Attachment #2238 for bug #2084

View | Details | Raw Unified | Return to bug 2084
Collapse All | Expand All




/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
/*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

	options->tun_open = SSH_TUNMODE_NO;
}

void
add_identity_file(Options *options, const char *dir, const char *filename,
    int userprovided)
{
	char *path;

	if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
		fatal("Too many identity files specified (max %d)",
		    SSH_MAX_IDENTITY_FILES);

	if (dir == NULL) /* no dir, filename is absolute */
		path = xstrdup(filename);
	else
		(void)xasprintf(&path, "%.100s%.100s", dir, filename);

	options->identity_file_userprovided[options->num_identity_files] =
	    userprovided;
	options->identity_files[options->num_identity_files++] = path;
}

/*
 * Returns the number of the token pointed to by cp or oBadOption.
 */

int
process_config_line(Options *options, const char *host,
		    char *line, const char *filename, int linenum,
		    int *activep, int userconfig)
{
	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
	char **cpptr, fwdarg[256];

			if (*intptr >= SSH_MAX_IDENTITY_FILES)
				fatal("%.200s line %d: Too many identity files specified (max %d).",
				    filename, linenum, SSH_MAX_IDENTITY_FILES);
			add_identity_file(options, NULL, arg, userconfig);
			*charptr = xstrdup(arg);
			*intptr = *intptr + 1;
		}
		break;



int
read_config_file(const char *filename, const char *host, Options *options,
    int flags)
{
	FILE *f;
	char line[1024];

	if ((f = fopen(filename, "r")) == NULL)
		return 0;

	if (flags & SSHCONF_CHECKPERM) {
		struct stat sb;

		if (fstat(fileno(f), &sb) == -1)

	while (fgets(line, sizeof(line), f)) {
		/* Update line number counter. */
		linenum++;
		if (process_config_line(options, host, line, filename, linenum,
		    &active, flags & SSHCONF_USERCONF) != 0)
			bad_options++;
	}
	fclose(f);

		options->protocol = SSH_PROTO_2;
	if (options->num_identity_files == 0) {
		if (options->protocol & SSH_PROTO_1) {
			add_identity_file(options, "~/",
			    _PATH_SSH_CLIENT_IDENTITY, 0);
			    xmalloc(len);
			snprintf(options->identity_files[options->num_identity_files++],
			    len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
		}
		if (options->protocol & SSH_PROTO_2) {
			add_identity_file(options, "~/",
			    _PATH_SSH_CLIENT_ID_RSA, 0);
			add_identity_file(options, "~/",
			    _PATH_SSH_CLIENT_ID_DSA, 0);
			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);

			len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
			options->identity_files[options->num_identity_files] =
			    xmalloc(len);
			snprintf(options->identity_files[options->num_identity_files++],
			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
#ifdef OPENSSL_HAS_ECC
			add_identity_file(options, "~/",
			    _PATH_SSH_CLIENT_ID_ECDSA, 0);
			    xmalloc(len);
			snprintf(options->identity_files[options->num_identity_files++],
			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
#endif
		}
	}

