]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) OpenBSD CVS changes:
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
6ae2364d 2 *
5260325f 3 * servconf.c
6ae2364d 4 *
5260325f 5 * Author: Tatu Ylonen <ylo@cs.hut.fi>
6ae2364d 6 *
5260325f 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 * All rights reserved
6ae2364d 9 *
5260325f 10 * Created: Mon Aug 21 15:48:58 1995 ylo
6ae2364d 11 *
5260325f 12 */
8efc0c15 13
14#include "includes.h"
c345cf9d 15RCSID("$OpenBSD: servconf.c,v 1.50 2000/07/22 09:14:36 markus Exp $");
8efc0c15 16
17#include "ssh.h"
18#include "servconf.h"
19#include "xmalloc.h"
a8be9f80 20#include "compat.h"
8efc0c15 21
48e671d5 22/* add listen address */
23void add_listen_addr(ServerOptions *options, char *addr);
24
8efc0c15 25/* Initializes the server options to their default values. */
26
6ae2364d 27void
5260325f 28initialize_server_options(ServerOptions *options)
8efc0c15 29{
5260325f 30 memset(options, 0, sizeof(*options));
48e671d5 31 options->num_ports = 0;
32 options->ports_from_cmdline = 0;
33 options->listen_addrs = NULL;
5260325f 34 options->host_key_file = NULL;
1d1ffb87 35 options->host_dsa_key_file = NULL;
0fbe8c74 36 options->pid_file = NULL;
5260325f 37 options->server_key_bits = -1;
38 options->login_grace_time = -1;
39 options->key_regeneration_time = -1;
40 options->permit_root_login = -1;
41 options->ignore_rhosts = -1;
42 options->ignore_user_known_hosts = -1;
43 options->print_motd = -1;
44 options->check_mail = -1;
45 options->x11_forwarding = -1;
46 options->x11_display_offset = -1;
fa649821 47 options->xauth_location = NULL;
5260325f 48 options->strict_modes = -1;
49 options->keepalives = -1;
50 options->log_facility = (SyslogFacility) - 1;
51 options->log_level = (LogLevel) - 1;
52 options->rhosts_authentication = -1;
53 options->rhosts_rsa_authentication = -1;
54 options->rsa_authentication = -1;
1d1ffb87 55 options->dsa_authentication = -1;
8efc0c15 56#ifdef KRB4
5260325f 57 options->kerberos_authentication = -1;
58 options->kerberos_or_local_passwd = -1;
59 options->kerberos_ticket_cleanup = -1;
8efc0c15 60#endif
61#ifdef AFS
5260325f 62 options->kerberos_tgt_passing = -1;
63 options->afs_token_passing = -1;
8efc0c15 64#endif
5260325f 65 options->password_authentication = -1;
8efc0c15 66#ifdef SKEY
5260325f 67 options->skey_authentication = -1;
8efc0c15 68#endif
5260325f 69 options->permit_empty_passwd = -1;
70 options->use_login = -1;
71 options->num_allow_users = 0;
72 options->num_deny_users = 0;
73 options->num_allow_groups = 0;
74 options->num_deny_groups = 0;
a8be9f80 75 options->ciphers = NULL;
76 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 77 options->gateway_ports = -1;
38c295d6 78 options->num_subsystems = 0;
c345cf9d 79 options->max_startups_begin = -1;
80 options->max_startups_rate = -1;
089fbbd2 81 options->max_startups = -1;
8efc0c15 82}
83
6ae2364d 84void
5260325f 85fill_default_server_options(ServerOptions *options)
8efc0c15 86{
48e671d5 87 if (options->num_ports == 0)
88 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
89 if (options->listen_addrs == NULL)
90 add_listen_addr(options, NULL);
5260325f 91 if (options->host_key_file == NULL)
92 options->host_key_file = HOST_KEY_FILE;
1d1ffb87 93 if (options->host_dsa_key_file == NULL)
94 options->host_dsa_key_file = HOST_DSA_KEY_FILE;
0fbe8c74 95 if (options->pid_file == NULL)
96 options->pid_file = SSH_DAEMON_PID_FILE;
5260325f 97 if (options->server_key_bits == -1)
98 options->server_key_bits = 768;
99 if (options->login_grace_time == -1)
100 options->login_grace_time = 600;
101 if (options->key_regeneration_time == -1)
102 options->key_regeneration_time = 3600;
103 if (options->permit_root_login == -1)
104 options->permit_root_login = 1; /* yes */
105 if (options->ignore_rhosts == -1)
c8d54615 106 options->ignore_rhosts = 1;
