]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
a1e30b47 13RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $");
8efc0c15 14
15#include "ssh.h"
42f11eb2 16#include "log.h"
8efc0c15 17#include "servconf.h"
18#include "xmalloc.h"
a8be9f80 19#include "compat.h"
42f11eb2 20#include "pathnames.h"
21#include "tildexpand.h"
22#include "misc.h"
23#include "cipher.h"
b2552997 24#include "kex.h"
25#include "mac.h"
42f11eb2 26
396c147e 27static void add_listen_addr(ServerOptions *, char *, u_short);
28static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 29
42f11eb2 30/* AF_UNSPEC or AF_INET or AF_INET6 */
31extern int IPv4or6;
1853d1ef 32/* Use of privilege separation or not */
33extern int use_privsep;
42f11eb2 34
8efc0c15 35/* Initializes the server options to their default values. */
36
6ae2364d 37void
5260325f 38initialize_server_options(ServerOptions *options)
8efc0c15 39{
5260325f 40 memset(options, 0, sizeof(*options));
e15895cd 41
42 /* Portable-specific options */
7fceb20d 43 options->use_pam = -1;
e15895cd 44
45 /* Standard Options */
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
e6e573bd 61 options->x11_use_localhost = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
fd573618 64 options->tcp_keep_alive = -1;
5eaf8578 65 options->log_facility = SYSLOG_FACILITY_NOT_SET;
66 options->log_level = SYSLOG_LEVEL_NOT_SET;
5260325f 67 options->rhosts_rsa_authentication = -1;
8002af61 68 options->hostbased_authentication = -1;
69 options->hostbased_uses_name_from_packet_only = -1;
5260325f 70 options->rsa_authentication = -1;
fa08c86b 71 options->pubkey_authentication = -1;
5260325f 72 options->kerberos_authentication = -1;
73 options->kerberos_or_local_passwd = -1;
74 options->kerberos_ticket_cleanup = -1;
a1e30b47 75 options->kerberos_get_afs_token = -1;
7364bd04 76 options->gss_authentication=-1;
77 options->gss_cleanup_creds = -1;
5260325f 78 options->password_authentication = -1;
94ec8c6b 79 options->kbd_interactive_authentication = -1;
5ba55ada 80 options->challenge_response_authentication = -1;
5260325f 81 options->permit_empty_passwd = -1;
f00bab84 82 options->permit_user_env = -1;
5260325f 83 options->use_login = -1;
636f76ca 84 options->compression = -1;
33de75a3 85 options->allow_tcp_forwarding = -1;
5260325f 86 options->num_allow_users = 0;
87 options->num_deny_users = 0;
88 options->num_allow_groups = 0;
89 options->num_deny_groups = 0;
a8be9f80 90 options->ciphers = NULL;
b2552997 91 options->macs = NULL;
a8be9f80 92 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 93 options->gateway_ports = -1;
38c295d6 94 options->num_subsystems = 0;
c345cf9d 95 options->max_startups_begin = -1;
96 options->max_startups_rate = -1;
089fbbd2 97 options->max_startups = -1;
eea39c02 98 options->banner = NULL;
c5a7d788 99 options->use_dns = -1;
3ffc6336 100 options->client_alive_interval = -1;
101 options->client_alive_count_max = -1;
c8445989 102 options->authorized_keys_file = NULL;
103 options->authorized_keys_file2 = NULL;
1853d1ef 104
1853d1ef 105 /* Needs to be accessable in many places */
106 use_privsep = -1;
8efc0c15 107}
108
6ae2364d 109void
5260325f 110fill_default_server_options(ServerOptions *options)
8efc0c15 111{
e15895cd 112 /* Portable-specific options */
7fceb20d 113 if (options->use_pam == -1)
0a23d79f 114 options->use_pam = 0;
e15895cd 115
116 /* Standard Options */
fa08c86b 117 if (options->protocol == SSH_PROTO_UNKNOWN)
118 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
119 if (options->num_host_key_files == 0) {
120 /* fill default hostkeys for protocols */
121 if (options->protocol & SSH_PROTO_1)
0f84fe37 122 options->host_key_files[options->num_host_key_files++] =
123 _PATH_HOST_KEY_FILE;
124 if (options->protocol & SSH_PROTO_2) {
125 options->host_key_files[options->num_host_key_files++] =
126 _PATH_HOST_RSA_KEY_FILE;
127 options->host_key_files[options->num_host_key_files++] =
128 _PATH_HOST_DSA_KEY_FILE;
129 }
fa08c86b 130 }
