Annotation of src/usr.bin/ssh/readconf.c, Revision 1.14
1.1 deraadt 1: /*
2:
3: readconf.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Sat Apr 22 00:03:10 1995 ylo
11:
12: Functions for reading the configuration files.
13:
14: */
15:
16: #include "includes.h"
1.14 ! markus 17: RCSID("$Id: readconf.c,v 1.13 1999/11/10 23:36:44 markus Exp $");
1.1 deraadt 18:
19: #include "ssh.h"
20: #include "cipher.h"
21: #include "readconf.h"
22: #include "xmalloc.h"
23:
24: /* Format of the configuration file:
25:
26: # Configuration data is parsed as follows:
27: # 1. command line options
28: # 2. user-specific file
29: # 3. system-wide file
30: # Any configuration value is only changed the first time it is set.
31: # Thus, host-specific definitions should be at the beginning of the
32: # configuration file, and defaults at the end.
33:
34: # Host-specific declarations. These may override anything above. A single
35: # host may match multiple declarations; these are processed in the order
36: # that they are given in.
37:
38: Host *.ngs.fi ngs.fi
39: FallBackToRsh no
40:
41: Host fake.com
42: HostName another.host.name.real.org
43: User blaah
44: Port 34289
45: ForwardX11 no
46: ForwardAgent no
47:
48: Host books.com
49: RemoteForward 9999 shadows.cs.hut.fi:9999
50: Cipher 3des
51:
52: Host fascist.blob.com
53: Port 23123
54: User tylonen
55: RhostsAuthentication no
56: PasswordAuthentication no
57:
58: Host puukko.hut.fi
59: User t35124p
60: ProxyCommand ssh-proxy %h %p
61:
62: Host *.fr
63: UseRsh yes
64:
65: Host *.su
66: Cipher none
67: PasswordAuthentication no
68:
69: # Defaults for various options
70: Host *
71: ForwardAgent no
72: ForwardX11 yes
73: RhostsAuthentication yes
74: PasswordAuthentication yes
75: RSAAuthentication yes
76: RhostsRSAAuthentication yes
77: FallBackToRsh no
78: UseRsh no
79: StrictHostKeyChecking yes
80: KeepAlives no
81: IdentityFile ~/.ssh/identity
82: Port 22
83: EscapeChar ~
84:
85: */
86:
87: /* Keyword tokens. */
88:
89: typedef enum
90: {
1.14 ! markus 91: oBadOption,
1.3 deraadt 92: oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
1.1 deraadt 93: oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
94: #ifdef KRB4
95: oKerberosAuthentication,
96: #endif /* KRB4 */
97: #ifdef AFS
1.5 dugsong 98: oKerberosTgtPassing, oAFSTokenPassing,
1.1 deraadt 99: #endif
100: oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
101: oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
102: oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
1.8 provos 103: oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
1.11 markus 104: oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
1.13 markus 105: oUsePrivilegedPort, oLogLevel
1.1 deraadt 106: } OpCodes;
107:
108: /* Textual representations of the tokens. */
109:
110: static struct
111: {
112: const char *name;
113: OpCodes opcode;
114: } keywords[] =
115: {
116: { "forwardagent", oForwardAgent },
117: { "forwardx11", oForwardX11 },
1.3 deraadt 118: { "gatewayports", oGatewayPorts },
1.12 markus 119: { "useprivilegedport", oUsePrivilegedPort },
1.1 deraadt 120: { "rhostsauthentication", oRhostsAuthentication },
121: { "passwordauthentication", oPasswordAuthentication },
122: { "rsaauthentication", oRSAAuthentication },
123: #ifdef KRB4
124: { "kerberosauthentication", oKerberosAuthentication },
125: #endif /* KRB4 */
1.5 dugsong 126: #ifdef AFS
1.1 deraadt 127: { "kerberostgtpassing", oKerberosTgtPassing },
128: { "afstokenpassing", oAFSTokenPassing },
129: #endif
130: { "fallbacktorsh", oFallBackToRsh },
