[openssh.git] / servconf.c

/*
 * 
 * servconf.c
 * 
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * 
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * 
 * Created: Mon Aug 21 15:48:58 1995 ylo
 * 
 */

#include "includes.h"
RCSID("$Id$");

#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"

/* add listen address */
void add_listen_addr(ServerOptions *options, char *addr);

/* Initializes the server options to their default values. */

void 
initialize_server_options(ServerOptions *options)
{
	memset(options, 0, sizeof(*options));
	options->num_ports = 0;
	options->ports_from_cmdline = 0;
	options->listen_addrs = NULL;
	options->host_key_file = NULL;
	options->dsa_key_file = NULL;
	options->server_key_bits = -1;
	options->login_grace_time = -1;
	options->key_regeneration_time = -1;
	options->permit_root_login = -1;
	options->ignore_rhosts = -1;
	options->ignore_user_known_hosts = -1;
	options->print_motd = -1;
	options->check_mail = -1;
	options->x11_forwarding = -1;
	options->x11_display_offset = -1;
	options->strict_modes = -1;
	options->keepalives = -1;
	options->log_facility = (SyslogFacility) - 1;
	options->log_level = (LogLevel) - 1;
	options->rhosts_authentication = -1;
	options->rhosts_rsa_authentication = -1;
	options->rsa_authentication = -1;
#ifdef KRB4
	options->kerberos_authentication = -1;
	options->kerberos_or_local_passwd = -1;
	options->kerberos_ticket_cleanup = -1;
#endif
#ifdef AFS
	options->kerberos_tgt_passing = -1;
	options->afs_token_passing = -1;
#endif
	options->password_authentication = -1;
#ifdef SKEY
	options->skey_authentication = -1;
#endif
	options->permit_empty_passwd = -1;
	options->use_login = -1;
	options->num_allow_users = 0;
	options->num_deny_users = 0;
	options->num_allow_groups = 0;
	options->num_deny_groups = 0;
}

void 
fill_default_server_options(ServerOptions *options)
{
	if (options->num_ports == 0)
		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	if (options->listen_addrs == NULL)
		add_listen_addr(options, NULL);
	if (options->host_key_file == NULL)
		options->host_key_file = HOST_KEY_FILE;
	if (options->dsa_key_file == NULL)
		options->dsa_key_file = DSA_KEY_FILE;
	if (options->server_key_bits == -1)
		options->server_key_bits = 768;
	if (options->login_grace_time == -1)
		options->login_grace_time = 600;
	if (options->key_regeneration_time == -1)
		options->key_regeneration_time = 3600;
	if (options->permit_root_login == -1)
		options->permit_root_login = 1;			/* yes */
	if (options->ignore_rhosts == -1)
		options->ignore_rhosts = 1;
	if (options->ignore_user_known_hosts == -1)
		options->ignore_user_known_hosts = 0;
	if (options->check_mail == -1)
		options->check_mail = 0;
	if (options->print_motd == -1)
		options->print_motd = 1;
	if (options->x11_forwarding == -1)
		options->x11_forwarding = 0;
	if (options->x11_display_offset == -1)
		options->x11_display_offset = 10;
	if (options->strict_modes == -1)
		options->strict_modes = 1;
	if (options->keepalives == -1)
		options->keepalives = 1;
	if (options->log_facility == (SyslogFacility) (-1))
		options->log_facility = SYSLOG_FACILITY_AUTH;
	if (options->log_level == (LogLevel) (-1))
		options->log_level = SYSLOG_LEVEL_INFO;
	if (options->rhosts_authentication == -1)
		options->rhosts_authentication = 0;
	if (options->rhosts_rsa_authentication == -1)
		options->rhosts_rsa_authentication = 0;
	if (options->rsa_authentication == -1)
		options->rsa_authentication = 1;
#ifdef KRB4
	if (options->kerberos_authentication == -1)
		options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	if (options->kerberos_or_local_passwd == -1)
		options->kerberos_or_local_passwd = 1;
	if (options->kerberos_ticket_cleanup == -1)
		options->kerberos_ticket_cleanup = 1;
#endif /* KRB4 */
#ifdef AFS
	if (options->kerberos_tgt_passing == -1)
		options->kerberos_tgt_passing = 0;
	if (options->afs_token_passing == -1)
		options->afs_token_passing = k_hasafs();
#endif /* AFS */
	if (options->password_authentication == -1)
		options->password_authentication = 1;
#ifdef SKEY
	if (options->skey_authentication == -1)
		options->skey_authentication = 1;
#endif
	if (options->permit_empty_passwd == -1)
		options->permit_empty_passwd = 0;
	if (options->use_login == -1)
		options->use_login = 0;
}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */
typedef enum {
	sBadOption,		/* == unknown option */
	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
	sPermitRootLogin, sLogFacility, sLogLevel,
	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
#ifdef KRB4
	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
#endif
#ifdef AFS
	sKerberosTgtPassing, sAFSTokenPassing,
#endif
#ifdef SKEY
	sSkeyAuthentication,
#endif
	sPasswordAuthentication, sListenAddress,
	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
	sIgnoreUserKnownHosts, sDSAKeyFile
} ServerOpCodes;

