[openssh.git] / servconf.c

/*

servconf.c

Author: Tatu Ylonen <ylo@cs.hut.fi>

Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                   All rights reserved

Created: Mon Aug 21 15:48:58 1995 ylo

*/

#include "includes.h"
RCSID("$Id$");

#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"

/* Initializes the server options to their default values. */

void initialize_server_options(ServerOptions *options)
{
  memset(options, 0, sizeof(*options));
  options->port = -1;
  options->listen_addr.s_addr = htonl(INADDR_ANY);
  options->host_key_file = NULL;
  options->server_key_bits = -1;
  options->login_grace_time = -1;
  options->key_regeneration_time = -1;
  options->permit_root_login = -1;
  options->ignore_rhosts = -1;
  options->print_motd = -1;
  options->check_mail = -1;
  options->x11_forwarding = -1;
  options->x11_display_offset = -1;
  options->strict_modes = -1;
  options->keepalives = -1;
  options->log_facility = (SyslogFacility)-1;
  options->log_level = (LogLevel)-1;
  options->rhosts_authentication = -1;
  options->rhosts_rsa_authentication = -1;
  options->rsa_authentication = -1;
#ifdef KRB4
  options->kerberos_authentication = -1;
  options->kerberos_or_local_passwd = -1;
  options->kerberos_ticket_cleanup = -1;
#endif
#ifdef AFS
  options->kerberos_tgt_passing = -1;
  options->afs_token_passing = -1;
#endif
  options->password_authentication = -1;
#ifdef SKEY
  options->skey_authentication = -1;
#endif
  options->permit_empty_passwd = -1;
  options->use_login = -1;
  options->num_allow_users = 0;
  options->num_deny_users = 0;
  options->num_allow_groups = 0;
  options->num_deny_groups = 0;
}

void fill_default_server_options(ServerOptions *options)
{
  if (options->port == -1)
    {
      struct servent *sp;

      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
      if (sp)
	options->port = ntohs(sp->s_port);
      else
	options->port = SSH_DEFAULT_PORT;
      endservent();
    }
  if (options->host_key_file == NULL)
    options->host_key_file = HOST_KEY_FILE;
  if (options->server_key_bits == -1)
    options->server_key_bits = 768;
  if (options->login_grace_time == -1)
    options->login_grace_time = 600;
  if (options->key_regeneration_time == -1)
    options->key_regeneration_time = 3600;
  if (options->permit_root_login == -1)
    options->permit_root_login = 1;		 /* yes */
  if (options->ignore_rhosts == -1)
    options->ignore_rhosts = 0;
  if (options->check_mail == -1)
    options->check_mail = 0;
  if (options->print_motd == -1)
    options->print_motd = 1;
  if (options->x11_forwarding == -1)
    options->x11_forwarding = 1;
  if (options->x11_display_offset == -1)
    options->x11_display_offset = 1;
  if (options->strict_modes == -1)
    options->strict_modes = 1;
  if (options->keepalives == -1)
    options->keepalives = 1;
  if (options->log_facility == (SyslogFacility)(-1))
    options->log_facility = SYSLOG_FACILITY_AUTH;
  if (options->log_level == (LogLevel)(-1))
    options->log_level = SYSLOG_LEVEL_INFO;
  if (options->rhosts_authentication == -1)
    options->rhosts_authentication = 0;
  if (options->rhosts_rsa_authentication == -1)
    options->rhosts_rsa_authentication = 1;
  if (options->rsa_authentication == -1)
    options->rsa_authentication = 1;
#ifdef KRB4
  if (options->kerberos_authentication == -1)
    options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
  if (options->kerberos_or_local_passwd == -1)
    options->kerberos_or_local_passwd = 1;
  if (options->kerberos_ticket_cleanup == -1)
    options->kerberos_ticket_cleanup = 1;
#endif /* KRB4 */
#ifdef AFS
  if (options->kerberos_tgt_passing == -1)
    options->kerberos_tgt_passing = 0;
  if (options->afs_token_passing == -1)
    options->afs_token_passing = k_hasafs();
#endif /* AFS */
  if (options->password_authentication == -1)
    options->password_authentication = 1;
#ifdef SKEY
  if (options->skey_authentication == -1)
    options->skey_authentication = 1;
#endif
  if (options->permit_empty_passwd == -1)
    options->permit_empty_passwd = 1;
  if (options->use_login == -1)
    options->use_login = 0;
}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */
typedef enum 
{
  sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  sPermitRootLogin, sLogFacility, sLogLevel,
  sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#ifdef KRB4
  sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif
#ifdef AFS
  sKerberosTgtPassing, sAFSTokenPassing,
#endif
#ifdef SKEY
  sSkeyAuthentication,
#endif
  sPasswordAuthentication, sListenAddress,
  sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
  sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
  sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups

} ServerOpCodes;

/* Textual representation of the tokens. */
static struct
{
  const char *name;
  ServerOpCodes opcode;
} keywords[] =
{
  { "port", sPort },
  { "hostkey", sHostKeyFile },
  { "serverkeybits", sServerKeyBits },
  { "logingracetime", sLoginGraceTime },
  { "keyregenerationinterval", sKeyRegenerationTime },
  { "permitrootlogin", sPermitRootLogin },
  { "syslogfacility", sLogFacility },
  { "loglevel", sLogLevel },
  { "rhostsauthentication", sRhostsAuthentication },
  { "rhostsrsaauthentication", sRhostsRSAAuthentication },
  { "rsaauthentication", sRSAAuthentication },
#ifdef KRB4
  { "kerberosauthentication", sKerberosAuthentication },
  { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
  { "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#ifdef AFS
  { "kerberostgtpassing", sKerberosTgtPassing },
  { "afstokenpassing", sAFSTokenPassing },
#endif
  { "passwordauthentication", sPasswordAuthentication },
#ifdef SKEY
  { "skeyauthentication", sSkeyAuthentication },
#endif
  { "checkmail", sCheckMail },
  { "listenaddress", sListenAddress },
  { "printmotd", sPrintMotd },
  { "ignorerhosts", sIgnoreRhosts },
  { "x11forwarding", sX11Forwarding },
  { "x11displayoffset", sX11DisplayOffset },
  { "strictmodes", sStrictModes },
  { "permitemptypasswords", sEmptyPasswd },
  { "uselogin", sUseLogin },
  { "randomseed", sRandomSeedFile },
  { "keepalive", sKeepAlives },
  { "allowusers", sAllowUsers },
  { "denyusers", sDenyUsers },
  { "allowgroups", sAllowGroups },
  { "denygroups", sDenyGroups },
  { NULL, 0 }
};

static struct 
{
  const char *name;
  SyslogFacility facility;
} log_facilities[] =
{
  { "DAEMON", SYSLOG_FACILITY_DAEMON },
  { "USER", SYSLOG_FACILITY_USER },
  { "AUTH", SYSLOG_FACILITY_AUTH },
  { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
  { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
  { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
  { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
  { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
  { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
  { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
  { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
  { NULL, 0 }
};

static struct 
{
  const char *name;
  LogLevel level;
} log_levels[] =
{
  { "QUIET", SYSLOG_LEVEL_QUIET },
  { "FATAL", SYSLOG_LEVEL_FATAL },
  { "ERROR", SYSLOG_LEVEL_ERROR },
  { "INFO",  SYSLOG_LEVEL_INFO },
  { "CHAT",  SYSLOG_LEVEL_CHAT },
  { "DEBUG", SYSLOG_LEVEL_DEBUG },
  { NULL, 0 }
};

/* Returns the number of the token pointed to by cp of length len.
   Never returns if the token is not known. */

static ServerOpCodes parse_token(const char *cp, const char *filename,
				 int linenum)
{
  unsigned int i;

  for (i = 0; keywords[i].name; i++)
    if (strcmp(cp, keywords[i].name) == 0)
      return keywords[i].opcode;

  fprintf(stderr, "%s line %d: Bad configuration option: %s\n", 
	  filename, linenum, cp);
  exit(1);
}

/* Reads the server configuration file. */

void read_server_config(ServerOptions *options, const char *filename)
{
  FILE *f;
  char line[1024];
  char *cp, **charptr;
  int linenum, *intptr, i, value;
  ServerOpCodes opcode;

  f = fopen(filename, "r");
  if (!f)
    {
      perror(filename);
      exit(1);
    }

  linenum = 0;
  while (fgets(line, sizeof(line), f))
    {
      linenum++;
      cp = line + strspn(line, WHITESPACE);
      if (!*cp || *cp == '#')
	continue;
      cp = strtok(cp, WHITESPACE);
      {
	char *t = cp;
	for (; *t != 0; t++)
	  if ('A' <= *t && *t <= 'Z')
	    *t = *t - 'A' + 'a';	/* tolower */
      
