]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/05/17 21:34:15
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
c98cab9b 13RCSID("$OpenBSD: servconf.c,v 1.79 2001/05/03 21:43:01 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
d464095c 84 options->challenge_reponse_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
3ffc6336 102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
10f72868 104 options->pam_authentication_via_kbd_int = -1;
8efc0c15 105}
106
6ae2364d 107void
5260325f 108fill_default_server_options(ServerOptions *options)
8efc0c15 109{
fa08c86b 110 if (options->protocol == SSH_PROTO_UNKNOWN)
111 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
112 if (options->num_host_key_files == 0) {
113 /* fill default hostkeys for protocols */
114 if (options->protocol & SSH_PROTO_1)
42f11eb2 115 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 116 if (options->protocol & SSH_PROTO_2)
42f11eb2 117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 118 }
48e671d5 119 if (options->num_ports == 0)
120 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
121 if (options->listen_addrs == NULL)
2d2a2c65 122 add_listen_addr(options, NULL, 0);
0fbe8c74 123 if (options->pid_file == NULL)
42f11eb2 124 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 125 if (options->server_key_bits == -1)
126 options->server_key_bits = 768;
127 if (options->login_grace_time == -1)
128 options->login_grace_time = 600;
129 if (options->key_regeneration_time == -1)
130 options->key_regeneration_time = 3600;
15853e93 131 if (options->permit_root_login == PERMIT_NOT_SET)
132 options->permit_root_login = PERMIT_YES;
5260325f 133 if (options->ignore_rhosts == -1)
c8d54615 134 options->ignore_rhosts = 1;
5260325f 135 if (options->ignore_user_known_hosts == -1)
136 options->ignore_user_known_hosts = 0;
137 if (options->check_mail == -1)
138 options->check_mail = 0;
139 if (options->print_motd == -1)
140 options->print_motd = 1;
4f4648f9 141 if (options->print_lastlog == -1)
142 options->print_lastlog = 1;
5260325f 143 if (options->x11_forwarding == -1)
c8d54615 144 options->x11_forwarding = 0;
5260325f 145 if (options->x11_display_offset == -1)
c8d54615 146 options->x11_display_offset = 10;
fa649821 147#ifdef XAUTH_PATH
148 if (options->xauth_location == NULL)
149 options->xauth_location = XAUTH_PATH;
150#endif /* XAUTH_PATH */
5260325f 151 if (options->strict_modes == -1)
152 options->strict_modes = 1;
153 if (options->keepalives == -1)
154 options->keepalives = 1;
155 if (options->log_facility == (SyslogFacility) (-1))
156 options->log_facility = SYSLOG_FACILITY_AUTH;
157 if (options->log_level == (LogLevel) (-1))
59c97189 158 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 159 if (options->rhosts_authentication == -1)
160 options->rhosts_authentication = 0;
161 if (options->rhosts_rsa_authentication == -1)
c8d54615 162 options->rhosts_rsa_authentication = 0;
8002af61 163 if (options->hostbased_authentication == -1)
164 options->hostbased_authentication = 0;
165 if (options->hostbased_uses_name_from_packet_only == -1)
166 options->hostbased_uses_name_from_packet_only = 0;
5260325f 167 if (options->rsa_authentication == -1)
168 options->rsa_authentication = 1;
fa08c86b 169 if (options->pubkey_authentication == -1)
170 options->pubkey_authentication = 1;
8efc0c15 171#ifdef KRB4
5260325f 172 if (options->kerberos_authentication == -1)
173 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
174 if (options->kerberos_or_local_passwd == -1)
175 options->kerberos_or_local_passwd = 1;
176 if (options->kerberos_ticket_cleanup == -1)
177 options->kerberos_ticket_cleanup = 1;
