1 | /* |
---|
2 | |
---|
3 | readconf.c |
---|
4 | |
---|
5 | Author: Tatu Ylonen <ylo@cs.hut.fi> |
---|
6 | |
---|
7 | Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
---|
8 | All rights reserved |
---|
9 | |
---|
10 | Created: Sat Apr 22 00:03:10 1995 ylo |
---|
11 | |
---|
12 | Functions for reading the configuration files. |
---|
13 | |
---|
14 | */ |
---|
15 | |
---|
16 | /* |
---|
17 | * $Id: readconf.c,v 1.1.1.4 1999-03-08 17:43:25 danw Exp $ |
---|
18 | * $Log: not supported by cvs2svn $ |
---|
19 | * Revision 1.15 1998/07/08 00:46:30 kivinen |
---|
20 | * Fixed typo (privileged). |
---|
21 | * |
---|
22 | * Revision 1.14 1998/05/23 20:23:39 kivinen |
---|
23 | * Removed extra comma at the end of OpCodes enum. |
---|
24 | * |
---|
25 | * Revision 1.13 1998/04/30 01:55:12 kivinen |
---|
26 | * Added PasswordPromptLogin and PasswordPromptHost options, so |
---|
27 | * now the password prompt is configurable. |
---|
28 | * |
---|
29 | * Revision 1.12 1998/03/27 16:59:33 kivinen |
---|
30 | * Added GatewayPorts option. |
---|
31 | * |
---|
32 | * Revision 1.11 1998/01/02 06:19:58 kivinen |
---|
33 | * Added xauthlocation option. |
---|
34 | * |
---|
35 | * Revision 1.10 1997/08/21 22:16:45 ylo |
---|
36 | * Fixed security bug with port number > 65535 in local forwarding. |
---|
37 | * |
---|
38 | * Revision 1.9 1997/08/09 20:22:44 ylo |
---|
39 | * Removed extra newline from fatal message. |
---|
40 | * |
---|
41 | * Revision 1.8 1997/08/07 16:23:55 kivinen |
---|
42 | * Moved privileged port check to add_local_forward function. |
---|
43 | * |
---|
44 | * Revision 1.7 1997/04/23 00:01:18 kivinen |
---|
45 | * Added ClearAllForwardins and NumberOfPasswordPrompts options. |
---|
46 | * |
---|
47 | * Revision 1.6 1997/04/17 04:21:08 kivinen |
---|
48 | * Changed StrictHostKeyChecking to have three possible values, |
---|
49 | * yes, no, and ask. |
---|
50 | * |
---|
51 | * Revision 1.5 1997/03/27 03:10:16 kivinen |
---|
52 | * Added kerberos patches from Glenn Machin. |
---|
53 | * |
---|
54 | * Revision 1.4 1997/03/26 05:34:37 kivinen |
---|
55 | * Added UsePriviledgedPort option. |
---|
56 | * |
---|
57 | * Revision 1.3 1997/03/25 05:40:58 kivinen |
---|
58 | * Changed keywords to be case insensitive. |
---|
59 | * Added = to WHITESPACE so now it allows options in format |
---|
60 | * Foo=bar. |
---|
61 | * |
---|
62 | * Revision 1.2 1997/03/19 17:54:37 kivinen |
---|
63 | * Added TIS authentication code from Andre April |
---|
64 | * <Andre.April@cediti.be>. |
---|
65 | * |
---|
66 | * Revision 1.1.1.1 1996/02/18 21:38:12 ylo |
---|
67 | * Imported ssh-1.2.13. |
---|
68 | * |
---|
69 | * Revision 1.7 1995/09/24 23:59:44 ylo |
---|
70 | * Added ConnectionAttempts. |
---|
71 | * |
---|
72 | * Revision 1.6 1995/09/09 21:26:44 ylo |
---|
73 | * /m/shadows/u2/users/ylo/ssh/README |
---|
74 | * |
---|
75 | * Revision 1.5 1995/09/06 19:52:36 ylo |
---|
76 | * Fixed spelling of fascist. |
---|
77 | * |
---|
78 | * Revision 1.4 1995/08/21 23:25:55 ylo |
---|
79 | * Minor cleanup. |
---|
80 | * |
---|
81 | * Revision 1.3 1995/07/27 00:39:00 ylo |
---|
82 | * Added GlobalKnownHostsFile and UserKnownHostsFile. |
---|
83 | * |
---|
84 | * Revision 1.2 1995/07/13 01:30:39 ylo |
---|
85 | * Removed "Last modified" header. |
---|
86 | * Added cvs log. |
---|
87 | * |
---|
88 | * $Endlog$ |
---|
89 | */ |
---|
90 | |
---|
91 | /* Format of the configuration file: |
---|
92 | |
---|
93 | # Configuration data is parsed as follows: |
---|
94 | # 1. command line options |
---|
95 | # 2. user-specific file |
---|
96 | # 3. system-wide file |
---|
97 | # Any configuration value is only changed the first time it is set. |
---|
98 | # Thus, host-specific definitions should be at the beginning of the |
---|
99 | # configuration file, and defaults at the end. |
---|
100 | |
---|
101 | # Host-specific declarations. These may override anything above. A single |
