]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2001/04/02 14:20:23
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
6be9a5e8 13RCSID("$OpenBSD: servconf.c,v 1.73 2001/04/02 14:20:23 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
35void add_listen_addr(ServerOptions *options, char *addr);
36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
69 options->rsa_authentication = -1;
fa08c86b 70 options->pubkey_authentication = -1;
8efc0c15 71#ifdef KRB4
5260325f 72 options->kerberos_authentication = -1;
73 options->kerberos_or_local_passwd = -1;
74 options->kerberos_ticket_cleanup = -1;
8efc0c15 75#endif
76#ifdef AFS
5260325f 77 options->kerberos_tgt_passing = -1;
78 options->afs_token_passing = -1;
8efc0c15 79#endif
5260325f 80 options->password_authentication = -1;
94ec8c6b 81 options->kbd_interactive_authentication = -1;
d464095c 82 options->challenge_reponse_authentication = -1;
5260325f 83 options->permit_empty_passwd = -1;
84 options->use_login = -1;
33de75a3 85 options->allow_tcp_forwarding = -1;
5260325f 86 options->num_allow_users = 0;
87 options->num_deny_users = 0;
88 options->num_allow_groups = 0;
89 options->num_deny_groups = 0;
a8be9f80 90 options->ciphers = NULL;
b2552997 91 options->macs = NULL;
a8be9f80 92 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 93 options->gateway_ports = -1;
38c295d6 94 options->num_subsystems = 0;
c345cf9d 95 options->max_startups_begin = -1;
96 options->max_startups_rate = -1;
089fbbd2 97 options->max_startups = -1;
eea39c02 98 options->banner = NULL;
61e96248 99 options->reverse_mapping_check = -1;
8efc0c15 100}
101
6ae2364d 102void
5260325f 103fill_default_server_options(ServerOptions *options)
8efc0c15 104{
fa08c86b 105 if (options->protocol == SSH_PROTO_UNKNOWN)
106 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
107 if (options->num_host_key_files == 0) {
108 /* fill default hostkeys for protocols */
109 if (options->protocol & SSH_PROTO_1)
42f11eb2 110 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 111 if (options->protocol & SSH_PROTO_2)
42f11eb2 112 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 113 }
48e671d5 114 if (options->num_ports == 0)
115 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
116 if (options->listen_addrs == NULL)
117 add_listen_addr(options, NULL);
0fbe8c74 118 if (options->pid_file == NULL)
42f11eb2 119 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 120 if (options->server_key_bits == -1)
121 options->server_key_bits = 768;
122 if (options->login_grace_time == -1)
123 options->login_grace_time = 600;
124 if (options->key_regeneration_time == -1)
125 options->key_regeneration_time = 3600;
15853e93 126 if (options->permit_root_login == PERMIT_NOT_SET)
127 options->permit_root_login = PERMIT_YES;
5260325f 128 if (options->ignore_rhosts == -1)
c8d54615 129 options->ignore_rhosts = 1;
5260325f 130 if (options->ignore_user_known_hosts == -1)
131 options->ignore_user_known_hosts = 0;
132 if (options->check_mail == -1)
133 options->check_mail = 0;
134 if (options->print_motd == -1)
135 options->print_motd = 1;
4f4648f9 136 if (options->print_lastlog == -1)
137 options->print_lastlog = 1;
5260325f 138 if (options->x11_forwarding == -1)
c8d54615 139 options->x11_forwarding = 0;
5260325f 140 if (options->x11_display_offset == -1)
c8d54615 141 options->x11_display_offset = 10;
fa649821 142#ifdef XAUTH_PATH
143 if (options->xauth_location == NULL)
144 options->xauth_location = XAUTH_PATH;
145#endif /* XAUTH_PATH */
5260325f 146 if (options->strict_modes == -1)
147 options->strict_modes = 1;
148 if (options->keepalives == -1)
149 options->keepalives = 1;
150 if (options->log_facility == (SyslogFacility) (-1))
151 options->log_facility = SYSLOG_FACILITY_AUTH;
152 if (options->log_level == (LogLevel) (-1))
59c97189 153 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 154 if (options->rhosts_authentication == -1)
155 options->rhosts_authentication = 0;
156 if (options->rhosts_rsa_authentication == -1)
c8d54615 157 options->rhosts_rsa_authentication = 0;
5260325f 158 if (options->rsa_authentication == -1)
159 options->rsa_authentication = 1;
fa08c86b 160 if (options->pubkey_authentication == -1)
161 options->pubkey_authentication = 1;
8efc0c15 162#ifdef KRB4
5260325f 163 if (options->kerberos_authentication == -1)
164 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
165 if (options->kerberos_or_local_passwd == -1)
166 options->kerberos_or_local_passwd = 1;
167 if (options->kerberos_ticket_cleanup == -1)
168 options->kerberos_ticket_cleanup = 1;
8efc0c15 169#endif /* KRB4 */
170#ifdef AFS
5260325f 171 if (options->kerberos_tgt_passing == -1)
172 options->kerberos_tgt_passing = 0;
173 if (options->afs_token_passing == -1)
174 options->afs_token_passing = k_hasafs();
8efc0c15 175#endif /* AFS */
5260325f 176 if (options->password_authentication == -1)
177 options->password_authentication = 1;
94ec8c6b 178 if (options->kbd_interactive_authentication == -1)
179 options->kbd_interactive_authentication = 0;
d464095c 180 if (options->challenge_reponse_authentication == -1)
181 options->challenge_reponse_authentication = 1;
5260325f 182 if (options->permit_empty_passwd == -1)
c8d54615 183 options->permit_empty_passwd = 0;
5260325f 184 if (options->use_login == -1)
185 options->use_login = 0;
33de75a3 186 if (options->allow_tcp_forwarding == -1)
187 options->allow_tcp_forwarding = 1;
1d1ffb87 188 if (options->gateway_ports == -1)
189 options->gateway_ports = 0;
089fbbd2 190 if (options->max_startups == -1)
191 options->max_startups = 10;
c345cf9d 192 if (options->max_startups_rate == -1)
193 options->max_startups_rate = 100; /* 100% */
194 if (options->max_startups_begin == -1)
195 options->max_startups_begin = options->max_startups;
61e96248 196 if (options->reverse_mapping_check == -1)
197 options->reverse_mapping_check = 0;
8efc0c15 198}
199
8efc0c15 200/* Keyword tokens. */
5260325f 201typedef enum {
202 sBadOption, /* == unknown option */
203 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
204 sPermitRootLogin, sLogFacility, sLogLevel,
205 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 206#ifdef KRB4
5260325f 207 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 208#endif
209#ifdef AFS
5260325f 210 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 211#endif
d464095c 212 sChallengeResponseAuthentication,
94ec8c6b 213 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 214 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
215 sX11Forwarding, sX11DisplayOffset,
9c81df4c 216 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 217 sUseLogin, sAllowTcpForwarding,
218 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 219 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 220 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 221 sBanner, sReverseMappingCheck
8efc0c15 222} ServerOpCodes;
223
224/* Textual representation of the tokens. */
5260325f 225static struct {
226 const char *name;
227 ServerOpCodes opcode;
228} keywords[] = {
229 { "port", sPort },
230 { "hostkey", sHostKeyFile },
fa08c86b 231 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 232 { "pidfile", sPidFile },
5260325f 233 { "serverkeybits", sServerKeyBits },
234 { "logingracetime", sLoginGraceTime },
235 { "keyregenerationinterval", sKeyRegenerationTime },
236 { "permitrootlogin", sPermitRootLogin },
237 { "syslogfacility", sLogFacility },
238 { "loglevel", sLogLevel },
239 { "rhostsauthentication", sRhostsAuthentication },
240 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
241 { "rsaauthentication", sRSAAuthentication },
fa08c86b 242 { "pubkeyauthentication", sPubkeyAuthentication },
243 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 244#ifdef KRB4
5260325f 245 { "kerberosauthentication", sKerberosAuthentication },
246 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
247 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 248#endif
249#ifdef AFS
5260325f 250 { "kerberostgtpassing", sKerberosTgtPassing },
251 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 252#endif
5260325f 253 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 254 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 255 { "challengeresponseauthentication", sChallengeResponseAuthentication },
256 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 257 { "checkmail", sCheckMail },
258 { "listenaddress", sListenAddress },
259 { "printmotd", sPrintMotd },
4f4648f9 260 { "printlastlog", sPrintLastLog },
5260325f 261 { "ignorerhosts", sIgnoreRhosts },
262 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
263 { "x11forwarding", sX11Forwarding },
264 { "x11displayoffset", sX11DisplayOffset },
fa649821 265 { "xauthlocation", sXAuthLocation },
5260325f 266 { "strictmodes", sStrictModes },
267 { "permitemptypasswords", sEmptyPasswd },
268 { "uselogin", sUseLogin },
5260325f 269 { "keepalive", sKeepAlives },
33de75a3 270 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 271 { "allowusers", sAllowUsers },
272 { "denyusers", sDenyUsers },
273 { "allowgroups", sAllowGroups },
274 { "denygroups", sDenyGroups },
a8be9f80 275 { "ciphers", sCiphers },
b2552997 276 { "macs", sMacs },
a8be9f80 277 { "protocol", sProtocol },
1d1ffb87 278 { "gatewayports", sGatewayPorts },
38c295d6 279 { "subsystem", sSubsystem },
089fbbd2 280 { "maxstartups", sMaxStartups },
eea39c02 281 { "banner", sBanner },
61e96248 282 { "reversemappingcheck", sReverseMappingCheck },
5260325f 283 { NULL, 0 }
8efc0c15 284};
285
aa3378df 286/*
6be9a5e8 287 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 288 */
8efc0c15 289
6ae2364d 290static ServerOpCodes
5260325f 291parse_token(const char *cp, const char *filename,
292 int linenum)
8efc0c15 293{
1e3b8b07 294 u_int i;
8efc0c15 295
5260325f 296 for (i = 0; keywords[i].name; i++)
aa3378df 297 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 298 return keywords[i].opcode;
8efc0c15 299
5260325f 300 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
301 filename, linenum, cp);
302 return sBadOption;
8efc0c15 303}
304
48e671d5 305/*
306 * add listen address
307 */
6ae2364d 308void
48e671d5 309add_listen_addr(ServerOptions *options, char *addr)
310{
48e671d5 311 struct addrinfo hints, *ai, *aitop;
312 char strport[NI_MAXSERV];
313 int gaierr;
314 int i;
315
316 if (options->num_ports == 0)
317 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
318 for (i = 0; i < options->num_ports; i++) {
319 memset(&hints, 0, sizeof(hints));
320 hints.ai_family = IPv4or6;
321 hints.ai_socktype = SOCK_STREAM;
322 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
323 snprintf(strport, sizeof strport, "%d", options->ports[i]);
324 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
54b974dc 325 fatal("bad addr or host: %s (%s)",
48e671d5 326 addr ? addr : "<NULL>",
327 gai_strerror(gaierr));
328 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
329 ;
330 ai->ai_next = options->listen_addrs;
331 options->listen_addrs = aitop;
332 }
333}
334
8efc0c15 335/* Reads the server configuration file. */
336
6ae2364d 337void
5260325f 338read_server_config(ServerOptions *options, const char *filename)
8efc0c15 339{
5260325f 340 FILE *f;
341 char line[1024];
089fbbd2 342 char *cp, **charptr, *arg;
5260325f 343 int linenum, *intptr, value;
344 int bad_options = 0;
345 ServerOpCodes opcode;
38c295d6 346 int i;
5260325f 347
348 f = fopen(filename, "r");
349 if (!f) {
350 perror(filename);
8efc0c15 351 exit(1);
5260325f 352 }
353 linenum = 0;
354 while (fgets(line, sizeof(line), f)) {
355 linenum++;
704b1659 356 cp = line;
357 arg = strdelim(&cp);
358 /* Ignore leading whitespace */
359 if (*arg == '\0')
360 arg = strdelim(&cp);
42f11eb2 361 if (!arg || !*arg || *arg == '#')
5260325f 362 continue;
fa08c86b 363 intptr = NULL;
364 charptr = NULL;
089fbbd2 365 opcode = parse_token(arg, filename, linenum);
5260325f 366 switch (opcode) {
367 case sBadOption:
368 bad_options++;
369 continue;
370 case sPort:
48e671d5 371 /* ignore ports from configfile if cmdline specifies ports */
372 if (options->ports_from_cmdline)
373 continue;
374 if (options->listen_addrs != NULL)
375 fatal("%s line %d: ports must be specified before "
376 "ListenAdress.\n", filename, linenum);
377 if (options->num_ports >= MAX_PORTS)
54b974dc 378 fatal("%s line %d: too many ports.",
6ae2364d 379 filename, linenum);
704b1659 380 arg = strdelim(&cp);
089fbbd2 381 if (!arg || *arg == '\0')
54b974dc 382 fatal("%s line %d: missing port number.",
48e671d5 383 filename, linenum);
089fbbd2 384 options->ports[options->num_ports++] = atoi(arg);
48e671d5 385 break;
386
387 case sServerKeyBits:
388 intptr = &options->server_key_bits;
5260325f 389parse_int:
704b1659 390 arg = strdelim(&cp);
089fbbd2 391 if (!arg || *arg == '\0') {
5260325f 392 fprintf(stderr, "%s line %d: missing integer value.\n",
393 filename, linenum);
394 exit(1);
395 }
089fbbd2 396 value = atoi(arg);
5260325f 397 if (*intptr == -1)
398 *intptr = value;
399 break;
400
5260325f 401 case sLoginGraceTime:
402 intptr = &options->login_grace_time;
403 goto parse_int;
404
405 case sKeyRegenerationTime:
406 intptr = &options->key_regeneration_time;
407 goto parse_int;
408
409 case sListenAddress:
704b1659 410 arg = strdelim(&cp);
089fbbd2 411 if (!arg || *arg == '\0')
54b974dc 412 fatal("%s line %d: missing inet addr.",
48e671d5 413 filename, linenum);
089fbbd2 414 add_listen_addr(options, arg);
5260325f 415 break;
416
417 case sHostKeyFile:
fa08c86b 418 intptr = &options->num_host_key_files;
419 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 420 fprintf(stderr,
421 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 422 filename, linenum, MAX_HOSTKEYS);
423 exit(1);
424 }
425 charptr = &options->host_key_files[*intptr];
fa649821 426parse_filename:
704b1659 427 arg = strdelim(&cp);
089fbbd2 428 if (!arg || *arg == '\0') {
5260325f 429 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 430 filename, linenum);
431 exit(1);
432 }
fa08c86b 433 if (*charptr == NULL) {
089fbbd2 434 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 435 /* increase optional counter */
436 if (intptr != NULL)
437 *intptr = *intptr + 1;
438 }
0fbe8c74 439 break;
440
441 case sPidFile:
442 charptr = &options->pid_file;
fa649821 443 goto parse_filename;
5260325f 444
5260325f 445 case sPermitRootLogin:
446 intptr = &options->permit_root_login;
704b1659 447 arg = strdelim(&cp);
089fbbd2 448 if (!arg || *arg == '\0') {
7c8f2a26 449 fprintf(stderr, "%s line %d: missing yes/"
450 "without-password/forced-commands-only/no "
451 "argument.\n", filename, linenum);
5260325f 452 exit(1);
453 }
089fbbd2 454 if (strcmp(arg, "without-password") == 0)
15853e93 455 value = PERMIT_NO_PASSWD;
456 else if (strcmp(arg, "forced-commands-only") == 0)
457 value = PERMIT_FORCED_ONLY;
089fbbd2 458 else if (strcmp(arg, "yes") == 0)
15853e93 459 value = PERMIT_YES;
089fbbd2 460 else if (strcmp(arg, "no") == 0)
15853e93 461 value = PERMIT_NO;
5260325f 462 else {
15853e93 463 fprintf(stderr, "%s line %d: Bad yes/"
464 "without-password/forced-commands-only/no "
465 "argument: %s\n", filename, linenum, arg);
5260325f 466 exit(1);
467 }
468 if (*intptr == -1)
469 *intptr = value;
470 break;
471
472 case sIgnoreRhosts:
473 intptr = &options->ignore_rhosts;
474parse_flag:
704b1659 475 arg = strdelim(&cp);
089fbbd2 476 if (!arg || *arg == '\0') {
5260325f 477 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
478 filename, linenum);
479 exit(1);
480 }
089fbbd2 481 if (strcmp(arg, "yes") == 0)
5260325f 482 value = 1;
089fbbd2 483 else if (strcmp(arg, "no") == 0)
5260325f 484 value = 0;
485 else {
486 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 487 filename, linenum, arg);
5260325f 488 exit(1);
489 }
490 if (*intptr == -1)
491 *intptr = value;
492 break;
493
494 case sIgnoreUserKnownHosts:
495 intptr = &options->ignore_user_known_hosts;
c8d54615 496 goto parse_flag;
5260325f 497
498 case sRhostsAuthentication:
499 intptr = &options->rhosts_authentication;
500 goto parse_flag;
501
502 case sRhostsRSAAuthentication:
503 intptr = &options->rhosts_rsa_authentication;
504 goto parse_flag;
505
506 case sRSAAuthentication:
507 intptr = &options->rsa_authentication;
508 goto parse_flag;
509
fa08c86b 510 case sPubkeyAuthentication:
511 intptr = &options->pubkey_authentication;
1d1ffb87 512 goto parse_flag;
513
8efc0c15 514#ifdef KRB4
5260325f 515 case sKerberosAuthentication:
516 intptr = &options->kerberos_authentication;
517 goto parse_flag;
518
519 case sKerberosOrLocalPasswd:
520 intptr = &options->kerberos_or_local_passwd;
521 goto parse_flag;
522
523 case sKerberosTicketCleanup:
524 intptr = &options->kerberos_ticket_cleanup;
525 goto parse_flag;
8efc0c15 526#endif
5260325f 527
8efc0c15 528#ifdef AFS
5260325f 529 case sKerberosTgtPassing:
530 intptr = &options->kerberos_tgt_passing;
531 goto parse_flag;
8efc0c15 532
5260325f 533 case sAFSTokenPassing:
534 intptr = &options->afs_token_passing;
535 goto parse_flag;
8efc0c15 536#endif
537
5260325f 538 case sPasswordAuthentication:
539 intptr = &options->password_authentication;
540 goto parse_flag;
8efc0c15 541
94ec8c6b 542 case sKbdInteractiveAuthentication:
543 intptr = &options->kbd_interactive_authentication;
544 goto parse_flag;
545
5260325f 546 case sCheckMail:
547 intptr = &options->check_mail;
548 goto parse_flag;
8efc0c15 549
d464095c 550 case sChallengeResponseAuthentication:
551 intptr = &options->challenge_reponse_authentication;
5260325f 552 goto parse_flag;
8efc0c15 553
5260325f 554 case sPrintMotd:
555 intptr = &options->print_motd;
556 goto parse_flag;
557
4f4648f9 558 case sPrintLastLog:
559 intptr = &options->print_lastlog;
560 goto parse_flag;
561
5260325f 562 case sX11Forwarding:
563 intptr = &options->x11_forwarding;
564 goto parse_flag;
565
566 case sX11DisplayOffset:
567 intptr = &options->x11_display_offset;
568 goto parse_int;
569
fa649821 570 case sXAuthLocation:
571 charptr = &options->xauth_location;
572 goto parse_filename;
2b87da3b 573
5260325f 574 case sStrictModes:
575 intptr = &options->strict_modes;
576 goto parse_flag;
577
578 case sKeepAlives:
579 intptr = &options->keepalives;
580 goto parse_flag;
581
582 case sEmptyPasswd:
583 intptr = &options->permit_empty_passwd;
584 goto parse_flag;
585
586 case sUseLogin:
587 intptr = &options->use_login;
588 goto parse_flag;
589
1d1ffb87 590 case sGatewayPorts:
591 intptr = &options->gateway_ports;
592 goto parse_flag;
593
61e96248 594 case sReverseMappingCheck:
595 intptr = &options->reverse_mapping_check;
596 goto parse_flag;
597
5260325f 598 case sLogFacility:
599 intptr = (int *) &options->log_facility;
704b1659 600 arg = strdelim(&cp);
089fbbd2 601 value = log_facility_number(arg);
5260325f 602 if (value == (SyslogFacility) - 1)
54b974dc 603 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 604 filename, linenum, arg ? arg : "<NONE>");
5260325f 605 if (*intptr == -1)
606 *intptr = (SyslogFacility) value;
607 break;
608
609 case sLogLevel:
610 intptr = (int *) &options->log_level;
704b1659 611 arg = strdelim(&cp);
089fbbd2 612 value = log_level_number(arg);
5260325f 613 if (value == (LogLevel) - 1)
54b974dc 614 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 615 filename, linenum, arg ? arg : "<NONE>");
5260325f 616 if (*intptr == -1)
617 *intptr = (LogLevel) value;
618 break;
619
33de75a3 620 case sAllowTcpForwarding:
621 intptr = &options->allow_tcp_forwarding;
622 goto parse_flag;
623
5260325f 624 case sAllowUsers:
704b1659 625 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 626 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 627 fatal("%s line %d: too many allow users.",
a8be9f80 628 filename, linenum);
089fbbd2 629 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 630 }
631 break;
632
633 case sDenyUsers:
704b1659 634 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 635 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 636 fatal( "%s line %d: too many deny users.",
a8be9f80 637 filename, linenum);
089fbbd2 638 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 639 }
640 break;
641
642 case sAllowGroups:
704b1659 643 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 644 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 645 fatal("%s line %d: too many allow groups.",
a8be9f80 646 filename, linenum);
089fbbd2 647 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 648 }
649 break;
650
651 case sDenyGroups:
704b1659 652 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 653 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 654 fatal("%s line %d: too many deny groups.",
a8be9f80 655 filename, linenum);
089fbbd2 656 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 657 }
658 break;
659
a8be9f80 660 case sCiphers:
704b1659 661 arg = strdelim(&cp);
089fbbd2 662 if (!arg || *arg == '\0')
71276795 663 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 664 if (!ciphers_valid(arg))
d0c832f3 665 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 666 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 667 if (options->ciphers == NULL)
089fbbd2 668 options->ciphers = xstrdup(arg);
a8be9f80 669 break;
670
b2552997 671 case sMacs:
672 arg = strdelim(&cp);
673 if (!arg || *arg == '\0')
674 fatal("%s line %d: Missing argument.", filename, linenum);
675 if (!mac_valid(arg))
676 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
677 filename, linenum, arg ? arg : "<NONE>");
678 if (options->macs == NULL)
679 options->macs = xstrdup(arg);
680 break;
681
a8be9f80 682 case sProtocol:
683 intptr = &options->protocol;
704b1659 684 arg = strdelim(&cp);
089fbbd2 685 if (!arg || *arg == '\0')
71276795 686 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 687 value = proto_spec(arg);
a8be9f80 688 if (value == SSH_PROTO_UNKNOWN)
689 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 690 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 691 if (*intptr == SSH_PROTO_UNKNOWN)
692 *intptr = value;
693 break;
694
38c295d6 695 case sSubsystem:
696 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
697 fatal("%s line %d: too many subsystems defined.",
698 filename, linenum);
699 }
704b1659 700 arg = strdelim(&cp);
089fbbd2 701 if (!arg || *arg == '\0')
38c295d6 702 fatal("%s line %d: Missing subsystem name.",
703 filename, linenum);
704 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 705 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 706 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 707 filename, linenum, arg);
708 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 709 arg = strdelim(&cp);
089fbbd2 710 if (!arg || *arg == '\0')
38c295d6 711 fatal("%s line %d: Missing subsystem command.",
712 filename, linenum);
089fbbd2 713 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 714 options->num_subsystems++;
715 break;
716
089fbbd2 717 case sMaxStartups:
c345cf9d 718 arg = strdelim(&cp);
719 if (!arg || *arg == '\0')
720 fatal("%s line %d: Missing MaxStartups spec.",
721 filename, linenum);
722 if (sscanf(arg, "%d:%d:%d",
723 &options->max_startups_begin,
724 &options->max_startups_rate,
725 &options->max_startups) == 3) {
726 if (options->max_startups_begin >
727 options->max_startups ||
728 options->max_startups_rate > 100 ||
729 options->max_startups_rate < 1)
730 fatal("%s line %d: Illegal MaxStartups spec.",
731 filename, linenum);
732 break;
733 }
089fbbd2 734 intptr = &options->max_startups;
735 goto parse_int;
736
eea39c02 737 case sBanner:
738 charptr = &options->banner;
739 goto parse_filename;
2b87da3b 740
5260325f 741 default:
742 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 743 filename, linenum, arg, opcode);
5260325f 744 exit(1);
8efc0c15 745 }
704b1659 746 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 747 fprintf(stderr,
089fbbd2 748 "%s line %d: garbage at end of line; \"%.200s\".\n",
749 filename, linenum, arg);
5260325f 750 exit(1);
8efc0c15 751 }
8efc0c15 752 }
5260325f 753 fclose(f);
754 if (bad_options > 0) {
755 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
756 filename, bad_options);
757 exit(1);
8efc0c15 758 }
8efc0c15 759}
git-cvsimport mirror of OpenSSH
This page took 0.298376 seconds and 5 git commands to generate.