]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/06/07 22:25:02
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
c8445989 13RCSID("$OpenBSD: servconf.c,v 1.82 2001/05/20 17:20:35 markus Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
5ba55ada 84 options->challenge_response_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
3ffc6336 102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
c8445989 104 options->authorized_keys_file = NULL;
105 options->authorized_keys_file2 = NULL;
10f72868 106 options->pam_authentication_via_kbd_int = -1;
8efc0c15 107}
108
6ae2364d 109void
5260325f 110fill_default_server_options(ServerOptions *options)
8efc0c15 111{
fa08c86b 112 if (options->protocol == SSH_PROTO_UNKNOWN)
113 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
114 if (options->num_host_key_files == 0) {
115 /* fill default hostkeys for protocols */
116 if (options->protocol & SSH_PROTO_1)
42f11eb2 117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 118 if (options->protocol & SSH_PROTO_2)
42f11eb2 119 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 120 }
48e671d5 121 if (options->num_ports == 0)
122 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
123 if (options->listen_addrs == NULL)
2d2a2c65 124 add_listen_addr(options, NULL, 0);
0fbe8c74 125 if (options->pid_file == NULL)
42f11eb2 126 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 127 if (options->server_key_bits == -1)
128 options->server_key_bits = 768;
129 if (options->login_grace_time == -1)
130 options->login_grace_time = 600;
131 if (options->key_regeneration_time == -1)
132 options->key_regeneration_time = 3600;
15853e93 133 if (options->permit_root_login == PERMIT_NOT_SET)
134 options->permit_root_login = PERMIT_YES;
5260325f 135 if (options->ignore_rhosts == -1)
c8d54615 136 options->ignore_rhosts = 1;
5260325f 137 if (options->ignore_user_known_hosts == -1)
138 options->ignore_user_known_hosts = 0;
139 if (options->check_mail == -1)
140 options->check_mail = 0;
141 if (options->print_motd == -1)
142 options->print_motd = 1;
4f4648f9 143 if (options->print_lastlog == -1)
144 options->print_lastlog = 1;
5260325f 145 if (options->x11_forwarding == -1)
c8d54615 146 options->x11_forwarding = 0;
5260325f 147 if (options->x11_display_offset == -1)
c8d54615 148 options->x11_display_offset = 10;
fa649821 149#ifdef XAUTH_PATH
150 if (options->xauth_location == NULL)
151 options->xauth_location = XAUTH_PATH;
152#endif /* XAUTH_PATH */
5260325f 153 if (options->strict_modes == -1)
154 options->strict_modes = 1;
155 if (options->keepalives == -1)
156 options->keepalives = 1;
157 if (options->log_facility == (SyslogFacility) (-1))
158 options->log_facility = SYSLOG_FACILITY_AUTH;
159 if (options->log_level == (LogLevel) (-1))
59c97189 160 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 161 if (options->rhosts_authentication == -1)
162 options->rhosts_authentication = 0;
163 if (options->rhosts_rsa_authentication == -1)
c8d54615 164 options->rhosts_rsa_authentication = 0;
8002af61 165 if (options->hostbased_authentication == -1)
166 options->hostbased_authentication = 0;
167 if (options->hostbased_uses_name_from_packet_only == -1)
168 options->hostbased_uses_name_from_packet_only = 0;
5260325f 169 if (options->rsa_authentication == -1)
170 options->rsa_authentication = 1;
fa08c86b 171 if (options->pubkey_authentication == -1)
172 options->pubkey_authentication = 1;
8efc0c15 173#ifdef KRB4
5260325f 174 if (options->kerberos_authentication == -1)
175 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
176 if (options->kerberos_or_local_passwd == -1)
177 options->kerberos_or_local_passwd = 1;
178 if (options->kerberos_ticket_cleanup == -1)
179 options->kerberos_ticket_cleanup = 1;
8efc0c15 180#endif /* KRB4 */
181#ifdef AFS
