]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/12/06 13:30:06
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
2717fa0f 13RCSID("$OpenBSD: servconf.c,v 1.94 2001/12/06 13:30:05 markus Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
e15895cd 46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
48e671d5 51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
fa08c86b 54 options->num_host_key_files = 0;
0fbe8c74 55 options->pid_file = NULL;
5260325f 56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
15853e93 59 options->permit_root_login = PERMIT_NOT_SET;
5260325f 60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
4f4648f9 63 options->print_lastlog = -1;
5260325f 64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
fa649821 66 options->xauth_location = NULL;
5260325f 67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
8002af61 73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
5260325f 75 options->rsa_authentication = -1;
fa08c86b 76 options->pubkey_authentication = -1;
ced49be2 77#if defined(KRB4) || defined(KRB5)
5260325f 78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
8efc0c15 81#endif
ced49be2 82#if defined(AFS) || defined(KRB5)
5260325f 83 options->kerberos_tgt_passing = -1;
ced49be2 84#endif
85#ifdef AFS
5260325f 86 options->afs_token_passing = -1;
8efc0c15 87#endif
5260325f 88 options->password_authentication = -1;
94ec8c6b 89 options->kbd_interactive_authentication = -1;
5ba55ada 90 options->challenge_response_authentication = -1;
5260325f 91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
33de75a3 93 options->allow_tcp_forwarding = -1;
5260325f 94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
a8be9f80 98 options->ciphers = NULL;
b2552997 99 options->macs = NULL;
a8be9f80 100 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 101 options->gateway_ports = -1;
38c295d6 102 options->num_subsystems = 0;
c345cf9d 103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
089fbbd2 105 options->max_startups = -1;
eea39c02 106 options->banner = NULL;
61e96248 107 options->reverse_mapping_check = -1;
3ffc6336 108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
c8445989 110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
8efc0c15 112}
113
6ae2364d 114void
5260325f 115fill_default_server_options(ServerOptions *options)
8efc0c15 116{
e15895cd 117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
fa08c86b 122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
42f11eb2 127 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 128 if (options->protocol & SSH_PROTO_2)
42f11eb2 129 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 130 }
48e671d5 131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
2d2a2c65 134 add_listen_addr(options, NULL, 0);
0fbe8c74 135 if (options->pid_file == NULL)
42f11eb2 136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
140 options->login_grace_time = 600;
141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
15853e93 143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
5260325f 145 if (options->ignore_rhosts == -1)
c8d54615 146 options->ignore_rhosts = 1;
5260325f 147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
5260325f 149 if (options->print_motd == -1)
150 options->print_motd = 1;
4f4648f9 151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
5260325f 153 if (options->x11_forwarding == -1)
c8d54615 154 options->x11_forwarding = 0;
5260325f 155 if (options->x11_display_offset == -1)
c8d54615 156 options->x11_display_offset = 10;
fd9ede94 157#ifdef _PATH_XAUTH
fa649821 158 if (options->xauth_location == NULL)
fd9ede94 159 options->xauth_location = _PATH_XAUTH;
160#endif
5260325f 161 if (options->strict_modes == -1)
162 options->strict_modes = 1;
163 if (options->keepalives == -1)
164 options->keepalives = 1;
165 if (options->log_facility == (SyslogFacility) (-1))
166 options->log_facility = SYSLOG_FACILITY_AUTH;
167 if (options->log_level == (LogLevel) (-1))
59c97189 168 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 169 if (options->rhosts_authentication == -1)
