]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- djm@cvs.openbsd.org 2001/03/25 00:01:34
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
7c8f2a26 13RCSID("$OpenBSD: servconf.c,v 1.71 2001/03/05 15:44:51 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
35void add_listen_addr(ServerOptions *options, char *addr);
36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->check_mail = -1;
59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
68 options->rsa_authentication = -1;
fa08c86b 69 options->pubkey_authentication = -1;
8efc0c15 70#ifdef KRB4
5260325f 71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
8efc0c15 74#endif
75#ifdef AFS
5260325f 76 options->kerberos_tgt_passing = -1;
77 options->afs_token_passing = -1;
8efc0c15 78#endif
5260325f 79 options->password_authentication = -1;
94ec8c6b 80 options->kbd_interactive_authentication = -1;
d464095c 81 options->challenge_reponse_authentication = -1;
5260325f 82 options->permit_empty_passwd = -1;
83 options->use_login = -1;
33de75a3 84 options->allow_tcp_forwarding = -1;
5260325f 85 options->num_allow_users = 0;
86 options->num_deny_users = 0;
87 options->num_allow_groups = 0;
88 options->num_deny_groups = 0;
a8be9f80 89 options->ciphers = NULL;
b2552997 90 options->macs = NULL;
a8be9f80 91 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 92 options->gateway_ports = -1;
38c295d6 93 options->num_subsystems = 0;
c345cf9d 94 options->max_startups_begin = -1;
95 options->max_startups_rate = -1;
089fbbd2 96 options->max_startups = -1;
eea39c02 97 options->banner = NULL;
61e96248 98 options->reverse_mapping_check = -1;
8efc0c15 99}
100
6ae2364d 101void
5260325f 102fill_default_server_options(ServerOptions *options)
8efc0c15 103{
fa08c86b 104 if (options->protocol == SSH_PROTO_UNKNOWN)
105 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
106 if (options->num_host_key_files == 0) {
107 /* fill default hostkeys for protocols */
108 if (options->protocol & SSH_PROTO_1)
42f11eb2 109 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 110 if (options->protocol & SSH_PROTO_2)
42f11eb2 111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 112 }
48e671d5 113 if (options->num_ports == 0)
114 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
115 if (options->listen_addrs == NULL)
116 add_listen_addr(options, NULL);
0fbe8c74 117 if (options->pid_file == NULL)
42f11eb2 118 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 119 if (options->server_key_bits == -1)
120 options->server_key_bits = 768;
121 if (options->login_grace_time == -1)
122 options->login_grace_time = 600;
123 if (options->key_regeneration_time == -1)
124 options->key_regeneration_time = 3600;
15853e93 125 if (options->permit_root_login == PERMIT_NOT_SET)
126 options->permit_root_login = PERMIT_YES;
5260325f 127 if (options->ignore_rhosts == -1)
c8d54615 128 options->ignore_rhosts = 1;
5260325f 129 if (options->ignore_user_known_hosts == -1)
130 options->ignore_user_known_hosts = 0;
131 if (options->check_mail == -1)
132 options->check_mail = 0;
133 if (options->print_motd == -1)
134 options->print_motd = 1;
135 if (options->x11_forwarding == -1)
c8d54615 136 options->x11_forwarding = 0;
5260325f 137 if (options->x11_display_offset == -1)
c8d54615 138 options->x11_display_offset = 10;
fa649821 139#ifdef XAUTH_PATH
140 if (options->xauth_location == NULL)
141 options->xauth_location = XAUTH_PATH;
142#endif /* XAUTH_PATH */
5260325f 143 if (options->strict_modes == -1)
144 options->strict_modes = 1;
145 if (options->keepalives == -1)
146 options->keepalives = 1;
147 if (options->log_facility == (SyslogFacility) (-1))
148 options->log_facility = SYSLOG_FACILITY_AUTH;
149 if (options->log_level == (LogLevel) (-1))
59c97189 150 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 151 if (options->rhosts_authentication == -1)
152 options->rhosts_authentication = 0;
153 if (options->rhosts_rsa_authentication == -1)
c8d54615 154 options->rhosts_rsa_authentication = 0;
5260325f 155 if (options->rsa_authentication == -1)
156 options->rsa_authentication = 1;
fa08c86b 157 if (options->pubkey_authentication == -1)
158 options->pubkey_authentication = 1;
8efc0c15 159#ifdef KRB4
5260325f 160 if (options->kerberos_authentication == -1)
161 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
162 if (options->kerberos_or_local_passwd == -1)
163 options->kerberos_or_local_passwd = 1;
164 if (options->kerberos_ticket_cleanup == -1)
165 options->kerberos_ticket_cleanup = 1;
8efc0c15 166#endif /* KRB4 */
167#ifdef AFS
5260325f 168 if (options->kerberos_tgt_passing == -1)
169 options->kerberos_tgt_passing = 0;
170 if (options->afs_token_passing == -1)
171 options->afs_token_passing = k_hasafs();
8efc0c15 172#endif /* AFS */
