]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) next-posix.h changed to bsd-nextstep.h
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
d464095c 13RCSID("$OpenBSD: servconf.c,v 1.63 2001/01/22 23:06:39 markus Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31
48e671d5 32/* add listen address */
33void add_listen_addr(ServerOptions *options, char *addr);
34
42f11eb2 35/* AF_UNSPEC or AF_INET or AF_INET6 */
36extern int IPv4or6;
37
8efc0c15 38/* Initializes the server options to their default values. */
39
6ae2364d 40void
5260325f 41initialize_server_options(ServerOptions *options)
8efc0c15 42{
5260325f 43 memset(options, 0, sizeof(*options));
48e671d5 44 options->num_ports = 0;
45 options->ports_from_cmdline = 0;
46 options->listen_addrs = NULL;
fa08c86b 47 options->num_host_key_files = 0;
0fbe8c74 48 options->pid_file = NULL;
5260325f 49 options->server_key_bits = -1;
50 options->login_grace_time = -1;
51 options->key_regeneration_time = -1;
52 options->permit_root_login = -1;
53 options->ignore_rhosts = -1;
54 options->ignore_user_known_hosts = -1;
55 options->print_motd = -1;
56 options->check_mail = -1;
57 options->x11_forwarding = -1;
58 options->x11_display_offset = -1;
fa649821 59 options->xauth_location = NULL;
5260325f 60 options->strict_modes = -1;
61 options->keepalives = -1;
62 options->log_facility = (SyslogFacility) - 1;
63 options->log_level = (LogLevel) - 1;
64 options->rhosts_authentication = -1;
65 options->rhosts_rsa_authentication = -1;
66 options->rsa_authentication = -1;
fa08c86b 67 options->pubkey_authentication = -1;
8efc0c15 68#ifdef KRB4
5260325f 69 options->kerberos_authentication = -1;
70 options->kerberos_or_local_passwd = -1;
71 options->kerberos_ticket_cleanup = -1;
8efc0c15 72#endif
73#ifdef AFS
5260325f 74 options->kerberos_tgt_passing = -1;
75 options->afs_token_passing = -1;
8efc0c15 76#endif
5260325f 77 options->password_authentication = -1;
94ec8c6b 78 options->kbd_interactive_authentication = -1;
d464095c 79 options->challenge_reponse_authentication = -1;
5260325f 80 options->permit_empty_passwd = -1;
81 options->use_login = -1;
33de75a3 82 options->allow_tcp_forwarding = -1;
5260325f 83 options->num_allow_users = 0;
84 options->num_deny_users = 0;
85 options->num_allow_groups = 0;
86 options->num_deny_groups = 0;
a8be9f80 87 options->ciphers = NULL;
88 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 89 options->gateway_ports = -1;
38c295d6 90 options->num_subsystems = 0;
c345cf9d 91 options->max_startups_begin = -1;
92 options->max_startups_rate = -1;
089fbbd2 93 options->max_startups = -1;
eea39c02 94 options->banner = NULL;
8efc0c15 95}
96
6ae2364d 97void
5260325f 98fill_default_server_options(ServerOptions *options)
8efc0c15 99{
fa08c86b 100 if (options->protocol == SSH_PROTO_UNKNOWN)
101 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
102 if (options->num_host_key_files == 0) {
103 /* fill default hostkeys for protocols */
104 if (options->protocol & SSH_PROTO_1)
42f11eb2 105 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 106 if (options->protocol & SSH_PROTO_2)
42f11eb2 107 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 108 }
48e671d5 109 if (options->num_ports == 0)
110 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
111 if (options->listen_addrs == NULL)
112 add_listen_addr(options, NULL);
0fbe8c74 113 if (options->pid_file == NULL)
42f11eb2 114 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 115 if (options->server_key_bits == -1)
116 options->server_key_bits = 768;
117 if (options->login_grace_time == -1)
118 options->login_grace_time = 600;
119 if (options->key_regeneration_time == -1)
120 options->key_regeneration_time = 3600;
121 if (options->permit_root_login == -1)
122 options->permit_root_login = 1; /* yes */
123 if (options->ignore_rhosts == -1)
c8d54615 124 options->ignore_rhosts = 1;
5260325f 125 if (options->ignore_user_known_hosts == -1)
126 options->ignore_user_known_hosts = 0;
127 if (options->check_mail == -1)
128 options->check_mail = 0;
129 if (options->print_motd == -1)
130 options->print_motd = 1;
131 if (options->x11_forwarding == -1)
c8d54615 132 options->x11_forwarding = 0;
5260325f 133 if (options->x11_display_offset == -1)
c8d54615 134 options->x11_display_offset = 10;
fa649821 135#ifdef XAUTH_PATH
136 if (options->xauth_location == NULL)
137 options->xauth_location = XAUTH_PATH;
138#endif /* XAUTH_PATH */
5260325f 139 if (options->strict_modes == -1)
140 options->strict_modes = 1;
141 if (options->keepalives == -1)
142 options->keepalives = 1;
143 if (options->log_facility == (SyslogFacility) (-1))
144 options->log_facility = SYSLOG_FACILITY_AUTH;
145 if (options->log_level == (LogLevel) (-1))
59c97189 146 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 147 if (options->rhosts_authentication == -1)
148 options->rhosts_authentication = 0;
149 if (options->rhosts_rsa_authentication == -1)
c8d54615 150 options->rhosts_rsa_authentication = 0;
5260325f 151 if (options->rsa_authentication == -1)
152 options->rsa_authentication = 1;
fa08c86b 153 if (options->pubkey_authentication == -1)
154 options->pubkey_authentication = 1;
8efc0c15 155#ifdef KRB4
5260325f 156 if (options->kerberos_authentication == -1)
157 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
158 if (options->kerberos_or_local_passwd == -1)
159 options->kerberos_or_local_passwd = 1;
160 if (options->kerberos_ticket_cleanup == -1)
161 options->kerberos_ticket_cleanup = 1;
8efc0c15 162#endif /* KRB4 */
163#ifdef AFS
5260325f 164 if (options->kerberos_tgt_passing == -1)
165 options->kerberos_tgt_passing = 0;
166 if (options->afs_token_passing == -1)
167 options->afs_token_passing = k_hasafs();
8efc0c15 168#endif /* AFS */
5260325f 169 if (options->password_authentication == -1)
170 options->password_authentication = 1;
94ec8c6b 171 if (options->kbd_interactive_authentication == -1)
172 options->kbd_interactive_authentication = 0;
d464095c 173 if (options->challenge_reponse_authentication == -1)
174 options->challenge_reponse_authentication = 1;
5260325f 175 if (options->permit_empty_passwd == -1)
c8d54615 176 options->permit_empty_passwd = 0;
5260325f 177 if (options->use_login == -1)
178 options->use_login = 0;
33de75a3 179 if (options->allow_tcp_forwarding == -1)
180 options->allow_tcp_forwarding = 1;
1d1ffb87 181 if (options->gateway_ports == -1)
182 options->gateway_ports = 0;
089fbbd2 183 if (options->max_startups == -1)
184 options->max_startups = 10;
c345cf9d 185 if (options->max_startups_rate == -1)
186 options->max_startups_rate = 100; /* 100% */
187 if (options->max_startups_begin == -1)
188 options->max_startups_begin = options->max_startups;
8efc0c15 189}
190
8efc0c15 191/* Keyword tokens. */
5260325f 192typedef enum {
193 sBadOption, /* == unknown option */
194 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
195 sPermitRootLogin, sLogFacility, sLogLevel,
196 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 197#ifdef KRB4
5260325f 198 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 199#endif
200#ifdef AFS
5260325f 201 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 202#endif
d464095c 203 sChallengeResponseAuthentication,
94ec8c6b 204 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 205 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
206 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 207 sUseLogin, sAllowTcpForwarding,
208 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
fa08c86b 209 sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
210 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
eea39c02 211 sBanner
8efc0c15 212} ServerOpCodes;
213
214/* Textual representation of the tokens. */
5260325f 215static struct {
216 const char *name;
217 ServerOpCodes opcode;
218} keywords[] = {
219 { "port", sPort },
220 { "hostkey", sHostKeyFile },
fa08c86b 221 { "hostdsakey", sHostKeyFile }, /* alias */
0fbe8c74 222 { "pidfile", sPidFile },
5260325f 223 { "serverkeybits", sServerKeyBits },
224 { "logingracetime", sLoginGraceTime },
225 { "keyregenerationinterval", sKeyRegenerationTime },
226 { "permitrootlogin", sPermitRootLogin },
227 { "syslogfacility", sLogFacility },
228 { "loglevel", sLogLevel },
229 { "rhostsauthentication", sRhostsAuthentication },
230 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
231 { "rsaauthentication", sRSAAuthentication },
fa08c86b 232 { "pubkeyauthentication", sPubkeyAuthentication },
233 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 234#ifdef KRB4
5260325f 235 { "kerberosauthentication", sKerberosAuthentication },
236 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
237 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 238#endif
239#ifdef AFS
5260325f 240 { "kerberostgtpassing", sKerberosTgtPassing },
241 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 242#endif
5260325f 243 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 244 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 245 { "challengeresponseauthentication", sChallengeResponseAuthentication },
246 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 247 { "checkmail", sCheckMail },
248 { "listenaddress", sListenAddress },
249 { "printmotd", sPrintMotd },
250 { "ignorerhosts", sIgnoreRhosts },
251 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
252 { "x11forwarding", sX11Forwarding },
253 { "x11displayoffset", sX11DisplayOffset },
fa649821 254 { "xauthlocation", sXAuthLocation },
5260325f 255 { "strictmodes", sStrictModes },
256 { "permitemptypasswords", sEmptyPasswd },
257 { "uselogin", sUseLogin },
258 { "randomseed", sRandomSeedFile },
259 { "keepalive", sKeepAlives },
33de75a3 260 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 261 { "allowusers", sAllowUsers },
262 { "denyusers", sDenyUsers },
263 { "allowgroups", sAllowGroups },
264 { "denygroups", sDenyGroups },
a8be9f80 265 { "ciphers", sCiphers },
266 { "protocol", sProtocol },
1d1ffb87 267 { "gatewayports", sGatewayPorts },
38c295d6 268 { "subsystem", sSubsystem },
089fbbd2 269 { "maxstartups", sMaxStartups },
eea39c02 270 { "banner", sBanner },
5260325f 271 { NULL, 0 }
8efc0c15 272};
273
aa3378df 274/*
275 * Returns the number of the token pointed to by cp of length len. Never
276 * returns if the token is not known.
277 */
8efc0c15 278
6ae2364d 279static ServerOpCodes
5260325f 280parse_token(const char *cp, const char *filename,
281 int linenum)
8efc0c15 282{
1e3b8b07 283 u_int i;
8efc0c15 284
5260325f 285 for (i = 0; keywords[i].name; i++)
aa3378df 286 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 287 return keywords[i].opcode;
8efc0c15 288
5260325f 289 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
290 filename, linenum, cp);
291 return sBadOption;
8efc0c15 292}
293
48e671d5 294/*
295 * add listen address
296 */
6ae2364d 297void
48e671d5 298add_listen_addr(ServerOptions *options, char *addr)
299{
48e671d5 300 struct addrinfo hints, *ai, *aitop;
301 char strport[NI_MAXSERV];
302 int gaierr;
303 int i;
304
305 if (options->num_ports == 0)
306 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
307 for (i = 0; i < options->num_ports; i++) {
308 memset(&hints, 0, sizeof(hints));
309 hints.ai_family = IPv4or6;
310 hints.ai_socktype = SOCK_STREAM;
311 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
312 snprintf(strport, sizeof strport, "%d", options->ports[i]);
313 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
314 fatal("bad addr or host: %s (%s)\n",
315 addr ? addr : "<NULL>",
316 gai_strerror(gaierr));
317 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
318 ;
319 ai->ai_next = options->listen_addrs;
320 options->listen_addrs = aitop;
321 }
322}
323
8efc0c15 324/* Reads the server configuration file. */
325
6ae2364d 326void
5260325f 327read_server_config(ServerOptions *options, const char *filename)
8efc0c15 328{
5260325f 329 FILE *f;
330 char line[1024];
089fbbd2 331 char *cp, **charptr, *arg;
5260325f 332 int linenum, *intptr, value;
333 int bad_options = 0;
334 ServerOpCodes opcode;
38c295d6 335 int i;
5260325f 336
337 f = fopen(filename, "r");
338 if (!f) {
339 perror(filename);
8efc0c15 340 exit(1);
5260325f 341 }
342 linenum = 0;
343 while (fgets(line, sizeof(line), f)) {
344 linenum++;
704b1659 345 cp = line;
346 arg = strdelim(&cp);
347 /* Ignore leading whitespace */
348 if (*arg == '\0')
349 arg = strdelim(&cp);
42f11eb2 350 if (!arg || !*arg || *arg == '#')
5260325f 351 continue;
fa08c86b 352 intptr = NULL;
353 charptr = NULL;
089fbbd2 354 opcode = parse_token(arg, filename, linenum);
5260325f 355 switch (opcode) {
356 case sBadOption:
357 bad_options++;
358 continue;
359 case sPort:
48e671d5 360 /* ignore ports from configfile if cmdline specifies ports */
361 if (options->ports_from_cmdline)
362 continue;
363 if (options->listen_addrs != NULL)
364 fatal("%s line %d: ports must be specified before "
365 "ListenAdress.\n", filename, linenum);
366 if (options->num_ports >= MAX_PORTS)
367 fatal("%s line %d: too many ports.\n",
6ae2364d 368 filename, linenum);
704b1659 369 arg = strdelim(&cp);
089fbbd2 370 if (!arg || *arg == '\0')
48e671d5 371 fatal("%s line %d: missing port number.\n",
372 filename, linenum);
089fbbd2 373 options->ports[options->num_ports++] = atoi(arg);
48e671d5 374 break;
375
376 case sServerKeyBits:
377 intptr = &options->server_key_bits;
5260325f 378parse_int:
704b1659 379 arg = strdelim(&cp);
089fbbd2 380 if (!arg || *arg == '\0') {
5260325f 381 fprintf(stderr, "%s line %d: missing integer value.\n",
382 filename, linenum);
383 exit(1);
384 }
089fbbd2 385 value = atoi(arg);
5260325f 386 if (*intptr == -1)
387 *intptr = value;
388 break;
389
5260325f 390 case sLoginGraceTime:
391 intptr = &options->login_grace_time;
392 goto parse_int;
393
394 case sKeyRegenerationTime:
395 intptr = &options->key_regeneration_time;
396 goto parse_int;
397
398 case sListenAddress:
704b1659 399 arg = strdelim(&cp);
089fbbd2 400 if (!arg || *arg == '\0')
48e671d5 401 fatal("%s line %d: missing inet addr.\n",
402 filename, linenum);
089fbbd2 403 add_listen_addr(options, arg);
5260325f 404 break;
405
406 case sHostKeyFile:
fa08c86b 407 intptr = &options->num_host_key_files;
408 if (*intptr >= MAX_HOSTKEYS) {
409 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
410 filename, linenum, MAX_HOSTKEYS);
411 exit(1);
412 }
413 charptr = &options->host_key_files[*intptr];
fa649821 414parse_filename:
704b1659 415 arg = strdelim(&cp);
089fbbd2 416 if (!arg || *arg == '\0') {
5260325f 417 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 418 filename, linenum);
419 exit(1);
420 }
fa08c86b 421 if (*charptr == NULL) {
089fbbd2 422 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 423 /* increase optional counter */
424 if (intptr != NULL)
425 *intptr = *intptr + 1;
426 }
0fbe8c74 427 break;
428
429 case sPidFile:
430 charptr = &options->pid_file;
fa649821 431 goto parse_filename;
5260325f 432
433 case sRandomSeedFile:
434 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
435 filename, linenum);
704b1659 436 arg = strdelim(&cp);
5260325f 437 break;
438
439 case sPermitRootLogin:
440 intptr = &options->permit_root_login;
704b1659 441 arg = strdelim(&cp);
089fbbd2 442 if (!arg || *arg == '\0') {
5260325f 443 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
444 filename, linenum);
445 exit(1);
446 }
089fbbd2 447 if (strcmp(arg, "without-password") == 0)
5260325f 448 value = 2;
089fbbd2 449 else if (strcmp(arg, "yes") == 0)
5260325f 450 value = 1;
089fbbd2 451 else if (strcmp(arg, "no") == 0)
5260325f 452 value = 0;
453 else {
454 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 455 filename, linenum, arg);
5260325f 456 exit(1);
457 }
458 if (*intptr == -1)
459 *intptr = value;
460 break;
461
462 case sIgnoreRhosts:
463 intptr = &options->ignore_rhosts;
464parse_flag:
704b1659 465 arg = strdelim(&cp);
089fbbd2 466 if (!arg || *arg == '\0') {
5260325f 467 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
468 filename, linenum);
469 exit(1);
470 }
089fbbd2 471 if (strcmp(arg, "yes") == 0)
5260325f 472 value = 1;
089fbbd2 473 else if (strcmp(arg, "no") == 0)
5260325f 474 value = 0;
475 else {
476 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 477 filename, linenum, arg);
5260325f 478 exit(1);
479 }
480 if (*intptr == -1)
481 *intptr = value;
482 break;
483
484 case sIgnoreUserKnownHosts:
485 intptr = &options->ignore_user_known_hosts;
c8d54615 486 goto parse_flag;
5260325f 487
488 case sRhostsAuthentication:
489 intptr = &options->rhosts_authentication;
490 goto parse_flag;
491
492 case sRhostsRSAAuthentication:
493 intptr = &options->rhosts_rsa_authentication;
494 goto parse_flag;
495
496 case sRSAAuthentication:
497 intptr = &options->rsa_authentication;
498 goto parse_flag;
499
fa08c86b 500 case sPubkeyAuthentication:
501 intptr = &options->pubkey_authentication;
1d1ffb87 502 goto parse_flag;
503
8efc0c15 504#ifdef KRB4
5260325f 505 case sKerberosAuthentication:
506 intptr = &options->kerberos_authentication;
507 goto parse_flag;
508
509 case sKerberosOrLocalPasswd:
510 intptr = &options->kerberos_or_local_passwd;
511 goto parse_flag;
512
513 case sKerberosTicketCleanup:
514 intptr = &options->kerberos_ticket_cleanup;
515 goto parse_flag;
8efc0c15 516#endif
5260325f 517
8efc0c15 518#ifdef AFS
5260325f 519 case sKerberosTgtPassing:
520 intptr = &options->kerberos_tgt_passing;
521 goto parse_flag;
8efc0c15 522
5260325f 523 case sAFSTokenPassing:
524 intptr = &options->afs_token_passing;
525 goto parse_flag;
8efc0c15 526#endif
527
5260325f 528 case sPasswordAuthentication:
529 intptr = &options->password_authentication;
530 goto parse_flag;
8efc0c15 531
94ec8c6b 532 case sKbdInteractiveAuthentication:
533 intptr = &options->kbd_interactive_authentication;
534 goto parse_flag;
535
5260325f 536 case sCheckMail:
537 intptr = &options->check_mail;
538 goto parse_flag;
8efc0c15 539
d464095c 540 case sChallengeResponseAuthentication:
541 intptr = &options->challenge_reponse_authentication;
5260325f 542 goto parse_flag;
8efc0c15 543
5260325f 544 case sPrintMotd:
545 intptr = &options->print_motd;
546 goto parse_flag;
547
548 case sX11Forwarding:
549 intptr = &options->x11_forwarding;
550 goto parse_flag;
551
552 case sX11DisplayOffset:
553 intptr = &options->x11_display_offset;
554 goto parse_int;
555
fa649821 556 case sXAuthLocation:
557 charptr = &options->xauth_location;
558 goto parse_filename;
559
5260325f 560 case sStrictModes:
561 intptr = &options->strict_modes;
562 goto parse_flag;
563
564 case sKeepAlives:
565 intptr = &options->keepalives;
566 goto parse_flag;
567
568 case sEmptyPasswd:
569 intptr = &options->permit_empty_passwd;
570 goto parse_flag;
571
572 case sUseLogin:
573 intptr = &options->use_login;
574 goto parse_flag;
575
1d1ffb87 576 case sGatewayPorts:
577 intptr = &options->gateway_ports;
578 goto parse_flag;
579
5260325f 580 case sLogFacility:
581 intptr = (int *) &options->log_facility;
704b1659 582 arg = strdelim(&cp);
089fbbd2 583 value = log_facility_number(arg);
5260325f 584 if (value == (SyslogFacility) - 1)
585 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 586 filename, linenum, arg ? arg : "<NONE>");
5260325f 587 if (*intptr == -1)
588 *intptr = (SyslogFacility) value;
589 break;
590
591 case sLogLevel:
592 intptr = (int *) &options->log_level;
704b1659 593 arg = strdelim(&cp);
089fbbd2 594 value = log_level_number(arg);
5260325f 595 if (value == (LogLevel) - 1)
596 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 597 filename, linenum, arg ? arg : "<NONE>");
5260325f 598 if (*intptr == -1)
599 *intptr = (LogLevel) value;
600 break;
601
33de75a3 602 case sAllowTcpForwarding:
603 intptr = &options->allow_tcp_forwarding;
604 goto parse_flag;
605
5260325f 606 case sAllowUsers:
704b1659 607 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 608 if (options->num_allow_users >= MAX_ALLOW_USERS)
609 fatal("%s line %d: too many allow users.\n",
610 filename, linenum);
089fbbd2 611 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 612 }
613 break;
614
