[openssh.git] / servconf.c

/*
 * 
 * servconf.c
 * 
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * 
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * 
 * Created: Mon Aug 21 15:48:58 1995 ylo
 * 
 */

#include "includes.h"
RCSID("$Id$");

#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"

/* Initializes the server options to their default values. */

void 
initialize_server_options(ServerOptions *options)
{
	memset(options, 0, sizeof(*options));
	options->port = -1;
	options->listen_addr.s_addr = htonl(INADDR_ANY);
	options->host_key_file = NULL;
	options->server_key_bits = -1;
	options->login_grace_time = -1;
	options->key_regeneration_time = -1;
	options->permit_root_login = -1;
	options->ignore_rhosts = -1;
	options->ignore_user_known_hosts = -1;
	options->print_motd = -1;
	options->check_mail = -1;
	options->x11_forwarding = -1;
	options->x11_display_offset = -1;
	options->strict_modes = -1;
	options->keepalives = -1;
	options->log_facility = (SyslogFacility) - 1;
	options->log_level = (LogLevel) - 1;
	options->rhosts_authentication = -1;
	options->rhosts_rsa_authentication = -1;
	options->rsa_authentication = -1;
#ifdef KRB4
	options->kerberos_authentication = -1;
	options->kerberos_or_local_passwd = -1;
	options->kerberos_ticket_cleanup = -1;
#endif
#ifdef AFS
	options->kerberos_tgt_passing = -1;
	options->afs_token_passing = -1;
#endif
	options->password_authentication = -1;
#ifdef SKEY
	options->skey_authentication = -1;
#endif
	options->permit_empty_passwd = -1;
	options->use_login = -1;
	options->num_allow_users = 0;
	options->num_deny_users = 0;
	options->num_allow_groups = 0;
	options->num_deny_groups = 0;
}

void 
fill_default_server_options(ServerOptions *options)
{
	if (options->port == -1) {
		struct servent *sp;

		sp = getservbyname(SSH_SERVICE_NAME, "tcp");
		if (sp)
			options->port = ntohs(sp->s_port);
		else
			options->port = SSH_DEFAULT_PORT;
		endservent();
	}
	if (options->host_key_file == NULL)
		options->host_key_file = HOST_KEY_FILE;
	if (options->server_key_bits == -1)
		options->server_key_bits = 768;
	if (options->login_grace_time == -1)
		options->login_grace_time = 600;
	if (options->key_regeneration_time == -1)
		options->key_regeneration_time = 3600;
	if (options->permit_root_login == -1)
		options->permit_root_login = 1;			/* yes */
	if (options->ignore_rhosts == -1)
		options->ignore_rhosts = 0;
	if (options->ignore_user_known_hosts == -1)
		options->ignore_user_known_hosts = 0;
	if (options->check_mail == -1)
		options->check_mail = 0;
	if (options->print_motd == -1)
		options->print_motd = 1;
	if (options->x11_forwarding == -1)
		options->x11_forwarding = 1;
	if (options->x11_display_offset == -1)
		options->x11_display_offset = 1;
	if (options->strict_modes == -1)
		options->strict_modes = 1;
	if (options->keepalives == -1)
		options->keepalives = 1;
	if (options->log_facility == (SyslogFacility) (-1))
		options->log_facility = SYSLOG_FACILITY_AUTH;
	if (options->log_level == (LogLevel) (-1))
		options->log_level = SYSLOG_LEVEL_INFO;
	if (options->rhosts_authentication == -1)
		options->rhosts_authentication = 0;
	if (options->rhosts_rsa_authentication == -1)
		options->rhosts_rsa_authentication = 1;
	if (options->rsa_authentication == -1)
		options->rsa_authentication = 1;
#ifdef KRB4
	if (options->kerberos_authentication == -1)
		options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	if (options->kerberos_or_local_passwd == -1)
		options->kerberos_or_local_passwd = 1;
	if (options->kerberos_ticket_cleanup == -1)
		options->kerberos_ticket_cleanup = 1;
#endif /* KRB4 */
#ifdef AFS
	if (options->kerberos_tgt_passing == -1)
		options->kerberos_tgt_passing = 0;
	if (options->afs_token_passing == -1)
		options->afs_token_passing = k_hasafs();
#endif /* AFS */
	if (options->password_authentication == -1)
		options->password_authentication = 1;
#ifdef SKEY
	if (options->skey_authentication == -1)
		options->skey_authentication = 1;
#endif
	if (options->permit_empty_passwd == -1)
		options->permit_empty_passwd = 1;
	if (options->use_login == -1)
		options->use_login = 0;
}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */
typedef enum {
	sBadOption,		/* == unknown option */
	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
	sPermitRootLogin, sLogFacility, sLogLevel,
	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#ifdef KRB4
	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif
#ifdef AFS
	sKerberosTgtPassing, sAFSTokenPassing,
#endif
#ifdef SKEY
	sSkeyAuthentication,
#endif
	sPasswordAuthentication, sListenAddress,
	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
	sIgnoreUserKnownHosts
} ServerOpCodes;