5260325f 173 if (options->password_authentication == -1)
174 options->password_authentication = 1;
94ec8c6b 175 if (options->kbd_interactive_authentication == -1)
176 options->kbd_interactive_authentication = 0;
d464095c 177 if (options->challenge_reponse_authentication == -1)
178 options->challenge_reponse_authentication = 1;
5260325f 179 if (options->permit_empty_passwd == -1)
c8d54615 180 options->permit_empty_passwd = 0;
5260325f 181 if (options->use_login == -1)
182 options->use_login = 0;
33de75a3 183 if (options->allow_tcp_forwarding == -1)
184 options->allow_tcp_forwarding = 1;
1d1ffb87 185 if (options->gateway_ports == -1)
186 options->gateway_ports = 0;
089fbbd2 187 if (options->max_startups == -1)
188 options->max_startups = 10;
c345cf9d 189 if (options->max_startups_rate == -1)
190 options->max_startups_rate = 100; /* 100% */
191 if (options->max_startups_begin == -1)
192 options->max_startups_begin = options->max_startups;
61e96248 193 if (options->reverse_mapping_check == -1)
194 options->reverse_mapping_check = 0;
8efc0c15 195}
196
8efc0c15 197/* Keyword tokens. */
5260325f 198typedef enum {
199 sBadOption, /* == unknown option */
200 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
201 sPermitRootLogin, sLogFacility, sLogLevel,
202 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 203#ifdef KRB4
5260325f 204 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 205#endif
206#ifdef AFS
5260325f 207 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 208#endif
d464095c 209 sChallengeResponseAuthentication,
94ec8c6b 210 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 211 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
9c81df4c 212 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 213 sUseLogin, sAllowTcpForwarding,
214 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 215 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 216 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 217 sBanner, sReverseMappingCheck
8efc0c15 218} ServerOpCodes;
219
220/* Textual representation of the tokens. */
5260325f 221static struct {
222 const char *name;
223 ServerOpCodes opcode;
224} keywords[] = {
225 { "port", sPort },
226 { "hostkey", sHostKeyFile },
fa08c86b 227 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 228 { "pidfile", sPidFile },
5260325f 229 { "serverkeybits", sServerKeyBits },
230 { "logingracetime", sLoginGraceTime },
231 { "keyregenerationinterval", sKeyRegenerationTime },
232 { "permitrootlogin", sPermitRootLogin },
233 { "syslogfacility", sLogFacility },
234 { "loglevel", sLogLevel },
235 { "rhostsauthentication", sRhostsAuthentication },
236 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
237 { "rsaauthentication", sRSAAuthentication },
fa08c86b 238 { "pubkeyauthentication", sPubkeyAuthentication },
239 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 240#ifdef KRB4
5260325f 241 { "kerberosauthentication", sKerberosAuthentication },
242 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
243 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 244#endif
245#ifdef AFS
5260325f 246 { "kerberostgtpassing", sKerberosTgtPassing },
247 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 248#endif
5260325f 249 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 250 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 251 { "challengeresponseauthentication", sChallengeResponseAuthentication },
252 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 253 { "checkmail", sCheckMail },
254 { "listenaddress", sListenAddress },
255 { "printmotd", sPrintMotd },
256 { "ignorerhosts", sIgnoreRhosts },
257 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
258 { "x11forwarding", sX11Forwarding },
259 { "x11displayoffset", sX11DisplayOffset },
fa649821 260 { "xauthlocation", sXAuthLocation },
5260325f 261 { "strictmodes", sStrictModes },
262 { "permitemptypasswords", sEmptyPasswd },
263 { "uselogin", sUseLogin },
5260325f 264 { "keepalive", sKeepAlives },
33de75a3 265 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 266 { "allowusers", sAllowUsers },
267 { "denyusers", sDenyUsers },
268 { "allowgroups", sAllowGroups },
269 { "denygroups", sDenyGroups },
a8be9f80 270 { "ciphers", sCiphers },
b2552997 271 { "macs", sMacs },
a8be9f80 272 { "protocol", sProtocol },
1d1ffb87 273 { "gatewayports", sGatewayPorts },
38c295d6 274 { "subsystem", sSubsystem },
089fbbd2 275 { "maxstartups", sMaxStartups },
eea39c02 276 { "banner", sBanner },
61e96248 277 { "reversemappingcheck", sReverseMappingCheck },
5260325f 278 { NULL, 0 }
8efc0c15 279};
280
aa3378df 281/*
282 * Returns the number of the token pointed to by cp of length len. Never
283 * returns if the token is not known.
