version 1.100, 2002/06/19 00:27:55 |
version 1.100.2.2, 2003/09/16 21:20:26 |
|
|
Host fascist.blob.com |
Host fascist.blob.com |
Port 23123 |
Port 23123 |
User tylonen |
User tylonen |
RhostsAuthentication no |
|
PasswordAuthentication no |
PasswordAuthentication no |
|
|
Host puukko.hut.fi |
Host puukko.hut.fi |
|
|
Host * |
Host * |
ForwardAgent no |
ForwardAgent no |
ForwardX11 no |
ForwardX11 no |
RhostsAuthentication yes |
|
PasswordAuthentication yes |
PasswordAuthentication yes |
RSAAuthentication yes |
RSAAuthentication yes |
RhostsRSAAuthentication yes |
RhostsRSAAuthentication yes |
|
|
|
|
typedef enum { |
typedef enum { |
oBadOption, |
oBadOption, |
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, |
oForwardAgent, oForwardX11, oGatewayPorts, |
oPasswordAuthentication, oRSAAuthentication, |
oPasswordAuthentication, oRSAAuthentication, |
oChallengeResponseAuthentication, oXAuthLocation, |
oChallengeResponseAuthentication, oXAuthLocation, |
#if defined(KRB4) || defined(KRB5) |
|
oKerberosAuthentication, |
|
#endif |
|
#if defined(AFS) || defined(KRB5) |
|
oKerberosTgtPassing, |
|
#endif |
|
#ifdef AFS |
|
oAFSTokenPassing, |
|
#endif |
|
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
|
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, |
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, |
oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
oDeprecated |
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
|
oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
|
oDeprecated, oUnsupported |
} OpCodes; |
} OpCodes; |
|
|
/* Textual representations of the tokens. */ |
/* Textual representations of the tokens. */ |
|
|
{ "xauthlocation", oXAuthLocation }, |
{ "xauthlocation", oXAuthLocation }, |
{ "gatewayports", oGatewayPorts }, |
{ "gatewayports", oGatewayPorts }, |
{ "useprivilegedport", oUsePrivilegedPort }, |
{ "useprivilegedport", oUsePrivilegedPort }, |
{ "rhostsauthentication", oRhostsAuthentication }, |
{ "rhostsauthentication", oDeprecated }, |
{ "passwordauthentication", oPasswordAuthentication }, |
{ "passwordauthentication", oPasswordAuthentication }, |
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
{ "kbdinteractivedevices", oKbdInteractiveDevices }, |
{ "kbdinteractivedevices", oKbdInteractiveDevices }, |
|
|
{ "challengeresponseauthentication", oChallengeResponseAuthentication }, |
{ "challengeresponseauthentication", oChallengeResponseAuthentication }, |
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ |
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ |
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */ |
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */ |
#if defined(KRB4) || defined(KRB5) |
{ "kerberosauthentication", oUnsupported }, |
{ "kerberosauthentication", oKerberosAuthentication }, |
{ "kerberostgtpassing", oUnsupported }, |
|
{ "afstokenpassing", oUnsupported }, |
|
#if defined(GSSAPI) |
|
{ "gssapiauthentication", oGssAuthentication }, |
|
{ "gssapidelegatecredentials", oGssDelegateCreds }, |
|
#else |
|
{ "gssapiauthentication", oUnsupported }, |
|
{ "gssapidelegatecredentials", oUnsupported }, |
#endif |
#endif |
#if defined(AFS) || defined(KRB5) |
|
{ "kerberostgtpassing", oKerberosTgtPassing }, |
|
#endif |
|
#ifdef AFS |
|
{ "afstokenpassing", oAFSTokenPassing }, |
|
#endif |
|
{ "fallbacktorsh", oDeprecated }, |
{ "fallbacktorsh", oDeprecated }, |
{ "usersh", oDeprecated }, |
{ "usersh", oDeprecated }, |
{ "identityfile", oIdentityFile }, |
{ "identityfile", oIdentityFile }, |
|
|
{ "preferredauthentications", oPreferredAuthentications }, |
{ "preferredauthentications", oPreferredAuthentications }, |
{ "hostkeyalgorithms", oHostKeyAlgorithms }, |
{ "hostkeyalgorithms", oHostKeyAlgorithms }, |
{ "bindaddress", oBindAddress }, |
{ "bindaddress", oBindAddress }, |
|
#ifdef SMARTCARD |
{ "smartcarddevice", oSmartcardDevice }, |
{ "smartcarddevice", oSmartcardDevice }, |
|
#else |
|
{ "smartcarddevice", oUnsupported }, |
|
#endif |
{ "clearallforwardings", oClearAllForwardings }, |
{ "clearallforwardings", oClearAllForwardings }, |
