Fix conflicts for OpenSSH 2.9.

1 files changed, 145 insertions, 70 deletions

diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index d5e21b7..47b4b48 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -12,14 +12,20 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.49 2000/10/11 20:27:23 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
 RCSID("$FreeBSD$");
 
 #include "ssh.h"
-#include "readconf.h"
-#include "match.h"
 #include "xmalloc.h"
 #include "compat.h"
+#include "cipher.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readconf.h"
+#include "match.h"
+#include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 /* Format of the configuration file:
 
@@ -69,7 +75,7 @@ RCSID("$FreeBSD$");
    # Defaults for various options
    Host *
      ForwardAgent no
-     ForwardX11 yes
+     ForwardX11 no
      RhostsAuthentication yes
      PasswordAuthentication yes
      RSAAuthentication yes
@@ -90,7 +96,7 @@ typedef enum {
 	oBadOption,
 	oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
 	oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
-	oSkeyAuthentication, oXAuthLocation,
+	oChallengeResponseAuthentication, oXAuthLocation,
 #if defined(KRB4) || defined(KRB5)
 	oKerberosAuthentication,
 #endif /* KRB4 */
@@ -104,10 +110,12 @@ typedef enum {
 	oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
-	oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication,
-	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2,
-	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication,
-	oKbdInteractiveAuthentication, oKbdInteractiveDevices
+	oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
+	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
+	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
+	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+	oHostKeyAlgorithms
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -126,8 +134,13 @@ static struct {
 	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
 	{ "kbdinteractivedevices", oKbdInteractiveDevices },
 	{ "rsaauthentication", oRSAAuthentication },
-	{ "dsaauthentication", oDSAAuthentication },
-	{ "skeyauthentication", oSkeyAuthentication },
+	{ "pubkeyauthentication", oPubkeyAuthentication },
+	{ "dsaauthentication", oPubkeyAuthentication },		    /* alias */
+	{ "rhostsrsaauthentication", oRhostsRSAAuthentication },
+	{ "hostbasedauthentication", oHostbasedAuthentication },
+	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
+	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
+	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
 #if defined(KRB4) || defined(KRB5)
 	{ "kerberosauthentication", oKerberosAuthentication },
 #endif /* KRB4 || KRB5 */
@@ -141,19 +154,20 @@ static struct {
 	{ "fallbacktorsh", oFallBackToRsh },
 	{ "usersh", oUseRsh },
 	{ "identityfile", oIdentityFile },
-	{ "identityfile2", oIdentityFile2 },
+	{ "identityfile2", oIdentityFile },			/* alias */
 	{ "hostname", oHostName },
+	{ "hostkeyalias", oHostKeyAlias },
 	{ "proxycommand", oProxyCommand },
 	{ "port", oPort },
 	{ "cipher", oCipher },
 	{ "ciphers", oCiphers },
+	{ "macs", oMacs },
 	{ "protocol", oProtocol },
 	{ "remoteforward", oRemoteForward },
 	{ "localforward", oLocalForward },
 	{ "user", oUser },
 	{ "host", oHost },
 	{ "escapechar", oEscapeChar },
-	{ "rhostsrsaauthentication", oRhostsRSAAuthentication },
 	{ "globalknownhostsfile", oGlobalKnownHostsFile },
 	{ "userknownhostsfile", oUserKnownHostsFile },
 	{ "globalknownhostsfile2", oGlobalKnownHostsFile2 },
@@ -166,8 +180,10 @@ static struct {
 	{ "compressionlevel", oCompressionLevel },
 	{ "keepalive", oKeepAlives },
 	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
-	{ "tisauthentication", oTISAuthentication },
 	{ "loglevel", oLogLevel },
+	{ "dynamicforward", oDynamicForward },
+	{ "preferredauthentications", oPreferredAuthentications },
+	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ NULL, 0 }
 };
 
@@ -183,7 +199,7 @@ add_local_forward(Options *options, u_short port, const char *host,
 	Forward *fwd;
 	extern uid_t original_real_uid;
 	if (port < IPPORT_RESERVED && original_real_uid != 0)
-		fatal("Privileged ports can only be forwarded by root.\n");
+		fatal("Privileged ports can only be forwarded by root.");
 	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
 		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
 	fwd = &options->local_forwards[options->num_local_forwards++];
@@ -212,21 +228,20 @@ add_remote_forward(Options *options, u_short port, const char *host,
 }
 