170 options->rhosts_authentication = 0;
171 if (options->rhosts_rsa_authentication == -1)
c8d54615 172 options->rhosts_rsa_authentication = 0;
8002af61 173 if (options->hostbased_authentication == -1)
174 options->hostbased_authentication = 0;
175 if (options->hostbased_uses_name_from_packet_only == -1)
176 options->hostbased_uses_name_from_packet_only = 0;
5260325f 177 if (options->rsa_authentication == -1)
178 options->rsa_authentication = 1;
fa08c86b 179 if (options->pubkey_authentication == -1)
180 options->pubkey_authentication = 1;
ced49be2 181#if defined(KRB4) || defined(KRB5)
5260325f 182 if (options->kerberos_authentication == -1)
183 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
184 if (options->kerberos_or_local_passwd == -1)
185 options->kerberos_or_local_passwd = 1;
186 if (options->kerberos_ticket_cleanup == -1)
187 options->kerberos_ticket_cleanup = 1;
ced49be2 188#endif
189#if defined(AFS) || defined(KRB5)
5260325f 190 if (options->kerberos_tgt_passing == -1)
191 options->kerberos_tgt_passing = 0;
ced49be2 192#endif
193#ifdef AFS
5260325f 194 if (options->afs_token_passing == -1)
195 options->afs_token_passing = k_hasafs();
ced49be2 196#endif
5260325f 197 if (options->password_authentication == -1)
198 options->password_authentication = 1;
94ec8c6b 199 if (options->kbd_interactive_authentication == -1)
200 options->kbd_interactive_authentication = 0;
5ba55ada 201 if (options->challenge_response_authentication == -1)
202 options->challenge_response_authentication = 1;
5260325f 203 if (options->permit_empty_passwd == -1)
c8d54615 204 options->permit_empty_passwd = 0;
5260325f 205 if (options->use_login == -1)
206 options->use_login = 0;
33de75a3 207 if (options->allow_tcp_forwarding == -1)
208 options->allow_tcp_forwarding = 1;
1d1ffb87 209 if (options->gateway_ports == -1)
210 options->gateway_ports = 0;
089fbbd2 211 if (options->max_startups == -1)
212 options->max_startups = 10;
c345cf9d 213 if (options->max_startups_rate == -1)
214 options->max_startups_rate = 100; /* 100% */
215 if (options->max_startups_begin == -1)
216 options->max_startups_begin = options->max_startups;
61e96248 217 if (options->reverse_mapping_check == -1)
218 options->reverse_mapping_check = 0;
3ffc6336 219 if (options->client_alive_interval == -1)
220 options->client_alive_interval = 0;
221 if (options->client_alive_count_max == -1)
222 options->client_alive_count_max = 3;
5df83e07 223 if (options->authorized_keys_file2 == NULL) {
224 /* authorized_keys_file2 falls back to authorized_keys_file */
225 if (options->authorized_keys_file != NULL)
226 options->authorized_keys_file2 = options->authorized_keys_file;
227 else
228 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
229 }
230 if (options->authorized_keys_file == NULL)
231 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
8efc0c15 232}
233
8efc0c15 234/* Keyword tokens. */
5260325f 235typedef enum {
236 sBadOption, /* == unknown option */
e15895cd 237 /* Portable-specific options */
238 sPAMAuthenticationViaKbdInt,
239 /* Standard Options */
5260325f 240 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
241 sPermitRootLogin, sLogFacility, sLogLevel,
242 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 243#if defined(KRB4) || defined(KRB5)
5260325f 244 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 245#endif
ced49be2 246#if defined(AFS) || defined(KRB5)
247 sKerberosTgtPassing,
248#endif
8efc0c15 249#ifdef AFS
ced49be2 250 sAFSTokenPassing,
8efc0c15 251#endif
d464095c 252 sChallengeResponseAuthentication,
94ec8c6b 253 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 254 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
255 sX11Forwarding, sX11DisplayOffset,
5c53a31e 256 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 257 sUseLogin, sAllowTcpForwarding,
