]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/11/11 13:02:31
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
5df83e07 13RCSID("$OpenBSD: servconf.c,v 1.90 2001/11/11 13:02:31 markus Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
8002af61 68 options->hostbased_authentication = -1;
69 options->hostbased_uses_name_from_packet_only = -1;
5260325f 70 options->rsa_authentication = -1;
fa08c86b 71 options->pubkey_authentication = -1;
ced49be2 72#if defined(KRB4) || defined(KRB5)
5260325f 73 options->kerberos_authentication = -1;
74 options->kerberos_or_local_passwd = -1;
75 options->kerberos_ticket_cleanup = -1;
8efc0c15 76#endif
ced49be2 77#if defined(AFS) || defined(KRB5)
5260325f 78 options->kerberos_tgt_passing = -1;
ced49be2 79#endif
80#ifdef AFS
5260325f 81 options->afs_token_passing = -1;
8efc0c15 82#endif
5260325f 83 options->password_authentication = -1;
94ec8c6b 84 options->kbd_interactive_authentication = -1;
5ba55ada 85 options->challenge_response_authentication = -1;
5260325f 86 options->permit_empty_passwd = -1;
87 options->use_login = -1;
33de75a3 88 options->allow_tcp_forwarding = -1;
5260325f 89 options->num_allow_users = 0;
90 options->num_deny_users = 0;
91 options->num_allow_groups = 0;
92 options->num_deny_groups = 0;
a8be9f80 93 options->ciphers = NULL;
b2552997 94 options->macs = NULL;
a8be9f80 95 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 96 options->gateway_ports = -1;
38c295d6 97 options->num_subsystems = 0;
c345cf9d 98 options->max_startups_begin = -1;
99 options->max_startups_rate = -1;
089fbbd2 100 options->max_startups = -1;
eea39c02 101 options->banner = NULL;
61e96248 102 options->reverse_mapping_check = -1;
3ffc6336 103 options->client_alive_interval = -1;
104 options->client_alive_count_max = -1;
c8445989 105 options->authorized_keys_file = NULL;
106 options->authorized_keys_file2 = NULL;
10f72868 107 options->pam_authentication_via_kbd_int = -1;
8efc0c15 108}
109
6ae2364d 110void
5260325f 111fill_default_server_options(ServerOptions *options)
8efc0c15 112{
fa08c86b 113 if (options->protocol == SSH_PROTO_UNKNOWN)
114 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
115 if (options->num_host_key_files == 0) {
116 /* fill default hostkeys for protocols */
117 if (options->protocol & SSH_PROTO_1)
42f11eb2 118 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 119 if (options->protocol & SSH_PROTO_2)
42f11eb2 120 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 121 }
48e671d5 122 if (options->num_ports == 0)
123 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
124 if (options->listen_addrs == NULL)
2d2a2c65 125 add_listen_addr(options, NULL, 0);
0fbe8c74 126 if (options->pid_file == NULL)
42f11eb2 127 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 128 if (options->server_key_bits == -1)
129 options->server_key_bits = 768;
130 if (options->login_grace_time == -1)
131 options->login_grace_time = 600;
132 if (options->key_regeneration_time == -1)
133 options->key_regeneration_time = 3600;
15853e93 134 if (options->permit_root_login == PERMIT_NOT_SET)
135 options->permit_root_login = PERMIT_YES;
5260325f 136 if (options->ignore_rhosts == -1)
c8d54615 137 options->ignore_rhosts = 1;
5260325f 138 if (options->ignore_user_known_hosts == -1)
139 options->ignore_user_known_hosts = 0;
5260325f 140 if (options->print_motd == -1)
141 options->print_motd = 1;
4f4648f9 142 if (options->print_lastlog == -1)
143 options->print_lastlog = 1;
5260325f 144 if (options->x11_forwarding == -1)
c8d54615 145 options->x11_forwarding = 0;
5260325f 146 if (options->x11_display_offset == -1)
