]> andersk Git - gssapi-openssh.git/blame - openssh/servconf.c
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Initial revision
[gssapi-openssh.git] / openssh / servconf.c
CommitLineData
3c0ef626 1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.91 2001/11/12 18:17:07 markus Exp $");
14
63119dd9 15#if defined(KRB4)
3c0ef626 16#include <krb.h>
17#endif
63119dd9 18#if defined(KRB5)
19#ifdef HEIMDAL
20#include <krb.h>
21#else
22/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
23 * keytab */
24#define KEYFILE "/etc/krb5.keytab"
25#endif
26#endif
3c0ef626 27#ifdef AFS
28#include <kafs.h>
29#endif
30
31#include "ssh.h"
32#include "log.h"
33#include "servconf.h"
34#include "xmalloc.h"
35#include "compat.h"
36#include "pathnames.h"
37#include "tildexpand.h"
38#include "misc.h"
39#include "cipher.h"
40#include "kex.h"
41#include "mac.h"
42
43static void add_listen_addr(ServerOptions *, char *, u_short);
44static void add_one_listen_addr(ServerOptions *, char *, u_short);
45
46/* AF_UNSPEC or AF_INET or AF_INET6 */
47extern int IPv4or6;
48
49/* Initializes the server options to their default values. */
50
51void
52initialize_server_options(ServerOptions *options)
53{
54 memset(options, 0, sizeof(*options));
55
56 /* Portable-specific options */
57 options->pam_authentication_via_kbd_int = -1;
58
59 /* Standard Options */
60 options->num_ports = 0;
61 options->ports_from_cmdline = 0;
62 options->listen_addrs = NULL;
63 options->num_host_key_files = 0;
64 options->pid_file = NULL;
65 options->server_key_bits = -1;
66 options->login_grace_time = -1;
67 options->key_regeneration_time = -1;
68 options->permit_root_login = PERMIT_NOT_SET;
69 options->ignore_rhosts = -1;
70 options->ignore_user_known_hosts = -1;
71 options->print_motd = -1;
72 options->print_lastlog = -1;
73 options->x11_forwarding = -1;
74 options->x11_display_offset = -1;
75 options->xauth_location = NULL;
76 options->strict_modes = -1;
77 options->keepalives = -1;
78 options->log_facility = (SyslogFacility) - 1;
79 options->log_level = (LogLevel) - 1;
80 options->rhosts_authentication = -1;
81 options->rhosts_rsa_authentication = -1;
82 options->hostbased_authentication = -1;
83 options->hostbased_uses_name_from_packet_only = -1;
84 options->rsa_authentication = -1;
85 options->pubkey_authentication = -1;
5598e598 86#ifdef GSSAPI
87 options->gss_authentication=-1;
88 options->gss_keyex=-1;
89 options->gss_use_session_ccache = -1;
90 options->gss_cleanup_creds = -1;
91#endif
3c0ef626 92#if defined(KRB4) || defined(KRB5)
93 options->kerberos_authentication = -1;
94 options->kerberos_or_local_passwd = -1;
95 options->kerberos_ticket_cleanup = -1;
96#endif
97#if defined(AFS) || defined(KRB5)
98 options->kerberos_tgt_passing = -1;
99#endif
100#ifdef AFS
101 options->afs_token_passing = -1;
102#endif
103 options->password_authentication = -1;
104 options->kbd_interactive_authentication = -1;
105 options->challenge_response_authentication = -1;
106 options->permit_empty_passwd = -1;
107 options->use_login = -1;
108 options->allow_tcp_forwarding = -1;
109 options->num_allow_users = 0;
110 options->num_deny_users = 0;
111 options->num_allow_groups = 0;
112 options->num_deny_groups = 0;
113 options->ciphers = NULL;
114 options->macs = NULL;
115 options->protocol = SSH_PROTO_UNKNOWN;
116 options->gateway_ports = -1;
117 options->num_subsystems = 0;
118 options->max_startups_begin = -1;
119 options->max_startups_rate = -1;
120 options->max_startups = -1;
121 options->banner = NULL;
122 options->reverse_mapping_check = -1;
123 options->client_alive_interval = -1;
124 options->client_alive_count_max = -1;
125 options->authorized_keys_file = NULL;
