]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- stevesk@cvs.openbsd.org 2002/01/04 17:59:17
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
b4047251 13RCSID("$OpenBSD: servconf.c,v 1.96 2002/01/04 17:59:17 stevesk Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
e15895cd 46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
48e671d5 51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
fa08c86b 54 options->num_host_key_files = 0;
0fbe8c74 55 options->pid_file = NULL;
5260325f 56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
15853e93 59 options->permit_root_login = PERMIT_NOT_SET;
5260325f 60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
4f4648f9 63 options->print_lastlog = -1;
5260325f 64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
fa649821 66 options->xauth_location = NULL;
5260325f 67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
8002af61 73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
5260325f 75 options->rsa_authentication = -1;
fa08c86b 76 options->pubkey_authentication = -1;
ced49be2 77#if defined(KRB4) || defined(KRB5)
5260325f 78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
8efc0c15 81#endif
ced49be2 82#if defined(AFS) || defined(KRB5)
5260325f 83 options->kerberos_tgt_passing = -1;
ced49be2 84#endif
85#ifdef AFS
5260325f 86 options->afs_token_passing = -1;
8efc0c15 87#endif
5260325f 88 options->password_authentication = -1;
94ec8c6b 89 options->kbd_interactive_authentication = -1;
5ba55ada 90 options->challenge_response_authentication = -1;
5260325f 91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
33de75a3 93 options->allow_tcp_forwarding = -1;
5260325f 94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
a8be9f80 98 options->ciphers = NULL;
b2552997 99 options->macs = NULL;
a8be9f80 100 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 101 options->gateway_ports = -1;
38c295d6 102 options->num_subsystems = 0;
c345cf9d 103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
089fbbd2 105 options->max_startups = -1;
eea39c02 106 options->banner = NULL;
61e96248 107 options->reverse_mapping_check = -1;
3ffc6336 108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
c8445989 110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
8efc0c15 112}
113
6ae2364d 114void
5260325f 115fill_default_server_options(ServerOptions *options)
8efc0c15 116{
e15895cd 117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
fa08c86b 122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
42f11eb2 127 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 128 if (options->protocol & SSH_PROTO_2)
42f11eb2 129 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 130 }
48e671d5 131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
2d2a2c65 134 add_listen_addr(options, NULL, 0);
0fbe8c74 135 if (options->pid_file == NULL)
42f11eb2 136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
140 options->login_grace_time = 600;
141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
15853e93 143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
5260325f 145 if (options->ignore_rhosts == -1)
c8d54615 146 options->ignore_rhosts = 1;
5260325f 147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
5260325f 149 if (options->print_motd == -1)
150 options->print_motd = 1;
4f4648f9 151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
5260325f 153 if (options->x11_forwarding == -1)
c8d54615 154 options->x11_forwarding = 0;
5260325f 155 if (options->x11_display_offset == -1)
c8d54615 156 options->x11_display_offset = 10;
fa649821 157 if (options->xauth_location == NULL)
fd9ede94 158 options->xauth_location = _PATH_XAUTH;
5260325f 159 if (options->strict_modes == -1)
160 options->strict_modes = 1;
161 if (options->keepalives == -1)
162 options->keepalives = 1;
163 if (options->log_facility == (SyslogFacility) (-1))
164 options->log_facility = SYSLOG_FACILITY_AUTH;
165 if (options->log_level == (LogLevel) (-1))
59c97189 166 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 167 if (options->rhosts_authentication == -1)
