xref: /freebsd/crypto/openssh/readconf.c (revision f61e92ca5a23450bc28169bbdd71d7674df98c19)
1 /* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
2 /*
3  * Author: Tatu Ylonen <ylo@cs.hut.fi>
4  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  * Functions for reading the configuration files.
7  *
8  * As far as I am concerned, the code I have written for this software
9  * can be used freely for any purpose.  Any derived versions of this
10  * software must be clearly marked as such, and if the derived work is
11  * incompatible with the protocol description in the RFC file, it must be
12  * called by a name other than "ssh" or "Secure Shell".
13  */
14 
15 #include "includes.h"
16 __RCSID("$FreeBSD$");
17 
18 #include <sys/types.h>
19 #ifdef VMWARE_GUEST_WORKAROUND
20 #include <sys/sysctl.h>
21 #endif
22 #include <sys/stat.h>
23 #include <sys/socket.h>
24 #include <sys/wait.h>
25 #include <sys/un.h>
26 
27 #include <netinet/in.h>
28 #include <netinet/in_systm.h>
29 #include <netinet/ip.h>
30 #include <arpa/inet.h>
31 
32 #include <ctype.h>
33 #include <errno.h>
34 #include <fcntl.h>
35 #include <limits.h>
36 #include <netdb.h>
37 #ifdef HAVE_PATHS_H
38 # include <paths.h>
39 #endif
40 #include <pwd.h>
41 #include <signal.h>
42 #include <stdarg.h>
43 #include <stdio.h>
44 #include <string.h>
45 #include <unistd.h>
46 #ifdef USE_SYSTEM_GLOB
47 # include <glob.h>
48 #else
49 # include "openbsd-compat/glob.h"
50 #endif
51 #ifdef HAVE_UTIL_H
52 #include <util.h>
53 #endif
54 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
55 # include <vis.h>
56 #endif
57 
58 #include "xmalloc.h"
59 #include "ssh.h"
60 #include "ssherr.h"
61 #include "compat.h"
62 #include "cipher.h"
63 #include "pathnames.h"
64 #include "log.h"
65 #include "sshkey.h"
66 #include "misc.h"
67 #include "readconf.h"
68 #include "match.h"
69 #include "kex.h"
70 #include "mac.h"
71 #include "uidswap.h"
72 #include "myproposal.h"
73 #include "digest.h"
74 #include "version.h"
75 
76 /* Format of the configuration file:
77 
78    # Configuration data is parsed as follows:
79    #  1. command line options
80    #  2. user-specific file
81    #  3. system-wide file
82    # Any configuration value is only changed the first time it is set.
83    # Thus, host-specific definitions should be at the beginning of the
84    # configuration file, and defaults at the end.
85 
86    # Host-specific declarations.  These may override anything above.  A single
87    # host may match multiple declarations; these are processed in the order
88    # that they are given in.
89 
90    Host *.ngs.fi ngs.fi
91      User foo
92 
93    Host fake.com
94      HostName another.host.name.real.org
95      User blaah
96      Port 34289
97      ForwardX11 no
98      ForwardAgent no
99 
100    Host books.com
101      RemoteForward 9999 shadows.cs.hut.fi:9999
102      Ciphers 3des-cbc
103 
104    Host fascist.blob.com
105      Port 23123
106      User tylonen
107      PasswordAuthentication no
108 
109    Host puukko.hut.fi
110      User t35124p
111      ProxyCommand ssh-proxy %h %p
112 
113    Host *.fr
114      PublicKeyAuthentication no
115 
116    Host *.su
117      Ciphers aes128-ctr
118      PasswordAuthentication no
119 
120    Host vpn.fake.com
121      Tunnel yes
122      TunnelDevice 3
123 
124    # Defaults for various options
125    Host *
126      ForwardAgent no
127      ForwardX11 no
128      PasswordAuthentication yes
129      RSAAuthentication yes
130      RhostsRSAAuthentication yes
131      StrictHostKeyChecking yes
132      TcpKeepAlive no
133      IdentityFile ~/.ssh/identity
134      Port 22
135      EscapeChar ~
136 
137 */
138 
139 static int read_config_file_depth(const char *filename, struct passwd *pw,
140     const char *host, const char *original_host, Options *options,
141     int flags, int *activep, int depth);
142 static int process_config_line_depth(Options *options, struct passwd *pw,
143     const char *host, const char *original_host, char *line,
144     const char *filename, int linenum, int *activep, int flags, int depth);
145 
146 /* Keyword tokens. */
147 
148 typedef enum {
149 	oBadOption,
150 	oVersionAddendum,
151 	oHost, oMatch, oInclude,
152 	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
153 	oGatewayPorts, oExitOnForwardFailure,
154 	oPasswordAuthentication, oRSAAuthentication,
155 	oChallengeResponseAuthentication, oXAuthLocation,
156 	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
157 	oCertificateFile, oAddKeysToAgent, oIdentityAgent,
158 	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
159 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
160 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
161 	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
162 	oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
163 	oPubkeyAuthentication,
164 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
165 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
166 	oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,
167 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
168 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
169 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
170 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
171 	oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
172 	oHashKnownHosts,
173 	oTunnel, oTunnelDevice,
174 	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
175 	oVisualHostKey,
176 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
177 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
178 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
179 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
180 	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
181 	oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
182 	oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
183 } OpCodes;
184 
185 /* Textual representations of the tokens. */
186 
187 static struct {
188 	const char *name;
189 	OpCodes opcode;
190 } keywords[] = {
191 	/* Deprecated options */
192 	{ "protocol", oIgnore }, /* NB. silently ignored */
193 	{ "cipher", oDeprecated },
194 	{ "fallbacktorsh", oDeprecated },
195 	{ "globalknownhostsfile2", oDeprecated },
196 	{ "rhostsauthentication", oDeprecated },
197 	{ "userknownhostsfile2", oDeprecated },
198 	{ "useroaming", oDeprecated },
199 	{ "usersh", oDeprecated },
200 	{ "useprivilegedport", oDeprecated },
201 
202 	/* Unsupported options */
203 	{ "afstokenpassing", oUnsupported },
204 	{ "kerberosauthentication", oUnsupported },
205 	{ "kerberostgtpassing", oUnsupported },
206 
207 	/* Sometimes-unsupported options */
208 #if defined(GSSAPI)
209 	{ "gssapiauthentication", oGssAuthentication },
210 	{ "gssapidelegatecredentials", oGssDelegateCreds },
211 # else
212 	{ "gssapiauthentication", oUnsupported },
213 	{ "gssapidelegatecredentials", oUnsupported },
214 #endif
215 #ifdef ENABLE_PKCS11
216 	{ "smartcarddevice", oPKCS11Provider },
217 	{ "pkcs11provider", oPKCS11Provider },
218 # else
219 	{ "smartcarddevice", oUnsupported },
220 	{ "pkcs11provider", oUnsupported },
221 #endif
222 	{ "rsaauthentication", oUnsupported },
223 	{ "rhostsrsaauthentication", oUnsupported },
224 	{ "compressionlevel", oUnsupported },
225 
226 	{ "forwardagent", oForwardAgent },
227 	{ "forwardx11", oForwardX11 },
228 	{ "forwardx11trusted", oForwardX11Trusted },
229 	{ "forwardx11timeout", oForwardX11Timeout },
230 	{ "exitonforwardfailure", oExitOnForwardFailure },
231 	{ "xauthlocation", oXAuthLocation },
232 	{ "gatewayports", oGatewayPorts },
233 	{ "passwordauthentication", oPasswordAuthentication },
234 	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
235 	{ "kbdinteractivedevices", oKbdInteractiveDevices },
236 	{ "pubkeyauthentication", oPubkeyAuthentication },
237 	{ "dsaauthentication", oPubkeyAuthentication },		    /* alias */
238 	{ "hostbasedauthentication", oHostbasedAuthentication },
239 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
240 	{ "skeyauthentication", oUnsupported },
241 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
242 	{ "identityfile", oIdentityFile },
243 	{ "identityfile2", oIdentityFile },			/* obsolete */
244 	{ "identitiesonly", oIdentitiesOnly },
245 	{ "certificatefile", oCertificateFile },
246 	{ "addkeystoagent", oAddKeysToAgent },
247 	{ "identityagent", oIdentityAgent },
248 	{ "hostname", oHostName },
249 	{ "hostkeyalias", oHostKeyAlias },
250 	{ "proxycommand", oProxyCommand },
251 	{ "port", oPort },
252 	{ "ciphers", oCiphers },
253 	{ "macs", oMacs },
254 	{ "remoteforward", oRemoteForward },
255 	{ "localforward", oLocalForward },
256 	{ "user", oUser },
257 	{ "host", oHost },
258 	{ "match", oMatch },
259 	{ "escapechar", oEscapeChar },
260 	{ "globalknownhostsfile", oGlobalKnownHostsFile },
261 	{ "userknownhostsfile", oUserKnownHostsFile },
262 	{ "connectionattempts", oConnectionAttempts },
263 	{ "batchmode", oBatchMode },
264 	{ "checkhostip", oCheckHostIP },
265 	{ "stricthostkeychecking", oStrictHostKeyChecking },
266 	{ "compression", oCompression },
267 	{ "tcpkeepalive", oTCPKeepAlive },
268 	{ "keepalive", oTCPKeepAlive },				/* obsolete */
269 	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
270 	{ "syslogfacility", oLogFacility },
271 	{ "loglevel", oLogLevel },
272 	{ "dynamicforward", oDynamicForward },
273 	{ "preferredauthentications", oPreferredAuthentications },
274 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
275 	{ "casignaturealgorithms", oCASignatureAlgorithms },
276 	{ "bindaddress", oBindAddress },
277 	{ "bindinterface", oBindInterface },
278 	{ "clearallforwardings", oClearAllForwardings },
279 	{ "enablesshkeysign", oEnableSSHKeysign },
280 	{ "verifyhostkeydns", oVerifyHostKeyDNS },
281 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
282 	{ "rekeylimit", oRekeyLimit },
283 	{ "connecttimeout", oConnectTimeout },
284 	{ "addressfamily", oAddressFamily },
285 	{ "serveraliveinterval", oServerAliveInterval },
286 	{ "serveralivecountmax", oServerAliveCountMax },
287 	{ "sendenv", oSendEnv },
288 	{ "setenv", oSetEnv },
289 	{ "controlpath", oControlPath },
290 	{ "controlmaster", oControlMaster },
291 	{ "controlpersist", oControlPersist },
292 	{ "hashknownhosts", oHashKnownHosts },
293 	{ "include", oInclude },
294 	{ "tunnel", oTunnel },
295 	{ "tunneldevice", oTunnelDevice },
296 	{ "localcommand", oLocalCommand },
297 	{ "permitlocalcommand", oPermitLocalCommand },
298 	{ "remotecommand", oRemoteCommand },
299 	{ "visualhostkey", oVisualHostKey },
300 	{ "kexalgorithms", oKexAlgorithms },
301 	{ "ipqos", oIPQoS },
302 	{ "requesttty", oRequestTTY },
303 	{ "proxyusefdpass", oProxyUseFdpass },
304 	{ "canonicaldomains", oCanonicalDomains },
305 	{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
306 	{ "canonicalizehostname", oCanonicalizeHostname },
307 	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
308 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
309 	{ "streamlocalbindmask", oStreamLocalBindMask },
310 	{ "streamlocalbindunlink", oStreamLocalBindUnlink },
311 	{ "revokedhostkeys", oRevokedHostKeys },
312 	{ "fingerprinthash", oFingerprintHash },
313 	{ "updatehostkeys", oUpdateHostkeys },
314 	{ "hostbasedkeytypes", oHostbasedKeyTypes },
315 	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
316 	{ "ignoreunknown", oIgnoreUnknown },
317 	{ "proxyjump", oProxyJump },
318 
319 	{ "hpndisabled", oDeprecated },
320 	{ "hpnbuffersize", oDeprecated },
321 	{ "tcprcvbufpoll", oDeprecated },
322 	{ "tcprcvbuf", oDeprecated },
323 	{ "noneenabled", oUnsupported },
324 	{ "noneswitch", oUnsupported },
325 	{ "versionaddendum", oVersionAddendum },
326 
327 	{ NULL, oBadOption }
328 };
329 
330 /*
331  * Adds a local TCP/IP port forward to options.  Never returns if there is an
332  * error.
333  */
334 
335 void
336 add_local_forward(Options *options, const struct Forward *newfwd)
337 {
338 	struct Forward *fwd;
339 	int i;
340 
341 	/* Don't add duplicates */
342 	for (i = 0; i < options->num_local_forwards; i++) {
343 		if (forward_equals(newfwd, options->local_forwards + i))
344 			return;
345 	}
346 	options->local_forwards = xreallocarray(options->local_forwards,
347 	    options->num_local_forwards + 1,
348 	    sizeof(*options->local_forwards));
349 	fwd = &options->local_forwards[options->num_local_forwards++];
350 
351 	fwd->listen_host = newfwd->listen_host;
352 	fwd->listen_port = newfwd->listen_port;
353 	fwd->listen_path = newfwd->listen_path;
354 	fwd->connect_host = newfwd->connect_host;
355 	fwd->connect_port = newfwd->connect_port;
356 	fwd->connect_path = newfwd->connect_path;
357 }
358 
359 /*
360  * Adds a remote TCP/IP port forward to options.  Never returns if there is
361  * an error.