5260325f 107 if (options->ignore_user_known_hosts == -1)
108 options->ignore_user_known_hosts = 0;
109 if (options->check_mail == -1)
110 options->check_mail = 0;
111 if (options->print_motd == -1)
112 options->print_motd = 1;
113 if (options->x11_forwarding == -1)
c8d54615 114 options->x11_forwarding = 0;
5260325f 115 if (options->x11_display_offset == -1)
c8d54615 116 options->x11_display_offset = 10;
fa649821 117#ifdef XAUTH_PATH
118 if (options->xauth_location == NULL)
119 options->xauth_location = XAUTH_PATH;
120#endif /* XAUTH_PATH */
5260325f 121 if (options->strict_modes == -1)
122 options->strict_modes = 1;
123 if (options->keepalives == -1)
124 options->keepalives = 1;
125 if (options->log_facility == (SyslogFacility) (-1))
126 options->log_facility = SYSLOG_FACILITY_AUTH;
127 if (options->log_level == (LogLevel) (-1))
128 options->log_level = SYSLOG_LEVEL_INFO;
129 if (options->rhosts_authentication == -1)
130 options->rhosts_authentication = 0;
131 if (options->rhosts_rsa_authentication == -1)
c8d54615 132 options->rhosts_rsa_authentication = 0;
5260325f 133 if (options->rsa_authentication == -1)
134 options->rsa_authentication = 1;
1d1ffb87 135 if (options->dsa_authentication == -1)
136 options->dsa_authentication = 1;
8efc0c15 137#ifdef KRB4
5260325f 138 if (options->kerberos_authentication == -1)
139 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
140 if (options->kerberos_or_local_passwd == -1)
141 options->kerberos_or_local_passwd = 1;
142 if (options->kerberos_ticket_cleanup == -1)
143 options->kerberos_ticket_cleanup = 1;
8efc0c15 144#endif /* KRB4 */
145#ifdef AFS
5260325f 146 if (options->kerberos_tgt_passing == -1)
147 options->kerberos_tgt_passing = 0;
148 if (options->afs_token_passing == -1)
149 options->afs_token_passing = k_hasafs();
8efc0c15 150#endif /* AFS */
5260325f 151 if (options->password_authentication == -1)
152 options->password_authentication = 1;
8efc0c15 153#ifdef SKEY
5260325f 154 if (options->skey_authentication == -1)
155 options->skey_authentication = 1;
8efc0c15 156#endif
5260325f 157 if (options->permit_empty_passwd == -1)
c8d54615 158 options->permit_empty_passwd = 0;
5260325f 159 if (options->use_login == -1)
160 options->use_login = 0;
a8be9f80 161 if (options->protocol == SSH_PROTO_UNKNOWN)
a306f2dd 162 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
1d1ffb87 163 if (options->gateway_ports == -1)
164 options->gateway_ports = 0;
089fbbd2 165 if (options->max_startups == -1)
166 options->max_startups = 10;
c345cf9d 167 if (options->max_startups_rate == -1)
168 options->max_startups_rate = 100; /* 100% */
169 if (options->max_startups_begin == -1)
170 options->max_startups_begin = options->max_startups;
8efc0c15 171}
172
8efc0c15 173/* Keyword tokens. */
5260325f 174typedef enum {
175 sBadOption, /* == unknown option */
176 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
177 sPermitRootLogin, sLogFacility, sLogLevel,
178 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 179#ifdef KRB4
5260325f 180 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 181#endif
182#ifdef AFS
5260325f 183 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 184#endif
185#ifdef SKEY
5260325f 186 sSkeyAuthentication,
8efc0c15 187#endif
5260325f 188 sPasswordAuthentication, sListenAddress,
189 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
190 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
191 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
1d1ffb87 192 sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
089fbbd2 193 sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups
8efc0c15 194} ServerOpCodes;
195
196/* Textual representation of the tokens. */
5260325f 197static struct {
198 const char *name;
199 ServerOpCodes opcode;
200} keywords[] = {
201 { "port", sPort },