284 */
8efc0c15 285
6ae2364d 286static ServerOpCodes
5260325f 287parse_token(const char *cp, const char *filename,
288 int linenum)
8efc0c15 289{
1e3b8b07 290 u_int i;
8efc0c15 291
5260325f 292 for (i = 0; keywords[i].name; i++)
aa3378df 293 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 294 return keywords[i].opcode;
8efc0c15 295
5260325f 296 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
297 filename, linenum, cp);
298 return sBadOption;
8efc0c15 299}
300
48e671d5 301/*
302 * add listen address
303 */
6ae2364d 304void
48e671d5 305add_listen_addr(ServerOptions *options, char *addr)
306{
48e671d5 307 struct addrinfo hints, *ai, *aitop;
308 char strport[NI_MAXSERV];
309 int gaierr;
310 int i;
311
312 if (options->num_ports == 0)
313 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
314 for (i = 0; i < options->num_ports; i++) {
315 memset(&hints, 0, sizeof(hints));
316 hints.ai_family = IPv4or6;
317 hints.ai_socktype = SOCK_STREAM;
318 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
319 snprintf(strport, sizeof strport, "%d", options->ports[i]);
320 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
54b974dc 321 fatal("bad addr or host: %s (%s)",
48e671d5 322 addr ? addr : "<NULL>",
323 gai_strerror(gaierr));
324 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
325 ;
326 ai->ai_next = options->listen_addrs;
327 options->listen_addrs = aitop;
328 }
329}
330
8efc0c15 331/* Reads the server configuration file. */
332
6ae2364d 333void
5260325f 334read_server_config(ServerOptions *options, const char *filename)
8efc0c15 335{
5260325f 336 FILE *f;
337 char line[1024];
089fbbd2 338 char *cp, **charptr, *arg;
5260325f 339 int linenum, *intptr, value;
340 int bad_options = 0;
341 ServerOpCodes opcode;
38c295d6 342 int i;
5260325f 343
344 f = fopen(filename, "r");
345 if (!f) {
346 perror(filename);
8efc0c15 347 exit(1);
5260325f 348 }
349 linenum = 0;
350 while (fgets(line, sizeof(line), f)) {
351 linenum++;
704b1659 352 cp = line;
353 arg = strdelim(&cp);
354 /* Ignore leading whitespace */
355 if (*arg == '\0')
356 arg = strdelim(&cp);
42f11eb2 357 if (!arg || !*arg || *arg == '#')
5260325f 358 continue;
fa08c86b 359 intptr = NULL;
360 charptr = NULL;
089fbbd2 361 opcode = parse_token(arg, filename, linenum);
5260325f 362 switch (opcode) {
363 case sBadOption:
364 bad_options++;
365 continue;
366 case sPort:
48e671d5 367 /* ignore ports from configfile if cmdline specifies ports */
368 if (options->ports_from_cmdline)
369 continue;
370 if (options->listen_addrs != NULL)
371 fatal("%s line %d: ports must be specified before "
372 "ListenAdress.\n", filename, linenum);
373 if (options->num_ports >= MAX_PORTS)
54b974dc 374 fatal("%s line %d: too many ports.",
6ae2364d 375 filename, linenum);
704b1659 376 arg = strdelim(&cp);
089fbbd2 377 if (!arg || *arg == '\0')
54b974dc 378 fatal("%s line %d: missing port number.",
48e671d5 379 filename, linenum);
089fbbd2 380 options->ports[options->num_ports++] = atoi(arg);
48e671d5 381 break;
382
383 case sServerKeyBits:
384 intptr = &options->server_key_bits;
5260325f 385parse_int:
704b1659 386 arg = strdelim(&cp);
089fbbd2 387 if (!arg || *arg == '\0') {
5260325f 388 fprintf(stderr, "%s line %d: missing integer value.\n",
389 filename, linenum);
390 exit(1);
391 }
089fbbd2 392 value = atoi(arg);
5260325f 393 if (*intptr == -1)
394 *intptr = value;
395 break;
396
5260325f 397 case sLoginGraceTime:
398 intptr = &options->login_grace_time;
399 goto parse_int;
400
401 case sKeyRegenerationTime:
402 intptr = &options->key_regeneration_time;
403 goto parse_int;
404
405 case sListenAddress:
704b1659 406 arg = strdelim(&cp);
089fbbd2 407 if (!arg || *arg == '\0')
54b974dc 408 fatal("%s line %d: missing inet addr.",
48e671d5 409 filename, linenum);
089fbbd2 410 add_listen_addr(options, arg);
5260325f 411 break;
412
413 case sHostKeyFile:
fa08c86b 414 intptr = &options->num_host_key_files;
415 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 416 fprintf(stderr,
417 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 418 filename, linenum, MAX_HOSTKEYS);
419 exit(1);
420 }
421 charptr = &options->host_key_files[*intptr];
fa649821 422parse_filename:
704b1659 423 arg = strdelim(&cp);
089fbbd2 424 if (!arg || *arg == '\0') {
5260325f 425 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 426 filename, linenum);
427 exit(1);
428 }
fa08c86b 429 if (*charptr == NULL) {
089fbbd2 430 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 431 /* increase optional counter */
432 if (intptr != NULL)
433 *intptr = *intptr + 1;
434 }
0fbe8c74 435 break;
436
437 case sPidFile:
438 charptr = &options->pid_file;
fa649821 439 goto parse_filename;
5260325f 440
5260325f 441 case sPermitRootLogin:
442 intptr = &options->permit_root_login;
704b1659 443 arg = strdelim(&cp);
089fbbd2 444 if (!arg || *arg == '\0') {
7c8f2a26 445 fprintf(stderr, "%s line %d: missing yes/"
446 "without-password/forced-commands-only/no "
447 "argument.\n", filename, linenum);
5260325f 448 exit(1);
449 }
089fbbd2 450 if (strcmp(arg, "without-password") == 0)
15853e93 451 value = PERMIT_NO_PASSWD;
452 else if (strcmp(arg, "forced-commands-only") == 0)
453 value = PERMIT_FORCED_ONLY;
089fbbd2 454 else if (strcmp(arg, "yes") == 0)
15853e93 455 value = PERMIT_YES;
089fbbd2 456 else if (strcmp(arg, "no") == 0)
15853e93 457 value = PERMIT_NO;
5260325f 458 else {
15853e93 459 fprintf(stderr, "%s line %d: Bad yes/"
460 "without-password/forced-commands-only/no "
461 "argument: %s\n", filename, linenum, arg);
5260325f 462 exit(1);
463 }
464 if (*intptr == -1)
465 *intptr = value;
466 break;
467
468 case sIgnoreRhosts:
469 intptr = &options->ignore_rhosts;
470parse_flag:
704b1659 471 arg = strdelim(&cp);
089fbbd2 472 if (!arg || *arg == '\0') {
5260325f 473 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
474 filename, linenum);
475 exit(1);
476 }
089fbbd2 477 if (strcmp(arg, "yes") == 0)
5260325f 478 value = 1;
089fbbd2 479 else if (strcmp(arg, "no") == 0)
5260325f 480 value = 0;
481 else {
482 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 483 filename, linenum, arg);
5260325f 484 exit(1);
485 }
486 if (*intptr == -1)
487 *intptr = value;
488 break;
489
490 case sIgnoreUserKnownHosts:
491 intptr = &options->ignore_user_known_hosts;
c8d54615 492 goto parse_flag;
5260325f 493
494 case sRhostsAuthentication:
495 intptr = &options->rhosts_authentication;
496 goto parse_flag;
497
498 case sRhostsRSAAuthentication:
499 intptr = &options->rhosts_rsa_authentication;
500 goto parse_flag;
501
502 case sRSAAuthentication:
503 intptr = &options->rsa_authentication;
504 goto parse_flag;
505
fa08c86b 506 case sPubkeyAuthentication:
507 intptr = &options->pubkey_authentication;
1d1ffb87 508 goto parse_flag;
509
8efc0c15 510#ifdef KRB4
5260325f 511 case sKerberosAuthentication:
512 intptr = &options->kerberos_authentication;
513 goto parse_flag;
514
515 case sKerberosOrLocalPasswd:
516 intptr = &options->kerberos_or_local_passwd;
517 goto parse_flag;
518
519 case sKerberosTicketCleanup:
520 intptr = &options->kerberos_ticket_cleanup;
521 goto parse_flag;
8efc0c15 522#endif
5260325f 523
8efc0c15 524#ifdef AFS
5260325f 525 case sKerberosTgtPassing:
526 intptr = &options->kerberos_tgt_passing;