131: { "usersh", oUseRsh },
132: { "identityfile", oIdentityFile },
133: { "hostname", oHostName },
134: { "proxycommand", oProxyCommand },
135: { "port", oPort },
136: { "cipher", oCipher },
137: { "remoteforward", oRemoteForward },
138: { "localforward", oLocalForward },
139: { "user", oUser },
140: { "host", oHost },
141: { "escapechar", oEscapeChar },
142: { "rhostsrsaauthentication", oRhostsRSAAuthentication },
143: { "globalknownhostsfile", oGlobalKnownHostsFile },
144: { "userknownhostsfile", oUserKnownHostsFile },
145: { "connectionattempts", oConnectionAttempts },
146: { "batchmode", oBatchMode },
1.8 provos 147: { "checkhostip", oCheckHostIP },
1.1 deraadt 148: { "stricthostkeychecking", oStrictHostKeyChecking },
149: { "compression", oCompression },
150: { "compressionlevel", oCompressionLevel },
151: { "keepalive", oKeepAlives },
1.10 dugsong 152: { "numberofpasswordprompts", oNumberOfPasswordPrompts },
1.1 deraadt 153: { "tisauthentication", oTISAuthentication },
1.13 markus 154: { "loglevel", oLogLevel },
155: { NULL, 0 }
156: };
157:
158: /* textual representation of log-levels */
159:
160: static struct
161: {
162: const char *name;
163: LogLevel level;
164: } log_levels[] =
165: {
166: { "QUIET", SYSLOG_LEVEL_QUIET },
167: { "FATAL", SYSLOG_LEVEL_FATAL },
168: { "ERROR", SYSLOG_LEVEL_ERROR },
169: { "INFO", SYSLOG_LEVEL_INFO },
170: { "CHAT", SYSLOG_LEVEL_CHAT },
171: { "DEBUG", SYSLOG_LEVEL_DEBUG },
1.1 deraadt 172: { NULL, 0 }
173: };
174:
175: /* Characters considered whitespace in strtok calls. */
176: #define WHITESPACE " \t\r\n"
177:
178:
179: /* Adds a local TCP/IP port forward to options. Never returns if there
180: is an error. */
181:
182: void add_local_forward(Options *options, int port, const char *host,
183: int host_port)
184: {
185: Forward *fwd;
1.4 deraadt 186: extern uid_t original_real_uid;
187: if ((port & 0xffff) != port)
188: fatal("Requested forwarding of nonexistent port %d.", port);
1.7 deraadt 189: if (port < IPPORT_RESERVED && original_real_uid != 0)
1.4 deraadt 190: fatal("Privileged ports can only be forwarded by root.\n");
1.1 deraadt 191: if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
192: fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
193: fwd = &options->local_forwards[options->num_local_forwards++];
194: fwd->port = port;
195: fwd->host = xstrdup(host);
196: fwd->host_port = host_port;
197: }
198:
199: /* Adds a remote TCP/IP port forward to options. Never returns if there
200: is an error. */
201:
202: void add_remote_forward(Options *options, int port, const char *host,
203: int host_port)
204: {
205: Forward *fwd;
206: if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
207: fatal("Too many remote forwards (max %d).",
208: SSH_MAX_FORWARDS_PER_DIRECTION);
209: fwd = &options->remote_forwards[options->num_remote_forwards++];
210: fwd->port = port;
211: fwd->host = xstrdup(host);
212: fwd->host_port = host_port;
213: }
214:
215: /* Returns the number of the token pointed to by cp of length len.
216: Never returns if the token is not known. */
217:
218: static OpCodes parse_token(const char *cp, const char *filename, int linenum)
219: {
220: unsigned int i;
221:
222: for (i = 0; keywords[i].name; i++)
223: if (strcmp(cp, keywords[i].name) == 0)
224: return keywords[i].opcode;
225:
1.14 ! markus 226: fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
! 227: filename, linenum, cp);
! 228: return oBadOption;
1.1 deraadt 229: }
230:
231: /* Processes a single option line as used in the configuration files.
