File: | src/usr.bin/ssh/ssh-keysign/../readconf.c |
Warning: | line 1580, column 4 Value stored to 'p' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: readconf.c,v 1.364 2021/12/19 22:14:47 djm Exp $ */ |
2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved |
6 | * Functions for reading the configuration files. |
7 | * |
8 | * As far as I am concerned, the code I have written for this software |
9 | * can be used freely for any purpose. Any derived versions of this |
10 | * software must be clearly marked as such, and if the derived work is |
11 | * incompatible with the protocol description in the RFC file, it must be |
12 | * called by a name other than "ssh" or "Secure Shell". |
13 | */ |
14 | |
15 | #include <sys/types.h> |
16 | #include <sys/stat.h> |
17 | #include <sys/socket.h> |
18 | #include <sys/wait.h> |
19 | #include <sys/un.h> |
20 | |
21 | #include <netinet/in.h> |
22 | #include <netinet/ip.h> |
23 | |
24 | #include <ctype.h> |
25 | #include <errno(*__errno()).h> |
26 | #include <fcntl.h> |
27 | #include <glob.h> |
28 | #include <netdb.h> |
29 | #include <paths.h> |
30 | #include <pwd.h> |
31 | #include <signal.h> |
32 | #include <stdio.h> |
33 | #include <string.h> |
34 | #include <stdarg.h> |
35 | #include <unistd.h> |
36 | #include <limits.h> |
37 | #include <util.h> |
38 | #include <vis.h> |
39 | |
40 | #include "xmalloc.h" |
41 | #include "ssh.h" |
42 | #include "ssherr.h" |
43 | #include "compat.h" |
44 | #include "cipher.h" |
45 | #include "pathnames.h" |
46 | #include "log.h" |
47 | #include "sshkey.h" |
48 | #include "misc.h" |
49 | #include "readconf.h" |
50 | #include "match.h" |
51 | #include "kex.h" |
52 | #include "mac.h" |
53 | #include "uidswap.h" |
54 | #include "myproposal.h" |
55 | #include "digest.h" |
56 | |
57 | /* Format of the configuration file: |
58 | |
59 | # Configuration data is parsed as follows: |
60 | # 1. command line options |
61 | # 2. user-specific file |
62 | # 3. system-wide file |
63 | # Any configuration value is only changed the first time it is set. |
64 | # Thus, host-specific definitions should be at the beginning of the |
65 | # configuration file, and defaults at the end. |
66 | |
67 | # Host-specific declarations. These may override anything above. A single |
68 | # host may match multiple declarations; these are processed in the order |
69 | # that they are given in. |
70 | |
71 | Host *.ngs.fi ngs.fi |
72 | User foo |
73 | |
74 | Host fake.com |
75 | Hostname another.host.name.real.org |
76 | User blaah |
77 | Port 34289 |
78 | ForwardX11 no |
79 | ForwardAgent no |
80 | |
81 | Host books.com |
82 | RemoteForward 9999 shadows.cs.hut.fi:9999 |
83 | Ciphers 3des-cbc |
84 | |
85 | Host fascist.blob.com |
86 | Port 23123 |
87 | User tylonen |
88 | PasswordAuthentication no |
89 | |
90 | Host puukko.hut.fi |
91 | User t35124p |
92 | ProxyCommand ssh-proxy %h %p |
93 | |
94 | Host *.fr |
95 | PublicKeyAuthentication no |
96 | |
97 | Host *.su |
98 | Ciphers aes128-ctr |
99 | PasswordAuthentication no |
100 | |
101 | Host vpn.fake.com |
102 | Tunnel yes |
103 | TunnelDevice 3 |
104 | |
105 | # Defaults for various options |
106 | Host * |
107 | ForwardAgent no |
108 | ForwardX11 no |
109 | PasswordAuthentication yes |
110 | StrictHostKeyChecking yes |
111 | TcpKeepAlive no |
112 | IdentityFile ~/.ssh/identity |
113 | Port 22 |
114 | EscapeChar ~ |
115 | |
116 | */ |
117 | |
118 | static int read_config_file_depth(const char *filename, struct passwd *pw, |
119 | const char *host, const char *original_host, Options *options, |
120 | int flags, int *activep, int *want_final_pass, int depth); |
121 | static int process_config_line_depth(Options *options, struct passwd *pw, |
122 | const char *host, const char *original_host, char *line, |
123 | const char *filename, int linenum, int *activep, int flags, |
124 | int *want_final_pass, int depth); |
125 | |
126 | /* Keyword tokens. */ |
127 | |
128 | typedef enum { |
129 | oBadOption, |
130 | oHost, oMatch, oInclude, |
131 | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, |
132 | oGatewayPorts, oExitOnForwardFailure, |
133 | oPasswordAuthentication, |
134 | oXAuthLocation, |
135 | oIdentityFile, oHostname, oPort, oRemoteForward, oLocalForward, |
136 | oPermitRemoteOpen, |
137 | oCertificateFile, oAddKeysToAgent, oIdentityAgent, |
138 | oUser, oEscapeChar, oProxyCommand, |
139 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
140 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
141 | oTCPKeepAlive, oNumberOfPasswordPrompts, |
142 | oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, |
143 | oPubkeyAuthentication, |
144 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
145 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
146 | oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, |
147 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
148 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
149 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
150 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
151 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
152 | oHashKnownHosts, |
153 | oTunnel, oTunnelDevice, |
154 | oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
155 | oVisualHostKey, |
156 | oKexAlgorithms, oIPQoS, oRequestTTY, oSessionType, oStdinNull, |
157 | oForkAfterAuthentication, oIgnoreUnknown, oProxyUseFdpass, |
158 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
159 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
160 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
161 | oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, |
162 | oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, |
163 | oSecurityKeyProvider, oKnownHostsCommand, |
164 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
165 | } OpCodes; |
166 | |
167 | /* Textual representations of the tokens. */ |
168 | |
169 | static struct { |
170 | const char *name; |
171 | OpCodes opcode; |
172 | } keywords[] = { |
173 | /* Deprecated options */ |
174 | { "protocol", oIgnore }, /* NB. silently ignored */ |
175 | { "cipher", oDeprecated }, |
176 | { "fallbacktorsh", oDeprecated }, |
177 | { "globalknownhostsfile2", oDeprecated }, |
178 | { "rhostsauthentication", oDeprecated }, |
179 | { "userknownhostsfile2", oDeprecated }, |
180 | { "useroaming", oDeprecated }, |
181 | { "usersh", oDeprecated }, |
182 | { "useprivilegedport", oDeprecated }, |
183 | |
184 | /* Unsupported options */ |
185 | { "afstokenpassing", oUnsupported }, |
186 | { "kerberosauthentication", oUnsupported }, |
187 | { "kerberostgtpassing", oUnsupported }, |
188 | { "rsaauthentication", oUnsupported }, |
189 | { "rhostsrsaauthentication", oUnsupported }, |
190 | { "compressionlevel", oUnsupported }, |
191 | |
192 | /* Sometimes-unsupported options */ |
193 | #if defined(GSSAPI) |
194 | { "gssapiauthentication", oGssAuthentication }, |
195 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
196 | # else |
197 | { "gssapiauthentication", oUnsupported }, |
198 | { "gssapidelegatecredentials", oUnsupported }, |
199 | #endif |
200 | #ifdef ENABLE_PKCS111 |
201 | { "pkcs11provider", oPKCS11Provider }, |
202 | { "smartcarddevice", oPKCS11Provider }, |
203 | # else |
204 | { "smartcarddevice", oUnsupported }, |
205 | { "pkcs11provider", oUnsupported }, |
206 | #endif |
207 | |
208 | { "forwardagent", oForwardAgent }, |
209 | { "forwardx11", oForwardX11 }, |
210 | { "forwardx11trusted", oForwardX11Trusted }, |
211 | { "forwardx11timeout", oForwardX11Timeout }, |
212 | { "exitonforwardfailure", oExitOnForwardFailure }, |
213 | { "xauthlocation", oXAuthLocation }, |
214 | { "gatewayports", oGatewayPorts }, |
215 | { "passwordauthentication", oPasswordAuthentication }, |
216 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
217 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
218 | { "challengeresponseauthentication", oKbdInteractiveAuthentication }, /* alias */ |
219 | { "skeyauthentication", oKbdInteractiveAuthentication }, /* alias */ |
220 | { "tisauthentication", oKbdInteractiveAuthentication }, /* alias */ |
221 | { "pubkeyauthentication", oPubkeyAuthentication }, |
222 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
223 | { "hostbasedauthentication", oHostbasedAuthentication }, |
224 | { "identityfile", oIdentityFile }, |
225 | { "identityfile2", oIdentityFile }, /* obsolete */ |
226 | { "identitiesonly", oIdentitiesOnly }, |
227 | { "certificatefile", oCertificateFile }, |
228 | { "addkeystoagent", oAddKeysToAgent }, |
229 | { "identityagent", oIdentityAgent }, |
230 | { "hostname", oHostname }, |
231 | { "hostkeyalias", oHostKeyAlias }, |
232 | { "proxycommand", oProxyCommand }, |
233 | { "port", oPort }, |
234 | { "ciphers", oCiphers }, |
235 | { "macs", oMacs }, |
236 | { "remoteforward", oRemoteForward }, |
237 | { "localforward", oLocalForward }, |
238 | { "permitremoteopen", oPermitRemoteOpen }, |
239 | { "user", oUser }, |
240 | { "host", oHost }, |
241 | { "match", oMatch }, |
242 | { "escapechar", oEscapeChar }, |
243 | { "globalknownhostsfile", oGlobalKnownHostsFile }, |
244 | { "userknownhostsfile", oUserKnownHostsFile }, |
245 | { "connectionattempts", oConnectionAttempts }, |
246 | { "batchmode", oBatchMode }, |
247 | { "checkhostip", oCheckHostIP }, |
248 | { "stricthostkeychecking", oStrictHostKeyChecking }, |
249 | { "compression", oCompression }, |
250 | { "tcpkeepalive", oTCPKeepAlive }, |
251 | { "keepalive", oTCPKeepAlive }, /* obsolete */ |
252 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
253 | { "syslogfacility", oLogFacility }, |
254 | { "loglevel", oLogLevel }, |
255 | { "logverbose", oLogVerbose }, |
256 | { "dynamicforward", oDynamicForward }, |
257 | { "preferredauthentications", oPreferredAuthentications }, |
258 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
259 | { "casignaturealgorithms", oCASignatureAlgorithms }, |
260 | { "bindaddress", oBindAddress }, |
261 | { "bindinterface", oBindInterface }, |
262 | { "clearallforwardings", oClearAllForwardings }, |
263 | { "enablesshkeysign", oEnableSSHKeysign }, |
264 | { "verifyhostkeydns", oVerifyHostKeyDNS }, |
265 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
266 | { "rekeylimit", oRekeyLimit }, |
267 | { "connecttimeout", oConnectTimeout }, |
268 | { "addressfamily", oAddressFamily }, |
269 | { "serveraliveinterval", oServerAliveInterval }, |
270 | { "serveralivecountmax", oServerAliveCountMax }, |
271 | { "sendenv", oSendEnv }, |
272 | { "setenv", oSetEnv }, |
273 | { "controlpath", oControlPath }, |
274 | { "controlmaster", oControlMaster }, |
275 | { "controlpersist", oControlPersist }, |
276 | { "hashknownhosts", oHashKnownHosts }, |
277 | { "include", oInclude }, |
278 | { "tunnel", oTunnel }, |
279 | { "tunneldevice", oTunnelDevice }, |
280 | { "localcommand", oLocalCommand }, |
281 | { "permitlocalcommand", oPermitLocalCommand }, |
282 | { "remotecommand", oRemoteCommand }, |
283 | { "visualhostkey", oVisualHostKey }, |
284 | { "kexalgorithms", oKexAlgorithms }, |
285 | { "ipqos", oIPQoS }, |
286 | { "requesttty", oRequestTTY }, |
287 | { "sessiontype", oSessionType }, |
288 | { "stdinnull", oStdinNull }, |
289 | { "forkafterauthentication", oForkAfterAuthentication }, |
290 | { "proxyusefdpass", oProxyUseFdpass }, |
291 | { "canonicaldomains", oCanonicalDomains }, |
292 | { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal }, |
293 | { "canonicalizehostname", oCanonicalizeHostname }, |
294 | { "canonicalizemaxdots", oCanonicalizeMaxDots }, |
295 | { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, |
296 | { "streamlocalbindmask", oStreamLocalBindMask }, |
297 | { "streamlocalbindunlink", oStreamLocalBindUnlink }, |
298 | { "revokedhostkeys", oRevokedHostKeys }, |
299 | { "fingerprinthash", oFingerprintHash }, |
300 | { "updatehostkeys", oUpdateHostkeys }, |
301 | { "hostbasedacceptedalgorithms", oHostbasedAcceptedAlgorithms }, |
302 | { "hostbasedkeytypes", oHostbasedAcceptedAlgorithms }, /* obsolete */ |
303 | { "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms }, |
304 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */ |
305 | { "ignoreunknown", oIgnoreUnknown }, |
306 | { "proxyjump", oProxyJump }, |
307 | { "securitykeyprovider", oSecurityKeyProvider }, |
308 | { "knownhostscommand", oKnownHostsCommand }, |
309 | |
310 | { NULL((void *)0), oBadOption } |
311 | }; |
312 | |
313 | static const char *lookup_opcode_name(OpCodes code); |
314 | |
315 | const char * |
316 | kex_default_pk_alg(void) |
317 | { |
318 | static char *pkalgs; |
319 | |
320 | if (pkalgs == NULL((void *)0)) { |
321 | char *all_key; |
322 | |
323 | all_key = sshkey_alg_list(0, 0, 1, ','); |
324 | pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG"ssh-ed25519-cert-v01@openssh.com," "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "sk-ssh-ed25519-cert-v01@openssh.com," "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_key); |
325 | free(all_key); |
326 | } |
327 | return pkalgs; |
328 | } |
329 | |
330 | char * |
331 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, |
332 | const char *user) |
333 | { |
334 | struct ssh_digest_ctx *md; |
335 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH64]; |
336 | |
337 | if ((md = ssh_digest_start(SSH_DIGEST_SHA11)) == NULL((void *)0) || |
338 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || |
339 | ssh_digest_update(md, host, strlen(host)) < 0 || |
340 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || |
341 | ssh_digest_update(md, user, strlen(user)) < 0 || |
342 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) |
343 | fatal_f("mux digest failed")sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 343, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "mux digest failed" ); |
344 | ssh_digest_free(md); |
345 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA11)); |
346 | } |
347 | |
348 | /* |
349 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
350 | * error. |
351 | */ |
352 | |
353 | void |
354 | add_local_forward(Options *options, const struct Forward *newfwd) |
355 | { |
356 | struct Forward *fwd; |
357 | int i; |
358 | |
359 | /* Don't add duplicates */ |
360 | for (i = 0; i < options->num_local_forwards; i++) { |
361 | if (forward_equals(newfwd, options->local_forwards + i)) |
362 | return; |
363 | } |
364 | options->local_forwards = xreallocarray(options->local_forwards, |
365 | options->num_local_forwards + 1, |
366 | sizeof(*options->local_forwards)); |
367 | fwd = &options->local_forwards[options->num_local_forwards++]; |
368 | |
369 | fwd->listen_host = newfwd->listen_host; |
370 | fwd->listen_port = newfwd->listen_port; |
371 | fwd->listen_path = newfwd->listen_path; |
372 | fwd->connect_host = newfwd->connect_host; |
373 | fwd->connect_port = newfwd->connect_port; |
374 | fwd->connect_path = newfwd->connect_path; |
375 | } |
376 | |
377 | /* |
378 | * Adds a remote TCP/IP port forward to options. Never returns if there is |
379 | * an error. |
380 | */ |
381 | |
382 | void |
383 | add_remote_forward(Options *options, const struct Forward *newfwd) |
384 | { |
385 | struct Forward *fwd; |
386 | int i; |
387 | |
388 | /* Don't add duplicates */ |
389 | for (i = 0; i < options->num_remote_forwards; i++) { |
390 | if (forward_equals(newfwd, options->remote_forwards + i)) |
391 | return; |
392 | } |
393 | options->remote_forwards = xreallocarray(options->remote_forwards, |
394 | options->num_remote_forwards + 1, |
395 | sizeof(*options->remote_forwards)); |
396 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
397 | |
398 | fwd->listen_host = newfwd->listen_host; |
399 | fwd->listen_port = newfwd->listen_port; |
400 | fwd->listen_path = newfwd->listen_path; |
401 | fwd->connect_host = newfwd->connect_host; |
402 | fwd->connect_port = newfwd->connect_port; |
403 | fwd->connect_path = newfwd->connect_path; |
404 | fwd->handle = newfwd->handle; |
405 | fwd->allocated_port = 0; |
406 | } |
407 | |
408 | static void |
409 | clear_forwardings(Options *options) |
410 | { |
411 | int i; |
412 | |
413 | for (i = 0; i < options->num_local_forwards; i++) { |
414 | free(options->local_forwards[i].listen_host); |
415 | free(options->local_forwards[i].listen_path); |
416 | free(options->local_forwards[i].connect_host); |
417 | free(options->local_forwards[i].connect_path); |
418 | } |
419 | if (options->num_local_forwards > 0) { |
420 | free(options->local_forwards); |
421 | options->local_forwards = NULL((void *)0); |
422 | } |
423 | options->num_local_forwards = 0; |
424 | for (i = 0; i < options->num_remote_forwards; i++) { |
425 | free(options->remote_forwards[i].listen_host); |
426 | free(options->remote_forwards[i].listen_path); |
427 | free(options->remote_forwards[i].connect_host); |
428 | free(options->remote_forwards[i].connect_path); |
429 | } |
430 | if (options->num_remote_forwards > 0) { |
431 | free(options->remote_forwards); |
432 | options->remote_forwards = NULL((void *)0); |
433 | } |
434 | options->num_remote_forwards = 0; |
435 | options->tun_open = SSH_TUNMODE_NO0x00; |
436 | } |
437 | |
438 | void |
439 | add_certificate_file(Options *options, const char *path, int userprovided) |
440 | { |
441 | int i; |
442 | |
443 | if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES100) |
444 | fatal("Too many certificate files specified (max %d)",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 445, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many certificate files specified (max %d)" , 100) |
445 | SSH_MAX_CERTIFICATE_FILES)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 445, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many certificate files specified (max %d)" , 100); |
446 | |
447 | /* Avoid registering duplicates */ |
448 | for (i = 0; i < options->num_certificate_files; i++) { |
449 | if (options->certificate_file_userprovided[i] == userprovided && |
450 | strcmp(options->certificate_files[i], path) == 0) { |
451 | debug2_f("ignoring duplicate key %s", path)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 451, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "ignoring duplicate key %s" , path); |
452 | return; |
453 | } |
454 | } |
455 | |
456 | options->certificate_file_userprovided[options->num_certificate_files] = |
457 | userprovided; |
458 | options->certificate_files[options->num_certificate_files++] = |
459 | xstrdup(path); |
460 | } |
461 | |
462 | void |
463 | add_identity_file(Options *options, const char *dir, const char *filename, |
464 | int userprovided) |
465 | { |
466 | char *path; |
467 | int i; |
468 | |
469 | if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES100) |
470 | fatal("Too many identity files specified (max %d)",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 471, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many identity files specified (max %d)" , 100) |
471 | SSH_MAX_IDENTITY_FILES)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 471, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many identity files specified (max %d)" , 100); |
472 | |
473 | if (dir == NULL((void *)0)) /* no dir, filename is absolute */ |
474 | path = xstrdup(filename); |
475 | else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX1024) |
476 | fatal("Identity file path %s too long", path)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 476, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Identity file path %s too long" , path); |
477 | |
478 | /* Avoid registering duplicates */ |
