]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/06/26 17:27:25
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
ced49be2 13RCSID("$OpenBSD: servconf.c,v 1.85 2001/06/26 16:15:24 dugsong Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
8efc0c15 18
19#include "ssh.h"
42f11eb2 20#include "log.h"
8efc0c15 21#include "servconf.h"
22#include "xmalloc.h"
a8be9f80 23#include "compat.h"
42f11eb2 24#include "pathnames.h"
25#include "tildexpand.h"
26#include "misc.h"
27#include "cipher.h"
b2552997 28#include "kex.h"
29#include "mac.h"
42f11eb2 30
396c147e 31static void add_listen_addr(ServerOptions *, char *, u_short);
32static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 33
42f11eb2 34/* AF_UNSPEC or AF_INET or AF_INET6 */
35extern int IPv4or6;
36
8efc0c15 37/* Initializes the server options to their default values. */
38
6ae2364d 39void
5260325f 40initialize_server_options(ServerOptions *options)
8efc0c15 41{
5260325f 42 memset(options, 0, sizeof(*options));
48e671d5 43 options->num_ports = 0;
44 options->ports_from_cmdline = 0;
45 options->listen_addrs = NULL;
fa08c86b 46 options->num_host_key_files = 0;
0fbe8c74 47 options->pid_file = NULL;
5260325f 48 options->server_key_bits = -1;
49 options->login_grace_time = -1;
50 options->key_regeneration_time = -1;
15853e93 51 options->permit_root_login = PERMIT_NOT_SET;
5260325f 52 options->ignore_rhosts = -1;
53 options->ignore_user_known_hosts = -1;
54 options->print_motd = -1;
4f4648f9 55 options->print_lastlog = -1;
5260325f 56 options->check_mail = -1;
57 options->x11_forwarding = -1;
58 options->x11_display_offset = -1;
fa649821 59 options->xauth_location = NULL;
5260325f 60 options->strict_modes = -1;
61 options->keepalives = -1;
62 options->log_facility = (SyslogFacility) - 1;
63 options->log_level = (LogLevel) - 1;
64 options->rhosts_authentication = -1;
65 options->rhosts_rsa_authentication = -1;
8002af61 66 options->hostbased_authentication = -1;
67 options->hostbased_uses_name_from_packet_only = -1;
5260325f 68 options->rsa_authentication = -1;
fa08c86b 69 options->pubkey_authentication = -1;
ced49be2 70#if defined(KRB4) || defined(KRB5)
5260325f 71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
8efc0c15 74#endif
ced49be2 75#if defined(AFS) || defined(KRB5)
5260325f 76 options->kerberos_tgt_passing = -1;
ced49be2 77#endif
78#ifdef AFS
5260325f 79 options->afs_token_passing = -1;
8efc0c15 80#endif
5260325f 81 options->password_authentication = -1;
94ec8c6b 82 options->kbd_interactive_authentication = -1;
5ba55ada 83 options->challenge_response_authentication = -1;
5260325f 84 options->permit_empty_passwd = -1;
85 options->use_login = -1;
33de75a3 86 options->allow_tcp_forwarding = -1;
5260325f 87 options->num_allow_users = 0;
88 options->num_deny_users = 0;
89 options->num_allow_groups = 0;
90 options->num_deny_groups = 0;
a8be9f80 91 options->ciphers = NULL;
b2552997 92 options->macs = NULL;
a8be9f80 93 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 94 options->gateway_ports = -1;
38c295d6 95 options->num_subsystems = 0;
c345cf9d 96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
089fbbd2 98 options->max_startups = -1;
eea39c02 99 options->banner = NULL;
61e96248 100 options->reverse_mapping_check = -1;
3ffc6336 101 options->client_alive_interval = -1;
102 options->client_alive_count_max = -1;
c8445989 103 options->authorized_keys_file = NULL;
104 options->authorized_keys_file2 = NULL;
10f72868 105 options->pam_authentication_via_kbd_int = -1;
8efc0c15 106}
107
6ae2364d 108void
5260325f 109fill_default_server_options(ServerOptions *options)
8efc0c15 110{
fa08c86b 111 if (options->protocol == SSH_PROTO_UNKNOWN)
112 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