/* Textual representation of the tokens. */
static struct {
	const char *name;
	ServerOpCodes opcode;
} keywords[] = {
	{ "port", sPort },
	{ "hostkey", sHostKeyFile },
	{ "dsakey", sDSAKeyFile },
	{ "serverkeybits", sServerKeyBits },
	{ "logingracetime", sLoginGraceTime },
	{ "keyregenerationinterval", sKeyRegenerationTime },
	{ "permitrootlogin", sPermitRootLogin },
	{ "syslogfacility", sLogFacility },
	{ "loglevel", sLogLevel },
	{ "rhostsauthentication", sRhostsAuthentication },
	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	{ "rsaauthentication", sRSAAuthentication },
#ifdef KRB4
	{ "kerberosauthentication", sKerberosAuthentication },
	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	{ "kerberosticketcleanup", sKerberosTicketCleanup },
#endif
#ifdef AFS
	{ "kerberostgtpassing", sKerberosTgtPassing },
	{ "afstokenpassing", sAFSTokenPassing },
#endif
	{ "passwordauthentication", sPasswordAuthentication },
#ifdef SKEY
	{ "skeyauthentication", sSkeyAuthentication },
#endif
	{ "checkmail", sCheckMail },
	{ "listenaddress", sListenAddress },
	{ "printmotd", sPrintMotd },
	{ "ignorerhosts", sIgnoreRhosts },
	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
	{ "x11forwarding", sX11Forwarding },
	{ "x11displayoffset", sX11DisplayOffset },
	{ "strictmodes", sStrictModes },
	{ "permitemptypasswords", sEmptyPasswd },
	{ "uselogin", sUseLogin },
	{ "randomseed", sRandomSeedFile },
	{ "keepalive", sKeepAlives },
	{ "allowusers", sAllowUsers },
	{ "denyusers", sDenyUsers },
	{ "allowgroups", sAllowGroups },
	{ "denygroups", sDenyGroups },
	{ NULL, 0 }
};

/*
 * Returns the number of the token pointed to by cp of length len. Never
 * returns if the token is not known.
 */

static ServerOpCodes 
parse_token(const char *cp, const char *filename,
	    int linenum)
{
	unsigned int i;

	for (i = 0; keywords[i].name; i++)
		if (strcasecmp(cp, keywords[i].name) == 0)
			return keywords[i].opcode;

	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
		filename, linenum, cp);
	return sBadOption;
}

/*
 * add listen address
 */
void 
add_listen_addr(ServerOptions *options, char *addr)
{
	extern int IPv4or6;
	struct addrinfo hints, *ai, *aitop;
	char strport[NI_MAXSERV];
	int gaierr;
	int i;

	if (options->num_ports == 0)
		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	for (i = 0; i < options->num_ports; i++) {
		memset(&hints, 0, sizeof(hints));
		hints.ai_family = IPv4or6;
		hints.ai_socktype = SOCK_STREAM;
		hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
		snprintf(strport, sizeof strport, "%d", options->ports[i]);
		if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
			fatal("bad addr or host: %s (%s)\n",
			    addr ? addr : "<NULL>",
			    gai_strerror(gaierr));
		for (ai = aitop; ai->ai_next; ai = ai->ai_next)
			;
		ai->ai_next = options->listen_addrs;
		options->listen_addrs = aitop;
	}
}

/* Reads the server configuration file. */

void 
read_server_config(ServerOptions *options, const char *filename)
{
	FILE *f;
	char line[1024];
	char *cp, **charptr;
	int linenum, *intptr, value;
	int bad_options = 0;
	ServerOpCodes opcode;

	f = fopen(filename, "r");
	if (!f) {
		perror(filename);
		exit(1);
	}
	linenum = 0;
	while (fgets(line, sizeof(line), f)) {
		linenum++;
		cp = line + strspn(line, WHITESPACE);
		if (!*cp || *cp == '#')
			continue;
		cp = strtok(cp, WHITESPACE);
		opcode = parse_token(cp, filename, linenum);
		switch (opcode) {
		case sBadOption:
			bad_options++;
			continue;
		case sPort:
			/* ignore ports from configfile if cmdline specifies ports */
			if (options->ports_from_cmdline)
				continue;
			if (options->listen_addrs != NULL)
				fatal("%s line %d: ports must be specified before "
				    "ListenAdress.\n", filename, linenum);
			if (options->num_ports >= MAX_PORTS)
				fatal("%s line %d: too many ports.\n",
			            filename, linenum);
			cp = strtok(NULL, WHITESPACE);
			if (!cp)
				fatal("%s line %d: missing port number.\n",
				    filename, linenum);
			options->ports[options->num_ports++] = atoi(cp);
			break;

