Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/readconf.c
| /* $OpenBSD: readconf.c,v 1.304 2019/03/01 02:08:50 djm Exp $ */ | /* $OpenBSD: readconf.c,v 1.304 2019/03/01 02:08:50 djm Exp $ */ | ||||
| /* | /* | ||||
| * Author: Tatu Ylonen <ylo@cs.hut.fi> | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||||
| * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||||
| * All rights reserved | * All rights reserved | ||||
| * Functions for reading the configuration files. | * Functions for reading the configuration files. | ||||
| * | * | ||||
| * As far as I am concerned, the code I have written for this software | * As far as I am concerned, the code I have written for this software | ||||
| * can be used freely for any purpose. Any derived versions of this | * can be used freely for any purpose. Any derived versions of this | ||||
| * software must be clearly marked as such, and if the derived work is | * software must be clearly marked as such, and if the derived work is | ||||
| * incompatible with the protocol description in the RFC file, it must be | * incompatible with the protocol description in the RFC file, it must be | ||||
| * called by a name other than "ssh" or "Secure Shell". | * called by a name other than "ssh" or "Secure Shell". | ||||
| */ | */ | ||||
| #include "includes.h" | #include "includes.h" | ||||
| __RCSID("$FreeBSD$"); | |||||
| #include <sys/types.h> | #include <sys/types.h> | ||||
| #ifdef VMWARE_GUEST_WORKAROUND | |||||
| #include <sys/sysctl.h> | |||||
| #endif | |||||
| #include <sys/stat.h> | #include <sys/stat.h> | ||||
| #include <sys/socket.h> | #include <sys/socket.h> | ||||
| #include <sys/wait.h> | #include <sys/wait.h> | ||||
| #include <sys/un.h> | #include <sys/un.h> | ||||
| #include <netinet/in.h> | #include <netinet/in.h> | ||||
| #include <netinet/in_systm.h> | #include <netinet/in_systm.h> | ||||
| #include <netinet/ip.h> | #include <netinet/ip.h> | ||||
| Show All 36 Lines | |||||
| #include "misc.h" | #include "misc.h" | ||||
| #include "readconf.h" | #include "readconf.h" | ||||
| #include "match.h" | #include "match.h" | ||||
| #include "kex.h" | #include "kex.h" | ||||
| #include "mac.h" | #include "mac.h" | ||||
| #include "uidswap.h" | #include "uidswap.h" | ||||
| #include "myproposal.h" | #include "myproposal.h" | ||||
| #include "digest.h" | #include "digest.h" | ||||
| #include "version.h" | |||||
| /* Format of the configuration file: | /* Format of the configuration file: | ||||
| # Configuration data is parsed as follows: | # Configuration data is parsed as follows: | ||||
| # 1. command line options | # 1. command line options | ||||
| # 2. user-specific file | # 2. user-specific file | ||||
| # 3. system-wide file | # 3. system-wide file | ||||
| # Any configuration value is only changed the first time it is set. | # Any configuration value is only changed the first time it is set. | ||||
| ▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | static int process_config_line_depth(Options *options, struct passwd *pw, | ||||
| const char *host, const char *original_host, char *line, | const char *host, const char *original_host, char *line, | ||||
| const char *filename, int linenum, int *activep, int flags, | const char *filename, int linenum, int *activep, int flags, | ||||
| int *want_final_pass, int depth); | int *want_final_pass, int depth); | ||||
| /* Keyword tokens. */ | /* Keyword tokens. */ | ||||
| typedef enum { | typedef enum { | ||||
| oBadOption, | oBadOption, | ||||
| oVersionAddendum, | |||||
| oHost, oMatch, oInclude, | oHost, oMatch, oInclude, | ||||
| oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, | ||||
| oGatewayPorts, oExitOnForwardFailure, | oGatewayPorts, oExitOnForwardFailure, | ||||
| oPasswordAuthentication, oRSAAuthentication, | oPasswordAuthentication, oRSAAuthentication, | ||||
| oChallengeResponseAuthentication, oXAuthLocation, | oChallengeResponseAuthentication, oXAuthLocation, | ||||
| oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | ||||
| oCertificateFile, oAddKeysToAgent, oIdentityAgent, | oCertificateFile, oAddKeysToAgent, oIdentityAgent, | ||||
| oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | ||||
| ▲ Show 20 Lines • Show All 152 Lines • ▼ Show 20 Lines | #endif | ||||
