Attachment #1623 for bug #1585




	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
	oVisualHostKey, oZeroKnowledgePasswordAuthentication,
	oInclude,
	oDeprecated, oUnsupported
} OpCodes;

/* Textual representations of the tokens. */

static struct {
	const char *name;
	OpCodes opcode;

	{ "permitlocalcommand", oPermitLocalCommand },
	{ "visualhostkey", oVisualHostKey },
#ifdef JPAKE
	{ "zeroknowledgepasswordauthentication",
	    oZeroKnowledgePasswordAuthentication },
#else
	{ "zeroknowledgepasswordauthentication", oUnsupported },
#endif
	{ "include", oInclude },

	{ NULL, oBadOption }
};

/*
 * Adds a local TCP/IP port forward to options.  Never returns if there is an
 * error.
 */

	case oPermitLocalCommand:
		intptr = &options->permit_local_command;
		goto parse_flag;

	case oVisualHostKey:
		intptr = &options->visual_host_key;
		goto parse_flag;

	case oInclude:
		arg = strdelim(&s);
		if (!arg || *arg == '\0')
			fatal("%.200s line %d: Missing argument.", filename, linenum);
		char* newfile = NULL;
		/*
		 * expand "~/some/file" into "$HOME/some/file"
		 * expand "~username/some/file" into "$HOME/some/file" for username's
         * $HOME
		 * "~" on its own will not expand
		 */
		if(*arg == '~') {
			if(arg[1] == '/') {
				/* ~/some/file or ~/ case: */

				/*
				 * get passwd entry for uid
				 */
				const uid_t uid = getuid();
				struct passwd *pwd = getpwuid(uid);
				if(!pwd)
					fatal("%.200s line %d: Couldn't get user info for uid \"%ld\": %s",
						filename, linenum, (const long)(uid), strerror(errno));

				if(!pwd->pw_dir)
					fatal("%.200s line %d: Couldn't expand home directory for \"%s\"",
						filename, linenum, arg);

				/*
				 * construct expanded string
				 */
				const size_t pwddirlen = strlen(pwd->pw_dir);
				newfile = (char*)( malloc(pwddirlen + 1 + strlen(arg)) );
				if(!newfile)
					abort();
				strcpy(newfile, pwd->pw_dir);
				strcpy(newfile + pwddirlen, arg+1);
			} else if(arg[1] != '\0') {
				/* ~username/ or ~username case: */

				/*
				 * parse username portion
				 */
				unsigned int i;
				for(i = 1; arg[i] != '/' && arg[i] != '\0'; ++i) {}
				/* allocate for i-1 chars and 1 '\0' terminator */
				char *username = (char*)( malloc(i) );
				if(!username)
					abort();
				memset(username, 0, i);
				strncpy(username, arg+1, i-1);

				/*
				 * get passwd entry
				 */
				struct passwd *pwd = getpwnam(username);
				if(!pwd)
					fatal("%.200s line %d: Couldn't get user info for username \"%s\": %s",
						filename, linenum, username, strerror(errno));
				free(username);

				if(!pwd->pw_dir)
					fatal("%.200s line %d: Couldn't expand home directory for \"%s\"",
						filename, linenum, arg);

				/*
				 * construct expanded string
				 */
				const size_t pwddirlen = strlen(pwd->pw_dir);
				newfile = (char*)( malloc(pwddirlen + 1 + strlen(arg)) );
				if(!newfile)
					abort();
				strcpy(newfile, pwd->pw_dir);
				strcpy(newfile + pwddirlen, arg+i);
			}
		}
		int ret;
		char* readfile = newfile ? newfile : arg;
		if((ret = (read_config_file(readfile, host, options, 1) ? 0 : -1)) != 0)
			error("%s line %d: Error reading Include file \"%s\".",
				filename, linenum, readfile);
		if(newfile)
			free(newfile);
		if(ret)
			return ret;
		break;

	case oDeprecated:
		debug("%s line %d: Deprecated option \"%s\"",
		    filename, linenum, keyword);
		return 0;

	case oUnsupported:
		error("%s line %d: Unsupported option \"%s\"",
		    filename, linenum, keyword);




.Ql %h
(remote host name) or
.Ql %r
(remote user name).
.Pp
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
.It Cm Include
Read the specified file as if its contents were pasted here.
Files of the form
.Dq ~/path/to/config
will expand to
.Dq $HOME/path/to/config
where
.Dq $HOME
is the user's home directoy.
Files of the form
.Dq ~username/path/to/config
will expand to
.Dq $HOME/path/to/config
where
.Dq $HOME
is
.Dq username
\'s home directory.
A single
.Dq ~
will not expand at all.
Bad error counts are unique to each configuration file.
.It Cm KbdInteractiveAuthentication
Specifies whether to use keyboard-interactive authentication.
The argument to this keyword must be
.Dq yes
or
.Dq no .
The default is
.Dq yes .

