]> andersk Git - gssapi-openssh.git/blame - openssh/servconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import of OpenSSH 3.0.2p1
[gssapi-openssh.git] / openssh / servconf.c
CommitLineData
3c0ef626 1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.91 2001/11/12 18:17:07 markus Exp $");
14
15#if defined(KRB4) || defined(KRB5)
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
21
22#include "ssh.h"
23#include "log.h"
24#include "servconf.h"
25#include "xmalloc.h"
26#include "compat.h"
27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31#include "kex.h"
32#include "mac.h"
33
34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
36
37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
40/* Initializes the server options to their default values. */
41
42void
43initialize_server_options(ServerOptions *options)
44{
45 memset(options, 0, sizeof(*options));
46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
54 options->num_host_key_files = 0;
55 options->pid_file = NULL;
56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
59 options->permit_root_login = PERMIT_NOT_SET;
60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
63 options->print_lastlog = -1;
64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
66 options->xauth_location = NULL;
67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
75 options->rsa_authentication = -1;
76 options->pubkey_authentication = -1;
77#if defined(KRB4) || defined(KRB5)
78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
81#endif
82#if defined(AFS) || defined(KRB5)
83 options->kerberos_tgt_passing = -1;
84#endif
85#ifdef AFS
86 options->afs_token_passing = -1;
87#endif
88 options->password_authentication = -1;
89 options->kbd_interactive_authentication = -1;
90 options->challenge_response_authentication = -1;
91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
93 options->allow_tcp_forwarding = -1;
94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
98 options->ciphers = NULL;
99 options->macs = NULL;
100 options->protocol = SSH_PROTO_UNKNOWN;
101 options->gateway_ports = -1;
102 options->num_subsystems = 0;
103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
105 options->max_startups = -1;
106 options->banner = NULL;
107 options->reverse_mapping_check = -1;
108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
112}
113
114void
115fill_default_server_options(ServerOptions *options)
116{
117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
127 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
128 if (options->protocol & SSH_PROTO_2)
129 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
130 }
131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
134 add_listen_addr(options, NULL, 0);
135 if (options->pid_file == NULL)
136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
140 options->login_grace_time = 600;
141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
145 if (options->ignore_rhosts == -1)
146 options->ignore_rhosts = 1;
147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
149 if (options->print_motd == -1)
150 options->print_motd = 1;
151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
153 if (options->x11_forwarding == -1)
154 options->x11_forwarding = 0;
155 if (options->x11_display_offset == -1)
156 options->x11_display_offset = 10;
157#ifdef _PATH_XAUTH
158 if (options->xauth_location == NULL)
159 options->xauth_location = _PATH_XAUTH;
160#endif
161 if (options->strict_modes == -1)
162 options->strict_modes = 1;
163 if (options->keepalives == -1)
164 options->keepalives = 1;
165 if (options->log_facility == (SyslogFacility) (-1))
166 options->log_facility = SYSLOG_FACILITY_AUTH;
167 if (options->log_level == (LogLevel) (-1))