c8d54615 147 options->x11_display_offset = 10;
fd9ede94 148#ifdef _PATH_XAUTH
fa649821 149 if (options->xauth_location == NULL)
fd9ede94 150 options->xauth_location = _PATH_XAUTH;
151#endif
5260325f 152 if (options->strict_modes == -1)
153 options->strict_modes = 1;
154 if (options->keepalives == -1)
155 options->keepalives = 1;
156 if (options->log_facility == (SyslogFacility) (-1))
157 options->log_facility = SYSLOG_FACILITY_AUTH;
158 if (options->log_level == (LogLevel) (-1))
59c97189 159 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 160 if (options->rhosts_authentication == -1)
161 options->rhosts_authentication = 0;
162 if (options->rhosts_rsa_authentication == -1)
c8d54615 163 options->rhosts_rsa_authentication = 0;
8002af61 164 if (options->hostbased_authentication == -1)
165 options->hostbased_authentication = 0;
166 if (options->hostbased_uses_name_from_packet_only == -1)
167 options->hostbased_uses_name_from_packet_only = 0;
5260325f 168 if (options->rsa_authentication == -1)
169 options->rsa_authentication = 1;
fa08c86b 170 if (options->pubkey_authentication == -1)
171 options->pubkey_authentication = 1;
ced49be2 172#if defined(KRB4) || defined(KRB5)
5260325f 173 if (options->kerberos_authentication == -1)
174 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
175 if (options->kerberos_or_local_passwd == -1)
176 options->kerberos_or_local_passwd = 1;
177 if (options->kerberos_ticket_cleanup == -1)
178 options->kerberos_ticket_cleanup = 1;
ced49be2 179#endif
180#if defined(AFS) || defined(KRB5)
5260325f 181 if (options->kerberos_tgt_passing == -1)
182 options->kerberos_tgt_passing = 0;
ced49be2 183#endif
184#ifdef AFS
5260325f 185 if (options->afs_token_passing == -1)
186 options->afs_token_passing = k_hasafs();
ced49be2 187#endif
5260325f 188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
94ec8c6b 190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
5ba55ada 192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
5260325f 194 if (options->permit_empty_passwd == -1)
c8d54615 195 options->permit_empty_passwd = 0;
5260325f 196 if (options->use_login == -1)
197 options->use_login = 0;
33de75a3 198 if (options->allow_tcp_forwarding == -1)
199 options->allow_tcp_forwarding = 1;
1d1ffb87 200 if (options->gateway_ports == -1)
201 options->gateway_ports = 0;
089fbbd2 202 if (options->max_startups == -1)
203 options->max_startups = 10;
c345cf9d 204 if (options->max_startups_rate == -1)
205 options->max_startups_rate = 100; /* 100% */
206 if (options->max_startups_begin == -1)
207 options->max_startups_begin = options->max_startups;
61e96248 208 if (options->reverse_mapping_check == -1)
209 options->reverse_mapping_check = 0;
3ffc6336 210 if (options->client_alive_interval == -1)
211 options->client_alive_interval = 0;
212 if (options->client_alive_count_max == -1)
213 options->client_alive_count_max = 3;
c8445989 214 if (options->authorized_keys_file == NULL)
70cd360d 215 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
5df83e07 216 if (options->authorized_keys_file2 == NULL) {
217 /* authorized_keys_file2 falls back to authorized_keys_file */
218 if (options->authorized_keys_file != NULL)
219 options->authorized_keys_file2 = options->authorized_keys_file;
220 else
221 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
222 }
223 if (options->authorized_keys_file == NULL)
224 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
10f72868 225 if (options->pam_authentication_via_kbd_int == -1)
226 options->pam_authentication_via_kbd_int = 0;
8efc0c15 227}
228
8efc0c15 229/* Keyword tokens. */
