Lines Matching +full:int +full:- +full:fwd +full:- +full:mask
49 # include "openbsd-compat/glob.h"
78 # 2. user-specific file
79 # 3. system-wide file
81 # Thus, host-specific definitions should be at the beginning of the
84 # Host-specific declarations. These may override anything above. A single
100 Ciphers 3des-cbc
109 ProxyCommand ssh-proxy %h %p
115 Ciphers aes128-ctr
135 static int read_config_file_depth(const char *filename, struct passwd *pw,
137 int flags, int *activep, int *want_final_pass, int depth);
138 static int process_config_line_depth(Options *options, struct passwd *pw,
140 const char *filename, int linenum, int *activep, int flags,
141 int *want_final_pass, int depth);
210 /* Sometimes-unsupported options */
380 struct Forward *fwd; in add_local_forward() local
381 int i; in add_local_forward()
384 for (i = 0; i < options->num_local_forwards; i++) { in add_local_forward()
385 if (forward_equals(newfwd, options->local_forwards + i)) in add_local_forward()
388 options->local_forwards = xreallocarray(options->local_forwards, in add_local_forward()
389 options->num_local_forwards + 1, in add_local_forward()
390 sizeof(*options->local_forwards)); in add_local_forward()
391 fwd = &options->local_forwards[options->num_local_forwards++]; in add_local_forward()
393 fwd->listen_host = newfwd->listen_host; in add_local_forward()
394 fwd->listen_port = newfwd->listen_port; in add_local_forward()
395 fwd->listen_path = newfwd->listen_path; in add_local_forward()
396 fwd->connect_host = newfwd->connect_host; in add_local_forward()
397 fwd->connect_port = newfwd->connect_port; in add_local_forward()
398 fwd->connect_path = newfwd->connect_path; in add_local_forward()
409 struct Forward *fwd; in add_remote_forward() local
410 int i; in add_remote_forward()
413 for (i = 0; i < options->num_remote_forwards; i++) { in add_remote_forward()
414 if (forward_equals(newfwd, options->remote_forwards + i)) in add_remote_forward()
417 options->remote_forwards = xreallocarray(options->remote_forwards, in add_remote_forward()
418 options->num_remote_forwards + 1, in add_remote_forward()
419 sizeof(*options->remote_forwards)); in add_remote_forward()
420 fwd = &options->remote_forwards[options->num_remote_forwards++]; in add_remote_forward()
422 fwd->listen_host = newfwd->listen_host; in add_remote_forward()
423 fwd->listen_port = newfwd->listen_port; in add_remote_forward()
424 fwd->listen_path = newfwd->listen_path; in add_remote_forward()
425 fwd->connect_host = newfwd->connect_host; in add_remote_forward()
426 fwd->connect_port = newfwd->connect_port; in add_remote_forward()
427 fwd->connect_path = newfwd->connect_path; in add_remote_forward()
428 fwd->handle = newfwd->handle; in add_remote_forward()
429 fwd->allocated_port = 0; in add_remote_forward()
435 int i; in clear_forwardings()
437 for (i = 0; i < options->num_local_forwards; i++) { in clear_forwardings()
438 free(options->local_forwards[i].listen_host); in clear_forwardings()
439 free(options->local_forwards[i].listen_path); in clear_forwardings()
440 free(options->local_forwards[i].connect_host); in clear_forwardings()
441 free(options->local_forwards[i].connect_path); in clear_forwardings()
443 if (options->num_local_forwards > 0) { in clear_forwardings()
444 free(options->local_forwards); in clear_forwardings()
445 options->local_forwards = NULL; in clear_forwardings()
447 options->num_local_forwards = 0; in clear_forwardings()
448 for (i = 0; i < options->num_remote_forwards; i++) { in clear_forwardings()
449 free(options->remote_forwards[i].listen_host); in clear_forwardings()
450 free(options->remote_forwards[i].listen_path); in clear_forwardings()
451 free(options->remote_forwards[i].connect_host); in clear_forwardings()
452 free(options->remote_forwards[i].connect_path); in clear_forwardings()
454 if (options->num_remote_forwards > 0) { in clear_forwardings()
455 free(options->remote_forwards); in clear_forwardings()
456 options->remote_forwards = NULL; in clear_forwardings()
458 options->num_remote_forwards = 0; in clear_forwardings()
459 options->tun_open = SSH_TUNMODE_NO; in clear_forwardings()
463 add_certificate_file(Options *options, const char *path, int userprovided) in add_certificate_file()
465 int i; in add_certificate_file()
467 if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES) in add_certificate_file()
472 for (i = 0; i < options->num_certificate_files; i++) { in add_certificate_file()
473 if (options->certificate_file_userprovided[i] == userprovided && in add_certificate_file()
474 strcmp(options->certificate_files[i], path) == 0) { in add_certificate_file()
480 options->certificate_file_userprovided[options->num_certificate_files] = in add_certificate_file()
482 options->certificate_files[options->num_certificate_files++] = in add_certificate_file()
488 int userprovided) in add_identity_file()
491 int i; in add_identity_file()
493 if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) in add_identity_file()
503 for (i = 0; i < options->num_identity_files; i++) { in add_identity_file()
504 if (options->identity_file_userprovided[i] == userprovided && in add_identity_file()
505 strcmp(options->identity_files[i], path) == 0) { in add_identity_file()
512 options->identity_file_userprovided[options->num_identity_files] = in add_identity_file()
514 options->identity_files[options->num_identity_files++] = path; in add_identity_file()
517 int
520 static int port; in default_ssh_port()
525 port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; in default_ssh_port()
532 * Return its exit status or -1 on abnormal exit.
534 static int
539 int status; in execute_in_shell()
544 if (access(shell, X_OK) == -1) { in execute_in_shell()
555 if (stdfd_devnull(1, 1, 0) == -1) in execute_in_shell()
560 argv[1] = "-c"; in execute_in_shell()
572 if (pid == -1) in execute_in_shell()
575 while (waitpid(pid, &status, 0) == -1) { in execute_in_shell()
581 return -1; in execute_in_shell()
588 * Check whether a local network interface address appears in CIDR pattern-
591 static int
596 int r, found = 0; in check_match_ifaddrs()
605 for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { in check_match_ifaddrs()
606 if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL || in check_match_ifaddrs()
607 (ifa->ifa_flags & IFF_UP) == 0) in check_match_ifaddrs()
609 switch (ifa->ifa_addr->sa_family) { in check_match_ifaddrs()
623 ifa->ifa_name, ifa->ifa_addr->sa_family); in check_match_ifaddrs()
626 if ((r = getnameinfo(ifa->ifa_addr, salen, addr, sizeof(addr), in check_match_ifaddrs()
629 ifa->ifa_name, gai_strerror(r)); in check_match_ifaddrs()
632 debug3_f("interface %s addr %s", ifa->ifa_name, addr); in check_match_ifaddrs()
635 ifa->ifa_name, addr, addrlist); in check_match_ifaddrs()
655 int final_pass, int is_include_path) in expand_match_exec_or_include_path()
660 int port; in expand_match_exec_or_include_path()
662 port = options->port <= 0 ? default_ssh_port() : options->port; in expand_match_exec_or_include_path()
663 ruser = options->user == NULL ? pw->pw_name : options->user; in expand_match_exec_or_include_path()
665 host = xstrdup(options->hostname); in expand_match_exec_or_include_path()
666 } else if (options->hostname != NULL) { in expand_match_exec_or_include_path()
668 host = percent_expand(options->hostname, in expand_match_exec_or_include_path()
673 if (gethostname(thishost, sizeof(thishost)) == -1) in expand_match_exec_or_include_path()
675 jmphost = option_clear_or_none(options->jump_host) ? in expand_match_exec_or_include_path()
676 "" : options->jump_host; in expand_match_exec_or_include_path()
681 (unsigned long long)pw->pw_uid); in expand_match_exec_or_include_path()
684 keyalias = options->host_key_alias ? options->host_key_alias : host; in expand_match_exec_or_include_path()
689 "d", pw->pw_dir, in expand_match_exec_or_include_path()
696 "u", pw->pw_name, in expand_match_exec_or_include_path()
708 static int
709 match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, in match_cfg_line()
