aboutsummaryrefslogtreecommitdiff
path: root/src/config.c
AgeCommit message (Collapse)AuthorFilesLines
2023-12-22Fix regression in IPv6 addresses in hostname parsingJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-05Handle automatic certificate authenticationJakub Jelen1-1/+8
This involves reading the certificates from configuration files through options and handling them similarly as the OpenSSH does when doing the auto pubkey authentication, also in combination with agent or identities only. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-08-02add control master and path optionAhsen Kamal1-2/+34
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2023-03-09config: Fix indentationJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-12Fix various spelling issues reported by codespellJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-10-07SSH_LOG_WARN: Recategorize loglevelsNorbert Pocs1-1/+1
These warning should be logging when something fatal happens and give information on the error to the user. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-07SSH_LOG_DEBUG: Recategorize loglevelsNorbert Pocs1-3/+3
Loglevel INFO is the default openssh configuration setting which does not print redundant information. On a system using openssh with loglevels set by the terms of openssh will cause unwanted log lines in the output. recategorized based on - SSH_LOG_DEBUG are informational debug logs (no error) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-07SSH_LOG_TRACE: Recategorize loglevelsNorbert Pocs1-20/+20
Do not print out logs when no fatal error happens. This approach is similiar to openssh, when Error/Fatal does not print recoverable error logs. recategorized based on - SSH_LOG_TRACE are debug logs when error happens Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-10-07(bind_)config.c: Move "info" to SSH_LOG_INFONorbert Pocs1-3/+3
No info log will be printed out when Loglevel WARN is set, only errors Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-09-22Implement IdentitiesOnlyLinus Kardell1-1/+8
Signed-off-by: Linus Kardell <linus.kardell@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-09-22config: Escape brackets in ProxyCommand build from ProxyJumpThomas Baag1-1/+1
Missing escaping results in syntax errors in Zsh shell because of square brackets getting interpreted as being a pattern for globbing. Signed-off-by: Thomas Baag <libssh-git@spam.b2ag.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-09-02config: Expand tilde when handling include directivesJakub Jelen1-0/+5
Related: #93 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-08-25config: Avoid false positive report from Coveritt CID 1470006Jakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-07-04Rewrite strerror to ssh_strerrorNorbert Pocs1-6/+12
Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-06-22add support for identityagent ssh_config optionWez Furlong1-1/+7
This commit adds an `agent_socket` field to the session options and connects the config parser to that option. `SSH_OPTIONS_IDENTITY_AGENT` is added to allow applications to set this option for themselves. agent.c is updated to take the `agent_socket` value in preference to the `SSH_AUTH_SOCK` environment variable. Signed-off-by: Wez Furlong <wez@fb.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-05-02Fix multiple spelling and grammar mistakesJunda Ai1-1/+1
Signed-off-by: Junda Ai <aijunda29@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14Solve issue #113 "Remove unneeded configuration options not supported by ↵Anh Minh Tran1-43/+5
OpenSSH anymore" Remove config options: protocol, mac, cipher, compressionlevel, gssapikeyexchange, gssapirenewalforcesrekey, gssapitrustdns, rhostsrsaauthentication, rsaauthentication, useprivilegedport, pubkeyacceptedtypes since they are not supported by OpenSSH Rename some config options: hostbasedkeytypes, challengeresponseauthentication and pubkeyacceptedkeytypes to hosbasedacceptedalgorithms, kdbinteractiveauthentication and pubkeyacceptedalgorithms to be consistent with the OpenSSH manual https://man.openbsd.org/sshd_config. Keep pubkeyacceptedkeytypes for backward compatibility. Rename SOC_PUBKEYACCEPTEDTYPES to SOC_PUBKEYACCEPTEDKEYTYPES in config.h Update unittests/torture_config.c and unittests/torture_options.c Signed-off-by: Anh Minh Tran <anhminh@seznam.cz> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-03-16knownhosts, config: Avoid using MT-unsafe implementations of strtok()Gene Oden1-2/+2
Use the POSIX strtok_r() or equivalent implementations to resolve. Thanks to @wez1 for the early review. Fixes #104 Signed-off-by: Gene Oden <goden@fb.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-02-15config: Avoid NULL dereference if no ssh dir is setJakub Jelen1-0/+4
This should never happen while parsing configuration files, but the configuration strings do not have this safeguard. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44619 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-02-10config: Include files with relative pathsJakub Jelen1-10/+73
