]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
33de75a3 13RCSID("$OpenBSD: servconf.c,v 1.53 2000/10/14 12:12:09 markus Exp $");
8efc0c15 14
15#include "ssh.h"
16#include "servconf.h"
17#include "xmalloc.h"
a8be9f80 18#include "compat.h"
8efc0c15 19
48e671d5 20/* add listen address */
21void add_listen_addr(ServerOptions *options, char *addr);
22
8efc0c15 23/* Initializes the server options to their default values. */
24
6ae2364d 25void
5260325f 26initialize_server_options(ServerOptions *options)
8efc0c15 27{
5260325f 28 memset(options, 0, sizeof(*options));
48e671d5 29 options->num_ports = 0;
30 options->ports_from_cmdline = 0;
31 options->listen_addrs = NULL;
5260325f 32 options->host_key_file = NULL;
1d1ffb87 33 options->host_dsa_key_file = NULL;
0fbe8c74 34 options->pid_file = NULL;
5260325f 35 options->server_key_bits = -1;
36 options->login_grace_time = -1;
37 options->key_regeneration_time = -1;
38 options->permit_root_login = -1;
39 options->ignore_rhosts = -1;
40 options->ignore_user_known_hosts = -1;
41 options->print_motd = -1;
42 options->check_mail = -1;
43 options->x11_forwarding = -1;
44 options->x11_display_offset = -1;
fa649821 45 options->xauth_location = NULL;
5260325f 46 options->strict_modes = -1;
47 options->keepalives = -1;
48 options->log_facility = (SyslogFacility) - 1;
49 options->log_level = (LogLevel) - 1;
50 options->rhosts_authentication = -1;
51 options->rhosts_rsa_authentication = -1;
52 options->rsa_authentication = -1;
1d1ffb87 53 options->dsa_authentication = -1;
8efc0c15 54#ifdef KRB4
5260325f 55 options->kerberos_authentication = -1;
56 options->kerberos_or_local_passwd = -1;
57 options->kerberos_ticket_cleanup = -1;
8efc0c15 58#endif
59#ifdef AFS
5260325f 60 options->kerberos_tgt_passing = -1;
61 options->afs_token_passing = -1;
8efc0c15 62#endif
5260325f 63 options->password_authentication = -1;
94ec8c6b 64 options->kbd_interactive_authentication = -1;
8efc0c15 65#ifdef SKEY
5260325f 66 options->skey_authentication = -1;
8efc0c15 67#endif
5260325f 68 options->permit_empty_passwd = -1;
69 options->use_login = -1;
33de75a3 70 options->allow_tcp_forwarding = -1;
5260325f 71 options->num_allow_users = 0;
72 options->num_deny_users = 0;
73 options->num_allow_groups = 0;
74 options->num_deny_groups = 0;
a8be9f80 75 options->ciphers = NULL;
76 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 77 options->gateway_ports = -1;
38c295d6 78 options->num_subsystems = 0;
c345cf9d 79 options->max_startups_begin = -1;
80 options->max_startups_rate = -1;
089fbbd2 81 options->max_startups = -1;
8efc0c15 82}
83
6ae2364d 84void
5260325f 85fill_default_server_options(ServerOptions *options)
8efc0c15 86{
48e671d5 87 if (options->num_ports == 0)
88 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
89 if (options->listen_addrs == NULL)
90 add_listen_addr(options, NULL);
5260325f 91 if (options->host_key_file == NULL)
92 options->host_key_file = HOST_KEY_FILE;
1d1ffb87 93 if (options->host_dsa_key_file == NULL)
94 options->host_dsa_key_file = HOST_DSA_KEY_FILE;
0fbe8c74 95 if (options->pid_file == NULL)
96 options->pid_file = SSH_DAEMON_PID_FILE;
5260325f 97 if (options->server_key_bits == -1)
98 options->server_key_bits = 768;
99 if (options->login_grace_time == -1)
100 options->login_grace_time = 600;
101 if (options->key_regeneration_time == -1)
102 options->key_regeneration_time = 3600;
103 if (options->permit_root_login == -1)
104 options->permit_root_login = 1; /* yes */
105 if (options->ignore_rhosts == -1)
c8d54615 106 options->ignore_rhosts = 1;
5260325f 107 if (options->ignore_user_known_hosts == -1)
108 options->ignore_user_known_hosts = 0;
109 if (options->check_mail == -1)
110 options->check_mail = 0;
111 if (options->print_motd == -1)
112 options->print_motd = 1;
113 if (options->x11_forwarding == -1)
c8d54615 114 options->x11_forwarding = 0;
