[openssh.git] / servconf.c

/*

servconf.c

Author: Tatu Ylonen <ylo@cs.hut.fi>

Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                   All rights reserved

Created: Mon Aug 21 15:48:58 1995 ylo

*/

#include "includes.h"
RCSID("$Id$");

#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"

/* Initializes the server options to their default values. */

void initialize_server_options(ServerOptions *options)
{
  memset(options, 0, sizeof(*options));
  options->port = -1;
  options->listen_addr.s_addr = htonl(INADDR_ANY);
  options->host_key_file = NULL;
  options->server_key_bits = -1;
  options->login_grace_time = -1;
  options->key_regeneration_time = -1;
  options->permit_root_login = -1;
  options->ignore_rhosts = -1;
  options->ignore_user_known_hosts = -1;
  options->print_motd = -1;
  options->check_mail = -1;
  options->x11_forwarding = -1;
  options->x11_display_offset = -1;
  options->strict_modes = -1;
  options->keepalives = -1;
  options->log_facility = (SyslogFacility)-1;
  options->log_level = (LogLevel)-1;
  options->rhosts_authentication = -1;
  options->rhosts_rsa_authentication = -1;
  options->rsa_authentication = -1;
#ifdef KRB4
  options->kerberos_authentication = -1;
  options->kerberos_or_local_passwd = -1;
  options->kerberos_ticket_cleanup = -1;
#endif
#ifdef AFS
  options->kerberos_tgt_passing = -1;
  options->afs_token_passing = -1;
#endif
  options->password_authentication = -1;
#ifdef SKEY
  options->skey_authentication = -1;
#endif
  options->permit_empty_passwd = -1;
  options->use_login = -1;
  options->num_allow_users = 0;
  options->num_deny_users = 0;
  options->num_allow_groups = 0;
  options->num_deny_groups = 0;
}

void fill_default_server_options(ServerOptions *options)
{
  if (options->port == -1)
    {
      struct servent *sp;

      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
      if (sp)
	options->port = ntohs(sp->s_port);
      else
	options->port = SSH_DEFAULT_PORT;
      endservent();
    }
  if (options->host_key_file == NULL)
    options->host_key_file = HOST_KEY_FILE;
  if (options->server_key_bits == -1)
    options->server_key_bits = 768;
  if (options->login_grace_time == -1)
    options->login_grace_time = 600;
  if (options->key_regeneration_time == -1)
    options->key_regeneration_time = 3600;
  if (options->permit_root_login == -1)
    options->permit_root_login = 1;		 /* yes */
  if (options->ignore_rhosts == -1)
    options->ignore_rhosts = 0;
  if (options->ignore_user_known_hosts == -1)
    options->ignore_user_known_hosts = 0;
  if (options->check_mail == -1)
    options->check_mail = 0;
  if (options->print_motd == -1)
    options->print_motd = 1;
  if (options->x11_forwarding == -1)
    options->x11_forwarding = 1;
  if (options->x11_display_offset == -1)
    options->x11_display_offset = 1;
  if (options->strict_modes == -1)
    options->strict_modes = 1;
  if (options->keepalives == -1)
    options->keepalives = 1;
  if (options->log_facility == (SyslogFacility)(-1))
    options->log_facility = SYSLOG_FACILITY_AUTH;
  if (options->log_level == (LogLevel)(-1))
    options->log_level = SYSLOG_LEVEL_INFO;
  if (options->rhosts_authentication == -1)
    options->rhosts_authentication = 0;
  if (options->rhosts_rsa_authentication == -1)
    options->rhosts_rsa_authentication = 1;
  if (options->rsa_authentication == -1)
    options->rsa_authentication = 1;
#ifdef KRB4
  if (options->kerberos_authentication == -1)
    options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
  if (options->kerberos_or_local_passwd == -1)
    options->kerberos_or_local_passwd = 1;
  if (options->kerberos_ticket_cleanup == -1)
    options->kerberos_ticket_cleanup = 1;
#endif /* KRB4 */
#ifdef AFS
  if (options->kerberos_tgt_passing == -1)
    options->kerberos_tgt_passing = 0;
  if (options->afs_token_passing == -1)
    options->afs_token_passing = k_hasafs();
#endif /* AFS */
  if (options->password_authentication == -1)
    options->password_authentication = 1;
#ifdef SKEY
  if (options->skey_authentication == -1)
    options->skey_authentication = 1;
#endif
  if (options->permit_empty_passwd == -1)
    options->permit_empty_passwd = 1;
  if (options->use_login == -1)
    options->use_login = 0;
}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */
typedef enum 
{
  sBadOption, /* == unknown option */
  sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  sPermitRootLogin, sLogFacility, sLogLevel,
  sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#ifdef KRB4
  sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif
#ifdef AFS
  sKerberosTgtPassing, sAFSTokenPassing,
#endif
#ifdef SKEY
  sSkeyAuthentication,
#endif
  sPasswordAuthentication, sListenAddress,
  sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
  sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
  sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
  sIgnoreUserKnownHosts
} ServerOpCodes;

