]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
3ffc6336 13RCSID("$OpenBSD: servconf.c,v 1.77 2001/04/13 22:46:53 beck Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
d464095c 84 options->challenge_reponse_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
3ffc6336 102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
8efc0c15 104}
105
6ae2364d 106void
5260325f 107fill_default_server_options(ServerOptions *options)
8efc0c15 108{
fa08c86b 109 if (options->protocol == SSH_PROTO_UNKNOWN)
110 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
111 if (options->num_host_key_files == 0) {
112 /* fill default hostkeys for protocols */
113 if (options->protocol & SSH_PROTO_1)
42f11eb2 114 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 115 if (options->protocol & SSH_PROTO_2)
42f11eb2 116 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 117 }
48e671d5 118 if (options->num_ports == 0)
119 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
120 if (options->listen_addrs == NULL)
2d2a2c65 121 add_listen_addr(options, NULL, 0);
0fbe8c74 122 if (options->pid_file == NULL)
42f11eb2 123 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 124 if (options->server_key_bits == -1)
125 options->server_key_bits = 768;
126 if (options->login_grace_time == -1)
127 options->login_grace_time = 600;
128 if (options->key_regeneration_time == -1)
129 options->key_regeneration_time = 3600;
15853e93 130 if (options->permit_root_login == PERMIT_NOT_SET)
131 options->permit_root_login = PERMIT_YES;
5260325f 132 if (options->ignore_rhosts == -1)
c8d54615 133 options->ignore_rhosts = 1;
5260325f 134 if (options->ignore_user_known_hosts == -1)
135 options->ignore_user_known_hosts = 0;
136 if (options->check_mail == -1)
137 options->check_mail = 0;
138 if (options->print_motd == -1)
139 options->print_motd = 1;
4f4648f9 140 if (options->print_lastlog == -1)
141 options->print_lastlog = 1;
5260325f 142 if (options->x11_forwarding == -1)
c8d54615 143 options->x11_forwarding = 0;
5260325f 144 if (options->x11_display_offset == -1)
c8d54615 145 options->x11_display_offset = 10;
fa649821 146#ifdef XAUTH_PATH
147 if (options->xauth_location == NULL)
148 options->xauth_location = XAUTH_PATH;
149#endif /* XAUTH_PATH */
5260325f 150 if (options->strict_modes == -1)
151 options->strict_modes = 1;
152 if (options->keepalives == -1)
153 options->keepalives = 1;
154 if (options->log_facility == (SyslogFacility) (-1))
155 options->log_facility = SYSLOG_FACILITY_AUTH;
156 if (options->log_level == (LogLevel) (-1))
59c97189 157 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 158 if (options->rhosts_authentication == -1)
159 options->rhosts_authentication = 0;
160 if (options->rhosts_rsa_authentication == -1)
c8d54615 161 options->rhosts_rsa_authentication = 0;
8002af61 162 if (options->hostbased_authentication == -1)
163 options->hostbased_authentication = 0;
164 if (options->hostbased_uses_name_from_packet_only == -1)
165 options->hostbased_uses_name_from_packet_only = 0;
5260325f 166 if (options->rsa_authentication == -1)
167 options->rsa_authentication = 1;
fa08c86b 168 if (options->pubkey_authentication == -1)
169 options->pubkey_authentication = 1;
8efc0c15 170#ifdef KRB4
5260325f 171 if (options->kerberos_authentication == -1)
172 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
173 if (options->kerberos_or_local_passwd == -1)
174 options->kerberos_or_local_passwd = 1;
175 if (options->kerberos_ticket_cleanup == -1)
176 options->kerberos_ticket_cleanup = 1;
8efc0c15 177#endif /* KRB4 */
178#ifdef AFS
5260325f 179 if (options->kerberos_tgt_passing == -1)
180 options->kerberos_tgt_passing = 0;
181 if (options->afs_token_passing == -1)
182 options->afs_token_passing = k_hasafs();
8efc0c15 183#endif /* AFS */
5260325f 184 if (options->password_authentication == -1)
185 options->password_authentication = 1;
94ec8c6b 186 if (options->kbd_interactive_authentication == -1)
187 options->kbd_interactive_authentication = 0;
d464095c 188 if (options->challenge_reponse_authentication == -1)
189 options->challenge_reponse_authentication = 1;
5260325f 190 if (options->permit_empty_passwd == -1)
c8d54615 191 options->permit_empty_passwd = 0;
