]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2002/01/29 14:27:57
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
e6e573bd 13RCSID("$OpenBSD: servconf.c,v 1.99 2002/01/27 14:57:46 stevesk Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
e15895cd 46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
48e671d5 51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
fa08c86b 54 options->num_host_key_files = 0;
0fbe8c74 55 options->pid_file = NULL;
5260325f 56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
15853e93 59 options->permit_root_login = PERMIT_NOT_SET;
5260325f 60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
4f4648f9 63 options->print_lastlog = -1;
5260325f 64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
e6e573bd 66 options->x11_use_localhost = -1;
fa649821 67 options->xauth_location = NULL;
5260325f 68 options->strict_modes = -1;
69 options->keepalives = -1;
70 options->log_facility = (SyslogFacility) - 1;
71 options->log_level = (LogLevel) - 1;
72 options->rhosts_authentication = -1;
73 options->rhosts_rsa_authentication = -1;
8002af61 74 options->hostbased_authentication = -1;
75 options->hostbased_uses_name_from_packet_only = -1;
5260325f 76 options->rsa_authentication = -1;
fa08c86b 77 options->pubkey_authentication = -1;
ced49be2 78#if defined(KRB4) || defined(KRB5)
5260325f 79 options->kerberos_authentication = -1;
80 options->kerberos_or_local_passwd = -1;
81 options->kerberos_ticket_cleanup = -1;
8efc0c15 82#endif
ced49be2 83#if defined(AFS) || defined(KRB5)
5260325f 84 options->kerberos_tgt_passing = -1;
ced49be2 85#endif
86#ifdef AFS
5260325f 87 options->afs_token_passing = -1;
8efc0c15 88#endif
5260325f 89 options->password_authentication = -1;
94ec8c6b 90 options->kbd_interactive_authentication = -1;
5ba55ada 91 options->challenge_response_authentication = -1;
5260325f 92 options->permit_empty_passwd = -1;
93 options->use_login = -1;
33de75a3 94 options->allow_tcp_forwarding = -1;
5260325f 95 options->num_allow_users = 0;
96 options->num_deny_users = 0;
97 options->num_allow_groups = 0;
98 options->num_deny_groups = 0;
a8be9f80 99 options->ciphers = NULL;
b2552997 100 options->macs = NULL;
a8be9f80 101 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 102 options->gateway_ports = -1;
38c295d6 103 options->num_subsystems = 0;
c345cf9d 104 options->max_startups_begin = -1;
105 options->max_startups_rate = -1;
089fbbd2 106 options->max_startups = -1;
eea39c02 107 options->banner = NULL;
61e96248 108 options->reverse_mapping_check = -1;
3ffc6336 109 options->client_alive_interval = -1;
110 options->client_alive_count_max = -1;
c8445989 111 options->authorized_keys_file = NULL;
112 options->authorized_keys_file2 = NULL;
8efc0c15 113}
114
6ae2364d 115void
5260325f 116fill_default_server_options(ServerOptions *options)
8efc0c15 117{
e15895cd 118 /* Portable-specific options */
119 if (options->pam_authentication_via_kbd_int == -1)
120 options->pam_authentication_via_kbd_int = 0;
121
122 /* Standard Options */
fa08c86b 123 if (options->protocol == SSH_PROTO_UNKNOWN)
124 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
125 if (options->num_host_key_files == 0) {
126 /* fill default hostkeys for protocols */
127 if (options->protocol & SSH_PROTO_1)
0f84fe37 128 options->host_key_files[options->num_host_key_files++] =
129 _PATH_HOST_KEY_FILE;
130 if (options->protocol & SSH_PROTO_2) {
131 options->host_key_files[options->num_host_key_files++] =
132 _PATH_HOST_RSA_KEY_FILE;
133 options->host_key_files[options->num_host_key_files++] =
134 _PATH_HOST_DSA_KEY_FILE;
135 }
fa08c86b 136 }
48e671d5 137 if (options->num_ports == 0)
138 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
