blob: 4c5d4485937a0ce2c88fc7b0f43599e0ade150a4 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11003 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * Functions for reading the configuration files.
Damien Miller4af51302000-04-16 11:18:38 +10006 *
Damien Millere4340be2000-09-16 13:29:08 +11007 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110012 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "includes.h"
Damien Miller2aa0ab42003-05-15 12:05:28 +100015RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100016
17#include "ssh.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100018#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100019#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000020#include "cipher.h"
21#include "pathnames.h"
22#include "log.h"
23#include "readconf.h"
24#include "match.h"
25#include "misc.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000026#include "kex.h"
27#include "mac.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100028
29/* Format of the configuration file:
30
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
34 # 3. system-wide file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
38
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
42
43 Host *.ngs.fi ngs.fi
Ben Lindstrom4daea862002-06-09 20:04:02 +000044 User foo
Damien Millerd4a8b7e1999-10-27 13:42:43 +100045
46 Host fake.com
47 HostName another.host.name.real.org
48 User blaah
49 Port 34289
50 ForwardX11 no
51 ForwardAgent no
52
53 Host books.com
54 RemoteForward 9999 shadows.cs.hut.fi:9999
55 Cipher 3des
56
57 Host fascist.blob.com
58 Port 23123
59 User tylonen
60 RhostsAuthentication no
61 PasswordAuthentication no
62
63 Host puukko.hut.fi
64 User t35124p
65 ProxyCommand ssh-proxy %h %p
66
67 Host *.fr
Ben Lindstrom4daea862002-06-09 20:04:02 +000068 PublicKeyAuthentication no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100069
70 Host *.su
71 Cipher none
72 PasswordAuthentication no
73
74 # Defaults for various options
75 Host *
76 ForwardAgent no
Damien Miller0bc1bd82000-11-13 22:57:25 +110077 ForwardX11 no
Damien Millerd4a8b7e1999-10-27 13:42:43 +100078 RhostsAuthentication yes
79 PasswordAuthentication yes
80 RSAAuthentication yes
81 RhostsRSAAuthentication yes
Damien Millerd4a8b7e1999-10-27 13:42:43 +100082 StrictHostKeyChecking yes
83 KeepAlives no
84 IdentityFile ~/.ssh/identity
85 Port 22
86 EscapeChar ~
87
88*/
89
90/* Keyword tokens. */
91
Damien Miller95def091999-11-25 00:26:21 +110092typedef enum {
93 oBadOption,
94 oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
Ben Lindstromcb72e4f2002-06-21 00:41:51 +000095 oPasswordAuthentication, oRSAAuthentication,
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +000096 oChallengeResponseAuthentication, oXAuthLocation,
Damien Miller2aa0ab42003-05-15 12:05:28 +100097 oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing,
Damien Miller95def091999-11-25 00:26:21 +110098 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
99 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
100 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
101 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000102 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000103 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100104 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000105 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000106 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000107 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
Ben Lindstrom4daea862002-06-09 20:04:02 +0000108 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
Damien Miller37876e92003-05-15 10:19:46 +1000109 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
Ben Lindstrom4daea862002-06-09 20:04:02 +0000110 oDeprecated
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000111} OpCodes;
112
113/* Textual representations of the tokens. */
114
Damien Miller95def091999-11-25 00:26:21 +1100115static struct {
116 const char *name;
117 OpCodes opcode;
118} keywords[] = {
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
Damien Millerd3a18572000-06-07 19:55:44 +1000121 { "xauthlocation", oXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100122 { "gatewayports", oGatewayPorts },
123 { "useprivilegedport", oUsePrivilegedPort },
124 { "rhostsauthentication", oRhostsAuthentication },
125 { "passwordauthentication", oPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100126 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
127 { "kbdinteractivedevices", oKbdInteractiveDevices },
Damien Miller95def091999-11-25 00:26:21 +1100128 { "rsaauthentication", oRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100129 { "pubkeyauthentication", oPubkeyAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000130 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000131 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
Ben Lindstromd69dab32001-04-12 23:36:05 +0000132 { "hostbasedauthentication", oHostbasedAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000133 { "challengeresponseauthentication", oChallengeResponseAuthentication },
134 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
135 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
Damien Miller95def091999-11-25 00:26:21 +1100136 { "kerberosauthentication", oKerberosAuthentication },
Damien Miller95def091999-11-25 00:26:21 +1100137 { "kerberostgtpassing", oKerberosTgtPassing },
138 { "afstokenpassing", oAFSTokenPassing },
Ben Lindstrom4daea862002-06-09 20:04:02 +0000139 { "fallbacktorsh", oDeprecated },
140 { "usersh", oDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100141 { "identityfile", oIdentityFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100142 { "identityfile2", oIdentityFile }, /* alias */
Damien Miller95def091999-11-25 00:26:21 +1100143 { "hostname", oHostName },
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000144 { "hostkeyalias", oHostKeyAlias },
Damien Miller95def091999-11-25 00:26:21 +1100145 { "proxycommand", oProxyCommand },
146 { "port", oPort },
147 { "cipher", oCipher },
Damien Miller78928792000-04-12 20:17:38 +1000148 { "ciphers", oCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000149 { "macs", oMacs },