168 options->log_level = SYSLOG_LEVEL_INFO;
169 if (options->rhosts_authentication == -1)
170 options->rhosts_authentication = 0;
171 if (options->rhosts_rsa_authentication == -1)
172 options->rhosts_rsa_authentication = 0;
173 if (options->hostbased_authentication == -1)
174 options->hostbased_authentication = 0;
175 if (options->hostbased_uses_name_from_packet_only == -1)
176 options->hostbased_uses_name_from_packet_only = 0;
177 if (options->rsa_authentication == -1)
178 options->rsa_authentication = 1;
179 if (options->pubkey_authentication == -1)
180 options->pubkey_authentication = 1;
181#if defined(KRB4) || defined(KRB5)
182 if (options->kerberos_authentication == -1)
183 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
184 if (options->kerberos_or_local_passwd == -1)
185 options->kerberos_or_local_passwd = 1;
186 if (options->kerberos_ticket_cleanup == -1)
187 options->kerberos_ticket_cleanup = 1;
188#endif
189#if defined(AFS) || defined(KRB5)
190 if (options->kerberos_tgt_passing == -1)
191 options->kerberos_tgt_passing = 0;
192#endif
193#ifdef AFS
194 if (options->afs_token_passing == -1)
195 options->afs_token_passing = k_hasafs();
196#endif
197 if (options->password_authentication == -1)
198 options->password_authentication = 1;
199 if (options->kbd_interactive_authentication == -1)
200 options->kbd_interactive_authentication = 0;
201 if (options->challenge_response_authentication == -1)
202 options->challenge_response_authentication = 1;
203 if (options->permit_empty_passwd == -1)
204 options->permit_empty_passwd = 0;
205 if (options->use_login == -1)
206 options->use_login = 0;
207 if (options->allow_tcp_forwarding == -1)
208 options->allow_tcp_forwarding = 1;
209 if (options->gateway_ports == -1)
210 options->gateway_ports = 0;
211 if (options->max_startups == -1)
212 options->max_startups = 10;
213 if (options->max_startups_rate == -1)
214 options->max_startups_rate = 100; /* 100% */
215 if (options->max_startups_begin == -1)
216 options->max_startups_begin = options->max_startups;
217 if (options->reverse_mapping_check == -1)
218 options->reverse_mapping_check = 0;
219 if (options->client_alive_interval == -1)
220 options->client_alive_interval = 0;
221 if (options->client_alive_count_max == -1)
222 options->client_alive_count_max = 3;
223 if (options->authorized_keys_file2 == NULL) {
224 /* authorized_keys_file2 falls back to authorized_keys_file */
225 if (options->authorized_keys_file != NULL)
226 options->authorized_keys_file2 = options->authorized_keys_file;
227 else
228 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
229 }
230 if (options->authorized_keys_file == NULL)
231 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
232}
233
234/* Keyword tokens. */
235typedef enum {
236 sBadOption, /* == unknown option */
237 /* Portable-specific options */
238 sPAMAuthenticationViaKbdInt,
239 /* Standard Options */
240 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
241 sPermitRootLogin, sLogFacility, sLogLevel,
242 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
243#if defined(KRB4) || defined(KRB5)
244 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
245#endif
246#if defined(AFS) || defined(KRB5)
247 sKerberosTgtPassing,
248#endif
249#ifdef AFS
250 sAFSTokenPassing,
251#endif
252 sChallengeResponseAuthentication,
253 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
254 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
255 sX11Forwarding, sX11DisplayOffset,
256 sStrictModes, sEmptyPasswd, sKeepAlives,
257 sUseLogin, sAllowTcpForwarding,
258 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
259 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