258 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 259 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 260 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 261 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 262 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 263 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2717fa0f 264 sDeprecated
8efc0c15 265} ServerOpCodes;
266
267/* Textual representation of the tokens. */
5260325f 268static struct {
269 const char *name;
270 ServerOpCodes opcode;
271} keywords[] = {
e15895cd 272 /* Portable-specific options */
273 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
274 /* Standard Options */
5260325f 275 { "port", sPort },
276 { "hostkey", sHostKeyFile },
fa08c86b 277 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 278 { "pidfile", sPidFile },
5260325f 279 { "serverkeybits", sServerKeyBits },
280 { "logingracetime", sLoginGraceTime },
281 { "keyregenerationinterval", sKeyRegenerationTime },
282 { "permitrootlogin", sPermitRootLogin },
283 { "syslogfacility", sLogFacility },
284 { "loglevel", sLogLevel },
285 { "rhostsauthentication", sRhostsAuthentication },
286 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 287 { "hostbasedauthentication", sHostbasedAuthentication },
288 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 289 { "rsaauthentication", sRSAAuthentication },
fa08c86b 290 { "pubkeyauthentication", sPubkeyAuthentication },
291 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 292#if defined(KRB4) || defined(KRB5)
5260325f 293 { "kerberosauthentication", sKerberosAuthentication },
294 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
295 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 296#endif
ced49be2 297#if defined(AFS) || defined(KRB5)
5260325f 298 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 299#endif
300#ifdef AFS
5260325f 301 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 302#endif
5260325f 303 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 304 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 305 { "challengeresponseauthentication", sChallengeResponseAuthentication },
306 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 307 { "checkmail", sDeprecated },
5260325f 308 { "listenaddress", sListenAddress },
309 { "printmotd", sPrintMotd },
4f4648f9 310 { "printlastlog", sPrintLastLog },
5260325f 311 { "ignorerhosts", sIgnoreRhosts },
312 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
313 { "x11forwarding", sX11Forwarding },
314 { "x11displayoffset", sX11DisplayOffset },
fa649821 315 { "xauthlocation", sXAuthLocation },
5260325f 316 { "strictmodes", sStrictModes },
317 { "permitemptypasswords", sEmptyPasswd },
318 { "uselogin", sUseLogin },
5260325f 319 { "keepalive", sKeepAlives },
33de75a3 320 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 321 { "allowusers", sAllowUsers },
322 { "denyusers", sDenyUsers },
323 { "allowgroups", sAllowGroups },
324 { "denygroups", sDenyGroups },
a8be9f80 325 { "ciphers", sCiphers },
b2552997 326 { "macs", sMacs },
a8be9f80 327 { "protocol", sProtocol },
1d1ffb87 328 { "gatewayports", sGatewayPorts },
38c295d6 329 { "subsystem", sSubsystem },
089fbbd2 330 { "maxstartups", sMaxStartups },
eea39c02 331 { "banner", sBanner },
61e96248 332 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 333 { "clientaliveinterval", sClientAliveInterval },
334 { "clientalivecountmax", sClientAliveCountMax },
c8445989 335 { "authorizedkeysfile", sAuthorizedKeysFile },
336 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
17a3011c 337 { NULL, sBadOption }
8efc0c15 338};
339
aa3378df 340/*
6be9a5e8 341 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 342 */
8efc0c15 343
6ae2364d 344static ServerOpCodes
5260325f 345parse_token(const char *cp, const char *filename,
346 int linenum)
8efc0c15 347{
1e3b8b07 348 u_int i;
8efc0c15 349
5260325f 350 for (i = 0; keywords[i].name; i++)
aa3378df 351 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 352 return keywords[i].opcode;
8efc0c15 353
b7c70970 354 error("%s: line %d: Bad configuration option: %s",
355 filename, linenum, cp);
5260325f 356 return sBadOption;