5260325f 230typedef enum {
231 sBadOption, /* == unknown option */
232 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
233 sPermitRootLogin, sLogFacility, sLogLevel,
234 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 235#if defined(KRB4) || defined(KRB5)
5260325f 236 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 237#endif
ced49be2 238#if defined(AFS) || defined(KRB5)
239 sKerberosTgtPassing,
240#endif
8efc0c15 241#ifdef AFS
ced49be2 242 sAFSTokenPassing,
8efc0c15 243#endif
d464095c 244 sChallengeResponseAuthentication,
94ec8c6b 245 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 246 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
247 sX11Forwarding, sX11DisplayOffset,
5c53a31e 248 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 249 sUseLogin, sAllowTcpForwarding,
250 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 251 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 252 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 253 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 254 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 255 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
5c53a31e 256 sDeprecated, sPAMAuthenticationViaKbdInt
8efc0c15 257} ServerOpCodes;
258
259/* Textual representation of the tokens. */
5260325f 260static struct {
261 const char *name;
262 ServerOpCodes opcode;
263} keywords[] = {
264 { "port", sPort },
265 { "hostkey", sHostKeyFile },
fa08c86b 266 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 267 { "pidfile", sPidFile },
5260325f 268 { "serverkeybits", sServerKeyBits },
269 { "logingracetime", sLoginGraceTime },
270 { "keyregenerationinterval", sKeyRegenerationTime },
271 { "permitrootlogin", sPermitRootLogin },
272 { "syslogfacility", sLogFacility },
273 { "loglevel", sLogLevel },
274 { "rhostsauthentication", sRhostsAuthentication },
275 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 276 { "hostbasedauthentication", sHostbasedAuthentication },
277 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 278 { "rsaauthentication", sRSAAuthentication },
fa08c86b 279 { "pubkeyauthentication", sPubkeyAuthentication },
280 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 281#if defined(KRB4) || defined(KRB5)
5260325f 282 { "kerberosauthentication", sKerberosAuthentication },
283 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
284 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 285#endif
ced49be2 286#if defined(AFS) || defined(KRB5)
5260325f 287 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 288#endif
289#ifdef AFS
5260325f 290 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 291#endif
5260325f 292 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 293 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 294 { "challengeresponseauthentication", sChallengeResponseAuthentication },
295 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 296 { "checkmail", sDeprecated },
5260325f 297 { "listenaddress", sListenAddress },
298 { "printmotd", sPrintMotd },
4f4648f9 299 { "printlastlog", sPrintLastLog },
5260325f 300 { "ignorerhosts", sIgnoreRhosts },
301 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
302 { "x11forwarding", sX11Forwarding },
303 { "x11displayoffset", sX11DisplayOffset },
fa649821 304 { "xauthlocation", sXAuthLocation },
5260325f 305 { "strictmodes", sStrictModes },
306 { "permitemptypasswords", sEmptyPasswd },
307 { "uselogin", sUseLogin },
5260325f 308 { "keepalive", sKeepAlives },
33de75a3 309 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 310 { "allowusers", sAllowUsers },
