]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
d11c1288 13RCSID("$OpenBSD: servconf.c,v 1.74 2001/04/06 22:25:25 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
48e671d5 34/* add listen address */
d11c1288 35void add_listen_addr(ServerOptions *options, char *addr, char *port);
36void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 37
42f11eb2 38/* AF_UNSPEC or AF_INET or AF_INET6 */
39extern int IPv4or6;
40
8efc0c15 41/* Initializes the server options to their default values. */
42
6ae2364d 43void
5260325f 44initialize_server_options(ServerOptions *options)
8efc0c15 45{
5260325f 46 memset(options, 0, sizeof(*options));
48e671d5 47 options->num_ports = 0;
48 options->ports_from_cmdline = 0;
49 options->listen_addrs = NULL;
fa08c86b 50 options->num_host_key_files = 0;
0fbe8c74 51 options->pid_file = NULL;
5260325f 52 options->server_key_bits = -1;
53 options->login_grace_time = -1;
54 options->key_regeneration_time = -1;
15853e93 55 options->permit_root_login = PERMIT_NOT_SET;
5260325f 56 options->ignore_rhosts = -1;
57 options->ignore_user_known_hosts = -1;
58 options->print_motd = -1;
4f4648f9 59 options->print_lastlog = -1;
5260325f 60 options->check_mail = -1;
61 options->x11_forwarding = -1;
62 options->x11_display_offset = -1;
fa649821 63 options->xauth_location = NULL;
5260325f 64 options->strict_modes = -1;
65 options->keepalives = -1;
66 options->log_facility = (SyslogFacility) - 1;
67 options->log_level = (LogLevel) - 1;
68 options->rhosts_authentication = -1;
69 options->rhosts_rsa_authentication = -1;
70 options->rsa_authentication = -1;
fa08c86b 71 options->pubkey_authentication = -1;
8efc0c15 72#ifdef KRB4
5260325f 73 options->kerberos_authentication = -1;
74 options->kerberos_or_local_passwd = -1;
75 options->kerberos_ticket_cleanup = -1;
8efc0c15 76#endif
77#ifdef AFS
5260325f 78 options->kerberos_tgt_passing = -1;
79 options->afs_token_passing = -1;
8efc0c15 80#endif
5260325f 81 options->password_authentication = -1;
94ec8c6b 82 options->kbd_interactive_authentication = -1;
d464095c 83 options->challenge_reponse_authentication = -1;
5260325f 84 options->permit_empty_passwd = -1;
85 options->use_login = -1;
33de75a3 86 options->allow_tcp_forwarding = -1;
5260325f 87 options->num_allow_users = 0;
88 options->num_deny_users = 0;
89 options->num_allow_groups = 0;
90 options->num_deny_groups = 0;
a8be9f80 91 options->ciphers = NULL;
b2552997 92 options->macs = NULL;
a8be9f80 93 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 94 options->gateway_ports = -1;
38c295d6 95 options->num_subsystems = 0;
c345cf9d 96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
089fbbd2 98 options->max_startups = -1;
eea39c02 99 options->banner = NULL;
61e96248 100 options->reverse_mapping_check = -1;
8efc0c15 101}
102
6ae2364d 103void
5260325f 104fill_default_server_options(ServerOptions *options)
8efc0c15 105{
fa08c86b 106 if (options->protocol == SSH_PROTO_UNKNOWN)
107 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
108 if (options->num_host_key_files == 0) {
109 /* fill default hostkeys for protocols */
110 if (options->protocol & SSH_PROTO_1)
42f11eb2 111 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 112 if (options->protocol & SSH_PROTO_2)
42f11eb2 113 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 114 }
48e671d5 115 if (options->num_ports == 0)
116 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
117 if (options->listen_addrs == NULL)
d11c1288 118 add_listen_addr(options, NULL, NULL);
0fbe8c74 119 if (options->pid_file == NULL)
42f11eb2 120 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 121 if (options->server_key_bits == -1)
122 options->server_key_bits = 768;
123 if (options->login_grace_time == -1)
124 options->login_grace_time = 600;