113 if (options->num_host_key_files == 0) {
114 /* fill default hostkeys for protocols */
115 if (options->protocol & SSH_PROTO_1)
42f11eb2 116 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 117 if (options->protocol & SSH_PROTO_2)
42f11eb2 118 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 119 }
48e671d5 120 if (options->num_ports == 0)
121 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
122 if (options->listen_addrs == NULL)
2d2a2c65 123 add_listen_addr(options, NULL, 0);
0fbe8c74 124 if (options->pid_file == NULL)
42f11eb2 125 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 126 if (options->server_key_bits == -1)
127 options->server_key_bits = 768;
128 if (options->login_grace_time == -1)
129 options->login_grace_time = 600;
130 if (options->key_regeneration_time == -1)
131 options->key_regeneration_time = 3600;
15853e93 132 if (options->permit_root_login == PERMIT_NOT_SET)
133 options->permit_root_login = PERMIT_YES;
5260325f 134 if (options->ignore_rhosts == -1)
c8d54615 135 options->ignore_rhosts = 1;
5260325f 136 if (options->ignore_user_known_hosts == -1)
137 options->ignore_user_known_hosts = 0;
138 if (options->check_mail == -1)
139 options->check_mail = 0;
140 if (options->print_motd == -1)
141 options->print_motd = 1;
4f4648f9 142 if (options->print_lastlog == -1)
143 options->print_lastlog = 1;
5260325f 144 if (options->x11_forwarding == -1)
c8d54615 145 options->x11_forwarding = 0;
5260325f 146 if (options->x11_display_offset == -1)
c8d54615 147 options->x11_display_offset = 10;
fd9ede94 148#ifdef _PATH_XAUTH
fa649821 149 if (options->xauth_location == NULL)
fd9ede94 150 options->xauth_location = _PATH_XAUTH;
151#endif
5260325f 152 if (options->strict_modes == -1)
153 options->strict_modes = 1;
154 if (options->keepalives == -1)
155 options->keepalives = 1;
156 if (options->log_facility == (SyslogFacility) (-1))
157 options->log_facility = SYSLOG_FACILITY_AUTH;
158 if (options->log_level == (LogLevel) (-1))
59c97189 159 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 160 if (options->rhosts_authentication == -1)
161 options->rhosts_authentication = 0;
162 if (options->rhosts_rsa_authentication == -1)
c8d54615 163 options->rhosts_rsa_authentication = 0;
8002af61 164 if (options->hostbased_authentication == -1)
165 options->hostbased_authentication = 0;
166 if (options->hostbased_uses_name_from_packet_only == -1)
167 options->hostbased_uses_name_from_packet_only = 0;
5260325f 168 if (options->rsa_authentication == -1)
169 options->rsa_authentication = 1;
fa08c86b 170 if (options->pubkey_authentication == -1)
171 options->pubkey_authentication = 1;
ced49be2 172#if defined(KRB4) || defined(KRB5)
5260325f 173 if (options->kerberos_authentication == -1)
174 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
175 if (options->kerberos_or_local_passwd == -1)
176 options->kerberos_or_local_passwd = 1;
177 if (options->kerberos_ticket_cleanup == -1)
178 options->kerberos_ticket_cleanup = 1;
ced49be2 179#endif
180#if defined(AFS) || defined(KRB5)
5260325f 181 if (options->kerberos_tgt_passing == -1)
182 options->kerberos_tgt_passing = 0;
ced49be2 183#endif
184#ifdef AFS
5260325f 185 if (options->afs_token_passing == -1)
186 options->afs_token_passing = k_hasafs();
ced49be2 187#endif
5260325f 188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
94ec8c6b 190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
5ba55ada 192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
5260325f 194 if (options->permit_empty_passwd == -1)
c8d54615 195 options->permit_empty_passwd = 0;
5260325f 196 if (options->use_login == -1)
197 options->use_login = 0;
33de75a3 198 if (options->allow_tcp_forwarding == -1)
199 options->allow_tcp_forwarding = 1;