311 { "denyusers", sDenyUsers },
312 { "allowgroups", sAllowGroups },
313 { "denygroups", sDenyGroups },
a8be9f80 314 { "ciphers", sCiphers },
b2552997 315 { "macs", sMacs },
a8be9f80 316 { "protocol", sProtocol },
1d1ffb87 317 { "gatewayports", sGatewayPorts },
38c295d6 318 { "subsystem", sSubsystem },
089fbbd2 319 { "maxstartups", sMaxStartups },
eea39c02 320 { "banner", sBanner },
61e96248 321 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 322 { "clientaliveinterval", sClientAliveInterval },
323 { "clientalivecountmax", sClientAliveCountMax },
c8445989 324 { "authorizedkeysfile", sAuthorizedKeysFile },
325 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
10f72868 326 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 327 { NULL, 0 }
8efc0c15 328};
329
aa3378df 330/*
6be9a5e8 331 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 332 */
8efc0c15 333
6ae2364d 334static ServerOpCodes
5260325f 335parse_token(const char *cp, const char *filename,
336 int linenum)
8efc0c15 337{
1e3b8b07 338 u_int i;
8efc0c15 339
5260325f 340 for (i = 0; keywords[i].name; i++)
aa3378df 341 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 342 return keywords[i].opcode;
8efc0c15 343
b7c70970 344 error("%s: line %d: Bad configuration option: %s",
345 filename, linenum, cp);
5260325f 346 return sBadOption;
8efc0c15 347}
348
396c147e 349static void
2d2a2c65 350add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 351{
48e671d5 352 int i;
353
354 if (options->num_ports == 0)
355 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 356 if (port == 0)
d11c1288 357 for (i = 0; i < options->num_ports; i++)
358 add_one_listen_addr(options, addr, options->ports[i]);
359 else
2d2a2c65 360 add_one_listen_addr(options, addr, port);
d11c1288 361}
362
396c147e 363static void
d11c1288 364add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
365{
366 struct addrinfo hints, *ai, *aitop;
367 char strport[NI_MAXSERV];
368 int gaierr;
369
370 memset(&hints, 0, sizeof(hints));
371 hints.ai_family = IPv4or6;
372 hints.ai_socktype = SOCK_STREAM;
373 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
374 snprintf(strport, sizeof strport, "%d", port);
375 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
376 fatal("bad addr or host: %s (%s)",
377 addr ? addr : "<NULL>",
378 gai_strerror(gaierr));
379 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
380 ;
381 ai->ai_next = options->listen_addrs;
382 options->listen_addrs = aitop;
48e671d5 383}
384
8efc0c15 385/* Reads the server configuration file. */
386
6ae2364d 387void
5260325f 388read_server_config(ServerOptions *options, const char *filename)
8efc0c15 389{
5260325f 390 FILE *f;
391 char line[1024];
d11c1288 392 char *cp, **charptr, *arg, *p;
5260325f 393 int linenum, *intptr, value;
394 int bad_options = 0;
395 ServerOpCodes opcode;
97de229c 396 int i, n;
5260325f 397
398 f = fopen(filename, "r");
399 if (!f) {
400 perror(filename);
8efc0c15 401 exit(1);
5260325f 402 }
403 linenum = 0;
404 while (fgets(line, sizeof(line), f)) {
405 linenum++;
704b1659 406 cp = line;
407 arg = strdelim(&cp);
408 /* Ignore leading whitespace */
409 if (*arg == '\0')
410 arg = strdelim(&cp);
42f11eb2 411 if (!arg || !*arg || *arg == '#')
5260325f 412 continue;
fa08c86b 413 intptr = NULL;
414 charptr = NULL;
089fbbd2 415 opcode = parse_token(arg, filename, linenum);
5260325f 416 switch (opcode) {
417 case sBadOption:
418 bad_options++;
419 continue;
420 case sPort:
48e671d5 421 /* ignore ports from configfile if cmdline specifies ports */
422 if (options->ports_from_cmdline)
423 continue;
424 if (options->listen_addrs != NULL)