8efc0c15 178#endif /* KRB4 */
179#ifdef AFS
5260325f 180 if (options->kerberos_tgt_passing == -1)
181 options->kerberos_tgt_passing = 0;
182 if (options->afs_token_passing == -1)
183 options->afs_token_passing = k_hasafs();
8efc0c15 184#endif /* AFS */
5260325f 185 if (options->password_authentication == -1)
186 options->password_authentication = 1;
94ec8c6b 187 if (options->kbd_interactive_authentication == -1)
188 options->kbd_interactive_authentication = 0;
d464095c 189 if (options->challenge_reponse_authentication == -1)
190 options->challenge_reponse_authentication = 1;
5260325f 191 if (options->permit_empty_passwd == -1)
c8d54615 192 options->permit_empty_passwd = 0;
5260325f 193 if (options->use_login == -1)
194 options->use_login = 0;
33de75a3 195 if (options->allow_tcp_forwarding == -1)
196 options->allow_tcp_forwarding = 1;
1d1ffb87 197 if (options->gateway_ports == -1)
198 options->gateway_ports = 0;
089fbbd2 199 if (options->max_startups == -1)
200 options->max_startups = 10;
c345cf9d 201 if (options->max_startups_rate == -1)
202 options->max_startups_rate = 100; /* 100% */
203 if (options->max_startups_begin == -1)
204 options->max_startups_begin = options->max_startups;
61e96248 205 if (options->reverse_mapping_check == -1)
206 options->reverse_mapping_check = 0;
3ffc6336 207 if (options->client_alive_interval == -1)
208 options->client_alive_interval = 0;
209 if (options->client_alive_count_max == -1)
210 options->client_alive_count_max = 3;
10f72868 211 if (options->pam_authentication_via_kbd_int == -1)
212 options->pam_authentication_via_kbd_int = 0;
8efc0c15 213}
214
8efc0c15 215/* Keyword tokens. */
5260325f 216typedef enum {
217 sBadOption, /* == unknown option */
218 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
219 sPermitRootLogin, sLogFacility, sLogLevel,
220 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 221#ifdef KRB4
5260325f 222 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 223#endif
224#ifdef AFS
5260325f 225 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 226#endif
d464095c 227 sChallengeResponseAuthentication,
94ec8c6b 228 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 229 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
230 sX11Forwarding, sX11DisplayOffset,
9c81df4c 231 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 232 sUseLogin, sAllowTcpForwarding,
233 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 234 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 235 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 236 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 237 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
10f72868 238 sClientAliveCountMax, sPAMAuthenticationViaKbdInt
8efc0c15 239} ServerOpCodes;
240
241/* Textual representation of the tokens. */
5260325f 242static struct {
243 const char *name;
244 ServerOpCodes opcode;
245} keywords[] = {
246 { "port", sPort },
247 { "hostkey", sHostKeyFile },
fa08c86b 248 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 249 { "pidfile", sPidFile },
5260325f 250 { "serverkeybits", sServerKeyBits },
251 { "logingracetime", sLoginGraceTime },
252 { "keyregenerationinterval", sKeyRegenerationTime },
253 { "permitrootlogin", sPermitRootLogin },
254 { "syslogfacility", sLogFacility },
255 { "loglevel", sLogLevel },
256 { "rhostsauthentication", sRhostsAuthentication },
257 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 258 { "hostbasedauthentication", sHostbasedAuthentication },
259 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 260 { "rsaauthentication", sRSAAuthentication },
