]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/11/10 13:37:20
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
5c53a31e 13RCSID("$OpenBSD: servconf.c,v 1.89 2001/08/16 19:18:34 jakob Exp $");
42f11eb2 14
46d738cd 15#if defined(KRB4) || defined(KRB5)
42f11eb2 16#include <krb.h>
17#endif
83f46621 18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
396c147e 34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
fa649821 61 options->xauth_location = NULL;
5260325f 62 options->strict_modes = -1;
63 options->keepalives = -1;
64 options->log_facility = (SyslogFacility) - 1;
65 options->log_level = (LogLevel) - 1;
66 options->rhosts_authentication = -1;
67 options->rhosts_rsa_authentication = -1;
8002af61 68 options->hostbased_authentication = -1;
69 options->hostbased_uses_name_from_packet_only = -1;
5260325f 70 options->rsa_authentication = -1;
fa08c86b 71 options->pubkey_authentication = -1;
ced49be2 72#if defined(KRB4) || defined(KRB5)
5260325f 73 options->kerberos_authentication = -1;
74 options->kerberos_or_local_passwd = -1;
75 options->kerberos_ticket_cleanup = -1;
8efc0c15 76#endif
ced49be2 77#if defined(AFS) || defined(KRB5)
5260325f 78 options->kerberos_tgt_passing = -1;
ced49be2 79#endif
80#ifdef AFS
5260325f 81 options->afs_token_passing = -1;
8efc0c15 82#endif
5260325f 83 options->password_authentication = -1;
94ec8c6b 84 options->kbd_interactive_authentication = -1;
5ba55ada 85 options->challenge_response_authentication = -1;
5260325f 86 options->permit_empty_passwd = -1;
87 options->use_login = -1;
33de75a3 88 options->allow_tcp_forwarding = -1;
5260325f 89 options->num_allow_users = 0;
90 options->num_deny_users = 0;
91 options->num_allow_groups = 0;
92 options->num_deny_groups = 0;
a8be9f80 93 options->ciphers = NULL;
b2552997 94 options->macs = NULL;
a8be9f80 95 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 96 options->gateway_ports = -1;
38c295d6 97 options->num_subsystems = 0;
c345cf9d 98 options->max_startups_begin = -1;
99 options->max_startups_rate = -1;
089fbbd2 100 options->max_startups = -1;
eea39c02 101 options->banner = NULL;
61e96248 102 options->reverse_mapping_check = -1;
3ffc6336 103 options->client_alive_interval = -1;
104 options->client_alive_count_max = -1;
c8445989 105 options->authorized_keys_file = NULL;
106 options->authorized_keys_file2 = NULL;
10f72868 107 options->pam_authentication_via_kbd_int = -1;
8efc0c15 108}
109
6ae2364d 110void
5260325f 111fill_default_server_options(ServerOptions *options)
8efc0c15 112{
fa08c86b 113 if (options->protocol == SSH_PROTO_UNKNOWN)
114 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
115 if (options->num_host_key_files == 0) {
116 /* fill default hostkeys for protocols */
117 if (options->protocol & SSH_PROTO_1)
42f11eb2 118 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 119 if (options->protocol & SSH_PROTO_2)
42f11eb2 120 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 121 }
48e671d5 122 if (options->num_ports == 0)
123 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
124 if (options->listen_addrs == NULL)
2d2a2c65 125 add_listen_addr(options, NULL, 0);
0fbe8c74 126 if (options->pid_file == NULL)
42f11eb2 127 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 128 if (options->server_key_bits == -1)
129 options->server_key_bits = 768;
130 if (options->login_grace_time == -1)
131 options->login_grace_time = 600;
132 if (options->key_regeneration_time == -1)
133 options->key_regeneration_time = 3600;
15853e93 134 if (options->permit_root_login == PERMIT_NOT_SET)
135 options->permit_root_login = PERMIT_YES;
5260325f 136 if (options->ignore_rhosts == -1)
c8d54615 137 options->ignore_rhosts = 1;
5260325f 138 if (options->ignore_user_known_hosts == -1)
139 options->ignore_user_known_hosts = 0;
