Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/ssh Pull up revisions 1.2-1.5 (requested by...
details: https://anonhg.NetBSD.org/src/rev/5bc8967b254e
branches: netbsd-1-5
changeset: 490702:5bc8967b254e
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 20:26:55 2001 +0000
description:
Pull up revisions 1.2-1.5 (requested by itojun):
Update SSH to version found on trunk as of 26 Feb 2001.
diffstat:
crypto/dist/ssh/readconf.c | 832 ++++++++++++++++++++
crypto/dist/ssh/serverloop.c | 947 +++++++++++++++++++++++
crypto/dist/ssh/session.c | 1703 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 3482 insertions(+), 0 deletions(-)
diffs (truncated from 3494 to 300 lines):
diff -r ffd1fad716d8 -r 5bc8967b254e crypto/dist/ssh/readconf.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/readconf.c Mon Feb 26 20:26:55 2001 +0000
@@ -0,0 +1,832 @@
+/*
+ * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
+ * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
+ * All rights reserved
+ * Functions for reading the configuration files.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: readconf.c,v 1.62 2001/02/11 12:59:25 markus Exp $");
+
+#include "ssh.h"
+#include "xmalloc.h"
+#include "compat.h"
+#include "cipher.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readconf.h"
+#include "match.h"
+#include "misc.h"
+#include "kex.h"
+#include "mac.h"
+
+/* Format of the configuration file:
+
+ # Configuration data is parsed as follows:
+ # 1. command line options
+ # 2. user-specific file
+ # 3. system-wide file
+ # Any configuration value is only changed the first time it is set.
+ # Thus, host-specific definitions should be at the beginning of the
+ # configuration file, and defaults at the end.
+
+ # Host-specific declarations. These may override anything above. A single
+ # host may match multiple declarations; these are processed in the order
+ # that they are given in.
+
+ Host *.ngs.fi ngs.fi
+ FallBackToRsh no
+
+ Host fake.com
+ HostName another.host.name.real.org
+ User blaah
+ Port 34289
+ ForwardX11 no
+ ForwardAgent no
+
+ Host books.com
+ RemoteForward 9999 shadows.cs.hut.fi:9999
+ Cipher 3des
+
+ Host fascist.blob.com
+ Port 23123
+ User tylonen
+ RhostsAuthentication no
+ PasswordAuthentication no
+
+ Host puukko.hut.fi
+ User t35124p
+ ProxyCommand ssh-proxy %h %p
+
+ Host *.fr
+ UseRsh yes
+
+ Host *.su
+ Cipher none
+ PasswordAuthentication no
+
+ # Defaults for various options
+ Host *
+ ForwardAgent no
+ ForwardX11 no
+ RhostsAuthentication yes
+ PasswordAuthentication yes
+ RSAAuthentication yes
+ RhostsRSAAuthentication yes
+ FallBackToRsh no
+ UseRsh no
+ StrictHostKeyChecking yes
+ KeepAlives no
+ IdentityFile ~/.ssh/identity
+ Port 22
+ EscapeChar ~
+
+*/
+
+/* Keyword tokens. */
+
+typedef enum {
+ oBadOption,
+ oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+ oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
+ oChallengeResponseAuthentication, oXAuthLocation,
+#ifdef KRB4
+ oKerberosAuthentication,
+#endif /* KRB4 */
+#ifdef AFS
+ oKerberosTgtPassing, oAFSTokenPassing,
+#endif
+ oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
+ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
+ oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
+ oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
+ oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+ oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
+ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
+ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
+} OpCodes;
+
+/* Textual representations of the tokens. */
+
+static struct {
+ const char *name;
+ OpCodes opcode;
+} keywords[] = {
+ { "forwardagent", oForwardAgent },
+ { "forwardx11", oForwardX11 },
+ { "xauthlocation", oXAuthLocation },
+ { "gatewayports", oGatewayPorts },
+ { "useprivilegedport", oUsePrivilegedPort },
+ { "rhostsauthentication", oRhostsAuthentication },
+ { "passwordauthentication", oPasswordAuthentication },
+ { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
+ { "kbdinteractivedevices", oKbdInteractiveDevices },
+ { "rsaauthentication", oRSAAuthentication },
+ { "pubkeyauthentication", oPubkeyAuthentication },
+ { "dsaauthentication", oPubkeyAuthentication }, /* alias */
+ { "challengeresponseauthentication", oChallengeResponseAuthentication },
+ { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
+ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
+#ifdef KRB4
+ { "kerberosauthentication", oKerberosAuthentication },
+#endif /* KRB4 */
