Attachment #3439 for bug #2670




	{ NULL, -1 }
};

static int
parse_multistate_value(const char *arg, const char *filename, int linenum,
    const struct multistate *multistate_ptr)
{
	int i;

	if (!arg || *arg == '\0')
		fatal("%s line %d: missing argument.", filename, linenum);
	for (i = 0; multistate_ptr[i].key != NULL; i++) {
		if (strcasecmp(arg, multistate_ptr[i].key) == 0)
			return multistate_ptr[i].value;
	}
	return -1;
}

/*
 * Processes a single option line as used in the configuration files. This
 * only sets those values that have not already been set.

		multistate_ptr = multistate_flag;
 parse_multistate:
		arg = strdelim(&s);
		if ((value = parse_multistate_value(arg, filename, linenum,
		     multistate_ptr)) == -1) {
			    filename, linenum);
		value = -1;
		for (i = 0; multistate_ptr[i].key != NULL; i++) {
			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
				value = multistate_ptr[i].value;
				break;
			}
		}
		if (value == -1)
			fatal("%s line %d: unsupported option \"%s\".",
			    filename, linenum, arg);
		}
		if (*activep && *intptr == -1)
			*intptr = value;
		break;

		goto parse_keytypes;

	case oAddKeysToAgent:
		arg = strdelim(&s);
		arg2 = strdelim(&s);
		value = parse_multistate_value(arg, filename, linenum,
		     multistate_yesnoaskconfirm);
		value2 = 0; /* unlimited lifespan by default */
		if (value == 3 && arg2 != NULL) {
			/* allow "AddKeysToAgent confirm 5m" */
			if ((value2 = convtime(arg2)) == -1 || value2 > INT_MAX)
				fatal("%s line %d: invalid time value.",
				    filename, linenum);
		} else if (value == -1 && arg2 == NULL) {
			if ((value2 = convtime(arg)) == -1 || value2 > INT_MAX)
				fatal("%s line %d: unsupported option",
				    filename, linenum);
			value = 1; /* yes */
		} else if (value == -1 || arg2 != NULL) {
			fatal("%s line %d: unsupported option",
			    filename, linenum);
		}
		if (*activep && options->add_keys_to_agent == -1) {
			options->add_keys_to_agent = value;
			options->add_keys_to_agent_lifespan = value2;
		}
		break;

		arg = strdelim(&s);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing time value.",
			    filename, linenum);
		if (strcmp(arg, "none") == 0)
			value = -1;
		else if ((value = convtime(arg)) == -1 || value > INT_MAX)
			fatal("%s line %d: invalid time value.",
			    filename, linenum);
		if (*activep && *intptr == -1)
			*intptr = value;

	case oIdentityAgent:
		charptr = &options->identity_agent;

	options->permit_local_command = -1;
	options->remote_command = NULL;
	options->add_keys_to_agent = -1;
	options->add_keys_to_agent_lifespan = -1;
	options->identity_agent = NULL;
	options->visual_host_key = -1;
	options->ip_qos_interactive = -1;

	if (options->number_of_password_prompts == -1)
		options->number_of_password_prompts = 3;
	/* options->hostkeyalgorithms, default set in myproposals.h */
	if (options->add_keys_to_agent == -1) {
		options->add_keys_to_agent = 0;
		options->add_keys_to_agent_lifespan = 0;
	}
	if (options->num_identity_files == 0) {
		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);

	dump_cfg_int(oPort, o->port);

	/* Flag options */
	dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
	dump_cfg_fmtint(oAddressFamily, o->address_family);
	dump_cfg_fmtint(oBatchMode, o->batch_mode);
	dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);


	/* Special cases */

	/* AddKeysToAgent */
	if (o->add_keys_to_agent_lifespan <= 0)
		dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
	else {
		printf("addkeystoagent%s %d\n",
		    o->add_keys_to_agent == 3 ? " confirm" : "",
		    o->add_keys_to_agent_lifespan);
	}

	/* oForwardAgent */
	if (o->forward_agent_sock_path == NULL)
		dump_cfg_fmtint(oForwardAgent, o->forward_agent);

Lines 97-102 typedef struct { Link Here

(-)a/readconf.h (+1 lines)
97	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];	97	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
98		98
99	int add_keys_to_agent;	99	int add_keys_to_agent;
		100	int add_keys_to_agent_lifespan;
100	char identity_agent; / Optional path to ssh-agent socket */	101	char identity_agent; / Optional path to ssh-agent socket */
101		102
102	/* Local TCP/IP forward requests. */	103	/* Local TCP/IP forward requests. */

