diff options
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/readconf.c b/readconf.c index db5f2d5476ad..433811521bb1 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -172,7 +172,7 @@ typedef enum { oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, - oPubkeyAcceptedKeyTypes, oProxyJump, + oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -266,6 +266,7 @@ static struct { { "dynamicforward", oDynamicForward }, { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, + { "casignaturealgorithms", oCASignatureAlgorithms }, { "bindaddress", oBindAddress }, { "bindinterface", oBindInterface }, { "clearallforwardings", oClearAllForwardings }, @@ -1157,7 +1158,20 @@ parse_command: return 0; case oPort: - intptr = &options->port; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + value = a2port(arg); + if (value <= 0) + fatal("%.200s line %d: Bad port '%s'.", + filename, linenum, arg); + if (*activep && options->port == -1) + options->port = value; + break; + + case oConnectionAttempts: + intptr = &options->connection_attempts; parse_int: arg = strdelim(&s); if ((errstr = atoi_err(arg, &value)) != NULL) @@ -1167,10 +1181,6 @@ parse_int: *intptr = value; break; - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; - case oCiphers: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -1221,6 +1231,10 @@ parse_keytypes: *charptr = xstrdup(arg); break; + case oCASignatureAlgorithms: + charptr = &options->ca_sign_algorithms; + goto parse_keytypes; + case oLogLevel: log_level_ptr = &options->log_level; arg = strdelim(&s); @@ -1695,7 +1709,18 @@ parse_keytypes: case oIdentityAgent: charptr = &options->identity_agent; - goto parse_string; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + /* Extra validation if the string represents an env var. */ + if (arg[0] == '$' && !valid_env_name(arg + 1)) { + fatal("%.200s line %d: Invalid environment name %s.", + filename, linenum, arg); + } + if (*activep && *charptr == NULL) + *charptr = xstrdup(arg); + break; case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", @@ -1836,6 +1861,7 @@ initialize_options(Options * options) options->macs = NULL; options->kex_algorithms = NULL; options->hostkeyalgorithms = NULL; + options->ca_sign_algorithms = NULL; options->num_identity_files = 0; options->num_certificate_files = 0; options->hostname = NULL; @@ -1924,7 +1950,7 @@ fill_default_options_for_canonicalization(Options *options) void fill_default_options(Options * options) { - char *all_cipher, *all_mac, *all_kex, *all_key; + char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig; int r; if (options->forward_agent == -1) @@ -2077,6 +2103,7 @@ fill_default_options(Options * options) all_mac = mac_alg_list(','); all_kex = kex_alg_list(','); all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); #define ASSEMBLE(what, defaults, all) \ do { \ if ((r = kex_assemble_names(&options->what, \ @@ -2088,11 +2115,13 @@ fill_default_options(Options * options) ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); #undef ASSEMBLE free(all_cipher); free(all_mac); free(all_kex); free(all_key); + free(all_sig); #define CLEAR_ON_NONE(v) \ do { \ @@ -2614,6 +2643,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); + dump_cfg_string(oCASignatureAlgorithms, o->ca_sign_algorithms ? o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS); dump_cfg_string(oLocalCommand, o->local_command); dump_cfg_string(oRemoteCommand, o->remote_command); dump_cfg_string(oLogLevel, log_level_name(o->log_level)); |