      }
      opcode = parse_token(cp, filename, linenum);
      switch (opcode)
	{
	case sPort:
	  intptr = &options->port;
	parse_int:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing integer value.\n", 
		      filename, linenum);
	      exit(1);
	    }
	  value = atoi(cp);
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sServerKeyBits:
	  intptr = &options->server_key_bits;
	  goto parse_int;

	case sLoginGraceTime:
	  intptr = &options->login_grace_time;
	  goto parse_int;
	  
	case sKeyRegenerationTime:
	  intptr = &options->key_regeneration_time;
	  goto parse_int;

	case sListenAddress:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing inet addr.\n",
		      filename, linenum);
	      exit(1);
	    }
	  options->listen_addr.s_addr = inet_addr(cp);
	  break;

	case sHostKeyFile:
	  charptr = &options->host_key_file;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing file name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (*charptr == NULL)
	    *charptr = tilde_expand_filename(cp, getuid());
	  break;

	case sRandomSeedFile:
	  fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
		  filename, linenum);
	  cp = strtok(NULL, WHITESPACE);
	  break;

	case sPermitRootLogin:
	  intptr = &options->permit_root_login;
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "without-password") == 0)
	    value = 2;
	  else if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else if (strcmp(cp, "no") == 0)
	    value = 0;
	  else
	    {
	      fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n", 
	      	filename, linenum, cp);
	      exit(1);
	    }
	  if (*intptr == -1)
	    *intptr = value;
	  break;

	case sIgnoreRhosts:
	  intptr = &options->ignore_rhosts;
	parse_flag:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing yes/no argument.\n",
		      filename, linenum);
	      exit(1);
	    }
	  if (strcmp(cp, "yes") == 0)
	    value = 1;
	  else
	    if (strcmp(cp, "no") == 0)
	      value = 0;
	    else
	      {
		fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n", 
			filename, linenum, cp);
		exit(1);
	      }
	  if (*intptr == -1)
	    *intptr = value;
	  break;
	  
	case sRhostsAuthentication:
	  intptr = &options->rhosts_authentication;
	  goto parse_flag;

	case sRhostsRSAAuthentication:
	  intptr = &options->rhosts_rsa_authentication;
	  goto parse_flag;
	  
	case sRSAAuthentication:
	  intptr = &options->rsa_authentication;
	  goto parse_flag;
	  
#ifdef KRB4
	case sKerberosAuthentication:
	  intptr = &options->kerberos_authentication;
	  goto parse_flag;
	  
 	case sKerberosOrLocalPasswd:
 	  intptr = &options->kerberos_or_local_passwd;
 	  goto parse_flag;

	case sKerberosTicketCleanup:
	  intptr = &options->kerberos_ticket_cleanup;
	  goto parse_flag;
#endif
	  
#ifdef AFS
	case sKerberosTgtPassing:
	  intptr = &options->kerberos_tgt_passing;
	  goto parse_flag;

	case sAFSTokenPassing:
	  intptr = &options->afs_token_passing;
	  goto parse_flag;
#endif

	case sPasswordAuthentication:
	  intptr = &options->password_authentication;
	  goto parse_flag;

        case sCheckMail:
          intptr = &options->check_mail;
          goto parse_flag;

#ifdef SKEY
	case sSkeyAuthentication:
	  intptr = &options->skey_authentication;
	  goto parse_flag;
#endif

	case sPrintMotd:
	  intptr = &options->print_motd;
	  goto parse_flag;

	case sX11Forwarding:
	  intptr = &options->x11_forwarding;
	  goto parse_flag;

	case sX11DisplayOffset:
	  intptr = &options->x11_display_offset;
	  goto parse_int;

	case sStrictModes:
	  intptr = &options->strict_modes;
	  goto parse_flag;

	case sKeepAlives:
	  intptr = &options->keepalives;
	  goto parse_flag;
	  
	case sEmptyPasswd:
	  intptr = &options->permit_empty_passwd;
	  goto parse_flag;

        case sUseLogin:
          intptr = &options->use_login;
          goto parse_flag;

	case sLogFacility:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing facility name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  for (i = 0; log_facilities[i].name; i++)
	    if (strcasecmp(log_facilities[i].name, cp) == 0)
	      break;
	  if (!log_facilities[i].name)
	    {
	      fprintf(stderr, "%s line %d: unsupported log facility %s\n",
		      filename, linenum, cp);
	      exit(1);
	    }
	  if (options->log_facility == (SyslogFacility)(-1))
	    options->log_facility = log_facilities[i].facility;
	  break;