1d1ffb87 200 if (options->gateway_ports == -1)
201 options->gateway_ports = 0;
089fbbd2 202 if (options->max_startups == -1)
203 options->max_startups = 10;
c345cf9d 204 if (options->max_startups_rate == -1)
205 options->max_startups_rate = 100; /* 100% */
206 if (options->max_startups_begin == -1)
207 options->max_startups_begin = options->max_startups;
61e96248 208 if (options->reverse_mapping_check == -1)
209 options->reverse_mapping_check = 0;
3ffc6336 210 if (options->client_alive_interval == -1)
211 options->client_alive_interval = 0;
212 if (options->client_alive_count_max == -1)
213 options->client_alive_count_max = 3;
c8445989 214 if (options->authorized_keys_file == NULL)
215 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
216 if (options->authorized_keys_file2 == NULL)
217 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
10f72868 218 if (options->pam_authentication_via_kbd_int == -1)
219 options->pam_authentication_via_kbd_int = 0;
8efc0c15 220}
221
8efc0c15 222/* Keyword tokens. */
5260325f 223typedef enum {
224 sBadOption, /* == unknown option */
225 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
226 sPermitRootLogin, sLogFacility, sLogLevel,
227 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 228#if defined(KRB4) || defined(KRB5)
5260325f 229 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 230#endif
ced49be2 231#if defined(AFS) || defined(KRB5)
232 sKerberosTgtPassing,
233#endif
8efc0c15 234#ifdef AFS
ced49be2 235 sAFSTokenPassing,
8efc0c15 236#endif
d464095c 237 sChallengeResponseAuthentication,
94ec8c6b 238 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 239 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
240 sX11Forwarding, sX11DisplayOffset,
9c81df4c 241 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 242 sUseLogin, sAllowTcpForwarding,
243 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 244 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 245 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 246 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 247 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 248 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
249 sPAMAuthenticationViaKbdInt
8efc0c15 250} ServerOpCodes;
251
252/* Textual representation of the tokens. */
5260325f 253static struct {
254 const char *name;
255 ServerOpCodes opcode;
256} keywords[] = {
257 { "port", sPort },
258 { "hostkey", sHostKeyFile },
fa08c86b 259 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 260 { "pidfile", sPidFile },
5260325f 261 { "serverkeybits", sServerKeyBits },
262 { "logingracetime", sLoginGraceTime },
263 { "keyregenerationinterval", sKeyRegenerationTime },
264 { "permitrootlogin", sPermitRootLogin },
265 { "syslogfacility", sLogFacility },
266 { "loglevel", sLogLevel },
267 { "rhostsauthentication", sRhostsAuthentication },
268 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 269 { "hostbasedauthentication", sHostbasedAuthentication },
270 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 271 { "rsaauthentication", sRSAAuthentication },
fa08c86b 272 { "pubkeyauthentication", sPubkeyAuthentication },
273 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 274#if defined(KRB4) || defined(KRB5)
5260325f 275 { "kerberosauthentication", sKerberosAuthentication },
276 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
277 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 278#endif
ced49be2 279#if defined(AFS) || defined(KRB5)
5260325f 280 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 281#endif
282#ifdef AFS
5260325f 283 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 284#endif
