[openssh.git] / servconf.c

/*

servconf.c

Author: Tatu Ylonen <ylo@cs.hut.fi>

Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                   All rights reserved

Created: Mon Aug 21 15:48:58 1995 ylo

*/

#include "includes.h"
RCSID("$Id$");

#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"

/* Initializes the server options to their default values. */

void initialize_server_options(ServerOptions *options)
{
  memset(options, 0, sizeof(*options));
  options->port = -1;
  options->listen_addr.s_addr = htonl(INADDR_ANY);
  options->host_key_file = NULL;
  options->server_key_bits = -1;
  options->login_grace_time = -1;
  options->key_regeneration_time = -1;
  options->permit_root_login = -1;
  options->ignore_rhosts = -1;
  options->quiet_mode = -1;
  options->fascist_logging = -1;
  options->print_motd = -1;
  options->check_mail = -1;
  options->x11_forwarding = -1;
  options->x11_display_offset = -1;
  options->strict_modes = -1;
  options->keepalives = -1;
  options->log_facility = (SyslogFacility)-1;
  options->rhosts_authentication = -1;
  options->rhosts_rsa_authentication = -1;
  options->rsa_authentication = -1;
#ifdef KRB4
  options->kerberos_authentication = -1;
  options->kerberos_or_local_passwd = -1;
  options->kerberos_ticket_cleanup = -1;
#endif
#ifdef AFS
  options->kerberos_tgt_passing = -1;
  options->afs_token_passing = -1;
#endif
  options->password_authentication = -1;
#ifdef SKEY
  options->skey_authentication = -1;
#endif
  options->permit_empty_passwd = -1;
  options->use_login = -1;
  options->num_allow_users = 0;
  options->num_deny_users = 0;
  options->num_allow_groups = 0;
  options->num_deny_groups = 0;
}

void fill_default_server_options(ServerOptions *options)
{
  if (options->port == -1)
    {
      struct servent *sp;

      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
      if (sp)
	options->port = ntohs(sp->s_port);
      else
	options->port = SSH_DEFAULT_PORT;
      endservent();
    }
  if (options->host_key_file == NULL)
    options->host_key_file = HOST_KEY_FILE;
  if (options->server_key_bits == -1)
    options->server_key_bits = 768;
  if (options->login_grace_time == -1)
    options->login_grace_time = 600;
  if (options->key_regeneration_time == -1)
    options->key_regeneration_time = 3600;
  if (options->permit_root_login == -1)
    options->permit_root_login = 1;		 /* yes */
  if (options->ignore_rhosts == -1)
    options->ignore_rhosts = 0;
  if (options->quiet_mode == -1)
    options->quiet_mode = 0;
  if (options->check_mail == -1)
    options->check_mail = 0;
  if (options->fascist_logging == -1)
    options->fascist_logging = 1;
  if (options->print_motd == -1)
    options->print_motd = 1;
  if (options->x11_forwarding == -1)
    options->x11_forwarding = 1;
  if (options->x11_display_offset == -1)
    options->x11_display_offset = 1;
  if (options->strict_modes == -1)
    options->strict_modes = 1;
  if (options->keepalives == -1)
    options->keepalives = 1;
  if (options->log_facility == (SyslogFacility)(-1))
    options->log_facility = SYSLOG_FACILITY_AUTH;
  if (options->rhosts_authentication == -1)
    options->rhosts_authentication = 0;
  if (options->rhosts_rsa_authentication == -1)
    options->rhosts_rsa_authentication = 1;
  if (options->rsa_authentication == -1)
    options->rsa_authentication = 1;
#ifdef KRB4
  if (options->kerberos_authentication == -1)
    options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
  if (options->kerberos_or_local_passwd == -1)
    options->kerberos_or_local_passwd = 1;
  if (options->kerberos_ticket_cleanup == -1)
    options->kerberos_ticket_cleanup = 1;
#endif /* KRB4 */
#ifdef AFS
  if (options->kerberos_tgt_passing == -1)
    options->kerberos_tgt_passing = 0;
  if (options->afs_token_passing == -1)
    options->afs_token_passing = k_hasafs();
#endif /* AFS */
  if (options->password_authentication == -1)
    options->password_authentication = 1;
#ifdef SKEY
  if (options->skey_authentication == -1)
    options->skey_authentication = 1;
#endif
  if (options->permit_empty_passwd == -1)
    options->permit_empty_passwd = 1;
  if (options->use_login == -1)
    options->use_login = 0;
}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */
typedef enum 
{
  sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
  sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#ifdef KRB4
  sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif
#ifdef AFS
  sKerberosTgtPassing, sAFSTokenPassing,
#endif
#ifdef SKEY
  sSkeyAuthentication,
#endif
  sPasswordAuthentication, sListenAddress,
  sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
  sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
  sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups

} ServerOpCodes;

/* Textual representation of the tokens. */
static struct
{
  const char *name;
  ServerOpCodes opcode;
} keywords[] =
{
  { "port", sPort },
  { "hostkey", sHostKeyFile },
  { "serverkeybits", sServerKeyBits },
  { "logingracetime", sLoginGraceTime },
  { "keyregenerationinterval", sKeyRegenerationTime },
  { "permitrootlogin", sPermitRootLogin },
  { "quietmode", sQuietMode },
  { "fascistlogging", sFascistLogging },
  { "syslogfacility", sLogFacility },
  { "rhostsauthentication", sRhostsAuthentication },
  { "rhostsrsaauthentication", sRhostsRSAAuthentication },
  { "rsaauthentication", sRSAAuthentication },
#ifdef KRB4
  { "kerberosauthentication", sKerberosAuthentication },
  { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
  { "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#ifdef AFS
  { "kerberostgtpassing", sKerberosTgtPassing },
  { "afstokenpassing", sAFSTokenPassing },
#endif
  { "passwordauthentication", sPasswordAuthentication },
#ifdef SKEY
  { "skeyauthentication", sSkeyAuthentication },
#endif
  { "checkmail", sCheckMail },
  { "listenaddress", sListenAddress },
  { "printmotd", sPrintMotd },
  { "ignorerhosts", sIgnoreRhosts },
  { "x11forwarding", sX11Forwarding },
  { "x11displayoffset", sX11DisplayOffset },
  { "strictmodes", sStrictModes },
  { "permitemptypasswords", sEmptyPasswd },
  { "uselogin", sUseLogin },
  { "randomseed", sRandomSeedFile },
  { "keepalive", sKeepAlives },
  { "allowusers", sAllowUsers },
  { "denyusers", sDenyUsers },
  { "allowgroups", sAllowGroups },
  { "denygroups", sDenyGroups },
  { NULL, 0 }
};

static struct 
{
  const char *name;
  SyslogFacility facility;
} log_facilities[] =
{
  { "DAEMON", SYSLOG_FACILITY_DAEMON },
  { "USER", SYSLOG_FACILITY_USER },
  { "AUTH", SYSLOG_FACILITY_AUTH },
  { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
  { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
  { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
  { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
  { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
  { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
  { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
  { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
  { NULL, 0 }
};

/* Returns the number of the token pointed to by cp of length len.
   Never returns if the token is not known. */

static ServerOpCodes parse_token(const char *cp, const char *filename,
				 int linenum)
{
  unsigned int i;

  for (i = 0; keywords[i].name; i++)
    if (strcmp(cp, keywords[i].name) == 0)
      return keywords[i].opcode;

  fprintf(stderr, "%s line %d: Bad configuration option: %s\n", 
	  filename, linenum, cp);
  exit(1);
}

/* Reads the server configuration file. */

void read_server_config(ServerOptions *options, const char *filename)
{
  FILE *f;
  char line[1024];
  char *cp, **charptr;
  int linenum, *intptr, i, value;
  ServerOpCodes opcode;

  f = fopen(filename, "r");
  if (!f)
    {
      perror(filename);
      exit(1);
    }

  linenum = 0;
  while (fgets(line, sizeof(line), f))
    {
      linenum++;
      cp = line + strspn(line, WHITESPACE);
      if (!*cp || *cp == '#')
	continue;
      cp = strtok(cp, WHITESPACE);
      {
	char *t = cp;
	for (; *t != 0; t++)
	  if ('A' <= *t && *t <= 'Z')
	    *t = *t - 'A' + 'a';	/* tolower */
      
      }
      opcode = parse_token(cp, filename, linenum);
      switch (opcode)
	{
	case sPort:
	  intptr = &options->port;
	parse_int:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing integer value.\n", 
		      filename, linenum);
	      exit(1);
	    }
	  value = atoi(cp);
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sServerKeyBits:
	  intptr = &options->server_key_bits;
	  goto parse_int;

	case sLoginGraceTime:
	  intptr = &options->login_grace_time;
	  goto parse_int;
	  
	case sKeyRegenerationTime:
	  intptr = &options->key_regeneration_time;
	  goto parse_int;

	case sListenAddress:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing inet addr.\n",
		      filename, linenum);
	      exit(1);
	    }
	  options->listen_addr.s_addr = inet_addr(cp);
	  break;

	case sHostKeyFile:
	  charptr = &options->host_key_file;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing file name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (*charptr == NULL)
	    *charptr = tilde_expand_filename(cp, getuid());
	  break;

	case sRandomSeedFile:
	  fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
		  filename, linenum);
	  cp = strtok(NULL, WHITESPACE);
	  break;

	case sPermitRootLogin:
	  intptr = &options->permit_root_login;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "without-password") == 0)
	    value = 2;
	  else if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else if (strcmp(cp, "no") == 0)
	    value = 0;
	  else
	    {
	      fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n", 
	      	filename, linenum, cp);
	      exit(1);
	    }
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sIgnoreRhosts:
	  intptr = &options->ignore_rhosts;
	parse_flag:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else
	    if (strcmp(cp, "no") == 0)
	      value = 0;
	    else
	      {
		fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n", 
			filename, linenum, cp);
		exit(1);
	      }
	  if (*intptr == -1)
	    *intptr = value;
	  break;
	  
	case sQuietMode:
	  intptr = &options->quiet_mode;
	  goto parse_flag;

	case sFascistLogging:
	  intptr = &options->fascist_logging;
	  goto parse_flag;

	case sRhostsAuthentication:
	  intptr = &options->rhosts_authentication;
	  goto parse_flag;

	case sRhostsRSAAuthentication:
	  intptr = &options->rhosts_rsa_authentication;
	  goto parse_flag;
	  
	case sRSAAuthentication:
	  intptr = &options->rsa_authentication;
	  goto parse_flag;
	  
#ifdef KRB4
	case sKerberosAuthentication:
	  intptr = &options->kerberos_authentication;
	  goto parse_flag;
	  
 	case sKerberosOrLocalPasswd:
 	  intptr = &options->kerberos_or_local_passwd;
 	  goto parse_flag;

	case sKerberosTicketCleanup:
	  intptr = &options->kerberos_ticket_cleanup;
	  goto parse_flag;
#endif
	  
#ifdef AFS
	case sKerberosTgtPassing:
	  intptr = &options->kerberos_tgt_passing;
	  goto parse_flag;

	case sAFSTokenPassing:
	  intptr = &options->afs_token_passing;
	  goto parse_flag;
#endif

	case sPasswordAuthentication:
	  intptr = &options->password_authentication;
	  goto parse_flag;

        case sCheckMail:
          intptr = &options->check_mail;
          goto parse_flag;

#ifdef SKEY
	case sSkeyAuthentication:
	  intptr = &options->skey_authentication;
	  goto parse_flag;
#endif

	case sPrintMotd:
	  intptr = &options->print_motd;
	  goto parse_flag;

	case sX11Forwarding:
	  intptr = &options->x11_forwarding;
	  goto parse_flag;

	case sX11DisplayOffset:
	  intptr = &options->x11_display_offset;
	  goto parse_int;

	case sStrictModes:
	  intptr = &options->strict_modes;
	  goto parse_flag;

	case sKeepAlives:
	  intptr = &options->keepalives;
	  goto parse_flag;
	  
	case sEmptyPasswd:
	  intptr = &options->permit_empty_passwd;
	  goto parse_flag;

        case sUseLogin:
          intptr = &options->use_login;
          goto parse_flag;

	case sLogFacility:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing facility name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  for (i = 0; log_facilities[i].name; i++)
	    if (strcmp(log_facilities[i].name, cp) == 0)
	      break;
	  if (!log_facilities[i].name)
	    {
	      fprintf(stderr, "%s line %d: unsupported log facility %s\n",
		      filename, linenum, cp);
	      exit(1);
	    }
	  if (options->log_facility == (SyslogFacility)(-1))
	    options->log_facility = log_facilities[i].facility;
	  break;
	  
	case sAllowUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_users >= MAX_ALLOW_USERS)
		{
		  fprintf(stderr, "%s line %d: too many allow users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_users[options->num_allow_users++] = xstrdup(cp);
	    }
	  break;

	case sDenyUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_users >= MAX_DENY_USERS)
		{
		  fprintf(stderr, "%s line %d: too many deny users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_users[options->num_deny_users++] = xstrdup(cp);
	    }
	  break;

	case sAllowGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many allow groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
	    }
	  break;

	case sDenyGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_groups >= MAX_DENY_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many deny groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
	    }
	  break;

	default:
	  fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
		  filename, linenum, cp, opcode);
	  exit(1);
	}
      if (strtok(NULL, WHITESPACE) != NULL)
	{
	  fprintf(stderr, "%s line %d: garbage at end of line.\n",
		  filename, linenum);
	  exit(1);
	}
    }
  fclose(f);
}
Commit	Line	Data
8efc0c15	1	/*
	2
	3	servconf.c
	4
	5	Author: Tatu Ylonen <ylo@cs.hut.fi>
	6
	7	Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	All rights reserved
	9
	10	Created: Mon Aug 21 15:48:58 1995 ylo
	11
	12	*/
	13
	14	#include "includes.h"
	15	RCSID("$Id$");
	16
	17	#include "ssh.h"
	18	#include "servconf.h"
	19	#include "xmalloc.h"
	20
	21	/* Initializes the server options to their default values. */
	22
	23	void initialize_server_options(ServerOptions *options)
	24	{
	25	memset(options, 0, sizeof(*options));
	26	options->port = -1;
	27	options->listen_addr.s_addr = htonl(INADDR_ANY);
	28	options->host_key_file = NULL;
	29	options->server_key_bits = -1;
	30	options->login_grace_time = -1;
	31	options->key_regeneration_time = -1;
	32	options->permit_root_login = -1;
	33	options->ignore_rhosts = -1;
	34	options->quiet_mode = -1;
	35	options->fascist_logging = -1;
	36	options->print_motd = -1;
	37	options->check_mail = -1;
	38	options->x11_forwarding = -1;
	39	options->x11_display_offset = -1;
	40	options->strict_modes = -1;
	41	options->keepalives = -1;
	42	options->log_facility = (SyslogFacility)-1;
	43	options->rhosts_authentication = -1;
	44	options->rhosts_rsa_authentication = -1;
	45	options->rsa_authentication = -1;
	46	#ifdef KRB4
	47	options->kerberos_authentication = -1;
	48	options->kerberos_or_local_passwd = -1;
	49	options->kerberos_ticket_cleanup = -1;
	50	#endif
	51	#ifdef AFS
	52	options->kerberos_tgt_passing = -1;
	53	options->afs_token_passing = -1;
	54	#endif
	55	options->password_authentication = -1;
	56	#ifdef SKEY
	57	options->skey_authentication = -1;
	58	#endif
	59	options->permit_empty_passwd = -1;
	60	options->use_login = -1;
	61	options->num_allow_users = 0;
	62	options->num_deny_users = 0;
	63	options->num_allow_groups = 0;
	64	options->num_deny_groups = 0;
65	}
66
67	void fill_default_server_options(ServerOptions *options)
68	{
69	if (options->port == -1)
70	{
71	struct servent *sp;
72
73	sp = getservbyname(SSH_SERVICE_NAME, "tcp");
74	if (sp)
75	options->port = ntohs(sp->s_port);
76	else
77	options->port = SSH_DEFAULT_PORT;
78	endservent();
79	}
80	if (options->host_key_file == NULL)
81	options->host_key_file = HOST_KEY_FILE;
82	if (options->server_key_bits == -1)
83	options->server_key_bits = 768;
84	if (options->login_grace_time == -1)
85	options->login_grace_time = 600;
86	if (options->key_regeneration_time == -1)
87	options->key_regeneration_time = 3600;
88	if (options->permit_root_login == -1)
89	options->permit_root_login = 1; /* yes */
90	if (options->ignore_rhosts == -1)
91	options->ignore_rhosts = 0;
92	if (options->quiet_mode == -1)
93	options->quiet_mode = 0;
94	if (options->check_mail == -1)
95	options->check_mail = 0;
96	if (options->fascist_logging == -1)
97	options->fascist_logging = 1;
98	if (options->print_motd == -1)
99	options->print_motd = 1;
100	if (options->x11_forwarding == -1)
101	options->x11_forwarding = 1;
102	if (options->x11_display_offset == -1)
103	options->x11_display_offset = 1;
104	if (options->strict_modes == -1)
105	options->strict_modes = 1;
106	if (options->keepalives == -1)
107	options->keepalives = 1;
108	if (options->log_facility == (SyslogFacility)(-1))
109	options->log_facility = SYSLOG_FACILITY_AUTH;
110	if (options->rhosts_authentication == -1)
111	options->rhosts_authentication = 0;
112	if (options->rhosts_rsa_authentication == -1)
113	options->rhosts_rsa_authentication = 1;
114	if (options->rsa_authentication == -1)
115	options->rsa_authentication = 1;
116	#ifdef KRB4
117	if (options->kerberos_authentication == -1)
118	options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
119	if (options->kerberos_or_local_passwd == -1)
120	options->kerberos_or_local_passwd = 1;
121	if (options->kerberos_ticket_cleanup == -1)
122	options->kerberos_ticket_cleanup = 1;
123	#endif /* KRB4 */
124	#ifdef AFS
125	if (options->kerberos_tgt_passing == -1)
126	options->kerberos_tgt_passing = 0;
127	if (options->afs_token_passing == -1)
128	options->afs_token_passing = k_hasafs();
129	#endif /* AFS */
130	if (options->password_authentication == -1)
131	options->password_authentication = 1;
132	#ifdef SKEY
133	if (options->skey_authentication == -1)
134	options->skey_authentication = 1;
135	#endif
136	if (options->permit_empty_passwd == -1)
137	options->permit_empty_passwd = 1;
138	if (options->use_login == -1)
139	options->use_login = 0;
140	}
141
142	#define WHITESPACE " \t\r\n"
143
144	/* Keyword tokens. */
145	typedef enum
146	{
147	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
148	sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
149	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
150	#ifdef KRB4
151	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
152	#endif
153	#ifdef AFS
154	sKerberosTgtPassing, sAFSTokenPassing,
155	#endif
156	#ifdef SKEY
157	sSkeyAuthentication,
158	#endif
159	sPasswordAuthentication, sListenAddress,
160	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
161	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
162	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
163
164	} ServerOpCodes;
165
166	/* Textual representation of the tokens. */
167	static struct
168	{
169	const char *name;
170	ServerOpCodes opcode;
171	} keywords[] =
172	{
173	{ "port", sPort },
174	{ "hostkey", sHostKeyFile },
175	{ "serverkeybits", sServerKeyBits },
176	{ "logingracetime", sLoginGraceTime },
177	{ "keyregenerationinterval", sKeyRegenerationTime },
178	{ "permitrootlogin", sPermitRootLogin },
179	{ "quietmode", sQuietMode },
180	{ "fascistlogging", sFascistLogging },
181	{ "syslogfacility", sLogFacility },
182	{ "rhostsauthentication", sRhostsAuthentication },
183	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
184	{ "rsaauthentication", sRSAAuthentication },
185	#ifdef KRB4
186	{ "kerberosauthentication", sKerberosAuthentication },
187	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
188	{ "kerberosticketcleanup", sKerberosTicketCleanup },
189	#endif
190	#ifdef AFS
191	{ "kerberostgtpassing", sKerberosTgtPassing },
192	{ "afstokenpassing", sAFSTokenPassing },
193	#endif
194	{ "passwordauthentication", sPasswordAuthentication },
195	#ifdef SKEY
196	{ "skeyauthentication", sSkeyAuthentication },
197	#endif
198	{ "checkmail", sCheckMail },
199	{ "listenaddress", sListenAddress },
200	{ "printmotd", sPrintMotd },
201	{ "ignorerhosts", sIgnoreRhosts },
202	{ "x11forwarding", sX11Forwarding },
203	{ "x11displayoffset", sX11DisplayOffset },
204	{ "strictmodes", sStrictModes },
205	{ "permitemptypasswords", sEmptyPasswd },
206	{ "uselogin", sUseLogin },
207	{ "randomseed", sRandomSeedFile },
208	{ "keepalive", sKeepAlives },
209	{ "allowusers", sAllowUsers },
210	{ "denyusers", sDenyUsers },
211	{ "allowgroups", sAllowGroups },
212	{ "denygroups", sDenyGroups },
213	{ NULL, 0 }
214	};
215
216	static struct
217	{
218	const char *name;
219	SyslogFacility facility;
220	} log_facilities[] =
221	{
222	{ "DAEMON", SYSLOG_FACILITY_DAEMON },
223	{ "USER", SYSLOG_FACILITY_USER },
224	{ "AUTH", SYSLOG_FACILITY_AUTH },
225	{ "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
226	{ "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
227	{ "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
228	{ "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
229	{ "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
230	{ "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
231	{ "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
232	{ "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
233	{ NULL, 0 }
234	};
235
236	/* Returns the number of the token pointed to by cp of length len.
237	Never returns if the token is not known. */
238
239	static ServerOpCodes parse_token(const char cp, const char filename,
240	int linenum)
241	{
242	unsigned int i;
243
244	for (i = 0; keywords[i].name; i++)
245	if (strcmp(cp, keywords[i].name) == 0)
246	return keywords[i].opcode;
247
248	fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
249	filename, linenum, cp);
250	exit(1);
251	}
252
253	/* Reads the server configuration file. */
254
255	void read_server_config(ServerOptions options, const char filename)
256	{
257	FILE *f;
258	char line[1024];
259	char cp, *charptr;
260	int linenum, *intptr, i, value;
261	ServerOpCodes opcode;
262
263	f = fopen(filename, "r");
264	if (!f)
265	{
266	perror(filename);
267	exit(1);
268	}
269
270	linenum = 0;
271	while (fgets(line, sizeof(line), f))
272	{
273	linenum++;
274	cp = line + strspn(line, WHITESPACE);
275	if (!cp \|\| cp == '#')
276	continue;
277	cp = strtok(cp, WHITESPACE);
278	{
279	char *t = cp;
280	for (; *t != 0; t++)
281	if ('A' <= t && t <= 'Z')
282	t = t - 'A' + 'a'; /* tolower */
283
284	}
285	opcode = parse_token(cp, filename, linenum);
286	switch (opcode)
287	{
288	case sPort:
289	intptr = &options->port;
290	parse_int:
291	cp = strtok(NULL, WHITESPACE);
292	if (!cp)
293	{
294	fprintf(stderr, "%s line %d: missing integer value.\n",
295	filename, linenum);
296	exit(1);
297	}
298	value = atoi(cp);
299	if (*intptr == -1)
300	*intptr = value;
301	break;
302
303	case sServerKeyBits:
304	intptr = &options->server_key_bits;
305	goto parse_int;
306
307	case sLoginGraceTime:
308	intptr = &options->login_grace_time;
309	goto parse_int;
310
311	case sKeyRegenerationTime:
312	intptr = &options->key_regeneration_time;
313	goto parse_int;
314
315	case sListenAddress:
316	cp = strtok(NULL, WHITESPACE);
317	if (!cp)
318	{
319	fprintf(stderr, "%s line %d: missing inet addr.\n",
320	filename, linenum);
321	exit(1);
322	}
323	options->listen_addr.s_addr = inet_addr(cp);
324	break;
325
326	case sHostKeyFile:
327	charptr = &options->host_key_file;
328	cp = strtok(NULL, WHITESPACE);
329	if (!cp)
330	{
331	fprintf(stderr, "%s line %d: missing file name.\n",
332	filename, linenum);
333	exit(1);
334	}
335	if (*charptr == NULL)
336	*charptr = tilde_expand_filename(cp, getuid());
337	break;
338
339	case sRandomSeedFile:
340	fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
341	filename, linenum);
342	cp = strtok(NULL, WHITESPACE);
343	break;
344
345	case sPermitRootLogin:
346	intptr = &options->permit_root_login;
347	cp = strtok(NULL, WHITESPACE);
348	if (!cp)
349	{
350	fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
351	filename, linenum);
352	exit(1);
353	}
354	if (strcmp(cp, "without-password") == 0)
355	value = 2;
356	else if (strcmp(cp, "yes") == 0)
357	value = 1;
358	else if (strcmp(cp, "no") == 0)
359	value = 0;
360	else
361	{
362	fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
363	filename, linenum, cp);
364	exit(1);
365	}
366	if (*intptr == -1)
367	*intptr = value;
368	break;
369
370	case sIgnoreRhosts:
371	intptr = &options->ignore_rhosts;
372	parse_flag:
373	cp = strtok(NULL, WHITESPACE);
374	if (!cp)
375	{
376	fprintf(stderr, "%s line %d: missing yes/no argument.\n",
377	filename, linenum);
378	exit(1);
379	}
380	if (strcmp(cp, "yes") == 0)
381	value = 1;
382	else
383	if (strcmp(cp, "no") == 0)
384	value = 0;
385	else
386	{
387	fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
388	filename, linenum, cp);
389	exit(1);
390	}
391	if (*intptr == -1)
392	*intptr = value;
393	break;
394
395	case sQuietMode:
396	intptr = &options->quiet_mode;
397	goto parse_flag;
398
399	case sFascistLogging:
400	intptr = &options->fascist_logging;
401	goto parse_flag;
402
403	case sRhostsAuthentication:
404	intptr = &options->rhosts_authentication;
405	goto parse_flag;
406
407	case sRhostsRSAAuthentication:
408	intptr = &options->rhosts_rsa_authentication;
409	goto parse_flag;
410
411	case sRSAAuthentication:
412	intptr = &options->rsa_authentication;
413	goto parse_flag;
414
415	#ifdef KRB4
416	case sKerberosAuthentication:
417	intptr = &options->kerberos_authentication;
418	goto parse_flag;
419
420	case sKerberosOrLocalPasswd:
421	intptr = &options->kerberos_or_local_passwd;
422	goto parse_flag;
423
424	case sKerberosTicketCleanup:
425	intptr = &options->kerberos_ticket_cleanup;
426	goto parse_flag;
427	#endif
428
429	#ifdef AFS
430	case sKerberosTgtPassing:
431	intptr = &options->kerberos_tgt_passing;
432	goto parse_flag;
433
434	case sAFSTokenPassing:
435	intptr = &options->afs_token_passing;
436	goto parse_flag;
437	#endif
438
439	case sPasswordAuthentication:
440	intptr = &options->password_authentication;
441	goto parse_flag;
442
443	case sCheckMail:
444	intptr = &options->check_mail;
445	goto parse_flag;
446
447	#ifdef SKEY
448	case sSkeyAuthentication:
449	intptr = &options->skey_authentication;
450	goto parse_flag;
451	#endif
452
453	case sPrintMotd:
454	intptr = &options->print_motd;
455	goto parse_flag;
456
457	case sX11Forwarding:
458	intptr = &options->x11_forwarding;
459	goto parse_flag;
460
461	case sX11DisplayOffset:
462	intptr = &options->x11_display_offset;
463	goto parse_int;
464
465	case sStrictModes:
466	intptr = &options->strict_modes;
467	goto parse_flag;
468
469	case sKeepAlives:
470	intptr = &options->keepalives;
471	goto parse_flag;
472
473	case sEmptyPasswd:
474	intptr = &options->permit_empty_passwd;
475	goto parse_flag;
476
477	case sUseLogin:
478	intptr = &options->use_login;
479	goto parse_flag;
480
481	case sLogFacility:
482	cp = strtok(NULL, WHITESPACE);
483	if (!cp)
484	{
485	fprintf(stderr, "%s line %d: missing facility name.\n",
486	filename, linenum);
487	exit(1);
488	}
489	for (i = 0; log_facilities[i].name; i++)
490	if (strcmp(log_facilities[i].name, cp) == 0)
491	break;
492	if (!log_facilities[i].name)
493	{
494	fprintf(stderr, "%s line %d: unsupported log facility %s\n",
495	filename, linenum, cp);
496	exit(1);
497	}
498	if (options->log_facility == (SyslogFacility)(-1))
499	options->log_facility = log_facilities[i].facility;
500	break;
501
502	case sAllowUsers:
503	while ((cp = strtok(NULL, WHITESPACE)))
504	{
505	if (options->num_allow_users >= MAX_ALLOW_USERS)
506	{
507	fprintf(stderr, "%s line %d: too many allow users.\n",
508	filename, linenum);
509	exit(1);
510	}
511	options->allow_users[options->num_allow_users++] = xstrdup(cp);
512	}
513	break;
514
515	case sDenyUsers:
516	while ((cp = strtok(NULL, WHITESPACE)))
517	{
518	if (options->num_deny_users >= MAX_DENY_USERS)
519	{
520	fprintf(stderr, "%s line %d: too many deny users.\n",
521	filename, linenum);
522	exit(1);
523	}
524	options->deny_users[options->num_deny_users++] = xstrdup(cp);
525	}
526	break;
527
528	case sAllowGroups:
529	while ((cp = strtok(NULL, WHITESPACE)))
530	{
531	if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
532	{
533	fprintf(stderr, "%s line %d: too many allow groups.\n",
534	filename, linenum);
535	exit(1);
536	}
537	options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
538	}
539	break;
540
541	case sDenyGroups:
542	while ((cp = strtok(NULL, WHITESPACE)))
543	{
544	if (options->num_deny_groups >= MAX_DENY_GROUPS)
545	{
546	fprintf(stderr, "%s line %d: too many deny groups.\n",
547	filename, linenum);
548	exit(1);
549	}
550	options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
551	}
552	break;
553
554	default:
555	fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
556	filename, linenum, cp, opcode);
557	exit(1);
558	}
559	if (strtok(NULL, WHITESPACE) != NULL)
560	{
561	fprintf(stderr, "%s line %d: garbage at end of line.\n",
562	filename, linenum);
563	exit(1);
564	}
565	}
566	fclose(f);
567	}