/* Textual representation of the tokens. */
static struct {
	const char *name;
	ServerOpCodes opcode;
} keywords[] = {
	{ "port", sPort },
	{ "hostkey", sHostKeyFile },
	{ "serverkeybits", sServerKeyBits },
	{ "logingracetime", sLoginGraceTime },
	{ "keyregenerationinterval", sKeyRegenerationTime },
	{ "permitrootlogin", sPermitRootLogin },
	{ "syslogfacility", sLogFacility },
	{ "loglevel", sLogLevel },
	{ "rhostsauthentication", sRhostsAuthentication },
	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	{ "rsaauthentication", sRSAAuthentication },
#ifdef KRB4
	{ "kerberosauthentication", sKerberosAuthentication },
	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	{ "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#ifdef AFS
	{ "kerberostgtpassing", sKerberosTgtPassing },
	{ "afstokenpassing", sAFSTokenPassing },
#endif
	{ "passwordauthentication", sPasswordAuthentication },
#ifdef SKEY
	{ "skeyauthentication", sSkeyAuthentication },
#endif
	{ "checkmail", sCheckMail },
	{ "listenaddress", sListenAddress },
	{ "printmotd", sPrintMotd },
	{ "ignorerhosts", sIgnoreRhosts },
	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
	{ "x11forwarding", sX11Forwarding },
	{ "x11displayoffset", sX11DisplayOffset },
	{ "strictmodes", sStrictModes },
	{ "permitemptypasswords", sEmptyPasswd },
	{ "uselogin", sUseLogin },
	{ "randomseed", sRandomSeedFile },
	{ "keepalive", sKeepAlives },
	{ "allowusers", sAllowUsers },
	{ "denyusers", sDenyUsers },
	{ "allowgroups", sAllowGroups },
	{ "denygroups", sDenyGroups },
	{ NULL, 0 }
};

/*
 * Returns the number of the token pointed to by cp of length len. Never
 * returns if the token is not known.
 */

static ServerOpCodes 
parse_token(const char *cp, const char *filename,
	    int linenum)
{
	unsigned int i;

	for (i = 0; keywords[i].name; i++)
		if (strcasecmp(cp, keywords[i].name) == 0)
			return keywords[i].opcode;

	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
		filename, linenum, cp);
	return sBadOption;
}

/* Reads the server configuration file. */

void 
read_server_config(ServerOptions *options, const char *filename)
{
	FILE *f;
	char line[1024];
	char *cp, **charptr;
	int linenum, *intptr, value;
	int bad_options = 0;
	ServerOpCodes opcode;

	f = fopen(filename, "r");
	if (!f) {
		perror(filename);
		exit(1);
	}
	linenum = 0;
	while (fgets(line, sizeof(line), f)) {
		linenum++;
		cp = line + strspn(line, WHITESPACE);
		if (!*cp || *cp == '#')
			continue;
		cp = strtok(cp, WHITESPACE);
		opcode = parse_token(cp, filename, linenum);
		switch (opcode) {
		case sBadOption:
			bad_options++;
			continue;
		case sPort:
			intptr = &options->port;
parse_int:
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing integer value.\n",
					filename, linenum);
				exit(1);
			}
			value = atoi(cp);
			if (*intptr == -1)
				*intptr = value;
			break;

		case sServerKeyBits:
			intptr = &options->server_key_bits;
			goto parse_int;