/* Textual representation of the tokens. */
static struct
{
  const char *name;
  ServerOpCodes opcode;
} keywords[] =
{
  { "port", sPort },
  { "hostkey", sHostKeyFile },
  { "serverkeybits", sServerKeyBits },
  { "logingracetime", sLoginGraceTime },
  { "keyregenerationinterval", sKeyRegenerationTime },
  { "permitrootlogin", sPermitRootLogin },
  { "syslogfacility", sLogFacility },
  { "loglevel", sLogLevel },
  { "rhostsauthentication", sRhostsAuthentication },
  { "rhostsrsaauthentication", sRhostsRSAAuthentication },
  { "rsaauthentication", sRSAAuthentication },
#ifdef KRB4
  { "kerberosauthentication", sKerberosAuthentication },
  { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
  { "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#ifdef AFS
  { "kerberostgtpassing", sKerberosTgtPassing },
  { "afstokenpassing", sAFSTokenPassing },
#endif
  { "passwordauthentication", sPasswordAuthentication },
#ifdef SKEY
  { "skeyauthentication", sSkeyAuthentication },
#endif
  { "checkmail", sCheckMail },
  { "listenaddress", sListenAddress },
  { "printmotd", sPrintMotd },
  { "ignorerhosts", sIgnoreRhosts },
  { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
  { "x11forwarding", sX11Forwarding },
  { "x11displayoffset", sX11DisplayOffset },
  { "strictmodes", sStrictModes },
  { "permitemptypasswords", sEmptyPasswd },
  { "uselogin", sUseLogin },
  { "randomseed", sRandomSeedFile },
  { "keepalive", sKeepAlives },
  { "allowusers", sAllowUsers },
  { "denyusers", sDenyUsers },
  { "allowgroups", sAllowGroups },
  { "denygroups", sDenyGroups },
  { NULL, 0 }
};

/* Returns the number of the token pointed to by cp of length len.
   Never returns if the token is not known. */

static ServerOpCodes parse_token(const char *cp, const char *filename,
				 int linenum)
{
  unsigned int i;

  for (i = 0; keywords[i].name; i++)
    if (strcmp(cp, keywords[i].name) == 0)
      return keywords[i].opcode;

  fprintf(stderr, "%s: line %d: Bad configuration option: %s\n", 
	  filename, linenum, cp);
  return sBadOption;
}

/* Reads the server configuration file. */

void read_server_config(ServerOptions *options, const char *filename)
{
  FILE *f;
  char line[1024];
  char *cp, **charptr;
  int linenum, *intptr, value;
  int bad_options = 0;
  ServerOpCodes opcode;

  f = fopen(filename, "r");
  if (!f)
    {
      perror(filename);
      exit(1);
    }

  linenum = 0;
  while (fgets(line, sizeof(line), f))
    {
      linenum++;
      cp = line + strspn(line, WHITESPACE);
      if (!*cp || *cp == '#')
	continue;
      cp = strtok(cp, WHITESPACE);
      {
	char *t = cp;
	for (; *t != 0; t++)
	  if ('A' <= *t && *t <= 'Z')
	    *t = *t - 'A' + 'a';	/* tolower */
      