fa08c86b 261 { "pubkeyauthentication", sPubkeyAuthentication },
262 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 263#ifdef KRB4
5260325f 264 { "kerberosauthentication", sKerberosAuthentication },
265 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
266 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 267#endif
268#ifdef AFS
5260325f 269 { "kerberostgtpassing", sKerberosTgtPassing },
270 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 271#endif
5260325f 272 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 273 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 274 { "challengeresponseauthentication", sChallengeResponseAuthentication },
275 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 276 { "checkmail", sCheckMail },
277 { "listenaddress", sListenAddress },
278 { "printmotd", sPrintMotd },
4f4648f9 279 { "printlastlog", sPrintLastLog },
5260325f 280 { "ignorerhosts", sIgnoreRhosts },
281 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
282 { "x11forwarding", sX11Forwarding },
283 { "x11displayoffset", sX11DisplayOffset },
fa649821 284 { "xauthlocation", sXAuthLocation },
5260325f 285 { "strictmodes", sStrictModes },
286 { "permitemptypasswords", sEmptyPasswd },
287 { "uselogin", sUseLogin },
5260325f 288 { "keepalive", sKeepAlives },
33de75a3 289 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 290 { "allowusers", sAllowUsers },
291 { "denyusers", sDenyUsers },
292 { "allowgroups", sAllowGroups },
293 { "denygroups", sDenyGroups },
a8be9f80 294 { "ciphers", sCiphers },
b2552997 295 { "macs", sMacs },
a8be9f80 296 { "protocol", sProtocol },
1d1ffb87 297 { "gatewayports", sGatewayPorts },
38c295d6 298 { "subsystem", sSubsystem },
089fbbd2 299 { "maxstartups", sMaxStartups },
eea39c02 300 { "banner", sBanner },
61e96248 301 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 302 { "clientaliveinterval", sClientAliveInterval },
303 { "clientalivecountmax", sClientAliveCountMax },
10f72868 304 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 305 { NULL, 0 }
8efc0c15 306};
307
aa3378df 308/*
6be9a5e8 309 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 310 */
8efc0c15 311
6ae2364d 312static ServerOpCodes
5260325f 313parse_token(const char *cp, const char *filename,
314 int linenum)
8efc0c15 315{
1e3b8b07 316 u_int i;
8efc0c15 317
5260325f 318 for (i = 0; keywords[i].name; i++)
aa3378df 319 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 320 return keywords[i].opcode;
8efc0c15 321
b7c70970 322 error("%s: line %d: Bad configuration option: %s",
323 filename, linenum, cp);
5260325f 324 return sBadOption;
8efc0c15 325}
326
6ae2364d 327void
2d2a2c65 328add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 329{
48e671d5 330 int i;
331
332 if (options->num_ports == 0)
333 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 334 if (port == 0)
d11c1288 335 for (i = 0; i < options->num_ports; i++)
336 add_one_listen_addr(options, addr, options->ports[i]);
337 else
2d2a2c65 338 add_one_listen_addr(options, addr, port);
d11c1288 339}
340
341void
342add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
343{
344 struct addrinfo hints, *ai, *aitop;
345 char strport[NI_MAXSERV];
346 int gaierr;
347
348 memset(&hints, 0, sizeof(hints));
349 hints.ai_family = IPv4or6;
350 hints.ai_socktype = SOCK_STREAM;
351 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
352 snprintf(strport, sizeof strport, "%d", port);
353 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
354 fatal("bad addr or host: %s (%s)",
355 addr ? addr : "<NULL>",
356 gai_strerror(gaierr));
357 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
358 ;