126 options->authorized_keys_file2 = NULL;
127}
128
129void
130fill_default_server_options(ServerOptions *options)
131{
132 /* Portable-specific options */
133 if (options->pam_authentication_via_kbd_int == -1)
134 options->pam_authentication_via_kbd_int = 0;
135
136 /* Standard Options */
137 if (options->protocol == SSH_PROTO_UNKNOWN)
138 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
139 if (options->num_host_key_files == 0) {
140 /* fill default hostkeys for protocols */
141 if (options->protocol & SSH_PROTO_1)
142 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
143 if (options->protocol & SSH_PROTO_2)
144 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
145 }
146 if (options->num_ports == 0)
147 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
148 if (options->listen_addrs == NULL)
149 add_listen_addr(options, NULL, 0);
150 if (options->pid_file == NULL)
151 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
152 if (options->server_key_bits == -1)
153 options->server_key_bits = 768;
154 if (options->login_grace_time == -1)
155 options->login_grace_time = 600;
156 if (options->key_regeneration_time == -1)
157 options->key_regeneration_time = 3600;
158 if (options->permit_root_login == PERMIT_NOT_SET)
159 options->permit_root_login = PERMIT_YES;
160 if (options->ignore_rhosts == -1)
161 options->ignore_rhosts = 1;
162 if (options->ignore_user_known_hosts == -1)
163 options->ignore_user_known_hosts = 0;
164 if (options->print_motd == -1)
165 options->print_motd = 1;
166 if (options->print_lastlog == -1)
167 options->print_lastlog = 1;
168 if (options->x11_forwarding == -1)
169 options->x11_forwarding = 0;
170 if (options->x11_display_offset == -1)
171 options->x11_display_offset = 10;
172#ifdef _PATH_XAUTH
173 if (options->xauth_location == NULL)
174 options->xauth_location = _PATH_XAUTH;
175#endif
176 if (options->strict_modes == -1)
177 options->strict_modes = 1;
178 if (options->keepalives == -1)
179 options->keepalives = 1;
180 if (options->log_facility == (SyslogFacility) (-1))
181 options->log_facility = SYSLOG_FACILITY_AUTH;
182 if (options->log_level == (LogLevel) (-1))
183 options->log_level = SYSLOG_LEVEL_INFO;
184 if (options->rhosts_authentication == -1)
185 options->rhosts_authentication = 0;
186 if (options->rhosts_rsa_authentication == -1)
187 options->rhosts_rsa_authentication = 0;
188 if (options->hostbased_authentication == -1)
189 options->hostbased_authentication = 0;
190 if (options->hostbased_uses_name_from_packet_only == -1)
191 options->hostbased_uses_name_from_packet_only = 0;
192 if (options->rsa_authentication == -1)
193 options->rsa_authentication = 1;
194 if (options->pubkey_authentication == -1)
195 options->pubkey_authentication = 1;
5598e598 196#ifdef GSSAPI
197 if (options->gss_authentication == -1)
198 options->gss_authentication = 1;
199 if (options->gss_keyex == -1)
200 options->gss_keyex =1;
201 if (options->gss_use_session_ccache == -1)
202 options->gss_use_session_ccache = 1;
203 if (options->gss_cleanup_creds == -1)
204 options->gss_cleanup_creds = 1;
205#endif
3c0ef626 206#if defined(KRB4) || defined(KRB5)
207 if (options->kerberos_authentication == -1)
208 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
209 if (options->kerberos_or_local_passwd == -1)
210 options->kerberos_or_local_passwd = 1;
211 if (options->kerberos_ticket_cleanup == -1)
212 options->kerberos_ticket_cleanup = 1;
213#endif
214#if defined(AFS) || defined(KRB5)
215 if (options->kerberos_tgt_passing == -1)
216 options->kerberos_tgt_passing = 0;
217#endif
218#ifdef AFS
219 if (options->afs_token_passing == -1)