      }
      opcode = parse_token(cp, filename, linenum);
      switch (opcode)
	{
	case sBadOption:
	  bad_options++;
          continue;
	case sPort:
	  intptr = &options->port;
	parse_int:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing integer value.\n", 
		      filename, linenum);
	      exit(1);
	    }
	  value = atoi(cp);
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sServerKeyBits:
	  intptr = &options->server_key_bits;
	  goto parse_int;

	case sLoginGraceTime:
	  intptr = &options->login_grace_time;
	  goto parse_int;
	  
	case sKeyRegenerationTime:
	  intptr = &options->key_regeneration_time;
	  goto parse_int;

	case sListenAddress:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing inet addr.\n",
		      filename, linenum);
	      exit(1);
	    }
	  options->listen_addr.s_addr = inet_addr(cp);
	  break;

	case sHostKeyFile:
	  charptr = &options->host_key_file;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing file name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (*charptr == NULL)
	    *charptr = tilde_expand_filename(cp, getuid());
	  break;

	case sRandomSeedFile:
	  fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
		  filename, linenum);
	  cp = strtok(NULL, WHITESPACE);
	  break;

	case sPermitRootLogin:
	  intptr = &options->permit_root_login;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "without-password") == 0)
	    value = 2;
	  else if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else if (strcmp(cp, "no") == 0)
	    value = 0;
	  else
	    {
	      fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n", 
	      	filename, linenum, cp);
	      exit(1);
	    }
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sIgnoreRhosts:
	  intptr = &options->ignore_rhosts;
	parse_flag:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else
	    if (strcmp(cp, "no") == 0)
	      value = 0;
	    else
	      {
		fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n", 
			filename, linenum, cp);
		exit(1);
	      }
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sIgnoreUserKnownHosts:
	  intptr = &options->ignore_user_known_hosts;
	  goto parse_int;

	case sRhostsAuthentication:
	  intptr = &options->rhosts_authentication;
	  goto parse_flag;

	case sRhostsRSAAuthentication:
	  intptr = &options->rhosts_rsa_authentication;
	  goto parse_flag;
	  
	case sRSAAuthentication:
	  intptr = &options->rsa_authentication;
	  goto parse_flag;
	  
#ifdef KRB4
	case sKerberosAuthentication:
	  intptr = &options->kerberos_authentication;
	  goto parse_flag;
	  
 	case sKerberosOrLocalPasswd:
 	  intptr = &options->kerberos_or_local_passwd;
 	  goto parse_flag;

	case sKerberosTicketCleanup:
	  intptr = &options->kerberos_ticket_cleanup;
	  goto parse_flag;
#endif
	  
#ifdef AFS
	case sKerberosTgtPassing:
	  intptr = &options->kerberos_tgt_passing;
	  goto parse_flag;

	case sAFSTokenPassing:
	  intptr = &options->afs_token_passing;
	  goto parse_flag;
#endif

	case sPasswordAuthentication:
	  intptr = &options->password_authentication;
	  goto parse_flag;

        case sCheckMail:
          intptr = &options->check_mail;
          goto parse_flag;

#ifdef SKEY
	case sSkeyAuthentication:
	  intptr = &options->skey_authentication;
	  goto parse_flag;
#endif

	case sPrintMotd:
	  intptr = &options->print_motd;
	  goto parse_flag;

	case sX11Forwarding:
	  intptr = &options->x11_forwarding;
	  goto parse_flag;

	case sX11DisplayOffset:
	  intptr = &options->x11_display_offset;
	  goto parse_int;

	case sStrictModes:
	  intptr = &options->strict_modes;
	  goto parse_flag;

	case sKeepAlives:
	  intptr = &options->keepalives;
	  goto parse_flag;
	  
	case sEmptyPasswd:
	  intptr = &options->permit_empty_passwd;
	  goto parse_flag;

        case sUseLogin:
          intptr = &options->use_login;
          goto parse_flag;

	case sLogFacility:
	  intptr = (int *)&options->log_facility;
	  cp = strtok(NULL, WHITESPACE);
	  value = log_facility_number(cp);
	  if (value == (SyslogFacility)-1)
	    fatal("%.200s line %d: unsupported log facility '%s'\n",
      	      filename, linenum, cp ? cp : "<NONE>");
	  if (*intptr == -1)
	    *intptr = (SyslogFacility)value;
	  break;

