File: | src/usr.bin/ssh/ssh/../readconf.c |
Warning: | line 1663, column 5 Value stored to 'p' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: readconf.c,v 1.384 2024/01/11 01:45:36 djm Exp $ */ |
2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved |
6 | * Functions for reading the configuration files. |
7 | * |
8 | * As far as I am concerned, the code I have written for this software |
9 | * can be used freely for any purpose. Any derived versions of this |
10 | * software must be clearly marked as such, and if the derived work is |
11 | * incompatible with the protocol description in the RFC file, it must be |
12 | * called by a name other than "ssh" or "Secure Shell". |
13 | */ |
14 | |
15 | #include <sys/types.h> |
16 | #include <sys/stat.h> |
17 | #include <sys/socket.h> |
18 | #include <sys/wait.h> |
19 | #include <sys/un.h> |
20 | |
21 | #include <net/if.h> |
22 | #include <netinet/in.h> |
23 | #include <netinet/ip.h> |
24 | |
25 | #include <ctype.h> |
26 | #include <errno(*__errno()).h> |
27 | #include <fcntl.h> |
28 | #include <glob.h> |
29 | #include <ifaddrs.h> |
30 | #include <netdb.h> |
31 | #include <paths.h> |
32 | #include <pwd.h> |
33 | #include <signal.h> |
34 | #include <stdio.h> |
35 | #include <string.h> |
36 | #include <stdarg.h> |
37 | #include <unistd.h> |
38 | #include <limits.h> |
39 | #include <util.h> |
40 | #include <vis.h> |
41 | |
42 | #include "xmalloc.h" |
43 | #include "ssh.h" |
44 | #include "ssherr.h" |
45 | #include "cipher.h" |
46 | #include "pathnames.h" |
47 | #include "log.h" |
48 | #include "sshkey.h" |
49 | #include "misc.h" |
50 | #include "readconf.h" |
51 | #include "match.h" |
52 | #include "kex.h" |
53 | #include "mac.h" |
54 | #include "uidswap.h" |
55 | #include "myproposal.h" |
56 | #include "digest.h" |
57 | |
58 | /* Format of the configuration file: |
59 | |
60 | # Configuration data is parsed as follows: |
61 | # 1. command line options |
62 | # 2. user-specific file |
63 | # 3. system-wide file |
64 | # Any configuration value is only changed the first time it is set. |
65 | # Thus, host-specific definitions should be at the beginning of the |
66 | # configuration file, and defaults at the end. |
67 | |
68 | # Host-specific declarations. These may override anything above. A single |
69 | # host may match multiple declarations; these are processed in the order |
70 | # that they are given in. |
71 | |
72 | Host *.ngs.fi ngs.fi |
73 | User foo |
74 | |
75 | Host fake.com |
76 | Hostname another.host.name.real.org |
77 | User blaah |
78 | Port 34289 |
79 | ForwardX11 no |
80 | ForwardAgent no |
81 | |
82 | Host books.com |
83 | RemoteForward 9999 shadows.cs.hut.fi:9999 |
84 | Ciphers 3des-cbc |
85 | |
86 | Host fascist.blob.com |
87 | Port 23123 |
88 | User tylonen |
89 | PasswordAuthentication no |
90 | |
91 | Host puukko.hut.fi |
92 | User t35124p |
93 | ProxyCommand ssh-proxy %h %p |
94 | |
95 | Host *.fr |
96 | PublicKeyAuthentication no |
97 | |
98 | Host *.su |
99 | Ciphers aes128-ctr |
100 | PasswordAuthentication no |
101 | |
102 | Host vpn.fake.com |
103 | Tunnel yes |
104 | TunnelDevice 3 |
105 | |
106 | # Defaults for various options |
107 | Host * |
108 | ForwardAgent no |
109 | ForwardX11 no |
110 | PasswordAuthentication yes |
111 | StrictHostKeyChecking yes |
112 | TcpKeepAlive no |
113 | IdentityFile ~/.ssh/identity |
114 | Port 22 |
115 | EscapeChar ~ |
116 | |
117 | */ |
118 | |
119 | static int read_config_file_depth(const char *filename, struct passwd *pw, |
120 | const char *host, const char *original_host, Options *options, |
121 | int flags, int *activep, int *want_final_pass, int depth); |
122 | static int process_config_line_depth(Options *options, struct passwd *pw, |
123 | const char *host, const char *original_host, char *line, |
124 | const char *filename, int linenum, int *activep, int flags, |
125 | int *want_final_pass, int depth); |
126 | |
127 | /* Keyword tokens. */ |
128 | |
129 | typedef enum { |
130 | oBadOption, |
131 | oHost, oMatch, oInclude, oTag, |
132 | oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, |
133 | oGatewayPorts, oExitOnForwardFailure, |
134 | oPasswordAuthentication, |
135 | oXAuthLocation, |
136 | oIdentityFile, oHostname, oPort, oRemoteForward, oLocalForward, |
137 | oPermitRemoteOpen, |
138 | oCertificateFile, oAddKeysToAgent, oIdentityAgent, |
139 | oUser, oEscapeChar, oProxyCommand, |
140 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
141 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
142 | oTCPKeepAlive, oNumberOfPasswordPrompts, |
143 | oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, |
144 | oPubkeyAuthentication, |
145 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
146 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
147 | oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, |
148 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
149 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
150 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
151 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
152 | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
153 | oHashKnownHosts, |
154 | oTunnel, oTunnelDevice, |
155 | oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
156 | oVisualHostKey, |
157 | oKexAlgorithms, oIPQoS, oRequestTTY, oSessionType, oStdinNull, |
158 | oForkAfterAuthentication, oIgnoreUnknown, oProxyUseFdpass, |
159 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
160 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
161 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
162 | oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, |
163 | oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, |
164 | oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, |
165 | oEnableEscapeCommandline, oObscureKeystrokeTiming, oChannelTimeout, |
166 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
167 | } OpCodes; |
168 | |
169 | /* Textual representations of the tokens. */ |
170 | |
171 | static struct { |
172 | const char *name; |
173 | OpCodes opcode; |
174 | } keywords[] = { |
175 | /* Deprecated options */ |
176 | { "protocol", oIgnore }, /* NB. silently ignored */ |
177 | { "cipher", oDeprecated }, |
178 | { "fallbacktorsh", oDeprecated }, |
179 | { "globalknownhostsfile2", oDeprecated }, |
180 | { "rhostsauthentication", oDeprecated }, |
181 | { "userknownhostsfile2", oDeprecated }, |
182 | { "useroaming", oDeprecated }, |
183 | { "usersh", oDeprecated }, |
184 | { "useprivilegedport", oDeprecated }, |
185 | |
186 | /* Unsupported options */ |
187 | { "afstokenpassing", oUnsupported }, |
188 | { "kerberosauthentication", oUnsupported }, |
189 | { "kerberostgtpassing", oUnsupported }, |
190 | { "rsaauthentication", oUnsupported }, |
191 | { "rhostsrsaauthentication", oUnsupported }, |
192 | { "compressionlevel", oUnsupported }, |
193 | |
194 | /* Sometimes-unsupported options */ |
195 | #if defined(GSSAPI) |
196 | { "gssapiauthentication", oGssAuthentication }, |
197 | { "gssapidelegatecredentials", oGssDelegateCreds }, |
198 | # else |
199 | { "gssapiauthentication", oUnsupported }, |
200 | { "gssapidelegatecredentials", oUnsupported }, |
201 | #endif |
202 | #ifdef ENABLE_PKCS111 |
203 | { "pkcs11provider", oPKCS11Provider }, |
204 | { "smartcarddevice", oPKCS11Provider }, |
205 | # else |
206 | { "smartcarddevice", oUnsupported }, |
207 | { "pkcs11provider", oUnsupported }, |
208 | #endif |
209 | |
210 | { "forwardagent", oForwardAgent }, |
211 | { "forwardx11", oForwardX11 }, |
212 | { "forwardx11trusted", oForwardX11Trusted }, |
213 | { "forwardx11timeout", oForwardX11Timeout }, |
214 | { "exitonforwardfailure", oExitOnForwardFailure }, |
215 | { "xauthlocation", oXAuthLocation }, |
216 | { "gatewayports", oGatewayPorts }, |
217 | { "passwordauthentication", oPasswordAuthentication }, |
218 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
219 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
220 | { "challengeresponseauthentication", oKbdInteractiveAuthentication }, /* alias */ |
221 | { "skeyauthentication", oKbdInteractiveAuthentication }, /* alias */ |
222 | { "tisauthentication", oKbdInteractiveAuthentication }, /* alias */ |
223 | { "pubkeyauthentication", oPubkeyAuthentication }, |
224 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
225 | { "hostbasedauthentication", oHostbasedAuthentication }, |
226 | { "identityfile", oIdentityFile }, |
227 | { "identityfile2", oIdentityFile }, /* obsolete */ |
228 | { "identitiesonly", oIdentitiesOnly }, |
229 | { "certificatefile", oCertificateFile }, |
230 | { "addkeystoagent", oAddKeysToAgent }, |
231 | { "identityagent", oIdentityAgent }, |
232 | { "hostname", oHostname }, |
233 | { "hostkeyalias", oHostKeyAlias }, |
234 | { "proxycommand", oProxyCommand }, |
235 | { "port", oPort }, |
236 | { "ciphers", oCiphers }, |
237 | { "macs", oMacs }, |
238 | { "remoteforward", oRemoteForward }, |
239 | { "localforward", oLocalForward }, |
240 | { "permitremoteopen", oPermitRemoteOpen }, |
241 | { "user", oUser }, |
242 | { "host", oHost }, |
243 | { "match", oMatch }, |
244 | { "tag", oTag }, |
245 | { "escapechar", oEscapeChar }, |
246 | { "globalknownhostsfile", oGlobalKnownHostsFile }, |
247 | { "userknownhostsfile", oUserKnownHostsFile }, |
248 | { "connectionattempts", oConnectionAttempts }, |
249 | { "batchmode", oBatchMode }, |
250 | { "checkhostip", oCheckHostIP }, |
251 | { "stricthostkeychecking", oStrictHostKeyChecking }, |
252 | { "compression", oCompression }, |
253 | { "tcpkeepalive", oTCPKeepAlive }, |
254 | { "keepalive", oTCPKeepAlive }, /* obsolete */ |
255 | { "numberofpasswordprompts", oNumberOfPasswordPrompts }, |
256 | { "syslogfacility", oLogFacility }, |
257 | { "loglevel", oLogLevel }, |
258 | { "logverbose", oLogVerbose }, |
259 | { "dynamicforward", oDynamicForward }, |
260 | { "preferredauthentications", oPreferredAuthentications }, |
261 | { "hostkeyalgorithms", oHostKeyAlgorithms }, |
262 | { "casignaturealgorithms", oCASignatureAlgorithms }, |
263 | { "bindaddress", oBindAddress }, |
264 | { "bindinterface", oBindInterface }, |
265 | { "clearallforwardings", oClearAllForwardings }, |
266 | { "enablesshkeysign", oEnableSSHKeysign }, |
267 | { "verifyhostkeydns", oVerifyHostKeyDNS }, |
268 | { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, |
269 | { "rekeylimit", oRekeyLimit }, |
270 | { "connecttimeout", oConnectTimeout }, |
271 | { "addressfamily", oAddressFamily }, |
272 | { "serveraliveinterval", oServerAliveInterval }, |
273 | { "serveralivecountmax", oServerAliveCountMax }, |
274 | { "sendenv", oSendEnv }, |
275 | { "setenv", oSetEnv }, |
276 | { "controlpath", oControlPath }, |
277 | { "controlmaster", oControlMaster }, |
278 | { "controlpersist", oControlPersist }, |
279 | { "hashknownhosts", oHashKnownHosts }, |
280 | { "include", oInclude }, |
281 | { "tunnel", oTunnel }, |
282 | { "tunneldevice", oTunnelDevice }, |
283 | { "localcommand", oLocalCommand }, |
284 | { "permitlocalcommand", oPermitLocalCommand }, |
285 | { "remotecommand", oRemoteCommand }, |
286 | { "visualhostkey", oVisualHostKey }, |
287 | { "kexalgorithms", oKexAlgorithms }, |
288 | { "ipqos", oIPQoS }, |
289 | { "requesttty", oRequestTTY }, |
290 | { "sessiontype", oSessionType }, |
291 | { "stdinnull", oStdinNull }, |
292 | { "forkafterauthentication", oForkAfterAuthentication }, |
293 | { "proxyusefdpass", oProxyUseFdpass }, |
294 | { "canonicaldomains", oCanonicalDomains }, |
295 | { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal }, |
296 | { "canonicalizehostname", oCanonicalizeHostname }, |
297 | { "canonicalizemaxdots", oCanonicalizeMaxDots }, |
298 | { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, |
299 | { "streamlocalbindmask", oStreamLocalBindMask }, |
300 | { "streamlocalbindunlink", oStreamLocalBindUnlink }, |
301 | { "revokedhostkeys", oRevokedHostKeys }, |
302 | { "fingerprinthash", oFingerprintHash }, |
303 | { "updatehostkeys", oUpdateHostkeys }, |
304 | { "hostbasedacceptedalgorithms", oHostbasedAcceptedAlgorithms }, |
305 | { "hostbasedkeytypes", oHostbasedAcceptedAlgorithms }, /* obsolete */ |
306 | { "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms }, |
307 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */ |
308 | { "ignoreunknown", oIgnoreUnknown }, |
309 | { "proxyjump", oProxyJump }, |
310 | { "securitykeyprovider", oSecurityKeyProvider }, |
311 | { "knownhostscommand", oKnownHostsCommand }, |
312 | { "requiredrsasize", oRequiredRSASize }, |
313 | { "enableescapecommandline", oEnableEscapeCommandline }, |
314 | { "obscurekeystroketiming", oObscureKeystrokeTiming }, |
315 | { "channeltimeout", oChannelTimeout }, |
316 | |
317 | { NULL((void *)0), oBadOption } |
318 | }; |
319 | |
320 | static const char *lookup_opcode_name(OpCodes code); |
321 | |
322 | const char * |
323 | kex_default_pk_alg(void) |
324 | { |
325 | static char *pkalgs; |
326 | |
327 | if (pkalgs == NULL((void *)0)) { |
328 | char *all_key; |
329 | |
330 | all_key = sshkey_alg_list(0, 0, 1, ','); |
331 | pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG"ssh-ed25519-cert-v01@openssh.com," "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "sk-ssh-ed25519-cert-v01@openssh.com," "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_key); |
332 | free(all_key); |
333 | } |
334 | return pkalgs; |
335 | } |
336 | |
337 | char * |
338 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, |
339 | const char *user, const char *jumphost) |
340 | { |
341 | struct ssh_digest_ctx *md; |
342 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH64]; |
343 | |
344 | if ((md = ssh_digest_start(SSH_DIGEST_SHA11)) == NULL((void *)0) || |
345 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || |
346 | ssh_digest_update(md, host, strlen(host)) < 0 || |
347 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || |
348 | ssh_digest_update(md, user, strlen(user)) < 0 || |
349 | ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 || |
350 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) |
351 | fatal_f("mux digest failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 351 , 1, SYSLOG_LEVEL_FATAL, ((void *)0), "mux digest failed"); |
352 | ssh_digest_free(md); |
353 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA11)); |
354 | } |
355 | |
356 | /* |
357 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
358 | * error. |
359 | */ |
360 | |
361 | void |
362 | add_local_forward(Options *options, const struct Forward *newfwd) |
363 | { |
364 | struct Forward *fwd; |
365 | int i; |
366 | |
367 | /* Don't add duplicates */ |
368 | for (i = 0; i < options->num_local_forwards; i++) { |
369 | if (forward_equals(newfwd, options->local_forwards + i)) |
370 | return; |
371 | } |
372 | options->local_forwards = xreallocarray(options->local_forwards, |
373 | options->num_local_forwards + 1, |
374 | sizeof(*options->local_forwards)); |
375 | fwd = &options->local_forwards[options->num_local_forwards++]; |
376 | |
377 | fwd->listen_host = newfwd->listen_host; |
378 | fwd->listen_port = newfwd->listen_port; |
379 | fwd->listen_path = newfwd->listen_path; |
380 | fwd->connect_host = newfwd->connect_host; |
381 | fwd->connect_port = newfwd->connect_port; |
382 | fwd->connect_path = newfwd->connect_path; |
383 | } |
384 | |
385 | /* |
386 | * Adds a remote TCP/IP port forward to options. Never returns if there is |
387 | * an error. |
388 | */ |
389 | |
390 | void |
391 | add_remote_forward(Options *options, const struct Forward *newfwd) |
392 | { |
393 | struct Forward *fwd; |
394 | int i; |
395 | |
396 | /* Don't add duplicates */ |
397 | for (i = 0; i < options->num_remote_forwards; i++) { |
398 | if (forward_equals(newfwd, options->remote_forwards + i)) |
399 | return; |
400 | } |
401 | options->remote_forwards = xreallocarray(options->remote_forwards, |
402 | options->num_remote_forwards + 1, |
403 | sizeof(*options->remote_forwards)); |
404 | fwd = &options->remote_forwards[options->num_remote_forwards++]; |
405 | |
406 | fwd->listen_host = newfwd->listen_host; |
407 | fwd->listen_port = newfwd->listen_port; |
408 | fwd->listen_path = newfwd->listen_path; |
409 | fwd->connect_host = newfwd->connect_host; |
410 | fwd->connect_port = newfwd->connect_port; |
411 | fwd->connect_path = newfwd->connect_path; |
412 | fwd->handle = newfwd->handle; |
413 | fwd->allocated_port = 0; |
414 | } |
415 | |
416 | static void |
417 | clear_forwardings(Options *options) |
418 | { |
419 | int i; |
420 | |
421 | for (i = 0; i < options->num_local_forwards; i++) { |
422 | free(options->local_forwards[i].listen_host); |
423 | free(options->local_forwards[i].listen_path); |
424 | free(options->local_forwards[i].connect_host); |
425 | free(options->local_forwards[i].connect_path); |
426 | } |
427 | if (options->num_local_forwards > 0) { |
428 | free(options->local_forwards); |
429 | options->local_forwards = NULL((void *)0); |
430 | } |
431 | options->num_local_forwards = 0; |
432 | for (i = 0; i < options->num_remote_forwards; i++) { |
433 | free(options->remote_forwards[i].listen_host); |
434 | free(options->remote_forwards[i].listen_path); |
435 | free(options->remote_forwards[i].connect_host); |
436 | free(options->remote_forwards[i].connect_path); |
437 | } |
438 | if (options->num_remote_forwards > 0) { |
439 | free(options->remote_forwards); |
440 | options->remote_forwards = NULL((void *)0); |
441 | } |
442 | options->num_remote_forwards = 0; |
443 | options->tun_open = SSH_TUNMODE_NO0x00; |
444 | } |
445 | |
446 | void |
447 | add_certificate_file(Options *options, const char *path, int userprovided) |
448 | { |
449 | int i; |
450 | |
451 | if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES100) |
452 | fatal("Too many certificate files specified (max %d)",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 453 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many certificate files specified (max %d)" , 100) |
453 | SSH_MAX_CERTIFICATE_FILES)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 453 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many certificate files specified (max %d)" , 100); |
454 | |
455 | /* Avoid registering duplicates */ |
456 | for (i = 0; i < options->num_certificate_files; i++) { |
457 | if (options->certificate_file_userprovided[i] == userprovided && |
458 | strcmp(options->certificate_files[i], path) == 0) { |
459 | debug2_f("ignoring duplicate key %s", path)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 459 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "ignoring duplicate key %s" , path); |
460 | return; |
461 | } |
462 | } |
463 | |
464 | options->certificate_file_userprovided[options->num_certificate_files] = |
465 | userprovided; |
466 | options->certificate_files[options->num_certificate_files++] = |
467 | xstrdup(path); |
468 | } |
469 | |
470 | void |
471 | add_identity_file(Options *options, const char *dir, const char *filename, |
472 | int userprovided) |
473 | { |
474 | char *path; |
475 | int i; |
476 | |
477 | if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES100) |
478 | fatal("Too many identity files specified (max %d)",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 479 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many identity files specified (max %d)" , 100) |
479 | SSH_MAX_IDENTITY_FILES)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 479 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many identity files specified (max %d)" , 100); |
480 | |
481 | if (dir == NULL((void *)0)) /* no dir, filename is absolute */ |
482 | path = xstrdup(filename); |
483 | else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX1024) |
484 | fatal("Identity file path %s too long", path)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 484 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Identity file path %s too long" , path); |
485 | |
486 | /* Avoid registering duplicates */ |
487 | for (i = 0; i < options->num_identity_files; i++) { |
488 | if (options->identity_file_userprovided[i] == userprovided && |
489 | strcmp(options->identity_files[i], path) == 0) { |
490 | debug2_f("ignoring duplicate key %s", path)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 490 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "ignoring duplicate key %s" , path); |
491 | free(path); |
492 | return; |
493 | } |
494 | } |
495 | |
496 | options->identity_file_userprovided[options->num_identity_files] = |
497 | userprovided; |
498 | options->identity_files[options->num_identity_files++] = path; |
499 | } |
500 | |
501 | int |
502 | default_ssh_port(void) |
503 | { |
504 | static int port; |
505 | struct servent *sp; |
506 | |
507 | if (port == 0) { |
508 | sp = getservbyname(SSH_SERVICE_NAME"ssh", "tcp"); |
509 | port = sp ? ntohs(sp->s_port)(__uint16_t)(__builtin_constant_p(sp->s_port) ? (__uint16_t )(((__uint16_t)(sp->s_port) & 0xffU) << 8 | ((__uint16_t )(sp->s_port) & 0xff00U) >> 8) : __swap16md(sp-> s_port)) : SSH_DEFAULT_PORT22; |
510 | } |
511 | return port; |