711 int final_pass, int *want_final_pass, const char *filename, int linenum) in match_cfg_line()
715 int r, this_result, result = 1, attributes = 0, negate; in match_cfg_line()
721 ruser = options->user == NULL ? pw->pw_name : options->user; in match_cfg_line()
723 host = xstrdup(options->hostname); in match_cfg_line()
724 } else if (options->hostname != NULL) { in match_cfg_line()
726 host = percent_expand(options->hostname, in match_cfg_line()
753 result = -1; in match_cfg_line()
799 result = -1; in match_cfg_line()
818 criteria = xstrdup(pw->pw_name); in match_cfg_line()
819 r = match_pattern_list(pw->pw_name, arg, 0) == 1; in match_cfg_line()
823 if (addr_match_cidr_list(NULL, arg) == -1) { in match_cfg_line()
825 result = -1; in match_cfg_line()
832 criteria = xstrdup(options->tag == NULL ? "" : in match_cfg_line()
833 options->tag); in match_cfg_line()
852 if (r == -1) { in match_cfg_line()
865 result = -1; in match_cfg_line()
879 result = -1; in match_cfg_line()
883 if (result != -1) in match_cfg_line()
892 rm_env(Options *options, const char *arg, const char *filename, int linenum) in rm_env()
894 u_int i, j, onum_send_env = options->num_send_env; in rm_env()
897 for (i = 0; i < options->num_send_env; ) { in rm_env()
898 if (!match_pattern(options->send_env[i], arg + 1)) { in rm_env()
903 filename, linenum, options->send_env[i]); in rm_env()
904 free(options->send_env[i]); in rm_env()
905 options->send_env[i] = NULL; in rm_env()
906 for (j = i; j < options->num_send_env - 1; j++) { in rm_env()
907 options->send_env[j] = options->send_env[j + 1]; in rm_env()
908 options->send_env[j + 1] = NULL; in rm_env()
910 options->num_send_env--; in rm_env()
913 if (onum_send_env != options->num_send_env) { in rm_env()
914 options->send_env = xrecallocarray(options->send_env, in rm_env()
915 onum_send_env, options->num_send_env, in rm_env()
916 sizeof(*options->send_env)); in rm_env()
924 parse_token(const char *cp, const char *filename, int linenum, in parse_token()
927 int i; in parse_token()
957 int value;
964 { NULL, -1 }
972 { NULL, -1 }
981 { "accept-new", SSH_STRICT_HOSTKEY_NEW },
982 { NULL, -1 }
991 { NULL, -1 }
997 { NULL, -1 }
1007 { NULL, -1 }
1011 { "point-to-point", SSH_TUNMODE_POINTOPOINT },
1016 { NULL, -1 }
1025 { NULL, -1 }
1031 { NULL, -1 }
1039 { NULL, -1 }
1047 { "host-bound", SSH_PUBKEY_AUTH_HBOUND },
1048 { NULL, -1 }
1055 { NULL, -1 }
1058 static int
1059 parse_multistate_value(const char *arg, const char *filename, int linenum, in parse_multistate_value()
1062 int i; in parse_multistate_value()
1066 return -1; in parse_multistate_value()
1072 return -1; in parse_multistate_value()
1079 int
1082 int linenum, int *activep, int flags) in process_config_line()
1089 static int
1092 int linenum, int *activep, int flags, int *want_final_pass, int depth) in process_config_line_depth()
1097 int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; in process_config_line_depth()
1098 int remotefwd, dynamicfwd, ca_only = 0, found = 0; in process_config_line_depth()
1103 struct Forward fwd; in process_config_line_depth() local
1108 int oac = 0, ac; in process_config_line_depth()
1109 int ret = -1; in process_config_line_depth()
1123 for (len--; len > 0; len--) { in process_config_line_depth()
1147 return -1; in process_config_line_depth()
1150 options->ignored_unknown); in process_config_line_depth()
1153 return -1; in process_config_line_depth()
1171 intptr = &options->connection_timeout; in process_config_line_depth()
1180 value = -1; in process_config_line_depth()
1181 else if ((value = convtime(arg)) == -1) { in process_config_line_depth()
1186 if (*activep && *intptr == -1) in process_config_line_depth()
1191 intptr = &options->forward_agent; in process_config_line_depth()
1200 value = -1; in process_config_line_depth()
1208 if (value != -1) { in process_config_line_depth()
1209 if (*activep && *intptr == -1) in process_config_line_depth()
1214 if (*activep && *intptr == -1) in process_config_line_depth()
1217 charptr = &options->forward_agent_sock_path; in process_config_line_depth()
1221 intptr = &options->forward_x11; in process_config_line_depth()
1227 multistate_ptr)) == -1) { in process_config_line_depth()
1232 if (*activep && *intptr == -1) in process_config_line_depth()
1237 intptr = &options->forward_x11_trusted; in process_config_line_depth()
1241 intptr = &options->forward_x11_timeout; in process_config_line_depth()
1245 intptr = &options->fwd_opts.gateway_ports; in process_config_line_depth()
1249 intptr = &options->exit_on_forward_failure; in process_config_line_depth()
1253 intptr = &options->password_authentication; in process_config_line_depth()
1257 intptr = &options->kbd_interactive_authentication; in process_config_line_depth()
1261 charptr = &options->kbd_interactive_devices; in process_config_line_depth()
1266 intptr = &options->pubkey_authentication; in process_config_line_depth()
1270 intptr = &options->hostbased_authentication; in process_config_line_depth()
1274 intptr = &options->gss_authentication; in process_config_line_depth()
1278 intptr = &options->gss_deleg_creds; in process_config_line_depth()
1282 intptr = &options->batch_mode; in process_config_line_depth()
1286 intptr = &options->check_host_ip; in process_config_line_depth()
1290 intptr = &options->verify_host_key_dns; in process_config_line_depth()
1295 intptr = &options->strict_host_key_checking; in process_config_line_depth()
1300 intptr = &options->compression; in process_config_line_depth()
1305 intptr = &options->tcp_keep_alive; in process_config_line_depth()
1309 intptr = &options->no_host_authentication_for_localhost; in process_config_line_depth()
1313 intptr = &options->number_of_password_prompts; in process_config_line_depth()
1326 if (scan_scaled(arg, &val64) == -1) { in process_config_line_depth()
1337 if (*activep && options->rekey_limit == -1) in process_config_line_depth()
1338 options->rekey_limit = val64; in process_config_line_depth()
1344 intptr = &options->rekey_interval; in process_config_line_depth()
1357 intptr = &options->num_identity_files; in process_config_line_depth()
1377 intptr = &options->num_certificate_files; in process_config_line_depth()
1391 charptr=&options->xauth_location; in process_config_line_depth()
1395 charptr = &options->user; in process_config_line_depth()
1408 cpptr = (char **)&options->system_hostfiles; in process_config_line_depth()
1409 uintptr = &options->num_system_hostfiles; in process_config_line_depth()
1443 cpptr = (char **)&options->user_hostfiles; in process_config_line_depth()
1444 uintptr = &options->num_user_hostfiles; in process_config_line_depth()
1449 charptr = &options->hostname; in process_config_line_depth()
1453 charptr = &options->tag; in process_config_line_depth()
1457 charptr = &options->host_key_alias; in process_config_line_depth()
1461 charptr = &options->preferred_authentications; in process_config_line_depth()
1465 charptr = &options->bind_address; in process_config_line_depth()
1469 charptr = &options->bind_interface; in process_config_line_depth()
1473 charptr = &options->pkcs11_provider; in process_config_line_depth()
1477 charptr = &options->sk_provider; in process_config_line_depth()
1481 charptr = &options->known_hosts_command; in process_config_line_depth()
1485 charptr = &options->proxy_command; in process_config_line_depth()
1487 if (options->jump_host != NULL) in process_config_line_depth()
1488 charptr = &options->jump_host; /* Skip below */ in process_config_line_depth()
1509 if (parse_jump(str + len, options, *activep) == -1) { in process_config_line_depth()
1530 if (*activep && options->port == -1) in process_config_line_depth()
1531 options->port = value; in process_config_line_depth()
1535 intptr = &options->connection_attempts; in process_config_line_depth()
1543 if (*activep && *intptr == -1) in process_config_line_depth()
1554 if (*arg != '-' && in process_config_line_depth()
1560 if (*activep && options->ciphers == NULL) in process_config_line_depth()
1561 options->ciphers = xstrdup(arg); in process_config_line_depth()
1571 if (*arg != '-' && in process_config_line_depth()