232: This only sets those values that have not already been set. */
233:
1.14 ! markus 234: int
! 235: process_config_line(Options *options, const char *host,
1.1 deraadt 236: char *line, const char *filename, int linenum,
237: int *activep)
238: {
239: char buf[256], *cp, *string, **charptr;
1.13 markus 240: int opcode, *intptr, value, fwd_port, fwd_host_port, i;
1.1 deraadt 241:
242: /* Skip leading whitespace. */
243: cp = line + strspn(line, WHITESPACE);
244: if (!*cp || *cp == '\n' || *cp == '#')
1.14 ! markus 245: return 0;
1.1 deraadt 246:
247: /* Get the keyword. (Each line is supposed to begin with a keyword). */
248: cp = strtok(cp, WHITESPACE);
249: {
250: char *t = cp;
251: for (; *t != 0; t++)
252: if ('A' <= *t && *t <= 'Z')
253: *t = *t - 'A' + 'a'; /* tolower */
254:
255: }
256: opcode = parse_token(cp, filename, linenum);
257:
258: switch (opcode)
259: {
1.14 ! markus 260: case oBadOption:
! 261: return -1; /* don't panic, but count bad options */
! 262: /*NOTREACHED*/
1.1 deraadt 263: case oForwardAgent:
264: intptr = &options->forward_agent;
265: parse_flag:
266: cp = strtok(NULL, WHITESPACE);
267: if (!cp)
268: fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
269: value = 0; /* To avoid compiler warning... */
270: if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)
271: value = 1;
272: else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0)
273: value = 0;
274: else
275: fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
276: if (*activep && *intptr == -1)
277: *intptr = value;
278: break;
279:
280: case oForwardX11:
281: intptr = &options->forward_x11;
282: goto parse_flag;
1.3 deraadt 283:
284: case oGatewayPorts:
285: intptr = &options->gateway_ports;
286: goto parse_flag;
1.1 deraadt 287:
1.11 markus 288: case oUsePrivilegedPort:
289: intptr = &options->use_privileged_port;
290: goto parse_flag;
291:
1.1 deraadt 292: case oRhostsAuthentication:
293: intptr = &options->rhosts_authentication;
294: goto parse_flag;
295:
296: case oPasswordAuthentication:
297: intptr = &options->password_authentication;
298: goto parse_flag;
299:
300: case oRSAAuthentication:
301: intptr = &options->rsa_authentication;
302: goto parse_flag;
303:
304: case oRhostsRSAAuthentication:
305: intptr = &options->rhosts_rsa_authentication;
306: goto parse_flag;
307:
308: #ifdef KRB4
309: case oKerberosAuthentication:
310: intptr = &options->kerberos_authentication;
311: goto parse_flag;
312: #endif /* KRB4 */
313:
1.5 dugsong 314: #ifdef AFS
1.1 deraadt 315: case oKerberosTgtPassing:
316: intptr = &options->kerberos_tgt_passing;
317: goto parse_flag;
318:
319: case oAFSTokenPassing:
320: intptr = &options->afs_token_passing;
321: goto parse_flag;
322: #endif
323:
324: case oFallBackToRsh:
325: intptr = &options->fallback_to_rsh;
326: goto parse_flag;
327:
328: case oUseRsh:
329: intptr = &options->use_rsh;
330: goto parse_flag;
331:
332: case oBatchMode:
333: intptr = &options->batch_mode;
1.9 provos 334: goto parse_flag;
335:
336: case oCheckHostIP:
337: intptr = &options->check_host_ip;
1.1 deraadt 338: goto parse_flag;
339:
340: case oStrictHostKeyChecking:
341: intptr = &options->strict_host_key_checking;
342: cp = strtok(NULL, WHITESPACE);
343: if (!cp)
344: fatal("%.200s line %d: Missing yes/no argument.",
345: filename, linenum);
346: value = 0; /* To avoid compiler warning... */
347: if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)
348: value = 1;
349: else if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0)
350: value = 0;
351: else if (strcmp(cp, "ask") == 0)
352: value = 2;
353: else
354: fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
355: if (*activep && *intptr == -1)
356: *intptr = value;
357: break;
358:
359: case oCompression:
360: intptr = &options->compression;
361: goto parse_flag;