512 | } |
513 | |
514 | /* |
515 | * Execute a command in a shell. |
516 | * Return its exit status or -1 on abnormal exit. |
517 | */ |
518 | static int |
519 | execute_in_shell(const char *cmd) |
520 | { |
521 | char *shell; |
522 | pid_t pid; |
523 | int status; |
524 | |
525 | if ((shell = getenv("SHELL")) == NULL((void *)0)) |
526 | shell = _PATH_BSHELL"/bin/sh"; |
527 | |
528 | if (access(shell, X_OK0x01) == -1) { |
529 | fatal("Shell \"%s\" is not executable: %s",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 530 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Shell \"%s\" is not executable: %s" , shell, strerror((*__errno()))) |
530 | shell, strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 530 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Shell \"%s\" is not executable: %s" , shell, strerror((*__errno()))); |
531 | } |
532 | |
533 | debug("Executing command: '%.500s'", cmd)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 533 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Executing command: '%.500s'" , cmd); |
534 | |
535 | /* Fork and execute the command. */ |
536 | if ((pid = fork()) == 0) { |
537 | char *argv[4]; |
538 | |
539 | if (stdfd_devnull(1, 1, 0) == -1) |
540 | fatal_f("stdfd_devnull failed")sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 540 , 1, SYSLOG_LEVEL_FATAL, ((void *)0), "stdfd_devnull failed"); |
541 | closefrom(STDERR_FILENO2 + 1); |
542 | |
543 | argv[0] = shell; |
544 | argv[1] = "-c"; |
545 | argv[2] = xstrdup(cmd); |
546 | argv[3] = NULL((void *)0); |
547 | |
548 | execv(argv[0], argv); |
549 | error("Unable to execute '%.100s': %s", cmd, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 549 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to execute '%.100s': %s" , cmd, strerror((*__errno()))); |
550 | /* Die with signal to make this error apparent to parent. */ |
551 | ssh_signal(SIGTERM15, SIG_DFL(void (*)(int))0); |
552 | kill(getpid(), SIGTERM15); |
553 | _exit(1); |
554 | } |
555 | /* Parent. */ |
556 | if (pid == -1) |
557 | fatal_f("fork: %.100s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 557 , 1, SYSLOG_LEVEL_FATAL, ((void *)0), "fork: %.100s", strerror ((*__errno()))); |
558 | |
559 | while (waitpid(pid, &status, 0) == -1) { |
560 | if (errno(*__errno()) != EINTR4 && errno(*__errno()) != EAGAIN35) |
561 | fatal_f("waitpid: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 561 , 1, SYSLOG_LEVEL_FATAL, ((void *)0), "waitpid: %s", strerror ((*__errno()))); |
562 | } |
563 | if (!WIFEXITED(status)(((status) & 0177) == 0)) { |
564 | error("command '%.100s' exited abnormally", cmd)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 564 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "command '%.100s' exited abnormally" , cmd); |
565 | return -1; |
566 | } |
567 | debug3("command returned status %d", WEXITSTATUS(status))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 567 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "command returned status %d" , (int)(((unsigned)(status) >> 8) & 0xff)); |
568 | return WEXITSTATUS(status)(int)(((unsigned)(status) >> 8) & 0xff); |
569 | } |
570 | |
571 | /* |
572 | * Check whether a local network interface address appears in CIDR pattern- |
573 | * list 'addrlist'. Returns 1 if matched or 0 otherwise. |
574 | */ |
575 | static int |
576 | check_match_ifaddrs(const char *addrlist) |
577 | { |
578 | struct ifaddrs *ifa, *ifaddrs = NULL((void *)0); |
579 | int r, found = 0; |
580 | char addr[NI_MAXHOST256]; |
581 | socklen_t salen; |
582 | |
583 | if (getifaddrs(&ifaddrs) != 0) { |
584 | error("match localnetwork: getifaddrs failed: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 585 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "match localnetwork: getifaddrs failed: %s" , strerror((*__errno()))) |
585 | strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 585 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "match localnetwork: getifaddrs failed: %s" , strerror((*__errno()))); |
586 | return 0; |
587 | } |
588 | for (ifa = ifaddrs; ifa != NULL((void *)0); ifa = ifa->ifa_next) { |
589 | if (ifa->ifa_addr == NULL((void *)0) || ifa->ifa_name == NULL((void *)0) || |
590 | (ifa->ifa_flags & IFF_UP0x1) == 0) |
591 | continue; |
592 | switch (ifa->ifa_addr->sa_family) { |
593 | case AF_INET2: |
594 | salen = sizeof(struct sockaddr_in); |
595 | break; |
596 | case AF_INET624: |
597 | salen = sizeof(struct sockaddr_in6); |
598 | break; |
599 | case AF_LINK18: |
600 | /* ignore */ |
601 | continue; |
602 | default: |
603 | debug2_f("interface %s: unsupported address family %d",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 604 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "interface %s: unsupported address family %d" , ifa->ifa_name, ifa->ifa_addr->sa_family) |
604 | ifa->ifa_name, ifa->ifa_addr->sa_family)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 604 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "interface %s: unsupported address family %d" , ifa->ifa_name, ifa->ifa_addr->sa_family); |
605 | continue; |
606 | } |
607 | if ((r = getnameinfo(ifa->ifa_addr, salen, addr, sizeof(addr), |
608 | NULL((void *)0), 0, NI_NUMERICHOST1)) != 0) { |
609 | debug2_f("interface %s getnameinfo failed: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 610 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "interface %s getnameinfo failed: %s" , ifa->ifa_name, gai_strerror(r)) |
610 | ifa->ifa_name, gai_strerror(r))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 610 , 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "interface %s getnameinfo failed: %s" , ifa->ifa_name, gai_strerror(r)); |
611 | continue; |
612 | } |
613 | debug3_f("interface %s addr %s", ifa->ifa_name, addr)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 613 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "interface %s addr %s" , ifa->ifa_name, addr); |
614 | if (addr_match_cidr_list(addr, addrlist) == 1) { |
615 | debug3_f("matched interface %s: address %s in %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 616 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "matched interface %s: address %s in %s" , ifa->ifa_name, addr, addrlist) |
616 | ifa->ifa_name, addr, addrlist)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 616 , 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "matched interface %s: address %s in %s" , ifa->ifa_name, addr, addrlist); |
617 | found = 1; |
618 | break; |
619 | } |
620 | } |
621 | freeifaddrs(ifaddrs); |
622 | return found; |
623 | } |
624 | |
625 | /* |
626 | * Parse and execute a Match directive. |
627 | */ |
628 | static int |
629 | match_cfg_line(Options *options, char **condition, struct passwd *pw, |
630 | const char *host_arg, const char *original_host, int final_pass, |
631 | int *want_final_pass, const char *filename, int linenum) |
632 | { |
633 | char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria; |
634 | const char *ruser; |
635 | int r, port, this_result, result = 1, attributes = 0, negate; |
636 | char thishost[NI_MAXHOST256], shorthost[NI_MAXHOST256], portstr[NI_MAXSERV32]; |
637 | char uidstr[32]; |
638 | |
639 | /* |
640 | * Configuration is likely to be incomplete at this point so we |
641 | * must be prepared to use default values. |
642 | */ |
643 | port = options->port <= 0 ? default_ssh_port() : options->port; |
644 | ruser = options->user == NULL((void *)0) ? pw->pw_name : options->user; |
645 | if (final_pass) { |
646 | host = xstrdup(options->hostname); |
647 | } else if (options->hostname != NULL((void *)0)) { |
648 | /* NB. Please keep in sync with ssh.c:main() */ |
649 | host = percent_expand(options->hostname, |
650 | "h", host_arg, (char *)NULL((void *)0)); |
651 | } else { |
652 | host = xstrdup(host_arg); |
653 | } |
654 | |
655 | debug2("checking match for '%s' host %s originally %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 656 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "checking match for '%s' host %s originally %s" , cp, host, original_host) |
656 | cp, host, original_host)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 656 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "checking match for '%s' host %s originally %s" , cp, host, original_host); |
657 | while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') { |
658 | /* Terminate on comment */ |
659 | if (*attrib == '#') { |
660 | cp = NULL((void *)0); /* mark all arguments consumed */ |
661 | break; |
662 | } |
663 | arg = criteria = NULL((void *)0); |
664 | this_result = 1; |
665 | if ((negate = (attrib[0] == '!'))) |
666 | attrib++; |
667 | /* Criterion "all" has no argument and must appear alone */ |
668 | if (strcasecmp(attrib, "all") == 0) { |
669 | if (attributes > 1 || ((arg = strdelim(&cp)) != NULL((void *)0) && |
670 | *arg != '\0' && *arg != '#')) { |
671 | error("%.200s line %d: '%s' cannot be combined "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 673 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib) |
672 | "with other Match attributes",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 673 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib) |
673 | filename, linenum, oattrib)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 673 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: '%s' cannot be combined " "with other Match attributes", filename, linenum, oattrib); |
674 | result = -1; |
675 | goto out; |
676 | } |
677 | if (arg != NULL((void *)0) && *arg == '#') |
678 | cp = NULL((void *)0); /* mark all arguments consumed */ |
679 | if (result) |
680 | result = negate ? 0 : 1; |
681 | goto out; |
682 | } |
683 | attributes++; |
684 | /* criteria "final" and "canonical" have no argument */ |
685 | if (strcasecmp(attrib, "canonical") == 0 || |
686 | strcasecmp(attrib, "final") == 0) { |
687 | /* |
688 | * If the config requests "Match final" then remember |
689 | * this so we can perform a second pass later. |
690 | */ |
691 | if (strcasecmp(attrib, "final") == 0 && |
692 | want_final_pass != NULL((void *)0)) |
693 | *want_final_pass = 1; |
694 | r = !!final_pass; /* force bitmask member to boolean */ |
695 | if (r == (negate ? 1 : 0)) |
696 | this_result = result = 0; |
697 | debug3("%.200s line %d: %smatched '%s'",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 699 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib) |
698 | filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 699 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib) |
699 | this_result ? "" : "not ", oattrib)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 699 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s'" , filename, linenum, this_result ? "" : "not ", oattrib); |
700 | continue; |
701 | } |
702 | /* All other criteria require an argument */ |
703 | if ((arg = strdelim(&cp)) == NULL((void *)0) || |
704 | *arg == '\0' || *arg == '#') { |
705 | error("Missing Match criteria for %s", attrib)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 705 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Missing Match criteria for %s" , attrib); |
706 | result = -1; |
707 | goto out; |
708 | } |
709 | if (strcasecmp(attrib, "host") == 0) { |
710 | criteria = xstrdup(host); |
711 | r = match_hostname(host, arg) == 1; |
712 | if (r == (negate ? 1 : 0)) |
713 | this_result = result = 0; |
714 | } else if (strcasecmp(attrib, "originalhost") == 0) { |
715 | criteria = xstrdup(original_host); |
716 | r = match_hostname(original_host, arg) == 1; |
717 | if (r == (negate ? 1 : 0)) |
718 | this_result = result = 0; |
719 | } else if (strcasecmp(attrib, "user") == 0) { |
720 | criteria = xstrdup(ruser); |
721 | r = match_pattern_list(ruser, arg, 0) == 1; |
722 | if (r == (negate ? 1 : 0)) |
723 | this_result = result = 0; |
724 | } else if (strcasecmp(attrib, "localuser") == 0) { |
725 | criteria = xstrdup(pw->pw_name); |
726 | r = match_pattern_list(pw->pw_name, arg, 0) == 1; |
727 | if (r == (negate ? 1 : 0)) |
728 | this_result = result = 0; |
729 | } else if (strcasecmp(attrib, "localnetwork") == 0) { |
730 | if (addr_match_cidr_list(NULL((void *)0), arg) == -1) { |
731 | /* Error already printed */ |
732 | result = -1; |
733 | goto out; |
734 | } |
735 | r = check_match_ifaddrs(arg) == 1; |
736 | if (r == (negate ? 1 : 0)) |
737 | this_result = result = 0; |
738 | } else if (strcasecmp(attrib, "tagged") == 0) { |
739 | criteria = xstrdup(options->tag == NULL((void *)0) ? "" : |
740 | options->tag); |
741 | r = match_pattern_list(criteria, arg, 0) == 1; |
742 | if (r == (negate ? 1 : 0)) |
743 | this_result = result = 0; |
744 | } else if (strcasecmp(attrib, "exec") == 0) { |
745 | char *conn_hash_hex, *keyalias, *jmphost; |
746 | |
747 | if (gethostname(thishost, sizeof(thishost)) == -1) |
748 | fatal("gethostname: %s", strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 748 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "gethostname: %s", strerror ((*__errno()))); |
749 | jmphost = option_clear_or_none(options->jump_host) ? |
750 | "" : options->jump_host; |
751 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
752 | shorthost[strcspn(thishost, ".")] = '\0'; |
753 | snprintf(portstr, sizeof(portstr), "%d", port); |
754 | snprintf(uidstr, sizeof(uidstr), "%llu", |
755 | (unsigned long long)pw->pw_uid); |
756 | conn_hash_hex = ssh_connection_hash(thishost, host, |
757 | portstr, ruser, jmphost); |
758 | keyalias = options->host_key_alias ? |
759 | options->host_key_alias : host; |
760 | |
761 | cmd = percent_expand(arg, |
762 | "C", conn_hash_hex, |
763 | "L", shorthost, |
764 | "d", pw->pw_dir, |
765 | "h", host, |
766 | "k", keyalias, |
767 | "l", thishost, |
768 | "n", original_host, |
769 | "p", portstr, |
770 | "r", ruser, |
771 | "u", pw->pw_name, |
772 | "i", uidstr, |
773 | "j", jmphost, |
774 | (char *)NULL((void *)0)); |
775 | free(conn_hash_hex); |
776 | if (result != 1) { |
777 | /* skip execution if prior predicate failed */ |
778 | debug3("%.200s line %d: skipped exec "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 779 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: skipped exec " "\"%.100s\"", filename, linenum, cmd) |
779 | "\"%.100s\"", filename, linenum, cmd)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 779 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: skipped exec " "\"%.100s\"", filename, linenum, cmd); |
780 | free(cmd); |
781 | continue; |
782 | } |
783 | r = execute_in_shell(cmd); |
784 | if (r == -1) { |
785 | fatal("%.200s line %d: match exec "sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 787 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd) |
786 | "'%.100s' error", filename,sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 787 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd) |
787 | linenum, cmd)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 787 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%.200s line %d: match exec " "'%.100s' error", filename, linenum, cmd); |
788 | } |
789 | criteria = xstrdup(cmd); |
790 | free(cmd); |
791 | /* Force exit status to boolean */ |
792 | r = r == 0; |
793 | if (r == (negate ? 1 : 0)) |
794 | this_result = result = 0; |
795 | } else { |
796 | error("Unsupported Match attribute %s", attrib)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 796 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unsupported Match attribute %s" , attrib); |
797 | result = -1; |
798 | goto out; |
799 | } |
800 | debug3("%.200s line %d: %smatched '%s%s%.100s%s' ",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 804 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s%s%.100s%s' " , filename, linenum, this_result ? "": "not ", oattrib, criteria == ((void *)0) ? "" : " \"", criteria == ((void *)0) ? "" : criteria , criteria == ((void *)0) ? "" : "\"") |
801 | filename, linenum, this_result ? "": "not ", oattrib,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 804 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s%s%.100s%s' " , filename, linenum, this_result ? "": "not ", oattrib, criteria == ((void *)0) ? "" : " \"", criteria == ((void *)0) ? "" : criteria , criteria == ((void *)0) ? "" : "\"") |
802 | criteria == NULL ? "" : " \"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 804 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s%s%.100s%s' " , filename, linenum, this_result ? "": "not ", oattrib, criteria == ((void *)0) ? "" : " \"", criteria == ((void *)0) ? "" : criteria , criteria == ((void *)0) ? "" : "\"") |
803 | criteria == NULL ? "" : criteria,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 804 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s%s%.100s%s' " , filename, linenum, this_result ? "": "not ", oattrib, criteria == ((void *)0) ? "" : " \"", criteria == ((void *)0) ? "" : criteria , criteria == ((void *)0) ? "" : "\"") |
804 | criteria == NULL ? "" : "\"")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 804 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: %smatched '%s%s%.100s%s' " , filename, linenum, this_result ? "": "not ", oattrib, criteria == ((void *)0) ? "" : " \"", criteria == ((void *)0) ? "" : criteria , criteria == ((void *)0) ? "" : "\""); |
805 | free(criteria); |
806 | } |
807 | if (attributes == 0) { |
808 | error("One or more attributes required for Match")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 808 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "One or more attributes required for Match" ); |
809 | result = -1; |
810 | goto out; |
811 | } |
812 | out: |
813 | if (result != -1) |
814 | debug2("match %sfound", result ? "" : "not ")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 814 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "match %sfound", result ? "" : "not "); |
815 | *condition = cp; |
816 | free(host); |
817 | return result; |
818 | } |
819 | |
820 | /* Remove environment variable by pattern */ |
821 | static void |
822 | rm_env(Options *options, const char *arg, const char *filename, int linenum) |
823 | { |
824 | u_int i, j, onum_send_env = options->num_send_env; |
825 | |
826 | /* Remove an environment variable */ |
827 | for (i = 0; i < options->num_send_env; ) { |
828 | if (!match_pattern(options->send_env[i], arg + 1)) { |
829 | i++; |
830 | continue; |
831 | } |
832 | debug3("%s line %d: removing environment %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 833 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s line %d: removing environment %s" , filename, linenum, options->send_env[i]) |
833 | filename, linenum, options->send_env[i])sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 833 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s line %d: removing environment %s" , filename, linenum, options->send_env[i]); |
834 | free(options->send_env[i]); |
835 | options->send_env[i] = NULL((void *)0); |
836 | for (j = i; j < options->num_send_env - 1; j++) { |
837 | options->send_env[j] = options->send_env[j + 1]; |
838 | options->send_env[j + 1] = NULL((void *)0); |
839 | } |
840 | options->num_send_env--; |
841 | /* NB. don't increment i */ |
842 | } |
843 | if (onum_send_env != options->num_send_env) { |
844 | options->send_env = xrecallocarray(options->send_env, |
845 | onum_send_env, options->num_send_env, |
846 | sizeof(*options->send_env)); |
847 | } |
848 | } |
849 | |
850 | /* |
851 | * Returns the number of the token pointed to by cp or oBadOption. |
852 | */ |
853 | static OpCodes |
854 | parse_token(const char *cp, const char *filename, int linenum, |
855 | const char *ignored_unknown) |
856 | { |
857 | int i; |
858 | |
859 | for (i = 0; keywords[i].name; i++) |
860 | if (strcmp(cp, keywords[i].name) == 0) |
861 | return keywords[i].opcode; |
862 | if (ignored_unknown != NULL((void *)0) && |
863 | match_pattern_list(cp, ignored_unknown, 1) == 1) |
864 | return oIgnoredUnknownOption; |
865 | error("%s: line %d: Bad configuration option: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 866 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s: line %d: Bad configuration option: %s" , filename, linenum, cp) |
866 | filename, linenum, cp)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 866 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s: line %d: Bad configuration option: %s" , filename, linenum, cp); |
867 | return oBadOption; |
868 | } |
869 | |
870 | /* Multistate option parsing */ |
871 | struct multistate { |
872 | char *key; |
873 | int value; |
874 | }; |
875 | static const struct multistate multistate_flag[] = { |
876 | { "true", 1 }, |
877 | { "false", 0 }, |
878 | { "yes", 1 }, |
879 | { "no", 0 }, |
880 | { NULL((void *)0), -1 } |
881 | }; |
882 | static const struct multistate multistate_yesnoask[] = { |
883 | { "true", 1 }, |
884 | { "false", 0 }, |
885 | { "yes", 1 }, |
886 | { "no", 0 }, |
887 | { "ask", 2 }, |
888 | { NULL((void *)0), -1 } |
889 | }; |
890 | static const struct multistate multistate_strict_hostkey[] = { |