362  */
363 
364 void
365 add_remote_forward(Options *options, const struct Forward *newfwd)
366 {
367 	struct Forward *fwd;
368 	int i;
369 
370 	/* Don't add duplicates */
371 	for (i = 0; i < options->num_remote_forwards; i++) {
372 		if (forward_equals(newfwd, options->remote_forwards + i))
373 			return;
374 	}
375 	options->remote_forwards = xreallocarray(options->remote_forwards,
376 	    options->num_remote_forwards + 1,
377 	    sizeof(*options->remote_forwards));
378 	fwd = &options->remote_forwards[options->num_remote_forwards++];
379 
380 	fwd->listen_host = newfwd->listen_host;
381 	fwd->listen_port = newfwd->listen_port;
382 	fwd->listen_path = newfwd->listen_path;
383 	fwd->connect_host = newfwd->connect_host;
384 	fwd->connect_port = newfwd->connect_port;
385 	fwd->connect_path = newfwd->connect_path;
386 	fwd->handle = newfwd->handle;
387 	fwd->allocated_port = 0;
388 }
389 
390 static void
391 clear_forwardings(Options *options)
392 {
393 	int i;
394 
395 	for (i = 0; i < options->num_local_forwards; i++) {
396 		free(options->local_forwards[i].listen_host);
397 		free(options->local_forwards[i].listen_path);
398 		free(options->local_forwards[i].connect_host);
399 		free(options->local_forwards[i].connect_path);
400 	}
401 	if (options->num_local_forwards > 0) {
402 		free(options->local_forwards);
403 		options->local_forwards = NULL;
404 	}
405 	options->num_local_forwards = 0;
406 	for (i = 0; i < options->num_remote_forwards; i++) {
407 		free(options->remote_forwards[i].listen_host);
408 		free(options->remote_forwards[i].listen_path);
409 		free(options->remote_forwards[i].connect_host);
410 		free(options->remote_forwards[i].connect_path);
411 	}
412 	if (options->num_remote_forwards > 0) {
413 		free(options->remote_forwards);
414 		options->remote_forwards = NULL;
415 	}
416 	options->num_remote_forwards = 0;
417 	options->tun_open = SSH_TUNMODE_NO;
418 }
419 
420 void
421 add_certificate_file(Options *options, const char *path, int userprovided)
422 {
423 	int i;
424 
425 	if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES)
426 		fatal("Too many certificate files specified (max %d)",
427 		    SSH_MAX_CERTIFICATE_FILES);
428 
429 	/* Avoid registering duplicates */
430 	for (i = 0; i < options->num_certificate_files; i++) {
431 		if (options->certificate_file_userprovided[i] == userprovided &&
432 		    strcmp(options->certificate_files[i], path) == 0) {
433 			debug2("%s: ignoring duplicate key %s", __func__, path);
434 			return;
435 		}
436 	}
437 
438 	options->certificate_file_userprovided[options->num_certificate_files] =
439 	    userprovided;
440 	options->certificate_files[options->num_certificate_files++] =
441 	    xstrdup(path);
442 }
443 
444 void
445 add_identity_file(Options *options, const char *dir, const char *filename,
446     int userprovided)
447 {
448 	char *path;
449 	int i;
450 
451 	if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
452 		fatal("Too many identity files specified (max %d)",
453 		    SSH_MAX_IDENTITY_FILES);
454 
455 	if (dir == NULL) /* no dir, filename is absolute */
456 		path = xstrdup(filename);
457 	else if (xasprintf(&path, "%s%s", dir, filename) >= PATH_MAX)
458 		fatal("Identity file path %s too long", path);
459 
460 	/* Avoid registering duplicates */
461 	for (i = 0; i < options->num_identity_files; i++) {
462 		if (options->identity_file_userprovided[i] == userprovided &&
463 		    strcmp(options->identity_files[i], path) == 0) {
464 			debug2("%s: ignoring duplicate key %s", __func__, path);
465 			free(path);
466 			return;
467 		}
468 	}
469 
470 	options->identity_file_userprovided[options->num_identity_files] =
471 	    userprovided;
472 	options->identity_files[options->num_identity_files++] = path;
473 }
474 
475 int
476 default_ssh_port(void)
477 {
478 	static int port;
479 	struct servent *sp;
480 
481 	if (port == 0) {
482 		sp = getservbyname(SSH_SERVICE_NAME, "tcp");
483 		port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
484 	}
485 	return port;
486 }
487 
488 /*
489  * Execute a command in a shell.
490  * Return its exit status or -1 on abnormal exit.
491  */
492 static int
493 execute_in_shell(const char *cmd)
494 {
495 	char *shell;
496 	pid_t pid;
497 	int devnull, status;
498 
499 	if ((shell = getenv("SHELL")) == NULL)
500 		shell = _PATH_BSHELL;
501 
502 	/* Need this to redirect subprocess stdin/out */
503 	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
504 		fatal("open(/dev/null): %s", strerror(errno));
505 
506 	debug("Executing command: '%.500s'", cmd);
507 
508 	/* Fork and execute the command. */
509 	if ((pid = fork()) == 0) {
510 		char *argv[4];
511 
512 		/* Redirect child stdin and stdout. Leave stderr */
513 		if (dup2(devnull, STDIN_FILENO) == -1)
514 			fatal("dup2: %s", strerror(errno));
515 		if (dup2(devnull, STDOUT_FILENO) == -1)
516 			fatal("dup2: %s", strerror(errno));
517 		if (devnull > STDERR_FILENO)
518 			close(devnull);
519 		closefrom(STDERR_FILENO + 1);
520 
521 		argv[0] = shell;
522 		argv[1] = "-c";
523 		argv[2] = xstrdup(cmd);
524 		argv[3] = NULL;
525 
526 		execv(argv[0], argv);
527 		error("Unable to execute '%.100s': %s", cmd, strerror(errno));
528 		/* Die with signal to make this error apparent to parent. */
529 		signal(SIGTERM, SIG_DFL);
530 		kill(getpid(), SIGTERM);
531 		_exit(1);
532 	}
533 	/* Parent. */
534 	if (pid < 0)
535 		fatal("%s: fork: %.100s", __func__, strerror(errno));
536 
537 	close(devnull);
538 
539 	while (waitpid(pid, &status, 0) == -1) {
540 		if (errno != EINTR && errno != EAGAIN)
541 			fatal("%s: waitpid: %s", __func__, strerror(errno));
542 	}
543 	if (!WIFEXITED(status)) {
544 		error("command '%.100s' exited abnormally", cmd);
545 		return -1;
546 	}
547 	debug3("command returned status %d", WEXITSTATUS(status));
548 	return WEXITSTATUS(status);
549 }
550 
551 /*
552  * Parse and execute a Match directive.
553  */
554 static int
555 match_cfg_line(Options *options, char **condition, struct passwd *pw,
556     const char *host_arg, const char *original_host, int post_canon,
557     const char *filename, int linenum)
558 {
559 	char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
560 	const char *ruser;
561 	int r, port, this_result, result = 1, attributes = 0, negate;
562 	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
563 	char uidstr[32];
564 
565 	/*
566 	 * Configuration is likely to be incomplete at this point so we
567 	 * must be prepared to use default values.
568 	 */
569 	port = options->port <= 0 ? default_ssh_port() : options->port;
570 	ruser = options->user == NULL ? pw->pw_name : options->user;
571 	if (post_canon) {
572 		host = xstrdup(options->hostname);
573 	} else if (options->hostname != NULL) {
574 		/* NB. Please keep in sync with ssh.c:main() */
575 		host = percent_expand(options->hostname,
576 		    "h", host_arg, (char *)NULL);
577 	} else {
578 		host = xstrdup(host_arg);
579 	}
580 
581 	debug2("checking match for '%s' host %s originally %s",
582 	    cp, host, original_host);
583 	while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') {
584 		criteria = NULL;
585 		this_result = 1;
586 		if ((negate = attrib[0] == '!'))
587 			attrib++;
588 		/* criteria "all" and "canonical" have no argument */
589 		if (strcasecmp(attrib, "all") == 0) {
590 			if (attributes > 1 ||
591 			    ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
592 				error("%.200s line %d: '%s' cannot be combined "
593 				    "with other Match attributes",
594 				    filename, linenum, oattrib);
595 				result = -1;
596 				goto out;
597 			}
598 			if (result)
599 				result = negate ? 0 : 1;
600 			goto out;
601 		}
602 		attributes++;
603 		if (strcasecmp(attrib, "canonical") == 0) {
604 			r = !!post_canon;  /* force bitmask member to boolean */
605 			if (r == (negate ? 1 : 0))
606 				this_result = result = 0;
607 			debug3("%.200s line %d: %smatched '%s'",
608 			    filename, linenum,
609 			    this_result ? "" : "not ", oattrib);
610 			continue;
611 		}
612 		/* All other criteria require an argument */
613 		if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
614 			error("Missing Match criteria for %s", attrib);
615 			result = -1;
616 			goto out;
617 		}
618 		if (strcasecmp(attrib, "host") == 0) {
619 			criteria = xstrdup(host);
620 			r = match_hostname(host, arg) == 1;
621 			if (r == (negate ? 1 : 0))
622 				this_result = result = 0;
623 		} else if (strcasecmp(attrib, "originalhost") == 0) {
624 			criteria = xstrdup(original_host);
625 			r = match_hostname(original_host, arg) == 1;
626 			if (r == (negate ? 1 : 0))
627 				this_result = result = 0;
628 		} else if (strcasecmp(attrib, "user") == 0) {
629 			criteria = xstrdup(ruser);
630 			r = match_pattern_list(ruser, arg, 0) == 1;
631 			if (r == (negate ? 1 : 0))
632 				this_result = result = 0;
633 		} else if (strcasecmp(attrib, "localuser") == 0) {
634 			criteria = xstrdup(pw->pw_name);
635 			r = match_pattern_list(pw->pw_name, arg, 0) == 1;
636 			if (r == (negate ? 1 : 0))
637 				this_result = result = 0;
638 		} else if (strcasecmp(attrib, "exec") == 0) {
639 			if (gethostname(thishost, sizeof(thishost)) == -1)
640 				fatal("gethostname: %s", strerror(errno));
641 			strlcpy(shorthost, thishost, sizeof(shorthost));
642 			shorthost[strcspn(thishost, ".")] = '\0';
643 			snprintf(portstr, sizeof(portstr), "%d", port);
644 			snprintf(uidstr, sizeof(uidstr), "%llu",
645 			    (unsigned long long)pw->pw_uid);
646 
647 			cmd = percent_expand(arg,
648 			    "L", shorthost,
649 			    "d", pw->pw_dir,
650 			    "h", host,
651 			    "l", thishost,
652 			    "n", original_host,
653 			    "p", portstr,
654 			    "r", ruser,
655 			    "u", pw->pw_name,
656 			    "i", uidstr,
657 			    (char *)NULL);
658 			if (result != 1) {
659 				/* skip execution if prior predicate failed */
660 				debug3("%.200s line %d: skipped exec "
661 				    "\"%.100s\"", filename, linenum, cmd);
662 				free(cmd);
663 				continue;
664 			}
665 			r = execute_in_shell(cmd);
666 			if (r == -1) {
667 				fatal("%.200s line %d: match exec "
668 				    "'%.100s' error", filename,
669 				    linenum, cmd);
670 			}
671 			criteria = xstrdup(cmd);
672 			free(cmd);
673 			/* Force exit status to boolean */
674 			r = r == 0;
675 			if (r == (negate ? 1 : 0))
676 				this_result = result = 0;
677 		} else {
678 			error("Unsupported Match attribute %s", attrib);
679 			result = -1;
680 			goto out;
681 		}
682 		debug3("%.200s line %d: %smatched '%s \"%.100s\"' ",
683 		    filename, linenum, this_result ? "": "not ",
684 		    oattrib, criteria);
685 		free(criteria);
686 	}
687 	if (attributes == 0) {
688 		error("One or more attributes required for Match");
689 		result = -1;
690 		goto out;
691 	}
692  out:
693 	if (result != -1)
694 		debug2("match %sfound", result ? "" : "not ");
695 	*condition = cp;
696 	free(host);
697 	return result;
698 }
699 
700 /* Remove environment variable by pattern */
701 static void
702 rm_env(Options *options, const char *arg, const char *filename, int linenum)
703 {
704 	int i, j;
705 	char *cp;
706 
707 	/* Remove an environment variable */
708 	for (i = 0; i < options->num_send_env; ) {
709 		cp = xstrdup(options->send_env[i]);
710 		if (!match_pattern(cp, arg + 1)) {
711 			free(cp);
712 			i++;
713 			continue;
714 		}
715 		debug3("%s line %d: removing environment %s",
716 		    filename, linenum, cp);
717 		free(cp);
718 		free(options->send_env[i]);
719 		options->send_env[i] = NULL;
720 		for (j = i; j < options->num_send_env - 1; j++) {
721 			options->send_env[j] = options->send_env[j + 1];
722 			options->send_env[j + 1] = NULL;
723 		}
724 		options->num_send_env--;
725 		/* NB. don't increment i */
726 	}
727 }
728 
729 /*
730  * Returns the number of the token pointed to by cp or oBadOption.
