]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
54b974dc 13RCSID("$OpenBSD: servconf.c,v 1.70 2001/03/04 17:42:28 millert Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
35void add_listen_addr(ServerOptions *options, char *addr);
36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->check_mail = -1;
59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
68 options->rsa_authentication = -1;
fa08c86b 69 options->pubkey_authentication = -1;
8efc0c15 70#ifdef KRB4
5260325f 71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
8efc0c15 74#endif
75#ifdef AFS
5260325f 76 options->kerberos_tgt_passing = -1;
77 options->afs_token_passing = -1;
8efc0c15 78#endif
5260325f 79 options->password_authentication = -1;
94ec8c6b 80 options->kbd_interactive_authentication = -1;
d464095c 81 options->challenge_reponse_authentication = -1;
5260325f 82 options->permit_empty_passwd = -1;
83 options->use_login = -1;
33de75a3 84 options->allow_tcp_forwarding = -1;
5260325f 85 options->num_allow_users = 0;
86 options->num_deny_users = 0;
87 options->num_allow_groups = 0;
88 options->num_deny_groups = 0;
a8be9f80 89 options->ciphers = NULL;
b2552997 90 options->macs = NULL;
a8be9f80 91 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 92 options->gateway_ports = -1;
38c295d6 93 options->num_subsystems = 0;
c345cf9d 94 options->max_startups_begin = -1;
95 options->max_startups_rate = -1;
089fbbd2 96 options->max_startups = -1;
eea39c02 97 options->banner = NULL;
61e96248 98 options->reverse_mapping_check = -1;
8efc0c15 99}
100
6ae2364d 101void
5260325f 102fill_default_server_options(ServerOptions *options)
8efc0c15 103{
fa08c86b 104 if (options->protocol == SSH_PROTO_UNKNOWN)
105 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
106 if (options->num_host_key_files == 0) {
107 /* fill default hostkeys for protocols */
108 if (options->protocol & SSH_PROTO_1)
42f11eb2 109 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 110 if (options->protocol & SSH_PROTO_2)
42f11eb2 111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 112 }
48e671d5 113 if (options->num_ports == 0)
114 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
115 if (options->listen_addrs == NULL)
116 add_listen_addr(options, NULL);
0fbe8c74 117 if (options->pid_file == NULL)
42f11eb2 118 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 119 if (options->server_key_bits == -1)
120 options->server_key_bits = 768;
121 if (options->login_grace_time == -1)
122 options->login_grace_time = 600;
123 if (options->key_regeneration_time == -1)
124 options->key_regeneration_time = 3600;
15853e93 125 if (options->permit_root_login == PERMIT_NOT_SET)
126 options->permit_root_login = PERMIT_YES;
5260325f 127 if (options->ignore_rhosts == -1)
c8d54615 128 options->ignore_rhosts = 1;
5260325f 129 if (options->ignore_user_known_hosts == -1)
130 options->ignore_user_known_hosts = 0;
131 if (options->check_mail == -1)
132 options->check_mail = 0;
133 if (options->print_motd == -1)
134 options->print_motd = 1;
135 if (options->x11_forwarding == -1)
c8d54615 136 options->x11_forwarding = 0;
5260325f 137 if (options->x11_display_offset == -1)
c8d54615 138 options->x11_display_offset = 10;
fa649821 139#ifdef XAUTH_PATH
140 if (options->xauth_location == NULL)
141 options->xauth_location = XAUTH_PATH;
142#endif /* XAUTH_PATH */
5260325f 143 if (options->strict_modes == -1)
144 options->strict_modes = 1;
145 if (options->keepalives == -1)
146 options->keepalives = 1;
147 if (options->log_facility == (SyslogFacility) (-1))
148 options->log_facility = SYSLOG_FACILITY_AUTH;
149 if (options->log_level == (LogLevel) (-1))
59c97189 150 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 151 if (options->rhosts_authentication == -1)
152 options->rhosts_authentication = 0;
153 if (options->rhosts_rsa_authentication == -1)
c8d54615 154 options->rhosts_rsa_authentication = 0;
5260325f 155 if (options->rsa_authentication == -1)
156 options->rsa_authentication = 1;
fa08c86b 157 if (options->pubkey_authentication == -1)
158 options->pubkey_authentication = 1;
8efc0c15 159#ifdef KRB4
5260325f 160 if (options->kerberos_authentication == -1)
161 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
162 if (options->kerberos_or_local_passwd == -1)
163 options->kerberos_or_local_passwd = 1;
164 if (options->kerberos_ticket_cleanup == -1)
165 options->kerberos_ticket_cleanup = 1;
8efc0c15 166#endif /* KRB4 */
167#ifdef AFS
5260325f 168 if (options->kerberos_tgt_passing == -1)
169 options->kerberos_tgt_passing = 0;
170 if (options->afs_token_passing == -1)
171 options->afs_token_passing = k_hasafs();
8efc0c15 172#endif /* AFS */
5260325f 173 if (options->password_authentication == -1)