| { "revokedhostkeys", oRevokedHostKeys }, | { "revokedhostkeys", oRevokedHostKeys }, | ||||
| { "fingerprinthash", oFingerprintHash }, | { "fingerprinthash", oFingerprintHash }, | ||||
| { "updatehostkeys", oUpdateHostkeys }, | { "updatehostkeys", oUpdateHostkeys }, | ||||
| { "hostbasedkeytypes", oHostbasedKeyTypes }, | { "hostbasedkeytypes", oHostbasedKeyTypes }, | ||||
| { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | ||||
| { "ignoreunknown", oIgnoreUnknown }, | { "ignoreunknown", oIgnoreUnknown }, | ||||
| { "proxyjump", oProxyJump }, | { "proxyjump", oProxyJump }, | ||||
| { "hpndisabled", oDeprecated }, | |||||
| { "hpnbuffersize", oDeprecated }, | |||||
| { "tcprcvbufpoll", oDeprecated }, | |||||
| { "tcprcvbuf", oDeprecated }, | |||||
| { "noneenabled", oUnsupported }, | |||||
| { "noneswitch", oUnsupported }, | |||||
| { "versionaddendum", oVersionAddendum }, | |||||
| { NULL, oBadOption } | { NULL, oBadOption } | ||||
| }; | }; | ||||
| /* | /* | ||||
| * Adds a local TCP/IP port forward to options. Never returns if there is an | * Adds a local TCP/IP port forward to options. Never returns if there is an | ||||
| * error. | * error. | ||||
| */ | */ | ||||
| void | void | ||||
| add_local_forward(Options *options, const struct Forward *newfwd) | add_local_forward(Options *options, const struct Forward *newfwd) | ||||
| { | { | ||||
| struct Forward *fwd; | struct Forward *fwd; | ||||
| int i; | int i, ipport_reserved; | ||||
| /* Don't add duplicates */ | /* Don't add duplicates */ | ||||
| for (i = 0; i < options->num_local_forwards; i++) { | for (i = 0; i < options->num_local_forwards; i++) { | ||||
| if (forward_equals(newfwd, options->local_forwards + i)) | if (forward_equals(newfwd, options->local_forwards + i)) | ||||
| return; | return; | ||||
| } | } | ||||
| options->local_forwards = xreallocarray(options->local_forwards, | options->local_forwards = xreallocarray(options->local_forwards, | ||||
| options->num_local_forwards + 1, | options->num_local_forwards + 1, | ||||
| ▲ Show 20 Lines • Show All 1,260 Lines • ▼ Show 20 Lines | case oIPQoS: | ||||
| } | } | ||||
| break; | break; | ||||
| case oRequestTTY: | case oRequestTTY: | ||||
| intptr = &options->request_tty; | intptr = &options->request_tty; | ||||
| multistate_ptr = multistate_requesttty; | multistate_ptr = multistate_requesttty; | ||||
| goto parse_multistate; | goto parse_multistate; | ||||
| case oVersionAddendum: | |||||
| if (s == NULL) | |||||
| fatal("%.200s line %d: Missing argument.", filename, | |||||
| linenum); | |||||
| len = strspn(s, WHITESPACE); | |||||
| if (*activep && options->version_addendum == NULL) { | |||||
| if (strcasecmp(s + len, "none") == 0) | |||||
| options->version_addendum = xstrdup(""); | |||||
| else if (strchr(s + len, '\r') != NULL) | |||||
| fatal("%.200s line %d: Invalid argument", | |||||
| filename, linenum); | |||||
| else | |||||
| options->version_addendum = xstrdup(s + len); | |||||
| } | |||||
| return 0; | |||||
| case oIgnoreUnknown: | case oIgnoreUnknown: | ||||
| charptr = &options->ignored_unknown; | charptr = &options->ignored_unknown; | ||||
| goto parse_string; | goto parse_string; | ||||
| case oProxyUseFdpass: | case oProxyUseFdpass: | ||||
| intptr = &options->proxy_use_fdpass; | intptr = &options->proxy_use_fdpass; | ||||
| goto parse_flag; | goto parse_flag; | ||||
| ▲ Show 20 Lines • Show All 223 Lines • ▼ Show 20 Lines | |||||
| * are processed in the following order: command line, user config file, | * are processed in the following order: command line, user config file, | ||||
| * system config file. Last, fill_default_options is called. | * system config file. Last, fill_default_options is called. | ||||
| */ | */ | ||||
| void | void | ||||
| initialize_options(Options * options) | initialize_options(Options * options) | ||||
| { | { | ||||
| memset(options, 'X', sizeof(*options)); | memset(options, 'X', sizeof(*options)); | ||||
| options->version_addendum = NULL; | |||||
| options->forward_agent = -1; | options->forward_agent = -1; | ||||
| options->forward_x11 = -1; | options->forward_x11 = -1; | ||||
| options->forward_x11_trusted = -1; | options->forward_x11_trusted = -1; | ||||
| options->forward_x11_timeout = -1; | options->forward_x11_timeout = -1; | ||||
