]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2002/01/21 23:27:10
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
0f84fe37 13RCSID("$OpenBSD: servconf.c,v 1.97 2002/01/04 18:14:16 stevesk Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
e15895cd 46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
48e671d5 51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
fa08c86b 54 options->num_host_key_files = 0;
0fbe8c74 55 options->pid_file = NULL;
5260325f 56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
15853e93 59 options->permit_root_login = PERMIT_NOT_SET;
5260325f 60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
4f4648f9 63 options->print_lastlog = -1;
5260325f 64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
fa649821 66 options->xauth_location = NULL;
5260325f 67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
8002af61 73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
5260325f 75 options->rsa_authentication = -1;
fa08c86b 76 options->pubkey_authentication = -1;
ced49be2 77#if defined(KRB4) || defined(KRB5)
5260325f 78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
8efc0c15 81#endif
ced49be2 82#if defined(AFS) || defined(KRB5)
5260325f 83 options->kerberos_tgt_passing = -1;
ced49be2 84#endif
85#ifdef AFS
5260325f 86 options->afs_token_passing = -1;
8efc0c15 87#endif
5260325f 88 options->password_authentication = -1;
94ec8c6b 89 options->kbd_interactive_authentication = -1;
5ba55ada 90 options->challenge_response_authentication = -1;
5260325f 91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
33de75a3 93 options->allow_tcp_forwarding = -1;
5260325f 94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
a8be9f80 98 options->ciphers = NULL;
b2552997 99 options->macs = NULL;
a8be9f80 100 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 101 options->gateway_ports = -1;
38c295d6 102 options->num_subsystems = 0;
c345cf9d 103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
089fbbd2 105 options->max_startups = -1;
eea39c02 106 options->banner = NULL;
61e96248 107 options->reverse_mapping_check = -1;
3ffc6336 108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
c8445989 110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
8efc0c15 112}
113
6ae2364d 114void
5260325f 115fill_default_server_options(ServerOptions *options)
8efc0c15 116{
e15895cd 117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
fa08c86b 122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
0f84fe37 127 options->host_key_files[options->num_host_key_files++] =
128 _PATH_HOST_KEY_FILE;
129 if (options->protocol & SSH_PROTO_2) {
130 options->host_key_files[options->num_host_key_files++] =
131 _PATH_HOST_RSA_KEY_FILE;
132 options->host_key_files[options->num_host_key_files++] =
133 _PATH_HOST_DSA_KEY_FILE;
134 }
fa08c86b 135 }
48e671d5 136 if (options->num_ports == 0)
137 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
138 if (options->listen_addrs == NULL)
2d2a2c65 139 add_listen_addr(options, NULL, 0);
0fbe8c74 140 if (options->pid_file == NULL)
42f11eb2 141 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 142 if (options->server_key_bits == -1)
143 options->server_key_bits = 768;
144 if (options->login_grace_time == -1)
145 options->login_grace_time = 600;
146 if (options->key_regeneration_time == -1)
147 options->key_regeneration_time = 3600;
15853e93 148 if (options->permit_root_login == PERMIT_NOT_SET)
149 options->permit_root_login = PERMIT_YES;
5260325f 150 if (options->ignore_rhosts == -1)
c8d54615 151 options->ignore_rhosts = 1;
5260325f 152 if (options->ignore_user_known_hosts == -1)
