20:50:06 +1000548 if (arg == endofnumber)
549 fatal("%.200s line %d: Bad number.", filename, linenum);
550 switch (toupper(*endofnumber)) {
Damien Millerb59d4fe2006-03-15 11:30:38 +1100551 case '\0':
552 scale = 1;
553 break;
Damien Millera5539d22003-04-09 20:50:06 +1000554 case 'K':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100555 scale = 1<<10;
Damien Millera5539d22003-04-09 20:50:06 +1000556 break;
557 case 'M':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100558 scale = 1<<20;
Damien Millera5539d22003-04-09 20:50:06 +1000559 break;
560 case 'G':
Damien Millerb59d4fe2006-03-15 11:30:38 +1100561 scale = 1<<30;
Damien Millera5539d22003-04-09 20:50:06 +1000562 break;
Damien Millerb59d4fe2006-03-15 11:30:38 +1100563 default:
564 fatal("%.200s line %d: Invalid RekeyLimit suffix",
565 filename, linenum);
Damien Millera5539d22003-04-09 20:50:06 +1000566 }
Damien Millerb59d4fe2006-03-15 11:30:38 +1100567 val64 *= scale;
568 /* detect integer wrap and too-large limits */
Damien Miller3dff1762008-02-10 22:25:52 +1100569 if ((val64 / scale) != orig || val64 > UINT_MAX)
Damien Millerb59d4fe2006-03-15 11:30:38 +1100570 fatal("%.200s line %d: RekeyLimit too large",
571 filename, linenum);
572 if (val64 < 16)
573 fatal("%.200s line %d: RekeyLimit too small",
574 filename, linenum);
Damien Miller3dff1762008-02-10 22:25:52 +1100575 if (*activep && options->rekey_limit == -1)
576 options->rekey_limit = (u_int32_t)val64;
Damien Millera5539d22003-04-09 20:50:06 +1000577 break;
578
Damien Miller95def091999-11-25 00:26:21 +1100579 case oIdentityFile:
Damien Millerbe484b52000-07-15 14:14:16 +1000580 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000581 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100582 fatal("%.200s line %d: Missing argument.", filename, linenum);
583 if (*activep) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100584 intptr = &options->num_identity_files;
Damien Millereba71ba2000-04-29 23:57:08 +1000585 if (*intptr >= SSH_MAX_IDENTITY_FILES)
Damien Miller95def091999-11-25 00:26:21 +1100586 fatal("%.200s line %d: Too many identity files specified (max %d).",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100587 filename, linenum, SSH_MAX_IDENTITY_FILES);
Darren Tuckercb0e1752007-02-19 22:12:53 +1100588 charptr = &options->identity_files[*intptr];
Damien Miller37023962000-07-11 17:31:38 +1000589 *charptr = xstrdup(arg);
Damien Millereba71ba2000-04-29 23:57:08 +1000590 *intptr = *intptr + 1;
Damien Miller95def091999-11-25 00:26:21 +1100591 }
592 break;
593
Damien Millerd3a18572000-06-07 19:55:44 +1000594 case oXAuthLocation:
595 charptr=&options->xauth_location;
596 goto parse_string;
597
Damien Miller95def091999-11-25 00:26:21 +1100598 case oUser:
599 charptr = &options->user;
600parse_string:
Damien Millerbe484b52000-07-15 14:14:16 +1000601 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000602 if (!arg || *arg == '\0')
Damien Miller295ee632011-05-29 21:42:31 +1000603 fatal("%.200s line %d: Missing argument.",
604 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100605 if (*activep && *charptr == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000606 *charptr = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100607 break;
608
609 case oGlobalKnownHostsFile:
Damien Miller295ee632011-05-29 21:42:31 +1000610 cpptr = (char **)&options->system_hostfiles;
611 uintptr = &options->num_system_hostfiles;
612 max_entries = SSH_MAX_HOSTS_FILES;
613parse_char_array:
614 if (*activep && *uintptr == 0) {
615 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
616 if ((*uintptr) >= max_entries)
617 fatal("%s line %d: "
618 "too many authorized keys files.",
619 filename, linenum);
620 cpptr[(*uintptr)++] = xstrdup(arg);
621 }
622 }
623 return 0;
Damien Miller95def091999-11-25 00:26:21 +1100624
625 case oUserKnownHostsFile:
Damien Miller295ee632011-05-29 21:42:31 +1000626 cpptr = (char **)&options->user_hostfiles;
627 uintptr = &options->num_user_hostfiles;
628 max_entries = SSH_MAX_HOSTS_FILES;
629 goto parse_char_array;
Damien Millereba71ba2000-04-29 23:57:08 +1000630
Damien Miller95def091999-11-25 00:26:21 +1100631 case oHostName:
632 charptr = &options->hostname;
633 goto parse_string;
634
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000635 case oHostKeyAlias:
636 charptr = &options->host_key_alias;
637 goto parse_string;
638
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000639 case oPreferredAuthentications:
640 charptr = &options->preferred_authentications;
641 goto parse_string;
642
Ben Lindstrome0f88042001-04-30 13:06:24 +0000643 case oBindAddress:
644 charptr = &options->bind_address;
645 goto parse_string;
646
Damien Miller7ea845e2010-02-12 09:21:02 +1100647 case oPKCS11Provider:
648 charptr = &options->pkcs11_provider;
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000649 goto parse_string;
Ben Lindstromae996bf2001-08-06 21:27:53 +0000650
Damien Miller95def091999-11-25 00:26:21 +1100651 case oProxyCommand:
Damien Millerd27b9472005-12-13 19:29:02 +1100652 charptr = &options->proxy_command;
653parse_command:
Darren Tuckera99c1b72003-06-28 12:40:12 +1000654 if (s == NULL)
655 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller61f08ac2003-02-24 11:56:27 +1100656 len = strspn(s, WHITESPACE "=");
Damien Miller95def091999-11-25 00:26:21 +1100657 if (*activep && *charptr == NULL)
Damien Miller61f08ac2003-02-24 11:56:27 +1100658 *charptr = xstrdup(s + len);
Damien Miller95def091999-11-25 00:26:21 +1100659 return 0;
660
661 case oPort:
662 intptr = &options->port;
663parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000664 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000665 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100666 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000667 if (arg[0] < '0' || arg[0] > '9')