731  */
732 static OpCodes
733 parse_token(const char *cp, const char *filename, int linenum,
734     const char *ignored_unknown)
735 {
736 	int i;
737 
738 	for (i = 0; keywords[i].name; i++)
739 		if (strcmp(cp, keywords[i].name) == 0)
740 			return keywords[i].opcode;
741 	if (ignored_unknown != NULL &&
742 	    match_pattern_list(cp, ignored_unknown, 1) == 1)
743 		return oIgnoredUnknownOption;
744 	error("%s: line %d: Bad configuration option: %s",
745 	    filename, linenum, cp);
746 	return oBadOption;
747 }
748 
749 /* Multistate option parsing */
750 struct multistate {
751 	char *key;
752 	int value;
753 };
754 static const struct multistate multistate_flag[] = {
755 	{ "true",			1 },
756 	{ "false",			0 },
757 	{ "yes",			1 },
758 	{ "no",				0 },
759 	{ NULL, -1 }
760 };
761 static const struct multistate multistate_yesnoask[] = {
762 	{ "true",			1 },
763 	{ "false",			0 },
764 	{ "yes",			1 },
765 	{ "no",				0 },
766 	{ "ask",			2 },
767 	{ NULL, -1 }
768 };
769 static const struct multistate multistate_strict_hostkey[] = {
770 	{ "true",			SSH_STRICT_HOSTKEY_YES },
771 	{ "false",			SSH_STRICT_HOSTKEY_OFF },
772 	{ "yes",			SSH_STRICT_HOSTKEY_YES },
773 	{ "no",				SSH_STRICT_HOSTKEY_OFF },
774 	{ "ask",			SSH_STRICT_HOSTKEY_ASK },
775 	{ "off",			SSH_STRICT_HOSTKEY_OFF },
776 	{ "accept-new",			SSH_STRICT_HOSTKEY_NEW },
777 	{ NULL, -1 }
778 };
779 static const struct multistate multistate_yesnoaskconfirm[] = {
780 	{ "true",			1 },
781 	{ "false",			0 },
782 	{ "yes",			1 },
783 	{ "no",				0 },
784 	{ "ask",			2 },
785 	{ "confirm",			3 },
786 	{ NULL, -1 }
787 };
788 static const struct multistate multistate_addressfamily[] = {
789 	{ "inet",			AF_INET },
790 	{ "inet6",			AF_INET6 },
791 	{ "any",			AF_UNSPEC },
792 	{ NULL, -1 }
793 };
794 static const struct multistate multistate_controlmaster[] = {
795 	{ "true",			SSHCTL_MASTER_YES },
796 	{ "yes",			SSHCTL_MASTER_YES },
797 	{ "false",			SSHCTL_MASTER_NO },
798 	{ "no",				SSHCTL_MASTER_NO },
799 	{ "auto",			SSHCTL_MASTER_AUTO },
800 	{ "ask",			SSHCTL_MASTER_ASK },
801 	{ "autoask",			SSHCTL_MASTER_AUTO_ASK },
802 	{ NULL, -1 }
803 };
804 static const struct multistate multistate_tunnel[] = {
805 	{ "ethernet",			SSH_TUNMODE_ETHERNET },
806 	{ "point-to-point",		SSH_TUNMODE_POINTOPOINT },
807 	{ "true",			SSH_TUNMODE_DEFAULT },
808 	{ "yes",			SSH_TUNMODE_DEFAULT },
809 	{ "false",			SSH_TUNMODE_NO },
810 	{ "no",				SSH_TUNMODE_NO },
811 	{ NULL, -1 }
812 };
813 static const struct multistate multistate_requesttty[] = {
814 	{ "true",			REQUEST_TTY_YES },
815 	{ "yes",			REQUEST_TTY_YES },
816 	{ "false",			REQUEST_TTY_NO },
817 	{ "no",				REQUEST_TTY_NO },
818 	{ "force",			REQUEST_TTY_FORCE },
819 	{ "auto",			REQUEST_TTY_AUTO },
820 	{ NULL, -1 }
821 };
822 static const struct multistate multistate_canonicalizehostname[] = {
823 	{ "true",			SSH_CANONICALISE_YES },
824 	{ "false",			SSH_CANONICALISE_NO },
825 	{ "yes",			SSH_CANONICALISE_YES },
826 	{ "no",				SSH_CANONICALISE_NO },
827 	{ "always",			SSH_CANONICALISE_ALWAYS },
828 	{ NULL, -1 }
829 };
830 
831 /*
832  * Processes a single option line as used in the configuration files. This
833  * only sets those values that have not already been set.
834  */
835 int
836 process_config_line(Options *options, struct passwd *pw, const char *host,
837     const char *original_host, char *line, const char *filename,
838     int linenum, int *activep, int flags)
839 {
840 	return process_config_line_depth(options, pw, host, original_host,
841 	    line, filename, linenum, activep, flags, 0);
842 }
843 
844 #define WHITESPACE " \t\r\n"
845 static int
846 process_config_line_depth(Options *options, struct passwd *pw, const char *host,
847     const char *original_host, char *line, const char *filename,
848     int linenum, int *activep, int flags, int depth)
849 {
850 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
851 	char **cpptr, fwdarg[256];
852 	u_int i, *uintptr, max_entries = 0;
853 	int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
854 	int remotefwd, dynamicfwd;
855 	LogLevel *log_level_ptr;
856 	SyslogFacility *log_facility_ptr;
857 	long long val64;
858 	size_t len;
859 	struct Forward fwd;
860 	const struct multistate *multistate_ptr;
861 	struct allowed_cname *cname;
862 	glob_t gl;
863 	const char *errstr;
864 
865 	if (activep == NULL) { /* We are processing a command line directive */
866 		cmdline = 1;
867 		activep = &cmdline;
868 	}
869 
870 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
871 	if ((len = strlen(line)) == 0)
872 		return 0;
873 	for (len--; len > 0; len--) {
874 		if (strchr(WHITESPACE "\f", line[len]) == NULL)
875 			break;
876 		line[len] = '\0';
877 	}
878 
879 	s = line;
880 	/* Get the keyword. (Each line is supposed to begin with a keyword). */
881 	if ((keyword = strdelim(&s)) == NULL)
882 		return 0;
883 	/* Ignore leading whitespace. */
884 	if (*keyword == '\0')
885 		keyword = strdelim(&s);
886 	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
887 		return 0;
888 	/* Match lowercase keyword */
889 	lowercase(keyword);
890 
891 	opcode = parse_token(keyword, filename, linenum,
892 	    options->ignored_unknown);
893 
894 	switch (opcode) {
895 	case oBadOption:
896 		/* don't panic, but count bad options */
897 		return -1;
898 	case oIgnore:
899 		return 0;
900 	case oIgnoredUnknownOption:
901 		debug("%s line %d: Ignored unknown option \"%s\"",
902 		    filename, linenum, keyword);
903 		return 0;
904 	case oConnectTimeout:
905 		intptr = &options->connection_timeout;
906 parse_time:
907 		arg = strdelim(&s);
908 		if (!arg || *arg == '\0')
909 			fatal("%s line %d: missing time value.",
910 			    filename, linenum);
911 		if (strcmp(arg, "none") == 0)
912 			value = -1;
913 		else if ((value = convtime(arg)) == -1)
914 			fatal("%s line %d: invalid time value.",
915 			    filename, linenum);
916 		if (*activep && *intptr == -1)
917 			*intptr = value;
918 		break;
919 
920 	case oForwardAgent:
921 		intptr = &options->forward_agent;
922  parse_flag:
923 		multistate_ptr = multistate_flag;
924  parse_multistate:
925 		arg = strdelim(&s);
926 		if (!arg || *arg == '\0')
927 			fatal("%s line %d: missing argument.",
928 			    filename, linenum);
929 		value = -1;
930 		for (i = 0; multistate_ptr[i].key != NULL; i++) {
931 			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
932 				value = multistate_ptr[i].value;
933 				break;
934 			}
935 		}
936 		if (value == -1)
937 			fatal("%s line %d: unsupported option \"%s\".",
938 			    filename, linenum, arg);
939 		if (*activep && *intptr == -1)
940 			*intptr = value;
941 		break;
942 
943 	case oForwardX11:
944 		intptr = &options->forward_x11;
945 		goto parse_flag;
946 
947 	case oForwardX11Trusted:
948 		intptr = &options->forward_x11_trusted;
949 		goto parse_flag;
950 
951 	case oForwardX11Timeout:
952 		intptr = &options->forward_x11_timeout;
953 		goto parse_time;
954 
955 	case oGatewayPorts:
956 		intptr = &options->fwd_opts.gateway_ports;
957 		goto parse_flag;
958 
959 	case oExitOnForwardFailure:
960 		intptr = &options->exit_on_forward_failure;
961 		goto parse_flag;
962 
963 	case oPasswordAuthentication:
964 		intptr = &options->password_authentication;
965 		goto parse_flag;
966 
967 	case oKbdInteractiveAuthentication:
968 		intptr = &options->kbd_interactive_authentication;
969 		goto parse_flag;
970 
971 	case oKbdInteractiveDevices:
972 		charptr = &options->kbd_interactive_devices;
973 		goto parse_string;
974 
975 	case oPubkeyAuthentication:
976 		intptr = &options->pubkey_authentication;
977 		goto parse_flag;
978 
979 	case oHostbasedAuthentication:
980 		intptr = &options->hostbased_authentication;
981 		goto parse_flag;
982 
983 	case oChallengeResponseAuthentication:
984 		intptr = &options->challenge_response_authentication;
985 		goto parse_flag;
986 
987 	case oGssAuthentication:
988 		intptr = &options->gss_authentication;
989 		goto parse_flag;
990 
991 	case oGssDelegateCreds:
992 		intptr = &options->gss_deleg_creds;
993 		goto parse_flag;
994 
995 	case oBatchMode:
996 		intptr = &options->batch_mode;
997 		goto parse_flag;
998 
999 	case oCheckHostIP:
1000 		intptr = &options->check_host_ip;
1001 		goto parse_flag;
1002 
1003 	case oVerifyHostKeyDNS:
1004 		intptr = &options->verify_host_key_dns;
1005 		multistate_ptr = multistate_yesnoask;
1006 		goto parse_multistate;
1007 
1008 	case oStrictHostKeyChecking:
1009 		intptr = &options->strict_host_key_checking;
1010 		multistate_ptr = multistate_strict_hostkey;
1011 		goto parse_multistate;
1012 
1013 	case oCompression:
1014 		intptr = &options->compression;
1015 		goto parse_flag;
1016 
1017 	case oTCPKeepAlive:
1018 		intptr = &options->tcp_keep_alive;
1019 		goto parse_flag;
1020 
1021 	case oNoHostAuthenticationForLocalhost:
1022 		intptr = &options->no_host_authentication_for_localhost;
1023 		goto parse_flag;
1024 
1025 	case oNumberOfPasswordPrompts:
1026 		intptr = &options->number_of_password_prompts;
1027 		goto parse_int;
1028 
1029 	case oRekeyLimit:
1030 		arg = strdelim(&s);
1031 		if (!arg || *arg == '\0')
1032 			fatal("%.200s line %d: Missing argument.", filename,
1033 			    linenum);
1034 		if (strcmp(arg, "default") == 0) {
1035 			val64 = 0;
1036 		} else {
1037 			if (scan_scaled(arg, &val64) == -1)
1038 				fatal("%.200s line %d: Bad number '%s': %s",
1039 				    filename, linenum, arg, strerror(errno));
1040 			if (val64 != 0 && val64 < 16)
1041 				fatal("%.200s line %d: RekeyLimit too small",
1042 				    filename, linenum);
1043 		}
1044 		if (*activep && options->rekey_limit == -1)
1045 			options->rekey_limit = val64;
1046 		if (s != NULL) { /* optional rekey interval present */
1047 			if (strcmp(s, "none") == 0) {
1048 				(void)strdelim(&s);	/* discard */
1049 				break;
1050 			}
1051 			intptr = &options->rekey_interval;
1052 			goto parse_time;
1053 		}
1054 		break;
1055 
1056 	case oIdentityFile:
1057 		arg = strdelim(&s);
1058 		if (!arg || *arg == '\0')
1059 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1060 		if (*activep) {
1061 			intptr = &options->num_identity_files;
1062 			if (*intptr >= SSH_MAX_IDENTITY_FILES)
1063 				fatal("%.200s line %d: Too many identity files specified (max %d).",
1064 				    filename, linenum, SSH_MAX_IDENTITY_FILES);
1065 			add_identity_file(options, NULL,
1066 			    arg, flags & SSHCONF_USERCONF);
1067 		}
1068 		break;
1069 
1070 	case oCertificateFile:
1071 		arg = strdelim(&s);
1072 		if (!arg || *arg == '\0')
1073 			fatal("%.200s line %d: Missing argument.",
1074 			    filename, linenum);
1075 		if (*activep) {
1076 			intptr = &options->num_certificate_files;
1077 			if (*intptr >= SSH_MAX_CERTIFICATE_FILES) {
1078 				fatal("%.200s line %d: Too many certificate "
1079 				    "files specified (max %d).",
1080 				    filename, linenum,
1081 				    SSH_MAX_CERTIFICATE_FILES);
1082 			}
1083 			add_certificate_file(options, arg,
1084 			    flags & SSHCONF_USERCONF);
1085 		}
1086 		break;
1087 
1088 	case oXAuthLocation:
1089 		charptr=&options->xauth_location;
1090 		goto parse_string;
1091 
1092 	case oUser:
1093 		charptr = &options->user;
1094 parse_string:
1095 		arg = strdelim(&s);
1096 		if (!arg || *arg == '\0')
1097 			fatal("%.200s line %d: Missing argument.",
1098 			    filename, linenum);
1099 		if (*activep && *charptr == NULL)
1100 			*charptr = xstrdup(arg);
1101 		break;
1102 
1103 	case oGlobalKnownHostsFile:
1104 		cpptr = (char **)&options->system_hostfiles;
1105 		uintptr = &options->num_system_hostfiles;
1106 		max_entries = SSH_MAX_HOSTS_FILES;
1107 parse_char_array:
1108 		if (*activep && *uintptr == 0) {
1109 			while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1110 				if ((*uintptr) >= max_entries)
1111 					fatal("%s line %d: "
1112 					    "too many authorized keys files.",
1113 					    filename, linenum);
1114 				cpptr[(*uintptr)++] = xstrdup(arg);
1115 			}
1116 		}
1117 		return 0;
1118 
1119 	case oUserKnownHostsFile:
1120 		cpptr = (char **)&options->user_hostfiles;
1121 		uintptr = &options->num_user_hostfiles;
1122 		max_entries = SSH_MAX_HOSTS_FILES;
1123 		goto parse_char_array;
1124 
1125 	case oHostName:
1126 		charptr = &options->hostname;
1127 		goto parse_string;
1128 
1129 	case oHostKeyAlias:
1130 		charptr = &options->host_key_alias;
1131 		goto parse_string;
1132 
1133 	case oPreferredAuthentications:
1134 		charptr = &options->preferred_authentications;
1135 		goto parse_string;
1136 
1137 	case oBindAddress:
1138 		charptr = &options->bind_address;
1139 		goto parse_string;
1140 
1141 	case oBindInterface:
1142 		charptr = &options->bind_interface;
1143 		goto parse_string;