174 options->password_authentication = 1;
94ec8c6b 175 if (options->kbd_interactive_authentication == -1)
176 options->kbd_interactive_authentication = 0;
d464095c 177 if (options->challenge_reponse_authentication == -1)
178 options->challenge_reponse_authentication = 1;
5260325f 179 if (options->permit_empty_passwd == -1)
c8d54615 180 options->permit_empty_passwd = 0;
5260325f 181 if (options->use_login == -1)
182 options->use_login = 0;
33de75a3 183 if (options->allow_tcp_forwarding == -1)
184 options->allow_tcp_forwarding = 1;
1d1ffb87 185 if (options->gateway_ports == -1)
186 options->gateway_ports = 0;
089fbbd2 187 if (options->max_startups == -1)
188 options->max_startups = 10;
c345cf9d 189 if (options->max_startups_rate == -1)
190 options->max_startups_rate = 100; /* 100% */
191 if (options->max_startups_begin == -1)
192 options->max_startups_begin = options->max_startups;
61e96248 193 if (options->reverse_mapping_check == -1)
194 options->reverse_mapping_check = 0;
8efc0c15 195}
196
8efc0c15 197/* Keyword tokens. */
5260325f 198typedef enum {
199 sBadOption, /* == unknown option */
200 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
201 sPermitRootLogin, sLogFacility, sLogLevel,
202 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 203#ifdef KRB4
5260325f 204 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 205#endif
206#ifdef AFS
5260325f 207 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 208#endif
d464095c 209 sChallengeResponseAuthentication,
94ec8c6b 210 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 211 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
9c81df4c 212 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 213 sUseLogin, sAllowTcpForwarding,
214 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 215 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 216 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 217 sBanner, sReverseMappingCheck
8efc0c15 218} ServerOpCodes;
219
220/* Textual representation of the tokens. */
5260325f 221static struct {
222 const char *name;
223 ServerOpCodes opcode;
224} keywords[] = {
225 { "port", sPort },
226 { "hostkey", sHostKeyFile },
fa08c86b 227 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 228 { "pidfile", sPidFile },
5260325f 229 { "serverkeybits", sServerKeyBits },
230 { "logingracetime", sLoginGraceTime },
231 { "keyregenerationinterval", sKeyRegenerationTime },
232 { "permitrootlogin", sPermitRootLogin },
233 { "syslogfacility", sLogFacility },
234 { "loglevel", sLogLevel },
235 { "rhostsauthentication", sRhostsAuthentication },
236 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
237 { "rsaauthentication", sRSAAuthentication },
fa08c86b 238 { "pubkeyauthentication", sPubkeyAuthentication },
239 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 240#ifdef KRB4
5260325f 241 { "kerberosauthentication", sKerberosAuthentication },
242 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
243 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 244#endif
245#ifdef AFS
5260325f 246 { "kerberostgtpassing", sKerberosTgtPassing },
247 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 248#endif
5260325f 249 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 250 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 251 { "challengeresponseauthentication", sChallengeResponseAuthentication },
252 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 253 { "checkmail", sCheckMail },
254 { "listenaddress", sListenAddress },
255 { "printmotd", sPrintMotd },
256 { "ignorerhosts", sIgnoreRhosts },
257 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
258 { "x11forwarding", sX11Forwarding },
259 { "x11displayoffset", sX11DisplayOffset },
fa649821 260 { "xauthlocation", sXAuthLocation },
5260325f 261 { "strictmodes", sStrictModes },
262 { "permitemptypasswords", sEmptyPasswd },
263 { "uselogin", sUseLogin },
5260325f 264 { "keepalive", sKeepAlives },
33de75a3 265 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 266 { "allowusers", sAllowUsers },
267 { "denyusers", sDenyUsers },
268 { "allowgroups", sAllowGroups },
269 { "denygroups", sDenyGroups },
a8be9f80 270 { "ciphers", sCiphers },
b2552997 271 { "macs", sMacs },
a8be9f80 272 { "protocol", sProtocol },
1d1ffb87 273 { "gatewayports", sGatewayPorts },
38c295d6 274 { "subsystem", sSubsystem },
089fbbd2 275 { "maxstartups", sMaxStartups },
eea39c02 276 { "banner", sBanner },
61e96248 277 { "reversemappingcheck", sReverseMappingCheck },
5260325f 278 { NULL, 0 }
8efc0c15 279};
280
aa3378df 281/*
282 * Returns the number of the token pointed to by cp of length len. Never
283 * returns if the token is not known.