425 fatal("%s line %d: ports must be specified before "
c98cab9b 426 "ListenAdress.", filename, linenum);
48e671d5 427 if (options->num_ports >= MAX_PORTS)
54b974dc 428 fatal("%s line %d: too many ports.",
6ae2364d 429 filename, linenum);
704b1659 430 arg = strdelim(&cp);
089fbbd2 431 if (!arg || *arg == '\0')
54b974dc 432 fatal("%s line %d: missing port number.",
48e671d5 433 filename, linenum);
2d2a2c65 434 options->ports[options->num_ports++] = a2port(arg);
435 if (options->ports[options->num_ports-1] == 0)
436 fatal("%s line %d: Badly formatted port number.",
437 filename, linenum);
48e671d5 438 break;
439
440 case sServerKeyBits:
441 intptr = &options->server_key_bits;
5260325f 442parse_int:
704b1659 443 arg = strdelim(&cp);
b7c70970 444 if (!arg || *arg == '\0')
445 fatal("%s line %d: missing integer value.",
446 filename, linenum);
089fbbd2 447 value = atoi(arg);
5260325f 448 if (*intptr == -1)
449 *intptr = value;
450 break;
451
5260325f 452 case sLoginGraceTime:
453 intptr = &options->login_grace_time;
e2b1fb42 454parse_time:
455 arg = strdelim(&cp);
456 if (!arg || *arg == '\0')
457 fatal("%s line %d: missing time value.",
458 filename, linenum);
459 if ((value = convtime(arg)) == -1)
460 fatal("%s line %d: invalid time value.",
461 filename, linenum);
462 if (*intptr == -1)
463 *intptr = value;
464 break;
5260325f 465
466 case sKeyRegenerationTime:
467 intptr = &options->key_regeneration_time;
e2b1fb42 468 goto parse_time;
5260325f 469
470 case sListenAddress:
704b1659 471 arg = strdelim(&cp);
d11c1288 472 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 473 fatal("%s line %d: missing inet addr.",
48e671d5 474 filename, linenum);
d11c1288 475 if (*arg == '[') {
476 if ((p = strchr(arg, ']')) == NULL)
477 fatal("%s line %d: bad ipv6 inet addr usage.",
478 filename, linenum);
479 arg++;
480 memmove(p, p+1, strlen(p+1)+1);
481 } else if (((p = strchr(arg, ':')) == NULL) ||
482 (strchr(p+1, ':') != NULL)) {
2d2a2c65 483 add_listen_addr(options, arg, 0);
d11c1288 484 break;
485 }
486 if (*p == ':') {
2d2a2c65 487 u_short port;
488
d11c1288 489 p++;
490 if (*p == '\0')
491 fatal("%s line %d: bad inet addr:port usage.",
492 filename, linenum);
493 else {
494 *(p-1) = '\0';
2d2a2c65 495 if ((port = a2port(p)) == 0)
496 fatal("%s line %d: bad port number.",
497 filename, linenum);
498 add_listen_addr(options, arg, port);
d11c1288 499 }
500 } else if (*p == '\0')
2d2a2c65 501 add_listen_addr(options, arg, 0);
d11c1288 502 else
503 fatal("%s line %d: bad inet addr usage.",
504 filename, linenum);
5260325f 505 break;
506
507 case sHostKeyFile:
fa08c86b 508 intptr = &options->num_host_key_files;
b7c70970 509 if (*intptr >= MAX_HOSTKEYS)
510 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 511 filename, linenum, MAX_HOSTKEYS);
fa08c86b 512 charptr = &options->host_key_files[*intptr];
fa649821 513parse_filename:
704b1659 514 arg = strdelim(&cp);
b7c70970 515 if (!arg || *arg == '\0')
516 fatal("%s line %d: missing file name.",
0fbe8c74 517 filename, linenum);
fa08c86b 518 if (*charptr == NULL) {
089fbbd2 519 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 520 /* increase optional counter */
521 if (intptr != NULL)
522 *intptr = *intptr + 1;
523 }
0fbe8c74 524 break;
525
526 case sPidFile:
527 charptr = &options->pid_file;
fa649821 528 goto parse_filename;
5260325f 529
5260325f 530 case sPermitRootLogin:
531 intptr = &options->permit_root_login;
704b1659 532 arg = strdelim(&cp);
b7c70970 533 if (!arg || *arg == '\0')
534 fatal("%s line %d: missing yes/"
7c8f2a26 535 "without-password/forced-commands-only/no "
