]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) QNX resync. OK tim@
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
46d738cd 13RCSID("$OpenBSD: servconf.c,v 1.88 2001/07/11 00:24:53 itojun Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
ced49be2 73#if defined(KRB4) || defined(KRB5)
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
ced49be2 78#if defined(AFS) || defined(KRB5)
5260325f 79 options->kerberos_tgt_passing = -1;
ced49be2 80#endif
81#ifdef AFS
5260325f 82 options->afs_token_passing = -1;
8efc0c15 83#endif
5260325f 84 options->password_authentication = -1;
94ec8c6b 85 options->kbd_interactive_authentication = -1;
5ba55ada 86 options->challenge_response_authentication = -1;
5260325f 87 options->permit_empty_passwd = -1;
88 options->use_login = -1;
33de75a3 89 options->allow_tcp_forwarding = -1;
5260325f 90 options->num_allow_users = 0;
91 options->num_deny_users = 0;
92 options->num_allow_groups = 0;
93 options->num_deny_groups = 0;
a8be9f80 94 options->ciphers = NULL;
b2552997 95 options->macs = NULL;
a8be9f80 96 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 97 options->gateway_ports = -1;
38c295d6 98 options->num_subsystems = 0;
c345cf9d 99 options->max_startups_begin = -1;
100 options->max_startups_rate = -1;
089fbbd2 101 options->max_startups = -1;
eea39c02 102 options->banner = NULL;
61e96248 103 options->reverse_mapping_check = -1;
3ffc6336 104 options->client_alive_interval = -1;
105 options->client_alive_count_max = -1;
c8445989 106 options->authorized_keys_file = NULL;
107 options->authorized_keys_file2 = NULL;
10f72868 108 options->pam_authentication_via_kbd_int = -1;
8efc0c15 109}
110
6ae2364d 111void
5260325f 112fill_default_server_options(ServerOptions *options)
8efc0c15 113{
fa08c86b 114 if (options->protocol == SSH_PROTO_UNKNOWN)
115 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
116 if (options->num_host_key_files == 0) {
117 /* fill default hostkeys for protocols */
118 if (options->protocol & SSH_PROTO_1)
42f11eb2 119 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 120 if (options->protocol & SSH_PROTO_2)
42f11eb2 121 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 122 }
48e671d5 123 if (options->num_ports == 0)
124 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
125 if (options->listen_addrs == NULL)
2d2a2c65 126 add_listen_addr(options, NULL, 0);
0fbe8c74 127 if (options->pid_file == NULL)
42f11eb2 128 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 129 if (options->server_key_bits == -1)
130 options->server_key_bits = 768;
131 if (options->login_grace_time == -1)
132 options->login_grace_time = 600;
133 if (options->key_regeneration_time == -1)
134 options->key_regeneration_time = 3600;
15853e93 135 if (options->permit_root_login == PERMIT_NOT_SET)
136 options->permit_root_login = PERMIT_YES;
5260325f 137 if (options->ignore_rhosts == -1)
c8d54615 138 options->ignore_rhosts = 1;
5260325f 139 if (options->ignore_user_known_hosts == -1)
140 options->ignore_user_known_hosts = 0;
141 if (options->check_mail == -1)
142 options->check_mail = 0;
143 if (options->print_motd == -1)
144 options->print_motd = 1;
4f4648f9 145 if (options->print_lastlog == -1)
146 options->print_lastlog = 1;
5260325f 147 if (options->x11_forwarding == -1)
c8d54615 148 options->x11_forwarding = 0;
5260325f 149 if (options->x11_display_offset == -1)
c8d54615 150 options->x11_display_offset = 10;
fd9ede94 151#ifdef _PATH_XAUTH
fa649821 152 if (options->xauth_location == NULL)
fd9ede94 153 options->xauth_location = _PATH_XAUTH;
154#endif
5260325f 155 if (options->strict_modes == -1)
156 options->strict_modes = 1;
157 if (options->keepalives == -1)
158 options->keepalives = 1;
159 if (options->log_facility == (SyslogFacility) (-1))
160 options->log_facility = SYSLOG_FACILITY_AUTH;
161 if (options->log_level == (LogLevel) (-1))
59c97189 162 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 163 if (options->rhosts_authentication == -1)
164 options->rhosts_authentication = 0;
165 if (options->rhosts_rsa_authentication == -1)