---|
102 | # host may match multiple declarations; these are processed in the order |
---|
103 | # that they are given in. |
---|
104 | |
---|
105 | Host *.ngs.fi ngs.fi |
---|
106 | FallBackToRsh no |
---|
107 | |
---|
108 | Host fake.com |
---|
109 | HostName another.host.name.real.org |
---|
110 | User blaah |
---|
111 | Port 34289 |
---|
112 | ForwardX11 no |
---|
113 | ForwardAgent no |
---|
114 | |
---|
115 | Host books.com |
---|
116 | RemoteForward 9999 shadows.cs.hut.fi:9999 |
---|
117 | Cipher 3des |
---|
118 | |
---|
119 | Host fascist.blob.com |
---|
120 | Port 23123 |
---|
121 | User tylonen |
---|
122 | RhostsAuthentication no |
---|
123 | PasswordAuthentication no |
---|
124 | |
---|
125 | Host puukko.hut.fi |
---|
126 | User t35124p |
---|
127 | ProxyCommand ssh-proxy %h %p |
---|
128 | |
---|
129 | Host *.fr |
---|
130 | UseRsh yes |
---|
131 | |
---|
132 | Host *.su |
---|
133 | Cipher none |
---|
134 | PasswordAuthentication no |
---|
135 | |
---|
136 | # Defaults for various options |
---|
137 | Host * |
---|
138 | ForwardAgent no |
---|
139 | ForwardX11 yes |
---|
140 | RhostsAuthentication yes |
---|
141 | PasswordAuthentication yes |
---|
142 | RSAAuthentication yes |
---|
143 | RhostsRSAAuthentication yes |
---|
144 | FallBackToRsh no |
---|
145 | UseRsh no |
---|
146 | StrictHostKeyChecking yes |
---|
147 | KeepAlives no |
---|
148 | IdentityFile ~/.ssh/identity |
---|
149 | Port 22 |
---|
150 | Cipher idea |
---|
151 | EscapeChar ~ |
---|
152 | |
---|
153 | */ |
---|
154 | |
---|
155 | #include "includes.h" |
---|
156 | #include "ssh.h" |
---|
157 | #include "cipher.h" |
---|
158 | #include "readconf.h" |
---|
159 | #include "xmalloc.h" |
---|
160 | #include "userfile.h" |
---|
161 | |
---|
162 | /* Keyword tokens. */ |
---|
163 | |
---|
164 | typedef enum |
---|
165 | { |
---|
166 | oForwardAgent, oForwardX11, oRhostsAuthentication, oTISAuthentication, |
---|
167 | oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh, |
---|
168 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
---|
169 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
---|
170 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
---|
171 | oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, |
---|
172 | oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, |
---|
173 | oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, |
---|
174 | oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost |
---|
175 | } OpCodes; |
---|
176 | |
---|
177 | /* Textual representations of the tokens. */ |
---|
178 | |
---|
179 | static struct |
---|
180 | { |
---|
181 | const char *name; |
---|
182 | OpCodes opcode; |
---|
183 | } keywords[] = |
---|
184 | { |
---|
185 | { "forwardagent", oForwardAgent }, |
---|
186 | { "forwardx11", oForwardX11 }, |
---|
187 | { "rhostsauthentication", oRhostsAuthentication }, |
---|
188 | { "passwordauthentication", oPasswordAuthentication }, |
---|
189 | { "rsaauthentication", oRSAAuthentication }, |
---|
190 | { "tisauthentication", oTISAuthentication }, |
---|
191 | { "fallbacktorsh", oFallBackToRsh }, |
---|
192 | { "usersh", oUseRsh }, |
---|
193 | { "identityfile", oIdentityFile }, |
---|
194 | { "hostname", oHostName }, |
---|
195 | { "proxycommand", oProxyCommand }, |
---|
196 | { "port", oPort }, |
---|
197 | { "cipher", oCipher }, |
---|
198 | { "remoteforward", oRemoteForward }, |
---|
199 | { "localforward", oLocalForward }, |
---|
200 | { "user", oUser }, |
---|
201 | { "host", oHost }, |
---|
202 | { "escapechar", oEscapeChar }, |
---|
203 | { "rhostsrsaauthentication", oRhostsRSAAuthentication }, |
---|
204 | { "globalknownhostsfile", oGlobalKnownHostsFile }, |
---|
205 | { "userknownhostsfile", oUserKnownHostsFile }, |
---|
206 | { "connectionattempts", oConnectionAttempts }, |
---|
207 | { "batchmode", oBatchMode }, |
---|
208 | { "stricthostkeychecking", oStrictHostKeyChecking }, |