5260325f 192 if (options->use_login == -1)
193 options->use_login = 0;
33de75a3 194 if (options->allow_tcp_forwarding == -1)
195 options->allow_tcp_forwarding = 1;
1d1ffb87 196 if (options->gateway_ports == -1)
197 options->gateway_ports = 0;
089fbbd2 198 if (options->max_startups == -1)
199 options->max_startups = 10;
c345cf9d 200 if (options->max_startups_rate == -1)
201 options->max_startups_rate = 100; /* 100% */
202 if (options->max_startups_begin == -1)
203 options->max_startups_begin = options->max_startups;
61e96248 204 if (options->reverse_mapping_check == -1)
205 options->reverse_mapping_check = 0;
3ffc6336 206 if (options->client_alive_interval == -1)
207 options->client_alive_interval = 0;
208 if (options->client_alive_count_max == -1)
209 options->client_alive_count_max = 3;
8efc0c15 210}
211
8efc0c15 212/* Keyword tokens. */
5260325f 213typedef enum {
214 sBadOption, /* == unknown option */
215 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
216 sPermitRootLogin, sLogFacility, sLogLevel,
217 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 218#ifdef KRB4
5260325f 219 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 220#endif
221#ifdef AFS
5260325f 222 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 223#endif
d464095c 224 sChallengeResponseAuthentication,
94ec8c6b 225 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 226 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
227 sX11Forwarding, sX11DisplayOffset,
9c81df4c 228 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 229 sUseLogin, sAllowTcpForwarding,
230 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 231 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 232 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 233 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 234 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
235 sClientAliveCountMax
8efc0c15 236} ServerOpCodes;
237
238/* Textual representation of the tokens. */
5260325f 239static struct {
240 const char *name;
241 ServerOpCodes opcode;
242} keywords[] = {
243 { "port", sPort },
244 { "hostkey", sHostKeyFile },
fa08c86b 245 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 246 { "pidfile", sPidFile },
5260325f 247 { "serverkeybits", sServerKeyBits },
248 { "logingracetime", sLoginGraceTime },
249 { "keyregenerationinterval", sKeyRegenerationTime },
250 { "permitrootlogin", sPermitRootLogin },
251 { "syslogfacility", sLogFacility },
252 { "loglevel", sLogLevel },
253 { "rhostsauthentication", sRhostsAuthentication },
254 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 255 { "hostbasedauthentication", sHostbasedAuthentication },
256 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 257 { "rsaauthentication", sRSAAuthentication },
fa08c86b 258 { "pubkeyauthentication", sPubkeyAuthentication },
259 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 260#ifdef KRB4
5260325f 261 { "kerberosauthentication", sKerberosAuthentication },
262 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
263 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 264#endif
265#ifdef AFS
5260325f 266 { "kerberostgtpassing", sKerberosTgtPassing },
267 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 268#endif
5260325f 269 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 270 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 271 { "challengeresponseauthentication", sChallengeResponseAuthentication },
272 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 273 { "checkmail", sCheckMail },
274 { "listenaddress", sListenAddress },
275 { "printmotd", sPrintMotd },
4f4648f9 276 { "printlastlog", sPrintLastLog },
5260325f 277 { "ignorerhosts", sIgnoreRhosts },
278 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
279 { "x11forwarding", sX11Forwarding },
280 { "x11displayoffset", sX11DisplayOffset },
fa649821 281 { "xauthlocation", sXAuthLocation },
5260325f 282 { "strictmodes", sStrictModes },
283 { "permitemptypasswords", sEmptyPasswd },
284 { "uselogin", sUseLogin },
5260325f 285 { "keepalive", sKeepAlives },
33de75a3 286 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 287 { "allowusers", sAllowUsers },
288 { "denyusers", sDenyUsers },