48e671d5 131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
2d2a2c65 134 add_listen_addr(options, NULL, 0);
0fbe8c74 135 if (options->pid_file == NULL)
42f11eb2 136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
3445ca02 140 options->login_grace_time = 120;
5260325f 141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
15853e93 143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
5260325f 145 if (options->ignore_rhosts == -1)
c8d54615 146 options->ignore_rhosts = 1;
5260325f 147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
5260325f 149 if (options->print_motd == -1)
150 options->print_motd = 1;
4f4648f9 151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
5260325f 153 if (options->x11_forwarding == -1)
c8d54615 154 options->x11_forwarding = 0;
5260325f 155 if (options->x11_display_offset == -1)
c8d54615 156 options->x11_display_offset = 10;
e6e573bd 157 if (options->x11_use_localhost == -1)
158 options->x11_use_localhost = 1;
fa649821 159 if (options->xauth_location == NULL)
fd9ede94 160 options->xauth_location = _PATH_XAUTH;
5260325f 161 if (options->strict_modes == -1)
162 options->strict_modes = 1;
fd573618 163 if (options->tcp_keep_alive == -1)
164 options->tcp_keep_alive = 1;
5eaf8578 165 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
5260325f 166 options->log_facility = SYSLOG_FACILITY_AUTH;
5eaf8578 167 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
59c97189 168 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 169 if (options->rhosts_rsa_authentication == -1)
c8d54615 170 options->rhosts_rsa_authentication = 0;
8002af61 171 if (options->hostbased_authentication == -1)
172 options->hostbased_authentication = 0;
173 if (options->hostbased_uses_name_from_packet_only == -1)
174 options->hostbased_uses_name_from_packet_only = 0;
5260325f 175 if (options->rsa_authentication == -1)
176 options->rsa_authentication = 1;
fa08c86b 177 if (options->pubkey_authentication == -1)
178 options->pubkey_authentication = 1;
5260325f 179 if (options->kerberos_authentication == -1)
eadc806d 180 options->kerberos_authentication = 0;
5260325f 181 if (options->kerberos_or_local_passwd == -1)
182 options->kerberos_or_local_passwd = 1;
183 if (options->kerberos_ticket_cleanup == -1)
184 options->kerberos_ticket_cleanup = 1;
a1e30b47 185 if (options->kerberos_get_afs_token == -1)
186 options->kerberos_get_afs_token = 0;
7364bd04 187 if (options->gss_authentication == -1)
188 options->gss_authentication = 0;
189 if (options->gss_cleanup_creds == -1)
190 options->gss_cleanup_creds = 1;
5260325f 191 if (options->password_authentication == -1)
192 options->password_authentication = 1;
94ec8c6b 193 if (options->kbd_interactive_authentication == -1)
194 options->kbd_interactive_authentication = 0;
5ba55ada 195 if (options->challenge_response_authentication == -1)
196 options->challenge_response_authentication = 1;
5260325f 197 if (options->permit_empty_passwd == -1)
c8d54615 198 options->permit_empty_passwd = 0;
f00bab84 199 if (options->permit_user_env == -1)
200 options->permit_user_env = 0;
5260325f 201 if (options->use_login == -1)
202 options->use_login = 0;
636f76ca 203 if (options->compression == -1)
204 options->compression = 1;
33de75a3 205 if (options->allow_tcp_forwarding == -1)
206 options->allow_tcp_forwarding = 1;
1d1ffb87 207 if (options->gateway_ports == -1)
208 options->gateway_ports = 0;
089fbbd2 209 if (options->max_startups == -1)
210 options->max_startups = 10;
c345cf9d 211 if (options->max_startups_rate == -1)
212 options->max_startups_rate = 100; /* 100% */
213 if (options->max_startups_begin == -1)
214 options->max_startups_begin = options->max_startups;
c5a7d788 215 if (options->use_dns == -1)
216 options->use_dns = 1;
3ffc6336 217 if (options->client_alive_interval == -1)
184eed6a 218 options->client_alive_interval = 0;
3ffc6336 219 if (options->client_alive_count_max == -1)
220 options->client_alive_count_max = 3;
5df83e07 221 if (options->authorized_keys_file2 == NULL) {