1144 
1145 	case oPKCS11Provider:
1146 		charptr = &options->pkcs11_provider;
1147 		goto parse_string;
1148 
1149 	case oProxyCommand:
1150 		charptr = &options->proxy_command;
1151 		/* Ignore ProxyCommand if ProxyJump already specified */
1152 		if (options->jump_host != NULL)
1153 			charptr = &options->jump_host; /* Skip below */
1154 parse_command:
1155 		if (s == NULL)
1156 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1157 		len = strspn(s, WHITESPACE "=");
1158 		if (*activep && *charptr == NULL)
1159 			*charptr = xstrdup(s + len);
1160 		return 0;
1161 
1162 	case oProxyJump:
1163 		if (s == NULL) {
1164 			fatal("%.200s line %d: Missing argument.",
1165 			    filename, linenum);
1166 		}
1167 		len = strspn(s, WHITESPACE "=");
1168 		if (parse_jump(s + len, options, *activep) == -1) {
1169 			fatal("%.200s line %d: Invalid ProxyJump \"%s\"",
1170 			    filename, linenum, s + len);
1171 		}
1172 		return 0;
1173 
1174 	case oPort:
1175 		arg = strdelim(&s);
1176 		if (!arg || *arg == '\0')
1177 			fatal("%.200s line %d: Missing argument.",
1178 			    filename, linenum);
1179 		value = a2port(arg);
1180 		if (value <= 0)
1181 			fatal("%.200s line %d: Bad port '%s'.",
1182 			    filename, linenum, arg);
1183 		if (*activep && options->port == -1)
1184 			options->port = value;
1185 		break;
1186 
1187 	case oConnectionAttempts:
1188 		intptr = &options->connection_attempts;
1189 parse_int:
1190 		arg = strdelim(&s);
1191 		if ((errstr = atoi_err(arg, &value)) != NULL)
1192 			fatal("%s line %d: integer value %s.",
1193 			    filename, linenum, errstr);
1194 		if (*activep && *intptr == -1)
1195 			*intptr = value;
1196 		break;
1197 
1198 	case oCiphers:
1199 		arg = strdelim(&s);
1200 		if (!arg || *arg == '\0')
1201 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1202 		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1203 			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
1204 			    filename, linenum, arg ? arg : "<NONE>");
1205 		if (*activep && options->ciphers == NULL)
1206 			options->ciphers = xstrdup(arg);
1207 		break;
1208 
1209 	case oMacs:
1210 		arg = strdelim(&s);
1211 		if (!arg || *arg == '\0')
1212 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1213 		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1214 			fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
1215 			    filename, linenum, arg ? arg : "<NONE>");
1216 		if (*activep && options->macs == NULL)
1217 			options->macs = xstrdup(arg);
1218 		break;
1219 
1220 	case oKexAlgorithms:
1221 		arg = strdelim(&s);
1222 		if (!arg || *arg == '\0')
1223 			fatal("%.200s line %d: Missing argument.",
1224 			    filename, linenum);
1225 		if (*arg != '-' &&
1226 		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1227 			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
1228 			    filename, linenum, arg ? arg : "<NONE>");
1229 		if (*activep && options->kex_algorithms == NULL)
1230 			options->kex_algorithms = xstrdup(arg);
1231 		break;
1232 
1233 	case oHostKeyAlgorithms:
1234 		charptr = &options->hostkeyalgorithms;
1235 parse_keytypes:
1236 		arg = strdelim(&s);
1237 		if (!arg || *arg == '\0')
1238 			fatal("%.200s line %d: Missing argument.",
1239 			    filename, linenum);
1240 		if (*arg != '-' &&
1241 		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1242 			fatal("%s line %d: Bad key types '%s'.",
1243 				filename, linenum, arg ? arg : "<NONE>");
1244 		if (*activep && *charptr == NULL)
1245 			*charptr = xstrdup(arg);
1246 		break;
1247 
1248 	case oCASignatureAlgorithms:
1249 		charptr = &options->ca_sign_algorithms;
1250 		goto parse_keytypes;
1251 
1252 	case oLogLevel:
1253 		log_level_ptr = &options->log_level;
1254 		arg = strdelim(&s);
1255 		value = log_level_number(arg);
1256 		if (value == SYSLOG_LEVEL_NOT_SET)
1257 			fatal("%.200s line %d: unsupported log level '%s'",
1258 			    filename, linenum, arg ? arg : "<NONE>");
1259 		if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
1260 			*log_level_ptr = (LogLevel) value;
1261 		break;
1262 
1263 	case oLogFacility:
1264 		log_facility_ptr = &options->log_facility;
1265 		arg = strdelim(&s);
1266 		value = log_facility_number(arg);
1267 		if (value == SYSLOG_FACILITY_NOT_SET)
1268 			fatal("%.200s line %d: unsupported log facility '%s'",
1269 			    filename, linenum, arg ? arg : "<NONE>");
1270 		if (*log_facility_ptr == -1)
1271 			*log_facility_ptr = (SyslogFacility) value;
1272 		break;
1273 
1274 	case oLocalForward:
1275 	case oRemoteForward:
1276 	case oDynamicForward:
1277 		arg = strdelim(&s);
1278 		if (arg == NULL || *arg == '\0')
1279 			fatal("%.200s line %d: Missing port argument.",
1280 			    filename, linenum);
1281 
1282 		remotefwd = (opcode == oRemoteForward);
1283 		dynamicfwd = (opcode == oDynamicForward);
1284 
1285 		if (!dynamicfwd) {
1286 			arg2 = strdelim(&s);
1287 			if (arg2 == NULL || *arg2 == '\0') {
1288 				if (remotefwd)
1289 					dynamicfwd = 1;
1290 				else
1291 					fatal("%.200s line %d: Missing target "
1292 					    "argument.", filename, linenum);
1293 			} else {
1294 				/* construct a string for parse_forward */
1295 				snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg,
1296 				    arg2);
1297 			}
1298 		}
1299 		if (dynamicfwd)
1300 			strlcpy(fwdarg, arg, sizeof(fwdarg));
1301 
1302 		if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0)
1303 			fatal("%.200s line %d: Bad forwarding specification.",
1304 			    filename, linenum);
1305 
1306 		if (*activep) {
1307 			if (remotefwd) {
1308 				add_remote_forward(options, &fwd);
1309 			} else {
1310 				add_local_forward(options, &fwd);
1311 			}
1312 		}
1313 		break;
1314 
1315 	case oClearAllForwardings:
1316 		intptr = &options->clear_forwardings;
1317 		goto parse_flag;
1318 
1319 	case oHost:
1320 		if (cmdline)
1321 			fatal("Host directive not supported as a command-line "
1322 			    "option");
1323 		*activep = 0;
1324 		arg2 = NULL;
1325 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1326 			if ((flags & SSHCONF_NEVERMATCH) != 0)
1327 				break;
1328 			negated = *arg == '!';
1329 			if (negated)
1330 				arg++;
1331 			if (match_pattern(host, arg)) {
1332 				if (negated) {
1333 					debug("%.200s line %d: Skipping Host "
1334 					    "block because of negated match "
1335 					    "for %.100s", filename, linenum,
1336 					    arg);
1337 					*activep = 0;
1338 					break;
1339 				}
1340 				if (!*activep)
1341 					arg2 = arg; /* logged below */
1342 				*activep = 1;
1343 			}
1344 		}
1345 		if (*activep)
1346 			debug("%.200s line %d: Applying options for %.100s",
1347 			    filename, linenum, arg2);
1348 		/* Avoid garbage check below, as strdelim is done. */
1349 		return 0;
1350 
1351 	case oMatch:
1352 		if (cmdline)
1353 			fatal("Host directive not supported as a command-line "
1354 			    "option");
1355 		value = match_cfg_line(options, &s, pw, host, original_host,
1356 		    flags & SSHCONF_POSTCANON, filename, linenum);
1357 		if (value < 0)
1358 			fatal("%.200s line %d: Bad Match condition", filename,
1359 			    linenum);
1360 		*activep = (flags & SSHCONF_NEVERMATCH) ? 0 : value;
1361 		break;
1362 
1363 	case oEscapeChar:
1364 		intptr = &options->escape_char;
1365 		arg = strdelim(&s);
1366 		if (!arg || *arg == '\0')
1367 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1368 		if (strcmp(arg, "none") == 0)
1369 			value = SSH_ESCAPECHAR_NONE;
1370 		else if (arg[1] == '\0')
1371 			value = (u_char) arg[0];
1372 		else if (arg[0] == '^' && arg[2] == 0 &&
1373 		    (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
1374 			value = (u_char) arg[1] & 31;
1375 		else {
1376 			fatal("%.200s line %d: Bad escape character.",
1377 			    filename, linenum);
1378 			/* NOTREACHED */
1379 			value = 0;	/* Avoid compiler warning. */
1380 		}
1381 		if (*activep && *intptr == -1)
1382 			*intptr = value;
1383 		break;
1384 
1385 	case oAddressFamily:
1386 		intptr = &options->address_family;
1387 		multistate_ptr = multistate_addressfamily;
1388 		goto parse_multistate;
1389 
1390 	case oEnableSSHKeysign:
1391 		intptr = &options->enable_ssh_keysign;
1392 		goto parse_flag;
1393 
1394 	case oIdentitiesOnly:
1395 		intptr = &options->identities_only;
1396 		goto parse_flag;
1397 
1398 	case oServerAliveInterval:
1399 		intptr = &options->server_alive_interval;
1400 		goto parse_time;
1401 
1402 	case oServerAliveCountMax:
1403 		intptr = &options->server_alive_count_max;
1404 		goto parse_int;
1405 
1406 	case oSendEnv:
1407 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1408 			if (strchr(arg, '=') != NULL)
1409 				fatal("%s line %d: Invalid environment name.",
1410 				    filename, linenum);
1411 			if (!*activep)
1412 				continue;
1413 			if (*arg == '-') {
1414 				/* Removing an env var */
1415 				rm_env(options, arg, filename, linenum);
1416 				continue;
1417 			} else {
1418 				/* Adding an env var */
1419 				if (options->num_send_env >= INT_MAX)
1420 					fatal("%s line %d: too many send env.",
1421 					    filename, linenum);
1422 				options->send_env = xrecallocarray(
1423 				    options->send_env, options->num_send_env,
1424 				    options->num_send_env + 1,
1425 				    sizeof(*options->send_env));
1426 				options->send_env[options->num_send_env++] =
1427 				    xstrdup(arg);
1428 			}
1429 		}
1430 		break;
1431 
1432 	case oSetEnv:
1433 		value = options->num_setenv;
1434 		while ((arg = strdelimw(&s)) != NULL && *arg != '\0') {
1435 			if (strchr(arg, '=') == NULL)
1436 				fatal("%s line %d: Invalid SetEnv.",
1437 				    filename, linenum);
1438 			if (!*activep || value != 0)
1439 				continue;
1440 			/* Adding a setenv var */
1441 			if (options->num_setenv >= INT_MAX)
1442 				fatal("%s line %d: too many SetEnv.",
1443 				    filename, linenum);
1444 			options->setenv = xrecallocarray(
1445 			    options->setenv, options->num_setenv,
1446 			    options->num_setenv + 1, sizeof(*options->setenv));
1447 			options->setenv[options->num_setenv++] = xstrdup(arg);
1448 		}
1449 		break;
1450 
1451 	case oControlPath:
1452 		charptr = &options->control_path;
1453 		goto parse_string;
1454 
1455 	case oControlMaster:
1456 		intptr = &options->control_master;
1457 		multistate_ptr = multistate_controlmaster;
1458 		goto parse_multistate;
1459 
1460 	case oControlPersist:
1461 		/* no/false/yes/true, or a time spec */
1462 		intptr = &options->control_persist;
1463 		arg = strdelim(&s);
1464 		if (!arg || *arg == '\0')
1465 			fatal("%.200s line %d: Missing ControlPersist"
1466 			    " argument.", filename, linenum);
1467 		value = 0;
1468 		value2 = 0;	/* timeout */
1469 		if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
1470 			value = 0;
1471 		else if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
1472 			value = 1;
1473 		else if ((value2 = convtime(arg)) >= 0)
1474 			value = 1;
1475 		else
1476 			fatal("%.200s line %d: Bad ControlPersist argument.",
1477 			    filename, linenum);
1478 		if (*activep && *intptr == -1) {
1479 			*intptr = value;
1480 			options->control_persist_timeout = value2;
1481 		}
1482 		break;
1483 
1484 	case oHashKnownHosts:
1485 		intptr = &options->hash_known_hosts;
1486 		goto parse_flag;
1487 
1488 	case oTunnel:
1489 		intptr = &options->tun_open;
1490 		multistate_ptr = multistate_tunnel;
1491 		goto parse_multistate;
1492 
1493 	case oTunnelDevice:
1494 		arg = strdelim(&s);
1495 		if (!arg || *arg == '\0')
1496 			fatal("%.200s line %d: Missing argument.", filename, linenum);
1497 		value = a2tun(arg, &value2);
1498 		if (value == SSH_TUNID_ERR)
1499 			fatal("%.200s line %d: Bad tun device.", filename, linenum);
1500 		if (*activep) {
1501 			options->tun_local = value;
1502 			options->tun_remote = value2;
1503 		}
1504 		break;
1505 
1506 	case oLocalCommand:
1507 		charptr = &options->local_command;
1508 		goto parse_command;
1509 
1510 	case oPermitLocalCommand:
1511 		intptr = &options->permit_local_command;
1512 		goto parse_flag;
1513 
1514 	case oRemoteCommand:
1515 		charptr = &options->remote_command;
1516 		goto parse_command;
1517 
1518 	case oVisualHostKey:
1519 		intptr = &options->visual_host_key;
1520 		goto parse_flag;
1521 
1522 	case oInclude:
1523 		if (cmdline)
1524 			fatal("Include directive not supported as a "
1525 			    "command-line option");
1526 		value = 0;
1527 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1528 			/*
1529 			 * Ensure all paths are anchored. User configuration
1530 			 * files may begin with '~/' but system configurations
1531 			 * must not. If the path is relative, then treat it
1532 			 * as living in ~/.ssh for user configurations or
1533 			 * /etc/ssh for system ones.