289 { "allowgroups", sAllowGroups },
290 { "denygroups", sDenyGroups },
a8be9f80 291 { "ciphers", sCiphers },
b2552997 292 { "macs", sMacs },
a8be9f80 293 { "protocol", sProtocol },
1d1ffb87 294 { "gatewayports", sGatewayPorts },
38c295d6 295 { "subsystem", sSubsystem },
089fbbd2 296 { "maxstartups", sMaxStartups },
eea39c02 297 { "banner", sBanner },
61e96248 298 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 299 { "clientaliveinterval", sClientAliveInterval },
300 { "clientalivecountmax", sClientAliveCountMax },
5260325f 301 { NULL, 0 }
8efc0c15 302};
303
aa3378df 304/*
6be9a5e8 305 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 306 */
8efc0c15 307
6ae2364d 308static ServerOpCodes
5260325f 309parse_token(const char *cp, const char *filename,
310 int linenum)
8efc0c15 311{
1e3b8b07 312 u_int i;
8efc0c15 313
5260325f 314 for (i = 0; keywords[i].name; i++)
aa3378df 315 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 316 return keywords[i].opcode;
8efc0c15 317
5260325f 318 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
319 filename, linenum, cp);
320 return sBadOption;
8efc0c15 321}
322
6ae2364d 323void
2d2a2c65 324add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 325{
48e671d5 326 int i;
327
328 if (options->num_ports == 0)
329 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 330 if (port == 0)
d11c1288 331 for (i = 0; i < options->num_ports; i++)
332 add_one_listen_addr(options, addr, options->ports[i]);
333 else
2d2a2c65 334 add_one_listen_addr(options, addr, port);
d11c1288 335}
336
337void
338add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
339{
340 struct addrinfo hints, *ai, *aitop;
341 char strport[NI_MAXSERV];
342 int gaierr;
343
344 memset(&hints, 0, sizeof(hints));
345 hints.ai_family = IPv4or6;
346 hints.ai_socktype = SOCK_STREAM;
347 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
348 snprintf(strport, sizeof strport, "%d", port);
349 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
350 fatal("bad addr or host: %s (%s)",
351 addr ? addr : "<NULL>",
352 gai_strerror(gaierr));
353 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
354 ;
355 ai->ai_next = options->listen_addrs;
356 options->listen_addrs = aitop;
48e671d5 357}
358
8efc0c15 359/* Reads the server configuration file. */
360
6ae2364d 361void
5260325f 362read_server_config(ServerOptions *options, const char *filename)
8efc0c15 363{
5260325f 364 FILE *f;
365 char line[1024];
d11c1288 366 char *cp, **charptr, *arg, *p;
5260325f 367 int linenum, *intptr, value;
368 int bad_options = 0;
369 ServerOpCodes opcode;
38c295d6 370 int i;
5260325f 371
372 f = fopen(filename, "r");
373 if (!f) {
374 perror(filename);
8efc0c15 375 exit(1);
5260325f 376 }
377 linenum = 0;
378 while (fgets(line, sizeof(line), f)) {
379 linenum++;
704b1659 380 cp = line;
381 arg = strdelim(&cp);
382 /* Ignore leading whitespace */
383 if (*arg == '\0')
384 arg = strdelim(&cp);
42f11eb2 385 if (!arg || !*arg || *arg == '#')
5260325f 386 continue;
fa08c86b 387 intptr = NULL;
388 charptr = NULL;
089fbbd2 389 opcode = parse_token(arg, filename, linenum);
5260325f 390 switch (opcode) {
391 case sBadOption:
392 bad_options++;
393 continue;
394 case sPort:
48e671d5 395 /* ignore ports from configfile if cmdline specifies ports */
396 if (options->ports_from_cmdline)
397 continue;
398 if (options->listen_addrs != NULL)
399 fatal("%s line %d: ports must be specified before "
400 "ListenAdress.\n", filename, linenum);
401 if (options->num_ports >= MAX_PORTS)
54b974dc 402 fatal("%s line %d: too many ports.",
6ae2364d 403 filename, linenum);
704b1659 404 arg = strdelim(&cp);
089fbbd2 405 if (!arg || *arg == '\0')
54b974dc 406 fatal("%s line %d: missing port number.",
48e671d5 407 filename, linenum);
2d2a2c65 408 options->ports[options->num_ports++] = a2port(arg);
409 if (options->ports[options->num_ports-1] == 0)
410 fatal("%s line %d: Badly formatted port number.",
411 filename, linenum);
48e671d5 412 break;
413
414 case sServerKeyBits:
415 intptr = &options->server_key_bits;
5260325f 416parse_int:
704b1659 417 arg = strdelim(&cp);
089fbbd2 418 if (!arg || *arg == '\0') {
5260325f 419 fprintf(stderr, "%s line %d: missing integer value.\n",
