]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/01/22 23:06:39
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
d464095c 13RCSID("$OpenBSD: servconf.c,v 1.63 2001/01/22 23:06:39 markus Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31
8efc0c15 32
48e671d5 33/* add listen address */
34void add_listen_addr(ServerOptions *options, char *addr);
35
42f11eb2 36/* AF_UNSPEC or AF_INET or AF_INET6 */
37extern int IPv4or6;
38
8efc0c15 39/* Initializes the server options to their default values. */
40
6ae2364d 41void
5260325f 42initialize_server_options(ServerOptions *options)
8efc0c15 43{
5260325f 44 memset(options, 0, sizeof(*options));
48e671d5 45 options->num_ports = 0;
46 options->ports_from_cmdline = 0;
47 options->listen_addrs = NULL;
fa08c86b 48 options->num_host_key_files = 0;
0fbe8c74 49 options->pid_file = NULL;
5260325f 50 options->server_key_bits = -1;
51 options->login_grace_time = -1;
52 options->key_regeneration_time = -1;
53 options->permit_root_login = -1;
54 options->ignore_rhosts = -1;
55 options->ignore_user_known_hosts = -1;
56 options->print_motd = -1;
57 options->check_mail = -1;
58 options->x11_forwarding = -1;
59 options->x11_display_offset = -1;
fa649821 60 options->xauth_location = NULL;
5260325f 61 options->strict_modes = -1;
62 options->keepalives = -1;
63 options->log_facility = (SyslogFacility) - 1;
64 options->log_level = (LogLevel) - 1;
65 options->rhosts_authentication = -1;
66 options->rhosts_rsa_authentication = -1;
67 options->rsa_authentication = -1;
fa08c86b 68 options->pubkey_authentication = -1;
8efc0c15 69#ifdef KRB4
5260325f 70 options->kerberos_authentication = -1;
71 options->kerberos_or_local_passwd = -1;
72 options->kerberos_ticket_cleanup = -1;
8efc0c15 73#endif
74#ifdef AFS
5260325f 75 options->kerberos_tgt_passing = -1;
76 options->afs_token_passing = -1;
8efc0c15 77#endif
5260325f 78 options->password_authentication = -1;
94ec8c6b 79 options->kbd_interactive_authentication = -1;
d464095c 80 options->challenge_reponse_authentication = -1;
5260325f 81 options->permit_empty_passwd = -1;
82 options->use_login = -1;
33de75a3 83 options->allow_tcp_forwarding = -1;
5260325f 84 options->num_allow_users = 0;
85 options->num_deny_users = 0;
86 options->num_allow_groups = 0;
87 options->num_deny_groups = 0;
a8be9f80 88 options->ciphers = NULL;
89 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 90 options->gateway_ports = -1;
38c295d6 91 options->num_subsystems = 0;
c345cf9d 92 options->max_startups_begin = -1;
93 options->max_startups_rate = -1;
089fbbd2 94 options->max_startups = -1;
eea39c02 95 options->banner = NULL;
8efc0c15 96}
97
6ae2364d 98void
5260325f 99fill_default_server_options(ServerOptions *options)
8efc0c15 100{
fa08c86b 101 if (options->protocol == SSH_PROTO_UNKNOWN)
102 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
103 if (options->num_host_key_files == 0) {
104 /* fill default hostkeys for protocols */
105 if (options->protocol & SSH_PROTO_1)
42f11eb2 106 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 107 if (options->protocol & SSH_PROTO_2)
42f11eb2 108 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 109 }
48e671d5 110 if (options->num_ports == 0)
111 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
112 if (options->listen_addrs == NULL)
113 add_listen_addr(options, NULL);
0fbe8c74 114 if (options->pid_file == NULL)
42f11eb2 115 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 116 if (options->server_key_bits == -1)
117 options->server_key_bits = 768;
118 if (options->login_grace_time == -1)
119 options->login_grace_time = 600;
120 if (options->key_regeneration_time == -1)
121 options->key_regeneration_time = 3600;
122 if (options->permit_root_login == -1)
123 options->permit_root_login = 1; /* yes */
124 if (options->ignore_rhosts == -1)
c8d54615 125 options->ignore_rhosts = 1;
5260325f 126 if (options->ignore_user_known_hosts == -1)
127 options->ignore_user_known_hosts = 0;
128 if (options->check_mail == -1)
129 options->check_mail = 0;