c8d54615 166 options->rhosts_rsa_authentication = 0;
8002af61 167 if (options->hostbased_authentication == -1)
168 options->hostbased_authentication = 0;
169 if (options->hostbased_uses_name_from_packet_only == -1)
170 options->hostbased_uses_name_from_packet_only = 0;
5260325f 171 if (options->rsa_authentication == -1)
172 options->rsa_authentication = 1;
fa08c86b 173 if (options->pubkey_authentication == -1)
174 options->pubkey_authentication = 1;
ced49be2 175#if defined(KRB4) || defined(KRB5)
5260325f 176 if (options->kerberos_authentication == -1)
177 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
178 if (options->kerberos_or_local_passwd == -1)
179 options->kerberos_or_local_passwd = 1;
180 if (options->kerberos_ticket_cleanup == -1)
181 options->kerberos_ticket_cleanup = 1;
ced49be2 182#endif
183#if defined(AFS) || defined(KRB5)
5260325f 184 if (options->kerberos_tgt_passing == -1)
185 options->kerberos_tgt_passing = 0;
ced49be2 186#endif
187#ifdef AFS
5260325f 188 if (options->afs_token_passing == -1)
189 options->afs_token_passing = k_hasafs();
ced49be2 190#endif
5260325f 191 if (options->password_authentication == -1)
192 options->password_authentication = 1;
94ec8c6b 193 if (options->kbd_interactive_authentication == -1)
194 options->kbd_interactive_authentication = 0;
5ba55ada 195 if (options->challenge_response_authentication == -1)
196 options->challenge_response_authentication = 1;
5260325f 197 if (options->permit_empty_passwd == -1)
c8d54615 198 options->permit_empty_passwd = 0;
5260325f 199 if (options->use_login == -1)
200 options->use_login = 0;
33de75a3 201 if (options->allow_tcp_forwarding == -1)
202 options->allow_tcp_forwarding = 1;
1d1ffb87 203 if (options->gateway_ports == -1)
204 options->gateway_ports = 0;
089fbbd2 205 if (options->max_startups == -1)
206 options->max_startups = 10;
c345cf9d 207 if (options->max_startups_rate == -1)
208 options->max_startups_rate = 100; /* 100% */
209 if (options->max_startups_begin == -1)
210 options->max_startups_begin = options->max_startups;
61e96248 211 if (options->reverse_mapping_check == -1)
212 options->reverse_mapping_check = 0;
3ffc6336 213 if (options->client_alive_interval == -1)
214 options->client_alive_interval = 0;
215 if (options->client_alive_count_max == -1)
216 options->client_alive_count_max = 3;
c8445989 217 if (options->authorized_keys_file == NULL)
70cd360d 218 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
c8445989 219 if (options->authorized_keys_file2 == NULL)
70cd360d 220 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
10f72868 221 if (options->pam_authentication_via_kbd_int == -1)
222 options->pam_authentication_via_kbd_int = 0;
8efc0c15 223}
224
8efc0c15 225/* Keyword tokens. */
5260325f 226typedef enum {
227 sBadOption, /* == unknown option */
228 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
229 sPermitRootLogin, sLogFacility, sLogLevel,
230 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 231#if defined(KRB4) || defined(KRB5)
5260325f 232 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 233#endif
ced49be2 234#if defined(AFS) || defined(KRB5)
235 sKerberosTgtPassing,
236#endif
8efc0c15 237#ifdef AFS
ced49be2 238 sAFSTokenPassing,
8efc0c15 239#endif
d464095c 240 sChallengeResponseAuthentication,
94ec8c6b 241 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 242 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
243 sX11Forwarding, sX11DisplayOffset,
9c81df4c 244 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 245 sUseLogin, sAllowTcpForwarding,
246 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 247 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 248 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 249 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 250 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 251 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
252 sPAMAuthenticationViaKbdInt
8efc0c15 253} ServerOpCodes;
254
255/* Textual representation of the tokens. */
5260325f 256static struct {
