]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (stevesk) OpenBSD CVS updates:
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
fa08c86b 13RCSID("$OpenBSD: servconf.c,v 1.54 2000/11/12 19:50:38 markus Exp $");
8efc0c15 14
15#include "ssh.h"
16#include "servconf.h"
17#include "xmalloc.h"
a8be9f80 18#include "compat.h"
8efc0c15 19
48e671d5 20/* add listen address */
21void add_listen_addr(ServerOptions *options, char *addr);
22
8efc0c15 23/* Initializes the server options to their default values. */
24
6ae2364d 25void
5260325f 26initialize_server_options(ServerOptions *options)
8efc0c15 27{
5260325f 28 memset(options, 0, sizeof(*options));
48e671d5 29 options->num_ports = 0;
30 options->ports_from_cmdline = 0;
31 options->listen_addrs = NULL;
fa08c86b 32 options->num_host_key_files = 0;
0fbe8c74 33 options->pid_file = NULL;
5260325f 34 options->server_key_bits = -1;
35 options->login_grace_time = -1;
36 options->key_regeneration_time = -1;
37 options->permit_root_login = -1;
38 options->ignore_rhosts = -1;
39 options->ignore_user_known_hosts = -1;
40 options->print_motd = -1;
41 options->check_mail = -1;
42 options->x11_forwarding = -1;
43 options->x11_display_offset = -1;
fa649821 44 options->xauth_location = NULL;
5260325f 45 options->strict_modes = -1;
46 options->keepalives = -1;
47 options->log_facility = (SyslogFacility) - 1;
48 options->log_level = (LogLevel) - 1;
49 options->rhosts_authentication = -1;
50 options->rhosts_rsa_authentication = -1;
51 options->rsa_authentication = -1;
fa08c86b 52 options->pubkey_authentication = -1;
8efc0c15 53#ifdef KRB4
5260325f 54 options->kerberos_authentication = -1;
55 options->kerberos_or_local_passwd = -1;
56 options->kerberos_ticket_cleanup = -1;
8efc0c15 57#endif
58#ifdef AFS
5260325f 59 options->kerberos_tgt_passing = -1;
60 options->afs_token_passing = -1;
8efc0c15 61#endif
5260325f 62 options->password_authentication = -1;
94ec8c6b 63 options->kbd_interactive_authentication = -1;
8efc0c15 64#ifdef SKEY
5260325f 65 options->skey_authentication = -1;
8efc0c15 66#endif
5260325f 67 options->permit_empty_passwd = -1;
68 options->use_login = -1;
33de75a3 69 options->allow_tcp_forwarding = -1;
5260325f 70 options->num_allow_users = 0;
71 options->num_deny_users = 0;
72 options->num_allow_groups = 0;
73 options->num_deny_groups = 0;
a8be9f80 74 options->ciphers = NULL;
75 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 76 options->gateway_ports = -1;
38c295d6 77 options->num_subsystems = 0;
c345cf9d 78 options->max_startups_begin = -1;
79 options->max_startups_rate = -1;
089fbbd2 80 options->max_startups = -1;
8efc0c15 81}
82
6ae2364d 83void
5260325f 84fill_default_server_options(ServerOptions *options)
8efc0c15 85{
fa08c86b 86 if (options->protocol == SSH_PROTO_UNKNOWN)
87 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
88 if (options->num_host_key_files == 0) {
89 /* fill default hostkeys for protocols */
90 if (options->protocol & SSH_PROTO_1)
91 options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
92 if (options->protocol & SSH_PROTO_2)
93 options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
94 }
48e671d5 95 if (options->num_ports == 0)
96 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
97 if (options->listen_addrs == NULL)
98 add_listen_addr(options, NULL);
0fbe8c74 99 if (options->pid_file == NULL)
100 options->pid_file = SSH_DAEMON_PID_FILE;
5260325f 101 if (options->server_key_bits == -1)
102 options->server_key_bits = 768;
103 if (options->login_grace_time == -1)
104 options->login_grace_time = 600;
105 if (options->key_regeneration_time == -1)
106 options->key_regeneration_time = 3600;
107 if (options->permit_root_login == -1)
108 options->permit_root_login = 1; /* yes */
109 if (options->ignore_rhosts == -1)
c8d54615 110 options->ignore_rhosts = 1;
5260325f 111 if (options->ignore_user_known_hosts == -1)
112 options->ignore_user_known_hosts = 0;
113 if (options->check_mail == -1)