130 if (options->print_motd == -1)
131 options->print_motd = 1;
132 if (options->x11_forwarding == -1)
c8d54615 133 options->x11_forwarding = 0;
5260325f 134 if (options->x11_display_offset == -1)
c8d54615 135 options->x11_display_offset = 10;
fa649821 136#ifdef XAUTH_PATH
137 if (options->xauth_location == NULL)
138 options->xauth_location = XAUTH_PATH;
139#endif /* XAUTH_PATH */
5260325f 140 if (options->strict_modes == -1)
141 options->strict_modes = 1;
142 if (options->keepalives == -1)
143 options->keepalives = 1;
144 if (options->log_facility == (SyslogFacility) (-1))
145 options->log_facility = SYSLOG_FACILITY_AUTH;
146 if (options->log_level == (LogLevel) (-1))
59c97189 147 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 148 if (options->rhosts_authentication == -1)
149 options->rhosts_authentication = 0;
150 if (options->rhosts_rsa_authentication == -1)
c8d54615 151 options->rhosts_rsa_authentication = 0;
5260325f 152 if (options->rsa_authentication == -1)
153 options->rsa_authentication = 1;
fa08c86b 154 if (options->pubkey_authentication == -1)
155 options->pubkey_authentication = 1;
8efc0c15 156#ifdef KRB4
5260325f 157 if (options->kerberos_authentication == -1)
158 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
159 if (options->kerberos_or_local_passwd == -1)
160 options->kerberos_or_local_passwd = 1;
161 if (options->kerberos_ticket_cleanup == -1)
162 options->kerberos_ticket_cleanup = 1;
8efc0c15 163#endif /* KRB4 */
164#ifdef AFS
5260325f 165 if (options->kerberos_tgt_passing == -1)
166 options->kerberos_tgt_passing = 0;
167 if (options->afs_token_passing == -1)
168 options->afs_token_passing = k_hasafs();
8efc0c15 169#endif /* AFS */
5260325f 170 if (options->password_authentication == -1)
171 options->password_authentication = 1;
94ec8c6b 172 if (options->kbd_interactive_authentication == -1)
173 options->kbd_interactive_authentication = 0;
d464095c 174 if (options->challenge_reponse_authentication == -1)
175 options->challenge_reponse_authentication = 1;
5260325f 176 if (options->permit_empty_passwd == -1)
c8d54615 177 options->permit_empty_passwd = 0;
5260325f 178 if (options->use_login == -1)
179 options->use_login = 0;
33de75a3 180 if (options->allow_tcp_forwarding == -1)
181 options->allow_tcp_forwarding = 1;
1d1ffb87 182 if (options->gateway_ports == -1)
183 options->gateway_ports = 0;
089fbbd2 184 if (options->max_startups == -1)
185 options->max_startups = 10;
c345cf9d 186 if (options->max_startups_rate == -1)
187 options->max_startups_rate = 100; /* 100% */
188 if (options->max_startups_begin == -1)
189 options->max_startups_begin = options->max_startups;
8efc0c15 190}
191
8efc0c15 192/* Keyword tokens. */
5260325f 193typedef enum {
194 sBadOption, /* == unknown option */
195 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
196 sPermitRootLogin, sLogFacility, sLogLevel,
197 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 198#ifdef KRB4
5260325f 199 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 200#endif
201#ifdef AFS
5260325f 202 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 203#endif
d464095c 204 sChallengeResponseAuthentication,
94ec8c6b 205 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
5260325f 206 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
207 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
33de75a3 208 sUseLogin, sAllowTcpForwarding,
209 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
fa08c86b 210 sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
211 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
eea39c02 212 sBanner
8efc0c15 213} ServerOpCodes;
214
215/* Textual representation of the tokens. */
5260325f 216static struct {
217 const char *name;
218 ServerOpCodes opcode;
219} keywords[] = {
220 { "port", sPort },
221 { "hostkey", sHostKeyFile },
fa08c86b 222 { "hostdsakey", sHostKeyFile }, /* alias */
0fbe8c74 223 { "pidfile", sPidFile },
5260325f 224 { "serverkeybits", sServerKeyBits },
225 { "logingracetime", sLoginGraceTime },