168 options->rhosts_authentication = 0;
169 if (options->rhosts_rsa_authentication == -1)
c8d54615 170 options->rhosts_rsa_authentication = 0;
8002af61 171 if (options->hostbased_authentication == -1)
172 options->hostbased_authentication = 0;
173 if (options->hostbased_uses_name_from_packet_only == -1)
174 options->hostbased_uses_name_from_packet_only = 0;
5260325f 175 if (options->rsa_authentication == -1)
176 options->rsa_authentication = 1;
fa08c86b 177 if (options->pubkey_authentication == -1)
178 options->pubkey_authentication = 1;
ced49be2 179#if defined(KRB4) || defined(KRB5)
5260325f 180 if (options->kerberos_authentication == -1)
181 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
182 if (options->kerberos_or_local_passwd == -1)
183 options->kerberos_or_local_passwd = 1;
184 if (options->kerberos_ticket_cleanup == -1)
185 options->kerberos_ticket_cleanup = 1;
ced49be2 186#endif
187#if defined(AFS) || defined(KRB5)
5260325f 188 if (options->kerberos_tgt_passing == -1)
189 options->kerberos_tgt_passing = 0;
ced49be2 190#endif
184eed6a 191#ifdef AFS
5260325f 192 if (options->afs_token_passing == -1)
193 options->afs_token_passing = k_hasafs();
ced49be2 194#endif
5260325f 195 if (options->password_authentication == -1)
196 options->password_authentication = 1;
94ec8c6b 197 if (options->kbd_interactive_authentication == -1)
198 options->kbd_interactive_authentication = 0;
5ba55ada 199 if (options->challenge_response_authentication == -1)
200 options->challenge_response_authentication = 1;
5260325f 201 if (options->permit_empty_passwd == -1)
c8d54615 202 options->permit_empty_passwd = 0;
5260325f 203 if (options->use_login == -1)
204 options->use_login = 0;
33de75a3 205 if (options->allow_tcp_forwarding == -1)
206 options->allow_tcp_forwarding = 1;
1d1ffb87 207 if (options->gateway_ports == -1)
208 options->gateway_ports = 0;
089fbbd2 209 if (options->max_startups == -1)
210 options->max_startups = 10;
c345cf9d 211 if (options->max_startups_rate == -1)
212 options->max_startups_rate = 100; /* 100% */
213 if (options->max_startups_begin == -1)
214 options->max_startups_begin = options->max_startups;
61e96248 215 if (options->reverse_mapping_check == -1)
216 options->reverse_mapping_check = 0;
3ffc6336 217 if (options->client_alive_interval == -1)
184eed6a 218 options->client_alive_interval = 0;
3ffc6336 219 if (options->client_alive_count_max == -1)
220 options->client_alive_count_max = 3;
5df83e07 221 if (options->authorized_keys_file2 == NULL) {
222 /* authorized_keys_file2 falls back to authorized_keys_file */
223 if (options->authorized_keys_file != NULL)
224 options->authorized_keys_file2 = options->authorized_keys_file;
225 else
226 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
227 }
228 if (options->authorized_keys_file == NULL)
229 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
8efc0c15 230}
231
8efc0c15 232/* Keyword tokens. */
5260325f 233typedef enum {
234 sBadOption, /* == unknown option */
e15895cd 235 /* Portable-specific options */
236 sPAMAuthenticationViaKbdInt,
237 /* Standard Options */
5260325f 238 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
239 sPermitRootLogin, sLogFacility, sLogLevel,
240 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 241#if defined(KRB4) || defined(KRB5)
5260325f 242 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 243#endif
ced49be2 244#if defined(AFS) || defined(KRB5)
245 sKerberosTgtPassing,
246#endif
8efc0c15 247#ifdef AFS
ced49be2 248 sAFSTokenPassing,
8efc0c15 249#endif
d464095c 250 sChallengeResponseAuthentication,
94ec8c6b 251 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 252 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
253 sX11Forwarding, sX11DisplayOffset,
5c53a31e 254 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 255 sUseLogin, sAllowTcpForwarding,
256 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 257 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 258 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 259 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