5260325f 115 if (options->x11_display_offset == -1)
c8d54615 116 options->x11_display_offset = 10;
fa649821 117#ifdef XAUTH_PATH
118 if (options->xauth_location == NULL)
119 options->xauth_location = XAUTH_PATH;
120#endif /* XAUTH_PATH */
5260325f 121 if (options->strict_modes == -1)
122 options->strict_modes = 1;
123 if (options->keepalives == -1)
124 options->keepalives = 1;
125 if (options->log_facility == (SyslogFacility) (-1))
126 options->log_facility = SYSLOG_FACILITY_AUTH;
127 if (options->log_level == (LogLevel) (-1))
128 options->log_level = SYSLOG_LEVEL_INFO;
129 if (options->rhosts_authentication == -1)
130 options->rhosts_authentication = 0;
131 if (options->rhosts_rsa_authentication == -1)
c8d54615 132 options->rhosts_rsa_authentication = 0;
5260325f 133 if (options->rsa_authentication == -1)
134 options->rsa_authentication = 1;
1d1ffb87 135 if (options->dsa_authentication == -1)
136 options->dsa_authentication = 1;
8efc0c15 137#ifdef KRB4
5260325f 138 if (options->kerberos_authentication == -1)
139 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
140 if (options->kerberos_or_local_passwd == -1)
141 options->kerberos_or_local_passwd = 1;
142 if (options->kerberos_ticket_cleanup == -1)
143 options->kerberos_ticket_cleanup = 1;
8efc0c15 144#endif /* KRB4 */
145#ifdef AFS
5260325f 146 if (options->kerberos_tgt_passing == -1)
147 options->kerberos_tgt_passing = 0;
148 if (options->afs_token_passing == -1)
149 options->afs_token_passing = k_hasafs();
8efc0c15 150#endif /* AFS */
5260325f 151 if (options->password_authentication == -1)
152 options->password_authentication = 1;
94ec8c6b 153 if (options->kbd_interactive_authentication == -1)
154 options->kbd_interactive_authentication = 0;
8efc0c15 155#ifdef SKEY
5260325f 156 if (options->skey_authentication == -1)
157 options->skey_authentication = 1;
8efc0c15 158#endif
5260325f 159 if (options->permit_empty_passwd == -1)
c8d54615 160 options->permit_empty_passwd = 0;
5260325f 161 if (options->use_login == -1)
162 options->use_login = 0;
33de75a3 163 if (options->allow_tcp_forwarding == -1)
164 options->allow_tcp_forwarding = 1;
a8be9f80 165 if (options->protocol == SSH_PROTO_UNKNOWN)
a306f2dd 166 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1d1ffb87 167 if (options->gateway_ports == -1)
168 options->gateway_ports = 0;
089fbbd2 169 if (options->max_startups == -1)
170 options->max_startups = 10;
c345cf9d 171 if (options->max_startups_rate == -1)
172 options->max_startups_rate = 100; /* 100% */
173 if (options->max_startups_begin == -1)
174 options->max_startups_begin = options->max_startups;
8efc0c15 175}
176
8efc0c15 177/* Keyword tokens. */
5260325f 178typedef enum {
179 sBadOption, /* == unknown option */
180 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
181 sPermitRootLogin, sLogFacility, sLogLevel,
182 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 183#ifdef KRB4
5260325f 184 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 185#endif
186#ifdef AFS
5260325f 187 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 188#endif
189#ifdef SKEY
5260325f 190 sSkeyAuthentication,
8efc0c15 191#endif
94ec8c6b 192 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 193 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
194 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 195 sUseLogin, sAllowTcpForwarding,
196 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
1d1ffb87 197 sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
089fbbd2 198 sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups
8efc0c15 199} ServerOpCodes;
200
201/* Textual representation of the tokens. */
5260325f 202static struct {
203 const char *name;
204 ServerOpCodes opcode;
205} keywords[] = {
206 { "port", sPort },
207 { "hostkey", sHostKeyFile },
1d1ffb87 208 { "hostdsakey", sHostDSAKeyFile },
0fbe8c74 209 { "pidfile", sPidFile },
5260325f 210 { "serverkeybits", sServerKeyBits },
