version 1.143, 2005/07/30 02:03:47 |
version 1.143.2.2, 2006/10/06 03:19:33 |
|
|
|
/* $OpenBSD$ */ |
/* |
/* |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
|
|
* called by a name other than "ssh" or "Secure Shell". |
* called by a name other than "ssh" or "Secure Shell". |
*/ |
*/ |
|
|
#include "includes.h" |
#include <sys/types.h> |
RCSID("$OpenBSD$"); |
#include <sys/stat.h> |
|
#include <sys/socket.h> |
|
|
#include "ssh.h" |
#include <netinet/in.h> |
|
|
|
#include <ctype.h> |
|
#include <errno.h> |
|
#include <netdb.h> |
|
#include <signal.h> |
|
#include <stdio.h> |
|
#include <string.h> |
|
#include <unistd.h> |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
|
#include "ssh.h" |
#include "compat.h" |
#include "compat.h" |
#include "cipher.h" |
#include "cipher.h" |
#include "pathnames.h" |
#include "pathnames.h" |
#include "log.h" |
#include "log.h" |
|
#include "key.h" |
#include "readconf.h" |
#include "readconf.h" |
#include "match.h" |
#include "match.h" |
#include "misc.h" |
#include "misc.h" |
|
#include "buffer.h" |
#include "kex.h" |
#include "kex.h" |
#include "mac.h" |
#include "mac.h" |
|
|
|
|
Cipher none |
Cipher none |
PasswordAuthentication no |
PasswordAuthentication no |
|
|
|
Host vpn.fake.com |
|
Tunnel yes |
|
TunnelDevice 3 |
|
|
# Defaults for various options |
# Defaults for various options |
Host * |
Host * |
ForwardAgent no |
ForwardAgent no |
|
|
typedef enum { |
typedef enum { |
oBadOption, |
oBadOption, |
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, |
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, |
|
oExitOnForwardFailure, |
oPasswordAuthentication, oRSAAuthentication, |
oPasswordAuthentication, oRSAAuthentication, |
oChallengeResponseAuthentication, oXAuthLocation, |
oChallengeResponseAuthentication, oXAuthLocation, |
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
|
|
oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, |
|
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
oDeprecated, oUnsupported |
oDeprecated, oUnsupported |
} OpCodes; |
} OpCodes; |
|
|
|
|
{ "forwardagent", oForwardAgent }, |
{ "forwardagent", oForwardAgent }, |
{ "forwardx11", oForwardX11 }, |
{ "forwardx11", oForwardX11 }, |
{ "forwardx11trusted", oForwardX11Trusted }, |
{ "forwardx11trusted", oForwardX11Trusted }, |
|
{ "exitonforwardfailure", oExitOnForwardFailure }, |
{ "xauthlocation", oXAuthLocation }, |
{ "xauthlocation", oXAuthLocation }, |
{ "gatewayports", oGatewayPorts }, |
{ "gatewayports", oGatewayPorts }, |
{ "useprivilegedport", oUsePrivilegedPort }, |
{ "useprivilegedport", oUsePrivilegedPort }, |
|
|
{ "controlpath", oControlPath }, |
{ "controlpath", oControlPath }, |
{ "controlmaster", oControlMaster }, |
{ "controlmaster", oControlMaster }, |
{ "hashknownhosts", oHashKnownHosts }, |
{ "hashknownhosts", oHashKnownHosts }, |
|
{ "tunnel", oTunnel }, |
|
{ "tunneldevice", oTunnelDevice }, |
|
{ "localcommand", oLocalCommand }, |
|
{ "permitlocalcommand", oPermitLocalCommand }, |
{ NULL, oBadOption } |
{ NULL, oBadOption } |
}; |
}; |
|
|
|
|
xfree(options->remote_forwards[i].connect_host); |
xfree(options->remote_forwards[i].connect_host); |
} |
} |
options->num_remote_forwards = 0; |
options->num_remote_forwards = 0; |
|
options->tun_open = SSH_TUNMODE_NO; |
} |
} |
|
|
/* |
/* |
|
|
int *activep) |
int *activep) |
{ |
{ |
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; |
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; |
