2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Functions for reading the configuration files.
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
15 RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $");
21 #include "pathnames.h"
29 /* Format of the configuration file:
31 # Configuration data is parsed as follows:
32 # 1. command line options
33 # 2. user-specific file
35 # Any configuration value is only changed the first time it is set.
36 # Thus, host-specific definitions should be at the beginning of the
37 # configuration file, and defaults at the end.
39 # Host-specific declarations. These may override anything above. A single
40 # host may match multiple declarations; these are processed in the order
41 # that they are given in.
47 HostName another.host.name.real.org
54 RemoteForward 9999 shadows.cs.hut.fi:9999
60 PasswordAuthentication no
64 ProxyCommand ssh-proxy %h %p
67 PublicKeyAuthentication no
71 PasswordAuthentication no
73 # Defaults for various options
77 PasswordAuthentication yes
79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes
82 IdentityFile ~/.ssh/identity
92 oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
93 oPasswordAuthentication, oRSAAuthentication,
94 oChallengeResponseAuthentication, oXAuthLocation,
95 oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
103 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
104 oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
105 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
106 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
110 oDeprecated, oUnsupported
113 /* Textual representations of the tokens. */
119 { "forwardagent", oForwardAgent },
120 { "forwardx11", oForwardX11 },
121 { "forwardx11trusted", oForwardX11Trusted },
122 { "xauthlocation", oXAuthLocation },
123 { "gatewayports", oGatewayPorts },
124 { "useprivilegedport", oUsePrivilegedPort },
125 { "rhostsauthentication", oDeprecated },
126 { "passwordauthentication", oPasswordAuthentication },
127 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
128 { "kbdinteractivedevices", oKbdInteractiveDevices },
129 { "rsaauthentication", oRSAAuthentication },
130 { "pubkeyauthentication", oPubkeyAuthentication },
131 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
132 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
133 { "hostbasedauthentication", oHostbasedAuthentication },
134 { "challengeresponseauthentication", oChallengeResponseAuthentication },
135 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
136 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
137 { "kerberosauthentication", oUnsupported },
138 { "kerberostgtpassing", oUnsupported },
139 { "afstokenpassing", oUnsupported },
141 { "gssapiauthentication", oGssAuthentication },
142 { "gssapidelegatecredentials", oGssDelegateCreds },
144 { "gssapiauthentication", oUnsupported },
145 { "gssapidelegatecredentials", oUnsupported },
147 { "fallbacktorsh", oDeprecated },
148 { "usersh", oDeprecated },
149 { "identityfile", oIdentityFile },
150 { "identityfile2", oIdentityFile }, /* alias */
151 { "identitiesonly", oIdentitiesOnly },
152 { "hostname", oHostName },
153 { "hostkeyalias", oHostKeyAlias },
154 { "proxycommand", oProxyCommand },
156 { "cipher", oCipher },
157 { "ciphers", oCiphers },
159 { "protocol", oProtocol },
160 { "remoteforward", oRemoteForward },
161 { "localforward", oLocalForward },
164 { "escapechar", oEscapeChar },
165 { "globalknownhostsfile", oGlobalKnownHostsFile },
166 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */
167 { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
168 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
169 { "connectionattempts", oConnectionAttempts },
170 { "batchmode", oBatchMode },
171 { "checkhostip", oCheckHostIP },
172 { "stricthostkeychecking", oStrictHostKeyChecking },
173 { "compression", oCompression },
174 { "compressionlevel", oCompressionLevel },
175 { "tcpkeepalive", oTCPKeepAlive },
176 { "keepalive", oTCPKeepAlive }, /* obsolete */
177 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
178 { "loglevel", oLogLevel },
179 { "dynamicforward", oDynamicForward },
180 { "preferredauthentications", oPreferredAuthentications },
181 { "hostkeyalgorithms", oHostKeyAlgorithms },
182 { "bindaddress", oBindAddress },
184 { "smartcarddevice", oSmartcardDevice },
186 { "smartcarddevice", oUnsupported },
188 { "clearallforwardings", oClearAllForwardings },
189 { "enablesshkeysign", oEnableSSHKeysign },
190 { "verifyhostkeydns", oVerifyHostKeyDNS },
191 { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
192 { "rekeylimit", oRekeyLimit },
193 { "connecttimeout", oConnectTimeout },
194 { "addressfamily", oAddressFamily },
195 { "serveraliveinterval", oServerAliveInterval },
196 { "serveralivecountmax", oServerAliveCountMax },
197 { "sendenv", oSendEnv },
198 { "controlpath", oControlPath },
199 { "controlmaster", oControlMaster },
200 { "hashknownhosts", oHashKnownHosts },
205 * Adds a local TCP/IP port forward to options. Never returns if there is an
210 add_local_forward(Options *options, const Forward *newfwd)
213 #ifndef NO_IPPORT_RESERVED_CONCEPT
214 extern uid_t original_real_uid;
215 if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
216 fatal("Privileged ports can only be forwarded by root.");
218 if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
219 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
220 fwd = &options->local_forwards[options->num_local_forwards++];
222 fwd->listen_host = (newfwd->listen_host == NULL) ?
223 NULL : xstrdup(newfwd->listen_host);
224 fwd->listen_port = newfwd->listen_port;
225 fwd->connect_host = xstrdup(newfwd->connect_host);
226 fwd->connect_port = newfwd->connect_port;
230 * Adds a remote TCP/IP port forward to options. Never returns if there is
235 add_remote_forward(Options *options, const Forward *newfwd)
238 if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
239 fatal("Too many remote forwards (max %d).",
240 SSH_MAX_FORWARDS_PER_DIRECTION);
241 fwd = &options->remote_forwards[options->num_remote_forwards++];
243 fwd->listen_host = (newfwd->listen_host == NULL) ?
244 NULL : xstrdup(newfwd->listen_host);
245 fwd->listen_port = newfwd->listen_port;
246 fwd->connect_host = xstrdup(newfwd->connect_host);
247 fwd->connect_port = newfwd->connect_port;
251 clear_forwardings(Options *options)
255 for (i = 0; i < options->num_local_forwards; i++) {
256 if (options->local_forwards[i].listen_host != NULL)
257 xfree(options->local_forwards[i].listen_host);
258 xfree(options->local_forwards[i].connect_host);
260 options->num_local_forwards = 0;
261 for (i = 0; i < options->num_remote_forwards; i++) {
262 if (options->remote_forwards[i].listen_host != NULL)
263 xfree(options->remote_forwards[i].listen_host);
264 xfree(options->remote_forwards[i].connect_host);
266 options->num_remote_forwards = 0;
270 * Returns the number of the token pointed to by cp or oBadOption.
274 parse_token(const char *cp, const char *filename, int linenum)
278 for (i = 0; keywords[i].name; i++)
279 if (strcasecmp(cp, keywords[i].name) == 0)
280 return keywords[i].opcode;
282 error("%s: line %d: Bad configuration option: %s",
283 filename, linenum, cp);
288 * Processes a single option line as used in the configuration files. This
289 * only sets those values that have not already been set.
291 #define WHITESPACE " \t\r\n"
294 process_config_line(Options *options, const char *host,
295 char *line, const char *filename, int linenum,
298 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
299 int opcode, *intptr, value;
303 /* Strip trailing whitespace */
304 for (len = strlen(line) - 1; len > 0; len--) {
305 if (strchr(WHITESPACE, line[len]) == NULL)
311 /* Get the keyword. (Each line is supposed to begin with a keyword). */
312 keyword = strdelim(&s);
313 /* Ignore leading whitespace. */
314 if (*keyword == '\0')
315 keyword = strdelim(&s);
316 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
319 opcode = parse_token(keyword, filename, linenum);
323 /* don't panic, but count bad options */
326 case oConnectTimeout:
327 intptr = &options->connection_timeout;
330 if (!arg || *arg == '\0')
331 fatal("%s line %d: missing time value.",
333 if ((value = convtime(arg)) == -1)
334 fatal("%s line %d: invalid time value.",
341 intptr = &options->forward_agent;
344 if (!arg || *arg == '\0')
345 fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
346 value = 0; /* To avoid compiler warning... */
347 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
349 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
352 fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
353 if (*activep && *intptr == -1)
358 intptr = &options->forward_x11;
361 case oForwardX11Trusted:
362 intptr = &options->forward_x11_trusted;
366 intptr = &options->gateway_ports;
369 case oUsePrivilegedPort:
370 intptr = &options->use_privileged_port;
373 case oPasswordAuthentication:
374 intptr = &options->password_authentication;
377 case oKbdInteractiveAuthentication:
378 intptr = &options->kbd_interactive_authentication;
381 case oKbdInteractiveDevices:
382 charptr = &options->kbd_interactive_devices;
385 case oPubkeyAuthentication:
386 intptr = &options->pubkey_authentication;
389 case oRSAAuthentication:
390 intptr = &options->rsa_authentication;
393 case oRhostsRSAAuthentication:
394 intptr = &options->rhosts_rsa_authentication;
397 case oHostbasedAuthentication:
398 intptr = &options->hostbased_authentication;
401 case oChallengeResponseAuthentication:
402 intptr = &options->challenge_response_authentication;
405 case oGssAuthentication:
406 intptr = &options->gss_authentication;
409 case oGssDelegateCreds:
410 intptr = &options->gss_deleg_creds;
414 intptr = &options->batch_mode;
418 intptr = &options->check_host_ip;
421 case oVerifyHostKeyDNS:
422 intptr = &options->verify_host_key_dns;
425 case oStrictHostKeyChecking:
426 intptr = &options->strict_host_key_checking;
429 if (!arg || *arg == '\0')
430 fatal("%.200s line %d: Missing yes/no/ask argument.",
432 value = 0; /* To avoid compiler warning... */
433 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
435 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
437 else if (strcmp(arg, "ask") == 0)
440 fatal("%.200s line %d: Bad yes/no/ask argument.", filename, linenum);
441 if (*activep && *intptr == -1)
446 intptr = &options->compression;
450 intptr = &options->tcp_keep_alive;
453 case oNoHostAuthenticationForLocalhost:
454 intptr = &options->no_host_authentication_for_localhost;
457 case oNumberOfPasswordPrompts:
458 intptr = &options->number_of_password_prompts;
461 case oCompressionLevel:
462 intptr = &options->compression_level;
466 intptr = &options->rekey_limit;
468 if (!arg || *arg == '\0')
469 fatal("%.200s line %d: Missing argument.", filename, linenum);
470 if (arg[0] < '0' || arg[0] > '9')
471 fatal("%.200s line %d: Bad number.", filename, linenum);
472 value = strtol(arg, &endofnumber, 10);
473 if (arg == endofnumber)
474 fatal("%.200s line %d: Bad number.", filename, linenum);
475 switch (toupper(*endofnumber)) {
486 if (*activep && *intptr == -1)
492 if (!arg || *arg == '\0')
493 fatal("%.200s line %d: Missing argument.", filename, linenum);
495 intptr = &options->num_identity_files;
496 if (*intptr >= SSH_MAX_IDENTITY_FILES)
497 fatal("%.200s line %d: Too many identity files specified (max %d).",
498 filename, linenum, SSH_MAX_IDENTITY_FILES);
499 charptr = &options->identity_files[*intptr];
500 *charptr = xstrdup(arg);
501 *intptr = *intptr + 1;
506 charptr=&options->xauth_location;
510 charptr = &options->user;
513 if (!arg || *arg == '\0')
514 fatal("%.200s line %d: Missing argument.", filename, linenum);
515 if (*activep && *charptr == NULL)
516 *charptr = xstrdup(arg);
519 case oGlobalKnownHostsFile:
520 charptr = &options->system_hostfile;
523 case oUserKnownHostsFile:
524 charptr = &options->user_hostfile;
527 case oGlobalKnownHostsFile2:
528 charptr = &options->system_hostfile2;
531 case oUserKnownHostsFile2:
532 charptr = &options->user_hostfile2;
536 charptr = &options->hostname;
540 charptr = &options->host_key_alias;
543 case oPreferredAuthentications:
544 charptr = &options->preferred_authentications;
548 charptr = &options->bind_address;
551 case oSmartcardDevice:
552 charptr = &options->smartcard_device;
557 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 charptr = &options->proxy_command;
559 len = strspn(s, WHITESPACE "=");
560 if (*activep && *charptr == NULL)
561 *charptr = xstrdup(s + len);
565 intptr = &options->port;
568 if (!arg || *arg == '\0')
569 fatal("%.200s line %d: Missing argument.", filename, linenum);
570 if (arg[0] < '0' || arg[0] > '9')
571 fatal("%.200s line %d: Bad number.", filename, linenum);
573 /* Octal, decimal, or hex format? */
574 value = strtol(arg, &endofnumber, 0);
575 if (arg == endofnumber)
576 fatal("%.200s line %d: Bad number.", filename, linenum);
577 if (*activep && *intptr == -1)
581 case oConnectionAttempts:
582 intptr = &options->connection_attempts;
586 intptr = &options->cipher;
588 if (!arg || *arg == '\0')
589 fatal("%.200s line %d: Missing argument.", filename, linenum);
590 value = cipher_number(arg);
592 fatal("%.200s line %d: Bad cipher '%s'.",
593 filename, linenum, arg ? arg : "<NONE>");
594 if (*activep && *intptr == -1)
600 if (!arg || *arg == '\0')
601 fatal("%.200s line %d: Missing argument.", filename, linenum);
602 if (!ciphers_valid(arg))
603 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
604 filename, linenum, arg ? arg : "<NONE>");
605 if (*activep && options->ciphers == NULL)
606 options->ciphers = xstrdup(arg);
611 if (!arg || *arg == '\0')
612 fatal("%.200s line %d: Missing argument.", filename, linenum);
614 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
615 filename, linenum, arg ? arg : "<NONE>");
616 if (*activep && options->macs == NULL)
617 options->macs = xstrdup(arg);
620 case oHostKeyAlgorithms:
622 if (!arg || *arg == '\0')
623 fatal("%.200s line %d: Missing argument.", filename, linenum);
624 if (!key_names_valid2(arg))
625 fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
626 filename, linenum, arg ? arg : "<NONE>");
627 if (*activep && options->hostkeyalgorithms == NULL)
628 options->hostkeyalgorithms = xstrdup(arg);
632 intptr = &options->protocol;
634 if (!arg || *arg == '\0')
635 fatal("%.200s line %d: Missing argument.", filename, linenum);
636 value = proto_spec(arg);
637 if (value == SSH_PROTO_UNKNOWN)
638 fatal("%.200s line %d: Bad protocol spec '%s'.",
639 filename, linenum, arg ? arg : "<NONE>");
640 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
645 intptr = (int *) &options->log_level;
647 value = log_level_number(arg);
648 if (value == SYSLOG_LEVEL_NOT_SET)
649 fatal("%.200s line %d: unsupported log level '%s'",
650 filename, linenum, arg ? arg : "<NONE>");
651 if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
652 *intptr = (LogLevel) value;
658 if (arg == NULL || *arg == '\0')
659 fatal("%.200s line %d: Missing port argument.",
662 if (arg2 == NULL || *arg2 == '\0')
663 fatal("%.200s line %d: Missing target argument.",
666 /* construct a string for parse_forward */
667 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
669 if (parse_forward(&fwd, fwdarg) == 0)
670 fatal("%.200s line %d: Bad forwarding specification.",
674 if (opcode == oLocalForward)
675 add_local_forward(options, &fwd);
676 else if (opcode == oRemoteForward)
677 add_remote_forward(options, &fwd);
681 case oDynamicForward:
683 if (!arg || *arg == '\0')
684 fatal("%.200s line %d: Missing port argument.",
686 memset(&fwd, '\0', sizeof(fwd));
687 fwd.connect_host = "socks";
688 fwd.listen_host = hpdelim(&arg);
689 if (fwd.listen_host == NULL ||
690 strlen(fwd.listen_host) >= NI_MAXHOST)
691 fatal("%.200s line %d: Bad forwarding specification.",
694 fwd.listen_port = a2port(arg);
695 fwd.listen_host = cleanhostname(fwd.listen_host);
697 fwd.listen_port = a2port(fwd.listen_host);
698 fwd.listen_host = NULL;
700 if (fwd.listen_port == 0)
701 fatal("%.200s line %d: Badly formatted port number.",
704 add_local_forward(options, &fwd);
707 case oClearAllForwardings:
708 intptr = &options->clear_forwardings;
713 while ((arg = strdelim(&s)) != NULL && *arg != '\0')
714 if (match_pattern(host, arg)) {
715 debug("Applying options for %.100s", arg);
719 /* Avoid garbage check below, as strdelim is done. */
723 intptr = &options->escape_char;
725 if (!arg || *arg == '\0')
726 fatal("%.200s line %d: Missing argument.", filename, linenum);
727 if (arg[0] == '^' && arg[2] == 0 &&
728 (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
729 value = (u_char) arg[1] & 31;
730 else if (strlen(arg) == 1)
731 value = (u_char) arg[0];
732 else if (strcmp(arg, "none") == 0)
733 value = SSH_ESCAPECHAR_NONE;
735 fatal("%.200s line %d: Bad escape character.",
738 value = 0; /* Avoid compiler warning. */
740 if (*activep && *intptr == -1)
746 if (!arg || *arg == '\0')
747 fatal("%s line %d: missing address family.",
749 intptr = &options->address_family;
750 if (strcasecmp(arg, "inet") == 0)
752 else if (strcasecmp(arg, "inet6") == 0)
754 else if (strcasecmp(arg, "any") == 0)
757 fatal("Unsupported AddressFamily \"%s\"", arg);
758 if (*activep && *intptr == -1)
762 case oEnableSSHKeysign:
763 intptr = &options->enable_ssh_keysign;
766 case oIdentitiesOnly:
767 intptr = &options->identities_only;
770 case oServerAliveInterval:
771 intptr = &options->server_alive_interval;
774 case oServerAliveCountMax:
775 intptr = &options->server_alive_count_max;
779 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
780 if (strchr(arg, '=') != NULL)
781 fatal("%s line %d: Invalid environment name.",
785 if (options->num_send_env >= MAX_SEND_ENV)
786 fatal("%s line %d: too many send env.",
788 options->send_env[options->num_send_env++] =
794 charptr = &options->control_path;
798 intptr = &options->control_master;
800 if (!arg || *arg == '\0')
801 fatal("%.200s line %d: Missing ControlMaster argument.",
803 value = 0; /* To avoid compiler warning... */
804 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
805 value = SSHCTL_MASTER_YES;
806 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
807 value = SSHCTL_MASTER_NO;
808 else if (strcmp(arg, "auto") == 0)
809 value = SSHCTL_MASTER_AUTO;
810 else if (strcmp(arg, "ask") == 0)
811 value = SSHCTL_MASTER_ASK;
812 else if (strcmp(arg, "autoask") == 0)
813 value = SSHCTL_MASTER_AUTO_ASK;
815 fatal("%.200s line %d: Bad ControlMaster argument.",
817 if (*activep && *intptr == -1)
821 case oHashKnownHosts:
822 intptr = &options->hash_known_hosts;
826 debug("%s line %d: Deprecated option \"%s\"",
827 filename, linenum, keyword);
831 error("%s line %d: Unsupported option \"%s\"",
832 filename, linenum, keyword);
836 fatal("process_config_line: Unimplemented opcode %d", opcode);
839 /* Check that there is no garbage at end of line. */
840 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
841 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
842 filename, linenum, arg);
849 * Reads the config file and modifies the options accordingly. Options
850 * should already be initialized before this call. This never returns if
851 * there is an error. If the file does not exist, this returns 0.
855 read_config_file(const char *filename, const char *host, Options *options,
864 if ((f = fopen(filename, "r")) == NULL)
870 if (fstat(fileno(f), &sb) == -1)
871 fatal("fstat %s: %s", filename, strerror(errno));
872 if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
873 (sb.st_mode & 022) != 0))
874 fatal("Bad owner or permissions on %s", filename);
877 debug("Reading configuration data %.200s", filename);
880 * Mark that we are now processing the options. This flag is turned
881 * on/off by Host specifications.
885 while (fgets(line, sizeof(line), f)) {
886 /* Update line number counter. */
888 if (process_config_line(options, host, line, filename, linenum, &active) != 0)
893 fatal("%s: terminating, %d bad configuration options",
894 filename, bad_options);
899 * Initializes options to special values that indicate that they have not yet
900 * been set. Read_config_file will only set options with this value. Options
901 * are processed in the following order: command line, user config file,
902 * system config file. Last, fill_default_options is called.
906 initialize_options(Options * options)
908 memset(options, 'X', sizeof(*options));
909 options->forward_agent = -1;
910 options->forward_x11 = -1;
911 options->forward_x11_trusted = -1;
912 options->xauth_location = NULL;
913 options->gateway_ports = -1;
914 options->use_privileged_port = -1;
915 options->rsa_authentication = -1;
916 options->pubkey_authentication = -1;
917 options->challenge_response_authentication = -1;
918 options->gss_authentication = -1;
919 options->gss_deleg_creds = -1;
920 options->password_authentication = -1;
921 options->kbd_interactive_authentication = -1;
922 options->kbd_interactive_devices = NULL;
923 options->rhosts_rsa_authentication = -1;
924 options->hostbased_authentication = -1;
925 options->batch_mode = -1;
926 options->check_host_ip = -1;
927 options->strict_host_key_checking = -1;
928 options->compression = -1;
929 options->tcp_keep_alive = -1;
930 options->compression_level = -1;
932 options->address_family = -1;
933 options->connection_attempts = -1;
934 options->connection_timeout = -1;
935 options->number_of_password_prompts = -1;
936 options->cipher = -1;
937 options->ciphers = NULL;
938 options->macs = NULL;
939 options->hostkeyalgorithms = NULL;
940 options->protocol = SSH_PROTO_UNKNOWN;
941 options->num_identity_files = 0;
942 options->hostname = NULL;
943 options->host_key_alias = NULL;
944 options->proxy_command = NULL;
945 options->user = NULL;
946 options->escape_char = -1;
947 options->system_hostfile = NULL;
948 options->user_hostfile = NULL;
949 options->system_hostfile2 = NULL;
950 options->user_hostfile2 = NULL;
951 options->num_local_forwards = 0;
952 options->num_remote_forwards = 0;
953 options->clear_forwardings = -1;
954 options->log_level = SYSLOG_LEVEL_NOT_SET;
955 options->preferred_authentications = NULL;
956 options->bind_address = NULL;
957 options->smartcard_device = NULL;
958 options->enable_ssh_keysign = - 1;
959 options->no_host_authentication_for_localhost = - 1;
960 options->identities_only = - 1;
961 options->rekey_limit = - 1;
962 options->verify_host_key_dns = -1;
963 options->server_alive_interval = -1;
964 options->server_alive_count_max = -1;
965 options->num_send_env = 0;
966 options->control_path = NULL;
967 options->control_master = -1;
968 options->hash_known_hosts = -1;
972 * Called after processing other sources of option data, this fills those
973 * options for which no value has been specified with their default values.
977 fill_default_options(Options * options)
981 if (options->forward_agent == -1)
982 options->forward_agent = 0;
983 if (options->forward_x11 == -1)
984 options->forward_x11 = 0;
985 if (options->forward_x11_trusted == -1)
986 options->forward_x11_trusted = 0;
987 if (options->xauth_location == NULL)
988 options->xauth_location = _PATH_XAUTH;
989 if (options->gateway_ports == -1)
990 options->gateway_ports = 0;
991 if (options->use_privileged_port == -1)
992 options->use_privileged_port = 0;
993 if (options->rsa_authentication == -1)
994 options->rsa_authentication = 1;
995 if (options->pubkey_authentication == -1)
996 options->pubkey_authentication = 1;
997 if (options->challenge_response_authentication == -1)
998 options->challenge_response_authentication = 1;
999 if (options->gss_authentication == -1)
1000 options->gss_authentication = 0;
1001 if (options->gss_deleg_creds == -1)
1002 options->gss_deleg_creds = 0;
1003 if (options->password_authentication == -1)
1004 options->password_authentication = 1;
1005 if (options->kbd_interactive_authentication == -1)
1006 options->kbd_interactive_authentication = 1;
1007 if (options->rhosts_rsa_authentication == -1)
1008 options->rhosts_rsa_authentication = 0;
1009 if (options->hostbased_authentication == -1)
1010 options->hostbased_authentication = 0;
1011 if (options->batch_mode == -1)
1012 options->batch_mode = 0;
1013 if (options->check_host_ip == -1)
1014 options->check_host_ip = 1;
1015 if (options->strict_host_key_checking == -1)
1016 options->strict_host_key_checking = 2; /* 2 is default */
1017 if (options->compression == -1)
1018 options->compression = 0;
1019 if (options->tcp_keep_alive == -1)
1020 options->tcp_keep_alive = 1;
1021 if (options->compression_level == -1)
1022 options->compression_level = 6;
1023 if (options->port == -1)
1024 options->port = 0; /* Filled in ssh_connect. */
1025 if (options->address_family == -1)
1026 options->address_family = AF_UNSPEC;
1027 if (options->connection_attempts == -1)
1028 options->connection_attempts = 1;
1029 if (options->number_of_password_prompts == -1)
1030 options->number_of_password_prompts = 3;
1031 /* Selected in ssh_login(). */
1032 if (options->cipher == -1)
1033 options->cipher = SSH_CIPHER_NOT_SET;
1034 /* options->ciphers, default set in myproposals.h */
1035 /* options->macs, default set in myproposals.h */
1036 /* options->hostkeyalgorithms, default set in myproposals.h */
1037 if (options->protocol == SSH_PROTO_UNKNOWN)
1038 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1039 if (options->num_identity_files == 0) {
1040 if (options->protocol & SSH_PROTO_1) {
1041 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
1042 options->identity_files[options->num_identity_files] =
1044 snprintf(options->identity_files[options->num_identity_files++],
1045 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1047 if (options->protocol & SSH_PROTO_2) {
1048 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
1049 options->identity_files[options->num_identity_files] =
1051 snprintf(options->identity_files[options->num_identity_files++],
1052 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1054 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1055 options->identity_files[options->num_identity_files] =
1057 snprintf(options->identity_files[options->num_identity_files++],
1058 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1061 if (options->escape_char == -1)
1062 options->escape_char = '~';
1063 if (options->system_hostfile == NULL)
1064 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
1065 if (options->user_hostfile == NULL)
1066 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
1067 if (options->system_hostfile2 == NULL)
1068 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
1069 if (options->user_hostfile2 == NULL)
1070 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
1071 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
1072 options->log_level = SYSLOG_LEVEL_INFO;
1073 if (options->clear_forwardings == 1)
1074 clear_forwardings(options);
1075 if (options->no_host_authentication_for_localhost == - 1)
1076 options->no_host_authentication_for_localhost = 0;
1077 if (options->identities_only == -1)
1078 options->identities_only = 0;
1079 if (options->enable_ssh_keysign == -1)
1080 options->enable_ssh_keysign = 0;
1081 if (options->rekey_limit == -1)
1082 options->rekey_limit = 0;
1083 if (options->verify_host_key_dns == -1)
1084 options->verify_host_key_dns = 0;
1085 if (options->server_alive_interval == -1)
1086 options->server_alive_interval = 0;
1087 if (options->server_alive_count_max == -1)
1088 options->server_alive_count_max = 3;
1089 if (options->control_master == -1)
1090 options->control_master = 0;
1091 if (options->hash_known_hosts == -1)
1092 options->hash_known_hosts = 0;
1093 /* options->proxy_command should not be set by default */
1094 /* options->user will be set in the main program if appropriate */
1095 /* options->hostname will be set in the main program if appropriate */
1096 /* options->host_key_alias should not be set by default */
1097 /* options->preferred_authentications will be set in ssh */
1102 * parses a string containing a port forwarding specification of the form:
1103 * [listenhost:]listenport:connecthost:connectport
1104 * returns number of arguments parsed or zero on error
1107 parse_forward(Forward *fwd, const char *fwdspec)
1110 char *p, *cp, *fwdarg[4];
1112 memset(fwd, '\0', sizeof(*fwd));
1114 cp = p = xstrdup(fwdspec);
1116 /* skip leading spaces */
1117 while (*cp && isspace(*cp))
1120 for (i = 0; i < 4; ++i)
1121 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1124 /* Check for trailing garbage in 4-arg case*/
1126 i = 0; /* failure */
1130 fwd->listen_host = NULL;
1131 fwd->listen_port = a2port(fwdarg[0]);
1132 fwd->connect_host = xstrdup(cleanhostname(fwdarg[1]));
1133 fwd->connect_port = a2port(fwdarg[2]);
1137 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1138 fwd->listen_port = a2port(fwdarg[1]);
1139 fwd->connect_host = xstrdup(cleanhostname(fwdarg[2]));
1140 fwd->connect_port = a2port(fwdarg[3]);
1143 i = 0; /* failure */
1148 if (fwd->listen_port == 0 && fwd->connect_port == 0)
1151 if (fwd->connect_host != NULL &&
1152 strlen(fwd->connect_host) >= NI_MAXHOST)
1158 if (fwd->connect_host != NULL)
1159 xfree(fwd->connect_host);
1160 if (fwd->listen_host != NULL)
1161 xfree(fwd->listen_host);