362:
363: case oKeepAlives:
364: intptr = &options->keepalives;
365: goto parse_flag;
366:
1.10 dugsong 367: case oNumberOfPasswordPrompts:
368: intptr = &options->number_of_password_prompts;
369: goto parse_int;
370:
1.1 deraadt 371: case oTISAuthentication:
372: cp = strtok(NULL, WHITESPACE);
373: if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0))
374: fprintf(stderr,
375: "%.99s line %d: Warning, TIS is not supported.\n",
376: filename,
377: linenum);
378: break;
379:
380: case oCompressionLevel:
381: intptr = &options->compression_level;
382: goto parse_int;
383:
384: case oIdentityFile:
385: cp = strtok(NULL, WHITESPACE);
386: if (!cp)
387: fatal("%.200s line %d: Missing argument.", filename, linenum);
388: if (*activep)
389: {
390: if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
391: fatal("%.200s line %d: Too many identity files specified (max %d).",
392: filename, linenum, SSH_MAX_IDENTITY_FILES);
393: options->identity_files[options->num_identity_files++] = xstrdup(cp);
394: }
395: break;
396:
397: case oUser:
398: charptr = &options->user;
399: parse_string:
400: cp = strtok(NULL, WHITESPACE);
401: if (!cp)
402: fatal("%.200s line %d: Missing argument.", filename, linenum);
403: if (*activep && *charptr == NULL)
404: *charptr = xstrdup(cp);
405: break;
406:
407: case oGlobalKnownHostsFile:
408: charptr = &options->system_hostfile;
409: goto parse_string;
410:
411: case oUserKnownHostsFile:
412: charptr = &options->user_hostfile;
413: goto parse_string;
414:
415: case oHostName:
416: charptr = &options->hostname;
417: goto parse_string;
418:
419: case oProxyCommand:
420: charptr = &options->proxy_command;
421: string = xstrdup("");
422: while ((cp = strtok(NULL, WHITESPACE)) != NULL)
423: {
424: string = xrealloc(string, strlen(string) + strlen(cp) + 2);
425: strcat(string, " ");
426: strcat(string, cp);
427: }
428: if (*activep && *charptr == NULL)
429: *charptr = string;
430: else
431: xfree(string);
1.14 ! markus 432: return 0;
1.1 deraadt 433:
434: case oPort:
435: intptr = &options->port;
436: parse_int:
437: cp = strtok(NULL, WHITESPACE);
438: if (!cp)
439: fatal("%.200s line %d: Missing argument.", filename, linenum);
440: if (cp[0] < '0' || cp[0] > '9')
441: fatal("%.200s line %d: Bad number.", filename, linenum);
442: #if 0
443: value = atoi(cp);
444: #else
445: {
446: char *ptr;
447: value = strtol(cp, &ptr, 0); /* Octal, decimal, or hex format? */
448: if (cp == ptr)
449: fatal("%.200s line %d: Bad number.", filename, linenum);
450: }
451: #endif
452: if (*activep && *intptr == -1)
453: *intptr = value;
454: break;
455:
456: case oConnectionAttempts:
457: intptr = &options->connection_attempts;
458: goto parse_int;
459:
460: case oCipher:
461: intptr = &options->cipher;
462: cp = strtok(NULL, WHITESPACE);
463: value = cipher_number(cp);
464: if (value == -1)
465: fatal("%.200s line %d: Bad cipher.", filename, linenum);
466: if (*activep && *intptr == -1)
467: *intptr = value;
468: break;
1.13 markus 469:
470: case oLogLevel:
471: cp = strtok(NULL, WHITESPACE);
472: if (!cp)
473: {
474: fprintf(stderr, "%s line %d: missing level name.\n",
475: filename, linenum);
476: exit(1);
477: }
478: for (i = 0; log_levels[i].name; i++)
479: if (strcasecmp(log_levels[i].name, cp) == 0)
480: break;
481: if (!log_levels[i].name)
482: {
483: fprintf(stderr, "%s line %d: unsupported log level %s\n",
484: filename, linenum, cp);
485: exit(1);
486: }
487: if (options->log_level == (LogLevel)(-1))
488: options->log_level = log_levels[i].level;
489: break;
1.1 deraadt 490:
491: case oRemoteForward:
492: cp = strtok(NULL, WHITESPACE);
493: if (!cp)
494: fatal("%.200s line %d: Missing argument.", filename, linenum);
495: if (cp[0] < '0' || cp[0] > '9')
496: fatal("%.200s line %d: Badly formatted port number.",