1534 			 */
1535 			if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
1536 				fatal("%.200s line %d: bad include path %s.",
1537 				    filename, linenum, arg);
1538 			if (*arg != '/' && *arg != '~') {
1539 				xasprintf(&arg2, "%s/%s",
1540 				    (flags & SSHCONF_USERCONF) ?
1541 				    "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
1542 			} else
1543 				arg2 = xstrdup(arg);
1544 			memset(&gl, 0, sizeof(gl));
1545 			r = glob(arg2, GLOB_TILDE, NULL, &gl);
1546 			if (r == GLOB_NOMATCH) {
1547 				debug("%.200s line %d: include %s matched no "
1548 				    "files",filename, linenum, arg2);
1549 				free(arg2);
1550 				continue;
1551 			} else if (r != 0 || gl.gl_pathc < 0)
1552 				fatal("%.200s line %d: glob failed for %s.",
1553 				    filename, linenum, arg2);
1554 			free(arg2);
1555 			oactive = *activep;
1556 			for (i = 0; i < (u_int)gl.gl_pathc; i++) {
1557 				debug3("%.200s line %d: Including file %s "
1558 				    "depth %d%s", filename, linenum,
1559 				    gl.gl_pathv[i], depth,
1560 				    oactive ? "" : " (parse only)");
1561 				r = read_config_file_depth(gl.gl_pathv[i],
1562 				    pw, host, original_host, options,
1563 				    flags | SSHCONF_CHECKPERM |
1564 				    (oactive ? 0 : SSHCONF_NEVERMATCH),
1565 				    activep, depth + 1);
1566 				if (r != 1 && errno != ENOENT) {
1567 					fatal("Can't open user config file "
1568 					    "%.100s: %.100s", gl.gl_pathv[i],
1569 					    strerror(errno));
1570 				}
1571 				/*
1572 				 * don't let Match in includes clobber the
1573 				 * containing file's Match state.
1574 				 */
1575 				*activep = oactive;
1576 				if (r != 1)
1577 					value = -1;
1578 			}
1579 			globfree(&gl);
1580 		}
1581 		if (value != 0)
1582 			return value;
1583 		break;
1584 
1585 	case oIPQoS:
1586 		arg = strdelim(&s);
1587 		if ((value = parse_ipqos(arg)) == -1)
1588 			fatal("%s line %d: Bad IPQoS value: %s",
1589 			    filename, linenum, arg);
1590 		arg = strdelim(&s);
1591 		if (arg == NULL)
1592 			value2 = value;
1593 		else if ((value2 = parse_ipqos(arg)) == -1)
1594 			fatal("%s line %d: Bad IPQoS value: %s",
1595 			    filename, linenum, arg);
1596 		if (*activep) {
1597 			options->ip_qos_interactive = value;
1598 			options->ip_qos_bulk = value2;
1599 		}
1600 		break;
1601 
1602 	case oRequestTTY:
1603 		intptr = &options->request_tty;
1604 		multistate_ptr = multistate_requesttty;
1605 		goto parse_multistate;
1606 
1607 	case oVersionAddendum:
1608 		if (s == NULL)
1609 			fatal("%.200s line %d: Missing argument.", filename,
1610 			    linenum);
1611 		len = strspn(s, WHITESPACE);
1612 		if (*activep && options->version_addendum == NULL) {
1613 			if (strcasecmp(s + len, "none") == 0)
1614 				options->version_addendum = xstrdup("");
1615 			else if (strchr(s + len, '\r') != NULL)
1616 				fatal("%.200s line %d: Invalid argument",
1617 				    filename, linenum);
1618 			else
1619 				options->version_addendum = xstrdup(s + len);
1620 		}
1621 		return 0;
1622 
1623 	case oIgnoreUnknown:
1624 		charptr = &options->ignored_unknown;
1625 		goto parse_string;
1626 
1627 	case oProxyUseFdpass:
1628 		intptr = &options->proxy_use_fdpass;
1629 		goto parse_flag;
1630 
1631 	case oCanonicalDomains:
1632 		value = options->num_canonical_domains != 0;
1633 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1634 			if (!valid_domain(arg, 1, &errstr)) {
1635 				fatal("%s line %d: %s", filename, linenum,
1636 				    errstr);
1637 			}
1638 			if (!*activep || value)
1639 				continue;
1640 			if (options->num_canonical_domains >= MAX_CANON_DOMAINS)
1641 				fatal("%s line %d: too many hostname suffixes.",
1642 				    filename, linenum);
1643 			options->canonical_domains[
1644 			    options->num_canonical_domains++] = xstrdup(arg);
1645 		}
1646 		break;
1647 
1648 	case oCanonicalizePermittedCNAMEs:
1649 		value = options->num_permitted_cnames != 0;
1650 		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1651 			/* Either '*' for everything or 'list:list' */
1652 			if (strcmp(arg, "*") == 0)
1653 				arg2 = arg;
1654 			else {
1655 				lowercase(arg);
1656 				if ((arg2 = strchr(arg, ':')) == NULL ||
1657 				    arg2[1] == '\0') {
1658 					fatal("%s line %d: "
1659 					    "Invalid permitted CNAME \"%s\"",
1660 					    filename, linenum, arg);
1661 				}
1662 				*arg2 = '\0';
1663 				arg2++;
1664 			}
1665 			if (!*activep || value)
1666 				continue;
1667 			if (options->num_permitted_cnames >= MAX_CANON_DOMAINS)
1668 				fatal("%s line %d: too many permitted CNAMEs.",
1669 				    filename, linenum);
1670 			cname = options->permitted_cnames +
1671 			    options->num_permitted_cnames++;
1672 			cname->source_list = xstrdup(arg);
1673 			cname->target_list = xstrdup(arg2);
1674 		}
1675 		break;
1676 
1677 	case oCanonicalizeHostname:
1678 		intptr = &options->canonicalize_hostname;
1679 		multistate_ptr = multistate_canonicalizehostname;
1680 		goto parse_multistate;
1681 
1682 	case oCanonicalizeMaxDots:
1683 		intptr = &options->canonicalize_max_dots;
1684 		goto parse_int;
1685 
1686 	case oCanonicalizeFallbackLocal:
1687 		intptr = &options->canonicalize_fallback_local;
1688 		goto parse_flag;
1689 
1690 	case oStreamLocalBindMask:
1691 		arg = strdelim(&s);
1692 		if (!arg || *arg == '\0')
1693 			fatal("%.200s line %d: Missing StreamLocalBindMask argument.", filename, linenum);
1694 		/* Parse mode in octal format */
1695 		value = strtol(arg, &endofnumber, 8);
1696 		if (arg == endofnumber || value < 0 || value > 0777)
1697 			fatal("%.200s line %d: Bad mask.", filename, linenum);
1698 		options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
1699 		break;
1700 
1701 	case oStreamLocalBindUnlink:
1702 		intptr = &options->fwd_opts.streamlocal_bind_unlink;
1703 		goto parse_flag;
1704 
1705 	case oRevokedHostKeys:
1706 		charptr = &options->revoked_host_keys;
1707 		goto parse_string;
1708 
1709 	case oFingerprintHash:
1710 		intptr = &options->fingerprint_hash;
1711 		arg = strdelim(&s);
1712 		if (!arg || *arg == '\0')
1713 			fatal("%.200s line %d: Missing argument.",
1714 			    filename, linenum);
1715 		if ((value = ssh_digest_alg_by_name(arg)) == -1)
1716 			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
1717 			    filename, linenum, arg);
1718 		if (*activep && *intptr == -1)
1719 			*intptr = value;
1720 		break;
1721 
1722 	case oUpdateHostkeys:
1723 		intptr = &options->update_hostkeys;
1724 		multistate_ptr = multistate_yesnoask;
1725 		goto parse_multistate;
1726 
1727 	case oHostbasedKeyTypes:
1728 		charptr = &options->hostbased_key_types;
1729 		goto parse_keytypes;
1730 
1731 	case oPubkeyAcceptedKeyTypes:
1732 		charptr = &options->pubkey_key_types;
1733 		goto parse_keytypes;
1734 
1735 	case oAddKeysToAgent:
1736 		intptr = &options->add_keys_to_agent;
1737 		multistate_ptr = multistate_yesnoaskconfirm;
1738 		goto parse_multistate;
1739 
1740 	case oIdentityAgent:
1741 		charptr = &options->identity_agent;
1742 		arg = strdelim(&s);
1743 		if (!arg || *arg == '\0')
1744 			fatal("%.200s line %d: Missing argument.",
1745 			    filename, linenum);
1746 		/* Extra validation if the string represents an env var. */
1747 		if (arg[0] == '$' && !valid_env_name(arg + 1)) {
1748 			fatal("%.200s line %d: Invalid environment name %s.",
1749 			    filename, linenum, arg);
1750 		}
1751 		if (*activep && *charptr == NULL)
1752 			*charptr = xstrdup(arg);
1753 		break;
1754 
1755 	case oDeprecated:
1756 		debug("%s line %d: Deprecated option \"%s\"",
1757 		    filename, linenum, keyword);
1758 		return 0;
1759 
1760 	case oUnsupported:
1761 		error("%s line %d: Unsupported option \"%s\"",
1762 		    filename, linenum, keyword);
1763 		return 0;
1764 
1765 	default:
1766 		fatal("%s: Unimplemented opcode %d", __func__, opcode);
1767 	}
1768 
1769 	/* Check that there is no garbage at end of line. */
1770 	if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1771 		fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
1772 		    filename, linenum, arg);
1773 	}
1774 	return 0;
1775 }
1776 
1777 /*
1778  * Reads the config file and modifies the options accordingly.  Options
1779  * should already be initialized before this call.  This never returns if
1780  * there is an error.  If the file does not exist, this returns 0.