222 /* authorized_keys_file2 falls back to authorized_keys_file */
223 if (options->authorized_keys_file != NULL)
224 options->authorized_keys_file2 = options->authorized_keys_file;
225 else
226 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
227 }
228 if (options->authorized_keys_file == NULL)
229 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
1853d1ef 230
2ee1b704 231 /* Turn privilege separation on by default */
1853d1ef 232 if (use_privsep == -1)
2ee1b704 233 use_privsep = 1;
e299a298 234
4165b82e 235#ifndef HAVE_MMAP
e299a298 236 if (use_privsep && options->compression == 1) {
237 error("This platform does not support both privilege "
238 "separation and compression");
239 error("Compression disabled");
240 options->compression = 0;
241 }
242#endif
243
8efc0c15 244}
245
8efc0c15 246/* Keyword tokens. */
5260325f 247typedef enum {
248 sBadOption, /* == unknown option */
e15895cd 249 /* Portable-specific options */
7fceb20d 250 sUsePAM,
e15895cd 251 /* Standard Options */
5260325f 252 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
253 sPermitRootLogin, sLogFacility, sLogLevel,
0598d99d 254 sRhostsRSAAuthentication, sRSAAuthentication,
5260325f 255 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
a1e30b47 256 sKerberosGetAFSToken,
1c590258 257 sKerberosTgtPassing, sChallengeResponseAuthentication,
94ec8c6b 258 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 259 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
e6e573bd 260 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
fd573618 261 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
f00bab84 262 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
33de75a3 263 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 264 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 265 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
c5a7d788 266 sBanner, sUseDNS, sHostbasedAuthentication,
184eed6a 267 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 268 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
7364bd04 269 sGssAuthentication, sGssCleanupCreds,
2ea6de2b 270 sUsePrivilegeSeparation,
a2144546 271 sDeprecated, sUnsupported
8efc0c15 272} ServerOpCodes;
273
274/* Textual representation of the tokens. */
5260325f 275static struct {
276 const char *name;
277 ServerOpCodes opcode;
278} keywords[] = {
e15895cd 279 /* Portable-specific options */
b06b11ad 280#ifdef USE_PAM
fe46678b 281 { "usepam", sUsePAM },
b06b11ad 282#else
fe46678b 283 { "usepam", sUnsupported },
b06b11ad 284#endif
fe46678b 285 { "pamauthenticationviakbdint", sDeprecated },
e15895cd 286 /* Standard Options */
5260325f 287 { "port", sPort },
288 { "hostkey", sHostKeyFile },
fa08c86b 289 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 290 { "pidfile", sPidFile },
5260325f 291 { "serverkeybits", sServerKeyBits },
292 { "logingracetime", sLoginGraceTime },
293 { "keyregenerationinterval", sKeyRegenerationTime },
294 { "permitrootlogin", sPermitRootLogin },
295 { "syslogfacility", sLogFacility },
296 { "loglevel", sLogLevel },
0598d99d 297 { "rhostsauthentication", sDeprecated },
5260325f 298 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 299 { "hostbasedauthentication", sHostbasedAuthentication },
300 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 301 { "rsaauthentication", sRSAAuthentication },
fa08c86b 302 { "pubkeyauthentication", sPubkeyAuthentication },
303 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
1c590258 304#ifdef KRB5
5260325f 305 { "kerberosauthentication", sKerberosAuthentication },
306 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
307 { "kerberosticketcleanup", sKerberosTicketCleanup },
a1e30b47 308 { "kerberosgetafstoken", sKerberosGetAFSToken },
a2144546 309#else
310 { "kerberosauthentication", sUnsupported },
311 { "kerberosorlocalpasswd", sUnsupported },
312 { "kerberosticketcleanup", sUnsupported },
a1e30b47 313 { "kerberosgetafstoken", sUnsupported },
a2144546 314#endif