	case sLogLevel:
	  intptr = (int *)&options->log_level;
	  cp = strtok(NULL, WHITESPACE);
	  value = log_level_number(cp);
	  if (value == (LogLevel)-1)
	    fatal("%.200s line %d: unsupported log level '%s'\n",
      	      filename, linenum, cp ? cp : "<NONE>");
	  if (*intptr == -1)
	    *intptr = (LogLevel)value;
	  break;
	  
	case sAllowUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_users >= MAX_ALLOW_USERS)
		{
		  fprintf(stderr, "%s line %d: too many allow users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_users[options->num_allow_users++] = xstrdup(cp);
	    }
	  break;

	case sDenyUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_users >= MAX_DENY_USERS)
		{
		  fprintf(stderr, "%s line %d: too many deny users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_users[options->num_deny_users++] = xstrdup(cp);
	    }
	  break;

	case sAllowGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many allow groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
	    }
	  break;

	case sDenyGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_groups >= MAX_DENY_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many deny groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
	    }
	  break;

	default:
	  fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
		  filename, linenum, cp, opcode);
	  exit(1);
	}
      if (strtok(NULL, WHITESPACE) != NULL)
	{
	  fprintf(stderr, "%s line %d: garbage at end of line.\n",
		  filename, linenum);
	  exit(1);
	}
    }
  fclose(f);
  if (bad_options > 0) {
    fprintf(stderr, "%s: terminating, %d bad configuration options\n", 
	    filename, bad_options);
    exit(1);
  }
}
Commit	Line	Data
8efc0c15	1	/*
	2
	3	servconf.c
	4
	5	Author: Tatu Ylonen <ylo@cs.hut.fi>
	6
	7	Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	All rights reserved
	9
	10	Created: Mon Aug 21 15:48:58 1995 ylo
	11
	12	*/
	13
	14	#include "includes.h"
	15	RCSID("$Id$");
	16
	17	#include "ssh.h"
	18	#include "servconf.h"
	19	#include "xmalloc.h"
	20
	21	/* Initializes the server options to their default values. */
	22
	23	void initialize_server_options(ServerOptions *options)
	24	{
	25	memset(options, 0, sizeof(*options));
	26	options->port = -1;
	27	options->listen_addr.s_addr = htonl(INADDR_ANY);
	28	options->host_key_file = NULL;
	29	options->server_key_bits = -1;
	30	options->login_grace_time = -1;
	31	options->key_regeneration_time = -1;
	32	options->permit_root_login = -1;
	33	options->ignore_rhosts = -1;
b4748e2f	34	options->ignore_user_known_hosts = -1;
8efc0c15	35	options->print_motd = -1;
	36	options->check_mail = -1;
	37	options->x11_forwarding = -1;
	38	options->x11_display_offset = -1;
	39	options->strict_modes = -1;
	40	options->keepalives = -1;
	41	options->log_facility = (SyslogFacility)-1;
6a17f9c2	42	options->log_level = (LogLevel)-1;
8efc0c15	43	options->rhosts_authentication = -1;
	44	options->rhosts_rsa_authentication = -1;
	45	options->rsa_authentication = -1;
	46	#ifdef KRB4
	47	options->kerberos_authentication = -1;
	48	options->kerberos_or_local_passwd = -1;
	49	options->kerberos_ticket_cleanup = -1;
	50	#endif
	51	#ifdef AFS
	52	options->kerberos_tgt_passing = -1;
	53	options->afs_token_passing = -1;
	54	#endif
	55	options->password_authentication = -1;
	56	#ifdef SKEY
	57	options->skey_authentication = -1;
	58	#endif
	59	options->permit_empty_passwd = -1;
	60	options->use_login = -1;
	61	options->num_allow_users = 0;
	62	options->num_deny_users = 0;