891 | { "true", SSH_STRICT_HOSTKEY_YES2 }, |
892 | { "false", SSH_STRICT_HOSTKEY_OFF0 }, |
893 | { "yes", SSH_STRICT_HOSTKEY_YES2 }, |
894 | { "no", SSH_STRICT_HOSTKEY_OFF0 }, |
895 | { "ask", SSH_STRICT_HOSTKEY_ASK3 }, |
896 | { "off", SSH_STRICT_HOSTKEY_OFF0 }, |
897 | { "accept-new", SSH_STRICT_HOSTKEY_NEW1 }, |
898 | { NULL((void *)0), -1 } |
899 | }; |
900 | static const struct multistate multistate_yesnoaskconfirm[] = { |
901 | { "true", 1 }, |
902 | { "false", 0 }, |
903 | { "yes", 1 }, |
904 | { "no", 0 }, |
905 | { "ask", 2 }, |
906 | { "confirm", 3 }, |
907 | { NULL((void *)0), -1 } |
908 | }; |
909 | static const struct multistate multistate_addressfamily[] = { |
910 | { "inet", AF_INET2 }, |
911 | { "inet6", AF_INET624 }, |
912 | { "any", AF_UNSPEC0 }, |
913 | { NULL((void *)0), -1 } |
914 | }; |
915 | static const struct multistate multistate_controlmaster[] = { |
916 | { "true", SSHCTL_MASTER_YES1 }, |
917 | { "yes", SSHCTL_MASTER_YES1 }, |
918 | { "false", SSHCTL_MASTER_NO0 }, |
919 | { "no", SSHCTL_MASTER_NO0 }, |
920 | { "auto", SSHCTL_MASTER_AUTO2 }, |
921 | { "ask", SSHCTL_MASTER_ASK3 }, |
922 | { "autoask", SSHCTL_MASTER_AUTO_ASK4 }, |
923 | { NULL((void *)0), -1 } |
924 | }; |
925 | static const struct multistate multistate_tunnel[] = { |
926 | { "ethernet", SSH_TUNMODE_ETHERNET0x02 }, |
927 | { "point-to-point", SSH_TUNMODE_POINTOPOINT0x01 }, |
928 | { "true", SSH_TUNMODE_DEFAULT0x01 }, |
929 | { "yes", SSH_TUNMODE_DEFAULT0x01 }, |
930 | { "false", SSH_TUNMODE_NO0x00 }, |
931 | { "no", SSH_TUNMODE_NO0x00 }, |
932 | { NULL((void *)0), -1 } |
933 | }; |
934 | static const struct multistate multistate_requesttty[] = { |
935 | { "true", REQUEST_TTY_YES2 }, |
936 | { "yes", REQUEST_TTY_YES2 }, |
937 | { "false", REQUEST_TTY_NO1 }, |
938 | { "no", REQUEST_TTY_NO1 }, |
939 | { "force", REQUEST_TTY_FORCE3 }, |
940 | { "auto", REQUEST_TTY_AUTO0 }, |
941 | { NULL((void *)0), -1 } |
942 | }; |
943 | static const struct multistate multistate_sessiontype[] = { |
944 | { "none", SESSION_TYPE_NONE0 }, |
945 | { "subsystem", SESSION_TYPE_SUBSYSTEM1 }, |
946 | { "default", SESSION_TYPE_DEFAULT2 }, |
947 | { NULL((void *)0), -1 } |
948 | }; |
949 | static const struct multistate multistate_canonicalizehostname[] = { |
950 | { "true", SSH_CANONICALISE_YES1 }, |
951 | { "false", SSH_CANONICALISE_NO0 }, |
952 | { "yes", SSH_CANONICALISE_YES1 }, |
953 | { "no", SSH_CANONICALISE_NO0 }, |
954 | { "always", SSH_CANONICALISE_ALWAYS2 }, |
955 | { NULL((void *)0), -1 } |
956 | }; |
957 | static const struct multistate multistate_pubkey_auth[] = { |
958 | { "true", SSH_PUBKEY_AUTH_ALL0x03 }, |
959 | { "false", SSH_PUBKEY_AUTH_NO0x00 }, |
960 | { "yes", SSH_PUBKEY_AUTH_ALL0x03 }, |
961 | { "no", SSH_PUBKEY_AUTH_NO0x00 }, |
962 | { "unbound", SSH_PUBKEY_AUTH_UNBOUND0x01 }, |
963 | { "host-bound", SSH_PUBKEY_AUTH_HBOUND0x02 }, |
964 | { NULL((void *)0), -1 } |
965 | }; |
966 | static const struct multistate multistate_compression[] = { |
967 | #ifdef WITH_ZLIB1 |
968 | { "yes", COMP_ZLIB1 }, |
969 | #endif |
970 | { "no", COMP_NONE0 }, |
971 | { NULL((void *)0), -1 } |
972 | }; |
973 | |
974 | static int |
975 | parse_multistate_value(const char *arg, const char *filename, int linenum, |
976 | const struct multistate *multistate_ptr) |
977 | { |
978 | int i; |
979 | |
980 | if (!arg || *arg == '\0') { |
981 | error("%s line %d: missing argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 981 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum); |
982 | return -1; |
983 | } |
984 | for (i = 0; multistate_ptr[i].key != NULL((void *)0); i++) { |
985 | if (strcasecmp(arg, multistate_ptr[i].key) == 0) |
986 | return multistate_ptr[i].value; |
987 | } |
988 | return -1; |
989 | } |
990 | |
991 | /* |
992 | * Processes a single option line as used in the configuration files. This |
993 | * only sets those values that have not already been set. |
994 | */ |
995 | int |
996 | process_config_line(Options *options, struct passwd *pw, const char *host, |
997 | const char *original_host, char *line, const char *filename, |
998 | int linenum, int *activep, int flags) |
999 | { |
1000 | return process_config_line_depth(options, pw, host, original_host, |
1001 | line, filename, linenum, activep, flags, NULL((void *)0), 0); |
1002 | } |
1003 | |
1004 | #define WHITESPACE" \t\r\n" " \t\r\n" |
1005 | static int |
1006 | process_config_line_depth(Options *options, struct passwd *pw, const char *host, |
1007 | const char *original_host, char *line, const char *filename, |
1008 | int linenum, int *activep, int flags, int *want_final_pass, int depth) |
1009 | { |
1010 | char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p; |
1011 | char **cpptr, ***cppptr, fwdarg[256]; |
1012 | u_int i, *uintptr, uvalue, max_entries = 0; |
1013 | int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; |
1014 | int remotefwd, dynamicfwd, ca_only = 0; |
1015 | LogLevel *log_level_ptr; |
1016 | SyslogFacility *log_facility_ptr; |
1017 | long long val64; |
1018 | size_t len; |
1019 | struct Forward fwd; |
1020 | const struct multistate *multistate_ptr; |
1021 | struct allowed_cname *cname; |
1022 | glob_t gl; |
1023 | const char *errstr; |
1024 | char **oav = NULL((void *)0), **av; |
1025 | int oac = 0, ac; |
1026 | int ret = -1; |
1027 | |
1028 | if (activep == NULL((void *)0)) { /* We are processing a command line directive */ |
1029 | cmdline = 1; |
1030 | activep = &cmdline; |
1031 | } |
1032 | |
1033 | /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ |
1034 | if ((len = strlen(line)) == 0) |
1035 | return 0; |
1036 | for (len--; len > 0; len--) { |
1037 | if (strchr(WHITESPACE" \t\r\n" "\f", line[len]) == NULL((void *)0)) |
1038 | break; |
1039 | line[len] = '\0'; |
1040 | } |
1041 | |
1042 | str = line; |
1043 | /* Get the keyword. (Each line is supposed to begin with a keyword). */ |
1044 | if ((keyword = strdelim(&str)) == NULL((void *)0)) |
1045 | return 0; |
1046 | /* Ignore leading whitespace. */ |
1047 | if (*keyword == '\0') |
1048 | keyword = strdelim(&str); |
1049 | if (keyword == NULL((void *)0) || !*keyword || *keyword == '\n' || *keyword == '#') |
1050 | return 0; |
1051 | /* Match lowercase keyword */ |
1052 | lowercase(keyword); |
1053 | |
1054 | /* Prepare to parse remainder of line */ |
1055 | if (str != NULL((void *)0)) |
1056 | str += strspn(str, WHITESPACE" \t\r\n"); |
1057 | if (str == NULL((void *)0) || *str == '\0') { |
1058 | error("%s line %d: no argument after keyword \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1059 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: no argument after keyword \"%s\"" , filename, linenum, keyword) |
1059 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1059 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: no argument after keyword \"%s\"" , filename, linenum, keyword); |
1060 | return -1; |
1061 | } |
1062 | opcode = parse_token(keyword, filename, linenum, |
1063 | options->ignored_unknown); |
1064 | if (argv_split(str, &oac, &oav, 1) != 0) { |
1065 | error("%s line %d: invalid quotes", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1065 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid quotes" , filename, linenum); |
1066 | return -1; |
1067 | } |
1068 | ac = oac; |
1069 | av = oav; |
1070 | |
1071 | switch (opcode) { |
1072 | case oBadOption: |
1073 | /* don't panic, but count bad options */ |
1074 | goto out; |
1075 | case oIgnore: |
1076 | argv_consume(&ac); |
1077 | break; |
1078 | case oIgnoredUnknownOption: |
1079 | debug("%s line %d: Ignored unknown option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1080 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Ignored unknown option \"%s\"" , filename, linenum, keyword) |
1080 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1080 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Ignored unknown option \"%s\"" , filename, linenum, keyword); |
1081 | argv_consume(&ac); |
1082 | break; |
1083 | case oConnectTimeout: |
1084 | intptr = &options->connection_timeout; |
1085 | parse_time: |
1086 | arg = argv_next(&ac, &av); |
1087 | if (!arg || *arg == '\0') { |
1088 | error("%s line %d: missing time value.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1089 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing time value." , filename, linenum) |
1089 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1089 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing time value." , filename, linenum); |
1090 | goto out; |
1091 | } |
1092 | if (strcmp(arg, "none") == 0) |
1093 | value = -1; |
1094 | else if ((value = convtime(arg)) == -1) { |
1095 | error("%s line %d: invalid time value.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1096 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum) |
1096 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1096 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum); |
1097 | goto out; |
1098 | } |
1099 | if (*activep && *intptr == -1) |
1100 | *intptr = value; |
1101 | break; |
1102 | |
1103 | case oForwardAgent: |
1104 | intptr = &options->forward_agent; |
1105 | |
1106 | arg = argv_next(&ac, &av); |
1107 | if (!arg || *arg == '\0') { |
1108 | error("%s line %d: missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1109 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum) |
1109 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1109 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument." , filename, linenum); |
1110 | goto out; |
1111 | } |
1112 | |
1113 | value = -1; |
1114 | multistate_ptr = multistate_flag; |
1115 | for (i = 0; multistate_ptr[i].key != NULL((void *)0); i++) { |
1116 | if (strcasecmp(arg, multistate_ptr[i].key) == 0) { |
1117 | value = multistate_ptr[i].value; |
1118 | break; |
1119 | } |
1120 | } |
1121 | if (value != -1) { |
1122 | if (*activep && *intptr == -1) |
1123 | *intptr = value; |
1124 | break; |
1125 | } |
1126 | /* ForwardAgent wasn't 'yes' or 'no', assume a path */ |
1127 | if (*activep && *intptr == -1) |
1128 | *intptr = 1; |
1129 | |
1130 | charptr = &options->forward_agent_sock_path; |
1131 | goto parse_agent_path; |
1132 | |
1133 | case oForwardX11: |
1134 | intptr = &options->forward_x11; |
1135 | parse_flag: |
1136 | multistate_ptr = multistate_flag; |
1137 | parse_multistate: |
1138 | arg = argv_next(&ac, &av); |
1139 | if ((value = parse_multistate_value(arg, filename, linenum, |
1140 | multistate_ptr)) == -1) { |
1141 | error("%s line %d: unsupported option \"%s\".",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1142 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option \"%s\"." , filename, linenum, arg) |
1142 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1142 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option \"%s\"." , filename, linenum, arg); |
1143 | goto out; |
1144 | } |
1145 | if (*activep && *intptr == -1) |
1146 | *intptr = value; |
1147 | break; |
1148 | |
1149 | case oForwardX11Trusted: |
1150 | intptr = &options->forward_x11_trusted; |
1151 | goto parse_flag; |
1152 | |
1153 | case oForwardX11Timeout: |
1154 | intptr = &options->forward_x11_timeout; |
1155 | goto parse_time; |
1156 | |
1157 | case oGatewayPorts: |
1158 | intptr = &options->fwd_opts.gateway_ports; |
1159 | goto parse_flag; |
1160 | |
1161 | case oExitOnForwardFailure: |
1162 | intptr = &options->exit_on_forward_failure; |
1163 | goto parse_flag; |
1164 | |
1165 | case oPasswordAuthentication: |
1166 | intptr = &options->password_authentication; |
1167 | goto parse_flag; |
1168 | |
1169 | case oKbdInteractiveAuthentication: |
1170 | intptr = &options->kbd_interactive_authentication; |
1171 | goto parse_flag; |
1172 | |
1173 | case oKbdInteractiveDevices: |
1174 | charptr = &options->kbd_interactive_devices; |
1175 | goto parse_string; |
1176 | |
1177 | case oPubkeyAuthentication: |
1178 | multistate_ptr = multistate_pubkey_auth; |
1179 | intptr = &options->pubkey_authentication; |
1180 | goto parse_multistate; |
1181 | |
1182 | case oHostbasedAuthentication: |
1183 | intptr = &options->hostbased_authentication; |
1184 | goto parse_flag; |
1185 | |
1186 | case oGssAuthentication: |
1187 | intptr = &options->gss_authentication; |
1188 | goto parse_flag; |
1189 | |
1190 | case oGssDelegateCreds: |
1191 | intptr = &options->gss_deleg_creds; |
1192 | goto parse_flag; |
1193 | |
1194 | case oBatchMode: |
1195 | intptr = &options->batch_mode; |
1196 | goto parse_flag; |
1197 | |
1198 | case oCheckHostIP: |
1199 | intptr = &options->check_host_ip; |
1200 | goto parse_flag; |
1201 | |
1202 | case oVerifyHostKeyDNS: |
1203 | intptr = &options->verify_host_key_dns; |
1204 | multistate_ptr = multistate_yesnoask; |
1205 | goto parse_multistate; |
1206 | |
1207 | case oStrictHostKeyChecking: |
1208 | intptr = &options->strict_host_key_checking; |
1209 | multistate_ptr = multistate_strict_hostkey; |
1210 | goto parse_multistate; |
1211 | |
1212 | case oCompression: |
1213 | intptr = &options->compression; |
1214 | multistate_ptr = multistate_compression; |
1215 | goto parse_multistate; |
1216 | |
1217 | case oTCPKeepAlive: |
1218 | intptr = &options->tcp_keep_alive; |
1219 | goto parse_flag; |
1220 | |
1221 | case oNoHostAuthenticationForLocalhost: |
1222 | intptr = &options->no_host_authentication_for_localhost; |
1223 | goto parse_flag; |
1224 | |
1225 | case oNumberOfPasswordPrompts: |
1226 | intptr = &options->number_of_password_prompts; |
1227 | goto parse_int; |
1228 | |
1229 | case oRekeyLimit: |
1230 | arg = argv_next(&ac, &av); |
1231 | if (!arg || *arg == '\0') { |
1232 | error("%.200s line %d: Missing argument.", filename,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1233 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1233 | linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1233 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1234 | goto out; |
1235 | } |
1236 | if (strcmp(arg, "default") == 0) { |
1237 | val64 = 0; |
1238 | } else { |
1239 | if (scan_scaled(arg, &val64) == -1) { |
1240 | error("%.200s line %d: Bad number '%s': %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1241 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad number '%s': %s" , filename, linenum, arg, strerror((*__errno()))) |
1241 | filename, linenum, arg, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1241 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad number '%s': %s" , filename, linenum, arg, strerror((*__errno()))); |
1242 | goto out; |
1243 | } |
1244 | if (val64 != 0 && val64 < 16) { |
1245 | error("%.200s line %d: RekeyLimit too small",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1246 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: RekeyLimit too small" , filename, linenum) |
1246 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1246 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: RekeyLimit too small" , filename, linenum); |
1247 | goto out; |
1248 | } |
1249 | } |
1250 | if (*activep && options->rekey_limit == -1) |
1251 | options->rekey_limit = val64; |
1252 | if (ac != 0) { /* optional rekey interval present */ |
1253 | if (strcmp(av[0], "none") == 0) { |
1254 | (void)argv_next(&ac, &av); /* discard */ |
1255 | break; |
1256 | } |
1257 | intptr = &options->rekey_interval; |
1258 | goto parse_time; |
1259 | } |
1260 | break; |
1261 | |
1262 | case oIdentityFile: |
1263 | arg = argv_next(&ac, &av); |
1264 | if (!arg || *arg == '\0') { |
1265 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1266 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1266 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1266 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1267 | goto out; |
1268 | } |
1269 | if (*activep) { |
1270 | intptr = &options->num_identity_files; |
1271 | if (*intptr >= SSH_MAX_IDENTITY_FILES100) { |
1272 | error("%.200s line %d: Too many identity files "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1274 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100) |
1273 | "specified (max %d).", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1274 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100) |
1274 | SSH_MAX_IDENTITY_FILES)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1274 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many identity files " "specified (max %d).", filename, linenum, 100); |
1275 | goto out; |
1276 | } |
1277 | add_identity_file(options, NULL((void *)0), |
1278 | arg, flags & SSHCONF_USERCONF2); |
1279 | } |
1280 | break; |
1281 | |
1282 | case oCertificateFile: |
1283 | arg = argv_next(&ac, &av); |
1284 | if (!arg || *arg == '\0') { |
1285 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1286 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1286 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1286 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1287 | goto out; |
1288 | } |
1289 | if (*activep) { |
1290 | intptr = &options->num_certificate_files; |
1291 | if (*intptr >= SSH_MAX_CERTIFICATE_FILES100) { |
1292 | error("%.200s line %d: Too many certificate "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1295 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1293 | "files specified (max %d).",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1295 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1294 | filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1295 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100) |
1295 | SSH_MAX_CERTIFICATE_FILES)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1295 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Too many certificate " "files specified (max %d).", filename, linenum, 100); |
1296 | goto out; |
1297 | } |
1298 | add_certificate_file(options, arg, |
1299 | flags & SSHCONF_USERCONF2); |
1300 | } |
1301 | break; |
1302 | |
1303 | case oXAuthLocation: |
1304 | charptr=&options->xauth_location; |
1305 | goto parse_string; |
1306 | |
1307 | case oUser: |
1308 | charptr = &options->user; |
1309 | parse_string: |
1310 | arg = argv_next(&ac, &av); |
1311 | if (!arg || *arg == '\0') { |
1312 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1313 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1313 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1313 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1314 | goto out; |
1315 | } |
1316 | if (*activep && *charptr == NULL((void *)0)) |
1317 | *charptr = xstrdup(arg); |
1318 | break; |
1319 | |
1320 | case oGlobalKnownHostsFile: |
1321 | cpptr = (char **)&options->system_hostfiles; |
1322 | uintptr = &options->num_system_hostfiles; |
1323 | max_entries = SSH_MAX_HOSTS_FILES32; |
1324 | parse_char_array: |
1325 | i = 0; |
1326 | value = *uintptr == 0; /* was array empty when we started? */ |
1327 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1328 | if (*arg == '\0') { |
1329 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1330 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1330 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1330 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1331 | goto out; |
1332 | } |
1333 | /* Allow "none" only in first position */ |
1334 | if (strcasecmp(arg, "none") == 0) { |
1335 | if (i > 0 || ac > 0) { |
1336 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1338 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1337 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1338 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1338 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1338 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
1339 | goto out; |
1340 | } |
1341 | } |
1342 | i++; |
1343 | if (*activep && value) { |
1344 | if ((*uintptr) >= max_entries) { |
1345 | error("%s line %d: too many %s "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword) |
1346 | "entries.", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword) |
1347 | keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many %s " "entries.", filename, linenum, keyword); |
1348 | goto out; |
1349 | } |
1350 | cpptr[(*uintptr)++] = xstrdup(arg); |
1351 | } |
1352 | } |
1353 | break; |
1354 | |
1355 | case oUserKnownHostsFile: |
1356 | cpptr = (char **)&options->user_hostfiles; |
1357 | uintptr = &options->num_user_hostfiles; |
1358 | max_entries = SSH_MAX_HOSTS_FILES32; |
1359 | goto parse_char_array; |
1360 | |
1361 | case oHostname: |
1362 | charptr = &options->hostname; |
1363 | goto parse_string; |
1364 | |
1365 | case oTag: |
1366 | charptr = &options->tag; |
1367 | goto parse_string; |
1368 | |
1369 | case oHostKeyAlias: |
1370 | charptr = &options->host_key_alias; |
1371 | goto parse_string; |
1372 | |
1373 | case oPreferredAuthentications: |
1374 | charptr = &options->preferred_authentications; |
1375 | goto parse_string; |
1376 | |
1377 | case oBindAddress: |
1378 | charptr = &options->bind_address; |
1379 | goto parse_string; |
1380 | |
1381 | case oBindInterface: |
1382 | charptr = &options->bind_interface; |
1383 | goto parse_string; |
1384 | |
1385 | case oPKCS11Provider: |