---|
209 | { "compression", oCompression }, |
---|
210 | { "compressionlevel", oCompressionLevel }, |
---|
211 | { "keepalive", oKeepAlives }, |
---|
212 | { "usepriviledgedport", oUsePrivilegedPort }, |
---|
213 | { "useprivilegedport", oUsePrivilegedPort }, |
---|
214 | { "kerberosauthentication", oKerberosAuthentication }, |
---|
215 | { "kerberostgtpassing", oKerberosTgtPassing }, |
---|
216 | { "clearallforwardings", oClearAllForwardings }, |
---|
217 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
---|
218 | { "xauthlocation", oXauthPath }, |
---|
219 | { "gatewayports", oGatewayPorts }, |
---|
220 | { "passwordpromptlogin", oPasswordPromptLogin }, |
---|
221 | { "passwordprompthost", oPasswordPromptHost }, |
---|
222 | { NULL, 0 } |
---|
223 | }; |
---|
224 | |
---|
225 | /* Characters considered whitespace in strtok calls. */ |
---|
226 | #define WHITESPACE " \t\r\n=" |
---|
227 | |
---|
228 | |
---|
229 | /* Adds a local TCP/IP port forward to options. Never returns if there |
---|
230 | is an error. */ |
---|
231 | |
---|
232 | void add_local_forward(Options *options, int port, const char *host, |
---|
233 | int host_port) |
---|
234 | { |
---|
235 | Forward *fwd; |
---|
236 | if ((port < 1024 || port > 65535) && original_real_uid != UID_ROOT) |
---|
237 | fatal("Privileged ports can only be forwarded by root."); |
---|
238 | if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
---|
239 | fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); |
---|
240 | fwd = &options->local_forwards[options->num_local_forwards++]; |
---|
241 | fwd->port = port; |
---|
242 | fwd->host = xstrdup(host); |
---|
243 | fwd->host_port = host_port; |
---|
244 | } |
---|
245 | |
---|
246 | /* Adds a remote TCP/IP port forward to options. Never returns if there |
---|
247 | is an error. */ |
---|
248 | |
---|
249 | void add_remote_forward(Options *options, int port, const char *host, |
---|
250 | int host_port) |
---|
251 | { |
---|
252 | Forward *fwd; |
---|
253 | if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) |
---|
254 | fatal("Too many remote forwards (max %d).", |
---|
255 | SSH_MAX_FORWARDS_PER_DIRECTION); |
---|
256 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
---|
257 | fwd->port = port; |
---|
258 | fwd->host = xstrdup(host); |
---|
259 | fwd->host_port = host_port; |
---|
260 | } |
---|
261 | |
---|
262 | /* Returns the number of the token pointed to by cp of length len. |
---|
263 | Never returns if the token is not known. */ |
---|
264 | |
---|
265 | static OpCodes parse_token(const char *cp, const char *filename, int linenum) |
---|
266 | { |
---|
267 | unsigned int i; |
---|
268 | |
---|
269 | for (i = 0; keywords[i].name; i++) |
---|
270 | if (strcmp(cp, keywords[i].name) == 0) |
---|
271 | return keywords[i].opcode; |
---|
272 | |
---|
273 | fatal("%.200s line %d: Bad configuration option.", |
---|
274 | filename, linenum); |
---|
275 | /*NOTREACHED*/ |
---|
276 | return 0; |
---|
277 | } |
---|
278 | |
---|
279 | /* Processes a single option line as used in the configuration files. |
---|
280 | This only sets those values that have not already been set. */ |
---|
281 | |
---|
282 | void process_config_line(Options *options, const char *host, |
---|
283 | char *line, const char *filename, int linenum, |
---|
284 | int *activep) |
---|
285 | { |
---|
286 | char buf[256], *cp, *string, **charptr; |
---|
287 | int opcode, *intptr, value, fwd_port, fwd_host_port, i; |
---|
288 | |
---|
289 | /* Skip leading whitespace. */ |
---|
290 | cp = line + strspn(line, WHITESPACE); |
---|
291 | if (!*cp || *cp == '\n' || *cp == '#') |
---|
292 | return; |
---|
293 | |
---|
294 | /* Get the keyword. (Each line is supposed to begin with a keyword). */ |
---|
295 | cp = strtok(cp, WHITESPACE); |
---|
296 | for(i = 0; cp[i]; i++) |
---|
297 | cp[i] = tolower(cp[i]); |
---|