Damien Miller95def091999-11-25 00:26:21 +1100668 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller5428f641999-11-25 11:54:57 +1100669
670 /* Octal, decimal, or hex format? */
Damien Miller37023962000-07-11 17:31:38 +1000671 value = strtol(arg, &endofnumber, 0);
672 if (arg == endofnumber)
Damien Miller5428f641999-11-25 11:54:57 +1100673 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100674 if (*activep && *intptr == -1)
675 *intptr = value;
676 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000677
Damien Miller95def091999-11-25 00:26:21 +1100678 case oConnectionAttempts:
679 intptr = &options->connection_attempts;
680 goto parse_int;
Damien Miller5ce662a1999-11-11 17:57:39 +1100681
Damien Miller95def091999-11-25 00:26:21 +1100682 case oCipher:
683 intptr = &options->cipher;
Damien Millerbe484b52000-07-15 14:14:16 +1000684 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000685 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000686 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000687 value = cipher_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100688 if (value == -1)
689 fatal("%.200s line %d: Bad cipher '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100690 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100691 if (*activep && *intptr == -1)
692 *intptr = value;
693 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000694
Damien Miller78928792000-04-12 20:17:38 +1000695 case oCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000696 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000697 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000698 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000699 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000700 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100701 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000702 if (*activep && options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000703 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000704 break;
705
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000706 case oMacs:
707 arg = strdelim(&s);
708 if (!arg || *arg == '\0')
709 fatal("%.200s line %d: Missing argument.", filename, linenum);
710 if (!mac_valid(arg))
711 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100712 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000713 if (*activep && options->macs == NULL)
714 options->macs = xstrdup(arg);
715 break;
716
Damien Millerd5f62bf2010-09-24 22:11:14 +1000717 case oKexAlgorithms:
718 arg = strdelim(&s);
719 if (!arg || *arg == '\0')
720 fatal("%.200s line %d: Missing argument.",
721 filename, linenum);
722 if (!kex_names_valid(arg))
723 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
724 filename, linenum, arg ? arg : "<NONE>");
725 if (*activep && options->kex_algorithms == NULL)
726 options->kex_algorithms = xstrdup(arg);
727 break;
728
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000729 case oHostKeyAlgorithms:
730 arg = strdelim(&s);
731 if (!arg || *arg == '\0')
732 fatal("%.200s line %d: Missing argument.", filename, linenum);
733 if (!key_names_valid2(arg))
734 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100735 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000736 if (*activep && options->hostkeyalgorithms == NULL)
737 options->hostkeyalgorithms = xstrdup(arg);
738 break;
739
Damien Miller78928792000-04-12 20:17:38 +1000740 case oProtocol:
741 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000742 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000743 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000744 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000745 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000746 if (value == SSH_PROTO_UNKNOWN)
747 fatal("%.200s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100748 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000749 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
750 *intptr = value;
751 break;
752
Damien Miller95def091999-11-25 00:26:21 +1100753 case oLogLevel:
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100754 log_level_ptr = &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000755 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000756 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100757 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000758 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100759 filename, linenum, arg ? arg : "<NONE>");
Darren Tucker1e44c5d2008-01-01 20:32:26 +1100760 if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
761 *log_level_ptr = (LogLevel) value;
Damien Miller95def091999-11-25 00:26:21 +1100762 break;
763
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000764 case oLocalForward:
Damien Miller95def091999-11-25 00:26:21 +1100765 case oRemoteForward:
Damien Millera699d952008-11-03 19:27:34 +1100766 case oDynamicForward:
Damien Millerbe484b52000-07-15 14:14:16 +1000767 arg = strdelim(&s);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100768 if (arg == NULL || *arg == '\0')
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000769 fatal("%.200s line %d: Missing port argument.",
770 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100771
Damien Millera699d952008-11-03 19:27:34 +1100772 if (opcode == oLocalForward ||
773 opcode == oRemoteForward) {
774 arg2 = strdelim(&s);
775 if (arg2 == NULL || *arg2 == '\0')
776 fatal("%.200s line %d: Missing target argument.",
777 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100778
Damien Millera699d952008-11-03 19:27:34 +1100779 /* construct a string for parse_forward */
780 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
781 } else if (opcode == oDynamicForward) {
782 strlcpy(fwdarg, arg, sizeof(fwdarg));
783 }
784
785 if (parse_forward(&fwd, fwdarg,
Damien Miller4bf648f2009-02-14 16:28:21 +1100786 opcode == oDynamicForward ? 1 : 0,
