]> andersk Git - gssapi-openssh.git/blame - openssh/servconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
removed in openssh-3.1p1 release
[gssapi-openssh.git] / openssh / servconf.c
CommitLineData
3c0ef626 1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
e9a17296 13RCSID("$OpenBSD: servconf.c,v 1.101 2002/02/04 12:15:25 markus Exp $");
3c0ef626 14
15#if defined(KRB4) || defined(KRB5)
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
21
22#include "ssh.h"
23#include "log.h"
24#include "servconf.h"
25#include "xmalloc.h"
26#include "compat.h"
27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31#include "kex.h"
32#include "mac.h"
33
34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
36
37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
40/* Initializes the server options to their default values. */
41
42void
43initialize_server_options(ServerOptions *options)
44{
45 memset(options, 0, sizeof(*options));
46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
54 options->num_host_key_files = 0;
55 options->pid_file = NULL;
56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
59 options->permit_root_login = PERMIT_NOT_SET;
60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
63 options->print_lastlog = -1;
64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
e9a17296 66 options->x11_use_localhost = -1;
3c0ef626 67 options->xauth_location = NULL;
68 options->strict_modes = -1;
69 options->keepalives = -1;
e9a17296 70 options->log_facility = SYSLOG_FACILITY_NOT_SET;
71 options->log_level = SYSLOG_LEVEL_NOT_SET;
3c0ef626 72 options->rhosts_authentication = -1;
73 options->rhosts_rsa_authentication = -1;
74 options->hostbased_authentication = -1;
75 options->hostbased_uses_name_from_packet_only = -1;
76 options->rsa_authentication = -1;
77 options->pubkey_authentication = -1;
78#if defined(KRB4) || defined(KRB5)
79 options->kerberos_authentication = -1;
80 options->kerberos_or_local_passwd = -1;
81 options->kerberos_ticket_cleanup = -1;
82#endif
83#if defined(AFS) || defined(KRB5)
84 options->kerberos_tgt_passing = -1;
85#endif
86#ifdef AFS
87 options->afs_token_passing = -1;
88#endif
89 options->password_authentication = -1;
90 options->kbd_interactive_authentication = -1;
91 options->challenge_response_authentication = -1;
92 options->permit_empty_passwd = -1;
93 options->use_login = -1;
94 options->allow_tcp_forwarding = -1;
95 options->num_allow_users = 0;
96 options->num_deny_users = 0;
97 options->num_allow_groups = 0;
98 options->num_deny_groups = 0;
99 options->ciphers = NULL;
100 options->macs = NULL;
101 options->protocol = SSH_PROTO_UNKNOWN;
102 options->gateway_ports = -1;
103 options->num_subsystems = 0;
104 options->max_startups_begin = -1;
105 options->max_startups_rate = -1;
106 options->max_startups = -1;
107 options->banner = NULL;
e9a17296 108 options->verify_reverse_mapping = -1;
3c0ef626 109 options->client_alive_interval = -1;
110 options->client_alive_count_max = -1;
111 options->authorized_keys_file = NULL;
112 options->authorized_keys_file2 = NULL;
113}
114
115void
116fill_default_server_options(ServerOptions *options)
117{
118 /* Portable-specific options */
119 if (options->pam_authentication_via_kbd_int == -1)
120 options->pam_authentication_via_kbd_int = 0;
121
122 /* Standard Options */
123 if (options->protocol == SSH_PROTO_UNKNOWN)
124 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
125 if (options->num_host_key_files == 0) {
126 /* fill default hostkeys for protocols */
127 if (options->protocol & SSH_PROTO_1)
e9a17296 128 options->host_key_files[options->num_host_key_files++] =
129 _PATH_HOST_KEY_FILE;
130 if (options->protocol & SSH_PROTO_2) {
131 options->host_key_files[options->num_host_key_files++] =
132 _PATH_HOST_RSA_KEY_FILE;
133 options->host_key_files[options->num_host_key_files++] =
134 _PATH_HOST_DSA_KEY_FILE;
135 }
3c0ef626 136 }
137 if (options->num_ports == 0)
138 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
139 if (options->listen_addrs == NULL)
140 add_listen_addr(options, NULL, 0);
141 if (options->pid_file == NULL)
142 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
143 if (options->server_key_bits == -1)
144 options->server_key_bits = 768;