5260325f 285 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 286 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 287 { "challengeresponseauthentication", sChallengeResponseAuthentication },
288 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 289 { "checkmail", sCheckMail },
290 { "listenaddress", sListenAddress },
291 { "printmotd", sPrintMotd },
4f4648f9 292 { "printlastlog", sPrintLastLog },
5260325f 293 { "ignorerhosts", sIgnoreRhosts },
294 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
295 { "x11forwarding", sX11Forwarding },
296 { "x11displayoffset", sX11DisplayOffset },
fa649821 297 { "xauthlocation", sXAuthLocation },
5260325f 298 { "strictmodes", sStrictModes },
299 { "permitemptypasswords", sEmptyPasswd },
300 { "uselogin", sUseLogin },
5260325f 301 { "keepalive", sKeepAlives },
33de75a3 302 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 303 { "allowusers", sAllowUsers },
304 { "denyusers", sDenyUsers },
305 { "allowgroups", sAllowGroups },
306 { "denygroups", sDenyGroups },
a8be9f80 307 { "ciphers", sCiphers },
b2552997 308 { "macs", sMacs },
a8be9f80 309 { "protocol", sProtocol },
1d1ffb87 310 { "gatewayports", sGatewayPorts },
38c295d6 311 { "subsystem", sSubsystem },
089fbbd2 312 { "maxstartups", sMaxStartups },
eea39c02 313 { "banner", sBanner },
61e96248 314 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 315 { "clientaliveinterval", sClientAliveInterval },
316 { "clientalivecountmax", sClientAliveCountMax },
c8445989 317 { "authorizedkeysfile", sAuthorizedKeysFile },
318 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
10f72868 319 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 320 { NULL, 0 }
8efc0c15 321};
322
aa3378df 323/*
6be9a5e8 324 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 325 */
8efc0c15 326
6ae2364d 327static ServerOpCodes
5260325f 328parse_token(const char *cp, const char *filename,
329 int linenum)
8efc0c15 330{
1e3b8b07 331 u_int i;
8efc0c15 332
5260325f 333 for (i = 0; keywords[i].name; i++)
aa3378df 334 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 335 return keywords[i].opcode;
8efc0c15 336
b7c70970 337 error("%s: line %d: Bad configuration option: %s",
338 filename, linenum, cp);
5260325f 339 return sBadOption;
8efc0c15 340}
341
396c147e 342static void
2d2a2c65 343add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 344{
48e671d5 345 int i;
346
347 if (options->num_ports == 0)
348 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 349 if (port == 0)
d11c1288 350 for (i = 0; i < options->num_ports; i++)
351 add_one_listen_addr(options, addr, options->ports[i]);
352 else
2d2a2c65 353 add_one_listen_addr(options, addr, port);
d11c1288 354}
355
396c147e 356static void
d11c1288 357add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
358{
359 struct addrinfo hints, *ai, *aitop;
360 char strport[NI_MAXSERV];
361 int gaierr;
362
363 memset(&hints, 0, sizeof(hints));
364 hints.ai_family = IPv4or6;
365 hints.ai_socktype = SOCK_STREAM;
366 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
367 snprintf(strport, sizeof strport, "%d", port);
368 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
369 fatal("bad addr or host: %s (%s)",
370 addr ? addr : "<NULL>",
371 gai_strerror(gaierr));
372 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
373 ;
374 ai->ai_next = options->listen_addrs;
375 options->listen_addrs = aitop;
48e671d5 376}
377
8efc0c15 378/* Reads the server configuration file. */
379
6ae2364d 380void
5260325f 381read_server_config(ServerOptions *options, const char *filename)
8efc0c15 382{
5260325f 383 FILE *f;
384 char line[1024];
d11c1288 385 char *cp, **charptr, *arg, *p;
5260325f 386 int linenum, *intptr, value;
387 int bad_options = 0;
388 ServerOpCodes opcode;
38c295d6 389 int i;
5260325f 390
