1 /*
   2  * Author: Tatu Ylonen <ylo@cs.hut.fi>
   3  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   4  *                    All rights reserved
   5  * Functions for reading the configuration file.
   6  *
   7  * As far as I am concerned, the code I have written for this software
   8  * can be used freely for any purpose.  Any derived versions of this
   9  * software must be clearly marked as such, and if the derived work is
  10  * incompatible with the protocol description in the RFC file, it must be
  11  * called by a name other than "ssh" or "Secure Shell".
  12  */
  13 /*
  14  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  15  * Use is subject to license terms.
  16  */
  17 
  18 #ifndef _READCONF_H
  19 #define _READCONF_H
  20 
  21 /*      $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $    */
  22 
  23 #ifdef __cplusplus
  24 extern "C" {
  25 #endif
  26 
  27 #include "key.h"
  28 
  29 /*
  30  * We accept only fixed amount of unknown options. Note that we must treat all
  31  * options in different Host sections separately since we need to remember the
  32  * line number. See IgnoreIfUnknown for more information.
  33  */
  34 #define MAX_UNKNOWN_OPTIONS     64
  35 
  36 /* Data structure for representing a forwarding request. */
  37 
  38 typedef struct {
  39         char     *listen_host;          /* Host (address) to listen on. */
  40         u_short   listen_port;          /* Port to forward. */
  41         char     *connect_host;         /* Host to connect. */
  42         u_short   connect_port;         /* Port to connect on connect_host. */
  43 }       Forward;
  44 /* Data structure for representing option data. */
  45 
  46 /* For postponed processing of option keywords. */
  47 typedef struct {
  48         char   *keyword;        /* option keyword name */
  49         char   *filename;       /* config file it was found in */
  50         int     linenum;        /* line number in the config file */
  51 }       StoredOption;
  52 
  53 typedef struct {
  54         int     forward_agent;  /* Forward authentication agent. */
  55         int     forward_x11;    /* Forward X11 display. */
  56         int     forward_x11_trusted;    /* Trust Forward X11 display. */
  57         char   *xauth_location; /* Location for xauth program */
  58         int     gateway_ports;  /* Allow remote connects to forwarded ports. */
  59         int     use_privileged_port;    /* Don't use privileged port if false. */
  60         int     rhosts_authentication;  /* Try rhosts authentication. */
  61         int     rhosts_rsa_authentication;      /* Try rhosts with RSA
  62                                                  * authentication. */
  63         int     rsa_authentication;     /* Try RSA authentication. */
  64         int     pubkey_authentication;  /* Try ssh2 pubkey authentication. */
  65         int     hostbased_authentication;       /* ssh2's rhosts_rsa */
  66         int     challenge_response_authentication;
  67         int     fallback_to_rsh; /* Use rsh if cannot connect with ssh.  */
  68         int     use_rsh;        /* Always use rsh(don\'t try ssh). */
  69                                         /* Try S/Key or TIS, authentication. */
  70 #if defined(KRB4) || defined(KRB5)
  71         int     kerberos_authentication;        /* Try Kerberos authentication. */
  72 #endif
  73 #if defined(AFS) || defined(KRB5)
  74         int     kerberos_tgt_passing;   /* Try Kerberos TGT passing. */
  75 #endif
  76 
  77 #ifdef GSSAPI
  78         int     gss_keyex;
  79         int     gss_authentication;
  80         int     gss_deleg_creds;
  81 #ifdef GSI
  82         int     gss_globus_deleg_limited_proxy;
  83 #endif /* GSI */
  84 #endif /* GSSAPI */
  85 
  86 #ifdef AFS
  87         int     afs_token_passing;      /* Try AFS token passing. */
  88 #endif
  89         int     password_authentication;        /* Try password
  90                                                  * authentication. */
  91         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
  92         char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
  93         int     batch_mode;     /* Batch mode: do not ask for passwords. */
  94         int     check_host_ip;  /* Also keep track of keys for IP address */
  95         int     strict_host_key_checking;       /* Strict host key checking. */
  96         int     compression;    /* Compress packets in both directions. */
  97         int     compression_level;      /* Compression level 1 (fast) to 9
  98                                          * (best). */
  99         int     keepalives;     /* Set SO_KEEPALIVE. */
 100         LogLevel log_level;     /* Level for logging. */
 101 
 102         int     port;           /* Port to connect. */
 103         int     connection_attempts;    /* Max attempts (seconds) before
 104                                          * giving up */
 105         int     connection_timeout;     /* Max time (seconds) before
 106                                          * aborting connection attempt */
 107         int     number_of_password_prompts;     /* Max number of password
 108                                                  * prompts. */
 109         int     cipher;         /* Cipher to use. */
 110         char   *ciphers;        /* SSH2 ciphers in order of preference. */
 111         char   *macs;           /* SSH2 macs in order of preference. */
 112         char   *hostkeyalgorithms;      /* SSH2 server key types in order of preference. */
 113         int     protocol;       /* Protocol in order of preference. */
 114         char   *hostname;       /* Real host to connect. */
 115         char   *host_key_alias; /* hostname alias for .ssh/known_hosts */
 116         char   *proxy_command;  /* Proxy command for connecting the host. */
 117         char   *user;           /* User to log in as. */
 118         int     escape_char;    /* Escape character; -2 = none */
 119 
 120         char   *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */
 121         char   *user_hostfile;  /* Path for $HOME/.ssh/known_hosts. */
 122         char   *system_hostfile2;
 123         char   *user_hostfile2;
 124         char   *preferred_authentications;
 125         char   *bind_address;   /* local socket address for connection to sshd */
 126         char   *smartcard_device; /* Smartcard reader device */
 127         int     disable_banner; /* Disable display of banner */
 128 
 129         /*
 130          * Unknown options listed in IgnoreIfUnknown will not cause ssh to
 131          * exit. So, we must store all unknown options here and can't process
 132          * them before the command line options and all config files are read
 133          * and IgnoreIfUnknown is properly set.
 134          */
 135         char   *ignore_if_unknown;
 136         int     unknown_opts_num;
 137         StoredOption unknown_opts[MAX_UNKNOWN_OPTIONS];
 138 
 139         int     num_identity_files;     /* Number of files for RSA/DSA identities. */
 140         char   *identity_files[SSH_MAX_IDENTITY_FILES];
 141         Key    *identity_keys[SSH_MAX_IDENTITY_FILES];
 142 
 143         /* Local TCP/IP forward requests. */
 144         int     num_local_forwards;
 145         Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
 146 
 147         /* Remote TCP/IP forward requests. */
 148         int     num_remote_forwards;
 149         Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
 150         int     clear_forwardings;
 151 
 152         int64_t rekey_limit;
 153         int     no_host_authentication_for_localhost;
 154         int     server_alive_interval;
 155         int     server_alive_count_max;
 156 
 157         int     hash_known_hosts;
 158         int     use_openssl_engine;
 159 }       Options;
 160 
 161 
 162 void     initialize_options(Options *);
 163 void     fill_default_options(Options *);
 164 int      read_config_file(const char *, const char *, Options *);
 165 int      parse_forward(int, Forward *, const char *);
 166 
 167 int
 168 process_config_line(Options *, const char *, char *, const char *, int, int *);
 169 
 170 void     add_local_forward(Options *, const Forward *);
 171 void     add_remote_forward(Options *, const Forward *);
 172 
 173 void     process_unknown_options(Options *);
 174 
 175 #ifdef __cplusplus
 176 }
 177 #endif
 178 
 179 #endif /* _READCONF_H */