Lines 1-4 Link Here

(-)readconf.h (-2 / +8 lines)
1	/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */	1	/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
Lines 96-101 typedef struct { Link Here
96		96
97	int num_identity_files; /* Number of files for RSA/DSA identities. */	97	int num_identity_files; /* Number of files for RSA/DSA identities. */
98	char *identity_files[SSH_MAX_IDENTITY_FILES];	98	char *identity_files[SSH_MAX_IDENTITY_FILES];
		99	int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
99	Key *identity_keys[SSH_MAX_IDENTITY_FILES];	100	Key *identity_keys[SSH_MAX_IDENTITY_FILES];
100		101
101	/* Local TCP/IP forward requests. */	102	/* Local TCP/IP forward requests. */
Lines 148-162 typedef struct { Link Here
148	#define REQUEST_TTY_YES 2	149	#define REQUEST_TTY_YES 2
149	#define REQUEST_TTY_FORCE 3	150	#define REQUEST_TTY_FORCE 3
150		151
		152	#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
		153	#define SSHCONF_USERCONF 2 /* user provided config file not system */
		154
151	void initialize_options(Options *);	155	void initialize_options(Options *);
152	void fill_default_options(Options *);	156	void fill_default_options(Options *);
153	int read_config_file(const char , const char , Options *, int);	157	int read_config_file(const char , const char , Options *, int);
154	int parse_forward(Forward , const char , int, int);	158	int parse_forward(Forward , const char , int, int);
155		159
156	int	160	int
157	process_config_line(Options , const char , char , const char , int, int *);	161	process_config_line(Options , const char , char , const char , int, int *,
		162	int);
158		163
159	void add_local_forward(Options , const Forward );	164	void add_local_forward(Options , const Forward );
160	void add_remote_forward(Options , const Forward );	165	void add_remote_forward(Options , const Forward );
		166	void add_identity_file(Options , const char , const char *, int);
161		167
162	#endif /* READCONF_H */	168	#endif /* READCONF_H */




/* $OpenBSD: ssh.c,v 1.372 2013/02/22 04:45:09 dtucker Exp $ */
/*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

				    strerror(errno));
				break;
			}
			add_identity_file(&options, NULL, optarg, 1);
			    SSH_MAX_IDENTITY_FILES)
				fatal("Too many identity files specified "
				    "(max %d)", SSH_MAX_IDENTITY_FILES);
			options.identity_files[options.num_identity_files++] =
			    xstrdup(optarg);
			break;
		case 'I':
#ifdef ENABLE_PKCS11

			dummy = 1;
			line = xstrdup(optarg);
			if (process_config_line(&options, host ? host : "",
			    line, "command-line", 0, &dummy, SSHCONF_USERCONF)
			    != 0)
				exit(255);
			xfree(line);
			break;

	 * file if the user specifies a config file on the command line.
	 */
	if (config != NULL) {
		if (!read_config_file(config, host, &options, SSHCONF_USERCONF))
			fatal("Can't open user config file %.100s: "
			    "%.100s", config, strerror(errno));
	} else {
		r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
		    _PATH_SSH_USER_CONFFILE);
		if (r > 0 && (size_t)r < sizeof(buf))
			(void)read_config_file(buf, host, &options,
			     SSHCONF_CHECKPERM|SSHCONF_USERCONF);

		/* Read systemwide configuration file after user config. */
		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,

Lines 1-4 Link Here

(-)sshconnect2.c (-2 / +2 lines)
1	/* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
Lines 1384-1390 pubkey_prepare(Authctxt *authctxt) Link Here
1384	id = xcalloc(1, sizeof(*id));	1384	id = xcalloc(1, sizeof(*id));
1385	id->key = key;	1385	id->key = key;
1386	id->filename = xstrdup(options.identity_files[i]);	1386	id->filename = xstrdup(options.identity_files[i]);
1387	id->userprovided = 1;	1387	id->userprovided = options.identity_file_userprovided[i];
1388	TAILQ_INSERT_TAIL(&files, id, next);	1388	TAILQ_INSERT_TAIL(&files, id, next);
1389	}	1389	}
1390	/* Prefer PKCS11 keys that are explicitly listed */	1390	/* Prefer PKCS11 keys that are explicitly listed */