479 | for (i = 0; i < options->num_identity_files; i++) { |
480 | if (options->identity_file_userprovided[i] == userprovided && |
481 | strcmp(options->identity_files[i], path) == 0) { |
482 | debug2_f("ignoring duplicate key %s", path)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 482, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "ignoring duplicate key %s" , path); |
483 | free(path); |
484 | return; |
485 | } |
486 | } |
487 | |
488 | options->identity_file_userprovided[options->num_identity_files] = |
489 | userprovided; |
490 | options->identity_files[options->num_identity_files++] = path; |
491 | } |
492 | |
493 | int |
494 | default_ssh_port(void) |
495 | { |
496 | static int port; |
497 | struct servent *sp; |
498 | |
499 | if (port == 0) { |
500 | sp = getservbyname(SSH_SERVICE_NAME"ssh", "tcp"); |
501 | port = sp ? ntohs(sp->s_port)(__uint16_t)(__builtin_constant_p(sp->s_port) ? (__uint16_t )(((__uint16_t)(sp->s_port) & 0xffU) << 8 | ((__uint16_t )(sp->s_port) & 0xff00U) >> 8) : __swap16md(sp-> s_port)) : SSH_DEFAULT_PORT22; |
502 | } |
503 | return port; |
504 | } |
505 | |
506 | /* |
507 | * Execute a command in a shell. |
508 | * Return its exit status or -1 on abnormal exit. |
509 | */ |
510 | static int |
511 | execute_in_shell(const char *cmd) |
512 | { |
513 | char *shell; |
514 | pid_t pid; |
515 | int status; |
516 | |
517 | if ((shell = getenv("SHELL")) == NULL((void *)0)) |
518 | shell = _PATH_BSHELL"/bin/sh"; |
519 | |
520 | if (access(shell, X_OK0x01) == -1) { |
521 | fatal("Shell \"%s\" is not executable: %s",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 522, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Shell \"%s\" is not executable: %s" , shell, strerror((*__errno()))) |
522 | shell, strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 522, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Shell \"%s\" is not executable: %s" , shell, strerror((*__errno()))); |
523 | } |
524 | |
525 | debug("Executing command: '%.500s'", cmd)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 525, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing command: '%.500s'" , cmd); |
526 | |
527 | /* Fork and execute the command. */ |
528 | if ((pid = fork()) == 0) { |
529 | char *argv[4]; |
530 | |
531 | if (stdfd_devnull(1, 1, 0) == -1) |
532 | fatal_f("stdfd_devnull failed")sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 532, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "stdfd_devnull failed" ); |
533 | closefrom(STDERR_FILENO2 + 1); |
534 | |
535 | argv[0] = shell; |
536 | argv[1] = "-c"; |
537 | argv[2] = xstrdup(cmd); |
538 | argv[3] = NULL((void *)0); |
539 | |
540 | execv(argv[0], argv); |
541 | error("Unable to execute '%.100s': %s", cmd, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 541, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to execute '%.100s': %s" , cmd, strerror((*__errno()))); |
542 | /* Die with signal to make this error apparent to parent. */ |
543 | ssh_signal(SIGTERM15, SIG_DFL(void (*)(int))0); |
544 | kill(getpid(), SIGTERM15); |
545 | _exit(1); |
546 | } |
547 | /* Parent. */ |
548 | if (pid == -1) |
549 | fatal_f("fork: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 549, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "fork: %.100s", strerror ((*__errno()))); |
550 | |
551 | while (waitpid(pid, &status, 0) == -1) { |
552 | if (errno(*__errno()) != EINTR4 && errno(*__errno()) != EAGAIN35) |
553 | fatal_f("waitpid: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 553, 1, SYSLOG_LEVEL_FATAL, ((void *)0), "waitpid: %s", strerror ((*__errno()))); |
554 | } |
555 | if (!WIFEXITED(status)(((status) & 0177) == 0)) { |
556 | error("command '%.100s' exited abnormally", cmd)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 556, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "command '%.100s' exited abnormally" , cmd); |
557 | return -1; |
558 | } |
559 | debug3("command returned status %d", WEXITSTATUS(status))sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 559, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "command returned status %d" , (int)(((unsigned)(status) >> 8) & 0xff)); |
560 | return WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff); |
561 | } |
562 | |
563 | /* |
564 | * Parse and execute a Match directive. |
565 | */ |
566 | static int |
567 | match_cfg_line(Options *options, char **condition, struct passwd *pw, |
568 | const char *host_arg, const char *original_host, int final_pass, |
569 | int *want_final_pass, const char *filename, int linenum) |
570 | { |
571 | char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria; |
572 | const char *ruser; |
573 | int r, port, this_result, result = 1, attributes = 0, negate; |
574 | char thishost[NI_MAXHOST256], shorthost[NI_MAXHOST256], portstr[NI_MAXSERV32]; |
575 | char uidstr[32]; |
576 | |
577 | /* |
578 | * Configuration is likely to be incomplete at this point so we |
579 | * must be prepared to use default values. |
580 | */ |
581 | port = options->port <= 0 ? default_ssh_port() : options->port; |
582 | ruser = options->user == NULL((void *)0) ? pw->pw_name : options->user; |
583 | if (final_pass) { |
584 | host = xstrdup(options->hostname); |
585 | } else if (options->hostname != NULL((void *)0)) { |
586 | /* NB. Please keep in sync with ssh.c:main() */ |
587 | host = percent_expand(options->hostname, |
588 | "h", host_arg, (char *)NULL((void *)0)); |
589 | } else { |
590 | host = xstrdup(host_arg); |
591 | } |
592 | |
593 | debug2("checking match for '%s' host %s originally %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 594, 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "checking match for '%s' host %s originally %s" , cp, host, original_host) |
594 | cp, host, original_host)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 594, 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "checking match for '%s' host %s originally %s" , cp, host, original_host); |
595 | while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') { |
596 | /* Terminate on comment */ |
597 | if (*attrib == '#') { |
598 | cp = NULL((void *)0); /* mark all arguments consumed */ |
599 | break; |
600 | } |
601 | arg = criteria = NULL((void *)0); |
602 | this_result = 1; |
603 | if ((negate = attrib[0] == '!')) |
604 | attrib++; |
605 | /* Criterion "all" has no argument and must appear alone */ |
606 | if (strcasecmp(attrib, "all") == 0) { |
607 | if (attributes > 1 || ((arg = strdelim(&cp)) != NULL((void *)0) && |
608 | *arg != '\0' && *arg != '#')) { |
609 | error("%.200s line %d: '%s' cannot be combined "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 611, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib) |
610 | "with other Match attributes",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 611, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib) |
611 | filename, linenum, oattrib)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 611, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib); |
612 | result = -1; |
613 | goto out; |
614 | } |
615 | if (arg != NULL((void *)0) && *arg == '#') |
616 | cp = NULL((void *)0); /* mark all arguments consumed */ |
617 | if (result) |
618 | result = negate ? 0 : 1; |
619 | goto out; |
620 | } |
621 | attributes++; |
622 | /* criteria "final" and "canonical" have no argument */ |
623 | if (strcasecmp(attrib, "canonical") == 0 || |
624 | strcasecmp(attrib, "final") == 0) { |
625 | /* |
626 | * If the config requests "Match final" then remember |
627 | * this so we can perform a second pass later. |
628 | */ |
629 | if (strcasecmp(attrib, "final") == 0 && |
630 | want_final_pass != NULL((void *)0)) |
631 | *want_final_pass = 1; |
632 | r = !!final_pass; /* force bitmask member to boolean */ |
633 | if (r == (negate ? 1 : 0)) |
634 | this_result = result = 0; |
635 | debug3("%.200s line %d: %smatched '%s'",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 637, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib) |
636 | filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 637, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib) |
637 | this_result ? "" : "not ", oattrib)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 637, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib); |
638 | continue; |
639 | } |
640 | /* All other criteria require an argument */ |
641 | if ((arg = strdelim(&cp)) == NULL((void *)0) || |
642 | *arg == '\0' || *arg == '#') { |
643 | error("Missing Match criteria for %s", attrib)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 643, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Missing Match criteria for %s" , attrib); |
644 | result = -1; |
645 | goto out; |
646 | } |
647 | if (strcasecmp(attrib, "host") == 0) { |
648 | criteria = xstrdup(host); |
649 | r = match_hostname(host, arg) == 1; |
650 | if (r == (negate ? 1 : 0)) |
651 | this_result = result = 0; |
652 | } else if (strcasecmp(attrib, "originalhost") == 0) { |
653 | criteria = xstrdup(original_host); |
654 | r = match_hostname(original_host, arg) == 1; |
655 | if (r == (negate ? 1 : 0)) |
656 | this_result = result = 0; |
657 | } else if (strcasecmp(attrib, "user") == 0) { |
658 | criteria = xstrdup(ruser); |
659 | r = match_pattern_list(ruser, arg, 0) == 1; |
660 | if (r == (negate ? 1 : 0)) |
661 | this_result = result = 0; |
662 | } else if (strcasecmp(attrib, "localuser") == 0) { |
663 | criteria = xstrdup(pw->pw_name); |
664 | r = match_pattern_list(pw->pw_name, arg, 0) == 1; |
665 | if (r == (negate ? 1 : 0)) |
666 | this_result = result = 0; |
667 | } else if (strcasecmp(attrib, "exec") == 0) { |
668 | char *conn_hash_hex, *keyalias; |
669 | |
670 | if (gethostname(thishost, sizeof(thishost)) == -1) |
671 | fatal("gethostname: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 671, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "gethostname: %s", strerror((*__errno()))); |
672 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
673 | shorthost[strcspn(thishost, ".")] = '\0'; |
674 | snprintf(portstr, sizeof(portstr), "%d", port); |
675 | snprintf(uidstr, sizeof(uidstr), "%llu", |
676 | (unsigned long long)pw->pw_uid); |
677 | conn_hash_hex = ssh_connection_hash(thishost, host, |
678 | portstr, ruser); |
679 | keyalias = options->host_key_alias ? |
680 | options->host_key_alias : host; |
681 | |
682 | cmd = percent_expand(arg, |
683 | "C", conn_hash_hex, |
684 | "L", shorthost, |
685 | "d", pw->pw_dir, |
686 | "h", host, |
687 | "k", keyalias, |
688 | "l", thishost, |
689 | "n", original_host, |
690 | "p", portstr, |
691 | "r", ruser, |
692 | "u", pw->pw_name, |
693 | "i", uidstr, |
694 | (char *)NULL((void *)0)); |
695 | free(conn_hash_hex); |
696 | if (result != 1) { |
697 | /* skip execution if prior predicate failed */ |
698 | debug3("%.200s line %d: skipped exec "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 699, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: skipped exec " "\"%.100s\"", filename, linenum, cmd) |
699 | "\"%.100s\"", filename, linenum, cmd)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 699, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: skipped exec " "\"%.100s\"", filename, linenum, cmd); |
700 | free(cmd); |
701 | continue; |
702 | } |
703 | r = execute_in_shell(cmd); |
704 | if (r == -1) { |
705 | fatal("%.200s line %d: match exec "sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 707, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd) |
706 | "'%.100s' error", filename,sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 707, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd) |
707 | linenum, cmd)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 707, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd); |
708 | } |
709 | criteria = xstrdup(cmd); |
710 | free(cmd); |
711 | /* Force exit status to boolean */ |
712 | r = r == 0; |
713 | if (r == (negate ? 1 : 0)) |
714 | this_result = result = 0; |
715 | } else { |
716 | error("Unsupported Match attribute %s", attrib)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 716, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unsupported Match attribute %s" , attrib); |
717 | result = -1; |
718 | goto out; |
719 | } |
720 | debug3("%.200s line %d: %smatched '%s \"%.100s\"' ",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 722, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s \"%.100s\"' " , filename, linenum, this_result ? "": "not ", oattrib, criteria ) |
721 | filename, linenum, this_result ? "": "not ",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 722, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s \"%.100s\"' " , filename, linenum, this_result ? "": "not ", oattrib, criteria ) |
722 | oattrib, criteria)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 722, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s \"%.100s\"' " , filename, linenum, this_result ? "": "not ", oattrib, criteria ); |
723 | free(criteria); |
724 | } |
725 | if (attributes == 0) { |
726 | error("One or more attributes required for Match")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 726, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "One or more attributes required for Match" ); |
727 | result = -1; |
728 | goto out; |
729 | } |
730 | out: |
731 | if (result != -1) |
732 | debug2("match %sfound", result ? "" : "not ")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 732, 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "match %sfound", result ? "" : "not "); |
733 | *condition = cp; |
734 | free(host); |
735 | return result; |
736 | } |
737 | |
738 | /* Remove environment variable by pattern */ |
739 | static void |
740 | rm_env(Options *options, const char *arg, const char *filename, int linenum) |
741 | { |
742 | int i, j, onum_send_env = options->num_send_env; |
743 | char *cp; |
744 | |
745 | /* Remove an environment variable */ |
746 | for (i = 0; i < options->num_send_env; ) { |
747 | cp = xstrdup(options->send_env[i]); |
748 | if (!match_pattern(cp, arg + 1)) { |
749 | free(cp); |
750 | i++; |
751 | continue; |
752 | } |
753 | debug3("%s line %d: removing environment %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 754, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s line %d: removing environment %s" , filename, linenum, cp) |
754 | filename, linenum, cp)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 754, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s line %d: removing environment %s" , filename, linenum, cp); |
755 | free(cp); |
756 | free(options->send_env[i]); |
757 | options->send_env[i] = NULL((void *)0); |
758 | for (j = i; j < options->num_send_env - 1; j++) { |
759 | options->send_env[j] = options->send_env[j + 1]; |
760 | options->send_env[j + 1] = NULL((void *)0); |
761 | } |
762 | options->num_send_env--; |
763 | /* NB. don't increment i */ |
764 | } |
765 | if (onum_send_env != options->num_send_env) { |
766 | options->send_env = xrecallocarray(options->send_env, |
767 | onum_send_env, options->num_send_env, |
768 | sizeof(*options->send_env)); |
769 | } |
770 | } |
771 | |
772 | /* |
773 | * Returns the number of the token pointed to by cp or oBadOption. |
774 | */ |
775 | static OpCodes |
776 | parse_token(const char *cp, const char *filename, int linenum, |
777 | const char *ignored_unknown) |
778 | { |
779 | int i; |
780 | |
781 | for (i = 0; keywords[i].name; i++) |
782 | if (strcmp(cp, keywords[i].name) == 0) |
783 | return keywords[i].opcode; |
784 | if (ignored_unknown != NULL((void *)0) && |
785 | match_pattern_list(cp, ignored_unknown, 1) == 1) |
786 | return oIgnoredUnknownOption; |
787 | error("%s: line %d: Bad configuration option: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 788, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s: line %d: Bad configuration option: %s" , filename, linenum, cp) |
788 | filename, linenum, cp)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 788, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s: line %d: Bad configuration option: %s" , filename, linenum, cp); |
789 | return oBadOption; |
790 | } |
791 | |
792 | /* Multistate option parsing */ |
793 | struct multistate { |
794 | char *key; |
795 | int value; |
796 | }; |
797 | static const struct multistate multistate_flag[] = { |
798 | { "true", 1 }, |
799 | { "false", 0 }, |
800 | { "yes", 1 }, |
801 | { "no", 0 }, |
802 | { NULL((void *)0), -1 } |
803 | }; |
804 | static const struct multistate multistate_yesnoask[] = { |
805 | { "true", 1 }, |
806 | { "false", 0 }, |
807 | { "yes", 1 }, |
808 | { "no", 0 }, |
809 | { "ask", 2 }, |
810 | { NULL((void *)0), -1 } |
811 | }; |
812 | static const struct multistate multistate_strict_hostkey[] = { |
813 | { "true", SSH_STRICT_HOSTKEY_YES2 }, |
814 | { "false", SSH_STRICT_HOSTKEY_OFF0 }, |
815 | { "yes", SSH_STRICT_HOSTKEY_YES2 }, |
816 | { "no", SSH_STRICT_HOSTKEY_OFF0 }, |
817 | { "ask", SSH_STRICT_HOSTKEY_ASK3 }, |
818 | { "off", SSH_STRICT_HOSTKEY_OFF0 }, |
819 | { "accept-new", SSH_STRICT_HOSTKEY_NEW1 }, |
820 | { NULL((void *)0), -1 } |
821 | }; |
822 | static const struct multistate multistate_yesnoaskconfirm[] = { |
823 | { "true", 1 }, |
824 | { "false", 0 }, |
825 | { "yes", 1 }, |
826 | { "no", 0 }, |
827 | { "ask", 2 }, |
828 | { "confirm", 3 }, |
829 | { NULL((void *)0), -1 } |
830 | }; |
831 | static const struct multistate multistate_addressfamily[] = { |
832 | { "inet", AF_INET2 }, |
833 | { "inet6", AF_INET624 }, |
834 | { "any", AF_UNSPEC0 }, |
835 | { NULL((void *)0), -1 } |
836 | }; |
837 | static const struct multistate multistate_controlmaster[] = { |
838 | { "true", SSHCTL_MASTER_YES1 }, |
839 | { "yes", SSHCTL_MASTER_YES1 }, |
840 | { "false", SSHCTL_MASTER_NO0 }, |
841 | { "no", SSHCTL_MASTER_NO0 }, |
842 | { "auto", SSHCTL_MASTER_AUTO2 }, |
843 | { "ask", SSHCTL_MASTER_ASK3 }, |
844 | { "autoask", SSHCTL_MASTER_AUTO_ASK4 }, |
845 | { NULL((void *)0), -1 } |
846 | }; |
847 | static const struct multistate multistate_tunnel[] = { |
848 | { "ethernet", SSH_TUNMODE_ETHERNET0x02 }, |
849 | { "point-to-point", SSH_TUNMODE_POINTOPOINT0x01 }, |
850 | { "true", SSH_TUNMODE_DEFAULT0x01 }, |
851 | { "yes", SSH_TUNMODE_DEFAULT0x01 }, |
852 | { "false", SSH_TUNMODE_NO0x00 }, |
853 | { "no", SSH_TUNMODE_NO0x00 }, |
854 | { NULL((void *)0), -1 } |
855 | }; |
856 | static const struct multistate multistate_requesttty[] = { |
857 | { "true", REQUEST_TTY_YES2 }, |
858 | { "yes", REQUEST_TTY_YES2 }, |
859 | { "false", REQUEST_TTY_NO1 }, |
860 | { "no", REQUEST_TTY_NO1 }, |
861 | { "force", REQUEST_TTY_FORCE3 }, |
862 | { "auto", REQUEST_TTY_AUTO0 }, |
863 | { NULL((void *)0), -1 } |
864 | }; |
865 | static const struct multistate multistate_sessiontype[] = { |
866 | { "none", SESSION_TYPE_NONE0 }, |
867 | { "subsystem", SESSION_TYPE_SUBSYSTEM1 }, |
868 | { "default", SESSION_TYPE_DEFAULT2 }, |
869 | { NULL((void *)0), -1 } |
870 | }; |
871 | static const struct multistate multistate_canonicalizehostname[] = { |
872 | { "true", SSH_CANONICALISE_YES1 }, |
873 | { "false", SSH_CANONICALISE_NO0 }, |
874 | { "yes", SSH_CANONICALISE_YES1 }, |
875 | { "no", SSH_CANONICALISE_NO0 }, |
876 | { "always", SSH_CANONICALISE_ALWAYS2 }, |
877 | { NULL((void *)0), -1 } |
878 | }; |
879 | static const struct multistate multistate_pubkey_auth[] = { |
880 | { "true", SSH_PUBKEY_AUTH_ALL0x03 }, |
881 | { "false", SSH_PUBKEY_AUTH_NO0x00 }, |
882 | { "yes", SSH_PUBKEY_AUTH_ALL0x03 }, |
