api/6.2.1653033972/readconf_8h_source.html

/* $OpenBSD: readconf.h,v 1.144 2021/07/23 04:04:52 djm Exp $ */


/*

 * Author: Tatu Ylonen <[email protected]>

 * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland

 *                    All rights reserved

 * Functions for reading the configuration file.

 *

 * As far as I am concerned, the code I have written for this software

 * can be used freely for any purpose.  Any derived versions of this

 * software must be clearly marked as such, and if the derived work is

 * incompatible with the protocol description in the RFC file, it must be

 * called by a name other than "ssh" or "Secure Shell".

 */


#ifndef READCONF_H

#define READCONF_H


/* Data structure for representing option data. */


#define SSH_MAX_HOSTS_FILES 32

#define MAX_CANON_DOMAINS   32

#define PATH_MAX_SUN        (sizeof((struct sockaddr_un *)0)->sun_path)


struct allowed_cname {

    char *source_list;

    char *target_list;

};


typedef struct {

    int     forward_agent;  /* Forward authentication agent. */

    char   *forward_agent_sock_path; /* Optional path of the agent. */

    int     forward_x11;    /* Forward X11 display. */

    int     forward_x11_timeout;    /* Expiration for Cookies */

    int     forward_x11_trusted;    /* Trust Forward X11 display. */

    int     exit_on_forward_failure;    /* Exit if bind(2) fails for -L/-R */

    char   *xauth_location; /* Location for xauth program */

    struct ForwardOptions fwd_opts; /* forwarding options */

    int     pubkey_authentication;  /* Try ssh2 pubkey authentication. */

    int     hostbased_authentication;   /* ssh2's rhosts_rsa */

    int     gss_authentication; /* Try GSS authentication */

    int     gss_keyex;      /* Try GSS key exchange */

    int     gss_deleg_creds;    /* Delegate GSS credentials */

    int gss_trust_dns;      /* Trust DNS for GSS canonicalization */

    int gss_renewal_rekey;  /* Credential renewal forces rekey */

    char    *gss_client_identity;   /* Principal to initiate GSSAPI with */

    char    *gss_server_identity;   /* GSSAPI target principal */

    char    *gss_kex_algorithms;    /* GSSAPI kex methods to be offered by client. */

    int     password_authentication;    /* Try password

                         * authentication. */

    int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */

    char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */

    int     batch_mode; /* Batch mode: do not ask for passwords. */

    int     check_host_ip;  /* Also keep track of keys for IP address */

    int     strict_host_key_checking;   /* Strict host key checking. */

    int     compression;    /* Compress packets in both directions. */

    int     tcp_keep_alive; /* Set SO_KEEPALIVE. */

    int     tcp_rcv_buf; /* user switch to set tcp recv buffer */

    int     tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */

    int     hpn_disabled;    /* Switch to disable HPN buffer management */

    int     hpn_buffer_size; /* User definable size for HPN buffer window */

    int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */

    int ip_qos_bulk;        /* IP ToS/DSCP/class for bulk traffic */

    SyslogFacility log_facility;    /* Facility for system logging. */

    LogLevel log_level; /* Level for logging. */

    u_int   num_log_verbose;    /* Verbose log overrides */

    char   **log_verbose;

    int     port;       /* Port to connect. */

    int     address_family;

    int     connection_attempts;    /* Max attempts (seconds) before

                     * giving up */

    int     connection_timeout; /* Max time (seconds) before

                     * aborting connection attempt */

    int     number_of_password_prompts; /* Max number of password

                         * prompts. */

    char   *ciphers;    /* SSH2 ciphers in order of preference. */

    char   *macs;       /* SSH2 macs in order of preference. */

    char   *hostkeyalgorithms;  /* SSH2 server key types in order of preference. */

    char   *kex_algorithms; /* SSH2 kex methods in order of preference. */

    char   *ca_sign_algorithms; /* Allowed CA signature algorithms */

    char   *hostname;   /* Real host to connect. */

    char   *host_key_alias; /* hostname alias for .ssh/known_hosts */

    char   *proxy_command;  /* Proxy command for connecting the host. */

    char   *user;       /* User to log in as. */

    int     implicit;   /* Login user was not specified.

                   Server may choose based on authctxt. */

    int     escape_char;    /* Escape character; -2 = none */


    u_int   num_system_hostfiles;   /* Paths for /etc/ssh/ssh_known_hosts */

    char   *system_hostfiles[SSH_MAX_HOSTS_FILES];

    u_int   num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */

    char   *user_hostfiles[SSH_MAX_HOSTS_FILES];

    char   *preferred_authentications;

    char   *bind_address;   /* local socket address for connection to sshd */

    char   *bind_interface; /* local interface for bind address */

    char   *pkcs11_provider; /* PKCS#11 provider */

    char   *sk_provider; /* Security key provider */

    int verify_host_key_dns;    /* Verify host key using DNS */


    int     num_identity_files; /* Number of files for RSA/DSA identities. */

    char   *identity_files[SSH_MAX_IDENTITY_FILES];

    int    identity_file_userprovided[SSH_MAX_IDENTITY_FILES];

    struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];


    int num_certificate_files; /* Number of extra certificates for ssh. */

    char    *certificate_files[SSH_MAX_CERTIFICATE_FILES];

    int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES];

    struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];


    int add_keys_to_agent;

    int add_keys_to_agent_lifespan;

    char   *identity_agent;     /* Optional path to ssh-agent socket */


    /* Local TCP/IP forward requests. */

    int     num_local_forwards;

    struct Forward *local_forwards;