int opcode, *intptr, value; |
int opcode, *intptr, value, value2, scale; |
|
long long orig, val64; |
size_t len; |
size_t len; |
Forward fwd; |
Forward fwd; |
|
|
|
|
|
|
s = line; |
s = line; |
/* Get the keyword. (Each line is supposed to begin with a keyword). */ |
/* Get the keyword. (Each line is supposed to begin with a keyword). */ |
keyword = strdelim(&s); |
if ((keyword = strdelim(&s)) == NULL) |
|
return 0; |
/* Ignore leading whitespace. */ |
/* Ignore leading whitespace. */ |
if (*keyword == '\0') |
if (*keyword == '\0') |
keyword = strdelim(&s); |
keyword = strdelim(&s); |
|
|
intptr = &options->gateway_ports; |
intptr = &options->gateway_ports; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case oExitOnForwardFailure: |
|
intptr = &options->exit_on_forward_failure; |
|
goto parse_flag; |
|
|
case oUsePrivilegedPort: |
case oUsePrivilegedPort: |
intptr = &options->use_privileged_port; |
intptr = &options->use_privileged_port; |
goto parse_flag; |
goto parse_flag; |
|
|
fatal("%.200s line %d: Missing argument.", filename, linenum); |
fatal("%.200s line %d: Missing argument.", filename, linenum); |
if (arg[0] < '0' || arg[0] > '9') |
if (arg[0] < '0' || arg[0] > '9') |
fatal("%.200s line %d: Bad number.", filename, linenum); |
fatal("%.200s line %d: Bad number.", filename, linenum); |
value = strtol(arg, &endofnumber, 10); |
orig = val64 = strtoll(arg, &endofnumber, 10); |
if (arg == endofnumber) |
if (arg == endofnumber) |
fatal("%.200s line %d: Bad number.", filename, linenum); |
fatal("%.200s line %d: Bad number.", filename, linenum); |
switch (toupper(*endofnumber)) { |
switch (toupper(*endofnumber)) { |
|
case '\0': |
|
scale = 1; |
|
break; |
case 'K': |
case 'K': |
value *= 1<<10; |
scale = 1<<10; |
break; |
break; |
case 'M': |
case 'M': |
value *= 1<<20; |
scale = 1<<20; |
break; |
break; |
case 'G': |
case 'G': |
value *= 1<<30; |
scale = 1<<30; |
break; |
break; |
|
default: |
|
fatal("%.200s line %d: Invalid RekeyLimit suffix", |
|
filename, linenum); |
} |
} |
|
val64 *= scale; |
|
/* detect integer wrap and too-large limits */ |
|
if ((val64 / scale) != orig || val64 > INT_MAX) |
|
fatal("%.200s line %d: RekeyLimit too large", |
|
filename, linenum); |
|
if (val64 < 16) |
|
fatal("%.200s line %d: RekeyLimit too small", |
|
filename, linenum); |
if (*activep && *intptr == -1) |
if (*activep && *intptr == -1) |
*intptr = value; |
*intptr = (int)val64; |
break; |
break; |
|
|
case oIdentityFile: |
case oIdentityFile: |
|
|
goto parse_string; |
goto parse_string; |
|
|
case oProxyCommand: |
case oProxyCommand: |
|
charptr = &options->proxy_command; |
|
parse_command: |
if (s == NULL) |
if (s == NULL) |
fatal("%.200s line %d: Missing argument.", filename, linenum); |
fatal("%.200s line %d: Missing argument.", filename, linenum); |
charptr = &options->proxy_command; |
|
len = strspn(s, WHITESPACE "="); |
len = strspn(s, WHITESPACE "="); |
if (*activep && *charptr == NULL) |
if (*activep && *charptr == NULL) |
*charptr = xstrdup(s + len); |
*charptr = xstrdup(s + len); |
|
|
intptr = &options->hash_known_hosts; |
intptr = &options->hash_known_hosts; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case oTunnel: |
|
intptr = &options->tun_open; |
|
arg = strdelim(&s); |
|
if (!arg || *arg == '\0') |
|
fatal("%s line %d: Missing yes/point-to-point/" |
|
"ethernet/no argument.", filename, linenum); |
|
value = 0; /* silence compiler */ |
|
if (strcasecmp(arg, "ethernet") == 0) |
|