615 case sDenyUsers:
704b1659 616 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 617 if (options->num_deny_users >= MAX_DENY_USERS)
618 fatal( "%s line %d: too many deny users.\n",
619 filename, linenum);
089fbbd2 620 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 621 }
622 break;
623
624 case sAllowGroups:
704b1659 625 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 626 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
627 fatal("%s line %d: too many allow groups.\n",
628 filename, linenum);
089fbbd2 629 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 630 }
631 break;
632
633 case sDenyGroups:
704b1659 634 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 635 if (options->num_deny_groups >= MAX_DENY_GROUPS)
636 fatal("%s line %d: too many deny groups.\n",
637 filename, linenum);
089fbbd2 638 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 639 }
640 break;
641
a8be9f80 642 case sCiphers:
704b1659 643 arg = strdelim(&cp);
089fbbd2 644 if (!arg || *arg == '\0')
71276795 645 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 646 if (!ciphers_valid(arg))
d0c832f3 647 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 648 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 649 if (options->ciphers == NULL)
089fbbd2 650 options->ciphers = xstrdup(arg);
a8be9f80 651 break;
652
653 case sProtocol:
654 intptr = &options->protocol;
704b1659 655 arg = strdelim(&cp);
089fbbd2 656 if (!arg || *arg == '\0')
71276795 657 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 658 value = proto_spec(arg);
a8be9f80 659 if (value == SSH_PROTO_UNKNOWN)
660 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 661 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 662 if (*intptr == SSH_PROTO_UNKNOWN)
663 *intptr = value;
664 break;
665
38c295d6 666 case sSubsystem:
667 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
668 fatal("%s line %d: too many subsystems defined.",
669 filename, linenum);
670 }
704b1659 671 arg = strdelim(&cp);
089fbbd2 672 if (!arg || *arg == '\0')
38c295d6 673 fatal("%s line %d: Missing subsystem name.",
674 filename, linenum);
675 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 676 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 677 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 678 filename, linenum, arg);
679 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 680 arg = strdelim(&cp);
089fbbd2 681 if (!arg || *arg == '\0')
38c295d6 682 fatal("%s line %d: Missing subsystem command.",
683 filename, linenum);
089fbbd2 684 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 685 options->num_subsystems++;
686 break;
687
089fbbd2 688 case sMaxStartups:
c345cf9d 689 arg = strdelim(&cp);
690 if (!arg || *arg == '\0')
691 fatal("%s line %d: Missing MaxStartups spec.",
692 filename, linenum);
693 if (sscanf(arg, "%d:%d:%d",
694 &options->max_startups_begin,
695 &options->max_startups_rate,
696 &options->max_startups) == 3) {
697 if (options->max_startups_begin >
698 options->max_startups ||
699 options->max_startups_rate > 100 ||
700 options->max_startups_rate < 1)
701 fatal("%s line %d: Illegal MaxStartups spec.",
702 filename, linenum);
703 break;
704 }
089fbbd2 705 intptr = &options->max_startups;
706 goto parse_int;
707
eea39c02 708 case sBanner:
709 charptr = &options->banner;
710 goto parse_filename;
711
5260325f 712 default:
713 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 714 filename, linenum, arg, opcode);
5260325f 715 exit(1);
8efc0c15 716 }
704b1659 717 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 718 fprintf(stderr,
719 "%s line %d: garbage at end of line; \"%.200s\".\n",
720 filename, linenum, arg);
5260325f 721 exit(1);
8efc0c15 722 }
8efc0c15 723 }
5260325f 724 fclose(f);
725 if (bad_options > 0) {
726 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
727 filename, bad_options);
728 exit(1);
8efc0c15 729 }
8efc0c15 730}
git-cvsimport mirror of OpenSSH
This page took 0.245787 seconds and 5 git commands to generate.