1577 if (*activep && options->macs == NULL) in process_config_line_depth()
1578 options->macs = xstrdup(arg); in process_config_line_depth()
1588 if (*arg != '-' && in process_config_line_depth()
1595 if (*activep && options->kex_algorithms == NULL) in process_config_line_depth()
1596 options->kex_algorithms = xstrdup(arg); in process_config_line_depth()
1600 charptr = &options->hostkeyalgorithms; in process_config_line_depth()
1609 if (*arg != '-' && in process_config_line_depth()
1621 charptr = &options->ca_sign_algorithms; in process_config_line_depth()
1626 log_level_ptr = &options->log_level; in process_config_line_depth()
1639 log_facility_ptr = &options->log_facility; in process_config_line_depth()
1647 if (*log_facility_ptr == -1) in process_config_line_depth()
1652 cppptr = &options->log_verbose; in process_config_line_depth()
1653 uintptr = &options->num_log_verbose; in process_config_line_depth()
1711 if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) { in process_config_line_depth()
1719 add_remote_forward(options, &fwd); in process_config_line_depth()
1721 add_local_forward(options, &fwd); in process_config_line_depth()
1727 uintptr = &options->num_permitted_remote_opens; in process_config_line_depth()
1728 cppptr = &options->permitted_remote_opens; in process_config_line_depth()
1778 intptr = &options->clear_forwardings; in process_config_line_depth()
1783 error("Host directive not supported as a command-line " in process_config_line_depth()
1824 error("Host directive not supported as a command-line " in process_config_line_depth()
1840 intptr = &options->escape_char; in process_config_line_depth()
1859 if (*activep && *intptr == -1) in process_config_line_depth()
1864 intptr = &options->address_family; in process_config_line_depth()
1869 intptr = &options->enable_ssh_keysign; in process_config_line_depth()
1873 intptr = &options->identities_only; in process_config_line_depth()
1877 intptr = &options->server_alive_interval; in process_config_line_depth()
1881 intptr = &options->server_alive_count_max; in process_config_line_depth()
1885 /* XXX appends to list; doesn't respect first-match-wins */ in process_config_line_depth()
1895 if (*arg == '-') { in process_config_line_depth()
1902 &options->send_env, &options->num_send_env, arg); in process_config_line_depth()
1911 found = options->num_setenv == 0; in process_config_line_depth()
1932 options->setenv = strs; in process_config_line_depth()
1933 options->num_setenv = nstrs; in process_config_line_depth()
1940 charptr = &options->control_path; in process_config_line_depth()
1944 intptr = &options->control_master; in process_config_line_depth()
1950 intptr = &options->control_persist; in process_config_line_depth()
1970 if (*activep && *intptr == -1) { in process_config_line_depth()
1972 options->control_persist_timeout = value2; in process_config_line_depth()
1977 intptr = &options->hash_known_hosts; in process_config_line_depth()
1981 intptr = &options->tun_open; in process_config_line_depth()
1998 if (*activep && options->tun_local == -1) { in process_config_line_depth()
1999 options->tun_local = value; in process_config_line_depth()
2000 options->tun_remote = value2; in process_config_line_depth()
2005 charptr = &options->local_command; in process_config_line_depth()
2009 intptr = &options->permit_local_command; in process_config_line_depth()
2013 charptr = &options->remote_command; in process_config_line_depth()
2017 intptr = &options->visual_host_key; in process_config_line_depth()
2023 "command-line option"); in process_config_line_depth()
2100 value = -1; in process_config_line_depth()
2110 if ((value = parse_ipqos(arg)) == -1) { in process_config_line_depth()
2118 else if ((value2 = parse_ipqos(arg)) == -1) { in process_config_line_depth()
2123 if (*activep && options->ip_qos_interactive == -1) { in process_config_line_depth()
2124 options->ip_qos_interactive = value; in process_config_line_depth()
2125 options->ip_qos_bulk = value2; in process_config_line_depth()
2130 intptr = &options->request_tty; in process_config_line_depth()
2135 intptr = &options->session_type; in process_config_line_depth()
2140 intptr = &options->stdin_null; in process_config_line_depth()
2144 intptr = &options->fork_after_authentication; in process_config_line_depth()
2148 charptr = &options->ignored_unknown; in process_config_line_depth()
2152 intptr = &options->proxy_use_fdpass; in process_config_line_depth()
2156 found = options->num_canonical_domains == 0; in process_config_line_depth()
2180 options->canonical_domains = strs; in process_config_line_depth()
2181 options->num_canonical_domains = nstrs; in process_config_line_depth()
2188 found = options->num_permitted_cnames == 0; in process_config_line_depth()
2227 options->permitted_cnames = cnames; in process_config_line_depth()
2228 options->num_permitted_cnames = ncnames; in process_config_line_depth()
2232 /* un-transferred cnames is cleaned up before exit */ in process_config_line_depth()
2236 intptr = &options->canonicalize_hostname; in process_config_line_depth()
2241 intptr = &options->canonicalize_max_dots; in process_config_line_depth()
2245 intptr = &options->canonicalize_fallback_local; in process_config_line_depth()
2258 error("%.200s line %d: Bad mask.", filename, linenum); in process_config_line_depth()
2261 options->fwd_opts.streamlocal_bind_mask = (mode_t)value; in process_config_line_depth()
2265 intptr = &options->fwd_opts.streamlocal_bind_unlink; in process_config_line_depth()
2269 charptr = &options->revoked_host_keys; in process_config_line_depth()
2273 intptr = &options->fingerprint_hash; in process_config_line_depth()
2280 if ((value = ssh_digest_alg_by_name(arg)) == -1) { in process_config_line_depth()
2285 if (*activep && *intptr == -1) in process_config_line_depth()
2290 intptr = &options->update_hostkeys; in process_config_line_depth()
2295 charptr = &options->hostbased_accepted_algos; in process_config_line_depth()
2300 charptr = &options->pubkey_accepted_algos; in process_config_line_depth()
2312 if ((value2 = convtime(arg2)) == -1) { in process_config_line_depth()
2317 } else if (value == -1 && arg2 == NULL) { in process_config_line_depth()
2318 if ((value2 = convtime(arg)) == -1) { in process_config_line_depth()
2324 } else if (value == -1 || arg2 != NULL) { in process_config_line_depth()
2329 if (*activep && options->add_keys_to_agent == -1) { in process_config_line_depth()
2330 options->add_keys_to_agent = value; in process_config_line_depth()
2331 options->add_keys_to_agent_lifespan = value2; in process_config_line_depth()
2336 charptr = &options->identity_agent; in process_config_line_depth()
2363 intptr = &options->enable_escape_commandline; in process_config_line_depth()
2367 intptr = &options->required_rsa_size; in process_config_line_depth()
2371 value = -1; in process_config_line_depth()
2373 if (value != -1) { in process_config_line_depth()
2402 if (value == -1) { in process_config_line_depth()
2407 intptr = &options->obscure_keystroke_timing_interval; in process_config_line_depth()
2408 if (*activep && *intptr == -1) in process_config_line_depth()
2413 found = options->num_channel_timeouts == 0; in process_config_line_depth()
2436 options->channel_timeouts = strs; in process_config_line_depth()
2437 options->num_channel_timeouts = nstrs; in process_config_line_depth()
2482 int
2484 const char *original_host, Options *options, int flags, in read_config_file()
2485 int *want_final_pass) in read_config_file()
2487 int active = 1; in read_config_file()
2494 static int
2497 int flags, int *activep, int *want_final_pass, int depth) in read_config_file_depth()
2502 int linenum; in read_config_file_depth()
2503 int bad_options = 0; in read_config_file_depth()
2514 if (fstat(fileno(f), &sb) == -1) in read_config_file_depth()
2528 while (getline(&line, &linesize, f) != -1) { in read_config_file_depth()
2533 * NB - preserve newlines, they are needed to reproduce in read_config_file_depth()
2550 int
2558 * Allowed to be called on non-final configuration.
