version 1.128, 2004/03/05 10:53:58 |
version 1.128.2.2, 2005/03/10 17:15:04 |
|
|
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
|
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
oDeprecated, oUnsupported |
oDeprecated, oUnsupported |
} OpCodes; |
} OpCodes; |
|
|
|
|
{ "addressfamily", oAddressFamily }, |
{ "addressfamily", oAddressFamily }, |
{ "serveraliveinterval", oServerAliveInterval }, |
{ "serveraliveinterval", oServerAliveInterval }, |
{ "serveralivecountmax", oServerAliveCountMax }, |
{ "serveralivecountmax", oServerAliveCountMax }, |
|
{ "sendenv", oSendEnv }, |
|
{ "controlpath", oControlPath }, |
|
{ "controlmaster", oControlMaster }, |
|
{ "hashknownhosts", oHashKnownHosts }, |
{ NULL, oBadOption } |
{ NULL, oBadOption } |
}; |
}; |
|
|
|
|
*/ |
*/ |
|
|
void |
void |
add_local_forward(Options *options, u_short port, const char *host, |
add_local_forward(Options *options, const Forward *newfwd) |
u_short host_port) |
|
{ |
{ |
Forward *fwd; |
Forward *fwd; |
extern uid_t original_real_uid; |
extern uid_t original_real_uid; |
if (port < IPPORT_RESERVED && original_real_uid != 0) |
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) |
fatal("Privileged ports can only be forwarded by root."); |
fatal("Privileged ports can only be forwarded by root."); |
if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); |
fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); |
fwd = &options->local_forwards[options->num_local_forwards++]; |
fwd = &options->local_forwards[options->num_local_forwards++]; |
fwd->port = port; |
|
fwd->host = xstrdup(host); |
fwd->listen_host = (newfwd->listen_host == NULL) ? |
fwd->host_port = host_port; |
NULL : xstrdup(newfwd->listen_host); |
|
fwd->listen_port = newfwd->listen_port; |
|
fwd->connect_host = xstrdup(newfwd->connect_host); |
|
fwd->connect_port = newfwd->connect_port; |
} |
} |
|
|
/* |
/* |
|
|
*/ |
*/ |
|
|
void |
void |
add_remote_forward(Options *options, u_short port, const char *host, |
add_remote_forward(Options *options, const Forward *newfwd) |
u_short host_port) |
|
{ |
{ |
Forward *fwd; |
Forward *fwd; |
if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
fatal("Too many remote forwards (max %d).", |
fatal("Too many remote forwards (max %d).", |
SSH_MAX_FORWARDS_PER_DIRECTION); |
SSH_MAX_FORWARDS_PER_DIRECTION); |
fwd = &options->remote_forwards[options->num_remote_forwards++]; |
fwd = &options->remote_forwards[options->num_remote_forwards++]; |
fwd->port = port; |
|
fwd->host = xstrdup(host); |
fwd->listen_host = (newfwd->listen_host == NULL) ? |
fwd->host_port = host_port; |
NULL : xstrdup(newfwd->listen_host); |
|
fwd->listen_port = newfwd->listen_port; |
|
fwd->connect_host = xstrdup(newfwd->connect_host); |
|
fwd->connect_port = newfwd->connect_port; |
} |
} |
|
|
static void |
static void |
|
|
{ |
{ |
int i; |
int i; |
|
|
for (i = 0; i < options->num_local_forwards; i++) |
for (i = 0; i < options->num_local_forwards; i++) { |
xfree(options->local_forwards[i].host); |
if (options->local_forwards[i].listen_host != NULL) |
|
xfree(options->local_forwards[i].listen_host); |
|
xfree(options->local_forwards[i].connect_host); |
|
} |
options->num_local_forwards = 0; |
options->num_local_forwards = 0; |
for (i = 0; i < options->num_remote_forwards; i++) |
for (i = 0; i < options->num_remote_forwards; i++) { |
xfree(options->remote_forwards[i].host); |
if (options->remote_forwards[i].listen_host != NULL) |
|
xfree(options->remote_forwards[i].listen_host); |
|
xfree(options->remote_forwards[i].connect_host); |
|
} |
options->num_remote_forwards = 0; |
options->num_remote_forwards = 0; |
} |
} |
|
|
|
|
char *line, const char *filename, int linenum, |
char *line, const char *filename, int linenum, |
int *activep) |
int *activep) |
{ |
{ |
char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; |
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; |
int opcode, *intptr, value; |