Lines 245-257 option was specified to Link Here

(-)a/ssh_config.5 (-5 / +14 lines)
245	If this option is set to	245	If this option is set to
246	.Cm no ,	246	.Cm no ,
247	no keys are added to the agent.	247	no keys are added to the agent.
		248	Alternately, this option may be specified as a time interval
		249	using the format described in the
		250	.Sx TIME FORMATS
		251	section of
		252	.Xr sshd_config 5
		253	to specify the key's lifetime in
		254	.Xr ssh-agent 1 ,
		255	after which it will automatically be removed.
248	The argument must be	256	The argument must be
249	.Cm yes ,
250	.Cm confirm ,
251	.Cm ask ,
252	or
253	.Cm no	257	.Cm no
254	(the default).	258	(the default),
		259	.Cm yes ,
		260	.Cm confirm
		261	(optionally followed by a time interval),
		262	.Cm ask
		263	or a time interval.
255	.It Cm AddressFamily	264	.It Cm AddressFamily
256	Specifies which address family to use when connecting.	265	Specifies which address family to use when connecting.
257	Valid arguments are	266	Valid arguments are

Lines 1395-1401 maybe_add_key_to_agent(const char authfile, struct sshkey private, Link Here

(-)a/sshconnect.c (-1 / +2 lines)
1395	if (sshkey_is_sk(private))	1395	if (sshkey_is_sk(private))
1396	skprovider = options.sk_provider;	1396	skprovider = options.sk_provider;
1397	if ((r = ssh_add_identity_constrained(auth_sock, private,	1397	if ((r = ssh_add_identity_constrained(auth_sock, private,
1398	comment == NULL ? authfile : comment, 0,	1398	comment == NULL ? authfile : comment,
		1399	options.add_keys_to_agent_lifespan,
1399	(options.add_keys_to_agent == 3), 0, skprovider)) == 0)	1400	(options.add_keys_to_agent == 3), 0, skprovider)) == 0)
1400	debug("identity added to agent: %s", authfile);	1401	debug("identity added to agent: %s", authfile);
1401	else	1402	else

Return to bug 2670

Lines 863-868 static const struct multistate multistate_compression[] = { Link Here