284 */
8efc0c15 285
6ae2364d 286static ServerOpCodes
5260325f 287parse_token(const char *cp, const char *filename,
288 int linenum)
8efc0c15 289{
1e3b8b07 290 u_int i;
8efc0c15 291
5260325f 292 for (i = 0; keywords[i].name; i++)
aa3378df 293 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 294 return keywords[i].opcode;
8efc0c15 295
5260325f 296 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
297 filename, linenum, cp);
298 return sBadOption;
8efc0c15 299}
300
48e671d5 301/*
302 * add listen address
303 */
6ae2364d 304void
48e671d5 305add_listen_addr(ServerOptions *options, char *addr)
306{
48e671d5 307 struct addrinfo hints, *ai, *aitop;
308 char strport[NI_MAXSERV];
309 int gaierr;
310 int i;
311
312 if (options->num_ports == 0)
313 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
314 for (i = 0; i < options->num_ports; i++) {
315 memset(&hints, 0, sizeof(hints));
316 hints.ai_family = IPv4or6;
317 hints.ai_socktype = SOCK_STREAM;
318 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
319 snprintf(strport, sizeof strport, "%d", options->ports[i]);
320 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
54b974dc 321 fatal("bad addr or host: %s (%s)",
48e671d5 322 addr ? addr : "<NULL>",
323 gai_strerror(gaierr));
324 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
325 ;
326 ai->ai_next = options->listen_addrs;
327 options->listen_addrs = aitop;
328 }
329}
330
8efc0c15 331/* Reads the server configuration file. */
332
6ae2364d 333void
5260325f 334read_server_config(ServerOptions *options, const char *filename)
8efc0c15 335{
5260325f 336 FILE *f;
337 char line[1024];
089fbbd2 338 char *cp, **charptr, *arg;
5260325f 339 int linenum, *intptr, value;
340 int bad_options = 0;
341 ServerOpCodes opcode;
38c295d6 342 int i;
5260325f 343
344 f = fopen(filename, "r");
345 if (!f) {
346 perror(filename);
8efc0c15 347 exit(1);
5260325f 348 }
349 linenum = 0;
350 while (fgets(line, sizeof(line), f)) {
351 linenum++;
704b1659 352 cp = line;
353 arg = strdelim(&cp);
354 /* Ignore leading whitespace */
355 if (*arg == '\0')
356 arg = strdelim(&cp);
42f11eb2 357 if (!arg || !*arg || *arg == '#')
5260325f 358 continue;
fa08c86b 359 intptr = NULL;
360 charptr = NULL;
089fbbd2 361 opcode = parse_token(arg, filename, linenum);
5260325f 362 switch (opcode) {
363 case sBadOption:
364 bad_options++;
365 continue;
366 case sPort:
48e671d5 367 /* ignore ports from configfile if cmdline specifies ports */
368 if (options->ports_from_cmdline)
369 continue;
370 if (options->listen_addrs != NULL)
371 fatal("%s line %d: ports must be specified before "
372 "ListenAdress.\n", filename, linenum);
373 if (options->num_ports >= MAX_PORTS)
54b974dc 374 fatal("%s line %d: too many ports.",
6ae2364d 375 filename, linenum);
704b1659 376 arg = strdelim(&cp);
089fbbd2 377 if (!arg || *arg == '\0')
54b974dc 378 fatal("%s line %d: missing port number.",
48e671d5 379 filename, linenum);
089fbbd2 380 options->ports[options->num_ports++] = atoi(arg);
48e671d5 381 break;
382
383 case sServerKeyBits:
384 intptr = &options->server_key_bits;
5260325f 385parse_int:
704b1659 386 arg = strdelim(&cp);
089fbbd2 387 if (!arg || *arg == '\0') {
5260325f 388 fprintf(stderr, "%s line %d: missing integer value.\n",
389 filename, linenum);
390 exit(1);
391 }
089fbbd2 392 value = atoi(arg);
5260325f 393 if (*intptr == -1)
394 *intptr = value;
395 break;
396
5260325f 397 case sLoginGraceTime:
398 intptr = &options->login_grace_time;
399 goto parse_int;
400
401 case sKeyRegenerationTime:
402 intptr = &options->key_regeneration_time;
403 goto parse_int;
404