184eed6a 260 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 261 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2717fa0f 262 sDeprecated
8efc0c15 263} ServerOpCodes;
264
265/* Textual representation of the tokens. */
5260325f 266static struct {
267 const char *name;
268 ServerOpCodes opcode;
269} keywords[] = {
e15895cd 270 /* Portable-specific options */
271 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
272 /* Standard Options */
5260325f 273 { "port", sPort },
274 { "hostkey", sHostKeyFile },
fa08c86b 275 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 276 { "pidfile", sPidFile },
5260325f 277 { "serverkeybits", sServerKeyBits },
278 { "logingracetime", sLoginGraceTime },
279 { "keyregenerationinterval", sKeyRegenerationTime },
280 { "permitrootlogin", sPermitRootLogin },
281 { "syslogfacility", sLogFacility },
282 { "loglevel", sLogLevel },
283 { "rhostsauthentication", sRhostsAuthentication },
284 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 285 { "hostbasedauthentication", sHostbasedAuthentication },
286 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 287 { "rsaauthentication", sRSAAuthentication },
fa08c86b 288 { "pubkeyauthentication", sPubkeyAuthentication },
289 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 290#if defined(KRB4) || defined(KRB5)
5260325f 291 { "kerberosauthentication", sKerberosAuthentication },
292 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
293 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 294#endif
ced49be2 295#if defined(AFS) || defined(KRB5)
5260325f 296 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 297#endif
298#ifdef AFS
5260325f 299 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 300#endif
5260325f 301 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 302 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 303 { "challengeresponseauthentication", sChallengeResponseAuthentication },
304 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 305 { "checkmail", sDeprecated },
5260325f 306 { "listenaddress", sListenAddress },
307 { "printmotd", sPrintMotd },
4f4648f9 308 { "printlastlog", sPrintLastLog },
5260325f 309 { "ignorerhosts", sIgnoreRhosts },
310 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
311 { "x11forwarding", sX11Forwarding },
312 { "x11displayoffset", sX11DisplayOffset },
fa649821 313 { "xauthlocation", sXAuthLocation },
5260325f 314 { "strictmodes", sStrictModes },
315 { "permitemptypasswords", sEmptyPasswd },
316 { "uselogin", sUseLogin },
5260325f 317 { "keepalive", sKeepAlives },
33de75a3 318 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 319 { "allowusers", sAllowUsers },
320 { "denyusers", sDenyUsers },
321 { "allowgroups", sAllowGroups },
322 { "denygroups", sDenyGroups },
a8be9f80 323 { "ciphers", sCiphers },
b2552997 324 { "macs", sMacs },
a8be9f80 325 { "protocol", sProtocol },
1d1ffb87 326 { "gatewayports", sGatewayPorts },
38c295d6 327 { "subsystem", sSubsystem },
089fbbd2 328 { "maxstartups", sMaxStartups },
eea39c02 329 { "banner", sBanner },
61e96248 330 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 331 { "clientaliveinterval", sClientAliveInterval },
332 { "clientalivecountmax", sClientAliveCountMax },
c8445989 333 { "authorizedkeysfile", sAuthorizedKeysFile },
334 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
17a3011c 335 { NULL, sBadOption }
8efc0c15 336};
337
aa3378df 338/*
6be9a5e8 339 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 340 */
8efc0c15 341
6ae2364d 342static ServerOpCodes
5260325f 343parse_token(const char *cp, const char *filename,
344 int linenum)
8efc0c15 345{
1e3b8b07 346 u_int i;
8efc0c15 347
5260325f 348 for (i = 0; keywords[i].name; i++)
aa3378df 349 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 350 return keywords[i].opcode;
8efc0c15 351
b7c70970 352 error("%s: line %d: Bad configuration option: %s",
353 filename, linenum, cp);
5260325f 354 return sBadOption;
8efc0c15 355}
356
396c147e 357static void
2d2a2c65 358add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 359{
48e671d5 360 int i;
361
362 if (options->num_ports == 0)
363 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 364 if (port == 0)
d11c1288 365 for (i = 0; i < options->num_ports; i++)
366 add_one_listen_addr(options, addr, options->ports[i]);
367 else
2d2a2c65 368 add_one_listen_addr(options, addr, port);
d11c1288 369}
370
396c147e 371static void
d11c1288 372add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
373{
374 struct addrinfo hints, *ai, *aitop;
375 char strport[NI_MAXSERV];
376 int gaierr;
377
378 memset(&hints, 0, sizeof(hints));
379 hints.ai_family = IPv4or6;
380 hints.ai_socktype = SOCK_STREAM;
381 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
382 snprintf(strport, sizeof strport, "%d", port);
383 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
384 fatal("bad addr or host: %s (%s)",
385 addr ? addr : "<NULL>",
386 gai_strerror(gaierr));
387 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
388 ;
389 ai->ai_next = options->listen_addrs;
390 options->listen_addrs = aitop;
48e671d5 391}
392
2717fa0f 393int
394process_server_config_line(ServerOptions *options, char *line,
395 const char *filename, int linenum)
8efc0c15 396{
d11c1288 397 char *cp, **charptr, *arg, *p;
2717fa0f 398 int *intptr, value;
5260325f 399 ServerOpCodes opcode;
97de229c 400 int i, n;
5260325f 401
2717fa0f 402 cp = line;
403 arg = strdelim(&cp);
404 /* Ignore leading whitespace */
405 if (*arg == '\0')
704b1659 406 arg = strdelim(&cp);
2717fa0f 407 if (!arg || !*arg || *arg == '#')
408 return 0;
409 intptr = NULL;
410 charptr = NULL;
411 opcode = parse_token(arg, filename, linenum);
412 switch (opcode) {
413 /* Portable-specific options */
414 case sPAMAuthenticationViaKbdInt:
415 intptr = &options->pam_authentication_via_kbd_int;
416 goto parse_flag;
48e671d5 417
2717fa0f 418 /* Standard Options */
419 case sBadOption:
420 return -1;
421 case sPort:
422 /* ignore ports from configfile if cmdline specifies ports */
423 if (options->ports_from_cmdline)
424 return 0;
425 if (options->listen_addrs != NULL)
426 fatal("%s line %d: ports must be specified before "
427 "ListenAdress.", filename, linenum);
428 if (options->num_ports >= MAX_PORTS)
429 fatal("%s line %d: too many ports.",
430 filename, linenum);
431 arg = strdelim(&cp);
432 if (!arg || *arg == '\0')
433 fatal("%s line %d: missing port number.",
434 filename, linenum);
435 options->ports[options->num_ports++] = a2port(arg);
436 if (options->ports[options->num_ports-1] == 0)
437 fatal("%s line %d: Badly formatted port number.",
438 filename, linenum);
439 break;
440
441 case sServerKeyBits:
442 intptr = &options->server_key_bits;
5260325f 443parse_int:
2717fa0f 444 arg = strdelim(&cp);
445 if (!arg || *arg == '\0')
446 fatal("%s line %d: missing integer value.",
447 filename, linenum);
448 value = atoi(arg);
449 if (*intptr == -1)
450 *intptr = value;
451 break;
452
453 case sLoginGraceTime:
454 intptr = &options->login_grace_time;
e2b1fb42 455parse_time:
2717fa0f 456 arg = strdelim(&cp);
457 if (!arg || *arg == '\0')
458 fatal("%s line %d: missing time value.",
459 filename, linenum);
460 if ((value = convtime(arg)) == -1)
461 fatal("%s line %d: invalid time value.",
462 filename, linenum);
463 if (*intptr == -1)
464 *intptr = value;
465 break;
466
467 case sKeyRegenerationTime:
468 intptr = &options->key_regeneration_time;
469 goto parse_time;
470
471 case sListenAddress:
472 arg = strdelim(&cp);
473 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
474 fatal("%s line %d: missing inet addr.",
475 filename, linenum);
476 if (*arg == '[') {
477 if ((p = strchr(arg, ']')) == NULL)
478 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 479 filename, linenum);
2717fa0f 480 arg++;
481 memmove(p, p+1, strlen(p+1)+1);
482 } else if (((p = strchr(arg, ':')) == NULL) ||
483 (strchr(p+1, ':') != NULL)) {
484 add_listen_addr(options, arg, 0);
e2b1fb42 485 break;
2717fa0f 486 }
487 if (*p == ':') {
488 u_short port;
5260325f 489
2717fa0f 490 p++;
491 if (*p == '\0')
492 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 493 filename, linenum);
2717fa0f 494 else {
495 *(p-1) = '\0';
496 if ((port = a2port(p)) == 0)
497 fatal("%s line %d: bad port number.",
d11c1288 498 filename, linenum);
2717fa0f 499 add_listen_addr(options, arg, port);
d11c1288 500 }
2717fa0f 501 } else if (*p == '\0')
502 add_listen_addr(options, arg, 0);
503 else
504 fatal("%s line %d: bad inet addr usage.",
505 filename, linenum);
506 break;
507
508 case sHostKeyFile:
509 intptr = &options->num_host_key_files;
510 if (*intptr >= MAX_HOSTKEYS)
511 fatal("%s line %d: too many host keys specified (max %d).",
512 filename, linenum, MAX_HOSTKEYS);
513 charptr = &options->host_key_files[*intptr];
fa649821 514parse_filename:
2717fa0f 515 arg = strdelim(&cp);
516 if (!arg || *arg == '\0')
517 fatal("%s line %d: missing file name.",
518 filename, linenum);
519 if (*charptr == NULL) {
520 *charptr = tilde_expand_filename(arg, getuid());
521 /* increase optional counter */
522 if (intptr != NULL)
523 *intptr = *intptr + 1;
524 }
525 break;
0fbe8c74 526
2717fa0f 527 case sPidFile:
528 charptr = &options->pid_file;
529 goto parse_filename;
5260325f 530
2717fa0f 531 case sPermitRootLogin:
532 intptr = &options->permit_root_login;
533 arg = strdelim(&cp);
534 if (!arg || *arg == '\0')
535 fatal("%s line %d: missing yes/"
536 "without-password/forced-commands-only/no "
537 "argument.", filename, linenum);
538 value = 0; /* silence compiler */
539 if (strcmp(arg, "without-password") == 0)
540 value = PERMIT_NO_PASSWD;
541 else if (strcmp(arg, "forced-commands-only") == 0)
542 value = PERMIT_FORCED_ONLY;
543 else if (strcmp(arg, "yes") == 0)
544 value = PERMIT_YES;
545 else if (strcmp(arg, "no") == 0)
546 value = PERMIT_NO;
547 else
548 fatal("%s line %d: Bad yes/"
549 "without-password/forced-commands-only/no "
550 "argument: %s", filename, linenum, arg);
551 if (*intptr == -1)
552 *intptr = value;
553 break;
554
555 case sIgnoreRhosts:
556 intptr = &options->ignore_rhosts;
5260325f 557parse_flag:
2717fa0f 558 arg = strdelim(&cp);
559 if (!arg || *arg == '\0')
560 fatal("%s line %d: missing yes/no argument.",
561 filename, linenum);
562 value = 0; /* silence compiler */
563 if (strcmp(arg, "yes") == 0)
564 value = 1;
565 else if (strcmp(arg, "no") == 0)
566 value = 0;
567 else
568 fatal("%s line %d: Bad yes/no argument: %s",
569 filename, linenum, arg);
570 if (*intptr == -1)
571 *intptr = value;
572 break;
573
574 case sIgnoreUserKnownHosts:
575 intptr = &options->ignore_user_known_hosts;
576 goto parse_flag;
577
578 case sRhostsAuthentication:
579 intptr = &options->rhosts_authentication;
580 goto parse_flag;
581
582 case sRhostsRSAAuthentication:
583 intptr = &options->rhosts_rsa_authentication;
584 goto parse_flag;
585
586 case sHostbasedAuthentication:
587 intptr = &options->hostbased_authentication;
588 goto parse_flag;
589
590 case sHostbasedUsesNameFromPacketOnly:
591 intptr = &options->hostbased_uses_name_from_packet_only;
592 goto parse_flag;
593
594 case sRSAAuthentication:
595 intptr = &options->rsa_authentication;
596 goto parse_flag;
597
598 case sPubkeyAuthentication:
599 intptr = &options->pubkey_authentication;
600 goto parse_flag;
601#if defined(KRB4) || defined(KRB5)
602 case sKerberosAuthentication:
603 intptr = &options->kerberos_authentication;
604 goto parse_flag;
5260325f 605
2717fa0f 606 case sKerberosOrLocalPasswd:
607 intptr = &options->kerberos_or_local_passwd;
608 goto parse_flag;
5260325f 609
2717fa0f 610 case sKerberosTicketCleanup:
611 intptr = &options->kerberos_ticket_cleanup;
612 goto parse_flag;
613#endif
614#if defined(AFS) || defined(KRB5)
615 case sKerberosTgtPassing:
616 intptr = &options->kerberos_tgt_passing;
617 goto parse_flag;
618#endif
619#ifdef AFS
620 case sAFSTokenPassing:
621 intptr = &options->afs_token_passing;
622 goto parse_flag;
623#endif
5260325f 624
2717fa0f 625 case sPasswordAuthentication:
626 intptr = &options->password_authentication;
627 goto parse_flag;
5260325f 628
2717fa0f 629 case sKbdInteractiveAuthentication:
630 intptr = &options->kbd_interactive_authentication;
631 goto parse_flag;
8002af61 632
2717fa0f 633 case sChallengeResponseAuthentication:
634 intptr = &options->challenge_response_authentication;
635 goto parse_flag;
8002af61 636
2717fa0f 637 case sPrintMotd:
638 intptr = &options->print_motd;
639 goto parse_flag;
5260325f 640
2717fa0f 641 case sPrintLastLog:
642 intptr = &options->print_lastlog;
643 goto parse_flag;
5260325f 644
2717fa0f 645 case sX11Forwarding:
646 intptr = &options->x11_forwarding;
647 goto parse_flag;
5260325f 648
2717fa0f 649 case sX11DisplayOffset:
650 intptr = &options->x11_display_offset;
651 goto parse_int;
8efc0c15 652
2717fa0f 653 case sXAuthLocation:
654 charptr = &options->xauth_location;
655 goto parse_filename;
5260325f 656
2717fa0f 657 case sStrictModes:
658 intptr = &options->strict_modes;
659 goto parse_flag;
5260325f 660
2717fa0f 661 case sKeepAlives:
662 intptr = &options->keepalives;
663 goto parse_flag;
33de75a3 664
2717fa0f 665 case sEmptyPasswd:
666 intptr = &options->permit_empty_passwd;
667 goto parse_flag;
5260325f 668
2717fa0f 669 case sUseLogin:
670 intptr = &options->use_login;
671 goto parse_flag;
5260325f 672
2717fa0f 673 case sGatewayPorts:
674 intptr = &options->gateway_ports;
675 goto parse_flag;
5260325f 676
2717fa0f 677 case sReverseMappingCheck:
678 intptr = &options->reverse_mapping_check;
679 goto parse_flag;
5260325f 680
2717fa0f 681 case sLogFacility:
682 intptr = (int *) &options->log_facility;
683 arg = strdelim(&cp);
684 value = log_facility_number(arg);
685 if (value == (SyslogFacility) - 1)
686 fatal("%.200s line %d: unsupported log facility '%s'",
687 filename, linenum, arg ? arg : "<NONE>");
688 if (*intptr == -1)
689 *intptr = (SyslogFacility) value;
690 break;
691
692 case sLogLevel:
693 intptr = (int *) &options->log_level;
694 arg = strdelim(&cp);
695 value = log_level_number(arg);
696 if (value == (LogLevel) - 1)
697 fatal("%.200s line %d: unsupported log level '%s'",
698 filename, linenum, arg ? arg : "<NONE>");
699 if (*intptr == -1)
700 *intptr = (LogLevel) value;
701 break;
702
703 case sAllowTcpForwarding:
704 intptr = &options->allow_tcp_forwarding;
705 goto parse_flag;
706
707 case sAllowUsers:
708 while ((arg = strdelim(&cp)) && *arg != '\0') {
709 if (options->num_allow_users >= MAX_ALLOW_USERS)
710 fatal("%s line %d: too many allow users.",
711 filename, linenum);
712 options->allow_users[options->num_allow_users++] = xstrdup(arg);
713 }
714 break;
a8be9f80 715
2717fa0f 716 case sDenyUsers:
717 while ((arg = strdelim(&cp)) && *arg != '\0') {
718 if (options->num_deny_users >= MAX_DENY_USERS)
719 fatal( "%s line %d: too many deny users.",
720 filename, linenum);
721 options->deny_users[options->num_deny_users++] = xstrdup(arg);
722 }
723 break;
b2552997 724
2717fa0f 725 case sAllowGroups:
726 while ((arg = strdelim(&cp)) && *arg != '\0') {
727 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
728 fatal("%s line %d: too many allow groups.",
729 filename, linenum);
730 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
731 }
732 break;
a8be9f80 733
2717fa0f 734 case sDenyGroups:
735 while ((arg = strdelim(&cp)) && *arg != '\0') {
736 if (options->num_deny_groups >= MAX_DENY_GROUPS)
737 fatal("%s line %d: too many deny groups.",
738 filename, linenum);
739 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
740 }
741 break;
38c295d6 742
2717fa0f 743 case sCiphers:
744 arg = strdelim(&cp);
745 if (!arg || *arg == '\0')
746 fatal("%s line %d: Missing argument.", filename, linenum);
747 if (!ciphers_valid(arg))
748 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
749 filename, linenum, arg ? arg : "<NONE>");
750 if (options->ciphers == NULL)
751 options->ciphers = xstrdup(arg);
752 break;
753
754 case sMacs:
755 arg = strdelim(&cp);
756 if (!arg || *arg == '\0')
757 fatal("%s line %d: Missing argument.", filename, linenum);
758 if (!mac_valid(arg))
759 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
