Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/readconf.c
/* $OpenBSD: readconf.c,v 1.304 2019/03/01 02:08:50 djm Exp $ */ | /* $OpenBSD: readconf.c,v 1.304 2019/03/01 02:08:50 djm Exp $ */ | ||||
/* | /* | ||||
* Author: Tatu Ylonen <ylo@cs.hut.fi> | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||||
* All rights reserved | * All rights reserved | ||||
* Functions for reading the configuration files. | * Functions for reading the configuration files. | ||||
* | * | ||||
* As far as I am concerned, the code I have written for this software | * As far as I am concerned, the code I have written for this software | ||||
* can be used freely for any purpose. Any derived versions of this | * can be used freely for any purpose. Any derived versions of this | ||||
* software must be clearly marked as such, and if the derived work is | * software must be clearly marked as such, and if the derived work is | ||||
* incompatible with the protocol description in the RFC file, it must be | * incompatible with the protocol description in the RFC file, it must be | ||||
* called by a name other than "ssh" or "Secure Shell". | * called by a name other than "ssh" or "Secure Shell". | ||||
*/ | */ | ||||
#include "includes.h" | #include "includes.h" | ||||
__RCSID("$FreeBSD$"); | |||||
#include <sys/types.h> | #include <sys/types.h> | ||||
#ifdef VMWARE_GUEST_WORKAROUND | |||||
#include <sys/sysctl.h> | |||||
#endif | |||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/wait.h> | #include <sys/wait.h> | ||||
#include <sys/un.h> | #include <sys/un.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <netinet/in_systm.h> | #include <netinet/in_systm.h> | ||||
#include <netinet/ip.h> | #include <netinet/ip.h> | ||||
Show All 36 Lines | |||||
#include "misc.h" | #include "misc.h" | ||||
#include "readconf.h" | #include "readconf.h" | ||||
#include "match.h" | #include "match.h" | ||||
#include "kex.h" | #include "kex.h" | ||||
#include "mac.h" | #include "mac.h" | ||||
#include "uidswap.h" | #include "uidswap.h" | ||||
#include "myproposal.h" | #include "myproposal.h" | ||||
#include "digest.h" | #include "digest.h" | ||||
#include "version.h" | |||||
/* Format of the configuration file: | /* Format of the configuration file: | ||||
# Configuration data is parsed as follows: | # Configuration data is parsed as follows: | ||||
# 1. command line options | # 1. command line options | ||||
# 2. user-specific file | # 2. user-specific file | ||||
# 3. system-wide file | # 3. system-wide file | ||||
# Any configuration value is only changed the first time it is set. | # Any configuration value is only changed the first time it is set. | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | static int process_config_line_depth(Options *options, struct passwd *pw, | ||||
const char *host, const char *original_host, char *line, | const char *host, const char *original_host, char *line, | ||||
const char *filename, int linenum, int *activep, int flags, | const char *filename, int linenum, int *activep, int flags, | ||||
int *want_final_pass, int depth); | int *want_final_pass, int depth); | ||||
/* Keyword tokens. */ | /* Keyword tokens. */ | ||||
typedef enum { | typedef enum { | ||||
oBadOption, | oBadOption, | ||||
oVersionAddendum, | |||||
oHost, oMatch, oInclude, | oHost, oMatch, oInclude, | ||||
oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, | ||||
oGatewayPorts, oExitOnForwardFailure, | oGatewayPorts, oExitOnForwardFailure, | ||||
oPasswordAuthentication, oRSAAuthentication, | oPasswordAuthentication, oRSAAuthentication, | ||||
oChallengeResponseAuthentication, oXAuthLocation, | oChallengeResponseAuthentication, oXAuthLocation, | ||||
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | ||||
oCertificateFile, oAddKeysToAgent, oIdentityAgent, | oCertificateFile, oAddKeysToAgent, oIdentityAgent, | ||||
oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | ||||
▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines | #endif | ||||
{ "revokedhostkeys", oRevokedHostKeys }, | { "revokedhostkeys", oRevokedHostKeys }, | ||||