value = SSH_TUNMODE_ETHERNET; |
|
else if (strcasecmp(arg, "point-to-point") == 0) |
|
value = SSH_TUNMODE_POINTOPOINT; |
|
else if (strcasecmp(arg, "yes") == 0) |
|
value = SSH_TUNMODE_DEFAULT; |
|
else if (strcasecmp(arg, "no") == 0) |
|
value = SSH_TUNMODE_NO; |
|
else |
|
fatal("%s line %d: Bad yes/point-to-point/ethernet/" |
|
"no argument: %s", filename, linenum, arg); |
|
if (*activep) |
|
*intptr = value; |
|
break; |
|
|
|
case oTunnelDevice: |
|
arg = strdelim(&s); |
|
if (!arg || *arg == '\0') |
|
fatal("%.200s line %d: Missing argument.", filename, linenum); |
|
value = a2tun(arg, &value2); |
|
if (value == SSH_TUNID_ERR) |
|
fatal("%.200s line %d: Bad tun device.", filename, linenum); |
|
if (*activep) { |
|
options->tun_local = value; |
|
options->tun_remote = value2; |
|
} |
|
break; |
|
|
|
case oLocalCommand: |
|
charptr = &options->local_command; |
|
goto parse_command; |
|
|
|
case oPermitLocalCommand: |
|
intptr = &options->permit_local_command; |
|
goto parse_flag; |
|
|
case oDeprecated: |
case oDeprecated: |
debug("%s line %d: Deprecated option \"%s\"", |
debug("%s line %d: Deprecated option \"%s\"", |
filename, linenum, keyword); |
filename, linenum, keyword); |
|
|
options->forward_agent = -1; |
options->forward_agent = -1; |
options->forward_x11 = -1; |
options->forward_x11 = -1; |
options->forward_x11_trusted = -1; |
options->forward_x11_trusted = -1; |
|
options->exit_on_forward_failure = -1; |
options->xauth_location = NULL; |
options->xauth_location = NULL; |
options->gateway_ports = -1; |
options->gateway_ports = -1; |
options->use_privileged_port = -1; |
options->use_privileged_port = -1; |
|
|
options->control_path = NULL; |
options->control_path = NULL; |
options->control_master = -1; |
options->control_master = -1; |
options->hash_known_hosts = -1; |
options->hash_known_hosts = -1; |
|
options->tun_open = -1; |
|
options->tun_local = -1; |
|
options->tun_remote = -1; |
|
options->local_command = NULL; |
|
options->permit_local_command = -1; |
} |
} |
|
|
/* |
/* |
|
|
options->forward_x11 = 0; |
options->forward_x11 = 0; |
if (options->forward_x11_trusted == -1) |
if (options->forward_x11_trusted == -1) |
options->forward_x11_trusted = 0; |
options->forward_x11_trusted = 0; |
|
if (options->exit_on_forward_failure == -1) |
|
options->exit_on_forward_failure = 0; |
if (options->xauth_location == NULL) |
if (options->xauth_location == NULL) |
options->xauth_location = _PATH_XAUTH; |
options->xauth_location = _PATH_XAUTH; |
if (options->gateway_ports == -1) |
if (options->gateway_ports == -1) |
|
|
options->control_master = 0; |
options->control_master = 0; |
if (options->hash_known_hosts == -1) |
if (options->hash_known_hosts == -1) |
options->hash_known_hosts = 0; |
options->hash_known_hosts = 0; |
|
if (options->tun_open == -1) |
|
options->tun_open = SSH_TUNMODE_NO; |
|
if (options->tun_local == -1) |
|
options->tun_local = SSH_TUNID_ANY; |
|
if (options->tun_remote == -1) |
|
options->tun_remote = SSH_TUNID_ANY; |
|
if (options->permit_local_command == -1) |
|
options->permit_local_command = 0; |
|
/* options->local_command should not be set by default */ |
/* options->proxy_command should not be set by default */ |
/* options->proxy_command should not be set by default */ |
/* options->user will be set in the main program if appropriate */ |
/* options->user will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |
/* options->hostname will be set in the main program if appropriate */ |