220 options->afs_token_passing = k_hasafs();
221#endif
222 if (options->password_authentication == -1)
223 options->password_authentication = 1;
224 if (options->kbd_interactive_authentication == -1)
225 options->kbd_interactive_authentication = 0;
226 if (options->challenge_response_authentication == -1)
227 options->challenge_response_authentication = 1;
228 if (options->permit_empty_passwd == -1)
229 options->permit_empty_passwd = 0;
230 if (options->use_login == -1)
231 options->use_login = 0;
232 if (options->allow_tcp_forwarding == -1)
233 options->allow_tcp_forwarding = 1;
234 if (options->gateway_ports == -1)
235 options->gateway_ports = 0;
236 if (options->max_startups == -1)
237 options->max_startups = 10;
238 if (options->max_startups_rate == -1)
239 options->max_startups_rate = 100; /* 100% */
240 if (options->max_startups_begin == -1)
241 options->max_startups_begin = options->max_startups;
242 if (options->reverse_mapping_check == -1)
243 options->reverse_mapping_check = 0;
244 if (options->client_alive_interval == -1)
245 options->client_alive_interval = 0;
246 if (options->client_alive_count_max == -1)
247 options->client_alive_count_max = 3;
248 if (options->authorized_keys_file2 == NULL) {
249 /* authorized_keys_file2 falls back to authorized_keys_file */
250 if (options->authorized_keys_file != NULL)
251 options->authorized_keys_file2 = options->authorized_keys_file;
252 else
253 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
254 }
255 if (options->authorized_keys_file == NULL)
256 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
257}
258
259/* Keyword tokens. */
260typedef enum {
261 sBadOption, /* == unknown option */
262 /* Portable-specific options */
263 sPAMAuthenticationViaKbdInt,
264 /* Standard Options */
265 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
266 sPermitRootLogin, sLogFacility, sLogLevel,
267 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
5598e598 268#ifdef GSSAPI
269 sGssAuthentication, sGssKeyEx, sGssUseSessionCredCache, sGssCleanupCreds,
270#endif
3c0ef626 271#if defined(KRB4) || defined(KRB5)
272 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
273#endif
274#if defined(AFS) || defined(KRB5)
275 sKerberosTgtPassing,
276#endif
277#ifdef AFS
278 sAFSTokenPassing,
279#endif
280 sChallengeResponseAuthentication,
281 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
282 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
283 sX11Forwarding, sX11DisplayOffset,
284 sStrictModes, sEmptyPasswd, sKeepAlives,
285 sUseLogin, sAllowTcpForwarding,
286 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
287 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
288 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
289 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
290 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
291 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
292 sDeprecated
293} ServerOpCodes;
294
295/* Textual representation of the tokens. */
296static struct {
297 const char *name;
298 ServerOpCodes opcode;
299} keywords[] = {
300 /* Portable-specific options */
301 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
302 /* Standard Options */
303 { "port", sPort },
304 { "hostkey", sHostKeyFile },
305 { "hostdsakey", sHostKeyFile }, /* alias */
306 { "pidfile", sPidFile },
307 { "serverkeybits", sServerKeyBits },
308 { "logingracetime", sLoginGraceTime },
309 { "keyregenerationinterval", sKeyRegenerationTime },
310 { "permitrootlogin", sPermitRootLogin },
311 { "syslogfacility", sLogFacility },
312 { "loglevel", sLogLevel },
313 { "rhostsauthentication", sRhostsAuthentication },