|
{ "enablesshkeysign", oEnableSSHKeysign }, |
|
#ifdef DNS |
|
{ "verifyhostkeydns", oVerifyHostKeyDNS }, |
|
#else |
|
{ "verifyhostkeydns", oUnsupported }, |
|
#endif |
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
|
{ "rekeylimit", oRekeyLimit }, |
|
{ "connecttimeout", oConnectTimeout }, |
|
{ "addressfamily", oAddressFamily }, |
{ NULL, oBadOption } |
{ NULL, oBadOption } |
}; |
}; |
|
|
|
|
* Processes a single option line as used in the configuration files. This |
* Processes a single option line as used in the configuration files. This |
* only sets those values that have not already been set. |
* only sets those values that have not already been set. |
*/ |
*/ |
|
#define WHITESPACE " \t\r\n" |
|
|
int |
int |
process_config_line(Options *options, const char *host, |
process_config_line(Options *options, const char *host, |
char *line, const char *filename, int linenum, |
char *line, const char *filename, int linenum, |
int *activep) |
int *activep) |
{ |
{ |
char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg; |
char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; |
int opcode, *intptr, value; |
int opcode, *intptr, value; |
|
size_t len; |
u_short fwd_port, fwd_host_port; |
u_short fwd_port, fwd_host_port; |
char sfwd_host_port[6]; |
char sfwd_host_port[6]; |
|
|
|
/* Strip trailing whitespace */ |
|
for(len = strlen(line) - 1; len > 0; len--) { |
|
if (strchr(WHITESPACE, line[len]) == NULL) |
|
break; |
|
line[len] = '\0'; |
|
} |
|
|
s = line; |
s = line; |
/* Get the keyword. (Each line is supposed to begin with a keyword). */ |
/* Get the keyword. (Each line is supposed to begin with a keyword). */ |
keyword = strdelim(&s); |
keyword = strdelim(&s); |
|
|
/* don't panic, but count bad options */ |
/* don't panic, but count bad options */ |
return -1; |
return -1; |
/* NOTREACHED */ |
/* NOTREACHED */ |
|
case oConnectTimeout: |
|
intptr = &options->connection_timeout; |
|
/* parse_time: */ |
|
arg = strdelim(&s); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: missing time value.", |
|
filename, linenum); |
|
if ((value = convtime(arg)) == -1) |
|
fatal("%s line %d: invalid time value.", |
|
filename, linenum); |
|
if (*intptr == -1) |
|
*intptr = value; |
|
break; |
|
|
case oForwardAgent: |
case oForwardAgent: |
intptr = &options->forward_agent; |
intptr = &options->forward_agent; |
parse_flag: |
parse_flag: |
|
|
intptr = &options->use_privileged_port; |
intptr = &options->use_privileged_port; |
goto parse_flag; |
goto parse_flag; |
|
|
case oRhostsAuthentication: |
|
intptr = &options->rhosts_authentication; |
|
goto parse_flag; |
|
|
|
case oPasswordAuthentication: |
case oPasswordAuthentication: |
intptr = &options->password_authentication; |
intptr = &options->password_authentication; |
goto parse_flag; |
goto parse_flag; |
|
|
case oChallengeResponseAuthentication: |
case oChallengeResponseAuthentication: |
intptr = &options->challenge_response_authentication; |
intptr = &options->challenge_response_authentication; |
goto parse_flag; |
goto parse_flag; |
#if defined(KRB4) || defined(KRB5) |
|
case oKerberosAuthentication: |
case oGssAuthentication: |
intptr = &options->kerberos_authentication; |
intptr = &options->gss_authentication; |
goto parse_flag; |
goto parse_flag; |
#endif |
|
#if defined(AFS) || defined(KRB5) |
case oGssDelegateCreds: |
case oKerberosTgtPassing: |
intptr = &options->gss_deleg_creds; |
intptr = &options->kerberos_tgt_passing; |
|
goto parse_flag; |
goto parse_flag; |
#endif |
|
#ifdef AFS |
|
case oAFSTokenPassing: |
|
intptr = &options->afs_token_passing; |
|
goto parse_flag; |
|
#endif |
|
case oBatchMode: |
case oBatchMode: |
intptr = &options->batch_mode; |
intptr = &options->batch_mode; |
goto parse_flag; |
goto parse_flag; |
|
|
intptr = &options->check_host_ip; |
intptr = &options->check_host_ip; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case oVerifyHostKeyDNS: |
|
intptr = &options->verify_host_key_dns; |
|
goto parse_flag; |
|
|
case oStrictHostKeyChecking: |
case oStrictHostKeyChecking: |
intptr = &options->strict_host_key_checking; |