211 { "logingracetime", sLoginGraceTime },
212 { "keyregenerationinterval", sKeyRegenerationTime },
213 { "permitrootlogin", sPermitRootLogin },
214 { "syslogfacility", sLogFacility },
215 { "loglevel", sLogLevel },
216 { "rhostsauthentication", sRhostsAuthentication },
217 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
218 { "rsaauthentication", sRSAAuthentication },
1d1ffb87 219 { "dsaauthentication", sDSAAuthentication },
8efc0c15 220#ifdef KRB4
5260325f 221 { "kerberosauthentication", sKerberosAuthentication },
222 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
223 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 224#endif
225#ifdef AFS
5260325f 226 { "kerberostgtpassing", sKerberosTgtPassing },
227 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 228#endif
5260325f 229 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 230 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
8efc0c15 231#ifdef SKEY
5260325f 232 { "skeyauthentication", sSkeyAuthentication },
8efc0c15 233#endif
5260325f 234 { "checkmail", sCheckMail },
235 { "listenaddress", sListenAddress },
236 { "printmotd", sPrintMotd },
237 { "ignorerhosts", sIgnoreRhosts },
238 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
239 { "x11forwarding", sX11Forwarding },
240 { "x11displayoffset", sX11DisplayOffset },
fa649821 241 { "xauthlocation", sXAuthLocation },
5260325f 242 { "strictmodes", sStrictModes },
243 { "permitemptypasswords", sEmptyPasswd },
244 { "uselogin", sUseLogin },
245 { "randomseed", sRandomSeedFile },
246 { "keepalive", sKeepAlives },
33de75a3 247 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 248 { "allowusers", sAllowUsers },
249 { "denyusers", sDenyUsers },
250 { "allowgroups", sAllowGroups },
251 { "denygroups", sDenyGroups },
a8be9f80 252 { "ciphers", sCiphers },
253 { "protocol", sProtocol },
1d1ffb87 254 { "gatewayports", sGatewayPorts },
38c295d6 255 { "subsystem", sSubsystem },
089fbbd2 256 { "maxstartups", sMaxStartups },
5260325f 257 { NULL, 0 }
8efc0c15 258};
259
aa3378df 260/*
261 * Returns the number of the token pointed to by cp of length len. Never
262 * returns if the token is not known.
263 */
8efc0c15 264
6ae2364d 265static ServerOpCodes
5260325f 266parse_token(const char *cp, const char *filename,
267 int linenum)
8efc0c15 268{
5260325f 269 unsigned int i;
8efc0c15 270
5260325f 271 for (i = 0; keywords[i].name; i++)
aa3378df 272 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 273 return keywords[i].opcode;
8efc0c15 274
5260325f 275 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
276 filename, linenum, cp);
277 return sBadOption;
8efc0c15 278}
279
48e671d5 280/*
281 * add listen address
282 */
6ae2364d 283void
48e671d5 284add_listen_addr(ServerOptions *options, char *addr)
285{
286 extern int IPv4or6;
287 struct addrinfo hints, *ai, *aitop;
288 char strport[NI_MAXSERV];
289 int gaierr;
290 int i;
291
292 if (options->num_ports == 0)
293 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
294 for (i = 0; i < options->num_ports; i++) {
295 memset(&hints, 0, sizeof(hints));
296 hints.ai_family = IPv4or6;
297 hints.ai_socktype = SOCK_STREAM;
298 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
299 snprintf(strport, sizeof strport, "%d", options->ports[i]);
300 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
301 fatal("bad addr or host: %s (%s)\n",
302 addr ? addr : "<NULL>",
303 gai_strerror(gaierr));
304 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
305 ;
306 ai->ai_next = options->listen_addrs;
307 options->listen_addrs = aitop;
308 }
309}
310
8efc0c15 311/* Reads the server configuration file. */
312
6ae2364d 313void
5260325f 314read_server_config(ServerOptions *options, const char *filename)
8efc0c15 315{
5260325f 316 FILE *f;
317 char line[1024];
089fbbd2 318 char *cp, **charptr, *arg;
5260325f 319 int linenum, *intptr, value;