359 ai->ai_next = options->listen_addrs;
360 options->listen_addrs = aitop;
48e671d5 361}
362
8efc0c15 363/* Reads the server configuration file. */
364
6ae2364d 365void
5260325f 366read_server_config(ServerOptions *options, const char *filename)
8efc0c15 367{
5260325f 368 FILE *f;
369 char line[1024];
d11c1288 370 char *cp, **charptr, *arg, *p;
5260325f 371 int linenum, *intptr, value;
372 int bad_options = 0;
373 ServerOpCodes opcode;
38c295d6 374 int i;
5260325f 375
376 f = fopen(filename, "r");
377 if (!f) {
378 perror(filename);
8efc0c15 379 exit(1);
5260325f 380 }
381 linenum = 0;
382 while (fgets(line, sizeof(line), f)) {
383 linenum++;
704b1659 384 cp = line;
385 arg = strdelim(&cp);
386 /* Ignore leading whitespace */
387 if (*arg == '\0')
388 arg = strdelim(&cp);
42f11eb2 389 if (!arg || !*arg || *arg == '#')
5260325f 390 continue;
fa08c86b 391 intptr = NULL;
392 charptr = NULL;
089fbbd2 393 opcode = parse_token(arg, filename, linenum);
5260325f 394 switch (opcode) {
395 case sBadOption:
396 bad_options++;
397 continue;
398 case sPort:
48e671d5 399 /* ignore ports from configfile if cmdline specifies ports */
400 if (options->ports_from_cmdline)
401 continue;
402 if (options->listen_addrs != NULL)
403 fatal("%s line %d: ports must be specified before "
c98cab9b 404 "ListenAdress.", filename, linenum);
48e671d5 405 if (options->num_ports >= MAX_PORTS)
54b974dc 406 fatal("%s line %d: too many ports.",
6ae2364d 407 filename, linenum);
704b1659 408 arg = strdelim(&cp);
089fbbd2 409 if (!arg || *arg == '\0')
54b974dc 410 fatal("%s line %d: missing port number.",
48e671d5 411 filename, linenum);
2d2a2c65 412 options->ports[options->num_ports++] = a2port(arg);
413 if (options->ports[options->num_ports-1] == 0)
414 fatal("%s line %d: Badly formatted port number.",
415 filename, linenum);
48e671d5 416 break;
417
418 case sServerKeyBits:
419 intptr = &options->server_key_bits;
5260325f 420parse_int:
704b1659 421 arg = strdelim(&cp);
b7c70970 422 if (!arg || *arg == '\0')
423 fatal("%s line %d: missing integer value.",
424 filename, linenum);
089fbbd2 425 value = atoi(arg);
5260325f 426 if (*intptr == -1)
427 *intptr = value;
428 break;
429
5260325f 430 case sLoginGraceTime:
431 intptr = &options->login_grace_time;
432 goto parse_int;
433
434 case sKeyRegenerationTime:
435 intptr = &options->key_regeneration_time;
436 goto parse_int;
437
438 case sListenAddress:
704b1659 439 arg = strdelim(&cp);
d11c1288 440 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 441 fatal("%s line %d: missing inet addr.",
48e671d5 442 filename, linenum);
d11c1288 443 if (*arg == '[') {
444 if ((p = strchr(arg, ']')) == NULL)
445 fatal("%s line %d: bad ipv6 inet addr usage.",
446 filename, linenum);
447 arg++;
448 memmove(p, p+1, strlen(p+1)+1);
449 } else if (((p = strchr(arg, ':')) == NULL) ||
450 (strchr(p+1, ':') != NULL)) {
2d2a2c65 451 add_listen_addr(options, arg, 0);
d11c1288 452 break;
453 }
454 if (*p == ':') {
2d2a2c65 455 u_short port;
456
d11c1288 457 p++;
458 if (*p == '\0')
459 fatal("%s line %d: bad inet addr:port usage.",
460 filename, linenum);
461 else {
462 *(p-1) = '\0';
2d2a2c65 463 if ((port = a2port(p)) == 0)
464 fatal("%s line %d: bad port number.",
465 filename, linenum);
466 add_listen_addr(options, arg, port);
d11c1288 467 }
468 } else if (*p == '\0')
2d2a2c65 469 add_listen_addr(options, arg, 0);
d11c1288 470 else
471 fatal("%s line %d: bad inet addr usage.",
472 filename, linenum);
5260325f 473 break;
474
475 case sHostKeyFile:
fa08c86b 476 intptr = &options->num_host_key_files;
b7c70970 477 if (*intptr >= MAX_HOSTKEYS)
478 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 479 filename, linenum, MAX_HOSTKEYS);