202 { "hostkey", sHostKeyFile },
1d1ffb87 203 { "hostdsakey", sHostDSAKeyFile },
0fbe8c74 204 { "pidfile", sPidFile },
5260325f 205 { "serverkeybits", sServerKeyBits },
206 { "logingracetime", sLoginGraceTime },
207 { "keyregenerationinterval", sKeyRegenerationTime },
208 { "permitrootlogin", sPermitRootLogin },
209 { "syslogfacility", sLogFacility },
210 { "loglevel", sLogLevel },
211 { "rhostsauthentication", sRhostsAuthentication },
212 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
213 { "rsaauthentication", sRSAAuthentication },
1d1ffb87 214 { "dsaauthentication", sDSAAuthentication },
8efc0c15 215#ifdef KRB4
5260325f 216 { "kerberosauthentication", sKerberosAuthentication },
217 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
218 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 219#endif
220#ifdef AFS
5260325f 221 { "kerberostgtpassing", sKerberosTgtPassing },
222 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 223#endif
5260325f 224 { "passwordauthentication", sPasswordAuthentication },
8efc0c15 225#ifdef SKEY
5260325f 226 { "skeyauthentication", sSkeyAuthentication },
8efc0c15 227#endif
5260325f 228 { "checkmail", sCheckMail },
229 { "listenaddress", sListenAddress },
230 { "printmotd", sPrintMotd },
231 { "ignorerhosts", sIgnoreRhosts },
232 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
233 { "x11forwarding", sX11Forwarding },
234 { "x11displayoffset", sX11DisplayOffset },
fa649821 235 { "xauthlocation", sXAuthLocation },
5260325f 236 { "strictmodes", sStrictModes },
237 { "permitemptypasswords", sEmptyPasswd },
238 { "uselogin", sUseLogin },
239 { "randomseed", sRandomSeedFile },
240 { "keepalive", sKeepAlives },
241 { "allowusers", sAllowUsers },
242 { "denyusers", sDenyUsers },
243 { "allowgroups", sAllowGroups },
244 { "denygroups", sDenyGroups },
a8be9f80 245 { "ciphers", sCiphers },
246 { "protocol", sProtocol },
1d1ffb87 247 { "gatewayports", sGatewayPorts },
38c295d6 248 { "subsystem", sSubsystem },
089fbbd2 249 { "maxstartups", sMaxStartups },
5260325f 250 { NULL, 0 }
8efc0c15 251};
252
aa3378df 253/*
254 * Returns the number of the token pointed to by cp of length len. Never
255 * returns if the token is not known.
256 */
8efc0c15 257
6ae2364d 258static ServerOpCodes
5260325f 259parse_token(const char *cp, const char *filename,
260 int linenum)
8efc0c15 261{
5260325f 262 unsigned int i;
8efc0c15 263
5260325f 264 for (i = 0; keywords[i].name; i++)
aa3378df 265 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 266 return keywords[i].opcode;
8efc0c15 267
5260325f 268 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
269 filename, linenum, cp);
270 return sBadOption;
8efc0c15 271}
272
48e671d5 273/*
274 * add listen address
275 */
6ae2364d 276void
48e671d5 277add_listen_addr(ServerOptions *options, char *addr)
278{
279 extern int IPv4or6;
280 struct addrinfo hints, *ai, *aitop;
281 char strport[NI_MAXSERV];
282 int gaierr;
283 int i;
284
285 if (options->num_ports == 0)
286 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
287 for (i = 0; i < options->num_ports; i++) {
288 memset(&hints, 0, sizeof(hints));
289 hints.ai_family = IPv4or6;
290 hints.ai_socktype = SOCK_STREAM;
291 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
292 snprintf(strport, sizeof strport, "%d", options->ports[i]);
293 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
294 fatal("bad addr or host: %s (%s)\n",
295 addr ? addr : "<NULL>",
296 gai_strerror(gaierr));
297 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
298 ;
299 ai->ai_next = options->listen_addrs;
300 options->listen_addrs = aitop;
301 }
302}
303
8efc0c15 304/* Reads the server configuration file. */
305
6ae2364d 306void
5260325f 307read_server_config(ServerOptions *options, const char *filename)
8efc0c15 308{
5260325f 309 FILE *f;
310 char line[1024];
089fbbd2 311 char *cp, **charptr, *arg;
5260325f 312 int linenum, *intptr, value;
313 int bad_options = 0;
314 ServerOpCodes opcode;
38c295d6 315 int i;
5260325f 316
317 f = fopen(filename, "r");
318 if (!f) {
319 perror(filename);
8efc0c15 320 exit(1);
5260325f 321 }
322 linenum = 0;
323 while (fgets(line, sizeof(line), f)) {
324 linenum++;
704b1659 325 cp = line;
326 arg = strdelim(&cp);
327 /* Ignore leading whitespace */
328 if (*arg == '\0')
329 arg = strdelim(&cp);
330 if (!*arg || *arg == '#')
5260325f 331 continue;
089fbbd2 332 opcode = parse_token(arg, filename, linenum);
5260325f 333 switch (opcode) {
334 case sBadOption:
335 bad_options++;
336 continue;
337 case sPort:
48e671d5 338 /* ignore ports from configfile if cmdline specifies ports */
339 if (options->ports_from_cmdline)
340 continue;
341 if (options->listen_addrs != NULL)
342 fatal("%s line %d: ports must be specified before "
343 "ListenAdress.\n", filename, linenum);
344 if (options->num_ports >= MAX_PORTS)
345 fatal("%s line %d: too many ports.\n",
6ae2364d 346 filename, linenum);
704b1659 347 arg = strdelim(&cp);
089fbbd2 348 if (!arg || *arg == '\0')
48e671d5 349 fatal("%s line %d: missing port number.\n",
350 filename, linenum);
089fbbd2 351 options->ports[options->num_ports++] = atoi(arg);
48e671d5 352 break;
353
354 case sServerKeyBits:
355 intptr = &options->server_key_bits;
5260325f 356parse_int:
704b1659 357 arg = strdelim(&cp);
089fbbd2 358 if (!arg || *arg == '\0') {
5260325f 359 fprintf(stderr, "%s line %d: missing integer value.\n",
360 filename, linenum);
361 exit(1);
362 }
089fbbd2 363 value = atoi(arg);
5260325f 364 if (*intptr == -1)
365 *intptr = value;
366 break;
367
5260325f 368 case sLoginGraceTime:
369 intptr = &options->login_grace_time;
370 goto parse_int;
371
372 case sKeyRegenerationTime:
373 intptr = &options->key_regeneration_time;
374 goto parse_int;
375
376 case sListenAddress:
704b1659 377 arg = strdelim(&cp);
089fbbd2 378 if (!arg || *arg == '\0')
48e671d5 379 fatal("%s line %d: missing inet addr.\n",
380 filename, linenum);
089fbbd2 381 add_listen_addr(options, arg);
5260325f 382 break;
383
384 case sHostKeyFile:
1d1ffb87 385 case sHostDSAKeyFile:
e78a59f5 386 charptr = (opcode == sHostKeyFile ) ?
1d1ffb87 387 &options->host_key_file : &options->host_dsa_key_file;
fa649821 388parse_filename:
704b1659 389 arg = strdelim(&cp);
089fbbd2 390 if (!arg || *arg == '\0') {
5260325f 391 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 392 filename, linenum);
393 exit(1);
394 }
395 if (*charptr == NULL)
089fbbd2 396 *charptr = tilde_expand_filename(arg, getuid());
0fbe8c74 397 break;
398
399 case sPidFile:
400 charptr = &options->pid_file;
fa649821 401 goto parse_filename;
5260325f 402
403 case sRandomSeedFile:
404 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
405 filename, linenum);
704b1659 406 arg = strdelim(&cp);
5260325f 407 break;
408
409 case sPermitRootLogin:
410 intptr = &options->permit_root_login;
704b1659 411 arg = strdelim(&cp);
089fbbd2 412 if (!arg || *arg == '\0') {
5260325f 413 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
414 filename, linenum);
415 exit(1);
416 }
089fbbd2 417 if (strcmp(arg, "without-password") == 0)
5260325f 418 value = 2;
089fbbd2 419 else if (strcmp(arg, "yes") == 0)
5260325f 420 value = 1;
089fbbd2 421 else if (strcmp(arg, "no") == 0)
5260325f 422 value = 0;
423 else {
424 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 425 filename, linenum, arg);
5260325f 426 exit(1);
427 }
428 if (*intptr == -1)
429 *intptr = value;
430 break;
431
432 case sIgnoreRhosts:
433 intptr = &options->ignore_rhosts;
434parse_flag:
704b1659 435 arg = strdelim(&cp);
089fbbd2 436 if (!arg || *arg == '\0') {
5260325f 437 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
438 filename, linenum);
439 exit(1);
440 }