 /*
- * Returns the number of the token pointed to by cp of length len. Never
- * returns if the token is not known.
+ * Returns the number of the token pointed to by cp or oBadOption.
  */
 
 static OpCodes
 parse_token(const char *cp, const char *filename, int linenum)
 {
-	unsigned int i;
+	u_int i;
 
 	for (i = 0; keywords[i].name; i++)
 		if (strcasecmp(cp, keywords[i].name) == 0)
 			return keywords[i].opcode;
 
-	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
-		filename, linenum, cp);
+	error("%s: line %d: Bad configuration option: %s",
+	    filename, linenum, cp);
 	return oBadOption;
 }
 
@@ -250,7 +265,7 @@ process_config_line(Options *options, const char *host,
 	/* Ignore leading whitespace. */
 	if (*keyword == '\0')
 		keyword = strdelim(&s);
-	if (!*keyword || *keyword == '\n' || *keyword == '#')
+	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
 		return 0;
 
 	opcode = parse_token(keyword, filename, linenum);
@@ -305,8 +320,8 @@ parse_flag:
 		charptr = &options->kbd_interactive_devices;
 		goto parse_string;
 
-	case oDSAAuthentication:
-		intptr = &options->dsa_authentication;
+	case oPubkeyAuthentication:
+		intptr = &options->pubkey_authentication;
 		goto parse_flag;
 
 	case oRSAAuthentication:
@@ -317,10 +332,8 @@ parse_flag:
 		intptr = &options->rhosts_rsa_authentication;
 		goto parse_flag;
 
-	case oTISAuthentication:
-		/* fallthrough, there is no difference on the client side */
-	case oSkeyAuthentication:
-		intptr = &options->skey_authentication;
+	case oHostbasedAuthentication:
+		intptr = &options->hostbased_authentication;
 		goto parse_flag;
 
 #if defined(KRB4) || defined(KRB5)
@@ -329,6 +342,10 @@ parse_flag:
 		goto parse_flag;
 #endif /* KRB4 || KRB5 */
 
+	case oChallengeResponseAuthentication:
+		intptr = &options->challenge_reponse_authentication;
+		goto parse_flag;
+
 #ifdef KRB5
 	case oKrb5TgtPassing:
 		intptr = &options->krb5_tgt_passing;
@@ -365,7 +382,7 @@ parse_flag:
 		intptr = &options->strict_host_key_checking;
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing yes/no argument.",
+			fatal("%.200s line %d: Missing yes/no/ask argument.",
 			      filename, linenum);
 		value = 0;	/* To avoid compiler warning... */
 		if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
@@ -397,20 +414,15 @@ parse_flag:
 		goto parse_int;
 
 	case oIdentityFile:
-	case oIdentityFile2:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
 		if (*activep) {
-			intptr = (opcode == oIdentityFile) ?
-			    &options->num_identity_files :
-			    &options->num_identity_files2;
+			intptr = &options->num_identity_files;
 			if (*intptr >= SSH_MAX_IDENTITY_FILES)
 				fatal("%.200s line %d: Too many identity files specified (max %d).",
 				      filename, linenum, SSH_MAX_IDENTITY_FILES);
-			charptr = (opcode == oIdentityFile) ?
-			    &options->identity_files[*intptr] :
-			    &options->identity_files2[*intptr];
+			charptr =  &options->identity_files[*intptr];
 			*charptr = xstrdup(arg);
 			*intptr = *intptr + 1;
 		}
@@ -450,6 +462,14 @@ parse_string:
 		charptr = &options->hostname;
 		goto parse_string;
 
+	case oHostKeyAlias:
+		charptr = &options->host_key_alias;
+		goto parse_string;
+
+	case oPreferredAuthentications:
+		charptr = &options->preferred_authentications;
+		goto parse_string;
+
 	case oProxyCommand:
 		charptr = &options->proxy_command;
 		string = xstrdup("");
@@ -509,6 +529,28 @@ parse_int:
 			options->ciphers = xstrdup(arg);
 		break;
 