226 { "keyregenerationinterval", sKeyRegenerationTime },
227 { "permitrootlogin", sPermitRootLogin },
228 { "syslogfacility", sLogFacility },
229 { "loglevel", sLogLevel },
230 { "rhostsauthentication", sRhostsAuthentication },
231 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
232 { "rsaauthentication", sRSAAuthentication },
fa08c86b 233 { "pubkeyauthentication", sPubkeyAuthentication },
234 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 235#ifdef KRB4
5260325f 236 { "kerberosauthentication", sKerberosAuthentication },
237 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
238 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 239#endif
240#ifdef AFS
5260325f 241 { "kerberostgtpassing", sKerberosTgtPassing },
242 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 243#endif
5260325f 244 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 245 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 246 { "challengeresponseauthentication", sChallengeResponseAuthentication },
247 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 248 { "checkmail", sCheckMail },
249 { "listenaddress", sListenAddress },
250 { "printmotd", sPrintMotd },
251 { "ignorerhosts", sIgnoreRhosts },
252 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
253 { "x11forwarding", sX11Forwarding },
254 { "x11displayoffset", sX11DisplayOffset },
fa649821 255 { "xauthlocation", sXAuthLocation },
5260325f 256 { "strictmodes", sStrictModes },
257 { "permitemptypasswords", sEmptyPasswd },
258 { "uselogin", sUseLogin },
259 { "randomseed", sRandomSeedFile },
260 { "keepalive", sKeepAlives },
33de75a3 261 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 262 { "allowusers", sAllowUsers },
263 { "denyusers", sDenyUsers },
264 { "allowgroups", sAllowGroups },
265 { "denygroups", sDenyGroups },
a8be9f80 266 { "ciphers", sCiphers },
267 { "protocol", sProtocol },
1d1ffb87 268 { "gatewayports", sGatewayPorts },
38c295d6 269 { "subsystem", sSubsystem },
089fbbd2 270 { "maxstartups", sMaxStartups },
eea39c02 271 { "banner", sBanner },
5260325f 272 { NULL, 0 }
8efc0c15 273};
274
aa3378df 275/*
276 * Returns the number of the token pointed to by cp of length len. Never
277 * returns if the token is not known.
278 */
8efc0c15 279
6ae2364d 280static ServerOpCodes
5260325f 281parse_token(const char *cp, const char *filename,
282 int linenum)
8efc0c15 283{
1e3b8b07 284 u_int i;
8efc0c15 285
5260325f 286 for (i = 0; keywords[i].name; i++)
aa3378df 287 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 288 return keywords[i].opcode;
8efc0c15 289
5260325f 290 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
291 filename, linenum, cp);
292 return sBadOption;
8efc0c15 293}
294
48e671d5 295/*
296 * add listen address
297 */
6ae2364d 298void
48e671d5 299add_listen_addr(ServerOptions *options, char *addr)
300{
48e671d5 301 struct addrinfo hints, *ai, *aitop;
302 char strport[NI_MAXSERV];
303 int gaierr;
304 int i;
305
306 if (options->num_ports == 0)
307 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
308 for (i = 0; i < options->num_ports; i++) {
309 memset(&hints, 0, sizeof(hints));
310 hints.ai_family = IPv4or6;
311 hints.ai_socktype = SOCK_STREAM;
312 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
313 snprintf(strport, sizeof strport, "%d", options->ports[i]);
314 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
315 fatal("bad addr or host: %s (%s)\n",
316 addr ? addr : "<NULL>",
317 gai_strerror(gaierr));
318 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
319 ;
320 ai->ai_next = options->listen_addrs;
321 options->listen_addrs = aitop;
322 }
323}
324
8efc0c15 325/* Reads the server configuration file. */
326
6ae2364d 327void
5260325f 328read_server_config(ServerOptions *options, const char *filename)
8efc0c15 329{
5260325f 330 FILE *f;
331 char line[1024];
089fbbd2 332 char *cp, **charptr, *arg;
5260325f 333 int linenum, *intptr, value;
334 int bad_options = 0;
335 ServerOpCodes opcode;
38c295d6 336 int i;