		case sServerKeyBits:
			intptr = &options->server_key_bits;
parse_int:
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing integer value.\n",
					filename, linenum);
				exit(1);
			}
			value = atoi(cp);
			if (*intptr == -1)
				*intptr = value;
			break;

		case sLoginGraceTime:
			intptr = &options->login_grace_time;
			goto parse_int;

		case sKeyRegenerationTime:
			intptr = &options->key_regeneration_time;
			goto parse_int;

		case sListenAddress:
			cp = strtok(NULL, WHITESPACE);
			if (!cp)
				fatal("%s line %d: missing inet addr.\n",
				    filename, linenum);
			add_listen_addr(options, cp);
			break;

		case sHostKeyFile:
		case sDSAKeyFile:
			charptr = (opcode == sHostKeyFile ) ?
			    &options->host_key_file : &options->dsa_key_file;
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing file name.\n",
					filename, linenum);
				exit(1);
			}
			if (*charptr == NULL)
				*charptr = tilde_expand_filename(cp, getuid());
			break;

		case sRandomSeedFile:
			fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
				filename, linenum);
			cp = strtok(NULL, WHITESPACE);
			break;

		case sPermitRootLogin:
			intptr = &options->permit_root_login;
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
					filename, linenum);
				exit(1);
			}
			if (strcmp(cp, "without-password") == 0)
				value = 2;
			else if (strcmp(cp, "yes") == 0)
				value = 1;
			else if (strcmp(cp, "no") == 0)
				value = 0;
			else {
				fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
					filename, linenum, cp);
				exit(1);
			}
			if (*intptr == -1)
				*intptr = value;
			break;

		case sIgnoreRhosts:
			intptr = &options->ignore_rhosts;
parse_flag:
			cp = strtok(NULL, WHITESPACE);
			if (!cp) {
				fprintf(stderr, "%s line %d: missing yes/no argument.\n",
					filename, linenum);
				exit(1);
			}
			if (strcmp(cp, "yes") == 0)
				value = 1;
			else if (strcmp(cp, "no") == 0)
				value = 0;
			else {
				fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
					filename, linenum, cp);
				exit(1);
			}
			if (*intptr == -1)
				*intptr = value;
			break;

		case sIgnoreUserKnownHosts:
			intptr = &options->ignore_user_known_hosts;
			goto parse_flag;

		case sRhostsAuthentication:
			intptr = &options->rhosts_authentication;
			goto parse_flag;

		case sRhostsRSAAuthentication:
			intptr = &options->rhosts_rsa_authentication;
			goto parse_flag;

		case sRSAAuthentication:
			intptr = &options->rsa_authentication;
			goto parse_flag;

#ifdef KRB4
		case sKerberosAuthentication:
			intptr = &options->kerberos_authentication;
			goto parse_flag;

		case sKerberosOrLocalPasswd:
			intptr = &options->kerberos_or_local_passwd;
			goto parse_flag;

		case sKerberosTicketCleanup:
			intptr = &options->kerberos_ticket_cleanup;
			goto parse_flag;
#endif

#ifdef AFS
		case sKerberosTgtPassing:
			intptr = &options->kerberos_tgt_passing;
			goto parse_flag;

		case sAFSTokenPassing:
			intptr = &options->afs_token_passing;
			goto parse_flag;
#endif

		case sPasswordAuthentication:
			intptr = &options->password_authentication;
			goto parse_flag;

		case sCheckMail:
			intptr = &options->check_mail;
			goto parse_flag;

#ifdef SKEY
		case sSkeyAuthentication:
			intptr = &options->skey_authentication;
			goto parse_flag;
#endif

		case sPrintMotd:
			intptr = &options->print_motd;
			goto parse_flag;

		case sX11Forwarding:
			intptr = &options->x11_forwarding;
			goto parse_flag;

		case sX11DisplayOffset:
			intptr = &options->x11_display_offset;
			goto parse_int;

		case sStrictModes:
			intptr = &options->strict_modes;
			goto parse_flag;

		case sKeepAlives:
			intptr = &options->keepalives;
			goto parse_flag;

		case sEmptyPasswd:
			intptr = &options->permit_empty_passwd;
			goto parse_flag;

		case sUseLogin:
			intptr = &options->use_login;
			goto parse_flag;

		case sLogFacility:
			intptr = (int *) &options->log_facility;
			cp = strtok(NULL, WHITESPACE);
			value = log_facility_number(cp);
			if (value == (SyslogFacility) - 1)
				fatal("%.200s line %d: unsupported log facility '%s'\n",
				  filename, linenum, cp ? cp : "<NONE>");
			if (*intptr == -1)
				*intptr = (SyslogFacility) value;
			break;