8efc0c15 357}
358
396c147e 359static void
2d2a2c65 360add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 361{
48e671d5 362 int i;
363
364 if (options->num_ports == 0)
365 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 366 if (port == 0)
d11c1288 367 for (i = 0; i < options->num_ports; i++)
368 add_one_listen_addr(options, addr, options->ports[i]);
369 else
2d2a2c65 370 add_one_listen_addr(options, addr, port);
d11c1288 371}
372
396c147e 373static void
d11c1288 374add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
375{
376 struct addrinfo hints, *ai, *aitop;
377 char strport[NI_MAXSERV];
378 int gaierr;
379
380 memset(&hints, 0, sizeof(hints));
381 hints.ai_family = IPv4or6;
382 hints.ai_socktype = SOCK_STREAM;
383 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
384 snprintf(strport, sizeof strport, "%d", port);
385 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
386 fatal("bad addr or host: %s (%s)",
387 addr ? addr : "<NULL>",
388 gai_strerror(gaierr));
389 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
390 ;
391 ai->ai_next = options->listen_addrs;
392 options->listen_addrs = aitop;
48e671d5 393}
394
2717fa0f 395int
396process_server_config_line(ServerOptions *options, char *line,
397 const char *filename, int linenum)
8efc0c15 398{
d11c1288 399 char *cp, **charptr, *arg, *p;
2717fa0f 400 int *intptr, value;
5260325f 401 ServerOpCodes opcode;
97de229c 402 int i, n;
5260325f 403
2717fa0f 404 cp = line;
405 arg = strdelim(&cp);
406 /* Ignore leading whitespace */
407 if (*arg == '\0')
704b1659 408 arg = strdelim(&cp);
2717fa0f 409 if (!arg || !*arg || *arg == '#')
410 return 0;
411 intptr = NULL;
412 charptr = NULL;
413 opcode = parse_token(arg, filename, linenum);
414 switch (opcode) {
415 /* Portable-specific options */
416 case sPAMAuthenticationViaKbdInt:
417 intptr = &options->pam_authentication_via_kbd_int;
418 goto parse_flag;
48e671d5 419
2717fa0f 420 /* Standard Options */
421 case sBadOption:
422 return -1;
423 case sPort:
424 /* ignore ports from configfile if cmdline specifies ports */
425 if (options->ports_from_cmdline)
426 return 0;
427 if (options->listen_addrs != NULL)
428 fatal("%s line %d: ports must be specified before "
429 "ListenAdress.", filename, linenum);
430 if (options->num_ports >= MAX_PORTS)
431 fatal("%s line %d: too many ports.",
432 filename, linenum);
433 arg = strdelim(&cp);
434 if (!arg || *arg == '\0')
435 fatal("%s line %d: missing port number.",
436 filename, linenum);
437 options->ports[options->num_ports++] = a2port(arg);
438 if (options->ports[options->num_ports-1] == 0)
439 fatal("%s line %d: Badly formatted port number.",
440 filename, linenum);
441 break;
442
443 case sServerKeyBits:
444 intptr = &options->server_key_bits;
5260325f 445parse_int:
2717fa0f 446 arg = strdelim(&cp);
447 if (!arg || *arg == '\0')
448 fatal("%s line %d: missing integer value.",
449 filename, linenum);
450 value = atoi(arg);
451 if (*intptr == -1)
452 *intptr = value;
453 break;
454
455 case sLoginGraceTime:
456 intptr = &options->login_grace_time;
e2b1fb42 457parse_time:
2717fa0f 458 arg = strdelim(&cp);
459 if (!arg || *arg == '\0')
460 fatal("%s line %d: missing time value.",
461 filename, linenum);
462 if ((value = convtime(arg)) == -1)
463 fatal("%s line %d: invalid time value.",
464 filename, linenum);
465 if (*intptr == -1)
466 *intptr = value;
467 break;
468
469 case sKeyRegenerationTime:
470 intptr = &options->key_regeneration_time;
471 goto parse_time;
472
473 case sListenAddress:
474 arg = strdelim(&cp);
475 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
476 fatal("%s line %d: missing inet addr.",
477 filename, linenum);
478 if (*arg == '[') {
479 if ((p = strchr(arg, ']')) == NULL)
480 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 481 filename, linenum);
2717fa0f 482 arg++;
483 memmove(p, p+1, strlen(p+1)+1);
484 } else if (((p = strchr(arg, ':')) == NULL) ||
485 (strchr(p+1, ':') != NULL)) {
486 add_listen_addr(options, arg, 0);
e2b1fb42 487 break;