fa08c86b 480 charptr = &options->host_key_files[*intptr];
fa649821 481parse_filename:
704b1659 482 arg = strdelim(&cp);
b7c70970 483 if (!arg || *arg == '\0')
484 fatal("%s line %d: missing file name.",
0fbe8c74 485 filename, linenum);
fa08c86b 486 if (*charptr == NULL) {
089fbbd2 487 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 488 /* increase optional counter */
489 if (intptr != NULL)
490 *intptr = *intptr + 1;
491 }
0fbe8c74 492 break;
493
494 case sPidFile:
495 charptr = &options->pid_file;
fa649821 496 goto parse_filename;
5260325f 497
5260325f 498 case sPermitRootLogin:
499 intptr = &options->permit_root_login;
704b1659 500 arg = strdelim(&cp);
b7c70970 501 if (!arg || *arg == '\0')
502 fatal("%s line %d: missing yes/"
7c8f2a26 503 "without-password/forced-commands-only/no "
b7c70970 504 "argument.", filename, linenum);
505 value = 0; /* silence compiler */
089fbbd2 506 if (strcmp(arg, "without-password") == 0)
15853e93 507 value = PERMIT_NO_PASSWD;
508 else if (strcmp(arg, "forced-commands-only") == 0)
509 value = PERMIT_FORCED_ONLY;
089fbbd2 510 else if (strcmp(arg, "yes") == 0)
15853e93 511 value = PERMIT_YES;
089fbbd2 512 else if (strcmp(arg, "no") == 0)
15853e93 513 value = PERMIT_NO;
b7c70970 514 else
515 fatal("%s line %d: Bad yes/"
15853e93 516 "without-password/forced-commands-only/no "
b7c70970 517 "argument: %s", filename, linenum, arg);
5260325f 518 if (*intptr == -1)
519 *intptr = value;
520 break;
521
522 case sIgnoreRhosts:
523 intptr = &options->ignore_rhosts;
524parse_flag:
704b1659 525 arg = strdelim(&cp);
b7c70970 526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/no argument.",
528 filename, linenum);
529 value = 0; /* silence compiler */
089fbbd2 530 if (strcmp(arg, "yes") == 0)
5260325f 531 value = 1;
089fbbd2 532 else if (strcmp(arg, "no") == 0)
5260325f 533 value = 0;
b7c70970 534 else
535 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 536 filename, linenum, arg);
5260325f 537 if (*intptr == -1)
538 *intptr = value;
539 break;
540
541 case sIgnoreUserKnownHosts:
542 intptr = &options->ignore_user_known_hosts;
c8d54615 543 goto parse_flag;
5260325f 544
545 case sRhostsAuthentication:
546 intptr = &options->rhosts_authentication;
547 goto parse_flag;
548
549 case sRhostsRSAAuthentication:
550 intptr = &options->rhosts_rsa_authentication;
551 goto parse_flag;
552
8002af61 553 case sHostbasedAuthentication:
554 intptr = &options->hostbased_authentication;
555 goto parse_flag;
556
557 case sHostbasedUsesNameFromPacketOnly:
558 intptr = &options->hostbased_uses_name_from_packet_only;
559 goto parse_flag;
560
5260325f 561 case sRSAAuthentication:
562 intptr = &options->rsa_authentication;
563 goto parse_flag;
564
fa08c86b 565 case sPubkeyAuthentication:
566 intptr = &options->pubkey_authentication;
1d1ffb87 567 goto parse_flag;
568
8efc0c15 569#ifdef KRB4
5260325f 570 case sKerberosAuthentication:
571 intptr = &options->kerberos_authentication;
572 goto parse_flag;
573
574 case sKerberosOrLocalPasswd:
575 intptr = &options->kerberos_or_local_passwd;
576 goto parse_flag;
577
578 case sKerberosTicketCleanup:
579 intptr = &options->kerberos_ticket_cleanup;
580 goto parse_flag;
8efc0c15 581#endif
5260325f 582
8efc0c15 583#ifdef AFS
5260325f 584 case sKerberosTgtPassing:
585 intptr = &options->kerberos_tgt_passing;
586 goto parse_flag;
8efc0c15 587
5260325f 588 case sAFSTokenPassing:
589 intptr = &options->afs_token_passing;
590 goto parse_flag;
8efc0c15 591#endif
592
5260325f 593 case sPasswordAuthentication:
594 intptr = &options->password_authentication;
595 goto parse_flag;
8efc0c15 596