intptr = &options->strict_host_key_checking; |
arg = strdelim(&s); |
arg = strdelim(&s); |
|
|
intptr = &options->compression_level; |
intptr = &options->compression_level; |
goto parse_int; |
goto parse_int; |
|
|
|
case oRekeyLimit: |
|
intptr = &options->rekey_limit; |
|
arg = strdelim(&s); |
|
if (!arg || *arg == '\0') |
|
fatal("%.200s line %d: Missing argument.", filename, linenum); |
|
if (arg[0] < '0' || arg[0] > '9') |
|
fatal("%.200s line %d: Bad number.", filename, linenum); |
|
value = strtol(arg, &endofnumber, 10); |
|
if (arg == endofnumber) |
|
fatal("%.200s line %d: Bad number.", filename, linenum); |
|
switch (toupper(*endofnumber)) { |
|
case 'K': |
|
value *= 1<<10; |
|
break; |
|
case 'M': |
|
value *= 1<<20; |
|
break; |
|
case 'G': |
|
value *= 1<<30; |
|
break; |
|
} |
|
if (*activep && *intptr == -1) |
|
*intptr = value; |
|
break; |
|
|
case oIdentityFile: |
case oIdentityFile: |
arg = strdelim(&s); |
arg = strdelim(&s); |
if (!arg || *arg == '\0') |
if (!arg || *arg == '\0') |
|
|
goto parse_string; |
goto parse_string; |
|
|
case oProxyCommand: |
case oProxyCommand: |
|
if (s == NULL) |
|
fatal("%.200s line %d: Missing argument.", filename, linenum); |
charptr = &options->proxy_command; |
charptr = &options->proxy_command; |
string = xstrdup(""); |
len = strspn(s, WHITESPACE "="); |
while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
|
string = xrealloc(string, strlen(string) + strlen(arg) + 2); |
|
strcat(string, " "); |
|
strcat(string, arg); |
|
} |
|
if (*activep && *charptr == NULL) |
if (*activep && *charptr == NULL) |
*charptr = string; |
*charptr = xstrdup(s + len); |
else |
|
xfree(string); |
|
return 0; |
return 0; |
|
|
case oPort: |
case oPort: |
|
|
fatal("%.200s line %d: Badly formatted port number.", |
fatal("%.200s line %d: Badly formatted port number.", |
filename, linenum); |
filename, linenum); |
if (*activep) |
if (*activep) |
add_local_forward(options, fwd_port, "socks4", 0); |
add_local_forward(options, fwd_port, "socks", 0); |
break; |
break; |
|
|
case oClearAllForwardings: |
case oClearAllForwardings: |
|
|
*intptr = value; |
*intptr = value; |
break; |
break; |
|
|
|
case oAddressFamily: |
|
arg = strdelim(&s); |
|
intptr = &options->address_family; |
|
if (strcasecmp(arg, "inet") == 0) |
|
value = AF_INET; |
|
else if (strcasecmp(arg, "inet6") == 0) |
|
value = AF_INET6; |
|
else if (strcasecmp(arg, "any") == 0) |
|
value = AF_UNSPEC; |
|
else |
|
fatal("Unsupported AddressFamily \"%s\"", arg); |
|
if (*activep && *intptr == -1) |
|
*intptr = value; |
|
break; |
|
|
|
case oEnableSSHKeysign: |
|
intptr = &options->enable_ssh_keysign; |
|
goto parse_flag; |
|
|
case oDeprecated: |
case oDeprecated: |
debug("%s line %d: Deprecated option \"%s\"", |
debug("%s line %d: Deprecated option \"%s\"", |
filename, linenum, keyword); |
filename, linenum, keyword); |
return 0; |
return 0; |
|
|
|
case oUnsupported: |
|
error("%s line %d: Unsupported option \"%s\"", |
|
filename, linenum, keyword); |
|
return 0; |
|
|
default: |
default: |
fatal("process_config_line: Unimplemented opcode %d", opcode); |
fatal("process_config_line: Unimplemented opcode %d", opcode); |
} |
} |
|
|
options->xauth_location = NULL; |
options->xauth_location = NULL; |
options->gateway_ports = -1; |
options->gateway_ports = -1; |
options->use_privileged_port = -1; |
options->use_privileged_port = -1; |
options->rhosts_authentication = -1; |
|
options->rsa_authentication = -1; |
options->rsa_authentication = -1; |
options->pubkey_authentication = -1; |
options->pubkey_authentication = -1; |
options->challenge_response_authentication = -1; |
options->challenge_response_authentication = -1; |
#if defined(KRB4) || defined(KRB5) |
options->gss_authentication = -1; |
options->kerberos_authentication = -1; |
options->gss_deleg_creds = -1; |
#endif |
|
#if defined(AFS) || defined(KRB5) |
|
options->kerberos_tgt_passing = -1; |
|
#endif |
|
#ifdef AFS |
|
options->afs_token_passing = -1; |
|
#endif |
|
options->password_authentication = -1; |
options->password_authentication = -1; |