5260325f 182 if (options->kerberos_tgt_passing == -1)
183 options->kerberos_tgt_passing = 0;
184 if (options->afs_token_passing == -1)
185 options->afs_token_passing = k_hasafs();
8efc0c15 186#endif /* AFS */
5260325f 187 if (options->password_authentication == -1)
188 options->password_authentication = 1;
94ec8c6b 189 if (options->kbd_interactive_authentication == -1)
190 options->kbd_interactive_authentication = 0;
5ba55ada 191 if (options->challenge_response_authentication == -1)
192 options->challenge_response_authentication = 1;
5260325f 193 if (options->permit_empty_passwd == -1)
c8d54615 194 options->permit_empty_passwd = 0;
5260325f 195 if (options->use_login == -1)
196 options->use_login = 0;
33de75a3 197 if (options->allow_tcp_forwarding == -1)
198 options->allow_tcp_forwarding = 1;
1d1ffb87 199 if (options->gateway_ports == -1)
200 options->gateway_ports = 0;
089fbbd2 201 if (options->max_startups == -1)
202 options->max_startups = 10;
c345cf9d 203 if (options->max_startups_rate == -1)
204 options->max_startups_rate = 100; /* 100% */
205 if (options->max_startups_begin == -1)
206 options->max_startups_begin = options->max_startups;
61e96248 207 if (options->reverse_mapping_check == -1)
208 options->reverse_mapping_check = 0;
3ffc6336 209 if (options->client_alive_interval == -1)
210 options->client_alive_interval = 0;
211 if (options->client_alive_count_max == -1)
212 options->client_alive_count_max = 3;
c8445989 213 if (options->authorized_keys_file == NULL)
214 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
215 if (options->authorized_keys_file2 == NULL)
216 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
10f72868 217 if (options->pam_authentication_via_kbd_int == -1)
218 options->pam_authentication_via_kbd_int = 0;
8efc0c15 219}
220
8efc0c15 221/* Keyword tokens. */
5260325f 222typedef enum {
223 sBadOption, /* == unknown option */
224 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
225 sPermitRootLogin, sLogFacility, sLogLevel,
226 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 227#ifdef KRB4
5260325f 228 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 229#endif
230#ifdef AFS
5260325f 231 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 232#endif
d464095c 233 sChallengeResponseAuthentication,
94ec8c6b 234 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 235 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
236 sX11Forwarding, sX11DisplayOffset,
9c81df4c 237 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 238 sUseLogin, sAllowTcpForwarding,
239 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 240 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 241 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 242 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 243 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 244 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
245 sPAMAuthenticationViaKbdInt
8efc0c15 246} ServerOpCodes;
247
248/* Textual representation of the tokens. */
5260325f 249static struct {
250 const char *name;
251 ServerOpCodes opcode;
252} keywords[] = {
253 { "port", sPort },
254 { "hostkey", sHostKeyFile },
fa08c86b 255 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 256 { "pidfile", sPidFile },
5260325f 257 { "serverkeybits", sServerKeyBits },
258 { "logingracetime", sLoginGraceTime },
259 { "keyregenerationinterval", sKeyRegenerationTime },
260 { "permitrootlogin", sPermitRootLogin },
261 { "syslogfacility", sLogFacility },
262 { "loglevel", sLogLevel },
263 { "rhostsauthentication", sRhostsAuthentication },
264 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 265 { "hostbasedauthentication", sHostbasedAuthentication },
266 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 267 { "rsaauthentication", sRSAAuthentication },