Damien Miller78928792000-04-12 20:17:38 +1000150 { "protocol", oProtocol },
Damien Miller95def091999-11-25 00:26:21 +1100151 { "remoteforward", oRemoteForward },
152 { "localforward", oLocalForward },
153 { "user", oUser },
154 { "host", oHost },
155 { "escapechar", oEscapeChar },
Damien Miller95def091999-11-25 00:26:21 +1100156 { "globalknownhostsfile", oGlobalKnownHostsFile },
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000157 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
Damien Millereba71ba2000-04-29 23:57:08 +1000158 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
Ben Lindstromd6481ea2001-06-25 04:37:41 +0000159 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
Damien Miller95def091999-11-25 00:26:21 +1100160 { "connectionattempts", oConnectionAttempts },
161 { "batchmode", oBatchMode },
162 { "checkhostip", oCheckHostIP },
163 { "stricthostkeychecking", oStrictHostKeyChecking },
164 { "compression", oCompression },
165 { "compressionlevel", oCompressionLevel },
166 { "keepalive", oKeepAlives },
167 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
Damien Miller95def091999-11-25 00:26:21 +1100168 { "loglevel", oLogLevel },
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000169 { "dynamicforward", oDynamicForward },
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000170 { "preferredauthentications", oPreferredAuthentications },
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000171 { "hostkeyalgorithms", oHostKeyAlgorithms },
Ben Lindstrome0f88042001-04-30 13:06:24 +0000172 { "bindaddress", oBindAddress },
Ben Lindstromae996bf2001-08-06 21:27:53 +0000173 { "smartcarddevice", oSmartcardDevice },
Damien Miller9f0f5c62001-12-21 14:45:46 +1100174 { "clearallforwardings", oClearAllForwardings },
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000175 { "enablesshkeysign", oEnableSSHKeysign },
Damien Miller37876e92003-05-15 10:19:46 +1000176 { "verifyhostkeydns", oVerifyHostKeyDNS },
Damien Miller9f0f5c62001-12-21 14:45:46 +1100177 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
Damien Millera5539d22003-04-09 20:50:06 +1000178 { "rekeylimit", oRekeyLimit },
Ben Lindstrom65366a82001-12-06 16:32:47 +0000179 { NULL, oBadOption }
Damien Miller5ce662a1999-11-11 17:57:39 +1100180};
181
Damien Miller5428f641999-11-25 11:54:57 +1100182/*
183 * Adds a local TCP/IP port forward to options. Never returns if there is an
184 * error.
185 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000186
Damien Miller4af51302000-04-16 11:18:38 +1000187void
Damien Milleraae6c611999-12-06 11:47:28 +1100188add_local_forward(Options *options, u_short port, const char *host,
189 u_short host_port)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000190{
Damien Miller95def091999-11-25 00:26:21 +1100191 Forward *fwd;
Ben Lindstrom99a4e142002-07-09 14:06:40 +0000192#ifndef NO_IPPORT_RESERVED_CONCEPT
Damien Miller95def091999-11-25 00:26:21 +1100193 extern uid_t original_real_uid;
Damien Miller95def091999-11-25 00:26:21 +1100194 if (port < IPPORT_RESERVED && original_real_uid != 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000195 fatal("Privileged ports can only be forwarded by root.");
Damien Millerbac2d8a2000-09-05 16:13:06 +1100196#endif
Damien Miller95def091999-11-25 00:26:21 +1100197 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
198 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
199 fwd = &options->local_forwards[options->num_local_forwards++];
200 fwd->port = port;
201 fwd->host = xstrdup(host);
202 fwd->host_port = host_port;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000203}
204
Damien Miller5428f641999-11-25 11:54:57 +1100205/*
206 * Adds a remote TCP/IP port forward to options. Never returns if there is
207 * an error.
208 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000209
Damien Miller4af51302000-04-16 11:18:38 +1000210void
Damien Milleraae6c611999-12-06 11:47:28 +1100211add_remote_forward(Options *options, u_short port, const char *host,
212 u_short host_port)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000213{
Damien Miller95def091999-11-25 00:26:21 +1100214 Forward *fwd;
215 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
216 fatal("Too many remote forwards (max %d).",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100217 SSH_MAX_FORWARDS_PER_DIRECTION);
Damien Miller95def091999-11-25 00:26:21 +1100218 fwd = &options->remote_forwards[options->num_remote_forwards++];
219 fwd->port = port;
220 fwd->host = xstrdup(host);
221 fwd->host_port = host_port;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000222}
223
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000224static void
225clear_forwardings(Options *options)
226{
227 int i;
228
229 for (i = 0; i < options->num_local_forwards; i++)
230 xfree(options->local_forwards[i].host);
231 options->num_local_forwards = 0;
232 for (i = 0; i < options->num_remote_forwards; i++)
233 xfree(options->remote_forwards[i].host);
234 options->num_remote_forwards = 0;
235}
236
Damien Miller5428f641999-11-25 11:54:57 +1100237/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000238 * Returns the number of the token pointed to by cp or oBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100239 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000240
Damien Miller4af51302000-04-16 11:18:38 +1000241static OpCodes
Damien Miller95def091999-11-25 00:26:21 +1100242parse_token(const char *cp, const char *filename, int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000243{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000244 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000245
Damien Miller95def091999-11-25 00:26:21 +1100246 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100247 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100248 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000249
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000250 error("%s: line %d: Bad configuration option: %s",
251 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100252 return oBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000253}
254
Damien Miller5428f641999-11-25 11:54:57 +1100255/*
256 * Processes a single option line as used in the configuration files. This
257 * only sets those values that have not already been set.