1386 | charptr = &options->pkcs11_provider; |
1387 | goto parse_string; |
1388 | |
1389 | case oSecurityKeyProvider: |
1390 | charptr = &options->sk_provider; |
1391 | goto parse_string; |
1392 | |
1393 | case oKnownHostsCommand: |
1394 | charptr = &options->known_hosts_command; |
1395 | goto parse_command; |
1396 | |
1397 | case oProxyCommand: |
1398 | charptr = &options->proxy_command; |
1399 | /* Ignore ProxyCommand if ProxyJump already specified */ |
1400 | if (options->jump_host != NULL((void *)0)) |
1401 | charptr = &options->jump_host; /* Skip below */ |
1402 | parse_command: |
1403 | if (str == NULL((void *)0)) { |
1404 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1405 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1405 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1405 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1406 | goto out; |
1407 | } |
1408 | len = strspn(str, WHITESPACE" \t\r\n" "="); |
1409 | if (*activep && *charptr == NULL((void *)0)) |
1410 | *charptr = xstrdup(str + len); |
1411 | argv_consume(&ac); |
1412 | break; |
1413 | |
1414 | case oProxyJump: |
1415 | if (str == NULL((void *)0)) { |
1416 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1417 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1417 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1417 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1418 | goto out; |
1419 | } |
1420 | len = strspn(str, WHITESPACE" \t\r\n" "="); |
1421 | /* XXX use argv? */ |
1422 | if (parse_jump(str + len, options, *activep) == -1) { |
1423 | error("%.200s line %d: Invalid ProxyJump \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1424 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid ProxyJump \"%s\"" , filename, linenum, str + len) |
1424 | filename, linenum, str + len)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1424 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid ProxyJump \"%s\"" , filename, linenum, str + len); |
1425 | goto out; |
1426 | } |
1427 | argv_consume(&ac); |
1428 | break; |
1429 | |
1430 | case oPort: |
1431 | arg = argv_next(&ac, &av); |
1432 | if (!arg || *arg == '\0') { |
1433 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1434 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1434 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1434 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1435 | goto out; |
1436 | } |
1437 | value = a2port(arg); |
1438 | if (value <= 0) { |
1439 | error("%.200s line %d: Bad port '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1440 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad port '%s'." , filename, linenum, arg) |
1440 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1440 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad port '%s'." , filename, linenum, arg); |
1441 | goto out; |
1442 | } |
1443 | if (*activep && options->port == -1) |
1444 | options->port = value; |
1445 | break; |
1446 | |
1447 | case oConnectionAttempts: |
1448 | intptr = &options->connection_attempts; |
1449 | parse_int: |
1450 | arg = argv_next(&ac, &av); |
1451 | if ((errstr = atoi_err(arg, &value)) != NULL((void *)0)) { |
1452 | error("%s line %d: integer value %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1453 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr) |
1453 | filename, linenum, errstr)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1453 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr); |
1454 | goto out; |
1455 | } |
1456 | if (*activep && *intptr == -1) |
1457 | *intptr = value; |
1458 | break; |
1459 | |
1460 | case oCiphers: |
1461 | arg = argv_next(&ac, &av); |
1462 | if (!arg || *arg == '\0') { |
1463 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1464 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1464 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1465 | goto out; |
1466 | } |
1467 | if (*arg != '-' && |
1468 | !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)){ |
1469 | error("%.200s line %d: Bad SSH2 cipher spec '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1470 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 cipher spec '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1470 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1470 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 cipher spec '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1471 | goto out; |
1472 | } |
1473 | if (*activep && options->ciphers == NULL((void *)0)) |
1474 | options->ciphers = xstrdup(arg); |
1475 | break; |
1476 | |
1477 | case oMacs: |
1478 | arg = argv_next(&ac, &av); |
1479 | if (!arg || *arg == '\0') { |
1480 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1481 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1481 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1481 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1482 | goto out; |
1483 | } |
1484 | if (*arg != '-' && |
1485 | !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) { |
1486 | error("%.200s line %d: Bad SSH2 MAC spec '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1487 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 MAC spec '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1487 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1487 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 MAC spec '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1488 | goto out; |
1489 | } |
1490 | if (*activep && options->macs == NULL((void *)0)) |
1491 | options->macs = xstrdup(arg); |
1492 | break; |
1493 | |
1494 | case oKexAlgorithms: |
1495 | arg = argv_next(&ac, &av); |
1496 | if (!arg || *arg == '\0') { |
1497 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1498 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1498 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1498 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1499 | goto out; |
1500 | } |
1501 | if (*arg != '-' && |
1502 | !kex_names_valid(*arg == '+' || *arg == '^' ? |
1503 | arg + 1 : arg)) { |
1504 | error("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1505 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 KexAlgorithms '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1505 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1505 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad SSH2 KexAlgorithms '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1506 | goto out; |
1507 | } |
1508 | if (*activep && options->kex_algorithms == NULL((void *)0)) |
1509 | options->kex_algorithms = xstrdup(arg); |
1510 | break; |
1511 | |
1512 | case oHostKeyAlgorithms: |
1513 | charptr = &options->hostkeyalgorithms; |
1514 | ca_only = 0; |
1515 | parse_pubkey_algos: |
1516 | arg = argv_next(&ac, &av); |
1517 | if (!arg || *arg == '\0') { |
1518 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1519 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1519 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1519 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1520 | goto out; |
1521 | } |
1522 | if (*arg != '-' && |
1523 | !sshkey_names_valid2(*arg == '+' || *arg == '^' ? |
1524 | arg + 1 : arg, 1, ca_only)) { |
1525 | error("%s line %d: Bad key types '%s'.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1526 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad key types '%s'." , filename, linenum, arg ? arg : "<NONE>") |
1526 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1526 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad key types '%s'." , filename, linenum, arg ? arg : "<NONE>"); |
1527 | goto out; |
1528 | } |
1529 | if (*activep && *charptr == NULL((void *)0)) |
1530 | *charptr = xstrdup(arg); |
1531 | break; |
1532 | |
1533 | case oCASignatureAlgorithms: |
1534 | charptr = &options->ca_sign_algorithms; |
1535 | ca_only = 1; |
1536 | goto parse_pubkey_algos; |
1537 | |
1538 | case oLogLevel: |
1539 | log_level_ptr = &options->log_level; |
1540 | arg = argv_next(&ac, &av); |
1541 | value = log_level_number(arg); |
1542 | if (value == SYSLOG_LEVEL_NOT_SET) { |
1543 | error("%.200s line %d: unsupported log level '%s'",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1544 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log level '%s'" , filename, linenum, arg ? arg : "<NONE>") |
1544 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1544 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log level '%s'" , filename, linenum, arg ? arg : "<NONE>"); |
1545 | goto out; |
1546 | } |
1547 | if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET) |
1548 | *log_level_ptr = (LogLevel) value; |
1549 | break; |
1550 | |
1551 | case oLogFacility: |
1552 | log_facility_ptr = &options->log_facility; |
1553 | arg = argv_next(&ac, &av); |
1554 | value = log_facility_number(arg); |
1555 | if (value == SYSLOG_FACILITY_NOT_SET) { |
1556 | error("%.200s line %d: unsupported log facility '%s'",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1557 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log facility '%s'" , filename, linenum, arg ? arg : "<NONE>") |
1557 | filename, linenum, arg ? arg : "<NONE>")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1557 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: unsupported log facility '%s'" , filename, linenum, arg ? arg : "<NONE>"); |
1558 | goto out; |
1559 | } |
1560 | if (*log_facility_ptr == -1) |
1561 | *log_facility_ptr = (SyslogFacility) value; |
1562 | break; |
1563 | |
1564 | case oLogVerbose: |
1565 | cppptr = &options->log_verbose; |
1566 | uintptr = &options->num_log_verbose; |
1567 | i = 0; |
1568 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1569 | if (*arg == '\0') { |
1570 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1571 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1571 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1571 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1572 | goto out; |
1573 | } |
1574 | /* Allow "none" only in first position */ |
1575 | if (strcasecmp(arg, "none") == 0) { |
1576 | if (i > 0 || ac > 0) { |
1577 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1579 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1578 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1579 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
1579 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1579 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
1580 | goto out; |
1581 | } |
1582 | } |
1583 | i++; |
1584 | if (*activep && *uintptr == 0) { |
1585 | *cppptr = xrecallocarray(*cppptr, *uintptr, |
1586 | *uintptr + 1, sizeof(**cppptr)); |
1587 | (*cppptr)[(*uintptr)++] = xstrdup(arg); |
1588 | } |
1589 | } |
1590 | break; |
1591 | |
1592 | case oLocalForward: |
1593 | case oRemoteForward: |
1594 | case oDynamicForward: |
1595 | arg = argv_next(&ac, &av); |
1596 | if (!arg || *arg == '\0') { |
1597 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1598 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1598 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1598 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1599 | goto out; |
1600 | } |
1601 | |
1602 | remotefwd = (opcode == oRemoteForward); |
1603 | dynamicfwd = (opcode == oDynamicForward); |
1604 | |
1605 | if (!dynamicfwd) { |
1606 | arg2 = argv_next(&ac, &av); |
1607 | if (arg2 == NULL((void *)0) || *arg2 == '\0') { |
1608 | if (remotefwd) |
1609 | dynamicfwd = 1; |
1610 | else { |
1611 | error("%.200s line %d: Missing target "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1612 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing target " "argument.", filename, linenum) |
1612 | "argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1612 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing target " "argument.", filename, linenum); |
1613 | goto out; |
1614 | } |
1615 | } else { |
1616 | /* construct a string for parse_forward */ |
1617 | snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, |
1618 | arg2); |
1619 | } |
1620 | } |
1621 | if (dynamicfwd) |
1622 | strlcpy(fwdarg, arg, sizeof(fwdarg)); |
1623 | |
1624 | if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) { |
1625 | error("%.200s line %d: Bad forwarding specification.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1626 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad forwarding specification." , filename, linenum) |
1626 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1626 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad forwarding specification." , filename, linenum); |
1627 | goto out; |
1628 | } |
1629 | |
1630 | if (*activep) { |
1631 | if (remotefwd) { |
1632 | add_remote_forward(options, &fwd); |
1633 | } else { |
1634 | add_local_forward(options, &fwd); |
1635 | } |
1636 | } |
1637 | break; |
1638 | |
1639 | case oPermitRemoteOpen: |
1640 | uintptr = &options->num_permitted_remote_opens; |
1641 | cppptr = &options->permitted_remote_opens; |
1642 | uvalue = *uintptr; /* modified later */ |
1643 | i = 0; |
1644 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1645 | arg2 = xstrdup(arg); |
1646 | /* Allow any/none only in first position */ |
1647 | if (strcasecmp(arg, "none") == 0 || |
1648 | strcasecmp(arg, "any") == 0) { |
1649 | if (i > 0 || ac > 0) { |
1650 | error("%s line %d: keyword %s \"%s\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1652 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"%s\" " "argument must appear alone.", filename, linenum, keyword, arg ) |
1651 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1652 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"%s\" " "argument must appear alone.", filename, linenum, keyword, arg ) |
1652 | filename, linenum, keyword, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1652 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"%s\" " "argument must appear alone.", filename, linenum, keyword, arg ); |
1653 | free(arg2); |
1654 | goto out; |
1655 | } |
1656 | } else { |
1657 | p = hpdelim(&arg); |
1658 | if (p == NULL((void *)0)) { |
1659 | fatal("%s line %d: missing host in %s",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1661 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1660 | filename, linenum,sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1661 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)) |
1661 | lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1661 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing host in %s" , filename, linenum, lookup_opcode_name(opcode)); |
1662 | } |
1663 | p = cleanhostname(p); |
Value stored to 'p' is never read | |
1664 | /* |
1665 | * don't want to use permitopen_port to avoid |
1666 | * dependency on channels.[ch] here. |
1667 | */ |
1668 | if (arg == NULL((void *)0) || (strcmp(arg, "*") != 0 && |
1669 | a2port(arg) <= 0)) { |
1670 | fatal("%s line %d: bad port number "sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1672 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number " "in %s", filename, linenum, lookup_opcode_name(opcode)) |
1671 | "in %s", filename, linenum,sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1672 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number " "in %s", filename, linenum, lookup_opcode_name(opcode)) |
1672 | lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1672 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: bad port number " "in %s", filename, linenum, lookup_opcode_name(opcode)); |
1673 | } |
1674 | } |
1675 | if (*activep && uvalue == 0) { |
1676 | opt_array_append(filename, linenum, |
1677 | lookup_opcode_name(opcode), |
1678 | cppptr, uintptr, arg2); |
1679 | } |
1680 | free(arg2); |
1681 | i++; |
1682 | } |
1683 | if (i == 0) |
1684 | fatal("%s line %d: missing %s specification",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1685 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing %s specification" , filename, linenum, lookup_opcode_name(opcode)) |
1685 | filename, linenum, lookup_opcode_name(opcode))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1685 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: missing %s specification" , filename, linenum, lookup_opcode_name(opcode)); |
1686 | break; |
1687 | |
1688 | case oClearAllForwardings: |
1689 | intptr = &options->clear_forwardings; |
1690 | goto parse_flag; |
1691 | |
1692 | case oHost: |
1693 | if (cmdline) { |
1694 | error("Host directive not supported as a command-line "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1695 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option") |
1695 | "option")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1695 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option"); |
1696 | goto out; |
1697 | } |
1698 | *activep = 0; |
1699 | arg2 = NULL((void *)0); |
1700 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1701 | if (*arg == '\0') { |
1702 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1703 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1703 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1703 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1704 | goto out; |
1705 | } |
1706 | if ((flags & SSHCONF_NEVERMATCH8) != 0) { |
1707 | argv_consume(&ac); |
1708 | break; |
1709 | } |
1710 | negated = *arg == '!'; |
1711 | if (negated) |
1712 | arg++; |
1713 | if (match_pattern(host, arg)) { |
1714 | if (negated) { |
1715 | debug("%.200s line %d: Skipping Host "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1718 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1716 | "block because of negated match "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1718 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1717 | "for %.100s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1718 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg) |
1718 | arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1718 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Skipping Host " "block because of negated match " "for %.100s", filename, linenum , arg); |
1719 | *activep = 0; |
1720 | argv_consume(&ac); |
1721 | break; |
1722 | } |
1723 | if (!*activep) |
1724 | arg2 = arg; /* logged below */ |
1725 | *activep = 1; |
1726 | } |
1727 | } |
1728 | if (*activep) |
1729 | debug("%.200s line %d: Applying options for %.100s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1730 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Applying options for %.100s" , filename, linenum, arg2) |
1730 | filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1730 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: Applying options for %.100s" , filename, linenum, arg2); |
1731 | break; |
1732 | |
1733 | case oMatch: |
1734 | if (cmdline) { |
1735 | error("Host directive not supported as a command-line "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1736 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option") |
1736 | "option")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1736 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Host directive not supported as a command-line " "option"); |
1737 | goto out; |
1738 | } |
1739 | value = match_cfg_line(options, &str, pw, host, original_host, |
1740 | flags & SSHCONF_FINAL4, want_final_pass, |
1741 | filename, linenum); |
1742 | if (value < 0) { |
1743 | error("%.200s line %d: Bad Match condition", filename,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1744 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad Match condition" , filename, linenum) |
1744 | linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1744 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad Match condition" , filename, linenum); |
1745 | goto out; |
1746 | } |
1747 | *activep = (flags & SSHCONF_NEVERMATCH8) ? 0 : value; |
1748 | /* |
1749 | * If match_cfg_line() didn't consume all its arguments then |
1750 | * arrange for the extra arguments check below to fail. |
1751 | */ |
1752 | |
1753 | if (str == NULL((void *)0) || *str == '\0') |
1754 | argv_consume(&ac); |
1755 | break; |
1756 | |
1757 | case oEscapeChar: |
1758 | intptr = &options->escape_char; |
1759 | arg = argv_next(&ac, &av); |
1760 | if (!arg || *arg == '\0') { |
1761 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1762 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1762 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1762 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1763 | goto out; |
1764 | } |
1765 | if (strcmp(arg, "none") == 0) |
1766 | value = SSH_ESCAPECHAR_NONE-2; |
1767 | else if (arg[1] == '\0') |
1768 | value = (u_char) arg[0]; |
1769 | else if (arg[0] == '^' && arg[2] == 0 && |
1770 | (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) |
1771 | value = (u_char) arg[1] & 31; |
1772 | else { |
1773 | error("%.200s line %d: Bad escape character.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1774 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad escape character." , filename, linenum) |