298 | opcode = parse_token(cp, filename, linenum); |
---|
299 | |
---|
300 | switch (opcode) |
---|
301 | { |
---|
302 | |
---|
303 | case oForwardAgent: |
---|
304 | intptr = &options->forward_agent; |
---|
305 | parse_flag: |
---|
306 | cp = strtok(NULL, WHITESPACE); |
---|
307 | if (!cp) |
---|
308 | fatal("%.200s line %d: Missing yes/no argument.", |
---|
309 | filename, linenum); |
---|
310 | value = 0; /* To avoid compiler warning... */ |
---|
311 | for(i = 0; cp[i]; i++) |
---|
312 | cp[i] = tolower(cp[i]); |
---|
313 | if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0) |
---|
314 | value = 1; |
---|
315 | else |
---|
316 | if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0) |
---|
317 | value = 0; |
---|
318 | else |
---|
319 | fatal("%.200s line %d: Bad yes/no argument.", |
---|
320 | filename, linenum); |
---|
321 | if (*activep && *intptr == -1) |
---|
322 | *intptr = value; |
---|
323 | break; |
---|
324 | |
---|
325 | case oForwardX11: |
---|
326 | intptr = &options->forward_x11; |
---|
327 | goto parse_flag; |
---|
328 | |
---|
329 | case oRhostsAuthentication: |
---|
330 | intptr = &options->rhosts_authentication; |
---|
331 | goto parse_flag; |
---|
332 | |
---|
333 | case oPasswordAuthentication: |
---|
334 | intptr = &options->password_authentication; |
---|
335 | goto parse_flag; |
---|
336 | |
---|
337 | case oRSAAuthentication: |
---|
338 | intptr = &options->rsa_authentication; |
---|
339 | goto parse_flag; |
---|
340 | |
---|
341 | case oTISAuthentication: |
---|
342 | intptr = &options->tis_authentication; |
---|
343 | goto parse_flag; |
---|
344 | |
---|
345 | case oRhostsRSAAuthentication: |
---|
346 | intptr = &options->rhosts_rsa_authentication; |
---|
347 | goto parse_flag; |
---|
348 | |
---|
349 | case oKerberosAuthentication: |
---|
350 | intptr = &options->kerberos_authentication; |
---|
351 | goto parse_flag; |
---|
352 | |
---|
353 | case oKerberosTgtPassing: |
---|
354 | intptr = &options->kerberos_tgt_passing; |
---|
355 | goto parse_flag; |
---|
356 | |
---|
357 | case oFallBackToRsh: |
---|
358 | intptr = &options->fallback_to_rsh; |
---|
359 | goto parse_flag; |
---|
360 | |
---|
361 | case oUseRsh: |
---|
362 | intptr = &options->use_rsh; |
---|
363 | goto parse_flag; |
---|
364 | |
---|
365 | case oBatchMode: |
---|
366 | intptr = &options->batch_mode; |
---|
367 | goto parse_flag; |
---|
368 | |
---|
369 | case oStrictHostKeyChecking: |
---|
370 | cp = strtok(NULL, WHITESPACE); |
---|
371 | if (!cp) |
---|
372 | fatal("%.200s line %d: Missing yes/no/ask argument.", |
---|
373 | filename, linenum); |
---|
374 | value = 0; /* To avoid compiler warning... */ |
---|
375 | for(i = 0; cp[i]; i++) |
---|
376 | cp[i] = tolower(cp[i]); |
---|
377 | if (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0) |
---|
378 | value = 1; |
---|
379 | else |
---|
380 | if (strcmp(cp, "no") == 0 || strcmp(cp, "false") == 0) |
---|
381 | value = 0; |
---|
382 | else |
---|
383 | if (strcmp(cp, "ask") == 0) |
---|
384 | value = 2; |
---|
385 | else |
---|
386 | fatal("%.200s line %d: Bad yes/no/ask argument.", |
---|
387 | filename, linenum); |
---|
388 | if (*activep && options->strict_host_key_checking == -1) |
---|
389 | options->strict_host_key_checking = value; |
---|
390 | break; |
---|
391 | |
---|
392 | case oCompression: |
---|
393 | intptr = &options->compression; |
---|
394 | goto parse_flag; |
---|
395 | |
---|
396 | case oKeepAlives: |
---|
397 | intptr = &options->keepalives; |
---|
398 | goto parse_flag; |
---|
399 | |
---|
400 | case oUsePrivilegedPort: |
---|
401 | intptr = &options->use_privileged_port; |
---|
402 | goto parse_flag; |
---|
403 | |
---|
404 | case oCompressionLevel: |
---|
405 | intptr = &options->compression_level; |
---|
406 | goto parse_int; |
---|
407 | |
---|
408 | case oIdentityFile: |
---|
409 | cp = strtok(NULL, WHITESPACE); |
---|
410 | if (!cp) |
---|