258 */
Damien Miller61f08ac2003-02-24 11:56:27 +1100259#define WHITESPACE " \t\r\n"
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000260
Damien Miller2ccf6611999-11-15 15:25:10 +1100261int
262process_config_line(Options *options, const char *host,
Damien Miller95def091999-11-25 00:26:21 +1100263 char *line, const char *filename, int linenum,
264 int *activep)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000265{
Damien Miller61f08ac2003-02-24 11:56:27 +1100266 char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
Damien Milleraae6c611999-12-06 11:47:28 +1100267 int opcode, *intptr, value;
Damien Miller61f08ac2003-02-24 11:56:27 +1100268 size_t len;
Damien Milleraae6c611999-12-06 11:47:28 +1100269 u_short fwd_port, fwd_host_port;
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000270 char sfwd_host_port[6];
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000271
Damien Millerc652cac2003-05-14 13:40:54 +1000272 /* Strip trailing whitespace */
273 for(len = strlen(line) - 1; len > 0; len--) {
274 if (strchr(WHITESPACE, line[len]) == NULL)
275 break;
276 line[len] = '\0';
277 }
278
Damien Millerbe484b52000-07-15 14:14:16 +1000279 s = line;
280 /* Get the keyword. (Each line is supposed to begin with a keyword). */
281 keyword = strdelim(&s);
282 /* Ignore leading whitespace. */
283 if (*keyword == '\0')
284 keyword = strdelim(&s);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000285 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
Damien Miller95def091999-11-25 00:26:21 +1100286 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000287
Damien Miller37023962000-07-11 17:31:38 +1000288 opcode = parse_token(keyword, filename, linenum);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000289
Damien Miller95def091999-11-25 00:26:21 +1100290 switch (opcode) {
291 case oBadOption:
Damien Miller5428f641999-11-25 11:54:57 +1100292 /* don't panic, but count bad options */
293 return -1;
Damien Miller95def091999-11-25 00:26:21 +1100294 /* NOTREACHED */
295 case oForwardAgent:
296 intptr = &options->forward_agent;
297parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000298 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000299 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100300 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
301 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000302 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100303 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000304 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100305 value = 0;
306 else
307 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
308 if (*activep && *intptr == -1)
309 *intptr = value;
310 break;
311
312 case oForwardX11:
313 intptr = &options->forward_x11;
314 goto parse_flag;
315
316 case oGatewayPorts:
317 intptr = &options->gateway_ports;
318 goto parse_flag;
319
320 case oUsePrivilegedPort:
321 intptr = &options->use_privileged_port;
322 goto parse_flag;
323
324 case oRhostsAuthentication:
325 intptr = &options->rhosts_authentication;
326 goto parse_flag;
327
328 case oPasswordAuthentication:
329 intptr = &options->password_authentication;
330 goto parse_flag;
331
Damien Miller874d77b2000-10-14 16:23:11 +1100332 case oKbdInteractiveAuthentication:
333 intptr = &options->kbd_interactive_authentication;
334 goto parse_flag;
335
336 case oKbdInteractiveDevices:
337 charptr = &options->kbd_interactive_devices;
338 goto parse_string;
339
Damien Miller0bc1bd82000-11-13 22:57:25 +1100340 case oPubkeyAuthentication:
341 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000342 goto parse_flag;
343
Damien Miller95def091999-11-25 00:26:21 +1100344 case oRSAAuthentication:
345 intptr = &options->rsa_authentication;
346 goto parse_flag;
347
348 case oRhostsRSAAuthentication:
349 intptr = &options->rhosts_rsa_authentication;
350 goto parse_flag;
351
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000352 case oHostbasedAuthentication:
353 intptr = &options->hostbased_authentication;
354 goto parse_flag;
355
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000356 case oChallengeResponseAuthentication:
Ben Lindstrom551ea372001-06-05 18:56:16 +0000357 intptr = &options->challenge_response_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100358 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000359
Damien Miller95def091999-11-25 00:26:21 +1100360 case oKerberosAuthentication:
361 intptr = &options->kerberos_authentication;
362 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000363
Damien Miller95def091999-11-25 00:26:21 +1100364 case oKerberosTgtPassing:
365 intptr = &options->kerberos_tgt_passing;
366 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000367
Damien Miller95def091999-11-25 00:26:21 +1100368 case oAFSTokenPassing:
369 intptr = &options->afs_token_passing;
370 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000371
Damien Miller95def091999-11-25 00:26:21 +1100372 case oBatchMode:
373 intptr = &options->batch_mode;
374 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000375
Damien Miller95def091999-11-25 00:26:21 +1100376 case oCheckHostIP:
377 intptr = &options->check_host_ip;
378 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000379
Damien Miller37876e92003-05-15 10:19:46 +1000380 case oVerifyHostKeyDNS:
381 intptr = &options->verify_host_key_dns;
382 goto parse_flag;
383
Damien Miller95def091999-11-25 00:26:21 +1100384 case oStrictHostKeyChecking:
385 intptr = &options->strict_host_key_checking;
Damien Millerbe484b52000-07-15 14:14:16 +1000386 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000387 if (!arg || *arg == '\0')