145 if (options->login_grace_time == -1)
146 options->login_grace_time = 600;
147 if (options->key_regeneration_time == -1)
148 options->key_regeneration_time = 3600;
149 if (options->permit_root_login == PERMIT_NOT_SET)
150 options->permit_root_login = PERMIT_YES;
151 if (options->ignore_rhosts == -1)
152 options->ignore_rhosts = 1;
153 if (options->ignore_user_known_hosts == -1)
154 options->ignore_user_known_hosts = 0;
155 if (options->print_motd == -1)
156 options->print_motd = 1;
157 if (options->print_lastlog == -1)
158 options->print_lastlog = 1;
159 if (options->x11_forwarding == -1)
160 options->x11_forwarding = 0;
161 if (options->x11_display_offset == -1)
162 options->x11_display_offset = 10;
e9a17296 163 if (options->x11_use_localhost == -1)
164 options->x11_use_localhost = 1;
3c0ef626 165 if (options->xauth_location == NULL)
166 options->xauth_location = _PATH_XAUTH;
3c0ef626 167 if (options->strict_modes == -1)
168 options->strict_modes = 1;
169 if (options->keepalives == -1)
170 options->keepalives = 1;
e9a17296 171 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
3c0ef626 172 options->log_facility = SYSLOG_FACILITY_AUTH;
e9a17296 173 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
3c0ef626 174 options->log_level = SYSLOG_LEVEL_INFO;
175 if (options->rhosts_authentication == -1)
176 options->rhosts_authentication = 0;
177 if (options->rhosts_rsa_authentication == -1)
178 options->rhosts_rsa_authentication = 0;
179 if (options->hostbased_authentication == -1)
180 options->hostbased_authentication = 0;
181 if (options->hostbased_uses_name_from_packet_only == -1)
182 options->hostbased_uses_name_from_packet_only = 0;
183 if (options->rsa_authentication == -1)
184 options->rsa_authentication = 1;
185 if (options->pubkey_authentication == -1)
186 options->pubkey_authentication = 1;
187#if defined(KRB4) || defined(KRB5)
188 if (options->kerberos_authentication == -1)
189 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
190 if (options->kerberos_or_local_passwd == -1)
191 options->kerberos_or_local_passwd = 1;
192 if (options->kerberos_ticket_cleanup == -1)
193 options->kerberos_ticket_cleanup = 1;
194#endif
195#if defined(AFS) || defined(KRB5)
196 if (options->kerberos_tgt_passing == -1)
197 options->kerberos_tgt_passing = 0;
198#endif
e9a17296 199#ifdef AFS
3c0ef626 200 if (options->afs_token_passing == -1)
201 options->afs_token_passing = k_hasafs();
202#endif
203 if (options->password_authentication == -1)
204 options->password_authentication = 1;
205 if (options->kbd_interactive_authentication == -1)
206 options->kbd_interactive_authentication = 0;
207 if (options->challenge_response_authentication == -1)
208 options->challenge_response_authentication = 1;
209 if (options->permit_empty_passwd == -1)
210 options->permit_empty_passwd = 0;
211 if (options->use_login == -1)
212 options->use_login = 0;
213 if (options->allow_tcp_forwarding == -1)
214 options->allow_tcp_forwarding = 1;
215 if (options->gateway_ports == -1)
216 options->gateway_ports = 0;
217 if (options->max_startups == -1)
218 options->max_startups = 10;
219 if (options->max_startups_rate == -1)
220 options->max_startups_rate = 100; /* 100% */
221 if (options->max_startups_begin == -1)
222 options->max_startups_begin = options->max_startups;
e9a17296 223 if (options->verify_reverse_mapping == -1)
224 options->verify_reverse_mapping = 0;
3c0ef626 225 if (options->client_alive_interval == -1)
e9a17296 226 options->client_alive_interval = 0;
3c0ef626 227 if (options->client_alive_count_max == -1)
228 options->client_alive_count_max = 3;
229 if (options->authorized_keys_file2 == NULL) {
230 /* authorized_keys_file2 falls back to authorized_keys_file */
231 if (options->authorized_keys_file != NULL)
232 options->authorized_keys_file2 = options->authorized_keys_file;
233 else
234 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
235 }
236 if (options->authorized_keys_file == NULL)
237 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
238}
239
240/* Keyword tokens. */
241typedef enum {
242 sBadOption, /* == unknown option */
243 /* Portable-specific options */
244 sPAMAuthenticationViaKbdInt,
245 /* Standard Options */
246 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