2560 int
2563 if (options->num_permitted_cnames == 1 && in config_has_permitted_cnames()
2564 strcasecmp(options->permitted_cnames[0].source_list, "none") == 0 && in config_has_permitted_cnames()
2565 strcmp(options->permitted_cnames[0].target_list, "") == 0) in config_has_permitted_cnames()
2567 return options->num_permitted_cnames > 0; in config_has_permitted_cnames()
2581 options->host_arg = NULL; in initialize_options()
2582 options->forward_agent = -1; in initialize_options()
2583 options->forward_agent_sock_path = NULL; in initialize_options()
2584 options->forward_x11 = -1; in initialize_options()
2585 options->forward_x11_trusted = -1; in initialize_options()
2586 options->forward_x11_timeout = -1; in initialize_options()
2587 options->stdio_forward_host = NULL; in initialize_options()
2588 options->stdio_forward_port = 0; in initialize_options()
2589 options->clear_forwardings = -1; in initialize_options()
2590 options->exit_on_forward_failure = -1; in initialize_options()
2591 options->xauth_location = NULL; in initialize_options()
2592 options->fwd_opts.gateway_ports = -1; in initialize_options()
2593 options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; in initialize_options()
2594 options->fwd_opts.streamlocal_bind_unlink = -1; in initialize_options()
2595 options->pubkey_authentication = -1; in initialize_options()
2596 options->gss_authentication = -1; in initialize_options()
2597 options->gss_deleg_creds = -1; in initialize_options()
2598 options->password_authentication = -1; in initialize_options()
2599 options->kbd_interactive_authentication = -1; in initialize_options()
2600 options->kbd_interactive_devices = NULL; in initialize_options()
2601 options->hostbased_authentication = -1; in initialize_options()
2602 options->batch_mode = -1; in initialize_options()
2603 options->check_host_ip = -1; in initialize_options()
2604 options->strict_host_key_checking = -1; in initialize_options()
2605 options->compression = -1; in initialize_options()
2606 options->tcp_keep_alive = -1; in initialize_options()
2607 options->port = -1; in initialize_options()
2608 options->address_family = -1; in initialize_options()
2609 options->connection_attempts = -1; in initialize_options()
2610 options->connection_timeout = -1; in initialize_options()
2611 options->number_of_password_prompts = -1; in initialize_options()
2612 options->ciphers = NULL; in initialize_options()
2613 options->macs = NULL; in initialize_options()
2614 options->kex_algorithms = NULL; in initialize_options()
2615 options->hostkeyalgorithms = NULL; in initialize_options()
2616 options->ca_sign_algorithms = NULL; in initialize_options()
2617 options->num_identity_files = 0; in initialize_options()
2618 memset(options->identity_keys, 0, sizeof(options->identity_keys)); in initialize_options()
2619 options->num_certificate_files = 0; in initialize_options()
2620 memset(options->certificates, 0, sizeof(options->certificates)); in initialize_options()
2621 options->hostname = NULL; in initialize_options()
2622 options->host_key_alias = NULL; in initialize_options()
2623 options->proxy_command = NULL; in initialize_options()
2624 options->jump_user = NULL; in initialize_options()
2625 options->jump_host = NULL; in initialize_options()
2626 options->jump_port = -1; in initialize_options()
2627 options->jump_extra = NULL; in initialize_options()
2628 options->user = NULL; in initialize_options()
2629 options->escape_char = -1; in initialize_options()
2630 options->num_system_hostfiles = 0; in initialize_options()
2631 options->num_user_hostfiles = 0; in initialize_options()
2632 options->local_forwards = NULL; in initialize_options()
2633 options->num_local_forwards = 0; in initialize_options()
2634 options->remote_forwards = NULL; in initialize_options()
2635 options->num_remote_forwards = 0; in initialize_options()
2636 options->permitted_remote_opens = NULL; in initialize_options()
2637 options->num_permitted_remote_opens = 0; in initialize_options()
2638 options->log_facility = SYSLOG_FACILITY_NOT_SET; in initialize_options()
2639 options->log_level = SYSLOG_LEVEL_NOT_SET; in initialize_options()
2640 options->num_log_verbose = 0; in initialize_options()
2641 options->log_verbose = NULL; in initialize_options()
2642 options->preferred_authentications = NULL; in initialize_options()
2643 options->bind_address = NULL; in initialize_options()
2644 options->bind_interface = NULL; in initialize_options()
2645 options->pkcs11_provider = NULL; in initialize_options()
2646 options->sk_provider = NULL; in initialize_options()
2647 options->enable_ssh_keysign = - 1; in initialize_options()
2648 options->no_host_authentication_for_localhost = - 1; in initialize_options()
2649 options->identities_only = - 1; in initialize_options()
2650 options->rekey_limit = - 1; in initialize_options()
2651 options->rekey_interval = -1; in initialize_options()
2652 options->verify_host_key_dns = -1; in initialize_options()
2653 options->server_alive_interval = -1; in initialize_options()
2654 options->server_alive_count_max = -1; in initialize_options()
2655 options->send_env = NULL; in initialize_options()
2656 options->num_send_env = 0; in initialize_options()
2657 options->setenv = NULL; in initialize_options()
2658 options->num_setenv = 0; in initialize_options()
2659 options->control_path = NULL; in initialize_options()
2660 options->control_master = -1; in initialize_options()
2661 options->control_persist = -1; in initialize_options()
2662 options->control_persist_timeout = 0; in initialize_options()
2663 options->hash_known_hosts = -1; in initialize_options()
2664 options->tun_open = -1; in initialize_options()
2665 options->tun_local = -1; in initialize_options()
2666 options->tun_remote = -1; in initialize_options()
2667 options->local_command = NULL; in initialize_options()
2668 options->permit_local_command = -1; in initialize_options()
2669 options->remote_command = NULL; in initialize_options()
2670 options->add_keys_to_agent = -1; in initialize_options()
2671 options->add_keys_to_agent_lifespan = -1; in initialize_options()
2672 options->identity_agent = NULL; in initialize_options()
2673 options->visual_host_key = -1; in initialize_options()
2674 options->ip_qos_interactive = -1; in initialize_options()
2675 options->ip_qos_bulk = -1; in initialize_options()
2676 options->request_tty = -1; in initialize_options()
2677 options->session_type = -1; in initialize_options()
2678 options->stdin_null = -1; in initialize_options()
2679 options->fork_after_authentication = -1; in initialize_options()
2680 options->proxy_use_fdpass = -1; in initialize_options()
2681 options->ignored_unknown = NULL; in initialize_options()
2682 options->num_canonical_domains = 0; in initialize_options()
2683 options->num_permitted_cnames = 0; in initialize_options()
2684 options->canonicalize_max_dots = -1; in initialize_options()
2685 options->canonicalize_fallback_local = -1; in initialize_options()
2686 options->canonicalize_hostname = -1; in initialize_options()
2687 options->revoked_host_keys = NULL; in initialize_options()
2688 options->fingerprint_hash = -1; in initialize_options()
2689 options->update_hostkeys = -1; in initialize_options()
2690 options->hostbased_accepted_algos = NULL; in initialize_options()
2691 options->pubkey_accepted_algos = NULL; in initialize_options()
2692 options->known_hosts_command = NULL; in initialize_options()
2693 options->required_rsa_size = -1; in initialize_options()
2694 options->enable_escape_commandline = -1; in initialize_options()
2695 options->obscure_keystroke_timing_interval = -1; in initialize_options()
2696 options->tag = NULL; in initialize_options()
2697 options->channel_timeouts = NULL; in initialize_options()
2698 options->num_channel_timeouts = 0; in initialize_options()
2708 if (options->canonicalize_max_dots == -1) in fill_default_options_for_canonicalization()
2709 options->canonicalize_max_dots = 1; in fill_default_options_for_canonicalization()
2710 if (options->canonicalize_fallback_local == -1) in fill_default_options_for_canonicalization()