Ben Lindstrom5ed8acd2001-01-29 08:00:54 +0000388 fatal("%.200s line %d: Missing yes/no/ask argument.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100389 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100390 value = 0; /* To avoid compiler warning... */
Damien Miller37023962000-07-11 17:31:38 +1000391 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100392 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000393 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100394 value = 0;
Damien Miller37023962000-07-11 17:31:38 +1000395 else if (strcmp(arg, "ask") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100396 value = 2;
397 else
398 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
399 if (*activep && *intptr == -1)
400 *intptr = value;
401 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000402
Damien Miller95def091999-11-25 00:26:21 +1100403 case oCompression:
404 intptr = &options->compression;
405 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000406
Damien Miller95def091999-11-25 00:26:21 +1100407 case oKeepAlives:
408 intptr = &options->keepalives;
409 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000410
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000411 case oNoHostAuthenticationForLocalhost:
412 intptr = &options->no_host_authentication_for_localhost;
413 goto parse_flag;
414
Damien Miller95def091999-11-25 00:26:21 +1100415 case oNumberOfPasswordPrompts:
416 intptr = &options->number_of_password_prompts;
417 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000418
Damien Miller95def091999-11-25 00:26:21 +1100419 case oCompressionLevel:
420 intptr = &options->compression_level;
421 goto parse_int;
422
Damien Millera5539d22003-04-09 20:50:06 +1000423 case oRekeyLimit:
424 intptr = &options->rekey_limit;
425 arg = strdelim(&s);
426 if (!arg || *arg == '\0')
427 fatal("%.200s line %d: Missing argument.", filename, linenum);
428 if (arg[0] < '0' || arg[0] > '9')
429 fatal("%.200s line %d: Bad number.", filename, linenum);
430 value = strtol(arg, &endofnumber, 10);
431 if (arg == endofnumber)
432 fatal("%.200s line %d: Bad number.", filename, linenum);
433 switch (toupper(*endofnumber)) {
434 case 'K':
435 value *= 1<<10;
436 break;
437 case 'M':
438 value *= 1<<20;
439 break;
440 case 'G':
441 value *= 1<<30;
442 break;
443 }
444 if (*activep && *intptr == -1)
445 *intptr = value;
446 break;
447
Damien Miller95def091999-11-25 00:26:21 +1100448 case oIdentityFile:
Damien Millerbe484b52000-07-15 14:14:16 +1000449 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000450 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100451 fatal("%.200s line %d: Missing argument.", filename, linenum);
452 if (*activep) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100453 intptr = &options->num_identity_files;
Damien Millereba71ba2000-04-29 23:57:08 +1000454 if (*intptr >= SSH_MAX_IDENTITY_FILES)
Damien Miller95def091999-11-25 00:26:21 +1100455 fatal("%.200s line %d: Too many identity files specified (max %d).",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100456 filename, linenum, SSH_MAX_IDENTITY_FILES);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100457 charptr = &options->identity_files[*intptr];
Damien Miller37023962000-07-11 17:31:38 +1000458 *charptr = xstrdup(arg);
Damien Millereba71ba2000-04-29 23:57:08 +1000459 *intptr = *intptr + 1;
Damien Miller95def091999-11-25 00:26:21 +1100460 }
461 break;
462
Damien Millerd3a18572000-06-07 19:55:44 +1000463 case oXAuthLocation:
464 charptr=&options->xauth_location;
465 goto parse_string;
466
Damien Miller95def091999-11-25 00:26:21 +1100467 case oUser:
468 charptr = &options->user;
469parse_string:
Damien Millerbe484b52000-07-15 14:14:16 +1000470 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000471 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100472 fatal("%.200s line %d: Missing argument.", filename, linenum);
473 if (*activep && *charptr == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000474 *charptr = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100475 break;
476
477 case oGlobalKnownHostsFile:
478 charptr = &options->system_hostfile;
479 goto parse_string;
480
481 case oUserKnownHostsFile:
482 charptr = &options->user_hostfile;
483 goto parse_string;
484
Damien Millereba71ba2000-04-29 23:57:08 +1000485 case oGlobalKnownHostsFile2:
486 charptr = &options->system_hostfile2;
487 goto parse_string;
488
489 case oUserKnownHostsFile2:
490 charptr = &options->user_hostfile2;
491 goto parse_string;
492
Damien Miller95def091999-11-25 00:26:21 +1100493 case oHostName:
494 charptr = &options->hostname;
495 goto parse_string;
496
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000497 case oHostKeyAlias:
498 charptr = &options->host_key_alias;
499 goto parse_string;
500
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000501 case oPreferredAuthentications:
502 charptr = &options->preferred_authentications;
503 goto parse_string;
504
Ben Lindstrome0f88042001-04-30 13:06:24 +0000505 case oBindAddress:
506 charptr = &options->bind_address;
507 goto parse_string;
508
Ben Lindstromae996bf2001-08-06 21:27:53 +0000509 case oSmartcardDevice:
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000510 charptr = &options->smartcard_device;
511 goto parse_string;
Ben Lindstromae996bf2001-08-06 21:27:53 +0000512
Damien Miller95def091999-11-25 00:26:21 +1100513 case oProxyCommand:
514 charptr = &options->proxy_command;
Damien Miller61f08ac2003-02-24 11:56:27 +1100515 len = strspn(s, WHITESPACE "=");
Damien Miller95def091999-11-25 00:26:21 +1100516 if (*activep && *charptr == NULL)