8f73f7bb 315 { "kerberostgtpassing", sUnsupported },
a2144546 316 { "afstokenpassing", sUnsupported },
7364bd04 317#ifdef GSSAPI
318 { "gssapiauthentication", sGssAuthentication },
e377c083 319 { "gssapicleanupcredentials", sGssCleanupCreds },
7364bd04 320#else
321 { "gssapiauthentication", sUnsupported },
e377c083 322 { "gssapicleanupcredentials", sUnsupported },
7364bd04 323#endif
5260325f 324 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 325 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 326 { "challengeresponseauthentication", sChallengeResponseAuthentication },
327 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 328 { "checkmail", sDeprecated },
5260325f 329 { "listenaddress", sListenAddress },
330 { "printmotd", sPrintMotd },
4f4648f9 331 { "printlastlog", sPrintLastLog },
5260325f 332 { "ignorerhosts", sIgnoreRhosts },
333 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
334 { "x11forwarding", sX11Forwarding },
335 { "x11displayoffset", sX11DisplayOffset },
e6e573bd 336 { "x11uselocalhost", sX11UseLocalhost },
fa649821 337 { "xauthlocation", sXAuthLocation },
5260325f 338 { "strictmodes", sStrictModes },
339 { "permitemptypasswords", sEmptyPasswd },
f00bab84 340 { "permituserenvironment", sPermitUserEnvironment },
5260325f 341 { "uselogin", sUseLogin },
636f76ca 342 { "compression", sCompression },
fd573618 343 { "tcpkeepalive", sTCPKeepAlive },
344 { "keepalive", sTCPKeepAlive }, /* obsolete alias */
33de75a3 345 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 346 { "allowusers", sAllowUsers },
347 { "denyusers", sDenyUsers },
348 { "allowgroups", sAllowGroups },
349 { "denygroups", sDenyGroups },
a8be9f80 350 { "ciphers", sCiphers },
b2552997 351 { "macs", sMacs },
a8be9f80 352 { "protocol", sProtocol },
1d1ffb87 353 { "gatewayports", sGatewayPorts },
38c295d6 354 { "subsystem", sSubsystem },
089fbbd2 355 { "maxstartups", sMaxStartups },
eea39c02 356 { "banner", sBanner },
c5a7d788 357 { "usedns", sUseDNS },
358 { "verifyreversemapping", sDeprecated },
359 { "reversemappingcheck", sDeprecated },
3ffc6336 360 { "clientaliveinterval", sClientAliveInterval },
361 { "clientalivecountmax", sClientAliveCountMax },
c8445989 362 { "authorizedkeysfile", sAuthorizedKeysFile },
363 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
1853d1ef 364 { "useprivilegeseparation", sUsePrivilegeSeparation},
17a3011c 365 { NULL, sBadOption }
8efc0c15 366};
367
aa3378df 368/*
6be9a5e8 369 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 370 */
8efc0c15 371
6ae2364d 372static ServerOpCodes
5260325f 373parse_token(const char *cp, const char *filename,
374 int linenum)
8efc0c15 375{
1e3b8b07 376 u_int i;
8efc0c15 377
5260325f 378 for (i = 0; keywords[i].name; i++)
aa3378df 379 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 380 return keywords[i].opcode;
8efc0c15 381
b7c70970 382 error("%s: line %d: Bad configuration option: %s",
383 filename, linenum, cp);
5260325f 384 return sBadOption;
8efc0c15 385}
386
396c147e 387static void
2d2a2c65 388add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 389{
48e671d5 390 int i;
391
392 if (options->num_ports == 0)
393 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 394 if (port == 0)
d11c1288 395 for (i = 0; i < options->num_ports; i++)
396 add_one_listen_addr(options, addr, options->ports[i]);
397 else
2d2a2c65 398 add_one_listen_addr(options, addr, port);
d11c1288 399}
400
396c147e 401static void
d11c1288 402add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
403{
404 struct addrinfo hints, *ai, *aitop;
405 char strport[NI_MAXSERV];
406 int gaierr;
407
408 memset(&hints, 0, sizeof(hints));
409 hints.ai_family = IPv4or6;
410 hints.ai_socktype = SOCK_STREAM;
411 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
7528d467 412 snprintf(strport, sizeof strport, "%u", port);
d11c1288 413 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
414 fatal("bad addr or host: %s (%s)",
415 addr ? addr : "<NULL>",
416 gai_strerror(gaierr));
417 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
418 ;
419 ai->ai_next = options->listen_addrs;
420 options->listen_addrs = aitop;
48e671d5 421}
422
2717fa0f 423int
424process_server_config_line(ServerOptions *options, char *line,
425 const char *filename, int linenum)
8efc0c15 426{
d11c1288 427 char *cp, **charptr, *arg, *p;
7528d467 428 int *intptr, value, i, n;
5260325f 429 ServerOpCodes opcode;
430
2717fa0f 431 cp = line;
432 arg = strdelim(&cp);
433 /* Ignore leading whitespace */
434 if (*arg == '\0')
704b1659 435 arg = strdelim(&cp);
2717fa0f 436 if (!arg || !*arg || *arg == '#')
437 return 0;
438 intptr = NULL;
439 charptr = NULL;
440 opcode = parse_token(arg, filename, linenum);
441 switch (opcode) {
442 /* Portable-specific options */
7fceb20d 443 case sUsePAM:
444 intptr = &options->use_pam;
2717fa0f 445 goto parse_flag;
48e671d5 446
2717fa0f 447 /* Standard Options */
448 case sBadOption:
449 return -1;
450 case sPort:
451 /* ignore ports from configfile if cmdline specifies ports */
452 if (options->ports_from_cmdline)
453 return 0;
454 if (options->listen_addrs != NULL)
455 fatal("%s line %d: ports must be specified before "
3a454b6a 456 "ListenAddress.", filename, linenum);
2717fa0f 457 if (options->num_ports >= MAX_PORTS)
458 fatal("%s line %d: too many ports.",
459 filename, linenum);
460 arg = strdelim(&cp);
461 if (!arg || *arg == '\0')
462 fatal("%s line %d: missing port number.",
463 filename, linenum);
464 options->ports[options->num_ports++] = a2port(arg);
465 if (options->ports[options->num_ports-1] == 0)
466 fatal("%s line %d: Badly formatted port number.",
467 filename, linenum);
468 break;
469
470 case sServerKeyBits:
471 intptr = &options->server_key_bits;
5260325f 472parse_int:
2717fa0f 473 arg = strdelim(&cp);
474 if (!arg || *arg == '\0')
475 fatal("%s line %d: missing integer value.",
476 filename, linenum);
477 value = atoi(arg);
478 if (*intptr == -1)
479 *intptr = value;
480 break;
481
482 case sLoginGraceTime:
483 intptr = &options->login_grace_time;
e2b1fb42 484parse_time:
2717fa0f 485 arg = strdelim(&cp);
486 if (!arg || *arg == '\0')
487 fatal("%s line %d: missing time value.",
488 filename, linenum);
489 if ((value = convtime(arg)) == -1)
490 fatal("%s line %d: invalid time value.",
491 filename, linenum);
492 if (*intptr == -1)
493 *intptr = value;
494 break;
495
496 case sKeyRegenerationTime:
497 intptr = &options->key_regeneration_time;
498 goto parse_time;
499
500 case sListenAddress:
501 arg = strdelim(&cp);
502 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
503 fatal("%s line %d: missing inet addr.",
504 filename, linenum);
505 if (*arg == '[') {
506 if ((p = strchr(arg, ']')) == NULL)
507 fatal("%s line %d: bad ipv6 inet addr usage.",
e2b1fb42 508 filename, linenum);
2717fa0f 509 arg++;
510 memmove(p, p+1, strlen(p+1)+1);
511 } else if (((p = strchr(arg, ':')) == NULL) ||
512 (strchr(p+1, ':') != NULL)) {
513 add_listen_addr(options, arg, 0);
e2b1fb42 514 break;
2717fa0f 515 }
516 if (*p == ':') {
517 u_short port;
5260325f 518
2717fa0f 519 p++;
520 if (*p == '\0')
521 fatal("%s line %d: bad inet addr:port usage.",
48e671d5 522 filename, linenum);
2717fa0f 523 else {
524 *(p-1) = '\0';
525 if ((port = a2port(p)) == 0)
526 fatal("%s line %d: bad port number.",
d11c1288 527 filename, linenum);
2717fa0f 528 add_listen_addr(options, arg, port);
d11c1288 529 }
2717fa0f 530 } else if (*p == '\0')
531 add_listen_addr(options, arg, 0);
532 else
533 fatal("%s line %d: bad inet addr usage.",
534 filename, linenum);
535 break;
536
537 case sHostKeyFile:
538 intptr = &options->num_host_key_files;
539 if (*intptr >= MAX_HOSTKEYS)
540 fatal("%s line %d: too many host keys specified (max %d).",
541 filename, linenum, MAX_HOSTKEYS);
542 charptr = &options->host_key_files[*intptr];
fa649821 543parse_filename:
2717fa0f 544 arg = strdelim(&cp);
545 if (!arg || *arg == '\0')
546 fatal("%s line %d: missing file name.",
547 filename, linenum);
548 if (*charptr == NULL) {