	63	options->num_allow_groups = 0;
	64	options->num_deny_groups = 0;
	65	}
	66
	67	void fill_default_server_options(ServerOptions *options)
	68	{
	69	if (options->port == -1)
	70	{
	71	struct servent *sp;
	72
	73	sp = getservbyname(SSH_SERVICE_NAME, "tcp");
	74	if (sp)
	75	options->port = ntohs(sp->s_port);
	76	else
	77	options->port = SSH_DEFAULT_PORT;
	78	endservent();
	79	}
	80	if (options->host_key_file == NULL)
	81	options->host_key_file = HOST_KEY_FILE;
	82	if (options->server_key_bits == -1)
	83	options->server_key_bits = 768;
	84	if (options->login_grace_time == -1)
	85	options->login_grace_time = 600;
	86	if (options->key_regeneration_time == -1)
	87	options->key_regeneration_time = 3600;
	88	if (options->permit_root_login == -1)
	89	options->permit_root_login = 1; /* yes */
	90	if (options->ignore_rhosts == -1)
	91	options->ignore_rhosts = 0;
b4748e2f	92	if (options->ignore_user_known_hosts == -1)
b4748e2f	93	options->ignore_user_known_hosts = 0;
8efc0c15	94	if (options->check_mail == -1)
8efc0c15	95	options->check_mail = 0;
8efc0c15	96	if (options->print_motd == -1)
	97	options->print_motd = 1;
	98	if (options->x11_forwarding == -1)
	99	options->x11_forwarding = 1;
	100	if (options->x11_display_offset == -1)
	101	options->x11_display_offset = 1;
	102	if (options->strict_modes == -1)
	103	options->strict_modes = 1;
	104	if (options->keepalives == -1)
	105	options->keepalives = 1;
	106	if (options->log_facility == (SyslogFacility)(-1))
	107	options->log_facility = SYSLOG_FACILITY_AUTH;
6a17f9c2	108	if (options->log_level == (LogLevel)(-1))
6a17f9c2	109	options->log_level = SYSLOG_LEVEL_INFO;
8efc0c15	110	if (options->rhosts_authentication == -1)
	111	options->rhosts_authentication = 0;
	112	if (options->rhosts_rsa_authentication == -1)
	113	options->rhosts_rsa_authentication = 1;
	114	if (options->rsa_authentication == -1)
	115	options->rsa_authentication = 1;
	116	#ifdef KRB4
	117	if (options->kerberos_authentication == -1)
	118	options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	119	if (options->kerberos_or_local_passwd == -1)
	120	options->kerberos_or_local_passwd = 1;
	121	if (options->kerberos_ticket_cleanup == -1)
	122	options->kerberos_ticket_cleanup = 1;
	123	#endif /* KRB4 */
	124	#ifdef AFS
	125	if (options->kerberos_tgt_passing == -1)
	126	options->kerberos_tgt_passing = 0;
	127	if (options->afs_token_passing == -1)
	128	options->afs_token_passing = k_hasafs();
	129	#endif /* AFS */
	130	if (options->password_authentication == -1)
	131	options->password_authentication = 1;
	132	#ifdef SKEY
	133	if (options->skey_authentication == -1)
	134	options->skey_authentication = 1;
	135	#endif
	136	if (options->permit_empty_passwd == -1)
	137	options->permit_empty_passwd = 1;
	138	if (options->use_login == -1)
	139	options->use_login = 0;
	140	}
	141
	142	#define WHITESPACE " \t\r\n"
	143
	144	/* Keyword tokens. */
	145	typedef enum
	146	{
6fa724bc	147	sBadOption, /* == unknown option */
8efc0c15	148	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
6a17f9c2	149	sPermitRootLogin, sLogFacility, sLogLevel,
8efc0c15	150	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
	151	#ifdef KRB4
	152	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
	153	#endif
	154	#ifdef AFS
	155	sKerberosTgtPassing, sAFSTokenPassing,
	156	#endif
	157	#ifdef SKEY
	158	sSkeyAuthentication,
	159	#endif
	160	sPasswordAuthentication, sListenAddress,
	161	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	162	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
b4748e2f	163	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b4748e2f	164	sIgnoreUserKnownHosts
8efc0c15	165	} ServerOpCodes;
	166
	167	/* Textual representation of the tokens. */
	168	static struct
	169	{
	170	const char *name;
	171	ServerOpCodes opcode;
	172	} keywords[] =
	173	{
	174	{ "port", sPort },
	175	{ "hostkey", sHostKeyFile },
	176	{ "serverkeybits", sServerKeyBits },
	177	{ "logingracetime", sLoginGraceTime },
	178	{ "keyregenerationinterval", sKeyRegenerationTime },
	179	{ "permitrootlogin", sPermitRootLogin },
8efc0c15	180	{ "syslogfacility", sLogFacility },
6a17f9c2	181	{ "loglevel", sLogLevel },
8efc0c15	182	{ "rhostsauthentication", sRhostsAuthentication },
	183	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	184	{ "rsaauthentication", sRSAAuthentication },
	185	#ifdef KRB4
	186	{ "kerberosauthentication", sKerberosAuthentication },
	187	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	188	{ "kerberosticketcleanup", sKerberosTicketCleanup },
	189	#endif
	190	#ifdef AFS
	191	{ "kerberostgtpassing", sKerberosTgtPassing },
	192	{ "afstokenpassing", sAFSTokenPassing },
	193	#endif
	194	{ "passwordauthentication", sPasswordAuthentication },
	195	#ifdef SKEY
	196	{ "skeyauthentication", sSkeyAuthentication },
	197	#endif
	198	{ "checkmail", sCheckMail },
	199	{ "listenaddress", sListenAddress },
	200	{ "printmotd", sPrintMotd },
	201	{ "ignorerhosts", sIgnoreRhosts },
b4748e2f	202	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
8efc0c15	203	{ "x11forwarding", sX11Forwarding },
	204	{ "x11displayoffset", sX11DisplayOffset },
	205	{ "strictmodes", sStrictModes },
	206	{ "permitemptypasswords", sEmptyPasswd },
	207	{ "uselogin", sUseLogin },
	208	{ "randomseed", sRandomSeedFile },
	209	{ "keepalive", sKeepAlives },
	210	{ "allowusers", sAllowUsers },
	211	{ "denyusers", sDenyUsers },
	212	{ "allowgroups", sAllowGroups },
	213	{ "denygroups", sDenyGroups },
	214	{ NULL, 0 }
	215	};
	216
8efc0c15	217	/* Returns the number of the token pointed to by cp of length len.
	218	Never returns if the token is not known. */
	219
	220	static ServerOpCodes parse_token(const char cp, const char filename,
	221	int linenum)
	222	{
	223	unsigned int i;
	224
	225	for (i = 0; keywords[i].name; i++)
	226	if (strcmp(cp, keywords[i].name) == 0)
	227	return keywords[i].opcode;
	228
6fa724bc	229	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
8efc0c15	230	filename, linenum, cp);
6fa724bc	231	return sBadOption;
8efc0c15	232	}
	233
	234	/* Reads the server configuration file. */
	235
	236	void read_server_config(ServerOptions options, const char filename)
	237	{
	238	FILE *f;
	239	char line[1024];
	240	char cp, *charptr;
9d6b7add	241	int linenum, *intptr, value;
6fa724bc	242	int bad_options = 0;
8efc0c15	243	ServerOpCodes opcode;
	244
	245	f = fopen(filename, "r");
	246	if (!f)
	247	{
	248	perror(filename);
	249	exit(1);
	250	}
	251
	252	linenum = 0;
	253	while (fgets(line, sizeof(line), f))
	254	{
	255	linenum++;
	256	cp = line + strspn(line, WHITESPACE);
	257	if (!cp \|\| cp == '#')
	258	continue;
	259	cp = strtok(cp, WHITESPACE);
	260	{
	261	char *t = cp;
	262	for (; *t != 0; t++)
	263	if ('A' <= t && t <= 'Z')
	264	t = t - 'A' + 'a'; /* tolower */
	265
	266	}
	267	opcode = parse_token(cp, filename, linenum);
	268	switch (opcode)
	269	{
6fa724bc	270	case sBadOption:
	271	bad_options++;
	272	continue;
8efc0c15	273	case sPort:
	274	intptr = &options->port;
	275	parse_int:
	276	cp = strtok(NULL, WHITESPACE);
	277	if (!cp)
	278	{
	279	fprintf(stderr, "%s line %d: missing integer value.\n",
	280	filename, linenum);
	281	exit(1);
	282	}
	283	value = atoi(cp);
	284	if (*intptr == -1)
	285	*intptr = value;
	286	break;
	287
	288	case sServerKeyBits:
	289	intptr = &options->server_key_bits;
	290	goto parse_int;
	291
	292	case sLoginGraceTime:
	293	intptr = &options->login_grace_time;
	294	goto parse_int;
	295
	296	case sKeyRegenerationTime:
	297	intptr = &options->key_regeneration_time;
	298	goto parse_int;
	299
	300	case sListenAddress:
	301	cp = strtok(NULL, WHITESPACE);
	302	if (!cp)
	303	{
	304	fprintf(stderr, "%s line %d: missing inet addr.\n",
	305	filename, linenum);
	306	exit(1);
	307	}
	308	options->listen_addr.s_addr = inet_addr(cp);
	309	break;
	310
	311	case sHostKeyFile:
	312	charptr = &options->host_key_file;
	313	cp = strtok(NULL, WHITESPACE);
	314	if (!cp)
	315	{
	316	fprintf(stderr, "%s line %d: missing file name.\n",
	317	filename, linenum);
	318	exit(1);
	319	}
	320	if (*charptr == NULL)
	321	*charptr = tilde_expand_filename(cp, getuid());
	322	break;
	323
	324	case sRandomSeedFile:
	325	fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
	326	filename, linenum);
	327	cp = strtok(NULL, WHITESPACE);
	328	break;
	329
	330	case sPermitRootLogin:
	331	intptr = &options->permit_root_login;
	332	cp = strtok(NULL, WHITESPACE);
	333	if (!cp)
	334	{
	335	fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
	336	filename, linenum);
337	exit(1);
338	}
339	if (strcmp(cp, "without-password") == 0)
340	value = 2;
341	else if (strcmp(cp, "yes") == 0)
342	value = 1;
343	else if (strcmp(cp, "no") == 0)
344	value = 0;
345	else
346	{
347	fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
348	filename, linenum, cp);
349	exit(1);
350	}
351	if (*intptr == -1)
352	*intptr = value;
353	break;
354
355	case sIgnoreRhosts:
356	intptr = &options->ignore_rhosts;
357	parse_flag:
358	cp = strtok(NULL, WHITESPACE);
359	if (!cp)
360	{
361	fprintf(stderr, "%s line %d: missing yes/no argument.\n",
362	filename, linenum);
363	exit(1);
364	}
365	if (strcmp(cp, "yes") == 0)
366	value = 1;
367	else
368	if (strcmp(cp, "no") == 0)
369	value = 0;
370	else
371	{
372	fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
373	filename, linenum, cp);
374	exit(1);
375	}
376	if (*intptr == -1)
377	*intptr = value;
378	break;
b4748e2f	379
	380	case sIgnoreUserKnownHosts:
	381	intptr = &options->ignore_user_known_hosts;
	382	goto parse_int;
	383
8efc0c15	384	case sRhostsAuthentication:
	385	intptr = &options->rhosts_authentication;
	386	goto parse_flag;
	387
	388	case sRhostsRSAAuthentication:
	389	intptr = &options->rhosts_rsa_authentication;
	390	goto parse_flag;
	391
	392	case sRSAAuthentication:
	393	intptr = &options->rsa_authentication;
	394	goto parse_flag;
	395
	396	#ifdef KRB4
	397	case sKerberosAuthentication:
	398	intptr = &options->kerberos_authentication;
	399	goto parse_flag;
	400
	401	case sKerberosOrLocalPasswd:
	402	intptr = &options->kerberos_or_local_passwd;
	403	goto parse_flag;
	404
	405	case sKerberosTicketCleanup:
	406	intptr = &options->kerberos_ticket_cleanup;
	407	goto parse_flag;
	408	#endif
	409
	410	#ifdef AFS
	411	case sKerberosTgtPassing:
	412	intptr = &options->kerberos_tgt_passing;
	413	goto parse_flag;
	414
	415	case sAFSTokenPassing:
	416	intptr = &options->afs_token_passing;
	417	goto parse_flag;
	418	#endif
	419
	420	case sPasswordAuthentication:
	421	intptr = &options->password_authentication;