b7c70970 536 "argument.", filename, linenum);
537 value = 0; /* silence compiler */
089fbbd2 538 if (strcmp(arg, "without-password") == 0)
15853e93 539 value = PERMIT_NO_PASSWD;
540 else if (strcmp(arg, "forced-commands-only") == 0)
541 value = PERMIT_FORCED_ONLY;
089fbbd2 542 else if (strcmp(arg, "yes") == 0)
15853e93 543 value = PERMIT_YES;
089fbbd2 544 else if (strcmp(arg, "no") == 0)
15853e93 545 value = PERMIT_NO;
b7c70970 546 else
547 fatal("%s line %d: Bad yes/"
15853e93 548 "without-password/forced-commands-only/no "
b7c70970 549 "argument: %s", filename, linenum, arg);
5260325f 550 if (*intptr == -1)
551 *intptr = value;
552 break;
553
554 case sIgnoreRhosts:
555 intptr = &options->ignore_rhosts;
556parse_flag:
704b1659 557 arg = strdelim(&cp);
b7c70970 558 if (!arg || *arg == '\0')
559 fatal("%s line %d: missing yes/no argument.",
560 filename, linenum);
561 value = 0; /* silence compiler */
089fbbd2 562 if (strcmp(arg, "yes") == 0)
5260325f 563 value = 1;
089fbbd2 564 else if (strcmp(arg, "no") == 0)
5260325f 565 value = 0;
b7c70970 566 else
567 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 568 filename, linenum, arg);
5260325f 569 if (*intptr == -1)
570 *intptr = value;
571 break;
572
573 case sIgnoreUserKnownHosts:
574 intptr = &options->ignore_user_known_hosts;
c8d54615 575 goto parse_flag;
5260325f 576
577 case sRhostsAuthentication:
578 intptr = &options->rhosts_authentication;
579 goto parse_flag;
580
581 case sRhostsRSAAuthentication:
582 intptr = &options->rhosts_rsa_authentication;
583 goto parse_flag;
584
8002af61 585 case sHostbasedAuthentication:
586 intptr = &options->hostbased_authentication;
587 goto parse_flag;
588
589 case sHostbasedUsesNameFromPacketOnly:
590 intptr = &options->hostbased_uses_name_from_packet_only;
591 goto parse_flag;
592
5260325f 593 case sRSAAuthentication:
594 intptr = &options->rsa_authentication;
595 goto parse_flag;
596
fa08c86b 597 case sPubkeyAuthentication:
598 intptr = &options->pubkey_authentication;
1d1ffb87 599 goto parse_flag;
ced49be2 600#if defined(KRB4) || defined(KRB5)
5260325f 601 case sKerberosAuthentication:
602 intptr = &options->kerberos_authentication;
603 goto parse_flag;
604
605 case sKerberosOrLocalPasswd:
606 intptr = &options->kerberos_or_local_passwd;
607 goto parse_flag;
608
609 case sKerberosTicketCleanup:
610 intptr = &options->kerberos_ticket_cleanup;
611 goto parse_flag;
8efc0c15 612#endif
ced49be2 613#if defined(AFS) || defined(KRB5)
5260325f 614 case sKerberosTgtPassing:
615 intptr = &options->kerberos_tgt_passing;
616 goto parse_flag;
ced49be2 617#endif
618#ifdef AFS
5260325f 619 case sAFSTokenPassing:
620 intptr = &options->afs_token_passing;
621 goto parse_flag;
8efc0c15 622#endif
623
5260325f 624 case sPasswordAuthentication:
625 intptr = &options->password_authentication;
626 goto parse_flag;
8efc0c15 627
94ec8c6b 628 case sKbdInteractiveAuthentication:
629 intptr = &options->kbd_interactive_authentication;
630 goto parse_flag;
631
d464095c 632 case sChallengeResponseAuthentication:
5ba55ada 633 intptr = &options->challenge_response_authentication;
5260325f 634 goto parse_flag;
8efc0c15 635
5260325f 636 case sPrintMotd:
637 intptr = &options->print_motd;
638 goto parse_flag;
639
4f4648f9 640 case sPrintLastLog:
641 intptr = &options->print_lastlog;
642 goto parse_flag;
643
5260325f 644 case sX11Forwarding:
645 intptr = &options->x11_forwarding;
646 goto parse_flag;
647
648 case sX11DisplayOffset:
649 intptr = &options->x11_display_offset;
650 goto parse_int;
651
fa649821 652 case sXAuthLocation:
653 charptr = &options->xauth_location;