527 goto parse_flag;
8efc0c15 528
5260325f 529 case sAFSTokenPassing:
530 intptr = &options->afs_token_passing;
531 goto parse_flag;
8efc0c15 532#endif
533
5260325f 534 case sPasswordAuthentication:
535 intptr = &options->password_authentication;
536 goto parse_flag;
8efc0c15 537
94ec8c6b 538 case sKbdInteractiveAuthentication:
539 intptr = &options->kbd_interactive_authentication;
540 goto parse_flag;
541
5260325f 542 case sCheckMail:
543 intptr = &options->check_mail;
544 goto parse_flag;
8efc0c15 545
d464095c 546 case sChallengeResponseAuthentication:
547 intptr = &options->challenge_reponse_authentication;
5260325f 548 goto parse_flag;
8efc0c15 549
5260325f 550 case sPrintMotd:
551 intptr = &options->print_motd;
552 goto parse_flag;
553
554 case sX11Forwarding:
555 intptr = &options->x11_forwarding;
556 goto parse_flag;
557
558 case sX11DisplayOffset:
559 intptr = &options->x11_display_offset;
560 goto parse_int;
561
fa649821 562 case sXAuthLocation:
563 charptr = &options->xauth_location;
564 goto parse_filename;
2b87da3b 565
5260325f 566 case sStrictModes:
567 intptr = &options->strict_modes;
568 goto parse_flag;
569
570 case sKeepAlives:
571 intptr = &options->keepalives;
572 goto parse_flag;
573
574 case sEmptyPasswd:
575 intptr = &options->permit_empty_passwd;
576 goto parse_flag;
577
578 case sUseLogin:
579 intptr = &options->use_login;
580 goto parse_flag;
581
1d1ffb87 582 case sGatewayPorts:
583 intptr = &options->gateway_ports;
584 goto parse_flag;
585
61e96248 586 case sReverseMappingCheck:
587 intptr = &options->reverse_mapping_check;
588 goto parse_flag;
589
5260325f 590 case sLogFacility:
591 intptr = (int *) &options->log_facility;
704b1659 592 arg = strdelim(&cp);
089fbbd2 593 value = log_facility_number(arg);
5260325f 594 if (value == (SyslogFacility) - 1)
54b974dc 595 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 596 filename, linenum, arg ? arg : "<NONE>");
5260325f 597 if (*intptr == -1)
598 *intptr = (SyslogFacility) value;
599 break;
600
601 case sLogLevel:
602 intptr = (int *) &options->log_level;
704b1659 603 arg = strdelim(&cp);
089fbbd2 604 value = log_level_number(arg);
5260325f 605 if (value == (LogLevel) - 1)
54b974dc 606 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 607 filename, linenum, arg ? arg : "<NONE>");
5260325f 608 if (*intptr == -1)
609 *intptr = (LogLevel) value;
610 break;
611
33de75a3 612 case sAllowTcpForwarding:
613 intptr = &options->allow_tcp_forwarding;
614 goto parse_flag;
615
5260325f 616 case sAllowUsers:
704b1659 617 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 618 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 619 fatal("%s line %d: too many allow users.",
a8be9f80 620 filename, linenum);
089fbbd2 621 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 622 }
623 break;
624
625 case sDenyUsers:
704b1659 626 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 627 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 628 fatal( "%s line %d: too many deny users.",
a8be9f80 629 filename, linenum);
089fbbd2 630 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 631 }
632 break;
633
634 case sAllowGroups:
704b1659 635 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 636 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 637 fatal("%s line %d: too many allow groups.",
a8be9f80 638 filename, linenum);
089fbbd2 639 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 640 }
641 break;
642
643 case sDenyGroups:
704b1659 644 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 645 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 646 fatal("%s line %d: too many deny groups.",