247 sPermitRootLogin, sLogFacility, sLogLevel,
248 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
249#if defined(KRB4) || defined(KRB5)
250 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
251#endif
252#if defined(AFS) || defined(KRB5)
253 sKerberosTgtPassing,
254#endif
255#ifdef AFS
256 sAFSTokenPassing,
257#endif
258 sChallengeResponseAuthentication,
259 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
260 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
e9a17296 261 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
3c0ef626 262 sStrictModes, sEmptyPasswd, sKeepAlives,
263 sUseLogin, sAllowTcpForwarding,
264 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
265 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
266 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
e9a17296 267 sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
268 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
3c0ef626 269 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
e9a17296 270 sDeprecated
3c0ef626 271} ServerOpCodes;
272
273/* Textual representation of the tokens. */
274static struct {
275 const char *name;
276 ServerOpCodes opcode;
277} keywords[] = {
278 /* Portable-specific options */
279 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
280 /* Standard Options */
281 { "port", sPort },
282 { "hostkey", sHostKeyFile },
283 { "hostdsakey", sHostKeyFile }, /* alias */
284 { "pidfile", sPidFile },
285 { "serverkeybits", sServerKeyBits },
286 { "logingracetime", sLoginGraceTime },
287 { "keyregenerationinterval", sKeyRegenerationTime },
288 { "permitrootlogin", sPermitRootLogin },
289 { "syslogfacility", sLogFacility },
290 { "loglevel", sLogLevel },
291 { "rhostsauthentication", sRhostsAuthentication },
292 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
293 { "hostbasedauthentication", sHostbasedAuthentication },
294 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
295 { "rsaauthentication", sRSAAuthentication },
296 { "pubkeyauthentication", sPubkeyAuthentication },
297 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
298#if defined(KRB4) || defined(KRB5)
299 { "kerberosauthentication", sKerberosAuthentication },
300 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
301 { "kerberosticketcleanup", sKerberosTicketCleanup },
302#endif
303#if defined(AFS) || defined(KRB5)
304 { "kerberostgtpassing", sKerberosTgtPassing },
305#endif
306#ifdef AFS
307 { "afstokenpassing", sAFSTokenPassing },
308#endif
309 { "passwordauthentication", sPasswordAuthentication },
310 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
311 { "challengeresponseauthentication", sChallengeResponseAuthentication },
312 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
313 { "checkmail", sDeprecated },
314 { "listenaddress", sListenAddress },
315 { "printmotd", sPrintMotd },
316 { "printlastlog", sPrintLastLog },
317 { "ignorerhosts", sIgnoreRhosts },
318 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
319 { "x11forwarding", sX11Forwarding },
320 { "x11displayoffset", sX11DisplayOffset },
e9a17296 321 { "x11uselocalhost", sX11UseLocalhost },
3c0ef626 322 { "xauthlocation", sXAuthLocation },
323 { "strictmodes", sStrictModes },
324 { "permitemptypasswords", sEmptyPasswd },
325 { "uselogin", sUseLogin },
326 { "keepalive", sKeepAlives },
327 { "allowtcpforwarding", sAllowTcpForwarding },
328 { "allowusers", sAllowUsers },
329 { "denyusers", sDenyUsers },
330 { "allowgroups", sAllowGroups },
331 { "denygroups", sDenyGroups },
332 { "ciphers", sCiphers },
333 { "macs", sMacs },
334 { "protocol", sProtocol },
335 { "gatewayports", sGatewayPorts },
336 { "subsystem", sSubsystem },
337 { "maxstartups", sMaxStartups },
338 { "banner", sBanner },
e9a17296 339 { "verifyreversemapping", sVerifyReverseMapping },
340 { "reversemappingcheck", sVerifyReverseMapping },
3c0ef626 341 { "clientaliveinterval", sClientAliveInterval },
342 { "clientalivecountmax", sClientAliveCountMax },
343 { "authorizedkeysfile", sAuthorizedKeysFile },
344 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
e9a17296 345 { NULL, sBadOption }
3c0ef626 346};
347
348/*
349 * Returns the number of the token pointed to by cp or sBadOption.