1774 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1774 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad escape character." , filename, linenum); |
1775 | goto out; |
1776 | } |
1777 | if (*activep && *intptr == -1) |
1778 | *intptr = value; |
1779 | break; |
1780 | |
1781 | case oAddressFamily: |
1782 | intptr = &options->address_family; |
1783 | multistate_ptr = multistate_addressfamily; |
1784 | goto parse_multistate; |
1785 | |
1786 | case oEnableSSHKeysign: |
1787 | intptr = &options->enable_ssh_keysign; |
1788 | goto parse_flag; |
1789 | |
1790 | case oIdentitiesOnly: |
1791 | intptr = &options->identities_only; |
1792 | goto parse_flag; |
1793 | |
1794 | case oServerAliveInterval: |
1795 | intptr = &options->server_alive_interval; |
1796 | goto parse_time; |
1797 | |
1798 | case oServerAliveCountMax: |
1799 | intptr = &options->server_alive_count_max; |
1800 | goto parse_int; |
1801 | |
1802 | case oSendEnv: |
1803 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1804 | if (*arg == '\0' || strchr(arg, '=') != NULL((void *)0)) { |
1805 | error("%s line %d: Invalid environment name.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1806 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid environment name." , filename, linenum) |
1806 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1806 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid environment name." , filename, linenum); |
1807 | goto out; |
1808 | } |
1809 | if (!*activep) |
1810 | continue; |
1811 | if (*arg == '-') { |
1812 | /* Removing an env var */ |
1813 | rm_env(options, arg, filename, linenum); |
1814 | continue; |
1815 | } |
1816 | opt_array_append(filename, linenum, |
1817 | lookup_opcode_name(opcode), |
1818 | &options->send_env, &options->num_send_env, arg); |
1819 | } |
1820 | break; |
1821 | |
1822 | case oSetEnv: |
1823 | value = options->num_setenv; |
1824 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1825 | if (strchr(arg, '=') == NULL((void *)0)) { |
1826 | error("%s line %d: Invalid SetEnv.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1827 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid SetEnv." , filename, linenum) |
1827 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1827 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Invalid SetEnv." , filename, linenum); |
1828 | goto out; |
1829 | } |
1830 | if (!*activep || value != 0) |
1831 | continue; |
1832 | if (lookup_setenv_in_list(arg, options->setenv, |
1833 | options->num_setenv) != NULL((void *)0)) { |
1834 | debug2("%s line %d: ignoring duplicate env "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1835 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg) |
1835 | "name \"%.64s\"", filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1835 , 0, SYSLOG_LEVEL_DEBUG2, ((void *)0), "%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg); |
1836 | continue; |
1837 | } |
1838 | opt_array_append(filename, linenum, |
1839 | lookup_opcode_name(opcode), |
1840 | &options->setenv, &options->num_setenv, arg); |
1841 | } |
1842 | break; |
1843 | |
1844 | case oControlPath: |
1845 | charptr = &options->control_path; |
1846 | goto parse_string; |
1847 | |
1848 | case oControlMaster: |
1849 | intptr = &options->control_master; |
1850 | multistate_ptr = multistate_controlmaster; |
1851 | goto parse_multistate; |
1852 | |
1853 | case oControlPersist: |
1854 | /* no/false/yes/true, or a time spec */ |
1855 | intptr = &options->control_persist; |
1856 | arg = argv_next(&ac, &av); |
1857 | if (!arg || *arg == '\0') { |
1858 | error("%.200s line %d: Missing ControlPersist"sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1859 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing ControlPersist" " argument.", filename, linenum) |
1859 | " argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1859 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing ControlPersist" " argument.", filename, linenum); |
1860 | goto out; |
1861 | } |
1862 | value = 0; |
1863 | value2 = 0; /* timeout */ |
1864 | if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) |
1865 | value = 0; |
1866 | else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) |
1867 | value = 1; |
1868 | else if ((value2 = convtime(arg)) >= 0) |
1869 | value = 1; |
1870 | else { |
1871 | error("%.200s line %d: Bad ControlPersist argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1872 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad ControlPersist argument." , filename, linenum) |
1872 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1872 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad ControlPersist argument." , filename, linenum); |
1873 | goto out; |
1874 | } |
1875 | if (*activep && *intptr == -1) { |
1876 | *intptr = value; |
1877 | options->control_persist_timeout = value2; |
1878 | } |
1879 | break; |
1880 | |
1881 | case oHashKnownHosts: |
1882 | intptr = &options->hash_known_hosts; |
1883 | goto parse_flag; |
1884 | |
1885 | case oTunnel: |
1886 | intptr = &options->tun_open; |
1887 | multistate_ptr = multistate_tunnel; |
1888 | goto parse_multistate; |
1889 | |
1890 | case oTunnelDevice: |
1891 | arg = argv_next(&ac, &av); |
1892 | if (!arg || *arg == '\0') { |
1893 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1894 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
1894 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1894 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
1895 | goto out; |
1896 | } |
1897 | value = a2tun(arg, &value2); |
1898 | if (value == SSH_TUNID_ERR(0x7fffffff - 1)) { |
1899 | error("%.200s line %d: Bad tun device.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1900 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad tun device." , filename, linenum) |
1900 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1900 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad tun device." , filename, linenum); |
1901 | goto out; |
1902 | } |
1903 | if (*activep && options->tun_local == -1) { |
1904 | options->tun_local = value; |
1905 | options->tun_remote = value2; |
1906 | } |
1907 | break; |
1908 | |
1909 | case oLocalCommand: |
1910 | charptr = &options->local_command; |
1911 | goto parse_command; |
1912 | |
1913 | case oPermitLocalCommand: |
1914 | intptr = &options->permit_local_command; |
1915 | goto parse_flag; |
1916 | |
1917 | case oRemoteCommand: |
1918 | charptr = &options->remote_command; |
1919 | goto parse_command; |
1920 | |
1921 | case oVisualHostKey: |
1922 | intptr = &options->visual_host_key; |
1923 | goto parse_flag; |
1924 | |
1925 | case oInclude: |
1926 | if (cmdline) { |
1927 | error("Include directive not supported as a "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1928 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Include directive not supported as a " "command-line option") |
1928 | "command-line option")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1928 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Include directive not supported as a " "command-line option"); |
1929 | goto out; |
1930 | } |
1931 | value = 0; |
1932 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
1933 | if (*arg == '\0') { |
1934 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1935 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
1935 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1935 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
1936 | goto out; |
1937 | } |
1938 | /* |
1939 | * Ensure all paths are anchored. User configuration |
1940 | * files may begin with '~/' but system configurations |
1941 | * must not. If the path is relative, then treat it |
1942 | * as living in ~/.ssh for user configurations or |
1943 | * /etc/ssh for system ones. |
1944 | */ |
1945 | if (*arg == '~' && (flags & SSHCONF_USERCONF2) == 0) { |
1946 | error("%.200s line %d: bad include path %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1947 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: bad include path %s." , filename, linenum, arg) |
1947 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1947 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: bad include path %s." , filename, linenum, arg); |
1948 | goto out; |
1949 | } |
1950 | if (!path_absolute(arg) && *arg != '~') { |
1951 | xasprintf(&arg2, "%s/%s", |
1952 | (flags & SSHCONF_USERCONF2) ? |
1953 | "~/" _PATH_SSH_USER_DIR".ssh" : SSHDIR"/etc" "/ssh", arg); |
1954 | } else |
1955 | arg2 = xstrdup(arg); |
1956 | memset(&gl, 0, sizeof(gl)); |
1957 | r = glob(arg2, GLOB_TILDE0x0800, NULL((void *)0), &gl); |
1958 | if (r == GLOB_NOMATCH(-3)) { |
1959 | debug("%.200s line %d: include %s matched no "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1960 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: include %s matched no " "files",filename, linenum, arg2) |
1960 | "files",filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1960 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%.200s line %d: include %s matched no " "files",filename, linenum, arg2); |
1961 | free(arg2); |
1962 | continue; |
1963 | } else if (r != 0) { |
1964 | error("%.200s line %d: glob failed for %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1965 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: glob failed for %s." , filename, linenum, arg2) |
1965 | filename, linenum, arg2)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1965 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: glob failed for %s." , filename, linenum, arg2); |
1966 | goto out; |
1967 | } |
1968 | free(arg2); |
1969 | oactive = *activep; |
1970 | for (i = 0; i < gl.gl_pathc; i++) { |
1971 | debug3("%.200s line %d: Including file %s "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1974 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1972 | "depth %d%s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1974 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1973 | gl.gl_pathv[i], depth,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1974 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)") |
1974 | oactive ? "" : " (parse only)")sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1974 , 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%.200s line %d: Including file %s " "depth %d%s", filename, linenum, gl.gl_pathv[i], depth, oactive ? "" : " (parse only)"); |
1975 | r = read_config_file_depth(gl.gl_pathv[i], |
1976 | pw, host, original_host, options, |
1977 | flags | SSHCONF_CHECKPERM1 | |
1978 | (oactive ? 0 : SSHCONF_NEVERMATCH8), |
1979 | activep, want_final_pass, depth + 1); |
1980 | if (r != 1 && errno(*__errno()) != ENOENT2) { |
1981 | error("Can't open user config file "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1983 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))) |
1982 | "%.100s: %.100s", gl.gl_pathv[i],sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1983 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))) |
1983 | strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 1983 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Can't open user config file " "%.100s: %.100s", gl.gl_pathv[i], strerror((*__errno()))); |
1984 | globfree(&gl); |
1985 | goto out; |
1986 | } |
1987 | /* |
1988 | * don't let Match in includes clobber the |
1989 | * containing file's Match state. |
1990 | */ |
1991 | *activep = oactive; |
1992 | if (r != 1) |
1993 | value = -1; |
1994 | } |
1995 | globfree(&gl); |
1996 | } |
1997 | if (value != 0) |
1998 | ret = value; |
1999 | break; |
2000 | |
2001 | case oIPQoS: |
2002 | arg = argv_next(&ac, &av); |
2003 | if ((value = parse_ipqos(arg)) == -1) { |
2004 | error("%s line %d: Bad IPQoS value: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2005 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg) |
2005 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2005 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg); |
2006 | goto out; |
2007 | } |
2008 | arg = argv_next(&ac, &av); |
2009 | if (arg == NULL((void *)0)) |
2010 | value2 = value; |
2011 | else if ((value2 = parse_ipqos(arg)) == -1) { |
2012 | error("%s line %d: Bad IPQoS value: %s",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2013 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg) |
2013 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2013 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Bad IPQoS value: %s" , filename, linenum, arg); |
2014 | goto out; |
2015 | } |
2016 | if (*activep && options->ip_qos_interactive == -1) { |
2017 | options->ip_qos_interactive = value; |
2018 | options->ip_qos_bulk = value2; |
2019 | } |
2020 | break; |
2021 | |
2022 | case oRequestTTY: |
2023 | intptr = &options->request_tty; |
2024 | multistate_ptr = multistate_requesttty; |
2025 | goto parse_multistate; |
2026 | |
2027 | case oSessionType: |
2028 | intptr = &options->session_type; |
2029 | multistate_ptr = multistate_sessiontype; |
2030 | goto parse_multistate; |
2031 | |
2032 | case oStdinNull: |
2033 | intptr = &options->stdin_null; |
2034 | goto parse_flag; |
2035 | |
2036 | case oForkAfterAuthentication: |
2037 | intptr = &options->fork_after_authentication; |
2038 | goto parse_flag; |
2039 | |
2040 | case oIgnoreUnknown: |
2041 | charptr = &options->ignored_unknown; |
2042 | goto parse_string; |
2043 | |
2044 | case oProxyUseFdpass: |
2045 | intptr = &options->proxy_use_fdpass; |
2046 | goto parse_flag; |
2047 | |
2048 | case oCanonicalDomains: |
2049 | value = options->num_canonical_domains != 0; |
2050 | i = 0; |
2051 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
2052 | if (*arg == '\0') { |
2053 | error("%s line %d: keyword %s empty argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2054 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword) |
2054 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2054 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s empty argument" , filename, linenum, keyword); |
2055 | goto out; |
2056 | } |
2057 | /* Allow "none" only in first position */ |
2058 | if (strcasecmp(arg, "none") == 0) { |
2059 | if (i > 0 || ac > 0) { |
2060 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2062 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2061 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2062 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2062 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2062 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
2063 | goto out; |
2064 | } |
2065 | } |
2066 | i++; |
2067 | if (!valid_domain(arg, 1, &errstr)) { |
2068 | error("%s line %d: %s", filename, linenum,sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2069 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: %s", filename , linenum, errstr) |
2069 | errstr)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2069 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: %s", filename , linenum, errstr); |
2070 | goto out; |
2071 | } |
2072 | if (!*activep || value) |
2073 | continue; |
2074 | if (options->num_canonical_domains >= |
2075 | MAX_CANON_DOMAINS32) { |
2076 | error("%s line %d: too many hostname suffixes.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2077 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many hostname suffixes." , filename, linenum) |
2077 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2077 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many hostname suffixes." , filename, linenum); |
2078 | goto out; |
2079 | } |
2080 | options->canonical_domains[ |
2081 | options->num_canonical_domains++] = xstrdup(arg); |
2082 | } |
2083 | break; |
2084 | |
2085 | case oCanonicalizePermittedCNAMEs: |
2086 | value = options->num_permitted_cnames != 0; |
2087 | i = 0; |
2088 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
2089 | /* |
2090 | * Either 'none' (only in first position), '*' for |
2091 | * everything or 'list:list' |
2092 | */ |
2093 | if (strcasecmp(arg, "none") == 0) { |
2094 | if (i > 0 || ac > 0) { |
2095 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2097 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2096 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2097 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2097 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2097 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
2098 | goto out; |
2099 | } |
2100 | arg2 = ""; |
2101 | } else if (strcmp(arg, "*") == 0) { |
2102 | arg2 = arg; |
2103 | } else { |
2104 | lowercase(arg); |
2105 | if ((arg2 = strchr(arg, ':')) == NULL((void *)0) || |
2106 | arg2[1] == '\0') { |
2107 | error("%s line %d: "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2109 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg) |
2108 | "Invalid permitted CNAME \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2109 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg) |
2109 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2109 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: " "Invalid permitted CNAME \"%s\"" , filename, linenum, arg); |
2110 | goto out; |
2111 | } |
2112 | *arg2 = '\0'; |
2113 | arg2++; |
2114 | } |
2115 | i++; |
2116 | if (!*activep || value) |
2117 | continue; |
2118 | if (options->num_permitted_cnames >= |
2119 | MAX_CANON_DOMAINS32) { |
2120 | error("%s line %d: too many permitted CNAMEs.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2121 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many permitted CNAMEs." , filename, linenum) |
2121 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2121 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: too many permitted CNAMEs." , filename, linenum); |
2122 | goto out; |
2123 | } |
2124 | cname = options->permitted_cnames + |
2125 | options->num_permitted_cnames++; |
2126 | cname->source_list = xstrdup(arg); |
2127 | cname->target_list = xstrdup(arg2); |
2128 | } |
2129 | break; |
2130 | |
2131 | case oCanonicalizeHostname: |
2132 | intptr = &options->canonicalize_hostname; |
2133 | multistate_ptr = multistate_canonicalizehostname; |
2134 | goto parse_multistate; |
2135 | |
2136 | case oCanonicalizeMaxDots: |
2137 | intptr = &options->canonicalize_max_dots; |
2138 | goto parse_int; |
2139 | |
2140 | case oCanonicalizeFallbackLocal: |
2141 | intptr = &options->canonicalize_fallback_local; |
2142 | goto parse_flag; |
2143 | |
2144 | case oStreamLocalBindMask: |
2145 | arg = argv_next(&ac, &av); |
2146 | if (!arg || *arg == '\0') { |
2147 | error("%.200s line %d: Missing StreamLocalBindMask "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2148 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing StreamLocalBindMask " "argument.", filename, linenum) |
2148 | "argument.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2148 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing StreamLocalBindMask " "argument.", filename, linenum); |
2149 | goto out; |
2150 | } |
2151 | /* Parse mode in octal format */ |
2152 | value = strtol(arg, &endofnumber, 8); |
2153 | if (arg == endofnumber || value < 0 || value > 0777) { |
2154 | error("%.200s line %d: Bad mask.", filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2154 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Bad mask." , filename, linenum); |
2155 | goto out; |
2156 | } |
2157 | options->fwd_opts.streamlocal_bind_mask = (mode_t)value; |
2158 | break; |
2159 | |
2160 | case oStreamLocalBindUnlink: |
2161 | intptr = &options->fwd_opts.streamlocal_bind_unlink; |
2162 | goto parse_flag; |
2163 | |
2164 | case oRevokedHostKeys: |
2165 | charptr = &options->revoked_host_keys; |
2166 | goto parse_string; |
2167 | |
2168 | case oFingerprintHash: |
2169 | intptr = &options->fingerprint_hash; |
2170 | arg = argv_next(&ac, &av); |
2171 | if (!arg || *arg == '\0') { |
2172 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2173 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
2173 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2173 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
2174 | goto out; |
2175 | } |
2176 | if ((value = ssh_digest_alg_by_name(arg)) == -1) { |
2177 | error("%.200s line %d: Invalid hash algorithm \"%s\".",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2178 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid hash algorithm \"%s\"." , filename, linenum, arg) |
2178 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2178 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid hash algorithm \"%s\"." , filename, linenum, arg); |
2179 | goto out; |
2180 | } |
2181 | if (*activep && *intptr == -1) |
2182 | *intptr = value; |
2183 | break; |
2184 | |
2185 | case oUpdateHostkeys: |
2186 | intptr = &options->update_hostkeys; |
2187 | multistate_ptr = multistate_yesnoask; |
2188 | goto parse_multistate; |
2189 | |
2190 | case oHostbasedAcceptedAlgorithms: |
2191 | charptr = &options->hostbased_accepted_algos; |
2192 | ca_only = 0; |
2193 | goto parse_pubkey_algos; |
2194 | |
2195 | case oPubkeyAcceptedAlgorithms: |
2196 | charptr = &options->pubkey_accepted_algos; |