114 options->check_mail = 0;
115 if (options->print_motd == -1)
116 options->print_motd = 1;
117 if (options->x11_forwarding == -1)
c8d54615 118 options->x11_forwarding = 0;
5260325f 119 if (options->x11_display_offset == -1)
c8d54615 120 options->x11_display_offset = 10;
fa649821 121#ifdef XAUTH_PATH
122 if (options->xauth_location == NULL)
123 options->xauth_location = XAUTH_PATH;
124#endif /* XAUTH_PATH */
5260325f 125 if (options->strict_modes == -1)
126 options->strict_modes = 1;
127 if (options->keepalives == -1)
128 options->keepalives = 1;
129 if (options->log_facility == (SyslogFacility) (-1))
130 options->log_facility = SYSLOG_FACILITY_AUTH;
131 if (options->log_level == (LogLevel) (-1))
132 options->log_level = SYSLOG_LEVEL_INFO;
133 if (options->rhosts_authentication == -1)
134 options->rhosts_authentication = 0;
135 if (options->rhosts_rsa_authentication == -1)
c8d54615 136 options->rhosts_rsa_authentication = 0;
5260325f 137 if (options->rsa_authentication == -1)
138 options->rsa_authentication = 1;
fa08c86b 139 if (options->pubkey_authentication == -1)
140 options->pubkey_authentication = 1;
8efc0c15 141#ifdef KRB4
5260325f 142 if (options->kerberos_authentication == -1)
143 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
144 if (options->kerberos_or_local_passwd == -1)
145 options->kerberos_or_local_passwd = 1;
146 if (options->kerberos_ticket_cleanup == -1)
147 options->kerberos_ticket_cleanup = 1;
8efc0c15 148#endif /* KRB4 */
149#ifdef AFS
5260325f 150 if (options->kerberos_tgt_passing == -1)
151 options->kerberos_tgt_passing = 0;
152 if (options->afs_token_passing == -1)
153 options->afs_token_passing = k_hasafs();
8efc0c15 154#endif /* AFS */
5260325f 155 if (options->password_authentication == -1)
156 options->password_authentication = 1;
94ec8c6b 157 if (options->kbd_interactive_authentication == -1)
158 options->kbd_interactive_authentication = 0;
8efc0c15 159#ifdef SKEY
5260325f 160 if (options->skey_authentication == -1)
161 options->skey_authentication = 1;
8efc0c15 162#endif
5260325f 163 if (options->permit_empty_passwd == -1)
c8d54615 164 options->permit_empty_passwd = 0;
5260325f 165 if (options->use_login == -1)
166 options->use_login = 0;
33de75a3 167 if (options->allow_tcp_forwarding == -1)
168 options->allow_tcp_forwarding = 1;
1d1ffb87 169 if (options->gateway_ports == -1)
170 options->gateway_ports = 0;
089fbbd2 171 if (options->max_startups == -1)
172 options->max_startups = 10;
c345cf9d 173 if (options->max_startups_rate == -1)
174 options->max_startups_rate = 100; /* 100% */
175 if (options->max_startups_begin == -1)
176 options->max_startups_begin = options->max_startups;
8efc0c15 177}
178
8efc0c15 179/* Keyword tokens. */
5260325f 180typedef enum {
181 sBadOption, /* == unknown option */
182 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
183 sPermitRootLogin, sLogFacility, sLogLevel,
184 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 185#ifdef KRB4
5260325f 186 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 187#endif
188#ifdef AFS
5260325f 189 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 190#endif
191#ifdef SKEY
5260325f 192 sSkeyAuthentication,
8efc0c15 193#endif
94ec8c6b 194 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 195 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
196 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 197 sUseLogin, sAllowTcpForwarding,
198 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
fa08c86b 199 sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
200 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8efc0c15 201} ServerOpCodes;
202
203/* Textual representation of the tokens. */
5260325f 204static struct {
205 const char *name;
206 ServerOpCodes opcode;
207} keywords[] = {
208 { "port", sPort },
209 { "hostkey", sHostKeyFile },
fa08c86b 210 { "hostdsakey", sHostKeyFile }, /* alias */
0fbe8c74 211 { "pidfile", sPidFile },
5260325f 212 { "serverkeybits", sServerKeyBits },