+#ifdef AFS
+ { "kerberostgtpassing", oKerberosTgtPassing },
+ { "afstokenpassing", oAFSTokenPassing },
+#endif
+ { "fallbacktorsh", oFallBackToRsh },
+ { "usersh", oUseRsh },
+ { "identityfile", oIdentityFile },
+ { "identityfile2", oIdentityFile }, /* alias */
+ { "hostname", oHostName },
+ { "hostkeyalias", oHostKeyAlias },
+ { "proxycommand", oProxyCommand },
+ { "port", oPort },
+ { "cipher", oCipher },
+ { "ciphers", oCiphers },
+ { "macs", oMacs },
+ { "protocol", oProtocol },
+ { "remoteforward", oRemoteForward },
+ { "localforward", oLocalForward },
+ { "user", oUser },
+ { "host", oHost },
+ { "escapechar", oEscapeChar },
+ { "rhostsrsaauthentication", oRhostsRSAAuthentication },
+ { "globalknownhostsfile", oGlobalKnownHostsFile },
+ { "userknownhostsfile", oUserKnownHostsFile },
+ { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
+ { "userknownhostsfile2", oUserKnownHostsFile2 },
+ { "connectionattempts", oConnectionAttempts },
+ { "batchmode", oBatchMode },
+ { "checkhostip", oCheckHostIP },
+ { "stricthostkeychecking", oStrictHostKeyChecking },
+ { "compression", oCompression },
+ { "compressionlevel", oCompressionLevel },
+ { "keepalive", oKeepAlives },
+ { "numberofpasswordprompts", oNumberOfPasswordPrompts },
+ { "loglevel", oLogLevel },
+ { NULL, 0 }
+};
+
+/*
+ * Adds a local TCP/IP port forward to options. Never returns if there is an
+ * error.
+ */
+
+void
+add_local_forward(Options *options, u_short port, const char *host,
+ u_short host_port)
+{
+ Forward *fwd;
+ extern uid_t original_real_uid;
+ if (port < IPPORT_RESERVED && original_real_uid != 0)
+ fatal("Privileged ports can only be forwarded by root.\n");
+ if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
+ fwd = &options->local_forwards[options->num_local_forwards++];
+ fwd->port = port;
+ fwd->host = xstrdup(host);
+ fwd->host_port = host_port;
+}
+
+/*
+ * Adds a remote TCP/IP port forward to options. Never returns if there is
+ * an error.
+ */
+
+void
+add_remote_forward(Options *options, u_short port, const char *host,
+ u_short host_port)
+{
+ Forward *fwd;
+ if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("Too many remote forwards (max %d).",
+ SSH_MAX_FORWARDS_PER_DIRECTION);
+ fwd = &options->remote_forwards[options->num_remote_forwards++];
+ fwd->port = port;
+ fwd->host = xstrdup(host);
+ fwd->host_port = host_port;
+}
+
+/*
+ * Returns the number of the token pointed to by cp of length len. Never
+ * returns if the token is not known.
+ */
+
+static OpCodes
+parse_token(const char *cp, const char *filename, int linenum)
+{
+ u_int i;
+
+ for (i = 0; keywords[i].name; i++)
+ if (strcasecmp(cp, keywords[i].name) == 0)
+ return keywords[i].opcode;
+
+ fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
+ filename, linenum, cp);
+ return oBadOption;
+}
+
+/*
+ * Processes a single option line as used in the configuration files. This
+ * only sets those values that have not already been set.
+ */
+
+int
+process_config_line(Options *options, const char *host,
+ char *line, const char *filename, int linenum,
+ int *activep)
+{
+ char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
+ int opcode, *intptr, value;
+ u_short fwd_port, fwd_host_port;
+
+ s = line;
+ /* Get the keyword. (Each line is supposed to begin with a keyword). */
+ keyword = strdelim(&s);
+ /* Ignore leading whitespace. */
+ if (*keyword == '\0')
+ keyword = strdelim(&s);
+ if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
+ return 0;
+
+ opcode = parse_token(keyword, filename, linenum);
+
+ switch (opcode) {
+ case oBadOption:
+ /* don't panic, but count bad options */
+ return -1;
+ /* NOTREACHED */
+ case oForwardAgent:
+ intptr = &options->forward_agent;
+parse_flag:
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing yes/no argument.", filename, linenum);
+ value = 0; /* To avoid compiler warning... */
+ if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
+ value = 1;
+ else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
+ value = 0;
+ else
+ fatal("%.200s line %d: Bad yes/no argument.", filename, linenum);
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
+
+ case oForwardX11:
+ intptr = &options->forward_x11;
+ goto parse_flag;
+
+ case oGatewayPorts:
+ intptr = &options->gateway_ports;
+ goto parse_flag;
+
+ case oUsePrivilegedPort:
+ intptr = &options->use_privileged_port;
+ goto parse_flag;
+
+ case oRhostsAuthentication:
+ intptr = &options->rhosts_authentication;
Home |
Main Index |
Thread Index |
Old Index