2197 | ca_only = 0; |
2198 | goto parse_pubkey_algos; |
2199 | |
2200 | case oAddKeysToAgent: |
2201 | arg = argv_next(&ac, &av); |
2202 | arg2 = argv_next(&ac, &av); |
2203 | value = parse_multistate_value(arg, filename, linenum, |
2204 | multistate_yesnoaskconfirm); |
2205 | value2 = 0; /* unlimited lifespan by default */ |
2206 | if (value == 3 && arg2 != NULL((void *)0)) { |
2207 | /* allow "AddKeysToAgent confirm 5m" */ |
2208 | if ((value2 = convtime(arg2)) == -1) { |
2209 | error("%s line %d: invalid time value.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2210 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum) |
2210 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2210 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid time value." , filename, linenum); |
2211 | goto out; |
2212 | } |
2213 | } else if (value == -1 && arg2 == NULL((void *)0)) { |
2214 | if ((value2 = convtime(arg)) == -1) { |
2215 | error("%s line %d: unsupported option",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2216 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum) |
2216 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2216 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum); |
2217 | goto out; |
2218 | } |
2219 | value = 1; /* yes */ |
2220 | } else if (value == -1 || arg2 != NULL((void *)0)) { |
2221 | error("%s line %d: unsupported option",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2222 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum) |
2222 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2222 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported option" , filename, linenum); |
2223 | goto out; |
2224 | } |
2225 | if (*activep && options->add_keys_to_agent == -1) { |
2226 | options->add_keys_to_agent = value; |
2227 | options->add_keys_to_agent_lifespan = value2; |
2228 | } |
2229 | break; |
2230 | |
2231 | case oIdentityAgent: |
2232 | charptr = &options->identity_agent; |
2233 | arg = argv_next(&ac, &av); |
2234 | if (!arg || *arg == '\0') { |
2235 | error("%.200s line %d: Missing argument.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2236 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum) |
2236 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2236 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Missing argument." , filename, linenum); |
2237 | goto out; |
2238 | } |
2239 | parse_agent_path: |
2240 | /* Extra validation if the string represents an env var. */ |
2241 | if ((arg2 = dollar_expand(&r, arg)) == NULL((void *)0) || r) { |
2242 | error("%.200s line %d: Invalid environment expansion "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2243 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment expansion " "%s.", filename, linenum, arg) |
2243 | "%s.", filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2243 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment expansion " "%s.", filename, linenum, arg); |
2244 | goto out; |
2245 | } |
2246 | free(arg2); |
2247 | /* check for legacy environment format */ |
2248 | if (arg[0] == '$' && arg[1] != '{' && |
2249 | !valid_env_name(arg + 1)) { |
2250 | error("%.200s line %d: Invalid environment name %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment name %s." , filename, linenum, arg) |
2251 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2251 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: Invalid environment name %s." , filename, linenum, arg); |
2252 | goto out; |
2253 | } |
2254 | if (*activep && *charptr == NULL((void *)0)) |
2255 | *charptr = xstrdup(arg); |
2256 | break; |
2257 | |
2258 | case oEnableEscapeCommandline: |
2259 | intptr = &options->enable_escape_commandline; |
2260 | goto parse_flag; |
2261 | |
2262 | case oRequiredRSASize: |
2263 | intptr = &options->required_rsa_size; |
2264 | goto parse_int; |
2265 | |
2266 | case oObscureKeystrokeTiming: |
2267 | value = -1; |
2268 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
2269 | if (value != -1) { |
2270 | error("%s line %d: invalid arguments",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2271 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid arguments" , filename, linenum) |
2271 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2271 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: invalid arguments" , filename, linenum); |
2272 | goto out; |
2273 | } |
2274 | if (strcmp(arg, "yes") == 0 || |
2275 | strcmp(arg, "true") == 0) |
2276 | value = SSH_KEYSTROKE_DEFAULT_INTERVAL_MS20; |
2277 | else if (strcmp(arg, "no") == 0 || |
2278 | strcmp(arg, "false") == 0) |
2279 | value = 0; |
2280 | else if (strncmp(arg, "interval:", 9) == 0) { |
2281 | if ((errstr = atoi_err(arg + 9, |
2282 | &value)) != NULL((void *)0)) { |
2283 | error("%s line %d: integer value %s.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2284 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr) |
2284 | filename, linenum, errstr)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2284 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: integer value %s." , filename, linenum, errstr); |
2285 | goto out; |
2286 | } |
2287 | if (value <= 0 || value > 1000) { |
2288 | error("%s line %d: value out of range.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2289 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: value out of range." , filename, linenum) |
2289 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2289 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: value out of range." , filename, linenum); |
2290 | goto out; |
2291 | } |
2292 | } else { |
2293 | error("%s line %d: unsupported argument \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported argument \"%s\"" , filename, linenum, arg) |
2294 | filename, linenum, arg)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2294 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: unsupported argument \"%s\"" , filename, linenum, arg); |
2295 | goto out; |
2296 | } |
2297 | } |
2298 | if (value == -1) { |
2299 | error("%s line %d: missing argument",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2300 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument" , filename, linenum) |
2300 | filename, linenum)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2300 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: missing argument" , filename, linenum); |
2301 | goto out; |
2302 | } |
2303 | intptr = &options->obscure_keystroke_timing_interval; |
2304 | if (*activep && *intptr == -1) |
2305 | *intptr = value; |
2306 | break; |
2307 | |
2308 | case oChannelTimeout: |
2309 | uvalue = options->num_channel_timeouts; |
2310 | i = 0; |
2311 | while ((arg = argv_next(&ac, &av)) != NULL((void *)0)) { |
2312 | /* Allow "none" only in first position */ |
2313 | if (strcasecmp(arg, "none") == 0) { |
2314 | if (i > 0 || ac > 0) { |
2315 | error("%s line %d: keyword %s \"none\" "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2317 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2316 | "argument must appear alone.",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2317 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword) |
2317 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2317 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); |
2318 | goto out; |
2319 | } |
2320 | } else if (parse_pattern_interval(arg, |
2321 | NULL((void *)0), NULL((void *)0)) != 0) { |
2322 | fatal("%s line %d: invalid channel timeout %s",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2323 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: invalid channel timeout %s" , filename, linenum, arg) |
2323 | filename, linenum, arg)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2323 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s line %d: invalid channel timeout %s" , filename, linenum, arg); |
2324 | } |
2325 | if (!*activep || uvalue != 0) |
2326 | continue; |
2327 | opt_array_append(filename, linenum, keyword, |
2328 | &options->channel_timeouts, |
2329 | &options->num_channel_timeouts, arg); |
2330 | } |
2331 | break; |
2332 | |
2333 | case oDeprecated: |
2334 | debug("%s line %d: Deprecated option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2335 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Deprecated option \"%s\"" , filename, linenum, keyword) |
2335 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2335 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s line %d: Deprecated option \"%s\"" , filename, linenum, keyword); |
2336 | argv_consume(&ac); |
2337 | break; |
2338 | |
2339 | case oUnsupported: |
2340 | error("%s line %d: Unsupported option \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2341 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unsupported option \"%s\"" , filename, linenum, keyword) |
2341 | filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2341 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unsupported option \"%s\"" , filename, linenum, keyword); |
2342 | argv_consume(&ac); |
2343 | break; |
2344 | |
2345 | default: |
2346 | error("%s line %d: Unimplemented opcode %d",sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unimplemented opcode %d" , filename, linenum, opcode) |
2347 | filename, linenum, opcode)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2347 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s line %d: Unimplemented opcode %d" , filename, linenum, opcode); |
2348 | goto out; |
2349 | } |
2350 | |
2351 | /* Check that there is no garbage at end of line. */ |
2352 | if (ac > 0) { |
2353 | error("%.200s line %d: keyword %s extra arguments "sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2354 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: keyword %s extra arguments " "at end of line", filename, linenum, keyword) |
2354 | "at end of line", filename, linenum, keyword)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2354 , 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%.200s line %d: keyword %s extra arguments " "at end of line", filename, linenum, keyword); |
2355 | goto out; |
2356 | } |
2357 | |
2358 | /* success */ |
2359 | ret = 0; |
2360 | out: |
2361 | argv_free(oav, oac); |
2362 | return ret; |
2363 | } |
2364 | |
2365 | /* |
2366 | * Reads the config file and modifies the options accordingly. Options |
2367 | * should already be initialized before this call. This never returns if |
2368 | * there is an error. If the file does not exist, this returns 0. |
2369 | */ |
2370 | int |
2371 | read_config_file(const char *filename, struct passwd *pw, const char *host, |
2372 | const char *original_host, Options *options, int flags, |
2373 | int *want_final_pass) |
2374 | { |
2375 | int active = 1; |
2376 | |
2377 | return read_config_file_depth(filename, pw, host, original_host, |
2378 | options, flags, &active, want_final_pass, 0); |
2379 | } |
2380 | |
2381 | #define READCONF_MAX_DEPTH16 16 |
2382 | static int |
2383 | read_config_file_depth(const char *filename, struct passwd *pw, |
2384 | const char *host, const char *original_host, Options *options, |
2385 | int flags, int *activep, int *want_final_pass, int depth) |
2386 | { |
2387 | FILE *f; |
2388 | char *line = NULL((void *)0); |
2389 | size_t linesize = 0; |
2390 | int linenum; |
2391 | int bad_options = 0; |
2392 | |
2393 | if (depth < 0 || depth > READCONF_MAX_DEPTH16) |
2394 | fatal("Too many recursive configuration includes")sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2394 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Too many recursive configuration includes" ); |
2395 | |
2396 | if ((f = fopen(filename, "r")) == NULL((void *)0)) |
2397 | return 0; |
2398 | |
2399 | if (flags & SSHCONF_CHECKPERM1) { |
2400 | struct stat sb; |
2401 | |
2402 | if (fstat(fileno(f)(!__isthreaded ? ((f)->_file) : (fileno)(f)), &sb) == -1) |
2403 | fatal("fstat %s: %s", filename, strerror(errno))sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2403 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "fstat %s: %s", filename , strerror((*__errno()))); |
2404 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || |
2405 | (sb.st_mode & 022) != 0)) |
2406 | fatal("Bad owner or permissions on %s", filename)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2406 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "Bad owner or permissions on %s" , filename); |
2407 | } |
2408 | |
2409 | debug("Reading configuration data %.200s", filename)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2409 , 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "Reading configuration data %.200s" , filename); |
2410 | |
2411 | /* |
2412 | * Mark that we are now processing the options. This flag is turned |
2413 | * on/off by Host specifications. |
2414 | */ |
2415 | linenum = 0; |
2416 | while (getline(&line, &linesize, f) != -1) { |
2417 | /* Update line number counter. */ |
2418 | linenum++; |
2419 | /* |
2420 | * Trim out comments and strip whitespace. |
2421 | * NB - preserve newlines, they are needed to reproduce |
2422 | * line numbers later for error messages. |
2423 | */ |
2424 | if (process_config_line_depth(options, pw, host, original_host, |
2425 | line, filename, linenum, activep, flags, want_final_pass, |
2426 | depth) != 0) |
2427 | bad_options++; |
2428 | } |
2429 | free(line); |
2430 | fclose(f); |
2431 | if (bad_options > 0) |
2432 | fatal("%s: terminating, %d bad configuration options",sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2433 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s: terminating, %d bad configuration options" , filename, bad_options) |
2433 | filename, bad_options)sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2433 , 0, SYSLOG_LEVEL_FATAL, ((void *)0), "%s: terminating, %d bad configuration options" , filename, bad_options); |
2434 | return 1; |
2435 | } |
2436 | |
2437 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
2438 | int |
2439 | option_clear_or_none(const char *o) |
2440 | { |
2441 | return o == NULL((void *)0) || strcasecmp(o, "none") == 0; |
2442 | } |
2443 | |
2444 | /* |
2445 | * Returns 1 if CanonicalizePermittedCNAMEs have been specified, 0 otherwise. |
2446 | * Allowed to be called on non-final configuration. |
2447 | */ |
2448 | int |
2449 | config_has_permitted_cnames(Options *options) |
2450 | { |
2451 | if (options->num_permitted_cnames == 1 && |
2452 | strcasecmp(options->permitted_cnames[0].source_list, "none") == 0 && |
2453 | strcmp(options->permitted_cnames[0].target_list, "") == 0) |
2454 | return 0; |
2455 | return options->num_permitted_cnames > 0; |
2456 | } |
2457 | |
2458 | /* |
2459 | * Initializes options to special values that indicate that they have not yet |
2460 | * been set. Read_config_file will only set options with this value. Options |
2461 | * are processed in the following order: command line, user config file, |
2462 | * system config file. Last, fill_default_options is called. |
2463 | */ |
2464 | |
2465 | void |
2466 | initialize_options(Options * options) |
2467 | { |
2468 | memset(options, 'X', sizeof(*options)); |
2469 | options->host_arg = NULL((void *)0); |
2470 | options->forward_agent = -1; |
2471 | options->forward_agent_sock_path = NULL((void *)0); |
2472 | options->forward_x11 = -1; |
2473 | options->forward_x11_trusted = -1; |
2474 | options->forward_x11_timeout = -1; |
2475 | options->stdio_forward_host = NULL((void *)0); |
2476 | options->stdio_forward_port = 0; |
2477 | options->clear_forwardings = -1; |
2478 | options->exit_on_forward_failure = -1; |
2479 | options->xauth_location = NULL((void *)0); |
2480 | options->fwd_opts.gateway_ports = -1; |
2481 | options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; |
2482 | options->fwd_opts.streamlocal_bind_unlink = -1; |
2483 | options->pubkey_authentication = -1; |
2484 | options->gss_authentication = -1; |
2485 | options->gss_deleg_creds = -1; |
2486 | options->password_authentication = -1; |
2487 | options->kbd_interactive_authentication = -1; |
2488 | options->kbd_interactive_devices = NULL((void *)0); |
2489 | options->hostbased_authentication = -1; |
2490 | options->batch_mode = -1; |
2491 | options->check_host_ip = -1; |
2492 | options->strict_host_key_checking = -1; |
2493 | options->compression = -1; |
2494 | options->tcp_keep_alive = -1; |
2495 | options->port = -1; |
2496 | options->address_family = -1; |
2497 | options->connection_attempts = -1; |
2498 | options->connection_timeout = -1; |
2499 | options->number_of_password_prompts = -1; |
2500 | options->ciphers = NULL((void *)0); |
2501 | options->macs = NULL((void *)0); |
2502 | options->kex_algorithms = NULL((void *)0); |
2503 | options->hostkeyalgorithms = NULL((void *)0); |
2504 | options->ca_sign_algorithms = NULL((void *)0); |
2505 | options->num_identity_files = 0; |
2506 | memset(options->identity_keys, 0, sizeof(options->identity_keys)); |
2507 | options->num_certificate_files = 0; |
2508 | memset(options->certificates, 0, sizeof(options->certificates)); |
2509 | options->hostname = NULL((void *)0); |
2510 | options->host_key_alias = NULL((void *)0); |
2511 | options->proxy_command = NULL((void *)0); |
2512 | options->jump_user = NULL((void *)0); |
2513 | options->jump_host = NULL((void *)0); |
2514 | options->jump_port = -1; |
2515 | options->jump_extra = NULL((void *)0); |
2516 | options->user = NULL((void *)0); |
2517 | options->escape_char = -1; |
2518 | options->num_system_hostfiles = 0; |
2519 | options->num_user_hostfiles = 0; |
2520 | options->local_forwards = NULL((void *)0); |
2521 | options->num_local_forwards = 0; |
2522 | options->remote_forwards = NULL((void *)0); |
2523 | options->num_remote_forwards = 0; |
2524 | options->permitted_remote_opens = NULL((void *)0); |
2525 | options->num_permitted_remote_opens = 0; |
2526 | options->log_facility = SYSLOG_FACILITY_NOT_SET; |
2527 | options->log_level = SYSLOG_LEVEL_NOT_SET; |
2528 | options->num_log_verbose = 0; |
2529 | options->log_verbose = NULL((void *)0); |
2530 | options->preferred_authentications = NULL((void *)0); |
2531 | options->bind_address = NULL((void *)0); |
2532 | options->bind_interface = NULL((void *)0); |
2533 | options->pkcs11_provider = NULL((void *)0); |
2534 | options->sk_provider = NULL((void *)0); |
2535 | options->enable_ssh_keysign = - 1; |
2536 | options->no_host_authentication_for_localhost = - 1; |
2537 | options->identities_only = - 1; |
2538 | options->rekey_limit = - 1; |
2539 | options->rekey_interval = -1; |
2540 | options->verify_host_key_dns = -1; |
2541 | options->server_alive_interval = -1; |
2542 | options->server_alive_count_max = -1; |
2543 | options->send_env = NULL((void *)0); |
2544 | options->num_send_env = 0; |
2545 | options->setenv = NULL((void *)0); |
2546 | options->num_setenv = 0; |
2547 | options->control_path = NULL((void *)0); |
2548 | options->control_master = -1; |
2549 | options->control_persist = -1; |
2550 | options->control_persist_timeout = 0; |
2551 | options->hash_known_hosts = -1; |
2552 | options->tun_open = -1; |
2553 | options->tun_local = -1; |
2554 | options->tun_remote = -1; |
2555 | options->local_command = NULL((void *)0); |
2556 | options->permit_local_command = -1; |
2557 | options->remote_command = NULL((void *)0); |
2558 | options->add_keys_to_agent = -1; |
2559 | options->add_keys_to_agent_lifespan = -1; |
2560 | options->identity_agent = NULL((void *)0); |
2561 | options->visual_host_key = -1; |
2562 | options->ip_qos_interactive = -1; |
2563 | options->ip_qos_bulk = -1; |
2564 | options->request_tty = -1; |
2565 | options->session_type = -1; |
2566 | options->stdin_null = -1; |
2567 | options->fork_after_authentication = -1; |
2568 | options->proxy_use_fdpass = -1; |
2569 | options->ignored_unknown = NULL((void *)0); |
2570 | options->num_canonical_domains = 0; |
2571 | options->num_permitted_cnames = 0; |
2572 | options->canonicalize_max_dots = -1; |
2573 | options->canonicalize_fallback_local = -1; |
2574 | options->canonicalize_hostname = -1; |
2575 | options->revoked_host_keys = NULL((void *)0); |
2576 | options->fingerprint_hash = -1; |
2577 | options->update_hostkeys = -1; |
2578 | options->hostbased_accepted_algos = NULL((void *)0); |
2579 | options->pubkey_accepted_algos = NULL((void *)0); |
2580 | options->known_hosts_command = NULL((void *)0); |
2581 | options->required_rsa_size = -1; |
2582 | options->enable_escape_commandline = -1; |
2583 | options->obscure_keystroke_timing_interval = -1; |
2584 | options->tag = NULL((void *)0); |
2585 | options->channel_timeouts = NULL((void *)0); |
2586 | options->num_channel_timeouts = 0; |
2587 | } |
2588 | |
2589 | /* |
2590 | * A petite version of fill_default_options() that just fills the options |
2591 | * needed for hostname canonicalization to proceed. |
2592 | */ |
2593 | void |
2594 | fill_default_options_for_canonicalization(Options *options) |
2595 | { |
2596 | if (options->canonicalize_max_dots == -1) |
2597 | options->canonicalize_max_dots = 1; |
2598 | if (options->canonicalize_fallback_local == -1) |