213 { "logingracetime", sLoginGraceTime },
214 { "keyregenerationinterval", sKeyRegenerationTime },
215 { "permitrootlogin", sPermitRootLogin },
216 { "syslogfacility", sLogFacility },
217 { "loglevel", sLogLevel },
218 { "rhostsauthentication", sRhostsAuthentication },
219 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
220 { "rsaauthentication", sRSAAuthentication },
fa08c86b 221 { "pubkeyauthentication", sPubkeyAuthentication },
222 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 223#ifdef KRB4
5260325f 224 { "kerberosauthentication", sKerberosAuthentication },
225 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
226 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 227#endif
228#ifdef AFS
5260325f 229 { "kerberostgtpassing", sKerberosTgtPassing },
230 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 231#endif
5260325f 232 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 233 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
8efc0c15 234#ifdef SKEY
5260325f 235 { "skeyauthentication", sSkeyAuthentication },
8efc0c15 236#endif
5260325f 237 { "checkmail", sCheckMail },
238 { "listenaddress", sListenAddress },
239 { "printmotd", sPrintMotd },
240 { "ignorerhosts", sIgnoreRhosts },
241 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
242 { "x11forwarding", sX11Forwarding },
243 { "x11displayoffset", sX11DisplayOffset },
fa649821 244 { "xauthlocation", sXAuthLocation },
5260325f 245 { "strictmodes", sStrictModes },
246 { "permitemptypasswords", sEmptyPasswd },
247 { "uselogin", sUseLogin },
248 { "randomseed", sRandomSeedFile },
249 { "keepalive", sKeepAlives },
33de75a3 250 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 251 { "allowusers", sAllowUsers },
252 { "denyusers", sDenyUsers },
253 { "allowgroups", sAllowGroups },
254 { "denygroups", sDenyGroups },
a8be9f80 255 { "ciphers", sCiphers },
256 { "protocol", sProtocol },
1d1ffb87 257 { "gatewayports", sGatewayPorts },
38c295d6 258 { "subsystem", sSubsystem },
089fbbd2 259 { "maxstartups", sMaxStartups },
5260325f 260 { NULL, 0 }
8efc0c15 261};
262
aa3378df 263/*
264 * Returns the number of the token pointed to by cp of length len. Never
265 * returns if the token is not known.
266 */
8efc0c15 267
6ae2364d 268static ServerOpCodes
5260325f 269parse_token(const char *cp, const char *filename,
270 int linenum)
8efc0c15 271{
5260325f 272 unsigned int i;
8efc0c15 273
5260325f 274 for (i = 0; keywords[i].name; i++)
aa3378df 275 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 276 return keywords[i].opcode;
8efc0c15 277
5260325f 278 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
279 filename, linenum, cp);
280 return sBadOption;
8efc0c15 281}
282
48e671d5 283/*
284 * add listen address
285 */
6ae2364d 286void
48e671d5 287add_listen_addr(ServerOptions *options, char *addr)
288{
289 extern int IPv4or6;
290 struct addrinfo hints, *ai, *aitop;
291 char strport[NI_MAXSERV];
292 int gaierr;
293 int i;
294
295 if (options->num_ports == 0)
296 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
297 for (i = 0; i < options->num_ports; i++) {
298 memset(&hints, 0, sizeof(hints));
299 hints.ai_family = IPv4or6;
300 hints.ai_socktype = SOCK_STREAM;
301 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
302 snprintf(strport, sizeof strport, "%d", options->ports[i]);
303 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
304 fatal("bad addr or host: %s (%s)\n",
305 addr ? addr : "<NULL>",
306 gai_strerror(gaierr));
307 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
308 ;
309 ai->ai_next = options->listen_addrs;
310 options->listen_addrs = aitop;
311 }
312}
313
8efc0c15 314/* Reads the server configuration file. */
315
6ae2364d 316void
5260325f 317read_server_config(ServerOptions *options, const char *filename)
8efc0c15 318{
5260325f 319 FILE *f;
320 char line[1024];
089fbbd2 321 char *cp, **charptr, *arg;
5260325f 322 int linenum, *intptr, value;
323 int bad_options = 0;