int opcode, *intptr, value; |
size_t len; |
size_t len; |
u_short fwd_port, fwd_host_port; |
Forward fwd; |
char sfwd_host_port[6]; |
|
|
|
/* Strip trailing whitespace */ |
/* Strip trailing whitespace */ |
for(len = strlen(line) - 1; len > 0; len--) { |
for(len = strlen(line) - 1; len > 0; len--) { |
|
|
case oLocalForward: |
case oLocalForward: |
case oRemoteForward: |
case oRemoteForward: |
arg = strdelim(&s); |
arg = strdelim(&s); |
if (!arg || *arg == '\0') |
if (arg == NULL || *arg == '\0') |
fatal("%.200s line %d: Missing port argument.", |
fatal("%.200s line %d: Missing port argument.", |
filename, linenum); |
filename, linenum); |
if ((fwd_port = a2port(arg)) == 0) |
arg2 = strdelim(&s); |
fatal("%.200s line %d: Bad listen port.", |
if (arg2 == NULL || *arg2 == '\0') |
|
fatal("%.200s line %d: Missing target argument.", |
filename, linenum); |
filename, linenum); |
arg = strdelim(&s); |
|
if (!arg || *arg == '\0') |
/* construct a string for parse_forward */ |
fatal("%.200s line %d: Missing second argument.", |
snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); |
filename, linenum); |
|
if (sscanf(arg, "%255[^:]:%5[0-9]", buf, sfwd_host_port) != 2 && |
if (parse_forward(&fwd, fwdarg) == 0) |
sscanf(arg, "%255[^/]/%5[0-9]", buf, sfwd_host_port) != 2) |
|
fatal("%.200s line %d: Bad forwarding specification.", |
fatal("%.200s line %d: Bad forwarding specification.", |
filename, linenum); |
filename, linenum); |
if ((fwd_host_port = a2port(sfwd_host_port)) == 0) |
|
fatal("%.200s line %d: Bad forwarding port.", |
|
filename, linenum); |
|
if (*activep) { |
if (*activep) { |
if (opcode == oLocalForward) |
if (opcode == oLocalForward) |
add_local_forward(options, fwd_port, buf, |
add_local_forward(options, &fwd); |
fwd_host_port); |
|
else if (opcode == oRemoteForward) |
else if (opcode == oRemoteForward) |
add_remote_forward(options, fwd_port, buf, |
add_remote_forward(options, &fwd); |
fwd_host_port); |
|
} |
} |
break; |
break; |
|
|
|
|
if (!arg || *arg == '\0') |
if (!arg || *arg == '\0') |
fatal("%.200s line %d: Missing port argument.", |
fatal("%.200s line %d: Missing port argument.", |
filename, linenum); |
filename, linenum); |
fwd_port = a2port(arg); |
memset(&fwd, '\0', sizeof(fwd)); |
if (fwd_port == 0) |
fwd.connect_host = "socks"; |
|
fwd.listen_host = hpdelim(&arg); |
|
if (fwd.listen_host == NULL || |
|
strlen(fwd.listen_host) >= NI_MAXHOST) |
|
fatal("%.200s line %d: Bad forwarding specification.", |
|
filename, linenum); |
|
if (arg) { |
|
fwd.listen_port = a2port(arg); |
|
fwd.listen_host = cleanhostname(fwd.listen_host); |
|
} else { |
|
fwd.listen_port = a2port(fwd.listen_host); |
|
fwd.listen_host = ""; |
|
} |
|
if (fwd.listen_port == 0) |
fatal("%.200s line %d: Badly formatted port number.", |
fatal("%.200s line %d: Badly formatted port number.", |
filename, linenum); |
filename, linenum); |
if (*activep) |
if (*activep) |
add_local_forward(options, fwd_port, "socks", 0); |
add_local_forward(options, &fwd); |
break; |
break; |
|
|
case oClearAllForwardings: |
case oClearAllForwardings: |
|
|
intptr = &options->server_alive_count_max; |
intptr = &options->server_alive_count_max; |
goto parse_int; |
goto parse_int; |
|
|
|
case oSendEnv: |
|
while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
|
if (strchr(arg, '=') != NULL) |
|
fatal("%s line %d: Invalid environment name.", |
|
filename, linenum); |
|
if (!*activep) |
|
continue; |
|
if (options->num_send_env >= MAX_SEND_ENV) |
|
fatal("%s line %d: too many send env.", |
|
filename, linenum); |
|
options->send_env[options->num_send_env++] = |
|
xstrdup(arg); |
|
} |
|
break; |
|
|
|
case oControlPath: |
|
charptr = &options->control_path; |
|
goto parse_string; |
|
|
|
case oControlMaster: |
|
intptr = &options->control_master; |
|
goto parse_yesnoask; |
|
|
|
case oHashKnownHosts: |
|
intptr = &options->hash_known_hosts; |
|
goto parse_flag; |
|
|
case oDeprecated: |