a8be9f80 647 filename, linenum);
089fbbd2 648 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 649 }
650 break;
651
a8be9f80 652 case sCiphers:
704b1659 653 arg = strdelim(&cp);
089fbbd2 654 if (!arg || *arg == '\0')
71276795 655 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 656 if (!ciphers_valid(arg))
d0c832f3 657 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 658 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 659 if (options->ciphers == NULL)
089fbbd2 660 options->ciphers = xstrdup(arg);
a8be9f80 661 break;
662
b2552997 663 case sMacs:
664 arg = strdelim(&cp);
665 if (!arg || *arg == '\0')
666 fatal("%s line %d: Missing argument.", filename, linenum);
667 if (!mac_valid(arg))
668 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
669 filename, linenum, arg ? arg : "<NONE>");
670 if (options->macs == NULL)
671 options->macs = xstrdup(arg);
672 break;
673
a8be9f80 674 case sProtocol:
675 intptr = &options->protocol;
704b1659 676 arg = strdelim(&cp);
089fbbd2 677 if (!arg || *arg == '\0')
71276795 678 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 679 value = proto_spec(arg);
a8be9f80 680 if (value == SSH_PROTO_UNKNOWN)
681 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 682 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 683 if (*intptr == SSH_PROTO_UNKNOWN)
684 *intptr = value;
685 break;
686
38c295d6 687 case sSubsystem:
688 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
689 fatal("%s line %d: too many subsystems defined.",
690 filename, linenum);
691 }
704b1659 692 arg = strdelim(&cp);
089fbbd2 693 if (!arg || *arg == '\0')
38c295d6 694 fatal("%s line %d: Missing subsystem name.",
695 filename, linenum);
696 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 697 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 698 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 699 filename, linenum, arg);
700 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 701 arg = strdelim(&cp);
089fbbd2 702 if (!arg || *arg == '\0')
38c295d6 703 fatal("%s line %d: Missing subsystem command.",
704 filename, linenum);
089fbbd2 705 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 706 options->num_subsystems++;
707 break;
708
089fbbd2 709 case sMaxStartups:
c345cf9d 710 arg = strdelim(&cp);
711 if (!arg || *arg == '\0')
712 fatal("%s line %d: Missing MaxStartups spec.",
713 filename, linenum);
714 if (sscanf(arg, "%d:%d:%d",
715 &options->max_startups_begin,
716 &options->max_startups_rate,
717 &options->max_startups) == 3) {
718 if (options->max_startups_begin >
719 options->max_startups ||
720 options->max_startups_rate > 100 ||
721 options->max_startups_rate < 1)
722 fatal("%s line %d: Illegal MaxStartups spec.",
723 filename, linenum);
724 break;
725 }
089fbbd2 726 intptr = &options->max_startups;
727 goto parse_int;
728
eea39c02 729 case sBanner:
730 charptr = &options->banner;
731 goto parse_filename;
2b87da3b 732
5260325f 733 default:
734 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 735 filename, linenum, arg, opcode);
5260325f 736 exit(1);
8efc0c15 737 }
704b1659 738 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 739 fprintf(stderr,
089fbbd2 740 "%s line %d: garbage at end of line; \"%.200s\".\n",
741 filename, linenum, arg);
5260325f 742 exit(1);
8efc0c15 743 }
8efc0c15 744 }
5260325f 745 fclose(f);
746 if (bad_options > 0) {
747 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
748 filename, bad_options);
749 exit(1);
8efc0c15 750 }
8efc0c15 751}
git-cvsimport mirror of OpenSSH
This page took 0.228812 seconds and 5 git commands to generate.