405 case sListenAddress:
704b1659 406 arg = strdelim(&cp);
089fbbd2 407 if (!arg || *arg == '\0')
54b974dc 408 fatal("%s line %d: missing inet addr.",
48e671d5 409 filename, linenum);
089fbbd2 410 add_listen_addr(options, arg);
5260325f 411 break;
412
413 case sHostKeyFile:
fa08c86b 414 intptr = &options->num_host_key_files;
415 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 416 fprintf(stderr,
417 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 418 filename, linenum, MAX_HOSTKEYS);
419 exit(1);
420 }
421 charptr = &options->host_key_files[*intptr];
fa649821 422parse_filename:
704b1659 423 arg = strdelim(&cp);
089fbbd2 424 if (!arg || *arg == '\0') {
5260325f 425 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 426 filename, linenum);
427 exit(1);
428 }
fa08c86b 429 if (*charptr == NULL) {
089fbbd2 430 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 431 /* increase optional counter */
432 if (intptr != NULL)
433 *intptr = *intptr + 1;
434 }
0fbe8c74 435 break;
436
437 case sPidFile:
438 charptr = &options->pid_file;
fa649821 439 goto parse_filename;
5260325f 440
5260325f 441 case sPermitRootLogin:
442 intptr = &options->permit_root_login;
704b1659 443 arg = strdelim(&cp);
089fbbd2 444 if (!arg || *arg == '\0') {
5260325f 445 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
446 filename, linenum);
447 exit(1);
448 }
089fbbd2 449 if (strcmp(arg, "without-password") == 0)
15853e93 450 value = PERMIT_NO_PASSWD;
451 else if (strcmp(arg, "forced-commands-only") == 0)
452 value = PERMIT_FORCED_ONLY;
089fbbd2 453 else if (strcmp(arg, "yes") == 0)
15853e93 454 value = PERMIT_YES;
089fbbd2 455 else if (strcmp(arg, "no") == 0)
15853e93 456 value = PERMIT_NO;
5260325f 457 else {
15853e93 458 fprintf(stderr, "%s line %d: Bad yes/"
459 "without-password/forced-commands-only/no "
460 "argument: %s\n", filename, linenum, arg);
5260325f 461 exit(1);
462 }
463 if (*intptr == -1)
464 *intptr = value;
465 break;
466
467 case sIgnoreRhosts:
468 intptr = &options->ignore_rhosts;
469parse_flag:
704b1659 470 arg = strdelim(&cp);
089fbbd2 471 if (!arg || *arg == '\0') {
5260325f 472 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
473 filename, linenum);
474 exit(1);
475 }
089fbbd2 476 if (strcmp(arg, "yes") == 0)
5260325f 477 value = 1;
089fbbd2 478 else if (strcmp(arg, "no") == 0)
5260325f 479 value = 0;
480 else {
481 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 482 filename, linenum, arg);
5260325f 483 exit(1);
484 }
485 if (*intptr == -1)
486 *intptr = value;
487 break;
488
489 case sIgnoreUserKnownHosts:
490 intptr = &options->ignore_user_known_hosts;
c8d54615 491 goto parse_flag;
5260325f 492
493 case sRhostsAuthentication:
494 intptr = &options->rhosts_authentication;
495 goto parse_flag;
496
497 case sRhostsRSAAuthentication:
498 intptr = &options->rhosts_rsa_authentication;
499 goto parse_flag;
500
501 case sRSAAuthentication:
502 intptr = &options->rsa_authentication;
503 goto parse_flag;
504
fa08c86b 505 case sPubkeyAuthentication:
506 intptr = &options->pubkey_authentication;
1d1ffb87 507 goto parse_flag;
508
8efc0c15 509#ifdef KRB4
5260325f 510 case sKerberosAuthentication:
511 intptr = &options->kerberos_authentication;
512 goto parse_flag;
513
514 case sKerberosOrLocalPasswd:
515 intptr = &options->kerberos_or_local_passwd;
516 goto parse_flag;
517
518 case sKerberosTicketCleanup:
519 intptr = &options->kerberos_ticket_cleanup;
520 goto parse_flag;
8efc0c15 521#endif
5260325f 522
8efc0c15 523#ifdef AFS
5260325f 524 case sKerberosTgtPassing:
525 intptr = &options->kerberos_tgt_passing;
526 goto parse_flag;