{ "fingerprinthash", oFingerprintHash }, | { "fingerprinthash", oFingerprintHash }, | ||||
{ "updatehostkeys", oUpdateHostkeys }, | { "updatehostkeys", oUpdateHostkeys }, | ||||
{ "hostbasedkeytypes", oHostbasedKeyTypes }, | { "hostbasedkeytypes", oHostbasedKeyTypes }, | ||||
{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | ||||
{ "ignoreunknown", oIgnoreUnknown }, | { "ignoreunknown", oIgnoreUnknown }, | ||||
{ "proxyjump", oProxyJump }, | { "proxyjump", oProxyJump }, | ||||
{ "hpndisabled", oDeprecated }, | |||||
{ "hpnbuffersize", oDeprecated }, | |||||
{ "tcprcvbufpoll", oDeprecated }, | |||||
{ "tcprcvbuf", oDeprecated }, | |||||
{ "noneenabled", oUnsupported }, | |||||
{ "noneswitch", oUnsupported }, | |||||
{ "versionaddendum", oVersionAddendum }, | |||||
{ NULL, oBadOption } | { NULL, oBadOption } | ||||
}; | }; | ||||
/* | /* | ||||
* Adds a local TCP/IP port forward to options. Never returns if there is an | * Adds a local TCP/IP port forward to options. Never returns if there is an | ||||
* error. | * error. | ||||
*/ | */ | ||||
void | void | ||||
add_local_forward(Options *options, const struct Forward *newfwd) | add_local_forward(Options *options, const struct Forward *newfwd) | ||||
{ | { | ||||
struct Forward *fwd; | struct Forward *fwd; | ||||
int i; | int i, ipport_reserved; | ||||
/* Don't add duplicates */ | /* Don't add duplicates */ | ||||
for (i = 0; i < options->num_local_forwards; i++) { | for (i = 0; i < options->num_local_forwards; i++) { | ||||
if (forward_equals(newfwd, options->local_forwards + i)) | if (forward_equals(newfwd, options->local_forwards + i)) | ||||
return; | return; | ||||
} | } | ||||
options->local_forwards = xreallocarray(options->local_forwards, | options->local_forwards = xreallocarray(options->local_forwards, | ||||
options->num_local_forwards + 1, | options->num_local_forwards + 1, | ||||
▲ Show 20 Lines • Show All 1,260 Lines • ▼ Show 20 Lines | case oIPQoS: | ||||
} | } | ||||
break; | break; | ||||
case oRequestTTY: | case oRequestTTY: | ||||
intptr = &options->request_tty; | intptr = &options->request_tty; | ||||
multistate_ptr = multistate_requesttty; | multistate_ptr = multistate_requesttty; | ||||
goto parse_multistate; | goto parse_multistate; | ||||
case oVersionAddendum: | |||||
if (s == NULL) | |||||
fatal("%.200s line %d: Missing argument.", filename, | |||||
linenum); | |||||
len = strspn(s, WHITESPACE); | |||||
if (*activep && options->version_addendum == NULL) { | |||||
if (strcasecmp(s + len, "none") == 0) | |||||
options->version_addendum = xstrdup(""); | |||||
else if (strchr(s + len, '\r') != NULL) | |||||
fatal("%.200s line %d: Invalid argument", | |||||
filename, linenum); | |||||
else | |||||
options->version_addendum = xstrdup(s + len); | |||||
} | |||||
return 0; | |||||
case oIgnoreUnknown: | case oIgnoreUnknown: | ||||
charptr = &options->ignored_unknown; | charptr = &options->ignored_unknown; | ||||
goto parse_string; | goto parse_string; | ||||
case oProxyUseFdpass: | case oProxyUseFdpass: | ||||
intptr = &options->proxy_use_fdpass; | intptr = &options->proxy_use_fdpass; | ||||
goto parse_flag; | goto parse_flag; | ||||
▲ Show 20 Lines • Show All 223 Lines • ▼ Show 20 Lines | |||||
* are processed in the following order: command line, user config file, | * are processed in the following order: command line, user config file, | ||||
* system config file. Last, fill_default_options is called. | * system config file. Last, fill_default_options is called. | ||||
*/ | */ | ||||
void | void | ||||
initialize_options(Options * options) | initialize_options(Options * options) | ||||
{ | { | ||||
memset(options, 'X', sizeof(*options)); | memset(options, 'X', sizeof(*options)); | ||||
options->version_addendum = NULL; | |||||
options->forward_agent = -1; | options->forward_agent = -1; | ||||
options->forward_x11 = -1; | options->forward_x11 = -1; | ||||
options->forward_x11_trusted = -1; | options->forward_x11_trusted = -1; | ||||
options->forward_x11_timeout = -1; | options->forward_x11_timeout = -1; | ||||
options->stdio_forward_host = NULL; | options->stdio_forward_host = NULL; | ||||
