]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/12/05 16:54:51
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
6aacefa7 13RCSID("$OpenBSD: servconf.c,v 1.93 2001/12/05 10:06:12 deraadt Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
e15895cd 46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
48e671d5 51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
fa08c86b 54 options->num_host_key_files = 0;
0fbe8c74 55 options->pid_file = NULL;
5260325f 56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
15853e93 59 options->permit_root_login = PERMIT_NOT_SET;
5260325f 60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
4f4648f9 63 options->print_lastlog = -1;
5260325f 64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
fa649821 66 options->xauth_location = NULL;
5260325f 67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
8002af61 73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
5260325f 75 options->rsa_authentication = -1;
fa08c86b 76 options->pubkey_authentication = -1;
ced49be2 77#if defined(KRB4) || defined(KRB5)
5260325f 78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
8efc0c15 81#endif
ced49be2 82#if defined(AFS) || defined(KRB5)
5260325f 83 options->kerberos_tgt_passing = -1;
ced49be2 84#endif
85#ifdef AFS
5260325f 86 options->afs_token_passing = -1;
8efc0c15 87#endif
5260325f 88 options->password_authentication = -1;
94ec8c6b 89 options->kbd_interactive_authentication = -1;
5ba55ada 90 options->challenge_response_authentication = -1;
5260325f 91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
33de75a3 93 options->allow_tcp_forwarding = -1;
5260325f 94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
a8be9f80 98 options->ciphers = NULL;
b2552997 99 options->macs = NULL;
a8be9f80 100 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 101 options->gateway_ports = -1;
38c295d6 102 options->num_subsystems = 0;
c345cf9d 103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
089fbbd2 105 options->max_startups = -1;
eea39c02 106 options->banner = NULL;
61e96248 107 options->reverse_mapping_check = -1;
3ffc6336 108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
c8445989 110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
8efc0c15 112}
113
6ae2364d 114void
5260325f 115fill_default_server_options(ServerOptions *options)
8efc0c15 116{
e15895cd 117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
fa08c86b 122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
42f11eb2 127 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 128 if (options->protocol & SSH_PROTO_2)
42f11eb2 129 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 130 }
48e671d5 131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
2d2a2c65 134 add_listen_addr(options, NULL, 0);
0fbe8c74 135 if (options->pid_file == NULL)
42f11eb2 136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
140 options->login_grace_time = 600;
141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
15853e93 143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
5260325f 145 if (options->ignore_rhosts == -1)
c8d54615 146 options->ignore_rhosts = 1;
5260325f 147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
5260325f 149 if (options->print_motd == -1)
150 options->print_motd = 1;
4f4648f9 151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
5260325f 153 if (options->x11_forwarding == -1)
c8d54615 154 options->x11_forwarding = 0;
5260325f 155 if (options->x11_display_offset == -1)
c8d54615 156 options->x11_display_offset = 10;
fd9ede94 157#ifdef _PATH_XAUTH
fa649821 158 if (options->xauth_location == NULL)
fd9ede94 159 options->xauth_location = _PATH_XAUTH;
160#endif
5260325f 161 if (options->strict_modes == -1)
162 options->strict_modes = 1;
163 if (options->keepalives == -1)
164 options->keepalives = 1;
165 if (options->log_facility == (SyslogFacility) (-1))
166 options->log_facility = SYSLOG_FACILITY_AUTH;
167 if (options->log_level == (LogLevel) (-1))
59c97189 168 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 169 if (options->rhosts_authentication == -1)
170 options->rhosts_authentication = 0;