787 opcode == oRemoteForward ? 1 : 0) == 0)
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000788 fatal("%.200s line %d: Bad forwarding specification.",
789 filename, linenum);
Damien Millerf91ee4c2005-03-01 21:24:33 +1100790
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000791 if (*activep) {
Damien Millera699d952008-11-03 19:27:34 +1100792 if (opcode == oLocalForward ||
793 opcode == oDynamicForward)
Damien Millerf91ee4c2005-03-01 21:24:33 +1100794 add_local_forward(options, &fwd);
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000795 else if (opcode == oRemoteForward)
Damien Millerf91ee4c2005-03-01 21:24:33 +1100796 add_remote_forward(options, &fwd);
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000797 }
Damien Miller95def091999-11-25 00:26:21 +1100798 break;
799
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000800 case oClearAllForwardings:
801 intptr = &options->clear_forwardings;
802 goto parse_flag;
803
Damien Miller95def091999-11-25 00:26:21 +1100804 case oHost:
805 *activep = 0;
Damien Millerfe924212011-05-15 08:44:45 +1000806 arg2 = NULL;
807 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
808 negated = *arg == '!';
809 if (negated)
810 arg++;
Damien Miller37023962000-07-11 17:31:38 +1000811 if (match_pattern(host, arg)) {
Damien Millerfe924212011-05-15 08:44:45 +1000812 if (negated) {
813 debug("%.200s line %d: Skipping Host "
814 "block because of negated match "
815 "for %.100s", filename, linenum,
816 arg);
817 *activep = 0;
818 break;
819 }
820 if (!*activep)
821 arg2 = arg; /* logged below */
Damien Miller95def091999-11-25 00:26:21 +1100822 *activep = 1;
Damien Miller95def091999-11-25 00:26:21 +1100823 }
Damien Millerfe924212011-05-15 08:44:45 +1000824 }
825 if (*activep)
826 debug("%.200s line %d: Applying options for %.100s",
827 filename, linenum, arg2);
Damien Millerbe484b52000-07-15 14:14:16 +1000828 /* Avoid garbage check below, as strdelim is done. */
Damien Miller95def091999-11-25 00:26:21 +1100829 return 0;
830
831 case oEscapeChar:
832 intptr = &options->escape_char;
Damien Millerbe484b52000-07-15 14:14:16 +1000833 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000834 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100835 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000836 if (arg[0] == '^' && arg[2] == 0 &&
Ben Lindstrom46c16222000-12-22 01:43:59 +0000837 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
838 value = (u_char) arg[1] & 31;
Damien Miller37023962000-07-11 17:31:38 +1000839 else if (strlen(arg) == 1)
Ben Lindstrom46c16222000-12-22 01:43:59 +0000840 value = (u_char) arg[0];
Damien Miller37023962000-07-11 17:31:38 +1000841 else if (strcmp(arg, "none") == 0)
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +0000842 value = SSH_ESCAPECHAR_NONE;
Damien Miller95def091999-11-25 00:26:21 +1100843 else {
844 fatal("%.200s line %d: Bad escape character.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100845 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100846 /* NOTREACHED */
847 value = 0; /* Avoid compiler warning. */
848 }
849 if (*activep && *intptr == -1)
850 *intptr = value;
851 break;
852
Damien Miller20a8f972003-05-18 20:50:30 +1000853 case oAddressFamily:
854 arg = strdelim(&s);
Damien Miller17b23d82005-05-26 12:11:56 +1000855 if (!arg || *arg == '\0')
856 fatal("%s line %d: missing address family.",
857 filename, linenum);
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000858 intptr = &options->address_family;
Damien Miller20a8f972003-05-18 20:50:30 +1000859 if (strcasecmp(arg, "inet") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000860 value = AF_INET;
Damien Miller20a8f972003-05-18 20:50:30 +1000861 else if (strcasecmp(arg, "inet6") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000862 value = AF_INET6;
Damien Miller20a8f972003-05-18 20:50:30 +1000863 else if (strcasecmp(arg, "any") == 0)
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000864 value = AF_UNSPEC;
Damien Miller20a8f972003-05-18 20:50:30 +1000865 else
866 fatal("Unsupported AddressFamily \"%s\"", arg);
Darren Tucker0a4f04b2003-07-03 20:37:47 +1000867 if (*activep && *intptr == -1)
868 *intptr = value;
Damien Miller20a8f972003-05-18 20:50:30 +1000869 break;
870
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000871 case oEnableSSHKeysign:
872 intptr = &options->enable_ssh_keysign;
873 goto parse_flag;
874
Damien Millerbd394c32004-03-08 23:12:36 +1100875 case oIdentitiesOnly:
876 intptr = &options->identities_only;
877 goto parse_flag;
878
Damien Miller509b0102003-12-17 16:33:10 +1100879 case oServerAliveInterval:
880 intptr = &options->server_alive_interval;
881 goto parse_time;
882
883 case oServerAliveCountMax:
884 intptr = &options->server_alive_count_max;
885 goto parse_int;
886
Darren Tucker46bc0752004-05-02 22:11:30 +1000887 case oSendEnv:
888 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
889 if (strchr(arg, '=') != NULL)
890 fatal("%s line %d: Invalid environment name.",
891 filename, linenum);
Damien Millerf8e7acc2005-03-05 11:22:50 +1100892 if (!*activep)
893 continue;
Darren Tucker46bc0752004-05-02 22:11:30 +1000894 if (options->num_send_env >= MAX_SEND_ENV)
895 fatal("%s line %d: too many send env.",
896 filename, linenum);
897 options->send_env[options->num_send_env++] =
898 xstrdup(arg);
899 }
900 break;
901
Damien Miller0e220db2004-06-15 10:34:08 +1000902 case oControlPath:
903 charptr = &options->control_path;
904 goto parse_string;
905
906 case oControlMaster:
907 intptr = &options->control_master;
Damien Millerd14b1e72005-06-16 13:19:41 +1000908 arg = strdelim(&s);
909 if (!arg || *arg == '\0')
910 fatal("%.200s line %d: Missing ControlMaster argument.",
911 filename, linenum);
912 value = 0; /* To avoid compiler warning... */
913 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
914 value = SSHCTL_MASTER_YES;
915 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
916 value = SSHCTL_MASTER_NO;
917 else if (strcmp(arg, "auto") == 0)
918 value = SSHCTL_MASTER_AUTO;
919 else if (strcmp(arg, "ask") == 0)
920 value = SSHCTL_MASTER_ASK;
921 else if (strcmp(arg, "autoask") == 0)
922 value = SSHCTL_MASTER_AUTO_ASK;
923 else
924 fatal("%.200s line %d: Bad ControlMaster argument.",
925 filename, linenum);
926 if (*activep && *intptr == -1)
927 *intptr = value;
928 break;
Damien Miller0e220db2004-06-15 10:34:08 +1000929
Damien Millere11e1ea2010-08-03 16:04:46 +1000930 case oControlPersist:
931 /* no/false/yes/true, or a time spec */
932 intptr = &options->control_persist;
933 arg = strdelim(&s);
934 if (!arg || *arg == '\0')
935 fatal("%.200s line %d: Missing ControlPersist"
936 " argument.", filename, linenum);
937 value = 0;
938 value2 = 0; /* timeout */
939 if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
940 value = 0;
941 else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
942 value = 1;
943 else if ((value2 = convtime(arg)) >= 0)
944 value = 1;
945 else
946 fatal("%.200s line %d: Bad ControlPersist argument.",
947 filename, linenum);
948 if (*activep && *intptr == -1) {
949 *intptr = value;
950 options->control_persist_timeout = value2;
951 }
952 break;
953
Damien Millere1776152005-03-01 21:47:37 +1100954 case oHashKnownHosts:
955 intptr = &options->hash_known_hosts;
956 goto parse_flag;
957
Damien Millerd27b9472005-12-13 19:29:02 +1100958 case oTunnel:
959 intptr = &options->tun_open;
Damien Miller7b58e802005-12-13 19:33:19 +1100960 arg = strdelim(&s);
961 if (!arg || *arg == '\0')
962 fatal("%s line %d: Missing yes/point-to-point/"
963 "ethernet/no argument.", filename, linenum);
964 value = 0; /* silence compiler */
965 if (strcasecmp(arg, "ethernet") == 0)
966 value = SSH_TUNMODE_ETHERNET;
967 else if (strcasecmp(arg, "point-to-point") == 0)
968 value = SSH_TUNMODE_POINTOPOINT;
969 else if (strcasecmp(arg, "yes") == 0)
970 value = SSH_TUNMODE_DEFAULT;
971 else if (strcasecmp(arg, "no") == 0)
972 value = SSH_TUNMODE_NO;
973 else
974 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
975 "no argument: %s", filename, linenum, arg);
976 if (*activep)
977 *intptr = value;
978 break;
Damien Millerd27b9472005-12-13 19:29:02 +1100979
980 case oTunnelDevice:
981 arg = strdelim(&s);
982 if (!arg || *arg == '\0')
983 fatal("%.200s line %d: Missing argument.", filename, linenum);
984 value = a2tun(arg, &value2);
Damien Miller7b58e802005-12-13 19:33:19 +1100985 if (value == SSH_TUNID_ERR)
Damien Millerd27b9472005-12-13 19:29:02 +1100986 fatal("%.200s line %d: Bad tun device.", filename, linenum);
987 if (*activep) {
988 options->tun_local = value;
989 options->tun_remote = value2;
990 }
991 break;
992
993 case oLocalCommand:
994 charptr = &options->local_command;
995 goto parse_command;
996
997 case oPermitLocalCommand:
998 intptr = &options->permit_local_command;
999 goto parse_flag;
1000
Damien Miller10288242008-06-30 00:04:03 +10001001 case oVisualHostKey:
1002 intptr = &options->visual_host_key;
1003 goto parse_flag;
1004
Damien Miller0dac6fb2010-11-20 15:19:38 +11001005 case oIPQoS:
1006 arg = strdelim(&s);
1007 if ((value = parse_ipqos(arg)) == -1)
1008 fatal("%s line %d: Bad IPQoS value: %s",
1009 filename, linenum, arg);
1010 arg = strdelim(&s);
1011 if (arg == NULL)
1012 value2 = value;
1013 else if ((value2 = parse_ipqos(arg)) == -1)
1014 fatal("%s line %d: Bad IPQoS value: %s",
1015 filename, linenum, arg);
1016 if (*activep) {
1017 options->ip_qos_interactive = value;
1018 options->ip_qos_bulk = value2;
1019 }
1020 break;
1021
Darren Tucker71e4d542009-07-06 07:12:27 +10001022 case oUseRoaming:
1023 intptr = &options->use_roaming;
1024 goto parse_flag;
1025
Damien Miller21771e22011-05-15 08:45:50 +10001026 case oRequestTTY:
1027 arg = strdelim(&s);
1028 if (!arg || *arg == '\0')
1029 fatal("%s line %d: missing argument.",
1030 filename, linenum);
1031 intptr = &options->request_tty;
1032 if (strcasecmp(arg, "yes") == 0)
1033 value = REQUEST_TTY_YES;
1034 else if (strcasecmp(arg, "no") == 0)
1035 value = REQUEST_TTY_NO;
1036 else if (strcasecmp(arg, "force") == 0)
1037 value = REQUEST_TTY_FORCE;
1038 else if (strcasecmp(arg, "auto") == 0)
1039 value = REQUEST_TTY_AUTO;
1040 else
1041 fatal("Unsupported RequestTTY \"%s\"", arg);
1042 if (*activep && *intptr == -1)
1043 *intptr = value;
1044 break;
1045
Ben Lindstrom4daea862002-06-09 20:04:02 +00001046 case oDeprecated:
Ben Lindstrom2e17b082002-06-09 20:13:27 +00001047 debug("%s line %d: Deprecated option \"%s\"",
Ben Lindstrom4daea862002-06-09 20:04:02 +00001048 filename, linenum, keyword);
Ben Lindstrom2e17b082002-06-09 20:13:27 +00001049 return 0;
Ben Lindstrom4daea862002-06-09 20:04:02 +00001050
Damien Millerf9b3feb2003-05-16 11:38:32 +10001051 case oUnsupported:
1052 error("%s line %d: Unsupported option \"%s\"",
1053 filename, linenum, keyword);
1054 return 0;
1055
Damien Miller95def091999-11-25 00:26:21 +11001056 default:
1057 fatal("process_config_line: Unimplemented opcode %d", opcode);
1058 }
1059
1060 /* Check that there is no garbage at end of line. */
Ben Lindstrom226cfa02001-01-22 05:34:40 +00001061 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
Damien Miller37023962000-07-11 17:31:38 +10001062 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
Damien Miller0dc1bef2005-07-17 17:22:45 +10001063 filename, linenum, arg);
Damien Miller37023962000-07-11 17:31:38 +10001064 }
Damien Miller95def091999-11-25 00:26:21 +11001065 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001066}
1067
1068
Damien Miller5428f641999-11-25 11:54:57 +11001069/*
1070 * Reads the config file and modifies the options accordingly. Options
1071 * should already be initialized before this call. This never returns if
Ben Lindstromedc0cf22001-09-12 18:32:20 +00001072 * there is an error. If the file does not exist, this returns 0.