1781  */
1782 int
1783 read_config_file(const char *filename, struct passwd *pw, const char *host,
1784     const char *original_host, Options *options, int flags)
1785 {
1786 	int active = 1;
1787 
1788 	return read_config_file_depth(filename, pw, host, original_host,
1789 	    options, flags, &active, 0);
1790 }
1791 
1792 #define READCONF_MAX_DEPTH	16
1793 static int
1794 read_config_file_depth(const char *filename, struct passwd *pw,
1795     const char *host, const char *original_host, Options *options,
1796     int flags, int *activep, int depth)
1797 {
1798 	FILE *f;
1799 	char *line = NULL;
1800 	size_t linesize = 0;
1801 	int linenum;
1802 	int bad_options = 0;
1803 
1804 	if (depth < 0 || depth > READCONF_MAX_DEPTH)
1805 		fatal("Too many recursive configuration includes");
1806 
1807 	if ((f = fopen(filename, "r")) == NULL)
1808 		return 0;
1809 
1810 	if (flags & SSHCONF_CHECKPERM) {
1811 		struct stat sb;
1812 
1813 		if (fstat(fileno(f), &sb) == -1)
1814 			fatal("fstat %s: %s", filename, strerror(errno));
1815 		if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
1816 		    (sb.st_mode & 022) != 0))
1817 			fatal("Bad owner or permissions on %s", filename);
1818 	}
1819 
1820 	debug("Reading configuration data %.200s", filename);
1821 
1822 	/*
1823 	 * Mark that we are now processing the options.  This flag is turned
1824 	 * on/off by Host specifications.
1825 	 */
1826 	linenum = 0;
1827 	while (getline(&line, &linesize, f) != -1) {
1828 		/* Update line number counter. */
1829 		linenum++;
1830 		if (process_config_line_depth(options, pw, host, original_host,
1831 		    line, filename, linenum, activep, flags, depth) != 0)
1832 			bad_options++;
1833 	}
1834 	free(line);
1835 	fclose(f);
1836 	if (bad_options > 0)
1837 		fatal("%s: terminating, %d bad configuration options",
1838 		    filename, bad_options);
1839 	return 1;
1840 }
1841 
1842 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
1843 int
1844 option_clear_or_none(const char *o)
1845 {
1846 	return o == NULL || strcasecmp(o, "none") == 0;
1847 }
1848 
1849 /*
1850  * Initializes options to special values that indicate that they have not yet
1851  * been set.  Read_config_file will only set options with this value. Options
1852  * are processed in the following order: command line, user config file,
1853  * system config file.  Last, fill_default_options is called.
1854  */
1855 
1856 void
1857 initialize_options(Options * options)
1858 {
1859 	memset(options, 'X', sizeof(*options));
1860 	options->version_addendum = NULL;
1861 	options->forward_agent = -1;
1862 	options->forward_x11 = -1;
1863 	options->forward_x11_trusted = -1;
1864 	options->forward_x11_timeout = -1;
1865 	options->stdio_forward_host = NULL;
1866 	options->stdio_forward_port = 0;
1867 	options->clear_forwardings = -1;
1868 	options->exit_on_forward_failure = -1;
1869 	options->xauth_location = NULL;
1870 	options->fwd_opts.gateway_ports = -1;
1871 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
1872 	options->fwd_opts.streamlocal_bind_unlink = -1;
1873 	options->pubkey_authentication = -1;
1874 	options->challenge_response_authentication = -1;
1875 	options->gss_authentication = -1;
1876 	options->gss_deleg_creds = -1;
1877 	options->password_authentication = -1;
1878 	options->kbd_interactive_authentication = -1;
1879 	options->kbd_interactive_devices = NULL;
1880 	options->hostbased_authentication = -1;
1881 	options->batch_mode = -1;
1882 	options->check_host_ip = -1;
1883 	options->strict_host_key_checking = -1;
1884 	options->compression = -1;
1885 	options->tcp_keep_alive = -1;
1886 	options->port = -1;
1887 	options->address_family = -1;
1888 	options->connection_attempts = -1;
1889 	options->connection_timeout = -1;
1890 	options->number_of_password_prompts = -1;
1891 	options->ciphers = NULL;
1892 	options->macs = NULL;
1893 	options->kex_algorithms = NULL;
1894 	options->hostkeyalgorithms = NULL;
1895 	options->ca_sign_algorithms = NULL;
1896 	options->num_identity_files = 0;
1897 	options->num_certificate_files = 0;
1898 	options->hostname = NULL;
1899 	options->host_key_alias = NULL;
1900 	options->proxy_command = NULL;
1901 	options->jump_user = NULL;
1902 	options->jump_host = NULL;
1903 	options->jump_port = -1;
1904 	options->jump_extra = NULL;
1905 	options->user = NULL;
1906 	options->escape_char = -1;
1907 	options->num_system_hostfiles = 0;
1908 	options->num_user_hostfiles = 0;
1909 	options->local_forwards = NULL;
1910 	options->num_local_forwards = 0;
1911 	options->remote_forwards = NULL;
1912 	options->num_remote_forwards = 0;
1913 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
1914 	options->log_level = SYSLOG_LEVEL_NOT_SET;
1915 	options->preferred_authentications = NULL;
1916 	options->bind_address = NULL;
1917 	options->bind_interface = NULL;
1918 	options->pkcs11_provider = NULL;
1919 	options->enable_ssh_keysign = - 1;
1920 	options->no_host_authentication_for_localhost = - 1;
1921 	options->identities_only = - 1;
1922 	options->rekey_limit = - 1;
1923 	options->rekey_interval = -1;
1924 	options->verify_host_key_dns = -1;
1925 	options->server_alive_interval = -1;
1926 	options->server_alive_count_max = -1;
1927 	options->send_env = NULL;
1928 	options->num_send_env = 0;
1929 	options->setenv = NULL;
1930 	options->num_setenv = 0;
1931 	options->control_path = NULL;
1932 	options->control_master = -1;
1933 	options->control_persist = -1;
1934 	options->control_persist_timeout = 0;
1935 	options->hash_known_hosts = -1;
1936 	options->tun_open = -1;
1937 	options->tun_local = -1;
1938 	options->tun_remote = -1;
1939 	options->local_command = NULL;
1940 	options->permit_local_command = -1;
1941 	options->remote_command = NULL;
1942 	options->add_keys_to_agent = -1;
1943 	options->identity_agent = NULL;
1944 	options->visual_host_key = -1;
1945 	options->ip_qos_interactive = -1;
1946 	options->ip_qos_bulk = -1;
1947 	options->request_tty = -1;
1948 	options->proxy_use_fdpass = -1;
1949 	options->ignored_unknown = NULL;
1950 	options->num_canonical_domains = 0;
1951 	options->num_permitted_cnames = 0;
1952 	options->canonicalize_max_dots = -1;
1953 	options->canonicalize_fallback_local = -1;
1954 	options->canonicalize_hostname = -1;
1955 	options->revoked_host_keys = NULL;
1956 	options->fingerprint_hash = -1;
1957 	options->update_hostkeys = -1;
1958 	options->hostbased_key_types = NULL;
1959 	options->pubkey_key_types = NULL;
1960 }
1961 
1962 /*
1963  * A petite version of fill_default_options() that just fills the options
1964  * needed for hostname canonicalization to proceed.
1965  */
1966 void
1967 fill_default_options_for_canonicalization(Options *options)
1968 {
1969 	if (options->canonicalize_max_dots == -1)
1970 		options->canonicalize_max_dots = 1;
1971 	if (options->canonicalize_fallback_local == -1)
1972 		options->canonicalize_fallback_local = 1;
1973 	if (options->canonicalize_hostname == -1)
1974 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
1975 }
1976 
1977 /*
1978  * Called after processing other sources of option data, this fills those
1979  * options for which no value has been specified with their default values.
1980  */
1981 void
1982 fill_default_options(Options * options)
1983 {
1984 	char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
1985 	int r;
1986 #ifdef VMWARE_GUEST_WORKAROUND
1987 	char scval[7];	/* "vmware\0" */
1988 	size_t scsiz = sizeof(scval);
1989 	int vmwguest = 0;
1990 
1991 	if (sysctlbyname("kern.vm_guest", scval, &scsiz, NULL, 0) == 0 &&
1992 	    strcmp(scval, "vmware") == 0)
1993 		vmwguest = 1;
1994 #endif
1995 
1996 	if (options->forward_agent == -1)
1997 		options->forward_agent = 0;
1998 	if (options->forward_x11 == -1)
1999 		options->forward_x11 = 0;
2000 	if (options->forward_x11_trusted == -1)
2001 		options->forward_x11_trusted = 0;
2002 	if (options->forward_x11_timeout == -1)
2003 		options->forward_x11_timeout = 1200;
2004 	/*
2005 	 * stdio forwarding (-W) changes the default for these but we defer
2006 	 * setting the values so they can be overridden.
2007 	 */
2008 	if (options->exit_on_forward_failure == -1)
2009 		options->exit_on_forward_failure =
2010 		    options->stdio_forward_host != NULL ? 1 : 0;
2011 	if (options->clear_forwardings == -1)
2012 		options->clear_forwardings =
2013 		    options->stdio_forward_host != NULL ? 1 : 0;
2014 	if (options->clear_forwardings == 1)
2015 		clear_forwardings(options);
2016 
2017 	if (options->xauth_location == NULL)
2018 		options->xauth_location = _PATH_XAUTH;
2019 	if (options->fwd_opts.gateway_ports == -1)
2020 		options->fwd_opts.gateway_ports = 0;
2021 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
2022 		options->fwd_opts.streamlocal_bind_mask = 0177;
2023 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
2024 		options->fwd_opts.streamlocal_bind_unlink = 0;
2025 	if (options->pubkey_authentication == -1)
2026 		options->pubkey_authentication = 1;
2027 	if (options->challenge_response_authentication == -1)
2028 		options->challenge_response_authentication = 1;
2029 	if (options->gss_authentication == -1)
2030 		options->gss_authentication = 0;
2031 	if (options->gss_deleg_creds == -1)
2032 		options->gss_deleg_creds = 0;
2033 	if (options->password_authentication == -1)
2034 		options->password_authentication = 1;
2035 	if (options->kbd_interactive_authentication == -1)
2036 		options->kbd_interactive_authentication = 1;
2037 	if (options->hostbased_authentication == -1)
2038 		options->hostbased_authentication = 0;
2039 	if (options->batch_mode == -1)
2040 		options->batch_mode = 0;
2041 	if (options->check_host_ip == -1)
2042 		options->check_host_ip = 0;
2043 	if (options->strict_host_key_checking == -1)
2044 		options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
2045 	if (options->compression == -1)
2046 		options->compression = 0;
2047 	if (options->tcp_keep_alive == -1)
2048 		options->tcp_keep_alive = 1;
2049 	if (options->port == -1)
2050 		options->port = 0;	/* Filled in ssh_connect. */
2051 	if (options->address_family == -1)
2052 		options->address_family = AF_UNSPEC;
2053 	if (options->connection_attempts == -1)
2054 		options->connection_attempts = 1;
2055 	if (options->number_of_password_prompts == -1)
2056 		options->number_of_password_prompts = 3;
2057 	/* options->hostkeyalgorithms, default set in myproposals.h */
2058 	if (options->add_keys_to_agent == -1)
2059 		options->add_keys_to_agent = 0;
2060 	if (options->num_identity_files == 0) {
2061 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
2062 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
2063 #ifdef OPENSSL_HAS_ECC
2064 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
2065 #endif
2066 		add_identity_file(options, "~/",
2067 		    _PATH_SSH_CLIENT_ID_ED25519, 0);
2068 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
2069 	}
2070 	if (options->escape_char == -1)
2071 		options->escape_char = '~';
2072 	if (options->num_system_hostfiles == 0) {
2073 		options->system_hostfiles[options->num_system_hostfiles++] =
2074 		    xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
2075 		options->system_hostfiles[options->num_system_hostfiles++] =
2076 		    xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
2077 	}
2078 	if (options->num_user_hostfiles == 0) {
2079 		options->user_hostfiles[options->num_user_hostfiles++] =
2080 		    xstrdup(_PATH_SSH_USER_HOSTFILE);
2081 		options->user_hostfiles[options->num_user_hostfiles++] =
2082 		    xstrdup(_PATH_SSH_USER_HOSTFILE2);
2083 	}
2084 	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
2085 		options->log_level = SYSLOG_LEVEL_INFO;
2086 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
2087 		options->log_facility = SYSLOG_FACILITY_USER;
2088 	if (options->no_host_authentication_for_localhost == - 1)
2089 		options->no_host_authentication_for_localhost = 0;
2090 	if (options->identities_only == -1)
2091 		options->identities_only = 0;
2092 	if (options->enable_ssh_keysign == -1)
2093 		options->enable_ssh_keysign = 0;
2094 	if (options->rekey_limit == -1)
2095 		options->rekey_limit = 0;
2096 	if (options->rekey_interval == -1)
2097 		options->rekey_interval = 0;
2098 #if HAVE_LDNS
2099 	if (options->verify_host_key_dns == -1)
2100 		/* automatically trust a verified SSHFP record */
2101 		options->verify_host_key_dns = 1;
2102 #else
2103 	if (options->verify_host_key_dns == -1)
2104 		options->verify_host_key_dns = 0;
2105 #endif
2106 	if (options->server_alive_interval == -1)
2107 		options->server_alive_interval = 0;
2108 	if (options->server_alive_count_max == -1)
2109 		options->server_alive_count_max = 3;
2110 	if (options->control_master == -1)
2111 		options->control_master = 0;
2112 	if (options->control_persist == -1) {
2113 		options->control_persist = 0;
2114 		options->control_persist_timeout = 0;
2115 	}
2116 	if (options->hash_known_hosts == -1)
2117 		options->hash_known_hosts = 0;
2118 	if (options->tun_open == -1)
2119 		options->tun_open = SSH_TUNMODE_NO;
2120 	if (options->tun_local == -1)
2121 		options->tun_local = SSH_TUNID_ANY;
2122 	if (options->tun_remote == -1)
2123 		options->tun_remote = SSH_TUNID_ANY;
2124 	if (options->permit_local_command == -1)
2125 		options->permit_local_command = 0;
2126 	if (options->visual_host_key == -1)
2127 		options->visual_host_key = 0;
2128 	if (options->ip_qos_interactive == -1)
2129 #ifdef VMWARE_GUEST_WORKAROUND
2130 		if (vmwguest)
2131 			options->ip_qos_interactive = IPTOS_LOWDELAY;
2132 		else
2133 #endif
2134 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
2135 	if (options->ip_qos_bulk == -1)
2136 #ifdef VMWARE_GUEST_WORKAROUND
2137 		if (vmwguest)
2138 			options->ip_qos_bulk = IPTOS_THROUGHPUT;
2139 		else
2140 #endif
2141 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
2142 	if (options->request_tty == -1)
2143 		options->request_tty = REQUEST_TTY_AUTO;
2144 	if (options->proxy_use_fdpass == -1)
2145 		options->proxy_use_fdpass = 0;
2146 	if (options->canonicalize_max_dots == -1)
2147 		options->canonicalize_max_dots = 1;
2148 	if (options->canonicalize_fallback_local == -1)
2149 		options->canonicalize_fallback_local = 1;
2150 	if (options->canonicalize_hostname == -1)
2151 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
2152 	if (options->fingerprint_hash == -1)
2153 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
2154 	if (options->update_hostkeys == -1)
2155 		options->update_hostkeys = 0;
2156 
2157 	/* Expand KEX name lists */
2158 	all_cipher = cipher_alg_list(',', 0);
2159 	all_mac = mac_alg_list(',');
2160 	all_kex = kex_alg_list(',');
2161 	all_key = sshkey_alg_list(0, 0, 1, ',');
2162 	all_sig = sshkey_alg_list(0, 1, 1, ',');
2163 #define ASSEMBLE(what, defaults, all) \
2164 	do { \
2165 		if ((r = kex_assemble_names(&options->what, \
2166 		    defaults, all)) != 0) \
2167 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
2168 	} while (0)
2169 	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
2170 	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
2171 	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
2172 	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
2173 	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
2174 	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
2175 #undef ASSEMBLE
2176 	free(all_cipher);
2177 	free(all_mac);
2178 	free(all_kex);
2179 	free(all_key);
2180 	free(all_sig);
2181 
2182 #define CLEAR_ON_NONE(v) \
2183 	do { \
2184 		if (option_clear_or_none(v)) { \
2185 			free(v); \
2186 			v = NULL; \
2187 		} \
2188 	} while(0)
2189 	CLEAR_ON_NONE(options->local_command);
2190 	CLEAR_ON_NONE(options->remote_command);
2191 	CLEAR_ON_NONE(options->proxy_command);
2192 	CLEAR_ON_NONE(options->control_path);
2193 	CLEAR_ON_NONE(options->revoked_host_keys);
2194 	if (options->jump_host != NULL &&
2195 	    strcmp(options->jump_host, "none") == 0 &&
2196 	    options->jump_port == 0 && options->jump_user == NULL) {
2197 		free(options->jump_host);
2198 		options->jump_host = NULL;
2199 	}
2200 	/* options->identity_agent distinguishes NULL from 'none' */
2201 	/* options->user will be set in the main program if appropriate */
2202 	/* options->hostname will be set in the main program if appropriate */
2203 	/* options->host_key_alias should not be set by default */
2204 	/* options->preferred_authentications will be set in ssh */
2205 	if (options->version_addendum == NULL)
2206 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
2207 }
2208 
2209 struct fwdarg {
2210 	char *arg;
2211 	int ispath;
2212 };
2213 
2214 /*
2215  * parse_fwd_field
2216  * parses the next field in a port forwarding specification.