Damien Miller61f08ac2003-02-24 11:56:27 +1100517 *charptr = xstrdup(s + len);
Damien Miller95def091999-11-25 00:26:21 +1100518 return 0;
519
520 case oPort:
521 intptr = &options->port;
522parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000523 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000524 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100525 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000526 if (arg[0] < '0' || arg[0] > '9')
Damien Miller95def091999-11-25 00:26:21 +1100527 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller5428f641999-11-25 11:54:57 +1100528
529 /* Octal, decimal, or hex format? */
Damien Miller37023962000-07-11 17:31:38 +1000530 value = strtol(arg, &endofnumber, 0);
531 if (arg == endofnumber)
Damien Miller5428f641999-11-25 11:54:57 +1100532 fatal("%.200s line %d: Bad number.", filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100533 if (*activep && *intptr == -1)
534 *intptr = value;
535 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000536
Damien Miller95def091999-11-25 00:26:21 +1100537 case oConnectionAttempts:
538 intptr = &options->connection_attempts;
539 goto parse_int;
Damien Miller5ce662a1999-11-11 17:57:39 +1100540
Damien Miller95def091999-11-25 00:26:21 +1100541 case oCipher:
542 intptr = &options->cipher;
Damien Millerbe484b52000-07-15 14:14:16 +1000543 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000544 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000545 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000546 value = cipher_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100547 if (value == -1)
548 fatal("%.200s line %d: Bad cipher '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100549 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100550 if (*activep && *intptr == -1)
551 *intptr = value;
552 break;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000553
Damien Miller78928792000-04-12 20:17:38 +1000554 case oCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000555 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000556 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000557 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000558 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000559 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100560 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000561 if (*activep && options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000562 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000563 break;
564
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000565 case oMacs:
566 arg = strdelim(&s);
567 if (!arg || *arg == '\0')
568 fatal("%.200s line %d: Missing argument.", filename, linenum);
569 if (!mac_valid(arg))
570 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100571 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000572 if (*activep && options->macs == NULL)
573 options->macs = xstrdup(arg);
574 break;
575
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000576 case oHostKeyAlgorithms:
577 arg = strdelim(&s);
578 if (!arg || *arg == '\0')
579 fatal("%.200s line %d: Missing argument.", filename, linenum);
580 if (!key_names_valid2(arg))
581 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100582 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000583 if (*activep && options->hostkeyalgorithms == NULL)
584 options->hostkeyalgorithms = xstrdup(arg);
585 break;
586
Damien Miller78928792000-04-12 20:17:38 +1000587 case oProtocol:
588 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000589 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000590 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000591 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000592 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000593 if (value == SSH_PROTO_UNKNOWN)
594 fatal("%.200s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100595 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000596 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
597 *intptr = value;
598 break;
599
Damien Miller95def091999-11-25 00:26:21 +1100600 case oLogLevel:
601 intptr = (int *) &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000602 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000603 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100604 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000605 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100606 filename, linenum, arg ? arg : "<NONE>");
Damien Millerfcd93202002-02-05 12:26:34 +1100607 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
Damien Miller95def091999-11-25 00:26:21 +1100608 *intptr = (LogLevel) value;
609 break;
610
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000611 case oLocalForward:
Damien Miller95def091999-11-25 00:26:21 +1100612 case oRemoteForward:
Damien Millerbe484b52000-07-15 14:14:16 +1000613 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000614 if (!arg || *arg == '\0')
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000615 fatal("%.200s line %d: Missing port argument.",
616 filename, linenum);
617 if ((fwd_port = a2port(arg)) == 0)
618 fatal("%.200s line %d: Bad listen port.",
619 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000620 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000621 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100622 fatal("%.200s line %d: Missing second argument.",
Ben Lindstrom62c25a42001-09-12 18:01:59 +0000623 filename, linenum);
624 if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 &&