549 *charptr = tilde_expand_filename(arg, getuid());
550 /* increase optional counter */
551 if (intptr != NULL)
552 *intptr = *intptr + 1;
553 }
554 break;
0fbe8c74 555
2717fa0f 556 case sPidFile:
557 charptr = &options->pid_file;
558 goto parse_filename;
5260325f 559
2717fa0f 560 case sPermitRootLogin:
561 intptr = &options->permit_root_login;
562 arg = strdelim(&cp);
563 if (!arg || *arg == '\0')
564 fatal("%s line %d: missing yes/"
565 "without-password/forced-commands-only/no "
566 "argument.", filename, linenum);
567 value = 0; /* silence compiler */
568 if (strcmp(arg, "without-password") == 0)
569 value = PERMIT_NO_PASSWD;
570 else if (strcmp(arg, "forced-commands-only") == 0)
571 value = PERMIT_FORCED_ONLY;
572 else if (strcmp(arg, "yes") == 0)
573 value = PERMIT_YES;
574 else if (strcmp(arg, "no") == 0)
575 value = PERMIT_NO;
576 else
577 fatal("%s line %d: Bad yes/"
578 "without-password/forced-commands-only/no "
579 "argument: %s", filename, linenum, arg);
580 if (*intptr == -1)
581 *intptr = value;
582 break;
583
584 case sIgnoreRhosts:
585 intptr = &options->ignore_rhosts;
5260325f 586parse_flag:
2717fa0f 587 arg = strdelim(&cp);
588 if (!arg || *arg == '\0')
589 fatal("%s line %d: missing yes/no argument.",
590 filename, linenum);
591 value = 0; /* silence compiler */
592 if (strcmp(arg, "yes") == 0)
593 value = 1;
594 else if (strcmp(arg, "no") == 0)
595 value = 0;
596 else
597 fatal("%s line %d: Bad yes/no argument: %s",
598 filename, linenum, arg);
599 if (*intptr == -1)
600 *intptr = value;
601 break;
602
603 case sIgnoreUserKnownHosts:
604 intptr = &options->ignore_user_known_hosts;
605 goto parse_flag;
606
2717fa0f 607 case sRhostsRSAAuthentication:
608 intptr = &options->rhosts_rsa_authentication;
609 goto parse_flag;
610
611 case sHostbasedAuthentication:
612 intptr = &options->hostbased_authentication;
613 goto parse_flag;
614
615 case sHostbasedUsesNameFromPacketOnly:
616 intptr = &options->hostbased_uses_name_from_packet_only;
617 goto parse_flag;
618
619 case sRSAAuthentication:
620 intptr = &options->rsa_authentication;
621 goto parse_flag;
622
623 case sPubkeyAuthentication:
624 intptr = &options->pubkey_authentication;
625 goto parse_flag;
d0ec7f42 626
2717fa0f 627 case sKerberosAuthentication:
628 intptr = &options->kerberos_authentication;
629 goto parse_flag;
5260325f 630
2717fa0f 631 case sKerberosOrLocalPasswd:
632 intptr = &options->kerberos_or_local_passwd;
633 goto parse_flag;
5260325f 634
2717fa0f 635 case sKerberosTicketCleanup:
636 intptr = &options->kerberos_ticket_cleanup;
637 goto parse_flag;
d0ec7f42 638
a1e30b47 639 case sKerberosGetAFSToken:
640 intptr = &options->kerberos_get_afs_token;
641 goto parse_flag;
642
7364bd04 643 case sGssAuthentication:
644 intptr = &options->gss_authentication;
645 goto parse_flag;
646
647 case sGssCleanupCreds:
648 intptr = &options->gss_cleanup_creds;
649 goto parse_flag;
650
2717fa0f 651 case sPasswordAuthentication:
652 intptr = &options->password_authentication;
653 goto parse_flag;
5260325f 654
2717fa0f 655 case sKbdInteractiveAuthentication:
656 intptr = &options->kbd_interactive_authentication;
657 goto parse_flag;
8002af61 658
2717fa0f 659 case sChallengeResponseAuthentication:
660 intptr = &options->challenge_response_authentication;
661 goto parse_flag;
8002af61 662
2717fa0f 663 case sPrintMotd:
664 intptr = &options->print_motd;
665 goto parse_flag;
5260325f 666
2717fa0f 667 case sPrintLastLog:
668 intptr = &options->print_lastlog;
669 goto parse_flag;
5260325f 670
2717fa0f 671 case sX11Forwarding:
672 intptr = &options->x11_forwarding;
673 goto parse_flag;
5260325f 674
2717fa0f 675 case sX11DisplayOffset:
676 intptr = &options->x11_display_offset;
677 goto parse_int;
8efc0c15 678
e6e573bd 679 case sX11UseLocalhost:
680 intptr = &options->x11_use_localhost;
681 goto parse_flag;
682
2717fa0f 683 case sXAuthLocation:
684 charptr = &options->xauth_location;
685 goto parse_filename;
5260325f 686