	case sLogLevel:
	  cp = strtok(NULL, WHITESPACE);
	  if (!cp)
	    {
	      fprintf(stderr, "%s line %d: missing level name.\n",
		      filename, linenum);
	      exit(1);
	    }
	  for (i = 0; log_levels[i].name; i++)
	    if (strcasecmp(log_levels[i].name, cp) == 0)
	      break;
	  if (!log_levels[i].name)
	    {
	      fprintf(stderr, "%s line %d: unsupported log level %s\n",
		      filename, linenum, cp);
	      exit(1);
	    }
	  if (options->log_level == (LogLevel)(-1))
	    options->log_level = log_levels[i].level;
	  break;
	  
	case sAllowUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_users >= MAX_ALLOW_USERS)
		{
		  fprintf(stderr, "%s line %d: too many allow users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_users[options->num_allow_users++] = xstrdup(cp);
	    }
	  break;

	case sDenyUsers:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_users >= MAX_DENY_USERS)
		{
		  fprintf(stderr, "%s line %d: too many deny users.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_users[options->num_deny_users++] = xstrdup(cp);
	    }
	  break;

	case sAllowGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many allow groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
	    }
	  break;

	case sDenyGroups:
	  while ((cp = strtok(NULL, WHITESPACE)))
	    {
	      if (options->num_deny_groups >= MAX_DENY_GROUPS)
		{
		  fprintf(stderr, "%s line %d: too many deny groups.\n",
			  filename, linenum);
		  exit(1);
		}
	      options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
	    }
	  break;