fa08c86b 268 { "pubkeyauthentication", sPubkeyAuthentication },
269 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 270#ifdef KRB4
5260325f 271 { "kerberosauthentication", sKerberosAuthentication },
272 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
273 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 274#endif
275#ifdef AFS
5260325f 276 { "kerberostgtpassing", sKerberosTgtPassing },
277 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 278#endif
5260325f 279 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 280 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 281 { "challengeresponseauthentication", sChallengeResponseAuthentication },
282 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 283 { "checkmail", sCheckMail },
284 { "listenaddress", sListenAddress },
285 { "printmotd", sPrintMotd },
4f4648f9 286 { "printlastlog", sPrintLastLog },
5260325f 287 { "ignorerhosts", sIgnoreRhosts },
288 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
289 { "x11forwarding", sX11Forwarding },
290 { "x11displayoffset", sX11DisplayOffset },
fa649821 291 { "xauthlocation", sXAuthLocation },
5260325f 292 { "strictmodes", sStrictModes },
293 { "permitemptypasswords", sEmptyPasswd },
294 { "uselogin", sUseLogin },
5260325f 295 { "keepalive", sKeepAlives },
33de75a3 296 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 297 { "allowusers", sAllowUsers },
298 { "denyusers", sDenyUsers },
299 { "allowgroups", sAllowGroups },
300 { "denygroups", sDenyGroups },
a8be9f80 301 { "ciphers", sCiphers },
b2552997 302 { "macs", sMacs },
a8be9f80 303 { "protocol", sProtocol },
1d1ffb87 304 { "gatewayports", sGatewayPorts },
38c295d6 305 { "subsystem", sSubsystem },
089fbbd2 306 { "maxstartups", sMaxStartups },
eea39c02 307 { "banner", sBanner },
61e96248 308 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 309 { "clientaliveinterval", sClientAliveInterval },
310 { "clientalivecountmax", sClientAliveCountMax },
c8445989 311 { "authorizedkeysfile", sAuthorizedKeysFile },
312 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
10f72868 313 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 314 { NULL, 0 }
8efc0c15 315};
316
aa3378df 317/*
6be9a5e8 318 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 319 */
8efc0c15 320
6ae2364d 321static ServerOpCodes
5260325f 322parse_token(const char *cp, const char *filename,
323 int linenum)
8efc0c15 324{
1e3b8b07 325 u_int i;
8efc0c15 326
5260325f 327 for (i = 0; keywords[i].name; i++)
aa3378df 328 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 329 return keywords[i].opcode;
8efc0c15 330
b7c70970 331 error("%s: line %d: Bad configuration option: %s",
332 filename, linenum, cp);
5260325f 333 return sBadOption;
8efc0c15 334}
335
6ae2364d 336void
2d2a2c65 337add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 338{
48e671d5 339 int i;
340
341 if (options->num_ports == 0)
342 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 343 if (port == 0)
d11c1288 344 for (i = 0; i < options->num_ports; i++)
345 add_one_listen_addr(options, addr, options->ports[i]);
346 else
2d2a2c65 347 add_one_listen_addr(options, addr, port);
d11c1288 348}
349
350void
351add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
352{
353 struct addrinfo hints, *ai, *aitop;
354 char strport[NI_MAXSERV];
355 int gaierr;
356
357 memset(&hints, 0, sizeof(hints));
358 hints.ai_family = IPv4or6;
359 hints.ai_socktype = SOCK_STREAM;
360 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
361 snprintf(strport, sizeof strport, "%d", port);
362 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
363 fatal("bad addr or host: %s (%s)",
364 addr ? addr : "<NULL>",
365 gai_strerror(gaierr));
366 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
367 ;
368 ai->ai_next = options->listen_addrs;
369 options->listen_addrs = aitop;
48e671d5 370}