350 */
351
352static ServerOpCodes
353parse_token(const char *cp, const char *filename,
354 int linenum)
355{
356 u_int i;
357
358 for (i = 0; keywords[i].name; i++)
359 if (strcasecmp(cp, keywords[i].name) == 0)
360 return keywords[i].opcode;
361
362 error("%s: line %d: Bad configuration option: %s",
363 filename, linenum, cp);
364 return sBadOption;
365}
366
367static void
368add_listen_addr(ServerOptions *options, char *addr, u_short port)
369{
370 int i;
371
372 if (options->num_ports == 0)
373 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
374 if (port == 0)
375 for (i = 0; i < options->num_ports; i++)
376 add_one_listen_addr(options, addr, options->ports[i]);
377 else
378 add_one_listen_addr(options, addr, port);
379}
380
381static void
382add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
383{
384 struct addrinfo hints, *ai, *aitop;
385 char strport[NI_MAXSERV];
386 int gaierr;
387
388 memset(&hints, 0, sizeof(hints));
389 hints.ai_family = IPv4or6;
390 hints.ai_socktype = SOCK_STREAM;
391 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
392 snprintf(strport, sizeof strport, "%d", port);
393 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
394 fatal("bad addr or host: %s (%s)",
395 addr ? addr : "<NULL>",
396 gai_strerror(gaierr));
397 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
398 ;
399 ai->ai_next = options->listen_addrs;
400 options->listen_addrs = aitop;
401}
402
e9a17296 403int
404process_server_config_line(ServerOptions *options, char *line,
405 const char *filename, int linenum)
3c0ef626 406{
3c0ef626 407 char *cp, **charptr, *arg, *p;
e9a17296 408 int *intptr, value;
3c0ef626 409 ServerOpCodes opcode;
410 int i, n;
411
e9a17296 412 cp = line;
413 arg = strdelim(&cp);
414 /* Ignore leading whitespace */
415 if (*arg == '\0')
3c0ef626 416 arg = strdelim(&cp);
e9a17296 417 if (!arg || !*arg || *arg == '#')
418 return 0;
419 intptr = NULL;
420 charptr = NULL;
421 opcode = parse_token(arg, filename, linenum);
422 switch (opcode) {
423 /* Portable-specific options */
424 case sPAMAuthenticationViaKbdInt:
425 intptr = &options->pam_authentication_via_kbd_int;
426 goto parse_flag;
3c0ef626 427
e9a17296 428 /* Standard Options */
429 case sBadOption:
430 return -1;
431 case sPort:
432 /* ignore ports from configfile if cmdline specifies ports */
433 if (options->ports_from_cmdline)
434 return 0;
435 if (options->listen_addrs != NULL)
436 fatal("%s line %d: ports must be specified before "
437 "ListenAddress.", filename, linenum);
438 if (options->num_ports >= MAX_PORTS)
439 fatal("%s line %d: too many ports.",
440 filename, linenum);
441 arg = strdelim(&cp);
442 if (!arg || *arg == '\0')
443 fatal("%s line %d: missing port number.",
444 filename, linenum);
445 options->ports[options->num_ports++] = a2port(arg);
446 if (options->ports[options->num_ports-1] == 0)
447 fatal("%s line %d: Badly formatted port number.",
448 filename, linenum);
449 break;
450
451 case sServerKeyBits:
452 intptr = &options->server_key_bits;
3c0ef626 453parse_int:
e9a17296 454 arg = strdelim(&cp);
455 if (!arg || *arg == '\0')
456 fatal("%s line %d: missing integer value.",
457 filename, linenum);
458 value = atoi(arg);
459 if (*intptr == -1)
460 *intptr = value;
461 break;
462
463 case sLoginGraceTime:
464 intptr = &options->login_grace_time;
3c0ef626 465parse_time:
e9a17296 466 arg = strdelim(&cp);
467 if (!arg || *arg == '\0')
468 fatal("%s line %d: missing time value.",
469 filename, linenum);
470 if ((value = convtime(arg)) == -1)
471 fatal("%s line %d: invalid time value.",
472 filename, linenum);
473 if (*intptr == -1)
474 *intptr = value;
475 break;
476
477 case sKeyRegenerationTime:
478 intptr = &options->key_regeneration_time;
479 goto parse_time;
480
481 case sListenAddress:
482 arg = strdelim(&cp);
483 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
484 fatal("%s line %d: missing inet addr.",
485 filename, linenum);
486 if (*arg == '[') {
487 if ((p = strchr(arg, ']')) == NULL)
488 fatal("%s line %d: bad ipv6 inet addr usage.",
3c0ef626 489 filename, linenum);
e9a17296 490 arg++;
491 memmove(p, p+1, strlen(p+1)+1);
492 } else if (((p = strchr(arg, ':')) == NULL) ||
493 (strchr(p+1, ':') != NULL)) {
494 add_listen_addr(options, arg, 0);
3c0ef626 495 break;
e9a17296 496 }
497 if (*p == ':') {
498 u_short port;
3c0ef626 499
e9a17296 500 p++;
501 if (*p == '\0')
502 fatal("%s line %d: bad inet addr:port usage.",
3c0ef626 503 filename, linenum);
e9a17296 504 else {
505 *(p-1) = '\0';
506 if ((port = a2port(p)) == 0)
507 fatal("%s line %d: bad port number.",
3c0ef626 508 filename, linenum);
e9a17296 509 add_listen_addr(options, arg, port);
3c0ef626 510 }
e9a17296 511 } else if (*p == '\0')
512 add_listen_addr(options, arg, 0);
513 else
514 fatal("%s line %d: bad inet addr usage.",
515 filename, linenum);
516 break;
517
518 case sHostKeyFile:
519 intptr = &options->num_host_key_files;
520 if (*intptr >= MAX_HOSTKEYS)
521 fatal("%s line %d: too many host keys specified (max %d).",
522 filename, linenum, MAX_HOSTKEYS);
523 charptr = &options->host_key_files[*intptr];
3c0ef626 524parse_filename:
e9a17296 525 arg = strdelim(&cp);
526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing file name.",
528 filename, linenum);
529 if (*charptr == NULL) {
530 *charptr = tilde_expand_filename(arg, getuid());
531 /* increase optional counter */
532 if (intptr != NULL)
533 *intptr = *intptr + 1;
534 }
535 break;
3c0ef626 536
e9a17296 537 case sPidFile:
538 charptr = &options->pid_file;
539 goto parse_filename;
3c0ef626 540
e9a17296 541 case sPermitRootLogin:
542 intptr = &options->permit_root_login;
543 arg = strdelim(&cp);
544 if (!arg || *arg == '\0')
545 fatal("%s line %d: missing yes/"
546 "without-password/forced-commands-only/no "
547 "argument.", filename, linenum);
548 value = 0; /* silence compiler */
549 if (strcmp(arg, "without-password") == 0)
550 value = PERMIT_NO_PASSWD;
551 else if (strcmp(arg, "forced-commands-only") == 0)
552 value = PERMIT_FORCED_ONLY;
553 else if (strcmp(arg, "yes") == 0)
554 value = PERMIT_YES;
555 else if (strcmp(arg, "no") == 0)
556 value = PERMIT_NO;
557 else
558 fatal("%s line %d: Bad yes/"
559 "without-password/forced-commands-only/no "
560 "argument: %s", filename, linenum, arg);
561 if (*intptr == -1)
562 *intptr = value;
563 break;
564
565 case sIgnoreRhosts:
566 intptr = &options->ignore_rhosts;
3c0ef626 567parse_flag:
e9a17296 568 arg = strdelim(&cp);
569 if (!arg || *arg == '\0')
570 fatal("%s line %d: missing yes/no argument.",
571 filename, linenum);
572 value = 0; /* silence compiler */