		case sLoginGraceTime:
			intptr = &options->login_grace_time;
			goto parse_int;

		case sKeyRegenerationTime:
			intptr = &options->key_regeneration_time;
			goto parse_int;

		case sListenAddress:
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing inet addr.\n",
					filename, linenum);
				exit(1);
			}
			options->listen_addr.s_addr = inet_addr(cp);
			break;

		case sHostKeyFile:
			charptr = &options->host_key_file;
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing file name.\n",
					filename, linenum);
				exit(1);
			}
			if (*charptr == NULL)
				*charptr = tilde_expand_filename(cp, getuid());
			break;

		case sRandomSeedFile:
			fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
				filename, linenum);
			cp = strtok(NULL, WHITESPACE);
			break;

		case sPermitRootLogin:
			intptr = &options->permit_root_login;
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
					filename, linenum);
				exit(1);
			}
			if (strcmp(cp, "without-password") == 0)
				value = 2;
			else if (strcmp(cp, "yes") == 0)
				value = 1;
			else if (strcmp(cp, "no") == 0)
				value = 0;
			else {
				fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
					filename, linenum, cp);
				exit(1);
			}
			if (*intptr == -1)
				*intptr = value;
			break;

		case sIgnoreRhosts:
			intptr = &options->ignore_rhosts;
parse_flag:
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing yes/no argument.\n",
					filename, linenum);
				exit(1);
			}
			if (strcmp(cp, "yes") == 0)
				value = 1;
			else if (strcmp(cp, "no") == 0)
				value = 0;
			else {
				fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
					filename, linenum, cp);
				exit(1);
			}
			if (*intptr == -1)
				*intptr = value;
			break;

		case sIgnoreUserKnownHosts:
			intptr = &options->ignore_user_known_hosts;
			goto parse_int;

		case sRhostsAuthentication:
			intptr = &options->rhosts_authentication;
			goto parse_flag;

		case sRhostsRSAAuthentication:
			intptr = &options->rhosts_rsa_authentication;
			goto parse_flag;

		case sRSAAuthentication:
			intptr = &options->rsa_authentication;
			goto parse_flag;

#ifdef KRB4
		case sKerberosAuthentication:
			intptr = &options->kerberos_authentication;
			goto parse_flag;

		case sKerberosOrLocalPasswd:
			intptr = &options->kerberos_or_local_passwd;
			goto parse_flag;

		case sKerberosTicketCleanup:
			intptr = &options->kerberos_ticket_cleanup;
			goto parse_flag;
#endif

#ifdef AFS
		case sKerberosTgtPassing:
			intptr = &options->kerberos_tgt_passing;
			goto parse_flag;

		case sAFSTokenPassing:
			intptr = &options->afs_token_passing;
			goto parse_flag;
#endif

		case sPasswordAuthentication:
			intptr = &options->password_authentication;
			goto parse_flag;

		case sCheckMail:
			intptr = &options->check_mail;
			goto parse_flag;

#ifdef SKEY
		case sSkeyAuthentication:
			intptr = &options->skey_authentication;
			goto parse_flag;
#endif

		case sPrintMotd:
			intptr = &options->print_motd;
			goto parse_flag;

		case sX11Forwarding:
			intptr = &options->x11_forwarding;
			goto parse_flag;

		case sX11DisplayOffset:
			intptr = &options->x11_display_offset;
			goto parse_int;

		case sStrictModes:
			intptr = &options->strict_modes;
			goto parse_flag;

		case sKeepAlives:
			intptr = &options->keepalives;
			goto parse_flag;

		case sEmptyPasswd:
			intptr = &options->permit_empty_passwd;
			goto parse_flag;

		case sUseLogin:
			intptr = &options->use_login;
			goto parse_flag;

		case sLogFacility:
			intptr = (int *) &options->log_facility;
			cp = strtok(NULL, WHITESPACE);
			value = log_facility_number(cp);
			if (value == (SyslogFacility) - 1)
				fatal("%.200s line %d: unsupported log facility '%s'\n",
				  filename, linenum, cp ? cp : "<NONE>");
			if (*intptr == -1)
				*intptr = (SyslogFacility) value;
			break;