883 | { "no", SSH_PUBKEY_AUTH_NO0x00 }, |
884 | { "unbound", SSH_PUBKEY_AUTH_UNBOUND0x01 }, |
885 | { "host-bound", SSH_PUBKEY_AUTH_HBOUND0x02 }, |
886 | { NULL((void *)0), -1 } |
887 | }; |
888 | static const struct multistate multistate_compression[] = { |
889 | #ifdef WITH_ZLIB1 |
890 | { "yes", COMP_ZLIB1 }, |
891 | #endif |
892 | { "no", COMP_NONE0 }, |
893 | { NULL((void *)0), -1 } |
894 | }; |
895 | |
896 | static int |
897 | parse_multistate_value(const char *arg, const char *filename, int linenum, |
898 | const struct multistate *multistate_ptr) |
899 | { |
900 | int i; |
901 | |
902 | if (!arg || *arg == '\0') { |
903 | error("%s line %d: missing argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 903, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum); |
904 | return -1; |
905 | } |
906 | for (i = 0; multistate_ptr[i].key != NULL((void *)0); i++) { |
907 | if (strcasecmp(arg, multistate_ptr[i].key) == 0) |
908 | return multistate_ptr[i].value; |
909 | } |
910 | return -1; |
911 | } |
912 | |
913 | /* |
914 | * Processes a single option line as used in the configuration files. This |
915 | * only sets those values that have not already been set. |
916 | */ |
917 | int |
918 | process_config_line(Options *options, struct passwd *pw, const char *host, |
919 | const char *original_host, char *line, const char *filename, |
920 | int linenum, int *activep, int flags) |
921 | { |
922 | return process_config_line_depth(options, pw, host, original_host, |
923 | line, filename, linenum, activep, flags, NULL((void *)0), 0); |
924 | } |
925 | |
926 | #define WHITESPACE" \t\r\n" " \t\r\n" |
927 | static int |
928 | process_config_line_depth(Options *options, struct passwd *pw, const char *host, |
929 | const char *original_host, char *line, const char *filename, |
930 | int linenum, int *activep, int flags, int *want_final_pass, int depth) |
931 | { |
932 | char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p, ch; |
933 | char **cpptr, ***cppptr, fwdarg[256]; |
934 | u_int i, *uintptr, uvalue, max_entries = 0; |
935 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; |
936 | int remotefwd, dynamicfwd; |
937 | LogLevel *log_level_ptr; |
938 | SyslogFacility *log_facility_ptr; |
939 | long long val64; |
940 | size_t len; |
941 | struct Forward fwd; |
942 | const struct multistate *multistate_ptr; |
943 | struct allowed_cname *cname; |
944 | glob_t gl; |
945 | const char *errstr; |
946 | char **oav = NULL((void *)0), **av; |
947 | int oac = 0, ac; |
948 | int ret = -1; |
949 | |
950 | if (activep == NULL((void *)0)) { /* We are processing a command line directive */ |
951 | cmdline = 1; |
952 | activep = &cmdline; |
953 | } |
954 | |
955 | /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ |
956 | if ((len = strlen(line)) == 0) |
957 | return 0; |
958 | for (len--; len > 0; len--) { |
959 | if (strchr(WHITESPACE" \t\r\n" "\f", line[len]) == NULL((void *)0)) |
960 | break; |
961 | line[len] = '\0'; |
962 | } |
963 | |
964 | str = line; |
965 | /* Get the keyword. (Each line is supposed to begin with a keyword). */ |
966 | if ((keyword = strdelim(&str)) == NULL((void *)0)) |
967 | return 0; |
968 | /* Ignore leading whitespace. */ |
969 | if (*keyword == '\0') |
970 | keyword = strdelim(&str); |
971 | if (keyword == NULL((void *)0) || !*keyword || *keyword == '\n' || *keyword == '#') |
972 | return 0; |
973 | /* Match lowercase keyword */ |
974 | lowercase(keyword); |
975 | |
976 | /* Prepare to parse remainder of line */ |
977 | if (str != NULL((void *)0)) |
978 | str += strspn(str, WHITESPACE" \t\r\n"); |
979 | if (str == NULL((void *)0) || *str == '\0') { |
980 | error("%s line %d: no argument after keyword \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 981, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: no argument after keyword \"%s\"" , filename, linenum, keyword) |
981 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 981, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: no argument after keyword \"%s\"" , filename, linenum, keyword); |
982 | return -1; |
983 | } |
984 | opcode = parse_token(keyword, filename, linenum, |
985 | options->ignored_unknown); |
986 | if (argv_split(str, &oac, &oav, 1) != 0) { |
987 | error("%s line %d: invalid quotes", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 987, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid quotes" , filename, linenum); |
988 | return -1; |
989 | } |
990 | ac = oac; |
991 | av = oav; |
992 | |
993 | switch (opcode) { |
994 | case oBadOption: |
995 | /* don't panic, but count bad options */ |
996 | goto out; |
997 | case oIgnore: |
998 | argv_consume(&ac); |
999 | break; |
1000 | case oIgnoredUnknownOption: |
1001 | debug("%s line %d: Ignored unknown option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1002, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Ignored unknown option \"%s\"" , filename, linenum, keyword) |
1002 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1002, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Ignored unknown option \"%s\"" , filename, linenum, keyword); |
1003 | argv_consume(&ac); |
1004 | break; |
1005 | case oConnectTimeout: |
1006 | intptr = &options->connection_timeout; |
1007 | parse_time: |
1008 | arg = argv_next(&ac, &av); |
1009 | if (!arg || *arg == '\0') { |
1010 | error("%s line %d: missing time value.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1011, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing time value." , filename, linenum) |
1011 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1011, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing time value." , filename, linenum); |
1012 | goto out; |
1013 | } |
1014 | if (strcmp(arg, "none") == 0) |
1015 | value = -1; |
1016 | else if ((value = convtime(arg)) == -1) { |
1017 | error("%s line %d: invalid time value.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1018, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum) |
1018 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1018, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum); |
1019 | goto out; |
1020 | } |
1021 | if (*activep && *intptr == -1) |
1022 | *intptr = value; |
1023 | break; |
1024 | |
1025 | case oForwardAgent: |
1026 | intptr = &options->forward_agent; |
1027 | |
1028 | arg = argv_next(&ac, &av); |
1029 | if (!arg || *arg == '\0') { |
1030 | error("%s line %d: missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1031, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum) |
1031 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1031, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum); |
1032 | goto out; |
1033 | } |
1034 | |
1035 | value = -1; |
1036 | multistate_ptr = multistate_flag; |
1037 | for (i = 0; multistate_ptr[i].key != NULL((void *)0); i++) { |
1038 | if (strcasecmp(arg, multistate_ptr[i].key) == 0) { |
1039 | value = multistate_ptr[i].value; |
1040 | break; |
1041 | } |
1042 | } |
1043 | if (value != -1) { |
1044 | if (*activep && *intptr == -1) |
1045 | *intptr = value; |
1046 | break; |
1047 | } |
1048 | /* ForwardAgent wasn't 'yes' or 'no', assume a path */ |
1049 | if (*activep && *intptr == -1) |
1050 | *intptr = 1; |
1051 | |
1052 | charptr = &options->forward_agent_sock_path; |
1053 | goto parse_agent_path; |
1054 | |
1055 | case oForwardX11: |
1056 | intptr = &options->forward_x11; |
1057 | parse_flag: |
1058 | multistate_ptr = multistate_flag; |
1059 | parse_multistate: |
1060 | arg = argv_next(&ac, &av); |
1061 | if ((value = parse_multistate_value(arg, filename, linenum, |
1062 | multistate_ptr)) == -1) { |
1063 | error("%s line %d: unsupported option \"%s\".",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1064, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option \"%s\"." , filename, linenum, arg) |
1064 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1064, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option \"%s\"." , filename, linenum, arg); |
1065 | goto out; |
1066 | } |
1067 | if (*activep && *intptr == -1) |
1068 | *intptr = value; |
1069 | break; |
1070 | |
1071 | case oForwardX11Trusted: |
1072 | intptr = &options->forward_x11_trusted; |
1073 | goto parse_flag; |
1074 | |
1075 | case oForwardX11Timeout: |
1076 | intptr = &options->forward_x11_timeout; |
1077 | goto parse_time; |
1078 | |
1079 | case oGatewayPorts: |
1080 | intptr = &options->fwd_opts.gateway_ports; |
1081 | goto parse_flag; |
1082 | |
1083 | case oExitOnForwardFailure: |
1084 | intptr = &options->exit_on_forward_failure; |
1085 | goto parse_flag; |
1086 | |
1087 | case oPasswordAuthentication: |
1088 | intptr = &options->password_authentication; |
1089 | goto parse_flag; |
1090 | |
1091 | case oKbdInteractiveAuthentication: |
1092 | intptr = &options->kbd_interactive_authentication; |
1093 | goto parse_flag; |
1094 | |
1095 | case oKbdInteractiveDevices: |
1096 | charptr = &options->kbd_interactive_devices; |
1097 | goto parse_string; |
1098 | |
1099 | case oPubkeyAuthentication: |
1100 | multistate_ptr = multistate_pubkey_auth; |
1101 | intptr = &options->pubkey_authentication; |
1102 | goto parse_multistate; |
1103 | |
1104 | case oHostbasedAuthentication: |
1105 | intptr = &options->hostbased_authentication; |
1106 | goto parse_flag; |
1107 | |
1108 | case oGssAuthentication: |
1109 | intptr = &options->gss_authentication; |
1110 | goto parse_flag; |
1111 | |
1112 | case oGssDelegateCreds: |
1113 | intptr = &options->gss_deleg_creds; |
1114 | goto parse_flag; |
1115 | |
1116 | case oBatchMode: |
1117 | intptr = &options->batch_mode; |
1118 | goto parse_flag; |
1119 | |
1120 | case oCheckHostIP: |
1121 | intptr = &options->check_host_ip; |
1122 | goto parse_flag; |
1123 | |
1124 | case oVerifyHostKeyDNS: |
1125 | intptr = &options->verify_host_key_dns; |
1126 | multistate_ptr = multistate_yesnoask; |
1127 | goto parse_multistate; |
1128 | |
1129 | case oStrictHostKeyChecking: |
1130 | intptr = &options->strict_host_key_checking; |
1131 | multistate_ptr = multistate_strict_hostkey; |
1132 | goto parse_multistate; |
1133 | |
1134 | case oCompression: |
1135 | intptr = &options->compression; |
1136 | multistate_ptr = multistate_compression; |
1137 | goto parse_multistate; |
1138 | |
1139 | case oTCPKeepAlive: |
1140 | intptr = &options->tcp_keep_alive; |
1141 | goto parse_flag; |
1142 | |
1143 | case oNoHostAuthenticationForLocalhost: |
1144 | intptr = &options->no_host_authentication_for_localhost; |
1145 | goto parse_flag; |
1146 | |
1147 | case oNumberOfPasswordPrompts: |
1148 | intptr = &options->number_of_password_prompts; |
1149 | goto parse_int; |
1150 | |
1151 | case oRekeyLimit: |
1152 | arg = argv_next(&ac, &av); |
1153 | if (!arg || *arg == '\0') { |
1154 | error("%.200s line %d: Missing argument.", filename,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1155, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1155 | linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1155, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1156 | goto out; |
1157 | } |
1158 | if (strcmp(arg, "default") == 0) { |
1159 | val64 = 0; |
1160 | } else { |
1161 | if (scan_scaled(arg, &val64) == -1) { |
1162 | error("%.200s line %d: Bad number '%s': %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1163, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad number '%s': %s" , filename, linenum, arg, strerror((*__errno()))) |
1163 | filename, linenum, arg, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1163, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad number '%s': %s" , filename, linenum, arg, strerror((*__errno()))); |
1164 | goto out; |
1165 | } |
1166 | if (val64 != 0 && val64 < 16) { |
1167 | error("%.200s line %d: RekeyLimit too small",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1168, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: RekeyLimit too small" , filename, linenum) |
1168 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1168, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: RekeyLimit too small" , filename, linenum); |
1169 | goto out; |
1170 | } |
1171 | } |
1172 | if (*activep && options->rekey_limit == -1) |
1173 | options->rekey_limit = val64; |
1174 | if (ac != 0) { /* optional rekey interval present */ |
1175 | if (strcmp(av[0], "none") == 0) { |
1176 | (void)argv_next(&ac, &av); /* discard */ |
1177 | break; |
1178 | } |
1179 | intptr = &options->rekey_interval; |
1180 | goto parse_time; |
1181 | } |
1182 | break; |
1183 | |
1184 | case oIdentityFile: |
1185 | arg = argv_next(&ac, &av); |
1186 | if (!arg || *arg == '\0') { |
1187 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1188, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1188 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1188, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1189 | goto out; |
1190 | } |
1191 | if (*activep) { |
1192 | intptr = &options->num_identity_files; |
1193 | if (*intptr >= SSH_MAX_IDENTITY_FILES100) { |
1194 | error("%.200s line %d: Too many identity files "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1196, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100) |
1195 | "specified (max %d).", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1196, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100) |
1196 | SSH_MAX_IDENTITY_FILES)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1196, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100); |
1197 | goto out; |
1198 | } |
1199 | add_identity_file(options, NULL((void *)0), |
1200 | arg, flags & SSHCONF_USERCONF2); |
1201 | } |
1202 | break; |
1203 | |
1204 | case oCertificateFile: |
1205 | arg = argv_next(&ac, &av); |
1206 | if (!arg || *arg == '\0') { |
1207 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1208, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1208 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1208, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1209 | goto out; |
1210 | } |
1211 | if (*activep) { |
1212 | intptr = &options->num_certificate_files; |
1213 | if (*intptr >= SSH_MAX_CERTIFICATE_FILES100) { |
1214 | error("%.200s line %d: Too many certificate "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1217, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1215 | "files specified (max %d).",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1217, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1216 | filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1217, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1217 | SSH_MAX_CERTIFICATE_FILES)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1217, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100); |
1218 | goto out; |
1219 | } |
1220 | add_certificate_file(options, arg, |
1221 | flags & SSHCONF_USERCONF2); |
1222 | } |
1223 | break; |
1224 | |
1225 | case oXAuthLocation: |
1226 | charptr=&options->xauth_location; |
1227 | goto parse_string; |
1228 | |
1229 | case oUser: |
1230 | charptr = &options->user; |
1231 | parse_string: |
1232 | arg = argv_next(&ac, &av); |
1233 | if (!arg || *arg == '\0') { |
1234 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1235, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1235 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1235, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1236 | goto out; |
1237 | } |
1238 | if (*activep && *charptr == NULL((void *)0)) |
1239 | *charptr = xstrdup(arg); |
1240 | break; |
1241 | |
1242 | case oGlobalKnownHostsFile: |
1243 | cpptr = (char **)&options->system_hostfiles; |
1244 | uintptr = &options->num_system_hostfiles; |
1245 | max_entries = SSH_MAX_HOSTS_FILES32; |
1246 | parse_char_array: |
1247 | i = 0; |
1248 | value = *uintptr == 0; /* was array empty when we started? */ |
1249 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1250 | if (*arg == '\0') { |
1251 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1252, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1252 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1252, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1253 | goto out; |
1254 | } |
1255 | /* Allow "none" only in first position */ |
1256 | if (strcasecmp(arg, "none") == 0) { |
1257 | if (i > 0 || ac > 0) { |
1258 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1260, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1259 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1260, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1260 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1260, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
1261 | goto out; |
1262 | } |
1263 | } |
1264 | i++; |
1265 | if (*activep && value) { |
1266 | if ((*uintptr) >= max_entries) { |
1267 | error("%s line %d: too many %s "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1269, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword) |
1268 | "entries.", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1269, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword) |
1269 | keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1269, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword); |
1270 | goto out; |
1271 | } |
1272 | cpptr[(*uintptr)++] = xstrdup(arg); |
1273 | } |
1274 | } |
1275 | break; |
1276 | |
1277 | case oUserKnownHostsFile: |
1278 | cpptr = (char **)&options->user_hostfiles; |
1279 | uintptr = &options->num_user_hostfiles; |
1280 | max_entries = SSH_MAX_HOSTS_FILES32; |
1281 | goto parse_char_array; |
1282 | |
1283 | case oHostname: |
1284 | charptr = &options->hostname; |
1285 | goto parse_string; |
1286 | |
1287 | case oHostKeyAlias: |
1288 | charptr = &options->host_key_alias; |
1289 | goto parse_string; |
1290 | |
1291 | case oPreferredAuthentications: |
1292 | charptr = &options->preferred_authentications; |
1293 | goto parse_string; |
1294 | |
1295 | case oBindAddress: |
1296 | charptr = &options->bind_address; |
1297 | goto parse_string; |
1298 | |
1299 | case oBindInterface: |
1300 | charptr = &options->bind_interface; |
1301 | goto parse_string; |
1302 | |
1303 | case oPKCS11Provider: |
1304 | charptr = &options->pkcs11_provider; |
1305 | goto parse_string; |
1306 | |
1307 | case oSecurityKeyProvider: |
1308 | charptr = &options->sk_provider; |
1309 | goto parse_string; |
1310 | |
1311 | case oKnownHostsCommand: |
1312 | charptr = &options->known_hosts_command; |
1313 | goto parse_command; |
1314 | |
1315 | case oProxyCommand: |
1316 | charptr = &options->proxy_command; |
1317 | /* Ignore ProxyCommand if ProxyJump already specified */ |
1318 | if (options->jump_host != NULL((void *)0)) |
1319 | charptr = &options->jump_host; /* Skip below */ |
1320 | parse_command: |
1321 | if (str == NULL((void *)0)) { |
1322 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1323, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1323 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1323, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1324 | goto out; |
1325 | } |
1326 | len = strspn(str, WHITESPACE" \t\r\n" "="); |
1327 | if (*activep && *charptr == NULL((void *)0)) |
1328 | *charptr = xstrdup(str + len); |
1329 | argv_consume(&ac); |
1330 | break; |
1331 | |
1332 | case oProxyJump: |
1333 | if (str == NULL((void *)0)) { |
1334 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1335, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1335 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1335, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1336 | goto out; |