    /* Remote TCP/IP forward requests. */

    int     num_remote_forwards;

    struct Forward *remote_forwards;

    int clear_forwardings;


    /* Restrict remote dynamic forwarding */

    char  **permitted_remote_opens;

    u_int   num_permitted_remote_opens;


    /* stdio forwarding (-W) host and port */

    char   *stdio_forward_host;

    int stdio_forward_port;


    int enable_ssh_keysign;

    int64_t rekey_limit;

    int     none_switch;    /* Use none cipher */

    int     none_enabled;   /* Allow none to be used */

    int     nonemac_enabled;   /* Allow none to be used */

    int     disable_multithreaded; /*disable multithreaded aes-ctr*/

    int rekey_interval;


    int no_host_authentication_for_localhost;

    int identities_only;

    int server_alive_interval;

    int server_alive_count_max;


    int     num_send_env;

    char   **send_env;

    int     num_setenv;

    char   **setenv;


    char    *control_path;

    int control_master;

    int     control_persist; /* ControlPersist flag */

    int     control_persist_timeout; /* ControlPersist timeout (seconds) */


    int hash_known_hosts;


    int tun_open;   /* tun(4) */

    int     tun_local;  /* force tun device (optional) */

    int     tun_remote; /* force tun device (optional) */


    char    *local_command;

    int permit_local_command;

    char    *remote_command;

    int visual_host_key;


    int request_tty;

    int session_type;

    int stdin_null;

    int fork_after_authentication;


    int proxy_use_fdpass;


    int num_canonical_domains;

    char    *canonical_domains[MAX_CANON_DOMAINS];

    int canonicalize_hostname;

    int canonicalize_max_dots;

    int canonicalize_fallback_local;

    int num_permitted_cnames;

    struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];


    char    *revoked_host_keys;


    int  fingerprint_hash;


    int  update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */


    char   *hostbased_accepted_algos;

    char   *pubkey_accepted_algos;


    char   *jump_user;

    char   *jump_host;

    int jump_port;

    char   *jump_extra;


    char   *known_hosts_command;


    char    *ignored_unknown; /* Pattern list of unknown tokens to ignore */

}       Options;


#define SSH_CANONICALISE_NO 0

#define SSH_CANONICALISE_YES    1

#define SSH_CANONICALISE_ALWAYS 2


#define SSHCTL_MASTER_NO    0

#define SSHCTL_MASTER_YES   1

#define SSHCTL_MASTER_AUTO  2

#define SSHCTL_MASTER_ASK   3

#define SSHCTL_MASTER_AUTO_ASK  4


#define REQUEST_TTY_AUTO    0

#define REQUEST_TTY_NO      1

#define REQUEST_TTY_YES     2

#define REQUEST_TTY_FORCE   3


#define SESSION_TYPE_NONE   0

#define SESSION_TYPE_SUBSYSTEM  1

#define SESSION_TYPE_DEFAULT    2


#define SSHCONF_CHECKPERM   1  /* check permissions on config file */

#define SSHCONF_USERCONF    2  /* user provided config file not system */

#define SSHCONF_FINAL       4  /* Final pass over config, after canon. */

#define SSHCONF_NEVERMATCH  8  /* Match/Host never matches; internal only */


#define SSH_UPDATE_HOSTKEYS_NO  0

#define SSH_UPDATE_HOSTKEYS_YES 1

#define SSH_UPDATE_HOSTKEYS_ASK 2


#define SSH_STRICT_HOSTKEY_OFF  0

#define SSH_STRICT_HOSTKEY_NEW  1

#define SSH_STRICT_HOSTKEY_YES  2

#define SSH_STRICT_HOSTKEY_ASK  3


const char *kex_default_pk_alg(void);

char    *ssh_connection_hash(const char *thishost, const char *host,

    const char *portstr, const char *user);

void     initialize_options(Options *);

int      fill_default_options(Options *);

void     fill_default_options_for_canonicalization(Options *);

void     free_options(Options *o);

int  process_config_line(Options *, struct passwd *, const char *,

    const char *, char *, const char *, int, int *, int);

int  read_config_file(const char *, struct passwd *, const char *,

    const char *, Options *, int, int *);

int  parse_forward(struct Forward *, const char *, int, int);

int  parse_jump(const char *, Options *, int);

int  parse_ssh_uri(const char *, char **, char **, int *);

int  default_ssh_port(void);

int  option_clear_or_none(const char *);

void     dump_client_config(Options *o, const char *host);


void     add_local_forward(Options *, const struct Forward *);

void     add_remote_forward(Options *, const struct Forward *);

void     add_identity_file(Options *, const char *, const char *, int);

void     add_certificate_file(Options *, const char *, int);


#endif              /* READCONF_H */