		case sLogLevel:
			intptr = (int *) &options->log_level;
			cp = strtok(NULL, WHITESPACE);
			value = log_level_number(cp);
			if (value == (LogLevel) - 1)
				fatal("%.200s line %d: unsupported log level '%s'\n",
				  filename, linenum, cp ? cp : "<NONE>");
			if (*intptr == -1)
				*intptr = (LogLevel) value;
			break;

		case sAllowUsers:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_allow_users >= MAX_ALLOW_USERS) {
					fprintf(stderr, "%s line %d: too many allow users.\n",
						filename, linenum);
					exit(1);
				}
				options->allow_users[options->num_allow_users++] = xstrdup(cp);
			}
			break;

		case sDenyUsers:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_deny_users >= MAX_DENY_USERS) {
					fprintf(stderr, "%s line %d: too many deny users.\n",
						filename, linenum);
					exit(1);
				}
				options->deny_users[options->num_deny_users++] = xstrdup(cp);
			}
			break;

		case sAllowGroups:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
					fprintf(stderr, "%s line %d: too many allow groups.\n",
						filename, linenum);
					exit(1);
				}
				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
			}
			break;

		case sDenyGroups:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_deny_groups >= MAX_DENY_GROUPS) {
					fprintf(stderr, "%s line %d: too many deny groups.\n",
						filename, linenum);
					exit(1);
				}
				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
			}
			break;