411 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
412 | if (*activep) |
---|
413 | { |
---|
414 | if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) |
---|
415 | fatal("%.200s line %d: Too many identity files specified (max %d).", |
---|
416 | filename, linenum, SSH_MAX_IDENTITY_FILES); |
---|
417 | options->identity_files[options->num_identity_files++] = xstrdup(cp); |
---|
418 | } |
---|
419 | break; |
---|
420 | |
---|
421 | case oUser: |
---|
422 | charptr = &options->user; |
---|
423 | parse_string: |
---|
424 | cp = strtok(NULL, WHITESPACE); |
---|
425 | if (!cp) |
---|
426 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
427 | if (*activep && *charptr == NULL) |
---|
428 | *charptr = xstrdup(cp); |
---|
429 | break; |
---|
430 | |
---|
431 | case oGlobalKnownHostsFile: |
---|
432 | charptr = &options->system_hostfile; |
---|
433 | goto parse_string; |
---|
434 | |
---|
435 | case oUserKnownHostsFile: |
---|
436 | charptr = &options->user_hostfile; |
---|
437 | goto parse_string; |
---|
438 | |
---|
439 | case oHostName: |
---|
440 | charptr = &options->hostname; |
---|
441 | goto parse_string; |
---|
442 | |
---|
443 | case oProxyCommand: |
---|
444 | charptr = &options->proxy_command; |
---|
445 | string = xstrdup(""); |
---|
446 | while ((cp = strtok(NULL, WHITESPACE)) != NULL) |
---|
447 | { |
---|
448 | string = xrealloc(string, strlen(string) + strlen(cp) + 2); |
---|
449 | strcat(string, " "); |
---|
450 | strcat(string, cp); |
---|
451 | } |
---|
452 | if (*activep && *charptr == NULL) |
---|
453 | *charptr = string; |
---|
454 | else |
---|
455 | xfree(string); |
---|
456 | return; |
---|
457 | |
---|
458 | case oPort: |
---|
459 | intptr = &options->port; |
---|
460 | parse_int: |
---|
461 | cp = strtok(NULL, WHITESPACE); |
---|
462 | if (!cp) |
---|
463 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
464 | if (cp[0] < '0' || cp[0] > '9') |
---|
465 | fatal("%.200s line %d: Bad number.", filename, linenum); |
---|
466 | if (*cp == '0') /* Octal or hex */ |
---|
467 | { |
---|
468 | int base; |
---|
469 | |
---|
470 | cp++; |
---|
471 | if (*cp == 'x') /* Hex */ |
---|
472 | { |
---|
473 | cp++; |
---|
474 | base = 16; |
---|
475 | } |
---|
476 | else |
---|
477 | base = 8; |
---|
478 | value = 0; |
---|
479 | while ((base == 16 && isxdigit(*cp)) || |
---|
480 | (base == 8 && isdigit(*cp) && *cp < '8')) |
---|
481 | { |
---|
482 | value *= base; |
---|
483 | if (*cp >= 'a' && *cp <= 'f') |
---|
484 | value += *cp - 'a' + 10; |
---|
485 | else if (*cp >= 'A' && *cp <= 'F') |
---|
486 | value += *cp - 'A' + 10; |
---|
487 | else |
---|
488 | value += *cp - '0'; |
---|
489 | cp++; |
---|
490 | } |
---|
491 | } |
---|
492 | else |
---|
493 | { |
---|
494 | value = atoi(cp); |
---|
495 | } |
---|
496 | if (*activep && *intptr == -1) |
---|
497 | *intptr = value; |
---|
498 | break; |
---|
499 | |
---|
500 | case oConnectionAttempts: |
---|
501 | intptr = &options->connection_attempts; |
---|
502 | goto parse_int; |
---|
503 | |
---|
504 | case oNumberOfPasswordPrompts: |
---|
505 | intptr = &options->number_of_password_prompts; |
---|
506 | goto parse_int; |
---|
507 | |
---|
508 | case oPasswordPromptLogin: |
---|
509 | intptr = &options->password_prompt_login; |
---|
510 | goto parse_flag; |
---|
511 | |
---|
512 | case oPasswordPromptHost: |
---|
513 | intptr = &options->password_prompt_host; |
---|
514 | goto parse_flag; |
---|
515 | |
---|
516 | case oCipher: |
---|
517 | intptr = &options->cipher; |
---|
518 | cp = strtok(NULL, WHITESPACE); |
---|
519 | value = cipher_number(cp); |
---|
520 | if (value == -1) |
---|
521 | fatal("%.200s line %d: Bad cipher.", filename, linenum); |
---|
522 | if (*activep && *intptr == -1) |
---|
523 | *intptr = value; |
---|
524 | break; |
---|
525 | |
---|
526 | case oClearAllForwardings: |
---|
527 | intptr = &options->clear_all_forwardings; |
---|
528 | goto parse_flag; |
---|