5260325f 337
338 f = fopen(filename, "r");
339 if (!f) {
340 perror(filename);
8efc0c15 341 exit(1);
5260325f 342 }
343 linenum = 0;
344 while (fgets(line, sizeof(line), f)) {
345 linenum++;
704b1659 346 cp = line;
347 arg = strdelim(&cp);
348 /* Ignore leading whitespace */
349 if (*arg == '\0')
350 arg = strdelim(&cp);
42f11eb2 351 if (!arg || !*arg || *arg == '#')
5260325f 352 continue;
fa08c86b 353 intptr = NULL;
354 charptr = NULL;
089fbbd2 355 opcode = parse_token(arg, filename, linenum);
5260325f 356 switch (opcode) {
357 case sBadOption:
358 bad_options++;
359 continue;
360 case sPort:
48e671d5 361 /* ignore ports from configfile if cmdline specifies ports */
362 if (options->ports_from_cmdline)
363 continue;
364 if (options->listen_addrs != NULL)
365 fatal("%s line %d: ports must be specified before "
366 "ListenAdress.\n", filename, linenum);
367 if (options->num_ports >= MAX_PORTS)
368 fatal("%s line %d: too many ports.\n",
6ae2364d 369 filename, linenum);
704b1659 370 arg = strdelim(&cp);
089fbbd2 371 if (!arg || *arg == '\0')
48e671d5 372 fatal("%s line %d: missing port number.\n",
373 filename, linenum);
089fbbd2 374 options->ports[options->num_ports++] = atoi(arg);
48e671d5 375 break;
376
377 case sServerKeyBits:
378 intptr = &options->server_key_bits;
5260325f 379parse_int:
704b1659 380 arg = strdelim(&cp);
089fbbd2 381 if (!arg || *arg == '\0') {
5260325f 382 fprintf(stderr, "%s line %d: missing integer value.\n",
383 filename, linenum);
384 exit(1);
385 }
089fbbd2 386 value = atoi(arg);
5260325f 387 if (*intptr == -1)
388 *intptr = value;
389 break;
390
5260325f 391 case sLoginGraceTime:
392 intptr = &options->login_grace_time;
393 goto parse_int;
394
395 case sKeyRegenerationTime:
396 intptr = &options->key_regeneration_time;
397 goto parse_int;
398
399 case sListenAddress:
704b1659 400 arg = strdelim(&cp);
089fbbd2 401 if (!arg || *arg == '\0')
48e671d5 402 fatal("%s line %d: missing inet addr.\n",
403 filename, linenum);
089fbbd2 404 add_listen_addr(options, arg);
5260325f 405 break;
406
407 case sHostKeyFile:
fa08c86b 408 intptr = &options->num_host_key_files;
409 if (*intptr >= MAX_HOSTKEYS) {
410 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
411 filename, linenum, MAX_HOSTKEYS);
412 exit(1);
413 }
414 charptr = &options->host_key_files[*intptr];
fa649821 415parse_filename:
704b1659 416 arg = strdelim(&cp);
089fbbd2 417 if (!arg || *arg == '\0') {
5260325f 418 fprintf(stderr, "%s line %d: missing file name.\n",
0fbe8c74 419 filename, linenum);
420 exit(1);
421 }
fa08c86b 422 if (*charptr == NULL) {
089fbbd2 423 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 424 /* increase optional counter */
425 if (intptr != NULL)
426 *intptr = *intptr + 1;
427 }
0fbe8c74 428 break;
429
430 case sPidFile:
431 charptr = &options->pid_file;
fa649821 432 goto parse_filename;
5260325f 433
434 case sRandomSeedFile:
435 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
436 filename, linenum);
704b1659 437 arg = strdelim(&cp);
5260325f 438 break;
439
440 case sPermitRootLogin:
441 intptr = &options->permit_root_login;
704b1659 442 arg = strdelim(&cp);
089fbbd2 443 if (!arg || *arg == '\0') {
5260325f 444 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
445 filename, linenum);
446 exit(1);
447 }
089fbbd2 448 if (strcmp(arg, "without-password") == 0)
5260325f 449 value = 2;
089fbbd2 450 else if (strcmp(arg, "yes") == 0)
5260325f 451 value = 1;
089fbbd2 452 else if (strcmp(arg, "no") == 0)
5260325f 453 value = 0;
454 else {
455 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
089fbbd2 456 filename, linenum, arg);
5260325f 457 exit(1);
458 }
459 if (*intptr == -1)
460 *intptr = value;
461 break;
462
463 case sIgnoreRhosts:
464 intptr = &options->ignore_rhosts;
465parse_flag:
704b1659 466 arg = strdelim(&cp);
089fbbd2 467 if (!arg || *arg == '\0') {
5260325f 468 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
469 filename, linenum);
470 exit(1);
471 }
089fbbd2 472 if (strcmp(arg, "yes") == 0)
5260325f 473 value = 1;