320 int bad_options = 0;
321 ServerOpCodes opcode;
38c295d6 322 int i;
5260325f 323
324 f = fopen(filename, "r");
325 if (!f) {
326 perror(filename);
8efc0c15 327 exit(1);
5260325f 328 }
329 linenum = 0;
330 while (fgets(line, sizeof(line), f)) {
331 linenum++;
704b1659 332 cp = line;
333 arg = strdelim(&cp);
334 /* Ignore leading whitespace */
335 if (*arg == '\0')
336 arg = strdelim(&cp);
337 if (!*arg || *arg == '#')
5260325f 338 continue;
089fbbd2 339 opcode = parse_token(arg, filename, linenum);
5260325f 340 switch (opcode) {
341 case sBadOption:
342 bad_options++;
343 continue;
344 case sPort:
48e671d5 345 /* ignore ports from configfile if cmdline specifies ports */
346 if (options->ports_from_cmdline)
347 continue;
348 if (options->listen_addrs != NULL)
349 fatal("%s line %d: ports must be specified before "
350 "ListenAdress.\n", filename, linenum);
351 if (options->num_ports >= MAX_PORTS)
352 fatal("%s line %d: too many ports.\n",
6ae2364d 353 filename, linenum);
704b1659 354 arg = strdelim(&cp);
089fbbd2 355 if (!arg || *arg == '\0')
48e671d5 356 fatal("%s line %d: missing port number.\n",
357 filename, linenum);
089fbbd2 358 options->ports[options->num_ports++] = atoi(arg);
48e671d5 359 break;
360
361 case sServerKeyBits:
362 intptr = &options->server_key_bits;
5260325f 363parse_int:
704b1659 364 arg = strdelim(&cp);
089fbbd2 365 if (!arg || *arg == '\0') {
5260325f 366 fprintf(stderr, "%s line %d: missing integer value.\n",
367 filename, linenum);
368 exit(1);
369 }
089fbbd2 370 value = atoi(arg);
5260325f 371 if (*intptr == -1)
372 *intptr = value;
373 break;
374
5260325f 375 case sLoginGraceTime:
376 intptr = &options->login_grace_time;
377 goto parse_int;
378
379 case sKeyRegenerationTime:
380 intptr = &options->key_regeneration_time;
381 goto parse_int;
382
383 case sListenAddress:
704b1659 384 arg = strdelim(&cp);
089fbbd2 385 if (!arg || *arg == '\0')
48e671d5 386 fatal("%s line %d: missing inet addr.\n",
387 filename, linenum);
089fbbd2 388 add_listen_addr(options, arg);
5260325f 389 break;
390
391 case sHostKeyFile:
1d1ffb87 392 case sHostDSAKeyFile:
e78a59f5 393 charptr = (opcode == sHostKeyFile ) ?
1d1ffb87 394 &options->host_key_file : &options->host_dsa_key_file;
fa649821 395parse_filename:
704b1659 396 arg = strdelim(&cp);
089fbbd2 397 if (!arg || *arg == '\0') {
5260325f 398 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 399 filename, linenum);
400 exit(1);
401 }
402 if (*charptr == NULL)
089fbbd2 403 *charptr = tilde_expand_filename(arg, getuid());
0fbe8c74 404 break;
405
406 case sPidFile:
407 charptr = &options->pid_file;
fa649821 408 goto parse_filename;
5260325f 409
410 case sRandomSeedFile:
411 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
412 filename, linenum);
704b1659 413 arg = strdelim(&cp);
5260325f 414 break;
415
416 case sPermitRootLogin:
417 intptr = &options->permit_root_login;
704b1659 418 arg = strdelim(&cp);
089fbbd2 419 if (!arg || *arg == '\0') {
5260325f 420 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
421 filename, linenum);
422 exit(1);
423 }
089fbbd2 424 if (strcmp(arg, "without-password") == 0)
5260325f 425 value = 2;
089fbbd2 426 else if (strcmp(arg, "yes") == 0)
5260325f 427 value = 1;
089fbbd2 428 else if (strcmp(arg, "no") == 0)
5260325f 429 value = 0;
430 else {
431 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 432 filename, linenum, arg);
5260325f 433 exit(1);
434 }
435 if (*intptr == -1)
436 *intptr = value;
437 break;
438
439 case sIgnoreRhosts:
440 intptr = &options->ignore_rhosts;
441parse_flag:
704b1659 442 arg = strdelim(&cp);
089fbbd2 443 if (!arg || *arg == '\0') {
5260325f 444 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
445 filename, linenum);
446 exit(1);
447 }
089fbbd2 448 if (strcmp(arg, "yes") == 0)
5260325f 449 value = 1;
089fbbd2 450 else if (strcmp(arg, "no") == 0)
5260325f 451 value = 0;
452 else {