153 options->ignore_user_known_hosts = 0;
5260325f 154 if (options->print_motd == -1)
155 options->print_motd = 1;
4f4648f9 156 if (options->print_lastlog == -1)
157 options->print_lastlog = 1;
5260325f 158 if (options->x11_forwarding == -1)
c8d54615 159 options->x11_forwarding = 0;
5260325f 160 if (options->x11_display_offset == -1)
c8d54615 161 options->x11_display_offset = 10;
fa649821 162 if (options->xauth_location == NULL)
fd9ede94 163 options->xauth_location = _PATH_XAUTH;
5260325f 164 if (options->strict_modes == -1)
165 options->strict_modes = 1;
166 if (options->keepalives == -1)
167 options->keepalives = 1;
168 if (options->log_facility == (SyslogFacility) (-1))
169 options->log_facility = SYSLOG_FACILITY_AUTH;
170 if (options->log_level == (LogLevel) (-1))
59c97189 171 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 172 if (options->rhosts_authentication == -1)
173 options->rhosts_authentication = 0;
174 if (options->rhosts_rsa_authentication == -1)
c8d54615 175 options->rhosts_rsa_authentication = 0;
8002af61 176 if (options->hostbased_authentication == -1)
177 options->hostbased_authentication = 0;
178 if (options->hostbased_uses_name_from_packet_only == -1)
179 options->hostbased_uses_name_from_packet_only = 0;
5260325f 180 if (options->rsa_authentication == -1)
181 options->rsa_authentication = 1;
fa08c86b 182 if (options->pubkey_authentication == -1)
183 options->pubkey_authentication = 1;
ced49be2 184#if defined(KRB4) || defined(KRB5)
5260325f 185 if (options->kerberos_authentication == -1)
186 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
187 if (options->kerberos_or_local_passwd == -1)
188 options->kerberos_or_local_passwd = 1;
189 if (options->kerberos_ticket_cleanup == -1)
190 options->kerberos_ticket_cleanup = 1;
ced49be2 191#endif
192#if defined(AFS) || defined(KRB5)
5260325f 193 if (options->kerberos_tgt_passing == -1)
194 options->kerberos_tgt_passing = 0;
ced49be2 195#endif
184eed6a 196#ifdef AFS
5260325f 197 if (options->afs_token_passing == -1)
198 options->afs_token_passing = k_hasafs();
ced49be2 199#endif
5260325f 200 if (options->password_authentication == -1)
201 options->password_authentication = 1;
94ec8c6b 202 if (options->kbd_interactive_authentication == -1)
203 options->kbd_interactive_authentication = 0;
5ba55ada 204 if (options->challenge_response_authentication == -1)
205 options->challenge_response_authentication = 1;
5260325f 206 if (options->permit_empty_passwd == -1)
c8d54615 207 options->permit_empty_passwd = 0;
5260325f 208 if (options->use_login == -1)
209 options->use_login = 0;
33de75a3 210 if (options->allow_tcp_forwarding == -1)
211 options->allow_tcp_forwarding = 1;
1d1ffb87 212 if (options->gateway_ports == -1)
213 options->gateway_ports = 0;
089fbbd2 214 if (options->max_startups == -1)
215 options->max_startups = 10;
c345cf9d 216 if (options->max_startups_rate == -1)
217 options->max_startups_rate = 100; /* 100% */
218 if (options->max_startups_begin == -1)
219 options->max_startups_begin = options->max_startups;
61e96248 220 if (options->reverse_mapping_check == -1)
221 options->reverse_mapping_check = 0;
3ffc6336 222 if (options->client_alive_interval == -1)
184eed6a 223 options->client_alive_interval = 0;
3ffc6336 224 if (options->client_alive_count_max == -1)
225 options->client_alive_count_max = 3;
5df83e07 226 if (options->authorized_keys_file2 == NULL) {
227 /* authorized_keys_file2 falls back to authorized_keys_file */
228 if (options->authorized_keys_file != NULL)
229 options->authorized_keys_file2 = options->authorized_keys_file;
