]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
0c126dc9 13RCSID("$OpenBSD: servconf.c,v 1.68 2001/02/22 04:29:37 deraadt Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
35void add_listen_addr(ServerOptions *options, char *addr);
36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->check_mail = -1;
59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
68 options->rsa_authentication = -1;
fa08c86b 69 options->pubkey_authentication = -1;
8efc0c15 70#ifdef KRB4
5260325f 71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
8efc0c15 74#endif
75#ifdef AFS
5260325f 76 options->kerberos_tgt_passing = -1;
77 options->afs_token_passing = -1;
8efc0c15 78#endif
5260325f 79 options->password_authentication = -1;
94ec8c6b 80 options->kbd_interactive_authentication = -1;
d464095c 81 options->challenge_reponse_authentication = -1;
5260325f 82 options->permit_empty_passwd = -1;
83 options->use_login = -1;
33de75a3 84 options->allow_tcp_forwarding = -1;
5260325f 85 options->num_allow_users = 0;
86 options->num_deny_users = 0;
87 options->num_allow_groups = 0;
88 options->num_deny_groups = 0;
a8be9f80 89 options->ciphers = NULL;
b2552997 90 options->macs = NULL;
a8be9f80 91 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 92 options->gateway_ports = -1;
38c295d6 93 options->num_subsystems = 0;
c345cf9d 94 options->max_startups_begin = -1;
95 options->max_startups_rate = -1;
089fbbd2 96 options->max_startups = -1;
eea39c02 97 options->banner = NULL;
61e96248 98 options->reverse_mapping_check = -1;
8efc0c15 99}
100
6ae2364d 101void
5260325f 102fill_default_server_options(ServerOptions *options)
8efc0c15 103{
fa08c86b 104 if (options->protocol == SSH_PROTO_UNKNOWN)
105 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
106 if (options->num_host_key_files == 0) {
107 /* fill default hostkeys for protocols */
108 if (options->protocol & SSH_PROTO_1)
42f11eb2 109 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 110 if (options->protocol & SSH_PROTO_2)
42f11eb2 111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 112 }
48e671d5 113 if (options->num_ports == 0)
114 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
115 if (options->listen_addrs == NULL)
116 add_listen_addr(options, NULL);
0fbe8c74 117 if (options->pid_file == NULL)
42f11eb2 118 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 119 if (options->server_key_bits == -1)
120 options->server_key_bits = 768;
121 if (options->login_grace_time == -1)
122 options->login_grace_time = 600;
123 if (options->key_regeneration_time == -1)
124 options->key_regeneration_time = 3600;
15853e93 125 if (options->permit_root_login == PERMIT_NOT_SET)
126 options->permit_root_login = PERMIT_YES;
5260325f 127 if (options->ignore_rhosts == -1)
c8d54615 128 options->ignore_rhosts = 1;
5260325f 129 if (options->ignore_user_known_hosts == -1)
130 options->ignore_user_known_hosts = 0;
131 if (options->check_mail == -1)
132 options->check_mail = 0;
133 if (options->print_motd == -1)
134 options->print_motd = 1;
135 if (options->x11_forwarding == -1)
c8d54615 136 options->x11_forwarding = 0;
5260325f 137 if (options->x11_display_offset == -1)
c8d54615 138 options->x11_display_offset = 10;
fa649821 139#ifdef XAUTH_PATH
140 if (options->xauth_location == NULL)
141 options->xauth_location = XAUTH_PATH;
142#endif /* XAUTH_PATH */
5260325f 143 if (options->strict_modes == -1)
144 options->strict_modes = 1;
145 if (options->keepalives == -1)
146 options->keepalives = 1;
147 if (options->log_facility == (SyslogFacility) (-1))
148 options->log_facility = SYSLOG_FACILITY_AUTH;
149 if (options->log_level == (LogLevel) (-1))
59c97189 150 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 151 if (options->rhosts_authentication == -1)
152 options->rhosts_authentication = 0;
153 if (options->rhosts_rsa_authentication == -1)
c8d54615 154 options->rhosts_rsa_authentication = 0;
5260325f 155 if (options->rsa_authentication == -1)
156 options->rsa_authentication = 1;
fa08c86b 157 if (options->pubkey_authentication == -1)
158 options->pubkey_authentication = 1;
8efc0c15 159#ifdef KRB4
5260325f 160 if (options->kerberos_authentication == -1)
161 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
162 if (options->kerberos_or_local_passwd == -1)
163 options->kerberos_or_local_passwd = 1;
164 if (options->kerberos_ticket_cleanup == -1)
165 options->kerberos_ticket_cleanup = 1;
8efc0c15 166#endif /* KRB4 */
167#ifdef AFS
5260325f 168 if (options->kerberos_tgt_passing == -1)
169 options->kerberos_tgt_passing = 0;
170 if (options->afs_token_passing == -1)
171 options->afs_token_passing = k_hasafs();
8efc0c15 172#endif /* AFS */
5260325f 173 if (options->password_authentication == -1)