94ec8c6b 597 case sKbdInteractiveAuthentication:
598 intptr = &options->kbd_interactive_authentication;
599 goto parse_flag;
600
5260325f 601 case sCheckMail:
602 intptr = &options->check_mail;
603 goto parse_flag;
8efc0c15 604
d464095c 605 case sChallengeResponseAuthentication:
606 intptr = &options->challenge_reponse_authentication;
5260325f 607 goto parse_flag;
8efc0c15 608
5260325f 609 case sPrintMotd:
610 intptr = &options->print_motd;
611 goto parse_flag;
612
4f4648f9 613 case sPrintLastLog:
614 intptr = &options->print_lastlog;
615 goto parse_flag;
616
5260325f 617 case sX11Forwarding:
618 intptr = &options->x11_forwarding;
619 goto parse_flag;
620
621 case sX11DisplayOffset:
622 intptr = &options->x11_display_offset;
623 goto parse_int;
624
fa649821 625 case sXAuthLocation:
626 charptr = &options->xauth_location;
627 goto parse_filename;
2b87da3b 628
5260325f 629 case sStrictModes:
630 intptr = &options->strict_modes;
631 goto parse_flag;
632
633 case sKeepAlives:
634 intptr = &options->keepalives;
635 goto parse_flag;
636
637 case sEmptyPasswd:
638 intptr = &options->permit_empty_passwd;
639 goto parse_flag;
640
641 case sUseLogin:
642 intptr = &options->use_login;
643 goto parse_flag;
644
1d1ffb87 645 case sGatewayPorts:
646 intptr = &options->gateway_ports;
647 goto parse_flag;
648
61e96248 649 case sReverseMappingCheck:
650 intptr = &options->reverse_mapping_check;
651 goto parse_flag;
652
5260325f 653 case sLogFacility:
654 intptr = (int *) &options->log_facility;
704b1659 655 arg = strdelim(&cp);
089fbbd2 656 value = log_facility_number(arg);
5260325f 657 if (value == (SyslogFacility) - 1)
54b974dc 658 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 659 filename, linenum, arg ? arg : "<NONE>");
5260325f 660 if (*intptr == -1)
661 *intptr = (SyslogFacility) value;
662 break;
663
664 case sLogLevel:
665 intptr = (int *) &options->log_level;
704b1659 666 arg = strdelim(&cp);
089fbbd2 667 value = log_level_number(arg);
5260325f 668 if (value == (LogLevel) - 1)
54b974dc 669 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 670 filename, linenum, arg ? arg : "<NONE>");
5260325f 671 if (*intptr == -1)
672 *intptr = (LogLevel) value;
673 break;
674
33de75a3 675 case sAllowTcpForwarding:
676 intptr = &options->allow_tcp_forwarding;
677 goto parse_flag;
678
5260325f 679 case sAllowUsers:
704b1659 680 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 681 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 682 fatal("%s line %d: too many allow users.",
a8be9f80 683 filename, linenum);
089fbbd2 684 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 685 }
686 break;
687
688 case sDenyUsers:
704b1659 689 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 690 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 691 fatal( "%s line %d: too many deny users.",
a8be9f80 692 filename, linenum);
089fbbd2 693 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 694 }
695 break;
696
697 case sAllowGroups:
704b1659 698 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 699 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 700 fatal("%s line %d: too many allow groups.",
a8be9f80 701 filename, linenum);
089fbbd2 702 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 703 }
704 break;
705
706 case sDenyGroups:
704b1659 707 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 708 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 709 fatal("%s line %d: too many deny groups.",
a8be9f80 710 filename, linenum);
089fbbd2 711 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 712 }
713 break;
714
a8be9f80 715 case sCiphers:
704b1659 716 arg = strdelim(&cp);