		case sLogLevel:
			intptr = (int *) &options->log_level;
			cp = strtok(NULL, WHITESPACE);
			value = log_level_number(cp);
			if (value == (LogLevel) - 1)
				fatal("%.200s line %d: unsupported log level '%s'\n",
				  filename, linenum, cp ? cp : "<NONE>");
			if (*intptr == -1)
				*intptr = (LogLevel) value;
			break;

		case sAllowUsers:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_allow_users >= MAX_ALLOW_USERS) {
					fprintf(stderr, "%s line %d: too many allow users.\n",
						filename, linenum);
					exit(1);
				}
				options->allow_users[options->num_allow_users++] = xstrdup(cp);
			}
			break;

		case sDenyUsers:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_deny_users >= MAX_DENY_USERS) {
					fprintf(stderr, "%s line %d: too many deny users.\n",
						filename, linenum);
					exit(1);
				}
				options->deny_users[options->num_deny_users++] = xstrdup(cp);
			}
			break;

		case sAllowGroups:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
					fprintf(stderr, "%s line %d: too many allow groups.\n",
						filename, linenum);
					exit(1);
				}
				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
			}
			break;

		case sDenyGroups:
			while ((cp = strtok(NULL, WHITESPACE))) {
				if (options->num_deny_groups >= MAX_DENY_GROUPS) {
					fprintf(stderr, "%s line %d: too many deny groups.\n",
						filename, linenum);
					exit(1);
				}
				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
			}
			break;