139 if (options->listen_addrs == NULL)
2d2a2c65 140 add_listen_addr(options, NULL, 0);
0fbe8c74 141 if (options->pid_file == NULL)
42f11eb2 142 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 143 if (options->server_key_bits == -1)
144 options->server_key_bits = 768;
145 if (options->login_grace_time == -1)
146 options->login_grace_time = 600;
147 if (options->key_regeneration_time == -1)
148 options->key_regeneration_time = 3600;
15853e93 149 if (options->permit_root_login == PERMIT_NOT_SET)
150 options->permit_root_login = PERMIT_YES;
5260325f 151 if (options->ignore_rhosts == -1)
c8d54615 152 options->ignore_rhosts = 1;
5260325f 153 if (options->ignore_user_known_hosts == -1)
154 options->ignore_user_known_hosts = 0;
5260325f 155 if (options->print_motd == -1)
156 options->print_motd = 1;
4f4648f9 157 if (options->print_lastlog == -1)
158 options->print_lastlog = 1;
5260325f 159 if (options->x11_forwarding == -1)
c8d54615 160 options->x11_forwarding = 0;
5260325f 161 if (options->x11_display_offset == -1)
c8d54615 162 options->x11_display_offset = 10;
e6e573bd 163 if (options->x11_use_localhost == -1)
164 options->x11_use_localhost = 1;
fa649821 165 if (options->xauth_location == NULL)
fd9ede94 166 options->xauth_location = _PATH_XAUTH;
5260325f 167 if (options->strict_modes == -1)
168 options->strict_modes = 1;
169 if (options->keepalives == -1)
170 options->keepalives = 1;
171 if (options->log_facility == (SyslogFacility) (-1))
172 options->log_facility = SYSLOG_FACILITY_AUTH;
173 if (options->log_level == (LogLevel) (-1))
59c97189 174 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 175 if (options->rhosts_authentication == -1)
176 options->rhosts_authentication = 0;
177 if (options->rhosts_rsa_authentication == -1)
c8d54615 178 options->rhosts_rsa_authentication = 0;
8002af61 179 if (options->hostbased_authentication == -1)
180 options->hostbased_authentication = 0;
181 if (options->hostbased_uses_name_from_packet_only == -1)
182 options->hostbased_uses_name_from_packet_only = 0;
5260325f 183 if (options->rsa_authentication == -1)
184 options->rsa_authentication = 1;
fa08c86b 185 if (options->pubkey_authentication == -1)
186 options->pubkey_authentication = 1;
ced49be2 187#if defined(KRB4) || defined(KRB5)
5260325f 188 if (options->kerberos_authentication == -1)
189 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
190 if (options->kerberos_or_local_passwd == -1)
191 options->kerberos_or_local_passwd = 1;
192 if (options->kerberos_ticket_cleanup == -1)
193 options->kerberos_ticket_cleanup = 1;
ced49be2 194#endif
195#if defined(AFS) || defined(KRB5)
5260325f 196 if (options->kerberos_tgt_passing == -1)
197 options->kerberos_tgt_passing = 0;
ced49be2 198#endif
184eed6a 199#ifdef AFS
5260325f 200 if (options->afs_token_passing == -1)
201 options->afs_token_passing = k_hasafs();
ced49be2 202#endif
5260325f 203 if (options->password_authentication == -1)
204 options->password_authentication = 1;
94ec8c6b 205 if (options->kbd_interactive_authentication == -1)
206 options->kbd_interactive_authentication = 0;
5ba55ada 207 if (options->challenge_response_authentication == -1)
208 options->challenge_response_authentication = 1;
5260325f 209 if (options->permit_empty_passwd == -1)
c8d54615 210 options->permit_empty_passwd = 0;
5260325f 211 if (options->use_login == -1)
212 options->use_login = 0;
33de75a3 213 if (options->allow_tcp_forwarding == -1)
214 options->allow_tcp_forwarding = 1;
1d1ffb87 215 if (options->gateway_ports == -1)
216 options->gateway_ports = 0;
089fbbd2 217 if (options->max_startups == -1)
218 options->max_startups = 10;
c345cf9d 219 if (options->max_startups_rate == -1)
220 options->max_startups_rate = 100; /* 100% */
221 if (options->max_startups_begin == -1)
222 options->max_startups_begin = options->max_startups;
61e96248 223 if (options->reverse_mapping_check == -1)
224 options->reverse_mapping_check = 0;
3ffc6336 225 if (options->client_alive_interval == -1)
184eed6a 226 options->client_alive_interval = 0;
3ffc6336 227 if (options->client_alive_count_max == -1)
228 options->client_alive_count_max = 3;
5df83e07 229 if (options->authorized_keys_file2 == NULL) {
230 /* authorized_keys_file2 falls back to authorized_keys_file */
231 if (options->authorized_keys_file != NULL)
232 options->authorized_keys_file2 = options->authorized_keys_file;
233 else
234 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
235 }
236 if (options->authorized_keys_file == NULL)
237 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
8efc0c15 238}
239
8efc0c15 240/* Keyword tokens. */
5260325f 241typedef enum {
242 sBadOption, /* == unknown option */
e15895cd 243 /* Portable-specific options */
244 sPAMAuthenticationViaKbdInt,
245 /* Standard Options */
5260325f 246 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
247 sPermitRootLogin, sLogFacility, sLogLevel,
248 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 249#if defined(KRB4) || defined(KRB5)
5260325f 250 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 251#endif
ced49be2 252#if defined(AFS) || defined(KRB5)
253 sKerberosTgtPassing,
254#endif
8efc0c15 255#ifdef AFS
ced49be2 256 sAFSTokenPassing,
8efc0c15 257#endif
d464095c 258 sChallengeResponseAuthentication,
94ec8c6b 259 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 260 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
e6e573bd 261 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
5c53a31e 262 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 263 sUseLogin, sAllowTcpForwarding,
264 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 265 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 266 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 267 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
184eed6a 268 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 269 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2717fa0f 270 sDeprecated
8efc0c15 271} ServerOpCodes;
272
273/* Textual representation of the tokens. */
5260325f 274static struct {
275 const char *name;
276 ServerOpCodes opcode;
277} keywords[] = {
e15895cd 278 /* Portable-specific options */
279 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
280 /* Standard Options */
5260325f 281 { "port", sPort },
282 { "hostkey", sHostKeyFile },
fa08c86b 283 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 284 { "pidfile", sPidFile },
5260325f 285 { "serverkeybits", sServerKeyBits },
286 { "logingracetime", sLoginGraceTime },
287 { "keyregenerationinterval", sKeyRegenerationTime },
288 { "permitrootlogin", sPermitRootLogin },
289 { "syslogfacility", sLogFacility },
290 { "loglevel", sLogLevel },
291 { "rhostsauthentication", sRhostsAuthentication },
292 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 293 { "hostbasedauthentication", sHostbasedAuthentication },
294 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 295 { "rsaauthentication", sRSAAuthentication },
fa08c86b 296 { "pubkeyauthentication", sPubkeyAuthentication },
297 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 298#if defined(KRB4) || defined(KRB5)
5260325f 299 { "kerberosauthentication", sKerberosAuthentication },
300 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
301 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 302#endif
ced49be2 303#if defined(AFS) || defined(KRB5)
5260325f 304 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 305#endif
306#ifdef AFS
5260325f 307 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 308#endif
5260325f 309 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 310 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 311 { "challengeresponseauthentication", sChallengeResponseAuthentication },
312 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 313 { "checkmail", sDeprecated },
5260325f 314 { "listenaddress", sListenAddress },
315 { "printmotd", sPrintMotd },
4f4648f9 316 { "printlastlog", sPrintLastLog },
5260325f 317 { "ignorerhosts", sIgnoreRhosts },
318 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
319 { "x11forwarding", sX11Forwarding },
320 { "x11displayoffset", sX11DisplayOffset },
e6e573bd 321 { "x11uselocalhost", sX11UseLocalhost },
fa649821 322 { "xauthlocation", sXAuthLocation },
5260325f 323 { "strictmodes", sStrictModes },
324 { "permitemptypasswords", sEmptyPasswd },
325 { "uselogin", sUseLogin },
5260325f 326 { "keepalive", sKeepAlives },
33de75a3 327 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 328 { "allowusers", sAllowUsers },
329 { "denyusers", sDenyUsers },
330 { "allowgroups", sAllowGroups },
331 { "denygroups", sDenyGroups },
a8be9f80 332 { "ciphers", sCiphers },
b2552997 333 { "macs", sMacs },
a8be9f80 334 { "protocol", sProtocol },
1d1ffb87 335 { "gatewayports", sGatewayPorts },
38c295d6 336 { "subsystem", sSubsystem },
089fbbd2 337 { "maxstartups", sMaxStartups },
eea39c02 338 { "banner", sBanner },
61e96248 339 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 340 { "clientaliveinterval", sClientAliveInterval },
341 { "clientalivecountmax", sClientAliveCountMax },
c8445989 342 { "authorizedkeysfile", sAuthorizedKeysFile },
343 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
17a3011c 344 { NULL, sBadOption }
8efc0c15 345};
346
aa3378df 347/*
6be9a5e8 348 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 349 */
8efc0c15 350
6ae2364d 351static ServerOpCodes
5260325f 352parse_token(const char *cp, const char *filename,
353 int linenum)
8efc0c15 354{
1e3b8b07 355 u_int i;
8efc0c15 356
5260325f 357 for (i = 0; keywords[i].name; i++)
aa3378df 358 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 359 return keywords[i].opcode;
8efc0c15 360
b7c70970 361 error("%s: line %d: Bad configuration option: %s",
362 filename, linenum, cp);
5260325f 363 return sBadOption;
8efc0c15 364}
365
396c147e 366static void
2d2a2c65 367add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 368{
48e671d5 369 int i;
370
371 if (options->num_ports == 0)
372 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 373 if (port == 0)
d11c1288 374 for (i = 0; i < options->num_ports; i++)
375 add_one_listen_addr(options, addr, options->ports[i]);
376 else
2d2a2c65 377 add_one_listen_addr(options, addr, port);
d11c1288 378}
379
396c147e 380static void
d11c1288 381add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
382{
383 struct addrinfo hints, *ai, *aitop;
384 char strport[NI_MAXSERV];
385 int gaierr;
386
387 memset(&hints, 0, sizeof(hints));
388 hints.ai_family = IPv4or6;
389 hints.ai_socktype = SOCK_STREAM;
390 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
391 snprintf(strport, sizeof strport, "%d", port);
392 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
393 fatal("bad addr or host: %s (%s)",
394 addr ? addr : "<NULL>",
395 gai_strerror(gaierr));
396 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
397 ;
398 ai->ai_next = options->listen_addrs;
399 options->listen_addrs = aitop;
48e671d5 400}
401
2717fa0f 402int
403process_server_config_line(ServerOptions *options, char *line,
404 const char *filename, int linenum)
8efc0c15 405{
d11c1288 406 char *cp, **charptr, *arg, *p;
2717fa0f 407 int *intptr, value;
5260325f 408 ServerOpCodes opcode;
97de229c 409 int i, n;
5260325f 410
2717fa0f 411 cp = line;
412 arg = strdelim(&cp);
413 /* Ignore leading whitespace */
414 if (*arg == '\0')
704b1659 415 arg = strdelim(&cp);
2717fa0f 416 if (!arg || !*arg || *arg == '#')
417 return 0;
418 intptr = NULL;
419 charptr = NULL;
420 opcode = parse_token(arg, filename, linenum);
421 switch (opcode) {
422 /* Portable-specific options */
423 case sPAMAuthenticationViaKbdInt:
424 intptr = &options->pam_authentication_via_kbd_int;
425 goto parse_flag;
48e671d5 426
2717fa0f 427 /* Standard Options */
428 case sBadOption:
429 return -1;
430 case sPort:
431 /* ignore ports from configfile if cmdline specifies ports */
432 if (options->ports_from_cmdline)
433 return 0;
434 if (options->listen_addrs != NULL)
435 fatal("%s line %d: ports must be specified before "
3a454b6a 436 "ListenAddress.", filename, linenum);
2717fa0f 437 if (options->num_ports >= MAX_PORTS)
438 fatal("%s line %d: too many ports.",
439 filename, linenum);
440 arg = strdelim(&cp);
441 if (!arg || *arg == '\0')
442 fatal("%s line %d: missing port number.",
443 filename, linenum);
444 options->ports[options->num_ports++] = a2port(arg);
445 if (options->ports[options->num_ports-1] == 0)
446 fatal("%s line %d: Badly formatted port number.",
447 filename, linenum);
448 break;
449
450 case sServerKeyBits:
451 intptr = &options->server_key_bits;
5260325f 452parse_int:
2717fa0f 453 arg = strdelim(&cp);
454 if (!arg || *arg == '\0')
455 fatal("%s line %d: missing integer value.",
456 filename, linenum);
457 value = atoi(arg);
458 if (*intptr == -1)
459 *intptr = value;
460 break;
461
462 case sLoginGraceTime:
463 intptr = &options->login_grace_time;
e2b1fb42 464parse_time:
2717fa0f 465 arg = strdelim(&cp);
466 if (!arg || *arg == '\0')
467 fatal("%s line %d: missing time value.",
468 filename, linenum);
469 if ((value = convtime(arg)) == -1)
470 fatal("%s line %d: invalid time value.",
471 filename, linenum);
472 if (*intptr == -1)
473 *intptr = value;
474 break;
475
476 case sKeyRegenerationTime:
477 intptr = &options->key_regeneration_time;
478 goto parse_time;
479
480 case sListenAddress:
481 arg = strdelim(&cp);
482 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
483 fatal("%s line %d: missing inet addr.",
484 filename, linenum);
485 if (*arg == '[') {
486 if ((p = strchr(arg, ']')) == NULL)
487 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 488 filename, linenum);
2717fa0f 489 arg++;
490 memmove(p, p+1, strlen(p+1)+1);
491 } else if (((p = strchr(arg, ':')) == NULL) ||
492 (strchr(p+1, ':') != NULL)) {
493 add_listen_addr(options, arg, 0);
e2b1fb42 494 break;
2717fa0f 495 }
496 if (*p == ':') {
497 u_short port;
5260325f 498
2717fa0f 499 p++;
500 if (*p == '\0')
501 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 502 filename, linenum);
2717fa0f 503 else {
504 *(p-1) = '\0';
505 if ((port = a2port(p)) == 0)
506 fatal("%s line %d: bad port number.",
d11c1288 507 filename, linenum);
2717fa0f 508 add_listen_addr(options, arg, port);
d11c1288 509 }
2717fa0f 510 } else if (*p == '\0')
511 add_listen_addr(options, arg, 0);
512 else
513 fatal("%s line %d: bad inet addr usage.",
514 filename, linenum);
515 break;
516
517 case sHostKeyFile:
518 intptr = &options->num_host_key_files;
519 if (*intptr >= MAX_HOSTKEYS)
520 fatal("%s line %d: too many host keys specified (max %d).",
521 filename, linenum, MAX_HOSTKEYS);
522 charptr = &options->host_key_files[*intptr];
fa649821 523parse_filename:
2717fa0f 524 arg = strdelim(&cp);
525 if (!arg || *arg == '\0')
526 fatal("%s line %d: missing file name.",
527 filename, linenum);
528 if (*charptr == NULL) {
529 *charptr = tilde_expand_filename(arg, getuid());
530 /* increase optional counter */
531 if (intptr != NULL)
532 *intptr = *intptr + 1;
533 }
534 break;
0fbe8c74 535
2717fa0f 536 case sPidFile:
537 charptr = &options->pid_file;
538 goto parse_filename;
5260325f 539
2717fa0f 540 case sPermitRootLogin:
541 intptr = &options->permit_root_login;
542 arg = strdelim(&cp);
543 if (!arg || *arg == '\0')
544 fatal("%s line %d: missing yes/"
545 "without-password/forced-commands-only/no "
546 "argument.", filename, linenum);
547 value = 0; /* silence compiler */
548 if (strcmp(arg, "without-password") == 0)
549 value = PERMIT_NO_PASSWD;
550 else if (strcmp(arg, "forced-commands-only") == 0)
551 value = PERMIT_FORCED_ONLY;
552 else if (strcmp(arg, "yes") == 0)
553 value = PERMIT_YES;
554 else if (strcmp(arg, "no") == 0)
555 value = PERMIT_NO;
556 else
557 fatal("%s line %d: Bad yes/"
558 "without-password/forced-commands-only/no "
559 "argument: %s", filename, linenum, arg);
560 if (*intptr == -1)
561 *intptr = value;
562 break;
563
564 case sIgnoreRhosts:
565 intptr = &options->ignore_rhosts;
5260325f 566parse_flag:
2717fa0f 567 arg = strdelim(&cp);
568 if (!arg || *arg == '\0')
569 fatal("%s line %d: missing yes/no argument.",
570 filename, linenum);
571 value = 0; /* silence compiler */
572 if (strcmp(arg, "yes") == 0)
573 value = 1;
574 else if (strcmp(arg, "no") == 0)
575 value = 0;
576 else
577 fatal("%s line %d: Bad yes/no argument: %s",
578 filename, linenum, arg);
579 if (*intptr == -1)
580 *intptr = value;
581 break;
582
583 case sIgnoreUserKnownHosts:
584 intptr = &options->ignore_user_known_hosts;
585 goto parse_flag;
586
587 case sRhostsAuthentication:
588 intptr = &options->rhosts_authentication;
589 goto parse_flag;
590
591 case sRhostsRSAAuthentication:
592 intptr = &options->rhosts_rsa_authentication;
593 goto parse_flag;
594
595 case sHostbasedAuthentication:
596 intptr = &options->hostbased_authentication;
597 goto parse_flag;
598
599 case sHostbasedUsesNameFromPacketOnly:
600 intptr = &options->hostbased_uses_name_from_packet_only;
601 goto parse_flag;
602
603 case sRSAAuthentication:
604 intptr = &options->rsa_authentication;
605 goto parse_flag;
606
607 case sPubkeyAuthentication:
608 intptr = &options->pubkey_authentication;
609 goto parse_flag;
610#if defined(KRB4) || defined(KRB5)
611 case sKerberosAuthentication:
612 intptr = &options->kerberos_authentication;
613 goto parse_flag;
5260325f 614
2717fa0f 615 case sKerberosOrLocalPasswd:
616 intptr = &options->kerberos_or_local_passwd;
617 goto parse_flag;
5260325f 618
2717fa0f 619 case sKerberosTicketCleanup:
620 intptr = &options->kerberos_ticket_cleanup;
621 goto parse_flag;
622#endif
623#if defined(AFS) || defined(KRB5)
624 case sKerberosTgtPassing:
625 intptr = &options->kerberos_tgt_passing;
626 goto parse_flag;
627#endif
628#ifdef AFS
629 case sAFSTokenPassing:
630 intptr = &options->afs_token_passing;
631 goto parse_flag;
632#endif
5260325f 633
2717fa0f 634 case sPasswordAuthentication:
635 intptr = &options->password_authentication;
636 goto parse_flag;
5260325f 637
2717fa0f 638 case sKbdInteractiveAuthentication:
639 intptr = &options->kbd_interactive_authentication;
640 goto parse_flag;
8002af61 641
2717fa0f 642 case sChallengeResponseAuthentication:
643 intptr = &options->challenge_response_authentication;
644 goto parse_flag;
8002af61 645
2717fa0f 646 case sPrintMotd:
647 intptr = &options->print_motd;
648 goto parse_flag;
5260325f 649
2717fa0f 650 case sPrintLastLog:
651 intptr = &options->print_lastlog;
652 goto parse_flag;
5260325f 653
2717fa0f 654 case sX11Forwarding:
655 intptr = &options->x11_forwarding;
656 goto parse_flag;
5260325f 657
2717fa0f 658 case sX11DisplayOffset:
659 intptr = &options->x11_display_offset;
660 goto parse_int;
8efc0c15 661
e6e573bd 662 case sX11UseLocalhost:
663 intptr = &options->x11_use_localhost;
664 goto parse_flag;
665
2717fa0f 666 case sXAuthLocation:
667 charptr = &options->xauth_location;
668 goto parse_filename;
5260325f 669
2717fa0f 670 case sStrictModes:
671 intptr = &options->strict_modes;
672 goto parse_flag;
5260325f 673
2717fa0f 674 case sKeepAlives:
675 intptr = &options->keepalives;
676 goto parse_flag;
33de75a3 677
2717fa0f 678 case sEmptyPasswd:
679 intptr = &options->permit_empty_passwd;
680 goto parse_flag;
5260325f 681
2717fa0f 682 case sUseLogin:
683 intptr = &options->use_login;
684 goto parse_flag;
5260325f 685
2717fa0f 686 case sGatewayPorts:
687 intptr = &options->gateway_ports;
688 goto parse_flag;
5260325f 689
2717fa0f 690 case sReverseMappingCheck:
691 intptr = &options->reverse_mapping_check;
692 goto parse_flag;
5260325f 693
2717fa0f 694 case sLogFacility:
695 intptr = (int *) &options->log_facility;
696 arg = strdelim(&cp);
697 value = log_facility_number(arg);
698 if (value == (SyslogFacility) - 1)
699 fatal("%.200s line %d: unsupported log facility '%s'",
700 filename, linenum, arg ? arg : "<NONE>");
701 if (*intptr == -1)
702 *intptr = (SyslogFacility) value;
703 break;
704
705 case sLogLevel:
706 intptr = (int *) &options->log_level;
707 arg = strdelim(&cp);
708 value = log_level_number(arg);
709 if (value == (LogLevel) - 1)
710 fatal("%.200s line %d: unsupported log level '%s'",
711 filename, linenum, arg ? arg : "<NONE>");
712 if (*intptr == -1)
713 *intptr = (LogLevel) value;
714 break;
715
716 case sAllowTcpForwarding:
717 intptr = &options->allow_tcp_forwarding;
718 goto parse_flag;
719
720 case sAllowUsers:
721 while ((arg = strdelim(&cp)) && *arg != '\0') {
722 if (options->num_allow_users >= MAX_ALLOW_USERS)
723 fatal("%s line %d: too many allow users.",
724 filename, linenum);
725 options->allow_users[options->num_allow_users++] = xstrdup(arg);
726 }
727 break;
a8be9f80 728
2717fa0f 729 case sDenyUsers:
730 while ((arg = strdelim(&cp)) && *arg != '\0') {
731 if (options->num_deny_users >= MAX_DENY_USERS)
732 fatal( "%s line %d: too many deny users.",
733 filename, linenum);
734 options->deny_users[options->num_deny_users++] = xstrdup(arg);
735 }
736 break;
b2552997 737
2717fa0f 738 case sAllowGroups:
739 while ((arg = strdelim(&cp)) && *arg != '\0') {
740 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
741 fatal("%s line %d: too many allow groups.",
742 filename, linenum);
743 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
744 }
745 break;
a8be9f80 746
2717fa0f 747 case sDenyGroups:
748 while ((arg = strdelim(&cp)) && *arg != '\0') {
749 if (options->num_deny_groups >= MAX_DENY_GROUPS)
750 fatal("%s line %d: too many deny groups.",
751 filename, linenum);
752 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
753 }
754 break;
38c295d6 755
2717fa0f 756 case sCiphers:
757 arg = strdelim(&cp);
758 if (!arg || *arg == '\0')
759 fatal("%s line %d: Missing argument.", filename, linenum);
760 if (!ciphers_valid(arg))
761 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
762 filename, linenum, arg ? arg : "<NONE>");
763 if (options->ciphers == NULL)
764 options->ciphers = xstrdup(arg);
765 break;
766
767 case sMacs:
768 arg = strdelim(&cp);
769 if (!arg || *arg == '\0')
770 fatal("%s line %d: Missing argument.", filename, linenum);
771 if (!mac_valid(arg))
772 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
773 filename, linenum, arg ? arg : "<NONE>");
774 if (options->macs == NULL)
775 options->macs = xstrdup(arg);
776 break;
777
778 case sProtocol:
779 intptr = &options->protocol;
780 arg = strdelim(&cp);
781 if (!arg || *arg == '\0')
782 fatal("%s line %d: Missing argument.", filename, linenum);
783 value = proto_spec(arg);
784 if (value == SSH_PROTO_UNKNOWN)
785 fatal("%s line %d: Bad protocol spec '%s'.",
184eed6a 786 filename, linenum, arg ? arg : "<NONE>");
2717fa0f 787 if (*intptr == SSH_PROTO_UNKNOWN)
788 *intptr = value;
789 break;
790
791 case sSubsystem:
792 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
793 fatal("%s line %d: too many subsystems defined.",
184eed6a 794 filename, linenum);
2717fa0f 795 }
796 arg = strdelim(&cp);
797 if (!arg || *arg == '\0')
798 fatal("%s line %d: Missing subsystem name.",
184eed6a 799 filename, linenum);
2717fa0f 800 for (i = 0; i < options->num_subsystems; i++)
801 if (strcmp(arg, options->subsystem_name[i]) == 0)
802 fatal("%s line %d: Subsystem '%s' already defined.",
184eed6a 803 filename, linenum, arg);
2717fa0f 804 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
805 arg = strdelim(&cp);
806 if (!arg || *arg == '\0')
807 fatal("%s line %d: Missing subsystem command.",
184eed6a 808 filename, linenum);
2717fa0f 809 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
810 options->num_subsystems++;
811 break;
812
813 case sMaxStartups:
814 arg = strdelim(&cp);
815 if (!arg || *arg == '\0')
816 fatal("%s line %d: Missing MaxStartups spec.",
184eed6a 817 filename, linenum);
2717fa0f 818 if ((n = sscanf(arg, "%d:%d:%d",
819 &options->max_startups_begin,
820 &options->max_startups_rate,
821 &options->max_startups)) == 3) {
822 if (options->max_startups_begin >
823 options->max_startups ||
824 options->max_startups_rate > 100 ||
825 options->max_startups_rate < 1)
c345cf9d 826 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 827 filename, linenum);
2717fa0f 828 } else if (n != 1)
829 fatal("%s line %d: Illegal MaxStartups spec.",
830 filename, linenum);
831 else
832 options->max_startups = options->max_startups_begin;
833 break;
834
835 case sBanner:
836 charptr = &options->banner;
837 goto parse_filename;
838 /*
839 * These options can contain %X options expanded at
840 * connect time, so that you can specify paths like:
841 *
842 * AuthorizedKeysFile /etc/ssh_keys/%u
843 */
844 case sAuthorizedKeysFile:
845 case sAuthorizedKeysFile2:
846 charptr = (opcode == sAuthorizedKeysFile ) ?
847 &options->authorized_keys_file :
848 &options->authorized_keys_file2;
849 goto parse_filename;
850
851 case sClientAliveInterval:
852 intptr = &options->client_alive_interval;
853 goto parse_time;
854
855 case sClientAliveCountMax:
856 intptr = &options->client_alive_count_max;
857 goto parse_int;
858
859 case sDeprecated:
860 log("%s line %d: Deprecated option %s",
861 filename, linenum, arg);
862 while (arg)
863 arg = strdelim(&cp);
864 break;
865
866 default:
867 fatal("%s line %d: Missing handler for opcode %s (%d)",
868 filename, linenum, arg, opcode);
869 }
870 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
871 fatal("%s line %d: garbage at end of line; \"%.200s\".",
872 filename, linenum, arg);
873 return 0;
874}
089fbbd2 875
2717fa0f 876/* Reads the server configuration file. */
5c53a31e 877
2717fa0f 878void
879read_server_config(ServerOptions *options, const char *filename)
880{
881 FILE *f;
882 char line[1024];
883 int linenum;
884 int bad_options = 0;
885
886 f = fopen(filename, "r");
887 if (!f) {
888 perror(filename);
889 exit(1);
890 }
891 linenum = 0;
892 while (fgets(line, sizeof(line), f)) {
893 /* Update line number counter. */
894 linenum++;
895 if (process_server_config_line(options, line, filename, linenum) != 0)
896 bad_options++;
8efc0c15 897 }
5260325f 898 fclose(f);
b7c70970 899 if (bad_options > 0)
900 fatal("%s: terminating, %d bad configuration options",
901 filename, bad_options);
8efc0c15 902}
git-cvsimport mirror of OpenSSH
This page took 0.342487 seconds and 5 git commands to generate.