Return to bug 2084

Lines 1-4 Link Here

(-)readconf.c (-29 / +35 lines)
1	/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */	1	/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Lines 326-331 clear_forwardings(Options *options) Link Here
326	options->tun_open = SSH_TUNMODE_NO;	326	options->tun_open = SSH_TUNMODE_NO;
327	}	327	}
328		328
		329	void
		330	add_identity_file(Options options, const char dir, const char *filename,
		331	int userprovided)
		332	{
		333	char *path;
		334
		335	if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
		336	fatal("Too many identity files specified (max %d)",
		337	SSH_MAX_IDENTITY_FILES);
		338
		339	if (dir == NULL) /* no dir, filename is absolute */
		340	path = xstrdup(filename);
		341	else
		342	(void)xasprintf(&path, "%.100s%.100s", dir, filename);
		343
		344	options->identity_file_userprovided[options->num_identity_files] =
		345	userprovided;
		346	options->identity_files[options->num_identity_files++] = path;
		347	}
		348
329	/*	349	/*
330	* Returns the number of the token pointed to by cp or oBadOption.	350	* Returns the number of the token pointed to by cp or oBadOption.
331	*/	351	*/
Lines 353-359 parse_token(const char cp, const char Link Here
353	int	373	int
354	process_config_line(Options options, const char host,	374	process_config_line(Options options, const char host,
355	char line, const char filename, int linenum,	375	char line, const char filename, int linenum,
356	int *activep)	376	int *activep, int userconfig)
357	{	377	{
358	char s, charptr, endofnumber, keyword, arg, *arg2;	378	char s, charptr, endofnumber, keyword, arg, *arg2;
359	char **cpptr, fwdarg[256];	379	char **cpptr, fwdarg[256];
Lines 586-594 parse_yesnoask: Link Here
586	if (*intptr >= SSH_MAX_IDENTITY_FILES)	606	if (*intptr >= SSH_MAX_IDENTITY_FILES)
587	fatal("%.200s line %d: Too many identity files specified (max %d).",	607	fatal("%.200s line %d: Too many identity files specified (max %d).",
588	filename, linenum, SSH_MAX_IDENTITY_FILES);	608	filename, linenum, SSH_MAX_IDENTITY_FILES);
589	charptr = &options->identity_files[*intptr];	609	add_identity_file(options, NULL, arg, userconfig);
590	*charptr = xstrdup(arg);
591	intptr = intptr + 1;
592	}	610	}
593	break;	611	break;
594		612
Lines 1075-1081 parse_int: Link Here
1075		1093
1076	int	1094	int
1077	read_config_file(const char filename, const char host, Options *options,	1095	read_config_file(const char filename, const char host, Options *options,
1078	int checkperm)	1096	int flags)
1079	{	1097	{
1080	FILE *f;	1098	FILE *f;
1081	char line[1024];	1099	char line[1024];
Lines 1085-1091 read_config_file(const char *filename, c Link Here
1085	if ((f = fopen(filename, "r")) == NULL)	1103	if ((f = fopen(filename, "r")) == NULL)
1086	return 0;	1104	return 0;
1087		1105
1088	if (checkperm) {	1106	if (flags & SSHCONF_CHECKPERM) {
1089	struct stat sb;	1107	struct stat sb;
1090		1108
1091	if (fstat(fileno(f), &sb) == -1)	1109	if (fstat(fileno(f), &sb) == -1)
Lines 1106-1112 read_config_file(const char *filename, c Link Here
1106	while (fgets(line, sizeof(line), f)) {	1124	while (fgets(line, sizeof(line), f)) {
1107	/* Update line number counter. */	1125	/* Update line number counter. */
1108	linenum++;	1126	linenum++;
1109	if (process_config_line(options, host, line, filename, linenum, &active) != 0)	1127	if (process_config_line(options, host, line, filename, linenum,
		1128	&active, flags & SSHCONF_USERCONF) != 0)
1110	bad_options++;	1129	bad_options++;
1111	}	1130	}
1112	fclose(f);	1131	fclose(f);
Lines 1280-1309 fill_default_options(Options * options) Link Here
1280	options->protocol = SSH_PROTO_2;	1299	options->protocol = SSH_PROTO_2;
1281	if (options->num_identity_files == 0) {	1300	if (options->num_identity_files == 0) {
1282	if (options->protocol & SSH_PROTO_1) {	1301	if (options->protocol & SSH_PROTO_1) {
1283	len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;	1302	add_identity_file(options, "~/",
1284	options->identity_files[options->num_identity_files] =	1303	_PATH_SSH_CLIENT_IDENTITY, 0);
1285	xmalloc(len);
1286	snprintf(options->identity_files[options->num_identity_files++],
1287	len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1288	}	1304	}
1289	if (options->protocol & SSH_PROTO_2) {	1305	if (options->protocol & SSH_PROTO_2) {
1290	len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;	1306	add_identity_file(options, "~/",
1291	options->identity_files[options->num_identity_files] =	1307	_PATH_SSH_CLIENT_ID_RSA, 0);
1292	xmalloc(len);	1308	add_identity_file(options, "~/",
1293	snprintf(options->identity_files[options->num_identity_files++],	1309	_PATH_SSH_CLIENT_ID_DSA, 0);
1294	len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1295
1296	len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1297	options->identity_files[options->num_identity_files] =
1298	xmalloc(len);
1299	snprintf(options->identity_files[options->num_identity_files++],
1300	len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1301	#ifdef OPENSSL_HAS_ECC	1310	#ifdef OPENSSL_HAS_ECC
1302	len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;	1311	add_identity_file(options, "~/",
1303	options->identity_files[options->num_identity_files] =	1312	_PATH_SSH_CLIENT_ID_ECDSA, 0);
1304	xmalloc(len);
1305	snprintf(options->identity_files[options->num_identity_files++],
1306	len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
1307	#endif	1313	#endif
1308	}	1314	}
1309	}	1315	}

