1264377Sdes/* $OpenBSD: readconf.h,v 1.101 2014/02/23 20:11:36 djm Exp $ */ 2224638Sbrooks/* $FreeBSD$ */ 392559Sdes 457429Smarkm/* 557429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi> 657429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 757429Smarkm * All rights reserved 857429Smarkm * Functions for reading the configuration file. 960576Skris * 1065674Skris * As far as I am concerned, the code I have written for this software 1165674Skris * can be used freely for any purpose. Any derived versions of this 1265674Skris * software must be clearly marked as such, and if the derived work is 1365674Skris * incompatible with the protocol description in the RFC file, it must be 1465674Skris * called by a name other than "ssh" or "Secure Shell". 1557429Smarkm */ 1657429Smarkm 1757429Smarkm#ifndef READCONF_H 1857429Smarkm#define READCONF_H 1957429Smarkm 2057429Smarkm/* Data structure for representing a forwarding request. */ 2157429Smarkm 2257429Smarkmtypedef struct { 23147005Sdes char *listen_host; /* Host (address) to listen on. */ 24192595Sdes int listen_port; /* Port to forward. */ 25147005Sdes char *connect_host; /* Host to connect. */ 26192595Sdes int connect_port; /* Port to connect on connect_host. */ 27215116Sdes int allocated_port; /* Dynamically allocated listen port */ 28240075Sdes int handle; /* Handle for dynamic listen ports */ 2957429Smarkm} Forward; 3057429Smarkm/* Data structure for representing option data. */ 3157429Smarkm 32226046Sdes#define MAX_SEND_ENV 256 33262566Sdes#define SSH_MAX_HOSTS_FILES 32 34262566Sdes#define MAX_CANON_DOMAINS 32 35137019Sdes 36262566Sdesstruct allowed_cname { 37262566Sdes char *source_list; 38262566Sdes char *target_list; 39262566Sdes}; 40262566Sdes 4157429Smarkmtypedef struct { 4257429Smarkm int forward_agent; /* Forward authentication agent. */ 4357429Smarkm int forward_x11; /* Forward X11 display. */ 44215116Sdes int forward_x11_timeout; /* Expiration for Cookies */ 45126277Sdes int forward_x11_trusted; /* Trust Forward X11 display. */ 46162856Sdes int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ 4765674Skris char *xauth_location; /* Location for xauth program */ 4857429Smarkm int gateway_ports; /* Allow remote connects to forwarded ports. */ 4957429Smarkm int use_privileged_port; /* Don't use privileged port if false. */ 5057429Smarkm int rhosts_rsa_authentication; /* Try rhosts with RSA 5157429Smarkm * authentication. */ 5257429Smarkm int rsa_authentication; /* Try RSA authentication. */ 5376262Sgreen int pubkey_authentication; /* Try ssh2 pubkey authentication. */ 5476262Sgreen int hostbased_authentication; /* ssh2's rhosts_rsa */ 5592559Sdes int challenge_response_authentication; 5676262Sgreen /* Try S/Key or TIS, authentication. */ 57124211Sdes int gss_authentication; /* Try GSS authentication */ 58124211Sdes int gss_deleg_creds; /* Delegate GSS credentials */ 5957429Smarkm int password_authentication; /* Try password 6057429Smarkm * authentication. */ 6169591Sgreen int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 6269591Sgreen char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 6357429Smarkm int batch_mode; /* Batch mode: do not ask for passwords. */ 6457429Smarkm int check_host_ip; /* Also keep track of keys for IP address */ 6557429Smarkm int strict_host_key_checking; /* Strict host key checking. */ 6657429Smarkm int compression; /* Compress packets in both directions. */ 6757429Smarkm int compression_level; /* Compression level 1 (fast) to 9 6857429Smarkm * (best). */ 69126277Sdes int tcp_keep_alive; /* Set SO_KEEPALIVE. */ 70221420Sdes int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ 71221420Sdes int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ 7257429Smarkm LogLevel log_level; /* Level for logging. */ 7357429Smarkm 7457429Smarkm int port; /* Port to connect. */ 75124211Sdes int address_family; 7657429Smarkm int connection_attempts; /* Max attempts (seconds) before 7757429Smarkm * giving up */ 78124211Sdes int connection_timeout; /* Max time (seconds) before 79126277Sdes * aborting connection attempt */ 8057429Smarkm int number_of_password_prompts; /* Max number of password 8157429Smarkm * prompts. */ 8257429Smarkm int cipher; /* Cipher to use. */ 8360576Skris char *ciphers; /* SSH2 ciphers in order of preference. */ 8476262Sgreen char *macs; /* SSH2 macs in order of preference. */ 8576262Sgreen char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ 86221420Sdes char *kex_algorithms; /* SSH2 kex methods in order of preference. */ 8760576Skris int protocol; /* Protocol in order of preference. */ 8857429Smarkm char *hostname; /* Real host to connect. */ 8976262Sgreen char *host_key_alias; /* hostname alias for .ssh/known_hosts */ 9057429Smarkm char *proxy_command; /* Proxy command for connecting the host. */ 9157429Smarkm char *user; /* User to log in as. */ 9257429Smarkm int escape_char; /* Escape character; -2 = none */ 9357429Smarkm 94226046Sdes