497: filename, linenum);
498: fwd_port = atoi(cp);
499: cp = strtok(NULL, WHITESPACE);
500: if (!cp)
501: fatal("%.200s line %d: Missing second argument.",
502: filename, linenum);
503: if (sscanf(cp, "%255[^:]:%d", buf, &fwd_host_port) != 2)
504: fatal("%.200s line %d: Badly formatted host:port.",
505: filename, linenum);
506: if (*activep)
507: add_remote_forward(options, fwd_port, buf, fwd_host_port);
508: break;
509:
510: case oLocalForward:
511: cp = strtok(NULL, WHITESPACE);
512: if (!cp)
513: fatal("%.200s line %d: Missing argument.", filename, linenum);
514: if (cp[0] < '0' || cp[0] > '9')
515: fatal("%.200s line %d: Badly formatted port number.",
516: filename, linenum);
517: fwd_port = atoi(cp);
518: cp = strtok(NULL, WHITESPACE);
519: if (!cp)
520: fatal("%.200s line %d: Missing second argument.",
521: filename, linenum);
522: if (sscanf(cp, "%255[^:]:%d", buf, &fwd_host_port) != 2)
523: fatal("%.200s line %d: Badly formatted host:port.",
524: filename, linenum);
525: if (*activep)
526: add_local_forward(options, fwd_port, buf, fwd_host_port);
527: break;
528:
529: case oHost:
530: *activep = 0;
531: while ((cp = strtok(NULL, WHITESPACE)) != NULL)
532: if (match_pattern(host, cp))
533: {
534: debug("Applying options for %.100s", cp);
535: *activep = 1;
536: break;
537: }
538: /* Avoid garbage check below, as strtok already returned NULL. */
1.14 ! markus 539: return 0;
1.1 deraadt 540:
541: case oEscapeChar:
542: intptr = &options->escape_char;
543: cp = strtok(NULL, WHITESPACE);
544: if (!cp)
545: fatal("%.200s line %d: Missing argument.", filename, linenum);
546: if (cp[0] == '^' && cp[2] == 0 &&
547: (unsigned char)cp[1] >= 64 && (unsigned char)cp[1] < 128)
548: value = (unsigned char)cp[1] & 31;
549: else
550: if (strlen(cp) == 1)
551: value = (unsigned char)cp[0];
552: else
553: if (strcmp(cp, "none") == 0)
554: value = -2;
555: else
556: {
557: fatal("%.200s line %d: Bad escape character.",
558: filename, linenum);
559: /*NOTREACHED*/
560: value = 0; /* Avoid compiler warning. */
561: }
562: if (*activep && *intptr == -1)
563: *intptr = value;
564: break;
565:
566: default:
1.14 ! markus 567: fatal("process_config_line: Unimplemented opcode %d", opcode);
1.1 deraadt 568: }
569:
570: /* Check that there is no garbage at end of line. */
571: if (strtok(NULL, WHITESPACE) != NULL)
572: fatal("%.200s line %d: garbage at end of line.",
573: filename, linenum);
1.14 ! markus 574: return 0;
1.1 deraadt 575: }
576:
577:
578: /* Reads the config file and modifies the options accordingly. Options should
579: already be initialized before this call. This never returns if there
580: is an error. If the file does not exist, this returns immediately. */
581:
582: void read_config_file(const char *filename, const char *host, Options *options)
583: {
584: FILE *f;
585: char line[1024];
586: int active, linenum;
1.14 ! markus 587: int bad_options = 0;
1.1 deraadt 588:
589: /* Open the file. */
590: f = fopen(filename, "r");
591: if (!f)
592: return;
593:
594: debug("Reading configuration data %.200s", filename);
595:
596: /* Mark that we are now processing the options. This flag is turned on/off
597: by Host specifications. */
598: active = 1;
599: linenum = 0;
600: while (fgets(line, sizeof(line), f))
601: {
602: /* Update line number counter. */
603: linenum++;
1.14 ! markus 604: if (process_config_line(options, host, line, filename, linenum, &active) != 0)
! 605: bad_options++;
1.1 deraadt 606: }
607: fclose(f);
1.14 ! markus 608: if (bad_options > 0)
! 609: fatal("%s: terminating, %d bad configuration options\n",
! 610: filename, bad_options);
1.1 deraadt 611: }
612:
613: /* Initializes options to special values that indicate that they have not
614: yet been set. Read_config_file will only set options with this value.