391 f = fopen(filename, "r");
392 if (!f) {
393 perror(filename);
8efc0c15 394 exit(1);
5260325f 395 }
396 linenum = 0;
397 while (fgets(line, sizeof(line), f)) {
398 linenum++;
704b1659 399 cp = line;
400 arg = strdelim(&cp);
401 /* Ignore leading whitespace */
402 if (*arg == '\0')
403 arg = strdelim(&cp);
42f11eb2 404 if (!arg || !*arg || *arg == '#')
5260325f 405 continue;
fa08c86b 406 intptr = NULL;
407 charptr = NULL;
089fbbd2 408 opcode = parse_token(arg, filename, linenum);
5260325f 409 switch (opcode) {
410 case sBadOption:
411 bad_options++;
412 continue;
413 case sPort:
48e671d5 414 /* ignore ports from configfile if cmdline specifies ports */
415 if (options->ports_from_cmdline)
416 continue;
417 if (options->listen_addrs != NULL)
418 fatal("%s line %d: ports must be specified before "
c98cab9b 419 "ListenAdress.", filename, linenum);
48e671d5 420 if (options->num_ports >= MAX_PORTS)
54b974dc 421 fatal("%s line %d: too many ports.",
6ae2364d 422 filename, linenum);
704b1659 423 arg = strdelim(&cp);
089fbbd2 424 if (!arg || *arg == '\0')
54b974dc 425 fatal("%s line %d: missing port number.",
48e671d5 426 filename, linenum);
2d2a2c65 427 options->ports[options->num_ports++] = a2port(arg);
428 if (options->ports[options->num_ports-1] == 0)
429 fatal("%s line %d: Badly formatted port number.",
430 filename, linenum);
48e671d5 431 break;
432
433 case sServerKeyBits:
434 intptr = &options->server_key_bits;
5260325f 435parse_int:
704b1659 436 arg = strdelim(&cp);
b7c70970 437 if (!arg || *arg == '\0')
438 fatal("%s line %d: missing integer value.",
439 filename, linenum);
089fbbd2 440 value = atoi(arg);
5260325f 441 if (*intptr == -1)
442 *intptr = value;
443 break;
444
5260325f 445 case sLoginGraceTime:
446 intptr = &options->login_grace_time;
e2b1fb42 447parse_time:
448 arg = strdelim(&cp);
449 if (!arg || *arg == '\0')
450 fatal("%s line %d: missing time value.",
451 filename, linenum);
452 if ((value = convtime(arg)) == -1)
453 fatal("%s line %d: invalid time value.",
454 filename, linenum);
455 if (*intptr == -1)
456 *intptr = value;
457 break;
5260325f 458
459 case sKeyRegenerationTime:
460 intptr = &options->key_regeneration_time;
e2b1fb42 461 goto parse_time;
5260325f 462
463 case sListenAddress:
704b1659 464 arg = strdelim(&cp);
d11c1288 465 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 466 fatal("%s line %d: missing inet addr.",
48e671d5 467 filename, linenum);
d11c1288 468 if (*arg == '[') {
469 if ((p = strchr(arg, ']')) == NULL)
470 fatal("%s line %d: bad ipv6 inet addr usage.",
471 filename, linenum);
472 arg++;
473 memmove(p, p+1, strlen(p+1)+1);
474 } else if (((p = strchr(arg, ':')) == NULL) ||
475 (strchr(p+1, ':') != NULL)) {
2d2a2c65 476 add_listen_addr(options, arg, 0);
d11c1288 477 break;
478 }
479 if (*p == ':') {
2d2a2c65 480 u_short port;
481
d11c1288 482 p++;
483 if (*p == '\0')
484 fatal("%s line %d: bad inet addr:port usage.",
485 filename, linenum);
486 else {
487 *(p-1) = '\0';
2d2a2c65 488 if ((port = a2port(p)) == 0)
489 fatal("%s line %d: bad port number.",
490 filename, linenum);
491 add_listen_addr(options, arg, port);
d11c1288 492 }
493 } else if (*p == '\0')
2d2a2c65 494 add_listen_addr(options, arg, 0);
d11c1288 495 else
496 fatal("%s line %d: bad inet addr usage.",
497 filename, linenum);
5260325f 498 break;
499
500 case sHostKeyFile:
fa08c86b 501 intptr = &options->num_host_key_files;
b7c70970 502 if (*intptr >= MAX_HOSTKEYS)
503 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 504 filename, linenum, MAX_HOSTKEYS);
fa08c86b 505 charptr = &options->host_key_files[*intptr];
fa649821 506parse_filename:
704b1659 507 arg = strdelim(&cp);
b7c70970 508 if (!arg || *arg == '\0')
509 fatal("%s line %d: missing file name.",
