Attachment #3384 for bug #3122

View | Details | Raw Unified | Return to bug 3122 | Differences between
Collapse All | Expand All




		cmdline = 1;
		activep = &cmdline;
	}
	if (*activep == 1 && opcode != sMatch && opcode != sInclude)
		debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
		if (connectinfo == NULL) {

		if ((value = convtime(arg)) == -1)
			fatal("%s line %d: invalid time value.",
			    filename, linenum);
		if (*activep == 1 && *intptr == -1)
			*intptr = value;
		break;


		if (value == -1)
			fatal("%s line %d: unsupported option \"%s\".",
			    filename, linenum, arg);
		if (*activep == 1 && *intptr == -1)
			*intptr = value;
		break;


		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1) {
			servconf_add_hostkey(filename, linenum,
			    options, arg, 1);
		}

		if (!arg || *arg == '\0')
			fatal("%s line %d: missing socket name.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL)
			*charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
			    xstrdup(arg) : derelativise_path(arg);
		break;

		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1)
			servconf_add_hostcert(filename, linenum, options, arg);
		break;


		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL) {
			*charptr = derelativise_path(arg);
			/* increase optional counter */
			if (intptr != NULL)

		    arg + 1 : arg, 1))
			fatal("%s line %d: Bad key types '%s'.",
			    filename, linenum, arg ? arg : "<NONE>");
		if (*activep == 1 && *charptr == NULL)
			*charptr = xstrdup(arg);
		break;


				    filename, linenum, arg);
			}
		}
		if (*activep == 1 && *intptr == -1)
			*intptr = value;
		break;


		if ((errstr = atoi_err(arg, &value)) != NULL)
			fatal("%s line %d: integer value %s.",
			    filename, linenum, errstr);
		if (*activep == 1 && *intptr == -1)
			*intptr = value;
		break;


			value = 1;
			p = xstrdup(arg);
		}
		if (*activep == 1 && *intptr == -1) {
			*intptr = value;
			*charptr = p;
			p = NULL;

				fatal("%.200s line %d: RekeyLimit too small",
				    filename, linenum);
		}
		if (*activep == 1 && options->rekey_limit == -1)
			options->rekey_limit = val64;
		if (cp != NULL) { /* optional rekey interval present */
			if (strcmp(cp, "none") == 0) {

		if (value == SYSLOG_LEVEL_NOT_SET)
			fatal("%.200s line %d: unsupported log level '%s'",
			    filename, linenum, arg ? arg : "<NONE>");
		if (*activep == 1 && *log_level_ptr == -1)
			*log_level_ptr = (LogLevel) value;
		break;


			if (match_user(NULL, NULL, NULL, arg) == -1)
				fatal("%s line %d: invalid AllowUsers pattern: "
				    "\"%.100s\"", filename, linenum, arg);
			if (*activep != 1)
				continue;
			array_append(filename, linenum, "AllowUsers",
			    &options->allow_users, &options->num_allow_users,

			if (match_user(NULL, NULL, NULL, arg) == -1)
				fatal("%s line %d: invalid DenyUsers pattern: "
				    "\"%.100s\"", filename, linenum, arg);
			if (*activep != 1)
				continue;
			array_append(filename, linenum, "DenyUsers",
			    &options->deny_users, &options->num_deny_users,


	case sAllowGroups:
		while ((arg = strdelim(&cp)) && *arg != '\0') {
			if (*activep != 1)
				continue;
			array_append(filename, linenum, "AllowGroups",
			    &options->allow_groups, &options->num_allow_groups,


	case sDenyGroups:
		while ((arg = strdelim(&cp)) && *arg != '\0') {
			if (*activep != 1)
				continue;
			array_append(filename, linenum, "DenyGroups",
			    &options->deny_groups, &options->num_deny_groups,

		if (!arg || *arg == '\0')
			fatal("%s line %d: Missing subsystem name.",
			    filename, linenum);
		if (*activep != 1) {
			arg = strdelim(&cp);
			break;
		}

	 * AuthorizedKeysFile	/etc/ssh_keys/%u
	 */
	case sAuthorizedKeysFile:
		if (*activep == 1 && options->num_authkeys_files == 0) {
			while ((arg = strdelim(&cp)) && *arg != '\0') {
				arg = tilde_expand_filename(arg, getuid());
				array_append(filename, linenum,