625 sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2)
626 fatal("%.200s line %d: Bad forwarding specification.",
627 filename, linenum);
628 if ((fwd_host_port = a2port(sfwd_host_port)) == 0)
629 fatal("%.200s line %d: Bad forwarding port.",
630 filename, linenum);
631 if (*activep) {
632 if (opcode == oLocalForward)
633 add_local_forward(options, fwd_port, buf,
634 fwd_host_port);
635 else if (opcode == oRemoteForward)
636 add_remote_forward(options, fwd_port, buf,
637 fwd_host_port);
638 }
Damien Miller95def091999-11-25 00:26:21 +1100639 break;
640
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000641 case oDynamicForward:
642 arg = strdelim(&s);
643 if (!arg || *arg == '\0')
644 fatal("%.200s line %d: Missing port argument.",
645 filename, linenum);
Ben Lindstrom19066a12001-04-12 23:39:26 +0000646 fwd_port = a2port(arg);
647 if (fwd_port == 0)
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000648 fatal("%.200s line %d: Badly formatted port number.",
649 filename, linenum);
Ben Lindstrom525a0932001-09-12 17:35:27 +0000650 if (*activep)
651 add_local_forward(options, fwd_port, "socks4", 0);
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000652 break;
Ben Lindstrom3bb4f9d2001-04-08 18:30:26 +0000653
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000654 case oClearAllForwardings:
655 intptr = &options->clear_forwardings;
656 goto parse_flag;
657
Damien Miller95def091999-11-25 00:26:21 +1100658 case oHost:
659 *activep = 0;
Damien Millerbe484b52000-07-15 14:14:16 +1000660 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
Damien Miller37023962000-07-11 17:31:38 +1000661 if (match_pattern(host, arg)) {
662 debug("Applying options for %.100s", arg);
Damien Miller95def091999-11-25 00:26:21 +1100663 *activep = 1;
664 break;
665 }
Damien Millerbe484b52000-07-15 14:14:16 +1000666 /* Avoid garbage check below, as strdelim is done. */
Damien Miller95def091999-11-25 00:26:21 +1100667 return 0;
668
669 case oEscapeChar:
670 intptr = &options->escape_char;
Damien Millerbe484b52000-07-15 14:14:16 +1000671 arg = strdelim(&s);
Damien Miller37023962000-07-11 17:31:38 +1000672 if (!arg || *arg == '\0')
Damien Miller95def091999-11-25 00:26:21 +1100673 fatal("%.200s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000674 if (arg[0] == '^' && arg[2] == 0 &&
Ben Lindstrom46c16222000-12-22 01:43:59 +0000675 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
676 value = (u_char) arg[1] & 31;
Damien Miller37023962000-07-11 17:31:38 +1000677 else if (strlen(arg) == 1)
Ben Lindstrom46c16222000-12-22 01:43:59 +0000678 value = (u_char) arg[0];
Damien Miller37023962000-07-11 17:31:38 +1000679 else if (strcmp(arg, "none") == 0)
Ben Lindstrom2b1f71b2001-06-05 20:32:21 +0000680 value = SSH_ESCAPECHAR_NONE;
Damien Miller95def091999-11-25 00:26:21 +1100681 else {
682 fatal("%.200s line %d: Bad escape character.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100683 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100684 /* NOTREACHED */
685 value = 0; /* Avoid compiler warning. */
686 }
687 if (*activep && *intptr == -1)
688 *intptr = value;
689 break;
690
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000691 case oEnableSSHKeysign:
692 intptr = &options->enable_ssh_keysign;
693 goto parse_flag;
694
Ben Lindstrom4daea862002-06-09 20:04:02 +0000695 case oDeprecated:
Ben Lindstrom2e17b082002-06-09 20:13:27 +0000696 debug("%s line %d: Deprecated option \"%s\"",
Ben Lindstrom4daea862002-06-09 20:04:02 +0000697 filename, linenum, keyword);
Ben Lindstrom2e17b082002-06-09 20:13:27 +0000698 return 0;
Ben Lindstrom4daea862002-06-09 20:04:02 +0000699
Damien Miller95def091999-11-25 00:26:21 +1100700 default:
701 fatal("process_config_line: Unimplemented opcode %d", opcode);
702 }
703
704 /* Check that there is no garbage at end of line. */
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000705 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
Damien Miller37023962000-07-11 17:31:38 +1000706 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100707 filename, linenum, arg);
Damien Miller37023962000-07-11 17:31:38 +1000708 }
Damien Miller95def091999-11-25 00:26:21 +1100709 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000710}
711
712
Damien Miller5428f641999-11-25 11:54:57 +1100713/*
714 * Reads the config file and modifies the options accordingly. Options
715 * should already be initialized before this call. This never returns if
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000716 * there is an error. If the file does not exist, this returns 0.
Damien Miller5428f641999-11-25 11:54:57 +1100717 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000718
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000719int
Damien Miller95def091999-11-25 00:26:21 +1100720read_config_file(const char *filename, const char *host, Options *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000721{
Damien Miller95def091999-11-25 00:26:21 +1100722 FILE *f;
723 char line[1024];
724 int active, linenum;
725 int bad_options = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000726
Damien Miller95def091999-11-25 00:26:21 +1100727 /* Open the file. */
728 f = fopen(filename, "r");
729 if (!f)
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000730 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000731
Damien Miller95def091999-11-25 00:26:21 +1100732 debug("Reading configuration data %.200s", filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000733
Damien Miller5428f641999-11-25 11:54:57 +1100734 /*
735 * Mark that we are now processing the options. This flag is turned
736 * on/off by Host specifications.