174 options->password_authentication = 1;
94ec8c6b 175 if (options->kbd_interactive_authentication == -1)
176 options->kbd_interactive_authentication = 0;
d464095c 177 if (options->challenge_reponse_authentication == -1)
178 options->challenge_reponse_authentication = 1;
5260325f 179 if (options->permit_empty_passwd == -1)
c8d54615 180 options->permit_empty_passwd = 0;
5260325f 181 if (options->use_login == -1)
182 options->use_login = 0;
33de75a3 183 if (options->allow_tcp_forwarding == -1)
184 options->allow_tcp_forwarding = 1;
1d1ffb87 185 if (options->gateway_ports == -1)
186 options->gateway_ports = 0;
089fbbd2 187 if (options->max_startups == -1)
188 options->max_startups = 10;
c345cf9d 189 if (options->max_startups_rate == -1)
190 options->max_startups_rate = 100; /* 100% */
191 if (options->max_startups_begin == -1)
192 options->max_startups_begin = options->max_startups;
61e96248 193 if (options->reverse_mapping_check == -1)
194 options->reverse_mapping_check = 0;
8efc0c15 195}
196
8efc0c15 197/* Keyword tokens. */
5260325f 198typedef enum {
199 sBadOption, /* == unknown option */
200 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
201 sPermitRootLogin, sLogFacility, sLogLevel,
202 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 203#ifdef KRB4
5260325f 204 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 205#endif
206#ifdef AFS
5260325f 207 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 208#endif
d464095c 209 sChallengeResponseAuthentication,
94ec8c6b 210 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 211 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
212 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 213 sUseLogin, sAllowTcpForwarding,
214 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 215 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 216 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 217 sBanner, sReverseMappingCheck
8efc0c15 218} ServerOpCodes;
219
220/* Textual representation of the tokens. */
5260325f 221static struct {
222 const char *name;
223 ServerOpCodes opcode;
224} keywords[] = {
225 { "port", sPort },
226 { "hostkey", sHostKeyFile },
fa08c86b 227 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 228 { "pidfile", sPidFile },
5260325f 229 { "serverkeybits", sServerKeyBits },
230 { "logingracetime", sLoginGraceTime },
231 { "keyregenerationinterval", sKeyRegenerationTime },
232 { "permitrootlogin", sPermitRootLogin },
233 { "syslogfacility", sLogFacility },
234 { "loglevel", sLogLevel },
235 { "rhostsauthentication", sRhostsAuthentication },
236 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
237 { "rsaauthentication", sRSAAuthentication },
fa08c86b 238 { "pubkeyauthentication", sPubkeyAuthentication },
239 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 240#ifdef KRB4
5260325f 241 { "kerberosauthentication", sKerberosAuthentication },
242 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
243 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 244#endif
245#ifdef AFS
5260325f 246 { "kerberostgtpassing", sKerberosTgtPassing },
247 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 248#endif
5260325f 249 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 250 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 251 { "challengeresponseauthentication", sChallengeResponseAuthentication },
252 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 253 { "checkmail", sCheckMail },
254 { "listenaddress", sListenAddress },
255 { "printmotd", sPrintMotd },
256 { "ignorerhosts", sIgnoreRhosts },
257 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
258 { "x11forwarding", sX11Forwarding },
259 { "x11displayoffset", sX11DisplayOffset },
fa649821 260 { "xauthlocation", sXAuthLocation },
5260325f 261 { "strictmodes", sStrictModes },
262 { "permitemptypasswords", sEmptyPasswd },
263 { "uselogin", sUseLogin },
264 { "randomseed", sRandomSeedFile },
265 { "keepalive", sKeepAlives },
33de75a3 266 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 267 { "allowusers", sAllowUsers },
268 { "denyusers", sDenyUsers },
269 { "allowgroups", sAllowGroups },
270 { "denygroups", sDenyGroups },
a8be9f80 271 { "ciphers", sCiphers },
b2552997 272 { "macs", sMacs },
a8be9f80 273 { "protocol", sProtocol },
1d1ffb87 274 { "gatewayports", sGatewayPorts },
38c295d6 275 { "subsystem", sSubsystem },
089fbbd2 276 { "maxstartups", sMaxStartups },
eea39c02 277 { "banner", sBanner },
61e96248 278 { "reversemappingcheck", sReverseMappingCheck },
5260325f 279 { NULL, 0 }
8efc0c15 280};
281
aa3378df 282/*
283 * Returns the number of the token pointed to by cp of length len. Never
284 * returns if the token is not known.
285 */
8efc0c15 286
6ae2364d 287static ServerOpCodes
5260325f 288parse_token(const char *cp, const char *filename,
289 int linenum)
8efc0c15 290{
1e3b8b07 291 u_int i;
8efc0c15 292
5260325f 293 for (i = 0; keywords[i].name; i++)
aa3378df 294 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 295 return keywords[i].opcode;
8efc0c15 296
5260325f 297 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
298 filename, linenum, cp);
299 return sBadOption;
8efc0c15 300}
301
48e671d5 302/*
303 * add listen address
304 */
6ae2364d 305void
48e671d5 306add_listen_addr(ServerOptions *options, char *addr)
307{
48e671d5 308 struct addrinfo hints, *ai, *aitop;
309 char strport[NI_MAXSERV];
310 int gaierr;
311 int i;
312
313 if (options->num_ports == 0)
314 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
315 for (i = 0; i < options->num_ports; i++) {
316 memset(&hints, 0, sizeof(hints));
317 hints.ai_family = IPv4or6;
318 hints.ai_socktype = SOCK_STREAM;
319 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
320 snprintf(strport, sizeof strport, "%d", options->ports[i]);
321 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
322 fatal("bad addr or host: %s (%s)\n",
323 addr ? addr : "<NULL>",
324 gai_strerror(gaierr));
325 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
326 ;
327 ai->ai_next = options->listen_addrs;
328 options->listen_addrs = aitop;
329 }
330}
331
8efc0c15 332/* Reads the server configuration file. */
333
6ae2364d 334void
5260325f 335read_server_config(ServerOptions *options, const char *filename)
8efc0c15 336{
5260325f 337 FILE *f;
338 char line[1024];
089fbbd2 339 char *cp, **charptr, *arg;
5260325f 340 int linenum, *intptr, value;
341 int bad_options = 0;
342 ServerOpCodes opcode;
38c295d6 343 int i;
5260325f 344
345 f = fopen(filename, "r");
346 if (!f) {
347 perror(filename);
8efc0c15 348 exit(1);
5260325f 349 }
350 linenum = 0;
351 while (fgets(line, sizeof(line), f)) {
352 linenum++;
704b1659 353 cp = line;
354 arg = strdelim(&cp);
355 /* Ignore leading whitespace */
356 if (*arg == '\0')
357 arg = strdelim(&cp);
42f11eb2 358 if (!arg || !*arg || *arg == '#')
5260325f 359 continue;
fa08c86b 360 intptr = NULL;
361 charptr = NULL;
089fbbd2 362 opcode = parse_token(arg, filename, linenum);
5260325f 363 switch (opcode) {
364 case sBadOption:
365 bad_options++;
366 continue;
367 case sPort:
48e671d5 368 /* ignore ports from configfile if cmdline specifies ports */
369 if (options->ports_from_cmdline)
370 continue;
371 if (options->listen_addrs != NULL)
372 fatal("%s line %d: ports must be specified before "
373 "ListenAdress.\n", filename, linenum);
374 if (options->num_ports >= MAX_PORTS)
375 fatal("%s line %d: too many ports.\n",
6ae2364d 376 filename, linenum);
704b1659 377 arg = strdelim(&cp);
089fbbd2 378 if (!arg || *arg == '\0')
48e671d5 379 fatal("%s line %d: missing port number.\n",
380 filename, linenum);
089fbbd2 381 options->ports[options->num_ports++] = atoi(arg);
48e671d5 382 break;
383
384 case sServerKeyBits:
385 intptr = &options->server_key_bits;
5260325f 386parse_int:
704b1659 387 arg = strdelim(&cp);
089fbbd2 388 if (!arg || *arg == '\0') {
5260325f 389 fprintf(stderr, "%s line %d: missing integer value.\n",
390 filename, linenum);
391 exit(1);
392 }
089fbbd2 393 value = atoi(arg);
5260325f 394 if (*intptr == -1)
395 *intptr = value;
396 break;
397
5260325f 398 case sLoginGraceTime:
399 intptr = &options->login_grace_time;
400 goto parse_int;
401
402 case sKeyRegenerationTime:
403 intptr = &options->key_regeneration_time;
404 goto parse_int;
405
406 case sListenAddress:
704b1659 407 arg = strdelim(&cp);
089fbbd2 408 if (!arg || *arg == '\0')
48e671d5 409 fatal("%s line %d: missing inet addr.\n",
410 filename, linenum);
089fbbd2 411 add_listen_addr(options, arg);
5260325f 412 break;
413
414 case sHostKeyFile:
fa08c86b 415 intptr = &options->num_host_key_files;
416 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 417 fprintf(stderr,
418 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 419 filename, linenum, MAX_HOSTKEYS);
420 exit(1);
421 }
422 charptr = &options->host_key_files[*intptr];
fa649821 423parse_filename:
704b1659 424 arg = strdelim(&cp);
089fbbd2 425 if (!arg || *arg == '\0') {
5260325f 426 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 427 filename, linenum);
428 exit(1);
429 }
fa08c86b 430 if (*charptr == NULL) {
089fbbd2 431 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 432 /* increase optional counter */
433 if (intptr != NULL)
434 *intptr = *intptr + 1;
435 }
0fbe8c74 436 break;
437
438 case sPidFile:
439 charptr = &options->pid_file;
fa649821 440 goto parse_filename;
5260325f 441
442 case sRandomSeedFile:
443 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
444 filename, linenum);
704b1659 445 arg = strdelim(&cp);
5260325f 446 break;
447
448 case sPermitRootLogin:
449 intptr = &options->permit_root_login;
704b1659 450 arg = strdelim(&cp);
089fbbd2 451 if (!arg || *arg == '\0') {
5260325f 452 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
453 filename, linenum);
454 exit(1);
455 }
089fbbd2 456 if (strcmp(arg, "without-password") == 0)
15853e93 457 value = PERMIT_NO_PASSWD;
458 else if (strcmp(arg, "forced-commands-only") == 0)
459 value = PERMIT_FORCED_ONLY;
089fbbd2 460 else if (strcmp(arg, "yes") == 0)
15853e93 461 value = PERMIT_YES;
089fbbd2 462 else if (strcmp(arg, "no") == 0)
15853e93 463 value = PERMIT_NO;
5260325f 464 else {
15853e93 465 fprintf(stderr, "%s line %d: Bad yes/"
466 "without-password/forced-commands-only/no "
467 "argument: %s\n", filename, linenum, arg);
5260325f 468 exit(1);
469 }
470 if (*intptr == -1)
471 *intptr = value;
472 break;
473
474 case sIgnoreRhosts:
475 intptr = &options->ignore_rhosts;
476parse_flag:
704b1659 477 arg = strdelim(&cp);
089fbbd2 478 if (!arg || *arg == '\0') {
5260325f 479 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
480 filename, linenum);
481 exit(1);
482 }
089fbbd2 483 if (strcmp(arg, "yes") == 0)
5260325f 484 value = 1;
089fbbd2 485 else if (strcmp(arg, "no") == 0)
5260325f 486 value = 0;
487 else {
488 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 489 filename, linenum, arg);
5260325f 490 exit(1);
491 }
492 if (*intptr == -1)
493 *intptr = value;
494 break;
495
496 case sIgnoreUserKnownHosts:
497 intptr = &options->ignore_user_known_hosts;
c8d54615 498 goto parse_flag;
5260325f 499
500 case sRhostsAuthentication:
501 intptr = &options->rhosts_authentication;
502 goto parse_flag;
503
504 case sRhostsRSAAuthentication:
505 intptr = &options->rhosts_rsa_authentication;
506 goto parse_flag;
507
508 case sRSAAuthentication:
509 intptr = &options->rsa_authentication;
510 goto parse_flag;
511
fa08c86b 512 case sPubkeyAuthentication:
513 intptr = &options->pubkey_authentication;
1d1ffb87 514 goto parse_flag;
515
8efc0c15 516#ifdef KRB4
5260325f 517 case sKerberosAuthentication:
518 intptr = &options->kerberos_authentication;
519 goto parse_flag;
520
521 case sKerberosOrLocalPasswd:
522 intptr = &options->kerberos_or_local_passwd;
523 goto parse_flag;
524
525 case sKerberosTicketCleanup:
526 intptr = &options->kerberos_ticket_cleanup;
527 goto parse_flag;
8efc0c15 528#endif
5260325f 529
8efc0c15 530#ifdef AFS