260 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
261 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
262 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
263 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
264 sDeprecated
265} ServerOpCodes;
266
267/* Textual representation of the tokens. */
268static struct {
269 const char *name;
270 ServerOpCodes opcode;
271} keywords[] = {
272 /* Portable-specific options */
273 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
274 /* Standard Options */
275 { "port", sPort },
276 { "hostkey", sHostKeyFile },
277 { "hostdsakey", sHostKeyFile }, /* alias */
278 { "pidfile", sPidFile },
279 { "serverkeybits", sServerKeyBits },
280 { "logingracetime", sLoginGraceTime },
281 { "keyregenerationinterval", sKeyRegenerationTime },
282 { "permitrootlogin", sPermitRootLogin },
283 { "syslogfacility", sLogFacility },
284 { "loglevel", sLogLevel },
285 { "rhostsauthentication", sRhostsAuthentication },
286 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
287 { "hostbasedauthentication", sHostbasedAuthentication },
288 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
289 { "rsaauthentication", sRSAAuthentication },
290 { "pubkeyauthentication", sPubkeyAuthentication },
291 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
292#if defined(KRB4) || defined(KRB5)
293 { "kerberosauthentication", sKerberosAuthentication },
294 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
295 { "kerberosticketcleanup", sKerberosTicketCleanup },
296#endif
297#if defined(AFS) || defined(KRB5)
298 { "kerberostgtpassing", sKerberosTgtPassing },
299#endif
300#ifdef AFS
301 { "afstokenpassing", sAFSTokenPassing },
302#endif
303 { "passwordauthentication", sPasswordAuthentication },
304 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
305 { "challengeresponseauthentication", sChallengeResponseAuthentication },
306 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
307 { "checkmail", sDeprecated },
308 { "listenaddress", sListenAddress },
309 { "printmotd", sPrintMotd },
310 { "printlastlog", sPrintLastLog },
311 { "ignorerhosts", sIgnoreRhosts },
312 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
313 { "x11forwarding", sX11Forwarding },
314 { "x11displayoffset", sX11DisplayOffset },
315 { "xauthlocation", sXAuthLocation },
316 { "strictmodes", sStrictModes },
317 { "permitemptypasswords", sEmptyPasswd },
318 { "uselogin", sUseLogin },
319 { "keepalive", sKeepAlives },
320 { "allowtcpforwarding", sAllowTcpForwarding },
321 { "allowusers", sAllowUsers },
322 { "denyusers", sDenyUsers },
323 { "allowgroups", sAllowGroups },
324 { "denygroups", sDenyGroups },
325 { "ciphers", sCiphers },
326 { "macs", sMacs },
327 { "protocol", sProtocol },
328 { "gatewayports", sGatewayPorts },
329 { "subsystem", sSubsystem },
330 { "maxstartups", sMaxStartups },
331 { "banner", sBanner },
332 { "reversemappingcheck", sReverseMappingCheck },
333 { "clientaliveinterval", sClientAliveInterval },
334 { "clientalivecountmax", sClientAliveCountMax },
335 { "authorizedkeysfile", sAuthorizedKeysFile },
336 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
337 { NULL, 0 }
338};
339
340/*
341 * Returns the number of the token pointed to by cp or sBadOption.
342 */
343
344static ServerOpCodes
345parse_token(const char *cp, const char *filename,
346 int linenum)
347{
348 u_int i;
349
350 for (i = 0; keywords[i].name; i++)
351 if (strcasecmp(cp, keywords[i].name) == 0)
352 return keywords[i].opcode;
353
354 error("%s: line %d: Bad configuration option: %s",
355 filename, linenum, cp);
356 return sBadOption;
357}
358
359static void
360add_listen_addr(ServerOptions *options, char *addr, u_short port)
361{
362 int i;
