1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Functions for reading the configuration file. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 /* 14 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 15 * Use is subject to license terms. 16 */ 17 18 #ifndef _READCONF_H 19 #define _READCONF_H 20 21 /* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */ 22 23 #ifdef __cplusplus 24 extern "C" { 25 #endif 26 27 #include "key.h" 28 29 /* 30 * We accept only fixed amount of unknown options. Note that we must treat all 31 * options in different Host sections separately since we need to remember the 32 * line number. See IgnoreIfUnknown for more information. 33 */ 34 #define MAX_UNKNOWN_OPTIONS 64 35 36 /* Data structure for representing a forwarding request. */ 37 38 typedef struct { 39 char *listen_host; /* Host (address) to listen on. */ 40 u_short listen_port; /* Port to forward. */ 41 char *connect_host; /* Host to connect. */ 42 u_short connect_port; /* Port to connect on connect_host. */ 43 } Forward; 44 /* Data structure for representing option data. */ 45 46 /* For postponed processing of option keywords. */ 47 typedef struct { 48 char *keyword; /* option keyword name */ 49 char *filename; /* config file it was found in */ 50 int linenum; /* line number in the config file */ 51 } StoredOption; 52 53 typedef struct { 54 int forward_agent; /* Forward authentication agent. */ 55 int forward_x11; /* Forward X11 display. */ 56 int forward_x11_trusted; /* Trust Forward X11 display. */ 57 char *xauth_location; /* Location for xauth program */ 58 int gateway_ports; /* Allow remote connects to forwarded ports. */ 59 int use_privileged_port; /* Don't use privileged port if false. */ 60 int rhosts_authentication; /* Try rhosts authentication. */ 61 int rhosts_rsa_authentication; /* Try rhosts with RSA 62 * authentication. */ 63 int rsa_authentication; /* Try RSA authentication. */ 64 int pubkey_authentication; /* Try ssh2 pubkey authentication. */ 65 int hostbased_authentication; /* ssh2's rhosts_rsa */ 66 int challenge_response_authentication; 67 int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ 68 int use_rsh; /* Always use rsh(don\'t try ssh). */ 69 /* Try S/Key or TIS, authentication. */ 70 #if defined(KRB4) || defined(KRB5) 71 int kerberos_authentication; /* Try Kerberos authentication. */ 72 #endif 73 #if defined(AFS) || defined(KRB5) 74 int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ 75 #endif 76 77 #ifdef GSSAPI 78 int gss_keyex; 79 int gss_authentication; 80 int gss_deleg_creds; 81 #ifdef GSI 82 int gss_globus_deleg_limited_proxy; 83 #endif /* GSI */ 84 #endif /* GSSAPI */ 85 86 #ifdef AFS 87 int afs_token_passing; /* Try AFS token passing. */ 88 #endif 89 int password_authentication; /* Try password 90 * authentication. */ 91 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 92 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 93 int batch_mode; /* Batch mode: do not ask for passwords. */ 94 int check_host_ip; /* Also keep track of keys for IP address */ 95 int strict_host_key_checking; /* Strict host key checking. */ 96 int compression; /* Compress packets in both directions. */ 97 int compression_level; /* Compression level 1 (fast) to 9 98 * (best). */ 99 int keepalives; /* Set SO_KEEPALIVE. */ 100 LogLevel log_level; /* Level for logging. */ 101 102 int port; /* Port to connect. */ 103 int connection_attempts; /* Max attempts (seconds) before 104 * giving up */ 105 int connection_timeout; /* Max time (seconds) before 106 * aborting connection attempt */ 107 int number_of_password_prompts; /* Max number of password 108 * prompts. */ 109 int cipher; /* Cipher to use. */ 110 char *ciphers; /* SSH2 ciphers in order of preference. */ 111 char *macs; /* SSH2 macs in order of preference. */ 112 char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ 113 int protocol; /* Protocol in order of preference. */ 114 char *hostname; /* Real host to connect. */ 115 char *host_key_alias; /* hostname alias for .ssh/known_hosts */ 116 char *proxy_command; /* Proxy command for connecting the host. */ 117 char *user; /* User to log in as. */ 118 int escape_char; /* Escape character; -2 = none */ 119 120 char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */ 121 char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ 122 char *system_hostfile2; 123 char *user_hostfile2; 124 char *preferred_authentications; 125 char *bind_address; /* local socket address for connection to sshd */ 126 char *smartcard_device; /* Smartcard reader device */ 127 int disable_banner; /* Disable display of banner */ 128 129 /* 130 * Unknown options listed in IgnoreIfUnknown will not cause ssh to 131 * exit. So, we must store all unknown options here and can't process 132 * them before the command line options and all config files are read 133 * and IgnoreIfUnknown is properly set. 134 */ 135 char *ignore_if_unknown; 136 int unknown_opts_num; 137 StoredOption unknown_opts[MAX_UNKNOWN_OPTIONS]; 138 139 int num_identity_files; /* Number of files for RSA/DSA identities. */ 140 char *identity_files[SSH_MAX_IDENTITY_FILES]; 141 Key *identity_keys[SSH_MAX_IDENTITY_FILES]; 142 143 /* Local TCP/IP forward requests. */ 144 int num_local_forwards; 145 Forward local_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; 146 147 /* Remote TCP/IP forward requests. */ 148 int num_remote_forwards; 149 Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; 150 int clear_forwardings; 151 152 int64_t rekey_limit; 153 int no_host_authentication_for_localhost; 154 int server_alive_interval; 155 int server_alive_count_max; 156 157 int hash_known_hosts; 158 int use_openssl_engine; 159 } Options; 160 161 162 void initialize_options(Options *); 163 void fill_default_options(Options *); 164 int read_config_file(const char *, const char *, Options *); 165 int parse_forward(int, Forward *, const char *); 166 167 int 168 process_config_line(Options *, const char *, char *, const char *, int, int *); 169 170 void add_local_forward(Options *, const Forward *); 171 void add_remote_forward(Options *, const Forward *); 172 173 void process_unknown_options(Options *); 174 175 #ifdef __cplusplus 176 } 177 #endif 178 179 #endif /* _READCONF_H */