Damien Miller5428f641999-11-25 11:54:57 +11001073 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001074
Ben Lindstromedc0cf22001-09-12 18:32:20 +00001075int
Darren Tuckerfc959702004-07-17 16:12:08 +10001076read_config_file(const char *filename, const char *host, Options *options,
Damien Miller57a44762004-04-20 20:11:57 +10001077 int checkperm)
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001078{
Damien Miller95def091999-11-25 00:26:21 +11001079 FILE *f;
1080 char line[1024];
1081 int active, linenum;
1082 int bad_options = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001083
Damien Miller57a44762004-04-20 20:11:57 +10001084 if ((f = fopen(filename, "r")) == NULL)
Ben Lindstromedc0cf22001-09-12 18:32:20 +00001085 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001086
Damien Miller57a44762004-04-20 20:11:57 +10001087 if (checkperm) {
1088 struct stat sb;
Darren Tuckerfc959702004-07-17 16:12:08 +10001089
Damien Miller33793852004-06-15 10:27:55 +10001090 if (fstat(fileno(f), &sb) == -1)
Damien Miller57a44762004-04-20 20:11:57 +10001091 fatal("fstat %s: %s", filename, strerror(errno));
Damien Miller57a44762004-04-20 20:11:57 +10001092 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
Damien Miller33793852004-06-15 10:27:55 +10001093 (sb.st_mode & 022) != 0))
Damien Miller57a44762004-04-20 20:11:57 +10001094 fatal("Bad owner or permissions on %s", filename);
Damien Miller57a44762004-04-20 20:11:57 +10001095 }
1096
Damien Miller95def091999-11-25 00:26:21 +11001097 debug("Reading configuration data %.200s", filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001098
Damien Miller5428f641999-11-25 11:54:57 +11001099 /*
1100 * Mark that we are now processing the options. This flag is turned
1101 * on/off by Host specifications.
1102 */
Damien Miller95def091999-11-25 00:26:21 +11001103 active = 1;
1104 linenum = 0;
1105 while (fgets(line, sizeof(line), f)) {
1106 /* Update line number counter. */
1107 linenum++;
1108 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
1109 bad_options++;
1110 }
1111 fclose(f);
1112 if (bad_options > 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +00001113 fatal("%s: terminating, %d bad configuration options",
Damien Miller9f0f5c62001-12-21 14:45:46 +11001114 filename, bad_options);
Ben Lindstromedc0cf22001-09-12 18:32:20 +00001115 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001116}
1117
Damien Miller5428f641999-11-25 11:54:57 +11001118/*
1119 * Initializes options to special values that indicate that they have not yet
1120 * been set. Read_config_file will only set options with this value. Options
1121 * are processed in the following order: command line, user config file,
1122 * system config file. Last, fill_default_options is called.
1123 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001124
Damien Miller4af51302000-04-16 11:18:38 +10001125void
Damien Miller95def091999-11-25 00:26:21 +11001126initialize_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001127{
Damien Miller95def091999-11-25 00:26:21 +11001128 memset(options, 'X', sizeof(*options));
1129 options->forward_agent = -1;
1130 options->forward_x11 = -1;
Darren Tucker0a118da2003-10-15 15:54:32 +10001131 options->forward_x11_trusted = -1;
Damien Miller1ab6a512010-06-26 10:02:24 +10001132 options->forward_x11_timeout = -1;
Darren Tuckere7d4b192006-07-12 22:17:10 +10001133 options->exit_on_forward_failure = -1;
Damien Millerd3a18572000-06-07 19:55:44 +10001134 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001135 options->gateway_ports = -1;
1136 options->use_privileged_port = -1;
Damien Miller95def091999-11-25 00:26:21 +11001137 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001138 options->pubkey_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +00001139 options->challenge_response_authentication = -1;
Darren Tucker0efd1552003-08-26 11:49:55 +10001140 options->gss_authentication = -1;
1141 options->gss_deleg_creds = -1;
Damien Miller95def091999-11-25 00:26:21 +11001142 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +11001143 options->kbd_interactive_authentication = -1;
1144 options->kbd_interactive_devices = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001145 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +00001146 options->hostbased_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +11001147 options->batch_mode = -1;
1148 options->check_host_ip = -1;
1149 options->strict_host_key_checking = -1;
1150 options->compression = -1;
Damien Miller12c150e2003-12-17 16:31:10 +11001151 options->tcp_keep_alive = -1;
Damien Miller95def091999-11-25 00:26:21 +11001152 options->compression_level = -1;
1153 options->port = -1;
Darren Tucker0a4f04b2003-07-03 20:37:47 +10001154 options->address_family = -1;
Damien Miller95def091999-11-25 00:26:21 +11001155 options->connection_attempts = -1;
Damien Millerb78d5eb2003-05-16 11:39:04 +10001156 options->connection_timeout = -1;
Damien Miller95def091999-11-25 00:26:21 +11001157 options->number_of_password_prompts = -1;
1158 options->cipher = -1;
Damien Miller78928792000-04-12 20:17:38 +10001159 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +00001160 options->macs = NULL;
Damien Millerd5f62bf2010-09-24 22:11:14 +10001161 options->kex_algorithms = NULL;
Ben Lindstrom982dbbc2001-04-17 18:11:36 +00001162 options->hostkeyalgorithms = NULL;
Damien Miller78928792000-04-12 20:17:38 +10001163 options->protocol = SSH_PROTO_UNKNOWN;
Damien Miller95def091999-11-25 00:26:21 +11001164 options->num_identity_files = 0;
1165 options->hostname = NULL;
Ben Lindstrom4dccfa52000-12-28 16:40:05 +00001166 options->host_key_alias = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001167 options->proxy_command = NULL;