324 ServerOpCodes opcode;
38c295d6 325 int i;
5260325f 326
327 f = fopen(filename, "r");
328 if (!f) {
329 perror(filename);
8efc0c15 330 exit(1);
5260325f 331 }
332 linenum = 0;
333 while (fgets(line, sizeof(line), f)) {
334 linenum++;
704b1659 335 cp = line;
336 arg = strdelim(&cp);
337 /* Ignore leading whitespace */
338 if (*arg == '\0')
339 arg = strdelim(&cp);
340 if (!*arg || *arg == '#')
5260325f 341 continue;
fa08c86b 342 intptr = NULL;
343 charptr = NULL;
089fbbd2 344 opcode = parse_token(arg, filename, linenum);
5260325f 345 switch (opcode) {
346 case sBadOption:
347 bad_options++;
348 continue;
349 case sPort:
48e671d5 350 /* ignore ports from configfile if cmdline specifies ports */
351 if (options->ports_from_cmdline)
352 continue;
353 if (options->listen_addrs != NULL)
354 fatal("%s line %d: ports must be specified before "
355 "ListenAdress.\n", filename, linenum);
356 if (options->num_ports >= MAX_PORTS)
357 fatal("%s line %d: too many ports.\n",
6ae2364d 358 filename, linenum);
704b1659 359 arg = strdelim(&cp);
089fbbd2 360 if (!arg || *arg == '\0')
48e671d5 361 fatal("%s line %d: missing port number.\n",
362 filename, linenum);
089fbbd2 363 options->ports[options->num_ports++] = atoi(arg);
48e671d5 364 break;
365
366 case sServerKeyBits:
367 intptr = &options->server_key_bits;
5260325f 368parse_int:
704b1659 369 arg = strdelim(&cp);
089fbbd2 370 if (!arg || *arg == '\0') {
5260325f 371 fprintf(stderr, "%s line %d: missing integer value.\n",
372 filename, linenum);
373 exit(1);
374 }
089fbbd2 375 value = atoi(arg);
5260325f 376 if (*intptr == -1)
377 *intptr = value;
378 break;
379
5260325f 380 case sLoginGraceTime:
381 intptr = &options->login_grace_time;
382 goto parse_int;
383
384 case sKeyRegenerationTime:
385 intptr = &options->key_regeneration_time;
386 goto parse_int;
387
388 case sListenAddress:
704b1659 389 arg = strdelim(&cp);
089fbbd2 390 if (!arg || *arg == '\0')
48e671d5 391 fatal("%s line %d: missing inet addr.\n",
392 filename, linenum);
089fbbd2 393 add_listen_addr(options, arg);
5260325f 394 break;
395
396 case sHostKeyFile:
fa08c86b 397 intptr = &options->num_host_key_files;
398 if (*intptr >= MAX_HOSTKEYS) {
399 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
400 filename, linenum, MAX_HOSTKEYS);
401 exit(1);
402 }
403 charptr = &options->host_key_files[*intptr];
fa649821 404parse_filename:
704b1659 405 arg = strdelim(&cp);
089fbbd2 406 if (!arg || *arg == '\0') {
5260325f 407 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 408 filename, linenum);
409 exit(1);
410 }
fa08c86b 411 if (*charptr == NULL) {
089fbbd2 412 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 413 /* increase optional counter */
414 if (intptr != NULL)
415 *intptr = *intptr + 1;
416 }
0fbe8c74 417 break;
418
419 case sPidFile:
420 charptr = &options->pid_file;
fa649821 421 goto parse_filename;
5260325f 422
423 case sRandomSeedFile:
424 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
425 filename, linenum);
704b1659 426 arg = strdelim(&cp);
5260325f 427 break;
428
429 case sPermitRootLogin:
430 intptr = &options->permit_root_login;
704b1659 431 arg = strdelim(&cp);
089fbbd2 432 if (!arg || *arg == '\0') {
5260325f 433 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
434 filename, linenum);
435 exit(1);
436 }
089fbbd2 437 if (strcmp(arg, "without-password") == 0)
5260325f 438 value = 2;
089fbbd2 439 else if (strcmp(arg, "yes") == 0)
5260325f 440 value = 1;
089fbbd2 441 else if (strcmp(arg, "no") == 0)
5260325f 442 value = 0;
443 else {
444 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 445 filename, linenum, arg);
5260325f 446 exit(1);
447 }
448 if (*intptr == -1)
449 *intptr = value;
450 break;
451
452 case sIgnoreRhosts:
453 intptr = &options->ignore_rhosts;
454parse_flag:
704b1659 455 arg = strdelim(&cp);
089fbbd2 456 if (!arg || *arg == '\0') {
5260325f 457 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
458 filename, linenum);
459 exit(1);
460 }