573 if (strcmp(arg, "yes") == 0)
574 value = 1;
575 else if (strcmp(arg, "no") == 0)
576 value = 0;
577 else
578 fatal("%s line %d: Bad yes/no argument: %s",
579 filename, linenum, arg);
580 if (*intptr == -1)
581 *intptr = value;
582 break;
583
584 case sIgnoreUserKnownHosts:
585 intptr = &options->ignore_user_known_hosts;
586 goto parse_flag;
587
588 case sRhostsAuthentication:
589 intptr = &options->rhosts_authentication;
590 goto parse_flag;
591
592 case sRhostsRSAAuthentication:
593 intptr = &options->rhosts_rsa_authentication;
594 goto parse_flag;
595
596 case sHostbasedAuthentication:
597 intptr = &options->hostbased_authentication;
598 goto parse_flag;
599
600 case sHostbasedUsesNameFromPacketOnly:
601 intptr = &options->hostbased_uses_name_from_packet_only;
602 goto parse_flag;
603
604 case sRSAAuthentication:
605 intptr = &options->rsa_authentication;
606 goto parse_flag;
607
608 case sPubkeyAuthentication:
609 intptr = &options->pubkey_authentication;
610 goto parse_flag;
611#if defined(KRB4) || defined(KRB5)
612 case sKerberosAuthentication:
613 intptr = &options->kerberos_authentication;
614 goto parse_flag;
3c0ef626 615
e9a17296 616 case sKerberosOrLocalPasswd:
617 intptr = &options->kerberos_or_local_passwd;
618 goto parse_flag;
3c0ef626 619
e9a17296 620 case sKerberosTicketCleanup:
621 intptr = &options->kerberos_ticket_cleanup;
622 goto parse_flag;
623#endif
624#if defined(AFS) || defined(KRB5)
625 case sKerberosTgtPassing:
626 intptr = &options->kerberos_tgt_passing;
627 goto parse_flag;
628#endif
629#ifdef AFS
630 case sAFSTokenPassing:
631 intptr = &options->afs_token_passing;
632 goto parse_flag;
633#endif
3c0ef626 634
e9a17296 635 case sPasswordAuthentication:
636 intptr = &options->password_authentication;
637 goto parse_flag;
3c0ef626 638
e9a17296 639 case sKbdInteractiveAuthentication:
640 intptr = &options->kbd_interactive_authentication;
641 goto parse_flag;
3c0ef626 642
e9a17296 643 case sChallengeResponseAuthentication:
644 intptr = &options->challenge_response_authentication;
645 goto parse_flag;
3c0ef626 646
e9a17296 647 case sPrintMotd:
648 intptr = &options->print_motd;
649 goto parse_flag;
3c0ef626 650
e9a17296 651 case sPrintLastLog:
652 intptr = &options->print_lastlog;
653 goto parse_flag;
3c0ef626 654
e9a17296 655 case sX11Forwarding:
656 intptr = &options->x11_forwarding;
657 goto parse_flag;
3c0ef626 658
e9a17296 659 case sX11DisplayOffset:
660 intptr = &options->x11_display_offset;
661 goto parse_int;
3c0ef626 662
e9a17296 663 case sX11UseLocalhost:
664 intptr = &options->x11_use_localhost;
665 goto parse_flag;
3c0ef626 666
e9a17296 667 case sXAuthLocation:
668 charptr = &options->xauth_location;
669 goto parse_filename;
3c0ef626 670
e9a17296 671 case sStrictModes:
672 intptr = &options->strict_modes;
673 goto parse_flag;
3c0ef626 674
e9a17296 675 case sKeepAlives:
676 intptr = &options->keepalives;
677 goto parse_flag;
3c0ef626 678
e9a17296 679 case sEmptyPasswd:
680 intptr = &options->permit_empty_passwd;
681 goto parse_flag;
3c0ef626 682
e9a17296 683 case sUseLogin:
684 intptr = &options->use_login;
685 goto parse_flag;
3c0ef626 686
e9a17296 687 case sGatewayPorts:
688 intptr = &options->gateway_ports;
689 goto parse_flag;
3c0ef626 690
e9a17296 691 case sVerifyReverseMapping:
692 intptr = &options->verify_reverse_mapping;
693 goto parse_flag;
3c0ef626 694
e9a17296 695 case sLogFacility:
696 intptr = (int *) &options->log_facility;
697 arg = strdelim(&cp);
698 value = log_facility_number(arg);
699 if (value == SYSLOG_FACILITY_NOT_SET)
700 fatal("%.200s line %d: unsupported log facility '%s'",
701 filename, linenum, arg ? arg : "<NONE>");
702 if (*intptr == -1)
703 *intptr = (SyslogFacility) value;
704 break;
705
706 case sLogLevel:
707 intptr = (int *) &options->log_level;
708 arg = strdelim(&cp);
709 value = log_level_number(arg);
710 if (value == SYSLOG_LEVEL_NOT_SET)
711 fatal("%.200s line %d: unsupported log level '%s'",
712 filename, linenum, arg ? arg : "<NONE>");
713 if (*intptr == -1)
714 *intptr = (LogLevel) value;
715 break;
716
717 case sAllowTcpForwarding:
718 intptr = &options->allow_tcp_forwarding;
719 goto parse_flag;
720
721 case sAllowUsers:
722 while ((arg = strdelim(&cp)) && *arg != '\0') {
723 if (options->num_allow_users >= MAX_ALLOW_USERS)
724 fatal("%s line %d: too many allow users.",
725 filename, linenum);
726 options->allow_users[options->num_allow_users++] = xstrdup(arg);
727 }
728 break;
3c0ef626 729
e9a17296 730 case sDenyUsers:
731 while ((arg = strdelim(&cp)) && *arg != '\0') {
732 if (options->num_deny_users >= MAX_DENY_USERS)
733 fatal( "%s line %d: too many deny users.",
734 filename, linenum);
735 options->deny_users[options->num_deny_users++] = xstrdup(arg);
736 }
737 break;
3c0ef626 738
e9a17296 739 case sAllowGroups:
740 while ((arg = strdelim(&cp)) && *arg != '\0') {
741 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
742 fatal("%s line %d: too many allow groups.",
743 filename, linenum);
744 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
745 }
746 break;
3c0ef626 747
e9a17296 748 case sDenyGroups:
749 while ((arg = strdelim(&cp)) && *arg != '\0') {
750 if (options->num_deny_groups >= MAX_DENY_GROUPS)
751 fatal("%s line %d: too many deny groups.",
752 filename, linenum);
753 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
754 }
755 break;
756
757 case sCiphers:
758 arg = strdelim(&cp);
759 if (!arg || *arg == '\0')
760 fatal("%s line %d: Missing argument.", filename, linenum);
761 if (!ciphers_valid(arg))
762 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
763 filename, linenum, arg ? arg : "<NONE>");
764 if (options->ciphers == NULL)
765 options->ciphers = xstrdup(arg);
766 break;
767
768 case sMacs:
769 arg = strdelim(&cp);
770 if (!arg || *arg == '\0')
771 fatal("%s line %d: Missing argument.", filename, linenum);
772 if (!mac_valid(arg))
773 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
774 filename, linenum, arg ? arg : "<NONE>");
775 if (options->macs == NULL)
776 options->macs = xstrdup(arg);
777 break;
778
779 case sProtocol:
780 intptr = &options->protocol;
781 arg = strdelim(&cp);
782 if (!arg || *arg == '\0')
783 fatal("%s line %d: Missing argument.", filename, linenum);
784 value = proto_spec(arg);
785 if (value == SSH_PROTO_UNKNOWN)
786 fatal("%s line %d: Bad protocol spec '%s'.",
787 filename, linenum, arg ? arg : "<NONE>");
788 if (*intptr == SSH_PROTO_UNKNOWN)
789 *intptr = value;
790 break;
791
792 case sSubsystem:
793 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