5260325f 531 case sKerberosTgtPassing:
532 intptr = &options->kerberos_tgt_passing;
533 goto parse_flag;
8efc0c15 534
5260325f 535 case sAFSTokenPassing:
536 intptr = &options->afs_token_passing;
537 goto parse_flag;
8efc0c15 538#endif
539
5260325f 540 case sPasswordAuthentication:
541 intptr = &options->password_authentication;
542 goto parse_flag;
8efc0c15 543
94ec8c6b 544 case sKbdInteractiveAuthentication:
545 intptr = &options->kbd_interactive_authentication;
546 goto parse_flag;
547
5260325f 548 case sCheckMail:
549 intptr = &options->check_mail;
550 goto parse_flag;
8efc0c15 551
d464095c 552 case sChallengeResponseAuthentication:
553 intptr = &options->challenge_reponse_authentication;
5260325f 554 goto parse_flag;
8efc0c15 555
5260325f 556 case sPrintMotd:
557 intptr = &options->print_motd;
558 goto parse_flag;
559
560 case sX11Forwarding:
561 intptr = &options->x11_forwarding;
562 goto parse_flag;
563
564 case sX11DisplayOffset:
565 intptr = &options->x11_display_offset;
566 goto parse_int;
567
fa649821 568 case sXAuthLocation:
569 charptr = &options->xauth_location;
570 goto parse_filename;
2b87da3b 571
5260325f 572 case sStrictModes:
573 intptr = &options->strict_modes;
574 goto parse_flag;
575
576 case sKeepAlives:
577 intptr = &options->keepalives;
578 goto parse_flag;
579
580 case sEmptyPasswd:
581 intptr = &options->permit_empty_passwd;
582 goto parse_flag;
583
584 case sUseLogin:
585 intptr = &options->use_login;
586 goto parse_flag;
587
1d1ffb87 588 case sGatewayPorts:
589 intptr = &options->gateway_ports;
590 goto parse_flag;
591
61e96248 592 case sReverseMappingCheck:
593 intptr = &options->reverse_mapping_check;
594 goto parse_flag;
595
5260325f 596 case sLogFacility:
597 intptr = (int *) &options->log_facility;
704b1659 598 arg = strdelim(&cp);
089fbbd2 599 value = log_facility_number(arg);
5260325f 600 if (value == (SyslogFacility) - 1)
601 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 602 filename, linenum, arg ? arg : "<NONE>");
5260325f 603 if (*intptr == -1)
604 *intptr = (SyslogFacility) value;
605 break;
606
607 case sLogLevel:
608 intptr = (int *) &options->log_level;
704b1659 609 arg = strdelim(&cp);
089fbbd2 610 value = log_level_number(arg);
5260325f 611 if (value == (LogLevel) - 1)
612 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 613 filename, linenum, arg ? arg : "<NONE>");
5260325f 614 if (*intptr == -1)
615 *intptr = (LogLevel) value;
616 break;
617
33de75a3 618 case sAllowTcpForwarding:
619 intptr = &options->allow_tcp_forwarding;
620 goto parse_flag;
621
5260325f 622 case sAllowUsers:
704b1659 623 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 624 if (options->num_allow_users >= MAX_ALLOW_USERS)
625 fatal("%s line %d: too many allow users.\n",
626 filename, linenum);
089fbbd2 627 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 628 }
629 break;
630
631 case sDenyUsers:
704b1659 632 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 633 if (options->num_deny_users >= MAX_DENY_USERS)
634 fatal( "%s line %d: too many deny users.\n",
635 filename, linenum);
089fbbd2 636 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 637 }
638 break;
639
640 case sAllowGroups:
704b1659 641 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 642 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
643 fatal("%s line %d: too many allow groups.\n",
644 filename, linenum);
089fbbd2 645 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 646 }
647 break;
648
649 case sDenyGroups:
704b1659 650 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 651 if (options->num_deny_groups >= MAX_DENY_GROUPS)