0fbe8c74 510 filename, linenum);
fa08c86b 511 if (*charptr == NULL) {
089fbbd2 512 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 513 /* increase optional counter */
514 if (intptr != NULL)
515 *intptr = *intptr + 1;
516 }
0fbe8c74 517 break;
518
519 case sPidFile:
520 charptr = &options->pid_file;
fa649821 521 goto parse_filename;
5260325f 522
5260325f 523 case sPermitRootLogin:
524 intptr = &options->permit_root_login;
704b1659 525 arg = strdelim(&cp);
b7c70970 526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/"
7c8f2a26 528 "without-password/forced-commands-only/no "
b7c70970 529 "argument.", filename, linenum);
530 value = 0; /* silence compiler */
089fbbd2 531 if (strcmp(arg, "without-password") == 0)
15853e93 532 value = PERMIT_NO_PASSWD;
533 else if (strcmp(arg, "forced-commands-only") == 0)
534 value = PERMIT_FORCED_ONLY;
089fbbd2 535 else if (strcmp(arg, "yes") == 0)
15853e93 536 value = PERMIT_YES;
089fbbd2 537 else if (strcmp(arg, "no") == 0)
15853e93 538 value = PERMIT_NO;
b7c70970 539 else
540 fatal("%s line %d: Bad yes/"
15853e93 541 "without-password/forced-commands-only/no "
b7c70970 542 "argument: %s", filename, linenum, arg);
5260325f 543 if (*intptr == -1)
544 *intptr = value;
545 break;
546
547 case sIgnoreRhosts:
548 intptr = &options->ignore_rhosts;
549parse_flag:
704b1659 550 arg = strdelim(&cp);
b7c70970 551 if (!arg || *arg == '\0')
552 fatal("%s line %d: missing yes/no argument.",
553 filename, linenum);
554 value = 0; /* silence compiler */
089fbbd2 555 if (strcmp(arg, "yes") == 0)
5260325f 556 value = 1;
089fbbd2 557 else if (strcmp(arg, "no") == 0)
5260325f 558 value = 0;
b7c70970 559 else
560 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 561 filename, linenum, arg);
5260325f 562 if (*intptr == -1)
563 *intptr = value;
564 break;
565
566 case sIgnoreUserKnownHosts:
567 intptr = &options->ignore_user_known_hosts;
c8d54615 568 goto parse_flag;
5260325f 569
570 case sRhostsAuthentication:
571 intptr = &options->rhosts_authentication;
572 goto parse_flag;
573
574 case sRhostsRSAAuthentication:
575 intptr = &options->rhosts_rsa_authentication;
576 goto parse_flag;
577
8002af61 578 case sHostbasedAuthentication:
579 intptr = &options->hostbased_authentication;
580 goto parse_flag;
581
582 case sHostbasedUsesNameFromPacketOnly:
583 intptr = &options->hostbased_uses_name_from_packet_only;
584 goto parse_flag;
585
5260325f 586 case sRSAAuthentication:
587 intptr = &options->rsa_authentication;
588 goto parse_flag;
589
fa08c86b 590 case sPubkeyAuthentication:
591 intptr = &options->pubkey_authentication;
1d1ffb87 592 goto parse_flag;
ced49be2 593#if defined(KRB4) || defined(KRB5)
5260325f 594 case sKerberosAuthentication:
595 intptr = &options->kerberos_authentication;
596 goto parse_flag;
597
598 case sKerberosOrLocalPasswd:
599 intptr = &options->kerberos_or_local_passwd;
600 goto parse_flag;
601
602 case sKerberosTicketCleanup:
603 intptr = &options->kerberos_ticket_cleanup;
604 goto parse_flag;
8efc0c15 605#endif
ced49be2 606#if defined(AFS) || defined(KRB5)
5260325f 607 case sKerberosTgtPassing:
608 intptr = &options->kerberos_tgt_passing;
609 goto parse_flag;
ced49be2 610#endif
611#ifdef AFS
5260325f 612 case sAFSTokenPassing:
613 intptr = &options->afs_token_passing;
614 goto parse_flag;
8efc0c15 615#endif
616
5260325f 617 case sPasswordAuthentication:
618 intptr = &options->password_authentication;
619 goto parse_flag;
8efc0c15 620
94ec8c6b 621 case sKbdInteractiveAuthentication:
622 intptr = &options->kbd_interactive_authentication;
623 goto parse_flag;
624
5260325f 625 case sCheckMail:
626 intptr = &options->check_mail;
627 goto parse_flag;
8efc0c15 628
d464095c 629 case sChallengeResponseAuthentication:
5ba55ada 630 intptr = &options->challenge_response_authentication;
5260325f 631 goto parse_flag;
8efc0c15 632
5260325f 633 case sPrintMotd:
634 intptr = &options->print_motd;
635 goto parse_flag;
636
4f4648f9 637 case sPrintLastLog:
638 intptr = &options->print_lastlog;
639 goto parse_flag;
640
5260325f 641 case sX11Forwarding:
642 intptr = &options->x11_forwarding;
643 goto parse_flag;
644
645 case sX11DisplayOffset:
646 intptr = &options->x11_display_offset;
647 goto parse_int;
648
fa649821 649 case sXAuthLocation:
650 charptr = &options->xauth_location;
651 goto parse_filename;
2b87da3b 652
5260325f 653 case sStrictModes:
654 intptr = &options->strict_modes;
655 goto parse_flag;
656
657 case sKeepAlives:
658 intptr = &options->keepalives;
659 goto parse_flag;
660
661 case sEmptyPasswd:
662 intptr = &options->permit_empty_passwd;
663 goto parse_flag;
664
665 case sUseLogin:
666 intptr = &options->use_login;
667 goto parse_flag;
668
1d1ffb87 669 case sGatewayPorts:
670 intptr = &options->gateway_ports;
671 goto parse_flag;
672
61e96248 673 case sReverseMappingCheck:
674 intptr = &options->reverse_mapping_check;
675 goto parse_flag;
676
5260325f 677 case sLogFacility:
678 intptr = (int *) &options->log_facility;
704b1659 679 arg = strdelim(&cp);
089fbbd2 680 value = log_facility_number(arg);
5260325f 681 if (value == (SyslogFacility) - 1)
54b974dc 682 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 683 filename, linenum, arg ? arg : "<NONE>");
5260325f 684 if (*intptr == -1)
685 *intptr = (SyslogFacility) value;
686 break;
687
688 case sLogLevel:
689 intptr = (int *) &options->log_level;
704b1659 690 arg = strdelim(&cp);
089fbbd2 691 value = log_level_number(arg);
5260325f 692 if (value == (LogLevel) - 1)
54b974dc 693 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 694 filename, linenum, arg ? arg : "<NONE>");
5260325f 695 if (*intptr == -1)
696 *intptr = (LogLevel) value;
697 break;
698
33de75a3 699 case sAllowTcpForwarding:
700 intptr = &options->allow_tcp_forwarding;
701 goto parse_flag;
702
5260325f 703 case sAllowUsers:
704b1659 704 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 705 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 706 fatal("%s line %d: too many allow users.",
a8be9f80 707 filename, linenum);
089fbbd2 708 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 709 }
710 break;
711
712 case sDenyUsers:
704b1659 713 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 714 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 715 fatal( "%s line %d: too many deny users.",
a8be9f80 716 filename, linenum);
089fbbd2 717 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 718 }
719 break;
720
721 case sAllowGroups:
704b1659 722 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 723 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 724 fatal("%s line %d: too many allow groups.",
a8be9f80 725 filename, linenum);
089fbbd2 726 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 727 }
728 break;
729
730 case sDenyGroups:
704b1659 731 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 732 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 733 fatal("%s line %d: too many deny groups.",
a8be9f80 734 filename, linenum);
089fbbd2 735 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 736 }
737 break;
738
a8be9f80 739 case sCiphers:
704b1659 740 arg = strdelim(&cp);
089fbbd2 741 if (!arg || *arg == '\0')
71276795 742 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 743 if (!ciphers_valid(arg))
d0c832f3 744 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 745 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 746 if (options->ciphers == NULL)
089fbbd2 747 options->ciphers = xstrdup(arg);