363
364 if (options->num_ports == 0)
365 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
366 if (port == 0)
367 for (i = 0; i < options->num_ports; i++)
368 add_one_listen_addr(options, addr, options->ports[i]);
369 else
370 add_one_listen_addr(options, addr, port);
371}
372
373static void
374add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
375{
376 struct addrinfo hints, *ai, *aitop;
377 char strport[NI_MAXSERV];
378 int gaierr;
379
380 memset(&hints, 0, sizeof(hints));
381 hints.ai_family = IPv4or6;
382 hints.ai_socktype = SOCK_STREAM;
383 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
384 snprintf(strport, sizeof strport, "%d", port);
385 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
386 fatal("bad addr or host: %s (%s)",
387 addr ? addr : "<NULL>",
388 gai_strerror(gaierr));
389 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
390 ;
391 ai->ai_next = options->listen_addrs;
392 options->listen_addrs = aitop;
393}
394
395/* Reads the server configuration file. */
396
397void
398read_server_config(ServerOptions *options, const char *filename)
399{
400 FILE *f;
401 char line[1024];
402 char *cp, **charptr, *arg, *p;
403 int linenum, *intptr, value;
404 int bad_options = 0;
405 ServerOpCodes opcode;
406 int i, n;
407
408 f = fopen(filename, "r");
409 if (!f) {
410 perror(filename);
411 exit(1);
412 }
413 linenum = 0;
414 while (fgets(line, sizeof(line), f)) {
415 linenum++;
416 cp = line;
417 arg = strdelim(&cp);
418 /* Ignore leading whitespace */
419 if (*arg == '\0')
420 arg = strdelim(&cp);
421 if (!arg || !*arg || *arg == '#')
422 continue;
423 intptr = NULL;
424 charptr = NULL;
425 opcode = parse_token(arg, filename, linenum);
426 switch (opcode) {
427 case sBadOption:
428 bad_options++;
429 continue;
430
431 /* Portable-specific options */
432 case sPAMAuthenticationViaKbdInt:
433 intptr = &options->pam_authentication_via_kbd_int;
434 goto parse_flag;
435
436 /* Standard Options */
437 case sPort:
438 /* ignore ports from configfile if cmdline specifies ports */
439 if (options->ports_from_cmdline)
440 continue;
441 if (options->listen_addrs != NULL)
442 fatal("%s line %d: ports must be specified before "
443 "ListenAdress.", filename, linenum);
444 if (options->num_ports >= MAX_PORTS)
445 fatal("%s line %d: too many ports.",
446 filename, linenum);
447 arg = strdelim(&cp);
448 if (!arg || *arg == '\0')
449 fatal("%s line %d: missing port number.",
450 filename, linenum);
451 options->ports[options->num_ports++] = a2port(arg);
452 if (options->ports[options->num_ports-1] == 0)
453 fatal("%s line %d: Badly formatted port number.",
454 filename, linenum);
455 break;
456
457 case sServerKeyBits:
458 intptr = &options->server_key_bits;
459parse_int:
460 arg = strdelim(&cp);
461 if (!arg || *arg == '\0')
462 fatal("%s line %d: missing integer value.",
463 filename, linenum);
464 value = atoi(arg);
465 if (*intptr == -1)
466 *intptr = value;
467 break;
468
469 case sLoginGraceTime:
470 intptr = &options->login_grace_time;
471parse_time:
472 arg = strdelim(&cp);
473 if (!arg || *arg == '\0')
474 fatal("%s line %d: missing time value.",
475 filename, linenum);
476 if ((value = convtime(arg)) == -1)
477 fatal("%s line %d: invalid time value.",
478 filename, linenum);
479 if (*intptr == -1)
480 *intptr = value;
481 break;
482
483 case sKeyRegenerationTime:
484 intptr = &options->key_regeneration_time;
485 goto parse_time;
486
487 case sListenAddress:
488 arg = strdelim(&cp);
489 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
490 fatal("%s line %d: missing inet addr.",
491 filename, linenum);
492 if (*arg == '[') {
493 if ((p = strchr(arg, ']')) == NULL)
494 fatal("%s line %d: bad ipv6 inet addr usage.",