314 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
315 { "hostbasedauthentication", sHostbasedAuthentication },
316 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
317 { "rsaauthentication", sRSAAuthentication },
318 { "pubkeyauthentication", sPubkeyAuthentication },
319 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
5598e598 320#ifdef GSSAPI
321 { "gssapiauthentication", sGssAuthentication },
322 { "gssapikeyexchange", sGssKeyEx },
323 { "gssusesessionccache", sGssUseSessionCredCache },
324 { "gssapiusesessioncredcache", sGssUseSessionCredCache },
325 { "gssapicleanupcreds", sGssCleanupCreds },
326#endif
3c0ef626 327#if defined(KRB4) || defined(KRB5)
328 { "kerberosauthentication", sKerberosAuthentication },
329 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
330 { "kerberosticketcleanup", sKerberosTicketCleanup },
331#endif
332#if defined(AFS) || defined(KRB5)
333 { "kerberostgtpassing", sKerberosTgtPassing },
334#endif
335#ifdef AFS
336 { "afstokenpassing", sAFSTokenPassing },
337#endif
338 { "passwordauthentication", sPasswordAuthentication },
339 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
340 { "challengeresponseauthentication", sChallengeResponseAuthentication },
341 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
342 { "checkmail", sDeprecated },
343 { "listenaddress", sListenAddress },
344 { "printmotd", sPrintMotd },
345 { "printlastlog", sPrintLastLog },
346 { "ignorerhosts", sIgnoreRhosts },
347 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
348 { "x11forwarding", sX11Forwarding },
349 { "x11displayoffset", sX11DisplayOffset },
350 { "xauthlocation", sXAuthLocation },
351 { "strictmodes", sStrictModes },
352 { "permitemptypasswords", sEmptyPasswd },
353 { "uselogin", sUseLogin },
354 { "keepalive", sKeepAlives },
355 { "allowtcpforwarding", sAllowTcpForwarding },
356 { "allowusers", sAllowUsers },
357 { "denyusers", sDenyUsers },
358 { "allowgroups", sAllowGroups },
359 { "denygroups", sDenyGroups },
360 { "ciphers", sCiphers },
361 { "macs", sMacs },
362 { "protocol", sProtocol },
363 { "gatewayports", sGatewayPorts },
364 { "subsystem", sSubsystem },
365 { "maxstartups", sMaxStartups },
366 { "banner", sBanner },
367 { "reversemappingcheck", sReverseMappingCheck },
368 { "clientaliveinterval", sClientAliveInterval },
369 { "clientalivecountmax", sClientAliveCountMax },
370 { "authorizedkeysfile", sAuthorizedKeysFile },
371 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
372 { NULL, 0 }
373};
374
375/*
376 * Returns the number of the token pointed to by cp or sBadOption.
377 */
378
379static ServerOpCodes
380parse_token(const char *cp, const char *filename,
381 int linenum)
382{
383 u_int i;
384
385 for (i = 0; keywords[i].name; i++)
386 if (strcasecmp(cp, keywords[i].name) == 0)
387 return keywords[i].opcode;
388
389 error("%s: line %d: Bad configuration option: %s",
390 filename, linenum, cp);
391 return sBadOption;
392}
393
394static void
395add_listen_addr(ServerOptions *options, char *addr, u_short port)
396{
397 int i;
398
399 if (options->num_ports == 0)
400 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
401 if (port == 0)
402 for (i = 0; i < options->num_ports; i++)
403 add_one_listen_addr(options, addr, options->ports[i]);
404 else
405 add_one_listen_addr(options, addr, port);
406}
407
408static void
409add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
410{
411 struct addrinfo hints, *ai, *aitop;
412 char strport[NI_MAXSERV];
413 int gaierr;
414
415 memset(&hints, 0, sizeof(hints));
416 hints.ai_family = IPv4or6;
417 hints.ai_socktype = SOCK_STREAM;
418 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