1337 | } |
1338 | len = strspn(str, WHITESPACE" \t\r\n" "="); |
1339 | /* XXX use argv? */ |
1340 | if (parse_jump(str + len, options, *activep) == -1) { |
1341 | error("%.200s line %d: Invalid ProxyJump \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1342, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid ProxyJump \"%s\"" , filename, linenum, str + len) |
1342 | filename, linenum, str + len)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1342, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid ProxyJump \"%s\"" , filename, linenum, str + len); |
1343 | goto out; |
1344 | } |
1345 | argv_consume(&ac); |
1346 | break; |
1347 | |
1348 | case oPort: |
1349 | arg = argv_next(&ac, &av); |
1350 | if (!arg || *arg == '\0') { |
1351 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1352, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1352 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1352, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1353 | goto out; |
1354 | } |
1355 | value = a2port(arg); |
1356 | if (value <= 0) { |
1357 | error("%.200s line %d: Bad port '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1358, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad port '%s'." , filename, linenum, arg) |
1358 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1358, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad port '%s'." , filename, linenum, arg); |
1359 | goto out; |
1360 | } |
1361 | if (*activep && options->port == -1) |
1362 | options->port = value; |
1363 | break; |
1364 | |
1365 | case oConnectionAttempts: |
1366 | intptr = &options->connection_attempts; |
1367 | parse_int: |
1368 | arg = argv_next(&ac, &av); |
1369 | if ((errstr = atoi_err(arg, &value)) != NULL((void *)0)) { |
1370 | error("%s line %d: integer value %s.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1371, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr) |
1371 | filename, linenum, errstr)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1371, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr); |
1372 | goto out; |
1373 | } |
1374 | if (*activep && *intptr == -1) |
1375 | *intptr = value; |
1376 | break; |
1377 | |
1378 | case oCiphers: |
1379 | arg = argv_next(&ac, &av); |
1380 | if (!arg || *arg == '\0') { |
1381 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1382, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1382 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1382, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1383 | goto out; |
1384 | } |
1385 | if (*arg != '-' && |
1386 | !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)){ |
1387 | error("%.200s line %d: Bad SSH2 cipher spec '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1388, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 cipher spec '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1388 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1388, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 cipher spec '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1389 | goto out; |
1390 | } |
1391 | if (*activep && options->ciphers == NULL((void *)0)) |
1392 | options->ciphers = xstrdup(arg); |
1393 | break; |
1394 | |
1395 | case oMacs: |
1396 | arg = argv_next(&ac, &av); |
1397 | if (!arg || *arg == '\0') { |
1398 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1399, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1399 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1399, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1400 | goto out; |
1401 | } |
1402 | if (*arg != '-' && |
1403 | !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) { |
1404 | error("%.200s line %d: Bad SSH2 MAC spec '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1405, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 MAC spec '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1405 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1405, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 MAC spec '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1406 | goto out; |
1407 | } |
1408 | if (*activep && options->macs == NULL((void *)0)) |
1409 | options->macs = xstrdup(arg); |
1410 | break; |
1411 | |
1412 | case oKexAlgorithms: |
1413 | arg = argv_next(&ac, &av); |
1414 | if (!arg || *arg == '\0') { |
1415 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1416, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1416 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1416, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1417 | goto out; |
1418 | } |
1419 | if (*arg != '-' && |
1420 | !kex_names_valid(*arg == '+' || *arg == '^' ? |
1421 | arg + 1 : arg)) { |
1422 | error("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1423, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 KexAlgorithms '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1423 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1423, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 KexAlgorithms '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1424 | goto out; |
1425 | } |
1426 | if (*activep && options->kex_algorithms == NULL((void *)0)) |
1427 | options->kex_algorithms = xstrdup(arg); |
1428 | break; |
1429 | |
1430 | case oHostKeyAlgorithms: |
1431 | charptr = &options->hostkeyalgorithms; |
1432 | parse_pubkey_algos: |
1433 | arg = argv_next(&ac, &av); |
1434 | if (!arg || *arg == '\0') { |
1435 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1436, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1436 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1436, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1437 | goto out; |
1438 | } |
1439 | if (*arg != '-' && |
1440 | !sshkey_names_valid2(*arg == '+' || *arg == '^' ? |
1441 | arg + 1 : arg, 1)) { |
1442 | error("%s line %d: Bad key types '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1443, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad key types '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1443 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1443, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad key types '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1444 | goto out; |
1445 | } |
1446 | if (*activep && *charptr == NULL((void *)0)) |
1447 | *charptr = xstrdup(arg); |
1448 | break; |
1449 | |
1450 | case oCASignatureAlgorithms: |
1451 | charptr = &options->ca_sign_algorithms; |
1452 | goto parse_pubkey_algos; |
1453 | |
1454 | case oLogLevel: |
1455 | log_level_ptr = &options->log_level; |
1456 | arg = argv_next(&ac, &av); |
1457 | value = log_level_number(arg); |
1458 | if (value == SYSLOG_LEVEL_NOT_SET) { |
1459 | error("%.200s line %d: unsupported log level '%s'",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1460, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log level '%s'" , filename, linenum, arg ? arg : "<NONE>") |
1460 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1460, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log level '%s'" , filename, linenum, arg ? arg : "<NONE>"); |
1461 | goto out; |
1462 | } |
1463 | if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET) |
1464 | *log_level_ptr = (LogLevel) value; |
1465 | break; |
1466 | |
1467 | case oLogFacility: |
1468 | log_facility_ptr = &options->log_facility; |
1469 | arg = argv_next(&ac, &av); |
1470 | value = log_facility_number(arg); |
1471 | if (value == SYSLOG_FACILITY_NOT_SET) { |
1472 | error("%.200s line %d: unsupported log facility '%s'",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1473, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log facility '%s'" , filename, linenum, arg ? arg : "<NONE>") |
1473 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1473, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log facility '%s'" , filename, linenum, arg ? arg : "<NONE>"); |
1474 | goto out; |
1475 | } |
1476 | if (*log_facility_ptr == -1) |
1477 | *log_facility_ptr = (SyslogFacility) value; |
1478 | break; |
1479 | |
1480 | case oLogVerbose: |
1481 | cppptr = &options->log_verbose; |
1482 | uintptr = &options->num_log_verbose; |
1483 | i = 0; |
1484 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1485 | if (*arg == '\0') { |
1486 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1487, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1487 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1487, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1488 | goto out; |
1489 | } |
1490 | /* Allow "none" only in first position */ |
1491 | if (strcasecmp(arg, "none") == 0) { |
1492 | if (i > 0 || ac > 0) { |
1493 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1495, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1494 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1495, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1495 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1495, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
1496 | goto out; |
1497 | } |
1498 | } |
1499 | i++; |
1500 | if (*activep && *uintptr == 0) { |
1501 | *cppptr = xrecallocarray(*cppptr, *uintptr, |
1502 | *uintptr + 1, sizeof(**cppptr)); |
1503 | (*cppptr)[(*uintptr)++] = xstrdup(arg); |
1504 | } |
1505 | } |
1506 | break; |
1507 | |
1508 | case oLocalForward: |
1509 | case oRemoteForward: |
1510 | case oDynamicForward: |
1511 | arg = argv_next(&ac, &av); |
1512 | if (!arg || *arg == '\0') { |
1513 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1514, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1514 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1514, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1515 | goto out; |
1516 | } |
1517 | |
1518 | remotefwd = (opcode == oRemoteForward); |
1519 | dynamicfwd = (opcode == oDynamicForward); |
1520 | |
1521 | if (!dynamicfwd) { |
1522 | arg2 = argv_next(&ac, &av); |
1523 | if (arg2 == NULL((void *)0) || *arg2 == '\0') { |
1524 | if (remotefwd) |
1525 | dynamicfwd = 1; |
1526 | else { |
1527 | error("%.200s line %d: Missing target "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1528, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing target " "argument.", filename, linenum) |
1528 | "argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1528, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing target " "argument.", filename, linenum); |
1529 | goto out; |
1530 | } |
1531 | } else { |
1532 | /* construct a string for parse_forward */ |
1533 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, |
1534 | arg2); |
1535 | } |
1536 | } |
1537 | if (dynamicfwd) |
1538 | strlcpy(fwdarg, arg, sizeof(fwdarg)); |
1539 | |
1540 | if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) { |
1541 | error("%.200s line %d: Bad forwarding specification.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1542, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad forwarding specification." , filename, linenum) |
1542 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1542, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad forwarding specification." , filename, linenum); |
1543 | goto out; |
1544 | } |
1545 | |
1546 | if (*activep) { |
1547 | if (remotefwd) { |
1548 | add_remote_forward(options, &fwd); |
1549 | } else { |
1550 | add_local_forward(options, &fwd); |
1551 | } |
1552 | } |
1553 | break; |
1554 | |
1555 | case oPermitRemoteOpen: |
1556 | uintptr = &options->num_permitted_remote_opens; |
1557 | cppptr = &options->permitted_remote_opens; |
1558 | arg = argv_next(&ac, &av); |
1559 | if (!arg || *arg == '\0') |
1560 | fatal("%s line %d: missing %s specification",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1561, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing %s specification" , filename, linenum, lookup_opcode_name(opcode)) |
1561 | filename, linenum, lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1561, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing %s specification" , filename, linenum, lookup_opcode_name(opcode)); |
1562 | uvalue = *uintptr; /* modified later */ |
1563 | if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { |
1564 | if (*activep && uvalue == 0) { |
1565 | *uintptr = 1; |
1566 | *cppptr = xcalloc(1, sizeof(**cppptr)); |
1567 | (*cppptr)[0] = xstrdup(arg); |
1568 | } |
1569 | break; |
1570 | } |
1571 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1572 | arg2 = xstrdup(arg); |
1573 | ch = '\0'; |
1574 | p = hpdelim2(&arg, &ch); |
1575 | if (p == NULL((void *)0) || ch == '/') { |
1576 | fatal("%s line %d: missing host in %s",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1578, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1577 | filename, linenum,sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1578, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1578 | lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1578, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)); |
1579 | } |
1580 | p = cleanhostname(p); |
Value stored to 'p' is never read | |
1581 | /* |
1582 | * don't want to use permitopen_port to avoid |
1583 | * dependency on channels.[ch] here. |
1584 | */ |
1585 | if (arg == NULL((void *)0) || |
1586 | (strcmp(arg, "*") != 0 && a2port(arg) <= 0)) { |
1587 | fatal("%s line %d: bad port number in %s",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1589, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1588 | filename, linenum,sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1589, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1589 | lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1589, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number in %s" , filename, linenum, lookup_opcode_name(opcode)); |
1590 | } |
1591 | if (*activep && uvalue == 0) { |
1592 | opt_array_append(filename, linenum, |
1593 | lookup_opcode_name(opcode), |
1594 | cppptr, uintptr, arg2); |
1595 | } |
1596 | free(arg2); |
1597 | } |
1598 | break; |
1599 | |
1600 | case oClearAllForwardings: |
1601 | intptr = &options->clear_forwardings; |
1602 | goto parse_flag; |
1603 | |
1604 | case oHost: |
1605 | if (cmdline) { |
1606 | error("Host directive not supported as a command-line "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1607, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option") |
1607 | "option")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1607, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option"); |
1608 | goto out; |
1609 | } |
1610 | *activep = 0; |
1611 | arg2 = NULL((void *)0); |
1612 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1613 | if (*arg == '\0') { |
1614 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1615, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1615 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1615, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1616 | goto out; |
1617 | } |
1618 | if ((flags & SSHCONF_NEVERMATCH8) != 0) { |
1619 | argv_consume(&ac); |
1620 | break; |
1621 | } |
1622 | negated = *arg == '!'; |
1623 | if (negated) |
1624 | arg++; |
1625 | if (match_pattern(host, arg)) { |
1626 | if (negated) { |
1627 | debug("%.200s line %d: Skipping Host "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1630, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1628 | "block because of negated match "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1630, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1629 | "for %.100s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1630, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1630 | arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1630, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg); |
1631 | *activep = 0; |
1632 | argv_consume(&ac); |
1633 | break; |
1634 | } |
1635 | if (!*activep) |
1636 | arg2 = arg; /* logged below */ |
1637 | *activep = 1; |
1638 | } |
1639 | } |
1640 | if (*activep) |
1641 | debug("%.200s line %d: Applying options for %.100s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1642, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Applying options for %.100s" , filename, linenum, arg2) |
1642 | filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1642, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Applying options for %.100s" , filename, linenum, arg2); |
1643 | break; |
1644 | |
1645 | case oMatch: |
1646 | if (cmdline) { |
1647 | error("Host directive not supported as a command-line "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1648, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option") |
1648 | "option")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1648, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option"); |
1649 | goto out; |
1650 | } |
1651 | value = match_cfg_line(options, &str, pw, host, original_host, |
1652 | flags & SSHCONF_FINAL4, want_final_pass, |
1653 | filename, linenum); |
1654 | if (value < 0) { |
1655 | error("%.200s line %d: Bad Match condition", filename,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1656, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad Match condition" , filename, linenum) |
1656 | linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1656, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad Match condition" , filename, linenum); |
1657 | goto out; |
1658 | } |
1659 | *activep = (flags & SSHCONF_NEVERMATCH8) ? 0 : value; |
1660 | /* |
1661 | * If match_cfg_line() didn't consume all its arguments then |
1662 | * arrange for the extra arguments check below to fail. |
1663 | */ |
1664 | |
1665 | if (str == NULL((void *)0) || *str == '\0') |
1666 | argv_consume(&ac); |
1667 | break; |
1668 | |
1669 | case oEscapeChar: |
1670 | intptr = &options->escape_char; |
1671 | arg = argv_next(&ac, &av); |
1672 | if (!arg || *arg == '\0') { |
1673 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1674, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1674 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1674, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1675 | goto out; |
1676 | } |
1677 | if (strcmp(arg, "none") == 0) |
1678 | value = SSH_ESCAPECHAR_NONE-2; |
1679 | else if (arg[1] == '\0') |
1680 | value = (u_char) arg[0]; |
1681 | else if (arg[0] == '^' && arg[2] == 0 && |
1682 | (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) |
1683 | value = (u_char) arg[1] & 31; |
1684 | else { |
1685 | error("%.200s line %d: Bad escape character.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1686, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad escape character." , filename, linenum) |
1686 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1686, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad escape character." , filename, linenum); |
1687 | goto out; |
1688 | } |
1689 | if (*activep && *intptr == -1) |
1690 | *intptr = value; |
1691 | break; |
1692 | |
1693 | case oAddressFamily: |
1694 | intptr = &options->address_family; |
1695 | multistate_ptr = multistate_addressfamily; |
1696 | goto parse_multistate; |
1697 | |
1698 | case oEnableSSHKeysign: |
1699 | intptr = &options->enable_ssh_keysign; |
1700 | goto parse_flag; |
1701 | |
1702 | case oIdentitiesOnly: |
1703 | intptr = &options->identities_only; |
1704 | goto parse_flag; |
1705 | |
1706 | case oServerAliveInterval: |
1707 | intptr = &options->server_alive_interval; |
1708 | goto parse_time; |
1709 | |
1710 | case oServerAliveCountMax: |
1711 | intptr = &options->server_alive_count_max; |