Return to bug 1585

Lines 126-141 Link Here

(-)openssh-5.2p1/readconf.c (+89 lines)
126	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,	126	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
127	oClearAllForwardings, oNoHostAuthenticationForLocalhost,	127	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
128	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,	128	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
129	oAddressFamily, oGssAuthentication, oGssDelegateCreds,	129	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
130	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,	130	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,	131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,	132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
133	oVisualHostKey, oZeroKnowledgePasswordAuthentication,	133	oVisualHostKey, oZeroKnowledgePasswordAuthentication,
		134	oInclude,
134	oDeprecated, oUnsupported	135	oDeprecated, oUnsupported
135	} OpCodes;	136	} OpCodes;
136		137
137	/* Textual representations of the tokens. */	138	/* Textual representations of the tokens. */
138		139
139	static struct {	140	static struct {
140	const char *name;	141	const char *name;
141	OpCodes opcode;	142	OpCodes opcode;
Lines 229-244 Link Here
229	{ "permitlocalcommand", oPermitLocalCommand },	230	{ "permitlocalcommand", oPermitLocalCommand },
230	{ "visualhostkey", oVisualHostKey },	231	{ "visualhostkey", oVisualHostKey },
231	#ifdef JPAKE	232	#ifdef JPAKE
232	{ "zeroknowledgepasswordauthentication",	233	{ "zeroknowledgepasswordauthentication",
233	oZeroKnowledgePasswordAuthentication },	234	oZeroKnowledgePasswordAuthentication },
234	#else	235	#else
235	{ "zeroknowledgepasswordauthentication", oUnsupported },	236	{ "zeroknowledgepasswordauthentication", oUnsupported },
236	#endif	237	#endif
		238	{ "include", oInclude },
237		239
238	{ NULL, oBadOption }	240	{ NULL, oBadOption }
239	};	241	};
240		242
241	/*	243	/*
242	* Adds a local TCP/IP port forward to options. Never returns if there is an	244	* Adds a local TCP/IP port forward to options. Never returns if there is an
243	* error.	245	* error.
244	*/	246	*/
Lines 909-924 Link Here
909	case oPermitLocalCommand:	911	case oPermitLocalCommand:
910	intptr = &options->permit_local_command;	912	intptr = &options->permit_local_command;
911	goto parse_flag;	913	goto parse_flag;
912		914
913	case oVisualHostKey:	915	case oVisualHostKey:
914	intptr = &options->visual_host_key;	916	intptr = &options->visual_host_key;
915	goto parse_flag;	917	goto parse_flag;
916		918
		919	case oInclude:
		920	arg = strdelim(&s);
		921	if (!arg \|\| *arg == '\0')
		922	fatal("%.200s line %d: Missing argument.", filename, linenum);
		923	char* newfile = NULL;
		924	/*
		925	* expand "~/some/file" into "$HOME/some/file"
		926	* expand "~username/some/file" into "$HOME/some/file" for username's
		927	* $HOME
		928	* "~" on its own will not expand
		929	*/
		930	if(*arg == '~') {
		931	if(arg[1] == '/') {
		932	/* ~/some/file or ~/ case: */
		933
		934	/*
		935	* get passwd entry for uid
		936	*/
		937	const uid_t uid = getuid();
		938	struct passwd *pwd = getpwuid(uid);
		939	if(!pwd)
		940	fatal("%.200s line %d: Couldn't get user info for uid \"%ld\": %s",
		941	filename, linenum, (const long)(uid), strerror(errno));
		942
		943	if(!pwd->pw_dir)
		944	fatal("%.200s line %d: Couldn't expand home directory for \"%s\"",
		945	filename, linenum, arg);
		946
		947	/*
		948	* construct expanded string
		949	*/
		950	const size_t pwddirlen = strlen(pwd->pw_dir);
		951	newfile = (char*)( malloc(pwddirlen + 1 + strlen(arg)) );
		952	if(!newfile)
		953	abort();
		954	strcpy(newfile, pwd->pw_dir);
		955	strcpy(newfile + pwddirlen, arg+1);
		956	} else if(arg[1] != '\0') {
		957	/* ~username/ or ~username case: */
		958
		959	/*
		960	* parse username portion
		961	*/
		962	unsigned int i;
		963	for(i = 1; arg[i] != '/' && arg[i] != '\0'; ++i) {}
		964	/* allocate for i-1 chars and 1 '\0' terminator */
		965	char username = (char)( malloc(i) );
		966	if(!username)
		967	abort();
		968	memset(username, 0, i);
		969	strncpy(username, arg+1, i-1);
		970
		971	/*
		972	* get passwd entry
		973	*/
		974	struct passwd *pwd = getpwnam(username);
		975	if(!pwd)
		976	fatal("%.200s line %d: Couldn't get user info for username \"%s\": %s",
		977	filename, linenum, username, strerror(errno));
		978	free(username);
		979
		980	if(!pwd->pw_dir)
		981	fatal("%.200s line %d: Couldn't expand home directory for \"%s\"",
		982	filename, linenum, arg);
983
984	/*
985	* construct expanded string
986	*/
987	const size_t pwddirlen = strlen(pwd->pw_dir);
988	newfile = (char*)( malloc(pwddirlen + 1 + strlen(arg)) );
989	if(!newfile)
990	abort();
991	strcpy(newfile, pwd->pw_dir);
992	strcpy(newfile + pwddirlen, arg+i);
993	}
994	}
995	int ret;
996	char* readfile = newfile ? newfile : arg;
997	if((ret = (read_config_file(readfile, host, options, 1) ? 0 : -1)) != 0)
998	error("%s line %d: Error reading Include file \"%s\".",
999	filename, linenum, readfile);
1000	if(newfile)
1001	free(newfile);
1002	if(ret)
1003	return ret;
1004	break;
1005
917	case oDeprecated:	1006	case oDeprecated:
918	debug("%s line %d: Deprecated option \"%s\"",	1007	debug("%s line %d: Deprecated option \"%s\"",
919	filename, linenum, keyword);	1008	filename, linenum, keyword);
920	return 0;	1009	return 0;
921		1010
922	case oUnsupported:	1011	case oUnsupported:
923	error("%s line %d: Unsupported option \"%s\"",	1012	error("%s line %d: Unsupported option \"%s\"",
924	filename, linenum, keyword);	1013	filename, linenum, keyword);