u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */ 95226046Sdes char *system_hostfiles[SSH_MAX_HOSTS_FILES]; 96226046Sdes u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ 97226046Sdes char *user_hostfiles[SSH_MAX_HOSTS_FILES]; 9876262Sgreen char *preferred_authentications; 9992559Sdes char *bind_address; /* local socket address for connection to sshd */ 100204917Sdes char *pkcs11_provider; /* PKCS#11 provider */ 101124211Sdes int verify_host_key_dns; /* Verify host key using DNS */ 10257429Smarkm 10376262Sgreen int num_identity_files; /* Number of files for RSA/DSA identities. */ 10457429Smarkm char *identity_files[SSH_MAX_IDENTITY_FILES]; 105249016Sdes int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; 10676262Sgreen Key *identity_keys[SSH_MAX_IDENTITY_FILES]; 10757429Smarkm 10857429Smarkm /* Local TCP/IP forward requests. */ 10957429Smarkm int num_local_forwards; 110215116Sdes Forward *local_forwards; 11157429Smarkm 11257429Smarkm /* Remote TCP/IP forward requests. */ 11357429Smarkm int num_remote_forwards; 114215116Sdes Forward *remote_forwards; 11592559Sdes int clear_forwardings; 116113911Sdes 117113911Sdes int enable_ssh_keysign; 118181111Sdes int64_t rekey_limit; 119255767Sdes int rekey_interval; 12092559Sdes int no_host_authentication_for_localhost; 121128460Sdes int identities_only; 122137019Sdes int server_alive_interval; 123126277Sdes int server_alive_count_max; 124137019Sdes 125137019Sdes int num_send_env; 126137019Sdes char *send_env[MAX_SEND_ENV]; 127137019Sdes 128137019Sdes char *control_path; 129137019Sdes int control_master; 130215116Sdes int control_persist; /* ControlPersist flag */ 131215116Sdes int control_persist_timeout; /* ControlPersist timeout (seconds) */ 132147005Sdes 133147005Sdes int hash_known_hosts; 134157019Sdes 135157019Sdes int tun_open; /* tun(4) */ 136157019Sdes int tun_local; /* force tun device (optional) */ 137157019Sdes int tun_remote; /* force tun device (optional) */ 138157019Sdes 139157019Sdes char *local_command; 140157019Sdes int permit_local_command; 141181111Sdes int visual_host_key; 142157019Sdes 143197679Sdes int use_roaming; 144231584Sed 145226046Sdes int request_tty; 146255767Sdes 147262566Sdes int proxy_use_fdpass; 148262566Sdes 149262566Sdes int num_canonical_domains; 150262566Sdes char *canonical_domains[MAX_CANON_DOMAINS]; 151262566Sdes int canonicalize_hostname; 152262566Sdes int canonicalize_max_dots; 153262566Sdes int canonicalize_fallback_local; 154262566Sdes int num_permitted_cnames; 155262566Sdes struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; 156262566Sdes 157255767Sdes char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ 158255767Sdes 159240075Sdes char *version_addendum; /* Appended to SSH banner */ 160197679Sdes 161224638Sbrooks int hpn_disabled; /* Switch to disable HPN buffer management. */ 162224638Sbrooks int hpn_buffer_size; /* User definable size for HPN buffer 163224638Sbrooks * window. */ 164224638Sbrooks int tcp_rcv_buf_poll; /* Option to poll recv buf every window 165224638Sbrooks * transfer. */ 166224638Sbrooks int tcp_rcv_buf; /* User switch to set tcp recv buffer. */ 167224638Sbrooks 168224638Sbrooks#ifdef NONE_CIPHER_ENABLED 169224638Sbrooks int none_enabled; /* Allow none to be used */ 170224638Sbrooks int none_switch; /* Use none cipher */ 171224638Sbrooks#endif 17257429Smarkm} Options; 17357429Smarkm 174262566Sdes#define SSH_CANONICALISE_NO 0 175262566Sdes#define SSH_CANONICALISE_YES 1 176262566Sdes#define SSH_CANONICALISE_ALWAYS 2 177262566Sdes 178149753Sdes#define SSHCTL_MASTER_NO 0 179149753Sdes#define SSHCTL_MASTER_YES 1 180149753Sdes#define SSHCTL_MASTER_AUTO 2 181149753Sdes#define SSHCTL_MASTER_ASK 3 182149753Sdes#define SSHCTL_MASTER_AUTO_ASK 4 18357429Smarkm 184226046Sdes#define REQUEST_TTY_AUTO 0 185226046Sdes#define REQUEST_TTY_NO 1 186226046Sdes#define REQUEST_TTY_YES 2 187226046Sdes#define REQUEST_TTY_FORCE 3 188226046Sdes 189249839Sdes#define SSHCONF_CHECKPERM 1 /* check permissions on config file */ 190249839Sdes#define SSHCONF_USERCONF 2 /* user provided config file not system */ 191249839Sdes 19292559Sdesvoid initialize_options(Options *); 19392559Sdesvoid fill_default_options(Options *); 194264377Sdesvoid fill_default_options_for_canonicalization(Options *); 195262566Sdesint process_config_line(Options *, struct passwd *, const char *, char *, 196262566Sdes const char *, int, int *, int); 197262566Sdesint read_config_file(const char *, struct passwd *, const char *, 198262566Sdes Options *, int); 199192595Sdesint parse_forward(Forward *, const char *, int, int); 200262566Sdesint default_ssh_port(void); 201264377Sdesint option_clear_or_none(const char *); 20257429Smarkm 203147005Sdesvoid add_local_forward(Options *, const Forward *); 204147005Sdesvoid add_remote_forward(Options *, const Forward *); 205249016Sdesvoid add_identity_file(Options *, const char *, const char *, int); 20657429Smarkm 20757429Smarkm#endif /* READCONF_H */ 208