420 filename, linenum);
421 exit(1);
422 }
089fbbd2 423 value = atoi(arg);
5260325f 424 if (*intptr == -1)
425 *intptr = value;
426 break;
427
5260325f 428 case sLoginGraceTime:
429 intptr = &options->login_grace_time;
430 goto parse_int;
431
432 case sKeyRegenerationTime:
433 intptr = &options->key_regeneration_time;
434 goto parse_int;
435
436 case sListenAddress:
704b1659 437 arg = strdelim(&cp);
d11c1288 438 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 439 fatal("%s line %d: missing inet addr.",
48e671d5 440 filename, linenum);
d11c1288 441 if (*arg == '[') {
442 if ((p = strchr(arg, ']')) == NULL)
443 fatal("%s line %d: bad ipv6 inet addr usage.",
444 filename, linenum);
445 arg++;
446 memmove(p, p+1, strlen(p+1)+1);
447 } else if (((p = strchr(arg, ':')) == NULL) ||
448 (strchr(p+1, ':') != NULL)) {
2d2a2c65 449 add_listen_addr(options, arg, 0);
d11c1288 450 break;
451 }
452 if (*p == ':') {
2d2a2c65 453 u_short port;
454
d11c1288 455 p++;
456 if (*p == '\0')
457 fatal("%s line %d: bad inet addr:port usage.",
458 filename, linenum);
459 else {
460 *(p-1) = '\0';
2d2a2c65 461 if ((port = a2port(p)) == 0)
462 fatal("%s line %d: bad port number.",
463 filename, linenum);
464 add_listen_addr(options, arg, port);
d11c1288 465 }
466 } else if (*p == '\0')
2d2a2c65 467 add_listen_addr(options, arg, 0);
d11c1288 468 else
469 fatal("%s line %d: bad inet addr usage.",
470 filename, linenum);
5260325f 471 break;
472
473 case sHostKeyFile:
fa08c86b 474 intptr = &options->num_host_key_files;
475 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 476 fprintf(stderr,
477 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 478 filename, linenum, MAX_HOSTKEYS);
479 exit(1);
480 }
481 charptr = &options->host_key_files[*intptr];
fa649821 482parse_filename:
704b1659 483 arg = strdelim(&cp);
089fbbd2 484 if (!arg || *arg == '\0') {
5260325f 485 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 486 filename, linenum);
487 exit(1);
488 }
fa08c86b 489 if (*charptr == NULL) {
089fbbd2 490 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 491 /* increase optional counter */
492 if (intptr != NULL)
493 *intptr = *intptr + 1;
494 }
0fbe8c74 495 break;
496
497 case sPidFile:
498 charptr = &options->pid_file;
fa649821 499 goto parse_filename;
5260325f 500
5260325f 501 case sPermitRootLogin:
502 intptr = &options->permit_root_login;
704b1659 503 arg = strdelim(&cp);
089fbbd2 504 if (!arg || *arg == '\0') {
7c8f2a26 505 fprintf(stderr, "%s line %d: missing yes/"
506 "without-password/forced-commands-only/no "
507 "argument.\n", filename, linenum);
5260325f 508 exit(1);
509 }
089fbbd2 510 if (strcmp(arg, "without-password") == 0)
15853e93 511 value = PERMIT_NO_PASSWD;
512 else if (strcmp(arg, "forced-commands-only") == 0)
513 value = PERMIT_FORCED_ONLY;
089fbbd2 514 else if (strcmp(arg, "yes") == 0)
15853e93 515 value = PERMIT_YES;
089fbbd2 516 else if (strcmp(arg, "no") == 0)
15853e93 517 value = PERMIT_NO;
5260325f 518 else {
15853e93 519 fprintf(stderr, "%s line %d: Bad yes/"
520 "without-password/forced-commands-only/no "
521 "argument: %s\n", filename, linenum, arg);
5260325f 522 exit(1);
523 }
524 if (*intptr == -1)
525 *intptr = value;
526 break;
527
528 case sIgnoreRhosts:
529 intptr = &options->ignore_rhosts;
530parse_flag:
704b1659 531 arg = strdelim(&cp);
089fbbd2 532 if (!arg || *arg == '\0') {
5260325f 533 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
534 filename, linenum);
535 exit(1);
536 }
089fbbd2 537 if (strcmp(arg, "yes") == 0)
5260325f 538 value = 1;
089fbbd2 539 else if (strcmp(arg, "no") == 0)
5260325f 540 value = 0;
541 else {
542 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 543 filename, linenum, arg);
5260325f 544 exit(1);
545 }
546 if (*intptr == -1)
547 *intptr = value;
548 break;
549
550 case sIgnoreUserKnownHosts:
551 intptr = &options->ignore_user_known_hosts;
c8d54615 552 goto parse_flag;
5260325f 553
554 case sRhostsAuthentication:
555 intptr = &options->rhosts_authentication;
556 goto parse_flag;
557
558 case sRhostsRSAAuthentication:
559 intptr = &options->rhosts_rsa_authentication;
560 goto parse_flag;
561
8002af61 562 case sHostbasedAuthentication:
563 intptr = &options->hostbased_authentication;