2717fa0f 687 case sStrictModes:
688 intptr = &options->strict_modes;
689 goto parse_flag;
5260325f 690
fd573618 691 case sTCPKeepAlive:
692 intptr = &options->tcp_keep_alive;
2717fa0f 693 goto parse_flag;
33de75a3 694
2717fa0f 695 case sEmptyPasswd:
696 intptr = &options->permit_empty_passwd;
697 goto parse_flag;
5260325f 698
f00bab84 699 case sPermitUserEnvironment:
700 intptr = &options->permit_user_env;
701 goto parse_flag;
702
2717fa0f 703 case sUseLogin:
704 intptr = &options->use_login;
705 goto parse_flag;
5260325f 706
636f76ca 707 case sCompression:
708 intptr = &options->compression;
709 goto parse_flag;
710
2717fa0f 711 case sGatewayPorts:
712 intptr = &options->gateway_ports;
713 goto parse_flag;
5260325f 714
c5a7d788 715 case sUseDNS:
716 intptr = &options->use_dns;
2717fa0f 717 goto parse_flag;
5260325f 718
2717fa0f 719 case sLogFacility:
720 intptr = (int *) &options->log_facility;
721 arg = strdelim(&cp);
722 value = log_facility_number(arg);
5eaf8578 723 if (value == SYSLOG_FACILITY_NOT_SET)
2717fa0f 724 fatal("%.200s line %d: unsupported log facility '%s'",
725 filename, linenum, arg ? arg : "<NONE>");
726 if (*intptr == -1)
727 *intptr = (SyslogFacility) value;
728 break;
729
730 case sLogLevel:
731 intptr = (int *) &options->log_level;
732 arg = strdelim(&cp);
733 value = log_level_number(arg);
5eaf8578 734 if (value == SYSLOG_LEVEL_NOT_SET)
2717fa0f 735 fatal("%.200s line %d: unsupported log level '%s'",
736 filename, linenum, arg ? arg : "<NONE>");
737 if (*intptr == -1)
738 *intptr = (LogLevel) value;
739 break;
740
741 case sAllowTcpForwarding:
742 intptr = &options->allow_tcp_forwarding;
743 goto parse_flag;
744
1853d1ef 745 case sUsePrivilegeSeparation:
746 intptr = &use_privsep;
747 goto parse_flag;
748
2717fa0f 749 case sAllowUsers:
750 while ((arg = strdelim(&cp)) && *arg != '\0') {
751 if (options->num_allow_users >= MAX_ALLOW_USERS)
752 fatal("%s line %d: too many allow users.",
753 filename, linenum);
7528d467 754 options->allow_users[options->num_allow_users++] =
755 xstrdup(arg);
2717fa0f 756 }
757 break;
a8be9f80 758
2717fa0f 759 case sDenyUsers:
760 while ((arg = strdelim(&cp)) && *arg != '\0') {
761 if (options->num_deny_users >= MAX_DENY_USERS)
762 fatal( "%s line %d: too many deny users.",
763 filename, linenum);
7528d467 764 options->deny_users[options->num_deny_users++] =
765 xstrdup(arg);
2717fa0f 766 }
767 break;
b2552997 768
2717fa0f 769 case sAllowGroups:
770 while ((arg = strdelim(&cp)) && *arg != '\0') {
771 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
772 fatal("%s line %d: too many allow groups.",
773 filename, linenum);
7528d467 774 options->allow_groups[options->num_allow_groups++] =
775 xstrdup(arg);
2717fa0f 776 }
777 break;
a8be9f80 778
2717fa0f 779 case sDenyGroups:
780 while ((arg = strdelim(&cp)) && *arg != '\0') {
781 if (options->num_deny_groups >= MAX_DENY_GROUPS)
782 fatal("%s line %d: too many deny groups.",
783 filename, linenum);
784 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
785 }
786 break;
38c295d6 787
2717fa0f 788 case sCiphers:
789 arg = strdelim(&cp);
790 if (!arg || *arg == '\0')
791 fatal("%s line %d: Missing argument.", filename, linenum);
792 if (!ciphers_valid(arg))
793 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
794 filename, linenum, arg ? arg : "<NONE>");
795 if (options->ciphers == NULL)
796 options->ciphers = xstrdup(arg);
797 break;
798
799 case sMacs:
800 arg = strdelim(&cp);
801 if (!arg || *arg == '\0')
802 fatal("%s line %d: Missing argument.", filename, linenum);
803 if (!mac_valid(arg))
804 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
805 filename, linenum, arg ? arg : "<NONE>");
806 if (options->macs == NULL)
807 options->macs = xstrdup(arg);
808 break;
809
810 case sProtocol:
811 intptr = &options->protocol;
812 arg = strdelim(&cp);
813 if (!arg || *arg == '\0')
814 fatal("%s line %d: Missing argument.", filename, linenum);
815 value = proto_spec(arg);
816 if (value == SSH_PROTO_UNKNOWN)