495 filename, linenum);
496 arg++;
497 memmove(p, p+1, strlen(p+1)+1);
498 } else if (((p = strchr(arg, ':')) == NULL) ||
499 (strchr(p+1, ':') != NULL)) {
500 add_listen_addr(options, arg, 0);
501 break;
502 }
503 if (*p == ':') {
504 u_short port;
505
506 p++;
507 if (*p == '\0')
508 fatal("%s line %d: bad inet addr:port usage.",
509 filename, linenum);
510 else {
511 *(p-1) = '\0';
512 if ((port = a2port(p)) == 0)
513 fatal("%s line %d: bad port number.",
514 filename, linenum);
515 add_listen_addr(options, arg, port);
516 }
517 } else if (*p == '\0')
518 add_listen_addr(options, arg, 0);
519 else
520 fatal("%s line %d: bad inet addr usage.",
521 filename, linenum);
522 break;
523
524 case sHostKeyFile:
525 intptr = &options->num_host_key_files;
526 if (*intptr >= MAX_HOSTKEYS)
527 fatal("%s line %d: too many host keys specified (max %d).",
528 filename, linenum, MAX_HOSTKEYS);
529 charptr = &options->host_key_files[*intptr];
530parse_filename:
531 arg = strdelim(&cp);
532 if (!arg || *arg == '\0')
533 fatal("%s line %d: missing file name.",
534 filename, linenum);
535 if (*charptr == NULL) {
536 *charptr = tilde_expand_filename(arg, getuid());
537 /* increase optional counter */
538 if (intptr != NULL)
539 *intptr = *intptr + 1;
540 }
541 break;
542
543 case sPidFile:
544 charptr = &options->pid_file;
545 goto parse_filename;
546
547 case sPermitRootLogin:
548 intptr = &options->permit_root_login;
549 arg = strdelim(&cp);
550 if (!arg || *arg == '\0')
551 fatal("%s line %d: missing yes/"
552 "without-password/forced-commands-only/no "
553 "argument.", filename, linenum);
554 value = 0; /* silence compiler */
555 if (strcmp(arg, "without-password") == 0)
556 value = PERMIT_NO_PASSWD;
557 else if (strcmp(arg, "forced-commands-only") == 0)
558 value = PERMIT_FORCED_ONLY;
559 else if (strcmp(arg, "yes") == 0)
560 value = PERMIT_YES;
561 else if (strcmp(arg, "no") == 0)
562 value = PERMIT_NO;
563 else
564 fatal("%s line %d: Bad yes/"
565 "without-password/forced-commands-only/no "
566 "argument: %s", filename, linenum, arg);
567 if (*intptr == -1)
568 *intptr = value;
569 break;
570
571 case sIgnoreRhosts:
572 intptr = &options->ignore_rhosts;
573parse_flag:
574 arg = strdelim(&cp);
575 if (!arg || *arg == '\0')
576 fatal("%s line %d: missing yes/no argument.",
577 filename, linenum);
578 value = 0; /* silence compiler */
579 if (strcmp(arg, "yes") == 0)
580 value = 1;
581 else if (strcmp(arg, "no") == 0)
582 value = 0;
583 else
584 fatal("%s line %d: Bad yes/no argument: %s",
585 filename, linenum, arg);
586 if (*intptr == -1)
587 *intptr = value;
588 break;
589
590 case sIgnoreUserKnownHosts:
591 intptr = &options->ignore_user_known_hosts;
592 goto parse_flag;
593
594 case sRhostsAuthentication:
595 intptr = &options->rhosts_authentication;
596 goto parse_flag;
597
598 case sRhostsRSAAuthentication:
599 intptr = &options->rhosts_rsa_authentication;
600 goto parse_flag;
601
602 case sHostbasedAuthentication:
603 intptr = &options->hostbased_authentication;
604 goto parse_flag;
605
606 case sHostbasedUsesNameFromPacketOnly:
607 intptr = &options->hostbased_uses_name_from_packet_only;
608 goto parse_flag;
609
610 case sRSAAuthentication:
611 intptr = &options->rsa_authentication;
612 goto parse_flag;
613
614 case sPubkeyAuthentication:
615 intptr = &options->pubkey_authentication;
616 goto parse_flag;
617#if defined(KRB4) || defined(KRB5)
618 case sKerberosAuthentication:
619 intptr = &options->kerberos_authentication;
620 goto parse_flag;
621
622 case sKerberosOrLocalPasswd:
623 intptr = &options->kerberos_or_local_passwd;
624 goto parse_flag;
625
626 case sKerberosTicketCleanup:
627 intptr = &options->kerberos_ticket_cleanup;