230 else
231 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
232 }
233 if (options->authorized_keys_file == NULL)
234 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
8efc0c15 235}
236
8efc0c15 237/* Keyword tokens. */
5260325f 238typedef enum {
239 sBadOption, /* == unknown option */
e15895cd 240 /* Portable-specific options */
241 sPAMAuthenticationViaKbdInt,
242 /* Standard Options */
5260325f 243 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
244 sPermitRootLogin, sLogFacility, sLogLevel,
245 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 246#if defined(KRB4) || defined(KRB5)
5260325f 247 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 248#endif
ced49be2 249#if defined(AFS) || defined(KRB5)
250 sKerberosTgtPassing,
251#endif
8efc0c15 252#ifdef AFS
ced49be2 253 sAFSTokenPassing,
8efc0c15 254#endif
d464095c 255 sChallengeResponseAuthentication,
94ec8c6b 256 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 257 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
258 sX11Forwarding, sX11DisplayOffset,
5c53a31e 259 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 260 sUseLogin, sAllowTcpForwarding,
261 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 262 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 263 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 264 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
184eed6a 265 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 266 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2717fa0f 267 sDeprecated
8efc0c15 268} ServerOpCodes;
269
270/* Textual representation of the tokens. */
5260325f 271static struct {
272 const char *name;
273 ServerOpCodes opcode;
274} keywords[] = {
e15895cd 275 /* Portable-specific options */
276 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
277 /* Standard Options */
5260325f 278 { "port", sPort },
279 { "hostkey", sHostKeyFile },
fa08c86b 280 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 281 { "pidfile", sPidFile },
5260325f 282 { "serverkeybits", sServerKeyBits },
283 { "logingracetime", sLoginGraceTime },
284 { "keyregenerationinterval", sKeyRegenerationTime },
285 { "permitrootlogin", sPermitRootLogin },
286 { "syslogfacility", sLogFacility },
287 { "loglevel", sLogLevel },
288 { "rhostsauthentication", sRhostsAuthentication },
289 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 290 { "hostbasedauthentication", sHostbasedAuthentication },
291 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 292 { "rsaauthentication", sRSAAuthentication },
fa08c86b 293 { "pubkeyauthentication", sPubkeyAuthentication },
294 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 295#if defined(KRB4) || defined(KRB5)
5260325f 296 { "kerberosauthentication", sKerberosAuthentication },
297 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
298 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 299#endif
ced49be2 300#if defined(AFS) || defined(KRB5)
5260325f 301 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 302#endif
303#ifdef AFS
5260325f 304 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 305#endif
5260325f 306 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 307 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 308 { "challengeresponseauthentication", sChallengeResponseAuthentication },
309 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 310 { "checkmail", sDeprecated },
5260325f 311 { "listenaddress", sListenAddress },
312 { "printmotd", sPrintMotd },
4f4648f9 313 { "printlastlog", sPrintLastLog },
5260325f 314 { "ignorerhosts", sIgnoreRhosts },