737 */
Damien Miller95def091999-11-25 00:26:21 +1100738 active = 1;
739 linenum = 0;
740 while (fgets(line, sizeof(line), f)) {
741 /* Update line number counter. */
742 linenum++;
743 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
744 bad_options++;
745 }
746 fclose(f);
747 if (bad_options > 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000748 fatal("%s: terminating, %d bad configuration options",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100749 filename, bad_options);
Ben Lindstromedc0cf22001-09-12 18:32:20 +0000750 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000751}
752
Damien Miller5428f641999-11-25 11:54:57 +1100753/*
754 * Initializes options to special values that indicate that they have not yet
755 * been set. Read_config_file will only set options with this value. Options
756 * are processed in the following order: command line, user config file,
757 * system config file. Last, fill_default_options is called.
758 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000759
Damien Miller4af51302000-04-16 11:18:38 +1000760void
Damien Miller95def091999-11-25 00:26:21 +1100761initialize_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000762{
Damien Miller95def091999-11-25 00:26:21 +1100763 memset(options, 'X', sizeof(*options));
764 options->forward_agent = -1;
765 options->forward_x11 = -1;
Damien Millerd3a18572000-06-07 19:55:44 +1000766 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100767 options->gateway_ports = -1;
768 options->use_privileged_port = -1;
769 options->rhosts_authentication = -1;
770 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100771 options->pubkey_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000772 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100773 options->kerberos_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100774 options->kerberos_tgt_passing = -1;
775 options->afs_token_passing = -1;
Damien Miller95def091999-11-25 00:26:21 +1100776 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +1100777 options->kbd_interactive_authentication = -1;
778 options->kbd_interactive_devices = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100779 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000780 options->hostbased_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100781 options->batch_mode = -1;
782 options->check_host_ip = -1;
783 options->strict_host_key_checking = -1;
784 options->compression = -1;
785 options->keepalives = -1;
786 options->compression_level = -1;
787 options->port = -1;
788 options->connection_attempts = -1;
789 options->number_of_password_prompts = -1;
790 options->cipher = -1;
Damien Miller78928792000-04-12 20:17:38 +1000791 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000792 options->macs = NULL;
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000793 options->hostkeyalgorithms = NULL;
Damien Miller78928792000-04-12 20:17:38 +1000794 options->protocol = SSH_PROTO_UNKNOWN;
Damien Miller95def091999-11-25 00:26:21 +1100795 options->num_identity_files = 0;
796 options->hostname = NULL;
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000797 options->host_key_alias = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100798 options->proxy_command = NULL;
799 options->user = NULL;
800 options->escape_char = -1;
801 options->system_hostfile = NULL;
802 options->user_hostfile = NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000803 options->system_hostfile2 = NULL;
804 options->user_hostfile2 = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100805 options->num_local_forwards = 0;
806 options->num_remote_forwards = 0;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000807 options->clear_forwardings = -1;
Damien Millerfcd93202002-02-05 12:26:34 +1100808 options->log_level = SYSLOG_LEVEL_NOT_SET;
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000809 options->preferred_authentications = NULL;
Ben Lindstrome0f88042001-04-30 13:06:24 +0000810 options->bind_address = NULL;
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000811 options->smartcard_device = NULL;
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000812 options->enable_ssh_keysign = - 1;
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000813 options->no_host_authentication_for_localhost = - 1;
Damien Millera5539d22003-04-09 20:50:06 +1000814 options->rekey_limit = - 1;
Damien Miller37876e92003-05-15 10:19:46 +1000815 options->verify_host_key_dns = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000816}
817
Damien Miller5428f641999-11-25 11:54:57 +1100818/*
819 * Called after processing other sources of option data, this fills those
820 * options for which no value has been specified with their default values.