371
8efc0c15 372/* Reads the server configuration file. */
373
6ae2364d 374void
5260325f 375read_server_config(ServerOptions *options, const char *filename)
8efc0c15 376{
5260325f 377 FILE *f;
378 char line[1024];
d11c1288 379 char *cp, **charptr, *arg, *p;
5260325f 380 int linenum, *intptr, value;
381 int bad_options = 0;
382 ServerOpCodes opcode;
38c295d6 383 int i;
5260325f 384
385 f = fopen(filename, "r");
386 if (!f) {
387 perror(filename);
8efc0c15 388 exit(1);
5260325f 389 }
390 linenum = 0;
391 while (fgets(line, sizeof(line), f)) {
392 linenum++;
704b1659 393 cp = line;
394 arg = strdelim(&cp);
395 /* Ignore leading whitespace */
396 if (*arg == '\0')
397 arg = strdelim(&cp);
42f11eb2 398 if (!arg || !*arg || *arg == '#')
5260325f 399 continue;
fa08c86b 400 intptr = NULL;
401 charptr = NULL;
089fbbd2 402 opcode = parse_token(arg, filename, linenum);
5260325f 403 switch (opcode) {
404 case sBadOption:
405 bad_options++;
406 continue;
407 case sPort:
48e671d5 408 /* ignore ports from configfile if cmdline specifies ports */
409 if (options->ports_from_cmdline)
410 continue;
411 if (options->listen_addrs != NULL)
412 fatal("%s line %d: ports must be specified before "
c98cab9b 413 "ListenAdress.", filename, linenum);
48e671d5 414 if (options->num_ports >= MAX_PORTS)
54b974dc 415 fatal("%s line %d: too many ports.",
6ae2364d 416 filename, linenum);
704b1659 417 arg = strdelim(&cp);
089fbbd2 418 if (!arg || *arg == '\0')
54b974dc 419 fatal("%s line %d: missing port number.",
48e671d5 420 filename, linenum);
2d2a2c65 421 options->ports[options->num_ports++] = a2port(arg);
422 if (options->ports[options->num_ports-1] == 0)
423 fatal("%s line %d: Badly formatted port number.",
424 filename, linenum);
48e671d5 425 break;
426
427 case sServerKeyBits:
428 intptr = &options->server_key_bits;
5260325f 429parse_int:
704b1659 430 arg = strdelim(&cp);
b7c70970 431 if (!arg || *arg == '\0')
432 fatal("%s line %d: missing integer value.",
433 filename, linenum);
089fbbd2 434 value = atoi(arg);
5260325f 435 if (*intptr == -1)
436 *intptr = value;
437 break;
438
5260325f 439 case sLoginGraceTime:
440 intptr = &options->login_grace_time;
e2b1fb42 441parse_time:
442 arg = strdelim(&cp);
443 if (!arg || *arg == '\0')
444 fatal("%s line %d: missing time value.",
445 filename, linenum);
446 if ((value = convtime(arg)) == -1)
447 fatal("%s line %d: invalid time value.",
448 filename, linenum);
449 if (*intptr == -1)
450 *intptr = value;
451 break;
5260325f 452
453 case sKeyRegenerationTime:
454 intptr = &options->key_regeneration_time;
e2b1fb42 455 goto parse_time;
5260325f 456
457 case sListenAddress:
704b1659 458 arg = strdelim(&cp);
d11c1288 459 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 460 fatal("%s line %d: missing inet addr.",
48e671d5 461 filename, linenum);
d11c1288 462 if (*arg == '[') {
463 if ((p = strchr(arg, ']')) == NULL)
464 fatal("%s line %d: bad ipv6 inet addr usage.",
465 filename, linenum);
466 arg++;
467 memmove(p, p+1, strlen(p+1)+1);
468 } else if (((p = strchr(arg, ':')) == NULL) ||
469 (strchr(p+1, ':') != NULL)) {
2d2a2c65 470 add_listen_addr(options, arg, 0);
d11c1288 471 break;
472 }
473 if (*p == ':') {
2d2a2c65 474 u_short port;
475
d11c1288 476 p++;
477 if (*p == '\0')
478 fatal("%s line %d: bad inet addr:port usage.",
479 filename, linenum);
480 else {
481 *(p-1) = '\0';
2d2a2c65 482 if ((port = a2port(p)) == 0)
483 fatal("%s line %d: bad port number.",
484 filename, linenum);
485 add_listen_addr(options, arg, port);
d11c1288 486 }
487 } else if (*p == '\0')
2d2a2c65 488 add_listen_addr(options, arg, 0);
d11c1288 489 else
490 fatal("%s line %d: bad inet addr usage.",
491 filename, linenum);
5260325f 492 break;
493
494 case sHostKeyFile:
fa08c86b 495 intptr = &options->num_host_key_files;
b7c70970 496 if (*intptr >= MAX_HOSTKEYS)