089fbbd2 474 else if (strcmp(arg, "no") == 0)
5260325f 475 value = 0;
476 else {
477 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
089fbbd2 478 filename, linenum, arg);
5260325f 479 exit(1);
480 }
481 if (*intptr == -1)
482 *intptr = value;
483 break;
484
485 case sIgnoreUserKnownHosts:
486 intptr = &options->ignore_user_known_hosts;
c8d54615 487 goto parse_flag;
5260325f 488
489 case sRhostsAuthentication:
490 intptr = &options->rhosts_authentication;
491 goto parse_flag;
492
493 case sRhostsRSAAuthentication:
494 intptr = &options->rhosts_rsa_authentication;
495 goto parse_flag;
496
497 case sRSAAuthentication:
498 intptr = &options->rsa_authentication;
499 goto parse_flag;
500
fa08c86b 501 case sPubkeyAuthentication:
502 intptr = &options->pubkey_authentication;
1d1ffb87 503 goto parse_flag;
504
8efc0c15 505#ifdef KRB4
5260325f 506 case sKerberosAuthentication:
507 intptr = &options->kerberos_authentication;
508 goto parse_flag;
509
510 case sKerberosOrLocalPasswd:
511 intptr = &options->kerberos_or_local_passwd;
512 goto parse_flag;
513
514 case sKerberosTicketCleanup:
515 intptr = &options->kerberos_ticket_cleanup;
516 goto parse_flag;
8efc0c15 517#endif
5260325f 518
8efc0c15 519#ifdef AFS
5260325f 520 case sKerberosTgtPassing:
521 intptr = &options->kerberos_tgt_passing;
522 goto parse_flag;
8efc0c15 523
5260325f 524 case sAFSTokenPassing:
525 intptr = &options->afs_token_passing;
526 goto parse_flag;
8efc0c15 527#endif
528
5260325f 529 case sPasswordAuthentication:
530 intptr = &options->password_authentication;
531 goto parse_flag;
8efc0c15 532
94ec8c6b 533 case sKbdInteractiveAuthentication:
534 intptr = &options->kbd_interactive_authentication;
535 goto parse_flag;
536
5260325f 537 case sCheckMail:
538 intptr = &options->check_mail;
539 goto parse_flag;
8efc0c15 540
d464095c 541 case sChallengeResponseAuthentication:
542 intptr = &options->challenge_reponse_authentication;
5260325f 543 goto parse_flag;
8efc0c15 544
5260325f 545 case sPrintMotd:
546 intptr = &options->print_motd;
547 goto parse_flag;
548
549 case sX11Forwarding:
550 intptr = &options->x11_forwarding;
551 goto parse_flag;
552
553 case sX11DisplayOffset:
554 intptr = &options->x11_display_offset;
555 goto parse_int;
556
fa649821 557 case sXAuthLocation:
558 charptr = &options->xauth_location;
559 goto parse_filename;
560
5260325f 561 case sStrictModes:
562 intptr = &options->strict_modes;
563 goto parse_flag;
564
565 case sKeepAlives:
566 intptr = &options->keepalives;
567 goto parse_flag;
568
569 case sEmptyPasswd:
570 intptr = &options->permit_empty_passwd;
571 goto parse_flag;
572
573 case sUseLogin:
574 intptr = &options->use_login;
575 goto parse_flag;
576
1d1ffb87 577 case sGatewayPorts:
578 intptr = &options->gateway_ports;
579 goto parse_flag;
580
5260325f 581 case sLogFacility:
582 intptr = (int *) &options->log_facility;
704b1659 583 arg = strdelim(&cp);
089fbbd2 584 value = log_facility_number(arg);
5260325f 585 if (value == (SyslogFacility) - 1)
586 fatal("%.200s line %d: unsupported log facility '%s'\n",
089fbbd2 587 filename, linenum, arg ? arg : "<NONE>");
5260325f 588 if (*intptr == -1)
589 *intptr = (SyslogFacility) value;
590 break;
591
592 case sLogLevel:
593 intptr = (int *) &options->log_level;
704b1659 594 arg = strdelim(&cp);
089fbbd2 595 value = log_level_number(arg);
5260325f 596 if (value == (LogLevel) - 1)
597 fatal("%.200s line %d: unsupported log level '%s'\n",
089fbbd2 598 filename, linenum, arg ? arg : "<NONE>");
5260325f 599 if (*intptr == -1)
600 *intptr = (LogLevel) value;
601 break;
602
33de75a3 603 case sAllowTcpForwarding:
604 intptr = &options->allow_tcp_forwarding;
605 goto parse_flag;
606
5260325f 607 case sAllowUsers:
704b1659 608 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 609 if (options->num_allow_users >= MAX_ALLOW_USERS)
610 fatal("%s line %d: too many allow users.\n",
611 filename, linenum);
089fbbd2 612 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 613 }
614 break;
615