		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL) {
			*charptr = tilde_expand_filename(arg, getuid());
			/* increase optional counter */
			if (intptr != NULL)

			if (strchr(arg, '=') != NULL)
				fatal("%s line %d: Invalid environment name.",
				    filename, linenum);
			if (*activep != 1)
				continue;
			array_append(filename, linenum, "AcceptEnv",
			    &options->accept_env, &options->num_accept_env,

			if (strchr(arg, '=') == NULL)
				fatal("%s line %d: Invalid environment.",
				    filename, linenum);
			if (*activep != 1 || uvalue != 0)
				continue;
			array_append(filename, linenum, "SetEnv",
			    &options->setenv, &options->num_setenv, arg);

		if (value == -1)
			fatal("%s line %d: Bad yes/point-to-point/ethernet/"
			    "no argument: %s", filename, linenum, arg);
		if (*activep == 1 && *intptr == -1)
			*intptr = value;
		break;


				if (strcmp(item->selector, arg) != 0)
					continue;
				if (item->filename != NULL) {
					debug2("%s line %d: including %s "
					    "depth %d%s", filename, linenum,
					    item->filename, depth,
					    oactive == 1 ? "" : " (parse only)");
					parse_server_config_depth(options,
					    item->filename, item->contents,
					    includes, connectinfo,

			if (gbuf.gl_pathc > INT_MAX)
				fatal("%s: too many glob results", __func__);
			for (n = 0; n < (int)gbuf.gl_pathc; n++) {
				debug2("%s line %d: including %s depth %d%s",
				    filename, linenum, gbuf.gl_pathv[n],
				    depth, oactive ? "" : " (parse only)");
				item = xcalloc(1, sizeof(*item));
				item->selector = strdup(arg);
				item->filename = strdup(gbuf.gl_pathv[n]);

		if (value < 0)
			fatal("%s line %d: Bad Match condition", filename,
			    linenum);
		/* The first match overwrites special value 2 when reparsing */
		*activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
		break;


			    filename, linenum, lookup_opcode_name(opcode));
		uvalue = *uintptr;	/* modified later */
		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
			if (*activep == 1 && uvalue == 0) {
				*uintptr = 1;
				*chararrayptr = xcalloc(1,
				    sizeof(**chararrayptr));

				    filename, linenum,
				    lookup_opcode_name(opcode));
			}
			if (*activep == 1 && uvalue == 0) {
				array_append(filename, linenum,
				    lookup_opcode_name(opcode),
				    chararrayptr, uintptr, arg2);

			fatal("%.200s line %d: Missing argument.", filename,
			    linenum);
		len = strspn(cp, WHITESPACE);
		if (*activep == 1 && options->adm_forced_command == NULL)
			options->adm_forced_command = xstrdup(cp + len);
		return 0;


		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL)
			*charptr = xstrdup(arg);
		break;


		if (!arg || *arg == '\0')
			fatal("%s line %d: missing file name.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL) {
			*charptr = strcasecmp(arg, "internal") == 0 ?
			    xstrdup(arg) : derelativise_path(arg);
			/* increase optional counter */

		else if ((value2 = parse_ipqos(arg)) == -1)
			fatal("%s line %d: Bad IPQoS value: %s",
			    filename, linenum, arg);
		if (*activep == 1) {
			options->ip_qos_interactive = value;
			options->ip_qos_bulk = value2;
		}

			fatal("%.200s line %d: Missing argument.", filename,
			    linenum);
		len = strspn(cp, WHITESPACE);
		if (*activep == 1 && options->version_addendum == NULL) {
			if (strcasecmp(cp + len, "none") == 0)
				options->version_addendum = xstrdup("");
			else if (strchr(cp + len, '\r') != NULL)

			fatal("%.200s line %d: Missing argument.", filename,
			    linenum);
		len = strspn(cp, WHITESPACE);
		if (*activep == 1 && options->authorized_keys_command == NULL) {
			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
				fatal("%.200s line %d: AuthorizedKeysCommand "
				    "must be an absolute path",

		if (!arg || *arg == '\0')
			fatal("%s line %d: missing AuthorizedKeysCommandUser "
			    "argument.", filename, linenum);
		if (*activep == 1 && *charptr == NULL)
			*charptr = xstrdup(arg);
		break;


			fatal("%.200s line %d: Missing argument.", filename,
			    linenum);
		len = strspn(cp, WHITESPACE);
		if (*activep == 1 &&
		    options->authorized_principals_command == NULL) {
			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
				fatal("%.200s line %d: "

			fatal("%s line %d: missing "
			    "AuthorizedPrincipalsCommandUser argument.",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL)
			*charptr = xstrdup(arg);
		break;


					    filename, linenum);
				}
				value2 = 1;
				if (*activep != 1)
					continue;
				array_append(filename, linenum,
				    "AuthenticationMethods",

		value = strtol(arg, &p, 8);
		if (arg == p || value < 0 || value > 0777)
			fatal("%s line %d: Bad mask.", filename, linenum);
		if (*activep == 1)
			options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
		break;


		if ((value = ssh_digest_alg_by_name(arg)) == -1)
			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
			    filename, linenum, arg);
		if (*activep == 1)
			options->fingerprint_hash = value;
		break;


		    !valid_rdomain(arg))
			fatal("%s line %d: bad routing domain",
			    filename, linenum);
		if (*activep == 1 && *charptr == NULL)
			*charptr = xstrdup(arg);
		break;


    struct sshbuf *conf, struct include_list *includes,
    struct connection_info *connectinfo)
{
	int active = connectinfo ? 2 : 1;
	parse_server_config_depth(options, filename, conf, includes,
	    connectinfo, 0, &active, 0);
}

Return to bug 3122