(-)a/readconf.c (-16 / +67 lines)
863	{ NULL, -1 }	863	{ NULL, -1 }
864	};	864	};
865		865
		866	static int
		867	parse_multistate_value(const char arg, const char filename, int linenum,
		868	const struct multistate *multistate_ptr)
		869	{
		870	int i;
		871
		872	if (!arg \|\| *arg == '\0')
		873	fatal("%s line %d: missing argument.", filename, linenum);
		874	for (i = 0; multistate_ptr[i].key != NULL; i++) {
		875	if (strcasecmp(arg, multistate_ptr[i].key) == 0)
		876	return multistate_ptr[i].value;
		877	}
		878	return -1;
		879	}
		880
866	/*	881	/*
867	* Processes a single option line as used in the configuration files. This	882	* Processes a single option line as used in the configuration files. This
868	* only sets those values that have not already been set.	883	* only sets those values that have not already been set.
Lines 986-1004 parse_time: Link Here
986	multistate_ptr = multistate_flag;	1001	multistate_ptr = multistate_flag;
987	parse_multistate:	1002	parse_multistate:
988	arg = strdelim(&s);	1003	arg = strdelim(&s);
989	if (!arg \|\| *arg == '\0')	1004	if ((value = parse_multistate_value(arg, filename, linenum,
990	fatal("%s line %d: missing argument.",	1005	multistate_ptr)) == -1) {
991	filename, linenum);
992	value = -1;
993	for (i = 0; multistate_ptr[i].key != NULL; i++) {
994	if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
995	value = multistate_ptr[i].value;
996	break;
997	}
998	}
999	if (value == -1)
1000	fatal("%s line %d: unsupported option \"%s\".",	1006	fatal("%s line %d: unsupported option \"%s\".",
1001	filename, linenum, arg);	1007	filename, linenum, arg);
		1008	}
1002	if (activep && intptr == -1)	1009	if (activep && intptr == -1)
1003	*intptr = value;	1010	*intptr = value;
1004	break;	1011	break;
Lines 1786-1794 parse_keytypes: Link Here
1786	goto parse_keytypes;	1793	goto parse_keytypes;
1787		1794
1788	case oAddKeysToAgent:	1795	case oAddKeysToAgent:
1789	intptr = &options->add_keys_to_agent;	1796	arg = strdelim(&s);
1790	multistate_ptr = multistate_yesnoaskconfirm;	1797	arg2 = strdelim(&s);
1791	goto parse_multistate;	1798	value = parse_multistate_value(arg, filename, linenum,
		1799	multistate_yesnoaskconfirm);
		1800	value2 = 0; /* unlimited lifespan by default */
		1801	if (value == 3 && arg2 != NULL) {
		1802	/* allow "AddKeysToAgent confirm 5m" */
		1803	if ((value2 = convtime(arg2)) == -1 \|\| value2 > INT_MAX)
		1804	fatal("%s line %d: invalid time value.",
		1805	filename, linenum);
		1806	} else if (value == -1 && arg2 == NULL) {
		1807	if ((value2 = convtime(arg)) == -1 \|\| value2 > INT_MAX)
		1808	fatal("%s line %d: unsupported option",
		1809	filename, linenum);
		1810	value = 1; /* yes */
		1811	} else if (value == -1 \|\| arg2 != NULL) {
		1812	fatal("%s line %d: unsupported option",
		1813	filename, linenum);
		1814	}
		1815	if (*activep && options->add_keys_to_agent == -1) {
		1816	options->add_keys_to_agent = value;
		1817	options->add_keys_to_agent_lifespan = value2;
		1818	}
		1819	break;
		1820
		1821	arg = strdelim(&s);
		1822	if (!arg \|\| *arg == '\0')
		1823	fatal("%s line %d: missing time value.",
		1824	filename, linenum);
		1825	if (strcmp(arg, "none") == 0)
		1826	value = -1;
		1827	else if ((value = convtime(arg)) == -1 \|\| value > INT_MAX)
		1828	fatal("%s line %d: invalid time value.",
		1829	filename, linenum);
		1830	if (activep && intptr == -1)
		1831	*intptr = value;
1792		1832
1793	case oIdentityAgent:	1833	case oIdentityAgent:
1794	charptr = &options->identity_agent;	1834	charptr = &options->identity_agent;
Lines 2002-2007 initialize_options(Options * options) Link Here
2002	options->permit_local_command = -1;	2042	options->permit_local_command = -1;
2003	options->remote_command = NULL;	2043	options->remote_command = NULL;
2004	options->add_keys_to_agent = -1;	2044	options->add_keys_to_agent = -1;
		2045	options->add_keys_to_agent_lifespan = -1;
2005	options->identity_agent = NULL;	2046	options->identity_agent = NULL;
2006	options->visual_host_key = -1;	2047	options->visual_host_key = -1;
2007	options->ip_qos_interactive = -1;	2048	options->ip_qos_interactive = -1;
Lines 2109-2116 fill_default_options(Options * options) Link Here
2109	if (options->number_of_password_prompts == -1)	2150	if (options->number_of_password_prompts == -1)
2110	options->number_of_password_prompts = 3;	2151	options->number_of_password_prompts = 3;
2111	/* options->hostkeyalgorithms, default set in myproposals.h */	2152	/* options->hostkeyalgorithms, default set in myproposals.h */
2112	if (options->add_keys_to_agent == -1)	2153	if (options->add_keys_to_agent == -1) {
2113	options->add_keys_to_agent = 0;	2154	options->add_keys_to_agent = 0;
		2155	options->add_keys_to_agent_lifespan = 0;
		2156	}
2114	if (options->num_identity_files == 0) {	2157	if (options->num_identity_files == 0) {
2115	add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);	2158	add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
2116	add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);	2159	add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
Lines 2707-2713 dump_client_config(Options o, const char host) Link Here
2707	dump_cfg_int(oPort, o->port);	2750	dump_cfg_int(oPort, o->port);
2708		2751
2709	/* Flag options */	2752	/* Flag options */
2710	dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
2711	dump_cfg_fmtint(oAddressFamily, o->address_family);	2753	dump_cfg_fmtint(oAddressFamily, o->address_family);
2712	dump_cfg_fmtint(oBatchMode, o->batch_mode);	2754	dump_cfg_fmtint(oBatchMode, o->batch_mode);
2713	dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);	2755	dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);
Lines 2795-2800 dump_client_config(Options o, const char host) Link Here
2795		2837
2796	/* Special cases */	2838	/* Special cases */
2797		2839
		2840	/* AddKeysToAgent */
		2841	if (o->add_keys_to_agent_lifespan <= 0)
		2842	dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
		2843	else {
		2844	printf("addkeystoagent%s %d\n",
		2845	o->add_keys_to_agent == 3 ? " confirm" : "",
		2846	o->add_keys_to_agent_lifespan);
		2847	}
		2848
2798	/* oForwardAgent */	2849	/* oForwardAgent */
2799	if (o->forward_agent_sock_path == NULL)	2850	if (o->forward_agent_sock_path == NULL)
2800	dump_cfg_fmtint(oForwardAgent, o->forward_agent);	2851	dump_cfg_fmtint(oForwardAgent, o->forward_agent);