		default:
			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
				filename, linenum, cp, opcode);
			exit(1);
		}
		if (strtok(NULL, WHITESPACE) != NULL) {
			fprintf(stderr, "%s line %d: garbage at end of line.\n",
				filename, linenum);
			exit(1);
		}
	}
	fclose(f);
	if (bad_options > 0) {
		fprintf(stderr, "%s: terminating, %d bad configuration options\n",
			filename, bad_options);
		exit(1);
	}
}
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	*
	3	* servconf.c
	4	*
	5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	6	*
	7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	* All rights reserved
	9	*
	10	* Created: Mon Aug 21 15:48:58 1995 ylo
	11	*
	12	*/
8efc0c15	13
	14	#include "includes.h"
	15	RCSID("$Id$");
	16
	17	#include "ssh.h"
	18	#include "servconf.h"
	19	#include "xmalloc.h"
	20
	21	/* Initializes the server options to their default values. */
	22
5260325f	23	void
5260325f	24	initialize_server_options(ServerOptions *options)
8efc0c15	25	{
5260325f	26	memset(options, 0, sizeof(*options));
	27	options->port = -1;
	28	options->listen_addr.s_addr = htonl(INADDR_ANY);
	29	options->host_key_file = NULL;
	30	options->server_key_bits = -1;
	31	options->login_grace_time = -1;
	32	options->key_regeneration_time = -1;
	33	options->permit_root_login = -1;
	34	options->ignore_rhosts = -1;
	35	options->ignore_user_known_hosts = -1;
	36	options->print_motd = -1;
	37	options->check_mail = -1;
	38	options->x11_forwarding = -1;
	39	options->x11_display_offset = -1;
	40	options->strict_modes = -1;
	41	options->keepalives = -1;
	42	options->log_facility = (SyslogFacility) - 1;
	43	options->log_level = (LogLevel) - 1;
	44	options->rhosts_authentication = -1;
	45	options->rhosts_rsa_authentication = -1;
	46	options->rsa_authentication = -1;
8efc0c15	47	#ifdef KRB4
5260325f	48	options->kerberos_authentication = -1;
	49	options->kerberos_or_local_passwd = -1;
	50	options->kerberos_ticket_cleanup = -1;
8efc0c15	51	#endif
8efc0c15	52	#ifdef AFS
5260325f	53	options->kerberos_tgt_passing = -1;
5260325f	54	options->afs_token_passing = -1;
8efc0c15	55	#endif
5260325f	56	options->password_authentication = -1;
8efc0c15	57	#ifdef SKEY
5260325f	58	options->skey_authentication = -1;
8efc0c15	59	#endif
5260325f	60	options->permit_empty_passwd = -1;
	61	options->use_login = -1;
	62	options->num_allow_users = 0;
	63	options->num_deny_users = 0;
	64	options->num_allow_groups = 0;
	65	options->num_deny_groups = 0;
8efc0c15	66	}
8efc0c15	67
5260325f	68	void
5260325f	69	fill_default_server_options(ServerOptions *options)
8efc0c15	70	{
5260325f	71	if (options->port == -1) {
	72	struct servent *sp;
	73
	74	sp = getservbyname(SSH_SERVICE_NAME, "tcp");
	75	if (sp)
	76	options->port = ntohs(sp->s_port);
	77	else
	78	options->port = SSH_DEFAULT_PORT;
	79	endservent();
	80	}
	81	if (options->host_key_file == NULL)
	82	options->host_key_file = HOST_KEY_FILE;
	83	if (options->server_key_bits == -1)
	84	options->server_key_bits = 768;
	85	if (options->login_grace_time == -1)
	86	options->login_grace_time = 600;
	87	if (options->key_regeneration_time == -1)
	88	options->key_regeneration_time = 3600;
	89	if (options->permit_root_login == -1)
	90	options->permit_root_login = 1; /* yes */
	91	if (options->ignore_rhosts == -1)
	92	options->ignore_rhosts = 0;
	93	if (options->ignore_user_known_hosts == -1)
	94	options->ignore_user_known_hosts = 0;
	95	if (options->check_mail == -1)
	96	options->check_mail = 0;
	97	if (options->print_motd == -1)
	98	options->print_motd = 1;
	99	if (options->x11_forwarding == -1)
	100	options->x11_forwarding = 1;
	101	if (options->x11_display_offset == -1)
	102	options->x11_display_offset = 1;
	103	if (options->strict_modes == -1)
	104	options->strict_modes = 1;
	105	if (options->keepalives == -1)
	106	options->keepalives = 1;
	107	if (options->log_facility == (SyslogFacility) (-1))
	108	options->log_facility = SYSLOG_FACILITY_AUTH;
	109	if (options->log_level == (LogLevel) (-1))
	110	options->log_level = SYSLOG_LEVEL_INFO;
	111	if (options->rhosts_authentication == -1)
	112	options->rhosts_authentication = 0;
