1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Functions for reading the configuration file. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 /* 14 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 15 * Use is subject to license terms. 16 */ 17 18 #ifndef _READCONF_H 19 #define _READCONF_H 20 21 /* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ 22 23 #pragma ident "%Z%%M% %I% %E% SMI" 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 #include "key.h" 30 31 /* 32 * We accept only fixed amount of unknown options. Note that we must treat all 33 * options in different Host sections separately since we need to remember the 34 * line number. See IgnoreIfUnknown for more information. 35 */ 36 #define MAX_UNKNOWN_OPTIONS 64 37 38 /* Data structure for representing a forwarding request. */ 39 40 typedef struct { 41 char *listen_host; /* Host (address) to listen on. */ 42 u_short listen_port; /* Port to forward. */ 43 char *connect_host; /* Host to connect. */ 44 u_short connect_port; /* Port to connect on connect_host. */ 45 } Forward; 46 /* Data structure for representing option data. */ 47 48 /* For postponed processing of option keywords. */ 49 typedef struct { 50 char *keyword; /* option keyword name */ 51 char *filename; /* config file it was found in */ 52 int linenum; /* line number in the config file */ 53 } StoredOption; 54 55 typedef struct { 56 int forward_agent; /* Forward authentication agent. */ 57 int forward_x11; /* Forward X11 display. */ 58 int forward_x11_trusted; /* Trust Forward X11 display. */ 59 char *xauth_location; /* Location for xauth program */ 60 int gateway_ports; /* Allow remote connects to forwarded ports. */ 61 int use_privileged_port; /* Don't use privileged port if false. */ 62 int rhosts_authentication; /* Try rhosts authentication. */ 63 int rhosts_rsa_authentication; /* Try rhosts with RSA 64 * authentication. */ 65 int rsa_authentication; /* Try RSA authentication. */ 66 int pubkey_authentication; /* Try ssh2 pubkey authentication. */ 67 int hostbased_authentication; /* ssh2's rhosts_rsa */ 68 int challenge_response_authentication; 69 int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ 70 int use_rsh; /* Always use rsh(don\'t try ssh). */ 71 /* Try S/Key or TIS, authentication. */ 72 #if defined(KRB4) || defined(KRB5) 73 int kerberos_authentication; /* Try Kerberos authentication. */ 74 #endif 75 #if defined(AFS) || defined(KRB5) 76 int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ 77 #endif 78 79 #ifdef GSSAPI 80 int gss_keyex; 81 int gss_authentication; 82 int gss_deleg_creds; 83 #ifdef GSI 84 int gss_globus_deleg_limited_proxy; 85 #endif /* GSI */ 86 #endif /* GSSAPI */ 87 88 #ifdef AFS 89 int afs_token_passing; /* Try AFS token passing. */ 90 #endif 91 int password_authentication; /* Try password 92 * authentication. */ 93 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 94 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 95 int batch_mode; /* Batch mode: do not ask for passwords. */ 96 int check_host_ip; /* Also keep track of keys for IP address */ 97 int strict_host_key_checking; /* Strict host key checking. */ 98 int compression; /* Compress packets in both directions. */ 99 int compression_level; /* Compression level 1 (fast) to 9 100 * (best). */ 101 int keepalives; /* Set SO_KEEPALIVE. */ 102 LogLevel log_level; /* Level for logging. */ 103 104 int port; /* Port to connect. */ 105 int connection_attempts; /* Max attempts (seconds) before 106 * giving up */ 107 int connection_timeout; /* Max time (seconds) before 108 * aborting connection attempt */ 109 int number_of_password_prompts; /* Max number of password 110 * prompts. */ 111 int cipher; /* Cipher to use. */ 112 char *ciphers; /* SSH2 ciphers in order of preference. */ 113 char *macs; /* SSH2 macs in order of preference. */ 114 char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ 115 int protocol; /* Protocol in order of preference. */ 116 char *hostname; /* Real host to connect. */ 117 char *host_key_alias; /* hostname alias for .ssh/known_hosts */ 118 char *proxy_command; /* Proxy command for connecting the host. */ 119 char *user; /* User to log in as. */ 120 int escape_char; /* Escape character; -2 = none */ 121 122 char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */ 123 char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ 124 char *system_hostfile2; 125 char *user_hostfile2; 126 char *preferred_authentications; 127 char *bind_address; /* local socket address for connection to sshd */ 128 char *smartcard_device; /* Smartcard reader device */ 129 int disable_banner; /* Disable display of banner */ 130 131 /* 132 * Unknown options listed in IgnoreIfUnknown will not cause ssh to 133 * exit. So, we must store all unknown options here and can't process 134 * them before the command line options and all config files are read 135 * and IgnoreIfUnknown is properly set. 136 */ 137 char *ignore_if_unknown; 138 int unknown_opts_num; 139 StoredOption unknown_opts[MAX_UNKNOWN_OPTIONS]; 140 141 int num_identity_files; /* Number of files for RSA/DSA identities. */ 142 char *identity_files[SSH_MAX_IDENTITY_FILES]; 143 Key *identity_keys[SSH_MAX_IDENTITY_FILES]; 144 145 /* Local TCP/IP forward requests. */ 146 int num_local_forwards; 147 Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; 148 149 /* Remote TCP/IP forward requests. */ 150 int num_remote_forwards; 151 Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; 152 int clear_forwardings; 153 int no_host_authentication_for_localhost; 154 int server_alive_interval; 155 int server_alive_count_max; 156 157 int hash_known_hosts; 158 } Options; 159 160 161 void initialize_options(Options *); 162 void fill_default_options(Options *); 163 int read_config_file(const char *, const char *, Options *); 164 int parse_forward(int, Forward *, const char *); 165 166 int 167 process_config_line(Options *, const char *, char *, const char *, int, int *); 168 169 void add_local_forward(Options *, const Forward *); 170 void add_remote_forward(Options *, const Forward *); 171 172 void process_unknown_options(Options *); 173 174 #ifdef __cplusplus 175 } 176 #endif 177 178 #endif /* _READCONF_H */ 179