171 if (options->rhosts_rsa_authentication == -1)
c8d54615 172 options->rhosts_rsa_authentication = 0;
8002af61 173 if (options->hostbased_authentication == -1)
174 options->hostbased_authentication = 0;
175 if (options->hostbased_uses_name_from_packet_only == -1)
176 options->hostbased_uses_name_from_packet_only = 0;
5260325f 177 if (options->rsa_authentication == -1)
178 options->rsa_authentication = 1;
fa08c86b 179 if (options->pubkey_authentication == -1)
180 options->pubkey_authentication = 1;
ced49be2 181#if defined(KRB4) || defined(KRB5)
5260325f 182 if (options->kerberos_authentication == -1)
183 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
184 if (options->kerberos_or_local_passwd == -1)
185 options->kerberos_or_local_passwd = 1;
186 if (options->kerberos_ticket_cleanup == -1)
187 options->kerberos_ticket_cleanup = 1;
ced49be2 188#endif
189#if defined(AFS) || defined(KRB5)
5260325f 190 if (options->kerberos_tgt_passing == -1)
191 options->kerberos_tgt_passing = 0;
ced49be2 192#endif
193#ifdef AFS
5260325f 194 if (options->afs_token_passing == -1)
195 options->afs_token_passing = k_hasafs();
ced49be2 196#endif
5260325f 197 if (options->password_authentication == -1)
198 options->password_authentication = 1;
94ec8c6b 199 if (options->kbd_interactive_authentication == -1)
200 options->kbd_interactive_authentication = 0;
5ba55ada 201 if (options->challenge_response_authentication == -1)
202 options->challenge_response_authentication = 1;
5260325f 203 if (options->permit_empty_passwd == -1)
c8d54615 204 options->permit_empty_passwd = 0;
5260325f 205 if (options->use_login == -1)
206 options->use_login = 0;
33de75a3 207 if (options->allow_tcp_forwarding == -1)
208 options->allow_tcp_forwarding = 1;
1d1ffb87 209 if (options->gateway_ports == -1)
210 options->gateway_ports = 0;
089fbbd2 211 if (options->max_startups == -1)
212 options->max_startups = 10;
c345cf9d 213 if (options->max_startups_rate == -1)
214 options->max_startups_rate = 100; /* 100% */
215 if (options->max_startups_begin == -1)
216 options->max_startups_begin = options->max_startups;
61e96248 217 if (options->reverse_mapping_check == -1)
218 options->reverse_mapping_check = 0;
3ffc6336 219 if (options->client_alive_interval == -1)
220 options->client_alive_interval = 0;
221 if (options->client_alive_count_max == -1)
222 options->client_alive_count_max = 3;
5df83e07 223 if (options->authorized_keys_file2 == NULL) {
224 /* authorized_keys_file2 falls back to authorized_keys_file */
225 if (options->authorized_keys_file != NULL)
226 options->authorized_keys_file2 = options->authorized_keys_file;
227 else
228 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
229 }
230 if (options->authorized_keys_file == NULL)
231 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
8efc0c15 232}
233
8efc0c15 234/* Keyword tokens. */
5260325f 235typedef enum {
236 sBadOption, /* == unknown option */
e15895cd 237 /* Portable-specific options */
238 sPAMAuthenticationViaKbdInt,
239 /* Standard Options */
5260325f 240 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
241 sPermitRootLogin, sLogFacility, sLogLevel,
242 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 243#if defined(KRB4) || defined(KRB5)
5260325f 244 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 245#endif
ced49be2 246#if defined(AFS) || defined(KRB5)
247 sKerberosTgtPassing,
248#endif
8efc0c15 249#ifdef AFS
ced49be2 250 sAFSTokenPassing,
8efc0c15 251#endif
d464095c 252 sChallengeResponseAuthentication,
94ec8c6b 253 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 254 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
255 sX11Forwarding, sX11DisplayOffset,
5c53a31e 256 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 257 sUseLogin, sAllowTcpForwarding,
258 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 259 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 260 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 261 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 262 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 263 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