564 goto parse_flag;
565
566 case sHostbasedUsesNameFromPacketOnly:
567 intptr = &options->hostbased_uses_name_from_packet_only;
568 goto parse_flag;
569
5260325f 570 case sRSAAuthentication:
571 intptr = &options->rsa_authentication;
572 goto parse_flag;
573
fa08c86b 574 case sPubkeyAuthentication:
575 intptr = &options->pubkey_authentication;
1d1ffb87 576 goto parse_flag;
577
8efc0c15 578#ifdef KRB4
5260325f 579 case sKerberosAuthentication:
580 intptr = &options->kerberos_authentication;
581 goto parse_flag;
582
583 case sKerberosOrLocalPasswd:
584 intptr = &options->kerberos_or_local_passwd;
585 goto parse_flag;
586
587 case sKerberosTicketCleanup:
588 intptr = &options->kerberos_ticket_cleanup;
589 goto parse_flag;
8efc0c15 590#endif
5260325f 591
8efc0c15 592#ifdef AFS
5260325f 593 case sKerberosTgtPassing:
594 intptr = &options->kerberos_tgt_passing;
595 goto parse_flag;
8efc0c15 596
5260325f 597 case sAFSTokenPassing:
598 intptr = &options->afs_token_passing;
599 goto parse_flag;
8efc0c15 600#endif
601
5260325f 602 case sPasswordAuthentication:
603 intptr = &options->password_authentication;
604 goto parse_flag;
8efc0c15 605
94ec8c6b 606 case sKbdInteractiveAuthentication:
607 intptr = &options->kbd_interactive_authentication;
608 goto parse_flag;
609
5260325f 610 case sCheckMail:
611 intptr = &options->check_mail;
612 goto parse_flag;
8efc0c15 613
d464095c 614 case sChallengeResponseAuthentication:
615 intptr = &options->challenge_reponse_authentication;
5260325f 616 goto parse_flag;
8efc0c15 617
5260325f 618 case sPrintMotd:
619 intptr = &options->print_motd;
620 goto parse_flag;
621
4f4648f9 622 case sPrintLastLog:
623 intptr = &options->print_lastlog;
624 goto parse_flag;
625
5260325f 626 case sX11Forwarding:
627 intptr = &options->x11_forwarding;
628 goto parse_flag;
629
630 case sX11DisplayOffset:
631 intptr = &options->x11_display_offset;
632 goto parse_int;
633
fa649821 634 case sXAuthLocation:
635 charptr = &options->xauth_location;
636 goto parse_filename;
2b87da3b 637
5260325f 638 case sStrictModes:
639 intptr = &options->strict_modes;
640 goto parse_flag;
641
642 case sKeepAlives:
643 intptr = &options->keepalives;
644 goto parse_flag;
645
646 case sEmptyPasswd:
647 intptr = &options->permit_empty_passwd;
648 goto parse_flag;
649
650 case sUseLogin:
651 intptr = &options->use_login;
652 goto parse_flag;
653
1d1ffb87 654 case sGatewayPorts:
655 intptr = &options->gateway_ports;
656 goto parse_flag;
657
61e96248 658 case sReverseMappingCheck:
659 intptr = &options->reverse_mapping_check;
660 goto parse_flag;
661
5260325f 662 case sLogFacility:
663 intptr = (int *) &options->log_facility;
704b1659 664 arg = strdelim(&cp);
089fbbd2 665 value = log_facility_number(arg);
5260325f 666 if (value == (SyslogFacility) - 1)
54b974dc 667 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 668 filename, linenum, arg ? arg : "<NONE>");
5260325f 669 if (*intptr == -1)
670 *intptr = (SyslogFacility) value;
671 break;
672
673 case sLogLevel:
674 intptr = (int *) &options->log_level;
704b1659 675 arg = strdelim(&cp);
089fbbd2 676 value = log_level_number(arg);
5260325f 677 if (value == (LogLevel) - 1)
54b974dc 678 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 679 filename, linenum, arg ? arg : "<NONE>");
5260325f 680 if (*intptr == -1)
681 *intptr = (LogLevel) value;
682 break;
683
33de75a3 684 case sAllowTcpForwarding:
685 intptr = &options->allow_tcp_forwarding;
686 goto parse_flag;
687
5260325f 688 case sAllowUsers:
704b1659 689 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 690 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 691 fatal("%s line %d: too many allow users.",
a8be9f80 692 filename, linenum);
089fbbd2 693 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 694 }
695 break;
696
697 case sDenyUsers:
704b1659 698 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 699 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 700 fatal( "%s line %d: too many deny users.",
a8be9f80 701 filename, linenum);
089fbbd2 702 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 703 }
704 break;
705
706 case sAllowGroups:
704b1659 707 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 708 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 709 fatal("%s line %d: too many allow groups.",
a8be9f80 710 filename, linenum);
089fbbd2 711 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 712 }
713 break;
714
715 case sDenyGroups:
704b1659 716 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 717 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 718 fatal("%s line %d: too many deny groups.",
a8be9f80 719 filename, linenum);
089fbbd2 720 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 721 }
722 break;
723
a8be9f80 724 case sCiphers:
704b1659 725 arg = strdelim(&cp);
089fbbd2 726 if (!arg || *arg == '\0')
71276795 727 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 728 if (!ciphers_valid(arg))
d0c832f3 729 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 730 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 731 if (options->ciphers == NULL)
089fbbd2 732 options->ciphers = xstrdup(arg);
a8be9f80 733 break;
734
b2552997 735 case sMacs:
736 arg = strdelim(&cp);
737 if (!arg || *arg == '\0')
738 fatal("%s line %d: Missing argument.", filename, linenum);
739 if (!mac_valid(arg))
740 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
741 filename, linenum, arg ? arg : "<NONE>");
742 if (options->macs == NULL)
743 options->macs = xstrdup(arg);
744 break;
745
a8be9f80 746 case sProtocol:
747 intptr = &options->protocol;
704b1659 748 arg = strdelim(&cp);
089fbbd2 749 if (!arg || *arg == '\0')
71276795 750 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 751 value = proto_spec(arg);
a8be9f80 752 if (value == SSH_PROTO_UNKNOWN)
753 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 754 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 755 if (*intptr == SSH_PROTO_UNKNOWN)
756 *intptr = value;
757 break;
758
38c295d6 759 case sSubsystem:
760 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
761 fatal("%s line %d: too many subsystems defined.",
762 filename, linenum);
763 }
704b1659 764 arg = strdelim(&cp);
089fbbd2 765 if (!arg || *arg == '\0')
38c295d6 766 fatal("%s line %d: Missing subsystem name.",
767 filename, linenum);
768 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 769 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 770 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 771 filename, linenum, arg);
772 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 773 arg = strdelim(&cp);
089fbbd2 774 if (!arg || *arg == '\0')
38c295d6 775 fatal("%s line %d: Missing subsystem command.",
776 filename, linenum);
089fbbd2 777 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 778 options->num_subsystems++;
779 break;
780
089fbbd2 781 case sMaxStartups:
c345cf9d 782 arg = strdelim(&cp);
783 if (!arg || *arg == '\0')
784 fatal("%s line %d: Missing MaxStartups spec.",
785 filename, linenum);
786 if (sscanf(arg, "%d:%d:%d",
787 &options->max_startups_begin,
788 &options->max_startups_rate,
789 &options->max_startups) == 3) {
790 if (options->max_startups_begin >
791 options->max_startups ||
792 options->max_startups_rate > 100 ||
793 options->max_startups_rate < 1)
794 fatal("%s line %d: Illegal MaxStartups spec.",
795 filename, linenum);
796 break;
797 }
089fbbd2 798 intptr = &options->max_startups;
799 goto parse_int;
800
eea39c02 801 case sBanner:
802 charptr = &options->banner;
803 goto parse_filename;
3ffc6336 804 case sClientAliveInterval:
805 intptr = &options->client_alive_interval;
806 goto parse_int;
807 case sClientAliveCountMax:
808 intptr = &options->client_alive_count_max;
809 goto parse_int;
5260325f 810 default:
811 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 812 filename, linenum, arg, opcode);
5260325f 813 exit(1);
8efc0c15 814 }
704b1659 815 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 816 fprintf(stderr,
089fbbd2 817 "%s line %d: garbage at end of line; \"%.200s\".\n",
818 filename, linenum, arg);
5260325f 819 exit(1);
8efc0c15 820 }
8efc0c15 821 }
5260325f 822 fclose(f);
823 if (bad_options > 0) {
824 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
825 filename, bad_options);
826 exit(1);
8efc0c15 827 }
8efc0c15 828}
git-cvsimport mirror of OpenSSH
This page took 0.968038 seconds and 5 git commands to generate.