125 if (options->key_regeneration_time == -1)
126 options->key_regeneration_time = 3600;
15853e93 127 if (options->permit_root_login == PERMIT_NOT_SET)
128 options->permit_root_login = PERMIT_YES;
5260325f 129 if (options->ignore_rhosts == -1)
c8d54615 130 options->ignore_rhosts = 1;
5260325f 131 if (options->ignore_user_known_hosts == -1)
132 options->ignore_user_known_hosts = 0;
133 if (options->check_mail == -1)
134 options->check_mail = 0;
135 if (options->print_motd == -1)
136 options->print_motd = 1;
4f4648f9 137 if (options->print_lastlog == -1)
138 options->print_lastlog = 1;
5260325f 139 if (options->x11_forwarding == -1)
c8d54615 140 options->x11_forwarding = 0;
5260325f 141 if (options->x11_display_offset == -1)
c8d54615 142 options->x11_display_offset = 10;
fa649821 143#ifdef XAUTH_PATH
144 if (options->xauth_location == NULL)
145 options->xauth_location = XAUTH_PATH;
146#endif /* XAUTH_PATH */
5260325f 147 if (options->strict_modes == -1)
148 options->strict_modes = 1;
149 if (options->keepalives == -1)
150 options->keepalives = 1;
151 if (options->log_facility == (SyslogFacility) (-1))
152 options->log_facility = SYSLOG_FACILITY_AUTH;
153 if (options->log_level == (LogLevel) (-1))
59c97189 154 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 155 if (options->rhosts_authentication == -1)
156 options->rhosts_authentication = 0;
157 if (options->rhosts_rsa_authentication == -1)
c8d54615 158 options->rhosts_rsa_authentication = 0;
5260325f 159 if (options->rsa_authentication == -1)
160 options->rsa_authentication = 1;
fa08c86b 161 if (options->pubkey_authentication == -1)
162 options->pubkey_authentication = 1;
8efc0c15 163#ifdef KRB4
5260325f 164 if (options->kerberos_authentication == -1)
165 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
166 if (options->kerberos_or_local_passwd == -1)
167 options->kerberos_or_local_passwd = 1;
168 if (options->kerberos_ticket_cleanup == -1)
169 options->kerberos_ticket_cleanup = 1;
8efc0c15 170#endif /* KRB4 */
171#ifdef AFS
5260325f 172 if (options->kerberos_tgt_passing == -1)
173 options->kerberos_tgt_passing = 0;
174 if (options->afs_token_passing == -1)
175 options->afs_token_passing = k_hasafs();
8efc0c15 176#endif /* AFS */
5260325f 177 if (options->password_authentication == -1)
178 options->password_authentication = 1;
94ec8c6b 179 if (options->kbd_interactive_authentication == -1)
180 options->kbd_interactive_authentication = 0;
d464095c 181 if (options->challenge_reponse_authentication == -1)
182 options->challenge_reponse_authentication = 1;
5260325f 183 if (options->permit_empty_passwd == -1)
c8d54615 184 options->permit_empty_passwd = 0;
5260325f 185 if (options->use_login == -1)
186 options->use_login = 0;
33de75a3 187 if (options->allow_tcp_forwarding == -1)
188 options->allow_tcp_forwarding = 1;
1d1ffb87 189 if (options->gateway_ports == -1)
190 options->gateway_ports = 0;
089fbbd2 191 if (options->max_startups == -1)
192 options->max_startups = 10;
c345cf9d 193 if (options->max_startups_rate == -1)
194 options->max_startups_rate = 100; /* 100% */
195 if (options->max_startups_begin == -1)
196 options->max_startups_begin = options->max_startups;
61e96248 197 if (options->reverse_mapping_check == -1)
198 options->reverse_mapping_check = 0;
8efc0c15 199}
200
8efc0c15 201/* Keyword tokens. */
5260325f 202typedef enum {
203 sBadOption, /* == unknown option */
204 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
205 sPermitRootLogin, sLogFacility, sLogLevel,
206 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 207#ifdef KRB4
5260325f 208 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 209#endif
210#ifdef AFS
5260325f 211 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 212#endif