8efc0c15 527
5260325f 528 case sAFSTokenPassing:
529 intptr = &options->afs_token_passing;
530 goto parse_flag;
8efc0c15 531#endif
532
5260325f 533 case sPasswordAuthentication:
534 intptr = &options->password_authentication;
535 goto parse_flag;
8efc0c15 536
94ec8c6b 537 case sKbdInteractiveAuthentication:
538 intptr = &options->kbd_interactive_authentication;
539 goto parse_flag;
540
5260325f 541 case sCheckMail:
542 intptr = &options->check_mail;
543 goto parse_flag;
8efc0c15 544
d464095c 545 case sChallengeResponseAuthentication:
546 intptr = &options->challenge_reponse_authentication;
5260325f 547 goto parse_flag;
8efc0c15 548
5260325f 549 case sPrintMotd:
550 intptr = &options->print_motd;
551 goto parse_flag;
552
553 case sX11Forwarding:
554 intptr = &options->x11_forwarding;
555 goto parse_flag;
556
557 case sX11DisplayOffset:
558 intptr = &options->x11_display_offset;
559 goto parse_int;
560
fa649821 561 case sXAuthLocation:
562 charptr = &options->xauth_location;
563 goto parse_filename;
2b87da3b 564
5260325f 565 case sStrictModes:
566 intptr = &options->strict_modes;
567 goto parse_flag;
568
569 case sKeepAlives:
570 intptr = &options->keepalives;
571 goto parse_flag;
572
573 case sEmptyPasswd:
574 intptr = &options->permit_empty_passwd;
575 goto parse_flag;
576
577 case sUseLogin:
578 intptr = &options->use_login;
579 goto parse_flag;
580
1d1ffb87 581 case sGatewayPorts:
582 intptr = &options->gateway_ports;
583 goto parse_flag;
584
61e96248 585 case sReverseMappingCheck:
586 intptr = &options->reverse_mapping_check;
587 goto parse_flag;
588
5260325f 589 case sLogFacility:
590 intptr = (int *) &options->log_facility;
704b1659 591 arg = strdelim(&cp);
089fbbd2 592 value = log_facility_number(arg);
5260325f 593 if (value == (SyslogFacility) - 1)
54b974dc 594 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 595 filename, linenum, arg ? arg : "<NONE>");
5260325f 596 if (*intptr == -1)
597 *intptr = (SyslogFacility) value;
598 break;
599
600 case sLogLevel:
601 intptr = (int *) &options->log_level;
704b1659 602 arg = strdelim(&cp);
089fbbd2 603 value = log_level_number(arg);
5260325f 604 if (value == (LogLevel) - 1)
54b974dc 605 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 606 filename, linenum, arg ? arg : "<NONE>");
5260325f 607 if (*intptr == -1)
608 *intptr = (LogLevel) value;
609 break;
610
33de75a3 611 case sAllowTcpForwarding:
612 intptr = &options->allow_tcp_forwarding;
613 goto parse_flag;
614
5260325f 615 case sAllowUsers:
704b1659 616 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 617 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 618 fatal("%s line %d: too many allow users.",
a8be9f80 619 filename, linenum);
089fbbd2 620 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 621 }
622 break;
623
624 case sDenyUsers:
704b1659 625 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 626 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 627 fatal( "%s line %d: too many deny users.",
a8be9f80 628 filename, linenum);
089fbbd2 629 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 630 }
631 break;
632
633 case sAllowGroups:
704b1659 634 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 635 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 636 fatal("%s line %d: too many allow groups.",
a8be9f80 637 filename, linenum);
089fbbd2 638 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 639 }
640 break;
641
642 case sDenyGroups:
704b1659 643 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 644 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 645 fatal("%s line %d: too many deny groups.",