1712 | goto parse_int; |
1713 | |
1714 | case oSendEnv: |
1715 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1716 | if (*arg == '\0' || strchr(arg, '=') != NULL((void *)0)) { |
1717 | error("%s line %d: Invalid environment name.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1718, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid environment name." , filename, linenum) |
1718 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1718, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid environment name." , filename, linenum); |
1719 | goto out; |
1720 | } |
1721 | if (!*activep) |
1722 | continue; |
1723 | if (*arg == '-') { |
1724 | /* Removing an env var */ |
1725 | rm_env(options, arg, filename, linenum); |
1726 | continue; |
1727 | } else { |
1728 | /* Adding an env var */ |
1729 | if (options->num_send_env >= INT_MAX2147483647) { |
1730 | error("%s line %d: too many send env.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1731, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many send env." , filename, linenum) |
1731 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1731, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many send env." , filename, linenum); |
1732 | goto out; |
1733 | } |
1734 | options->send_env = xrecallocarray( |
1735 | options->send_env, options->num_send_env, |
1736 | options->num_send_env + 1, |
1737 | sizeof(*options->send_env)); |
1738 | options->send_env[options->num_send_env++] = |
1739 | xstrdup(arg); |
1740 | } |
1741 | } |
1742 | break; |
1743 | |
1744 | case oSetEnv: |
1745 | value = options->num_setenv; |
1746 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1747 | if (strchr(arg, '=') == NULL((void *)0)) { |
1748 | error("%s line %d: Invalid SetEnv.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1749, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid SetEnv." , filename, linenum) |
1749 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1749, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid SetEnv." , filename, linenum); |
1750 | goto out; |
1751 | } |
1752 | if (!*activep || value != 0) |
1753 | continue; |
1754 | /* Adding a setenv var */ |
1755 | if (options->num_setenv >= INT_MAX2147483647) { |
1756 | error("%s line %d: too many SetEnv.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1757, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many SetEnv." , filename, linenum) |
1757 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1757, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many SetEnv." , filename, linenum); |
1758 | goto out; |
1759 | } |
1760 | options->setenv = xrecallocarray( |
1761 | options->setenv, options->num_setenv, |
1762 | options->num_setenv + 1, sizeof(*options->setenv)); |
1763 | options->setenv[options->num_setenv++] = xstrdup(arg); |
1764 | } |
1765 | break; |
1766 | |
1767 | case oControlPath: |
1768 | charptr = &options->control_path; |
1769 | goto parse_string; |
1770 | |
1771 | case oControlMaster: |
1772 | intptr = &options->control_master; |
1773 | multistate_ptr = multistate_controlmaster; |
1774 | goto parse_multistate; |
1775 | |
1776 | case oControlPersist: |
1777 | /* no/false/yes/true, or a time spec */ |
1778 | intptr = &options->control_persist; |
1779 | arg = argv_next(&ac, &av); |
1780 | if (!arg || *arg == '\0') { |
1781 | error("%.200s line %d: Missing ControlPersist"sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1782, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing ControlPersist" " argument.", filename, linenum) |
1782 | " argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1782, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing ControlPersist" " argument.", filename, linenum); |
1783 | goto out; |
1784 | } |
1785 | value = 0; |
1786 | value2 = 0; /* timeout */ |
1787 | if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) |
1788 | value = 0; |
1789 | else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) |
1790 | value = 1; |
1791 | else if ((value2 = convtime(arg)) >= 0) |
1792 | value = 1; |
1793 | else { |
1794 | error("%.200s line %d: Bad ControlPersist argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1795, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad ControlPersist argument." , filename, linenum) |
1795 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1795, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad ControlPersist argument." , filename, linenum); |
1796 | goto out; |
1797 | } |
1798 | if (*activep && *intptr == -1) { |
1799 | *intptr = value; |
1800 | options->control_persist_timeout = value2; |
1801 | } |
1802 | break; |
1803 | |
1804 | case oHashKnownHosts: |
1805 | intptr = &options->hash_known_hosts; |
1806 | goto parse_flag; |
1807 | |
1808 | case oTunnel: |
1809 | intptr = &options->tun_open; |
1810 | multistate_ptr = multistate_tunnel; |
1811 | goto parse_multistate; |
1812 | |
1813 | case oTunnelDevice: |
1814 | arg = argv_next(&ac, &av); |
1815 | if (!arg || *arg == '\0') { |
1816 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1817, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1817 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1817, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1818 | goto out; |
1819 | } |
1820 | value = a2tun(arg, &value2); |
1821 | if (value == SSH_TUNID_ERR(0x7fffffff - 1)) { |
1822 | error("%.200s line %d: Bad tun device.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1823, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad tun device." , filename, linenum) |
1823 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1823, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad tun device." , filename, linenum); |
1824 | goto out; |
1825 | } |
1826 | if (*activep && options->tun_local == -1) { |
1827 | options->tun_local = value; |
1828 | options->tun_remote = value2; |
1829 | } |
1830 | break; |
1831 | |
1832 | case oLocalCommand: |
1833 | charptr = &options->local_command; |
1834 | goto parse_command; |
1835 | |
1836 | case oPermitLocalCommand: |
1837 | intptr = &options->permit_local_command; |
1838 | goto parse_flag; |
1839 | |
1840 | case oRemoteCommand: |
1841 | charptr = &options->remote_command; |
1842 | goto parse_command; |
1843 | |
1844 | case oVisualHostKey: |
1845 | intptr = &options->visual_host_key; |
1846 | goto parse_flag; |
1847 | |
1848 | case oInclude: |
1849 | if (cmdline) { |
1850 | error("Include directive not supported as a "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1851, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Include directive not supported as a " "command-line option") |
1851 | "command-line option")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1851, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Include directive not supported as a " "command-line option"); |
1852 | goto out; |
1853 | } |
1854 | value = 0; |
1855 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1856 | if (*arg == '\0') { |
1857 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1858, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1858 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1858, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1859 | goto out; |
1860 | } |
1861 | /* |
1862 | * Ensure all paths are anchored. User configuration |
1863 | * files may begin with '~/' but system configurations |
1864 | * must not. If the path is relative, then treat it |
1865 | * as living in ~/.ssh for user configurations or |
1866 | * /etc/ssh for system ones. |
1867 | */ |
1868 | if (*arg == '~' && (flags & SSHCONF_USERCONF2) == 0) { |
1869 | error("%.200s line %d: bad include path %s.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1870, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: bad include path %s." , filename, linenum, arg) |
1870 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1870, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: bad include path %s." , filename, linenum, arg); |
1871 | goto out; |
1872 | } |
1873 | if (!path_absolute(arg) && *arg != '~') { |
1874 | xasprintf(&arg2, "%s/%s", |
1875 | (flags & SSHCONF_USERCONF2) ? |
1876 | "~/" _PATH_SSH_USER_DIR".ssh" : SSHDIR"/etc" "/ssh", arg); |
1877 | } else |
1878 | arg2 = xstrdup(arg); |
1879 | memset(&gl, 0, sizeof(gl)); |
1880 | r = glob(arg2, GLOB_TILDE0x0800, NULL((void *)0), &gl); |
1881 | if (r == GLOB_NOMATCH(-3)) { |
1882 | debug("%.200s line %d: include %s matched no "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1883, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: include %s matched no " "files",filename, linenum, arg2) |
1883 | "files",filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1883, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: include %s matched no " "files",filename, linenum, arg2); |
1884 | free(arg2); |
1885 | continue; |
1886 | } else if (r != 0) { |
1887 | error("%.200s line %d: glob failed for %s.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1888, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: glob failed for %s." , filename, linenum, arg2) |
1888 | filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1888, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: glob failed for %s." , filename, linenum, arg2); |
1889 | goto out; |
1890 | } |
1891 | free(arg2); |
1892 | oactive = *activep; |
1893 | for (i = 0; i < gl.gl_pathc; i++) { |
1894 | debug3("%.200s line %d: Including file %s "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1897, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1895 | "depth %d%s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1897, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1896 | gl.gl_pathv[i], depth,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1897, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1897 | oactive ? "" : " (parse only)")sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1897, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)"); |
1898 | r = read_config_file_depth(gl.gl_pathv[i], |
1899 | pw, host, original_host, options, |
1900 | flags | SSHCONF_CHECKPERM1 | |
1901 | (oactive ? 0 : SSHCONF_NEVERMATCH8), |
1902 | activep, want_final_pass, depth + 1); |
1903 | if (r != 1 && errno(*__errno()) != ENOENT2) { |
1904 | error("Can't open user config file "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1906, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))) |
1905 | "%.100s: %.100s", gl.gl_pathv[i],sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1906, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))) |
1906 | strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1906, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))); |
1907 | globfree(&gl); |
1908 | goto out; |
1909 | } |
1910 | /* |
1911 | * don't let Match in includes clobber the |
1912 | * containing file's Match state. |
1913 | */ |
1914 | *activep = oactive; |
1915 | if (r != 1) |
1916 | value = -1; |
1917 | } |
1918 | globfree(&gl); |
1919 | } |
1920 | if (value != 0) |
1921 | ret = value; |
1922 | break; |
1923 | |
1924 | case oIPQoS: |
1925 | arg = argv_next(&ac, &av); |
1926 | if ((value = parse_ipqos(arg)) == -1) { |
1927 | error("%s line %d: Bad IPQoS value: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1928, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg) |
1928 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1928, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg); |
1929 | goto out; |
1930 | } |
1931 | arg = argv_next(&ac, &av); |
1932 | if (arg == NULL((void *)0)) |
1933 | value2 = value; |
1934 | else if ((value2 = parse_ipqos(arg)) == -1) { |
1935 | error("%s line %d: Bad IPQoS value: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1936, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg) |
1936 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1936, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg); |
1937 | goto out; |
1938 | } |
1939 | if (*activep && options->ip_qos_interactive == -1) { |
1940 | options->ip_qos_interactive = value; |
1941 | options->ip_qos_bulk = value2; |
1942 | } |
1943 | break; |
1944 | |
1945 | case oRequestTTY: |
1946 | intptr = &options->request_tty; |
1947 | multistate_ptr = multistate_requesttty; |
1948 | goto parse_multistate; |
1949 | |
1950 | case oSessionType: |
1951 | intptr = &options->session_type; |
1952 | multistate_ptr = multistate_sessiontype; |
1953 | goto parse_multistate; |
1954 | |
1955 | case oStdinNull: |
1956 | intptr = &options->stdin_null; |
1957 | goto parse_flag; |
1958 | |
1959 | case oForkAfterAuthentication: |
1960 | intptr = &options->fork_after_authentication; |
1961 | goto parse_flag; |
1962 | |
1963 | case oIgnoreUnknown: |
1964 | charptr = &options->ignored_unknown; |
1965 | goto parse_string; |
1966 | |
1967 | case oProxyUseFdpass: |
1968 | intptr = &options->proxy_use_fdpass; |
1969 | goto parse_flag; |
1970 | |
1971 | case oCanonicalDomains: |
1972 | value = options->num_canonical_domains != 0; |
1973 | i = 0; |
1974 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1975 | if (*arg == '\0') { |
1976 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1977, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1977 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1977, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1978 | goto out; |
1979 | } |
1980 | /* Allow "none" only in first position */ |
1981 | if (strcasecmp(arg, "none") == 0) { |
1982 | if (i > 0 || ac > 0) { |
1983 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1985, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1984 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1985, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1985 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1985, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
1986 | goto out; |
1987 | } |
1988 | } |
1989 | i++; |
1990 | if (!valid_domain(arg, 1, &errstr)) { |
1991 | error("%s line %d: %s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1992, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: %s", filename, linenum, errstr) |
1992 | errstr)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 1992, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: %s", filename, linenum, errstr); |
1993 | goto out; |
1994 | } |
1995 | if (!*activep || value) |
1996 | continue; |
1997 | if (options->num_canonical_domains >= |
1998 | MAX_CANON_DOMAINS32) { |
1999 | error("%s line %d: too many hostname suffixes.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2000, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many hostname suffixes." , filename, linenum) |
2000 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2000, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many hostname suffixes." , filename, linenum); |
2001 | goto out; |
2002 | } |
2003 | options->canonical_domains[ |
2004 | options->num_canonical_domains++] = xstrdup(arg); |
2005 | } |
2006 | break; |
2007 | |
2008 | case oCanonicalizePermittedCNAMEs: |
2009 | value = options->num_permitted_cnames != 0; |
2010 | i = 0; |
2011 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
2012 | /* |
2013 | * Either 'none' (only in first position), '*' for |
2014 | * everything or 'list:list' |
2015 | */ |
2016 | if (strcasecmp(arg, "none") == 0) { |
2017 | if (i > 0 || ac > 0) { |
2018 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2020, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2019 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2020, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2020 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2020, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
2021 | goto out; |
2022 | } |
2023 | arg2 = ""; |
2024 | } else if (strcmp(arg, "*") == 0) { |
2025 | arg2 = arg; |
2026 | } else { |
2027 | lowercase(arg); |
2028 | if ((arg2 = strchr(arg, ':')) == NULL((void *)0) || |
2029 | arg2[1] == '\0') { |
2030 | error("%s line %d: "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2032, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg) |
2031 | "Invalid permitted CNAME \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2032, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg) |
2032 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2032, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg); |
2033 | goto out; |
2034 | } |
2035 | *arg2 = '\0'; |
2036 | arg2++; |
2037 | } |
2038 | i++; |
2039 | if (!*activep || value) |
2040 | continue; |
2041 | if (options->num_permitted_cnames >= |
2042 | MAX_CANON_DOMAINS32) { |
2043 | error("%s line %d: too many permitted CNAMEs.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2044, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many permitted CNAMEs." , filename, linenum) |
2044 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2044, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many permitted CNAMEs." , filename, linenum); |
2045 | goto out; |
2046 | } |
2047 | cname = options->permitted_cnames + |
2048 | options->num_permitted_cnames++; |
2049 | cname->source_list = xstrdup(arg); |
2050 | cname->target_list = xstrdup(arg2); |
2051 | } |
2052 | break; |
2053 | |
2054 | case oCanonicalizeHostname: |
2055 | intptr = &options->canonicalize_hostname; |
2056 | multistate_ptr = multistate_canonicalizehostname; |
2057 | goto parse_multistate; |
2058 | |
2059 | case oCanonicalizeMaxDots: |
2060 | intptr = &options->canonicalize_max_dots; |
2061 | goto parse_int; |
2062 | |
2063 | case oCanonicalizeFallbackLocal: |
2064 | intptr = &options->canonicalize_fallback_local; |
2065 | goto parse_flag; |
2066 | |
2067 | case oStreamLocalBindMask: |
2068 | arg = argv_next(&ac, &av); |
2069 | if (!arg || *arg == '\0') { |
2070 | error("%.200s line %d: Missing StreamLocalBindMask "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2071, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing StreamLocalBindMask " "argument.", filename, linenum) |
2071 | "argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2071, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing StreamLocalBindMask " "argument.", filename, linenum); |
2072 | goto out; |
2073 | } |
2074 | /* Parse mode in octal format */ |
2075 | value = strtol(arg, &endofnumber, 8); |
2076 | if (arg == endofnumber || value < 0 || value > 0777) { |
2077 | error("%.200s line %d: Bad mask.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2077, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad mask." , filename, linenum); |
2078 | goto out; |
2079 | } |
2080 | options->fwd_opts.streamlocal_bind_mask = (mode_t)value; |
2081 | break; |
2082 | |
2083 | case oStreamLocalBindUnlink: |
2084 | intptr = &options->fwd_opts.streamlocal_bind_unlink; |
2085 | goto parse_flag; |
2086 | |
2087 | case oRevokedHostKeys: |
2088 | charptr = &options->revoked_host_keys; |
2089 | goto parse_string; |
2090 | |
2091 | case oFingerprintHash: |
2092 | intptr = &options->fingerprint_hash; |
2093 | arg = argv_next(&ac, &av); |
2094 | if (!arg || *arg == '\0') { |
2095 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2096, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
2096 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2096, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
2097 | goto out; |
2098 | } |
2099 | if ((value = ssh_digest_alg_by_name(arg)) == -1) { |