e15895cd 264 sDeprecated
8efc0c15 265} ServerOpCodes;
266
267/* Textual representation of the tokens. */
5260325f 268static struct {
269 const char *name;
270 ServerOpCodes opcode;
271} keywords[] = {
e15895cd 272 /* Portable-specific options */
273 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
274 /* Standard Options */
5260325f 275 { "port", sPort },
276 { "hostkey", sHostKeyFile },
fa08c86b 277 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 278 { "pidfile", sPidFile },
5260325f 279 { "serverkeybits", sServerKeyBits },
280 { "logingracetime", sLoginGraceTime },
281 { "keyregenerationinterval", sKeyRegenerationTime },
282 { "permitrootlogin", sPermitRootLogin },
283 { "syslogfacility", sLogFacility },
284 { "loglevel", sLogLevel },
285 { "rhostsauthentication", sRhostsAuthentication },
286 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 287 { "hostbasedauthentication", sHostbasedAuthentication },
288 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 289 { "rsaauthentication", sRSAAuthentication },
fa08c86b 290 { "pubkeyauthentication", sPubkeyAuthentication },
291 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 292#if defined(KRB4) || defined(KRB5)
5260325f 293 { "kerberosauthentication", sKerberosAuthentication },
294 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
295 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 296#endif
ced49be2 297#if defined(AFS) || defined(KRB5)
5260325f 298 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 299#endif
300#ifdef AFS
5260325f 301 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 302#endif
5260325f 303 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 304 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 305 { "challengeresponseauthentication", sChallengeResponseAuthentication },
306 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 307 { "checkmail", sDeprecated },
5260325f 308 { "listenaddress", sListenAddress },
309 { "printmotd", sPrintMotd },
4f4648f9 310 { "printlastlog", sPrintLastLog },
5260325f 311 { "ignorerhosts", sIgnoreRhosts },
312 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
313 { "x11forwarding", sX11Forwarding },
314 { "x11displayoffset", sX11DisplayOffset },
fa649821 315 { "xauthlocation", sXAuthLocation },
5260325f 316 { "strictmodes", sStrictModes },
317 { "permitemptypasswords", sEmptyPasswd },
318 { "uselogin", sUseLogin },
5260325f 319 { "keepalive", sKeepAlives },
33de75a3 320 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 321 { "allowusers", sAllowUsers },
322 { "denyusers", sDenyUsers },
323 { "allowgroups", sAllowGroups },
324 { "denygroups", sDenyGroups },
a8be9f80 325 { "ciphers", sCiphers },
b2552997 326 { "macs", sMacs },
a8be9f80 327 { "protocol", sProtocol },
1d1ffb87 328 { "gatewayports", sGatewayPorts },
38c295d6 329 { "subsystem", sSubsystem },
089fbbd2 330 { "maxstartups", sMaxStartups },
eea39c02 331 { "banner", sBanner },
61e96248 332 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 333 { "clientaliveinterval", sClientAliveInterval },
334 { "clientalivecountmax", sClientAliveCountMax },
c8445989 335 { "authorizedkeysfile", sAuthorizedKeysFile },
336 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
17a3011c 337 { NULL, sBadOption }
8efc0c15 338};
339
aa3378df 340/*
6be9a5e8 341 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 342 */
8efc0c15 343
6ae2364d 344static ServerOpCodes
5260325f 345parse_token(const char *cp, const char *filename,
346 int linenum)
8efc0c15 347{
1e3b8b07 348 u_int i;
8efc0c15 349
5260325f 350 for (i = 0; keywords[i].name; i++)
aa3378df 351 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 352 return keywords[i].opcode;
8efc0c15 353
b7c70970 354 error("%s: line %d: Bad configuration option: %s",
355 filename, linenum, cp);
5260325f 356 return sBadOption;
8efc0c15 357}
358
396c147e 359static void
2d2a2c65 360add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 361{
48e671d5 362 int i;
363
364 if (options->num_ports == 0)
365 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 366 if (port == 0)
d11c1288 367 for (i = 0; i < options->num_ports; i++)
