]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
2d2a2c65 13RCSID("$OpenBSD: servconf.c,v 1.76 2001/04/12 20:09:37 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
d464095c 84 options->challenge_reponse_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
8efc0c15 102}
103
6ae2364d 104void
5260325f 105fill_default_server_options(ServerOptions *options)
8efc0c15 106{
fa08c86b 107 if (options->protocol == SSH_PROTO_UNKNOWN)
108 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
109 if (options->num_host_key_files == 0) {
110 /* fill default hostkeys for protocols */
111 if (options->protocol & SSH_PROTO_1)
42f11eb2 112 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 113 if (options->protocol & SSH_PROTO_2)
42f11eb2 114 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 115 }
48e671d5 116 if (options->num_ports == 0)
117 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
118 if (options->listen_addrs == NULL)
2d2a2c65 119 add_listen_addr(options, NULL, 0);
0fbe8c74 120 if (options->pid_file == NULL)
42f11eb2 121 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 122 if (options->server_key_bits == -1)
123 options->server_key_bits = 768;
124 if (options->login_grace_time == -1)
125 options->login_grace_time = 600;
126 if (options->key_regeneration_time == -1)
127 options->key_regeneration_time = 3600;
15853e93 128 if (options->permit_root_login == PERMIT_NOT_SET)
129 options->permit_root_login = PERMIT_YES;
5260325f 130 if (options->ignore_rhosts == -1)
c8d54615 131 options->ignore_rhosts = 1;
5260325f 132 if (options->ignore_user_known_hosts == -1)
133 options->ignore_user_known_hosts = 0;
134 if (options->check_mail == -1)
135 options->check_mail = 0;
136 if (options->print_motd == -1)
137 options->print_motd = 1;
4f4648f9 138 if (options->print_lastlog == -1)
139 options->print_lastlog = 1;
5260325f 140 if (options->x11_forwarding == -1)
c8d54615 141 options->x11_forwarding = 0;
5260325f 142 if (options->x11_display_offset == -1)
c8d54615 143 options->x11_display_offset = 10;
fa649821 144#ifdef XAUTH_PATH
145 if (options->xauth_location == NULL)
146 options->xauth_location = XAUTH_PATH;
147#endif /* XAUTH_PATH */
5260325f 148 if (options->strict_modes == -1)
149 options->strict_modes = 1;
150 if (options->keepalives == -1)
151 options->keepalives = 1;
152 if (options->log_facility == (SyslogFacility) (-1))
153 options->log_facility = SYSLOG_FACILITY_AUTH;
154 if (options->log_level == (LogLevel) (-1))
59c97189 155 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 156 if (options->rhosts_authentication == -1)
157 options->rhosts_authentication = 0;
158 if (options->rhosts_rsa_authentication == -1)
c8d54615 159 options->rhosts_rsa_authentication = 0;
8002af61 160 if (options->hostbased_authentication == -1)
161 options->hostbased_authentication = 0;
162 if (options->hostbased_uses_name_from_packet_only == -1)
163 options->hostbased_uses_name_from_packet_only = 0;
5260325f 164 if (options->rsa_authentication == -1)
165 options->rsa_authentication = 1;
fa08c86b 166 if (options->pubkey_authentication == -1)
167 options->pubkey_authentication = 1;
8efc0c15 168#ifdef KRB4
5260325f 169 if (options->kerberos_authentication == -1)
170 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
171 if (options->kerberos_or_local_passwd == -1)
172 options->kerberos_or_local_passwd = 1;
173 if (options->kerberos_ticket_cleanup == -1)
174 options->kerberos_ticket_cleanup = 1;
8efc0c15 175#endif /* KRB4 */
176#ifdef AFS
5260325f 177 if (options->kerberos_tgt_passing == -1)
178 options->kerberos_tgt_passing = 0;
179 if (options->afs_token_passing == -1)
180 options->afs_token_passing = k_hasafs();
8efc0c15 181#endif /* AFS */
5260325f 182 if (options->password_authentication == -1)
183 options->password_authentication = 1;
94ec8c6b 184 if (options->kbd_interactive_authentication == -1)
185 options->kbd_interactive_authentication = 0;
d464095c 186 if (options->challenge_reponse_authentication == -1)
187 options->challenge_reponse_authentication = 1;
5260325f 188 if (options->permit_empty_passwd == -1)
c8d54615 189 options->permit_empty_passwd = 0;
5260325f 190 if (options->use_login == -1)
191 options->use_login = 0;
33de75a3 192 if (options->allow_tcp_forwarding == -1)
193 options->allow_tcp_forwarding = 1;
1d1ffb87 194 if (options->gateway_ports == -1)
195 options->gateway_ports = 0;
089fbbd2 196 if (options->max_startups == -1)
197 options->max_startups = 10;
c345cf9d 198 if (options->max_startups_rate == -1)
199 options->max_startups_rate = 100; /* 100% */
200 if (options->max_startups_begin == -1)
201 options->max_startups_begin = options->max_startups;
61e96248 202 if (options->reverse_mapping_check == -1)
203 options->reverse_mapping_check = 0;
8efc0c15 204}
205
8efc0c15 206/* Keyword tokens. */
5260325f 207typedef enum {
208 sBadOption, /* == unknown option */
209 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
210 sPermitRootLogin, sLogFacility, sLogLevel,
211 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 212#ifdef KRB4
5260325f 213 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 214#endif
215#ifdef AFS
5260325f 216 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 217#endif
d464095c 218 sChallengeResponseAuthentication,
94ec8c6b 219 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 220 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
221 sX11Forwarding, sX11DisplayOffset,
9c81df4c 222 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 223 sUseLogin, sAllowTcpForwarding,
224 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 225 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 226 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 227 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
228 sHostbasedUsesNameFromPacketOnly
8efc0c15 229} ServerOpCodes;
230
231/* Textual representation of the tokens. */
5260325f 232static struct {
233 const char *name;
234 ServerOpCodes opcode;
235} keywords[] = {
236 { "port", sPort },
237 { "hostkey", sHostKeyFile },
fa08c86b 238 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 239 { "pidfile", sPidFile },
5260325f 240 { "serverkeybits", sServerKeyBits },
241 { "logingracetime", sLoginGraceTime },
242 { "keyregenerationinterval", sKeyRegenerationTime },
243 { "permitrootlogin", sPermitRootLogin },
244 { "syslogfacility", sLogFacility },
245 { "loglevel", sLogLevel },
246 { "rhostsauthentication", sRhostsAuthentication },
247 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 248 { "hostbasedauthentication", sHostbasedAuthentication },
249 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 250 { "rsaauthentication", sRSAAuthentication },
fa08c86b 251 { "pubkeyauthentication", sPubkeyAuthentication },
252 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 253#ifdef KRB4
5260325f 254 { "kerberosauthentication", sKerberosAuthentication },
255 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
256 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 257#endif
258#ifdef AFS
5260325f 259 { "kerberostgtpassing", sKerberosTgtPassing },
260 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 261#endif
5260325f 262 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 263 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 264 { "challengeresponseauthentication", sChallengeResponseAuthentication },
265 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 266 { "checkmail", sCheckMail },
267 { "listenaddress", sListenAddress },
268 { "printmotd", sPrintMotd },
4f4648f9 269 { "printlastlog", sPrintLastLog },
5260325f 270 { "ignorerhosts", sIgnoreRhosts },
271 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
272 { "x11forwarding", sX11Forwarding },
273 { "x11displayoffset", sX11DisplayOffset },
fa649821 274 { "xauthlocation", sXAuthLocation },
5260325f 275 { "strictmodes", sStrictModes },
276 { "permitemptypasswords", sEmptyPasswd },
277 { "uselogin", sUseLogin },
5260325f 278 { "keepalive", sKeepAlives },
33de75a3 279 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 280 { "allowusers", sAllowUsers },
281 { "denyusers", sDenyUsers },
282 { "allowgroups", sAllowGroups },
283 { "denygroups", sDenyGroups },
a8be9f80 284 { "ciphers", sCiphers },