1168 options->user = NULL;
1169 options->escape_char = -1;
Damien Miller295ee632011-05-29 21:42:31 +10001170 options->num_system_hostfiles = 0;
1171 options->num_user_hostfiles = 0;
Damien Miller232cfb12010-06-26 09:50:30 +10001172 options->local_forwards = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001173 options->num_local_forwards = 0;
Damien Miller232cfb12010-06-26 09:50:30 +10001174 options->remote_forwards = NULL;
Damien Miller95def091999-11-25 00:26:21 +11001175 options->num_remote_forwards = 0;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +00001176 options->clear_forwardings = -1;
Damien Millerfcd93202002-02-05 12:26:34 +11001177 options->log_level = SYSLOG_LEVEL_NOT_SET;
Ben Lindstromb9be60a2001-03-11 01:49:19 +00001178 options->preferred_authentications = NULL;
Ben Lindstrome0f88042001-04-30 13:06:24 +00001179 options->bind_address = NULL;
Damien Miller7ea845e2010-02-12 09:21:02 +11001180 options->pkcs11_provider = NULL;
Ben Lindstromb6df73b2002-11-09 15:52:31 +00001181 options->enable_ssh_keysign = - 1;
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +00001182 options->no_host_authentication_for_localhost = - 1;
Damien Millerbd394c32004-03-08 23:12:36 +11001183 options->identities_only = - 1;
Damien Millera5539d22003-04-09 20:50:06 +10001184 options->rekey_limit = - 1;
Damien Miller37876e92003-05-15 10:19:46 +10001185 options->verify_host_key_dns = -1;
Damien Miller509b0102003-12-17 16:33:10 +11001186 options->server_alive_interval = -1;
1187 options->server_alive_count_max = -1;
Darren Tucker46bc0752004-05-02 22:11:30 +10001188 options->num_send_env = 0;
Damien Miller0e220db2004-06-15 10:34:08 +10001189 options->control_path = NULL;
1190 options->control_master = -1;
Damien Millere11e1ea2010-08-03 16:04:46 +10001191 options->control_persist = -1;
1192 options->control_persist_timeout = 0;
Damien Millere1776152005-03-01 21:47:37 +11001193 options->hash_known_hosts = -1;
Damien Millerd27b9472005-12-13 19:29:02 +11001194 options->tun_open = -1;
1195 options->tun_local = -1;
1196 options->tun_remote = -1;
1197 options->local_command = NULL;
1198 options->permit_local_command = -1;
Darren Tucker71e4d542009-07-06 07:12:27 +10001199 options->use_roaming = -1;
Damien Miller10288242008-06-30 00:04:03 +10001200 options->visual_host_key = -1;
Damien Miller01ed2272008-11-05 16:20:46 +11001201 options->zero_knowledge_password_authentication = -1;
Damien Miller0dac6fb2010-11-20 15:19:38 +11001202 options->ip_qos_interactive = -1;
1203 options->ip_qos_bulk = -1;
Damien Miller21771e22011-05-15 08:45:50 +10001204 options->request_tty = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001205}
1206
Damien Miller5428f641999-11-25 11:54:57 +11001207/*
1208 * Called after processing other sources of option data, this fills those
1209 * options for which no value has been specified with their default values.
1210 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001211
Damien Miller4af51302000-04-16 11:18:38 +10001212void
Damien Miller95def091999-11-25 00:26:21 +11001213fill_default_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001214{
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001215 int len;
1216
Damien Miller95def091999-11-25 00:26:21 +11001217 if (options->forward_agent == -1)
Damien Millerb1715dc2000-05-30 13:44:51 +10001218 options->forward_agent = 0;
Damien Miller95def091999-11-25 00:26:21 +11001219 if (options->forward_x11 == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +11001220 options->forward_x11 = 0;
Darren Tucker0a118da2003-10-15 15:54:32 +10001221 if (options->forward_x11_trusted == -1)
1222 options->forward_x11_trusted = 0;
Damien Miller1ab6a512010-06-26 10:02:24 +10001223 if (options->forward_x11_timeout == -1)
1224 options->forward_x11_timeout = 1200;
Darren Tuckere7d4b192006-07-12 22:17:10 +10001225 if (options->exit_on_forward_failure == -1)
1226 options->exit_on_forward_failure = 0;
Damien Millerd3a18572000-06-07 19:55:44 +10001227 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +00001228 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +11001229 if (options->gateway_ports == -1)
1230 options->gateway_ports = 0;
1231 if (options->use_privileged_port == -1)
Ben Lindstromcebc8582001-03-08 03:39:10 +00001232 options->use_privileged_port = 0;
Damien Miller95def091999-11-25 00:26:21 +11001233 if (options->rsa_authentication == -1)
1234 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001235 if (options->pubkey_authentication == -1)
1236 options->pubkey_authentication = 1;
Ben Lindstrom551ea372001-06-05 18:56:16 +00001237 if (options->challenge_response_authentication == -1)
Ben Lindstrom0076d752001-08-06 20:53:26 +00001238 options->challenge_response_authentication = 1;
Darren Tucker0efd1552003-08-26 11:49:55 +10001239 if (options->gss_authentication == -1)
Darren Tuckera044f472003-10-15 15:52:03 +10001240 options->gss_authentication = 0;
Darren Tucker0efd1552003-08-26 11:49:55 +10001241 if (options->gss_deleg_creds == -1)
1242 options->gss_deleg_creds = 0;
Damien Miller95def091999-11-25 00:26:21 +11001243 if (options->password_authentication == -1)
1244 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +11001245 if (options->kbd_interactive_authentication == -1)
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +00001246 options->kbd_interactive_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +11001247 if (options->rhosts_rsa_authentication == -1)
Ben Lindstrom2bf82762002-06-11 15:53:05 +00001248 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +00001249 if (options->hostbased_authentication == -1)