2711 options->canonicalize_fallback_local = 1; in fill_default_options_for_canonicalization()
2712 if (options->canonicalize_hostname == -1) in fill_default_options_for_canonicalization()
2713 options->canonicalize_hostname = SSH_CANONICALISE_NO; in fill_default_options_for_canonicalization()
2720 int
2725 int ret = 0, r; in fill_default_options()
2727 if (options->forward_agent == -1) in fill_default_options()
2728 options->forward_agent = 0; in fill_default_options()
2729 if (options->forward_x11 == -1) in fill_default_options()
2730 options->forward_x11 = 0; in fill_default_options()
2731 if (options->forward_x11_trusted == -1) in fill_default_options()
2732 options->forward_x11_trusted = 0; in fill_default_options()
2733 if (options->forward_x11_timeout == -1) in fill_default_options()
2734 options->forward_x11_timeout = 1200; in fill_default_options()
2736 * stdio forwarding (-W) changes the default for these but we defer in fill_default_options()
2739 if (options->exit_on_forward_failure == -1) in fill_default_options()
2740 options->exit_on_forward_failure = in fill_default_options()
2741 options->stdio_forward_host != NULL ? 1 : 0; in fill_default_options()
2742 if (options->clear_forwardings == -1) in fill_default_options()
2743 options->clear_forwardings = in fill_default_options()
2744 options->stdio_forward_host != NULL ? 1 : 0; in fill_default_options()
2745 if (options->clear_forwardings == 1) in fill_default_options()
2748 if (options->xauth_location == NULL) in fill_default_options()
2749 options->xauth_location = xstrdup(_PATH_XAUTH); in fill_default_options()
2750 if (options->fwd_opts.gateway_ports == -1) in fill_default_options()
2751 options->fwd_opts.gateway_ports = 0; in fill_default_options()
2752 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) in fill_default_options()
2753 options->fwd_opts.streamlocal_bind_mask = 0177; in fill_default_options()
2754 if (options->fwd_opts.streamlocal_bind_unlink == -1) in fill_default_options()
2755 options->fwd_opts.streamlocal_bind_unlink = 0; in fill_default_options()
2756 if (options->pubkey_authentication == -1) in fill_default_options()
2757 options->pubkey_authentication = SSH_PUBKEY_AUTH_ALL; in fill_default_options()
2758 if (options->gss_authentication == -1) in fill_default_options()
2759 options->gss_authentication = 0; in fill_default_options()
2760 if (options->gss_deleg_creds == -1) in fill_default_options()
2761 options->gss_deleg_creds = 0; in fill_default_options()
2762 if (options->password_authentication == -1) in fill_default_options()
2763 options->password_authentication = 1; in fill_default_options()
2764 if (options->kbd_interactive_authentication == -1) in fill_default_options()
2765 options->kbd_interactive_authentication = 1; in fill_default_options()
2766 if (options->hostbased_authentication == -1) in fill_default_options()
2767 options->hostbased_authentication = 0; in fill_default_options()
2768 if (options->batch_mode == -1) in fill_default_options()
2769 options->batch_mode = 0; in fill_default_options()
2770 if (options->check_host_ip == -1) in fill_default_options()
2771 options->check_host_ip = 0; in fill_default_options()
2772 if (options->strict_host_key_checking == -1) in fill_default_options()
2773 options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK; in fill_default_options()
2774 if (options->compression == -1) in fill_default_options()
2775 options->compression = 0; in fill_default_options()
2776 if (options->tcp_keep_alive == -1) in fill_default_options()
2777 options->tcp_keep_alive = 1; in fill_default_options()
2778 if (options->port == -1) in fill_default_options()
2779 options->port = 0; /* Filled in ssh_connect. */ in fill_default_options()
2780 if (options->address_family == -1) in fill_default_options()
2781 options->address_family = AF_UNSPEC; in fill_default_options()
2782 if (options->connection_attempts == -1) in fill_default_options()
2783 options->connection_attempts = 1; in fill_default_options()
2784 if (options->number_of_password_prompts == -1) in fill_default_options()
2785 options->number_of_password_prompts = 3; in fill_default_options()
2786 /* options->hostkeyalgorithms, default set in myproposals.h */ in fill_default_options()
2787 if (options->add_keys_to_agent == -1) { in fill_default_options()
2788 options->add_keys_to_agent = 0; in fill_default_options()
2789 options->add_keys_to_agent_lifespan = 0; in fill_default_options()
2791 if (options->num_identity_files == 0) { in fill_default_options()
2807 if (options->escape_char == -1) in fill_default_options()
2808 options->escape_char = '~'; in fill_default_options()
2809 if (options->num_system_hostfiles == 0) { in fill_default_options()
2810 options->system_hostfiles[options->num_system_hostfiles++] = in fill_default_options()
2812 options->system_hostfiles[options->num_system_hostfiles++] = in fill_default_options()
2815 if (options->update_hostkeys == -1) { in fill_default_options()
2816 if (options->verify_host_key_dns <= 0 && in fill_default_options()
2817 (options->num_user_hostfiles == 0 || in fill_default_options()
2818 (options->num_user_hostfiles == 1 && strcmp(options-> in fill_default_options()
2820 options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES; in fill_default_options()
2822 options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO; in fill_default_options()
2824 if (options->num_user_hostfiles == 0) { in fill_default_options()
2825 options->user_hostfiles[options->num_user_hostfiles++] = in fill_default_options()
2827 options->user_hostfiles[options->num_user_hostfiles++] = in fill_default_options()
2830 if (options->log_level == SYSLOG_LEVEL_NOT_SET) in fill_default_options()
2831 options->log_level = SYSLOG_LEVEL_INFO; in fill_default_options()
2832 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) in fill_default_options()
2833 options->log_facility = SYSLOG_FACILITY_USER; in fill_default_options()
2834 if (options->no_host_authentication_for_localhost == - 1) in fill_default_options()
2835 options->no_host_authentication_for_localhost = 0; in fill_default_options()
2836 if (options->identities_only == -1) in fill_default_options()
2837 options->identities_only = 0; in fill_default_options()
2838 if (options->enable_ssh_keysign == -1) in fill_default_options()
2839 options->enable_ssh_keysign = 0; in fill_default_options()
2840 if (options->rekey_limit == -1) in fill_default_options()
2841 options->rekey_limit = 0; in fill_default_options()
2842 if (options->rekey_interval == -1) in fill_default_options()
2843 options->rekey_interval = 0; in fill_default_options()
2844 if (options->verify_host_key_dns == -1) in fill_default_options()
2845 options->verify_host_key_dns = 0; in fill_default_options()
2846 if (options->server_alive_interval == -1) in fill_default_options()
2847 options->server_alive_interval = 0; in fill_default_options()
2848 if (options->server_alive_count_max == -1) in fill_default_options()
2849 options->server_alive_count_max = 3; in fill_default_options()
2850 if (options->control_master == -1) in fill_default_options()
2851 options->control_master = 0; in fill_default_options()
2852 if (options->control_persist == -1) { in fill_default_options()
2853 options->control_persist = 0; in fill_default_options()
2854 options->control_persist_timeout = 0; in fill_default_options()
2856 if (options->hash_known_hosts == -1) in fill_default_options()
2857 options->hash_known_hosts = 0; in fill_default_options()
2858 if (options->tun_open == -1) in fill_default_options()
2859 options->tun_open = SSH_TUNMODE_NO; in fill_default_options()
2860 if (options->tun_local == -1) in fill_default_options()
2861 options->tun_local = SSH_TUNID_ANY; in fill_default_options()
2862 if (options->tun_remote == -1) in fill_default_options()
2863 options->tun_remote = SSH_TUNID_ANY; in fill_default_options()
2864 if (options->permit_local_command == -1) in fill_default_options()
2865 options->permit_local_command = 0; in fill_default_options()