419 snprintf(strport, sizeof strport, "%d", port);
420 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
421 fatal("bad addr or host: %s (%s)",
422 addr ? addr : "<NULL>",
423 gai_strerror(gaierr));
424 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
425 ;
426 ai->ai_next = options->listen_addrs;
427 options->listen_addrs = aitop;
428}
429
430/* Reads the server configuration file. */
431
432void
433read_server_config(ServerOptions *options, const char *filename)
434{
435 FILE *f;
436 char line[1024];
437 char *cp, **charptr, *arg, *p;
438 int linenum, *intptr, value;
439 int bad_options = 0;
440 ServerOpCodes opcode;
441 int i, n;
442
443 f = fopen(filename, "r");
444 if (!f) {
445 perror(filename);
446 exit(1);
447 }
448 linenum = 0;
449 while (fgets(line, sizeof(line), f)) {
450 linenum++;
451 cp = line;
452 arg = strdelim(&cp);
453 /* Ignore leading whitespace */
454 if (*arg == '\0')
455 arg = strdelim(&cp);
456 if (!arg || !*arg || *arg == '#')
457 continue;
458 intptr = NULL;
459 charptr = NULL;
460 opcode = parse_token(arg, filename, linenum);
461 switch (opcode) {
462 case sBadOption:
463 bad_options++;
464 continue;
465
466 /* Portable-specific options */
467 case sPAMAuthenticationViaKbdInt:
468 intptr = &options->pam_authentication_via_kbd_int;
469 goto parse_flag;
470
471 /* Standard Options */
472 case sPort:
473 /* ignore ports from configfile if cmdline specifies ports */
474 if (options->ports_from_cmdline)
475 continue;
476 if (options->listen_addrs != NULL)
477 fatal("%s line %d: ports must be specified before "
478 "ListenAdress.", filename, linenum);
479 if (options->num_ports >= MAX_PORTS)
480 fatal("%s line %d: too many ports.",
481 filename, linenum);
482 arg = strdelim(&cp);
483 if (!arg || *arg == '\0')
484 fatal("%s line %d: missing port number.",
485 filename, linenum);
486 options->ports[options->num_ports++] = a2port(arg);
487 if (options->ports[options->num_ports-1] == 0)
488 fatal("%s line %d: Badly formatted port number.",
489 filename, linenum);
490 break;
491
492 case sServerKeyBits:
493 intptr = &options->server_key_bits;
494parse_int:
495 arg = strdelim(&cp);
496 if (!arg || *arg == '\0')
497 fatal("%s line %d: missing integer value.",
498 filename, linenum);
499 value = atoi(arg);
500 if (*intptr == -1)
501 *intptr = value;
502 break;
503
504 case sLoginGraceTime:
505 intptr = &options->login_grace_time;
506parse_time:
507 arg = strdelim(&cp);
508 if (!arg || *arg == '\0')
509 fatal("%s line %d: missing time value.",
510 filename, linenum);
511 if ((value = convtime(arg)) == -1)
512 fatal("%s line %d: invalid time value.",
513 filename, linenum);
514 if (*intptr == -1)
515 *intptr = value;
516 break;
517
518 case sKeyRegenerationTime:
519 intptr = &options->key_regeneration_time;
520 goto parse_time;
521
522 case sListenAddress:
523 arg = strdelim(&cp);
524 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
525 fatal("%s line %d: missing inet addr.",
526 filename, linenum);
527 if (*arg == '[') {
528 if ((p = strchr(arg, ']')) == NULL)
529 fatal("%s line %d: bad ipv6 inet addr usage.",
530 filename, linenum);
531 arg++;
532 memmove(p, p+1, strlen(p+1)+1);
533 } else if (((p = strchr(arg, ':')) == NULL) ||
534 (strchr(p+1, ':') != NULL)) {
535 add_listen_addr(options, arg, 0);
536 break;
537 }
538 if (*p == ':') {
539 u_short port;
540
541 p++;
542 if (*p == '\0')
543 fatal("%s line %d: bad inet addr:port usage.",
544 filename, linenum);
545 else {
546 *(p-1) = '\0';
547 if ((port = a2port(p)) == 0)
548 fatal("%s line %d: bad port number.",
549 filename, linenum);
550 add_listen_addr(options, arg, port);
551 }
552 } else if (*p == '\0')