497 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 498 filename, linenum, MAX_HOSTKEYS);
fa08c86b 499 charptr = &options->host_key_files[*intptr];
fa649821 500parse_filename:
704b1659 501 arg = strdelim(&cp);
b7c70970 502 if (!arg || *arg == '\0')
503 fatal("%s line %d: missing file name.",
0fbe8c74 504 filename, linenum);
fa08c86b 505 if (*charptr == NULL) {
089fbbd2 506 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 507 /* increase optional counter */
508 if (intptr != NULL)
509 *intptr = *intptr + 1;
510 }
0fbe8c74 511 break;
512
513 case sPidFile:
514 charptr = &options->pid_file;
fa649821 515 goto parse_filename;
5260325f 516
5260325f 517 case sPermitRootLogin:
518 intptr = &options->permit_root_login;
704b1659 519 arg = strdelim(&cp);
b7c70970 520 if (!arg || *arg == '\0')
521 fatal("%s line %d: missing yes/"
7c8f2a26 522 "without-password/forced-commands-only/no "
b7c70970 523 "argument.", filename, linenum);
524 value = 0; /* silence compiler */
089fbbd2 525 if (strcmp(arg, "without-password") == 0)
15853e93 526 value = PERMIT_NO_PASSWD;
527 else if (strcmp(arg, "forced-commands-only") == 0)
528 value = PERMIT_FORCED_ONLY;
089fbbd2 529 else if (strcmp(arg, "yes") == 0)
15853e93 530 value = PERMIT_YES;
089fbbd2 531 else if (strcmp(arg, "no") == 0)
15853e93 532 value = PERMIT_NO;
b7c70970 533 else
534 fatal("%s line %d: Bad yes/"
15853e93 535 "without-password/forced-commands-only/no "
b7c70970 536 "argument: %s", filename, linenum, arg);
5260325f 537 if (*intptr == -1)
538 *intptr = value;
539 break;
540
541 case sIgnoreRhosts:
542 intptr = &options->ignore_rhosts;
543parse_flag:
704b1659 544 arg = strdelim(&cp);
b7c70970 545 if (!arg || *arg == '\0')
546 fatal("%s line %d: missing yes/no argument.",
547 filename, linenum);
548 value = 0; /* silence compiler */
089fbbd2 549 if (strcmp(arg, "yes") == 0)
5260325f 550 value = 1;
089fbbd2 551 else if (strcmp(arg, "no") == 0)
5260325f 552 value = 0;
b7c70970 553 else
554 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 555 filename, linenum, arg);
5260325f 556 if (*intptr == -1)
557 *intptr = value;
558 break;
559
560 case sIgnoreUserKnownHosts:
561 intptr = &options->ignore_user_known_hosts;
c8d54615 562 goto parse_flag;
5260325f 563
564 case sRhostsAuthentication:
565 intptr = &options->rhosts_authentication;
566 goto parse_flag;
567
568 case sRhostsRSAAuthentication:
569 intptr = &options->rhosts_rsa_authentication;
570 goto parse_flag;
571
8002af61 572 case sHostbasedAuthentication:
573 intptr = &options->hostbased_authentication;
574 goto parse_flag;
575
576 case sHostbasedUsesNameFromPacketOnly:
577 intptr = &options->hostbased_uses_name_from_packet_only;
578 goto parse_flag;
579
5260325f 580 case sRSAAuthentication:
581 intptr = &options->rsa_authentication;
582 goto parse_flag;
583
fa08c86b 584 case sPubkeyAuthentication:
585 intptr = &options->pubkey_authentication;
1d1ffb87 586 goto parse_flag;
587
8efc0c15 588#ifdef KRB4
5260325f 589 case sKerberosAuthentication:
590 intptr = &options->kerberos_authentication;
591 goto parse_flag;
592
593 case sKerberosOrLocalPasswd:
594 intptr = &options->kerberos_or_local_passwd;
595 goto parse_flag;
596
597 case sKerberosTicketCleanup:
598 intptr = &options->kerberos_ticket_cleanup;
599 goto parse_flag;
8efc0c15 600#endif
5260325f 601
8efc0c15 602#ifdef AFS
5260325f 603 case sKerberosTgtPassing:
604 intptr = &options->kerberos_tgt_passing;
605 goto parse_flag;
8efc0c15 606
5260325f 607 case sAFSTokenPassing:
608 intptr = &options->afs_token_passing;
609 goto parse_flag;
8efc0c15 610#endif
611
5260325f 612 case sPasswordAuthentication:
613 intptr = &options->password_authentication;
614 goto parse_flag;
8efc0c15 615
94ec8c6b 616 case sKbdInteractiveAuthentication:
617 intptr = &options->kbd_interactive_authentication;
618 goto parse_flag;
619
5260325f 620 case sCheckMail:
621 intptr = &options->check_mail;
622 goto parse_flag;
8efc0c15 623
d464095c 624 case sChallengeResponseAuthentication:
5ba55ada 625 intptr = &options->challenge_response_authentication;
5260325f 626 goto parse_flag;
8efc0c15 627
5260325f 628 case sPrintMotd:
629 intptr = &options->print_motd;
630 goto parse_flag;
631
4f4648f9 632 case sPrintLastLog:
633 intptr = &options->print_lastlog;
634 goto parse_flag;
635
5260325f 636 case sX11Forwarding:
637 intptr = &options->x11_forwarding;
638 goto parse_flag;
639
640 case sX11DisplayOffset:
641 intptr = &options->x11_display_offset;
642 goto parse_int;
643
fa649821 644 case sXAuthLocation:
645 charptr = &options->xauth_location;
646 goto parse_filename;
2b87da3b 647
5260325f 648 case sStrictModes:
649 intptr = &options->strict_modes;
650 goto parse_flag;
651
652 case sKeepAlives:
653 intptr = &options->keepalives;
654 goto parse_flag;
655
656 case sEmptyPasswd:
657 intptr = &options->permit_empty_passwd;
658 goto parse_flag;
659
660 case sUseLogin:
661 intptr = &options->use_login;
662 goto parse_flag;
663
1d1ffb87 664 case sGatewayPorts:
665 intptr = &options->gateway_ports;
666 goto parse_flag;
667
61e96248 668 case sReverseMappingCheck:
669 intptr = &options->reverse_mapping_check;
670 goto parse_flag;
671
5260325f 672 case sLogFacility:
673 intptr = (int *) &options->log_facility;
704b1659 674 arg = strdelim(&cp);
089fbbd2 675 value = log_facility_number(arg);
5260325f 676 if (value == (SyslogFacility) - 1)
54b974dc 677 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 678 filename, linenum, arg ? arg : "<NONE>");
5260325f 679 if (*intptr == -1)
680 *intptr = (SyslogFacility) value;
681 break;
682
683 case sLogLevel:
684 intptr = (int *) &options->log_level;
704b1659 685 arg = strdelim(&cp);
089fbbd2 686 value = log_level_number(arg);
5260325f 687 if (value == (LogLevel) - 1)
54b974dc 688 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 689 filename, linenum, arg ? arg : "<NONE>");
5260325f 690 if (*intptr == -1)
691 *intptr = (LogLevel) value;
692 break;
693
33de75a3 694 case sAllowTcpForwarding:
695 intptr = &options->allow_tcp_forwarding;
696 goto parse_flag;
697
5260325f 698 case sAllowUsers:
704b1659 699 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 700 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 701 fatal("%s line %d: too many allow users.",
a8be9f80 702 filename, linenum);
089fbbd2 703 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 704 }
705 break;
706
707 case sDenyUsers:
704b1659 708 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 709 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 710 fatal( "%s line %d: too many deny users.",
a8be9f80 711 filename, linenum);
089fbbd2 712 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 713 }
714 break;
715
716 case sAllowGroups:
704b1659 717 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 718 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 719 fatal("%s line %d: too many allow groups.",
a8be9f80 720 filename, linenum);
089fbbd2 721 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 722 }
723 break;
724
725 case sDenyGroups:
704b1659 726 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 727 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 728 fatal("%s line %d: too many deny groups.",
a8be9f80 729 filename, linenum);
089fbbd2 730 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 731 }
732 break;
733
a8be9f80 734 case sCiphers:
704b1659 735 arg = strdelim(&cp);
089fbbd2 736 if (!arg || *arg == '\0')
71276795 737 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 738 if (!ciphers_valid(arg))
d0c832f3 739 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 740 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 741 if (options->ciphers == NULL)
089fbbd2 742 options->ciphers = xstrdup(arg);
a8be9f80 743 break;
744
b2552997 745 case sMacs:
746 arg = strdelim(&cp);
747 if (!arg || *arg == '\0')
748 fatal("%s line %d: Missing argument.", filename, linenum);
749 if (!mac_valid(arg))
750 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
751 filename, linenum, arg ? arg : "<NONE>");
752 if (options->macs == NULL)
753 options->macs = xstrdup(arg);
754 break;
755
a8be9f80 756 case sProtocol:
757 intptr = &options->protocol;
704b1659 758 arg = strdelim(&cp);
089fbbd2 759 if (!arg || *arg == '\0')
71276795 760 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 761 value = proto_spec(arg);
a8be9f80 762 if (value == SSH_PROTO_UNKNOWN)
763 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 764 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 765 if (*intptr == SSH_PROTO_UNKNOWN)
766 *intptr = value;
767 break;
768
38c295d6 769 case sSubsystem:
770 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
771 fatal("%s line %d: too many subsystems defined.",
772 filename, linenum);
773 }
704b1659 774 arg = strdelim(&cp);
089fbbd2 775 if (!arg || *arg == '\0')
38c295d6 776 fatal("%s line %d: Missing subsystem name.",
777 filename, linenum);
778 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 779 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 780 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 781 filename, linenum, arg);
782 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 783 arg = strdelim(&cp);
089fbbd2 784 if (!arg || *arg == '\0')
38c295d6 785 fatal("%s line %d: Missing subsystem command.",
786 filename, linenum);
089fbbd2 787 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 788 options->num_subsystems++;
789 break;
790
089fbbd2 791 case sMaxStartups:
c345cf9d 792 arg = strdelim(&cp);
793 if (!arg || *arg == '\0')
794 fatal("%s line %d: Missing MaxStartups spec.",
795 filename, linenum);
796 if (sscanf(arg, "%d:%d:%d",
797 &options->max_startups_begin,
798 &options->max_startups_rate,
799 &options->max_startups) == 3) {
800 if (options->max_startups_begin >
801 options->max_startups ||
802 options->max_startups_rate > 100 ||
803 options->max_startups_rate < 1)
804 fatal("%s line %d: Illegal MaxStartups spec.",
805 filename, linenum);
806 break;
807 }
089fbbd2 808 intptr = &options->max_startups;
809 goto parse_int;
810
eea39c02 811 case sBanner:
812 charptr = &options->banner;
813 goto parse_filename;
c8445989 814 /*
815 * These options can contain %X options expanded at
816 * connect time, so that you can specify paths like:
817 *
818 * AuthorizedKeysFile /etc/ssh_keys/%u
819 */
820 case sAuthorizedKeysFile:
821 case sAuthorizedKeysFile2:
822 charptr = (opcode == sAuthorizedKeysFile ) ?
823 &options->authorized_keys_file :
824 &options->authorized_keys_file2;
825 goto parse_filename;
e2b1fb42 826
3ffc6336 827 case sClientAliveInterval:
828 intptr = &options->client_alive_interval;
e2b1fb42 829 goto parse_time;
830
3ffc6336 831 case sClientAliveCountMax:
832 intptr = &options->client_alive_count_max;
833 goto parse_int;
e2b1fb42 834
10f72868 835 case sPAMAuthenticationViaKbdInt:
836 intptr = &options->pam_authentication_via_kbd_int;
837 goto parse_flag;
838
5260325f 839 default:
b7c70970 840 fatal("%s line %d: Missing handler for opcode %s (%d)",
841 filename, linenum, arg, opcode);
8efc0c15 842 }
b7c70970 843 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
844 fatal("%s line %d: garbage at end of line; \"%.200s\".",
845 filename, linenum, arg);
8efc0c15 846 }
5260325f 847 fclose(f);
b7c70970 848 if (bad_options > 0)
849 fatal("%s: terminating, %d bad configuration options",
850 filename, bad_options);
8efc0c15 851}
git-cvsimport mirror of OpenSSH
This page took 1.145151 seconds and 5 git commands to generate.