368 add_one_listen_addr(options, addr, options->ports[i]);
369 else
2d2a2c65 370 add_one_listen_addr(options, addr, port);
d11c1288 371}
372
396c147e 373static void
d11c1288 374add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
375{
376 struct addrinfo hints, *ai, *aitop;
377 char strport[NI_MAXSERV];
378 int gaierr;
379
380 memset(&hints, 0, sizeof(hints));
381 hints.ai_family = IPv4or6;
382 hints.ai_socktype = SOCK_STREAM;
383 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
384 snprintf(strport, sizeof strport, "%d", port);
385 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
386 fatal("bad addr or host: %s (%s)",
387 addr ? addr : "<NULL>",
388 gai_strerror(gaierr));
389 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
390 ;
391 ai->ai_next = options->listen_addrs;
392 options->listen_addrs = aitop;
48e671d5 393}
394
8efc0c15 395/* Reads the server configuration file. */
396
6ae2364d 397void
5260325f 398read_server_config(ServerOptions *options, const char *filename)
8efc0c15 399{
5260325f 400 FILE *f;
401 char line[1024];
d11c1288 402 char *cp, **charptr, *arg, *p;
5260325f 403 int linenum, *intptr, value;
404 int bad_options = 0;
405 ServerOpCodes opcode;
97de229c 406 int i, n;
5260325f 407
408 f = fopen(filename, "r");
409 if (!f) {
410 perror(filename);
8efc0c15 411 exit(1);
5260325f 412 }
413 linenum = 0;
414 while (fgets(line, sizeof(line), f)) {
415 linenum++;
704b1659 416 cp = line;
417 arg = strdelim(&cp);
418 /* Ignore leading whitespace */
419 if (*arg == '\0')
420 arg = strdelim(&cp);
42f11eb2 421 if (!arg || !*arg || *arg == '#')
5260325f 422 continue;
fa08c86b 423 intptr = NULL;
424 charptr = NULL;
089fbbd2 425 opcode = parse_token(arg, filename, linenum);
5260325f 426 switch (opcode) {
427 case sBadOption:
428 bad_options++;
429 continue;
e15895cd 430
431 /* Portable-specific options */
432 case sPAMAuthenticationViaKbdInt:
433 intptr = &options->pam_authentication_via_kbd_int;
434 goto parse_flag;
435
436 /* Standard Options */
5260325f 437 case sPort:
48e671d5 438 /* ignore ports from configfile if cmdline specifies ports */
439 if (options->ports_from_cmdline)
440 continue;
441 if (options->listen_addrs != NULL)
442 fatal("%s line %d: ports must be specified before "
c98cab9b 443 "ListenAdress.", filename, linenum);
48e671d5 444 if (options->num_ports >= MAX_PORTS)
54b974dc 445 fatal("%s line %d: too many ports.",
6ae2364d 446 filename, linenum);
704b1659 447 arg = strdelim(&cp);
089fbbd2 448 if (!arg || *arg == '\0')
54b974dc 449 fatal("%s line %d: missing port number.",
48e671d5 450 filename, linenum);
2d2a2c65 451 options->ports[options->num_ports++] = a2port(arg);
452 if (options->ports[options->num_ports-1] == 0)
453 fatal("%s line %d: Badly formatted port number.",
454 filename, linenum);
48e671d5 455 break;
456
457 case sServerKeyBits:
458 intptr = &options->server_key_bits;
5260325f 459parse_int:
704b1659 460 arg = strdelim(&cp);
b7c70970 461 if (!arg || *arg == '\0')
462 fatal("%s line %d: missing integer value.",
463 filename, linenum);
089fbbd2 464 value = atoi(arg);
5260325f 465 if (*intptr == -1)
466 *intptr = value;
467 break;
468
5260325f 469 case sLoginGraceTime:
470 intptr = &options->login_grace_time;
e2b1fb42 471parse_time:
472 arg = strdelim(&cp);
473 if (!arg || *arg == '\0')
474 fatal("%s line %d: missing time value.",
475 filename, linenum);
476 if ((value = convtime(arg)) == -1)
477 fatal("%s line %d: invalid time value.",
478 filename, linenum);
479 if (*intptr == -1)
480 *intptr = value;
481 break;
5260325f 482
483 case sKeyRegenerationTime:
484 intptr = &options->key_regeneration_time;
e2b1fb42 485 goto parse_time;
5260325f 486
487 case sListenAddress:
704b1659 488 arg = strdelim(&cp);
d11c1288 489 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 490 fatal("%s line %d: missing inet addr.",
48e671d5 491 filename, linenum);
d11c1288 492 if (*arg == '[') {
493 if ((p = strchr(arg, ']')) == NULL)
494 fatal("%s line %d: bad ipv6 inet addr usage.",
495 filename, linenum);
496 arg++;
497 memmove(p, p+1, strlen(p+1)+1);
498 } else if (((p = strchr(arg, ':')) == NULL) ||
499 (strchr(p+1, ':') != NULL)) {
2d2a2c65 500 add_listen_addr(options, arg, 0);
d11c1288 501 break;
502 }
503 if (*p == ':') {
2d2a2c65 504 u_short port;
505
d11c1288 506 p++;
507 if (*p == '\0')
508 fatal("%s line %d: bad inet addr:port usage.",
509 filename, linenum);
510 else {
511 *(p-1) = '\0';
2d2a2c65 512 if ((port = a2port(p)) == 0)
513 fatal("%s line %d: bad port number.",
514 filename, linenum);
515 add_listen_addr(options, arg, port);
d11c1288 516 }
517 } else if (*p == '\0')
2d2a2c65 518 add_listen_addr(options, arg, 0);
d11c1288 519 else
520 fatal("%s line %d: bad inet addr usage.",
521 filename, linenum);
5260325f 522 break;
523
524 case sHostKeyFile:
fa08c86b 525 intptr = &options->num_host_key_files;
b7c70970 526 if (*intptr >= MAX_HOSTKEYS)
527 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 528 filename, linenum, MAX_HOSTKEYS);
fa08c86b 529 charptr = &options->host_key_files[*intptr];
fa649821 530parse_filename:
704b1659 531 arg = strdelim(&cp);
b7c70970 532 if (!arg || *arg == '\0')
533 fatal("%s line %d: missing file name.",
0fbe8c74 534 filename, linenum);
fa08c86b 535 if (*charptr == NULL) {
089fbbd2 536 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 537 /* increase optional counter */
538 if (intptr != NULL)
539 *intptr = *intptr + 1;
540 }
0fbe8c74 541 break;
542
543 case sPidFile:
544 charptr = &options->pid_file;
fa649821 545 goto parse_filename;
5260325f 546
5260325f 547 case sPermitRootLogin:
548 intptr = &options->permit_root_login;
704b1659 549 arg = strdelim(&cp);
b7c70970 550 if (!arg || *arg == '\0')
551 fatal("%s line %d: missing yes/"
7c8f2a26 552 "without-password/forced-commands-only/no "
b7c70970 553 "argument.", filename, linenum);
554 value = 0; /* silence compiler */
089fbbd2 555 if (strcmp(arg, "without-password") == 0)
15853e93 556 value = PERMIT_NO_PASSWD;
557 else if (strcmp(arg, "forced-commands-only") == 0)
558 value = PERMIT_FORCED_ONLY;
089fbbd2 559 else if (strcmp(arg, "yes") == 0)
15853e93 560 value = PERMIT_YES;
089fbbd2 561 else if (strcmp(arg, "no") == 0)
15853e93 562 value = PERMIT_NO;
b7c70970 563 else
564 fatal("%s line %d: Bad yes/"
15853e93 565 "without-password/forced-commands-only/no "
b7c70970 566 "argument: %s", filename, linenum, arg);
5260325f 567 if (*intptr == -1)
568 *intptr = value;
569 break;
570
571 case sIgnoreRhosts:
572 intptr = &options->ignore_rhosts;
573parse_flag:
704b1659 574 arg = strdelim(&cp);
b7c70970 575 if (!arg || *arg == '\0')
576 fatal("%s line %d: missing yes/no argument.",
577 filename, linenum);
578 value = 0; /* silence compiler */
089fbbd2 579 if (strcmp(arg, "yes") == 0)
5260325f 580 value = 1;
089fbbd2 581 else if (strcmp(arg, "no") == 0)
5260325f 582 value = 0;
b7c70970 583 else
584 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 585 filename, linenum, arg);
5260325f 586 if (*intptr == -1)
587 *intptr = value;
588 break;
589
590 case sIgnoreUserKnownHosts:
591 intptr = &options->ignore_user_known_hosts;
c8d54615 592 goto parse_flag;
5260325f 593
594 case sRhostsAuthentication:
595 intptr = &options->rhosts_authentication;
596 goto parse_flag;
597
598 case sRhostsRSAAuthentication:
599 intptr = &options->rhosts_rsa_authentication;
600 goto parse_flag;
601
8002af61 602 case sHostbasedAuthentication:
603 intptr = &options->hostbased_authentication;
604 goto parse_flag;
605
606 case sHostbasedUsesNameFromPacketOnly:
607 intptr = &options->hostbased_uses_name_from_packet_only;
608 goto parse_flag;
609
5260325f 610 case sRSAAuthentication:
611 intptr = &options->rsa_authentication;
612 goto parse_flag;
613
fa08c86b 614 case sPubkeyAuthentication:
615 intptr = &options->pubkey_authentication;
1d1ffb87 616 goto parse_flag;
ced49be2 617#if defined(KRB4) || defined(KRB5)
5260325f 618 case sKerberosAuthentication:
619 intptr = &options->kerberos_authentication;
620 goto parse_flag;
621
622 case sKerberosOrLocalPasswd:
623 intptr = &options->kerberos_or_local_passwd;
624 goto parse_flag;
625
626 case sKerberosTicketCleanup:
627 intptr = &options->kerberos_ticket_cleanup;
628 goto parse_flag;
8efc0c15 629#endif
ced49be2 630#if defined(AFS) || defined(KRB5)
5260325f 631 case sKerberosTgtPassing:
632 intptr = &options->kerberos_tgt_passing;
633 goto parse_flag;
ced49be2 634#endif
635#ifdef AFS
5260325f 636 case sAFSTokenPassing:
637 intptr = &options->afs_token_passing;
638 goto parse_flag;
8efc0c15 639#endif
640
5260325f 641 case sPasswordAuthentication:
642 intptr = &options->password_authentication;
643 goto parse_flag;
8efc0c15 644
94ec8c6b 645 case sKbdInteractiveAuthentication:
646 intptr = &options->kbd_interactive_authentication;
647 goto parse_flag;
648
d464095c 649 case sChallengeResponseAuthentication:
5ba55ada 650 intptr = &options->challenge_response_authentication;
5260325f 651 goto parse_flag;
8efc0c15 652
5260325f 653 case sPrintMotd:
654 intptr = &options->print_motd;
655 goto parse_flag;
656
4f4648f9 657 case sPrintLastLog:
658 intptr = &options->print_lastlog;
659 goto parse_flag;
660
5260325f 661 case sX11Forwarding:
662 intptr = &options->x11_forwarding;
663 goto parse_flag;
664
665 case sX11DisplayOffset:
666 intptr = &options->x11_display_offset;
667 goto parse_int;
668
fa649821 669 case sXAuthLocation:
670 charptr = &options->xauth_location;
671 goto parse_filename;
2b87da3b 672
5260325f 673 case sStrictModes:
674 intptr = &options->strict_modes;
675 goto parse_flag;
676
677 case sKeepAlives:
678 intptr = &options->keepalives;
679 goto parse_flag;
680
681 case sEmptyPasswd:
682 intptr = &options->permit_empty_passwd;
683 goto parse_flag;
684
685 case sUseLogin:
686 intptr = &options->use_login;
687 goto parse_flag;
688
1d1ffb87 689 case sGatewayPorts:
690 intptr = &options->gateway_ports;
691 goto parse_flag;
692
61e96248 693 case sReverseMappingCheck:
694 intptr = &options->reverse_mapping_check;
695 goto parse_flag;
696
5260325f 697 case sLogFacility:
698 intptr = (int *) &options->log_facility;
704b1659 699 arg = strdelim(&cp);
089fbbd2 700 value = log_facility_number(arg);
5260325f 701 if (value == (SyslogFacility) - 1)
54b974dc 702 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 703 filename, linenum, arg ? arg : "<NONE>");
5260325f 704 if (*intptr == -1)
705 *intptr = (SyslogFacility) value;
706 break;
707
708 case sLogLevel:
709 intptr = (int *) &options->log_level;
704b1659 710 arg = strdelim(&cp);
089fbbd2 711 value = log_level_number(arg);
5260325f 712 if (value == (LogLevel) - 1)
54b974dc 713 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 714 filename, linenum, arg ? arg : "<NONE>");
5260325f 715 if (*intptr == -1)
716 *intptr = (LogLevel) value;
717 break;
718
33de75a3 719 case sAllowTcpForwarding:
720 intptr = &options->allow_tcp_forwarding;
721 goto parse_flag;
722
5260325f 723 case sAllowUsers:
704b1659 724 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 725 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 726 fatal("%s line %d: too many allow users.",
a8be9f80 727 filename, linenum);
089fbbd2 728 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 729 }
730 break;
731
732 case sDenyUsers:
704b1659 733 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 734 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 735 fatal( "%s line %d: too many deny users.",
a8be9f80 736 filename, linenum);
089fbbd2 737 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 738 }
739 break;
740
741 case sAllowGroups:
704b1659 742 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 743 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 744 fatal("%s line %d: too many allow groups.",
a8be9f80 745 filename, linenum);
089fbbd2 746 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 747 }
748 break;
749
750 case sDenyGroups:
704b1659 751 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 752 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 753 fatal("%s line %d: too many deny groups.",
a8be9f80 754 filename, linenum);
089fbbd2 755 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 756 }
757 break;
758
a8be9f80 759 case sCiphers:
704b1659 760 arg = strdelim(&cp);
089fbbd2 761 if (!arg || *arg == '\0')
71276795 762 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 763 if (!ciphers_valid(arg))
d0c832f3 764 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 765 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 766 if (options->ciphers == NULL)
089fbbd2 767 options->ciphers = xstrdup(arg);
a8be9f80 768 break;
769
b2552997 770 case sMacs:
771 arg = strdelim(&cp);
772 if (!arg || *arg == '\0')
773 fatal("%s line %d: Missing argument.", filename, linenum);
774 if (!mac_valid(arg))
775 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
776 filename, linenum, arg ? arg : "<NONE>");
777 if (options->macs == NULL)
778 options->macs = xstrdup(arg);
779 break;
780
a8be9f80 781 case sProtocol:
782 intptr = &options->protocol;
704b1659 783 arg = strdelim(&cp);
089fbbd2 784 if (!arg || *arg == '\0')
71276795 785 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 786 value = proto_spec(arg);
a8be9f80 787 if (value == SSH_PROTO_UNKNOWN)
788 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 789 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 790 if (*intptr == SSH_PROTO_UNKNOWN)
791 *intptr = value;
792 break;
793
38c295d6 794 case sSubsystem:
6aacefa7 795 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
38c295d6 796 fatal("%s line %d: too many subsystems defined.",
797 filename, linenum);
798 }
704b1659 799 arg = strdelim(&cp);
089fbbd2 800 if (!arg || *arg == '\0')
38c295d6 801 fatal("%s line %d: Missing subsystem name.",
802 filename, linenum);
803 for (i = 0; i < options->num_subsystems; i++)
6aacefa7 804 if (strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 805 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 806 filename, linenum, arg);
807 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 808 arg = strdelim(&cp);
089fbbd2 809 if (!arg || *arg == '\0')
38c295d6 810 fatal("%s line %d: Missing subsystem command.",
811 filename, linenum);
089fbbd2 812 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 813 options->num_subsystems++;
814 break;
815
089fbbd2 816 case sMaxStartups:
c345cf9d 817 arg = strdelim(&cp);
818 if (!arg || *arg == '\0')
819 fatal("%s line %d: Missing MaxStartups spec.",
820 filename, linenum);
97de229c 821 if ((n = sscanf(arg, "%d:%d:%d",
c345cf9d 822 &options->max_startups_begin,
823 &options->max_startups_rate,
97de229c 824 &options->max_startups)) == 3) {
c345cf9d 825 if (options->max_startups_begin >
826 options->max_startups ||
827 options->max_startups_rate > 100 ||
828 options->max_startups_rate < 1)
97de229c 829 fatal("%s line %d: Illegal MaxStartups spec.",
830 filename, linenum);
831 } else if (n != 1)
c345cf9d 832 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 833 filename, linenum);
834 else
835 options->max_startups = options->max_startups_begin;
836 break;
089fbbd2 837
eea39c02 838 case sBanner:
839 charptr = &options->banner;
840 goto parse_filename;
c8445989 841 /*
842 * These options can contain %X options expanded at
843 * connect time, so that you can specify paths like:
844 *
845 * AuthorizedKeysFile /etc/ssh_keys/%u
846 */
847 case sAuthorizedKeysFile:
848 case sAuthorizedKeysFile2:
849 charptr = (opcode == sAuthorizedKeysFile ) ?
850 &options->authorized_keys_file :
851 &options->authorized_keys_file2;
852 goto parse_filename;
e2b1fb42 853
3ffc6336 854 case sClientAliveInterval:
855 intptr = &options->client_alive_interval;
e2b1fb42 856 goto parse_time;
857
3ffc6336 858 case sClientAliveCountMax:
859 intptr = &options->client_alive_count_max;
860 goto parse_int;
e2b1fb42 861
5c53a31e 862 case sDeprecated:
863 log("%s line %d: Deprecated option %s",
864 filename, linenum, arg);
6aacefa7 865 while (arg)
5c53a31e 866 arg = strdelim(&cp);
867 break;
868
5260325f 869 default:
b7c70970 870 fatal("%s line %d: Missing handler for opcode %s (%d)",
871 filename, linenum, arg, opcode);
8efc0c15 872 }
b7c70970 873 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
874 fatal("%s line %d: garbage at end of line; \"%.200s\".",
875 filename, linenum, arg);
8efc0c15 876 }
5260325f 877 fclose(f);
b7c70970 878 if (bad_options > 0)
879 fatal("%s: terminating, %d bad configuration options",
880 filename, bad_options);
8efc0c15 881}
git-cvsimport mirror of OpenSSH
This page took 0.297524 seconds and 5 git commands to generate.