089fbbd2 441 if (strcmp(arg, "yes") == 0)
5260325f 442 value = 1;
089fbbd2 443 else if (strcmp(arg, "no") == 0)
5260325f 444 value = 0;
445 else {
446 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 447 filename, linenum, arg);
5260325f 448 exit(1);
449 }
450 if (*intptr == -1)
451 *intptr = value;
452 break;
453
454 case sIgnoreUserKnownHosts:
455 intptr = &options->ignore_user_known_hosts;
c8d54615 456 goto parse_flag;
5260325f 457
458 case sRhostsAuthentication:
459 intptr = &options->rhosts_authentication;
460 goto parse_flag;
461
462 case sRhostsRSAAuthentication:
463 intptr = &options->rhosts_rsa_authentication;
464 goto parse_flag;
465
466 case sRSAAuthentication:
467 intptr = &options->rsa_authentication;
468 goto parse_flag;
469
1d1ffb87 470 case sDSAAuthentication:
471 intptr = &options->dsa_authentication;
472 goto parse_flag;
473
8efc0c15 474#ifdef KRB4
5260325f 475 case sKerberosAuthentication:
476 intptr = &options->kerberos_authentication;
477 goto parse_flag;
478
479 case sKerberosOrLocalPasswd:
480 intptr = &options->kerberos_or_local_passwd;
481 goto parse_flag;
482
483 case sKerberosTicketCleanup:
484 intptr = &options->kerberos_ticket_cleanup;
485 goto parse_flag;
8efc0c15 486#endif
5260325f 487
8efc0c15 488#ifdef AFS
5260325f 489 case sKerberosTgtPassing:
490 intptr = &options->kerberos_tgt_passing;
491 goto parse_flag;
8efc0c15 492
5260325f 493 case sAFSTokenPassing:
494 intptr = &options->afs_token_passing;
495 goto parse_flag;
8efc0c15 496#endif
497
5260325f 498 case sPasswordAuthentication:
499 intptr = &options->password_authentication;
500 goto parse_flag;
8efc0c15 501
5260325f 502 case sCheckMail:
503 intptr = &options->check_mail;
504 goto parse_flag;
8efc0c15 505
506#ifdef SKEY
5260325f 507 case sSkeyAuthentication:
508 intptr = &options->skey_authentication;
509 goto parse_flag;
8efc0c15 510#endif
511
5260325f 512 case sPrintMotd:
513 intptr = &options->print_motd;
514 goto parse_flag;
515
516 case sX11Forwarding:
517 intptr = &options->x11_forwarding;
518 goto parse_flag;
519
520 case sX11DisplayOffset:
521 intptr = &options->x11_display_offset;
522 goto parse_int;
523
fa649821 524 case sXAuthLocation:
525 charptr = &options->xauth_location;
526 goto parse_filename;
527
5260325f 528 case sStrictModes:
529 intptr = &options->strict_modes;
530 goto parse_flag;
531
532 case sKeepAlives:
533 intptr = &options->keepalives;
534 goto parse_flag;
535
536 case sEmptyPasswd:
537 intptr = &options->permit_empty_passwd;
538 goto parse_flag;
539
540 case sUseLogin:
541 intptr = &options->use_login;
542 goto parse_flag;
543
1d1ffb87 544 case sGatewayPorts:
545 intptr = &options->gateway_ports;
546 goto parse_flag;
547
5260325f 548 case sLogFacility:
549 intptr = (int *) &options->log_facility;
704b1659 550 arg = strdelim(&cp);
089fbbd2 551 value = log_facility_number(arg);
5260325f 552 if (value == (SyslogFacility) - 1)
553 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 554 filename, linenum, arg ? arg : "<NONE>");
5260325f 555 if (*intptr == -1)
556 *intptr = (SyslogFacility) value;
557 break;
558
559 case sLogLevel:
560 intptr = (int *) &options->log_level;
704b1659 561 arg = strdelim(&cp);
089fbbd2 562 value = log_level_number(arg);
5260325f 563 if (value == (LogLevel) - 1)
564 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 565 filename, linenum, arg ? arg : "<NONE>");
5260325f 566 if (*intptr == -1)
567 *intptr = (LogLevel) value;
568 break;
569
570 case sAllowUsers:
704b1659 571 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 572 if (options->num_allow_users >= MAX_ALLOW_USERS)
573 fatal("%s line %d: too many allow users.\n",
574 filename, linenum);
089fbbd2 575 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 576 }
577 break;
578
579 case sDenyUsers:
704b1659 580 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 581 if (options->num_deny_users >= MAX_DENY_USERS)