| options->stdio_forward_host = NULL; | options->stdio_forward_host = NULL; | ||||
| options->stdio_forward_port = 0; | options->stdio_forward_port = 0; | ||||
| options->clear_forwardings = -1; | options->clear_forwardings = -1; | ||||
| options->exit_on_forward_failure = -1; | options->exit_on_forward_failure = -1; | ||||
| ▲ Show 20 Lines • Show All 109 Lines • ▼ Show 20 Lines | |||||
| * Called after processing other sources of option data, this fills those | * Called after processing other sources of option data, this fills those | ||||
| * options for which no value has been specified with their default values. | * options for which no value has been specified with their default values. | ||||
| */ | */ | ||||
| void | void | ||||
| fill_default_options(Options * options) | fill_default_options(Options * options) | ||||
| { | { | ||||
| char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; | ||||
| int r; | int r; | ||||
| #ifdef VMWARE_GUEST_WORKAROUND | |||||
| char scval[7]; /* "vmware\0" */ | |||||
| size_t scsiz = sizeof(scval); | |||||
| int vmwguest = 0; | |||||
| if (sysctlbyname("kern.vm_guest", scval, &scsiz, NULL, 0) == 0 && | |||||
| strcmp(scval, "vmware") == 0) | |||||
| vmwguest = 1; | |||||
| #endif | |||||
| if (options->forward_agent == -1) | if (options->forward_agent == -1) | ||||
| options->forward_agent = 0; | options->forward_agent = 0; | ||||
| if (options->forward_x11 == -1) | if (options->forward_x11 == -1) | ||||
| options->forward_x11 = 0; | options->forward_x11 = 0; | ||||
| if (options->forward_x11_trusted == -1) | if (options->forward_x11_trusted == -1) | ||||
| options->forward_x11_trusted = 0; | options->forward_x11_trusted = 0; | ||||
| if (options->forward_x11_timeout == -1) | if (options->forward_x11_timeout == -1) | ||||
| options->forward_x11_timeout = 1200; | options->forward_x11_timeout = 1200; | ||||
| Show All 30 Lines | if (options->password_authentication == -1) | ||||
| options->password_authentication = 1; | options->password_authentication = 1; | ||||
| if (options->kbd_interactive_authentication == -1) | if (options->kbd_interactive_authentication == -1) | ||||
| options->kbd_interactive_authentication = 1; | options->kbd_interactive_authentication = 1; | ||||
| if (options->hostbased_authentication == -1) | if (options->hostbased_authentication == -1) | ||||
| options->hostbased_authentication = 0; | options->hostbased_authentication = 0; | ||||
| if (options->batch_mode == -1) | if (options->batch_mode == -1) | ||||
| options->batch_mode = 0; | options->batch_mode = 0; | ||||
| if (options->check_host_ip == -1) | if (options->check_host_ip == -1) | ||||
| options->check_host_ip = 1; | options->check_host_ip = 0; | ||||
| if (options->strict_host_key_checking == -1) | if (options->strict_host_key_checking == -1) | ||||
| options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; | ||||
| if (options->compression == -1) | if (options->compression == -1) | ||||
| options->compression = 0; | options->compression = 0; | ||||
| if (options->tcp_keep_alive == -1) | if (options->tcp_keep_alive == -1) | ||||
| options->tcp_keep_alive = 1; | options->tcp_keep_alive = 1; | ||||
| if (options->port == -1) | if (options->port == -1) | ||||
| options->port = 0; /* Filled in ssh_connect. */ | options->port = 0; /* Filled in ssh_connect. */ | ||||
| Show All 39 Lines | #endif | ||||
| if (options->identities_only == -1) | if (options->identities_only == -1) | ||||
| options->identities_only = 0; | options->identities_only = 0; | ||||
| if (options->enable_ssh_keysign == -1) | if (options->enable_ssh_keysign == -1) | ||||
| options->enable_ssh_keysign = 0; | options->enable_ssh_keysign = 0; | ||||
| if (options->rekey_limit == -1) | if (options->rekey_limit == -1) | ||||
| options->rekey_limit = 0; | options->rekey_limit = 0; | ||||
| if (options->rekey_interval == -1) | if (options->rekey_interval == -1) | ||||
| options->rekey_interval = 0; | options->rekey_interval = 0; | ||||
| #if HAVE_LDNS | |||||
| if (options->verify_host_key_dns == -1) | if (options->verify_host_key_dns == -1) | ||||
| /* automatically trust a verified SSHFP record */ | |||||
| options->verify_host_key_dns = 1; | |||||
| #else | |||||
| if (options->verify_host_key_dns == -1) | |||||
| options->verify_host_key_dns = 0; | options->verify_host_key_dns = 0; | ||||