		default:
			fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
				filename, linenum, cp, opcode);
			exit(1);
		}
		if (strtok(NULL, WHITESPACE) != NULL) {
			fprintf(stderr, "%s line %d: garbage at end of line.\n",
				filename, linenum);
			exit(1);
		}
	}
	fclose(f);
	if (bad_options > 0) {
		fprintf(stderr, "%s: terminating, %d bad configuration options\n",
			filename, bad_options);
		exit(1);
	}
}
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	*
	3	* servconf.c
	4	*
	5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	6	*
	7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	8	* All rights reserved
	9	*
	10	* Created: Mon Aug 21 15:48:58 1995 ylo
	11	*
	12	*/
8efc0c15	13
	14	#include "includes.h"
	15	RCSID("$Id$");
	16
	17	#include "ssh.h"
	18	#include "servconf.h"
	19	#include "xmalloc.h"
	20
48e671d5	21	/* add listen address */
	22	void add_listen_addr(ServerOptions options, char addr);
	23
8efc0c15	24	/* Initializes the server options to their default values. */
8efc0c15	25
5260325f	26	void
5260325f	27	initialize_server_options(ServerOptions *options)
8efc0c15	28	{
5260325f	29	memset(options, 0, sizeof(*options));
48e671d5	30	options->num_ports = 0;
	31	options->ports_from_cmdline = 0;
	32	options->listen_addrs = NULL;
5260325f	33	options->host_key_file = NULL;
e78a59f5	34	options->dsa_key_file = NULL;
5260325f	35	options->server_key_bits = -1;
	36	options->login_grace_time = -1;
	37	options->key_regeneration_time = -1;
	38	options->permit_root_login = -1;
	39	options->ignore_rhosts = -1;
	40	options->ignore_user_known_hosts = -1;
	41	options->print_motd = -1;
	42	options->check_mail = -1;
	43	options->x11_forwarding = -1;
	44	options->x11_display_offset = -1;
	45	options->strict_modes = -1;
	46	options->keepalives = -1;
	47	options->log_facility = (SyslogFacility) - 1;
	48	options->log_level = (LogLevel) - 1;
	49	options->rhosts_authentication = -1;
	50	options->rhosts_rsa_authentication = -1;
	51	options->rsa_authentication = -1;
8efc0c15	52	#ifdef KRB4
5260325f	53	options->kerberos_authentication = -1;
	54	options->kerberos_or_local_passwd = -1;
	55	options->kerberos_ticket_cleanup = -1;
8efc0c15	56	#endif
8efc0c15	57	#ifdef AFS
5260325f	58	options->kerberos_tgt_passing = -1;
5260325f	59	options->afs_token_passing = -1;
8efc0c15	60	#endif
5260325f	61	options->password_authentication = -1;
8efc0c15	62	#ifdef SKEY
5260325f	63	options->skey_authentication = -1;
8efc0c15	64	#endif
5260325f	65	options->permit_empty_passwd = -1;
	66	options->use_login = -1;
	67	options->num_allow_users = 0;
	68	options->num_deny_users = 0;
	69	options->num_allow_groups = 0;
	70	options->num_deny_groups = 0;
8efc0c15	71	}
8efc0c15	72
5260325f	73	void
5260325f	74	fill_default_server_options(ServerOptions *options)
8efc0c15	75	{
48e671d5	76	if (options->num_ports == 0)
	77	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	78	if (options->listen_addrs == NULL)
	79	add_listen_addr(options, NULL);
5260325f	80	if (options->host_key_file == NULL)
5260325f	81	options->host_key_file = HOST_KEY_FILE;
e78a59f5	82	if (options->dsa_key_file == NULL)
e78a59f5	83	options->dsa_key_file = DSA_KEY_FILE;
5260325f	84	if (options->server_key_bits == -1)
	85	options->server_key_bits = 768;
	86	if (options->login_grace_time == -1)
	87	options->login_grace_time = 600;
	88	if (options->key_regeneration_time == -1)
	89	options->key_regeneration_time = 3600;
	90	if (options->permit_root_login == -1)
	91	options->permit_root_login = 1; /* yes */
	92	if (options->ignore_rhosts == -1)
c8d54615	93	options->ignore_rhosts = 1;
5260325f	94	if (options->ignore_user_known_hosts == -1)
	95	options->ignore_user_known_hosts = 0;
	96	if (options->check_mail == -1)
	97	options->check_mail = 0;
	98	if (options->print_motd == -1)
	99	options->print_motd = 1;
	100	if (options->x11_forwarding == -1)
c8d54615	101	options->x11_forwarding = 0;
5260325f	102	if (options->x11_display_offset == -1)
c8d54615	103	options->x11_display_offset = 10;
5260325f	104	if (options->strict_modes == -1)
	105	options->strict_modes = 1;
	106	if (options->keepalives == -1)
	107	options->keepalives = 1;
	108	if (options->log_facility == (SyslogFacility) (-1))
	109	options->log_facility = SYSLOG_FACILITY_AUTH;
	110	if (options->log_level == (LogLevel) (-1))
	111	options->log_level = SYSLOG_LEVEL_INFO;
	112	if (options->rhosts_authentication == -1)
	113	options->rhosts_authentication = 0;
	114	if (options->rhosts_rsa_authentication == -1)
c8d54615	115	options->rhosts_rsa_authentication = 0;
5260325f	116	if (options->rsa_authentication == -1)
5260325f	117	options->rsa_authentication = 1;
8efc0c15	118	#ifdef KRB4
5260325f	119	if (options->kerberos_authentication == -1)
	120	options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
	121	if (options->kerberos_or_local_passwd == -1)
	122	options->kerberos_or_local_passwd = 1;
	123	if (options->kerberos_ticket_cleanup == -1)
	124	options->kerberos_ticket_cleanup = 1;
8efc0c15	125	#endif /* KRB4 */
8efc0c15	126	#ifdef AFS
5260325f	127	if (options->kerberos_tgt_passing == -1)
	128	options->kerberos_tgt_passing = 0;
	129	if (options->afs_token_passing == -1)
	130	options->afs_token_passing = k_hasafs();
8efc0c15	131	#endif /* AFS */
5260325f	132	if (options->password_authentication == -1)
5260325f	133	options->password_authentication = 1;
8efc0c15	134	#ifdef SKEY
5260325f	135	if (options->skey_authentication == -1)
5260325f	136	options->skey_authentication = 1;
8efc0c15	137	#endif
5260325f	138	if (options->permit_empty_passwd == -1)
c8d54615	139	options->permit_empty_passwd = 0;
5260325f	140	if (options->use_login == -1)
5260325f	141	options->use_login = 0;
8efc0c15	142	}
	143
	144	#define WHITESPACE " \t\r\n"
	145
	146	/* Keyword tokens. */
5260325f	147	typedef enum {
	148	sBadOption, /* == unknown option */
	149	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
	150	sPermitRootLogin, sLogFacility, sLogLevel,
	151	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15	152	#ifdef KRB4
5260325f	153	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15	154	#endif
8efc0c15	155	#ifdef AFS
5260325f	156	sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15	157	#endif
8efc0c15	158	#ifdef SKEY
5260325f	159	sSkeyAuthentication,
8efc0c15	160	#endif
5260325f	161	sPasswordAuthentication, sListenAddress,
	162	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
	163	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
	164	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
e78a59f5	165	sIgnoreUserKnownHosts, sDSAKeyFile
8efc0c15	166	} ServerOpCodes;
	167
	168	/* Textual representation of the tokens. */
5260325f	169	static struct {
	170	const char *name;
	171	ServerOpCodes opcode;
	172	} keywords[] = {
	173	{ "port", sPort },
	174	{ "hostkey", sHostKeyFile },
e78a59f5	175	{ "dsakey", sDSAKeyFile },
5260325f	176	{ "serverkeybits", sServerKeyBits },
	177	{ "logingracetime", sLoginGraceTime },
	178	{ "keyregenerationinterval", sKeyRegenerationTime },
	179	{ "permitrootlogin", sPermitRootLogin },
	180	{ "syslogfacility", sLogFacility },
	181	{ "loglevel", sLogLevel },
	182	{ "rhostsauthentication", sRhostsAuthentication },
	183	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
	184	{ "rsaauthentication", sRSAAuthentication },
8efc0c15	185	#ifdef KRB4
5260325f	186	{ "kerberosauthentication", sKerberosAuthentication },
	187	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
	188	{ "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15	189	#endif
8efc0c15	190	#ifdef AFS
5260325f	191	{ "kerberostgtpassing", sKerberosTgtPassing },
5260325f	192	{ "afstokenpassing", sAFSTokenPassing },
8efc0c15	193	#endif
5260325f	194	{ "passwordauthentication", sPasswordAuthentication },
8efc0c15	195	#ifdef SKEY
5260325f	196	{ "skeyauthentication", sSkeyAuthentication },
8efc0c15	197	#endif
5260325f	198	{ "checkmail", sCheckMail },
	199	{ "listenaddress", sListenAddress },
	200	{ "printmotd", sPrintMotd },
	201	{ "ignorerhosts", sIgnoreRhosts },
	202	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
	203	{ "x11forwarding", sX11Forwarding },
	204	{ "x11displayoffset", sX11DisplayOffset },
	205	{ "strictmodes", sStrictModes },
	206	{ "permitemptypasswords", sEmptyPasswd },
	207	{ "uselogin", sUseLogin },
	208	{ "randomseed", sRandomSeedFile },
	209	{ "keepalive", sKeepAlives },
	210	{ "allowusers", sAllowUsers },
	211	{ "denyusers", sDenyUsers },
	212	{ "allowgroups", sAllowGroups },
	213	{ "denygroups", sDenyGroups },
	214	{ NULL, 0 }
8efc0c15	215	};
8efc0c15	216
aa3378df	217	/*
	218	* Returns the number of the token pointed to by cp of length len. Never
	219	* returns if the token is not known.
	220	*/
8efc0c15	221
5260325f	222	static ServerOpCodes
	223	parse_token(const char cp, const char filename,
	224	int linenum)
8efc0c15	225	{
5260325f	226	unsigned int i;
8efc0c15	227
5260325f	228	for (i = 0; keywords[i].name; i++)
aa3378df	229	if (strcasecmp(cp, keywords[i].name) == 0)
5260325f	230	return keywords[i].opcode;
8efc0c15	231
5260325f	232	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
	233	filename, linenum, cp);
	234	return sBadOption;
8efc0c15	235	}
8efc0c15	236
48e671d5	237	/*
	238	* add listen address
	239	*/
	240	void
	241	add_listen_addr(ServerOptions options, char addr)
	242	{
	243	extern int IPv4or6;