2866 if (options->visual_host_key == -1) in fill_default_options()
2867 options->visual_host_key = 0; in fill_default_options()
2868 if (options->ip_qos_interactive == -1) in fill_default_options()
2869 options->ip_qos_interactive = IPTOS_DSCP_AF21; in fill_default_options()
2870 if (options->ip_qos_bulk == -1) in fill_default_options()
2871 options->ip_qos_bulk = IPTOS_DSCP_CS1; in fill_default_options()
2872 if (options->request_tty == -1) in fill_default_options()
2873 options->request_tty = REQUEST_TTY_AUTO; in fill_default_options()
2874 if (options->session_type == -1) in fill_default_options()
2875 options->session_type = SESSION_TYPE_DEFAULT; in fill_default_options()
2876 if (options->stdin_null == -1) in fill_default_options()
2877 options->stdin_null = 0; in fill_default_options()
2878 if (options->fork_after_authentication == -1) in fill_default_options()
2879 options->fork_after_authentication = 0; in fill_default_options()
2880 if (options->proxy_use_fdpass == -1) in fill_default_options()
2881 options->proxy_use_fdpass = 0; in fill_default_options()
2882 if (options->canonicalize_max_dots == -1) in fill_default_options()
2883 options->canonicalize_max_dots = 1; in fill_default_options()
2884 if (options->canonicalize_fallback_local == -1) in fill_default_options()
2885 options->canonicalize_fallback_local = 1; in fill_default_options()
2886 if (options->canonicalize_hostname == -1) in fill_default_options()
2887 options->canonicalize_hostname = SSH_CANONICALISE_NO; in fill_default_options()
2888 if (options->fingerprint_hash == -1) in fill_default_options()
2889 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; in fill_default_options()
2891 if (options->sk_provider == NULL) in fill_default_options()
2892 options->sk_provider = xstrdup("internal"); in fill_default_options()
2894 if (options->sk_provider == NULL) in fill_default_options()
2895 options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); in fill_default_options()
2897 if (options->required_rsa_size == -1) in fill_default_options()
2898 options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; in fill_default_options()
2899 if (options->enable_escape_commandline == -1) in fill_default_options()
2900 options->enable_escape_commandline = 0; in fill_default_options()
2901 if (options->obscure_keystroke_timing_interval == -1) { in fill_default_options()
2902 options->obscure_keystroke_timing_interval = in fill_default_options()
2920 if ((r = kex_assemble_names(&options->what, \ in fill_default_options()
2943 if (options->nv == 1 && \ in fill_default_options()
2944 strcasecmp(options->v[0], none) == 0) { \ in fill_default_options()
2945 free(options->v[0]); \ in fill_default_options()
2946 free(options->v); \ in fill_default_options()
2947 options->v = NULL; \ in fill_default_options()
2948 options->nv = 0; \ in fill_default_options()
2951 CLEAR_ON_NONE(options->local_command); in fill_default_options()
2952 CLEAR_ON_NONE(options->remote_command); in fill_default_options()
2953 CLEAR_ON_NONE(options->proxy_command); in fill_default_options()
2954 CLEAR_ON_NONE(options->control_path); in fill_default_options()
2955 CLEAR_ON_NONE(options->revoked_host_keys); in fill_default_options()
2956 CLEAR_ON_NONE(options->pkcs11_provider); in fill_default_options()
2957 CLEAR_ON_NONE(options->sk_provider); in fill_default_options()
2958 CLEAR_ON_NONE(options->known_hosts_command); in fill_default_options()
2962 if (options->jump_host != NULL && in fill_default_options()
2963 strcmp(options->jump_host, "none") == 0 && in fill_default_options()
2964 options->jump_port == 0 && options->jump_user == NULL) { in fill_default_options()
2965 free(options->jump_host); in fill_default_options()
2966 options->jump_host = NULL; in fill_default_options()
2968 if (options->num_permitted_cnames == 1 && in fill_default_options()
2971 free(options->permitted_cnames[0].source_list); in fill_default_options()
2972 free(options->permitted_cnames[0].target_list); in fill_default_options()
2973 memset(options->permitted_cnames, '\0', in fill_default_options()
2974 sizeof(*options->permitted_cnames)); in fill_default_options()
2975 options->num_permitted_cnames = 0; in fill_default_options()
2977 /* options->identity_agent distinguishes NULL from 'none' */ in fill_default_options()
2978 /* options->user will be set in the main program if appropriate */ in fill_default_options()
2979 /* options->hostname will be set in the main program if appropriate */ in fill_default_options()
2980 /* options->host_key_alias should not be set by default */ in fill_default_options()
2981 /* options->preferred_authentications will be set in ssh */ in fill_default_options()
3002 int i; in free_options()
3014 free(o->forward_agent_sock_path); in free_options()
3015 free(o->xauth_location); in free_options()
3016 FREE_ARRAY(u_int, o->num_log_verbose, o->log_verbose); in free_options()
3017 free(o->log_verbose); in free_options()
3018 free(o->ciphers); in free_options()
3019 free(o->macs); in free_options()
3020 free(o->hostkeyalgorithms); in free_options()
3021 free(o->kex_algorithms); in free_options()
3022 free(o->ca_sign_algorithms); in free_options()
3023 free(o->hostname); in free_options()
3024 free(o->host_key_alias); in free_options()
3025 free(o->proxy_command); in free_options()
3026 free(o->user); in free_options()
3027 FREE_ARRAY(u_int, o->num_system_hostfiles, o->system_hostfiles); in free_options()
3028 FREE_ARRAY(u_int, o->num_user_hostfiles, o->user_hostfiles); in free_options()
3029 free(o->preferred_authentications); in free_options()
3030 free(o->bind_address); in free_options()
3031 free(o->bind_interface); in free_options()
3032 free(o->pkcs11_provider); in free_options()
3033 free(o->sk_provider); in free_options()
3034 for (i = 0; i < o->num_identity_files; i++) { in free_options()
3035 free(o->identity_files[i]); in free_options()
3036 sshkey_free(o->identity_keys[i]); in free_options()
3038 for (i = 0; i < o->num_certificate_files; i++) { in free_options()
3039 free(o->certificate_files[i]); in free_options()
3040 sshkey_free(o->certificates[i]); in free_options()
3042 free(o->identity_agent); in free_options()
3043 for (i = 0; i < o->num_local_forwards; i++) { in free_options()
3044 free(o->local_forwards[i].listen_host); in free_options()
3045 free(o->local_forwards[i].listen_path); in free_options()
3046 free(o->local_forwards[i].connect_host); in free_options()
3047 free(o->local_forwards[i].connect_path); in free_options()
3049 free(o->local_forwards); in free_options()
3050 for (i = 0; i < o->num_remote_forwards; i++) { in free_options()
3051 free(o->remote_forwards[i].listen_host); in free_options()
3052 free(o->remote_forwards[i].listen_path); in free_options()
3053 free(o->remote_forwards[i].connect_host); in free_options()
3054 free(o->remote_forwards[i].connect_path); in free_options()
3056 free(o->remote_forwards); in free_options()
3057 free(o->stdio_forward_host); in free_options()
3058 FREE_ARRAY(u_int, o->num_send_env, o->send_env); in free_options()
3059 free(o->send_env); in free_options()
3060 FREE_ARRAY(u_int, o->num_setenv, o->setenv); in free_options()
3061 free(o->setenv); in free_options()
3062 free(o->control_path); in free_options()
3063 free(o->local_command); in free_options()
3064 free(o->remote_command); in free_options()
3065 FREE_ARRAY(int, o->num_canonical_domains, o->canonical_domains); in free_options()
3066 for (i = 0; i < o->num_permitted_cnames; i++) { in free_options()
3067 free(o->permitted_cnames[i].source_list); in free_options()
3068 free(o->permitted_cnames[i].target_list); in free_options()
3070 free(o->revoked_host_keys); in free_options()
3071 free(o->hostbased_accepted_algos); in free_options()
3072 free(o->pubkey_accepted_algos); in free_options()
3073 free(o->jump_user); in free_options()
3074 free(o->jump_host); in free_options()
3075 free(o->jump_extra); in free_options()
3076 free(o->ignored_unknown); in free_options()
3083 int ispath;
3089 * sets fwd to the parsed field and advances p past the colon
3091 * returns 0 on success, else non-zero.