257 const char *name;
258 ServerOpCodes opcode;
259} keywords[] = {
260 { "port", sPort },
261 { "hostkey", sHostKeyFile },
fa08c86b 262 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 263 { "pidfile", sPidFile },
5260325f 264 { "serverkeybits", sServerKeyBits },
265 { "logingracetime", sLoginGraceTime },
266 { "keyregenerationinterval", sKeyRegenerationTime },
267 { "permitrootlogin", sPermitRootLogin },
268 { "syslogfacility", sLogFacility },
269 { "loglevel", sLogLevel },
270 { "rhostsauthentication", sRhostsAuthentication },
271 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 272 { "hostbasedauthentication", sHostbasedAuthentication },
273 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 274 { "rsaauthentication", sRSAAuthentication },
fa08c86b 275 { "pubkeyauthentication", sPubkeyAuthentication },
276 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 277#if defined(KRB4) || defined(KRB5)
5260325f 278 { "kerberosauthentication", sKerberosAuthentication },
279 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
280 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 281#endif
ced49be2 282#if defined(AFS) || defined(KRB5)
5260325f 283 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 284#endif
285#ifdef AFS
5260325f 286 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 287#endif
5260325f 288 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 289 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 290 { "challengeresponseauthentication", sChallengeResponseAuthentication },
291 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 292 { "checkmail", sCheckMail },
293 { "listenaddress", sListenAddress },
294 { "printmotd", sPrintMotd },
4f4648f9 295 { "printlastlog", sPrintLastLog },
5260325f 296 { "ignorerhosts", sIgnoreRhosts },
297 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
298 { "x11forwarding", sX11Forwarding },
299 { "x11displayoffset", sX11DisplayOffset },
fa649821 300 { "xauthlocation", sXAuthLocation },
5260325f 301 { "strictmodes", sStrictModes },
302 { "permitemptypasswords", sEmptyPasswd },
303 { "uselogin", sUseLogin },
5260325f 304 { "keepalive", sKeepAlives },
33de75a3 305 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 306 { "allowusers", sAllowUsers },
307 { "denyusers", sDenyUsers },
308 { "allowgroups", sAllowGroups },
309 { "denygroups", sDenyGroups },
a8be9f80 310 { "ciphers", sCiphers },
b2552997 311 { "macs", sMacs },
a8be9f80 312 { "protocol", sProtocol },
1d1ffb87 313 { "gatewayports", sGatewayPorts },
38c295d6 314 { "subsystem", sSubsystem },
089fbbd2 315 { "maxstartups", sMaxStartups },
eea39c02 316 { "banner", sBanner },
61e96248 317 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 318 { "clientaliveinterval", sClientAliveInterval },
319 { "clientalivecountmax", sClientAliveCountMax },
c8445989 320 { "authorizedkeysfile", sAuthorizedKeysFile },
321 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
10f72868 322 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 323 { NULL, 0 }
8efc0c15 324};
325
aa3378df 326/*
6be9a5e8 327 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 328 */
8efc0c15 329
6ae2364d 330static ServerOpCodes
5260325f 331parse_token(const char *cp, const char *filename,
332 int linenum)
8efc0c15 333{
1e3b8b07 334 u_int i;
8efc0c15 335
5260325f 336 for (i = 0; keywords[i].name; i++)
aa3378df 337 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 338 return keywords[i].opcode;
8efc0c15 339
b7c70970 340 error("%s: line %d: Bad configuration option: %s",
341 filename, linenum, cp);
5260325f 342 return sBadOption;
8efc0c15 343}
344
396c147e 345static void
2d2a2c65 346add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 347{
48e671d5 348 int i;
349
350 if (options->num_ports == 0)
351 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 352 if (port == 0)
d11c1288 353 for (i = 0; i < options->num_ports; i++)
354 add_one_listen_addr(options, addr, options->ports[i]);
355 else
2d2a2c65 356 add_one_listen_addr(options, addr, port);
d11c1288 357}
358