529 | |
---|
530 | case oRemoteForward: |
---|
531 | cp = strtok(NULL, WHITESPACE); |
---|
532 | if (!cp) |
---|
533 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
534 | if (cp[0] < '0' || cp[0] > '9') |
---|
535 | fatal("%.200s line %d: Badly formatted port number.", |
---|
536 | filename, linenum); |
---|
537 | fwd_port = atoi(cp); |
---|
538 | cp = strtok(NULL, WHITESPACE); |
---|
539 | if (!cp) |
---|
540 | fatal("%.200s line %d: Missing second argument.", |
---|
541 | filename, linenum); |
---|
542 | if (sscanf(cp, "%255[^:]:%d", buf, &fwd_host_port) != 2) |
---|
543 | fatal("%.200s line %d: Badly formatted host:port.", |
---|
544 | filename, linenum); |
---|
545 | if (*activep) |
---|
546 | add_remote_forward(options, fwd_port, buf, fwd_host_port); |
---|
547 | break; |
---|
548 | |
---|
549 | case oLocalForward: |
---|
550 | cp = strtok(NULL, WHITESPACE); |
---|
551 | if (!cp) |
---|
552 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
553 | if (cp[0] < '0' || cp[0] > '9') |
---|
554 | fatal("%.200s line %d: Badly formatted port number.", |
---|
555 | filename, linenum); |
---|
556 | fwd_port = atoi(cp); |
---|
557 | cp = strtok(NULL, WHITESPACE); |
---|
558 | if (!cp) |
---|
559 | fatal("%.200s line %d: Missing second argument.", |
---|
560 | filename, linenum); |
---|
561 | if (sscanf(cp, "%255[^:]:%d", buf, &fwd_host_port) != 2) |
---|
562 | fatal("%.200s line %d: Badly formatted host:port.", |
---|
563 | filename, linenum); |
---|
564 | if (*activep) |
---|
565 | add_local_forward(options, fwd_port, buf, fwd_host_port); |
---|
566 | break; |
---|
567 | |
---|
568 | case oHost: |
---|
569 | *activep = 0; |
---|
570 | while ((cp = strtok(NULL, WHITESPACE)) != NULL) |
---|
571 | if (match_pattern(host, cp)) |
---|
572 | { |
---|
573 | debug("Applying options for %.100s", cp); |
---|
574 | *activep = 1; |
---|
575 | break; |
---|
576 | } |
---|
577 | /* Avoid garbage check below, as strtok already returned NULL. */ |
---|
578 | return; |
---|
579 | |
---|
580 | case oEscapeChar: |
---|
581 | intptr = &options->escape_char; |
---|
582 | cp = strtok(NULL, WHITESPACE); |
---|
583 | if (!cp) |
---|
584 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
---|
585 | if (cp[0] == '^' && cp[2] == 0 && |
---|
586 | (unsigned char)cp[1] >= 64 && (unsigned char)cp[1] < 128) |
---|
587 | value = (unsigned char)cp[1] & 31; |
---|
588 | else |
---|
589 | if (strlen(cp) == 1) |
---|
590 | value = (unsigned char)cp[0]; |
---|
591 | else |
---|
592 | if (strcmp(cp, "none") == 0) |
---|
593 | value = -2; |
---|
594 | else |
---|
595 | { |
---|
596 | fatal("%.200s line %d: Bad escape character.", |
---|
597 | filename, linenum); |
---|
598 | /*NOTREACHED*/ |
---|
599 | value = 0; /* Avoid compiler warning. */ |
---|
600 | } |
---|
601 | if (*activep && *intptr == -1) |
---|
602 | *intptr = value; |
---|
603 | break; |
---|
604 | |
---|
605 | case oXauthPath: |
---|
606 | charptr = &options->xauth_path; |
---|
607 | parse_pathname: |
---|
608 | cp = strtok(NULL, WHITESPACE); |
---|
609 | if (!cp) |
---|
610 | { |
---|
611 | fprintf(stderr, "%s line %d: missing file name.\n", |
---|
612 | filename, linenum); |
---|
613 | exit(1); |
---|
614 | } |
---|
615 | if (*charptr == NULL) |
---|
616 | *charptr = tilde_expand_filename(cp, getuid()); |
---|
617 | break; |
---|
618 | |
---|
619 | case oGatewayPorts: |
---|
620 | intptr = &options->gateway_ports; |
---|
621 | goto parse_flag; |
---|
622 | |
---|
623 | default: |
---|
624 | fatal("parse_config_file: Unimplemented opcode %d", opcode); |
---|
625 | } |
---|
626 | |
---|
627 | /* Check that there is no garbage at end of line. */ |
---|
628 | if (strtok(NULL, WHITESPACE) != NULL) |
---|
629 | fatal("%.200s line %d: garbage at end of line.", |
---|
630 | filename, linenum); |
---|
631 | } |
---|
632 | |
---|
633 | |
---|
634 | /* Reads the config file and modifies the options accordingly. Options should |