3093 static int
3094 parse_fwd_field(char **p, struct fwdarg *fwd) in parse_fwd_field() argument
3097 int ispath = 0; in parse_fwd_field()
3101 return -1; /* end of string */ in parse_fwd_field()
3106 * XXX - allow ']' to be escaped via backslash? in parse_fwd_field()
3116 return -1; in parse_fwd_field()
3121 fwd->arg = cp + 1; in parse_fwd_field()
3122 fwd->ispath = ispath; in parse_fwd_field()
3132 return -1; in parse_fwd_field()
3143 fwd->arg = *p; in parse_fwd_field()
3144 fwd->ispath = ispath; in parse_fwd_field()
3159 int
3160 parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) in parse_forward() argument
3164 int i, err; in parse_forward()
3166 memset(fwd, 0, sizeof(*fwd)); in parse_forward()
3195 fwd->listen_path = xstrdup(fwdargs[0].arg); in parse_forward()
3196 fwd->listen_port = PORT_STREAMLOCAL; in parse_forward()
3198 fwd->listen_host = NULL; in parse_forward()
3199 fwd->listen_port = a2port(fwdargs[0].arg); in parse_forward()
3201 fwd->connect_host = xstrdup("socks"); in parse_forward()
3206 fwd->listen_path = xstrdup(fwdargs[0].arg); in parse_forward()
3207 fwd->listen_port = PORT_STREAMLOCAL; in parse_forward()
3208 fwd->connect_path = xstrdup(fwdargs[1].arg); in parse_forward()
3209 fwd->connect_port = PORT_STREAMLOCAL; in parse_forward()
3211 fwd->listen_host = NULL; in parse_forward()
3212 fwd->listen_port = a2port(fwdargs[0].arg); in parse_forward()
3213 fwd->connect_path = xstrdup(fwdargs[1].arg); in parse_forward()
3214 fwd->connect_port = PORT_STREAMLOCAL; in parse_forward()
3216 fwd->listen_host = xstrdup(fwdargs[0].arg); in parse_forward()
3217 fwd->listen_port = a2port(fwdargs[1].arg); in parse_forward()
3218 fwd->connect_host = xstrdup("socks"); in parse_forward()
3224 fwd->listen_path = xstrdup(fwdargs[0].arg); in parse_forward()
3225 fwd->listen_port = PORT_STREAMLOCAL; in parse_forward()
3226 fwd->connect_host = xstrdup(fwdargs[1].arg); in parse_forward()
3227 fwd->connect_port = a2port(fwdargs[2].arg); in parse_forward()
3229 fwd->listen_host = xstrdup(fwdargs[0].arg); in parse_forward()
3230 fwd->listen_port = a2port(fwdargs[1].arg); in parse_forward()
3231 fwd->connect_path = xstrdup(fwdargs[2].arg); in parse_forward()
3232 fwd->connect_port = PORT_STREAMLOCAL; in parse_forward()
3234 fwd->listen_host = NULL; in parse_forward()
3235 fwd->listen_port = a2port(fwdargs[0].arg); in parse_forward()
3236 fwd->connect_host = xstrdup(fwdargs[1].arg); in parse_forward()
3237 fwd->connect_port = a2port(fwdargs[2].arg); in parse_forward()
3242 fwd->listen_host = xstrdup(fwdargs[0].arg); in parse_forward()
3243 fwd->listen_port = a2port(fwdargs[1].arg); in parse_forward()
3244 fwd->connect_host = xstrdup(fwdargs[2].arg); in parse_forward()
3245 fwd->connect_port = a2port(fwdargs[3].arg); in parse_forward()
3258 if (fwd->connect_path == NULL && in parse_forward()
3259 fwd->listen_path == NULL) in parse_forward()
3262 if (fwd->connect_port <= 0 && fwd->connect_path == NULL) in parse_forward()
3266 if ((fwd->listen_port < 0 && fwd->listen_path == NULL) || in parse_forward()
3267 (!remotefwd && fwd->listen_port == 0)) in parse_forward()
3269 if (fwd->connect_host != NULL && in parse_forward()
3270 strlen(fwd->connect_host) >= NI_MAXHOST) in parse_forward()
3273 * XXX - if connecting to a remote socket, max sun len may not in parse_forward()
3276 if (fwd->connect_path != NULL && in parse_forward()
3277 strlen(fwd->connect_path) >= PATH_MAX_SUN) in parse_forward()
3279 if (fwd->listen_host != NULL && in parse_forward()
3280 strlen(fwd->listen_host) >= NI_MAXHOST) in parse_forward()
3282 if (fwd->listen_path != NULL && in parse_forward()
3283 strlen(fwd->listen_path) >= PATH_MAX_SUN) in parse_forward()
3289 free(fwd->connect_host); in parse_forward()
3290 fwd->connect_host = NULL; in parse_forward()
3291 free(fwd->connect_path); in parse_forward()
3292 fwd->connect_path = NULL; in parse_forward()
3293 free(fwd->listen_host); in parse_forward()
3294 fwd->listen_host = NULL; in parse_forward()
3295 free(fwd->listen_path); in parse_forward()
3296 fwd->listen_path = NULL; in parse_forward()
3300 int
3301 parse_jump(const char *s, Options *o, int active) in parse_jump()
3305 int r, ret = -1, port = -1, first; in parse_jump()
3307 active &= o->proxy_command == NULL && o->jump_host == NULL; in parse_jump()
3328 if (r == -1 || (r == 1 && in parse_jump()
3334 if (r == -1 || (r == 1 && in parse_jump()
3343 o->jump_host = xstrdup("none"); in parse_jump()
3344 o->jump_port = 0; in parse_jump()
3346 o->jump_user = user; in parse_jump()
3347 o->jump_host = host; in parse_jump()
3348 o->jump_port = port; in parse_jump()
3349 o->proxy_command = xstrdup("none"); in parse_jump()
3352 o->jump_extra = xstrdup(s); in parse_jump()
3353 o->jump_extra[cp - s] = '\0'; in parse_jump()
3365 int
3366 parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp) in parse_ssh_uri()
3369 int r, port; in parse_ssh_uri()
3373 r = -1; /* path not allowed */ in parse_ssh_uri()
3392 /* XXX the following is a near-verbatim copy from servconf.c; refactor */
3394 fmt_multistate_int(int val, const struct multistate *m) in fmt_multistate_int()
3406 fmt_intarg(OpCodes code, int val) in fmt_intarg()
3408 if (val == -1) in fmt_intarg()
3458 dump_cfg_int(OpCodes code, int val) in dump_cfg_int()
3474 dump_cfg_fmtint(OpCodes code, int val) in dump_cfg_fmtint()
3512 const struct Forward *fwd; in dump_cfg_forwards() local
3517 fwd = &fwds[i]; in dump_cfg_forwards()
3518 if (code == oDynamicForward && fwd->connect_host != NULL && in dump_cfg_forwards()
3519 strcmp(fwd->connect_host, "socks") != 0) in dump_cfg_forwards()
3521 if (code == oLocalForward && fwd->connect_host != NULL && in dump_cfg_forwards()
3522 strcmp(fwd->connect_host, "socks") == 0) in dump_cfg_forwards()
3525 if (fwd->listen_port == PORT_STREAMLOCAL) in dump_cfg_forwards()
3526 printf(" %s", fwd->listen_path); in dump_cfg_forwards()
3527 else if (fwd->listen_host == NULL) in dump_cfg_forwards()
3528 printf(" %d", fwd->listen_port); in dump_cfg_forwards()
3531 fwd->listen_host, fwd->listen_port); in dump_cfg_forwards()
3534 if (fwd->connect_port == PORT_STREAMLOCAL) in dump_cfg_forwards()
3535 printf(" %s", fwd->connect_path); in dump_cfg_forwards()
3536 else if (fwd->connect_host == NULL) in dump_cfg_forwards()
3537 printf(" %d", fwd->connect_port); in dump_cfg_forwards()
3540 fwd->connect_host, fwd->connect_port); in dump_cfg_forwards()
3550 int i, r; in dump_client_config()
3560 if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(), in dump_client_config()
3566 dump_cfg_string(oHost, o->host_arg); in dump_client_config()
3567 dump_cfg_string(oUser, o->user); in dump_client_config()
3569 dump_cfg_int(oPort, o->port); in dump_client_config()
3572 dump_cfg_fmtint(oAddressFamily, o->address_family); in dump_client_config()
3573 dump_cfg_fmtint(oBatchMode, o->batch_mode); in dump_client_config()
3574 dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local); in dump_client_config()
3575 dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname); in dump_client_config()
3576 dump_cfg_fmtint(oCheckHostIP, o->check_host_ip); in dump_client_config()
3577 dump_cfg_fmtint(oCompression, o->compression); in dump_client_config()
3578 dump_cfg_fmtint(oControlMaster, o->control_master); in dump_client_config()
3579 dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); in dump_client_config()
3580 dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); in dump_client_config()
3581 dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); in dump_client_config()
3582 dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); in dump_client_config()
3583 dump_cfg_fmtint(oForwardX11, o->forward_x11); in dump_client_config()
3584 dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); in dump_client_config()
3585 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); in dump_client_config()
3587 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); in dump_client_config()
3588 dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds); in dump_client_config()
3590 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); in dump_client_config()
3591 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); in dump_client_config()