453 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 454 filename, linenum, arg);
5260325f 455 exit(1);
456 }
457 if (*intptr == -1)
458 *intptr = value;
459 break;
460
461 case sIgnoreUserKnownHosts:
462 intptr = &options->ignore_user_known_hosts;
c8d54615 463 goto parse_flag;
5260325f 464
465 case sRhostsAuthentication:
466 intptr = &options->rhosts_authentication;
467 goto parse_flag;
468
469 case sRhostsRSAAuthentication:
470 intptr = &options->rhosts_rsa_authentication;
471 goto parse_flag;
472
473 case sRSAAuthentication:
474 intptr = &options->rsa_authentication;
475 goto parse_flag;
476
1d1ffb87 477 case sDSAAuthentication:
478 intptr = &options->dsa_authentication;
479 goto parse_flag;
480
8efc0c15 481#ifdef KRB4
5260325f 482 case sKerberosAuthentication:
483 intptr = &options->kerberos_authentication;
484 goto parse_flag;
485
486 case sKerberosOrLocalPasswd:
487 intptr = &options->kerberos_or_local_passwd;
488 goto parse_flag;
489
490 case sKerberosTicketCleanup:
491 intptr = &options->kerberos_ticket_cleanup;
492 goto parse_flag;
8efc0c15 493#endif
5260325f 494
8efc0c15 495#ifdef AFS
5260325f 496 case sKerberosTgtPassing:
497 intptr = &options->kerberos_tgt_passing;
498 goto parse_flag;
8efc0c15 499
5260325f 500 case sAFSTokenPassing:
501 intptr = &options->afs_token_passing;
502 goto parse_flag;
8efc0c15 503#endif
504
5260325f 505 case sPasswordAuthentication:
506 intptr = &options->password_authentication;
507 goto parse_flag;
8efc0c15 508
94ec8c6b 509 case sKbdInteractiveAuthentication:
510 intptr = &options->kbd_interactive_authentication;
511 goto parse_flag;
512
5260325f 513 case sCheckMail:
514 intptr = &options->check_mail;
515 goto parse_flag;
8efc0c15 516
517#ifdef SKEY
5260325f 518 case sSkeyAuthentication:
519 intptr = &options->skey_authentication;
520 goto parse_flag;
8efc0c15 521#endif
522
5260325f 523 case sPrintMotd:
524 intptr = &options->print_motd;
525 goto parse_flag;
526
527 case sX11Forwarding:
528 intptr = &options->x11_forwarding;
529 goto parse_flag;
530
531 case sX11DisplayOffset:
532 intptr = &options->x11_display_offset;
533 goto parse_int;
534
fa649821 535 case sXAuthLocation:
536 charptr = &options->xauth_location;
537 goto parse_filename;
538
5260325f 539 case sStrictModes:
540 intptr = &options->strict_modes;
541 goto parse_flag;
542
543 case sKeepAlives:
544 intptr = &options->keepalives;
545 goto parse_flag;
546
547 case sEmptyPasswd:
548 intptr = &options->permit_empty_passwd;
549 goto parse_flag;
550
551 case sUseLogin:
552 intptr = &options->use_login;
553 goto parse_flag;
554
1d1ffb87 555 case sGatewayPorts:
556 intptr = &options->gateway_ports;
557 goto parse_flag;
558
5260325f 559 case sLogFacility:
560 intptr = (int *) &options->log_facility;
704b1659 561 arg = strdelim(&cp);
089fbbd2 562 value = log_facility_number(arg);
5260325f 563 if (value == (SyslogFacility) - 1)
564 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 565 filename, linenum, arg ? arg : "<NONE>");
5260325f 566 if (*intptr == -1)
567 *intptr = (SyslogFacility) value;
568 break;
569
570 case sLogLevel:
571 intptr = (int *) &options->log_level;
704b1659 572 arg = strdelim(&cp);
089fbbd2 573 value = log_level_number(arg);
5260325f 574 if (value == (LogLevel) - 1)
575 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 576 filename, linenum, arg ? arg : "<NONE>");
5260325f 577 if (*intptr == -1)
578 *intptr = (LogLevel) value;
579 break;
580
33de75a3 581 case sAllowTcpForwarding:
582 intptr = &options->allow_tcp_forwarding;
583 goto parse_flag;
584
5260325f 585 case sAllowUsers:
704b1659 586 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 587 if (options->num_allow_users >= MAX_ALLOW_USERS)
588 fatal("%s line %d: too many allow users.\n",
589 filename, linenum);
089fbbd2 590 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 591 }
592 break;
593
594 case sDenyUsers:
704b1659 595 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 596 if (options->num_deny_users >= MAX_DENY_USERS)
597 fatal( "%s line %d: too many deny users.\n",
598 filename, linenum);
089fbbd2 599 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 600 }
601 break;
602
603 case sAllowGroups:
704b1659 604 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 605 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
606 fatal("%s line %d: too many allow groups.\n",
607 filename, linenum);
089fbbd2 608 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 609 }
610 break;
611
612 case sDenyGroups:
704b1659 613 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 614 if (options->num_deny_groups >= MAX_DENY_GROUPS)
615 fatal("%s line %d: too many deny groups.\n",
616 filename, linenum);
089fbbd2 617 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 618 }
619 break;
620
a8be9f80 621 case sCiphers:
704b1659 622 arg = strdelim(&cp);
089fbbd2 623 if (!arg || *arg == '\0')
71276795 624 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 625 if (!ciphers_valid(arg))
d0c832f3 626 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 627 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 628 if (options->ciphers == NULL)
089fbbd2 629 options->ciphers = xstrdup(arg);
a8be9f80 630 break;
631
632 case sProtocol:
633 intptr = &options->protocol;
704b1659 634 arg = strdelim(&cp);
089fbbd2 635 if (!arg || *arg == '\0')
71276795 636 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 637 value = proto_spec(arg);
a8be9f80 638 if (value == SSH_PROTO_UNKNOWN)
639 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 640 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 641 if (*intptr == SSH_PROTO_UNKNOWN)
642 *intptr = value;
643 break;
644
38c295d6 645 case sSubsystem:
646 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
647 fatal("%s line %d: too many subsystems defined.",
648 filename, linenum);
649 }
704b1659 650 arg = strdelim(&cp);
089fbbd2 651 if (!arg || *arg == '\0')
38c295d6 652 fatal("%s line %d: Missing subsystem name.",
653 filename, linenum);
654 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 655 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 656 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 657 filename, linenum, arg);
658 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 659 arg = strdelim(&cp);
089fbbd2 660 if (!arg || *arg == '\0')
38c295d6 661 fatal("%s line %d: Missing subsystem command.",
662 filename, linenum);
089fbbd2 663 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 664 options->num_subsystems++;
665 break;
666
089fbbd2 667 case sMaxStartups:
c345cf9d 668 arg = strdelim(&cp);
669 if (!arg || *arg == '\0')
670 fatal("%s line %d: Missing MaxStartups spec.",
671 filename, linenum);
672 if (sscanf(arg, "%d:%d:%d",
673 &options->max_startups_begin,
674 &options->max_startups_rate,
675 &options->max_startups) == 3) {
676 if (options->max_startups_begin >
677 options->max_startups ||
678 options->max_startups_rate > 100 ||
679 options->max_startups_rate < 1)
680 fatal("%s line %d: Illegal MaxStartups spec.",
681 filename, linenum);
682 break;
683 }
089fbbd2 684 intptr = &options->max_startups;
685 goto parse_int;
686
5260325f 687 default:
688 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 689 filename, linenum, arg, opcode);
5260325f 690 exit(1);
8efc0c15 691 }
704b1659 692 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 693 fprintf(stderr,
694 "%s line %d: garbage at end of line; \"%.200s\".\n",
695 filename, linenum, arg);
5260325f 696 exit(1);
8efc0c15 697 }
8efc0c15 698 }
5260325f 699 fclose(f);
700 if (bad_options > 0) {
701 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
702 filename, bad_options);
703 exit(1);
8efc0c15 704 }
8efc0c15 705}
git-cvsimport mirror of OpenSSH
This page took 0.205368 seconds and 5 git commands to generate.