---|
635 | already be initialized before this call. This never returns if there |
---|
636 | is an error. If the file does not exist, this returns immediately. |
---|
637 | All I/O will be done with the given uid using userfile. */ |
---|
638 | |
---|
639 | void read_config_file(uid_t uid, const char *filename, const char *host, |
---|
640 | Options *options) |
---|
641 | { |
---|
642 | UserFile uf; |
---|
643 | char line[1024]; |
---|
644 | int active, linenum; |
---|
645 | |
---|
646 | /* Open the file. */ |
---|
647 | uf = userfile_open(uid, filename, O_RDONLY, 0); |
---|
648 | if (uf == NULL) |
---|
649 | return; |
---|
650 | |
---|
651 | debug("Reading configuration data %.200s", filename); |
---|
652 | |
---|
653 | /* Mark that we are now processing the options. This flag is turned on/off |
---|
654 | by Host specifications. */ |
---|
655 | active = 1; |
---|
656 | linenum = 0; |
---|
657 | while (userfile_gets(line, sizeof(line), uf)) |
---|
658 | { |
---|
659 | /* Update line number counter. */ |
---|
660 | linenum++; |
---|
661 | |
---|
662 | process_config_line(options, host, line, filename, linenum, &active); |
---|
663 | } |
---|
664 | userfile_close(uf); |
---|
665 | } |
---|
666 | |
---|
667 | /* Initializes options to special values that indicate that they have not |
---|
668 | yet been set. Read_config_file will only set options with this value. |
---|
669 | Options are processed in the following order: command line, user config |
---|
670 | file, system config file. Last, fill_default_options is called. */ |
---|
671 | |
---|
672 | void initialize_options(Options *options) |
---|
673 | { |
---|
674 | memset(options, 'X', sizeof(*options)); |
---|
675 | options->forward_agent = -1; |
---|
676 | options->forward_x11 = -1; |
---|
677 | options->rhosts_authentication = -1; |
---|
678 | options->rsa_authentication = -1; |
---|
679 | options->kerberos_authentication = -1; |
---|
680 | options->kerberos_tgt_passing = -1; |
---|
681 | options->tis_authentication = -1; |
---|
682 | options->password_authentication = -1; |
---|
683 | options->rhosts_rsa_authentication = -1; |
---|
684 | options->fallback_to_rsh = -1; |
---|
685 | options->use_rsh = -1; |
---|
686 | options->batch_mode = -1; |
---|
687 | options->strict_host_key_checking = -1; |
---|
688 | options->compression = -1; |
---|
689 | options->keepalives = -1; |
---|
690 | options->compression_level = -1; |
---|
691 | options->port = -1; |
---|
692 | options->connection_attempts = -1; |
---|
693 | options->number_of_password_prompts = -1; |
---|
694 | options->password_prompt_login = -1; |
---|
695 | options->password_prompt_host = -1; |
---|
696 | options->cipher = -1; |
---|
697 | options->num_identity_files = 0; |
---|
698 | options->hostname = NULL; |
---|
699 | options->proxy_command = NULL; |
---|
700 | options->user = NULL; |
---|
701 | options->escape_char = -1; |
---|
702 | options->system_hostfile = NULL; |
---|
703 | options->user_hostfile = NULL; |
---|
704 | options->clear_all_forwardings = -1; |
---|
705 | options->num_local_forwards = 0; |
---|
706 | options->num_remote_forwards = 0; |
---|
707 | options->use_privileged_port = -1; |
---|
708 | options->no_user_given = 0; |
---|
709 | options->xauth_path = NULL; |
---|
710 | options->gateway_ports = -1; |
---|
711 | } |
---|
712 | |
---|
713 | /* Called after processing other sources of option data, this fills those |
---|
714 | options for which no value has been specified with their default values. */ |
---|
715 | |
---|
716 | void fill_default_options(Options *options) |
---|
717 | { |
---|
718 | if (options->forward_agent == -1) |
---|
719 | options->forward_agent = 1; |
---|
720 | if (options->forward_x11 == -1) |
---|
721 | options->forward_x11 = 1; |
---|
722 | if (options->rhosts_authentication == -1) |
---|
723 | options->rhosts_authentication = 1; |
---|