396c147e 359static void
d11c1288 360add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
361{
362 struct addrinfo hints, *ai, *aitop;
363 char strport[NI_MAXSERV];
364 int gaierr;
365
366 memset(&hints, 0, sizeof(hints));
367 hints.ai_family = IPv4or6;
368 hints.ai_socktype = SOCK_STREAM;
369 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
370 snprintf(strport, sizeof strport, "%d", port);
371 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
372 fatal("bad addr or host: %s (%s)",
373 addr ? addr : "<NULL>",
374 gai_strerror(gaierr));
375 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
376 ;
377 ai->ai_next = options->listen_addrs;
378 options->listen_addrs = aitop;
48e671d5 379}
380
8efc0c15 381/* Reads the server configuration file. */
382
6ae2364d 383void
5260325f 384read_server_config(ServerOptions *options, const char *filename)
8efc0c15 385{
5260325f 386 FILE *f;
387 char line[1024];
d11c1288 388 char *cp, **charptr, *arg, *p;
5260325f 389 int linenum, *intptr, value;
390 int bad_options = 0;
391 ServerOpCodes opcode;
97de229c 392 int i, n;
5260325f 393
394 f = fopen(filename, "r");
395 if (!f) {
396 perror(filename);
8efc0c15 397 exit(1);
5260325f 398 }
399 linenum = 0;
400 while (fgets(line, sizeof(line), f)) {
401 linenum++;
704b1659 402 cp = line;
403 arg = strdelim(&cp);
404 /* Ignore leading whitespace */
405 if (*arg == '\0')
406 arg = strdelim(&cp);
42f11eb2 407 if (!arg || !*arg || *arg == '#')
5260325f 408 continue;
fa08c86b 409 intptr = NULL;
410 charptr = NULL;
089fbbd2 411 opcode = parse_token(arg, filename, linenum);
5260325f 412 switch (opcode) {
413 case sBadOption:
414 bad_options++;
415 continue;
416 case sPort:
48e671d5 417 /* ignore ports from configfile if cmdline specifies ports */
418 if (options->ports_from_cmdline)
419 continue;
420 if (options->listen_addrs != NULL)
421 fatal("%s line %d: ports must be specified before "
c98cab9b 422 "ListenAdress.", filename, linenum);
48e671d5 423 if (options->num_ports >= MAX_PORTS)
54b974dc 424 fatal("%s line %d: too many ports.",
6ae2364d 425 filename, linenum);
704b1659 426 arg = strdelim(&cp);
089fbbd2 427 if (!arg || *arg == '\0')
54b974dc 428 fatal("%s line %d: missing port number.",
48e671d5 429 filename, linenum);
2d2a2c65 430 options->ports[options->num_ports++] = a2port(arg);
431 if (options->ports[options->num_ports-1] == 0)
432 fatal("%s line %d: Badly formatted port number.",
433 filename, linenum);
48e671d5 434 break;
435
436 case sServerKeyBits:
437 intptr = &options->server_key_bits;
5260325f 438parse_int:
704b1659 439 arg = strdelim(&cp);
b7c70970 440 if (!arg || *arg == '\0')
441 fatal("%s line %d: missing integer value.",
442 filename, linenum);
089fbbd2 443 value = atoi(arg);
5260325f 444 if (*intptr == -1)
445 *intptr = value;
446 break;
447
5260325f 448 case sLoginGraceTime:
449 intptr = &options->login_grace_time;
e2b1fb42 450parse_time:
451 arg = strdelim(&cp);
452 if (!arg || *arg == '\0')
453 fatal("%s line %d: missing time value.",
454 filename, linenum);
455 if ((value = convtime(arg)) == -1)
456 fatal("%s line %d: invalid time value.",
457 filename, linenum);
458 if (*intptr == -1)
459 *intptr = value;
460 break;
5260325f 461
462 case sKeyRegenerationTime:
463 intptr = &options->key_regeneration_time;
e2b1fb42 464 goto parse_time;
5260325f 465
466 case sListenAddress:
704b1659 467 arg = strdelim(&cp);
d11c1288 468 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 469 fatal("%s line %d: missing inet addr.",
48e671d5 470 filename, linenum);
d11c1288 471 if (*arg == '[') {
472 if ((p = strchr(arg, ']')) == NULL)
473 fatal("%s line %d: bad ipv6 inet addr usage.",
474 filename, linenum);
475 arg++;
476 memmove(p, p+1, strlen(p+1)+1);
477 } else if (((p = strchr(arg, ':')) == NULL) ||
478 (strchr(p+1, ':') != NULL)) {
2d2a2c65 479 add_listen_addr(options, arg, 0);
d11c1288 480 break;
481 }
482 if (*p == ':') {
2d2a2c65 483 u_short port;
484
d11c1288 485 p++;
486 if (*p == '\0')
487 fatal("%s line %d: bad inet addr:port usage.",
488 filename, linenum);
489 else {