Lines 1-4 Link Here

(-)ssh.c (-10 / +7 lines)
1	/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */	1	/* $OpenBSD: ssh.c,v 1.372 2013/02/22 04:45:09 dtucker Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Lines 405-416 main(int ac, char **av) Link Here
405	strerror(errno));	405	strerror(errno));
406	break;	406	break;
407	}	407	}
408	if (options.num_identity_files >=	408	add_identity_file(&options, NULL, optarg, 1);
409	SSH_MAX_IDENTITY_FILES)
410	fatal("Too many identity files specified "
411	"(max %d)", SSH_MAX_IDENTITY_FILES);
412	options.identity_files[options.num_identity_files++] =
413	xstrdup(optarg);
414	break;	409	break;
415	case 'I':	410	case 'I':
416	#ifdef ENABLE_PKCS11	411	#ifdef ENABLE_PKCS11
Lines 584-590 main(int ac, char **av) Link Here
584	dummy = 1;	579	dummy = 1;
585	line = xstrdup(optarg);	580	line = xstrdup(optarg);
586	if (process_config_line(&options, host ? host : "",	581	if (process_config_line(&options, host ? host : "",
587	line, "command-line", 0, &dummy) != 0)	582	line, "command-line", 0, &dummy, SSHCONF_USERCONF)
		583	!= 0)
588	exit(255);	584	exit(255);
589	xfree(line);	585	xfree(line);
590	break;	586	break;
Lines 678-691 main(int ac, char **av) Link Here
678	* file if the user specifies a config file on the command line.	674	* file if the user specifies a config file on the command line.
679	*/	675	*/
680	if (config != NULL) {	676	if (config != NULL) {
681	if (!read_config_file(config, host, &options, 0))	677	if (!read_config_file(config, host, &options, SSHCONF_USERCONF))
682	fatal("Can't open user config file %.100s: "	678	fatal("Can't open user config file %.100s: "
683	"%.100s", config, strerror(errno));	679	"%.100s", config, strerror(errno));
684	} else {	680	} else {
685	r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,	681	r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
686	_PATH_SSH_USER_CONFFILE);	682	_PATH_SSH_USER_CONFFILE);
687	if (r > 0 && (size_t)r < sizeof(buf))	683	if (r > 0 && (size_t)r < sizeof(buf))
688	(void)read_config_file(buf, host, &options, 1);	684	(void)read_config_file(buf, host, &options,
		685	SSHCONF_CHECKPERM\|SSHCONF_USERCONF);
689		686
690	/* Read systemwide configuration file after user config. */	687	/* Read systemwide configuration file after user config. */
691	(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,	688	(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,