d464095c 213 sChallengeResponseAuthentication,
94ec8c6b 214 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 215 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
216 sX11Forwarding, sX11DisplayOffset,
9c81df4c 217 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 218 sUseLogin, sAllowTcpForwarding,
219 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 220 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 221 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
61e96248 222 sBanner, sReverseMappingCheck
8efc0c15 223} ServerOpCodes;
224
225/* Textual representation of the tokens. */
5260325f 226static struct {
227 const char *name;
228 ServerOpCodes opcode;
229} keywords[] = {
230 { "port", sPort },
231 { "hostkey", sHostKeyFile },
fa08c86b 232 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 233 { "pidfile", sPidFile },
5260325f 234 { "serverkeybits", sServerKeyBits },
235 { "logingracetime", sLoginGraceTime },
236 { "keyregenerationinterval", sKeyRegenerationTime },
237 { "permitrootlogin", sPermitRootLogin },
238 { "syslogfacility", sLogFacility },
239 { "loglevel", sLogLevel },
240 { "rhostsauthentication", sRhostsAuthentication },
241 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
242 { "rsaauthentication", sRSAAuthentication },
fa08c86b 243 { "pubkeyauthentication", sPubkeyAuthentication },
244 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 245#ifdef KRB4
5260325f 246 { "kerberosauthentication", sKerberosAuthentication },
247 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
248 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 249#endif
250#ifdef AFS
5260325f 251 { "kerberostgtpassing", sKerberosTgtPassing },
252 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 253#endif
5260325f 254 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 255 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 256 { "challengeresponseauthentication", sChallengeResponseAuthentication },
257 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 258 { "checkmail", sCheckMail },
259 { "listenaddress", sListenAddress },
260 { "printmotd", sPrintMotd },
4f4648f9 261 { "printlastlog", sPrintLastLog },
5260325f 262 { "ignorerhosts", sIgnoreRhosts },
263 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
264 { "x11forwarding", sX11Forwarding },
265 { "x11displayoffset", sX11DisplayOffset },
fa649821 266 { "xauthlocation", sXAuthLocation },
5260325f 267 { "strictmodes", sStrictModes },
268 { "permitemptypasswords", sEmptyPasswd },
269 { "uselogin", sUseLogin },
5260325f 270 { "keepalive", sKeepAlives },
33de75a3 271 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 272 { "allowusers", sAllowUsers },
273 { "denyusers", sDenyUsers },
274 { "allowgroups", sAllowGroups },
275 { "denygroups", sDenyGroups },
a8be9f80 276 { "ciphers", sCiphers },
b2552997 277 { "macs", sMacs },
a8be9f80 278 { "protocol", sProtocol },
1d1ffb87 279 { "gatewayports", sGatewayPorts },
38c295d6 280 { "subsystem", sSubsystem },
089fbbd2 281 { "maxstartups", sMaxStartups },
eea39c02 282 { "banner", sBanner },
61e96248 283 { "reversemappingcheck", sReverseMappingCheck },
5260325f 284 { NULL, 0 }
8efc0c15 285};
286
aa3378df 287/*
6be9a5e8 288 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 289 */
8efc0c15 290
6ae2364d 291static ServerOpCodes
5260325f 292parse_token(const char *cp, const char *filename,
293 int linenum)
8efc0c15 294{
1e3b8b07 295 u_int i;
8efc0c15 296
5260325f 297 for (i = 0; keywords[i].name; i++)
aa3378df 298 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 299 return keywords[i].opcode;
8efc0c15 300
5260325f 301 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
302 filename, linenum, cp);
303 return sBadOption;
8efc0c15 304}
305
48e671d5 306/*
307 * add listen address
308 */
6ae2364d 309void
d11c1288 310add_listen_addr(ServerOptions *options, char *addr, char *port)
48e671d5 311{
48e671d5 312 int i;
313
314 if (options->num_ports == 0)
315 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
d11c1288 316 if (port == NULL)
317 for (i = 0; i < options->num_ports; i++)
318 add_one_listen_addr(options, addr, options->ports[i]);
319 else
320 add_one_listen_addr(options, addr, atoi(port));
321}
322
323void
324add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
325{
326 struct addrinfo hints, *ai, *aitop;
327 char strport[NI_MAXSERV];
328 int gaierr;
329
330 memset(&hints, 0, sizeof(hints));
331 hints.ai_family = IPv4or6;
332 hints.ai_socktype = SOCK_STREAM;
333 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
334 snprintf(strport, sizeof strport, "%d", port);
335 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
336 fatal("bad addr or host: %s (%s)",
337 addr ? addr : "<NULL>",
338 gai_strerror(gaierr));
339 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
340 ;
341 ai->ai_next = options->listen_addrs;
342 options->listen_addrs = aitop;
48e671d5 343}
344
8efc0c15 345/* Reads the server configuration file. */
346
6ae2364d 347void
5260325f 348read_server_config(ServerOptions *options, const char *filename)
8efc0c15 349{
5260325f 350 FILE *f;
351 char line[1024];
d11c1288 352 char *cp, **charptr, *arg, *p;
5260325f 353 int linenum, *intptr, value;
354 int bad_options = 0;
355 ServerOpCodes opcode;
38c295d6 356 int i;
5260325f 357
358 f = fopen(filename, "r");
359 if (!f) {
360 perror(filename);
8efc0c15 361 exit(1);
5260325f 362 }
363 linenum = 0;
364 while (fgets(line, sizeof(line), f)) {
365 linenum++;
704b1659 366 cp = line;
367 arg = strdelim(&cp);
368 /* Ignore leading whitespace */
369 if (*arg == '\0')
370 arg = strdelim(&cp);
42f11eb2 371 if (!arg || !*arg || *arg == '#')
5260325f 372 continue;
fa08c86b 373 intptr = NULL;
374 charptr = NULL;
089fbbd2 375 opcode = parse_token(arg, filename, linenum);
5260325f 376 switch (opcode) {
377 case sBadOption:
378 bad_options++;
379 continue;
380 case sPort:
48e671d5 381 /* ignore ports from configfile if cmdline specifies ports */
382 if (options->ports_from_cmdline)
383 continue;
384 if (options->listen_addrs != NULL)
385 fatal("%s line %d: ports must be specified before "
386 "ListenAdress.\n", filename, linenum);
387 if (options->num_ports >= MAX_PORTS)
54b974dc 388 fatal("%s line %d: too many ports.",
6ae2364d 389 filename, linenum);
704b1659 390 arg = strdelim(&cp);
089fbbd2 391 if (!arg || *arg == '\0')
54b974dc 392 fatal("%s line %d: missing port number.",
48e671d5 393 filename, linenum);
089fbbd2 394 options->ports[options->num_ports++] = atoi(arg);
48e671d5 395 break;
396
397 case sServerKeyBits:
398 intptr = &options->server_key_bits;
5260325f 399parse_int:
704b1659 400 arg = strdelim(&cp);
089fbbd2 401 if (!arg || *arg == '\0') {
5260325f 402 fprintf(stderr, "%s line %d: missing integer value.\n",
403 filename, linenum);
404 exit(1);
405 }
089fbbd2 406 value = atoi(arg);
5260325f 407 if (*intptr == -1)
408 *intptr = value;
409 break;
410
5260325f 411 case sLoginGraceTime:
412 intptr = &options->login_grace_time;
413 goto parse_int;
414
415 case sKeyRegenerationTime:
416 intptr = &options->key_regeneration_time;
417 goto parse_int;
418
419 case sListenAddress:
704b1659 420 arg = strdelim(&cp);
d11c1288 421 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 422 fatal("%s line %d: missing inet addr.",
48e671d5 423 filename, linenum);
d11c1288 424 if (*arg == '[') {
425 if ((p = strchr(arg, ']')) == NULL)
426 fatal("%s line %d: bad ipv6 inet addr usage.",
427 filename, linenum);
428 arg++;
429 memmove(p, p+1, strlen(p+1)+1);