315 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
316 { "x11forwarding", sX11Forwarding },
317 { "x11displayoffset", sX11DisplayOffset },
fa649821 318 { "xauthlocation", sXAuthLocation },
5260325f 319 { "strictmodes", sStrictModes },
320 { "permitemptypasswords", sEmptyPasswd },
321 { "uselogin", sUseLogin },
5260325f 322 { "keepalive", sKeepAlives },
33de75a3 323 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 324 { "allowusers", sAllowUsers },
325 { "denyusers", sDenyUsers },
326 { "allowgroups", sAllowGroups },
327 { "denygroups", sDenyGroups },
a8be9f80 328 { "ciphers", sCiphers },
b2552997 329 { "macs", sMacs },
a8be9f80 330 { "protocol", sProtocol },
1d1ffb87 331 { "gatewayports", sGatewayPorts },
38c295d6 332 { "subsystem", sSubsystem },
089fbbd2 333 { "maxstartups", sMaxStartups },
eea39c02 334 { "banner", sBanner },
61e96248 335 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 336 { "clientaliveinterval", sClientAliveInterval },
337 { "clientalivecountmax", sClientAliveCountMax },
c8445989 338 { "authorizedkeysfile", sAuthorizedKeysFile },
339 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
17a3011c 340 { NULL, sBadOption }
8efc0c15 341};
342
aa3378df 343/*
6be9a5e8 344 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 345 */
8efc0c15 346
6ae2364d 347static ServerOpCodes
5260325f 348parse_token(const char *cp, const char *filename,
349 int linenum)
8efc0c15 350{
1e3b8b07 351 u_int i;
8efc0c15 352
5260325f 353 for (i = 0; keywords[i].name; i++)
aa3378df 354 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 355 return keywords[i].opcode;
8efc0c15 356
b7c70970 357 error("%s: line %d: Bad configuration option: %s",
358 filename, linenum, cp);
5260325f 359 return sBadOption;
8efc0c15 360}
361
396c147e 362static void
2d2a2c65 363add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 364{
48e671d5 365 int i;
366
367 if (options->num_ports == 0)
368 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 369 if (port == 0)
d11c1288 370 for (i = 0; i < options->num_ports; i++)
371 add_one_listen_addr(options, addr, options->ports[i]);
372 else
2d2a2c65 373 add_one_listen_addr(options, addr, port);
d11c1288 374}
375
396c147e 376static void
d11c1288 377add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
378{
379 struct addrinfo hints, *ai, *aitop;
380 char strport[NI_MAXSERV];
381 int gaierr;
382
383 memset(&hints, 0, sizeof(hints));
384 hints.ai_family = IPv4or6;
385 hints.ai_socktype = SOCK_STREAM;
386 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
387 snprintf(strport, sizeof strport, "%d", port);
388 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
389 fatal("bad addr or host: %s (%s)",
390 addr ? addr : "<NULL>",
391 gai_strerror(gaierr));
392 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
393 ;
394 ai->ai_next = options->listen_addrs;
395 options->listen_addrs = aitop;
48e671d5 396}
397
2717fa0f 398int
399process_server_config_line(ServerOptions *options, char *line,
400 const char *filename, int linenum)
8efc0c15 401{
d11c1288 402 char *cp, **charptr, *arg, *p;
2717fa0f 403 int *intptr, value;
5260325f 404 ServerOpCodes opcode;
97de229c 405 int i, n;
5260325f 406
2717fa0f 407 cp = line;
408 arg = strdelim(&cp);
409 /* Ignore leading whitespace */
410 if (*arg == '\0')
704b1659 411 arg = strdelim(&cp);
2717fa0f 412 if (!arg || !*arg || *arg == '#')
413 return 0;
414 intptr = NULL;
415 charptr = NULL;
416 opcode = parse_token(arg, filename, linenum);
417 switch (opcode) {
418 /* Portable-specific options */
419 case sPAMAuthenticationViaKbdInt:
420 intptr = &options->pam_authentication_via_kbd_int;
421 goto parse_flag;
48e671d5 422
2717fa0f 423 /* Standard Options */
424 case sBadOption:
425 return -1;
426 case sPort:
427 /* ignore ports from configfile if cmdline specifies ports */
428 if (options->ports_from_cmdline)
429 return 0;
430 if (options->listen_addrs != NULL)
431 fatal("%s line %d: ports must be specified before "
432 "ListenAdress.", filename, linenum);
433 if (options->num_ports >= MAX_PORTS)
434 fatal("%s line %d: too many ports.",
435 filename, linenum);
436 arg = strdelim(&cp);
437 if (!arg || *arg == '\0')
438 fatal("%s line %d: missing port number.",
439 filename, linenum);
440 options->ports[options->num_ports++] = a2port(arg);
441 if (options->ports[options->num_ports-1] == 0)
442 fatal("%s line %d: Badly formatted port number.",
443 filename, linenum);
444 break;
445
446 case sServerKeyBits:
447 intptr = &options->server_key_bits;
5260325f 448parse_int:
2717fa0f 449 arg = strdelim(&cp);
450 if (!arg || *arg == '\0')
451 fatal("%s line %d: missing integer value.",
452 filename, linenum);
453 value = atoi(arg);
454 if (*intptr == -1)
455 *intptr = value;
456 break;
457
458 case sLoginGraceTime:
459 intptr = &options->login_grace_time;
e2b1fb42 460parse_time:
2717fa0f 461 arg = strdelim(&cp);
462 if (!arg || *arg == '\0')
463 fatal("%s line %d: missing time value.",
464 filename, linenum);
465 if ((value = convtime(arg)) == -1)
466 fatal("%s line %d: invalid time value.",
467 filename, linenum);
468 if (*intptr == -1)
469 *intptr = value;
470 break;
471
472 case sKeyRegenerationTime:
473 intptr = &options->key_regeneration_time;
474 goto parse_time;
475
476 case sListenAddress:
477 arg = strdelim(&cp);
478 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
479 fatal("%s line %d: missing inet addr.",
480 filename, linenum);
481 if (*arg == '[') {
482 if ((p = strchr(arg, ']')) == NULL)
483 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 484 filename, linenum);
2717fa0f 485 arg++;
486 memmove(p, p+1, strlen(p+1)+1);
487 } else if (((p = strchr(arg, ':')) == NULL) ||
488 (strchr(p+1, ':') != NULL)) {
489 add_listen_addr(options, arg, 0);
e2b1fb42 490 break;
2717fa0f 491 }
492 if (*p == ':') {
493 u_short port;
5260325f 494
2717fa0f 495 p++;
496 if (*p == '\0')
497 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 498 filename, linenum);
2717fa0f 499 else {
500 *(p-1) = '\0';
501 if ((port = a2port(p)) == 0)
502 fatal("%s line %d: bad port number.",
d11c1288 503 filename, linenum);
2717fa0f 504 add_listen_addr(options, arg, port);
d11c1288 505 }
2717fa0f 506 } else if (*p == '\0')
507 add_listen_addr(options, arg, 0);
508 else
509 fatal("%s line %d: bad inet addr usage.",
510 filename, linenum);
511 break;
512
513 case sHostKeyFile:
514 intptr = &options->num_host_key_files;
515 if (*intptr >= MAX_HOSTKEYS)
516 fatal("%s line %d: too many host keys specified (max %d).",
517 filename, linenum, MAX_HOSTKEYS);
518 charptr = &options->host_key_files[*intptr];
fa649821 519parse_filename:
2717fa0f 520 arg = strdelim(&cp);
521 if (!arg || *arg == '\0')
522 fatal("%s line %d: missing file name.",
523 filename, linenum);
524 if (*charptr == NULL) {
525 *charptr = tilde_expand_filename(arg, getuid());
526 /* increase optional counter */
527 if (intptr != NULL)
528 *intptr = *intptr + 1;
529 }
530 break;
0fbe8c74 531
2717fa0f 532 case sPidFile:
533 charptr = &options->pid_file;
534 goto parse_filename;
5260325f 535
2717fa0f 536 case sPermitRootLogin:
537 intptr = &options->permit_root_login;
538 arg = strdelim(&cp);
539 if (!arg || *arg == '\0')
540 fatal("%s line %d: missing yes/"
541 "without-password/forced-commands-only/no "
542 "argument.", filename, linenum);
543 value = 0; /* silence compiler */
544 if (strcmp(arg, "without-password") == 0)
545 value = PERMIT_NO_PASSWD;
546 else if (strcmp(arg, "forced-commands-only") == 0)
547 value = PERMIT_FORCED_ONLY;
548 else if (strcmp(arg, "yes") == 0)
549 value = PERMIT_YES;
550 else if (strcmp(arg, "no") == 0)
551 value = PERMIT_NO;
552 else
553 fatal("%s line %d: Bad yes/"
554 "without-password/forced-commands-only/no "
555 "argument: %s", filename, linenum, arg);
556 if (*intptr == -1)
557 *intptr = value;
558 break;
559
560 case sIgnoreRhosts:
561 intptr = &options->ignore_rhosts;
5260325f 562parse_flag:
2717fa0f 563 arg = strdelim(&cp);
564 if (!arg || *arg == '\0')
565 fatal("%s line %d: missing yes/no argument.",
566 filename, linenum);
567 value = 0; /* silence compiler */
568 if (strcmp(arg, "yes") == 0)
569 value = 1;
570 else if (strcmp(arg, "no") == 0)
571 value = 0;
572 else
573 fatal("%s line %d: Bad yes/no argument: %s",
574 filename, linenum, arg);
575 if (*intptr == -1)
576 *intptr = value;
577 break;
578
579 case sIgnoreUserKnownHosts:
580 intptr = &options->ignore_user_known_hosts;
581 goto parse_flag;
582
583 case sRhostsAuthentication:
584 intptr = &options->rhosts_authentication;
585 goto parse_flag;
586
587 case sRhostsRSAAuthentication:
588 intptr = &options->rhosts_rsa_authentication;
589 goto parse_flag;
590
591 case sHostbasedAuthentication:
592 intptr = &options->hostbased_authentication;
593 goto parse_flag;
594
595 case sHostbasedUsesNameFromPacketOnly:
596 intptr = &options->hostbased_uses_name_from_packet_only;
597 goto parse_flag;
598
599 case sRSAAuthentication:
600 intptr = &options->rsa_authentication;
601 goto parse_flag;
602
603 case sPubkeyAuthentication:
604 intptr = &options->pubkey_authentication;
605 goto parse_flag;
606#if defined(KRB4) || defined(KRB5)
607 case sKerberosAuthentication:
608 intptr = &options->kerberos_authentication;
609 goto parse_flag;
5260325f 610
2717fa0f 611 case sKerberosOrLocalPasswd:
612 intptr = &options->kerberos_or_local_passwd;
613 goto parse_flag;
5260325f 614
2717fa0f 615 case sKerberosTicketCleanup:
616 intptr = &options->kerberos_ticket_cleanup;
617 goto parse_flag;
618#endif
619#if defined(AFS) || defined(KRB5)
620 case sKerberosTgtPassing:
621 intptr = &options->kerberos_tgt_passing;
622 goto parse_flag;
623#endif
624#ifdef AFS
625 case sAFSTokenPassing:
626 intptr = &options->afs_token_passing;
627 goto parse_flag;
628#endif
5260325f 629
2717fa0f 630 case sPasswordAuthentication:
631 intptr = &options->password_authentication;
632 goto parse_flag;
5260325f 633
2717fa0f 634 case sKbdInteractiveAuthentication:
635 intptr = &options->kbd_interactive_authentication;
636 goto parse_flag;
8002af61 637
2717fa0f 638 case sChallengeResponseAuthentication:
639 intptr = &options->challenge_response_authentication;
640 goto parse_flag;
8002af61 641
2717fa0f 642 case sPrintMotd:
643 intptr = &options->print_motd;
644 goto parse_flag;
5260325f 645
2717fa0f 646 case sPrintLastLog:
647 intptr = &options->print_lastlog;
648 goto parse_flag;
5260325f 649
2717fa0f 650 case sX11Forwarding:
651 intptr = &options->x11_forwarding;
652 goto parse_flag;
5260325f 653
2717fa0f 654 case sX11DisplayOffset:
655 intptr = &options->x11_display_offset;
656 goto parse_int;
8efc0c15 657
2717fa0f 658 case sXAuthLocation:
659 charptr = &options->xauth_location;
660 goto parse_filename;
5260325f 661
2717fa0f 662 case sStrictModes:
663 intptr = &options->strict_modes;
664 goto parse_flag;
5260325f 665
2717fa0f 666 case sKeepAlives:
667 intptr = &options->keepalives;
668 goto parse_flag;
33de75a3 669
2717fa0f 670 case sEmptyPasswd:
671 intptr = &options->permit_empty_passwd;
672 goto parse_flag;
5260325f 673
2717fa0f 674 case sUseLogin:
675 intptr = &options->use_login;
676 goto parse_flag;
5260325f 677
2717fa0f 678 case sGatewayPorts:
679 intptr = &options->gateway_ports;
680 goto parse_flag;
5260325f 681
2717fa0f 682 case sReverseMappingCheck:
683 intptr = &options->reverse_mapping_check;
684 goto parse_flag;
5260325f 685
2717fa0f 686 case sLogFacility:
687 intptr = (int *) &options->log_facility;
688 arg = strdelim(&cp);
689 value = log_facility_number(arg);
690 if (value == (SyslogFacility) - 1)
691 fatal("%.200s line %d: unsupported log facility '%s'",
692 filename, linenum, arg ? arg : "<NONE>");
693 if (*intptr == -1)
694 *intptr = (SyslogFacility) value;
695 break;
696
697 case sLogLevel:
698 intptr = (int *) &options->log_level;
699 arg = strdelim(&cp);
700 value = log_level_number(arg);
701 if (value == (LogLevel) - 1)
702 fatal("%.200s line %d: unsupported log level '%s'",
703 filename, linenum, arg ? arg : "<NONE>");
704 if (*intptr == -1)
705 *intptr = (LogLevel) value;
706 break;
707
708 case sAllowTcpForwarding:
709 intptr = &options->allow_tcp_forwarding;
710 goto parse_flag;
711
712 case sAllowUsers:
713 while ((arg = strdelim(&cp)) && *arg != '\0') {
714 if (options->num_allow_users >= MAX_ALLOW_USERS)
715 fatal("%s line %d: too many allow users.",
716 filename, linenum);
717 options->allow_users[options->num_allow_users++] = xstrdup(arg);
718 }
719 break;
a8be9f80 720
2717fa0f 721 case sDenyUsers:
722 while ((arg = strdelim(&cp)) && *arg != '\0') {
723 if (options->num_deny_users >= MAX_DENY_USERS)
724 fatal( "%s line %d: too many deny users.",
725 filename, linenum);
726 options->deny_users[options->num_deny_users++] = xstrdup(arg);
727 }
728 break;
b2552997 729
2717fa0f 730 case sAllowGroups:
731 while ((arg = strdelim(&cp)) && *arg != '\0') {
732 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
733 fatal("%s line %d: too many allow groups.",
734 filename, linenum);
735 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
736 }
737 break;
a8be9f80 738
2717fa0f 739 case sDenyGroups:
740 while ((arg = strdelim(&cp)) && *arg != '\0') {
741 if (options->num_deny_groups >= MAX_DENY_GROUPS)
742 fatal("%s line %d: too many deny groups.",
743 filename, linenum);
744 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
745 }
746 break;
38c295d6 747
2717fa0f 748 case sCiphers:
749 arg = strdelim(&cp);
750 if (!arg || *arg == '\0')
751 fatal("%s line %d: Missing argument.", filename, linenum);
752 if (!ciphers_valid(arg))
753 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
754 filename, linenum, arg ? arg : "<NONE>");
755 if (options->ciphers == NULL)
756 options->ciphers = xstrdup(arg);
757 break;
758
759 case sMacs:
760 arg = strdelim(&cp);
761 if (!arg || *arg == '\0')
762 fatal("%s line %d: Missing argument.", filename, linenum);
763 if (!mac_valid(arg))
764 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
765 filename, linenum, arg ? arg : "<NONE>");
766 if (options->macs == NULL)
767 options->macs = xstrdup(arg);
768 break;
769
770 case sProtocol:
771 intptr = &options->protocol;
772 arg = strdelim(&cp);
773 if (!arg || *arg == '\0')
774 fatal("%s line %d: Missing argument.", filename, linenum);
775 value = proto_spec(arg);
776 if (value == SSH_PROTO_UNKNOWN)
777 fatal("%s line %d: Bad protocol spec '%s'.",
184eed6a 778 filename, linenum, arg ? arg : "<NONE>");
2717fa0f 779 if (*intptr == SSH_PROTO_UNKNOWN)
780 *intptr = value;
781 break;
782
783 case sSubsystem:
784 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
785 fatal("%s line %d: too many subsystems defined.",
184eed6a 786 filename, linenum);
2717fa0f 787 }
788 arg = strdelim(&cp);
789 if (!arg || *arg == '\0')
790 fatal("%s line %d: Missing subsystem name.",
184eed6a 791 filename, linenum);
2717fa0f 792 for (i = 0; i < options->num_subsystems; i++)
793 if (strcmp(arg, options->subsystem_name[i]) == 0)
794 fatal("%s line %d: Subsystem '%s' already defined.",
184eed6a 795 filename, linenum, arg);
2717fa0f 796 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
797 arg = strdelim(&cp);
798 if (!arg || *arg == '\0')
799 fatal("%s line %d: Missing subsystem command.",
184eed6a 800 filename, linenum);
2717fa0f 801 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
802 options->num_subsystems++;
803 break;
804
805 case sMaxStartups:
806 arg = strdelim(&cp);
807 if (!arg || *arg == '\0')
808 fatal("%s line %d: Missing MaxStartups spec.",
184eed6a 809 filename, linenum);
2717fa0f 810 if ((n = sscanf(arg, "%d:%d:%d",
811 &options->max_startups_begin,
812 &options->max_startups_rate,
813 &options->max_startups)) == 3) {
814 if (options->max_startups_begin >
815 options->max_startups ||
816 options->max_startups_rate > 100 ||
817 options->max_startups_rate < 1)
c345cf9d 818 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 819 filename, linenum);
2717fa0f 820 } else if (n != 1)
821 fatal("%s line %d: Illegal MaxStartups spec.",
822 filename, linenum);
823 else
824 options->max_startups = options->max_startups_begin;
825 break;
826
827 case sBanner:
828 charptr = &options->banner;
829 goto parse_filename;
830 /*
831 * These options can contain %X options expanded at
832 * connect time, so that you can specify paths like:
833 *
834 * AuthorizedKeysFile /etc/ssh_keys/%u
835 */
836 case sAuthorizedKeysFile:
837 case sAuthorizedKeysFile2:
838 charptr = (opcode == sAuthorizedKeysFile ) ?
839 &options->authorized_keys_file :
840 &options->authorized_keys_file2;
841 goto parse_filename;
842
843 case sClientAliveInterval:
844 intptr = &options->client_alive_interval;
845 goto parse_time;
846
847 case sClientAliveCountMax:
848 intptr = &options->client_alive_count_max;
849 goto parse_int;
850
851 case sDeprecated:
852 log("%s line %d: Deprecated option %s",
853 filename, linenum, arg);
854 while (arg)
855 arg = strdelim(&cp);
856 break;
857
858 default:
859 fatal("%s line %d: Missing handler for opcode %s (%d)",
860 filename, linenum, arg, opcode);
861 }
862 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
863 fatal("%s line %d: garbage at end of line; \"%.200s\".",
864 filename, linenum, arg);
865 return 0;
866}
089fbbd2 867
2717fa0f 868/* Reads the server configuration file. */
5c53a31e 869
2717fa0f 870void
871read_server_config(ServerOptions *options, const char *filename)
872{
873 FILE *f;
874 char line[1024];
875 int linenum;
876 int bad_options = 0;
877
878 f = fopen(filename, "r");
879 if (!f) {
880 perror(filename);
881 exit(1);
882 }
883 linenum = 0;
884 while (fgets(line, sizeof(line), f)) {
885 /* Update line number counter. */
886 linenum++;
887 if (process_server_config_line(options, line, filename, linenum) != 0)
888 bad_options++;
8efc0c15 889 }
5260325f 890 fclose(f);
b7c70970 891 if (bad_options > 0)
892 fatal("%s: terminating, %d bad configuration options",
893 filename, bad_options);
8efc0c15 894}
git-cvsimport mirror of OpenSSH
This page took 0.559434 seconds and 5 git commands to generate.