case oDeprecated: |
debug("%s line %d: Deprecated option \"%s\"", |
debug("%s line %d: Deprecated option \"%s\"", |
filename, linenum, keyword); |
filename, linenum, keyword); |
|
|
*/ |
*/ |
|
|
int |
int |
read_config_file(const char *filename, const char *host, Options *options) |
read_config_file(const char *filename, const char *host, Options *options, |
|
int checkperm) |
{ |
{ |
FILE *f; |
FILE *f; |
char line[1024]; |
char line[1024]; |
|
|
int bad_options = 0; |
int bad_options = 0; |
|
|
/* Open the file. */ |
/* Open the file. */ |
f = fopen(filename, "r"); |
if ((f = fopen(filename, "r")) == NULL) |
if (!f) |
|
return 0; |
return 0; |
|
|
|
if (checkperm) { |
|
struct stat sb; |
|
|
|
if (fstat(fileno(f), &sb) == -1) |
|
fatal("fstat %s: %s", filename, strerror(errno)); |
|
if (((sb.st_uid != 0 && sb.st_uid != getuid()) || |
|
(sb.st_mode & 022) != 0)) |
|
fatal("Bad owner or permissions on %s", filename); |
|
} |
|
|
debug("Reading configuration data %.200s", filename); |
debug("Reading configuration data %.200s", filename); |
|
|
/* |
/* |
|
|
options->verify_host_key_dns = -1; |
options->verify_host_key_dns = -1; |
options->server_alive_interval = -1; |
options->server_alive_interval = -1; |
options->server_alive_count_max = -1; |
options->server_alive_count_max = -1; |
|
options->num_send_env = 0; |
|
options->control_path = NULL; |
|
options->control_master = -1; |
|
options->hash_known_hosts = -1; |
} |
} |
|
|
/* |
/* |
|
|
options->server_alive_interval = 0; |
options->server_alive_interval = 0; |
if (options->server_alive_count_max == -1) |
if (options->server_alive_count_max == -1) |
options->server_alive_count_max = 3; |
options->server_alive_count_max = 3; |
|
if (options->control_master == -1) |
|
options->control_master = 0; |
|
if (options->hash_known_hosts == -1) |
|
options->hash_known_hosts = 0; |
/* options->proxy_command should not be set by default */ |
/* options->proxy_command should not be set by default */ |
/* options->user will be set in the main program if appropriate */ |
/* options->user will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |
/* options->host_key_alias should not be set by default */ |
/* options->host_key_alias should not be set by default */ |
/* options->preferred_authentications will be set in ssh */ |
/* options->preferred_authentications will be set in ssh */ |
|
} |
|
|
|
/* |
|
* parse_forward |
|
* parses a string containing a port forwarding specification of the form: |
|
* [listenhost:]listenport:connecthost:connectport |
|
* returns number of arguments parsed or zero on error |
|
*/ |
|
int |
|
parse_forward(Forward *fwd, const char *fwdspec) |
|
{ |
|
int i; |
|
char *p, *cp, *fwdarg[4]; |
|
|
|
memset(fwd, '\0', sizeof(*fwd)); |
|
|
|
cp = p = xstrdup(fwdspec); |
|
|
|
/* skip leading spaces */ |
|
while (*cp && isspace(*cp)) |
|
cp++; |
|
|
|
for (i = 0; i < 4; ++i) |
|
if ((fwdarg[i] = hpdelim(&cp)) == NULL) |
|
break; |
|
|
|
/* Check for trailing garbage in 4-arg case*/ |
|
if (cp != NULL) |
|
i = 0; /* failure */ |
|
|
|
switch (i) { |
|
case 3: |
|
fwd->listen_host = NULL; |
|
fwd->listen_port = a2port(fwdarg[0]); |
|
fwd->connect_host = xstrdup(cleanhostname(fwdarg[1])); |
|
fwd->connect_port = a2port(fwdarg[2]); |
|
break; |
|
|
|
case 4: |
|
fwd->listen_host = xstrdup(cleanhostname(fwdarg[0])); |
|
fwd->listen_port = a2port(fwdarg[1]); |
|
fwd->connect_host = xstrdup(cleanhostname(fwdarg[2])); |
|
fwd->connect_port = a2port(fwdarg[3]); |
|
break; |
|
default: |
|
i = 0; /* failure */ |
|
} |
|
|
|
xfree(p); |
|
|
|
if (fwd->listen_port == 0 && fwd->connect_port == 0) |
|
goto fail_free; |
|
|
|
if (fwd->connect_host != NULL && |
|
strlen(fwd->connect_host) >= NI_MAXHOST) |
|
goto fail_free; |
|
|
|
return (i); |
|
|
|
fail_free: |
|
if (fwd->connect_host != NULL) |
|
xfree(fwd->connect_host); |
|
if (fwd->listen_host != NULL) |
|
xfree(fwd->listen_host); |
|
return (0); |
} |
} |