724 | if (options->rsa_authentication == -1) |
---|
725 | options->rsa_authentication = 1; |
---|
726 | if (options->kerberos_authentication == -1) |
---|
727 | #if defined(KERBEROS) && defined(KRB5) |
---|
728 | options->kerberos_authentication = 1; |
---|
729 | #else /* defined(KERBEROS) && defined(KRB5) */ |
---|
730 | options->kerberos_authentication = 0; |
---|
731 | #endif /* defined(KERBEROS) && defined(KRB5) */ |
---|
732 | if (options->kerberos_tgt_passing == -1) |
---|
733 | #if defined(KERBEROS_TGT_PASSING) && defined(KRB5) |
---|
734 | options->kerberos_tgt_passing = 1; |
---|
735 | #else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ |
---|
736 | options->kerberos_tgt_passing = 0; |
---|
737 | #endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ |
---|
738 | if (options->tis_authentication == -1) |
---|
739 | options->tis_authentication = 0; |
---|
740 | if (options->password_authentication == -1) |
---|
741 | options->password_authentication = 1; |
---|
742 | if (options->rhosts_rsa_authentication == -1) |
---|
743 | options->rhosts_rsa_authentication = 1; |
---|
744 | if (options->fallback_to_rsh == -1) |
---|
745 | options->fallback_to_rsh = 1; |
---|
746 | if (options->use_rsh == -1) |
---|
747 | options->use_rsh = 0; |
---|
748 | if (options->batch_mode == -1) |
---|
749 | options->batch_mode = 0; |
---|
750 | if (options->strict_host_key_checking == -1) |
---|
751 | options->strict_host_key_checking = 2; |
---|
752 | if (options->use_privileged_port == -1) |
---|
753 | options->use_privileged_port = 1; |
---|
754 | if (options->compression == -1) |
---|
755 | options->compression = 0; |
---|
756 | if (options->keepalives == -1) |
---|
757 | options->keepalives = 1; |
---|
758 | if (options->compression_level == -1) |
---|
759 | options->compression_level = 6; |
---|
760 | if (options->port == -1) |
---|
761 | options->port = 0; /* Filled in ssh_connect. */ |
---|
762 | if (options->connection_attempts == -1) |
---|
763 | options->connection_attempts = 4; |
---|
764 | if (options->number_of_password_prompts == -1) |
---|
765 | options->number_of_password_prompts = 1; |
---|
766 | if (options->password_prompt_login == -1) |
---|
767 | options->password_prompt_login = 1; |
---|
768 | if (options->password_prompt_host == -1) |
---|
769 | options->password_prompt_host = 1; |
---|
770 | if (options->cipher == -1) |
---|
771 | options->cipher = SSH_CIPHER_NOT_SET; /* Selected in ssh_login(). */ |
---|
772 | if (options->clear_all_forwardings == 1) |
---|
773 | { |
---|
774 | options->num_local_forwards = 0; |
---|
775 | options->num_remote_forwards = 0; |
---|
776 | } |
---|
777 | |
---|
778 | if (options->num_identity_files == 0) |
---|
779 | { |
---|
780 | options->identity_files[0] = |
---|
781 | xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); |
---|
782 | sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY); |
---|
783 | options->num_identity_files = 1; |
---|
784 | } |
---|
785 | if (options->escape_char == -1) |
---|
786 | options->escape_char = '~'; |
---|
787 | if (options->system_hostfile == NULL) |
---|
788 | options->system_hostfile = SSH_SYSTEM_HOSTFILE; |
---|
789 | if (options->user_hostfile == NULL) |
---|
790 | options->user_hostfile = SSH_USER_HOSTFILE; |
---|
791 | /* options->proxy_command should not be set by default */ |
---|
792 | /* options->user will be set in the main program if appropriate */ |
---|
793 | /* options->hostname will be set in the main program if appropriate */ |
---|
794 | #ifdef XAUTH_PATH |
---|
795 | if (options->xauth_path == NULL) |
---|
796 | options->xauth_path = XAUTH_PATH; |
---|
797 | #else /* !XAUTH_PATH */ |
---|
798 | if (options->xauth_path == NULL) |
---|
799 | options->xauth_path = "xauth"; |
---|
800 | #endif /* !XAUTH_PATH */ |
---|
801 | if (options->gateway_ports == -1) |
---|
802 | options->gateway_ports = 0; |
---|
803 | } |
---|
804 | |
---|