	422	goto parse_flag;
	423
	424	case sCheckMail:
	425	intptr = &options->check_mail;
	426	goto parse_flag;
	427
	428	#ifdef SKEY
	429	case sSkeyAuthentication:
	430	intptr = &options->skey_authentication;
	431	goto parse_flag;
	432	#endif
	433
	434	case sPrintMotd:
	435	intptr = &options->print_motd;
	436	goto parse_flag;
	437
	438	case sX11Forwarding:
	439	intptr = &options->x11_forwarding;
	440	goto parse_flag;
	441
	442	case sX11DisplayOffset:
	443	intptr = &options->x11_display_offset;
	444	goto parse_int;
	445
	446	case sStrictModes:
	447	intptr = &options->strict_modes;
448	goto parse_flag;
449
450	case sKeepAlives:
451	intptr = &options->keepalives;
452	goto parse_flag;
453
454	case sEmptyPasswd:
455	intptr = &options->permit_empty_passwd;
456	goto parse_flag;
457
458	case sUseLogin:
459	intptr = &options->use_login;
460	goto parse_flag;
461
462	case sLogFacility:
9d6b7add	463	intptr = (int *)&options->log_facility;
8efc0c15	464	cp = strtok(NULL, WHITESPACE);
9d6b7add	465	value = log_facility_number(cp);
	466	if (value == (SyslogFacility)-1)
	467	fatal("%.200s line %d: unsupported log facility '%s'\n",
	468	filename, linenum, cp ? cp : "<NONE>");
	469	if (*intptr == -1)
	470	*intptr = (SyslogFacility)value;
8efc0c15	471	break;
6a17f9c2	472
6a17f9c2	473	case sLogLevel:
9d6b7add	474	intptr = (int *)&options->log_level;
6a17f9c2	475	cp = strtok(NULL, WHITESPACE);
9d6b7add	476	value = log_level_number(cp);
	477	if (value == (LogLevel)-1)
	478	fatal("%.200s line %d: unsupported log level '%s'\n",
	479	filename, linenum, cp ? cp : "<NONE>");
	480	if (*intptr == -1)
	481	*intptr = (LogLevel)value;
6a17f9c2	482	break;
8efc0c15	483
	484	case sAllowUsers:
	485	while ((cp = strtok(NULL, WHITESPACE)))
	486	{
	487	if (options->num_allow_users >= MAX_ALLOW_USERS)
	488	{
	489	fprintf(stderr, "%s line %d: too many allow users.\n",
	490	filename, linenum);
	491	exit(1);
	492	}
	493	options->allow_users[options->num_allow_users++] = xstrdup(cp);
	494	}
	495	break;
	496
	497	case sDenyUsers:
	498	while ((cp = strtok(NULL, WHITESPACE)))
	499	{
	500	if (options->num_deny_users >= MAX_DENY_USERS)
	501	{
	502	fprintf(stderr, "%s line %d: too many deny users.\n",
	503	filename, linenum);
	504	exit(1);
	505	}
	506	options->deny_users[options->num_deny_users++] = xstrdup(cp);
	507	}
	508	break;
	509
	510	case sAllowGroups:
	511	while ((cp = strtok(NULL, WHITESPACE)))
	512	{
	513	if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
	514	{
	515	fprintf(stderr, "%s line %d: too many allow groups.\n",
	516	filename, linenum);
	517	exit(1);
	518	}
	519	options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
	520	}
	521	break;
	522
	523	case sDenyGroups:
	524	while ((cp = strtok(NULL, WHITESPACE)))
	525	{
	526	if (options->num_deny_groups >= MAX_DENY_GROUPS)
	527	{
	528	fprintf(stderr, "%s line %d: too many deny groups.\n",
	529	filename, linenum);
	530	exit(1);
	531	}
	532	options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
	533	}
	534	break;
	535
	536	default:
	537	fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
	538	filename, linenum, cp, opcode);
	539	exit(1);
	540	}
	541	if (strtok(NULL, WHITESPACE) != NULL)
	542	{
	543	fprintf(stderr, "%s line %d: garbage at end of line.\n",
	544	filename, linenum);
	545	exit(1);
	546	}
547	}
548	fclose(f);
6fa724bc	549	if (bad_options > 0) {
	550	fprintf(stderr, "%s: terminating, %d bad configuration options\n",
	551	filename, bad_options);
	552	exit(1);
	553	}
8efc0c15	554	}