2100 | error("%.200s line %d: Invalid hash algorithm \"%s\".",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2101, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid hash algorithm \"%s\"." , filename, linenum, arg) |
2101 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2101, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid hash algorithm \"%s\"." , filename, linenum, arg); |
2102 | goto out; |
2103 | } |
2104 | if (*activep && *intptr == -1) |
2105 | *intptr = value; |
2106 | break; |
2107 | |
2108 | case oUpdateHostkeys: |
2109 | intptr = &options->update_hostkeys; |
2110 | multistate_ptr = multistate_yesnoask; |
2111 | goto parse_multistate; |
2112 | |
2113 | case oHostbasedAcceptedAlgorithms: |
2114 | charptr = &options->hostbased_accepted_algos; |
2115 | goto parse_pubkey_algos; |
2116 | |
2117 | case oPubkeyAcceptedAlgorithms: |
2118 | charptr = &options->pubkey_accepted_algos; |
2119 | goto parse_pubkey_algos; |
2120 | |
2121 | case oAddKeysToAgent: |
2122 | arg = argv_next(&ac, &av); |
2123 | arg2 = argv_next(&ac, &av); |
2124 | value = parse_multistate_value(arg, filename, linenum, |
2125 | multistate_yesnoaskconfirm); |
2126 | value2 = 0; /* unlimited lifespan by default */ |
2127 | if (value == 3 && arg2 != NULL((void *)0)) { |
2128 | /* allow "AddKeysToAgent confirm 5m" */ |
2129 | if ((value2 = convtime(arg2)) == -1 || |
2130 | value2 > INT_MAX2147483647) { |
2131 | error("%s line %d: invalid time value.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2132, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum) |
2132 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2132, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum); |
2133 | goto out; |
2134 | } |
2135 | } else if (value == -1 && arg2 == NULL((void *)0)) { |
2136 | if ((value2 = convtime(arg)) == -1 || |
2137 | value2 > INT_MAX2147483647) { |
2138 | error("%s line %d: unsupported option",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2139, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum) |
2139 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2139, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum); |
2140 | goto out; |
2141 | } |
2142 | value = 1; /* yes */ |
2143 | } else if (value == -1 || arg2 != NULL((void *)0)) { |
2144 | error("%s line %d: unsupported option",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2145, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum) |
2145 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2145, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum); |
2146 | goto out; |
2147 | } |
2148 | if (*activep && options->add_keys_to_agent == -1) { |
2149 | options->add_keys_to_agent = value; |
2150 | options->add_keys_to_agent_lifespan = value2; |
2151 | } |
2152 | break; |
2153 | |
2154 | case oIdentityAgent: |
2155 | charptr = &options->identity_agent; |
2156 | arg = argv_next(&ac, &av); |
2157 | if (!arg || *arg == '\0') { |
2158 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2159, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
2159 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2159, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
2160 | goto out; |
2161 | } |
2162 | parse_agent_path: |
2163 | /* Extra validation if the string represents an env var. */ |
2164 | if ((arg2 = dollar_expand(&r, arg)) == NULL((void *)0) || r) { |
2165 | error("%.200s line %d: Invalid environment expansion "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2166, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment expansion " "%s.", filename, linenum, arg) |
2166 | "%s.", filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2166, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment expansion " "%s.", filename, linenum, arg); |
2167 | goto out; |
2168 | } |
2169 | free(arg2); |
2170 | /* check for legacy environment format */ |
2171 | if (arg[0] == '$' && arg[1] != '{' && |
2172 | !valid_env_name(arg + 1)) { |
2173 | error("%.200s line %d: Invalid environment name %s.",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2174, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment name %s." , filename, linenum, arg) |
2174 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2174, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment name %s." , filename, linenum, arg); |
2175 | goto out; |
2176 | } |
2177 | if (*activep && *charptr == NULL((void *)0)) |
2178 | *charptr = xstrdup(arg); |
2179 | break; |
2180 | |
2181 | case oDeprecated: |
2182 | debug("%s line %d: Deprecated option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2183, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Deprecated option \"%s\"" , filename, linenum, keyword) |
2183 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2183, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Deprecated option \"%s\"" , filename, linenum, keyword); |
2184 | argv_consume(&ac); |
2185 | break; |
2186 | |
2187 | case oUnsupported: |
2188 | error("%s line %d: Unsupported option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2189, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unsupported option \"%s\"" , filename, linenum, keyword) |
2189 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2189, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unsupported option \"%s\"" , filename, linenum, keyword); |
2190 | argv_consume(&ac); |
2191 | break; |
2192 | |
2193 | default: |
2194 | error("%s line %d: Unimplemented opcode %d",sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2195, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unimplemented opcode %d" , filename, linenum, opcode) |
2195 | filename, linenum, opcode)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2195, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unimplemented opcode %d" , filename, linenum, opcode); |
2196 | goto out; |
2197 | } |
2198 | |
2199 | /* Check that there is no garbage at end of line. */ |
2200 | if (ac > 0) { |
2201 | error("%.200s line %d: keyword %s extra arguments "sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2202, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: keyword %s extra arguments " "at end of line", filename, linenum, keyword) |
2202 | "at end of line", filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2202, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: keyword %s extra arguments " "at end of line", filename, linenum, keyword); |
2203 | goto out; |
2204 | } |
2205 | |
2206 | /* success */ |
2207 | ret = 0; |
2208 | out: |
2209 | argv_free(oav, oac); |
2210 | return ret; |
2211 | } |
2212 | |
2213 | /* |
2214 | * Reads the config file and modifies the options accordingly. Options |
2215 | * should already be initialized before this call. This never returns if |
2216 | * there is an error. If the file does not exist, this returns 0. |
2217 | */ |
2218 | int |
2219 | read_config_file(const char *filename, struct passwd *pw, const char *host, |
2220 | const char *original_host, Options *options, int flags, |
2221 | int *want_final_pass) |
2222 | { |
2223 | int active = 1; |
2224 | |
2225 | return read_config_file_depth(filename, pw, host, original_host, |
2226 | options, flags, &active, want_final_pass, 0); |
2227 | } |
2228 | |
2229 | #define READCONF_MAX_DEPTH16 16 |
2230 | static int |
2231 | read_config_file_depth(const char *filename, struct passwd *pw, |
2232 | const char *host, const char *original_host, Options *options, |
2233 | int flags, int *activep, int *want_final_pass, int depth) |
2234 | { |
2235 | FILE *f; |
2236 | char *line = NULL((void *)0); |
2237 | size_t linesize = 0; |
2238 | int linenum; |
2239 | int bad_options = 0; |
2240 | |
2241 | if (depth < 0 || depth > READCONF_MAX_DEPTH16) |
2242 | fatal("Too many recursive configuration includes")sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2242, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many recursive configuration includes" ); |
2243 | |
2244 | if ((f = fopen(filename, "r")) == NULL((void *)0)) |
2245 | return 0; |
2246 | |
2247 | if (flags & SSHCONF_CHECKPERM1) { |
2248 | struct stat sb; |
2249 | |
2250 | if (fstat(fileno(f)(!__isthreaded ? ((f)->_file) : (fileno)(f)), &sb) == -1) |
2251 | fatal("fstat %s: %s", filename, strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2251, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fstat %s: %s", filename , strerror((*__errno()))); |
2252 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || |
2253 | (sb.st_mode & 022) != 0)) |
2254 | fatal("Bad owner or permissions on %s", filename)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2254, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Bad owner or permissions on %s" , filename); |
2255 | } |
2256 | |
2257 | debug("Reading configuration data %.200s", filename)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2257, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Reading configuration data %.200s" , filename); |
2258 | |
2259 | /* |
2260 | * Mark that we are now processing the options. This flag is turned |
2261 | * on/off by Host specifications. |
2262 | */ |
2263 | linenum = 0; |
2264 | while (getline(&line, &linesize, f) != -1) { |
2265 | /* Update line number counter. */ |
2266 | linenum++; |
2267 | /* |
2268 | * Trim out comments and strip whitespace. |
2269 | * NB - preserve newlines, they are needed to reproduce |
2270 | * line numbers later for error messages. |
2271 | */ |
2272 | if (process_config_line_depth(options, pw, host, original_host, |
2273 | line, filename, linenum, activep, flags, want_final_pass, |
2274 | depth) != 0) |
2275 | bad_options++; |
2276 | } |
2277 | free(line); |
2278 | fclose(f); |
2279 | if (bad_options > 0) |
2280 | fatal("%s: terminating, %d bad configuration options",sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2281, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s: terminating, %d bad configuration options" , filename, bad_options) |
2281 | filename, bad_options)sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2281, 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s: terminating, %d bad configuration options" , filename, bad_options); |
2282 | return 1; |
2283 | } |
2284 | |
2285 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
2286 | int |
2287 | option_clear_or_none(const char *o) |
2288 | { |
2289 | return o == NULL((void *)0) || strcasecmp(o, "none") == 0; |
2290 | } |
2291 | |
2292 | /* |
2293 | * Returns 1 if CanonicalizePermittedCNAMEs have been specified, 0 otherwise. |
2294 | * Allowed to be called on non-final configuration. |
2295 | */ |
2296 | int |
2297 | config_has_permitted_cnames(Options *options) |
2298 | { |
2299 | if (options->num_permitted_cnames == 1 && |
2300 | strcasecmp(options->permitted_cnames[0].source_list, "none") == 0 && |
2301 | strcmp(options->permitted_cnames[0].target_list, "") == 0) |
2302 | return 0; |
2303 | return options->num_permitted_cnames > 0; |
2304 | } |
2305 | |
2306 | /* |
2307 | * Initializes options to special values that indicate that they have not yet |
2308 | * been set. Read_config_file will only set options with this value. Options |
2309 | * are processed in the following order: command line, user config file, |
2310 | * system config file. Last, fill_default_options is called. |
2311 | */ |
2312 | |
2313 | void |
2314 | initialize_options(Options * options) |
2315 | { |
2316 | memset(options, 'X', sizeof(*options)); |
2317 | options->forward_agent = -1; |
2318 | options->forward_agent_sock_path = NULL((void *)0); |
2319 | options->forward_x11 = -1; |
2320 | options->forward_x11_trusted = -1; |
2321 | options->forward_x11_timeout = -1; |
2322 | options->stdio_forward_host = NULL((void *)0); |
2323 | options->stdio_forward_port = 0; |
2324 | options->clear_forwardings = -1; |
2325 | options->exit_on_forward_failure = -1; |
2326 | options->xauth_location = NULL((void *)0); |
2327 | options->fwd_opts.gateway_ports = -1; |
2328 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
2329 | options->fwd_opts.streamlocal_bind_unlink = -1; |
2330 | options->pubkey_authentication = -1; |
2331 | options->gss_authentication = -1; |
2332 | options->gss_deleg_creds = -1; |
2333 | options->password_authentication = -1; |
2334 | options->kbd_interactive_authentication = -1; |
2335 | options->kbd_interactive_devices = NULL((void *)0); |
2336 | options->hostbased_authentication = -1; |
2337 | options->batch_mode = -1; |
2338 | options->check_host_ip = -1; |
2339 | options->strict_host_key_checking = -1; |
2340 | options->compression = -1; |
2341 | options->tcp_keep_alive = -1; |
2342 | options->port = -1; |
2343 | options->address_family = -1; |
2344 | options->connection_attempts = -1; |
2345 | options->connection_timeout = -1; |
2346 | options->number_of_password_prompts = -1; |
2347 | options->ciphers = NULL((void *)0); |
2348 | options->macs = NULL((void *)0); |
2349 | options->kex_algorithms = NULL((void *)0); |
2350 | options->hostkeyalgorithms = NULL((void *)0); |
2351 | options->ca_sign_algorithms = NULL((void *)0); |
2352 | options->num_identity_files = 0; |
2353 | memset(options->identity_keys, 0, sizeof(options->identity_keys)); |
2354 | options->num_certificate_files = 0; |
2355 | memset(options->certificates, 0, sizeof(options->certificates)); |
2356 | options->hostname = NULL((void *)0); |
2357 | options->host_key_alias = NULL((void *)0); |
2358 | options->proxy_command = NULL((void *)0); |
2359 | options->jump_user = NULL((void *)0); |
2360 | options->jump_host = NULL((void *)0); |
2361 | options->jump_port = -1; |
2362 | options->jump_extra = NULL((void *)0); |
2363 | options->user = NULL((void *)0); |
2364 | options->escape_char = -1; |
2365 | options->num_system_hostfiles = 0; |
2366 | options->num_user_hostfiles = 0; |
2367 | options->local_forwards = NULL((void *)0); |
2368 | options->num_local_forwards = 0; |
2369 | options->remote_forwards = NULL((void *)0); |
2370 | options->num_remote_forwards = 0; |
2371 | options->permitted_remote_opens = NULL((void *)0); |
2372 | options->num_permitted_remote_opens = 0; |
2373 | options->log_facility = SYSLOG_FACILITY_NOT_SET; |
2374 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
2375 | options->num_log_verbose = 0; |
2376 | options->log_verbose = NULL((void *)0); |
2377 | options->preferred_authentications = NULL((void *)0); |
2378 | options->bind_address = NULL((void *)0); |
2379 | options->bind_interface = NULL((void *)0); |
2380 | options->pkcs11_provider = NULL((void *)0); |
2381 | options->sk_provider = NULL((void *)0); |
2382 | options->enable_ssh_keysign = - 1; |
2383 | options->no_host_authentication_for_localhost = - 1; |
2384 | options->identities_only = - 1; |
2385 | options->rekey_limit = - 1; |
2386 | options->rekey_interval = -1; |
2387 | options->verify_host_key_dns = -1; |
2388 | options->server_alive_interval = -1; |
2389 | options->server_alive_count_max = -1; |
2390 | options->send_env = NULL((void *)0); |
2391 | options->num_send_env = 0; |
2392 | options->setenv = NULL((void *)0); |
2393 | options->num_setenv = 0; |
2394 | options->control_path = NULL((void *)0); |
2395 | options->control_master = -1; |
2396 | options->control_persist = -1; |
2397 | options->control_persist_timeout = 0; |
2398 | options->hash_known_hosts = -1; |
2399 | options->tun_open = -1; |
2400 | options->tun_local = -1; |
2401 | options->tun_remote = -1; |
2402 | options->local_command = NULL((void *)0); |
2403 | options->permit_local_command = -1; |
2404 | options->remote_command = NULL((void *)0); |
2405 | options->add_keys_to_agent = -1; |
2406 | options->add_keys_to_agent_lifespan = -1; |
2407 | options->identity_agent = NULL((void *)0); |
2408 | options->visual_host_key = -1; |
2409 | options->ip_qos_interactive = -1; |
2410 | options->ip_qos_bulk = -1; |
2411 | options->request_tty = -1; |
2412 | options->session_type = -1; |
2413 | options->stdin_null = -1; |
2414 | options->fork_after_authentication = -1; |
2415 | options->proxy_use_fdpass = -1; |
2416 | options->ignored_unknown = NULL((void *)0); |
2417 | options->num_canonical_domains = 0; |
2418 | options->num_permitted_cnames = 0; |
2419 | options->canonicalize_max_dots = -1; |
2420 | options->canonicalize_fallback_local = -1; |
2421 | options->canonicalize_hostname = -1; |
2422 | options->revoked_host_keys = NULL((void *)0); |
2423 | options->fingerprint_hash = -1; |
2424 | options->update_hostkeys = -1; |
2425 | options->hostbased_accepted_algos = NULL((void *)0); |
2426 | options->pubkey_accepted_algos = NULL((void *)0); |
2427 | options->known_hosts_command = NULL((void *)0); |
2428 | } |
2429 | |
2430 | /* |
2431 | * A petite version of fill_default_options() that just fills the options |
2432 | * needed for hostname canonicalization to proceed. |
2433 | */ |
2434 | void |
2435 | fill_default_options_for_canonicalization(Options *options) |
2436 | { |
2437 | if (options->canonicalize_max_dots == -1) |
2438 | options->canonicalize_max_dots = 1; |
2439 | if (options->canonicalize_fallback_local == -1) |
2440 | options->canonicalize_fallback_local = 1; |
2441 | if (options->canonicalize_hostname == -1) |
2442 | options->canonicalize_hostname = SSH_CANONICALISE_NO0; |
2443 | } |
2444 | |
2445 | /* |
2446 | * Called after processing other sources of option data, this fills those |
2447 | * options for which no value has been specified with their default values. |
2448 | */ |
2449 | int |
2450 | fill_default_options(Options * options) |
2451 | { |
2452 | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
2453 | char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; |
2454 | int ret = 0, r; |
2455 | |
2456 | if (options->forward_agent == -1) |
2457 | options->forward_agent = 0; |
2458 | if (options->forward_x11 == -1) |
2459 | options->forward_x11 = 0; |
2460 | if (options->forward_x11_trusted == -1) |
2461 | options->forward_x11_trusted = 0; |
2462 | if (options->forward_x11_timeout == -1) |
2463 | options->forward_x11_timeout = 1200; |
2464 | /* |
2465 | * stdio forwarding (-W) changes the default for these but we defer |
2466 | * setting the values so they can be overridden. |
2467 | */ |
2468 | if (options->exit_on_forward_failure == -1) |
2469 | options->exit_on_forward_failure = |
2470 | options->stdio_forward_host != NULL((void *)0) ? 1 : 0; |
2471 | if (options->clear_forwardings == -1) |
2472 | options->clear_forwardings = |
2473 | options->stdio_forward_host != NULL((void *)0) ? 1 : 0; |
2474 | if (options->clear_forwardings == 1) |
2475 | clear_forwardings(options); |
2476 | |
2477 | if (options->xauth_location == NULL((void *)0)) |
2478 | options->xauth_location = xstrdup(_PATH_XAUTH"/usr/X11R6/bin/xauth"); |
2479 | if (options->fwd_opts.gateway_ports == -1) |
2480 | options->fwd_opts.gateway_ports = 0; |
2481 | if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) |
2482 | options->fwd_opts.streamlocal_bind_mask = 0177; |
2483 | if (options->fwd_opts.streamlocal_bind_unlink == -1) |
2484 | options->fwd_opts.streamlocal_bind_unlink = 0; |
2485 | if (options->pubkey_authentication == -1) |
2486 | options->pubkey_authentication = SSH_PUBKEY_AUTH_ALL0x03; |
2487 | if (options->gss_authentication == -1) |
2488 | options->gss_authentication = 0; |
2489 | if (options->gss_deleg_creds == -1) |
2490 | options->gss_deleg_creds = 0; |
2491 | if (options->password_authentication == -1) |
2492 | options->password_authentication = 1; |
2493 | if (options->kbd_interactive_authentication == -1) |
2494 | options->kbd_interactive_authentication = 1; |
