]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) Slight auth2-pam.c clean up.
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
6005a40c 13RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $");
8efc0c15 14
15#include "ssh.h"
16#include "servconf.h"
17#include "xmalloc.h"
a8be9f80 18#include "compat.h"
8efc0c15 19
48e671d5 20/* add listen address */
21void add_listen_addr(ServerOptions *options, char *addr);
22
8efc0c15 23/* Initializes the server options to their default values. */
24
6ae2364d 25void
5260325f 26initialize_server_options(ServerOptions *options)
8efc0c15 27{
5260325f 28 memset(options, 0, sizeof(*options));
48e671d5 29 options->num_ports = 0;
30 options->ports_from_cmdline = 0;
31 options->listen_addrs = NULL;
fa08c86b 32 options->num_host_key_files = 0;
0fbe8c74 33 options->pid_file = NULL;
5260325f 34 options->server_key_bits = -1;
35 options->login_grace_time = -1;
36 options->key_regeneration_time = -1;
37 options->permit_root_login = -1;
38 options->ignore_rhosts = -1;
39 options->ignore_user_known_hosts = -1;
40 options->print_motd = -1;
41 options->check_mail = -1;
42 options->x11_forwarding = -1;
43 options->x11_display_offset = -1;
fa649821 44 options->xauth_location = NULL;
5260325f 45 options->strict_modes = -1;
46 options->keepalives = -1;
47 options->log_facility = (SyslogFacility) - 1;
48 options->log_level = (LogLevel) - 1;
49 options->rhosts_authentication = -1;
50 options->rhosts_rsa_authentication = -1;
51 options->rsa_authentication = -1;
fa08c86b 52 options->pubkey_authentication = -1;
8efc0c15 53#ifdef KRB4
5260325f 54 options->kerberos_authentication = -1;
55 options->kerberos_or_local_passwd = -1;
56 options->kerberos_ticket_cleanup = -1;
8efc0c15 57#endif
58#ifdef AFS
5260325f 59 options->kerberos_tgt_passing = -1;
60 options->afs_token_passing = -1;
8efc0c15 61#endif
5260325f 62 options->password_authentication = -1;
94ec8c6b 63 options->kbd_interactive_authentication = -1;
5260325f 64 options->skey_authentication = -1;
5260325f 65 options->permit_empty_passwd = -1;
66 options->use_login = -1;
33de75a3 67 options->allow_tcp_forwarding = -1;
5260325f 68 options->num_allow_users = 0;
69 options->num_deny_users = 0;
70 options->num_allow_groups = 0;
71 options->num_deny_groups = 0;
a8be9f80 72 options->ciphers = NULL;
73 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 74 options->gateway_ports = -1;
38c295d6 75 options->num_subsystems = 0;
c345cf9d 76 options->max_startups_begin = -1;
77 options->max_startups_rate = -1;
089fbbd2 78 options->max_startups = -1;
eea39c02 79 options->banner = NULL;
8efc0c15 80}
81
6ae2364d 82void
5260325f 83fill_default_server_options(ServerOptions *options)
8efc0c15 84{
fa08c86b 85 if (options->protocol == SSH_PROTO_UNKNOWN)
86 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
87 if (options->num_host_key_files == 0) {
88 /* fill default hostkeys for protocols */
89 if (options->protocol & SSH_PROTO_1)
90 options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
91 if (options->protocol & SSH_PROTO_2)
92 options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
93 }
48e671d5 94 if (options->num_ports == 0)
95 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
96 if (options->listen_addrs == NULL)
97 add_listen_addr(options, NULL);
0fbe8c74 98 if (options->pid_file == NULL)
99 options->pid_file = SSH_DAEMON_PID_FILE;
5260325f 100 if (options->server_key_bits == -1)
101 options->server_key_bits = 768;
102 if (options->login_grace_time == -1)
103 options->login_grace_time = 600;
104 if (options->key_regeneration_time == -1)
105 options->key_regeneration_time = 3600;
106 if (options->permit_root_login == -1)
107 options->permit_root_login = 1; /* yes */
108 if (options->ignore_rhosts == -1)
c8d54615 109 options->ignore_rhosts = 1;
5260325f 110 if (options->ignore_user_known_hosts == -1)
111 options->ignore_user_known_hosts = 0;
112 if (options->check_mail == -1)
113 options->check_mail = 0;
114 if (options->print_motd == -1)
115 options->print_motd = 1;
116 if (options->x11_forwarding == -1)
c8d54615 117 options->x11_forwarding = 0;
5260325f 118 if (options->x11_display_offset == -1)
c8d54615 119 options->x11_display_offset = 10;
fa649821 120#ifdef XAUTH_PATH
121 if (options->xauth_location == NULL)
122 options->xauth_location = XAUTH_PATH;
123#endif /* XAUTH_PATH */
5260325f 124 if (options->strict_modes == -1)
125 options->strict_modes = 1;
126 if (options->keepalives == -1)
127 options->keepalives = 1;
128 if (options->log_facility == (SyslogFacility) (-1))
129 options->log_facility = SYSLOG_FACILITY_AUTH;
130 if (options->log_level == (LogLevel) (-1))
59c97189 131 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 132 if (options->rhosts_authentication == -1)
133 options->rhosts_authentication = 0;
134 if (options->rhosts_rsa_authentication == -1)
c8d54615 135 options->rhosts_rsa_authentication = 0;
5260325f 136 if (options->rsa_authentication == -1)
137 options->rsa_authentication = 1;
fa08c86b 138 if (options->pubkey_authentication == -1)
139 options->pubkey_authentication = 1;
8efc0c15 140#ifdef KRB4
5260325f 141 if (options->kerberos_authentication == -1)
142 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
143 if (options->kerberos_or_local_passwd == -1)
144 options->kerberos_or_local_passwd = 1;
145 if (options->kerberos_ticket_cleanup == -1)
146 options->kerberos_ticket_cleanup = 1;
8efc0c15 147#endif /* KRB4 */
148#ifdef AFS
5260325f 149 if (options->kerberos_tgt_passing == -1)
150 options->kerberos_tgt_passing = 0;
151 if (options->afs_token_passing == -1)
152 options->afs_token_passing = k_hasafs();
8efc0c15 153#endif /* AFS */
5260325f 154 if (options->password_authentication == -1)
155 options->password_authentication = 1;
94ec8c6b 156 if (options->kbd_interactive_authentication == -1)
157 options->kbd_interactive_authentication = 0;
5260325f 158 if (options->skey_authentication == -1)
159 options->skey_authentication = 1;
5260325f 160 if (options->permit_empty_passwd == -1)
c8d54615 161 options->permit_empty_passwd = 0;
5260325f 162 if (options->use_login == -1)
163 options->use_login = 0;
33de75a3 164 if (options->allow_tcp_forwarding == -1)
165 options->allow_tcp_forwarding = 1;
1d1ffb87 166 if (options->gateway_ports == -1)
167 options->gateway_ports = 0;
089fbbd2 168 if (options->max_startups == -1)
169 options->max_startups = 10;
c345cf9d 170 if (options->max_startups_rate == -1)
171 options->max_startups_rate = 100; /* 100% */
172 if (options->max_startups_begin == -1)
173 options->max_startups_begin = options->max_startups;
8efc0c15 174}
175
8efc0c15 176/* Keyword tokens. */
5260325f 177typedef enum {
178 sBadOption, /* == unknown option */
179 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
180 sPermitRootLogin, sLogFacility, sLogLevel,
181 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 182#ifdef KRB4
5260325f 183 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 184#endif
185#ifdef AFS
5260325f 186 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 187#endif
5260325f 188 sSkeyAuthentication,
94ec8c6b 189 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 190 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
191 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 192 sUseLogin, sAllowTcpForwarding,
193 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
fa08c86b 194 sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
195 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
eea39c02 196 sBanner
8efc0c15 197} ServerOpCodes;
198
199/* Textual representation of the tokens. */
5260325f 200static struct {
201 const char *name;
202 ServerOpCodes opcode;
203} keywords[] = {
204 { "port", sPort },
205 { "hostkey", sHostKeyFile },
fa08c86b 206 { "hostdsakey", sHostKeyFile }, /* alias */
0fbe8c74 207 { "pidfile", sPidFile },
5260325f 208 { "serverkeybits", sServerKeyBits },
209 { "logingracetime", sLoginGraceTime },
210 { "keyregenerationinterval", sKeyRegenerationTime },
211 { "permitrootlogin", sPermitRootLogin },
212 { "syslogfacility", sLogFacility },
213 { "loglevel", sLogLevel },
214 { "rhostsauthentication", sRhostsAuthentication },
215 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
216 { "rsaauthentication", sRSAAuthentication },
fa08c86b 217 { "pubkeyauthentication", sPubkeyAuthentication },
218 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 219#ifdef KRB4
5260325f 220 { "kerberosauthentication", sKerberosAuthentication },
221 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
222 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 223#endif
224#ifdef AFS
5260325f 225 { "kerberostgtpassing", sKerberosTgtPassing },
226 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 227#endif
5260325f 228 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 229 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
5260325f 230 { "skeyauthentication", sSkeyAuthentication },
5260325f 231 { "checkmail", sCheckMail },
232 { "listenaddress", sListenAddress },
233 { "printmotd", sPrintMotd },
234 { "ignorerhosts", sIgnoreRhosts },
235 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
236 { "x11forwarding", sX11Forwarding },
237 { "x11displayoffset", sX11DisplayOffset },
fa649821 238 { "xauthlocation", sXAuthLocation },
5260325f 239 { "strictmodes", sStrictModes },
240 { "permitemptypasswords", sEmptyPasswd },
241 { "uselogin", sUseLogin },
242 { "randomseed", sRandomSeedFile },
243 { "keepalive", sKeepAlives },
33de75a3 244 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 245 { "allowusers", sAllowUsers },
246 { "denyusers", sDenyUsers },
247 { "allowgroups", sAllowGroups },
248 { "denygroups", sDenyGroups },
a8be9f80 249 { "ciphers", sCiphers },
250 { "protocol", sProtocol },
1d1ffb87 251 { "gatewayports", sGatewayPorts },
38c295d6 252 { "subsystem", sSubsystem },
089fbbd2 253 { "maxstartups", sMaxStartups },
eea39c02 254 { "banner", sBanner },
5260325f 255 { NULL, 0 }
8efc0c15 256};
257
aa3378df 258/*
259 * Returns the number of the token pointed to by cp of length len. Never
260 * returns if the token is not known.
261 */
8efc0c15 262
6ae2364d 263static ServerOpCodes
5260325f 264parse_token(const char *cp, const char *filename,
265 int linenum)
8efc0c15 266{
1e3b8b07 267 u_int i;
8efc0c15 268
5260325f 269 for (i = 0; keywords[i].name; i++)
aa3378df 270 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 271 return keywords[i].opcode;
8efc0c15 272
5260325f 273 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
274 filename, linenum, cp);
275 return sBadOption;
8efc0c15 276}
277
48e671d5 278/*
279 * add listen address
280 */
6ae2364d 281void
48e671d5 282add_listen_addr(ServerOptions *options, char *addr)
283{
284 extern int IPv4or6;
285 struct addrinfo hints, *ai, *aitop;
286 char strport[NI_MAXSERV];
287 int gaierr;
288 int i;
289
290 if (options->num_ports == 0)
291 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
292 for (i = 0; i < options->num_ports; i++) {
293 memset(&hints, 0, sizeof(hints));
294 hints.ai_family = IPv4or6;
295 hints.ai_socktype = SOCK_STREAM;
296 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
297 snprintf(strport, sizeof strport, "%d", options->ports[i]);
298 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
299 fatal("bad addr or host: %s (%s)\n",
300 addr ? addr : "<NULL>",
301 gai_strerror(gaierr));
302 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
303 ;
304 ai->ai_next = options->listen_addrs;
305 options->listen_addrs = aitop;
306 }
307}
308
8efc0c15 309/* Reads the server configuration file. */
310
6ae2364d 311void
5260325f 312read_server_config(ServerOptions *options, const char *filename)
8efc0c15 313{
5260325f 314 FILE *f;
315 char line[1024];
089fbbd2 316 char *cp, **charptr, *arg;
5260325f 317 int linenum, *intptr, value;
318 int bad_options = 0;
319 ServerOpCodes opcode;
38c295d6 320 int i;
5260325f 321
322 f = fopen(filename, "r");
323 if (!f) {
324 perror(filename);
8efc0c15 325 exit(1);
5260325f 326 }
327 linenum = 0;
328 while (fgets(line, sizeof(line), f)) {
329 linenum++;
704b1659 330 cp = line;
331 arg = strdelim(&cp);
332 /* Ignore leading whitespace */
333 if (*arg == '\0')
334 arg = strdelim(&cp);
335 if (!*arg || *arg == '#')
5260325f 336 continue;
fa08c86b 337 intptr = NULL;
338 charptr = NULL;
089fbbd2 339 opcode = parse_token(arg, filename, linenum);
5260325f 340 switch (opcode) {
341 case sBadOption:
342 bad_options++;
343 continue;
344 case sPort:
48e671d5 345 /* ignore ports from configfile if cmdline specifies ports */
346 if (options->ports_from_cmdline)
347 continue;
348 if (options->listen_addrs != NULL)
349 fatal("%s line %d: ports must be specified before "
350 "ListenAdress.\n", filename, linenum);
351 if (options->num_ports >= MAX_PORTS)
352 fatal("%s line %d: too many ports.\n",
6ae2364d 353 filename, linenum);
704b1659 354 arg = strdelim(&cp);
089fbbd2 355 if (!arg || *arg == '\0')
48e671d5 356 fatal("%s line %d: missing port number.\n",
357 filename, linenum);
089fbbd2 358 options->ports[options->num_ports++] = atoi(arg);
48e671d5 359 break;
360
361 case sServerKeyBits:
362 intptr = &options->server_key_bits;
5260325f 363parse_int:
704b1659 364 arg = strdelim(&cp);
089fbbd2 365 if (!arg || *arg == '\0') {
5260325f 366 fprintf(stderr, "%s line %d: missing integer value.\n",
367 filename, linenum);
368 exit(1);
369 }
089fbbd2 370 value = atoi(arg);
5260325f 371 if (*intptr == -1)
372 *intptr = value;
373 break;
374
5260325f 375 case sLoginGraceTime:
376 intptr = &options->login_grace_time;
377 goto parse_int;
378
379 case sKeyRegenerationTime:
380 intptr = &options->key_regeneration_time;
381 goto parse_int;
382
383 case sListenAddress:
704b1659 384 arg = strdelim(&cp);
089fbbd2 385 if (!arg || *arg == '\0')
48e671d5 386 fatal("%s line %d: missing inet addr.\n",
387 filename, linenum);
089fbbd2 388 add_listen_addr(options, arg);
5260325f 389 break;
390
391 case sHostKeyFile:
fa08c86b 392 intptr = &options->num_host_key_files;
393 if (*intptr >= MAX_HOSTKEYS) {
394 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
395 filename, linenum, MAX_HOSTKEYS);
396 exit(1);
397 }
398 charptr = &options->host_key_files[*intptr];
fa649821 399parse_filename:
704b1659 400 arg = strdelim(&cp);
089fbbd2 401 if (!arg || *arg == '\0') {
5260325f 402 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 403 filename, linenum);
404 exit(1);
405 }
fa08c86b 406 if (*charptr == NULL) {
089fbbd2 407 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 408 /* increase optional counter */
409 if (intptr != NULL)
410 *intptr = *intptr + 1;
411 }
0fbe8c74 412 break;
413
414 case sPidFile:
415 charptr = &options->pid_file;
fa649821 416 goto parse_filename;
5260325f 417
418 case sRandomSeedFile:
419 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
420 filename, linenum);
704b1659 421 arg = strdelim(&cp);
5260325f 422 break;
423
424 case sPermitRootLogin:
425 intptr = &options->permit_root_login;
704b1659 426 arg = strdelim(&cp);
089fbbd2 427 if (!arg || *arg == '\0') {
5260325f 428 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
429 filename, linenum);
430 exit(1);
431 }
089fbbd2 432 if (strcmp(arg, "without-password") == 0)
5260325f 433 value = 2;
089fbbd2 434 else if (strcmp(arg, "yes") == 0)
5260325f 435 value = 1;
089fbbd2 436 else if (strcmp(arg, "no") == 0)
5260325f 437 value = 0;
438 else {
439 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 440 filename, linenum, arg);
5260325f 441 exit(1);
442 }
443 if (*intptr == -1)
444 *intptr = value;
445 break;
446
447 case sIgnoreRhosts:
448 intptr = &options->ignore_rhosts;
449parse_flag:
704b1659 450 arg = strdelim(&cp);
089fbbd2 451 if (!arg || *arg == '\0') {
5260325f 452 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
453 filename, linenum);
454 exit(1);
455 }
089fbbd2 456 if (strcmp(arg, "yes") == 0)
5260325f 457 value = 1;
089fbbd2 458 else if (strcmp(arg, "no") == 0)
5260325f 459 value = 0;
460 else {
461 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 462 filename, linenum, arg);
5260325f 463 exit(1);
464 }
465 if (*intptr == -1)
466 *intptr = value;
467 break;
468
469 case sIgnoreUserKnownHosts:
470 intptr = &options->ignore_user_known_hosts;
c8d54615 471 goto parse_flag;
5260325f 472
473 case sRhostsAuthentication:
474 intptr = &options->rhosts_authentication;
475 goto parse_flag;
476
477 case sRhostsRSAAuthentication:
478 intptr = &options->rhosts_rsa_authentication;
479 goto parse_flag;
480
481 case sRSAAuthentication:
482 intptr = &options->rsa_authentication;
483 goto parse_flag;
484
fa08c86b 485 case sPubkeyAuthentication:
486 intptr = &options->pubkey_authentication;
1d1ffb87 487 goto parse_flag;
488
8efc0c15 489#ifdef KRB4
5260325f 490 case sKerberosAuthentication:
491 intptr = &options->kerberos_authentication;
492 goto parse_flag;
493
494 case sKerberosOrLocalPasswd:
495 intptr = &options->kerberos_or_local_passwd;
496 goto parse_flag;
497
498 case sKerberosTicketCleanup:
499 intptr = &options->kerberos_ticket_cleanup;
500 goto parse_flag;
8efc0c15 501#endif
5260325f 502
8efc0c15 503#ifdef AFS
5260325f 504 case sKerberosTgtPassing:
505 intptr = &options->kerberos_tgt_passing;
506 goto parse_flag;
8efc0c15 507
5260325f 508 case sAFSTokenPassing:
509 intptr = &options->afs_token_passing;
510 goto parse_flag;
8efc0c15 511#endif
512
5260325f 513 case sPasswordAuthentication:
514 intptr = &options->password_authentication;
515 goto parse_flag;
8efc0c15 516
94ec8c6b 517 case sKbdInteractiveAuthentication:
518 intptr = &options->kbd_interactive_authentication;
519 goto parse_flag;
520
5260325f 521 case sCheckMail:
522 intptr = &options->check_mail;
523 goto parse_flag;
8efc0c15 524
5260325f 525 case sSkeyAuthentication:
526 intptr = &options->skey_authentication;
527 goto parse_flag;
8efc0c15 528
5260325f 529 case sPrintMotd:
530 intptr = &options->print_motd;
531 goto parse_flag;
532
533 case sX11Forwarding:
534 intptr = &options->x11_forwarding;
535 goto parse_flag;
536
537 case sX11DisplayOffset:
538 intptr = &options->x11_display_offset;
539 goto parse_int;
540
fa649821 541 case sXAuthLocation:
542 charptr = &options->xauth_location;
543 goto parse_filename;
544
5260325f 545 case sStrictModes:
546 intptr = &options->strict_modes;
547 goto parse_flag;
548
549 case sKeepAlives:
550 intptr = &options->keepalives;
551 goto parse_flag;
552
553 case sEmptyPasswd:
554 intptr = &options->permit_empty_passwd;
555 goto parse_flag;
556
557 case sUseLogin:
558 intptr = &options->use_login;
559 goto parse_flag;
560
1d1ffb87 561 case sGatewayPorts:
562 intptr = &options->gateway_ports;
563 goto parse_flag;
564
5260325f 565 case sLogFacility:
566 intptr = (int *) &options->log_facility;
704b1659 567 arg = strdelim(&cp);
089fbbd2 568 value = log_facility_number(arg);
5260325f 569 if (value == (SyslogFacility) - 1)
570 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 571 filename, linenum, arg ? arg : "<NONE>");
5260325f 572 if (*intptr == -1)
573 *intptr = (SyslogFacility) value;
574 break;
575
576 case sLogLevel:
577 intptr = (int *) &options->log_level;
704b1659 578 arg = strdelim(&cp);
089fbbd2 579 value = log_level_number(arg);
5260325f 580 if (value == (LogLevel) - 1)
581 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 582 filename, linenum, arg ? arg : "<NONE>");
5260325f 583 if (*intptr == -1)
584 *intptr = (LogLevel) value;
585 break;
586
33de75a3 587 case sAllowTcpForwarding:
588 intptr = &options->allow_tcp_forwarding;
589 goto parse_flag;
590
5260325f 591 case sAllowUsers:
704b1659 592 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 593 if (options->num_allow_users >= MAX_ALLOW_USERS)
594 fatal("%s line %d: too many allow users.\n",
595 filename, linenum);
089fbbd2 596 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 597 }
598 break;
599
600 case sDenyUsers:
704b1659 601 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 602 if (options->num_deny_users >= MAX_DENY_USERS)
603 fatal( "%s line %d: too many deny users.\n",
604 filename, linenum);
089fbbd2 605 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 606 }
607 break;
608
609 case sAllowGroups:
704b1659 610 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 611 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
612 fatal("%s line %d: too many allow groups.\n",
613 filename, linenum);
089fbbd2 614 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 615 }
616 break;
617
618 case sDenyGroups:
704b1659 619 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 620 if (options->num_deny_groups >= MAX_DENY_GROUPS)
621 fatal("%s line %d: too many deny groups.\n",
622 filename, linenum);
089fbbd2 623 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 624 }
625 break;
626
a8be9f80 627 case sCiphers:
704b1659 628 arg = strdelim(&cp);
089fbbd2 629 if (!arg || *arg == '\0')
71276795 630 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 631 if (!ciphers_valid(arg))
d0c832f3 632 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 633 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 634 if (options->ciphers == NULL)
089fbbd2 635 options->ciphers = xstrdup(arg);
a8be9f80 636 break;
637
638 case sProtocol:
639 intptr = &options->protocol;
704b1659 640 arg = strdelim(&cp);
089fbbd2 641 if (!arg || *arg == '\0')
71276795 642 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 643 value = proto_spec(arg);
a8be9f80 644 if (value == SSH_PROTO_UNKNOWN)
645 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 646 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 647 if (*intptr == SSH_PROTO_UNKNOWN)
648 *intptr = value;
649 break;
650
38c295d6 651 case sSubsystem:
652 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
653 fatal("%s line %d: too many subsystems defined.",
654 filename, linenum);
655 }
704b1659 656 arg = strdelim(&cp);
089fbbd2 657 if (!arg || *arg == '\0')
38c295d6 658 fatal("%s line %d: Missing subsystem name.",
659 filename, linenum);
660 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 661 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 662 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 663 filename, linenum, arg);
664 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 665 arg = strdelim(&cp);
089fbbd2 666 if (!arg || *arg == '\0')
38c295d6 667 fatal("%s line %d: Missing subsystem command.",
668 filename, linenum);
089fbbd2 669 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 670 options->num_subsystems++;
671 break;
672
089fbbd2 673 case sMaxStartups:
c345cf9d 674 arg = strdelim(&cp);
675 if (!arg || *arg == '\0')
676 fatal("%s line %d: Missing MaxStartups spec.",
677 filename, linenum);
678 if (sscanf(arg, "%d:%d:%d",
679 &options->max_startups_begin,
680 &options->max_startups_rate,
681 &options->max_startups) == 3) {
682 if (options->max_startups_begin >
683 options->max_startups ||
684 options->max_startups_rate > 100 ||
685 options->max_startups_rate < 1)
686 fatal("%s line %d: Illegal MaxStartups spec.",
687 filename, linenum);
688 break;
689 }
089fbbd2 690 intptr = &options->max_startups;
691 goto parse_int;
692
eea39c02 693 case sBanner:
694 charptr = &options->banner;
695 goto parse_filename;
696
5260325f 697 default:
698 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 699 filename, linenum, arg, opcode);
5260325f 700 exit(1);
8efc0c15 701 }
704b1659 702 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 703 fprintf(stderr,
704 "%s line %d: garbage at end of line; \"%.200s\".\n",
705 filename, linenum, arg);
5260325f 706 exit(1);
8efc0c15 707 }
8efc0c15 708 }
5260325f 709 fclose(f);
710 if (bad_options > 0) {
711 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
712 filename, bad_options);
713 exit(1);
8efc0c15 714 }
8efc0c15 715}
git-cvsimport mirror of OpenSSH
This page took 0.204946 seconds and 5 git commands to generate.