+	case oMacs:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (!mac_valid(arg))
+			fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
+			      filename, linenum, arg ? arg : "<NONE>");
+		if (*activep && options->macs == NULL)
+			options->macs = xstrdup(arg);
+		break;
+
+	case oHostKeyAlgorithms:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (!key_names_valid2(arg))
+			fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
+			      filename, linenum, arg ? arg : "<NONE>");
+		if (*activep && options->hostkeyalgorithms == NULL)
+			options->hostkeyalgorithms = xstrdup(arg);
+		break;
+
 	case oProtocol:
 		intptr = &options->protocol;
 		arg = strdelim(&s);
@@ -527,7 +569,7 @@ parse_int:
 		arg = strdelim(&s);
 		value = log_level_number(arg);
 		if (value == (LogLevel) - 1)
-			fatal("%.200s line %d: unsupported log level '%s'\n",
+			fatal("%.200s line %d: unsupported log level '%s'",
 			      filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && (LogLevel) * intptr == -1)
 			*intptr = (LogLevel) value;
@@ -537,10 +579,10 @@ parse_int:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		if (arg[0] < '0' || arg[0] > '9')
+		fwd_port = a2port(arg);
+		if (fwd_port == 0)
 			fatal("%.200s line %d: Badly formatted port number.",
 			      filename, linenum);
-		fwd_port = atoi(arg);
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing second argument.",
@@ -556,10 +598,10 @@ parse_int:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		if (arg[0] < '0' || arg[0] > '9')
+		fwd_port = a2port(arg);
+		if (fwd_port == 0)
 			fatal("%.200s line %d: Badly formatted port number.",
 			      filename, linenum);
-		fwd_port = atoi(arg);
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing second argument.",
@@ -571,6 +613,18 @@ parse_int:
 			add_local_forward(options, fwd_port, buf, fwd_host_port);
 		break;
 
+	case oDynamicForward:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing port argument.",
+			    filename, linenum);
+		fwd_port = a2port(arg);
+		if (fwd_port == 0)
+			fatal("%.200s line %d: Badly formatted port number.",
+			    filename, linenum);
+		add_local_forward(options, fwd_port, "socks4", 0);
+		break;
+
 	case oHost:
 		*activep = 0;
 		while ((arg = strdelim(&s)) != NULL && *arg != '\0')
@@ -588,10 +642,10 @@ parse_int:
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
 		if (arg[0] == '^' && arg[2] == 0 &&
-		    (unsigned char) arg[1] >= 64 && (unsigned char) arg[1] < 128)
-			value = (unsigned char) arg[1] & 31;
+		    (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
+			value = (u_char) arg[1] & 31;
 		else if (strlen(arg) == 1)
-			value = (unsigned char) arg[0];
+			value = (u_char) arg[0];
 		else if (strcmp(arg, "none") == 0)
 			value = -2;
 		else {
@@ -609,8 +663,7 @@ parse_int:
 	}
 
 	/* Check that there is no garbage at end of line. */
-	if ((arg = strdelim(&s)) != NULL && *arg != '\0')
-	{
+	if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
 		fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
 		      filename, linenum, arg);
 	}
@@ -653,7 +706,7 @@ read_config_file(const char *filename, const char *host, Options *options)
 	}
 	fclose(f);
 	if (bad_options > 0)
-		fatal("%s: terminating, %d bad configuration options\n",
+		fatal("%s: terminating, %d bad configuration options",
 		      filename, bad_options);
 }
 
@@ -675,8 +728,8 @@ initialize_options(Options * options)
 	options->use_privileged_port = -1;
 	options->rhosts_authentication = -1;
 	options->rsa_authentication = -1;
-	options->dsa_authentication = -1;
-	options->skey_authentication = -1;
+	options->pubkey_authentication = -1;
+	options->challenge_reponse_authentication = -1;
 #if defined(KRB4) || defined(KRB5)
 	options->kerberos_authentication = -1;
 #endif
@@ -691,6 +744,7 @@ initialize_options(Options * options)
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
 	options->rhosts_rsa_authentication = -1;
+	options->hostbased_authentication = -1;
 	options->fallback_to_rsh = -1;
 	options->use_rsh = -1;
 	options->batch_mode = -1;
@@ -704,10 +758,12 @@ initialize_options(Options * options)
 	options->number_of_password_prompts = -1;
 	options->cipher = -1;
 	options->ciphers = NULL;
+	options->macs = NULL;
+	options->hostkeyalgorithms = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->num_identity_files = 0;
-	options->num_identity_files2 = 0;
 	options->hostname = NULL;
+	options->host_key_alias = NULL;
 	options->proxy_command = NULL;
 	options->user = NULL;
 	options->escape_char = -1;
@@ -718,6 +774,7 @@ initialize_options(Options * options)
 	options->num_local_forwards = 0;
 	options->num_remote_forwards = 0;
 	options->log_level = (LogLevel) - 1;
+	options->preferred_authentications = NULL;
 }
 