	113	if (options->rhosts_rsa_authentication == -1)
	114	options->rhosts_rsa_authentication = 1;
	115	if (options->rsa_authentication == -1)
	116	options->rsa_authentication = 1;
8efc0c15	117	#ifdef KRB4
5260325f	118	if (options->kerberos_authentication == -1)
	119	options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	120	if (options->kerberos_or_local_passwd == -1)
	121	options->kerberos_or_local_passwd = 1;
	122	if (options->kerberos_ticket_cleanup == -1)
	123	options->kerberos_ticket_cleanup = 1;
8efc0c15	124	#endif /* KRB4 */
8efc0c15	125	#ifdef AFS
5260325f	126	if (options->kerberos_tgt_passing == -1)
	127	options->kerberos_tgt_passing = 0;
	128	if (options->afs_token_passing == -1)
	129	options->afs_token_passing = k_hasafs();
8efc0c15	130	#endif /* AFS */
5260325f	131	if (options->password_authentication == -1)
5260325f	132	options->password_authentication = 1;
8efc0c15	133	#ifdef SKEY
5260325f	134	if (options->skey_authentication == -1)
5260325f	135	options->skey_authentication = 1;
8efc0c15	136	#endif
5260325f	137	if (options->permit_empty_passwd == -1)
	138	options->permit_empty_passwd = 1;
	139	if (options->use_login == -1)
	140	options->use_login = 0;
8efc0c15	141	}
	142
	143	#define WHITESPACE " \t\r\n"
	144
	145	/* Keyword tokens. */
5260325f	146	typedef enum {
	147	sBadOption, /* == unknown option */
	148	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
	149	sPermitRootLogin, sLogFacility, sLogLevel,
	150	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15	151	#ifdef KRB4
5260325f	152	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15	153	#endif
8efc0c15	154	#ifdef AFS
5260325f	155	sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15	156	#endif
8efc0c15	157	#ifdef SKEY
5260325f	158	sSkeyAuthentication,
8efc0c15	159	#endif
5260325f	160	sPasswordAuthentication, sListenAddress,
	161	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	162	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
	163	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
	164	sIgnoreUserKnownHosts
8efc0c15	165	} ServerOpCodes;
	166
	167	/* Textual representation of the tokens. */
5260325f	168	static struct {
	169	const char *name;
	170	ServerOpCodes opcode;
	171	} keywords[] = {
	172	{ "port", sPort },
	173	{ "hostkey", sHostKeyFile },
	174	{ "serverkeybits", sServerKeyBits },
	175	{ "logingracetime", sLoginGraceTime },
	176	{ "keyregenerationinterval", sKeyRegenerationTime },
	177	{ "permitrootlogin", sPermitRootLogin },
	178	{ "syslogfacility", sLogFacility },
	179	{ "loglevel", sLogLevel },
	180	{ "rhostsauthentication", sRhostsAuthentication },
	181	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	182	{ "rsaauthentication", sRSAAuthentication },
8efc0c15	183	#ifdef KRB4
5260325f	184	{ "kerberosauthentication", sKerberosAuthentication },
	185	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	186	{ "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15	187	#endif
8efc0c15	188	#ifdef AFS
5260325f	189	{ "kerberostgtpassing", sKerberosTgtPassing },
5260325f	190	{ "afstokenpassing", sAFSTokenPassing },
8efc0c15	191	#endif
5260325f	192	{ "passwordauthentication", sPasswordAuthentication },
8efc0c15	193	#ifdef SKEY
5260325f	194	{ "skeyauthentication", sSkeyAuthentication },
8efc0c15	195	#endif
5260325f	196	{ "checkmail", sCheckMail },
	197	{ "listenaddress", sListenAddress },
	198	{ "printmotd", sPrintMotd },
	199	{ "ignorerhosts", sIgnoreRhosts },
	200	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
	201	{ "x11forwarding", sX11Forwarding },
	202	{ "x11displayoffset", sX11DisplayOffset },
	203	{ "strictmodes", sStrictModes },
	204	{ "permitemptypasswords", sEmptyPasswd },
	205	{ "uselogin", sUseLogin },
	206	{ "randomseed", sRandomSeedFile },
	207	{ "keepalive", sKeepAlives },
	208	{ "allowusers", sAllowUsers },
	209	{ "denyusers", sDenyUsers },
	210	{ "allowgroups", sAllowGroups },
	211	{ "denygroups", sDenyGroups },
	212	{ NULL, 0 }
8efc0c15	213	};
8efc0c15	214
aa3378df	215	/*
	216	* Returns the number of the token pointed to by cp of length len. Never
	217	* returns if the token is not known.
	218	*/
8efc0c15	219