821 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000822
Damien Miller4af51302000-04-16 11:18:38 +1000823void
Damien Miller95def091999-11-25 00:26:21 +1100824fill_default_options(Options * options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000825{
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +0000826 int len;
827
Damien Miller95def091999-11-25 00:26:21 +1100828 if (options->forward_agent == -1)
Damien Millerb1715dc2000-05-30 13:44:51 +1000829 options->forward_agent = 0;
Damien Miller95def091999-11-25 00:26:21 +1100830 if (options->forward_x11 == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100831 options->forward_x11 = 0;
Damien Millerd3a18572000-06-07 19:55:44 +1000832 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000833 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +1100834 if (options->gateway_ports == -1)
835 options->gateway_ports = 0;
836 if (options->use_privileged_port == -1)
Ben Lindstromcebc8582001-03-08 03:39:10 +0000837 options->use_privileged_port = 0;
Damien Miller95def091999-11-25 00:26:21 +1100838 if (options->rhosts_authentication == -1)
Ben Lindstrom2bf82762002-06-11 15:53:05 +0000839 options->rhosts_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100840 if (options->rsa_authentication == -1)
841 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100842 if (options->pubkey_authentication == -1)
843 options->pubkey_authentication = 1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000844 if (options->challenge_response_authentication == -1)
Ben Lindstrom0076d752001-08-06 20:53:26 +0000845 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100846 if (options->kerberos_authentication == -1)
847 options->kerberos_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100848 if (options->kerberos_tgt_passing == -1)
849 options->kerberos_tgt_passing = 1;
850 if (options->afs_token_passing == -1)
851 options->afs_token_passing = 1;
Damien Miller95def091999-11-25 00:26:21 +1100852 if (options->password_authentication == -1)
853 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100854 if (options->kbd_interactive_authentication == -1)
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000855 options->kbd_interactive_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100856 if (options->rhosts_rsa_authentication == -1)
Ben Lindstrom2bf82762002-06-11 15:53:05 +0000857 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000858 if (options->hostbased_authentication == -1)
859 options->hostbased_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100860 if (options->batch_mode == -1)
861 options->batch_mode = 0;
862 if (options->check_host_ip == -1)
863 options->check_host_ip = 1;
864 if (options->strict_host_key_checking == -1)
865 options->strict_host_key_checking = 2; /* 2 is default */
866 if (options->compression == -1)
867 options->compression = 0;
868 if (options->keepalives == -1)
869 options->keepalives = 1;
870 if (options->compression_level == -1)
871 options->compression_level = 6;
872 if (options->port == -1)
873 options->port = 0; /* Filled in ssh_connect. */
874 if (options->connection_attempts == -1)
Ben Lindstromf9cedb92001-08-06 21:07:11 +0000875 options->connection_attempts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100876 if (options->number_of_password_prompts == -1)
877 options->number_of_password_prompts = 3;
878 /* Selected in ssh_login(). */
879 if (options->cipher == -1)
880 options->cipher = SSH_CIPHER_NOT_SET;
Damien Miller30c3d422000-05-09 11:02:59 +1000881 /* options->ciphers, default set in myproposals.h */
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000882 /* options->macs, default set in myproposals.h */
Ben Lindstrom982dbbc2001-04-17 18:11:36 +0000883 /* options->hostkeyalgorithms, default set in myproposals.h */
Damien Miller78928792000-04-12 20:17:38 +1000884 if (options->protocol == SSH_PROTO_UNKNOWN)
Ben Lindstrom6b776432001-03-22 01:24:04 +0000885 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
Damien Miller95def091999-11-25 00:26:21 +1100886 if (options->num_identity_files == 0) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100887 if (options->protocol & SSH_PROTO_1) {
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +0000888 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100889 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +0000890 xmalloc(len);
891 snprintf(options->identity_files[options->num_identity_files++],
892 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100893 }
894 if (options->protocol & SSH_PROTO_2) {
Ben Lindstromb00d4fb2001-03-05 06:03:03 +0000895 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
896 options->identity_files[options->num_identity_files] =
897 xmalloc(len);
898 snprintf(options->identity_files[options->num_identity_files++],
899 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
900
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +0000901 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100902 options->identity_files[options->num_identity_files] =
Ben Lindstrom4f7a64a2001-02-10 22:50:09 +0000903 xmalloc(len);
904 snprintf(options->identity_files[options->num_identity_files++],
905 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100906 }
Damien Millereba71ba2000-04-29 23:57:08 +1000907 }
Damien Miller95def091999-11-25 00:26:21 +1100908 if (options->escape_char == -1)
909 options->escape_char = '~';
910 if (options->system_hostfile == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000911 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
Damien Miller95def091999-11-25 00:26:21 +1100912 if (options->user_hostfile == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000913 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
Damien Millereba71ba2000-04-29 23:57:08 +1000914 if (options->system_hostfile2 == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000915 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
Damien Millereba71ba2000-04-29 23:57:08 +1000916 if (options->user_hostfile2 == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000917 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
Damien Millerfcd93202002-02-05 12:26:34 +1100918 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000919 options->log_level = SYSLOG_LEVEL_INFO;
Ben Lindstrom2b7a0e92001-09-20 00:57:55 +0000920 if (options->clear_forwardings == 1)
921 clear_forwardings(options);
Ben Lindstrom3cecc9a2001-10-03 17:39:38 +0000922 if (options->no_host_authentication_for_localhost == - 1)
923 options->no_host_authentication_for_localhost = 0;
Ben Lindstromb6df73b2002-11-09 15:52:31 +0000924 if (options->enable_ssh_keysign == -1)
925 options->enable_ssh_keysign = 0;
Damien Millera5539d22003-04-09 20:50:06 +1000926 if (options->rekey_limit == -1)
927 options->rekey_limit = 0;
Damien Miller37876e92003-05-15 10:19:46 +1000928 if (options->verify_host_key_dns == -1)
929 options->verify_host_key_dns = 0;
Damien Miller95def091999-11-25 00:26:21 +1100930 /* options->proxy_command should not be set by default */
931 /* options->user will be set in the main program if appropriate */
932 /* options->hostname will be set in the main program if appropriate */
Ben Lindstrom4dccfa52000-12-28 16:40:05 +0000933 /* options->host_key_alias should not be set by default */
Ben Lindstromb9be60a2001-03-11 01:49:19 +0000934 /* options->preferred_authentications will be set in ssh */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000935}