3592 dump_cfg_fmtint(oIdentitiesOnly, o->identities_only); in dump_client_config()
3593 dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication); in dump_client_config()
3594 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); in dump_client_config()
3595 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); in dump_client_config()
3596 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); in dump_client_config()
3597 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); in dump_client_config()
3598 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); in dump_client_config()
3599 dump_cfg_fmtint(oRequestTTY, o->request_tty); in dump_client_config()
3600 dump_cfg_fmtint(oSessionType, o->session_type); in dump_client_config()
3601 dump_cfg_fmtint(oStdinNull, o->stdin_null); in dump_client_config()
3602 dump_cfg_fmtint(oForkAfterAuthentication, o->fork_after_authentication); in dump_client_config()
3603 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); in dump_client_config()
3604 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); in dump_client_config()
3605 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); in dump_client_config()
3606 dump_cfg_fmtint(oTunnel, o->tun_open); in dump_client_config()
3607 dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); in dump_client_config()
3608 dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); in dump_client_config()
3609 dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); in dump_client_config()
3610 dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); in dump_client_config()
3613 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); in dump_client_config()
3614 dump_cfg_int(oConnectionAttempts, o->connection_attempts); in dump_client_config()
3615 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); in dump_client_config()
3616 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); in dump_client_config()
3617 dump_cfg_int(oServerAliveCountMax, o->server_alive_count_max); in dump_client_config()
3618 dump_cfg_int(oServerAliveInterval, o->server_alive_interval); in dump_client_config()
3619 dump_cfg_int(oRequiredRSASize, o->required_rsa_size); in dump_client_config()
3621 o->obscure_keystroke_timing_interval); in dump_client_config()
3624 dump_cfg_string(oBindAddress, o->bind_address); in dump_client_config()
3625 dump_cfg_string(oBindInterface, o->bind_interface); in dump_client_config()
3626 dump_cfg_string(oCiphers, o->ciphers); in dump_client_config()
3627 dump_cfg_string(oControlPath, o->control_path); in dump_client_config()
3628 dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); in dump_client_config()
3629 dump_cfg_string(oHostKeyAlias, o->host_key_alias); in dump_client_config()
3630 dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos); in dump_client_config()
3631 dump_cfg_string(oIdentityAgent, o->identity_agent); in dump_client_config()
3632 dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); in dump_client_config()
3633 dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); in dump_client_config()
3634 dump_cfg_string(oKexAlgorithms, o->kex_algorithms); in dump_client_config()
3635 dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms); in dump_client_config()
3636 dump_cfg_string(oLocalCommand, o->local_command); in dump_client_config()
3637 dump_cfg_string(oRemoteCommand, o->remote_command); in dump_client_config()
3638 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); in dump_client_config()
3639 dump_cfg_string(oMacs, o->macs); in dump_client_config()
3641 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); in dump_client_config()
3643 dump_cfg_string(oSecurityKeyProvider, o->sk_provider); in dump_client_config()
3644 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); in dump_client_config()
3645 dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos); in dump_client_config()
3646 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); in dump_client_config()
3647 dump_cfg_string(oXAuthLocation, o->xauth_location); in dump_client_config()
3648 dump_cfg_string(oKnownHostsCommand, o->known_hosts_command); in dump_client_config()
3649 dump_cfg_string(oTag, o->tag); in dump_client_config()
3652 dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards); in dump_client_config()
3653 dump_cfg_forwards(oLocalForward, o->num_local_forwards, o->local_forwards); in dump_client_config()
3654 dump_cfg_forwards(oRemoteForward, o->num_remote_forwards, o->remote_forwards); in dump_client_config()
3657 dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files); in dump_client_config()
3658 dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains); in dump_client_config()
3659 dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files); in dump_client_config()
3660 dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); in dump_client_config()
3661 dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); in dump_client_config()
3662 dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); in dump_client_config()
3663 dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv); in dump_client_config()
3665 o->num_log_verbose, o->log_verbose); in dump_client_config()
3667 o->num_channel_timeouts, o->channel_timeouts); in dump_client_config()
3672 if (o->num_permitted_remote_opens == 0) in dump_client_config()
3676 o->num_permitted_remote_opens, o->permitted_remote_opens); in dump_client_config()
3679 if (o->add_keys_to_agent_lifespan <= 0) in dump_client_config()
3680 dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent); in dump_client_config()
3683 o->add_keys_to_agent == 3 ? " confirm" : "", in dump_client_config()
3684 o->add_keys_to_agent_lifespan); in dump_client_config()
3688 if (o->forward_agent_sock_path == NULL) in dump_client_config()
3689 dump_cfg_fmtint(oForwardAgent, o->forward_agent); in dump_client_config()
3691 dump_cfg_string(oForwardAgent, o->forward_agent_sock_path); in dump_client_config()
3694 if (o->connection_timeout == -1) in dump_client_config()
3697 dump_cfg_int(oConnectTimeout, o->connection_timeout); in dump_client_config()
3701 if (o->tun_local == SSH_TUNID_ANY) in dump_client_config()
3704 printf(" %d", o->tun_local); in dump_client_config()
3705 if (o->tun_remote == SSH_TUNID_ANY) in dump_client_config()
3708 printf(":%d", o->tun_remote); in dump_client_config()
3713 if (o->num_permitted_cnames == 0) in dump_client_config()
3715 for (i = 0; i < o->num_permitted_cnames; i++) { in dump_client_config()
3716 printf(" %s:%s", o->permitted_cnames[i].source_list, in dump_client_config()
3717 o->permitted_cnames[i].target_list); in dump_client_config()
3722 if (o->control_persist == 0 || o->control_persist_timeout == 0) in dump_client_config()
3723 dump_cfg_fmtint(oControlPersist, o->control_persist); in dump_client_config()
3725 dump_cfg_int(oControlPersist, o->control_persist_timeout); in dump_client_config()
3728 if (o->escape_char == SSH_ESCAPECHAR_NONE) in dump_client_config()
3731 vis(buf, o->escape_char, VIS_WHITE, 0); in dump_client_config()
3736 printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); in dump_client_config()
3737 printf("%s\n", iptos2str(o->ip_qos_bulk)); in dump_client_config()
3741 (unsigned long long)o->rekey_limit, o->rekey_interval); in dump_client_config()
3745 o->fwd_opts.streamlocal_bind_mask); in dump_client_config()
3748 printf("syslogfacility %s\n", log_facility_name(o->log_facility)); in dump_client_config()
3751 if (o->jump_host == NULL) in dump_client_config()
3752 dump_cfg_string(oProxyCommand, o->proxy_command); in dump_client_config()
3755 i = strchr(o->jump_host, ':') != NULL || in dump_client_config()
3756 strspn(o->jump_host, "1234567890.") == strlen(o->jump_host); in dump_client_config()
3757 snprintf(buf, sizeof(buf), "%d", o->jump_port); in dump_client_config()
3760 o->jump_extra == NULL ? "" : o->jump_extra, in dump_client_config()
3761 o->jump_extra == NULL ? "" : ",", in dump_client_config()
3763 o->jump_user == NULL ? "" : o->jump_user, in dump_client_config()
3764 o->jump_user == NULL ? "" : "@", in dump_client_config()
3768 o->jump_host, in dump_client_config()
3772 o->jump_port <= 0 ? "" : ":", in dump_client_config()
3773 o->jump_port <= 0 ? "" : buf); in dump_client_config()