options->stdio_forward_port = 0; | options->stdio_forward_port = 0; | ||||
options->clear_forwardings = -1; | options->clear_forwardings = -1; | ||||
options->exit_on_forward_failure = -1; | options->exit_on_forward_failure = -1; | ||||
▲ Show 20 Lines • Show All 109 Lines • ▼ Show 20 Lines | |||||
* Called after processing other sources of option data, this fills those | * Called after processing other sources of option data, this fills those | ||||
* options for which no value has been specified with their default values. | * options for which no value has been specified with their default values. | ||||
*/ | */ | ||||
void | void | ||||
fill_default_options(Options * options) | fill_default_options(Options * options) | ||||
{ | { | ||||
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; | ||||
int r; | int r; | ||||
#ifdef VMWARE_GUEST_WORKAROUND | |||||
char scval[7]; /* "vmware\0" */ | |||||
size_t scsiz = sizeof(scval); | |||||
int vmwguest = 0; | |||||
if (sysctlbyname("kern.vm_guest", scval, &scsiz, NULL, 0) == 0 && | |||||
strcmp(scval, "vmware") == 0) | |||||
vmwguest = 1; | |||||
#endif | |||||
if (options->forward_agent == -1) | if (options->forward_agent == -1) | ||||
options->forward_agent = 0; | options->forward_agent = 0; | ||||
if (options->forward_x11 == -1) | if (options->forward_x11 == -1) | ||||
options->forward_x11 = 0; | options->forward_x11 = 0; | ||||
if (options->forward_x11_trusted == -1) | if (options->forward_x11_trusted == -1) | ||||
options->forward_x11_trusted = 0; | options->forward_x11_trusted = 0; | ||||
if (options->forward_x11_timeout == -1) | if (options->forward_x11_timeout == -1) | ||||
options->forward_x11_timeout = 1200; | options->forward_x11_timeout = 1200; | ||||
Show All 30 Lines | if (options->password_authentication == -1) | ||||
options->password_authentication = 1; | options->password_authentication = 1; | ||||
if (options->kbd_interactive_authentication == -1) | if (options->kbd_interactive_authentication == -1) | ||||
options->kbd_interactive_authentication = 1; | options->kbd_interactive_authentication = 1; | ||||
if (options->hostbased_authentication == -1) | if (options->hostbased_authentication == -1) | ||||
options->hostbased_authentication = 0; | options->hostbased_authentication = 0; | ||||
if (options->batch_mode == -1) | if (options->batch_mode == -1) | ||||
options->batch_mode = 0; | options->batch_mode = 0; | ||||
if (options->check_host_ip == -1) | if (options->check_host_ip == -1) | ||||
options->check_host_ip = 1; | options->check_host_ip = 0; | ||||
if (options->strict_host_key_checking == -1) | if (options->strict_host_key_checking == -1) | ||||
options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; | ||||
if (options->compression == -1) | if (options->compression == -1) | ||||
options->compression = 0; | options->compression = 0; | ||||
if (options->tcp_keep_alive == -1) | if (options->tcp_keep_alive == -1) | ||||
options->tcp_keep_alive = 1; | options->tcp_keep_alive = 1; | ||||
if (options->port == -1) | if (options->port == -1) | ||||
options->port = 0; /* Filled in ssh_connect. */ | options->port = 0; /* Filled in ssh_connect. */ | ||||
Show All 39 Lines | #endif | ||||
if (options->identities_only == -1) | if (options->identities_only == -1) | ||||
options->identities_only = 0; | options->identities_only = 0; | ||||
if (options->enable_ssh_keysign == -1) | if (options->enable_ssh_keysign == -1) | ||||
options->enable_ssh_keysign = 0; | options->enable_ssh_keysign = 0; | ||||
if (options->rekey_limit == -1) | if (options->rekey_limit == -1) | ||||
options->rekey_limit = 0; | options->rekey_limit = 0; | ||||
if (options->rekey_interval == -1) | if (options->rekey_interval == -1) | ||||
options->rekey_interval = 0; | options->rekey_interval = 0; | ||||
#if HAVE_LDNS | |||||
if (options->verify_host_key_dns == -1) | if (options->verify_host_key_dns == -1) | ||||
/* automatically trust a verified SSHFP record */ | |||||
options->verify_host_key_dns = 1; | |||||
#else | |||||
if (options->verify_host_key_dns == -1) | |||||
options->verify_host_key_dns = 0; | options->verify_host_key_dns = 0; | ||||
#endif | |||||