 /*
@@ -728,6 +785,8 @@ initialize_options(Options * options)
 void
 fill_default_options(Options * options)
 {
+	int len;
+
 	if (options->forward_agent == -1)
 		options->forward_agent = 0;
 	if (options->forward_x11 == -1)
@@ -739,15 +798,15 @@ fill_default_options(Options * options)
 	if (options->gateway_ports == -1)
 		options->gateway_ports = 0;
 	if (options->use_privileged_port == -1)
-		options->use_privileged_port = 1;
+		options->use_privileged_port = 0;
 	if (options->rhosts_authentication == -1)
 		options->rhosts_authentication = 1;
 	if (options->rsa_authentication == -1)
 		options->rsa_authentication = 1;
-	if (options->dsa_authentication == -1)
-		options->dsa_authentication = 1;
-	if (options->skey_authentication == -1)
-		options->skey_authentication = 0;
+	if (options->pubkey_authentication == -1)
+		options->pubkey_authentication = 1;
+	if (options->challenge_reponse_authentication == -1)
+		options->challenge_reponse_authentication = 0;
 #if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_authentication == -1)
 		options->kerberos_authentication = 1;
@@ -765,9 +824,11 @@ fill_default_options(Options * options)
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
-		options->kbd_interactive_authentication = 0;
+		options->kbd_interactive_authentication = 1;
 	if (options->rhosts_rsa_authentication == -1)
 		options->rhosts_rsa_authentication = 1;
+	if (options->hostbased_authentication == -1)
+		options->hostbased_authentication = 0;
 	if (options->fallback_to_rsh == -1)
 		options->fallback_to_rsh = 0;
 	if (options->use_rsh == -1)
@@ -794,33 +855,47 @@ fill_default_options(Options * options)
 	if (options->cipher == -1)
 		options->cipher = SSH_CIPHER_NOT_SET;
 	/* options->ciphers, default set in myproposals.h */
+	/* options->macs, default set in myproposals.h */
+	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
-		options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
+		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
 	if (options->num_identity_files == 0) {
-		options->identity_files[0] =
-			xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
-		sprintf(options->identity_files[0], "~/%.100s", SSH_CLIENT_IDENTITY);
-		options->num_identity_files = 1;
-	}
-	if (options->num_identity_files2 == 0) {
-		options->identity_files2[0] =
-			xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
-		sprintf(options->identity_files2[0], "~/%.100s", SSH_CLIENT_ID_DSA);
-		options->num_identity_files2 = 1;
+		if (options->protocol & SSH_PROTO_1) {
+			len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
+			options->identity_files[options->num_identity_files] =
+			    xmalloc(len);
+			snprintf(options->identity_files[options->num_identity_files++],
+			    len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
+		}
+		if (options->protocol & SSH_PROTO_2) {
+			len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
+			options->identity_files[options->num_identity_files] =
+			    xmalloc(len);
+			snprintf(options->identity_files[options->num_identity_files++],
+			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
+
+			len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
+			options->identity_files[options->num_identity_files] =
+			    xmalloc(len);
+			snprintf(options->identity_files[options->num_identity_files++],
+			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
+		}
 	}
 	if (options->escape_char == -1)
 		options->escape_char = '~';
 	if (options->system_hostfile == NULL)
-		options->system_hostfile = SSH_SYSTEM_HOSTFILE;
+		options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
 	if (options->user_hostfile == NULL)
-		options->user_hostfile = SSH_USER_HOSTFILE;
+		options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
 	if (options->system_hostfile2 == NULL)
-		options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
+		options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
 	if (options->user_hostfile2 == NULL)
-		options->user_hostfile2 = SSH_USER_HOSTFILE2;
+		options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
 	if (options->log_level == (LogLevel) - 1)
 		options->log_level = SYSLOG_LEVEL_INFO;
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
+	/* options->host_key_alias should not be set by default */
+	/* options->preferred_authentications will be set in ssh */
 }