1250 options->hostbased_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +11001251 if (options->batch_mode == -1)
1252 options->batch_mode = 0;
1253 if (options->check_host_ip == -1)
1254 options->check_host_ip = 1;
1255 if (options->strict_host_key_checking == -1)
1256 options->strict_host_key_checking = 2; /* 2 is default */
1257 if (options->compression == -1)
1258 options->compression = 0;
Damien Miller12c150e2003-12-17 16:31:10 +11001259 if (options->tcp_keep_alive == -1)
1260 options->tcp_keep_alive = 1;
Damien Miller95def091999-11-25 00:26:21 +11001261 if (options->compression_level == -1)
1262 options->compression_level = 6;
1263 if (options->port == -1)
1264 options->port = 0; /* Filled in ssh_connect. */
Darren Tucker0a4f04b2003-07-03 20:37:47 +10001265 if (options->address_family == -1)
1266 options->address_family = AF_UNSPEC;
Damien Miller95def091999-11-25 00:26:21 +11001267 if (options->connection_attempts == -1)
Ben Lindstromf9cedb92001-08-06 21:07:11 +00001268 options->connection_attempts = 1;
Damien Miller95def091999-11-25 00:26:21 +11001269 if (options->number_of_password_prompts == -1)
1270 options->number_of_password_prompts = 3;
1271 /* Selected in ssh_login(). */
1272 if (options->cipher == -1)
1273 options->cipher = SSH_CIPHER_NOT_SET;
Damien Miller30c3d422000-05-09 11:02:59 +10001274 /* options->ciphers, default set in myproposals.h */
Ben Lindstrom06b33aa2001-02-15 03:01:59 +00001275 /* options->macs, default set in myproposals.h */
Damien Millerd5f62bf2010-09-24 22:11:14 +10001276 /* options->kex_algorithms, default set in myproposals.h */
Ben Lindstrom982dbbc2001-04-17 18:11:36 +00001277 /* options->hostkeyalgorithms, default set in myproposals.h */
Damien Miller78928792000-04-12 20:17:38 +10001278 if (options->protocol == SSH_PROTO_UNKNOWN)
Darren Tuckerbad50762009-10-11 21:51:08 +11001279 options->protocol = SSH_PROTO_2;
Damien Miller95def091999-11-25 00:26:21 +11001280 if (options->num_identity_files == 0) {
Damien Miller0bc1bd82000-11-13 22:57:25 +11001281 if (options->protocol & SSH_PROTO_1) {
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001282 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001283 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001284 xmalloc(len);
1285 snprintf(options->identity_files[options->num_identity_files++],
1286 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
Damien Miller0bc1bd82000-11-13 22:57:25 +11001287 }
1288 if (options->protocol & SSH_PROTO_2) {
Ben Lindstromb00d4fb2001-03-05 06:03:03 +00001289 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1290 options->identity_files[options->num_identity_files] =
1291 xmalloc(len);
1292 snprintf(options->identity_files[options->num_identity_files++],
1293 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1294
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001295 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +11001296 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +00001297 xmalloc(len);
1298 snprintf(options->identity_files[options->num_identity_files++],
1299 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
Damien Miller6af914a2010-09-10 11:39:26 +10001300#ifdef OPENSSL_HAS_ECC
Damien Millereb8b60e2010-08-31 22:41:14 +10001301 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
1302 options->identity_files[options->num_identity_files] =
1303 xmalloc(len);
1304 snprintf(options->identity_files[options->num_identity_files++],
1305 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
Damien Miller6af914a2010-09-10 11:39:26 +10001306#endif
Damien Miller0bc1bd82000-11-13 22:57:25 +11001307 }
Damien Millereba71ba2000-04-29 23:57:08 +10001308 }
Damien Miller95def091999-11-25 00:26:21 +11001309 if (options->escape_char == -1)
1310 options->escape_char = '~';
Damien Miller295ee632011-05-29 21:42:31 +10001311 if (options->num_system_hostfiles == 0) {
1312 options->system_hostfiles[options->num_system_hostfiles++] =
1313 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
1314 options->system_hostfiles[options->num_system_hostfiles++] =
1315 xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
1316 }
1317 if (options->num_user_hostfiles == 0) {
1318 options->user_hostfiles[options->num_user_hostfiles++] =
1319 xstrdup(_PATH_SSH_USER_HOSTFILE);
1320 options->user_hostfiles[options->num_user_hostfiles++] =
1321 xstrdup(_PATH_SSH_USER_HOSTFILE2);
1322 }
Damien Millerfcd93202002-02-05 12:26:34 +11001323 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +00001324 options->log_level = SYSLOG_LEVEL_INFO;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +00001325 if (options->clear_forwardings == 1)
1326 clear_forwardings(options);
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +00001327 if (options->no_host_authentication_for_localhost == - 1)
1328 options->no_host_authentication_for_localhost = 0;
Damien Millerbd394c32004-03-08 23:12:36 +11001329 if (options->identities_only == -1)
1330 options->identities_only = 0;
Ben Lindstromb6df73b2002-11-09 15:52:31 +00001331 if (options->enable_ssh_keysign == -1)
1332 options->enable_ssh_keysign = 0;
Damien Millera5539d22003-04-09 20:50:06 +10001333 if (options->rekey_limit == -1)
1334 options->rekey_limit = 0;
Damien Miller37876e92003-05-15 10:19:46 +10001335 if (options->verify_host_key_dns == -1)
1336 options->verify_host_key_dns = 0;
Damien Miller509b0102003-12-17 16:33:10 +11001337 if (options->server_alive_interval == -1)
1338 options->server_alive_interval = 0;
1339 if (options->server_alive_count_max == -1)
1340 options->server_alive_count_max = 3;
Damien Miller0e220db2004-06-15 10:34:08 +10001341 if (options->control_master == -1)
1342 options->control_master = 0;