794 fatal("%s line %d: too many subsystems defined.",
795 filename, linenum);
796 }
797 arg = strdelim(&cp);
798 if (!arg || *arg == '\0')
799 fatal("%s line %d: Missing subsystem name.",
800 filename, linenum);
801 for (i = 0; i < options->num_subsystems; i++)
802 if (strcmp(arg, options->subsystem_name[i]) == 0)
803 fatal("%s line %d: Subsystem '%s' already defined.",
804 filename, linenum, arg);
805 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
806 arg = strdelim(&cp);
807 if (!arg || *arg == '\0')
808 fatal("%s line %d: Missing subsystem command.",
809 filename, linenum);
810 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
811 options->num_subsystems++;
812 break;
813
814 case sMaxStartups:
815 arg = strdelim(&cp);
816 if (!arg || *arg == '\0')
817 fatal("%s line %d: Missing MaxStartups spec.",
818 filename, linenum);
819 if ((n = sscanf(arg, "%d:%d:%d",
820 &options->max_startups_begin,
821 &options->max_startups_rate,
822 &options->max_startups)) == 3) {
823 if (options->max_startups_begin >
824 options->max_startups ||
825 options->max_startups_rate > 100 ||
826 options->max_startups_rate < 1)
3c0ef626 827 fatal("%s line %d: Illegal MaxStartups spec.",
828 filename, linenum);
e9a17296 829 } else if (n != 1)
830 fatal("%s line %d: Illegal MaxStartups spec.",
831 filename, linenum);
832 else
833 options->max_startups = options->max_startups_begin;
834 break;
835
836 case sBanner:
837 charptr = &options->banner;
838 goto parse_filename;
839 /*
840 * These options can contain %X options expanded at
841 * connect time, so that you can specify paths like:
842 *
843 * AuthorizedKeysFile /etc/ssh_keys/%u
844 */
845 case sAuthorizedKeysFile:
846 case sAuthorizedKeysFile2:
847 charptr = (opcode == sAuthorizedKeysFile ) ?
848 &options->authorized_keys_file :
849 &options->authorized_keys_file2;
850 goto parse_filename;
851
852 case sClientAliveInterval:
853 intptr = &options->client_alive_interval;
854 goto parse_time;
855
856 case sClientAliveCountMax:
857 intptr = &options->client_alive_count_max;
858 goto parse_int;
859
860 case sDeprecated:
861 log("%s line %d: Deprecated option %s",
862 filename, linenum, arg);
863 while (arg)
864 arg = strdelim(&cp);
865 break;
866
867 default:
868 fatal("%s line %d: Missing handler for opcode %s (%d)",
869 filename, linenum, arg, opcode);
870 }
871 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
872 fatal("%s line %d: garbage at end of line; \"%.200s\".",
873 filename, linenum, arg);
874 return 0;
875}
3c0ef626 876
e9a17296 877/* Reads the server configuration file. */
3c0ef626 878
e9a17296 879void
880read_server_config(ServerOptions *options, const char *filename)
881{
882 FILE *f;
883 char line[1024];
884 int linenum;
885 int bad_options = 0;
886
887 f = fopen(filename, "r");
888 if (!f) {
889 perror(filename);
890 exit(1);
891 }
892 linenum = 0;
893 while (fgets(line, sizeof(line), f)) {
894 /* Update line number counter. */
895 linenum++;
896 if (process_server_config_line(options, line, filename, linenum) != 0)
897 bad_options++;
3c0ef626 898 }
899 fclose(f);
900 if (bad_options > 0)
901 fatal("%s: terminating, %d bad configuration options",
902 filename, bad_options);
903}
git-cvsimport mirror of GSI OpenSSH
This page took 0.272713 seconds and 5 git commands to generate.