2717fa0f 488 }
489 if (*p == ':') {
490 u_short port;
5260325f 491
2717fa0f 492 p++;
493 if (*p == '\0')
494 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 495 filename, linenum);
2717fa0f 496 else {
497 *(p-1) = '\0';
498 if ((port = a2port(p)) == 0)
499 fatal("%s line %d: bad port number.",
d11c1288 500 filename, linenum);
2717fa0f 501 add_listen_addr(options, arg, port);
d11c1288 502 }
2717fa0f 503 } else if (*p == '\0')
504 add_listen_addr(options, arg, 0);
505 else
506 fatal("%s line %d: bad inet addr usage.",
507 filename, linenum);
508 break;
509
510 case sHostKeyFile:
511 intptr = &options->num_host_key_files;
512 if (*intptr >= MAX_HOSTKEYS)
513 fatal("%s line %d: too many host keys specified (max %d).",
514 filename, linenum, MAX_HOSTKEYS);
515 charptr = &options->host_key_files[*intptr];
fa649821 516parse_filename:
2717fa0f 517 arg = strdelim(&cp);
518 if (!arg || *arg == '\0')
519 fatal("%s line %d: missing file name.",
520 filename, linenum);
521 if (*charptr == NULL) {
522 *charptr = tilde_expand_filename(arg, getuid());
523 /* increase optional counter */
524 if (intptr != NULL)
525 *intptr = *intptr + 1;
526 }
527 break;
0fbe8c74 528
2717fa0f 529 case sPidFile:
530 charptr = &options->pid_file;
531 goto parse_filename;
5260325f 532
2717fa0f 533 case sPermitRootLogin:
534 intptr = &options->permit_root_login;
535 arg = strdelim(&cp);
536 if (!arg || *arg == '\0')
537 fatal("%s line %d: missing yes/"
538 "without-password/forced-commands-only/no "
539 "argument.", filename, linenum);
540 value = 0; /* silence compiler */
541 if (strcmp(arg, "without-password") == 0)
542 value = PERMIT_NO_PASSWD;
543 else if (strcmp(arg, "forced-commands-only") == 0)
544 value = PERMIT_FORCED_ONLY;
545 else if (strcmp(arg, "yes") == 0)
546 value = PERMIT_YES;
547 else if (strcmp(arg, "no") == 0)
548 value = PERMIT_NO;
549 else
550 fatal("%s line %d: Bad yes/"
551 "without-password/forced-commands-only/no "
552 "argument: %s", filename, linenum, arg);
553 if (*intptr == -1)
554 *intptr = value;
555 break;
556
557 case sIgnoreRhosts:
558 intptr = &options->ignore_rhosts;
5260325f 559parse_flag:
2717fa0f 560 arg = strdelim(&cp);
561 if (!arg || *arg == '\0')
562 fatal("%s line %d: missing yes/no argument.",
563 filename, linenum);
564 value = 0; /* silence compiler */
565 if (strcmp(arg, "yes") == 0)
566 value = 1;
567 else if (strcmp(arg, "no") == 0)
568 value = 0;
569 else
570 fatal("%s line %d: Bad yes/no argument: %s",
571 filename, linenum, arg);
572 if (*intptr == -1)
573 *intptr = value;
574 break;
575
576 case sIgnoreUserKnownHosts:
577 intptr = &options->ignore_user_known_hosts;
578 goto parse_flag;
579
580 case sRhostsAuthentication:
581 intptr = &options->rhosts_authentication;
582 goto parse_flag;
583
584 case sRhostsRSAAuthentication:
585 intptr = &options->rhosts_rsa_authentication;
586 goto parse_flag;
587
588 case sHostbasedAuthentication:
589 intptr = &options->hostbased_authentication;
590 goto parse_flag;
591
592 case sHostbasedUsesNameFromPacketOnly:
593 intptr = &options->hostbased_uses_name_from_packet_only;
594 goto parse_flag;
595
596 case sRSAAuthentication:
597 intptr = &options->rsa_authentication;
598 goto parse_flag;
599
600 case sPubkeyAuthentication:
601 intptr = &options->pubkey_authentication;
602 goto parse_flag;
603#if defined(KRB4) || defined(KRB5)
604 case sKerberosAuthentication:
605 intptr = &options->kerberos_authentication;
606 goto parse_flag;
5260325f 607
2717fa0f 608 case sKerberosOrLocalPasswd:
609 intptr = &options->kerberos_or_local_passwd;
610 goto parse_flag;
5260325f 611
2717fa0f 612 case sKerberosTicketCleanup:
613 intptr = &options->kerberos_ticket_cleanup;
614 goto parse_flag;
615#endif
616#if defined(AFS) || defined(KRB5)
617 case sKerberosTgtPassing:
618 intptr = &options->kerberos_tgt_passing;
619 goto parse_flag;
620#endif
621#ifdef AFS
622 case sAFSTokenPassing:
623 intptr = &options->afs_token_passing;
624 goto parse_flag;
625#endif
5260325f 626
2717fa0f 627 case sPasswordAuthentication:
628 intptr = &options->password_authentication;
629 goto parse_flag;
5260325f 630
2717fa0f 631 case sKbdInteractiveAuthentication:
632 intptr = &options->kbd_interactive_authentication;
633 goto parse_flag;
8002af61 634
2717fa0f 635 case sChallengeResponseAuthentication:
636 intptr = &options->challenge_response_authentication;
637 goto parse_flag;
8002af61 638
2717fa0f 639 case sPrintMotd:
640 intptr = &options->print_motd;
641 goto parse_flag;
5260325f 642
2717fa0f 643 case sPrintLastLog:
644 intptr = &options->print_lastlog;
645 goto parse_flag;
5260325f 646
2717fa0f 647 case sX11Forwarding:
648 intptr = &options->x11_forwarding;
649 goto parse_flag;
5260325f 650
2717fa0f 651 case sX11DisplayOffset:
652 intptr = &options->x11_display_offset;
653 goto parse_int;
8efc0c15 654
2717fa0f 655 case sXAuthLocation:
656 charptr = &options->xauth_location;
657 goto parse_filename;
5260325f 658
2717fa0f 659 case sStrictModes:
660 intptr = &options->strict_modes;
661 goto parse_flag;
5260325f 662
2717fa0f 663 case sKeepAlives:
664 intptr = &options->keepalives;
665 goto parse_flag;
33de75a3 666
2717fa0f 667 case sEmptyPasswd:
668 intptr = &options->permit_empty_passwd;
669 goto parse_flag;
5260325f 670
2717fa0f 671 case sUseLogin:
672 intptr = &options->use_login;
673 goto parse_flag;
5260325f 674
2717fa0f 675 case sGatewayPorts:
676 intptr = &options->gateway_ports;
677 goto parse_flag;
5260325f 678
2717fa0f 679 case sReverseMappingCheck:
680 intptr = &options->reverse_mapping_check;
681 goto parse_flag;
5260325f 682
2717fa0f 683 case sLogFacility:
684 intptr = (int *) &options->log_facility;
685 arg = strdelim(&cp);
686 value = log_facility_number(arg);
687 if (value == (SyslogFacility) - 1)
688 fatal("%.200s line %d: unsupported log facility '%s'",
689 filename, linenum, arg ? arg : "<NONE>");
690 if (*intptr == -1)
691 *intptr = (SyslogFacility) value;
692 break;
693
694 case sLogLevel:
695 intptr = (int *) &options->log_level;
696 arg = strdelim(&cp);
697 value = log_level_number(arg);
698 if (value == (LogLevel) - 1)
699 fatal("%.200s line %d: unsupported log level '%s'",
700 filename, linenum, arg ? arg : "<NONE>");
701 if (*intptr == -1)
702 *intptr = (LogLevel) value;
703 break;
704
705 case sAllowTcpForwarding:
706 intptr = &options->allow_tcp_forwarding;
707 goto parse_flag;
708
709 case sAllowUsers:
710 while ((arg = strdelim(&cp)) && *arg != '\0') {
711 if (options->num_allow_users >= MAX_ALLOW_USERS)
712 fatal("%s line %d: too many allow users.",
713 filename, linenum);
714 options->allow_users[options->num_allow_users++] = xstrdup(arg);
715 }
716 break;
a8be9f80 717
2717fa0f 718 case sDenyUsers:
719 while ((arg = strdelim(&cp)) && *arg != '\0') {
720 if (options->num_deny_users >= MAX_DENY_USERS)
721 fatal( "%s line %d: too many deny users.",
722 filename, linenum);
723 options->deny_users[options->num_deny_users++] = xstrdup(arg);
724 }
725 break;
b2552997 726
2717fa0f 727 case sAllowGroups:
728 while ((arg = strdelim(&cp)) && *arg != '\0') {
729 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
730 fatal("%s line %d: too many allow groups.",
731 filename, linenum);
732 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
733 }
734 break;
a8be9f80 735
2717fa0f 736 case sDenyGroups:
737 while ((arg = strdelim(&cp)) && *arg != '\0') {
738 if (options->num_deny_groups >= MAX_DENY_GROUPS)
739 fatal("%s line %d: too many deny groups.",
740 filename, linenum);
741 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
742 }
743 break;
38c295d6 744
2717fa0f 745 case sCiphers:
746 arg = strdelim(&cp);
747 if (!arg || *arg == '\0')
748 fatal("%s line %d: Missing argument.", filename, linenum);
749 if (!ciphers_valid(arg))
750 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
751 filename, linenum, arg ? arg : "<NONE>");
752 if (options->ciphers == NULL)
753 options->ciphers = xstrdup(arg);
754 break;
755
756 case sMacs:
757 arg = strdelim(&cp);
758 if (!arg || *arg == '\0')
759 fatal("%s line %d: Missing argument.", filename, linenum);