2599 | options->canonicalize_fallback_local = 1; |
2600 | if (options->canonicalize_hostname == -1) |
2601 | options->canonicalize_hostname = SSH_CANONICALISE_NO0; |
2602 | } |
2603 | |
2604 | /* |
2605 | * Called after processing other sources of option data, this fills those |
2606 | * options for which no value has been specified with their default values. |
2607 | */ |
2608 | int |
2609 | fill_default_options(Options * options) |
2610 | { |
2611 | char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; |
2612 | char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig; |
2613 | int ret = 0, r; |
2614 | |
2615 | if (options->forward_agent == -1) |
2616 | options->forward_agent = 0; |
2617 | if (options->forward_x11 == -1) |
2618 | options->forward_x11 = 0; |
2619 | if (options->forward_x11_trusted == -1) |
2620 | options->forward_x11_trusted = 0; |
2621 | if (options->forward_x11_timeout == -1) |
2622 | options->forward_x11_timeout = 1200; |
2623 | /* |
2624 | * stdio forwarding (-W) changes the default for these but we defer |
2625 | * setting the values so they can be overridden. |
2626 | */ |
2627 | if (options->exit_on_forward_failure == -1) |
2628 | options->exit_on_forward_failure = |
2629 | options->stdio_forward_host != NULL((void *)0) ? 1 : 0; |
2630 | if (options->clear_forwardings == -1) |
2631 | options->clear_forwardings = |
2632 | options->stdio_forward_host != NULL((void *)0) ? 1 : 0; |
2633 | if (options->clear_forwardings == 1) |
2634 | clear_forwardings(options); |
2635 | |
2636 | if (options->xauth_location == NULL((void *)0)) |
2637 | options->xauth_location = xstrdup(_PATH_XAUTH"/usr/X11R6/bin/xauth"); |
2638 | if (options->fwd_opts.gateway_ports == -1) |
2639 | options->fwd_opts.gateway_ports = 0; |
2640 | if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) |
2641 | options->fwd_opts.streamlocal_bind_mask = 0177; |
2642 | if (options->fwd_opts.streamlocal_bind_unlink == -1) |
2643 | options->fwd_opts.streamlocal_bind_unlink = 0; |
2644 | if (options->pubkey_authentication == -1) |
2645 | options->pubkey_authentication = SSH_PUBKEY_AUTH_ALL0x03; |
2646 | if (options->gss_authentication == -1) |
2647 | options->gss_authentication = 0; |
2648 | if (options->gss_deleg_creds == -1) |
2649 | options->gss_deleg_creds = 0; |
2650 | if (options->password_authentication == -1) |
2651 | options->password_authentication = 1; |
2652 | if (options->kbd_interactive_authentication == -1) |
2653 | options->kbd_interactive_authentication = 1; |
2654 | if (options->hostbased_authentication == -1) |
2655 | options->hostbased_authentication = 0; |
2656 | if (options->batch_mode == -1) |
2657 | options->batch_mode = 0; |
2658 | if (options->check_host_ip == -1) |
2659 | options->check_host_ip = 0; |
2660 | if (options->strict_host_key_checking == -1) |
2661 | options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK3; |
2662 | if (options->compression == -1) |
2663 | options->compression = 0; |
2664 | if (options->tcp_keep_alive == -1) |
2665 | options->tcp_keep_alive = 1; |
2666 | if (options->port == -1) |
2667 | options->port = 0; /* Filled in ssh_connect. */ |
2668 | if (options->address_family == -1) |
2669 | options->address_family = AF_UNSPEC0; |
2670 | if (options->connection_attempts == -1) |
2671 | options->connection_attempts = 1; |
2672 | if (options->number_of_password_prompts == -1) |
2673 | options->number_of_password_prompts = 3; |
2674 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
2675 | if (options->add_keys_to_agent == -1) { |
2676 | options->add_keys_to_agent = 0; |
2677 | options->add_keys_to_agent_lifespan = 0; |
2678 | } |
2679 | if (options->num_identity_files == 0) { |
2680 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA".ssh" "/id_rsa", 0); |
2681 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA".ssh" "/id_ecdsa", 0); |
2682 | add_identity_file(options, "~/", |
2683 | _PATH_SSH_CLIENT_ID_ECDSA_SK".ssh" "/id_ecdsa_sk", 0); |
2684 | add_identity_file(options, "~/", |
2685 | _PATH_SSH_CLIENT_ID_ED25519".ssh" "/id_ed25519", 0); |
2686 | add_identity_file(options, "~/", |
2687 | _PATH_SSH_CLIENT_ID_ED25519_SK".ssh" "/id_ed25519_sk", 0); |
2688 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS".ssh" "/id_xmss", 0); |
2689 | #ifdef WITH_DSA1 |
2690 | add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA".ssh" "/id_dsa", 0); |
2691 | #endif |
2692 | } |
2693 | if (options->escape_char == -1) |
2694 | options->escape_char = '~'; |
2695 | if (options->num_system_hostfiles == 0) { |
2696 | options->system_hostfiles[options->num_system_hostfiles++] = |
2697 | xstrdup(_PATH_SSH_SYSTEM_HOSTFILE"/etc" "/ssh" "/ssh_known_hosts"); |
2698 | options->system_hostfiles[options->num_system_hostfiles++] = |
2699 | xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2"/etc" "/ssh" "/ssh_known_hosts2"); |
2700 | } |
2701 | if (options->update_hostkeys == -1) { |
2702 | if (options->verify_host_key_dns <= 0 && |
2703 | (options->num_user_hostfiles == 0 || |
2704 | (options->num_user_hostfiles == 1 && strcmp(options-> |
2705 | user_hostfiles[0], _PATH_SSH_USER_HOSTFILE"~/" ".ssh" "/known_hosts") == 0))) |
2706 | options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES1; |
2707 | else |
2708 | options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO0; |
2709 | } |
2710 | if (options->num_user_hostfiles == 0) { |
2711 | options->user_hostfiles[options->num_user_hostfiles++] = |
2712 | xstrdup(_PATH_SSH_USER_HOSTFILE"~/" ".ssh" "/known_hosts"); |
2713 | options->user_hostfiles[options->num_user_hostfiles++] = |
2714 | xstrdup(_PATH_SSH_USER_HOSTFILE2"~/" ".ssh" "/known_hosts2"); |
2715 | } |
2716 | if (options->log_level == SYSLOG_LEVEL_NOT_SET) |
2717 | options->log_level = SYSLOG_LEVEL_INFO; |
2718 | if (options->log_facility == SYSLOG_FACILITY_NOT_SET) |
2719 | options->log_facility = SYSLOG_FACILITY_USER; |
2720 | if (options->no_host_authentication_for_localhost == - 1) |
2721 | options->no_host_authentication_for_localhost = 0; |
2722 | if (options->identities_only == -1) |
2723 | options->identities_only = 0; |
2724 | if (options->enable_ssh_keysign == -1) |
2725 | options->enable_ssh_keysign = 0; |
2726 | if (options->rekey_limit == -1) |
2727 | options->rekey_limit = 0; |
2728 | if (options->rekey_interval == -1) |
2729 | options->rekey_interval = 0; |
2730 | if (options->verify_host_key_dns == -1) |
2731 | options->verify_host_key_dns = 0; |
2732 | if (options->server_alive_interval == -1) |
2733 | options->server_alive_interval = 0; |
2734 | if (options->server_alive_count_max == -1) |
2735 | options->server_alive_count_max = 3; |
2736 | if (options->control_master == -1) |
2737 | options->control_master = 0; |
2738 | if (options->control_persist == -1) { |
2739 | options->control_persist = 0; |
2740 | options->control_persist_timeout = 0; |
2741 | } |
2742 | if (options->hash_known_hosts == -1) |
2743 | options->hash_known_hosts = 0; |
2744 | if (options->tun_open == -1) |
2745 | options->tun_open = SSH_TUNMODE_NO0x00; |
2746 | if (options->tun_local == -1) |
2747 | options->tun_local = SSH_TUNID_ANY0x7fffffff; |
2748 | if (options->tun_remote == -1) |
2749 | options->tun_remote = SSH_TUNID_ANY0x7fffffff; |
2750 | if (options->permit_local_command == -1) |
2751 | options->permit_local_command = 0; |
2752 | if (options->visual_host_key == -1) |
2753 | options->visual_host_key = 0; |
2754 | if (options->ip_qos_interactive == -1) |
2755 | options->ip_qos_interactive = IPTOS_DSCP_AF210x48; |
2756 | if (options->ip_qos_bulk == -1) |
2757 | options->ip_qos_bulk = IPTOS_DSCP_CS10x20; |
2758 | if (options->request_tty == -1) |
2759 | options->request_tty = REQUEST_TTY_AUTO0; |
2760 | if (options->session_type == -1) |
2761 | options->session_type = SESSION_TYPE_DEFAULT2; |
2762 | if (options->stdin_null == -1) |
2763 | options->stdin_null = 0; |
2764 | if (options->fork_after_authentication == -1) |
2765 | options->fork_after_authentication = 0; |
2766 | if (options->proxy_use_fdpass == -1) |
2767 | options->proxy_use_fdpass = 0; |
2768 | if (options->canonicalize_max_dots == -1) |
2769 | options->canonicalize_max_dots = 1; |
2770 | if (options->canonicalize_fallback_local == -1) |
2771 | options->canonicalize_fallback_local = 1; |
2772 | if (options->canonicalize_hostname == -1) |
2773 | options->canonicalize_hostname = SSH_CANONICALISE_NO0; |
2774 | if (options->fingerprint_hash == -1) |
2775 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT2; |
2776 | if (options->sk_provider == NULL((void *)0)) |
2777 | options->sk_provider = xstrdup("internal"); |
2778 | if (options->required_rsa_size == -1) |
2779 | options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE1024; |
2780 | if (options->enable_escape_commandline == -1) |
2781 | options->enable_escape_commandline = 0; |
2782 | if (options->obscure_keystroke_timing_interval == -1) { |
2783 | options->obscure_keystroke_timing_interval = |
2784 | SSH_KEYSTROKE_DEFAULT_INTERVAL_MS20; |
2785 | } |
2786 | |
2787 | /* Expand KEX name lists */ |
2788 | all_cipher = cipher_alg_list(',', 0); |
2789 | all_mac = mac_alg_list(','); |
2790 | all_kex = kex_alg_list(','); |
2791 | all_key = sshkey_alg_list(0, 0, 1, ','); |
2792 | all_sig = sshkey_alg_list(0, 1, 1, ','); |
2793 | /* remove unsupported algos from default lists */ |
2794 | def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT"chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr," "aes128-gcm@openssh.com,aes256-gcm@openssh.com", all_cipher); |
2795 | def_mac = match_filter_allowlist(KEX_CLIENT_MAC"umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", all_mac); |
2796 | def_kex = match_filter_allowlist(KEX_CLIENT_KEX"sntrup761x25519-sha512@openssh.com," "curve25519-sha256," "curve25519-sha256@libssh.org," "ecdh-sha2-nistp256," "ecdh-sha2-nistp384," "ecdh-sha2-nistp521," "diffie-hellman-group-exchange-sha256," "diffie-hellman-group16-sha512," "diffie-hellman-group18-sha512," "diffie-hellman-group14-sha256", all_kex); |
2797 | def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG"ssh-ed25519-cert-v01@openssh.com," "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "sk-ssh-ed25519-cert-v01@openssh.com," "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_key); |
2798 | def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS"ssh-ed25519," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "sk-ssh-ed25519@openssh.com," "sk-ecdsa-sha2-nistp256@openssh.com," "rsa-sha2-512," "rsa-sha2-256", all_sig); |
2799 | #define ASSEMBLE(what, defaults, all) \ |
2800 | do { \ |
2801 | if ((r = kex_assemble_names(&options->what, \ |
2802 | defaults, all)) != 0) { \ |
2803 | error_fr(r, "%s", #what)sshlog("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 2803 , 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s", #what); \ |
2804 | goto fail; \ |
2805 | } \ |
2806 | } while (0) |
2807 | ASSEMBLE(ciphers, def_cipher, all_cipher); |
2808 | ASSEMBLE(macs, def_mac, all_mac); |
2809 | ASSEMBLE(kex_algorithms, def_kex, all_kex); |
2810 | ASSEMBLE(hostbased_accepted_algos, def_key, all_key); |
2811 | ASSEMBLE(pubkey_accepted_algos, def_key, all_key); |
2812 | ASSEMBLE(ca_sign_algorithms, def_sig, all_sig); |
2813 | #undef ASSEMBLE |
2814 | |
2815 | #define CLEAR_ON_NONE(v) \ |
2816 | do { \ |
2817 | if (option_clear_or_none(v)) { \ |
2818 | free(v); \ |
2819 | v = NULL((void *)0); \ |
2820 | } \ |
2821 | } while(0) |
2822 | #define CLEAR_ON_NONE_ARRAY(v, nv, none) \ |
2823 | do { \ |
2824 | if (options->nv == 1 && \ |
2825 | strcasecmp(options->v[0], none) == 0) { \ |
2826 | free(options->v[0]); \ |
2827 | free(options->v); \ |
2828 | options->v = NULL((void *)0); \ |
2829 | options->nv = 0; \ |
2830 | } \ |
2831 | } while (0) |
2832 | CLEAR_ON_NONE(options->local_command); |
2833 | CLEAR_ON_NONE(options->remote_command); |
2834 | CLEAR_ON_NONE(options->proxy_command); |
2835 | CLEAR_ON_NONE(options->control_path); |
2836 | CLEAR_ON_NONE(options->revoked_host_keys); |
2837 | CLEAR_ON_NONE(options->pkcs11_provider); |
2838 | CLEAR_ON_NONE(options->sk_provider); |
2839 | CLEAR_ON_NONE(options->known_hosts_command); |
2840 | CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none"); |
2841 | #undef CLEAR_ON_NONE |
2842 | #undef CLEAR_ON_NONE_ARRAY |
2843 | if (options->jump_host != NULL((void *)0) && |
2844 | strcmp(options->jump_host, "none") == 0 && |
2845 | options->jump_port == 0 && options->jump_user == NULL((void *)0)) { |
2846 | free(options->jump_host); |
2847 | options->jump_host = NULL((void *)0); |
2848 | } |
2849 | if (options->num_permitted_cnames == 1 && |
2850 | !config_has_permitted_cnames(options)) { |
2851 | /* clean up CanonicalizePermittedCNAMEs=none */ |
2852 | free(options->permitted_cnames[0].source_list); |
2853 | free(options->permitted_cnames[0].target_list); |
2854 | memset(options->permitted_cnames, '\0', |
2855 | sizeof(*options->permitted_cnames)); |
2856 | options->num_permitted_cnames = 0; |
2857 | } |
2858 | /* options->identity_agent distinguishes NULL from 'none' */ |
2859 | /* options->user will be set in the main program if appropriate */ |
2860 | /* options->hostname will be set in the main program if appropriate */ |
2861 | /* options->host_key_alias should not be set by default */ |
2862 | /* options->preferred_authentications will be set in ssh */ |
2863 | |
2864 | /* success */ |
2865 | ret = 0; |
2866 | fail: |
2867 | free(all_cipher); |
2868 | free(all_mac); |
2869 | free(all_kex); |
2870 | free(all_key); |
2871 | free(all_sig); |
2872 | free(def_cipher); |
2873 | free(def_mac); |
2874 | free(def_kex); |
2875 | free(def_key); |
2876 | free(def_sig); |
2877 | return ret; |
2878 | } |
2879 | |
2880 | void |
2881 | free_options(Options *o) |
2882 | { |
2883 | int i; |
2884 | |
2885 | if (o == NULL((void *)0)) |
2886 | return; |
2887 | |
2888 | #define FREE_ARRAY(type, n, a) \ |
2889 | do { \ |
2890 | type _i; \ |
2891 | for (_i = 0; _i < (n); _i++) \ |
2892 | free((a)[_i]); \ |
2893 | } while (0) |
2894 | |
2895 | free(o->forward_agent_sock_path); |
2896 | free(o->xauth_location); |
2897 | FREE_ARRAY(u_int, o->num_log_verbose, o->log_verbose); |
2898 | free(o->log_verbose); |
2899 | free(o->ciphers); |
2900 | free(o->macs); |
2901 | free(o->hostkeyalgorithms); |
2902 | free(o->kex_algorithms); |
2903 | free(o->ca_sign_algorithms); |
2904 | free(o->hostname); |
2905 | free(o->host_key_alias); |
2906 | free(o->proxy_command); |
2907 | free(o->user); |
2908 | FREE_ARRAY(u_int, o->num_system_hostfiles, o->system_hostfiles); |
2909 | FREE_ARRAY(u_int, o->num_user_hostfiles, o->user_hostfiles); |
2910 | free(o->preferred_authentications); |
2911 | free(o->bind_address); |
2912 | free(o->bind_interface); |
2913 | free(o->pkcs11_provider); |
2914 | free(o->sk_provider); |
2915 | for (i = 0; i < o->num_identity_files; i++) { |
2916 | free(o->identity_files[i]); |
2917 | sshkey_free(o->identity_keys[i]); |
2918 | } |
2919 | for (i = 0; i < o->num_certificate_files; i++) { |
2920 | free(o->certificate_files[i]); |
2921 | sshkey_free(o->certificates[i]); |
2922 | } |
2923 | free(o->identity_agent); |
2924 | for (i = 0; i < o->num_local_forwards; i++) { |
2925 | free(o->local_forwards[i].listen_host); |
2926 | free(o->local_forwards[i].listen_path); |
2927 | free(o->local_forwards[i].connect_host); |
2928 | free(o->local_forwards[i].connect_path); |
2929 | } |
2930 | free(o->local_forwards); |
2931 | for (i = 0; i < o->num_remote_forwards; i++) { |
2932 | free(o->remote_forwards[i].listen_host); |
2933 | free(o->remote_forwards[i].listen_path); |
2934 | free(o->remote_forwards[i].connect_host); |
2935 | free(o->remote_forwards[i].connect_path); |
2936 | } |
2937 | free(o->remote_forwards); |
2938 | free(o->stdio_forward_host); |
2939 | FREE_ARRAY(u_int, o->num_send_env, o->send_env); |
2940 | free(o->send_env); |
2941 | FREE_ARRAY(u_int, o->num_setenv, o->setenv); |
2942 | free(o->setenv); |
2943 | free(o->control_path); |
2944 | free(o->local_command); |
2945 | free(o->remote_command); |
2946 | FREE_ARRAY(int, o->num_canonical_domains, o->canonical_domains); |
2947 | for (i = 0; i < o->num_permitted_cnames; i++) { |
2948 | free(o->permitted_cnames[i].source_list); |
2949 | free(o->permitted_cnames[i].target_list); |
2950 | } |
2951 | free(o->revoked_host_keys); |
2952 | free(o->hostbased_accepted_algos); |
2953 | free(o->pubkey_accepted_algos); |
2954 | free(o->jump_user); |
2955 | free(o->jump_host); |
2956 | free(o->jump_extra); |
2957 | free(o->ignored_unknown); |
2958 | explicit_bzero(o, sizeof(*o)); |
2959 | #undef FREE_ARRAY |
2960 | } |
2961 | |
2962 | struct fwdarg { |
2963 | char *arg; |
2964 | int ispath; |
2965 | }; |
2966 | |
2967 | /* |
2968 | * parse_fwd_field |
2969 | * parses the next field in a port forwarding specification. |
2970 | * sets fwd to the parsed field and advances p past the colon |
2971 | * or sets it to NULL at end of string. |
2972 | * returns 0 on success, else non-zero. |
2973 | */ |
2974 | static int |
2975 | parse_fwd_field(char **p, struct fwdarg *fwd) |
2976 | { |
2977 | char *ep, *cp = *p; |
2978 | int ispath = 0; |
2979 | |
2980 | if (*cp == '\0') { |
2981 | *p = NULL((void *)0); |
2982 | return -1; /* end of string */ |
2983 | } |
2984 | |
2985 | /* |
2986 | * A field escaped with square brackets is used literally. |
2987 | * XXX - allow ']' to be escaped via backslash? |
2988 | */ |
2989 | if (*cp == '[') { |
2990 | /* find matching ']' */ |
2991 | for (ep = cp + 1; *ep != ']' && *ep != '\0'; ep++) { |
2992 | if (*ep == '/') |
2993 | ispath = 1; |
2994 | } |
2995 | /* no matching ']' or not at end of field. */ |
2996 | if (ep[0] != ']' || (ep[1] != ':' && ep[1] != '\0')) |
2997 | return -1; |
2998 | /* NUL terminate the field and advance p past the colon */ |
2999 | *ep++ = '\0'; |
3000 | if (*ep != '\0') |
3001 | *ep++ = '\0'; |
3002 | fwd->arg = cp + 1; |
3003 | fwd->ispath = ispath; |
3004 | *p = ep; |
3005 | return 0; |
3006 | } |
3007 | |
3008 | for (cp = *p; *cp != '\0'; cp++) { |
3009 | switch (*cp) { |
3010 | case '\\': |
3011 | memmove(cp, cp + 1, strlen(cp + 1) + 1); |
3012 | if (*cp == '\0') |
3013 | return -1; |
3014 | break; |
3015 | case '/': |
3016 | ispath = 1; |
3017 | break; |
3018 | case ':': |
3019 | *cp++ = '\0'; |
3020 | goto done; |
3021 | } |
3022 | } |
3023 | done: |
3024 | fwd->arg = *p; |
3025 | fwd->ispath = ispath; |
3026 | *p = cp; |
3027 | return 0; |
3028 | } |
3029 | |
3030 | /* |
3031 | * parse_forward |
3032 | * parses a string containing a port forwarding specification of the form: |
3033 | * dynamicfwd == 0 |
3034 | * [listenhost:]listenport|listenpath:connecthost:connectport|connectpath |
3035 | * listenpath:connectpath |
3036 | * dynamicfwd == 1 |
3037 | * [listenhost:]listenport |
3038 | * returns number of arguments parsed or zero on error |
3039 | */ |
3040 | int |
3041 | parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) |
3042 | { |
3043 | struct fwdarg fwdargs[4]; |
3044 | char *p, *cp; |
3045 | int i, err; |
3046 | |
3047 | memset(fwd, 0, sizeof(*fwd)); |
3048 | memset(fwdargs, 0, sizeof(fwdargs)); |
3049 | |
3050 | /* |
3051 | * We expand environment variables before checking if we think they're |
3052 | * paths so that if ${VAR} expands to a fully qualified path it is |
3053 | * treated as a path. |
3054 | */ |
3055 | cp = p = dollar_expand(&err, fwdspec); |
3056 | if (p == NULL((void *)0) || err) |
3057 | return 0; |
3058 | |
3059 | /* skip leading spaces */ |
3060 | while (isspace((u_char)*cp)) |
3061 | cp++; |
3062 | |
3063 | for (i = 0; i < 4; ++i) { |
3064 | if (parse_fwd_field(&cp, &fwdargs[i]) != 0) |
3065 | break; |
3066 | } |
3067 | |
3068 | /* Check for trailing garbage */ |
3069 | if (cp != NULL((void *)0) && *cp != '\0') { |
3070 | i = 0; /* failure */ |
3071 | } |
3072 | |
3073 | switch (i) { |
3074 | case 1: |
3075 | if (fwdargs[0].ispath) { |
3076 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
3077 | fwd->listen_port = PORT_STREAMLOCAL-2; |
3078 | } else { |
3079 | fwd->listen_host = NULL((void *)0); |
3080 | fwd->listen_port = a2port(fwdargs[0].arg); |
3081 | } |
3082 | fwd->connect_host = xstrdup("socks"); |
3083 | break; |
3084 | |
3085 | case 2: |
3086 | if (fwdargs[0].ispath && fwdargs[1].ispath) { |
3087 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
3088 | fwd->listen_port = PORT_STREAMLOCAL-2; |
3089 | fwd->connect_path = xstrdup(fwdargs[1].arg); |
3090 | fwd->connect_port = PORT_STREAMLOCAL-2; |
3091 | } else if (fwdargs[1].ispath) { |
3092 | fwd->listen_host = NULL((void *)0); |
3093 | fwd->listen_port = a2port(fwdargs[0].arg); |
3094 | fwd->connect_path = xstrdup(fwdargs[1].arg); |
3095 | fwd->connect_port = PORT_STREAMLOCAL-2; |
3096 | } else { |
3097 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
3098 | fwd->listen_port = a2port(fwdargs[1].arg); |
3099 | fwd->connect_host = xstrdup("socks"); |
3100 | } |
3101 | break; |
3102 | |
3103 | case 3: |
3104 | if (fwdargs[0].ispath) { |
3105 | fwd->listen_path = xstrdup(fwdargs[0].arg); |
3106 | fwd->listen_port = PORT_STREAMLOCAL-2; |