5260325f	220	static ServerOpCodes
	221	parse_token(const char cp, const char filename,
	222	int linenum)
8efc0c15	223	{
5260325f	224	unsigned int i;
8efc0c15	225
5260325f	226	for (i = 0; keywords[i].name; i++)
aa3378df	227	if (strcasecmp(cp, keywords[i].name) == 0)
5260325f	228	return keywords[i].opcode;
8efc0c15	229
5260325f	230	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
	231	filename, linenum, cp);
	232	return sBadOption;
8efc0c15	233	}
	234
	235	/* Reads the server configuration file. */
	236
5260325f	237	void
5260325f	238	read_server_config(ServerOptions options, const char filename)
8efc0c15	239	{
5260325f	240	FILE *f;
	241	char line[1024];
	242	char cp, *charptr;
	243	int linenum, *intptr, value;
	244	int bad_options = 0;
	245	ServerOpCodes opcode;
	246
	247	f = fopen(filename, "r");
	248	if (!f) {
	249	perror(filename);
8efc0c15	250	exit(1);
5260325f	251	}
	252	linenum = 0;
	253	while (fgets(line, sizeof(line), f)) {
	254	linenum++;
	255	cp = line + strspn(line, WHITESPACE);
	256	if (!cp \|\| cp == '#')
	257	continue;
	258	cp = strtok(cp, WHITESPACE);
5260325f	259	opcode = parse_token(cp, filename, linenum);
	260	switch (opcode) {
	261	case sBadOption:
	262	bad_options++;
	263	continue;
	264	case sPort:
	265	intptr = &options->port;
	266	parse_int:
	267	cp = strtok(NULL, WHITESPACE);
	268	if (!cp) {
	269	fprintf(stderr, "%s line %d: missing integer value.\n",
	270	filename, linenum);
	271	exit(1);
	272	}
	273	value = atoi(cp);
	274	if (*intptr == -1)
	275	*intptr = value;
	276	break;
	277
	278	case sServerKeyBits:
	279	intptr = &options->server_key_bits;
	280	goto parse_int;
	281
	282	case sLoginGraceTime:
	283	intptr = &options->login_grace_time;
	284	goto parse_int;
	285
	286	case sKeyRegenerationTime:
	287	intptr = &options->key_regeneration_time;
	288	goto parse_int;
	289
	290	case sListenAddress:
	291	cp = strtok(NULL, WHITESPACE);
	292	if (!cp) {
	293	fprintf(stderr, "%s line %d: missing inet addr.\n",
	294	filename, linenum);
	295	exit(1);
	296	}
	297	options->listen_addr.s_addr = inet_addr(cp);
	298	break;
	299
	300	case sHostKeyFile:
	301	charptr = &options->host_key_file;
	302	cp = strtok(NULL, WHITESPACE);
	303	if (!cp) {
	304	fprintf(stderr, "%s line %d: missing file name.\n",
	305	filename, linenum);
	306	exit(1);
	307	}
	308	if (*charptr == NULL)
	309	*charptr = tilde_expand_filename(cp, getuid());
	310	break;
	311
	312	case sRandomSeedFile:
	313	fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
	314	filename, linenum);
	315	cp = strtok(NULL, WHITESPACE);
	316	break;
	317
	318	case sPermitRootLogin:
	319	intptr = &options->permit_root_login;
	320	cp = strtok(NULL, WHITESPACE);
	321	if (!cp) {
	322	fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
323	filename, linenum);
324	exit(1);
325	}
326	if (strcmp(cp, "without-password") == 0)
327	value = 2;
328	else if (strcmp(cp, "yes") == 0)
329	value = 1;
330	else if (strcmp(cp, "no") == 0)
331	value = 0;
332	else {
333	fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
334	filename, linenum, cp);
335	exit(1);
336	}
337	if (*intptr == -1)
338	*intptr = value;
339	break;
340
341	case sIgnoreRhosts:
342	intptr = &options->ignore_rhosts;
343	parse_flag:
344	cp = strtok(NULL, WHITESPACE);
345	if (!cp) {
346	fprintf(stderr, "%s line %d: missing yes/no argument.\n",
347	filename, linenum);
348	exit(1);
349	}
350	if (strcmp(cp, "yes") == 0)
351	value = 1;
352	else if (strcmp(cp, "no") == 0)
353	value = 0;
354	else {
355	fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
356	filename, linenum, cp);
357	exit(1);
358	}
359	if (*intptr == -1)
360	*intptr = value;
361	break;
362
363	case sIgnoreUserKnownHosts:
364	intptr = &options->ignore_user_known_hosts;
365	goto parse_int;
366
367	case sRhostsAuthentication:
368	intptr = &options->rhosts_authentication;
369	goto parse_flag;
370
371	case sRhostsRSAAuthentication:
372	intptr = &options->rhosts_rsa_authentication;
373	goto parse_flag;
374
375	case sRSAAuthentication:
376	intptr = &options->rsa_authentication;
377	goto parse_flag;
378
8efc0c15	379	#ifdef KRB4
5260325f	380	case sKerberosAuthentication:
	381	intptr = &options->kerberos_authentication;
	382	goto parse_flag;
	383
	384	case sKerberosOrLocalPasswd:
	385	intptr = &options->kerberos_or_local_passwd;
	386	goto parse_flag;
	387
	388	case sKerberosTicketCleanup:
	389	intptr = &options->kerberos_ticket_cleanup;
	390	goto parse_flag;
8efc0c15	391	#endif
5260325f	392
8efc0c15	393	#ifdef AFS
5260325f	394	case sKerberosTgtPassing:
	395	intptr = &options->kerberos_tgt_passing;
	396	goto parse_flag;
8efc0c15	397
5260325f	398	case sAFSTokenPassing:
	399	intptr = &options->afs_token_passing;
	400	goto parse_flag;
8efc0c15	401	#endif
8efc0c15	402
5260325f	403	case sPasswordAuthentication:
	404	intptr = &options->password_authentication;
	405	goto parse_flag;
8efc0c15	406
5260325f	407	case sCheckMail:
	408	intptr = &options->check_mail;
	409	goto parse_flag;
8efc0c15	410
8efc0c15	411	#ifdef SKEY
5260325f	412	case sSkeyAuthentication:
	413	intptr = &options->skey_authentication;
	414	goto parse_flag;
8efc0c15	415	#endif
8efc0c15	416
5260325f	417	case sPrintMotd:
	418	intptr = &options->print_motd;
	419	goto parse_flag;
	420
	421	case sX11Forwarding:
	422	intptr = &options->x11_forwarding;
	423	goto parse_flag;
	424
	425	case sX11DisplayOffset:
	426	intptr = &options->x11_display_offset;
	427	goto parse_int;
	428
	429	case sStrictModes:
	430	intptr = &options->strict_modes;
	431	goto parse_flag;
	432
	433	case sKeepAlives:
	434	intptr = &options->keepalives;
	435	goto parse_flag;
	436
	437	case sEmptyPasswd:
	438	intptr = &options->permit_empty_passwd;
	439	goto parse_flag;
	440
	441	case sUseLogin:
	442	intptr = &options->use_login;
	443	goto parse_flag;
	444
	445	case sLogFacility:
	446	intptr = (int *) &options->log_facility;
	447	cp = strtok(NULL, WHITESPACE);
	448	value = log_facility_number(cp);
	449	if (value == (SyslogFacility) - 1)
	450	fatal("%.200s line %d: unsupported log facility '%s'\n",
	451	filename, linenum, cp ? cp : "<NONE>");
	452	if (*intptr == -1)
	453	*intptr = (SyslogFacility) value;
	454	break;
	455
	456	case sLogLevel:
	457	intptr = (int *) &options->log_level;
	458	cp = strtok(NULL, WHITESPACE);
	459	value = log_level_number(cp);
	460	if (value == (LogLevel) - 1)
	461	fatal("%.200s line %d: unsupported log level '%s'\n",
	462	filename, linenum, cp ? cp : "<NONE>");
	463	if (*intptr == -1)
	464	*intptr = (LogLevel) value;
	465	break;
	466
	467	case sAllowUsers:
	468	while ((cp = strtok(NULL, WHITESPACE))) {
	469	if (options->num_allow_users >= MAX_ALLOW_USERS) {
	470	fprintf(stderr, "%s line %d: too many allow users.\n",
	471	filename, linenum);
	472	exit(1);
	473	}
	474	options->allow_users[options->num_allow_users++] = xstrdup(cp);
	475	}
	476	break;
	477
	478	case sDenyUsers:
	479	while ((cp = strtok(NULL, WHITESPACE))) {
	480	if (options->num_deny_users >= MAX_DENY_USERS) {
481	fprintf(stderr, "%s line %d: too many deny users.\n",
482	filename, linenum);
483	exit(1);
484	}
485	options->deny_users[options->num_deny_users++] = xstrdup(cp);
486	}
487	break;
488
489	case sAllowGroups:
490	while ((cp = strtok(NULL, WHITESPACE))) {
491	if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
492	fprintf(stderr, "%s line %d: too many allow groups.\n",
493	filename, linenum);
494	exit(1);
495	}
496	options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
497	}
498	break;
499
500	case sDenyGroups:
501	while ((cp = strtok(NULL, WHITESPACE))) {
502	if (options->num_deny_groups >= MAX_DENY_GROUPS) {
503	fprintf(stderr, "%s line %d: too many deny groups.\n",
504	filename, linenum);
505	exit(1);
506	}
507	options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
508	}
509	break;
510
511	default:
512	fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
513	filename, linenum, cp, opcode);
514	exit(1);
8efc0c15	515	}
5260325f	516	if (strtok(NULL, WHITESPACE) != NULL) {
	517	fprintf(stderr, "%s line %d: garbage at end of line.\n",
	518	filename, linenum);
	519	exit(1);
8efc0c15	520	}
8efc0c15	521	}
5260325f	522	fclose(f);
	523	if (bad_options > 0) {
	524	fprintf(stderr, "%s: terminating, %d bad configuration options\n",
	525	filename, bad_options);
	526	exit(1);
8efc0c15	527	}
8efc0c15	528	}