616 case sDenyUsers:
704b1659 617 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 618 if (options->num_deny_users >= MAX_DENY_USERS)
619 fatal( "%s line %d: too many deny users.\n",
620 filename, linenum);
089fbbd2 621 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 622 }
623 break;
624
625 case sAllowGroups:
704b1659 626 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 627 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
628 fatal("%s line %d: too many allow groups.\n",
629 filename, linenum);
089fbbd2 630 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 631 }
632 break;
633
634 case sDenyGroups:
704b1659 635 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 636 if (options->num_deny_groups >= MAX_DENY_GROUPS)
637 fatal("%s line %d: too many deny groups.\n",
638 filename, linenum);
089fbbd2 639 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 640 }
641 break;
642
a8be9f80 643 case sCiphers:
704b1659 644 arg = strdelim(&cp);
089fbbd2 645 if (!arg || *arg == '\0')
71276795 646 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 647 if (!ciphers_valid(arg))
d0c832f3 648 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 649 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 650 if (options->ciphers == NULL)
089fbbd2 651 options->ciphers = xstrdup(arg);
a8be9f80 652 break;
653
654 case sProtocol:
655 intptr = &options->protocol;
704b1659 656 arg = strdelim(&cp);
089fbbd2 657 if (!arg || *arg == '\0')
71276795 658 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 659 value = proto_spec(arg);
a8be9f80 660 if (value == SSH_PROTO_UNKNOWN)
661 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 662 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 663 if (*intptr == SSH_PROTO_UNKNOWN)
664 *intptr = value;
665 break;
666
38c295d6 667 case sSubsystem:
668 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
669 fatal("%s line %d: too many subsystems defined.",
670 filename, linenum);
671 }
704b1659 672 arg = strdelim(&cp);
089fbbd2 673 if (!arg || *arg == '\0')
38c295d6 674 fatal("%s line %d: Missing subsystem name.",
675 filename, linenum);
676 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 677 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 678 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 679 filename, linenum, arg);
680 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 681 arg = strdelim(&cp);
089fbbd2 682 if (!arg || *arg == '\0')
38c295d6 683 fatal("%s line %d: Missing subsystem command.",
684 filename, linenum);
089fbbd2 685 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 686 options->num_subsystems++;
687 break;
688
089fbbd2 689 case sMaxStartups:
c345cf9d 690 arg = strdelim(&cp);
691 if (!arg || *arg == '\0')
692 fatal("%s line %d: Missing MaxStartups spec.",
693 filename, linenum);
694 if (sscanf(arg, "%d:%d:%d",
695 &options->max_startups_begin,
696 &options->max_startups_rate,
697 &options->max_startups) == 3) {
698 if (options->max_startups_begin >
699 options->max_startups ||
700 options->max_startups_rate > 100 ||
701 options->max_startups_rate < 1)
702 fatal("%s line %d: Illegal MaxStartups spec.",
703 filename, linenum);
704 break;
705 }
089fbbd2 706 intptr = &options->max_startups;
707 goto parse_int;
708
eea39c02 709 case sBanner:
710 charptr = &options->banner;
711 goto parse_filename;
712
5260325f 713 default:
714 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
089fbbd2 715 filename, linenum, arg, opcode);
5260325f 716 exit(1);
8efc0c15 717 }
704b1659 718 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
089fbbd2 719 fprintf(stderr,
720 "%s line %d: garbage at end of line; \"%.200s\".\n",
721 filename, linenum, arg);
5260325f 722 exit(1);
8efc0c15 723 }
8efc0c15 724 }
5260325f 725 fclose(f);
726 if (bad_options > 0) {
727 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
728 filename, bad_options);
729 exit(1);
8efc0c15 730 }
8efc0c15 731}
git-cvsimport mirror of OpenSSH
This page took 0.204844 seconds and 5 git commands to generate.