b2552997 285 { "macs", sMacs },
a8be9f80 286 { "protocol", sProtocol },
1d1ffb87 287 { "gatewayports", sGatewayPorts },
38c295d6 288 { "subsystem", sSubsystem },
089fbbd2 289 { "maxstartups", sMaxStartups },
eea39c02 290 { "banner", sBanner },
61e96248 291 { "reversemappingcheck", sReverseMappingCheck },
5260325f 292 { NULL, 0 }
8efc0c15 293};
294
aa3378df 295/*
6be9a5e8 296 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 297 */
8efc0c15 298
6ae2364d 299static ServerOpCodes
5260325f 300parse_token(const char *cp, const char *filename,
301 int linenum)
8efc0c15 302{
1e3b8b07 303 u_int i;
8efc0c15 304
5260325f 305 for (i = 0; keywords[i].name; i++)
aa3378df 306 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 307 return keywords[i].opcode;
8efc0c15 308
5260325f 309 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
310 filename, linenum, cp);
311 return sBadOption;
8efc0c15 312}
313
6ae2364d 314void
2d2a2c65 315add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 316{
48e671d5 317 int i;
318
319 if (options->num_ports == 0)
320 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 321 if (port == 0)
d11c1288 322 for (i = 0; i < options->num_ports; i++)
323 add_one_listen_addr(options, addr, options->ports[i]);
324 else
2d2a2c65 325 add_one_listen_addr(options, addr, port);
d11c1288 326}
327
328void
329add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
330{
331 struct addrinfo hints, *ai, *aitop;
332 char strport[NI_MAXSERV];
333 int gaierr;
334
335 memset(&hints, 0, sizeof(hints));
336 hints.ai_family = IPv4or6;
337 hints.ai_socktype = SOCK_STREAM;
338 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
339 snprintf(strport, sizeof strport, "%d", port);
340 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
341 fatal("bad addr or host: %s (%s)",
342 addr ? addr : "<NULL>",
343 gai_strerror(gaierr));
344 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
345 ;
346 ai->ai_next = options->listen_addrs;
347 options->listen_addrs = aitop;
48e671d5 348}
349
8efc0c15 350/* Reads the server configuration file. */
351
6ae2364d 352void
5260325f 353read_server_config(ServerOptions *options, const char *filename)
8efc0c15 354{
5260325f 355 FILE *f;
356 char line[1024];
d11c1288 357 char *cp, **charptr, *arg, *p;
5260325f 358 int linenum, *intptr, value;
359 int bad_options = 0;
360 ServerOpCodes opcode;
38c295d6 361 int i;
5260325f 362
363 f = fopen(filename, "r");
364 if (!f) {
365 perror(filename);
8efc0c15 366 exit(1);
5260325f 367 }
368 linenum = 0;
369 while (fgets(line, sizeof(line), f)) {
370 linenum++;
704b1659 371 cp = line;
372 arg = strdelim(&cp);
373 /* Ignore leading whitespace */
374 if (*arg == '\0')
375 arg = strdelim(&cp);
42f11eb2 376 if (!arg || !*arg || *arg == '#')
5260325f 377 continue;
fa08c86b 378 intptr = NULL;
379 charptr = NULL;
089fbbd2 380 opcode = parse_token(arg, filename, linenum);
5260325f 381 switch (opcode) {
382 case sBadOption:
383 bad_options++;
384 continue;
385 case sPort:
48e671d5 386 /* ignore ports from configfile if cmdline specifies ports */
387 if (options->ports_from_cmdline)
388 continue;
389 if (options->listen_addrs != NULL)
390 fatal("%s line %d: ports must be specified before "
391 "ListenAdress.\n", filename, linenum);
392 if (options->num_ports >= MAX_PORTS)
54b974dc 393 fatal("%s line %d: too many ports.",
6ae2364d 394 filename, linenum);
704b1659 395 arg = strdelim(&cp);
089fbbd2 396 if (!arg || *arg == '\0')
54b974dc 397 fatal("%s line %d: missing port number.",
48e671d5 398 filename, linenum);
2d2a2c65 399 options->ports[options->num_ports++] = a2port(arg);
400 if (options->ports[options->num_ports-1] == 0)
401 fatal("%s line %d: Badly formatted port number.",
402 filename, linenum);
48e671d5 403 break;
404
405 case sServerKeyBits:
406 intptr = &options->server_key_bits;
5260325f 407parse_int:
704b1659 408 arg = strdelim(&cp);
089fbbd2 409 if (!arg || *arg == '\0') {
5260325f 410 fprintf(stderr, "%s line %d: missing integer value.\n",
411 filename, linenum);
412 exit(1);
413 }
089fbbd2 414 value = atoi(arg);
5260325f 415 if (*intptr == -1)
416 *intptr = value;
417 break;
418
5260325f 419 case sLoginGraceTime:
420 intptr = &options->login_grace_time;
421 goto parse_int;
422
423 case sKeyRegenerationTime:
424 intptr = &options->key_regeneration_time;
425 goto parse_int;
426
427 case sListenAddress:
704b1659 428 arg = strdelim(&cp);
d11c1288 429 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 430 fatal("%s line %d: missing inet addr.",
48e671d5 431 filename, linenum);
d11c1288 432 if (*arg == '[') {
433 if ((p = strchr(arg, ']')) == NULL)
434 fatal("%s line %d: bad ipv6 inet addr usage.",
435 filename, linenum);
436 arg++;
437 memmove(p, p+1, strlen(p+1)+1);
438 } else if (((p = strchr(arg, ':')) == NULL) ||
439 (strchr(p+1, ':') != NULL)) {
2d2a2c65 440 add_listen_addr(options, arg, 0);
d11c1288 441 break;
442 }
443 if (*p == ':') {
2d2a2c65 444 u_short port;
445
d11c1288 446 p++;
447 if (*p == '\0')
448 fatal("%s line %d: bad inet addr:port usage.",
449 filename, linenum);
450 else {
451 *(p-1) = '\0';
2d2a2c65 452 if ((port = a2port(p)) == 0)
453 fatal("%s line %d: bad port number.",
454 filename, linenum);
455 add_listen_addr(options, arg, port);
d11c1288 456 }
457 } else if (*p == '\0')
2d2a2c65 458 add_listen_addr(options, arg, 0);
d11c1288 459 else
460 fatal("%s line %d: bad inet addr usage.",
461 filename, linenum);
5260325f 462 break;
463
464 case sHostKeyFile:
fa08c86b 465 intptr = &options->num_host_key_files;
466 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 467 fprintf(stderr,
468 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 469 filename, linenum, MAX_HOSTKEYS);
470 exit(1);
471 }
472 charptr = &options->host_key_files[*intptr];
fa649821 473parse_filename:
704b1659 474 arg = strdelim(&cp);
089fbbd2 475 if (!arg || *arg == '\0') {
5260325f 476 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 477 filename, linenum);
478 exit(1);
479 }
fa08c86b 480 if (*charptr == NULL) {
089fbbd2 481 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 482 /* increase optional counter */
483 if (intptr != NULL)
484 *intptr = *intptr + 1;
485 }
0fbe8c74 486 break;
487
488 case sPidFile:
489 charptr = &options->pid_file;
fa649821 490 goto parse_filename;
5260325f 491
5260325f 492 case sPermitRootLogin:
493 intptr = &options->permit_root_login;
704b1659 494 arg = strdelim(&cp);
089fbbd2 495 if (!arg || *arg == '\0') {
7c8f2a26 496 fprintf(stderr, "%s line %d: missing yes/"
497 "without-password/forced-commands-only/no "
498 "argument.\n", filename, linenum);
5260325f 499 exit(1);
500 }
089fbbd2 501 if (strcmp(arg, "without-password") == 0)
15853e93 502 value = PERMIT_NO_PASSWD;
503 else if (strcmp(arg, "forced-commands-only") == 0)
504 value = PERMIT_FORCED_ONLY;
089fbbd2 505 else if (strcmp(arg, "yes") == 0)
15853e93 506 value = PERMIT_YES;
089fbbd2 507 else if (strcmp(arg, "no") == 0)
15853e93 508 value = PERMIT_NO;
5260325f 509 else {
15853e93 510 fprintf(stderr, "%s line %d: Bad yes/"
511 "without-password/forced-commands-only/no "
512 "argument: %s\n", filename, linenum, arg);
5260325f 513 exit(1);
514 }
515 if (*intptr == -1)
516 *intptr = value;
517 break;
518
519 case sIgnoreRhosts:
520 intptr = &options->ignore_rhosts;
521parse_flag:
704b1659 522 arg = strdelim(&cp);
089fbbd2 523 if (!arg || *arg == '\0') {
5260325f 524 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
525 filename, linenum);
526 exit(1);
527 }
089fbbd2 528 if (strcmp(arg, "yes") == 0)
5260325f 529 value = 1;
089fbbd2 530 else if (strcmp(arg, "no") == 0)
5260325f 531 value = 0;
532 else {
533 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 534 filename, linenum, arg);
5260325f 535 exit(1);
536 }
537 if (*intptr == -1)
538 *intptr = value;
539 break;
540
541 case sIgnoreUserKnownHosts:
542 intptr = &options->ignore_user_known_hosts;
c8d54615 543 goto parse_flag;
5260325f 544
545 case sRhostsAuthentication:
546 intptr = &options->rhosts_authentication;
547 goto parse_flag;
548
549 case sRhostsRSAAuthentication:
550 intptr = &options->rhosts_rsa_authentication;
551 goto parse_flag;
552
8002af61 553 case sHostbasedAuthentication:
554 intptr = &options->hostbased_authentication;