628 goto parse_flag;
629#endif
630#if defined(AFS) || defined(KRB5)
631 case sKerberosTgtPassing:
632 intptr = &options->kerberos_tgt_passing;
633 goto parse_flag;
634#endif
635#ifdef AFS
636 case sAFSTokenPassing:
637 intptr = &options->afs_token_passing;
638 goto parse_flag;
639#endif
640
641 case sPasswordAuthentication:
642 intptr = &options->password_authentication;
643 goto parse_flag;
644
645 case sKbdInteractiveAuthentication:
646 intptr = &options->kbd_interactive_authentication;
647 goto parse_flag;
648
649 case sChallengeResponseAuthentication:
650 intptr = &options->challenge_response_authentication;
651 goto parse_flag;
652
653 case sPrintMotd:
654 intptr = &options->print_motd;
655 goto parse_flag;
656
657 case sPrintLastLog:
658 intptr = &options->print_lastlog;
659 goto parse_flag;
660
661 case sX11Forwarding:
662 intptr = &options->x11_forwarding;
663 goto parse_flag;
664
665 case sX11DisplayOffset:
666 intptr = &options->x11_display_offset;
667 goto parse_int;
668
669 case sXAuthLocation:
670 charptr = &options->xauth_location;
671 goto parse_filename;
672
673 case sStrictModes:
674 intptr = &options->strict_modes;
675 goto parse_flag;
676
677 case sKeepAlives:
678 intptr = &options->keepalives;
679 goto parse_flag;
680
681 case sEmptyPasswd:
682 intptr = &options->permit_empty_passwd;
683 goto parse_flag;
684
685 case sUseLogin:
686 intptr = &options->use_login;
687 goto parse_flag;
688
689 case sGatewayPorts:
690 intptr = &options->gateway_ports;
691 goto parse_flag;
692
693 case sReverseMappingCheck:
694 intptr = &options->reverse_mapping_check;
695 goto parse_flag;
696
697 case sLogFacility:
698 intptr = (int *) &options->log_facility;
699 arg = strdelim(&cp);
700 value = log_facility_number(arg);
701 if (value == (SyslogFacility) - 1)
702 fatal("%.200s line %d: unsupported log facility '%s'",
703 filename, linenum, arg ? arg : "<NONE>");
704 if (*intptr == -1)
705 *intptr = (SyslogFacility) value;
706 break;
707
708 case sLogLevel:
709 intptr = (int *) &options->log_level;
710 arg = strdelim(&cp);
711 value = log_level_number(arg);
712 if (value == (LogLevel) - 1)
713 fatal("%.200s line %d: unsupported log level '%s'",
714 filename, linenum, arg ? arg : "<NONE>");
715 if (*intptr == -1)
716 *intptr = (LogLevel) value;
717 break;
718
719 case sAllowTcpForwarding:
720 intptr = &options->allow_tcp_forwarding;
721 goto parse_flag;
722
723 case sAllowUsers:
724 while ((arg = strdelim(&cp)) && *arg != '\0') {
725 if (options->num_allow_users >= MAX_ALLOW_USERS)
726 fatal("%s line %d: too many allow users.",
727 filename, linenum);
728 options->allow_users[options->num_allow_users++] = xstrdup(arg);
729 }
730 break;
731
732 case sDenyUsers:
733 while ((arg = strdelim(&cp)) && *arg != '\0') {
734 if (options->num_deny_users >= MAX_DENY_USERS)
735 fatal( "%s line %d: too many deny users.",
736 filename, linenum);
737 options->deny_users[options->num_deny_users++] = xstrdup(arg);
738 }
739 break;
740
741 case sAllowGroups:
742 while ((arg = strdelim(&cp)) && *arg != '\0') {
743 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
744 fatal("%s line %d: too many allow groups.",
745 filename, linenum);
746 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
747 }
748 break;
749
750 case sDenyGroups:
751 while ((arg = strdelim(&cp)) && *arg != '\0') {
752 if (options->num_deny_groups >= MAX_DENY_GROUPS)
753 fatal("%s line %d: too many deny groups.",
754 filename, linenum);
755 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
756 }
757 break;
758
759 case sCiphers:
760 arg = strdelim(&cp);
761 if (!arg || *arg == '\0')
762 fatal("%s line %d: Missing argument.", filename, linenum);
763 if (!ciphers_valid(arg))