089fbbd2 461 if (strcmp(arg, "yes") == 0)
5260325f 462 value = 1;
089fbbd2 463 else if (strcmp(arg, "no") == 0)
5260325f 464 value = 0;
465 else {
466 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 467 filename, linenum, arg);
5260325f 468 exit(1);
469 }
470 if (*intptr == -1)
471 *intptr = value;
472 break;
473
474 case sIgnoreUserKnownHosts:
475 intptr = &options->ignore_user_known_hosts;
c8d54615 476 goto parse_flag;
5260325f 477
478 case sRhostsAuthentication:
479 intptr = &options->rhosts_authentication;
480 goto parse_flag;
481
482 case sRhostsRSAAuthentication:
483 intptr = &options->rhosts_rsa_authentication;
484 goto parse_flag;
485
486 case sRSAAuthentication:
487 intptr = &options->rsa_authentication;
488 goto parse_flag;
489
fa08c86b 490 case sPubkeyAuthentication:
491 intptr = &options->pubkey_authentication;
1d1ffb87 492 goto parse_flag;
493
8efc0c15 494#ifdef KRB4
5260325f 495 case sKerberosAuthentication:
496 intptr = &options->kerberos_authentication;
497 goto parse_flag;
498
499 case sKerberosOrLocalPasswd:
500 intptr = &options->kerberos_or_local_passwd;
501 goto parse_flag;
502
503 case sKerberosTicketCleanup:
504 intptr = &options->kerberos_ticket_cleanup;
505 goto parse_flag;
8efc0c15 506#endif
5260325f 507
8efc0c15 508#ifdef AFS
5260325f 509 case sKerberosTgtPassing:
510 intptr = &options->kerberos_tgt_passing;
511 goto parse_flag;
8efc0c15 512
5260325f 513 case sAFSTokenPassing:
514 intptr = &options->afs_token_passing;
515 goto parse_flag;
8efc0c15 516#endif
517
5260325f 518 case sPasswordAuthentication:
519 intptr = &options->password_authentication;
520 goto parse_flag;
8efc0c15 521
94ec8c6b 522 case sKbdInteractiveAuthentication:
523 intptr = &options->kbd_interactive_authentication;
524 goto parse_flag;
525
5260325f 526 case sCheckMail:
527 intptr = &options->check_mail;
528 goto parse_flag;
8efc0c15 529
530#ifdef SKEY
5260325f 531 case sSkeyAuthentication:
532 intptr = &options->skey_authentication;
533 goto parse_flag;
8efc0c15 534#endif
535
5260325f 536 case sPrintMotd:
537 intptr = &options->print_motd;
538 goto parse_flag;
539
540 case sX11Forwarding:
541 intptr = &options->x11_forwarding;
542 goto parse_flag;
543
544 case sX11DisplayOffset:
545 intptr = &options->x11_display_offset;
546 goto parse_int;
547
fa649821 548 case sXAuthLocation:
549 charptr = &options->xauth_location;
550 goto parse_filename;
551
5260325f 552 case sStrictModes:
553 intptr = &options->strict_modes;
554 goto parse_flag;
555
556 case sKeepAlives:
557 intptr = &options->keepalives;
558 goto parse_flag;
559
560 case sEmptyPasswd:
561 intptr = &options->permit_empty_passwd;
562 goto parse_flag;
563
564 case sUseLogin:
565 intptr = &options->use_login;
566 goto parse_flag;
567
1d1ffb87 568 case sGatewayPorts:
569 intptr = &options->gateway_ports;
570 goto parse_flag;
571
5260325f 572 case sLogFacility:
573 intptr = (int *) &options->log_facility;
704b1659 574 arg = strdelim(&cp);
089fbbd2 575 value = log_facility_number(arg);
5260325f 576 if (value == (SyslogFacility) - 1)
577 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 578 filename, linenum, arg ? arg : "<NONE>");
5260325f 579 if (*intptr == -1)
580 *intptr = (SyslogFacility) value;
581 break;
582
583 case sLogLevel:
584 intptr = (int *) &options->log_level;
704b1659 585 arg = strdelim(&cp);
089fbbd2 586 value = log_level_number(arg);
5260325f 587 if (value == (LogLevel) - 1)
588 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 589 filename, linenum, arg ? arg : "<NONE>");
5260325f 590 if (*intptr == -1)
591 *intptr = (LogLevel) value;
592 break;
593
33de75a3 594 case sAllowTcpForwarding:
595 intptr = &options->allow_tcp_forwarding;
596 goto parse_flag;
597
5260325f 598 case sAllowUsers:
704b1659 599 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 600 if (options->num_allow_users >= MAX_ALLOW_USERS)
601 fatal("%s line %d: too many allow users.\n",
602 filename, linenum);
089fbbd2 603 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 604 }