3107 | fwd->connect_host = xstrdup(fwdargs[1].arg); |
3108 | fwd->connect_port = a2port(fwdargs[2].arg); |
3109 | } else if (fwdargs[2].ispath) { |
3110 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
3111 | fwd->listen_port = a2port(fwdargs[1].arg); |
3112 | fwd->connect_path = xstrdup(fwdargs[2].arg); |
3113 | fwd->connect_port = PORT_STREAMLOCAL-2; |
3114 | } else { |
3115 | fwd->listen_host = NULL((void *)0); |
3116 | fwd->listen_port = a2port(fwdargs[0].arg); |
3117 | fwd->connect_host = xstrdup(fwdargs[1].arg); |
3118 | fwd->connect_port = a2port(fwdargs[2].arg); |
3119 | } |
3120 | break; |
3121 | |
3122 | case 4: |
3123 | fwd->listen_host = xstrdup(fwdargs[0].arg); |
3124 | fwd->listen_port = a2port(fwdargs[1].arg); |
3125 | fwd->connect_host = xstrdup(fwdargs[2].arg); |
3126 | fwd->connect_port = a2port(fwdargs[3].arg); |
3127 | break; |
3128 | default: |
3129 | i = 0; /* failure */ |
3130 | } |
3131 | |
3132 | free(p); |
3133 | |
3134 | if (dynamicfwd) { |
3135 | if (!(i == 1 || i == 2)) |
3136 | goto fail_free; |
3137 | } else { |
3138 | if (!(i == 3 || i == 4)) { |
3139 | if (fwd->connect_path == NULL((void *)0) && |
3140 | fwd->listen_path == NULL((void *)0)) |
3141 | goto fail_free; |
3142 | } |
3143 | if (fwd->connect_port <= 0 && fwd->connect_path == NULL((void *)0)) |
3144 | goto fail_free; |
3145 | } |
3146 | |
3147 | if ((fwd->listen_port < 0 && fwd->listen_path == NULL((void *)0)) || |
3148 | (!remotefwd && fwd->listen_port == 0)) |
3149 | goto fail_free; |
3150 | if (fwd->connect_host != NULL((void *)0) && |
3151 | strlen(fwd->connect_host) >= NI_MAXHOST256) |
3152 | goto fail_free; |
3153 | /* |
3154 | * XXX - if connecting to a remote socket, max sun len may not |
3155 | * match this host |
3156 | */ |
3157 | if (fwd->connect_path != NULL((void *)0) && |
3158 | strlen(fwd->connect_path) >= PATH_MAX_SUN(sizeof((struct sockaddr_un *)0)->sun_path)) |
3159 | goto fail_free; |
3160 | if (fwd->listen_host != NULL((void *)0) && |
3161 | strlen(fwd->listen_host) >= NI_MAXHOST256) |
3162 | goto fail_free; |
3163 | if (fwd->listen_path != NULL((void *)0) && |
3164 | strlen(fwd->listen_path) >= PATH_MAX_SUN(sizeof((struct sockaddr_un *)0)->sun_path)) |
3165 | goto fail_free; |
3166 | |
3167 | return (i); |
3168 | |
3169 | fail_free: |
3170 | free(fwd->connect_host); |
3171 | fwd->connect_host = NULL((void *)0); |
3172 | free(fwd->connect_path); |
3173 | fwd->connect_path = NULL((void *)0); |
3174 | free(fwd->listen_host); |
3175 | fwd->listen_host = NULL((void *)0); |
3176 | free(fwd->listen_path); |
3177 | fwd->listen_path = NULL((void *)0); |
3178 | return (0); |
3179 | } |
3180 | |
3181 | int |
3182 | parse_jump(const char *s, Options *o, int active) |
3183 | { |
3184 | char *orig, *sdup, *cp; |
3185 | char *host = NULL((void *)0), *user = NULL((void *)0); |
3186 | int r, ret = -1, port = -1, first; |
3187 | |
3188 | active &= o->proxy_command == NULL((void *)0) && o->jump_host == NULL((void *)0); |
3189 | |
3190 | orig = sdup = xstrdup(s); |
3191 | |
3192 | /* Remove comment and trailing whitespace */ |
3193 | if ((cp = strchr(orig, '#')) != NULL((void *)0)) |
3194 | *cp = '\0'; |
3195 | rtrim(orig); |
3196 | |
3197 | first = active; |
3198 | do { |
3199 | if (strcasecmp(s, "none") == 0) |
3200 | break; |
3201 | if ((cp = strrchr(sdup, ',')) == NULL((void *)0)) |
3202 | cp = sdup; /* last */ |
3203 | else |
3204 | *cp++ = '\0'; |
3205 | |
3206 | if (first) { |
3207 | /* First argument and configuration is active */ |
3208 | r = parse_ssh_uri(cp, &user, &host, &port); |
3209 | if (r == -1 || (r == 1 && |
3210 | parse_user_host_port(cp, &user, &host, &port) != 0)) |
3211 | goto out; |
3212 | } else { |
3213 | /* Subsequent argument or inactive configuration */ |
3214 | r = parse_ssh_uri(cp, NULL((void *)0), NULL((void *)0), NULL((void *)0)); |
3215 | if (r == -1 || (r == 1 && |
3216 | parse_user_host_port(cp, NULL((void *)0), NULL((void *)0), NULL((void *)0)) != 0)) |
3217 | goto out; |
3218 | } |
3219 | first = 0; /* only check syntax for subsequent hosts */ |
3220 | } while (cp != sdup); |
3221 | /* success */ |
3222 | if (active) { |
3223 | if (strcasecmp(s, "none") == 0) { |
3224 | o->jump_host = xstrdup("none"); |
3225 | o->jump_port = 0; |
3226 | } else { |
3227 | o->jump_user = user; |
3228 | o->jump_host = host; |
3229 | o->jump_port = port; |
3230 | o->proxy_command = xstrdup("none"); |
3231 | user = host = NULL((void *)0); |
3232 | if ((cp = strrchr(s, ',')) != NULL((void *)0) && cp != s) { |
3233 | o->jump_extra = xstrdup(s); |
3234 | o->jump_extra[cp - s] = '\0'; |
3235 | } |
3236 | } |
3237 | } |
3238 | ret = 0; |
3239 | out: |
3240 | free(orig); |
3241 | free(user); |
3242 | free(host); |
3243 | return ret; |
3244 | } |
3245 | |
3246 | int |
3247 | parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp) |
3248 | { |
3249 | char *user = NULL((void *)0), *host = NULL((void *)0), *path = NULL((void *)0); |
3250 | int r, port; |
3251 | |
3252 | r = parse_uri("ssh", uri, &user, &host, &port, &path); |
3253 | if (r == 0 && path != NULL((void *)0)) |
3254 | r = -1; /* path not allowed */ |
3255 | if (r == 0) { |
3256 | if (userp != NULL((void *)0)) { |
3257 | *userp = user; |
3258 | user = NULL((void *)0); |
3259 | } |
3260 | if (hostp != NULL((void *)0)) { |
3261 | *hostp = host; |
3262 | host = NULL((void *)0); |
3263 | } |
3264 | if (portp != NULL((void *)0)) |
3265 | *portp = port; |
3266 | } |
3267 | free(user); |
3268 | free(host); |
3269 | free(path); |
3270 | return r; |
3271 | } |
3272 | |
3273 | /* XXX the following is a near-vebatim copy from servconf.c; refactor */ |
3274 | static const char * |
3275 | fmt_multistate_int(int val, const struct multistate *m) |
3276 | { |
3277 | u_int i; |
3278 | |
3279 | for (i = 0; m[i].key != NULL((void *)0); i++) { |
3280 | if (m[i].value == val) |
3281 | return m[i].key; |
3282 | } |
3283 | return "UNKNOWN"; |
3284 | } |
3285 | |
3286 | static const char * |
3287 | fmt_intarg(OpCodes code, int val) |
3288 | { |
3289 | if (val == -1) |
3290 | return "unset"; |
3291 | switch (code) { |
3292 | case oAddressFamily: |
3293 | return fmt_multistate_int(val, multistate_addressfamily); |
3294 | case oVerifyHostKeyDNS: |
3295 | case oUpdateHostkeys: |
3296 | return fmt_multistate_int(val, multistate_yesnoask); |
3297 | case oStrictHostKeyChecking: |
3298 | return fmt_multistate_int(val, multistate_strict_hostkey); |
3299 | case oControlMaster: |
3300 | return fmt_multistate_int(val, multistate_controlmaster); |
3301 | case oTunnel: |
3302 | return fmt_multistate_int(val, multistate_tunnel); |
3303 | case oRequestTTY: |
3304 | return fmt_multistate_int(val, multistate_requesttty); |
3305 | case oSessionType: |
3306 | return fmt_multistate_int(val, multistate_sessiontype); |
3307 | case oCanonicalizeHostname: |
3308 | return fmt_multistate_int(val, multistate_canonicalizehostname); |
3309 | case oAddKeysToAgent: |
3310 | return fmt_multistate_int(val, multistate_yesnoaskconfirm); |
3311 | case oPubkeyAuthentication: |
3312 | return fmt_multistate_int(val, multistate_pubkey_auth); |
3313 | case oFingerprintHash: |
3314 | return ssh_digest_alg_name(val); |
3315 | default: |
3316 | switch (val) { |
3317 | case 0: |
3318 | return "no"; |
3319 | case 1: |
3320 | return "yes"; |
3321 | default: |
3322 | return "UNKNOWN"; |
3323 | } |
3324 | } |
3325 | } |
3326 | |
3327 | static const char * |
3328 | lookup_opcode_name(OpCodes code) |
3329 | { |
3330 | u_int i; |
3331 | |
3332 | for (i = 0; keywords[i].name != NULL((void *)0); i++) |
3333 | if (keywords[i].opcode == code) |
3334 | return(keywords[i].name); |
3335 | return "UNKNOWN"; |
3336 | } |
3337 | |
3338 | static void |
3339 | dump_cfg_int(OpCodes code, int val) |
3340 | { |
3341 | if (code == oObscureKeystrokeTiming) { |
3342 | if (val == 0) { |
3343 | printf("%s no\n", lookup_opcode_name(code)); |
3344 | return; |
3345 | } else if (val == SSH_KEYSTROKE_DEFAULT_INTERVAL_MS20) { |
3346 | printf("%s yes\n", lookup_opcode_name(code)); |
3347 | return; |
3348 | } |
3349 | /* FALLTHROUGH */ |
3350 | } |
3351 | printf("%s %d\n", lookup_opcode_name(code), val); |
3352 | } |
3353 | |
3354 | static void |
3355 | dump_cfg_fmtint(OpCodes code, int val) |
3356 | { |
3357 | printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val)); |
3358 | } |
3359 | |
3360 | static void |
3361 | dump_cfg_string(OpCodes code, const char *val) |
3362 | { |
3363 | if (val == NULL((void *)0)) |
3364 | return; |
3365 | printf("%s %s\n", lookup_opcode_name(code), val); |
3366 | } |
3367 | |
3368 | static void |
3369 | dump_cfg_strarray(OpCodes code, u_int count, char **vals) |
3370 | { |
3371 | u_int i; |
3372 | |
3373 | for (i = 0; i < count; i++) |
3374 | printf("%s %s\n", lookup_opcode_name(code), vals[i]); |
3375 | } |
3376 | |
3377 | static void |
3378 | dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals) |
3379 | { |
3380 | u_int i; |
3381 | |
3382 | printf("%s", lookup_opcode_name(code)); |
3383 | if (count == 0) |
3384 | printf(" none"); |
3385 | for (i = 0; i < count; i++) |
3386 | printf(" %s", vals[i]); |
3387 | printf("\n"); |
3388 | } |
3389 | |
3390 | static void |
3391 | dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds) |
3392 | { |
3393 | const struct Forward *fwd; |
3394 | u_int i; |
3395 | |
3396 | /* oDynamicForward */ |
3397 | for (i = 0; i < count; i++) { |
3398 | fwd = &fwds[i]; |
3399 | if (code == oDynamicForward && fwd->connect_host != NULL((void *)0) && |
3400 | strcmp(fwd->connect_host, "socks") != 0) |
3401 | continue; |
3402 | if (code == oLocalForward && fwd->connect_host != NULL((void *)0) && |
3403 | strcmp(fwd->connect_host, "socks") == 0) |
3404 | continue; |
3405 | printf("%s", lookup_opcode_name(code)); |
3406 | if (fwd->listen_port == PORT_STREAMLOCAL-2) |
3407 | printf(" %s", fwd->listen_path); |
3408 | else if (fwd->listen_host == NULL((void *)0)) |
3409 | printf(" %d", fwd->listen_port); |
3410 | else { |
3411 | printf(" [%s]:%d", |
3412 | fwd->listen_host, fwd->listen_port); |
3413 | } |
3414 | if (code != oDynamicForward) { |
3415 | if (fwd->connect_port == PORT_STREAMLOCAL-2) |
3416 | printf(" %s", fwd->connect_path); |
3417 | else if (fwd->connect_host == NULL((void *)0)) |
3418 | printf(" %d", fwd->connect_port); |
3419 | else { |
3420 | printf(" [%s]:%d", |
3421 | fwd->connect_host, fwd->connect_port); |
3422 | } |
3423 | } |
3424 | printf("\n"); |
3425 | } |
3426 | } |
3427 | |
3428 | void |
3429 | dump_client_config(Options *o, const char *host) |
3430 | { |
3431 | int i, r; |
3432 | char buf[8], *all_key; |
3433 | |
3434 | /* |
3435 | * Expand HostKeyAlgorithms name lists. This isn't handled in |
3436 | * fill_default_options() like the other algorithm lists because |
3437 | * the host key algorithms are by default dynamically chosen based |
3438 | * on the host's keys found in known_hosts. |
3439 | */ |
3440 | all_key = sshkey_alg_list(0, 0, 1, ','); |
3441 | if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(), |
3442 | all_key)) != 0) |
3443 | fatal_fr(r, "expand HostKeyAlgorithms")sshfatal("/usr/src/usr.bin/ssh/ssh/../readconf.c", __func__, 3443 , 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "expand HostKeyAlgorithms" ); |
3444 | free(all_key); |
3445 | |
3446 | /* Most interesting options first: user, host, port */ |
3447 | dump_cfg_string(oHost, o->host_arg); |
3448 | dump_cfg_string(oUser, o->user); |
3449 | dump_cfg_string(oHostname, host); |
3450 | dump_cfg_int(oPort, o->port); |
3451 | |
3452 | /* Flag options */ |
3453 | dump_cfg_fmtint(oAddressFamily, o->address_family); |
3454 | dump_cfg_fmtint(oBatchMode, o->batch_mode); |
3455 | dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local); |
3456 | dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname); |
3457 | dump_cfg_fmtint(oCheckHostIP, o->check_host_ip); |
3458 | dump_cfg_fmtint(oCompression, o->compression); |
3459 | dump_cfg_fmtint(oControlMaster, o->control_master); |
3460 | dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); |
3461 | dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); |
3462 | dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); |
3463 | dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); |
3464 | dump_cfg_fmtint(oForwardX11, o->forward_x11); |
3465 | dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); |
3466 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
3467 | #ifdef GSSAPI |
3468 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
3469 | dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); |
3470 | #endif /* GSSAPI */ |
3471 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
3472 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |
3473 | dump_cfg_fmtint(oIdentitiesOnly, o->identities_only); |
3474 | dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication); |
3475 | dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); |
3476 | dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); |
3477 | dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); |
3478 | dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); |
3479 | dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); |
3480 | dump_cfg_fmtint(oRequestTTY, o->request_tty); |
3481 | dump_cfg_fmtint(oSessionType, o->session_type); |
3482 | dump_cfg_fmtint(oStdinNull, o->stdin_null); |
3483 | dump_cfg_fmtint(oForkAfterAuthentication, o->fork_after_authentication); |
3484 | dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
3485 | dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); |
3486 | dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); |
3487 | dump_cfg_fmtint(oTunnel, o->tun_open); |
3488 | dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); |
3489 | dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); |
3490 | dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); |
3491 | dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); |
3492 | |
3493 | /* Integer options */ |
3494 | dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); |
3495 | dump_cfg_int(oConnectionAttempts, o->connection_attempts); |
3496 | dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); |
3497 | dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); |
3498 | dump_cfg_int(oServerAliveCountMax, o->server_alive_count_max); |
3499 | dump_cfg_int(oServerAliveInterval, o->server_alive_interval); |
3500 | dump_cfg_int(oRequiredRSASize, o->required_rsa_size); |
3501 | dump_cfg_int(oObscureKeystrokeTiming, |
3502 | o->obscure_keystroke_timing_interval); |
3503 | |
3504 | /* String options */ |
3505 | dump_cfg_string(oBindAddress, o->bind_address); |
3506 | dump_cfg_string(oBindInterface, o->bind_interface); |
3507 | dump_cfg_string(oCiphers, o->ciphers); |
3508 | dump_cfg_string(oControlPath, o->control_path); |
3509 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
3510 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
3511 | dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); |
3512 | dump_cfg_string(oIdentityAgent, o->identity_agent); |
3513 | dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); |
3514 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
3515 | dump_cfg_string(oKexAlgorithms, o->kex_algorithms); |
3516 | dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms); |
3517 | dump_cfg_string(oLocalCommand, o->local_command); |
3518 | dump_cfg_string(oRemoteCommand, o->remote_command); |
3519 | dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |
3520 | dump_cfg_string(oMacs, o->macs); |
3521 | #ifdef ENABLE_PKCS111 |
3522 | dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); |
3523 | #endif |
3524 | dump_cfg_string(oSecurityKeyProvider, o->sk_provider); |
3525 | dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); |
3526 | dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); |
3527 | dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); |
3528 | dump_cfg_string(oXAuthLocation, o->xauth_location); |
3529 | dump_cfg_string(oKnownHostsCommand, o->known_hosts_command); |
3530 | dump_cfg_string(oTag, o->tag); |
3531 | |
3532 | /* Forwards */ |
3533 | dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards); |
3534 | dump_cfg_forwards(oLocalForward, o->num_local_forwards, o->local_forwards); |
3535 | dump_cfg_forwards(oRemoteForward, o->num_remote_forwards, o->remote_forwards); |
3536 | |
3537 | /* String array options */ |
3538 | dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files); |
3539 | dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains); |
3540 | dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files); |
3541 | dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); |
3542 | dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); |
3543 | dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); |
3544 | dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv); |
3545 | dump_cfg_strarray_oneline(oLogVerbose, |
3546 | o->num_log_verbose, o->log_verbose); |
3547 | dump_cfg_strarray_oneline(oChannelTimeout, |
3548 | o->num_channel_timeouts, o->channel_timeouts); |
3549 | |
3550 | /* Special cases */ |
3551 | |
3552 | /* PermitRemoteOpen */ |
3553 | if (o->num_permitted_remote_opens == 0) |
3554 | printf("%s any\n", lookup_opcode_name(oPermitRemoteOpen)); |
3555 | else |
3556 | dump_cfg_strarray_oneline(oPermitRemoteOpen, |
3557 | o->num_permitted_remote_opens, o->permitted_remote_opens); |
3558 | |
3559 | /* AddKeysToAgent */ |
3560 | if (o->add_keys_to_agent_lifespan <= 0) |
3561 | dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent); |
3562 | else { |
3563 | printf("addkeystoagent%s %d\n", |
3564 | o->add_keys_to_agent == 3 ? " confirm" : "", |
3565 | o->add_keys_to_agent_lifespan); |
3566 | } |
3567 | |
3568 | /* oForwardAgent */ |
3569 | if (o->forward_agent_sock_path == NULL((void *)0)) |
3570 | dump_cfg_fmtint(oForwardAgent, o->forward_agent); |
3571 | else |
3572 | dump_cfg_string(oForwardAgent, o->forward_agent_sock_path); |
3573 | |
3574 | /* oConnectTimeout */ |
3575 | if (o->connection_timeout == -1) |
3576 | printf("connecttimeout none\n"); |
3577 | else |
3578 | dump_cfg_int(oConnectTimeout, o->connection_timeout); |
3579 | |
3580 | /* oTunnelDevice */ |
3581 | printf("tunneldevice"); |
3582 | if (o->tun_local == SSH_TUNID_ANY0x7fffffff) |
3583 | printf(" any"); |
3584 | else |
3585 | printf(" %d", o->tun_local); |
3586 | if (o->tun_remote == SSH_TUNID_ANY0x7fffffff) |
3587 | printf(":any"); |
3588 | else |
3589 | printf(":%d", o->tun_remote); |
3590 | printf("\n"); |
3591 | |
3592 | /* oCanonicalizePermittedCNAMEs */ |
3593 | printf("canonicalizePermittedcnames"); |
3594 | if (o->num_permitted_cnames == 0) |
3595 | printf(" none"); |
3596 | for (i = 0; i < o->num_permitted_cnames; i++) { |
3597 | printf(" %s:%s", o->permitted_cnames[i].source_list, |
3598 | o->permitted_cnames[i].target_list); |
3599 | } |
3600 | printf("\n"); |
3601 | |
3602 | /* oControlPersist */ |
3603 | if (o->control_persist == 0 || o->control_persist_timeout == 0) |
3604 | dump_cfg_fmtint(oControlPersist, o->control_persist); |
3605 | else |
3606 | dump_cfg_int(oControlPersist, o->control_persist_timeout); |
3607 | |
3608 | /* oEscapeChar */ |
3609 | if (o->escape_char == SSH_ESCAPECHAR_NONE-2) |
3610 | printf("escapechar none\n"); |
3611 | else { |
3612 | vis(buf, o->escape_char, VIS_WHITE(0x04 | 0x08 | 0x10), 0); |
3613 | printf("escapechar %s\n", buf); |
3614 | } |
3615 | |
3616 | /* oIPQoS */ |
3617 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); |
3618 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
3619 | |
3620 | /* oRekeyLimit */ |
3621 | printf("rekeylimit %llu %d\n", |
3622 | (unsigned long long)o->rekey_limit, o->rekey_interval); |
3623 | |
3624 | /* oStreamLocalBindMask */ |
3625 | printf("streamlocalbindmask 0%o\n", |
3626 | o->fwd_opts.streamlocal_bind_mask); |
3627 | |
3628 | /* oLogFacility */ |
3629 | printf("syslogfacility %s\n", log_facility_name(o->log_facility)); |
3630 | |
3631 | /* oProxyCommand / oProxyJump */ |
3632 | if (o->jump_host == NULL((void *)0)) |
3633 | dump_cfg_string(oProxyCommand, o->proxy_command); |
3634 | else { |
3635 | /* Check for numeric addresses */ |
3636 | i = strchr(o->jump_host, ':') != NULL((void *)0) || |
3637 | strspn(o->jump_host, "1234567890.") == strlen(o->jump_host); |
3638 | snprintf(buf, sizeof(buf), "%d", o->jump_port); |
3639 | printf("proxyjump %s%s%s%s%s%s%s%s%s\n", |
3640 | /* optional additional jump spec */ |
3641 | o->jump_extra == NULL((void *)0) ? "" : o->jump_extra, |
3642 | o->jump_extra == NULL((void *)0) ? "" : ",", |
3643 | /* optional user */ |
3644 | o->jump_user == NULL((void *)0) ? "" : o->jump_user, |
3645 | o->jump_user == NULL((void *)0) ? "" : "@", |
3646 | /* opening [ if hostname is numeric */ |
3647 | i ? "[" : "", |
3648 | /* mandatory hostname */ |
3649 | o->jump_host, |
3650 | /* closing ] if hostname is numeric */ |
3651 | i ? "]" : "", |
3652 | /* optional port number */ |
3653 | o->jump_port <= 0 ? "" : ":", |
3654 | o->jump_port <= 0 ? "" : buf); |
3655 | } |
3656 | } |