089fbbd2 717 if (!arg || *arg == '\0')
71276795 718 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 719 if (!ciphers_valid(arg))
d0c832f3 720 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 721 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 722 if (options->ciphers == NULL)
089fbbd2 723 options->ciphers = xstrdup(arg);
a8be9f80 724 break;
725
b2552997 726 case sMacs:
727 arg = strdelim(&cp);
728 if (!arg || *arg == '\0')
729 fatal("%s line %d: Missing argument.", filename, linenum);
730 if (!mac_valid(arg))
731 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
732 filename, linenum, arg ? arg : "<NONE>");
733 if (options->macs == NULL)
734 options->macs = xstrdup(arg);
735 break;
736
a8be9f80 737 case sProtocol:
738 intptr = &options->protocol;
704b1659 739 arg = strdelim(&cp);
089fbbd2 740 if (!arg || *arg == '\0')
71276795 741 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 742 value = proto_spec(arg);
a8be9f80 743 if (value == SSH_PROTO_UNKNOWN)
744 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 745 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 746 if (*intptr == SSH_PROTO_UNKNOWN)
747 *intptr = value;
748 break;
749
38c295d6 750 case sSubsystem:
751 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
752 fatal("%s line %d: too many subsystems defined.",
753 filename, linenum);
754 }
704b1659 755 arg = strdelim(&cp);
089fbbd2 756 if (!arg || *arg == '\0')
38c295d6 757 fatal("%s line %d: Missing subsystem name.",
758 filename, linenum);
759 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 760 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 761 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 762 filename, linenum, arg);
763 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 764 arg = strdelim(&cp);
089fbbd2 765 if (!arg || *arg == '\0')
38c295d6 766 fatal("%s line %d: Missing subsystem command.",
767 filename, linenum);
089fbbd2 768 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 769 options->num_subsystems++;
770 break;
771
089fbbd2 772 case sMaxStartups:
c345cf9d 773 arg = strdelim(&cp);
774 if (!arg || *arg == '\0')
775 fatal("%s line %d: Missing MaxStartups spec.",
776 filename, linenum);
777 if (sscanf(arg, "%d:%d:%d",
778 &options->max_startups_begin,
779 &options->max_startups_rate,
780 &options->max_startups) == 3) {
781 if (options->max_startups_begin >
782 options->max_startups ||
783 options->max_startups_rate > 100 ||
784 options->max_startups_rate < 1)
785 fatal("%s line %d: Illegal MaxStartups spec.",
786 filename, linenum);
787 break;
788 }
089fbbd2 789 intptr = &options->max_startups;
790 goto parse_int;
791
eea39c02 792 case sBanner:
793 charptr = &options->banner;
794 goto parse_filename;
3ffc6336 795 case sClientAliveInterval:
796 intptr = &options->client_alive_interval;
797 goto parse_int;
798 case sClientAliveCountMax:
799 intptr = &options->client_alive_count_max;
800 goto parse_int;
10f72868 801 case sPAMAuthenticationViaKbdInt:
802 intptr = &options->pam_authentication_via_kbd_int;
803 goto parse_flag;
804
5260325f 805 default:
b7c70970 806 fatal("%s line %d: Missing handler for opcode %s (%d)",
807 filename, linenum, arg, opcode);
8efc0c15 808 }
b7c70970 809 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
810 fatal("%s line %d: garbage at end of line; \"%.200s\".",
811 filename, linenum, arg);
8efc0c15 812 }
5260325f 813 fclose(f);
b7c70970 814 if (bad_options > 0)
815 fatal("%s: terminating, %d bad configuration options",
816 filename, bad_options);
8efc0c15 817}
git-cvsimport mirror of OpenSSH
This page took 0.248187 seconds and 5 git commands to generate.