654 goto parse_filename;
2b87da3b 655
5260325f 656 case sStrictModes:
657 intptr = &options->strict_modes;
658 goto parse_flag;
659
660 case sKeepAlives:
661 intptr = &options->keepalives;
662 goto parse_flag;
663
664 case sEmptyPasswd:
665 intptr = &options->permit_empty_passwd;
666 goto parse_flag;
667
668 case sUseLogin:
669 intptr = &options->use_login;
670 goto parse_flag;
671
1d1ffb87 672 case sGatewayPorts:
673 intptr = &options->gateway_ports;
674 goto parse_flag;
675
61e96248 676 case sReverseMappingCheck:
677 intptr = &options->reverse_mapping_check;
678 goto parse_flag;
679
5260325f 680 case sLogFacility:
681 intptr = (int *) &options->log_facility;
704b1659 682 arg = strdelim(&cp);
089fbbd2 683 value = log_facility_number(arg);
5260325f 684 if (value == (SyslogFacility) - 1)
54b974dc 685 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 686 filename, linenum, arg ? arg : "<NONE>");
5260325f 687 if (*intptr == -1)
688 *intptr = (SyslogFacility) value;
689 break;
690
691 case sLogLevel:
692 intptr = (int *) &options->log_level;
704b1659 693 arg = strdelim(&cp);
089fbbd2 694 value = log_level_number(arg);
5260325f 695 if (value == (LogLevel) - 1)
54b974dc 696 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 697 filename, linenum, arg ? arg : "<NONE>");
5260325f 698 if (*intptr == -1)
699 *intptr = (LogLevel) value;
700 break;
701
33de75a3 702 case sAllowTcpForwarding:
703 intptr = &options->allow_tcp_forwarding;
704 goto parse_flag;
705
5260325f 706 case sAllowUsers:
704b1659 707 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 708 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 709 fatal("%s line %d: too many allow users.",
a8be9f80 710 filename, linenum);
089fbbd2 711 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 712 }
713 break;
714
715 case sDenyUsers:
704b1659 716 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 717 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 718 fatal( "%s line %d: too many deny users.",
a8be9f80 719 filename, linenum);
089fbbd2 720 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 721 }
722 break;
723
724 case sAllowGroups:
704b1659 725 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 726 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 727 fatal("%s line %d: too many allow groups.",
a8be9f80 728 filename, linenum);
089fbbd2 729 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 730 }
731 break;
732
733 case sDenyGroups:
704b1659 734 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 735 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 736 fatal("%s line %d: too many deny groups.",
a8be9f80 737 filename, linenum);
089fbbd2 738 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 739 }
740 break;
741
a8be9f80 742 case sCiphers:
704b1659 743 arg = strdelim(&cp);
089fbbd2 744 if (!arg || *arg == '\0')
71276795 745 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 746 if (!ciphers_valid(arg))
d0c832f3 747 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 748 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 749 if (options->ciphers == NULL)
089fbbd2 750 options->ciphers = xstrdup(arg);
a8be9f80 751 break;
752
b2552997 753 case sMacs:
754 arg = strdelim(&cp);
755 if (!arg || *arg == '\0')
756 fatal("%s line %d: Missing argument.", filename, linenum);
757 if (!mac_valid(arg))
758 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
759 filename, linenum, arg ? arg : "<NONE>");
760 if (options->macs == NULL)
761 options->macs = xstrdup(arg);
762 break;
763
a8be9f80 764 case sProtocol:
765 intptr = &options->protocol;