	244	struct addrinfo hints, ai, aitop;
	245	char strport[NI_MAXSERV];
	246	int gaierr;
	247	int i;
	248
	249	if (options->num_ports == 0)
	250	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	251	for (i = 0; i < options->num_ports; i++) {
	252	memset(&hints, 0, sizeof(hints));
	253	hints.ai_family = IPv4or6;
	254	hints.ai_socktype = SOCK_STREAM;
	255	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
	256	snprintf(strport, sizeof strport, "%d", options->ports[i]);
	257	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
	258	fatal("bad addr or host: %s (%s)\n",
	259	addr ? addr : "<NULL>",
	260	gai_strerror(gaierr));
	261	for (ai = aitop; ai->ai_next; ai = ai->ai_next)
	262	;
	263	ai->ai_next = options->listen_addrs;
	264	options->listen_addrs = aitop;
	265	}
	266	}
	267
8efc0c15	268	/* Reads the server configuration file. */
8efc0c15	269
5260325f	270	void
5260325f	271	read_server_config(ServerOptions options, const char filename)
8efc0c15	272	{
5260325f	273	FILE *f;
	274	char line[1024];
	275	char cp, *charptr;
	276	int linenum, *intptr, value;
	277	int bad_options = 0;
	278	ServerOpCodes opcode;
	279
	280	f = fopen(filename, "r");
	281	if (!f) {
	282	perror(filename);
8efc0c15	283	exit(1);
5260325f	284	}
	285	linenum = 0;
	286	while (fgets(line, sizeof(line), f)) {
	287	linenum++;
	288	cp = line + strspn(line, WHITESPACE);
	289	if (!cp \|\| cp == '#')
	290	continue;
	291	cp = strtok(cp, WHITESPACE);
5260325f	292	opcode = parse_token(cp, filename, linenum);
	293	switch (opcode) {
	294	case sBadOption:
	295	bad_options++;
	296	continue;
	297	case sPort:
48e671d5	298	/* ignore ports from configfile if cmdline specifies ports */
	299	if (options->ports_from_cmdline)
	300	continue;
	301	if (options->listen_addrs != NULL)
	302	fatal("%s line %d: ports must be specified before "
	303	"ListenAdress.\n", filename, linenum);
	304	if (options->num_ports >= MAX_PORTS)
	305	fatal("%s line %d: too many ports.\n",
	306	filename, linenum);
	307	cp = strtok(NULL, WHITESPACE);
	308	if (!cp)
	309	fatal("%s line %d: missing port number.\n",
	310	filename, linenum);
	311	options->ports[options->num_ports++] = atoi(cp);
	312	break;
	313
	314	case sServerKeyBits:
	315	intptr = &options->server_key_bits;
5260325f	316	parse_int:
	317	cp = strtok(NULL, WHITESPACE);
	318	if (!cp) {
	319	fprintf(stderr, "%s line %d: missing integer value.\n",
	320	filename, linenum);
	321	exit(1);
	322	}
	323	value = atoi(cp);
	324	if (*intptr == -1)
	325	*intptr = value;
	326	break;
	327
5260325f	328	case sLoginGraceTime:
	329	intptr = &options->login_grace_time;
	330	goto parse_int;
	331
	332	case sKeyRegenerationTime:
	333	intptr = &options->key_regeneration_time;
	334	goto parse_int;
	335
	336	case sListenAddress:
	337	cp = strtok(NULL, WHITESPACE);
48e671d5	338	if (!cp)
	339	fatal("%s line %d: missing inet addr.\n",
	340	filename, linenum);
	341	add_listen_addr(options, cp);
5260325f	342	break;
	343
	344	case sHostKeyFile:
e78a59f5	345	case sDSAKeyFile:
	346	charptr = (opcode == sHostKeyFile ) ?
	347	&options->host_key_file : &options->dsa_key_file;
5260325f	348	cp = strtok(NULL, WHITESPACE);
	349	if (!cp) {
	350	fprintf(stderr, "%s line %d: missing file name.\n",
	351	filename, linenum);
	352	exit(1);
	353	}
	354	if (*charptr == NULL)
	355	*charptr = tilde_expand_filename(cp, getuid());
	356	break;
	357
	358	case sRandomSeedFile:
	359	fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
	360	filename, linenum);
	361	cp = strtok(NULL, WHITESPACE);
	362	break;
	363
	364	case sPermitRootLogin:
	365	intptr = &options->permit_root_login;
	366	cp = strtok(NULL, WHITESPACE);
	367	if (!cp) {
	368	fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
	369	filename, linenum);
	370	exit(1);
	371	}
	372	if (strcmp(cp, "without-password") == 0)
	373	value = 2;
	374	else if (strcmp(cp, "yes") == 0)
	375	value = 1;
	376	else if (strcmp(cp, "no") == 0)
	377	value = 0;
	378	else {
	379	fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
	380	filename, linenum, cp);
	381	exit(1);
	382	}
	383	if (*intptr == -1)
	384	*intptr = value;
	385	break;
	386
	387	case sIgnoreRhosts:
	388	intptr = &options->ignore_rhosts;
	389	parse_flag:
	390	cp = strtok(NULL, WHITESPACE);
	391	if (!cp) {
	392	fprintf(stderr, "%s line %d: missing yes/no argument.\n",
	393	filename, linenum);
	394	exit(1);
	395	}
	396	if (strcmp(cp, "yes") == 0)
	397	value = 1;
	398	else if (strcmp(cp, "no") == 0)
	399	value = 0;
	400	else {
	401	fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
	402	filename, linenum, cp);
	403	exit(1);
	404	}
	405	if (*intptr == -1)
	406	*intptr = value;
	407	break;
	408