5260325f 140 if (options->print_motd == -1)
141 options->print_motd = 1;
4f4648f9 142 if (options->print_lastlog == -1)
143 options->print_lastlog = 1;
5260325f 144 if (options->x11_forwarding == -1)
c8d54615 145 options->x11_forwarding = 0;
5260325f 146 if (options->x11_display_offset == -1)
c8d54615 147 options->x11_display_offset = 10;
fd9ede94 148#ifdef _PATH_XAUTH
fa649821 149 if (options->xauth_location == NULL)
fd9ede94 150 options->xauth_location = _PATH_XAUTH;
151#endif
5260325f 152 if (options->strict_modes == -1)
153 options->strict_modes = 1;
154 if (options->keepalives == -1)
155 options->keepalives = 1;
156 if (options->log_facility == (SyslogFacility) (-1))
157 options->log_facility = SYSLOG_FACILITY_AUTH;
158 if (options->log_level == (LogLevel) (-1))
59c97189 159 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 160 if (options->rhosts_authentication == -1)
161 options->rhosts_authentication = 0;
162 if (options->rhosts_rsa_authentication == -1)
c8d54615 163 options->rhosts_rsa_authentication = 0;
8002af61 164 if (options->hostbased_authentication == -1)
165 options->hostbased_authentication = 0;
166 if (options->hostbased_uses_name_from_packet_only == -1)
167 options->hostbased_uses_name_from_packet_only = 0;
5260325f 168 if (options->rsa_authentication == -1)
169 options->rsa_authentication = 1;
fa08c86b 170 if (options->pubkey_authentication == -1)
171 options->pubkey_authentication = 1;
ced49be2 172#if defined(KRB4) || defined(KRB5)
5260325f 173 if (options->kerberos_authentication == -1)
174 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
175 if (options->kerberos_or_local_passwd == -1)
176 options->kerberos_or_local_passwd = 1;
177 if (options->kerberos_ticket_cleanup == -1)
178 options->kerberos_ticket_cleanup = 1;
ced49be2 179#endif
180#if defined(AFS) || defined(KRB5)
5260325f 181 if (options->kerberos_tgt_passing == -1)
182 options->kerberos_tgt_passing = 0;
ced49be2 183#endif
184#ifdef AFS
5260325f 185 if (options->afs_token_passing == -1)
186 options->afs_token_passing = k_hasafs();
ced49be2 187#endif
5260325f 188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
94ec8c6b 190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
5ba55ada 192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
5260325f 194 if (options->permit_empty_passwd == -1)
c8d54615 195 options->permit_empty_passwd = 0;
5260325f 196 if (options->use_login == -1)
197 options->use_login = 0;
33de75a3 198 if (options->allow_tcp_forwarding == -1)
199 options->allow_tcp_forwarding = 1;
1d1ffb87 200 if (options->gateway_ports == -1)
201 options->gateway_ports = 0;
089fbbd2 202 if (options->max_startups == -1)
203 options->max_startups = 10;
c345cf9d 204 if (options->max_startups_rate == -1)
205 options->max_startups_rate = 100; /* 100% */
206 if (options->max_startups_begin == -1)
207 options->max_startups_begin = options->max_startups;
61e96248 208 if (options->reverse_mapping_check == -1)
209 options->reverse_mapping_check = 0;
3ffc6336 210 if (options->client_alive_interval == -1)
211 options->client_alive_interval = 0;
212 if (options->client_alive_count_max == -1)
213 options->client_alive_count_max = 3;
c8445989 214 if (options->authorized_keys_file == NULL)
70cd360d 215 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
c8445989 216 if (options->authorized_keys_file2 == NULL)
70cd360d 217 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
10f72868 218 if (options->pam_authentication_via_kbd_int == -1)
219 options->pam_authentication_via_kbd_int = 0;
8efc0c15 220}
221
8efc0c15 222/* Keyword tokens. */
5260325f 223typedef enum {
224 sBadOption, /* == unknown option */
225 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
226 sPermitRootLogin, sLogFacility, sLogLevel,
227 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
ced49be2 228#if defined(KRB4) || defined(KRB5)
5260325f 229 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 230#endif
ced49be2 231#if defined(AFS) || defined(KRB5)
232 sKerberosTgtPassing,
233#endif
8efc0c15 234#ifdef AFS
ced49be2 235 sAFSTokenPassing,
8efc0c15 236#endif
d464095c 237 sChallengeResponseAuthentication,
94ec8c6b 238 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 239 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
240 sX11Forwarding, sX11DisplayOffset,
5c53a31e 241 sStrictModes, sEmptyPasswd, sKeepAlives,
33de75a3 242 sUseLogin, sAllowTcpForwarding,
243 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 244 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 245 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 246 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 247 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
c8445989 248 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
5c53a31e 249 sDeprecated, sPAMAuthenticationViaKbdInt
8efc0c15 250} ServerOpCodes;
251
252/* Textual representation of the tokens. */
5260325f 253static struct {
254 const char *name;
255 ServerOpCodes opcode;
256} keywords[] = {
257 { "port", sPort },
258 { "hostkey", sHostKeyFile },
fa08c86b 259 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 260 { "pidfile", sPidFile },
5260325f 261 { "serverkeybits", sServerKeyBits },
262 { "logingracetime", sLoginGraceTime },
263 { "keyregenerationinterval", sKeyRegenerationTime },
264 { "permitrootlogin", sPermitRootLogin },
265 { "syslogfacility", sLogFacility },
266 { "loglevel", sLogLevel },
267 { "rhostsauthentication", sRhostsAuthentication },
268 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 269 { "hostbasedauthentication", sHostbasedAuthentication },
270 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 271 { "rsaauthentication", sRSAAuthentication },
fa08c86b 272 { "pubkeyauthentication", sPubkeyAuthentication },
273 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
ced49be2 274#if defined(KRB4) || defined(KRB5)
5260325f 275 { "kerberosauthentication", sKerberosAuthentication },
276 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
277 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 278#endif
ced49be2 279#if defined(AFS) || defined(KRB5)
5260325f 280 { "kerberostgtpassing", sKerberosTgtPassing },
ced49be2 281#endif
282#ifdef AFS
5260325f 283 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 284#endif
5260325f 285 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 286 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 287 { "challengeresponseauthentication", sChallengeResponseAuthentication },
288 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5c53a31e 289 { "checkmail", sDeprecated },
5260325f 290 { "listenaddress", sListenAddress },
291 { "printmotd", sPrintMotd },
4f4648f9 292 { "printlastlog", sPrintLastLog },
5260325f 293 { "ignorerhosts", sIgnoreRhosts },
294 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
295 { "x11forwarding", sX11Forwarding },
296 { "x11displayoffset", sX11DisplayOffset },
fa649821 297 { "xauthlocation", sXAuthLocation },
5260325f 298 { "strictmodes", sStrictModes },
299 { "permitemptypasswords", sEmptyPasswd },
300 { "uselogin", sUseLogin },
5260325f 301 { "keepalive", sKeepAlives },
33de75a3 302 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 303 { "allowusers", sAllowUsers },
304 { "denyusers", sDenyUsers },
305 { "allowgroups", sAllowGroups },
306 { "denygroups", sDenyGroups },
a8be9f80 307 { "ciphers", sCiphers },
b2552997 308 { "macs", sMacs },
a8be9f80 309 { "protocol", sProtocol },
1d1ffb87 310 { "gatewayports", sGatewayPorts },
38c295d6 311 { "subsystem", sSubsystem },
089fbbd2 312 { "maxstartups", sMaxStartups },
eea39c02 313 { "banner", sBanner },
61e96248 314 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 315 { "clientaliveinterval", sClientAliveInterval },
316 { "clientalivecountmax", sClientAliveCountMax },
c8445989 317 { "authorizedkeysfile", sAuthorizedKeysFile },
318 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
10f72868 319 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
5260325f 320 { NULL, 0 }
8efc0c15 321};
322
aa3378df 323/*
6be9a5e8 324 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 325 */
8efc0c15 326
6ae2364d 327static ServerOpCodes
5260325f 328parse_token(const char *cp, const char *filename,
329 int linenum)
8efc0c15 330{
1e3b8b07 331 u_int i;
8efc0c15 332
5260325f 333 for (i = 0; keywords[i].name; i++)
aa3378df 334 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 335 return keywords[i].opcode;
8efc0c15 336
b7c70970 337 error("%s: line %d: Bad configuration option: %s",
338 filename, linenum, cp);
5260325f 339 return sBadOption;
8efc0c15 340}
341
396c147e 342static void
2d2a2c65 343add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 344{
48e671d5 345 int i;
346
347 if (options->num_ports == 0)
348 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 349 if (port == 0)
d11c1288 350 for (i = 0; i < options->num_ports; i++)
351 add_one_listen_addr(options, addr, options->ports[i]);
352 else
2d2a2c65 353 add_one_listen_addr(options, addr, port);
d11c1288 354}
355
396c147e 356static void
d11c1288 357add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
358{
359 struct addrinfo hints, *ai, *aitop;
360 char strport[NI_MAXSERV];
361 int gaierr;
362
363 memset(&hints, 0, sizeof(hints));
364 hints.ai_family = IPv4or6;
365 hints.ai_socktype = SOCK_STREAM;
366 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
367 snprintf(strport, sizeof strport, "%d", port);
368 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
369 fatal("bad addr or host: %s (%s)",
370 addr ? addr : "<NULL>",
371 gai_strerror(gaierr));
372 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
373 ;
374 ai->ai_next = options->listen_addrs;
375 options->listen_addrs = aitop;
48e671d5 376}
377
8efc0c15 378/* Reads the server configuration file. */
379
6ae2364d 380void
5260325f 381read_server_config(ServerOptions *options, const char *filename)
8efc0c15 382{
5260325f 383 FILE *f;
384 char line[1024];
d11c1288 385 char *cp, **charptr, *arg, *p;
5260325f 386 int linenum, *intptr, value;
387 int bad_options = 0;
388 ServerOpCodes opcode;
97de229c 389 int i, n;
5260325f 390
391 f = fopen(filename, "r");
392 if (!f) {
393 perror(filename);
8efc0c15 394 exit(1);
5260325f 395 }
396 linenum = 0;
397 while (fgets(line, sizeof(line), f)) {
398 linenum++;
704b1659 399 cp = line;
400 arg = strdelim(&cp);
401 /* Ignore leading whitespace */
402 if (*arg == '\0')
403 arg = strdelim(&cp);
42f11eb2 404 if (!arg || !*arg || *arg == '#')
5260325f 405 continue;
fa08c86b 406 intptr = NULL;
407 charptr = NULL;
089fbbd2 408 opcode = parse_token(arg, filename, linenum);
5260325f 409 switch (opcode) {
410 case sBadOption:
411 bad_options++;
412 continue;
413 case sPort:
48e671d5 414 /* ignore ports from configfile if cmdline specifies ports */
415 if (options->ports_from_cmdline)
416 continue;
417 if (options->listen_addrs != NULL)
418 fatal("%s line %d: ports must be specified before "
c98cab9b 419 "ListenAdress.", filename, linenum);
48e671d5 420 if (options->num_ports >= MAX_PORTS)
54b974dc 421 fatal("%s line %d: too many ports.",
6ae2364d 422 filename, linenum);
704b1659 423 arg = strdelim(&cp);
089fbbd2 424 if (!arg || *arg == '\0')
54b974dc 425 fatal("%s line %d: missing port number.",
48e671d5 426 filename, linenum);
2d2a2c65 427 options->ports[options->num_ports++] = a2port(arg);
428 if (options->ports[options->num_ports-1] == 0)
429 fatal("%s line %d: Badly formatted port number.",
430 filename, linenum);
48e671d5 431 break;
432
433 case sServerKeyBits:
434 intptr = &options->server_key_bits;
5260325f 435parse_int:
704b1659 436 arg = strdelim(&cp);
b7c70970 437 if (!arg || *arg == '\0')
438 fatal("%s line %d: missing integer value.",
439 filename, linenum);
089fbbd2 440 value = atoi(arg);
5260325f 441 if (*intptr == -1)
442 *intptr = value;
443 break;
444
5260325f 445 case sLoginGraceTime:
446 intptr = &options->login_grace_time;
e2b1fb42 447parse_time:
448 arg = strdelim(&cp);
449 if (!arg || *arg == '\0')
450 fatal("%s line %d: missing time value.",
451 filename, linenum);
452 if ((value = convtime(arg)) == -1)
453 fatal("%s line %d: invalid time value.",
454 filename, linenum);
455 if (*intptr == -1)
456 *intptr = value;
457 break;
5260325f 458
459 case sKeyRegenerationTime:
460 intptr = &options->key_regeneration_time;
e2b1fb42 461 goto parse_time;
5260325f 462
463 case sListenAddress:
704b1659 464 arg = strdelim(&cp);
d11c1288 465 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 466 fatal("%s line %d: missing inet addr.",
48e671d5 467 filename, linenum);
d11c1288 468 if (*arg == '[') {
469 if ((p = strchr(arg, ']')) == NULL)
470 fatal("%s line %d: bad ipv6 inet addr usage.",
471 filename, linenum);
472 arg++;
473 memmove(p, p+1, strlen(p+1)+1);
474 } else if (((p = strchr(arg, ':')) == NULL) ||
475 (strchr(p+1, ':') != NULL)) {
2d2a2c65 476 add_listen_addr(options, arg, 0);
d11c1288 477 break;
478 }
479 if (*p == ':') {
2d2a2c65 480 u_short port;
481
d11c1288 482 p++;
483 if (*p == '\0')
484 fatal("%s line %d: bad inet addr:port usage.",
485 filename, linenum);
486 else {
487 *(p-1) = '\0';
2d2a2c65 488 if ((port = a2port(p)) == 0)
489 fatal("%s line %d: bad port number.",
490 filename, linenum);
491 add_listen_addr(options, arg, port);
d11c1288 492 }
493 } else if (*p == '\0')
2d2a2c65 494 add_listen_addr(options, arg, 0);
d11c1288 495 else
496 fatal("%s line %d: bad inet addr usage.",
497 filename, linenum);
5260325f 498 break;
499
500 case sHostKeyFile:
fa08c86b 501 intptr = &options->num_host_key_files;
b7c70970 502 if (*intptr >= MAX_HOSTKEYS)
503 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 504 filename, linenum, MAX_HOSTKEYS);
fa08c86b 505 charptr = &options->host_key_files[*intptr];
fa649821 506parse_filename:
704b1659 507 arg = strdelim(&cp);
b7c70970 508 if (!arg || *arg == '\0')
509 fatal("%s line %d: missing file name.",
0fbe8c74 510 filename, linenum);
fa08c86b 511 if (*charptr == NULL) {
089fbbd2 512 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 513 /* increase optional counter */
514 if (intptr != NULL)
515 *intptr = *intptr + 1;
516 }
0fbe8c74 517 break;
518
519 case sPidFile:
520 charptr = &options->pid_file;
fa649821 521 goto parse_filename;
5260325f 522
5260325f 523 case sPermitRootLogin:
524 intptr = &options->permit_root_login;
704b1659 525 arg = strdelim(&cp);
b7c70970 526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/"
7c8f2a26 528 "without-password/forced-commands-only/no "
b7c70970 529 "argument.", filename, linenum);
530 value = 0; /* silence compiler */
089fbbd2 531 if (strcmp(arg, "without-password") == 0)
15853e93 532 value = PERMIT_NO_PASSWD;
533 else if (strcmp(arg, "forced-commands-only") == 0)
534 value = PERMIT_FORCED_ONLY;
089fbbd2 535 else if (strcmp(arg, "yes") == 0)
15853e93 536 value = PERMIT_YES;
089fbbd2 537 else if (strcmp(arg, "no") == 0)
15853e93 538 value = PERMIT_NO;
b7c70970 539 else
540 fatal("%s line %d: Bad yes/"
15853e93 541 "without-password/forced-commands-only/no "
b7c70970 542 "argument: %s", filename, linenum, arg);
5260325f 543 if (*intptr == -1)
544 *intptr = value;
545 break;
546
547 case sIgnoreRhosts:
548 intptr = &options->ignore_rhosts;
549parse_flag:
704b1659 550 arg = strdelim(&cp);
b7c70970 551 if (!arg || *arg == '\0')
552 fatal("%s line %d: missing yes/no argument.",
553 filename, linenum);
554 value = 0; /* silence compiler */
089fbbd2 555 if (strcmp(arg, "yes") == 0)
5260325f 556 value = 1;
089fbbd2 557 else if (strcmp(arg, "no") == 0)
5260325f 558 value = 0;
b7c70970 559 else
560 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 561 filename, linenum, arg);
5260325f 562 if (*intptr == -1)
563 *intptr = value;
564 break;
565
566 case sIgnoreUserKnownHosts:
567 intptr = &options->ignore_user_known_hosts;
c8d54615 568 goto parse_flag;
5260325f 569
570 case sRhostsAuthentication:
571 intptr = &options->rhosts_authentication;
572 goto parse_flag;
573
574 case sRhostsRSAAuthentication:
575 intptr = &options->rhosts_rsa_authentication;
576 goto parse_flag;
577
8002af61 578 case sHostbasedAuthentication:
579 intptr = &options->hostbased_authentication;
580 goto parse_flag;
581
582 case sHostbasedUsesNameFromPacketOnly:
583 intptr = &options->hostbased_uses_name_from_packet_only;
584 goto parse_flag;
585
5260325f 586 case sRSAAuthentication:
587 intptr = &options->rsa_authentication;
588 goto parse_flag;
589
fa08c86b 590 case sPubkeyAuthentication:
591 intptr = &options->pubkey_authentication;
1d1ffb87 592 goto parse_flag;
ced49be2 593#if defined(KRB4) || defined(KRB5)
5260325f 594 case sKerberosAuthentication:
595 intptr = &options->kerberos_authentication;
596 goto parse_flag;
597
598 case sKerberosOrLocalPasswd:
599 intptr = &options->kerberos_or_local_passwd;
600 goto parse_flag;
601
602 case sKerberosTicketCleanup:
603 intptr = &options->kerberos_ticket_cleanup;
604 goto parse_flag;
8efc0c15 605#endif
ced49be2 606#if defined(AFS) || defined(KRB5)
5260325f 607 case sKerberosTgtPassing:
608 intptr = &options->kerberos_tgt_passing;
609 goto parse_flag;
ced49be2 610#endif
611#ifdef AFS
5260325f 612 case sAFSTokenPassing:
613 intptr = &options->afs_token_passing;
614 goto parse_flag;
8efc0c15 615#endif
616
5260325f 617 case sPasswordAuthentication:
618 intptr = &options->password_authentication;
619 goto parse_flag;
8efc0c15 620
94ec8c6b 621 case sKbdInteractiveAuthentication:
622 intptr = &options->kbd_interactive_authentication;
623 goto parse_flag;
624
d464095c 625 case sChallengeResponseAuthentication:
5ba55ada 626 intptr = &options->challenge_response_authentication;
5260325f 627 goto parse_flag;
8efc0c15 628
5260325f 629 case sPrintMotd:
630 intptr = &options->print_motd;
631 goto parse_flag;
632
4f4648f9 633 case sPrintLastLog:
634 intptr = &options->print_lastlog;
635 goto parse_flag;
636
5260325f 637 case sX11Forwarding:
638 intptr = &options->x11_forwarding;
639 goto parse_flag;
640
641 case sX11DisplayOffset:
642 intptr = &options->x11_display_offset;
643 goto parse_int;
644
fa649821 645 case sXAuthLocation:
646 charptr = &options->xauth_location;
647 goto parse_filename;
2b87da3b 648
5260325f 649 case sStrictModes:
650 intptr = &options->strict_modes;
651 goto parse_flag;
652
653 case sKeepAlives:
654 intptr = &options->keepalives;
655 goto parse_flag;
656
657 case sEmptyPasswd:
658 intptr = &options->permit_empty_passwd;
659 goto parse_flag;
660
661 case sUseLogin:
662 intptr = &options->use_login;
663 goto parse_flag;
664
1d1ffb87 665 case sGatewayPorts:
666 intptr = &options->gateway_ports;
667 goto parse_flag;
668
61e96248 669 case sReverseMappingCheck:
670 intptr = &options->reverse_mapping_check;
671 goto parse_flag;
672
5260325f 673 case sLogFacility:
674 intptr = (int *) &options->log_facility;
704b1659 675 arg = strdelim(&cp);
089fbbd2 676 value = log_facility_number(arg);
5260325f 677 if (value == (SyslogFacility) - 1)
54b974dc 678 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 679 filename, linenum, arg ? arg : "<NONE>");