605 break;
606
607 case sDenyUsers:
704b1659 608 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 609 if (options->num_deny_users >= MAX_DENY_USERS)
610 fatal( "%s line %d: too many deny users.\n",
611 filename, linenum);
089fbbd2 612 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 613 }
614 break;
615
616 case sAllowGroups:
704b1659 617 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 618 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
619 fatal("%s line %d: too many allow groups.\n",
620 filename, linenum);
089fbbd2 621 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 622 }
623 break;
624
625 case sDenyGroups:
704b1659 626 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 627 if (options->num_deny_groups >= MAX_DENY_GROUPS)
628 fatal("%s line %d: too many deny groups.\n",
629 filename, linenum);
089fbbd2 630 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 631 }
632 break;
633
a8be9f80 634 case sCiphers:
704b1659 635 arg = strdelim(&cp);
089fbbd2 636 if (!arg || *arg == '\0')
71276795 637 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 638 if (!ciphers_valid(arg))
d0c832f3 639 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 640 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 641 if (options->ciphers == NULL)
089fbbd2 642 options->ciphers = xstrdup(arg);
a8be9f80 643 break;
644
645 case sProtocol:
646 intptr = &options->protocol;
704b1659 647 arg = strdelim(&cp);
089fbbd2 648 if (!arg || *arg == '\0')
71276795 649 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 650 value = proto_spec(arg);
a8be9f80 651 if (value == SSH_PROTO_UNKNOWN)
652 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 653 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 654 if (*intptr == SSH_PROTO_UNKNOWN)
655 *intptr = value;
656 break;
657
38c295d6 658 case sSubsystem:
659 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
660 fatal("%s line %d: too many subsystems defined.",
661 filename, linenum);
662 }
704b1659 663 arg = strdelim(&cp);
089fbbd2 664 if (!arg || *arg == '\0')
38c295d6 665 fatal("%s line %d: Missing subsystem name.",
666 filename, linenum);
667 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 668 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 669 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 670 filename, linenum, arg);
671 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 672 arg = strdelim(&cp);
089fbbd2 673 if (!arg || *arg == '\0')
38c295d6 674 fatal("%s line %d: Missing subsystem command.",
675 filename, linenum);
089fbbd2 676 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 677 options->num_subsystems++;
678 break;
679
089fbbd2 680 case sMaxStartups:
c345cf9d 681 arg = strdelim(&cp);
682 if (!arg || *arg == '\0')
683 fatal("%s line %d: Missing MaxStartups spec.",
684 filename, linenum);
685 if (sscanf(arg, "%d:%d:%d",
686 &options->max_startups_begin,
687 &options->max_startups_rate,
688 &options->max_startups) == 3) {
689 if (options->max_startups_begin >
690 options->max_startups ||
691 options->max_startups_rate > 100 ||
692 options->max_startups_rate < 1)
693 fatal("%s line %d: Illegal MaxStartups spec.",
694 filename, linenum);
695 break;
696 }
089fbbd2 697 intptr = &options->max_startups;
698 goto parse_int;
699
5260325f 700 default:
701 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 702 filename, linenum, arg, opcode);
5260325f 703 exit(1);
8efc0c15 704 }
704b1659 705 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 706 fprintf(stderr,
707 "%s line %d: garbage at end of line; \"%.200s\".\n",
708 filename, linenum, arg);
5260325f 709 exit(1);
8efc0c15 710 }
8efc0c15 711 }
5260325f 712 fclose(f);
713 if (bad_options > 0) {
714 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
715 filename, bad_options);
716 exit(1);
8efc0c15 717 }
8efc0c15 718}
git-cvsimport mirror of OpenSSH
This page took 2.291045 seconds and 5 git commands to generate.