	default:
	  fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
		  filename, linenum, cp, opcode);
	  exit(1);
	}
      if (strtok(NULL, WHITESPACE) != NULL)
	{
	  fprintf(stderr, "%s line %d: garbage at end of line.\n",
		  filename, linenum);
	  exit(1);
	}
    }
  fclose(f);
}
Commit	Line	Data
8efc0c15	1	/*
	2
	3	servconf.c
	4
	5	Author: Tatu Ylonen <ylo@cs.hut.fi>
	6
	7	Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	All rights reserved
	9
	10	Created: Mon Aug 21 15:48:58 1995 ylo
	11
	12	*/
	13
	14	#include "includes.h"
	15	RCSID("$Id$");
	16
	17	#include "ssh.h"
	18	#include "servconf.h"
	19	#include "xmalloc.h"
	20
	21	/* Initializes the server options to their default values. */
	22
	23	void initialize_server_options(ServerOptions *options)
	24	{
	25	memset(options, 0, sizeof(*options));
	26	options->port = -1;
	27	options->listen_addr.s_addr = htonl(INADDR_ANY);
	28	options->host_key_file = NULL;
	29	options->server_key_bits = -1;
	30	options->login_grace_time = -1;
	31	options->key_regeneration_time = -1;
	32	options->permit_root_login = -1;
	33	options->ignore_rhosts = -1;
8efc0c15	34	options->print_motd = -1;
	35	options->check_mail = -1;
	36	options->x11_forwarding = -1;
	37	options->x11_display_offset = -1;
	38	options->strict_modes = -1;
	39	options->keepalives = -1;
	40	options->log_facility = (SyslogFacility)-1;
6a17f9c2	41	options->log_level = (LogLevel)-1;
8efc0c15	42	options->rhosts_authentication = -1;
	43	options->rhosts_rsa_authentication = -1;
	44	options->rsa_authentication = -1;
	45	#ifdef KRB4
	46	options->kerberos_authentication = -1;
	47	options->kerberos_or_local_passwd = -1;
	48	options->kerberos_ticket_cleanup = -1;
	49	#endif
	50	#ifdef AFS
	51	options->kerberos_tgt_passing = -1;
	52	options->afs_token_passing = -1;
	53	#endif
	54	options->password_authentication = -1;
	55	#ifdef SKEY
	56	options->skey_authentication = -1;
	57	#endif
	58	options->permit_empty_passwd = -1;
	59	options->use_login = -1;
	60	options->num_allow_users = 0;
	61	options->num_deny_users = 0;
	62	options->num_allow_groups = 0;
	63	options->num_deny_groups = 0;
	64	}
	65
	66	void fill_default_server_options(ServerOptions *options)
	67	{
	68	if (options->port == -1)
	69	{
	70	struct servent *sp;
	71
	72	sp = getservbyname(SSH_SERVICE_NAME, "tcp");
	73	if (sp)
	74	options->port = ntohs(sp->s_port);
	75	else
	76	options->port = SSH_DEFAULT_PORT;
	77	endservent();
	78	}
	79	if (options->host_key_file == NULL)
	80	options->host_key_file = HOST_KEY_FILE;
	81	if (options->server_key_bits == -1)
	82	options->server_key_bits = 768;
	83	if (options->login_grace_time == -1)
	84	options->login_grace_time = 600;
	85	if (options->key_regeneration_time == -1)
	86	options->key_regeneration_time = 3600;
	87	if (options->permit_root_login == -1)
	88	options->permit_root_login = 1; /* yes */
	89	if (options->ignore_rhosts == -1)
	90	options->ignore_rhosts = 0;
8efc0c15	91	if (options->check_mail == -1)
8efc0c15	92	options->check_mail = 0;
8efc0c15	93	if (options->print_motd == -1)
	94	options->print_motd = 1;
	95	if (options->x11_forwarding == -1)
	96	options->x11_forwarding = 1;
	97	if (options->x11_display_offset == -1)
	98	options->x11_display_offset = 1;
	99	if (options->strict_modes == -1)
	100	options->strict_modes = 1;
	101	if (options->keepalives == -1)
	102	options->keepalives = 1;
	103	if (options->log_facility == (SyslogFacility)(-1))
	104	options->log_facility = SYSLOG_FACILITY_AUTH;
6a17f9c2	105	if (options->log_level == (LogLevel)(-1))
6a17f9c2	106	options->log_level = SYSLOG_LEVEL_INFO;
8efc0c15	107	if (options->rhosts_authentication == -1)
	108	options->rhosts_authentication = 0;
	109	if (options->rhosts_rsa_authentication == -1)
	110	options->rhosts_rsa_authentication = 1;
	111	if (options->rsa_authentication == -1)
	112	options->rsa_authentication = 1;
	113	#ifdef KRB4
	114	if (options->kerberos_authentication == -1)
	115	options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	116	if (options->kerberos_or_local_passwd == -1)
	117	options->kerberos_or_local_passwd = 1;
	118	if (options->kerberos_ticket_cleanup == -1)
	119	options->kerberos_ticket_cleanup = 1;
	120	#endif /* KRB4 */
	121	#ifdef AFS
	122	if (options->kerberos_tgt_passing == -1)
	123	options->kerberos_tgt_passing = 0;
	124	if (options->afs_token_passing == -1)
	125	options->afs_token_passing = k_hasafs();
	126	#endif /* AFS */
	127	if (options->password_authentication == -1)
	128	options->password_authentication = 1;
	129	#ifdef SKEY
	130	if (options->skey_authentication == -1)
	131	options->skey_authentication = 1;
	132	#endif
	133	if (options->permit_empty_passwd == -1)
	134	options->permit_empty_passwd = 1;
	135	if (options->use_login == -1)
	136	options->use_login = 0;
	137	}
	138
	139	#define WHITESPACE " \t\r\n"
	140
	141	/* Keyword tokens. */
	142	typedef enum
	143	{
	144	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
6a17f9c2	145	sPermitRootLogin, sLogFacility, sLogLevel,
8efc0c15	146	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
	147	#ifdef KRB4
	148	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
	149	#endif
	150	#ifdef AFS
	151	sKerberosTgtPassing, sAFSTokenPassing,
	152	#endif
	153	#ifdef SKEY
	154	sSkeyAuthentication,
	155	#endif
	156	sPasswordAuthentication, sListenAddress,
	157	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	158	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
	159	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
	160
	161	} ServerOpCodes;
	162
	163	/* Textual representation of the tokens. */
	164	static struct
	165	{
	166	const char *name;
	167	ServerOpCodes opcode;
	168	} keywords[] =
	169	{
	170	{ "port", sPort },
	171	{ "hostkey", sHostKeyFile },
	172	{ "serverkeybits", sServerKeyBits },
	173	{ "logingracetime", sLoginGraceTime },
	174	{ "keyregenerationinterval", sKeyRegenerationTime },
	175	{ "permitrootlogin", sPermitRootLogin },
8efc0c15	176	{ "syslogfacility", sLogFacility },
6a17f9c2	177	{ "loglevel", sLogLevel },
8efc0c15	178	{ "rhostsauthentication", sRhostsAuthentication },
	179	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	180	{ "rsaauthentication", sRSAAuthentication },
	181	#ifdef KRB4
	182	{ "kerberosauthentication", sKerberosAuthentication },
	183	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	184	{ "kerberosticketcleanup", sKerberosTicketCleanup },
	185	#endif
	186	#ifdef AFS
	187	{ "kerberostgtpassing", sKerberosTgtPassing },
	188	{ "afstokenpassing", sAFSTokenPassing },
	189	#endif
	190	{ "passwordauthentication", sPasswordAuthentication },
	191	#ifdef SKEY
	192	{ "skeyauthentication", sSkeyAuthentication },
	193	#endif
	194	{ "checkmail", sCheckMail },
	195	{ "listenaddress", sListenAddress },
	196	{ "printmotd", sPrintMotd },
	197	{ "ignorerhosts", sIgnoreRhosts },
	198	{ "x11forwarding", sX11Forwarding },
	199	{ "x11displayoffset", sX11DisplayOffset },
	200	{ "strictmodes", sStrictModes },
	201	{ "permitemptypasswords", sEmptyPasswd },
	202	{ "uselogin", sUseLogin },
	203	{ "randomseed", sRandomSeedFile },
	204	{ "keepalive", sKeepAlives },
	205	{ "allowusers", sAllowUsers },
	206	{ "denyusers", sDenyUsers },
	207	{ "allowgroups", sAllowGroups },
	208	{ "denygroups", sDenyGroups },
	209	{ NULL, 0 }
	210	};
	211
	212	static struct
	213	{
	214	const char *name;
	215	SyslogFacility facility;
	216	} log_facilities[] =
	217	{
	218	{ "DAEMON", SYSLOG_FACILITY_DAEMON },
	219	{ "USER", SYSLOG_FACILITY_USER },
	220	{ "AUTH", SYSLOG_FACILITY_AUTH },
	221	{ "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
	222	{ "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
	223	{ "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
	224	{ "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
	225	{ "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
	226	{ "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
	227	{ "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
	228	{ "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
	229	{ NULL, 0 }
	230	};
	231
6a17f9c2	232	static struct
	233	{
	234	const char *name;
	235	LogLevel level;
	236	} log_levels[] =
	237	{
	238	{ "QUIET", SYSLOG_LEVEL_QUIET },
	239	{ "FATAL", SYSLOG_LEVEL_FATAL },
	240	{ "ERROR", SYSLOG_LEVEL_ERROR },
	241	{ "INFO", SYSLOG_LEVEL_INFO },
	242	{ "CHAT", SYSLOG_LEVEL_CHAT },
	243	{ "DEBUG", SYSLOG_LEVEL_DEBUG },
	244	{ NULL, 0 }
	245	};
	246
8efc0c15	247	/* Returns the number of the token pointed to by cp of length len.
	248	Never returns if the token is not known. */
	249
	250	static ServerOpCodes parse_token(const char cp, const char filename,
	251	int linenum)
	252	{
	253	unsigned int i;
	254
	255	for (i = 0; keywords[i].name; i++)
	256	if (strcmp(cp, keywords[i].name) == 0)
	257	return keywords[i].opcode;
	258
	259	fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
	260	filename, linenum, cp);
	261	exit(1);
	262	}
	263
	264	/* Reads the server configuration file. */
	265
	266	void read_server_config(ServerOptions options, const char filename)
	267	{
	268	FILE *f;
	269	char line[1024];
	270	char cp, *charptr;
	271	int linenum, *intptr, i, value;
	272	ServerOpCodes opcode;
	273
	274	f = fopen(filename, "r");
	275	if (!f)
	276	{
	277	perror(filename);
	278	exit(1);
	279	}
	280
	281	linenum = 0;
	282	while (fgets(line, sizeof(line), f))
	283	{
	284	linenum++;
	285	cp = line + strspn(line, WHITESPACE);
	286	if (!cp \|\| cp == '#')
	287	continue;
	288	cp = strtok(cp, WHITESPACE);
	289	{
	290	char *t = cp;
	291	for (; *t != 0; t++)
	292	if ('A' <= t && t <= 'Z')
	293	t = t - 'A' + 'a'; /* tolower */
	294
	295	}
	296	opcode = parse_token(cp, filename, linenum);
	297	switch (opcode)
	298	{
	299	case sPort:
	300	intptr = &options->port;
	301	parse_int:
	302	cp = strtok(NULL, WHITESPACE);
	303	if (!cp)
	304	{
	305	fprintf(stderr, "%s line %d: missing integer value.\n",
	306	filename, linenum);
	307	exit(1);
	308	}
	309	value = atoi(cp);
	310	if (*intptr == -1)
311	*intptr = value;
312	break;
313
314	case sServerKeyBits:
315	intptr = &options->server_key_bits;
316	goto parse_int;
317
318	case sLoginGraceTime:
319	intptr = &options->login_grace_time;
320	goto parse_int;
321
322	case sKeyRegenerationTime:
323	intptr = &options->key_regeneration_time;
324	goto parse_int;
325
326	case sListenAddress:
327	cp = strtok(NULL, WHITESPACE);
328	if (!cp)
329	{
330	fprintf(stderr, "%s line %d: missing inet addr.\n",
331	filename, linenum);
332	exit(1);
333	}
334	options->listen_addr.s_addr = inet_addr(cp);
335	break;
336
337	case sHostKeyFile:
338	charptr = &options->host_key_file;
339	cp = strtok(NULL, WHITESPACE);
340	if (!cp)
341	{
342	fprintf(stderr, "%s line %d: missing file name.\n",
343	filename, linenum);
344	exit(1);
345	}
346	if (*charptr == NULL)
347	*charptr = tilde_expand_filename(cp, getuid());
348	break;
349
350	case sRandomSeedFile:
351	fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
352	filename, linenum);
353	cp = strtok(NULL, WHITESPACE);
354	break;
355
356	case sPermitRootLogin:
357	intptr = &options->permit_root_login;
358	cp = strtok(NULL, WHITESPACE);
359	if (!cp)
360	{
361	fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
362	filename, linenum);
363	exit(1);
364	}
365	if (strcmp(cp, "without-password") == 0)
366	value = 2;
367	else if (strcmp(cp, "yes") == 0)
368	value = 1;
369	else if (strcmp(cp, "no") == 0)
370	value = 0;
371	else
372	{
373	fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
374	filename, linenum, cp);
375	exit(1);
376	}
377	if (*intptr == -1)
378	*intptr = value;
379	break;
380
381	case sIgnoreRhosts:
382	intptr = &options->ignore_rhosts;
383	parse_flag:
384	cp = strtok(NULL, WHITESPACE);
385	if (!cp)
386	{
387	fprintf(stderr, "%s line %d: missing yes/no argument.\n",
388	filename, linenum);
389	exit(1);
390	}
391	if (strcmp(cp, "yes") == 0)
392	value = 1;
393	else
394	if (strcmp(cp, "no") == 0)
395	value = 0;
396	else
397	{
398	fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
399	filename, linenum, cp);
400	exit(1);
401	}
402	if (*intptr == -1)
403	*intptr = value;
404	break;
405
8efc0c15	406	case sRhostsAuthentication:
	407	intptr = &options->rhosts_authentication;
	408	goto parse_flag;
	409
	410	case sRhostsRSAAuthentication:
	411	intptr = &options->rhosts_rsa_authentication;
	412	goto parse_flag;
	413
	414	case sRSAAuthentication:
	415	intptr = &options->rsa_authentication;
	416	goto parse_flag;
	417
	418	#ifdef KRB4
	419	case sKerberosAuthentication:
	420	intptr = &options->kerberos_authentication;
	421	goto parse_flag;
	422
	423	case sKerberosOrLocalPasswd:
	424	intptr = &options->kerberos_or_local_passwd;
	425	goto parse_flag;
	426
	427	case sKerberosTicketCleanup:
	428	intptr = &options->kerberos_ticket_cleanup;
	429	goto parse_flag;
	430	#endif
	431
	432	#ifdef AFS
	433	case sKerberosTgtPassing:
	434	intptr = &options->kerberos_tgt_passing;
	435	goto parse_flag;
	436
	437	case sAFSTokenPassing:
	438	intptr = &options->afs_token_passing;
	439	goto parse_flag;
	440	#endif
	441
	442	case sPasswordAuthentication:
	443	intptr = &options->password_authentication;
	444	goto parse_flag;
	445
	446	case sCheckMail:
	447	intptr = &options->check_mail;
	448	goto parse_flag;
	449
	450	#ifdef SKEY
	451	case sSkeyAuthentication:
	452	intptr = &options->skey_authentication;
	453	goto parse_flag;
	454	#endif
	455
	456	case sPrintMotd:
	457	intptr = &options->print_motd;
	458	goto parse_flag;
	459
	460	case sX11Forwarding:
	461	intptr = &options->x11_forwarding;
	462	goto parse_flag;
	463
	464	case sX11DisplayOffset:
	465	intptr = &options->x11_display_offset;
	466	goto parse_int;
	467
	468	case sStrictModes:
	469	intptr = &options->strict_modes;
470	goto parse_flag;
471
472	case sKeepAlives:
473	intptr = &options->keepalives;
474	goto parse_flag;
475
476	case sEmptyPasswd:
477	intptr = &options->permit_empty_passwd;
478	goto parse_flag;
479
480	case sUseLogin:
481	intptr = &options->use_login;
482	goto parse_flag;
483
484	case sLogFacility:
485	cp = strtok(NULL, WHITESPACE);
486	if (!cp)
487	{
488	fprintf(stderr, "%s line %d: missing facility name.\n",
489	filename, linenum);
490	exit(1);
491	}
492	for (i = 0; log_facilities[i].name; i++)
6a17f9c2	493	if (strcasecmp(log_facilities[i].name, cp) == 0)
8efc0c15	494	break;
	495	if (!log_facilities[i].name)
	496	{
	497	fprintf(stderr, "%s line %d: unsupported log facility %s\n",
	498	filename, linenum, cp);
	499	exit(1);
	500	}
	501	if (options->log_facility == (SyslogFacility)(-1))
	502	options->log_facility = log_facilities[i].facility;
	503	break;
6a17f9c2	504
	505	case sLogLevel:
	506	cp = strtok(NULL, WHITESPACE);
	507	if (!cp)
	508	{
	509	fprintf(stderr, "%s line %d: missing level name.\n",
	510	filename, linenum);
	511	exit(1);
	512	}
	513	for (i = 0; log_levels[i].name; i++)
	514	if (strcasecmp(log_levels[i].name, cp) == 0)
	515	break;
	516	if (!log_levels[i].name)
	517	{
	518	fprintf(stderr, "%s line %d: unsupported log level %s\n",
	519	filename, linenum, cp);
	520	exit(1);
	521	}
	522	if (options->log_level == (LogLevel)(-1))
	523	options->log_level = log_levels[i].level;
	524	break;
8efc0c15	525
	526	case sAllowUsers:
	527	while ((cp = strtok(NULL, WHITESPACE)))
	528	{
	529	if (options->num_allow_users >= MAX_ALLOW_USERS)
	530	{
	531	fprintf(stderr, "%s line %d: too many allow users.\n",
	532	filename, linenum);
	533	exit(1);
	534	}
	535	options->allow_users[options->num_allow_users++] = xstrdup(cp);
	536	}
	537	break;
	538
	539	case sDenyUsers:
	540	while ((cp = strtok(NULL, WHITESPACE)))
	541	{
	542	if (options->num_deny_users >= MAX_DENY_USERS)
	543	{
	544	fprintf(stderr, "%s line %d: too many deny users.\n",
	545	filename, linenum);
	546	exit(1);
	547	}
	548	options->deny_users[options->num_deny_users++] = xstrdup(cp);
	549	}
	550	break;
	551
	552	case sAllowGroups:
	553	while ((cp = strtok(NULL, WHITESPACE)))
	554	{
	555	if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
	556	{
	557	fprintf(stderr, "%s line %d: too many allow groups.\n",
	558	filename, linenum);
	559	exit(1);
	560	}
	561	options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
	562	}
	563	break;
	564
	565	case sDenyGroups:
	566	while ((cp = strtok(NULL, WHITESPACE)))
	567	{
	568	if (options->num_deny_groups >= MAX_DENY_GROUPS)
	569	{
	570	fprintf(stderr, "%s line %d: too many deny groups.\n",
	571	filename, linenum);
	572	exit(1);
	573	}
	574	options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
	575	}
	576	break;
	577
	578	default:
	579	fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
	580	filename, linenum, cp, opcode);
	581	exit(1);
	582	}
	583	if (strtok(NULL, WHITESPACE) != NULL)
	584	{
	585	fprintf(stderr, "%s line %d: garbage at end of line.\n",
	586	filename, linenum);
	587	exit(1);
	588	}
589	}
590	fclose(f);
591	}