a8be9f80 748 break;
749
b2552997 750 case sMacs:
751 arg = strdelim(&cp);
752 if (!arg || *arg == '\0')
753 fatal("%s line %d: Missing argument.", filename, linenum);
754 if (!mac_valid(arg))
755 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
756 filename, linenum, arg ? arg : "<NONE>");
757 if (options->macs == NULL)
758 options->macs = xstrdup(arg);
759 break;
760
a8be9f80 761 case sProtocol:
762 intptr = &options->protocol;
704b1659 763 arg = strdelim(&cp);
089fbbd2 764 if (!arg || *arg == '\0')
71276795 765 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 766 value = proto_spec(arg);
a8be9f80 767 if (value == SSH_PROTO_UNKNOWN)
768 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 769 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 770 if (*intptr == SSH_PROTO_UNKNOWN)
771 *intptr = value;
772 break;
773
38c295d6 774 case sSubsystem:
775 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
776 fatal("%s line %d: too many subsystems defined.",
777 filename, linenum);
778 }
704b1659 779 arg = strdelim(&cp);
089fbbd2 780 if (!arg || *arg == '\0')
38c295d6 781 fatal("%s line %d: Missing subsystem name.",
782 filename, linenum);
783 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 784 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 785 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 786 filename, linenum, arg);
787 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 788 arg = strdelim(&cp);
089fbbd2 789 if (!arg || *arg == '\0')
38c295d6 790 fatal("%s line %d: Missing subsystem command.",
791 filename, linenum);
089fbbd2 792 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 793 options->num_subsystems++;
794 break;
795
089fbbd2 796 case sMaxStartups:
c345cf9d 797 arg = strdelim(&cp);
798 if (!arg || *arg == '\0')
799 fatal("%s line %d: Missing MaxStartups spec.",
800 filename, linenum);
801 if (sscanf(arg, "%d:%d:%d",
802 &options->max_startups_begin,
803 &options->max_startups_rate,
804 &options->max_startups) == 3) {
805 if (options->max_startups_begin >
806 options->max_startups ||
807 options->max_startups_rate > 100 ||
808 options->max_startups_rate < 1)
809 fatal("%s line %d: Illegal MaxStartups spec.",
810 filename, linenum);
811 break;
812 }
089fbbd2 813 intptr = &options->max_startups;
814 goto parse_int;
815
eea39c02 816 case sBanner:
817 charptr = &options->banner;
818 goto parse_filename;
c8445989 819 /*
820 * These options can contain %X options expanded at
821 * connect time, so that you can specify paths like:
822 *
823 * AuthorizedKeysFile /etc/ssh_keys/%u
824 */
825 case sAuthorizedKeysFile:
826 case sAuthorizedKeysFile2:
827 charptr = (opcode == sAuthorizedKeysFile ) ?
828 &options->authorized_keys_file :
829 &options->authorized_keys_file2;
830 goto parse_filename;
e2b1fb42 831
3ffc6336 832 case sClientAliveInterval:
833 intptr = &options->client_alive_interval;
e2b1fb42 834 goto parse_time;
835
3ffc6336 836 case sClientAliveCountMax:
837 intptr = &options->client_alive_count_max;
838 goto parse_int;
e2b1fb42 839
10f72868 840 case sPAMAuthenticationViaKbdInt:
841 intptr = &options->pam_authentication_via_kbd_int;
842 goto parse_flag;
843
5260325f 844 default:
b7c70970 845 fatal("%s line %d: Missing handler for opcode %s (%d)",
846 filename, linenum, arg, opcode);
8efc0c15 847 }
b7c70970 848 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
849 fatal("%s line %d: garbage at end of line; \"%.200s\".",
850 filename, linenum, arg);
8efc0c15 851 }
5260325f 852 fclose(f);
b7c70970 853 if (bad_options > 0)
854 fatal("%s: terminating, %d bad configuration options",
855 filename, bad_options);
8efc0c15 856}
git-cvsimport mirror of OpenSSH
This page took 0.256114 seconds and 5 git commands to generate.