490 *(p-1) = '\0';
2d2a2c65 491 if ((port = a2port(p)) == 0)
492 fatal("%s line %d: bad port number.",
493 filename, linenum);
494 add_listen_addr(options, arg, port);
d11c1288 495 }
496 } else if (*p == '\0')
2d2a2c65 497 add_listen_addr(options, arg, 0);
d11c1288 498 else
499 fatal("%s line %d: bad inet addr usage.",
500 filename, linenum);
5260325f 501 break;
502
503 case sHostKeyFile:
fa08c86b 504 intptr = &options->num_host_key_files;
b7c70970 505 if (*intptr >= MAX_HOSTKEYS)
506 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 507 filename, linenum, MAX_HOSTKEYS);
fa08c86b 508 charptr = &options->host_key_files[*intptr];
fa649821 509parse_filename:
704b1659 510 arg = strdelim(&cp);
b7c70970 511 if (!arg || *arg == '\0')
512 fatal("%s line %d: missing file name.",
0fbe8c74 513 filename, linenum);
fa08c86b 514 if (*charptr == NULL) {
089fbbd2 515 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 516 /* increase optional counter */
517 if (intptr != NULL)
518 *intptr = *intptr + 1;
519 }
0fbe8c74 520 break;
521
522 case sPidFile:
523 charptr = &options->pid_file;
fa649821 524 goto parse_filename;
5260325f 525
5260325f 526 case sPermitRootLogin:
527 intptr = &options->permit_root_login;
704b1659 528 arg = strdelim(&cp);
b7c70970 529 if (!arg || *arg == '\0')
530 fatal("%s line %d: missing yes/"
7c8f2a26 531 "without-password/forced-commands-only/no "
b7c70970 532 "argument.", filename, linenum);
533 value = 0; /* silence compiler */
089fbbd2 534 if (strcmp(arg, "without-password") == 0)
15853e93 535 value = PERMIT_NO_PASSWD;
536 else if (strcmp(arg, "forced-commands-only") == 0)
537 value = PERMIT_FORCED_ONLY;
089fbbd2 538 else if (strcmp(arg, "yes") == 0)
15853e93 539 value = PERMIT_YES;
089fbbd2 540 else if (strcmp(arg, "no") == 0)
15853e93 541 value = PERMIT_NO;
b7c70970 542 else
543 fatal("%s line %d: Bad yes/"
15853e93 544 "without-password/forced-commands-only/no "
b7c70970 545 "argument: %s", filename, linenum, arg);
5260325f 546 if (*intptr == -1)
547 *intptr = value;
548 break;
549
550 case sIgnoreRhosts:
551 intptr = &options->ignore_rhosts;
552parse_flag:
704b1659 553 arg = strdelim(&cp);
b7c70970 554 if (!arg || *arg == '\0')
555 fatal("%s line %d: missing yes/no argument.",
556 filename, linenum);
557 value = 0; /* silence compiler */
089fbbd2 558 if (strcmp(arg, "yes") == 0)
5260325f 559 value = 1;
089fbbd2 560 else if (strcmp(arg, "no") == 0)
5260325f 561 value = 0;
b7c70970 562 else
563 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 564 filename, linenum, arg);
5260325f 565 if (*intptr == -1)
566 *intptr = value;
567 break;
568
569 case sIgnoreUserKnownHosts:
570 intptr = &options->ignore_user_known_hosts;
c8d54615 571 goto parse_flag;
5260325f 572
573 case sRhostsAuthentication:
574 intptr = &options->rhosts_authentication;
575 goto parse_flag;
576
577 case sRhostsRSAAuthentication:
578 intptr = &options->rhosts_rsa_authentication;
579 goto parse_flag;
580
8002af61 581 case sHostbasedAuthentication:
582 intptr = &options->hostbased_authentication;
583 goto parse_flag;
584
585 case sHostbasedUsesNameFromPacketOnly:
586 intptr = &options->hostbased_uses_name_from_packet_only;
587 goto parse_flag;
588
5260325f 589 case sRSAAuthentication:
590 intptr = &options->rsa_authentication;
591 goto parse_flag;
592
fa08c86b 593 case sPubkeyAuthentication:
594 intptr = &options->pubkey_authentication;
1d1ffb87 595 goto parse_flag;
ced49be2 596#if defined(KRB4) || defined(KRB5)
5260325f 597 case sKerberosAuthentication:
598 intptr = &options->kerberos_authentication;
599 goto parse_flag;
600
601 case sKerberosOrLocalPasswd:
602 intptr = &options->kerberos_or_local_passwd;
603 goto parse_flag;
604
605 case sKerberosTicketCleanup:
606 intptr = &options->kerberos_ticket_cleanup;
607 goto parse_flag;
8efc0c15 608#endif
ced49be2 609#if defined(AFS) || defined(KRB5)
5260325f 610 case sKerberosTgtPassing:
611 intptr = &options->kerberos_tgt_passing;
612 goto parse_flag;
ced49be2 613#endif
614#ifdef AFS
5260325f 615 case sAFSTokenPassing:
616 intptr = &options->afs_token_passing;
617 goto parse_flag;
8efc0c15 618#endif
619
5260325f 620 case sPasswordAuthentication:
621 intptr = &options->password_authentication;
622 goto parse_flag;
8efc0c15 623
94ec8c6b 624 case sKbdInteractiveAuthentication:
625 intptr = &options->kbd_interactive_authentication;
626 goto parse_flag;
627
5260325f 628 case sCheckMail:
629 intptr = &options->check_mail;
630 goto parse_flag;
8efc0c15 631
d464095c 632 case sChallengeResponseAuthentication:
5ba55ada 633 intptr = &options->challenge_response_authentication;
5260325f 634 goto parse_flag;
8efc0c15 635
5260325f 636 case sPrintMotd:
637 intptr = &options->print_motd;
638 goto parse_flag;
639
4f4648f9 640 case sPrintLastLog:
641 intptr = &options->print_lastlog;
642 goto parse_flag;
643
5260325f 644 case sX11Forwarding:
645 intptr = &options->x11_forwarding;
646 goto parse_flag;
647
648 case sX11DisplayOffset:
649 intptr = &options->x11_display_offset;
650 goto parse_int;
651
fa649821 652 case sXAuthLocation:
653 charptr = &options->xauth_location;
654 goto parse_filename;
2b87da3b 655
5260325f 656 case sStrictModes:
657 intptr = &options->strict_modes;
658 goto parse_flag;
659
660 case sKeepAlives:
661 intptr = &options->keepalives;
662 goto parse_flag;
663
664 case sEmptyPasswd:
665 intptr = &options->permit_empty_passwd;
666 goto parse_flag;
667
668 case sUseLogin:
669 intptr = &options->use_login;
670 goto parse_flag;
671
1d1ffb87 672 case sGatewayPorts:
673 intptr = &options->gateway_ports;
674 goto parse_flag;
675
61e96248 676 case sReverseMappingCheck:
677 intptr = &options->reverse_mapping_check;
678 goto parse_flag;
679
5260325f 680 case sLogFacility:
681 intptr = (int *) &options->log_facility;
704b1659 682 arg = strdelim(&cp);
089fbbd2 683 value = log_facility_number(arg);
5260325f 684 if (value == (SyslogFacility) - 1)
54b974dc 685 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 686 filename, linenum, arg ? arg : "<NONE>");
5260325f 687 if (*intptr == -1)
688 *intptr = (SyslogFacility) value;
689 break;
690
691 case sLogLevel:
692 intptr = (int *) &options->log_level;
704b1659 693 arg = strdelim(&cp);
089fbbd2 694 value = log_level_number(arg);
5260325f 695 if (value == (LogLevel) - 1)
54b974dc 696 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 697 filename, linenum, arg ? arg : "<NONE>");
5260325f 698 if (*intptr == -1)
699 *intptr = (LogLevel) value;
700 break;
701
33de75a3 702 case sAllowTcpForwarding:
703 intptr = &options->allow_tcp_forwarding;
704 goto parse_flag;
705
5260325f 706 case sAllowUsers:
704b1659 707 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 708 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 709 fatal("%s line %d: too many allow users.",
a8be9f80 710 filename, linenum);
089fbbd2 711 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 712 }
713 break;
714
715 case sDenyUsers:
704b1659 716 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 717 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 718 fatal( "%s line %d: too many deny users.",
a8be9f80 719 filename, linenum);
089fbbd2 720 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 721 }
722 break;
723
724 case sAllowGroups:
704b1659 725 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 726 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 727 fatal("%s line %d: too many allow groups.",
a8be9f80 728 filename, linenum);
089fbbd2 729 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 730 }
731 break;
732
733 case sDenyGroups:
704b1659 734 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 735 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 736 fatal("%s line %d: too many deny groups.",
a8be9f80 737 filename, linenum);
089fbbd2 738 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 739 }
740 break;
741
a8be9f80 742 case sCiphers:
704b1659 743 arg = strdelim(&cp);
089fbbd2 744 if (!arg || *arg == '\0')
71276795 745 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 746 if (!ciphers_valid(arg))