582 fatal( "%s line %d: too many deny users.\n",
583 filename, linenum);
089fbbd2 584 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 585 }
586 break;
587
588 case sAllowGroups:
704b1659 589 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 590 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
591 fatal("%s line %d: too many allow groups.\n",
592 filename, linenum);
089fbbd2 593 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 594 }
595 break;
596
597 case sDenyGroups:
704b1659 598 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 599 if (options->num_deny_groups >= MAX_DENY_GROUPS)
600 fatal("%s line %d: too many deny groups.\n",
601 filename, linenum);
089fbbd2 602 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 603 }
604 break;
605
a8be9f80 606 case sCiphers:
704b1659 607 arg = strdelim(&cp);
089fbbd2 608 if (!arg || *arg == '\0')
71276795 609 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 610 if (!ciphers_valid(arg))
d0c832f3 611 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 612 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 613 if (options->ciphers == NULL)
089fbbd2 614 options->ciphers = xstrdup(arg);
a8be9f80 615 break;
616
617 case sProtocol:
618 intptr = &options->protocol;
704b1659 619 arg = strdelim(&cp);
089fbbd2 620 if (!arg || *arg == '\0')
71276795 621 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 622 value = proto_spec(arg);
a8be9f80 623 if (value == SSH_PROTO_UNKNOWN)
624 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 625 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 626 if (*intptr == SSH_PROTO_UNKNOWN)
627 *intptr = value;
628 break;
629
38c295d6 630 case sSubsystem:
631 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
632 fatal("%s line %d: too many subsystems defined.",
633 filename, linenum);
634 }
704b1659 635 arg = strdelim(&cp);
089fbbd2 636 if (!arg || *arg == '\0')
38c295d6 637 fatal("%s line %d: Missing subsystem name.",
638 filename, linenum);
639 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 640 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 641 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 642 filename, linenum, arg);
643 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 644 arg = strdelim(&cp);
089fbbd2 645 if (!arg || *arg == '\0')
38c295d6 646 fatal("%s line %d: Missing subsystem command.",
647 filename, linenum);
089fbbd2 648 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 649 options->num_subsystems++;
650 break;
651
089fbbd2 652 case sMaxStartups:
c345cf9d 653 arg = strdelim(&cp);
654 if (!arg || *arg == '\0')
655 fatal("%s line %d: Missing MaxStartups spec.",
656 filename, linenum);
657 if (sscanf(arg, "%d:%d:%d",
658 &options->max_startups_begin,
659 &options->max_startups_rate,
660 &options->max_startups) == 3) {
661 if (options->max_startups_begin >
662 options->max_startups ||
663 options->max_startups_rate > 100 ||
664 options->max_startups_rate < 1)
665 fatal("%s line %d: Illegal MaxStartups spec.",
666 filename, linenum);
667 break;
668 }
089fbbd2 669 intptr = &options->max_startups;
670 goto parse_int;
671
5260325f 672 default:
673 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 674 filename, linenum, arg, opcode);
5260325f 675 exit(1);
8efc0c15 676 }
704b1659 677 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 678 fprintf(stderr,
679 "%s line %d: garbage at end of line; \"%.200s\".\n",
680 filename, linenum, arg);
5260325f 681 exit(1);
8efc0c15 682 }
8efc0c15 683 }
5260325f 684 fclose(f);
685 if (bad_options > 0) {
686 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
687 filename, bad_options);
688 exit(1);
8efc0c15 689 }
8efc0c15 690}
git-cvsimport mirror of OpenSSH
This page took 0.840586 seconds and 5 git commands to generate.