2217  * sets fwd to the parsed field and advances p past the colon
2218  * or sets it to NULL at end of string.
2219  * returns 0 on success, else non-zero.
2220  */
2221 static int
2222 parse_fwd_field(char **p, struct fwdarg *fwd)
2223 {
2224 	char *ep, *cp = *p;
2225 	int ispath = 0;
2226 
2227 	if (*cp == '\0') {
2228 		*p = NULL;
2229 		return -1;	/* end of string */
2230 	}
2231 
2232 	/*
2233 	 * A field escaped with square brackets is used literally.
2234 	 * XXX - allow ']' to be escaped via backslash?
2235 	 */
2236 	if (*cp == '[') {
2237 		/* find matching ']' */
2238 		for (ep = cp + 1; *ep != ']' && *ep != '\0'; ep++) {
2239 			if (*ep == '/')
2240 				ispath = 1;
2241 		}
2242 		/* no matching ']' or not at end of field. */
2243 		if (ep[0] != ']' || (ep[1] != ':' && ep[1] != '\0'))
2244 			return -1;
2245 		/* NUL terminate the field and advance p past the colon */
2246 		*ep++ = '\0';
2247 		if (*ep != '\0')
2248 			*ep++ = '\0';
2249 		fwd->arg = cp + 1;
2250 		fwd->ispath = ispath;
2251 		*p = ep;
2252 		return 0;
2253 	}
2254 
2255 	for (cp = *p; *cp != '\0'; cp++) {
2256 		switch (*cp) {
2257 		case '\\':
2258 			memmove(cp, cp + 1, strlen(cp + 1) + 1);
2259 			if (*cp == '\0')
2260 				return -1;
2261 			break;
2262 		case '/':
2263 			ispath = 1;
2264 			break;
2265 		case ':':
2266 			*cp++ = '\0';
2267 			goto done;
2268 		}
2269 	}
2270 done:
2271 	fwd->arg = *p;
2272 	fwd->ispath = ispath;
2273 	*p = cp;
2274 	return 0;
2275 }
2276 
2277 /*
2278  * parse_forward
2279  * parses a string containing a port forwarding specification of the form:
2280  *   dynamicfwd == 0
2281  *	[listenhost:]listenport|listenpath:connecthost:connectport|connectpath
2282  *	listenpath:connectpath
2283  *   dynamicfwd == 1
2284  *	[listenhost:]listenport
2285  * returns number of arguments parsed or zero on error
2286  */
2287 int
2288 parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
2289 {
2290 	struct fwdarg fwdargs[4];
2291 	char *p, *cp;
2292 	int i;
2293 
2294 	memset(fwd, 0, sizeof(*fwd));
2295 	memset(fwdargs, 0, sizeof(fwdargs));
2296 
2297 	cp = p = xstrdup(fwdspec);
2298 
2299 	/* skip leading spaces */
2300 	while (isspace((u_char)*cp))
2301 		cp++;
2302 
2303 	for (i = 0; i < 4; ++i) {
2304 		if (parse_fwd_field(&cp, &fwdargs[i]) != 0)
2305 			break;
2306 	}
2307 
2308 	/* Check for trailing garbage */
2309 	if (cp != NULL && *cp != '\0') {
2310 		i = 0;	/* failure */
2311 	}
2312 
2313 	switch (i) {
2314 	case 1:
2315 		if (fwdargs[0].ispath) {
2316 			fwd->listen_path = xstrdup(fwdargs[0].arg);
2317 			fwd->listen_port = PORT_STREAMLOCAL;
2318 		} else {
2319 			fwd->listen_host = NULL;
2320 			fwd->listen_port = a2port(fwdargs[0].arg);
2321 		}
2322 		fwd->connect_host = xstrdup("socks");
2323 		break;
2324 
2325 	case 2:
2326 		if (fwdargs[0].ispath && fwdargs[1].ispath) {
2327 			fwd->listen_path = xstrdup(fwdargs[0].arg);
2328 			fwd->listen_port = PORT_STREAMLOCAL;
2329 			fwd->connect_path = xstrdup(fwdargs[1].arg);
2330 			fwd->connect_port = PORT_STREAMLOCAL;
2331 		} else if (fwdargs[1].ispath) {
2332 			fwd->listen_host = NULL;
2333 			fwd->listen_port = a2port(fwdargs[0].arg);
2334 			fwd->connect_path = xstrdup(fwdargs[1].arg);
2335 			fwd->connect_port = PORT_STREAMLOCAL;
2336 		} else {
2337 			fwd->listen_host = xstrdup(fwdargs[0].arg);
2338 			fwd->listen_port = a2port(fwdargs[1].arg);
2339 			fwd->connect_host = xstrdup("socks");
2340 		}
2341 		break;
2342 
2343 	case 3:
2344 		if (fwdargs[0].ispath) {
2345 			fwd->listen_path = xstrdup(fwdargs[0].arg);
2346 			fwd->listen_port = PORT_STREAMLOCAL;
2347 			fwd->connect_host = xstrdup(fwdargs[1].arg);
2348 			fwd->connect_port = a2port(fwdargs[2].arg);
2349 		} else if (fwdargs[2].ispath) {
2350 			fwd->listen_host = xstrdup(fwdargs[0].arg);
2351 			fwd->listen_port = a2port(fwdargs[1].arg);
2352 			fwd->connect_path = xstrdup(fwdargs[2].arg);
2353 			fwd->connect_port = PORT_STREAMLOCAL;
2354 		} else {
2355 			fwd->listen_host = NULL;
2356 			fwd->listen_port = a2port(fwdargs[0].arg);
2357 			fwd->connect_host = xstrdup(fwdargs[1].arg);
2358 			fwd->connect_port = a2port(fwdargs[2].arg);
2359 		}
2360 		break;
2361 
2362 	case 4:
2363 		fwd->listen_host = xstrdup(fwdargs[0].arg);
2364 		fwd->listen_port = a2port(fwdargs[1].arg);
2365 		fwd->connect_host = xstrdup(fwdargs[2].arg);
2366 		fwd->connect_port = a2port(fwdargs[3].arg);
2367 		break;
2368 	default:
2369 		i = 0; /* failure */
2370 	}
2371 
2372 	free(p);
2373 
2374 	if (dynamicfwd) {
2375 		if (!(i == 1 || i == 2))
2376 			goto fail_free;
2377 	} else {
2378 		if (!(i == 3 || i == 4)) {
2379 			if (fwd->connect_path == NULL &&
2380 			    fwd->listen_path == NULL)
2381 				goto fail_free;
2382 		}
2383 		if (fwd->connect_port <= 0 && fwd->connect_path == NULL)
2384 			goto fail_free;
2385 	}
2386 
2387 	if ((fwd->listen_port < 0 && fwd->listen_path == NULL) ||
2388 	    (!remotefwd && fwd->listen_port == 0))
2389 		goto fail_free;
2390 	if (fwd->connect_host != NULL &&
2391 	    strlen(fwd->connect_host) >= NI_MAXHOST)
2392 		goto fail_free;
2393 	/* XXX - if connecting to a remote socket, max sun len may not match this host */
2394 	if (fwd->connect_path != NULL &&
2395 	    strlen(fwd->connect_path) >= PATH_MAX_SUN)
2396 		goto fail_free;
2397 	if (fwd->listen_host != NULL &&
2398 	    strlen(fwd->listen_host) >= NI_MAXHOST)
2399 		goto fail_free;
2400 	if (fwd->listen_path != NULL &&
2401 	    strlen(fwd->listen_path) >= PATH_MAX_SUN)
2402 		goto fail_free;
2403 
2404 	return (i);
2405 
2406  fail_free:
2407 	free(fwd->connect_host);
2408 	fwd->connect_host = NULL;
2409 	free(fwd->connect_path);
2410 	fwd->connect_path = NULL;
2411 	free(fwd->listen_host);
2412 	fwd->listen_host = NULL;
2413 	free(fwd->listen_path);
2414 	fwd->listen_path = NULL;
2415 	return (0);
2416 }
2417 
2418 int
2419 parse_jump(const char *s, Options *o, int active)
2420 {
2421 	char *orig, *sdup, *cp;
2422 	char *host = NULL, *user = NULL;
2423 	int ret = -1, port = -1, first;
2424 
2425 	active &= o->proxy_command == NULL && o->jump_host == NULL;
2426 
2427 	orig = sdup = xstrdup(s);
2428 	first = active;
2429 	do {
2430 		if (strcasecmp(s, "none") == 0)
2431 			break;
2432 		if ((cp = strrchr(sdup, ',')) == NULL)
2433 			cp = sdup; /* last */
2434 		else
2435 			*cp++ = '\0';
2436 
2437 		if (first) {
2438 			/* First argument and configuration is active */
2439 			if (parse_ssh_uri(cp, &user, &host, &port) == -1 ||
2440 			    parse_user_host_port(cp, &user, &host, &port) != 0)
2441 				goto out;
2442 		} else {
2443 			/* Subsequent argument or inactive configuration */
2444 			if (parse_ssh_uri(cp, NULL, NULL, NULL) == -1 ||
2445 			    parse_user_host_port(cp, NULL, NULL, NULL) != 0)
2446 				goto out;
2447 		}
2448 		first = 0; /* only check syntax for subsequent hosts */
2449 	} while (cp != sdup);
2450 	/* success */
2451 	if (active) {
2452 		if (strcasecmp(s, "none") == 0) {
2453 			o->jump_host = xstrdup("none");
2454 			o->jump_port = 0;
2455 		} else {
2456 			o->jump_user = user;
2457 			o->jump_host = host;
2458 			o->jump_port = port;
2459 			o->proxy_command = xstrdup("none");
2460 			user = host = NULL;
2461 			if ((cp = strrchr(s, ',')) != NULL && cp != s) {
2462 				o->jump_extra = xstrdup(s);
2463 				o->jump_extra[cp - s] = '\0';
2464 			}
2465 		}
2466 	}
2467 	ret = 0;
2468  out:
2469 	free(orig);
2470 	free(user);
2471 	free(host);
2472 	return ret;
2473 }
2474 
2475 int
2476 parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
2477 {
2478 	char *path;
2479 	int r;
2480 
2481 	r = parse_uri("ssh", uri, userp, hostp, portp, &path);
2482 	if (r == 0 && path != NULL)
2483 		r = -1;		/* path not allowed */
2484 	return r;
2485 }
2486 
2487 /* XXX the following is a near-vebatim copy from servconf.c; refactor */
2488 static const char *
2489 fmt_multistate_int(int val, const struct multistate *m)
2490 {
2491 	u_int i;
2492 
2493 	for (i = 0; m[i].key != NULL; i++) {
2494 		if (m[i].value == val)
2495 			return m[i].key;
2496 	}
2497 	return "UNKNOWN";
2498 }
2499 
2500 static const char *
2501 fmt_intarg(OpCodes code, int val)
2502 {
2503 	if (val == -1)
2504 		return "unset";
2505 	switch (code) {
2506 	case oAddressFamily:
2507 		return fmt_multistate_int(val, multistate_addressfamily);
2508 	case oVerifyHostKeyDNS:
2509 	case oUpdateHostkeys:
2510 		return fmt_multistate_int(val, multistate_yesnoask);
2511 	case oStrictHostKeyChecking:
2512 		return fmt_multistate_int(val, multistate_strict_hostkey);
2513 	case oControlMaster:
2514 		return fmt_multistate_int(val, multistate_controlmaster);
2515 	case oTunnel:
2516 		return fmt_multistate_int(val, multistate_tunnel);
2517 	case oRequestTTY:
2518 		return fmt_multistate_int(val, multistate_requesttty);
2519 	case oCanonicalizeHostname:
2520 		return fmt_multistate_int(val, multistate_canonicalizehostname);
2521 	case oAddKeysToAgent:
2522 		return fmt_multistate_int(val, multistate_yesnoaskconfirm);
2523 	case oFingerprintHash:
2524 		return ssh_digest_alg_name(val);
2525 	default:
2526 		switch (val) {
2527 		case 0:
2528 			return "no";
2529 		case 1:
2530 			return "yes";
2531 		default:
2532 			return "UNKNOWN";
2533 		}
2534 	}
2535 }
2536 
2537 static const char *
2538 lookup_opcode_name(OpCodes code)
2539 {
2540 	u_int i;
2541 
2542 	for (i = 0; keywords[i].name != NULL; i++)
2543 		if (keywords[i].opcode == code)
2544 			return(keywords[i].name);
2545 	return "UNKNOWN";
2546 }
2547 
2548 static void
2549 dump_cfg_int(OpCodes code, int val)
2550 {
2551 	printf("%s %d\n", lookup_opcode_name(code), val);
2552 }
2553 
2554 static void
2555 dump_cfg_fmtint(OpCodes code, int val)
2556 {
2557 	printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
2558 }
2559 
2560 static void
2561 dump_cfg_string(OpCodes code, const char *val)
2562 {
2563 	if (val == NULL)
2564 		return;