553 add_listen_addr(options, arg, 0);
554 else
555 fatal("%s line %d: bad inet addr usage.",
556 filename, linenum);
557 break;
558
559 case sHostKeyFile:
560 intptr = &options->num_host_key_files;
561 if (*intptr >= MAX_HOSTKEYS)
562 fatal("%s line %d: too many host keys specified (max %d).",
563 filename, linenum, MAX_HOSTKEYS);
564 charptr = &options->host_key_files[*intptr];
565parse_filename:
566 arg = strdelim(&cp);
567 if (!arg || *arg == '\0')
568 fatal("%s line %d: missing file name.",
569 filename, linenum);
570 if (*charptr == NULL) {
571 *charptr = tilde_expand_filename(arg, getuid());
572 /* increase optional counter */
573 if (intptr != NULL)
574 *intptr = *intptr + 1;
575 }
576 break;
577
578 case sPidFile:
579 charptr = &options->pid_file;
580 goto parse_filename;
581
582 case sPermitRootLogin:
583 intptr = &options->permit_root_login;
584 arg = strdelim(&cp);
585 if (!arg || *arg == '\0')
586 fatal("%s line %d: missing yes/"
587 "without-password/forced-commands-only/no "
588 "argument.", filename, linenum);
589 value = 0; /* silence compiler */
590 if (strcmp(arg, "without-password") == 0)
591 value = PERMIT_NO_PASSWD;
592 else if (strcmp(arg, "forced-commands-only") == 0)
593 value = PERMIT_FORCED_ONLY;
594 else if (strcmp(arg, "yes") == 0)
595 value = PERMIT_YES;
596 else if (strcmp(arg, "no") == 0)
597 value = PERMIT_NO;
598 else
599 fatal("%s line %d: Bad yes/"
600 "without-password/forced-commands-only/no "
601 "argument: %s", filename, linenum, arg);
602 if (*intptr == -1)
603 *intptr = value;
604 break;
605
606 case sIgnoreRhosts:
607 intptr = &options->ignore_rhosts;
608parse_flag:
609 arg = strdelim(&cp);
610 if (!arg || *arg == '\0')
611 fatal("%s line %d: missing yes/no argument.",
612 filename, linenum);
613 value = 0; /* silence compiler */
614 if (strcmp(arg, "yes") == 0)
615 value = 1;
616 else if (strcmp(arg, "no") == 0)
617 value = 0;
618 else
619 fatal("%s line %d: Bad yes/no argument: %s",
620 filename, linenum, arg);
621 if (*intptr == -1)
622 *intptr = value;
623 break;
624
625 case sIgnoreUserKnownHosts:
626 intptr = &options->ignore_user_known_hosts;
627 goto parse_flag;
628
629 case sRhostsAuthentication:
630 intptr = &options->rhosts_authentication;
631 goto parse_flag;
632
633 case sRhostsRSAAuthentication:
634 intptr = &options->rhosts_rsa_authentication;
635 goto parse_flag;
636
637 case sHostbasedAuthentication:
638 intptr = &options->hostbased_authentication;
639 goto parse_flag;
640
641 case sHostbasedUsesNameFromPacketOnly:
642 intptr = &options->hostbased_uses_name_from_packet_only;
643 goto parse_flag;
644
645 case sRSAAuthentication:
646 intptr = &options->rsa_authentication;
647 goto parse_flag;
648
649 case sPubkeyAuthentication:
650 intptr = &options->pubkey_authentication;
651 goto parse_flag;
5598e598 652#ifdef GSSAPI
653 case sGssAuthentication:
654 intptr = &options->gss_authentication;
655 goto parse_flag;
656 case sGssKeyEx:
657 intptr = &options->gss_keyex;
658 goto parse_flag;
659 case sGssUseSessionCredCache:
660 intptr = &options->gss_use_session_ccache;
661 goto parse_flag;
662 case sGssCleanupCreds:
663 intptr = &options->gss_cleanup_creds;
664 goto parse_flag;
665#endif
3c0ef626 666#if defined(KRB4) || defined(KRB5)
667 case sKerberosAuthentication:
668 intptr = &options->kerberos_authentication;
669 goto parse_flag;
670
671 case sKerberosOrLocalPasswd:
672 intptr = &options->kerberos_or_local_passwd;
673 goto parse_flag;
674
675 case sKerberosTicketCleanup:
676 intptr = &options->kerberos_ticket_cleanup;
677 goto parse_flag;
678#endif
679#if defined(AFS) || defined(KRB5)
680 case sKerberosTgtPassing:
681 intptr = &options->kerberos_tgt_passing;
682 goto parse_flag;
683#endif
684#ifdef AFS
685 case sAFSTokenPassing:
686 intptr = &options->afs_token_passing;
687 goto parse_flag;
688#endif
689
690 case sPasswordAuthentication:
691 intptr = &options->password_authentication;
692 goto parse_flag;
693
694 case sKbdInteractiveAuthentication:
695 intptr = &options->kbd_interactive_authentication;
696 goto parse_flag;
697
698 case sChallengeResponseAuthentication:
699 intptr = &options->challenge_response_authentication;
700 goto parse_flag;
701
702 case sPrintMotd:
703 intptr = &options->print_motd;
704 goto parse_flag;
705
706 case sPrintLastLog:
707 intptr = &options->print_lastlog;
708 goto parse_flag;
709
710 case sX11Forwarding:
711 intptr = &options->x11_forwarding;
712 goto parse_flag;
713
714 case sX11DisplayOffset:
715 intptr = &options->x11_display_offset;
716 goto parse_int;
717
718 case sXAuthLocation:
719 charptr = &options->xauth_location;
720 goto parse_filename;
721
722 case sStrictModes:
723 intptr = &options->strict_modes;
724 goto parse_flag;
725
726 case sKeepAlives:
727 intptr = &options->keepalives;
728 goto parse_flag;
729
730 case sEmptyPasswd:
731 intptr = &options->permit_empty_passwd;
732 goto parse_flag;
733
734 case sUseLogin:
735 intptr = &options->use_login;
736 goto parse_flag;
737
738 case sGatewayPorts:
739 intptr = &options->gateway_ports;
740 goto parse_flag;
741
742 case sReverseMappingCheck:
743 intptr = &options->reverse_mapping_check;
744 goto parse_flag;
745
746 case sLogFacility:
747 intptr = (int *) &options->log_facility;
748 arg = strdelim(&cp);
749 value = log_facility_number(arg);
750 if (value == (SyslogFacility) - 1)
751 fatal("%.200s line %d: unsupported log facility '%s'",
752 filename, linenum, arg ? arg : "<NONE>");
753 if (*intptr == -1)
754 *intptr = (SyslogFacility) value;
755 break;
756
757 case sLogLevel:
758 intptr = (int *) &options->log_level;
759 arg = strdelim(&cp);
760 value = log_level_number(arg);
761 if (value == (LogLevel) - 1)
762 fatal("%.200s line %d: unsupported log level '%s'",
763 filename, linenum, arg ? arg : "<NONE>");
764 if (*intptr == -1)
765 *intptr = (LogLevel) value;
766 break;
767
768 case sAllowTcpForwarding:
769 intptr = &options->allow_tcp_forwarding;
770 goto parse_flag;
771
772 case sAllowUsers:
773 while ((arg = strdelim(&cp)) && *arg != '\0') {
774 if (options->num_allow_users >= MAX_ALLOW_USERS)
775 fatal("%s line %d: too many allow users.",
776 filename, linenum);
777 options->allow_users[options->num_allow_users++] = xstrdup(arg);
778 }
779 break;
780
781 case sDenyUsers:
782 while ((arg = strdelim(&cp)) && *arg != '\0') {
783 if (options->num_deny_users >= MAX_DENY_USERS)
784 fatal( "%s line %d: too many deny users.",
785 filename, linenum);
786 options->deny_users[options->num_deny_users++] = xstrdup(arg);
787 }
788 break;
789
790 case sAllowGroups:
791 while ((arg = strdelim(&cp)) && *arg != '\0') {
792 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
793 fatal("%s line %d: too many allow groups.",
794 filename, linenum);
795 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
796 }
797 break;
798
799 case sDenyGroups:
800 while ((arg = strdelim(&cp)) && *arg != '\0') {
801 if (options->num_deny_groups >= MAX_DENY_GROUPS)
802 fatal("%s line %d: too many deny groups.",
803 filename, linenum);
804 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
805 }
806 break;
807
808 case sCiphers:
809 arg = strdelim(&cp);
810 if (!arg || *arg == '\0')
811 fatal("%s line %d: Missing argument.", filename, linenum);
812 if (!ciphers_valid(arg))
813 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