430 } else if (((p = strchr(arg, ':')) == NULL) ||
431 (strchr(p+1, ':') != NULL)) {
432 add_listen_addr(options, arg, NULL);
433 break;
434 }
435 if (*p == ':') {
436 p++;
437 if (*p == '\0')
438 fatal("%s line %d: bad inet addr:port usage.",
439 filename, linenum);
440 else {
441 *(p-1) = '\0';
442 add_listen_addr(options, arg, p);
443 }
444 } else if (*p == '\0')
445 add_listen_addr(options, arg, NULL);
446 else
447 fatal("%s line %d: bad inet addr usage.",
448 filename, linenum);
5260325f 449 break;
450
451 case sHostKeyFile:
fa08c86b 452 intptr = &options->num_host_key_files;
453 if (*intptr >= MAX_HOSTKEYS) {
0c126dc9 454 fprintf(stderr,
455 "%s line %d: too many host keys specified (max %d).\n",
fa08c86b 456 filename, linenum, MAX_HOSTKEYS);
457 exit(1);
458 }
459 charptr = &options->host_key_files[*intptr];
fa649821 460parse_filename:
704b1659 461 arg = strdelim(&cp);
089fbbd2 462 if (!arg || *arg == '\0') {
5260325f 463 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 464 filename, linenum);
465 exit(1);
466 }
fa08c86b 467 if (*charptr == NULL) {
089fbbd2 468 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 469 /* increase optional counter */
470 if (intptr != NULL)
471 *intptr = *intptr + 1;
472 }
0fbe8c74 473 break;
474
475 case sPidFile:
476 charptr = &options->pid_file;
fa649821 477 goto parse_filename;
5260325f 478
5260325f 479 case sPermitRootLogin:
480 intptr = &options->permit_root_login;
704b1659 481 arg = strdelim(&cp);
089fbbd2 482 if (!arg || *arg == '\0') {
7c8f2a26 483 fprintf(stderr, "%s line %d: missing yes/"
484 "without-password/forced-commands-only/no "
485 "argument.\n", filename, linenum);
5260325f 486 exit(1);
487 }
089fbbd2 488 if (strcmp(arg, "without-password") == 0)
15853e93 489 value = PERMIT_NO_PASSWD;
490 else if (strcmp(arg, "forced-commands-only") == 0)
491 value = PERMIT_FORCED_ONLY;
089fbbd2 492 else if (strcmp(arg, "yes") == 0)
15853e93 493 value = PERMIT_YES;
089fbbd2 494 else if (strcmp(arg, "no") == 0)
15853e93 495 value = PERMIT_NO;
5260325f 496 else {
15853e93 497 fprintf(stderr, "%s line %d: Bad yes/"
498 "without-password/forced-commands-only/no "
499 "argument: %s\n", filename, linenum, arg);
5260325f 500 exit(1);
501 }
502 if (*intptr == -1)
503 *intptr = value;
504 break;
505
506 case sIgnoreRhosts:
507 intptr = &options->ignore_rhosts;
508parse_flag:
704b1659 509 arg = strdelim(&cp);
089fbbd2 510 if (!arg || *arg == '\0') {
5260325f 511 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
512 filename, linenum);
513 exit(1);
514 }
089fbbd2 515 if (strcmp(arg, "yes") == 0)
5260325f 516 value = 1;
089fbbd2 517 else if (strcmp(arg, "no") == 0)
5260325f 518 value = 0;
519 else {
520 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 521 filename, linenum, arg);
5260325f 522 exit(1);
523 }
524 if (*intptr == -1)
525 *intptr = value;
526 break;
527
528 case sIgnoreUserKnownHosts:
529 intptr = &options->ignore_user_known_hosts;
c8d54615 530 goto parse_flag;
5260325f 531
532 case sRhostsAuthentication:
533 intptr = &options->rhosts_authentication;
534 goto parse_flag;
535
536 case sRhostsRSAAuthentication:
537 intptr = &options->rhosts_rsa_authentication;
538 goto parse_flag;
539
540 case sRSAAuthentication:
541 intptr = &options->rsa_authentication;
542 goto parse_flag;
543
fa08c86b 544 case sPubkeyAuthentication:
545 intptr = &options->pubkey_authentication;
1d1ffb87 546 goto parse_flag;
547
8efc0c15 548#ifdef KRB4
5260325f 549 case sKerberosAuthentication:
550 intptr = &options->kerberos_authentication;
551 goto parse_flag;
552
553 case sKerberosOrLocalPasswd:
554 intptr = &options->kerberos_or_local_passwd;
555 goto parse_flag;
556
557 case sKerberosTicketCleanup:
558 intptr = &options->kerberos_ticket_cleanup;