| #endif | |||||
| if (options->server_alive_interval == -1) | if (options->server_alive_interval == -1) | ||||
| options->server_alive_interval = 0; | options->server_alive_interval = 0; | ||||
| if (options->server_alive_count_max == -1) | if (options->server_alive_count_max == -1) | ||||
| options->server_alive_count_max = 3; | options->server_alive_count_max = 3; | ||||
| if (options->control_master == -1) | if (options->control_master == -1) | ||||
| options->control_master = 0; | options->control_master = 0; | ||||
| if (options->control_persist == -1) { | if (options->control_persist == -1) { | ||||
| options->control_persist = 0; | options->control_persist = 0; | ||||
| options->control_persist_timeout = 0; | options->control_persist_timeout = 0; | ||||
| } | } | ||||
| if (options->hash_known_hosts == -1) | if (options->hash_known_hosts == -1) | ||||
| options->hash_known_hosts = 0; | options->hash_known_hosts = 0; | ||||
| if (options->tun_open == -1) | if (options->tun_open == -1) | ||||
| options->tun_open = SSH_TUNMODE_NO; | options->tun_open = SSH_TUNMODE_NO; | ||||
| if (options->tun_local == -1) | if (options->tun_local == -1) | ||||
| options->tun_local = SSH_TUNID_ANY; | options->tun_local = SSH_TUNID_ANY; | ||||
| if (options->tun_remote == -1) | if (options->tun_remote == -1) | ||||
| options->tun_remote = SSH_TUNID_ANY; | options->tun_remote = SSH_TUNID_ANY; | ||||
| if (options->permit_local_command == -1) | if (options->permit_local_command == -1) | ||||
| options->permit_local_command = 0; | options->permit_local_command = 0; | ||||
| if (options->visual_host_key == -1) | if (options->visual_host_key == -1) | ||||
| options->visual_host_key = 0; | options->visual_host_key = 0; | ||||
| if (options->ip_qos_interactive == -1) | if (options->ip_qos_interactive == -1) | ||||
| #ifdef VMWARE_GUEST_WORKAROUND | |||||
| if (vmwguest) | |||||
| options->ip_qos_interactive = IPTOS_LOWDELAY; | |||||
| else | |||||
| #endif | |||||
| options->ip_qos_interactive = IPTOS_DSCP_AF21; | options->ip_qos_interactive = IPTOS_DSCP_AF21; | ||||
| if (options->ip_qos_bulk == -1) | if (options->ip_qos_bulk == -1) | ||||
| #ifdef VMWARE_GUEST_WORKAROUND | |||||
| if (vmwguest) | |||||
| options->ip_qos_bulk = IPTOS_THROUGHPUT; | |||||
| else | |||||
| #endif | |||||
| options->ip_qos_bulk = IPTOS_DSCP_CS1; | options->ip_qos_bulk = IPTOS_DSCP_CS1; | ||||
| if (options->request_tty == -1) | if (options->request_tty == -1) | ||||
| options->request_tty = REQUEST_TTY_AUTO; | options->request_tty = REQUEST_TTY_AUTO; | ||||
| if (options->proxy_use_fdpass == -1) | if (options->proxy_use_fdpass == -1) | ||||
| options->proxy_use_fdpass = 0; | options->proxy_use_fdpass = 0; | ||||
| if (options->canonicalize_max_dots == -1) | if (options->canonicalize_max_dots == -1) | ||||
| options->canonicalize_max_dots = 1; | options->canonicalize_max_dots = 1; | ||||
| if (options->canonicalize_fallback_local == -1) | if (options->canonicalize_fallback_local == -1) | ||||
| ▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | if (options->jump_host != NULL && | ||||
| free(options->jump_host); | free(options->jump_host); | ||||
| options->jump_host = NULL; | options->jump_host = NULL; | ||||
| } | } | ||||
| /* options->identity_agent distinguishes NULL from 'none' */ | /* options->identity_agent distinguishes NULL from 'none' */ | ||||
| /* options->user will be set in the main program if appropriate */ | /* options->user will be set in the main program if appropriate */ | ||||
| /* options->hostname will be set in the main program if appropriate */ | /* options->hostname will be set in the main program if appropriate */ | ||||
| /* options->host_key_alias should not be set by default */ | /* options->host_key_alias should not be set by default */ | ||||
| /* options->preferred_authentications will be set in ssh */ | /* options->preferred_authentications will be set in ssh */ | ||||
| if (options->version_addendum == NULL) | |||||
| options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); | |||||
| } | } | ||||
| struct fwdarg { | struct fwdarg { | ||||
| char *arg; | char *arg; | ||||
| int ispath; | int ispath; | ||||
| }; | }; | ||||
| /* | /* | ||||
| ▲ Show 20 Lines • Show All 601 Lines • Show Last 20 Lines | |||||