814 filename, linenum, arg ? arg : "<NONE>");
815 if (options->ciphers == NULL)
816 options->ciphers = xstrdup(arg);
817 break;
818
819 case sMacs:
820 arg = strdelim(&cp);
821 if (!arg || *arg == '\0')
822 fatal("%s line %d: Missing argument.", filename, linenum);
823 if (!mac_valid(arg))
824 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
825 filename, linenum, arg ? arg : "<NONE>");
826 if (options->macs == NULL)
827 options->macs = xstrdup(arg);
828 break;
829
830 case sProtocol:
831 intptr = &options->protocol;
832 arg = strdelim(&cp);
833 if (!arg || *arg == '\0')
834 fatal("%s line %d: Missing argument.", filename, linenum);
835 value = proto_spec(arg);
836 if (value == SSH_PROTO_UNKNOWN)
837 fatal("%s line %d: Bad protocol spec '%s'.",
838 filename, linenum, arg ? arg : "<NONE>");
839 if (*intptr == SSH_PROTO_UNKNOWN)
840 *intptr = value;
841 break;
842
843 case sSubsystem:
844 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
845 fatal("%s line %d: too many subsystems defined.",
846 filename, linenum);
847 }
848 arg = strdelim(&cp);
849 if (!arg || *arg == '\0')
850 fatal("%s line %d: Missing subsystem name.",
851 filename, linenum);
852 for (i = 0; i < options->num_subsystems; i++)
853 if(strcmp(arg, options->subsystem_name[i]) == 0)
854 fatal("%s line %d: Subsystem '%s' already defined.",
855 filename, linenum, arg);
856 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
857 arg = strdelim(&cp);
858 if (!arg || *arg == '\0')
859 fatal("%s line %d: Missing subsystem command.",
860 filename, linenum);
861 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
862 options->num_subsystems++;
863 break;
864
865 case sMaxStartups:
866 arg = strdelim(&cp);
867 if (!arg || *arg == '\0')
868 fatal("%s line %d: Missing MaxStartups spec.",
869 filename, linenum);
870 if ((n = sscanf(arg, "%d:%d:%d",
871 &options->max_startups_begin,
872 &options->max_startups_rate,
873 &options->max_startups)) == 3) {
874 if (options->max_startups_begin >
875 options->max_startups ||
876 options->max_startups_rate > 100 ||
877 options->max_startups_rate < 1)
878 fatal("%s line %d: Illegal MaxStartups spec.",
879 filename, linenum);
880 } else if (n != 1)
881 fatal("%s line %d: Illegal MaxStartups spec.",
882 filename, linenum);
883 else
884 options->max_startups = options->max_startups_begin;
885 break;
886
887 case sBanner:
888 charptr = &options->banner;
889 goto parse_filename;
890 /*
891 * These options can contain %X options expanded at
892 * connect time, so that you can specify paths like:
893 *
894 * AuthorizedKeysFile /etc/ssh_keys/%u
895 */
896 case sAuthorizedKeysFile:
897 case sAuthorizedKeysFile2:
898 charptr = (opcode == sAuthorizedKeysFile ) ?
899 &options->authorized_keys_file :
900 &options->authorized_keys_file2;
901 goto parse_filename;
902
903 case sClientAliveInterval:
904 intptr = &options->client_alive_interval;
905 goto parse_time;
906
907 case sClientAliveCountMax:
908 intptr = &options->client_alive_count_max;
909 goto parse_int;
910
911 case sDeprecated:
912 log("%s line %d: Deprecated option %s",
913 filename, linenum, arg);
914 while(arg)
915 arg = strdelim(&cp);
916 break;
917
918 default:
919 fatal("%s line %d: Missing handler for opcode %s (%d)",
920 filename, linenum, arg, opcode);
921 }
922 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
923 fatal("%s line %d: garbage at end of line; \"%.200s\".",
924 filename, linenum, arg);
925 }
926 fclose(f);
927 if (bad_options > 0)
928 fatal("%s: terminating, %d bad configuration options",
929 filename, bad_options);
930}
git-cvsimport mirror of GSI OpenSSH
This page took 0.46231 seconds and 5 git commands to generate.