764 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
765 filename, linenum, arg ? arg : "<NONE>");
766 if (options->ciphers == NULL)
767 options->ciphers = xstrdup(arg);
768 break;
769
770 case sMacs:
771 arg = strdelim(&cp);
772 if (!arg || *arg == '\0')
773 fatal("%s line %d: Missing argument.", filename, linenum);
774 if (!mac_valid(arg))
775 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
776 filename, linenum, arg ? arg : "<NONE>");
777 if (options->macs == NULL)
778 options->macs = xstrdup(arg);
779 break;
780
781 case sProtocol:
782 intptr = &options->protocol;
783 arg = strdelim(&cp);
784 if (!arg || *arg == '\0')
785 fatal("%s line %d: Missing argument.", filename, linenum);
786 value = proto_spec(arg);
787 if (value == SSH_PROTO_UNKNOWN)
788 fatal("%s line %d: Bad protocol spec '%s'.",
789 filename, linenum, arg ? arg : "<NONE>");
790 if (*intptr == SSH_PROTO_UNKNOWN)
791 *intptr = value;
792 break;
793
794 case sSubsystem:
795 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
796 fatal("%s line %d: too many subsystems defined.",
797 filename, linenum);
798 }
799 arg = strdelim(&cp);
800 if (!arg || *arg == '\0')
801 fatal("%s line %d: Missing subsystem name.",
802 filename, linenum);
803 for (i = 0; i < options->num_subsystems; i++)
804 if(strcmp(arg, options->subsystem_name[i]) == 0)
805 fatal("%s line %d: Subsystem '%s' already defined.",
806 filename, linenum, arg);
807 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
808 arg = strdelim(&cp);
809 if (!arg || *arg == '\0')
810 fatal("%s line %d: Missing subsystem command.",
811 filename, linenum);
812 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
813 options->num_subsystems++;
814 break;
815
816 case sMaxStartups:
817 arg = strdelim(&cp);
818 if (!arg || *arg == '\0')
819 fatal("%s line %d: Missing MaxStartups spec.",
820 filename, linenum);
821 if ((n = sscanf(arg, "%d:%d:%d",
822 &options->max_startups_begin,
823 &options->max_startups_rate,
824 &options->max_startups)) == 3) {
825 if (options->max_startups_begin >
826 options->max_startups ||
827 options->max_startups_rate > 100 ||
828 options->max_startups_rate < 1)
829 fatal("%s line %d: Illegal MaxStartups spec.",
830 filename, linenum);
831 } else if (n != 1)
832 fatal("%s line %d: Illegal MaxStartups spec.",
833 filename, linenum);
834 else
835 options->max_startups = options->max_startups_begin;
836 break;
837
838 case sBanner:
839 charptr = &options->banner;
840 goto parse_filename;
841 /*
842 * These options can contain %X options expanded at
843 * connect time, so that you can specify paths like:
844 *
845 * AuthorizedKeysFile /etc/ssh_keys/%u
846 */
847 case sAuthorizedKeysFile:
848 case sAuthorizedKeysFile2:
849 charptr = (opcode == sAuthorizedKeysFile ) ?
850 &options->authorized_keys_file :
851 &options->authorized_keys_file2;
852 goto parse_filename;
853
854 case sClientAliveInterval:
855 intptr = &options->client_alive_interval;
856 goto parse_time;
857
858 case sClientAliveCountMax:
859 intptr = &options->client_alive_count_max;
860 goto parse_int;
861
862 case sDeprecated:
863 log("%s line %d: Deprecated option %s",
864 filename, linenum, arg);
865 while(arg)
866 arg = strdelim(&cp);
867 break;
868
869 default:
870 fatal("%s line %d: Missing handler for opcode %s (%d)",
871 filename, linenum, arg, opcode);
872 }
873 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
874 fatal("%s line %d: garbage at end of line; \"%.200s\".",
875 filename, linenum, arg);
876 }
877 fclose(f);
878 if (bad_options > 0)
879 fatal("%s: terminating, %d bad configuration options",
880 filename, bad_options);
881}
git-cvsimport mirror of GSI OpenSSH
This page took 0.164239 seconds and 5 git commands to generate.