2495 | if (options->hostbased_authentication == -1) |
2496 | options->hostbased_authentication = 0; |
2497 | if (options->batch_mode == -1) |
2498 | options->batch_mode = 0; |
2499 | if (options->check_host_ip == -1) |
2500 | options->check_host_ip = 0; |
2501 | if (options->strict_host_key_checking == -1) |
2502 | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK3; |
2503 | if (options->compression == -1) |
2504 | options->compression = 0; |
2505 | if (options->tcp_keep_alive == -1) |
2506 | options->tcp_keep_alive = 1; |
2507 | if (options->port == -1) |
2508 | options->port = 0; /* Filled in ssh_connect. */ |
2509 | if (options->address_family == -1) |
2510 | options->address_family = AF_UNSPEC0; |
2511 | if (options->connection_attempts == -1) |
2512 | options->connection_attempts = 1; |
2513 | if (options->number_of_password_prompts == -1) |
2514 | options->number_of_password_prompts = 3; |
2515 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
2516 | if (options->add_keys_to_agent == -1) { |
2517 | options->add_keys_to_agent = 0; |
2518 | options->add_keys_to_agent_lifespan = 0; |
2519 | } |
2520 | if (options->num_identity_files == 0) { |
2521 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA".ssh" "/id_rsa", 0); |
2522 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA".ssh" "/id_dsa", 0); |
2523 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA".ssh" "/id_ecdsa", 0); |
2524 | add_identity_file(options, "~/", |
2525 | _PATH_SSH_CLIENT_ID_ECDSA_SK".ssh" "/id_ecdsa_sk", 0); |
2526 | add_identity_file(options, "~/", |
2527 | _PATH_SSH_CLIENT_ID_ED25519".ssh" "/id_ed25519", 0); |
2528 | add_identity_file(options, "~/", |
2529 | _PATH_SSH_CLIENT_ID_ED25519_SK".ssh" "/id_ed25519_sk", 0); |
2530 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS".ssh" "/id_xmss", 0); |
2531 | } |
2532 | if (options->escape_char == -1) |
2533 | options->escape_char = '~'; |
2534 | if (options->num_system_hostfiles == 0) { |
2535 | options->system_hostfiles[options->num_system_hostfiles++] = |
2536 | xstrdup(_PATH_SSH_SYSTEM_HOSTFILE"/etc" "/ssh" "/ssh_known_hosts"); |
2537 | options->system_hostfiles[options->num_system_hostfiles++] = |
2538 | xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2"/etc" "/ssh" "/ssh_known_hosts2"); |
2539 | } |
2540 | if (options->update_hostkeys == -1) { |
2541 | if (options->verify_host_key_dns <= 0 && |
2542 | (options->num_user_hostfiles == 0 || |
2543 | (options->num_user_hostfiles == 1 && strcmp(options-> |
2544 | user_hostfiles[0], _PATH_SSH_USER_HOSTFILE"~/" ".ssh" "/known_hosts") == 0))) |
2545 | options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES1; |
2546 | else |
2547 | options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO0; |
2548 | } |
2549 | if (options->num_user_hostfiles == 0) { |
2550 | options->user_hostfiles[options->num_user_hostfiles++] = |
2551 | xstrdup(_PATH_SSH_USER_HOSTFILE"~/" ".ssh" "/known_hosts"); |
2552 | options->user_hostfiles[options->num_user_hostfiles++] = |
2553 | xstrdup(_PATH_SSH_USER_HOSTFILE2"~/" ".ssh" "/known_hosts2"); |
2554 | } |
2555 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
2556 | options->log_level = SYSLOG_LEVEL_INFO; |
2557 | if (options->log_facility == SYSLOG_FACILITY_NOT_SET) |
2558 | options->log_facility = SYSLOG_FACILITY_USER; |
2559 | if (options->no_host_authentication_for_localhost == - 1) |
2560 | options->no_host_authentication_for_localhost = 0; |
2561 | if (options->identities_only == -1) |
2562 | options->identities_only = 0; |
2563 | if (options->enable_ssh_keysign == -1) |
2564 | options->enable_ssh_keysign = 0; |
2565 | if (options->rekey_limit == -1) |
2566 | options->rekey_limit = 0; |
2567 | if (options->rekey_interval == -1) |
2568 | options->rekey_interval = 0; |
2569 | if (options->verify_host_key_dns == -1) |
2570 | options->verify_host_key_dns = 0; |
2571 | if (options->server_alive_interval == -1) |
2572 | options->server_alive_interval = 0; |
2573 | if (options->server_alive_count_max == -1) |
2574 | options->server_alive_count_max = 3; |
2575 | if (options->control_master == -1) |
2576 | options->control_master = 0; |
2577 | if (options->control_persist == -1) { |
2578 | options->control_persist = 0; |
2579 | options->control_persist_timeout = 0; |
2580 | } |
2581 | if (options->hash_known_hosts == -1) |
2582 | options->hash_known_hosts = 0; |
2583 | if (options->tun_open == -1) |
2584 | options->tun_open = SSH_TUNMODE_NO0x00; |
2585 | if (options->tun_local == -1) |
2586 | options->tun_local = SSH_TUNID_ANY0x7fffffff; |
2587 | if (options->tun_remote == -1) |
2588 | options->tun_remote = SSH_TUNID_ANY0x7fffffff; |
2589 | if (options->permit_local_command == -1) |
2590 | options->permit_local_command = 0; |
2591 | if (options->visual_host_key == -1) |
2592 | options->visual_host_key = 0; |
2593 | if (options->ip_qos_interactive == -1) |
2594 | options->ip_qos_interactive = IPTOS_DSCP_AF210x48; |
2595 | if (options->ip_qos_bulk == -1) |
2596 | options->ip_qos_bulk = IPTOS_DSCP_CS10x20; |
2597 | if (options->request_tty == -1) |
2598 | options->request_tty = REQUEST_TTY_AUTO0; |
2599 | if (options->session_type == -1) |
2600 | options->session_type = SESSION_TYPE_DEFAULT2; |
2601 | if (options->stdin_null == -1) |
2602 | options->stdin_null = 0; |
2603 | if (options->fork_after_authentication == -1) |
2604 | options->fork_after_authentication = 0; |
2605 | if (options->proxy_use_fdpass == -1) |
2606 | options->proxy_use_fdpass = 0; |
2607 | if (options->canonicalize_max_dots == -1) |
2608 | options->canonicalize_max_dots = 1; |
2609 | if (options->canonicalize_fallback_local == -1) |
2610 | options->canonicalize_fallback_local = 1; |
2611 | if (options->canonicalize_hostname == -1) |
2612 | options->canonicalize_hostname = SSH_CANONICALISE_NO0; |
2613 | if (options->fingerprint_hash == -1) |
2614 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT2; |
2615 | if (options->sk_provider == NULL((void *)0)) |
2616 | options->sk_provider = xstrdup("internal"); |
2617 | |
2618 | /* Expand KEX name lists */ |
2619 | all_cipher = cipher_alg_list(',', 0); |
2620 | all_mac = mac_alg_list(','); |
2621 | all_kex = kex_alg_list(','); |
2622 | all_key = sshkey_alg_list(0, 0, 1, ','); |
2623 | all_sig = sshkey_alg_list(0, 1, 1, ','); |
2624 | /* remove unsupported algos from default lists */ |
2625 | def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT"chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr," "aes128-gcm@openssh.com,aes256-gcm@openssh.com", all_cipher); |
2626 | def_mac = match_filter_allowlist(KEX_CLIENT_MAC"umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", all_mac); |
2627 | def_kex = match_filter_allowlist(KEX_CLIENT_KEX"curve25519-sha256," "curve25519-sha256@libssh.org," "ecdh-sha2-nistp256," "ecdh-sha2-nistp384," "ecdh-sha2-nistp521," "sntrup761x25519-sha512@openssh.com," "diffie-hellman-group-exchange-sha256," "diffie-hellman-group16-sha512," "diffie-hellman-group18-sha512," "diffie-hellman-group14-sha256", all_kex); |
2628 | def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG"ssh-ed25519-cert-v01@openssh.com," "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "sk-ssh-ed25519-cert-v01@openssh.com," "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_key); |
2629 | def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS"ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_sig); |
2630 | #define ASSEMBLE(what, defaults, all) \ |
2631 | do { \ |
2632 | if ((r = kex_assemble_names(&options->what, \ |
2633 | defaults, all)) != 0) { \ |
2634 | error_fr(r, "%s", #what)sshlog("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 2634, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s", #what); \ |
2635 | goto fail; \ |
2636 | } \ |
2637 | } while (0) |
2638 | ASSEMBLE(ciphers, def_cipher, all_cipher); |
2639 | ASSEMBLE(macs, def_mac, all_mac); |
2640 | ASSEMBLE(kex_algorithms, def_kex, all_kex); |
2641 | ASSEMBLE(hostbased_accepted_algos, def_key, all_key); |
2642 | ASSEMBLE(pubkey_accepted_algos, def_key, all_key); |
2643 | ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); |
2644 | #undef ASSEMBLE |
2645 | |
2646 | #define CLEAR_ON_NONE(v)do { if (option_clear_or_none(v)) { free(v); v = ((void *)0); } } while(0) \ |
2647 | do { \ |
2648 | if (option_clear_or_none(v)) { \ |
2649 | free(v); \ |
2650 | v = NULL((void *)0); \ |
2651 | } \ |
2652 | } while(0) |
2653 | CLEAR_ON_NONE(options->local_command)do { if (option_clear_or_none(options->local_command)) { free (options->local_command); options->local_command = ((void *)0); } } while(0); |
2654 | CLEAR_ON_NONE(options->remote_command)do { if (option_clear_or_none(options->remote_command)) { free (options->remote_command); options->remote_command = (( void *)0); } } while(0); |
2655 | CLEAR_ON_NONE(options->proxy_command)do { if (option_clear_or_none(options->proxy_command)) { free (options->proxy_command); options->proxy_command = ((void *)0); } } while(0); |
2656 | CLEAR_ON_NONE(options->control_path)do { if (option_clear_or_none(options->control_path)) { free (options->control_path); options->control_path = ((void *)0); } } while(0); |
2657 | CLEAR_ON_NONE(options->revoked_host_keys)do { if (option_clear_or_none(options->revoked_host_keys)) { free(options->revoked_host_keys); options->revoked_host_keys = ((void *)0); } } while(0); |
2658 | CLEAR_ON_NONE(options->pkcs11_provider)do { if (option_clear_or_none(options->pkcs11_provider)) { free(options->pkcs11_provider); options->pkcs11_provider = ((void *)0); } } while(0); |
2659 | CLEAR_ON_NONE(options->sk_provider)do { if (option_clear_or_none(options->sk_provider)) { free (options->sk_provider); options->sk_provider = ((void * )0); } } while(0); |
2660 | CLEAR_ON_NONE(options->known_hosts_command)do { if (option_clear_or_none(options->known_hosts_command )) { free(options->known_hosts_command); options->known_hosts_command = ((void *)0); } } while(0); |
2661 | if (options->jump_host != NULL((void *)0) && |
2662 | strcmp(options->jump_host, "none") == 0 && |
2663 | options->jump_port == 0 && options->jump_user == NULL((void *)0)) { |
2664 | free(options->jump_host); |
2665 | options->jump_host = NULL((void *)0); |
2666 | } |
2667 | if (options->num_permitted_cnames == 1 && |
2668 | !config_has_permitted_cnames(options)) { |
2669 | /* clean up CanonicalizePermittedCNAMEs=none */ |
2670 | free(options->permitted_cnames[0].source_list); |
2671 | free(options->permitted_cnames[0].target_list); |
2672 | memset(options->permitted_cnames, '\0', |
2673 | sizeof(*options->permitted_cnames)); |
2674 | options->num_permitted_cnames = 0; |
2675 | } |
2676 | /* options->identity_agent distinguishes NULL from 'none' */ |
2677 | /* options->user will be set in the main program if appropriate */ |
2678 | /* options->hostname will be set in the main program if appropriate */ |
2679 | /* options->host_key_alias should not be set by default */ |
2680 | /* options->preferred_authentications will be set in ssh */ |
2681 | |
2682 | /* success */ |
2683 | ret = 0; |
2684 | fail: |
2685 | free(all_cipher); |
2686 | free(all_mac); |
2687 | free(all_kex); |
2688 | free(all_key); |
2689 | free(all_sig); |
2690 | free(def_cipher); |
2691 | free(def_mac); |
2692 | free(def_kex); |
2693 | free(def_key); |
2694 | free(def_sig); |
2695 | return ret; |
2696 | } |
2697 | |
2698 | void |
2699 | free_options(Options *o) |
2700 | { |
2701 | int i; |
2702 | |
2703 | if (o == NULL((void *)0)) |
2704 | return; |
2705 | |
2706 | #define FREE_ARRAY(type, n, a) \ |
2707 | do { \ |
2708 | type _i; \ |
2709 | for (_i = 0; _i < (n); _i++) \ |
2710 | free((a)[_i]); \ |
2711 | } while (0) |
2712 | |
2713 | free(o->forward_agent_sock_path); |
2714 | free(o->xauth_location); |
2715 | FREE_ARRAY(u_int, o->num_log_verbose, o->log_verbose); |
2716 | free(o->log_verbose); |
2717 | free(o->ciphers); |
2718 | free(o->macs); |
2719 | free(o->hostkeyalgorithms); |
2720 | free(o->kex_algorithms); |
2721 | free(o->ca_sign_algorithms); |
2722 | free(o->hostname); |
2723 | free(o->host_key_alias); |
2724 | free(o->proxy_command); |
2725 | free(o->user); |
2726 | FREE_ARRAY(u_int, o->num_system_hostfiles, o->system_hostfiles); |
2727 | FREE_ARRAY(u_int, o->num_user_hostfiles, o->user_hostfiles); |
2728 | free(o->preferred_authentications); |
2729 | free(o->bind_address); |
2730 | free(o->bind_interface); |
2731 | free(o->pkcs11_provider); |
2732 | free(o->sk_provider); |
2733 | for (i = 0; i < o->num_identity_files; i++) { |
2734 | free(o->identity_files[i]); |
2735 | sshkey_free(o->identity_keys[i]); |
2736 | } |
2737 | for (i = 0; i < o->num_certificate_files; i++) { |
2738 | free(o->certificate_files[i]); |
2739 | sshkey_free(o->certificates[i]); |
2740 | } |
2741 | free(o->identity_agent); |
2742 | for (i = 0; i < o->num_local_forwards; i++) { |
2743 | free(o->local_forwards[i].listen_host); |
2744 | free(o->local_forwards[i].listen_path); |
2745 | free(o->local_forwards[i].connect_host); |
2746 | free(o->local_forwards[i].connect_path); |
2747 | } |
2748 | free(o->local_forwards); |
2749 | for (i = 0; i < o->num_remote_forwards; i++) { |
2750 | free(o->remote_forwards[i].listen_host); |
2751 | free(o->remote_forwards[i].listen_path); |
2752 | free(o->remote_forwards[i].connect_host); |
2753 | free(o->remote_forwards[i].connect_path); |
2754 | } |
2755 | free(o->remote_forwards); |
2756 | free(o->stdio_forward_host); |
2757 | FREE_ARRAY(int, o->num_send_env, o->send_env); |
2758 | free(o->send_env); |
2759 | FREE_ARRAY(int, o->num_setenv, o->setenv); |
2760 | free(o->setenv); |
2761 | free(o->control_path); |
2762 | free(o->local_command); |
2763 | free(o->remote_command); |
2764 | FREE_ARRAY(int, o->num_canonical_domains, o->canonical_domains); |
2765 | for (i = 0; i < o->num_permitted_cnames; i++) { |
2766 | free(o->permitted_cnames[i].source_list); |
2767 | free(o->permitted_cnames[i].target_list); |
2768 | } |
2769 | free(o->revoked_host_keys); |
2770 | free(o->hostbased_accepted_algos); |
2771 | free(o->pubkey_accepted_algos); |
2772 | free(o->jump_user); |
2773 | free(o->jump_host); |
2774 | free(o->jump_extra); |
2775 | free(o->ignored_unknown); |
2776 | explicit_bzero(o, sizeof(*o)); |
2777 | #undef FREE_ARRAY |
2778 | } |
2779 | |
2780 | struct fwdarg { |
2781 | char *arg; |
2782 | int ispath; |
2783 | }; |
2784 | |
2785 | /* |
2786 | * parse_fwd_field |
2787 | * parses the next field in a port forwarding specification. |
2788 | * sets fwd to the parsed field and advances p past the colon |
2789 | * or sets it to NULL at end of string. |
2790 | * returns 0 on success, else non-zero. |
2791 | */ |
2792 | static int |
2793 | parse_fwd_field(char **p, struct fwdarg *fwd) |
2794 | { |
2795 | char *ep, *cp = *p; |
2796 | int ispath = 0; |
2797 | |
2798 | if (*cp == '\0') { |
2799 | *p = NULL((void *)0); |
2800 | return -1; /* end of string */ |
2801 | } |
2802 | |
2803 | /* |
2804 | * A field escaped with square brackets is used literally. |
2805 | * XXX - allow ']' to be escaped via backslash? |
2806 | */ |
2807 | if (*cp == '[') { |
2808 | /* find matching ']' */ |
2809 | for (ep = cp + 1; *ep != ']' && *ep != '\0'; ep++) { |
2810 | if (*ep == '/') |
2811 | ispath = 1; |
2812 | } |
2813 | /* no matching ']' or not at end of field. */ |
2814 | if (ep[0] != ']' || (ep[1] != ':' && ep[1] != '\0')) |
2815 | return -1; |
2816 | /* NUL terminate the field and advance p past the colon */ |
2817 | *ep++ = '\0'; |
2818 | if (*ep != '\0') |
2819 | *ep++ = '\0'; |
2820 | fwd->arg = cp + 1; |
2821 | fwd->ispath = ispath; |
2822 | *p = ep; |
2823 | return 0; |
2824 | } |
2825 | |
2826 | for (cp = *p; *cp != '\0'; cp++) { |
2827 | switch (*cp) { |
2828 | case '\\': |
2829 | memmove(cp, cp + 1, strlen(cp + 1) + 1); |
2830 | if (*cp == '\0') |
2831 | return -1; |
2832 | break; |
2833 | case '/': |
2834 | ispath = 1; |
2835 | break; |
2836 | case ':': |
2837 | *cp++ = '\0'; |
2838 | goto done; |
2839 | } |
2840 | } |
2841 | done: |
2842 | fwd->arg = *p; |
2843 | fwd->ispath = ispath; |
2844 | *p = cp; |
2845 | return 0; |
2846 | } |
2847 | |
2848 | /* |
2849 | * parse_forward |
2850 | * parses a string containing a port forwarding specification of the form: |
2851 | * dynamicfwd == 0 |
2852 | * [listenhost:]listenport|listenpath:connecthost:connectport|connectpath |
2853 | * listenpath:connectpath |
2854 | * dynamicfwd == 1 |
2855 | * [listenhost:]listenport |
2856 | * returns number of arguments parsed or zero on error |
2857 | */ |
2858 | int |
2859 | parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) |
2860 | { |
2861 | struct fwdarg fwdargs[4]; |
2862 | char *p, *cp; |
2863 | int i, err; |
2864 | |
2865 | memset(fwd, 0, sizeof(*fwd)); |
2866 | memset(fwdargs, 0, sizeof(fwdargs)); |
2867 | |
2868 | /* |
2869 | * We expand environment variables before checking if we think they're |
2870 | * paths so that if ${VAR} expands to a fully qualified path it is |
2871 | * treated as a path. |
2872 | */ |
2873 | cp = p = dollar_expand(&err, fwdspec); |
2874 | if (p == NULL((void *)0) || err) |
2875 | return 0; |
2876 | |
2877 | /* skip leading spaces */ |
2878 | while (isspace((u_char)*cp)) |
2879 | cp++; |
2880 | |
2881 | for (i = 0; i < 4; ++i) { |
2882 | if (parse_fwd_field(&cp, &fwdargs[i]) != 0) |
2883 | break; |
2884 | } |
2885 | |
2886 | /* Check for trailing garbage */ |
2887 | if (cp != NULL((void *)0) && *cp != '\0') { |
2888 | i = 0; /* failure */ |
2889 | } |
2890 | |
2891 | switch (i) { |
2892 | case 1: |
2893 | if (fwdargs[0].ispath) { |
2894 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
2895 | fwd->listen_port = PORT_STREAMLOCAL-2; |
2896 | } else { |
2897 | fwd->listen_host = NULL((void *)0); |
2898 | fwd->listen_port = a2port(fwdargs[0].arg); |
2899 | } |
2900 | fwd->connect_host = xstrdup("socks"); |
2901 | break; |
2902 | |
2903 | case 2: |
2904 | if (fwdargs[0].ispath && fwdargs[1].ispath) { |
2905 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
2906 | fwd->listen_port = PORT_STREAMLOCAL-2; |
2907 | fwd->connect_path = xstrdup(fwdargs[1].arg); |
2908 | fwd->connect_port = PORT_STREAMLOCAL-2; |
2909 | } else if (fwdargs[1].ispath) { |
2910 | fwd->listen_host = NULL((void *)0); |
2911 | fwd->listen_port = a2port(fwdargs[0].arg); |
2912 | fwd->connect_path = xstrdup(fwdargs[1].arg); |
2913 | fwd->connect_port = PORT_STREAMLOCAL-2; |
2914 | } else { |
2915 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
2916 | fwd->listen_port = a2port(fwdargs[1].arg); |
2917 | fwd->connect_host = xstrdup("socks"); |
2918 | } |
2919 | break; |
2920 | |
2921 | case 3: |
2922 | if (fwdargs[0].ispath) { |
2923 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
2924 | fwd->listen_port = PORT_STREAMLOCAL-2; |
2925 | fwd->connect_host = xstrdup(fwdargs[1].arg); |
2926 | fwd->connect_port = a2port(fwdargs[2].arg); |
2927 | } else if (fwdargs[2].ispath) { |
2928 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
2929 | fwd->listen_port = a2port(fwdargs[1].arg); |
2930 | fwd->connect_path = xstrdup(fwdargs[2].arg); |
2931 | fwd->connect_port = PORT_STREAMLOCAL-2; |
2932 | } else { |
2933 | fwd->listen_host = NULL((void *)0); |
2934 | fwd->listen_port = a2port(fwdargs[0].arg); |
2935 | fwd->connect_host = xstrdup(fwdargs[1].arg); |
2936 | fwd->connect_port = a2port(fwdargs[2].arg); |
2937 | } |
2938 | break; |
2939 | |
2940 | case 4: |
2941 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
2942 | fwd->listen_port = a2port(fwdargs[1].arg); |