652 fatal("%s line %d: too many deny groups.\n",
653 filename, linenum);
089fbbd2 654 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 655 }
656 break;
657
a8be9f80 658 case sCiphers:
704b1659 659 arg = strdelim(&cp);
089fbbd2 660 if (!arg || *arg == '\0')
71276795 661 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 662 if (!ciphers_valid(arg))
d0c832f3 663 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 664 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 665 if (options->ciphers == NULL)
089fbbd2 666 options->ciphers = xstrdup(arg);
a8be9f80 667 break;
668
b2552997 669 case sMacs:
670 arg = strdelim(&cp);
671 if (!arg || *arg == '\0')
672 fatal("%s line %d: Missing argument.", filename, linenum);
673 if (!mac_valid(arg))
674 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
675 filename, linenum, arg ? arg : "<NONE>");
676 if (options->macs == NULL)
677 options->macs = xstrdup(arg);
678 break;
679
a8be9f80 680 case sProtocol:
681 intptr = &options->protocol;
704b1659 682 arg = strdelim(&cp);
089fbbd2 683 if (!arg || *arg == '\0')
71276795 684 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 685 value = proto_spec(arg);
a8be9f80 686 if (value == SSH_PROTO_UNKNOWN)
687 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 688 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 689 if (*intptr == SSH_PROTO_UNKNOWN)
690 *intptr = value;
691 break;
692
38c295d6 693 case sSubsystem:
694 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
695 fatal("%s line %d: too many subsystems defined.",
696 filename, linenum);
697 }
704b1659 698 arg = strdelim(&cp);
089fbbd2 699 if (!arg || *arg == '\0')
38c295d6 700 fatal("%s line %d: Missing subsystem name.",
701 filename, linenum);
702 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 703 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 704 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 705 filename, linenum, arg);
706 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 707 arg = strdelim(&cp);
089fbbd2 708 if (!arg || *arg == '\0')
38c295d6 709 fatal("%s line %d: Missing subsystem command.",
710 filename, linenum);
089fbbd2 711 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 712 options->num_subsystems++;
713 break;
714
089fbbd2 715 case sMaxStartups:
c345cf9d 716 arg = strdelim(&cp);
717 if (!arg || *arg == '\0')
718 fatal("%s line %d: Missing MaxStartups spec.",
719 filename, linenum);
720 if (sscanf(arg, "%d:%d:%d",
721 &options->max_startups_begin,
722 &options->max_startups_rate,
723 &options->max_startups) == 3) {
724 if (options->max_startups_begin >
725 options->max_startups ||
726 options->max_startups_rate > 100 ||
727 options->max_startups_rate < 1)
728 fatal("%s line %d: Illegal MaxStartups spec.",
729 filename, linenum);
730 break;
731 }
089fbbd2 732 intptr = &options->max_startups;
733 goto parse_int;
734
eea39c02 735 case sBanner:
736 charptr = &options->banner;
737 goto parse_filename;
2b87da3b 738
5260325f 739 default:
740 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 741 filename, linenum, arg, opcode);
5260325f 742 exit(1);
8efc0c15 743 }
704b1659 744 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 745 fprintf(stderr,
089fbbd2 746 "%s line %d: garbage at end of line; \"%.200s\".\n",
747 filename, linenum, arg);
5260325f 748 exit(1);
8efc0c15 749 }
8efc0c15 750 }
5260325f 751 fclose(f);
752 if (bad_options > 0) {
753 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
754 filename, bad_options);
755 exit(1);
8efc0c15 756 }
8efc0c15 757}
git-cvsimport mirror of OpenSSH
This page took 0.496372 seconds and 5 git commands to generate.