615: Options are processed in the following order: command line, user config
616: file, system config file. Last, fill_default_options is called. */
617:
618: void initialize_options(Options *options)
619: {
620: memset(options, 'X', sizeof(*options));
621: options->forward_agent = -1;
622: options->forward_x11 = -1;
1.3 deraadt 623: options->gateway_ports = -1;
1.11 markus 624: options->use_privileged_port = -1;
1.1 deraadt 625: options->rhosts_authentication = -1;
626: options->rsa_authentication = -1;
627: #ifdef KRB4
628: options->kerberos_authentication = -1;
629: #endif
1.5 dugsong 630: #ifdef AFS
1.1 deraadt 631: options->kerberos_tgt_passing = -1;
632: options->afs_token_passing = -1;
633: #endif
634: options->password_authentication = -1;
635: options->rhosts_rsa_authentication = -1;
636: options->fallback_to_rsh = -1;
637: options->use_rsh = -1;
638: options->batch_mode = -1;
1.8 provos 639: options->check_host_ip = -1;
1.1 deraadt 640: options->strict_host_key_checking = -1;
641: options->compression = -1;
642: options->keepalives = -1;
643: options->compression_level = -1;
644: options->port = -1;
645: options->connection_attempts = -1;
1.10 dugsong 646: options->number_of_password_prompts = -1;
1.1 deraadt 647: options->cipher = -1;
648: options->num_identity_files = 0;
649: options->hostname = NULL;
650: options->proxy_command = NULL;
651: options->user = NULL;
652: options->escape_char = -1;
653: options->system_hostfile = NULL;
654: options->user_hostfile = NULL;
655: options->num_local_forwards = 0;
656: options->num_remote_forwards = 0;
1.13 markus 657: options->log_level = (LogLevel)-1;
1.1 deraadt 658: }
659:
660: /* Called after processing other sources of option data, this fills those
661: options for which no value has been specified with their default values. */
662:
663: void fill_default_options(Options *options)
664: {
665: if (options->forward_agent == -1)
666: options->forward_agent = 1;
667: if (options->forward_x11 == -1)
668: options->forward_x11 = 1;
1.3 deraadt 669: if (options->gateway_ports == -1)
670: options->gateway_ports = 0;
1.11 markus 671: if (options->use_privileged_port == -1)
672: options->use_privileged_port = 1;
1.1 deraadt 673: if (options->rhosts_authentication == -1)
674: options->rhosts_authentication = 1;
675: if (options->rsa_authentication == -1)
676: options->rsa_authentication = 1;
677: #ifdef KRB4
678: if (options->kerberos_authentication == -1)
679: options->kerberos_authentication = 1;
1.5 dugsong 680: #endif /* KRB4 */
681: #ifdef AFS
1.1 deraadt 682: if (options->kerberos_tgt_passing == -1)
683: options->kerberos_tgt_passing = 1;
684: if (options->afs_token_passing == -1)
685: options->afs_token_passing = 1;
1.5 dugsong 686: #endif /* AFS */
1.1 deraadt 687: if (options->password_authentication == -1)
688: options->password_authentication = 1;
689: if (options->rhosts_rsa_authentication == -1)
690: options->rhosts_rsa_authentication = 1;
691: if (options->fallback_to_rsh == -1)
692: options->fallback_to_rsh = 1;
693: if (options->use_rsh == -1)
694: options->use_rsh = 0;
695: if (options->batch_mode == -1)
696: options->batch_mode = 0;
1.8 provos 697: if (options->check_host_ip == -1)
698: options->check_host_ip = 1;
1.1 deraadt 699: if (options->strict_host_key_checking == -1)
700: options->strict_host_key_checking = 2; /* 2 is default */
701: if (options->compression == -1)
702: options->compression = 0;
703: if (options->keepalives == -1)
704: options->keepalives = 1;
705: if (options->compression_level == -1)
706: options->compression_level = 6;
707: if (options->port == -1)
708: options->port = 0; /* Filled in ssh_connect. */
709: if (options->connection_attempts == -1)
710: options->connection_attempts = 4;
1.10 dugsong 711: if (options->number_of_password_prompts == -1)
712: options->number_of_password_prompts = 3;
1.1 deraadt 713: if (options->cipher == -1)
714: options->cipher = SSH_CIPHER_NOT_SET; /* Selected in ssh_login(). */
715: if (options->num_identity_files == 0)
716: {
717: options->identity_files[0] =
718: xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
719: sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY);
720: options->num_identity_files = 1;
721: }
722: if (options->escape_char == -1)
723: options->escape_char = '~';
724: if (options->system_hostfile == NULL)
725: options->system_hostfile = SSH_SYSTEM_HOSTFILE;
726: if (options->user_hostfile == NULL)
727: options->user_hostfile = SSH_USER_HOSTFILE;
1.13 markus 728: if (options->log_level == (LogLevel)-1)
729: options->log_level = SYSLOG_LEVEL_INFO;
1.1 deraadt 730: /* options->proxy_command should not be set by default */
731: /* options->user will be set in the main program if appropriate */
732: /* options->hostname will be set in the main program if appropriate */
733: }
734: