]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2001/05/19 19:57:09
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
e2b1fb42 13RCSID("$OpenBSD: servconf.c,v 1.81 2001/05/19 19:43:57 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
5ba55ada 84 options->challenge_response_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
3ffc6336 102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
10f72868 104 options->pam_authentication_via_kbd_int = -1;
8efc0c15 105}
106
6ae2364d 107void
5260325f 108fill_default_server_options(ServerOptions *options)
8efc0c15 109{
fa08c86b 110 if (options->protocol == SSH_PROTO_UNKNOWN)
111 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
112 if (options->num_host_key_files == 0) {
113 /* fill default hostkeys for protocols */
114 if (options->protocol & SSH_PROTO_1)
42f11eb2 115 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 116 if (options->protocol & SSH_PROTO_2)
42f11eb2 117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 118 }
48e671d5 119 if (options->num_ports == 0)
120 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
121 if (options->listen_addrs == NULL)
2d2a2c65 122 add_listen_addr(options, NULL, 0);
0fbe8c74 123 if (options->pid_file == NULL)
42f11eb2 124 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 125 if (options->server_key_bits == -1)
126 options->server_key_bits = 768;
127 if (options->login_grace_time == -1)
128 options->login_grace_time = 600;
129 if (options->key_regeneration_time == -1)
130 options->key_regeneration_time = 3600;
15853e93 131 if (options->permit_root_login == PERMIT_NOT_SET)
132 options->permit_root_login = PERMIT_YES;
5260325f 133 if (options->ignore_rhosts == -1)
c8d54615 134 options->ignore_rhosts = 1;
5260325f 135 if (options->ignore_user_known_hosts == -1)
136 options->ignore_user_known_hosts = 0;
137 if (options->check_mail == -1)
138 options->check_mail = 0;
139 if (options->print_motd == -1)
140 options->print_motd = 1;
4f4648f9 141 if (options->print_lastlog == -1)
142 options->print_lastlog = 1;
5260325f 143 if (options->x11_forwarding == -1)
c8d54615 144 options->x11_forwarding = 0;
5260325f 145 if (options->x11_display_offset == -1)
c8d54615 146 options->x11_display_offset = 10;
fa649821 147#ifdef XAUTH_PATH
148 if (options->xauth_location == NULL)
149 options->xauth_location = XAUTH_PATH;
150#endif /* XAUTH_PATH */
5260325f 151 if (options->strict_modes == -1)
152 options->strict_modes = 1;
153 if (options->keepalives == -1)
154 options->keepalives = 1;
155 if (options->log_facility == (SyslogFacility) (-1))
156 options->log_facility = SYSLOG_FACILITY_AUTH;
157 if (options->log_level == (LogLevel) (-1))
59c97189 158 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 159 if (options->rhosts_authentication == -1)
160 options->rhosts_authentication = 0;
161 if (options->rhosts_rsa_authentication == -1)
c8d54615 162 options->rhosts_rsa_authentication = 0;
8002af61 163 if (options->hostbased_authentication == -1)
164 options->hostbased_authentication = 0;
165 if (options->hostbased_uses_name_from_packet_only == -1)
166 options->hostbased_uses_name_from_packet_only = 0;
5260325f 167 if (options->rsa_authentication == -1)
168 options->rsa_authentication = 1;
fa08c86b 169 if (options->pubkey_authentication == -1)
170 options->pubkey_authentication = 1;
8efc0c15 171#ifdef KRB4
5260325f 172 if (options->kerberos_authentication == -1)
173 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
174 if (options->kerberos_or_local_passwd == -1)
175 options->kerberos_or_local_passwd = 1;
176 if (options->kerberos_ticket_cleanup == -1)
177 options->kerberos_ticket_cleanup = 1;
8efc0c15 178#endif /* KRB4 */
179#ifdef AFS
5260325f 180 if (options->kerberos_tgt_passing == -1)
181 options->kerberos_tgt_passing = 0;
182 if (options->afs_token_passing == -1)
183 options->afs_token_passing = k_hasafs();
8efc0c15 184#endif /* AFS */
5260325f 185 if (options->password_authentication == -1)
186 options->password_authentication = 1;
94ec8c6b 187 if (options->kbd_interactive_authentication == -1)
188 options->kbd_interactive_authentication = 0;
5ba55ada 189 if (options->challenge_response_authentication == -1)
190 options->challenge_response_authentication = 1;
5260325f 191 if (options->permit_empty_passwd == -1)
c8d54615 192 options->permit_empty_passwd = 0;
5260325f 193 if (options->use_login == -1)
194 options->use_login = 0;
33de75a3 195 if (options->allow_tcp_forwarding == -1)
196 options->allow_tcp_forwarding = 1;
1d1ffb87 197 if (options->gateway_ports == -1)
198 options->gateway_ports = 0;
089fbbd2 199 if (options->max_startups == -1)
200 options->max_startups = 10;
c345cf9d 201 if (options->max_startups_rate == -1)
202 options->max_startups_rate = 100; /* 100% */
203 if (options->max_startups_begin == -1)
204 options->max_startups_begin = options->max_startups;
61e96248 205 if (options->reverse_mapping_check == -1)
206 options->reverse_mapping_check = 0;
3ffc6336 207 if (options->client_alive_interval == -1)
208 options->client_alive_interval = 0;
209 if (options->client_alive_count_max == -1)
210 options->client_alive_count_max = 3;
10f72868 211 if (options->pam_authentication_via_kbd_int == -1)
212 options->pam_authentication_via_kbd_int = 0;
8efc0c15 213}
214
8efc0c15 215/* Keyword tokens. */
5260325f 216typedef enum {
217 sBadOption, /* == unknown option */
218 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
219 sPermitRootLogin, sLogFacility, sLogLevel,
220 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 221#ifdef KRB4
5260325f 222 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 223#endif
224#ifdef AFS
5260325f 225 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 226#endif
d464095c 227 sChallengeResponseAuthentication,
94ec8c6b 228 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 229 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
230 sX11Forwarding, sX11DisplayOffset,
9c81df4c 231 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 232 sUseLogin, sAllowTcpForwarding,
233 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 234 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 235 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 236 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 237 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
10f72868 238 sClientAliveCountMax, sPAMAuthenticationViaKbdInt
8efc0c15 239} ServerOpCodes;
240
241/* Textual representation of the tokens. */
5260325f 242static struct {
243 const char *name;
244 ServerOpCodes opcode;
245} keywords[] = {
246 { "port", sPort },
247 { "hostkey", sHostKeyFile },
fa08c86b 248 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 249 { "pidfile", sPidFile },
5260325f 250 { "serverkeybits", sServerKeyBits },
251 { "logingracetime", sLoginGraceTime },
252 { "keyregenerationinterval", sKeyRegenerationTime },
253 { "permitrootlogin", sPermitRootLogin },
254 { "syslogfacility", sLogFacility },
255 { "loglevel", sLogLevel },
256 { "rhostsauthentication", sRhostsAuthentication },
257 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 258 { "hostbasedauthentication", sHostbasedAuthentication },
259 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 260 { "rsaauthentication", sRSAAuthentication },
fa08c86b 261 { "pubkeyauthentication", sPubkeyAuthentication },
262 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 263#ifdef KRB4
5260325f 264 { "kerberosauthentication", sKerberosAuthentication },
265 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
266 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 267#endif
268#ifdef AFS
5260325f 269 { "kerberostgtpassing", sKerberosTgtPassing },
270 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 271#endif
5260325f 272 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 273 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 274 { "challengeresponseauthentication", sChallengeResponseAuthentication },
275 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 276 { "checkmail", sCheckMail },
277 { "listenaddress", sListenAddress },
278 { "printmotd", sPrintMotd },
4f4648f9 279 { "printlastlog", sPrintLastLog },
5260325f 280 { "ignorerhosts", sIgnoreRhosts },
281 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
282 { "x11forwarding", sX11Forwarding },
283 { "x11displayoffset", sX11DisplayOffset },
fa649821 284 { "xauthlocation", sXAuthLocation },
5260325f 285 { "strictmodes", sStrictModes },
286 { "permitemptypasswords", sEmptyPasswd },
287 { "uselogin", sUseLogin },
5260325f 288 { "keepalive", sKeepAlives },
33de75a3 289 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 290 { "allowusers", sAllowUsers },
291 { "denyusers", sDenyUsers },
292 { "allowgroups", sAllowGroups },
293 { "denygroups", sDenyGroups },
a8be9f80 294 { "ciphers", sCiphers },
b2552997 295 { "macs", sMacs },
a8be9f80 296 { "protocol", sProtocol },
1d1ffb87 297 { "gatewayports", sGatewayPorts },
38c295d6 298 { "subsystem", sSubsystem },
089fbbd2 299 { "maxstartups", sMaxStartups },
eea39c02 300 { "banner", sBanner },
61e96248 301 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 302 { "clientaliveinterval", sClientAliveInterval },
303 { "clientalivecountmax", sClientAliveCountMax },
10f72868 304 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 305 { NULL, 0 }
8efc0c15 306};
307
aa3378df 308/*
6be9a5e8 309 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 310 */
8efc0c15 311
6ae2364d 312static ServerOpCodes
5260325f 313parse_token(const char *cp, const char *filename,
314 int linenum)
8efc0c15 315{
1e3b8b07 316 u_int i;
8efc0c15 317
5260325f 318 for (i = 0; keywords[i].name; i++)
aa3378df 319 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 320 return keywords[i].opcode;
8efc0c15 321
b7c70970 322 error("%s: line %d: Bad configuration option: %s",
323 filename, linenum, cp);
5260325f 324 return sBadOption;
8efc0c15 325}
326
6ae2364d 327void
2d2a2c65 328add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 329{
48e671d5 330 int i;
331
332 if (options->num_ports == 0)
333 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 334 if (port == 0)
d11c1288 335 for (i = 0; i < options->num_ports; i++)
336 add_one_listen_addr(options, addr, options->ports[i]);
337 else
2d2a2c65 338 add_one_listen_addr(options, addr, port);
d11c1288 339}
340
341void
342add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
343{
344 struct addrinfo hints, *ai, *aitop;
345 char strport[NI_MAXSERV];
346 int gaierr;
347
348 memset(&hints, 0, sizeof(hints));
349 hints.ai_family = IPv4or6;
350 hints.ai_socktype = SOCK_STREAM;
351 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
352 snprintf(strport, sizeof strport, "%d", port);
353 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
354 fatal("bad addr or host: %s (%s)",
355 addr ? addr : "<NULL>",
356 gai_strerror(gaierr));
357 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
358 ;
359 ai->ai_next = options->listen_addrs;
360 options->listen_addrs = aitop;
48e671d5 361}
362
8efc0c15 363/* Reads the server configuration file. */
364
6ae2364d 365void
5260325f 366read_server_config(ServerOptions *options, const char *filename)
8efc0c15 367{
5260325f 368 FILE *f;
369 char line[1024];
d11c1288 370 char *cp, **charptr, *arg, *p;
5260325f 371 int linenum, *intptr, value;
372 int bad_options = 0;
373 ServerOpCodes opcode;
38c295d6 374 int i;
5260325f 375
376 f = fopen(filename, "r");
377 if (!f) {
378 perror(filename);
8efc0c15 379 exit(1);
5260325f 380 }
381 linenum = 0;
382 while (fgets(line, sizeof(line), f)) {
383 linenum++;
704b1659 384 cp = line;
385 arg = strdelim(&cp);
386 /* Ignore leading whitespace */
387 if (*arg == '\0')
388 arg = strdelim(&cp);
42f11eb2 389 if (!arg || !*arg || *arg == '#')
5260325f 390 continue;
fa08c86b 391 intptr = NULL;
392 charptr = NULL;
089fbbd2 393 opcode = parse_token(arg, filename, linenum);
5260325f 394 switch (opcode) {
395 case sBadOption:
396 bad_options++;
397 continue;
398 case sPort:
48e671d5 399 /* ignore ports from configfile if cmdline specifies ports */
400 if (options->ports_from_cmdline)
401 continue;
402 if (options->listen_addrs != NULL)
403 fatal("%s line %d: ports must be specified before "
c98cab9b 404 "ListenAdress.", filename, linenum);
48e671d5 405 if (options->num_ports >= MAX_PORTS)
54b974dc 406 fatal("%s line %d: too many ports.",
6ae2364d 407 filename, linenum);
704b1659 408 arg = strdelim(&cp);
089fbbd2 409 if (!arg || *arg == '\0')
54b974dc 410 fatal("%s line %d: missing port number.",
48e671d5 411 filename, linenum);
2d2a2c65 412 options->ports[options->num_ports++] = a2port(arg);
413 if (options->ports[options->num_ports-1] == 0)
414 fatal("%s line %d: Badly formatted port number.",
415 filename, linenum);
48e671d5 416 break;
417
418 case sServerKeyBits:
419 intptr = &options->server_key_bits;
5260325f 420parse_int:
704b1659 421 arg = strdelim(&cp);
b7c70970 422 if (!arg || *arg == '\0')
423 fatal("%s line %d: missing integer value.",
424 filename, linenum);
089fbbd2 425 value = atoi(arg);
5260325f 426 if (*intptr == -1)
427 *intptr = value;
428 break;
429
5260325f 430 case sLoginGraceTime:
431 intptr = &options->login_grace_time;
e2b1fb42 432parse_time:
433 arg = strdelim(&cp);
434 if (!arg || *arg == '\0')
435 fatal("%s line %d: missing time value.",
436 filename, linenum);
437 if ((value = convtime(arg)) == -1)
438 fatal("%s line %d: invalid time value.",
439 filename, linenum);
440 if (*intptr == -1)
441 *intptr = value;
442 break;
5260325f 443
444 case sKeyRegenerationTime:
445 intptr = &options->key_regeneration_time;
e2b1fb42 446 goto parse_time;
5260325f 447
448 case sListenAddress:
704b1659 449 arg = strdelim(&cp);
d11c1288 450 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 451 fatal("%s line %d: missing inet addr.",
48e671d5 452 filename, linenum);
d11c1288 453 if (*arg == '[') {
454 if ((p = strchr(arg, ']')) == NULL)
455 fatal("%s line %d: bad ipv6 inet addr usage.",
456 filename, linenum);
457 arg++;
458 memmove(p, p+1, strlen(p+1)+1);
459 } else if (((p = strchr(arg, ':')) == NULL) ||
460 (strchr(p+1, ':') != NULL)) {
2d2a2c65 461 add_listen_addr(options, arg, 0);
d11c1288 462 break;
463 }
464 if (*p == ':') {
2d2a2c65 465 u_short port;
466
d11c1288 467 p++;
468 if (*p == '\0')
469 fatal("%s line %d: bad inet addr:port usage.",
470 filename, linenum);
471 else {
472 *(p-1) = '\0';
2d2a2c65 473 if ((port = a2port(p)) == 0)
474 fatal("%s line %d: bad port number.",
475 filename, linenum);
476 add_listen_addr(options, arg, port);
d11c1288 477 }
478 } else if (*p == '\0')
2d2a2c65 479 add_listen_addr(options, arg, 0);
d11c1288 480 else
481 fatal("%s line %d: bad inet addr usage.",
482 filename, linenum);
5260325f 483 break;
484
485 case sHostKeyFile:
fa08c86b 486 intptr = &options->num_host_key_files;
b7c70970 487 if (*intptr >= MAX_HOSTKEYS)
488 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 489 filename, linenum, MAX_HOSTKEYS);
fa08c86b 490 charptr = &options->host_key_files[*intptr];
fa649821 491parse_filename:
704b1659 492 arg = strdelim(&cp);
b7c70970 493 if (!arg || *arg == '\0')
494 fatal("%s line %d: missing file name.",
0fbe8c74 495 filename, linenum);
fa08c86b 496 if (*charptr == NULL) {
089fbbd2 497 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 498 /* increase optional counter */
499 if (intptr != NULL)
500 *intptr = *intptr + 1;
501 }
0fbe8c74 502 break;
503
504 case sPidFile:
505 charptr = &options->pid_file;
fa649821 506 goto parse_filename;
5260325f 507
5260325f 508 case sPermitRootLogin:
509 intptr = &options->permit_root_login;
704b1659 510 arg = strdelim(&cp);
b7c70970 511 if (!arg || *arg == '\0')
512 fatal("%s line %d: missing yes/"
7c8f2a26 513 "without-password/forced-commands-only/no "
b7c70970 514 "argument.", filename, linenum);
515 value = 0; /* silence compiler */
089fbbd2 516 if (strcmp(arg, "without-password") == 0)
15853e93 517 value = PERMIT_NO_PASSWD;
518 else if (strcmp(arg, "forced-commands-only") == 0)
519 value = PERMIT_FORCED_ONLY;
089fbbd2 520 else if (strcmp(arg, "yes") == 0)
15853e93 521 value = PERMIT_YES;
089fbbd2 522 else if (strcmp(arg, "no") == 0)
15853e93 523 value = PERMIT_NO;
b7c70970 524 else
525 fatal("%s line %d: Bad yes/"
15853e93 526 "without-password/forced-commands-only/no "
b7c70970 527 "argument: %s", filename, linenum, arg);
5260325f 528 if (*intptr == -1)
529 *intptr = value;
530 break;
531
532 case sIgnoreRhosts:
533 intptr = &options->ignore_rhosts;
534parse_flag:
704b1659 535 arg = strdelim(&cp);
b7c70970 536 if (!arg || *arg == '\0')
537 fatal("%s line %d: missing yes/no argument.",
538 filename, linenum);
539 value = 0; /* silence compiler */
089fbbd2 540 if (strcmp(arg, "yes") == 0)
5260325f 541 value = 1;
089fbbd2 542 else if (strcmp(arg, "no") == 0)
5260325f 543 value = 0;
b7c70970 544 else
545 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 546 filename, linenum, arg);
5260325f 547 if (*intptr == -1)
548 *intptr = value;
549 break;
550
551 case sIgnoreUserKnownHosts:
552 intptr = &options->ignore_user_known_hosts;
c8d54615 553 goto parse_flag;
5260325f 554
555 case sRhostsAuthentication:
556 intptr = &options->rhosts_authentication;
557 goto parse_flag;
558
559 case sRhostsRSAAuthentication:
560 intptr = &options->rhosts_rsa_authentication;
561 goto parse_flag;
562
8002af61 563 case sHostbasedAuthentication:
564 intptr = &options->hostbased_authentication;
565 goto parse_flag;
566
567 case sHostbasedUsesNameFromPacketOnly:
568 intptr = &options->hostbased_uses_name_from_packet_only;
569 goto parse_flag;
570
5260325f 571 case sRSAAuthentication:
572 intptr = &options->rsa_authentication;
573 goto parse_flag;
574
fa08c86b 575 case sPubkeyAuthentication:
576 intptr = &options->pubkey_authentication;
1d1ffb87 577 goto parse_flag;
578
8efc0c15 579#ifdef KRB4
5260325f 580 case sKerberosAuthentication:
581 intptr = &options->kerberos_authentication;
582 goto parse_flag;
583
584 case sKerberosOrLocalPasswd:
585 intptr = &options->kerberos_or_local_passwd;
586 goto parse_flag;
587
588 case sKerberosTicketCleanup:
589 intptr = &options->kerberos_ticket_cleanup;
590 goto parse_flag;
8efc0c15 591#endif
5260325f 592
8efc0c15 593#ifdef AFS
5260325f 594 case sKerberosTgtPassing:
595 intptr = &options->kerberos_tgt_passing;
596 goto parse_flag;
8efc0c15 597
5260325f 598 case sAFSTokenPassing:
599 intptr = &options->afs_token_passing;
600 goto parse_flag;
8efc0c15 601#endif
602
5260325f 603 case sPasswordAuthentication:
604 intptr = &options->password_authentication;
605 goto parse_flag;
8efc0c15 606
94ec8c6b 607 case sKbdInteractiveAuthentication:
608 intptr = &options->kbd_interactive_authentication;
609 goto parse_flag;
610
5260325f 611 case sCheckMail:
612 intptr = &options->check_mail;
613 goto parse_flag;
8efc0c15 614
d464095c 615 case sChallengeResponseAuthentication:
5ba55ada 616 intptr = &options->challenge_response_authentication;
5260325f 617 goto parse_flag;
8efc0c15 618
5260325f 619 case sPrintMotd:
620 intptr = &options->print_motd;
621 goto parse_flag;
622
4f4648f9 623 case sPrintLastLog:
624 intptr = &options->print_lastlog;
625 goto parse_flag;
626
5260325f 627 case sX11Forwarding:
628 intptr = &options->x11_forwarding;
629 goto parse_flag;
630
631 case sX11DisplayOffset:
632 intptr = &options->x11_display_offset;
633 goto parse_int;
634
fa649821 635 case sXAuthLocation:
636 charptr = &options->xauth_location;
637 goto parse_filename;
2b87da3b 638
5260325f 639 case sStrictModes:
640 intptr = &options->strict_modes;
641 goto parse_flag;
642
643 case sKeepAlives:
644 intptr = &options->keepalives;
645 goto parse_flag;
646
647 case sEmptyPasswd:
648 intptr = &options->permit_empty_passwd;
649 goto parse_flag;
650
651 case sUseLogin:
652 intptr = &options->use_login;
653 goto parse_flag;
654
1d1ffb87 655 case sGatewayPorts:
656 intptr = &options->gateway_ports;
657 goto parse_flag;
658
61e96248 659 case sReverseMappingCheck:
660 intptr = &options->reverse_mapping_check;
661 goto parse_flag;
662
5260325f 663 case sLogFacility:
664 intptr = (int *) &options->log_facility;
704b1659 665 arg = strdelim(&cp);
089fbbd2 666 value = log_facility_number(arg);
5260325f 667 if (value == (SyslogFacility) - 1)
54b974dc 668 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 669 filename, linenum, arg ? arg : "<NONE>");
5260325f 670 if (*intptr == -1)
671 *intptr = (SyslogFacility) value;
672 break;
673
674 case sLogLevel:
675 intptr = (int *) &options->log_level;
704b1659 676 arg = strdelim(&cp);
089fbbd2 677 value = log_level_number(arg);
5260325f 678 if (value == (LogLevel) - 1)
54b974dc 679 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 680 filename, linenum, arg ? arg : "<NONE>");
5260325f 681 if (*intptr == -1)
682 *intptr = (LogLevel) value;
683 break;
684
33de75a3 685 case sAllowTcpForwarding:
686 intptr = &options->allow_tcp_forwarding;
687 goto parse_flag;
688
5260325f 689 case sAllowUsers:
704b1659 690 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 691 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 692 fatal("%s line %d: too many allow users.",
a8be9f80 693 filename, linenum);
089fbbd2 694 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 695 }
696 break;
697
698 case sDenyUsers:
704b1659 699 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 700 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 701 fatal( "%s line %d: too many deny users.",
a8be9f80 702 filename, linenum);
089fbbd2 703 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 704 }
705 break;
706
707 case sAllowGroups:
704b1659 708 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 709 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 710 fatal("%s line %d: too many allow groups.",
a8be9f80 711 filename, linenum);
089fbbd2 712 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 713 }
714 break;
715
716 case sDenyGroups:
704b1659 717 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 718 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 719 fatal("%s line %d: too many deny groups.",
a8be9f80 720 filename, linenum);
089fbbd2 721 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 722 }
723 break;
724
a8be9f80 725 case sCiphers:
704b1659 726 arg = strdelim(&cp);
089fbbd2 727 if (!arg || *arg == '\0')
71276795 728 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 729 if (!ciphers_valid(arg))
d0c832f3 730 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 731 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 732 if (options->ciphers == NULL)
089fbbd2 733 options->ciphers = xstrdup(arg);
a8be9f80 734 break;
735
b2552997 736 case sMacs:
737 arg = strdelim(&cp);
738 if (!arg || *arg == '\0')
739 fatal("%s line %d: Missing argument.", filename, linenum);
740 if (!mac_valid(arg))
741 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
742 filename, linenum, arg ? arg : "<NONE>");
743 if (options->macs == NULL)
744 options->macs = xstrdup(arg);
745 break;
746
a8be9f80 747 case sProtocol:
748 intptr = &options->protocol;
704b1659 749 arg = strdelim(&cp);
089fbbd2 750 if (!arg || *arg == '\0')
71276795 751 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 752 value = proto_spec(arg);
a8be9f80 753 if (value == SSH_PROTO_UNKNOWN)
754 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 755 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 756 if (*intptr == SSH_PROTO_UNKNOWN)
757 *intptr = value;
758 break;
759
38c295d6 760 case sSubsystem:
761 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
762 fatal("%s line %d: too many subsystems defined.",
763 filename, linenum);
764 }
704b1659 765 arg = strdelim(&cp);
089fbbd2 766 if (!arg || *arg == '\0')
38c295d6 767 fatal("%s line %d: Missing subsystem name.",
768 filename, linenum);
769 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 770 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 771 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 772 filename, linenum, arg);
773 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 774 arg = strdelim(&cp);
089fbbd2 775 if (!arg || *arg == '\0')
38c295d6 776 fatal("%s line %d: Missing subsystem command.",
777 filename, linenum);
089fbbd2 778 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 779 options->num_subsystems++;
780 break;
781
089fbbd2 782 case sMaxStartups:
c345cf9d 783 arg = strdelim(&cp);
784 if (!arg || *arg == '\0')
785 fatal("%s line %d: Missing MaxStartups spec.",
786 filename, linenum);
787 if (sscanf(arg, "%d:%d:%d",
788 &options->max_startups_begin,
789 &options->max_startups_rate,
790 &options->max_startups) == 3) {
791 if (options->max_startups_begin >
792 options->max_startups ||
793 options->max_startups_rate > 100 ||
794 options->max_startups_rate < 1)
795 fatal("%s line %d: Illegal MaxStartups spec.",
796 filename, linenum);
797 break;
798 }
089fbbd2 799 intptr = &options->max_startups;
800 goto parse_int;
801
eea39c02 802 case sBanner:
803 charptr = &options->banner;
804 goto parse_filename;
e2b1fb42 805
3ffc6336 806 case sClientAliveInterval:
807 intptr = &options->client_alive_interval;
e2b1fb42 808 goto parse_time;
809
3ffc6336 810 case sClientAliveCountMax:
811 intptr = &options->client_alive_count_max;
812 goto parse_int;
e2b1fb42 813
10f72868 814 case sPAMAuthenticationViaKbdInt:
815 intptr = &options->pam_authentication_via_kbd_int;
816 goto parse_flag;
817
5260325f 818 default:
b7c70970 819 fatal("%s line %d: Missing handler for opcode %s (%d)",
820 filename, linenum, arg, opcode);
8efc0c15 821 }
b7c70970 822 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
823 fatal("%s line %d: garbage at end of line; \"%.200s\".",
824 filename, linenum, arg);
8efc0c15 825 }
5260325f 826 fclose(f);
b7c70970 827 if (bad_options > 0)
828 fatal("%s: terminating, %d bad configuration options",
829 filename, bad_options);
8efc0c15 830}
git-cvsimport mirror of OpenSSH
This page took 0.341599 seconds and 5 git commands to generate.