704b1659 766 arg = strdelim(&cp);
089fbbd2 767 if (!arg || *arg == '\0')
71276795 768 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 769 value = proto_spec(arg);
a8be9f80 770 if (value == SSH_PROTO_UNKNOWN)
771 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 772 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 773 if (*intptr == SSH_PROTO_UNKNOWN)
774 *intptr = value;
775 break;
776
38c295d6 777 case sSubsystem:
778 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
779 fatal("%s line %d: too many subsystems defined.",
780 filename, linenum);
781 }
704b1659 782 arg = strdelim(&cp);
089fbbd2 783 if (!arg || *arg == '\0')
38c295d6 784 fatal("%s line %d: Missing subsystem name.",
785 filename, linenum);
786 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 787 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 788 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 789 filename, linenum, arg);
790 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 791 arg = strdelim(&cp);
089fbbd2 792 if (!arg || *arg == '\0')
38c295d6 793 fatal("%s line %d: Missing subsystem command.",
794 filename, linenum);
089fbbd2 795 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 796 options->num_subsystems++;
797 break;
798
089fbbd2 799 case sMaxStartups:
c345cf9d 800 arg = strdelim(&cp);
801 if (!arg || *arg == '\0')
802 fatal("%s line %d: Missing MaxStartups spec.",
803 filename, linenum);
97de229c 804 if ((n = sscanf(arg, "%d:%d:%d",
c345cf9d 805 &options->max_startups_begin,
806 &options->max_startups_rate,
97de229c 807 &options->max_startups)) == 3) {
c345cf9d 808 if (options->max_startups_begin >
809 options->max_startups ||
810 options->max_startups_rate > 100 ||
811 options->max_startups_rate < 1)
97de229c 812 fatal("%s line %d: Illegal MaxStartups spec.",
813 filename, linenum);
814 } else if (n != 1)
c345cf9d 815 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 816 filename, linenum);
817 else
818 options->max_startups = options->max_startups_begin;
819 break;
089fbbd2 820
eea39c02 821 case sBanner:
822 charptr = &options->banner;
823 goto parse_filename;
c8445989 824 /*
825 * These options can contain %X options expanded at
826 * connect time, so that you can specify paths like:
827 *
828 * AuthorizedKeysFile /etc/ssh_keys/%u
829 */
830 case sAuthorizedKeysFile:
831 case sAuthorizedKeysFile2:
832 charptr = (opcode == sAuthorizedKeysFile ) ?
833 &options->authorized_keys_file :
834 &options->authorized_keys_file2;
835 goto parse_filename;
e2b1fb42 836
3ffc6336 837 case sClientAliveInterval:
838 intptr = &options->client_alive_interval;
e2b1fb42 839 goto parse_time;
840
3ffc6336 841 case sClientAliveCountMax:
842 intptr = &options->client_alive_count_max;
843 goto parse_int;
e2b1fb42 844
5c53a31e 845 case sDeprecated:
846 log("%s line %d: Deprecated option %s",
847 filename, linenum, arg);
848 while(arg)
849 arg = strdelim(&cp);
850 break;
851
10f72868 852 case sPAMAuthenticationViaKbdInt:
853 intptr = &options->pam_authentication_via_kbd_int;
854 goto parse_flag;
855
5260325f 856 default:
b7c70970 857 fatal("%s line %d: Missing handler for opcode %s (%d)",
858 filename, linenum, arg, opcode);
8efc0c15 859 }
b7c70970 860 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
861 fatal("%s line %d: garbage at end of line; \"%.200s\".",
862 filename, linenum, arg);
8efc0c15 863 }
5260325f 864 fclose(f);
b7c70970 865 if (bad_options > 0)
866 fatal("%s: terminating, %d bad configuration options",
867 filename, bad_options);
8efc0c15 868}
git-cvsimport mirror of OpenSSH
This page took 0.281752 seconds and 5 git commands to generate.