d0c832f3 747 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 748 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 749 if (options->ciphers == NULL)
089fbbd2 750 options->ciphers = xstrdup(arg);
a8be9f80 751 break;
752
b2552997 753 case sMacs:
754 arg = strdelim(&cp);
755 if (!arg || *arg == '\0')
756 fatal("%s line %d: Missing argument.", filename, linenum);
757 if (!mac_valid(arg))
758 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
759 filename, linenum, arg ? arg : "<NONE>");
760 if (options->macs == NULL)
761 options->macs = xstrdup(arg);
762 break;
763
a8be9f80 764 case sProtocol:
765 intptr = &options->protocol;
704b1659 766 arg = strdelim(&cp);
089fbbd2 767 if (!arg || *arg == '\0')
71276795 768 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 769 value = proto_spec(arg);
a8be9f80 770 if (value == SSH_PROTO_UNKNOWN)
771 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 772 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 773 if (*intptr == SSH_PROTO_UNKNOWN)
774 *intptr = value;
775 break;
776
38c295d6 777 case sSubsystem:
778 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
779 fatal("%s line %d: too many subsystems defined.",
780 filename, linenum);
781 }
704b1659 782 arg = strdelim(&cp);
089fbbd2 783 if (!arg || *arg == '\0')
38c295d6 784 fatal("%s line %d: Missing subsystem name.",
785 filename, linenum);
786 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 787 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 788 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 789 filename, linenum, arg);
790 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 791 arg = strdelim(&cp);
089fbbd2 792 if (!arg || *arg == '\0')
38c295d6 793 fatal("%s line %d: Missing subsystem command.",
794 filename, linenum);
089fbbd2 795 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 796 options->num_subsystems++;
797 break;
798
089fbbd2 799 case sMaxStartups:
c345cf9d 800 arg = strdelim(&cp);
801 if (!arg || *arg == '\0')
802 fatal("%s line %d: Missing MaxStartups spec.",
803 filename, linenum);
97de229c 804 if ((n = sscanf(arg, "%d:%d:%d",
c345cf9d 805 &options->max_startups_begin,
806 &options->max_startups_rate,
97de229c 807 &options->max_startups)) == 3) {
c345cf9d 808 if (options->max_startups_begin >
809 options->max_startups ||
810 options->max_startups_rate > 100 ||
811 options->max_startups_rate < 1)
97de229c 812 fatal("%s line %d: Illegal MaxStartups spec.",
813 filename, linenum);
814 } else if (n != 1)
c345cf9d 815 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 816 filename, linenum);
817 else
818 options->max_startups = options->max_startups_begin;
819 break;
089fbbd2 820
eea39c02 821 case sBanner:
822 charptr = &options->banner;
823 goto parse_filename;
c8445989 824 /*
825 * These options can contain %X options expanded at
826 * connect time, so that you can specify paths like:
827 *
828 * AuthorizedKeysFile /etc/ssh_keys/%u
829 */
830 case sAuthorizedKeysFile:
831 case sAuthorizedKeysFile2:
832 charptr = (opcode == sAuthorizedKeysFile ) ?
833 &options->authorized_keys_file :
834 &options->authorized_keys_file2;
835 goto parse_filename;
e2b1fb42 836
3ffc6336 837 case sClientAliveInterval:
838 intptr = &options->client_alive_interval;
e2b1fb42 839 goto parse_time;
840
3ffc6336 841 case sClientAliveCountMax:
842 intptr = &options->client_alive_count_max;
843 goto parse_int;
e2b1fb42 844
10f72868 845 case sPAMAuthenticationViaKbdInt:
846 intptr = &options->pam_authentication_via_kbd_int;
847 goto parse_flag;
848
5260325f 849 default:
b7c70970 850 fatal("%s line %d: Missing handler for opcode %s (%d)",
851 filename, linenum, arg, opcode);
8efc0c15 852 }
b7c70970 853 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
854 fatal("%s line %d: garbage at end of line; \"%.200s\".",
855 filename, linenum, arg);
8efc0c15 856 }
5260325f 857 fclose(f);
b7c70970 858 if (bad_options > 0)
859 fatal("%s: terminating, %d bad configuration options",
860 filename, bad_options);
8efc0c15 861}
git-cvsimport mirror of OpenSSH
This page took 3.072864 seconds and 5 git commands to generate.