version 1.319, 2019/12/21 02:19:13 |
version 1.320, 2020/01/23 02:46:49 |
|
|
{ NULL, oBadOption } |
{ NULL, oBadOption } |
}; |
}; |
|
|
|
static char *kex_default_pk_alg_filtered; |
|
|
|
const char * |
|
kex_default_pk_alg(void) |
|
{ |
|
if (kex_default_pk_alg_filtered == NULL) |
|
fatal("kex_default_pk_alg not initialized."); |
|
return kex_default_pk_alg_filtered; |
|
} |
|
|
/* |
/* |
* Adds a local TCP/IP port forward to options. Never returns if there is an |
* Adds a local TCP/IP port forward to options. Never returns if there is an |
* error. |
* error. |
|
|
fill_default_options(Options * options) |
fill_default_options(Options * options) |
{ |
{ |
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
|
char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; |
int r; |
int r; |
|
|
if (options->forward_agent == -1) |
if (options->forward_agent == -1) |
|
|
all_kex = kex_alg_list(','); |
all_kex = kex_alg_list(','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
all_key = sshkey_alg_list(0, 0, 1, ','); |
all_sig = sshkey_alg_list(0, 1, 1, ','); |
all_sig = sshkey_alg_list(0, 1, 1, ','); |
|
/* remove unsupported algos from default lists */ |
|
def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher); |
|
def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac); |
|
def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex); |
|
def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); |
|
def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); |
#define ASSEMBLE(what, defaults, all) \ |
#define ASSEMBLE(what, defaults, all) \ |
do { \ |
do { \ |
if ((r = kex_assemble_names(&options->what, \ |
if ((r = kex_assemble_names(&options->what, \ |
defaults, all)) != 0) \ |
defaults, all)) != 0) \ |
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ |
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ |
} while (0) |
} while (0) |
ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher); |
ASSEMBLE(ciphers, def_cipher, all_cipher); |
ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac); |
ASSEMBLE(macs, def_mac, all_mac); |
ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex); |
ASSEMBLE(kex_algorithms, def_kex, all_kex); |
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(hostbased_key_types, def_key, all_key); |
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); |
ASSEMBLE(pubkey_key_types, def_key, all_key); |
ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); |
ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); |
#undef ASSEMBLE |
#undef ASSEMBLE |
free(all_cipher); |
free(all_cipher); |
free(all_mac); |
free(all_mac); |
free(all_kex); |
free(all_kex); |
free(all_key); |
free(all_key); |
free(all_sig); |
free(all_sig); |
|
free(def_cipher); |
|
free(def_mac); |
|
free(def_kex); |
|
kex_default_pk_alg_filtered = def_key; /* save for later use */ |
|
free(def_sig); |
|
|
#define CLEAR_ON_NONE(v) \ |
#define CLEAR_ON_NONE(v) \ |
do { \ |
do { \ |
|
|
dump_client_config(Options *o, const char *host) |
dump_client_config(Options *o, const char *host) |
{ |
{ |
int i; |
int i; |
char buf[8], *all_key; |
char buf[8]; |
|
|
/* This is normally prepared in ssh_kex2 */ |
|
all_key = sshkey_alg_list(0, 0, 1, ','); |
|
if (kex_assemble_names( &o->hostkeyalgorithms, |
|
KEX_DEFAULT_PK_ALG, all_key) != 0) |
|
fatal("%s: kex_assemble_names failed", __func__); |
|
free(all_key); |
|
|
|
/* Most interesting options first: user, host, port */ |
/* Most interesting options first: user, host, port */ |
dump_cfg_string(oUser, o->user); |
dump_cfg_string(oUser, o->user); |
dump_cfg_string(oHostname, host); |
dump_cfg_string(oHostname, host); |
|
|
/* String options */ |
/* String options */ |
dump_cfg_string(oBindAddress, o->bind_address); |
dump_cfg_string(oBindAddress, o->bind_address); |
dump_cfg_string(oBindInterface, o->bind_interface); |
dump_cfg_string(oBindInterface, o->bind_interface); |
dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); |
dump_cfg_string(oCiphers, o->ciphers); |
dump_cfg_string(oControlPath, o->control_path); |
dump_cfg_string(oControlPath, o->control_path); |
dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
|
|
dump_cfg_string(oIdentityAgent, o->identity_agent); |
dump_cfg_string(oIdentityAgent, o->identity_agent); |
dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); |
dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); |
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); |
dump_cfg_string(oKexAlgorithms, o->kex_algorithms); |
dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); |
dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms); |
dump_cfg_string(oLocalCommand, o->local_command); |
dump_cfg_string(oLocalCommand, o->local_command); |
dump_cfg_string(oRemoteCommand, o->remote_command); |
dump_cfg_string(oRemoteCommand, o->remote_command); |
dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); |
dump_cfg_string(oMacs, o->macs); |
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); |
dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); |
#endif |
#endif |