options->kbd_interactive_authentication = -1; |
options->kbd_interactive_authentication = -1; |
options->kbd_interactive_devices = NULL; |
options->kbd_interactive_devices = NULL; |
|
|
options->keepalives = -1; |
options->keepalives = -1; |
options->compression_level = -1; |
options->compression_level = -1; |
options->port = -1; |
options->port = -1; |
|
options->address_family = -1; |
options->connection_attempts = -1; |
options->connection_attempts = -1; |
|
options->connection_timeout = -1; |
options->number_of_password_prompts = -1; |
options->number_of_password_prompts = -1; |
options->cipher = -1; |
options->cipher = -1; |
options->ciphers = NULL; |
options->ciphers = NULL; |
|
|
options->preferred_authentications = NULL; |
options->preferred_authentications = NULL; |
options->bind_address = NULL; |
options->bind_address = NULL; |
options->smartcard_device = NULL; |
options->smartcard_device = NULL; |
|
options->enable_ssh_keysign = - 1; |
options->no_host_authentication_for_localhost = - 1; |
options->no_host_authentication_for_localhost = - 1; |
|
options->rekey_limit = - 1; |
|
options->verify_host_key_dns = -1; |
} |
} |
|
|
/* |
/* |
|
|
options->gateway_ports = 0; |
options->gateway_ports = 0; |
if (options->use_privileged_port == -1) |
if (options->use_privileged_port == -1) |
options->use_privileged_port = 0; |
options->use_privileged_port = 0; |
if (options->rhosts_authentication == -1) |
|
options->rhosts_authentication = 0; |
|
if (options->rsa_authentication == -1) |
if (options->rsa_authentication == -1) |
options->rsa_authentication = 1; |
options->rsa_authentication = 1; |
if (options->pubkey_authentication == -1) |
if (options->pubkey_authentication == -1) |
options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
if (options->challenge_response_authentication == -1) |
if (options->challenge_response_authentication == -1) |
options->challenge_response_authentication = 1; |
options->challenge_response_authentication = 1; |
#if defined(KRB4) || defined(KRB5) |
if (options->gss_authentication == -1) |
if (options->kerberos_authentication == -1) |
options->gss_authentication = 1; |
options->kerberos_authentication = 1; |
if (options->gss_deleg_creds == -1) |
#endif |
options->gss_deleg_creds = 0; |
#if defined(AFS) || defined(KRB5) |
|
if (options->kerberos_tgt_passing == -1) |
|
options->kerberos_tgt_passing = 1; |
|
#endif |
|
#ifdef AFS |
|
if (options->afs_token_passing == -1) |
|
options->afs_token_passing = 1; |
|
#endif |
|
if (options->password_authentication == -1) |
if (options->password_authentication == -1) |
options->password_authentication = 1; |
options->password_authentication = 1; |
if (options->kbd_interactive_authentication == -1) |
if (options->kbd_interactive_authentication == -1) |
|
|
options->compression_level = 6; |
options->compression_level = 6; |
if (options->port == -1) |
if (options->port == -1) |
options->port = 0; /* Filled in ssh_connect. */ |
options->port = 0; /* Filled in ssh_connect. */ |
|
if (options->address_family == -1) |
|
options->address_family = AF_UNSPEC; |
if (options->connection_attempts == -1) |
if (options->connection_attempts == -1) |
options->connection_attempts = 1; |
options->connection_attempts = 1; |
if (options->number_of_password_prompts == -1) |
if (options->number_of_password_prompts == -1) |
|
|
clear_forwardings(options); |
clear_forwardings(options); |
if (options->no_host_authentication_for_localhost == - 1) |
if (options->no_host_authentication_for_localhost == - 1) |
options->no_host_authentication_for_localhost = 0; |
options->no_host_authentication_for_localhost = 0; |
|
if (options->enable_ssh_keysign == -1) |
|
options->enable_ssh_keysign = 0; |
|
if (options->rekey_limit == -1) |
|
options->rekey_limit = 0; |
|
if (options->verify_host_key_dns == -1) |
|
options->verify_host_key_dns = 0; |
/* options->proxy_command should not be set by default */ |
/* options->proxy_command should not be set by default */ |
/* options->user will be set in the main program if appropriate */ |
/* options->user will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |