]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
c5a7d788 13RCSID("$OpenBSD: servconf.c,v 1.122 2003/06/02 09:17:34 markus Exp $");
42f11eb2 14
12928e80 15#if defined(KRB4)
42f11eb2 16#include <krb.h>
17#endif
0608f8a7 18
83f46621 19#ifdef AFS
20#include <kafs.h>
21#endif
8efc0c15 22
23#include "ssh.h"
42f11eb2 24#include "log.h"
8efc0c15 25#include "servconf.h"
26#include "xmalloc.h"
a8be9f80 27#include "compat.h"
42f11eb2 28#include "pathnames.h"
29#include "tildexpand.h"
30#include "misc.h"
31#include "cipher.h"
b2552997 32#include "kex.h"
33#include "mac.h"
42f11eb2 34
396c147e 35static void add_listen_addr(ServerOptions *, char *, u_short);
36static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 37
42f11eb2 38/* AF_UNSPEC or AF_INET or AF_INET6 */
39extern int IPv4or6;
1853d1ef 40/* Use of privilege separation or not */
41extern int use_privsep;
42f11eb2 42
8efc0c15 43/* Initializes the server options to their default values. */
44
6ae2364d 45void
5260325f 46initialize_server_options(ServerOptions *options)
8efc0c15 47{
5260325f 48 memset(options, 0, sizeof(*options));
e15895cd 49
50 /* Portable-specific options */
7fceb20d 51 options->use_pam = -1;
e15895cd 52
53 /* Standard Options */
48e671d5 54 options->num_ports = 0;
55 options->ports_from_cmdline = 0;
56 options->listen_addrs = NULL;
fa08c86b 57 options->num_host_key_files = 0;
0fbe8c74 58 options->pid_file = NULL;
5260325f 59 options->server_key_bits = -1;
60 options->login_grace_time = -1;
61 options->key_regeneration_time = -1;
15853e93 62 options->permit_root_login = PERMIT_NOT_SET;
5260325f 63 options->ignore_rhosts = -1;
64 options->ignore_user_known_hosts = -1;
65 options->print_motd = -1;
4f4648f9 66 options->print_lastlog = -1;
5260325f 67 options->x11_forwarding = -1;
68 options->x11_display_offset = -1;
e6e573bd 69 options->x11_use_localhost = -1;
fa649821 70 options->xauth_location = NULL;
5260325f 71 options->strict_modes = -1;
72 options->keepalives = -1;
5eaf8578 73 options->log_facility = SYSLOG_FACILITY_NOT_SET;
74 options->log_level = SYSLOG_LEVEL_NOT_SET;
5260325f 75 options->rhosts_authentication = -1;
76 options->rhosts_rsa_authentication = -1;
8002af61 77 options->hostbased_authentication = -1;
78 options->hostbased_uses_name_from_packet_only = -1;
5260325f 79 options->rsa_authentication = -1;
fa08c86b 80 options->pubkey_authentication = -1;
5260325f 81 options->kerberos_authentication = -1;
82 options->kerberos_or_local_passwd = -1;
83 options->kerberos_ticket_cleanup = -1;
5260325f 84 options->kerberos_tgt_passing = -1;
85 options->afs_token_passing = -1;
5260325f 86 options->password_authentication = -1;
94ec8c6b 87 options->kbd_interactive_authentication = -1;
5ba55ada 88 options->challenge_response_authentication = -1;
5260325f 89 options->permit_empty_passwd = -1;
f00bab84 90 options->permit_user_env = -1;
5260325f 91 options->use_login = -1;
636f76ca 92 options->compression = -1;
33de75a3 93 options->allow_tcp_forwarding = -1;
5260325f 94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
a8be9f80 98 options->ciphers = NULL;
b2552997 99 options->macs = NULL;
a8be9f80 100 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 101 options->gateway_ports = -1;
38c295d6 102 options->num_subsystems = 0;
c345cf9d 103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
089fbbd2 105 options->max_startups = -1;
eea39c02 106 options->banner = NULL;
c5a7d788 107 options->use_dns = -1;
3ffc6336 108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
c8445989 110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
1853d1ef 112
1853d1ef 113 /* Needs to be accessable in many places */
114 use_privsep = -1;
8efc0c15 115}
116
6ae2364d 117void
5260325f 118fill_default_server_options(ServerOptions *options)
8efc0c15 119{
e15895cd 120 /* Portable-specific options */
7fceb20d 121 if (options->use_pam == -1)
1457e7ff 122 options->use_pam = 1;
e15895cd 123
124 /* Standard Options */
fa08c86b 125 if (options->protocol == SSH_PROTO_UNKNOWN)
126 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
127 if (options->num_host_key_files == 0) {
128 /* fill default hostkeys for protocols */
129 if (options->protocol & SSH_PROTO_1)
0f84fe37 130 options->host_key_files[options->num_host_key_files++] =
131 _PATH_HOST_KEY_FILE;
132 if (options->protocol & SSH_PROTO_2) {
133 options->host_key_files[options->num_host_key_files++] =
134 _PATH_HOST_RSA_KEY_FILE;
135 options->host_key_files[options->num_host_key_files++] =
136 _PATH_HOST_DSA_KEY_FILE;
137 }
fa08c86b 138 }
48e671d5 139 if (options->num_ports == 0)
140 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
141 if (options->listen_addrs == NULL)
2d2a2c65 142 add_listen_addr(options, NULL, 0);
0fbe8c74 143 if (options->pid_file == NULL)
42f11eb2 144 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 145 if (options->server_key_bits == -1)
146 options->server_key_bits = 768;
147 if (options->login_grace_time == -1)
3445ca02 148 options->login_grace_time = 120;
5260325f 149 if (options->key_regeneration_time == -1)
150 options->key_regeneration_time = 3600;
15853e93 151 if (options->permit_root_login == PERMIT_NOT_SET)
152 options->permit_root_login = PERMIT_YES;
5260325f 153 if (options->ignore_rhosts == -1)
c8d54615 154 options->ignore_rhosts = 1;
5260325f 155 if (options->ignore_user_known_hosts == -1)
156 options->ignore_user_known_hosts = 0;
5260325f 157 if (options->print_motd == -1)
158 options->print_motd = 1;
4f4648f9 159 if (options->print_lastlog == -1)
160 options->print_lastlog = 1;
5260325f 161 if (options->x11_forwarding == -1)
c8d54615 162 options->x11_forwarding = 0;
5260325f 163 if (options->x11_display_offset == -1)
c8d54615 164 options->x11_display_offset = 10;
e6e573bd 165 if (options->x11_use_localhost == -1)
166 options->x11_use_localhost = 1;
fa649821 167 if (options->xauth_location == NULL)
fd9ede94 168 options->xauth_location = _PATH_XAUTH;
5260325f 169 if (options->strict_modes == -1)
170 options->strict_modes = 1;
171 if (options->keepalives == -1)
172 options->keepalives = 1;
5eaf8578 173 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
5260325f 174 options->log_facility = SYSLOG_FACILITY_AUTH;
5eaf8578 175 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
59c97189 176 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 177 if (options->rhosts_authentication == -1)
178 options->rhosts_authentication = 0;
179 if (options->rhosts_rsa_authentication == -1)
c8d54615 180 options->rhosts_rsa_authentication = 0;
8002af61 181 if (options->hostbased_authentication == -1)
182 options->hostbased_authentication = 0;
183 if (options->hostbased_uses_name_from_packet_only == -1)
184 options->hostbased_uses_name_from_packet_only = 0;
5260325f 185 if (options->rsa_authentication == -1)
186 options->rsa_authentication = 1;
fa08c86b 187 if (options->pubkey_authentication == -1)
188 options->pubkey_authentication = 1;
5260325f 189 if (options->kerberos_authentication == -1)
eadc806d 190 options->kerberos_authentication = 0;
5260325f 191 if (options->kerberos_or_local_passwd == -1)
192 options->kerberos_or_local_passwd = 1;
193 if (options->kerberos_ticket_cleanup == -1)
194 options->kerberos_ticket_cleanup = 1;
5260325f 195 if (options->kerberos_tgt_passing == -1)
196 options->kerberos_tgt_passing = 0;
197 if (options->afs_token_passing == -1)
1c3454e7 198 options->afs_token_passing = 0;
5260325f 199 if (options->password_authentication == -1)
200 options->password_authentication = 1;
94ec8c6b 201 if (options->kbd_interactive_authentication == -1)
202 options->kbd_interactive_authentication = 0;
5ba55ada 203 if (options->challenge_response_authentication == -1)
204 options->challenge_response_authentication = 1;
5260325f 205 if (options->permit_empty_passwd == -1)
c8d54615 206 options->permit_empty_passwd = 0;
f00bab84 207 if (options->permit_user_env == -1)
208 options->permit_user_env = 0;
5260325f 209 if (options->use_login == -1)
210 options->use_login = 0;
636f76ca 211 if (options->compression == -1)
212 options->compression = 1;
33de75a3 213 if (options->allow_tcp_forwarding == -1)
214 options->allow_tcp_forwarding = 1;
1d1ffb87 215 if (options->gateway_ports == -1)
216 options->gateway_ports = 0;
089fbbd2 217 if (options->max_startups == -1)
218 options->max_startups = 10;
c345cf9d 219 if (options->max_startups_rate == -1)
220 options->max_startups_rate = 100; /* 100% */
221 if (options->max_startups_begin == -1)
222 options->max_startups_begin = options->max_startups;
c5a7d788 223 if (options->use_dns == -1)
224 options->use_dns = 1;
3ffc6336 225 if (options->client_alive_interval == -1)
184eed6a 226 options->client_alive_interval = 0;
3ffc6336 227 if (options->client_alive_count_max == -1)
228 options->client_alive_count_max = 3;
5df83e07 229 if (options->authorized_keys_file2 == NULL) {
230 /* authorized_keys_file2 falls back to authorized_keys_file */
231 if (options->authorized_keys_file != NULL)
232 options->authorized_keys_file2 = options->authorized_keys_file;
233 else
234 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
235 }
236 if (options->authorized_keys_file == NULL)
237 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
1853d1ef 238
2ee1b704 239 /* Turn privilege separation on by default */
1853d1ef 240 if (use_privsep == -1)
2ee1b704 241 use_privsep = 1;
e299a298 242
4165b82e 243#ifndef HAVE_MMAP
e299a298 244 if (use_privsep && options->compression == 1) {
245 error("This platform does not support both privilege "
246 "separation and compression");
247 error("Compression disabled");
248 options->compression = 0;
249 }
250#endif
251
8efc0c15 252}
253
8efc0c15 254/* Keyword tokens. */
5260325f 255typedef enum {
256 sBadOption, /* == unknown option */
e15895cd 257 /* Portable-specific options */
7fceb20d 258 sUsePAM,
e15895cd 259 /* Standard Options */
5260325f 260 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
261 sPermitRootLogin, sLogFacility, sLogLevel,
262 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
5260325f 263 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
d0ec7f42 264 sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication,
94ec8c6b 265 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 266 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
e6e573bd 267 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
5c53a31e 268 sStrictModes, sEmptyPasswd, sKeepAlives,
f00bab84 269 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
33de75a3 270 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 271 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 272 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
c5a7d788 273 sBanner, sUseDNS, sHostbasedAuthentication,
184eed6a 274 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 275 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2ea6de2b 276 sUsePrivilegeSeparation,
a2144546 277 sDeprecated, sUnsupported
8efc0c15 278} ServerOpCodes;
279
280/* Textual representation of the tokens. */
5260325f 281static struct {
282 const char *name;
283 ServerOpCodes opcode;
284} keywords[] = {
e15895cd 285 /* Portable-specific options */
b06b11ad 286#ifdef USE_PAM
7fceb20d 287 { "UsePAM", sUsePAM },
b06b11ad 288#else
289 { "UsePAM", sUnsupported },
290#endif
e15895cd 291 /* Standard Options */
5260325f 292 { "port", sPort },
293 { "hostkey", sHostKeyFile },
fa08c86b 294 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 295 { "pidfile", sPidFile },
5260325f 296 { "serverkeybits", sServerKeyBits },
297 { "logingracetime", sLoginGraceTime },
298 { "keyregenerationinterval", sKeyRegenerationTime },
299 { "permitrootlogin", sPermitRootLogin },
300 { "syslogfacility", sLogFacility },
301 { "loglevel", sLogLevel },
302 { "rhostsauthentication", sRhostsAuthentication },
303 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 304 { "hostbasedauthentication", sHostbasedAuthentication },
305 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 306 { "rsaauthentication", sRSAAuthentication },
fa08c86b 307 { "pubkeyauthentication", sPubkeyAuthentication },
308 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
a2144546 309#if defined(KRB4) || defined(KRB5)
5260325f 310 { "kerberosauthentication", sKerberosAuthentication },
311 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
312 { "kerberosticketcleanup", sKerberosTicketCleanup },
5260325f 313 { "kerberostgtpassing", sKerberosTgtPassing },
a2144546 314#else
315 { "kerberosauthentication", sUnsupported },
316 { "kerberosorlocalpasswd", sUnsupported },
317 { "kerberosticketcleanup", sUnsupported },
318 { "kerberostgtpassing", sUnsupported },
319#endif
320#if defined(AFS)
5260325f 321 { "afstokenpassing", sAFSTokenPassing },
a2144546 322#else
323 { "afstokenpassing", sUnsupported },
324#endif
5260325f 325 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 326 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 327 { "challengeresponseauthentication", sChallengeResponseAuthentication },
328 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 329 { "checkmail", sDeprecated },
5260325f 330 { "listenaddress", sListenAddress },
331 { "printmotd", sPrintMotd },
4f4648f9 332 { "printlastlog", sPrintLastLog },
5260325f 333 { "ignorerhosts", sIgnoreRhosts },
334 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
335 { "x11forwarding", sX11Forwarding },
336 { "x11displayoffset", sX11DisplayOffset },
e6e573bd 337 { "x11uselocalhost", sX11UseLocalhost },
fa649821 338 { "xauthlocation", sXAuthLocation },
5260325f 339 { "strictmodes", sStrictModes },
340 { "permitemptypasswords", sEmptyPasswd },
f00bab84 341 { "permituserenvironment", sPermitUserEnvironment },
5260325f 342 { "uselogin", sUseLogin },
636f76ca 343 { "compression", sCompression },
5260325f 344 { "keepalive", sKeepAlives },
33de75a3 345 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 346 { "allowusers", sAllowUsers },
347 { "denyusers", sDenyUsers },
348 { "allowgroups", sAllowGroups },
349 { "denygroups", sDenyGroups },
a8be9f80 350 { "ciphers", sCiphers },
b2552997 351 { "macs", sMacs },
a8be9f80 352 { "protocol", sProtocol },
1d1ffb87 353 { "gatewayports", sGatewayPorts },
38c295d6 354 { "subsystem", sSubsystem },
089fbbd2 355 { "maxstartups", sMaxStartups },
eea39c02 356 { "banner", sBanner },
c5a7d788 357 { "usedns", sUseDNS },
358 { "verifyreversemapping", sDeprecated },
359 { "reversemappingcheck", sDeprecated },
3ffc6336 360 { "clientaliveinterval", sClientAliveInterval },
361 { "clientalivecountmax", sClientAliveCountMax },
c8445989 362 { "authorizedkeysfile", sAuthorizedKeysFile },
363 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
1853d1ef 364 { "useprivilegeseparation", sUsePrivilegeSeparation},
17a3011c 365 { NULL, sBadOption }
8efc0c15 366};
367
aa3378df 368/*
6be9a5e8 369 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 370 */
8efc0c15 371
6ae2364d 372static ServerOpCodes
5260325f 373parse_token(const char *cp, const char *filename,
374 int linenum)
8efc0c15 375{
1e3b8b07 376 u_int i;
8efc0c15 377
5260325f 378 for (i = 0; keywords[i].name; i++)
aa3378df 379 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 380 return keywords[i].opcode;
8efc0c15 381
b7c70970 382 error("%s: line %d: Bad configuration option: %s",
383 filename, linenum, cp);
5260325f 384 return sBadOption;
8efc0c15 385}
386
396c147e 387static void
2d2a2c65 388add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 389{
48e671d5 390 int i;
391
392 if (options->num_ports == 0)
393 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 394 if (port == 0)
d11c1288 395 for (i = 0; i < options->num_ports; i++)
396 add_one_listen_addr(options, addr, options->ports[i]);
397 else
2d2a2c65 398 add_one_listen_addr(options, addr, port);
d11c1288 399}
400
396c147e 401static void
d11c1288 402add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
403{
404 struct addrinfo hints, *ai, *aitop;
405 char strport[NI_MAXSERV];
406 int gaierr;
407
408 memset(&hints, 0, sizeof(hints));
409 hints.ai_family = IPv4or6;
410 hints.ai_socktype = SOCK_STREAM;
411 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
7528d467 412 snprintf(strport, sizeof strport, "%u", port);
d11c1288 413 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
414 fatal("bad addr or host: %s (%s)",
415 addr ? addr : "<NULL>",
416 gai_strerror(gaierr));
417 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
418 ;
419 ai->ai_next = options->listen_addrs;
420 options->listen_addrs = aitop;
48e671d5 421}
422
2717fa0f 423int
424process_server_config_line(ServerOptions *options, char *line,
425 const char *filename, int linenum)
8efc0c15 426{
d11c1288 427 char *cp, **charptr, *arg, *p;
7528d467 428 int *intptr, value, i, n;
5260325f 429 ServerOpCodes opcode;
430
2717fa0f 431 cp = line;
432 arg = strdelim(&cp);
433 /* Ignore leading whitespace */
434 if (*arg == '\0')
704b1659 435 arg = strdelim(&cp);
2717fa0f 436 if (!arg || !*arg || *arg == '#')
437 return 0;
438 intptr = NULL;
439 charptr = NULL;
440 opcode = parse_token(arg, filename, linenum);
441 switch (opcode) {
442 /* Portable-specific options */
7fceb20d 443 case sUsePAM:
444 intptr = &options->use_pam;
2717fa0f 445 goto parse_flag;
48e671d5 446
2717fa0f 447 /* Standard Options */
448 case sBadOption:
449 return -1;
450 case sPort:
451 /* ignore ports from configfile if cmdline specifies ports */
452 if (options->ports_from_cmdline)
453 return 0;
454 if (options->listen_addrs != NULL)
455 fatal("%s line %d: ports must be specified before "
3a454b6a 456 "ListenAddress.", filename, linenum);
2717fa0f 457 if (options->num_ports >= MAX_PORTS)
458 fatal("%s line %d: too many ports.",
459 filename, linenum);
460 arg = strdelim(&cp);
461 if (!arg || *arg == '\0')
462 fatal("%s line %d: missing port number.",
463 filename, linenum);
464 options->ports[options->num_ports++] = a2port(arg);
465 if (options->ports[options->num_ports-1] == 0)
466 fatal("%s line %d: Badly formatted port number.",
467 filename, linenum);
468 break;
469
470 case sServerKeyBits:
471 intptr = &options->server_key_bits;
5260325f 472parse_int:
2717fa0f 473 arg = strdelim(&cp);
474 if (!arg || *arg == '\0')
475 fatal("%s line %d: missing integer value.",
476 filename, linenum);
477 value = atoi(arg);
478 if (*intptr == -1)
479 *intptr = value;
480 break;
481
482 case sLoginGraceTime:
483 intptr = &options->login_grace_time;
e2b1fb42 484parse_time:
2717fa0f 485 arg = strdelim(&cp);
486 if (!arg || *arg == '\0')
487 fatal("%s line %d: missing time value.",
488 filename, linenum);
489 if ((value = convtime(arg)) == -1)
490 fatal("%s line %d: invalid time value.",
491 filename, linenum);
492 if (*intptr == -1)
493 *intptr = value;
494 break;
495
496 case sKeyRegenerationTime:
497 intptr = &options->key_regeneration_time;
498 goto parse_time;
499
500 case sListenAddress:
501 arg = strdelim(&cp);
502 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
503 fatal("%s line %d: missing inet addr.",
504 filename, linenum);
505 if (*arg == '[') {
506 if ((p = strchr(arg, ']')) == NULL)
507 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 508 filename, linenum);
2717fa0f 509 arg++;
510 memmove(p, p+1, strlen(p+1)+1);
511 } else if (((p = strchr(arg, ':')) == NULL) ||
512 (strchr(p+1, ':') != NULL)) {
513 add_listen_addr(options, arg, 0);
e2b1fb42 514 break;
2717fa0f 515 }
516 if (*p == ':') {
517 u_short port;
5260325f 518
2717fa0f 519 p++;
520 if (*p == '\0')
521 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 522 filename, linenum);
2717fa0f 523 else {
524 *(p-1) = '\0';
525 if ((port = a2port(p)) == 0)
526 fatal("%s line %d: bad port number.",
d11c1288 527 filename, linenum);
2717fa0f 528 add_listen_addr(options, arg, port);
d11c1288 529 }
2717fa0f 530 } else if (*p == '\0')
531 add_listen_addr(options, arg, 0);
532 else
533 fatal("%s line %d: bad inet addr usage.",
534 filename, linenum);
535 break;
536
537 case sHostKeyFile:
538 intptr = &options->num_host_key_files;
539 if (*intptr >= MAX_HOSTKEYS)
540 fatal("%s line %d: too many host keys specified (max %d).",
541 filename, linenum, MAX_HOSTKEYS);
542 charptr = &options->host_key_files[*intptr];
fa649821 543parse_filename:
2717fa0f 544 arg = strdelim(&cp);
545 if (!arg || *arg == '\0')
546 fatal("%s line %d: missing file name.",
547 filename, linenum);
548 if (*charptr == NULL) {
549 *charptr = tilde_expand_filename(arg, getuid());
550 /* increase optional counter */
551 if (intptr != NULL)
552 *intptr = *intptr + 1;
553 }
554 break;
0fbe8c74 555
2717fa0f 556 case sPidFile:
557 charptr = &options->pid_file;
558 goto parse_filename;
5260325f 559
2717fa0f 560 case sPermitRootLogin:
561 intptr = &options->permit_root_login;
562 arg = strdelim(&cp);
563 if (!arg || *arg == '\0')
564 fatal("%s line %d: missing yes/"
565 "without-password/forced-commands-only/no "
566 "argument.", filename, linenum);
567 value = 0; /* silence compiler */
568 if (strcmp(arg, "without-password") == 0)
569 value = PERMIT_NO_PASSWD;
570 else if (strcmp(arg, "forced-commands-only") == 0)
571 value = PERMIT_FORCED_ONLY;
572 else if (strcmp(arg, "yes") == 0)
573 value = PERMIT_YES;
574 else if (strcmp(arg, "no") == 0)
575 value = PERMIT_NO;
576 else
577 fatal("%s line %d: Bad yes/"
578 "without-password/forced-commands-only/no "
579 "argument: %s", filename, linenum, arg);
580 if (*intptr == -1)
581 *intptr = value;
582 break;
583
584 case sIgnoreRhosts:
585 intptr = &options->ignore_rhosts;
5260325f 586parse_flag:
2717fa0f 587 arg = strdelim(&cp);
588 if (!arg || *arg == '\0')
589 fatal("%s line %d: missing yes/no argument.",
590 filename, linenum);
591 value = 0; /* silence compiler */
592 if (strcmp(arg, "yes") == 0)
593 value = 1;
594 else if (strcmp(arg, "no") == 0)
595 value = 0;
596 else
597 fatal("%s line %d: Bad yes/no argument: %s",
598 filename, linenum, arg);
599 if (*intptr == -1)
600 *intptr = value;
601 break;
602
603 case sIgnoreUserKnownHosts:
604 intptr = &options->ignore_user_known_hosts;
605 goto parse_flag;
606
607 case sRhostsAuthentication:
608 intptr = &options->rhosts_authentication;
609 goto parse_flag;
610
611 case sRhostsRSAAuthentication:
612 intptr = &options->rhosts_rsa_authentication;
613 goto parse_flag;
614
615 case sHostbasedAuthentication:
616 intptr = &options->hostbased_authentication;
617 goto parse_flag;
618
619 case sHostbasedUsesNameFromPacketOnly:
620 intptr = &options->hostbased_uses_name_from_packet_only;
621 goto parse_flag;
622
623 case sRSAAuthentication:
624 intptr = &options->rsa_authentication;
625 goto parse_flag;
626
627 case sPubkeyAuthentication:
628 intptr = &options->pubkey_authentication;
629 goto parse_flag;
d0ec7f42 630
2717fa0f 631 case sKerberosAuthentication:
632 intptr = &options->kerberos_authentication;
633 goto parse_flag;
5260325f 634
2717fa0f 635 case sKerberosOrLocalPasswd:
636 intptr = &options->kerberos_or_local_passwd;
637 goto parse_flag;
5260325f 638
2717fa0f 639 case sKerberosTicketCleanup:
640 intptr = &options->kerberos_ticket_cleanup;
641 goto parse_flag;
d0ec7f42 642
2717fa0f 643 case sKerberosTgtPassing:
644 intptr = &options->kerberos_tgt_passing;
645 goto parse_flag;
d0ec7f42 646
2717fa0f 647 case sAFSTokenPassing:
648 intptr = &options->afs_token_passing;
649 goto parse_flag;
5260325f 650
2717fa0f 651 case sPasswordAuthentication:
652 intptr = &options->password_authentication;
653 goto parse_flag;
5260325f 654
2717fa0f 655 case sKbdInteractiveAuthentication:
656 intptr = &options->kbd_interactive_authentication;
657 goto parse_flag;
8002af61 658
2717fa0f 659 case sChallengeResponseAuthentication:
660 intptr = &options->challenge_response_authentication;
661 goto parse_flag;
8002af61 662
2717fa0f 663 case sPrintMotd:
664 intptr = &options->print_motd;
665 goto parse_flag;
5260325f 666
2717fa0f 667 case sPrintLastLog:
668 intptr = &options->print_lastlog;
669 goto parse_flag;
5260325f 670
2717fa0f 671 case sX11Forwarding:
672 intptr = &options->x11_forwarding;
673 goto parse_flag;
5260325f 674
2717fa0f 675 case sX11DisplayOffset:
676 intptr = &options->x11_display_offset;
677 goto parse_int;
8efc0c15 678
e6e573bd 679 case sX11UseLocalhost:
680 intptr = &options->x11_use_localhost;
681 goto parse_flag;
682
2717fa0f 683 case sXAuthLocation:
684 charptr = &options->xauth_location;
685 goto parse_filename;
5260325f 686
2717fa0f 687 case sStrictModes:
688 intptr = &options->strict_modes;
689 goto parse_flag;
5260325f 690
2717fa0f 691 case sKeepAlives:
692 intptr = &options->keepalives;
693 goto parse_flag;
33de75a3 694
2717fa0f 695 case sEmptyPasswd:
696 intptr = &options->permit_empty_passwd;
697 goto parse_flag;
5260325f 698
f00bab84 699 case sPermitUserEnvironment:
700 intptr = &options->permit_user_env;
701 goto parse_flag;
702
2717fa0f 703 case sUseLogin:
704 intptr = &options->use_login;
705 goto parse_flag;
5260325f 706
636f76ca 707 case sCompression:
708 intptr = &options->compression;
709 goto parse_flag;
710
2717fa0f 711 case sGatewayPorts:
712 intptr = &options->gateway_ports;
713 goto parse_flag;
5260325f 714
c5a7d788 715 case sUseDNS:
716 intptr = &options->use_dns;
2717fa0f 717 goto parse_flag;
5260325f 718
2717fa0f 719 case sLogFacility:
720 intptr = (int *) &options->log_facility;
721 arg = strdelim(&cp);
722 value = log_facility_number(arg);
5eaf8578 723 if (value == SYSLOG_FACILITY_NOT_SET)
2717fa0f 724 fatal("%.200s line %d: unsupported log facility '%s'",
725 filename, linenum, arg ? arg : "<NONE>");
726 if (*intptr == -1)
727 *intptr = (SyslogFacility) value;
728 break;
729
730 case sLogLevel:
731 intptr = (int *) &options->log_level;
732 arg = strdelim(&cp);
733 value = log_level_number(arg);
5eaf8578 734 if (value == SYSLOG_LEVEL_NOT_SET)
2717fa0f 735 fatal("%.200s line %d: unsupported log level '%s'",
736 filename, linenum, arg ? arg : "<NONE>");
737 if (*intptr == -1)
738 *intptr = (LogLevel) value;
739 break;
740
741 case sAllowTcpForwarding:
742 intptr = &options->allow_tcp_forwarding;
743 goto parse_flag;
744
1853d1ef 745 case sUsePrivilegeSeparation:
746 intptr = &use_privsep;
747 goto parse_flag;
748
2717fa0f 749 case sAllowUsers:
750 while ((arg = strdelim(&cp)) && *arg != '\0') {
751 if (options->num_allow_users >= MAX_ALLOW_USERS)
752 fatal("%s line %d: too many allow users.",
753 filename, linenum);
7528d467 754 options->allow_users[options->num_allow_users++] =
755 xstrdup(arg);
2717fa0f 756 }
757 break;
a8be9f80 758
2717fa0f 759 case sDenyUsers:
760 while ((arg = strdelim(&cp)) && *arg != '\0') {
761 if (options->num_deny_users >= MAX_DENY_USERS)
762 fatal( "%s line %d: too many deny users.",
763 filename, linenum);
7528d467 764 options->deny_users[options->num_deny_users++] =
765 xstrdup(arg);
2717fa0f 766 }
767 break;
b2552997 768
2717fa0f 769 case sAllowGroups:
770 while ((arg = strdelim(&cp)) && *arg != '\0') {
771 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
772 fatal("%s line %d: too many allow groups.",
773 filename, linenum);
7528d467 774 options->allow_groups[options->num_allow_groups++] =
775 xstrdup(arg);
2717fa0f 776 }
777 break;
a8be9f80 778
2717fa0f 779 case sDenyGroups:
780 while ((arg = strdelim(&cp)) && *arg != '\0') {
781 if (options->num_deny_groups >= MAX_DENY_GROUPS)
782 fatal("%s line %d: too many deny groups.",
783 filename, linenum);
784 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
785 }
786 break;
38c295d6 787
2717fa0f 788 case sCiphers:
789 arg = strdelim(&cp);
790 if (!arg || *arg == '\0')
791 fatal("%s line %d: Missing argument.", filename, linenum);
792 if (!ciphers_valid(arg))
793 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
794 filename, linenum, arg ? arg : "<NONE>");
795 if (options->ciphers == NULL)
796 options->ciphers = xstrdup(arg);
797 break;
798
799 case sMacs:
800 arg = strdelim(&cp);
801 if (!arg || *arg == '\0')
802 fatal("%s line %d: Missing argument.", filename, linenum);
803 if (!mac_valid(arg))
804 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
805 filename, linenum, arg ? arg : "<NONE>");
806 if (options->macs == NULL)
807 options->macs = xstrdup(arg);
808 break;
809
810 case sProtocol:
811 intptr = &options->protocol;
812 arg = strdelim(&cp);
813 if (!arg || *arg == '\0')
814 fatal("%s line %d: Missing argument.", filename, linenum);
815 value = proto_spec(arg);
816 if (value == SSH_PROTO_UNKNOWN)
817 fatal("%s line %d: Bad protocol spec '%s'.",
184eed6a 818 filename, linenum, arg ? arg : "<NONE>");
2717fa0f 819 if (*intptr == SSH_PROTO_UNKNOWN)
820 *intptr = value;
821 break;
822
823 case sSubsystem:
824 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
825 fatal("%s line %d: too many subsystems defined.",
184eed6a 826 filename, linenum);
2717fa0f 827 }
828 arg = strdelim(&cp);
829 if (!arg || *arg == '\0')
830 fatal("%s line %d: Missing subsystem name.",
184eed6a 831 filename, linenum);
2717fa0f 832 for (i = 0; i < options->num_subsystems; i++)
833 if (strcmp(arg, options->subsystem_name[i]) == 0)
834 fatal("%s line %d: Subsystem '%s' already defined.",
184eed6a 835 filename, linenum, arg);
2717fa0f 836 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
837 arg = strdelim(&cp);
838 if (!arg || *arg == '\0')
839 fatal("%s line %d: Missing subsystem command.",
184eed6a 840 filename, linenum);
2717fa0f 841 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
842 options->num_subsystems++;
843 break;
844
845 case sMaxStartups:
846 arg = strdelim(&cp);
847 if (!arg || *arg == '\0')
848 fatal("%s line %d: Missing MaxStartups spec.",
184eed6a 849 filename, linenum);
2717fa0f 850 if ((n = sscanf(arg, "%d:%d:%d",
851 &options->max_startups_begin,
852 &options->max_startups_rate,
853 &options->max_startups)) == 3) {
854 if (options->max_startups_begin >
855 options->max_startups ||
856 options->max_startups_rate > 100 ||
857 options->max_startups_rate < 1)
c345cf9d 858 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 859 filename, linenum);
2717fa0f 860 } else if (n != 1)
861 fatal("%s line %d: Illegal MaxStartups spec.",
862 filename, linenum);
863 else
864 options->max_startups = options->max_startups_begin;
865 break;
866
867 case sBanner:
868 charptr = &options->banner;
869 goto parse_filename;
870 /*
871 * These options can contain %X options expanded at
872 * connect time, so that you can specify paths like:
873 *
874 * AuthorizedKeysFile /etc/ssh_keys/%u
875 */
876 case sAuthorizedKeysFile:
877 case sAuthorizedKeysFile2:
878 charptr = (opcode == sAuthorizedKeysFile ) ?
879 &options->authorized_keys_file :
880 &options->authorized_keys_file2;
881 goto parse_filename;
882
883 case sClientAliveInterval:
884 intptr = &options->client_alive_interval;
885 goto parse_time;
886
887 case sClientAliveCountMax:
888 intptr = &options->client_alive_count_max;
889 goto parse_int;
890
891 case sDeprecated:
bbe88b6d 892 logit("%s line %d: Deprecated option %s",
2717fa0f 893 filename, linenum, arg);
894 while (arg)
895 arg = strdelim(&cp);
896 break;
897
a2144546 898 case sUnsupported:
899 logit("%s line %d: Unsupported option %s",
900 filename, linenum, arg);
901 while (arg)
902 arg = strdelim(&cp);
903 break;
904
2717fa0f 905 default:
906 fatal("%s line %d: Missing handler for opcode %s (%d)",
907 filename, linenum, arg, opcode);
908 }
909 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
910 fatal("%s line %d: garbage at end of line; \"%.200s\".",
911 filename, linenum, arg);
912 return 0;
913}
089fbbd2 914
2717fa0f 915/* Reads the server configuration file. */
5c53a31e 916
2717fa0f 917void
918read_server_config(ServerOptions *options, const char *filename)
919{
7528d467 920 int linenum, bad_options = 0;
2717fa0f 921 char line[1024];
7528d467 922 FILE *f;
2717fa0f 923
34934506 924 debug2("read_server_config: filename %s", filename);
2717fa0f 925 f = fopen(filename, "r");
926 if (!f) {
927 perror(filename);
928 exit(1);
929 }
930 linenum = 0;
931 while (fgets(line, sizeof(line), f)) {
932 /* Update line number counter. */
933 linenum++;
934 if (process_server_config_line(options, line, filename, linenum) != 0)
935 bad_options++;
8efc0c15 936 }
5260325f 937 fclose(f);
b7c70970 938 if (bad_options > 0)
939 fatal("%s: terminating, %d bad configuration options",
940 filename, bad_options);
8efc0c15 941}
git-cvsimport mirror of OpenSSH
This page took 0.354962 seconds and 5 git commands to generate.