a8be9f80 646 filename, linenum);
089fbbd2 647 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 648 }
649 break;
650
a8be9f80 651 case sCiphers:
704b1659 652 arg = strdelim(&cp);
089fbbd2 653 if (!arg || *arg == '\0')
71276795 654 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 655 if (!ciphers_valid(arg))
d0c832f3 656 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 657 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 658 if (options->ciphers == NULL)
089fbbd2 659 options->ciphers = xstrdup(arg);
a8be9f80 660 break;
661
b2552997 662 case sMacs:
663 arg = strdelim(&cp);
664 if (!arg || *arg == '\0')
665 fatal("%s line %d: Missing argument.", filename, linenum);
666 if (!mac_valid(arg))
667 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
668 filename, linenum, arg ? arg : "<NONE>");
669 if (options->macs == NULL)
670 options->macs = xstrdup(arg);
671 break;
672
a8be9f80 673 case sProtocol:
674 intptr = &options->protocol;
704b1659 675 arg = strdelim(&cp);
089fbbd2 676 if (!arg || *arg == '\0')
71276795 677 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 678 value = proto_spec(arg);
a8be9f80 679 if (value == SSH_PROTO_UNKNOWN)
680 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 681 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 682 if (*intptr == SSH_PROTO_UNKNOWN)
683 *intptr = value;
684 break;
685
38c295d6 686 case sSubsystem:
687 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
688 fatal("%s line %d: too many subsystems defined.",
689 filename, linenum);
690 }
704b1659 691 arg = strdelim(&cp);
089fbbd2 692 if (!arg || *arg == '\0')
38c295d6 693 fatal("%s line %d: Missing subsystem name.",
694 filename, linenum);
695 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 696 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 697 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 698 filename, linenum, arg);
699 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 700 arg = strdelim(&cp);
089fbbd2 701 if (!arg || *arg == '\0')
38c295d6 702 fatal("%s line %d: Missing subsystem command.",
703 filename, linenum);
089fbbd2 704 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 705 options->num_subsystems++;
706 break;
707
089fbbd2 708 case sMaxStartups:
c345cf9d 709 arg = strdelim(&cp);
710 if (!arg || *arg == '\0')
711 fatal("%s line %d: Missing MaxStartups spec.",
712 filename, linenum);
713 if (sscanf(arg, "%d:%d:%d",
714 &options->max_startups_begin,
715 &options->max_startups_rate,
716 &options->max_startups) == 3) {
717 if (options->max_startups_begin >
718 options->max_startups ||
719 options->max_startups_rate > 100 ||
720 options->max_startups_rate < 1)
721 fatal("%s line %d: Illegal MaxStartups spec.",
722 filename, linenum);
723 break;
724 }
089fbbd2 725 intptr = &options->max_startups;
726 goto parse_int;
727
eea39c02 728 case sBanner:
729 charptr = &options->banner;
730 goto parse_filename;
2b87da3b 731
5260325f 732 default:
733 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 734 filename, linenum, arg, opcode);
5260325f 735 exit(1);
8efc0c15 736 }
704b1659 737 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 738 fprintf(stderr,
089fbbd2 739 "%s line %d: garbage at end of line; \"%.200s\".\n",
740 filename, linenum, arg);
5260325f 741 exit(1);
8efc0c15 742 }
8efc0c15 743 }
5260325f 744 fclose(f);
745 if (bad_options > 0) {
746 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
747 filename, bad_options);
748 exit(1);
8efc0c15 749 }
8efc0c15 750}
git-cvsimport mirror of OpenSSH
This page took 0.220102 seconds and 5 git commands to generate.