2565 	printf("%s %s\n", lookup_opcode_name(code), val);
2566 }
2567 
2568 static void
2569 dump_cfg_strarray(OpCodes code, u_int count, char **vals)
2570 {
2571 	u_int i;
2572 
2573 	for (i = 0; i < count; i++)
2574 		printf("%s %s\n", lookup_opcode_name(code), vals[i]);
2575 }
2576 
2577 static void
2578 dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
2579 {
2580 	u_int i;
2581 
2582 	printf("%s", lookup_opcode_name(code));
2583 	for (i = 0; i < count; i++)
2584 		printf(" %s",  vals[i]);
2585 	printf("\n");
2586 }
2587 
2588 static void
2589 dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
2590 {
2591 	const struct Forward *fwd;
2592 	u_int i;
2593 
2594 	/* oDynamicForward */
2595 	for (i = 0; i < count; i++) {
2596 		fwd = &fwds[i];
2597 		if (code == oDynamicForward && fwd->connect_host != NULL &&
2598 		    strcmp(fwd->connect_host, "socks") != 0)
2599 			continue;
2600 		if (code == oLocalForward && fwd->connect_host != NULL &&
2601 		    strcmp(fwd->connect_host, "socks") == 0)
2602 			continue;
2603 		printf("%s", lookup_opcode_name(code));
2604 		if (fwd->listen_port == PORT_STREAMLOCAL)
2605 			printf(" %s", fwd->listen_path);
2606 		else if (fwd->listen_host == NULL)
2607 			printf(" %d", fwd->listen_port);
2608 		else {
2609 			printf(" [%s]:%d",
2610 			    fwd->listen_host, fwd->listen_port);
2611 		}
2612 		if (code != oDynamicForward) {
2613 			if (fwd->connect_port == PORT_STREAMLOCAL)
2614 				printf(" %s", fwd->connect_path);
2615 			else if (fwd->connect_host == NULL)
2616 				printf(" %d", fwd->connect_port);
2617 			else {
2618 				printf(" [%s]:%d",
2619 				    fwd->connect_host, fwd->connect_port);
2620 			}
2621 		}
2622 		printf("\n");
2623 	}
2624 }
2625 
2626 void
2627 dump_client_config(Options *o, const char *host)
2628 {
2629 	int i;
2630 	char buf[8], *all_key;
2631 
2632 	/* This is normally prepared in ssh_kex2 */
2633 	all_key = sshkey_alg_list(0, 0, 1, ',');
2634 	if (kex_assemble_names( &o->hostkeyalgorithms,
2635 	    KEX_DEFAULT_PK_ALG, all_key) != 0)
2636 		fatal("%s: kex_assemble_names failed", __func__);
2637 	free(all_key);
2638 
2639 	/* Most interesting options first: user, host, port */
2640 	dump_cfg_string(oUser, o->user);
2641 	dump_cfg_string(oHostName, host);
2642 	dump_cfg_int(oPort, o->port);
2643 
2644 	/* Flag options */
2645 	dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
2646 	dump_cfg_fmtint(oAddressFamily, o->address_family);
2647 	dump_cfg_fmtint(oBatchMode, o->batch_mode);
2648 	dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);
2649 	dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname);
2650 	dump_cfg_fmtint(oChallengeResponseAuthentication, o->challenge_response_authentication);
2651 	dump_cfg_fmtint(oCheckHostIP, o->check_host_ip);
2652 	dump_cfg_fmtint(oCompression, o->compression);
2653 	dump_cfg_fmtint(oControlMaster, o->control_master);
2654 	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
2655 	dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
2656 	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
2657 	dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
2658 	dump_cfg_fmtint(oForwardAgent, o->forward_agent);
2659 	dump_cfg_fmtint(oForwardX11, o->forward_x11);
2660 	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
2661 	dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
2662 #ifdef GSSAPI
2663 	dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
2664 	dump_cfg_fmtint(oGssDelegateCreds, o->gss_deleg_creds);
2665 #endif /* GSSAPI */
2666 	dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
2667 	dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
2668 	dump_cfg_fmtint(oIdentitiesOnly, o->identities_only);
2669 	dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication);
2670 	dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
2671 	dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
2672 	dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
2673 	dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2674 	dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2675 	dump_cfg_fmtint(oRequestTTY, o->request_tty);
2676 	dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2677 	dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2678 	dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
2679 	dump_cfg_fmtint(oTunnel, o->tun_open);
2680 	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);
2681 	dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);
2682 	dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);
2683 
2684 	/* Integer options */
2685 	dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
2686 	dump_cfg_int(oConnectionAttempts, o->connection_attempts);
2687 	dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
2688 	dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
2689 	dump_cfg_int(oServerAliveCountMax, o->server_alive_count_max);
2690 	dump_cfg_int(oServerAliveInterval, o->server_alive_interval);
2691 
2692 	/* String options */
2693 	dump_cfg_string(oBindAddress, o->bind_address);
2694 	dump_cfg_string(oBindInterface, o->bind_interface);
2695 	dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT);
2696 	dump_cfg_string(oControlPath, o->control_path);
2697 	dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
2698 	dump_cfg_string(oHostKeyAlias, o->host_key_alias);
2699 	dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
2700 	dump_cfg_string(oIdentityAgent, o->identity_agent);
2701 	dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
2702 	dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
2703 	dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
2704 	dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
2705 	dump_cfg_string(oLocalCommand, o->local_command);
2706 	dump_cfg_string(oRemoteCommand, o->remote_command);
2707 	dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2708 	dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2709 #ifdef ENABLE_PKCS11
2710 	dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2711 #endif
2712 	dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2713 	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2714 	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
2715 	dump_cfg_string(oXAuthLocation, o->xauth_location);
2716 
2717 	/* Forwards */
2718 	dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);
2719 	dump_cfg_forwards(oLocalForward, o->num_local_forwards, o->local_forwards);
2720 	dump_cfg_forwards(oRemoteForward, o->num_remote_forwards, o->remote_forwards);
2721 
2722 	/* String array options */
2723 	dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files);
2724 	dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains);
2725 	dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files);
2726 	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
2727 	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
2728 	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
2729 	dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv);
2730 
2731 	/* Special cases */
2732 
2733 	/* oConnectTimeout */
2734 	if (o->connection_timeout == -1)
2735 		printf("connecttimeout none\n");
2736 	else
2737 		dump_cfg_int(oConnectTimeout, o->connection_timeout);
2738 
2739 	/* oTunnelDevice */
2740 	printf("tunneldevice");
2741 	if (o->tun_local == SSH_TUNID_ANY)
2742 		printf(" any");
2743 	else
2744 		printf(" %d", o->tun_local);
2745 	if (o->tun_remote == SSH_TUNID_ANY)
2746 		printf(":any");
2747 	else
2748 		printf(":%d", o->tun_remote);
2749 	printf("\n");
2750 
2751 	/* oCanonicalizePermittedCNAMEs */
2752 	if ( o->num_permitted_cnames > 0) {
2753 		printf("canonicalizePermittedcnames");
2754 		for (i = 0; i < o->num_permitted_cnames; i++) {
2755 			printf(" %s:%s", o->permitted_cnames[i].source_list,
2756 			    o->permitted_cnames[i].target_list);
2757 		}
2758 		printf("\n");
2759 	}
2760 
2761 	/* oControlPersist */
2762 	if (o->control_persist == 0 || o->control_persist_timeout == 0)
2763 		dump_cfg_fmtint(oControlPersist, o->control_persist);
2764 	else
2765 		dump_cfg_int(oControlPersist, o->control_persist_timeout);
2766 
2767 	/* oEscapeChar */
2768 	if (o->escape_char == SSH_ESCAPECHAR_NONE)
2769 		printf("escapechar none\n");
2770 	else {
2771 		vis(buf, o->escape_char, VIS_WHITE, 0);
2772 		printf("escapechar %s\n", buf);
2773 	}
2774 
2775 	/* oIPQoS */
2776 	printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
2777 	printf("%s\n", iptos2str(o->ip_qos_bulk));
2778 
2779 	/* oRekeyLimit */
2780 	printf("rekeylimit %llu %d\n",
2781 	    (unsigned long long)o->rekey_limit, o->rekey_interval);
2782 
2783 	/* oStreamLocalBindMask */
2784 	printf("streamlocalbindmask 0%o\n",
2785 	    o->fwd_opts.streamlocal_bind_mask);
2786 
2787 	/* oLogFacility */
2788 	printf("syslogfacility %s\n", log_facility_name(o->log_facility));
2789 
2790 	/* oProxyCommand / oProxyJump */
2791 	if (o->jump_host == NULL)
2792 		dump_cfg_string(oProxyCommand, o->proxy_command);
2793 	else {
2794 		/* Check for numeric addresses */
2795 		i = strchr(o->jump_host, ':') != NULL ||
2796 		    strspn(o->jump_host, "1234567890.") == strlen(o->jump_host);
2797 		snprintf(buf, sizeof(buf), "%d", o->jump_port);
2798 		printf("proxyjump %s%s%s%s%s%s%s%s%s\n",
2799 		    /* optional additional jump spec */
2800 		    o->jump_extra == NULL ? "" : o->jump_extra,
2801 		    o->jump_extra == NULL ? "" : ",",
2802 		    /* optional user */
2803 		    o->jump_user == NULL ? "" : o->jump_user,
2804 		    o->jump_user == NULL ? "" : "@",
2805 		    /* opening [ if hostname is numeric */
2806 		    i ? "[" : "",
2807 		    /* mandatory hostname */
2808 		    o->jump_host,
2809 		    /* closing ] if hostname is numeric */
2810 		    i ? "]" : "",
2811 		    /* optional port number */
2812 		    o->jump_port <= 0 ? "" : ":",
2813 		    o->jump_port <= 0 ? "" : buf);
2814 	}
2815 }
2816