817 fatal("%s line %d: Bad protocol spec '%s'.",
184eed6a 818 filename, linenum, arg ? arg : "<NONE>");
2717fa0f 819 if (*intptr == SSH_PROTO_UNKNOWN)
820 *intptr = value;
821 break;
822
823 case sSubsystem:
824 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
825 fatal("%s line %d: too many subsystems defined.",
184eed6a 826 filename, linenum);
2717fa0f 827 }
828 arg = strdelim(&cp);
829 if (!arg || *arg == '\0')
830 fatal("%s line %d: Missing subsystem name.",
184eed6a 831 filename, linenum);
2717fa0f 832 for (i = 0; i < options->num_subsystems; i++)
833 if (strcmp(arg, options->subsystem_name[i]) == 0)
834 fatal("%s line %d: Subsystem '%s' already defined.",
184eed6a 835 filename, linenum, arg);
2717fa0f 836 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
837 arg = strdelim(&cp);
838 if (!arg || *arg == '\0')
839 fatal("%s line %d: Missing subsystem command.",
184eed6a 840 filename, linenum);
2717fa0f 841 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
842 options->num_subsystems++;
843 break;
844
845 case sMaxStartups:
846 arg = strdelim(&cp);
847 if (!arg || *arg == '\0')
848 fatal("%s line %d: Missing MaxStartups spec.",
184eed6a 849 filename, linenum);
2717fa0f 850 if ((n = sscanf(arg, "%d:%d:%d",
851 &options->max_startups_begin,
852 &options->max_startups_rate,
853 &options->max_startups)) == 3) {
854 if (options->max_startups_begin >
855 options->max_startups ||
856 options->max_startups_rate > 100 ||
857 options->max_startups_rate < 1)
c345cf9d 858 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 859 filename, linenum);
2717fa0f 860 } else if (n != 1)
861 fatal("%s line %d: Illegal MaxStartups spec.",
862 filename, linenum);
863 else
864 options->max_startups = options->max_startups_begin;
865 break;
866
867 case sBanner:
868 charptr = &options->banner;
869 goto parse_filename;
870 /*
871 * These options can contain %X options expanded at
872 * connect time, so that you can specify paths like:
873 *
874 * AuthorizedKeysFile /etc/ssh_keys/%u
875 */
876 case sAuthorizedKeysFile:
877 case sAuthorizedKeysFile2:
878 charptr = (opcode == sAuthorizedKeysFile ) ?
879 &options->authorized_keys_file :
880 &options->authorized_keys_file2;
881 goto parse_filename;
882
883 case sClientAliveInterval:
884 intptr = &options->client_alive_interval;
885 goto parse_time;
886
887 case sClientAliveCountMax:
888 intptr = &options->client_alive_count_max;
889 goto parse_int;
890
891 case sDeprecated:
bbe88b6d 892 logit("%s line %d: Deprecated option %s",
2717fa0f 893 filename, linenum, arg);
894 while (arg)
895 arg = strdelim(&cp);
896 break;
897
a2144546 898 case sUnsupported:
899 logit("%s line %d: Unsupported option %s",
900 filename, linenum, arg);
901 while (arg)
902 arg = strdelim(&cp);
903 break;
904
2717fa0f 905 default:
906 fatal("%s line %d: Missing handler for opcode %s (%d)",
907 filename, linenum, arg, opcode);
908 }
909 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
910 fatal("%s line %d: garbage at end of line; \"%.200s\".",
911 filename, linenum, arg);
912 return 0;
913}
089fbbd2 914
2717fa0f 915/* Reads the server configuration file. */
5c53a31e 916
2717fa0f 917void
918read_server_config(ServerOptions *options, const char *filename)
919{
7528d467 920 int linenum, bad_options = 0;
2717fa0f 921 char line[1024];
7528d467 922 FILE *f;
2717fa0f 923
34934506 924 debug2("read_server_config: filename %s", filename);
2717fa0f 925 f = fopen(filename, "r");
926 if (!f) {
927 perror(filename);
928 exit(1);
929 }
930 linenum = 0;
931 while (fgets(line, sizeof(line), f)) {
932 /* Update line number counter. */
933 linenum++;
934 if (process_server_config_line(options, line, filename, linenum) != 0)
935 bad_options++;
8efc0c15 936 }
5260325f 937 fclose(f);
b7c70970 938 if (bad_options > 0)
939 fatal("%s: terminating, %d bad configuration options",
940 filename, bad_options);
8efc0c15 941}
git-cvsimport mirror of OpenSSH
This page took 0.418951 seconds and 5 git commands to generate.