if (options->server_alive_interval == -1) | if (options->server_alive_interval == -1) | ||||
options->server_alive_interval = 0; | options->server_alive_interval = 0; | ||||
if (options->server_alive_count_max == -1) | if (options->server_alive_count_max == -1) | ||||
options->server_alive_count_max = 3; | options->server_alive_count_max = 3; | ||||
if (options->control_master == -1) | if (options->control_master == -1) | ||||
options->control_master = 0; | options->control_master = 0; | ||||
if (options->control_persist == -1) { | if (options->control_persist == -1) { | ||||
options->control_persist = 0; | options->control_persist = 0; | ||||
options->control_persist_timeout = 0; | options->control_persist_timeout = 0; | ||||
} | } | ||||
if (options->hash_known_hosts == -1) | if (options->hash_known_hosts == -1) | ||||
options->hash_known_hosts = 0; | options->hash_known_hosts = 0; | ||||
if (options->tun_open == -1) | if (options->tun_open == -1) | ||||
options->tun_open = SSH_TUNMODE_NO; | options->tun_open = SSH_TUNMODE_NO; | ||||
if (options->tun_local == -1) | if (options->tun_local == -1) | ||||
options->tun_local = SSH_TUNID_ANY; | options->tun_local = SSH_TUNID_ANY; | ||||
if (options->tun_remote == -1) | if (options->tun_remote == -1) | ||||
options->tun_remote = SSH_TUNID_ANY; | options->tun_remote = SSH_TUNID_ANY; | ||||
if (options->permit_local_command == -1) | if (options->permit_local_command == -1) | ||||
options->permit_local_command = 0; | options->permit_local_command = 0; | ||||
if (options->visual_host_key == -1) | if (options->visual_host_key == -1) | ||||
options->visual_host_key = 0; | options->visual_host_key = 0; | ||||
if (options->ip_qos_interactive == -1) | if (options->ip_qos_interactive == -1) | ||||
#ifdef VMWARE_GUEST_WORKAROUND | |||||
if (vmwguest) | |||||
options->ip_qos_interactive = IPTOS_LOWDELAY; | |||||
else | |||||
#endif | |||||
options->ip_qos_interactive = IPTOS_DSCP_AF21; | options->ip_qos_interactive = IPTOS_DSCP_AF21; | ||||
if (options->ip_qos_bulk == -1) | if (options->ip_qos_bulk == -1) | ||||
#ifdef VMWARE_GUEST_WORKAROUND | |||||
if (vmwguest) | |||||
options->ip_qos_bulk = IPTOS_THROUGHPUT; | |||||
else | |||||
#endif | |||||
options->ip_qos_bulk = IPTOS_DSCP_CS1; | options->ip_qos_bulk = IPTOS_DSCP_CS1; | ||||
if (options->request_tty == -1) | if (options->request_tty == -1) | ||||
options->request_tty = REQUEST_TTY_AUTO; | options->request_tty = REQUEST_TTY_AUTO; | ||||
if (options->proxy_use_fdpass == -1) | if (options->proxy_use_fdpass == -1) | ||||
options->proxy_use_fdpass = 0; | options->proxy_use_fdpass = 0; | ||||
if (options->canonicalize_max_dots == -1) | if (options->canonicalize_max_dots == -1) | ||||
options->canonicalize_max_dots = 1; | options->canonicalize_max_dots = 1; | ||||
if (options->canonicalize_fallback_local == -1) | if (options->canonicalize_fallback_local == -1) | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | if (options->jump_host != NULL && | ||||
free(options->jump_host); | free(options->jump_host); | ||||
options->jump_host = NULL; | options->jump_host = NULL; | ||||
} | } | ||||
/* options->identity_agent distinguishes NULL from 'none' */ | /* options->identity_agent distinguishes NULL from 'none' */ | ||||
/* options->user will be set in the main program if appropriate */ | /* options->user will be set in the main program if appropriate */ | ||||
/* options->hostname will be set in the main program if appropriate */ | /* options->hostname will be set in the main program if appropriate */ | ||||
/* options->host_key_alias should not be set by default */ | /* options->host_key_alias should not be set by default */ | ||||
/* options->preferred_authentications will be set in ssh */ | /* options->preferred_authentications will be set in ssh */ | ||||
if (options->version_addendum == NULL) | |||||
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); | |||||
} | } | ||||
struct fwdarg { | struct fwdarg { | ||||
char *arg; | char *arg; | ||||
int ispath; | int ispath; | ||||
}; | }; | ||||
/* | /* | ||||
▲ Show 20 Lines • Show All 601 Lines • Show Last 20 Lines |