760 if (!mac_valid(arg))
761 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
762 filename, linenum, arg ? arg : "<NONE>");
763 if (options->macs == NULL)
764 options->macs = xstrdup(arg);
765 break;
766
767 case sProtocol:
768 intptr = &options->protocol;
769 arg = strdelim(&cp);
770 if (!arg || *arg == '\0')
771 fatal("%s line %d: Missing argument.", filename, linenum);
772 value = proto_spec(arg);
773 if (value == SSH_PROTO_UNKNOWN)
774 fatal("%s line %d: Bad protocol spec '%s'.",
775 filename, linenum, arg ? arg : "<NONE>");
776 if (*intptr == SSH_PROTO_UNKNOWN)
777 *intptr = value;
778 break;
779
780 case sSubsystem:
781 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
782 fatal("%s line %d: too many subsystems defined.",
783 filename, linenum);
784 }
785 arg = strdelim(&cp);
786 if (!arg || *arg == '\0')
787 fatal("%s line %d: Missing subsystem name.",
788 filename, linenum);
789 for (i = 0; i < options->num_subsystems; i++)
790 if (strcmp(arg, options->subsystem_name[i]) == 0)
791 fatal("%s line %d: Subsystem '%s' already defined.",
792 filename, linenum, arg);
793 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
794 arg = strdelim(&cp);
795 if (!arg || *arg == '\0')
796 fatal("%s line %d: Missing subsystem command.",
797 filename, linenum);
798 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
799 options->num_subsystems++;
800 break;
801
802 case sMaxStartups:
803 arg = strdelim(&cp);
804 if (!arg || *arg == '\0')
805 fatal("%s line %d: Missing MaxStartups spec.",
806 filename, linenum);
807 if ((n = sscanf(arg, "%d:%d:%d",
808 &options->max_startups_begin,
809 &options->max_startups_rate,
810 &options->max_startups)) == 3) {
811 if (options->max_startups_begin >
812 options->max_startups ||
813 options->max_startups_rate > 100 ||
814 options->max_startups_rate < 1)
c345cf9d 815 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 816 filename, linenum);
2717fa0f 817 } else if (n != 1)
818 fatal("%s line %d: Illegal MaxStartups spec.",
819 filename, linenum);
820 else
821 options->max_startups = options->max_startups_begin;
822 break;
823
824 case sBanner:
825 charptr = &options->banner;
826 goto parse_filename;
827 /*
828 * These options can contain %X options expanded at
829 * connect time, so that you can specify paths like:
830 *
831 * AuthorizedKeysFile /etc/ssh_keys/%u
832 */
833 case sAuthorizedKeysFile:
834 case sAuthorizedKeysFile2:
835 charptr = (opcode == sAuthorizedKeysFile ) ?
836 &options->authorized_keys_file :
837 &options->authorized_keys_file2;
838 goto parse_filename;
839
840 case sClientAliveInterval:
841 intptr = &options->client_alive_interval;
842 goto parse_time;
843
844 case sClientAliveCountMax:
845 intptr = &options->client_alive_count_max;
846 goto parse_int;
847
848 case sDeprecated:
849 log("%s line %d: Deprecated option %s",
850 filename, linenum, arg);
851 while (arg)
852 arg = strdelim(&cp);
853 break;
854
855 default:
856 fatal("%s line %d: Missing handler for opcode %s (%d)",
857 filename, linenum, arg, opcode);
858 }
859 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
860 fatal("%s line %d: garbage at end of line; \"%.200s\".",
861 filename, linenum, arg);
862 return 0;
863}
089fbbd2 864
2717fa0f 865/* Reads the server configuration file. */
5c53a31e 866
2717fa0f 867void
868read_server_config(ServerOptions *options, const char *filename)
869{
870 FILE *f;
871 char line[1024];
872 int linenum;
873 int bad_options = 0;
874
875 f = fopen(filename, "r");
876 if (!f) {
877 perror(filename);
878 exit(1);
879 }
880 linenum = 0;
881 while (fgets(line, sizeof(line), f)) {
882 /* Update line number counter. */
883 linenum++;
884 if (process_server_config_line(options, line, filename, linenum) != 0)
885 bad_options++;
8efc0c15 886 }
5260325f 887 fclose(f);
b7c70970 888 if (bad_options > 0)
889 fatal("%s: terminating, %d bad configuration options",
890 filename, bad_options);
8efc0c15 891}
git-cvsimport mirror of OpenSSH
This page took 0.272214 seconds and 5 git commands to generate.