559 goto parse_flag;
8efc0c15 560#endif
5260325f 561
8efc0c15 562#ifdef AFS
5260325f 563 case sKerberosTgtPassing:
564 intptr = &options->kerberos_tgt_passing;
565 goto parse_flag;
8efc0c15 566
5260325f 567 case sAFSTokenPassing:
568 intptr = &options->afs_token_passing;
569 goto parse_flag;
8efc0c15 570#endif
571
5260325f 572 case sPasswordAuthentication:
573 intptr = &options->password_authentication;
574 goto parse_flag;
8efc0c15 575
94ec8c6b 576 case sKbdInteractiveAuthentication:
577 intptr = &options->kbd_interactive_authentication;
578 goto parse_flag;
579
5260325f 580 case sCheckMail:
581 intptr = &options->check_mail;
582 goto parse_flag;
8efc0c15 583
d464095c 584 case sChallengeResponseAuthentication:
585 intptr = &options->challenge_reponse_authentication;
5260325f 586 goto parse_flag;
8efc0c15 587
5260325f 588 case sPrintMotd:
589 intptr = &options->print_motd;
590 goto parse_flag;
591
4f4648f9 592 case sPrintLastLog:
593 intptr = &options->print_lastlog;
594 goto parse_flag;
595
5260325f 596 case sX11Forwarding:
597 intptr = &options->x11_forwarding;
598 goto parse_flag;
599
600 case sX11DisplayOffset:
601 intptr = &options->x11_display_offset;
602 goto parse_int;
603
fa649821 604 case sXAuthLocation:
605 charptr = &options->xauth_location;
606 goto parse_filename;
2b87da3b 607
5260325f 608 case sStrictModes:
609 intptr = &options->strict_modes;
610 goto parse_flag;
611
612 case sKeepAlives:
613 intptr = &options->keepalives;
614 goto parse_flag;
615
616 case sEmptyPasswd:
617 intptr = &options->permit_empty_passwd;
618 goto parse_flag;
619
620 case sUseLogin:
621 intptr = &options->use_login;
622 goto parse_flag;
623
1d1ffb87 624 case sGatewayPorts:
625 intptr = &options->gateway_ports;
626 goto parse_flag;
627
61e96248 628 case sReverseMappingCheck:
629 intptr = &options->reverse_mapping_check;
630 goto parse_flag;
631
5260325f 632 case sLogFacility:
633 intptr = (int *) &options->log_facility;
704b1659 634 arg = strdelim(&cp);
089fbbd2 635 value = log_facility_number(arg);
5260325f 636 if (value == (SyslogFacility) - 1)
54b974dc 637 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 638 filename, linenum, arg ? arg : "<NONE>");
5260325f 639 if (*intptr == -1)
640 *intptr = (SyslogFacility) value;
641 break;
642
643 case sLogLevel:
644 intptr = (int *) &options->log_level;
704b1659 645 arg = strdelim(&cp);
089fbbd2 646 value = log_level_number(arg);
5260325f 647 if (value == (LogLevel) - 1)
54b974dc 648 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 649 filename, linenum, arg ? arg : "<NONE>");
5260325f 650 if (*intptr == -1)
651 *intptr = (LogLevel) value;
652 break;
653
33de75a3 654 case sAllowTcpForwarding:
655 intptr = &options->allow_tcp_forwarding;
656 goto parse_flag;
657
5260325f 658 case sAllowUsers:
704b1659 659 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 660 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 661 fatal("%s line %d: too many allow users.",
a8be9f80 662 filename, linenum);
089fbbd2 663 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 664 }
665 break;
666
667 case sDenyUsers:
704b1659 668 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 669 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 670 fatal( "%s line %d: too many deny users.",
a8be9f80 671 filename, linenum);
089fbbd2 672 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 673 }
674 break;
675
676 case sAllowGroups:
704b1659 677 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 678 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 679 fatal("%s line %d: too many allow groups.",
a8be9f80 680 filename, linenum);
089fbbd2 681 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 682 }
683 break;
684
685 case sDenyGroups:
704b1659 686 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 687 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 688 fatal("%s line %d: too many deny groups.",
a8be9f80 689 filename, linenum);
089fbbd2 690 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 691 }
692 break;
693
a8be9f80 694 case sCiphers:
704b1659 695 arg = strdelim(&cp);
089fbbd2 696 if (!arg || *arg == '\0')
71276795 697 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 698 if (!ciphers_valid(arg))
d0c832f3 699 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 700 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 701 if (options->ciphers == NULL)
089fbbd2 702 options->ciphers = xstrdup(arg);
a8be9f80 703 break;
704
b2552997 705 case sMacs:
706 arg = strdelim(&cp);
707 if (!arg || *arg == '\0')
708 fatal("%s line %d: Missing argument.", filename, linenum);
709 if (!mac_valid(arg))
710 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
711 filename, linenum, arg ? arg : "<NONE>");
712 if (options->macs == NULL)
713 options->macs = xstrdup(arg);
714 break;
715
a8be9f80 716 case sProtocol:
717 intptr = &options->protocol;
704b1659 718 arg = strdelim(&cp);
089fbbd2 719 if (!arg || *arg == '\0')
71276795 720 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 721 value = proto_spec(arg);
a8be9f80 722 if (value == SSH_PROTO_UNKNOWN)
723 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 724 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 725 if (*intptr == SSH_PROTO_UNKNOWN)
726 *intptr = value;
727 break;
728
38c295d6 729 case sSubsystem:
730 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
731 fatal("%s line %d: too many subsystems defined.",
732 filename, linenum);
733 }
704b1659 734 arg = strdelim(&cp);
089fbbd2 735 if (!arg || *arg == '\0')
38c295d6 736 fatal("%s line %d: Missing subsystem name.",
737 filename, linenum);
738 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 739 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 740 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 741 filename, linenum, arg);
742 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 743 arg = strdelim(&cp);
089fbbd2 744 if (!arg || *arg == '\0')
38c295d6 745 fatal("%s line %d: Missing subsystem command.",
746 filename, linenum);
089fbbd2 747 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 748 options->num_subsystems++;
749 break;
750
089fbbd2 751 case sMaxStartups:
c345cf9d 752 arg = strdelim(&cp);
753 if (!arg || *arg == '\0')
754 fatal("%s line %d: Missing MaxStartups spec.",
755 filename, linenum);
756 if (sscanf(arg, "%d:%d:%d",
757 &options->max_startups_begin,
758 &options->max_startups_rate,
759 &options->max_startups) == 3) {
760 if (options->max_startups_begin >
761 options->max_startups ||
762 options->max_startups_rate > 100 ||
763 options->max_startups_rate < 1)
764 fatal("%s line %d: Illegal MaxStartups spec.",
765 filename, linenum);
766 break;
767 }
089fbbd2 768 intptr = &options->max_startups;
769 goto parse_int;
770
eea39c02 771 case sBanner:
772 charptr = &options->banner;
773 goto parse_filename;
2b87da3b 774
5260325f 775 default:
776 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 777 filename, linenum, arg, opcode);
5260325f 778 exit(1);
8efc0c15 779 }
704b1659 780 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
2b87da3b 781 fprintf(stderr,
089fbbd2 782 "%s line %d: garbage at end of line; \"%.200s\".\n",
783 filename, linenum, arg);
5260325f 784 exit(1);
8efc0c15 785 }
8efc0c15 786 }
5260325f 787 fclose(f);
788 if (bad_options > 0) {
789 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
790 filename, bad_options);
791 exit(1);
8efc0c15 792 }
8efc0c15 793}
git-cvsimport mirror of OpenSSH
This page took 1.238845 seconds and 5 git commands to generate.