The libssh versions before this included files with relative path based on the current working directory, which can result unexpected results and is different from the OpenSSH include behavior. The manual page for ssh_config lists: > iles without absolute paths are assumed to be in ~/.ssh if included in > a user configuration file or /etc/ssh if included from the system > configuration file. This is following the semantics as close as possible with a difference that we do not use the hardcoded ~/.ssh for user configuration files, but the path defined with SSH_OPTIONS_SSH_DIR, which is already used to reference any other files in used home directory. Fixes #93 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-11-10config: Avoid infinite recursion when using IncludeJakub Jelen1-10/+21
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-06-16Make the max file line length configurableXiang Xiao1-0/+2
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I0bc70f4459a6eaa6f4c87887a5ee7822faf22443
2021-01-28config: Support more identity files in configurationJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-11-03New API for parsing configuration from stringStanislav Zidek1-0/+54
Fixes T248 Signed-off-by: Stanislav Zidek <szidek@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20config: Check null derefJakub Jelen1-0/+3
As reported by LGTM Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-12-09config: Ignore empty lines to avoid OOB array accessJakub Jelen1-0/+5
Fixes T187 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-01config: Implement match exec keywordJakub Jelen1-7/+136
The implementation does not work on Windows, where it still reports unsupported configuration option. On windows, separate code invoking subprocess needs to be implemented. Fixes T169 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-18config: Support match localuserJakub Jelen1-1/+23
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-18config: Make the matching case sensitive as documented in ssh_config manual ↵Jakub Jelen1-4/+1
pages > note that keywords are case-insensitive and arguments are case-sensitive Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04config: Increase debug level for unkown and unsupported optionsAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-14config: Replace long long with int64_tAnderson Toshiyuki Sasaki1-1/+1
Do not use long long as equivalent as int64_t. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14config: Skip the rest of the line for Match execJakub Jelen1-0/+16
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13config: Remove bogus trailing newlines in log messagesJakub Jelen1-3/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-28config: Add missing NULL checkAndreas Schneider1-0/+4
CID 1398303 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-14config: Add support for PubkeyAcceptedKeyTypesAnderson Toshiyuki Sasaki1-0/+1
The added option is an alias for the previously existing option PubkeyAcceptedTypes. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01config: Move common parser functions to config_parser.cAnderson Toshiyuki Sasaki1-215/+1
This will allow the moved functions to be used in the server side configuration parser implementation. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-25config: Use size_t instead of u_intAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22config: Avoid buffer overflowJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24config: Add new Match final keyword from OpenSSH 8.0Jakub Jelen1-5/+16
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24config: Fail if there is missing argument for some of the match keywordsJakub Jelen1-7/+16
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09config: Parse rekey limits and apply themJakub Jelen1-1/+138
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10config: Parse ProxyJump configuration option and implement it using ↵Jakub Jelen1-3/+223
ProxyCommand with OpenSSH Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07config: Get rid of the dynamic seen arrayJakub Jelen1-65/+15
* This makes the array constant in the session structure, avoiding allocations and frees while parsing the file * It also drops passing the seen array to all the functions, because it is already part of the passed session * The test cases are adjusted to match these changes Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07config: Reformat local_parse_fileJakub Jelen1-19/+25
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07config: Reformat ssh_config_parse_fileJakub Jelen1-31/+39
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30src: Fix multiple typosTilo Eckert1-1/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-23config: Drop bogus newline in logJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02config: Avoid potential file descriptor leakJakub Jelen1-0/+1
Found by csbuild runner. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02config: Preserve the seen array among invocationsJakub Jelen1-6/+23
This follows the OpenSSH behavior of parsing subseqent configuration files, while applying only the first option. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-25config: Fix building without globbing supportAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>