	409	case sIgnoreUserKnownHosts:
	410	intptr = &options->ignore_user_known_hosts;
c8d54615	411	goto parse_flag;
5260325f	412
	413	case sRhostsAuthentication:
	414	intptr = &options->rhosts_authentication;
	415	goto parse_flag;
	416
	417	case sRhostsRSAAuthentication:
	418	intptr = &options->rhosts_rsa_authentication;
	419	goto parse_flag;
	420
	421	case sRSAAuthentication:
	422	intptr = &options->rsa_authentication;
	423	goto parse_flag;
	424
8efc0c15	425	#ifdef KRB4
5260325f	426	case sKerberosAuthentication:
	427	intptr = &options->kerberos_authentication;
	428	goto parse_flag;
	429
	430	case sKerberosOrLocalPasswd:
	431	intptr = &options->kerberos_or_local_passwd;
	432	goto parse_flag;
	433
	434	case sKerberosTicketCleanup:
	435	intptr = &options->kerberos_ticket_cleanup;
	436	goto parse_flag;
8efc0c15	437	#endif
5260325f	438
8efc0c15	439	#ifdef AFS
5260325f	440	case sKerberosTgtPassing:
	441	intptr = &options->kerberos_tgt_passing;
	442	goto parse_flag;
8efc0c15	443
5260325f	444	case sAFSTokenPassing:
	445	intptr = &options->afs_token_passing;
	446	goto parse_flag;
8efc0c15	447	#endif
8efc0c15	448
5260325f	449	case sPasswordAuthentication:
	450	intptr = &options->password_authentication;
	451	goto parse_flag;
8efc0c15	452
5260325f	453	case sCheckMail:
	454	intptr = &options->check_mail;
	455	goto parse_flag;
8efc0c15	456
8efc0c15	457	#ifdef SKEY
5260325f	458	case sSkeyAuthentication:
	459	intptr = &options->skey_authentication;
	460	goto parse_flag;
8efc0c15	461	#endif
8efc0c15	462
5260325f	463	case sPrintMotd:
	464	intptr = &options->print_motd;
	465	goto parse_flag;
	466
	467	case sX11Forwarding:
	468	intptr = &options->x11_forwarding;
	469	goto parse_flag;
	470
	471	case sX11DisplayOffset:
	472	intptr = &options->x11_display_offset;
	473	goto parse_int;
	474
	475	case sStrictModes:
	476	intptr = &options->strict_modes;
	477	goto parse_flag;
	478
	479	case sKeepAlives:
	480	intptr = &options->keepalives;
	481	goto parse_flag;
	482
	483	case sEmptyPasswd:
	484	intptr = &options->permit_empty_passwd;
	485	goto parse_flag;
	486
	487	case sUseLogin:
	488	intptr = &options->use_login;
	489	goto parse_flag;
	490
	491	case sLogFacility:
	492	intptr = (int *) &options->log_facility;
	493	cp = strtok(NULL, WHITESPACE);
	494	value = log_facility_number(cp);
	495	if (value == (SyslogFacility) - 1)
	496	fatal("%.200s line %d: unsupported log facility '%s'\n",
	497	filename, linenum, cp ? cp : "<NONE>");
	498	if (*intptr == -1)
	499	*intptr = (SyslogFacility) value;
	500	break;
	501
	502	case sLogLevel:
	503	intptr = (int *) &options->log_level;
	504	cp = strtok(NULL, WHITESPACE);
	505	value = log_level_number(cp);
	506	if (value == (LogLevel) - 1)
	507	fatal("%.200s line %d: unsupported log level '%s'\n",
	508	filename, linenum, cp ? cp : "<NONE>");
	509	if (*intptr == -1)
	510	*intptr = (LogLevel) value;
	511	break;
	512
	513	case sAllowUsers:
	514	while ((cp = strtok(NULL, WHITESPACE))) {
	515	if (options->num_allow_users >= MAX_ALLOW_USERS) {
	516	fprintf(stderr, "%s line %d: too many allow users.\n",
	517	filename, linenum);
	518	exit(1);
	519	}
	520	options->allow_users[options->num_allow_users++] = xstrdup(cp);
	521	}
	522	break;
	523
	524	case sDenyUsers:
	525	while ((cp = strtok(NULL, WHITESPACE))) {
	526	if (options->num_deny_users >= MAX_DENY_USERS) {
527	fprintf(stderr, "%s line %d: too many deny users.\n",
528	filename, linenum);
529	exit(1);
530	}
531	options->deny_users[options->num_deny_users++] = xstrdup(cp);
532	}
533	break;
534
535	case sAllowGroups:
536	while ((cp = strtok(NULL, WHITESPACE))) {
537	if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
538	fprintf(stderr, "%s line %d: too many allow groups.\n",
539	filename, linenum);
540	exit(1);
541	}
542	options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
543	}
544	break;
545
546	case sDenyGroups:
547	while ((cp = strtok(NULL, WHITESPACE))) {
548	if (options->num_deny_groups >= MAX_DENY_GROUPS) {
549	fprintf(stderr, "%s line %d: too many deny groups.\n",
550	filename, linenum);
551	exit(1);
552	}
553	options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
554	}
555	break;
556
557	default:
558	fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
559	filename, linenum, cp, opcode);
560	exit(1);
8efc0c15	561	}
5260325f	562	if (strtok(NULL, WHITESPACE) != NULL) {
	563	fprintf(stderr, "%s line %d: garbage at end of line.\n",
	564	filename, linenum);
	565	exit(1);
8efc0c15	566	}
8efc0c15	567	}
5260325f	568	fclose(f);
	569	if (bad_options > 0) {
	570	fprintf(stderr, "%s: terminating, %d bad configuration options\n",
	571	filename, bad_options);
	572	exit(1);
8efc0c15	573	}
8efc0c15	574	}