760 filename, linenum, arg ? arg : "<NONE>");
761 if (options->macs == NULL)
762 options->macs = xstrdup(arg);
763 break;
764
765 case sProtocol:
766 intptr = &options->protocol;
767 arg = strdelim(&cp);
768 if (!arg || *arg == '\0')
769 fatal("%s line %d: Missing argument.", filename, linenum);
770 value = proto_spec(arg);
771 if (value == SSH_PROTO_UNKNOWN)
772 fatal("%s line %d: Bad protocol spec '%s'.",
184eed6a 773 filename, linenum, arg ? arg : "<NONE>");
2717fa0f 774 if (*intptr == SSH_PROTO_UNKNOWN)
775 *intptr = value;
776 break;
777
778 case sSubsystem:
779 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
780 fatal("%s line %d: too many subsystems defined.",
184eed6a 781 filename, linenum);
2717fa0f 782 }
783 arg = strdelim(&cp);
784 if (!arg || *arg == '\0')
785 fatal("%s line %d: Missing subsystem name.",
184eed6a 786 filename, linenum);
2717fa0f 787 for (i = 0; i < options->num_subsystems; i++)
788 if (strcmp(arg, options->subsystem_name[i]) == 0)
789 fatal("%s line %d: Subsystem '%s' already defined.",
184eed6a 790 filename, linenum, arg);
2717fa0f 791 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
792 arg = strdelim(&cp);
793 if (!arg || *arg == '\0')
794 fatal("%s line %d: Missing subsystem command.",
184eed6a 795 filename, linenum);
2717fa0f 796 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
797 options->num_subsystems++;
798 break;
799
800 case sMaxStartups:
801 arg = strdelim(&cp);
802 if (!arg || *arg == '\0')
803 fatal("%s line %d: Missing MaxStartups spec.",
184eed6a 804 filename, linenum);
2717fa0f 805 if ((n = sscanf(arg, "%d:%d:%d",
806 &options->max_startups_begin,
807 &options->max_startups_rate,
808 &options->max_startups)) == 3) {
809 if (options->max_startups_begin >
810 options->max_startups ||
811 options->max_startups_rate > 100 ||
812 options->max_startups_rate < 1)
c345cf9d 813 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 814 filename, linenum);
2717fa0f 815 } else if (n != 1)
816 fatal("%s line %d: Illegal MaxStartups spec.",
817 filename, linenum);
818 else
819 options->max_startups = options->max_startups_begin;
820 break;
821
822 case sBanner:
823 charptr = &options->banner;
824 goto parse_filename;
825 /*
826 * These options can contain %X options expanded at
827 * connect time, so that you can specify paths like:
828 *
829 * AuthorizedKeysFile /etc/ssh_keys/%u
830 */
831 case sAuthorizedKeysFile:
832 case sAuthorizedKeysFile2:
833 charptr = (opcode == sAuthorizedKeysFile ) ?
834 &options->authorized_keys_file :
835 &options->authorized_keys_file2;
836 goto parse_filename;
837
838 case sClientAliveInterval:
839 intptr = &options->client_alive_interval;
840 goto parse_time;
841
842 case sClientAliveCountMax:
843 intptr = &options->client_alive_count_max;
844 goto parse_int;
845
846 case sDeprecated:
847 log("%s line %d: Deprecated option %s",
848 filename, linenum, arg);
849 while (arg)
850 arg = strdelim(&cp);
851 break;
852
853 default:
854 fatal("%s line %d: Missing handler for opcode %s (%d)",
855 filename, linenum, arg, opcode);
856 }
857 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
858 fatal("%s line %d: garbage at end of line; \"%.200s\".",
859 filename, linenum, arg);
860 return 0;
861}
089fbbd2 862
2717fa0f 863/* Reads the server configuration file. */
5c53a31e 864
2717fa0f 865void
866read_server_config(ServerOptions *options, const char *filename)
867{
868 FILE *f;
869 char line[1024];
870 int linenum;
871 int bad_options = 0;
872
873 f = fopen(filename, "r");
874 if (!f) {
875 perror(filename);
876 exit(1);
877 }
878 linenum = 0;
879 while (fgets(line, sizeof(line), f)) {
880 /* Update line number counter. */
881 linenum++;
882 if (process_server_config_line(options, line, filename, linenum) != 0)
883 bad_options++;
8efc0c15 884 }
5260325f 885 fclose(f);
b7c70970 886 if (bad_options > 0)
887 fatal("%s: terminating, %d bad configuration options",
888 filename, bad_options);
8efc0c15 889}
git-cvsimport mirror of OpenSSH
This page took 0.284878 seconds and 5 git commands to generate.