555 goto parse_flag;
556
557 case sHostbasedUsesNameFromPacketOnly:
558 intptr = &options->hostbased_uses_name_from_packet_only;
559 goto parse_flag;
560
5260325f 561 case sRSAAuthentication:
562 intptr = &options->rsa_authentication;
563 goto parse_flag;
564
fa08c86b 565 case sPubkeyAuthentication:
566 intptr = &options->pubkey_authentication;
1d1ffb87 567 goto parse_flag;
568
8efc0c15 569#ifdef KRB4
5260325f 570 case sKerberosAuthentication:
571 intptr = &options->kerberos_authentication;
572 goto parse_flag;
573
574 case sKerberosOrLocalPasswd:
575 intptr = &options->kerberos_or_local_passwd;
576 goto parse_flag;
577
578 case sKerberosTicketCleanup:
579 intptr = &options->kerberos_ticket_cleanup;
580 goto parse_flag;
8efc0c15 581#endif
5260325f 582
8efc0c15 583#ifdef AFS
5260325f 584 case sKerberosTgtPassing:
585 intptr = &options->kerberos_tgt_passing;
586 goto parse_flag;
8efc0c15 587
5260325f 588 case sAFSTokenPassing:
589 intptr = &options->afs_token_passing;
590 goto parse_flag;
8efc0c15 591#endif
592
5260325f 593 case sPasswordAuthentication:
594 intptr = &options->password_authentication;
595 goto parse_flag;
8efc0c15 596
94ec8c6b 597 case sKbdInteractiveAuthentication:
598 intptr = &options->kbd_interactive_authentication;
599 goto parse_flag;
600
5260325f 601 case sCheckMail:
602 intptr = &options->check_mail;
603 goto parse_flag;
8efc0c15 604
d464095c 605 case sChallengeResponseAuthentication:
606 intptr = &options->challenge_reponse_authentication;
5260325f 607 goto parse_flag;
8efc0c15 608
5260325f 609 case sPrintMotd:
610 intptr = &options->print_motd;
611 goto parse_flag;
612
4f4648f9 613 case sPrintLastLog:
614 intptr = &options->print_lastlog;
615 goto parse_flag;
616
5260325f 617 case sX11Forwarding:
618 intptr = &options->x11_forwarding;
619 goto parse_flag;
620
621 case sX11DisplayOffset:
622 intptr = &options->x11_display_offset;
623 goto parse_int;
624
fa649821 625 case sXAuthLocation:
626 charptr = &options->xauth_location;
627 goto parse_filename;
2b87da3b 628
5260325f 629 case sStrictModes:
630 intptr = &options->strict_modes;
631 goto parse_flag;
632
633 case sKeepAlives:
634 intptr = &options->keepalives;
635 goto parse_flag;
636
637 case sEmptyPasswd:
638 intptr = &options->permit_empty_passwd;
639 goto parse_flag;
640
641 case sUseLogin:
642 intptr = &options->use_login;
643 goto parse_flag;
644
1d1ffb87 645 case sGatewayPorts:
646 intptr = &options->gateway_ports;
647 goto parse_flag;
648
61e96248 649 case sReverseMappingCheck:
650 intptr = &options->reverse_mapping_check;
651 goto parse_flag;
652
5260325f 653 case sLogFacility:
654 intptr = (int *) &options->log_facility;
704b1659 655 arg = strdelim(&cp);
089fbbd2 656 value = log_facility_number(arg);
5260325f 657 if (value == (SyslogFacility) - 1)
54b974dc 658 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 659 filename, linenum, arg ? arg : "<NONE>");
5260325f 660 if (*intptr == -1)
661 *intptr = (SyslogFacility) value;
662 break;
663
664 case sLogLevel:
665 intptr = (int *) &options->log_level;
704b1659 666 arg = strdelim(&cp);
089fbbd2 667 value = log_level_number(arg);
5260325f 668 if (value == (LogLevel) - 1)
54b974dc 669 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 670 filename, linenum, arg ? arg : "<NONE>");
5260325f 671 if (*intptr == -1)
672 *intptr = (LogLevel) value;
673 break;
674
33de75a3 675 case sAllowTcpForwarding:
676 intptr = &options->allow_tcp_forwarding;
677 goto parse_flag;
678
5260325f 679 case sAllowUsers:
704b1659 680 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 681 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 682 fatal("%s line %d: too many allow users.",
a8be9f80 683 filename, linenum);
089fbbd2 684 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 685 }
686 break;
687
688 case sDenyUsers:
704b1659 689 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 690 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 691 fatal( "%s line %d: too many deny users.",
a8be9f80 692 filename, linenum);
089fbbd2 693 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 694 }
695 break;
696
697 case sAllowGroups:
704b1659 698 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 699 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 700 fatal("%s line %d: too many allow groups.",
a8be9f80 701 filename, linenum);
089fbbd2 702 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 703 }
704 break;
705
706 case sDenyGroups:
704b1659 707 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 708 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 709 fatal("%s line %d: too many deny groups.",
a8be9f80 710 filename, linenum);
089fbbd2 711 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 712 }
713 break;
714
a8be9f80 715 case sCiphers:
704b1659 716 arg = strdelim(&cp);
089fbbd2 717 if (!arg || *arg == '\0')
71276795 718 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 719 if (!ciphers_valid(arg))
d0c832f3 720 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 721 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 722 if (options->ciphers == NULL)
089fbbd2 723 options->ciphers = xstrdup(arg);
a8be9f80 724 break;
725
b2552997 726 case sMacs:
727 arg = strdelim(&cp);
728 if (!arg || *arg == '\0')
729 fatal("%s line %d: Missing argument.", filename, linenum);
730 if (!mac_valid(arg))
731 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
732 filename, linenum, arg ? arg : "<NONE>");
733 if (options->macs == NULL)
734 options->macs = xstrdup(arg);
735 break;
736
a8be9f80 737 case sProtocol:
738 intptr = &options->protocol;
704b1659 739 arg = strdelim(&cp);
089fbbd2 740 if (!arg || *arg == '\0')
71276795 741 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 742 value = proto_spec(arg);
a8be9f80 743 if (value == SSH_PROTO_UNKNOWN)
744 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 745 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 746 if (*intptr == SSH_PROTO_UNKNOWN)
747 *intptr = value;
748 break;
749
38c295d6 750 case sSubsystem:
751 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
752 fatal("%s line %d: too many subsystems defined.",
753 filename, linenum);
754 }
704b1659 755 arg = strdelim(&cp);
089fbbd2 756 if (!arg || *arg == '\0')
38c295d6 757 fatal("%s line %d: Missing subsystem name.",
758 filename, linenum);
759 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 760 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 761 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 762 filename, linenum, arg);
763 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 764 arg = strdelim(&cp);
089fbbd2 765 if (!arg || *arg == '\0')
38c295d6 766 fatal("%s line %d: Missing subsystem command.",
767 filename, linenum);
089fbbd2 768 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 769 options->num_subsystems++;
770 break;
771
089fbbd2 772 case sMaxStartups:
c345cf9d 773 arg = strdelim(&cp);
774 if (!arg || *arg == '\0')
775 fatal("%s line %d: Missing MaxStartups spec.",
776 filename, linenum);
777 if (sscanf(arg, "%d:%d:%d",
778 &options->max_startups_begin,
779 &options->max_startups_rate,
780 &options->max_startups) == 3) {
781 if (options->max_startups_begin >
782 options->max_startups ||
783 options->max_startups_rate > 100 ||
784 options->max_startups_rate < 1)
785 fatal("%s line %d: Illegal MaxStartups spec.",
786 filename, linenum);
787 break;
788 }
089fbbd2 789 intptr = &options->max_startups;
790 goto parse_int;
791
eea39c02 792 case sBanner:
793 charptr = &options->banner;
794 goto parse_filename;
2b87da3b 795
5260325f 796 default:
797 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 798 filename, linenum, arg, opcode);
5260325f 799 exit(1);
8efc0c15 800 }
704b1659 801 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 802 fprintf(stderr,
089fbbd2 803 "%s line %d: garbage at end of line; \"%.200s\".\n",
804 filename, linenum, arg);
5260325f 805 exit(1);
8efc0c15 806 }
8efc0c15 807 }
5260325f 808 fclose(f);
809 if (bad_options > 0) {
810 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
811 filename, bad_options);
812 exit(1);
8efc0c15 813 }
8efc0c15 814}
git-cvsimport mirror of OpenSSH
This page took 0.239113 seconds and 5 git commands to generate.