2943 | fwd->connect_host = xstrdup(fwdargs[2].arg); |
2944 | fwd->connect_port = a2port(fwdargs[3].arg); |
2945 | break; |
2946 | default: |
2947 | i = 0; /* failure */ |
2948 | } |
2949 | |
2950 | free(p); |
2951 | |
2952 | if (dynamicfwd) { |
2953 | if (!(i == 1 || i == 2)) |
2954 | goto fail_free; |
2955 | } else { |
2956 | if (!(i == 3 || i == 4)) { |
2957 | if (fwd->connect_path == NULL((void *)0) && |
2958 | fwd->listen_path == NULL((void *)0)) |
2959 | goto fail_free; |
2960 | } |
2961 | if (fwd->connect_port <= 0 && fwd->connect_path == NULL((void *)0)) |
2962 | goto fail_free; |
2963 | } |
2964 | |
2965 | if ((fwd->listen_port < 0 && fwd->listen_path == NULL((void *)0)) || |
2966 | (!remotefwd && fwd->listen_port == 0)) |
2967 | goto fail_free; |
2968 | if (fwd->connect_host != NULL((void *)0) && |
2969 | strlen(fwd->connect_host) >= NI_MAXHOST256) |
2970 | goto fail_free; |
2971 | /* |
2972 | * XXX - if connecting to a remote socket, max sun len may not |
2973 | * match this host |
2974 | */ |
2975 | if (fwd->connect_path != NULL((void *)0) && |
2976 | strlen(fwd->connect_path) >= PATH_MAX_SUN(sizeof((struct sockaddr_un *)0)->sun_path)) |
2977 | goto fail_free; |
2978 | if (fwd->listen_host != NULL((void *)0) && |
2979 | strlen(fwd->listen_host) >= NI_MAXHOST256) |
2980 | goto fail_free; |
2981 | if (fwd->listen_path != NULL((void *)0) && |
2982 | strlen(fwd->listen_path) >= PATH_MAX_SUN(sizeof((struct sockaddr_un *)0)->sun_path)) |
2983 | goto fail_free; |
2984 | |
2985 | return (i); |
2986 | |
2987 | fail_free: |
2988 | free(fwd->connect_host); |
2989 | fwd->connect_host = NULL((void *)0); |
2990 | free(fwd->connect_path); |
2991 | fwd->connect_path = NULL((void *)0); |
2992 | free(fwd->listen_host); |
2993 | fwd->listen_host = NULL((void *)0); |
2994 | free(fwd->listen_path); |
2995 | fwd->listen_path = NULL((void *)0); |
2996 | return (0); |
2997 | } |
2998 | |
2999 | int |
3000 | parse_jump(const char *s, Options *o, int active) |
3001 | { |
3002 | char *orig, *sdup, *cp; |
3003 | char *host = NULL((void *)0), *user = NULL((void *)0); |
3004 | int r, ret = -1, port = -1, first; |
3005 | |
3006 | active &= o->proxy_command == NULL((void *)0) && o->jump_host == NULL((void *)0); |
3007 | |
3008 | orig = sdup = xstrdup(s); |
3009 | |
3010 | /* Remove comment and trailing whitespace */ |
3011 | if ((cp = strchr(orig, '#')) != NULL((void *)0)) |
3012 | *cp = '\0'; |
3013 | rtrim(orig); |
3014 | |
3015 | first = active; |
3016 | do { |
3017 | if (strcasecmp(s, "none") == 0) |
3018 | break; |
3019 | if ((cp = strrchr(sdup, ',')) == NULL((void *)0)) |
3020 | cp = sdup; /* last */ |
3021 | else |
3022 | *cp++ = '\0'; |
3023 | |
3024 | if (first) { |
3025 | /* First argument and configuration is active */ |
3026 | r = parse_ssh_uri(cp, &user, &host, &port); |
3027 | if (r == -1 || (r == 1 && |
3028 | parse_user_host_port(cp, &user, &host, &port) != 0)) |
3029 | goto out; |
3030 | } else { |
3031 | /* Subsequent argument or inactive configuration */ |
3032 | r = parse_ssh_uri(cp, NULL((void *)0), NULL((void *)0), NULL((void *)0)); |
3033 | if (r == -1 || (r == 1 && |
3034 | parse_user_host_port(cp, NULL((void *)0), NULL((void *)0), NULL((void *)0)) != 0)) |
3035 | goto out; |
3036 | } |
3037 | first = 0; /* only check syntax for subsequent hosts */ |
3038 | } while (cp != sdup); |
3039 | /* success */ |
3040 | if (active) { |
3041 | if (strcasecmp(s, "none") == 0) { |
3042 | o->jump_host = xstrdup("none"); |
3043 | o->jump_port = 0; |
3044 | } else { |
3045 | o->jump_user = user; |
3046 | o->jump_host = host; |
3047 | o->jump_port = port; |
3048 | o->proxy_command = xstrdup("none"); |
3049 | user = host = NULL((void *)0); |
3050 | if ((cp = strrchr(s, ',')) != NULL((void *)0) && cp != s) { |
3051 | o->jump_extra = xstrdup(s); |
3052 | o->jump_extra[cp - s] = '\0'; |
3053 | } |
3054 | } |
3055 | } |
3056 | ret = 0; |
3057 | out: |
3058 | free(orig); |
3059 | free(user); |
3060 | free(host); |
3061 | return ret; |
3062 | } |
3063 | |
3064 | int |
3065 | parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp) |
3066 | { |
3067 | char *user = NULL((void *)0), *host = NULL((void *)0), *path = NULL((void *)0); |
3068 | int r, port; |
3069 | |
3070 | r = parse_uri("ssh", uri, &user, &host, &port, &path); |
3071 | if (r == 0 && path != NULL((void *)0)) |
3072 | r = -1; /* path not allowed */ |
3073 | if (r == 0) { |
3074 | if (userp != NULL((void *)0)) { |
3075 | *userp = user; |
3076 | user = NULL((void *)0); |
3077 | } |
3078 | if (hostp != NULL((void *)0)) { |
3079 | *hostp = host; |
3080 | host = NULL((void *)0); |
3081 | } |
3082 | if (portp != NULL((void *)0)) |
3083 | *portp = port; |
3084 | } |
3085 | free(user); |
3086 | free(host); |
3087 | free(path); |
3088 | return r; |
3089 | } |
3090 | |
3091 | /* XXX the following is a near-vebatim copy from servconf.c; refactor */ |
3092 | static const char * |
3093 | fmt_multistate_int(int val, const struct multistate *m) |
3094 | { |
3095 | u_int i; |
3096 | |
3097 | for (i = 0; m[i].key != NULL((void *)0); i++) { |
3098 | if (m[i].value == val) |
3099 | return m[i].key; |
3100 | } |
3101 | return "UNKNOWN"; |
3102 | } |
3103 | |
3104 | static const char * |
3105 | fmt_intarg(OpCodes code, int val) |
3106 | { |
3107 | if (val == -1) |
3108 | return "unset"; |
3109 | switch (code) { |
3110 | case oAddressFamily: |
3111 | return fmt_multistate_int(val, multistate_addressfamily); |
3112 | case oVerifyHostKeyDNS: |
3113 | case oUpdateHostkeys: |
3114 | return fmt_multistate_int(val, multistate_yesnoask); |
3115 | case oStrictHostKeyChecking: |
3116 | return fmt_multistate_int(val, multistate_strict_hostkey); |
3117 | case oControlMaster: |
3118 | return fmt_multistate_int(val, multistate_controlmaster); |
3119 | case oTunnel: |
3120 | return fmt_multistate_int(val, multistate_tunnel); |
3121 | case oRequestTTY: |
3122 | return fmt_multistate_int(val, multistate_requesttty); |
3123 | case oSessionType: |
3124 | return fmt_multistate_int(val, multistate_sessiontype); |
3125 | case oCanonicalizeHostname: |
3126 | return fmt_multistate_int(val, multistate_canonicalizehostname); |
3127 | case oAddKeysToAgent: |
3128 | return fmt_multistate_int(val, multistate_yesnoaskconfirm); |
3129 | case oPubkeyAuthentication: |
3130 | return fmt_multistate_int(val, multistate_pubkey_auth); |
3131 | case oFingerprintHash: |
3132 | return ssh_digest_alg_name(val); |
3133 | default: |
3134 | switch (val) { |
3135 | case 0: |
3136 | return "no"; |
3137 | case 1: |
3138 | return "yes"; |
3139 | default: |
3140 | return "UNKNOWN"; |
3141 | } |
3142 | } |
3143 | } |
3144 | |
3145 | static const char * |
3146 | lookup_opcode_name(OpCodes code) |
3147 | { |
3148 | u_int i; |
3149 | |
3150 | for (i = 0; keywords[i].name != NULL((void *)0); i++) |
3151 | if (keywords[i].opcode == code) |
3152 | return(keywords[i].name); |
3153 | return "UNKNOWN"; |
3154 | } |
3155 | |
3156 | static void |
3157 | dump_cfg_int(OpCodes code, int val) |
3158 | { |
3159 | printf("%s %d\n", lookup_opcode_name(code), val); |
3160 | } |
3161 | |
3162 | static void |
3163 | dump_cfg_fmtint(OpCodes code, int val) |
3164 | { |
3165 | printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); |
3166 | } |
3167 | |
3168 | static void |
3169 | dump_cfg_string(OpCodes code, const char *val) |
3170 | { |
3171 | if (val == NULL((void *)0)) |
3172 | return; |
3173 | printf("%s %s\n", lookup_opcode_name(code), val); |
3174 | } |
3175 | |
3176 | static void |
3177 | dump_cfg_strarray(OpCodes code, u_int count, char **vals) |
3178 | { |
3179 | u_int i; |
3180 | |
3181 | for (i = 0; i < count; i++) |
3182 | printf("%s %s\n", lookup_opcode_name(code), vals[i]); |
3183 | } |
3184 | |
3185 | static void |
3186 | dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals) |
3187 | { |
3188 | u_int i; |
3189 | |
3190 | printf("%s", lookup_opcode_name(code)); |
3191 | if (count == 0) |
3192 | printf(" none"); |
3193 | for (i = 0; i < count; i++) |
3194 | printf(" %s", vals[i]); |
3195 | printf("\n"); |
3196 | } |
3197 | |
3198 | static void |
3199 | dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds) |
3200 | { |
3201 | const struct Forward *fwd; |
3202 | u_int i; |
3203 | |
3204 | /* oDynamicForward */ |
3205 | for (i = 0; i < count; i++) { |
3206 | fwd = &fwds[i]; |
3207 | if (code == oDynamicForward && fwd->connect_host != NULL((void *)0) && |
3208 | strcmp(fwd->connect_host, "socks") != 0) |
3209 | continue; |
3210 | if (code == oLocalForward && fwd->connect_host != NULL((void *)0) && |
3211 | strcmp(fwd->connect_host, "socks") == 0) |
3212 | continue; |
3213 | printf("%s", lookup_opcode_name(code)); |
3214 | if (fwd->listen_port == PORT_STREAMLOCAL-2) |
3215 | printf(" %s", fwd->listen_path); |
3216 | else if (fwd->listen_host == NULL((void *)0)) |
3217 | printf(" %d", fwd->listen_port); |
3218 | else { |
3219 | printf(" [%s]:%d", |
3220 | fwd->listen_host, fwd->listen_port); |
3221 | } |
3222 | if (code != oDynamicForward) { |
3223 | if (fwd->connect_port == PORT_STREAMLOCAL-2) |
3224 | printf(" %s", fwd->connect_path); |
3225 | else if (fwd->connect_host == NULL((void *)0)) |
3226 | printf(" %d", fwd->connect_port); |
3227 | else { |
3228 | printf(" [%s]:%d", |
3229 | fwd->connect_host, fwd->connect_port); |
3230 | } |
3231 | } |
3232 | printf("\n"); |
3233 | } |
3234 | } |
3235 | |
3236 | void |
3237 | dump_client_config(Options *o, const char *host) |
3238 | { |
3239 | int i, r; |
3240 | char buf[8], *all_key; |
3241 | |
3242 | /* |
3243 | * Expand HostKeyAlgorithms name lists. This isn't handled in |
3244 | * fill_default_options() like the other algorithm lists because |
3245 | * the host key algorithms are by default dynamically chosen based |
3246 | * on the host's keys found in known_hosts. |
3247 | */ |
3248 | all_key = sshkey_alg_list(0, 0, 1, ','); |
3249 | if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(), |
3250 | all_key)) != 0) |
3251 | fatal_fr(r, "expand HostKeyAlgorithms")sshfatal("/usr/src/usr.bin/ssh/ssh-keysign/../readconf.c", __func__ , 3251, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "expand HostKeyAlgorithms" ); |
3252 | free(all_key); |
3253 | |
3254 | /* Most interesting options first: user, host, port */ |
3255 | dump_cfg_string(oUser, o->user); |
3256 | dump_cfg_string(oHostname, host); |
3257 | dump_cfg_int(oPort, o->port); |
3258 | |
3259 | /* Flag options */ |
3260 | dump_cfg_fmtint(oAddressFamily, o->address_family); |
3261 | dump_cfg_fmtint(oBatchMode, o->batch_mode); |
3262 | dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local); |
3263 | dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname); |
3264 | dump_cfg_fmtint(oCheckHostIP, o->check_host_ip); |
3265 | dump_cfg_fmtint(oCompression, o->compression); |
3266 | dump_cfg_fmtint(oControlMaster, o->control_master); |
3267 | dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); |
3268 | dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); |
3269 | dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); |
3270 | dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); |
3271 | dump_cfg_fmtint(oForwardX11, o->forward_x11); |
3272 | dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); |
3273 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
3274 | #ifdef GSSAPI |
3275 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
3276 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
3277 | #endif /* GSSAPI */ |
3278 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
3279 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |
3280 | dump_cfg_fmtint(oIdentitiesOnly, o->identities_only); |
3281 | dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication); |
3282 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); |
3283 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); |
3284 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); |
3285 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); |
3286 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); |
3287 | dump_cfg_fmtint(oRequestTTY, o->request_tty); |
3288 | dump_cfg_fmtint(oSessionType, o->session_type); |
3289 | dump_cfg_fmtint(oStdinNull, o->stdin_null); |
3290 | dump_cfg_fmtint(oForkAfterAuthentication, o->fork_after_authentication); |
3291 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
3292 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); |
3293 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); |
3294 | dump_cfg_fmtint(oTunnel, o->tun_open); |
3295 | dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); |
3296 | dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); |
3297 | dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); |
3298 | |
3299 | /* Integer options */ |
3300 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); |
3301 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); |
3302 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); |
3303 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); |
3304 | dump_cfg_int(oServerAliveCountMax, o->server_alive_count_max); |
3305 | dump_cfg_int(oServerAliveInterval, o->server_alive_interval); |
3306 | |
3307 | /* String options */ |
3308 | dump_cfg_string(oBindAddress, o->bind_address); |
3309 | dump_cfg_string(oBindInterface, o->bind_interface); |
3310 | dump_cfg_string(oCiphers, o->ciphers); |
3311 | dump_cfg_string(oControlPath, o->control_path); |
3312 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
3313 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
3314 | dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); |
3315 | dump_cfg_string(oIdentityAgent, o->identity_agent); |
3316 | dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); |
3317 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
3318 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms); |
3319 | dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms); |
3320 | dump_cfg_string(oLocalCommand, o->local_command); |
3321 | dump_cfg_string(oRemoteCommand, o->remote_command); |
3322 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
3323 | dump_cfg_string(oMacs, o->macs); |
3324 | #ifdef ENABLE_PKCS111 |
3325 | dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); |
3326 | #endif |
3327 | dump_cfg_string(oSecurityKeyProvider, o->sk_provider); |
3328 | dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); |
3329 | dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); |
3330 | dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); |
3331 | dump_cfg_string(oXAuthLocation, o->xauth_location); |
3332 | dump_cfg_string(oKnownHostsCommand, o->known_hosts_command); |
3333 | |
3334 | /* Forwards */ |
3335 | dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards); |
3336 | dump_cfg_forwards(oLocalForward, o->num_local_forwards, o->local_forwards); |
3337 | dump_cfg_forwards(oRemoteForward, o->num_remote_forwards, o->remote_forwards); |
3338 | |
3339 | /* String array options */ |
3340 | dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files); |
3341 | dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains); |
3342 | dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files); |
3343 | dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); |
3344 | dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); |
3345 | dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); |
3346 | dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv); |
3347 | dump_cfg_strarray_oneline(oLogVerbose, |
3348 | o->num_log_verbose, o->log_verbose); |
3349 | |
3350 | /* Special cases */ |
3351 | |
3352 | /* PermitRemoteOpen */ |
3353 | if (o->num_permitted_remote_opens == 0) |
3354 | printf("%s any\n", lookup_opcode_name(oPermitRemoteOpen)); |
3355 | else |
3356 | dump_cfg_strarray_oneline(oPermitRemoteOpen, |
3357 | o->num_permitted_remote_opens, o->permitted_remote_opens); |
3358 | |
3359 | /* AddKeysToAgent */ |
3360 | if (o->add_keys_to_agent_lifespan <= 0) |
3361 | dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent); |
3362 | else { |
3363 | printf("addkeystoagent%s %d\n", |
3364 | o->add_keys_to_agent == 3 ? " confirm" : "", |
3365 | o->add_keys_to_agent_lifespan); |
3366 | } |
3367 | |
3368 | /* oForwardAgent */ |
3369 | if (o->forward_agent_sock_path == NULL((void *)0)) |
3370 | dump_cfg_fmtint(oForwardAgent, o->forward_agent); |
3371 | else |
3372 | dump_cfg_string(oForwardAgent, o->forward_agent_sock_path); |
3373 | |
3374 | /* oConnectTimeout */ |
3375 | if (o->connection_timeout == -1) |
3376 | printf("connecttimeout none\n"); |
3377 | else |
3378 | dump_cfg_int(oConnectTimeout, o->connection_timeout); |
3379 | |
3380 | /* oTunnelDevice */ |
3381 | printf("tunneldevice"); |
3382 | if (o->tun_local == SSH_TUNID_ANY0x7fffffff) |
3383 | printf(" any"); |
3384 | else |
3385 | printf(" %d", o->tun_local); |
3386 | if (o->tun_remote == SSH_TUNID_ANY0x7fffffff) |
3387 | printf(":any"); |
3388 | else |
3389 | printf(":%d", o->tun_remote); |
3390 | printf("\n"); |
3391 | |
3392 | /* oCanonicalizePermittedCNAMEs */ |
3393 | printf("canonicalizePermittedcnames"); |
3394 | if (o->num_permitted_cnames == 0) |
3395 | printf(" none"); |
3396 | for (i = 0; i < o->num_permitted_cnames; i++) { |
3397 | printf(" %s:%s", o->permitted_cnames[i].source_list, |
3398 | o->permitted_cnames[i].target_list); |
3399 | } |
3400 | printf("\n"); |
3401 | |
3402 | /* oControlPersist */ |
3403 | if (o->control_persist == 0 || o->control_persist_timeout == 0) |
3404 | dump_cfg_fmtint(oControlPersist, o->control_persist); |
3405 | else |
3406 | dump_cfg_int(oControlPersist, o->control_persist_timeout); |
3407 | |
3408 | /* oEscapeChar */ |
3409 | if (o->escape_char == SSH_ESCAPECHAR_NONE-2) |
3410 | printf("escapechar none\n"); |
3411 | else { |
3412 | vis(buf, o->escape_char, VIS_WHITE(0x04 | 0x08 | 0x10), 0); |
3413 | printf("escapechar %s\n", buf); |
3414 | } |
3415 | |
3416 | /* oIPQoS */ |
3417 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); |
3418 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
3419 | |
3420 | /* oRekeyLimit */ |
3421 | printf("rekeylimit %llu %d\n", |
3422 | (unsigned long long)o->rekey_limit, o->rekey_interval); |
3423 | |
3424 | /* oStreamLocalBindMask */ |
3425 | printf("streamlocalbindmask 0%o\n", |
3426 | o->fwd_opts.streamlocal_bind_mask); |
3427 | |
3428 | /* oLogFacility */ |
3429 | printf("syslogfacility %s\n", log_facility_name(o->log_facility)); |
3430 | |
3431 | /* oProxyCommand / oProxyJump */ |
3432 | if (o->jump_host == NULL((void *)0)) |
3433 | dump_cfg_string(oProxyCommand, o->proxy_command); |
3434 | else { |
3435 | /* Check for numeric addresses */ |
3436 | i = strchr(o->jump_host, ':') != NULL((void *)0) || |
3437 | strspn(o->jump_host, "1234567890.") == strlen(o->jump_host); |
3438 | snprintf(buf, sizeof(buf), "%d", o->jump_port); |
3439 | printf("proxyjump %s%s%s%s%s%s%s%s%s\n", |
3440 | /* optional additional jump spec */ |
3441 | o->jump_extra == NULL((void *)0) ? "" : o->jump_extra, |
3442 | o->jump_extra == NULL((void *)0) ? "" : ",", |
3443 | /* optional user */ |
3444 | o->jump_user == NULL((void *)0) ? "" : o->jump_user, |
3445 | o->jump_user == NULL((void *)0) ? "" : "@", |
3446 | /* opening [ if hostname is numeric */ |
3447 | i ? "[" : "", |
3448 | /* mandatory hostname */ |
3449 | o->jump_host, |
3450 | /* closing ] if hostname is numeric */ |
3451 | i ? "]" : "", |
3452 | /* optional port number */ |
3453 | o->jump_port <= 0 ? "" : ":", |
3454 | o->jump_port <= 0 ? "" : buf); |
3455 | } |
3456 | } |