Damien Millere11e1ea2010-08-03 16:04:46 +10001343 if (options->control_persist == -1) {
1344 options->control_persist = 0;
1345 options->control_persist_timeout = 0;
1346 }
Damien Millere1776152005-03-01 21:47:37 +11001347 if (options->hash_known_hosts == -1)
1348 options->hash_known_hosts = 0;
Damien Millerd27b9472005-12-13 19:29:02 +11001349 if (options->tun_open == -1)
Damien Miller7b58e802005-12-13 19:33:19 +11001350 options->tun_open = SSH_TUNMODE_NO;
1351 if (options->tun_local == -1)
1352 options->tun_local = SSH_TUNID_ANY;
1353 if (options->tun_remote == -1)
1354 options->tun_remote = SSH_TUNID_ANY;
Damien Millerd27b9472005-12-13 19:29:02 +11001355 if (options->permit_local_command == -1)
1356 options->permit_local_command = 0;
Darren Tucker71e4d542009-07-06 07:12:27 +10001357 if (options->use_roaming == -1)
1358 options->use_roaming = 1;
Damien Miller10288242008-06-30 00:04:03 +10001359 if (options->visual_host_key == -1)
1360 options->visual_host_key = 0;
Damien Miller01ed2272008-11-05 16:20:46 +11001361 if (options->zero_knowledge_password_authentication == -1)
1362 options->zero_knowledge_password_authentication = 0;
Damien Miller0dac6fb2010-11-20 15:19:38 +11001363 if (options->ip_qos_interactive == -1)
1364 options->ip_qos_interactive = IPTOS_LOWDELAY;
1365 if (options->ip_qos_bulk == -1)
1366 options->ip_qos_bulk = IPTOS_THROUGHPUT;
Damien Miller21771e22011-05-15 08:45:50 +10001367 if (options->request_tty == -1)
1368 options->request_tty = REQUEST_TTY_AUTO;
Damien Millerd27b9472005-12-13 19:29:02 +11001369 /* options->local_command should not be set by default */
Damien Miller95def091999-11-25 00:26:21 +11001370 /* options->proxy_command should not be set by default */
1371 /* options->user will be set in the main program if appropriate */
1372 /* options->hostname will be set in the main program if appropriate */
Ben Lindstrom4dccfa52000-12-28 16:40:05 +00001373 /* options->host_key_alias should not be set by default */
Ben Lindstromb9be60a2001-03-11 01:49:19 +00001374 /* options->preferred_authentications will be set in ssh */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001375}
Damien Millerf91ee4c2005-03-01 21:24:33 +11001376
1377/*
1378 * parse_forward
1379 * parses a string containing a port forwarding specification of the form:
Damien Millera699d952008-11-03 19:27:34 +11001380 * dynamicfwd == 0
Damien Millerf91ee4c2005-03-01 21:24:33 +11001381 * [listenhost:]listenport:connecthost:connectport
Damien Millera699d952008-11-03 19:27:34 +11001382 * dynamicfwd == 1
1383 * [listenhost:]listenport
Damien Millerf91ee4c2005-03-01 21:24:33 +11001384 * returns number of arguments parsed or zero on error
1385 */
1386int
Damien Miller4bf648f2009-02-14 16:28:21 +11001387parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
Damien Millerf91ee4c2005-03-01 21:24:33 +11001388{
1389 int i;
1390 char *p, *cp, *fwdarg[4];
1391
1392 memset(fwd, '\0', sizeof(*fwd));
1393
1394 cp = p = xstrdup(fwdspec);
1395
1396 /* skip leading spaces */
Darren Tucker03b1cdb2007-03-21 20:46:03 +11001397 while (isspace(*cp))
Damien Millerf91ee4c2005-03-01 21:24:33 +11001398 cp++;
1399
1400 for (i = 0; i < 4; ++i)
1401 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1402 break;
1403
Damien Millerf4b39532008-11-03 19:28:21 +11001404 /* Check for trailing garbage */
Damien Millerf91ee4c2005-03-01 21:24:33 +11001405 if (cp != NULL)
1406 i = 0; /* failure */
1407
1408 switch (i) {
Damien Millera699d952008-11-03 19:27:34 +11001409 case 1:
1410 fwd->listen_host = NULL;
1411 fwd->listen_port = a2port(fwdarg[0]);
1412 fwd->connect_host = xstrdup("socks");
1413 break;
1414
1415 case 2:
1416 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1417 fwd->listen_port = a2port(fwdarg[1]);
1418 fwd->connect_host = xstrdup("socks");
1419 break;
1420
Damien Millerf91ee4c2005-03-01 21:24:33 +11001421 case 3:
1422 fwd->listen_host = NULL;
1423 fwd->listen_port = a2port(fwdarg[0]);
1424 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1425 fwd->connect_port = a2port(fwdarg[2]);
1426 break;
1427
1428 case 4:
1429 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1430 fwd->listen_port = a2port(fwdarg[1]);
1431 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1432 fwd->connect_port = a2port(fwdarg[3]);
1433 break;
1434 default:
1435 i = 0; /* failure */
1436 }
1437
1438 xfree(p);
1439
Damien Millera699d952008-11-03 19:27:34 +11001440 if (dynamicfwd) {
1441 if (!(i == 1 || i == 2))
1442 goto fail_free;
1443 } else {
1444 if (!(i == 3 || i == 4))
1445 goto fail_free;
Damien Miller3dc71ad2009-01-28 16:31:22 +11001446 if (fwd->connect_port <= 0)
Damien Millera699d952008-11-03 19:27:34 +11001447 goto fail_free;
1448 }
1449
Damien Miller4bf648f2009-02-14 16:28:21 +11001450 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
Damien Millerf91ee4c2005-03-01 21:24:33 +11001451 goto fail_free;
1452
1453 if (fwd->connect_host != NULL &&
1454 strlen(fwd->connect_host) >= NI_MAXHOST)
1455 goto fail_free;
Damien Miller4bf648f2009-02-14 16:28:21 +11001456 if (fwd->listen_host != NULL &&
1457 strlen(fwd->listen_host) >= NI_MAXHOST)
1458 goto fail_free;
1459
Damien Millerf91ee4c2005-03-01 21:24:33 +11001460
1461 return (i);
1462
1463 fail_free:
Damien Miller0d772d92008-12-09 14:12:05 +11001464 if (fwd->connect_host != NULL) {
Damien Millerf91ee4c2005-03-01 21:24:33 +11001465 xfree(fwd->connect_host);
Damien Miller0d772d92008-12-09 14:12:05 +11001466 fwd->connect_host = NULL;
1467 }
1468 if (fwd->listen_host != NULL) {
Damien Millerf91ee4c2005-03-01 21:24:33 +11001469 xfree(fwd->listen_host);
Damien Miller0d772d92008-12-09 14:12:05 +11001470 fwd->listen_host = NULL;
1471 }
Damien Millerf91ee4c2005-03-01 21:24:33 +11001472 return (0);
1473}