Lines 572-587 Link Here

(-)openssh-5.2p1/ssh_config.5 (+22 lines)
572	.Ql %h	572	.Ql %h
573	(remote host name) or	573	(remote host name) or
574	.Ql %r	574	.Ql %r
575	(remote user name).	575	(remote user name).
576	.Pp	576	.Pp
577	It is possible to have	577	It is possible to have
578	multiple identity files specified in configuration files; all these	578	multiple identity files specified in configuration files; all these
579	identities will be tried in sequence.	579	identities will be tried in sequence.
		580	.It Cm Include
		581	Read the specified file as if its contents were pasted here.
		582	Files of the form
		583	.Dq ~/path/to/config
		584	will expand to
		585	.Dq $HOME/path/to/config
		586	where
		587	.Dq $HOME
		588	is the user's home directoy.
		589	Files of the form
		590	.Dq ~username/path/to/config
		591	will expand to
		592	.Dq $HOME/path/to/config
		593	where
		594	.Dq $HOME
		595	is
		596	.Dq username
		597	\'s home directory.
		598	A single
		599	.Dq ~
		600	will not expand at all.
		601	Bad error counts are unique to each configuration file.
580	.It Cm KbdInteractiveAuthentication	602	.It Cm KbdInteractiveAuthentication
581	Specifies whether to use keyboard-interactive authentication.	603	Specifies whether to use keyboard-interactive authentication.
582	The argument to this keyword must be	604	The argument to this keyword must be
583	.Dq yes	605	.Dq yes
584	or	606	or
585	.Dq no .	607	.Dq no .
586	The default is	608	The default is
587	.Dq yes .	609	.Dq yes .