5260325f 680 if (*intptr == -1)
681 *intptr = (SyslogFacility) value;
682 break;
683
684 case sLogLevel:
685 intptr = (int *) &options->log_level;
704b1659 686 arg = strdelim(&cp);
089fbbd2 687 value = log_level_number(arg);
5260325f 688 if (value == (LogLevel) - 1)
54b974dc 689 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 690 filename, linenum, arg ? arg : "<NONE>");
5260325f 691 if (*intptr == -1)
692 *intptr = (LogLevel) value;
693 break;
694
33de75a3 695 case sAllowTcpForwarding:
696 intptr = &options->allow_tcp_forwarding;
697 goto parse_flag;
698
5260325f 699 case sAllowUsers:
704b1659 700 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 701 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 702 fatal("%s line %d: too many allow users.",
a8be9f80 703 filename, linenum);
089fbbd2 704 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 705 }
706 break;
707
708 case sDenyUsers:
704b1659 709 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 710 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 711 fatal( "%s line %d: too many deny users.",
a8be9f80 712 filename, linenum);
089fbbd2 713 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 714 }
715 break;
716
717 case sAllowGroups:
704b1659 718 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 719 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 720 fatal("%s line %d: too many allow groups.",
a8be9f80 721 filename, linenum);
089fbbd2 722 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 723 }
724 break;
725
726 case sDenyGroups:
704b1659 727 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 728 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 729 fatal("%s line %d: too many deny groups.",
a8be9f80 730 filename, linenum);
089fbbd2 731 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 732 }
733 break;
734
a8be9f80 735 case sCiphers:
704b1659 736 arg = strdelim(&cp);
089fbbd2 737 if (!arg || *arg == '\0')
71276795 738 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 739 if (!ciphers_valid(arg))
d0c832f3 740 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 741 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 742 if (options->ciphers == NULL)
089fbbd2 743 options->ciphers = xstrdup(arg);
a8be9f80 744 break;
745
b2552997 746 case sMacs:
747 arg = strdelim(&cp);
748 if (!arg || *arg == '\0')
749 fatal("%s line %d: Missing argument.", filename, linenum);
750 if (!mac_valid(arg))
751 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
752 filename, linenum, arg ? arg : "<NONE>");
753 if (options->macs == NULL)
754 options->macs = xstrdup(arg);
755 break;
756
a8be9f80 757 case sProtocol:
758 intptr = &options->protocol;
704b1659 759 arg = strdelim(&cp);
089fbbd2 760 if (!arg || *arg == '\0')
71276795 761 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 762 value = proto_spec(arg);
a8be9f80 763 if (value == SSH_PROTO_UNKNOWN)
764 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 765 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 766 if (*intptr == SSH_PROTO_UNKNOWN)
767 *intptr = value;
768 break;
769
38c295d6 770 case sSubsystem:
771 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
772 fatal("%s line %d: too many subsystems defined.",
773 filename, linenum);
774 }
704b1659 775 arg = strdelim(&cp);
089fbbd2 776 if (!arg || *arg == '\0')
38c295d6 777 fatal("%s line %d: Missing subsystem name.",
778 filename, linenum);
779 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 780 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 781 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 782 filename, linenum, arg);
783 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 784 arg = strdelim(&cp);
089fbbd2 785 if (!arg || *arg == '\0')
38c295d6 786 fatal("%s line %d: Missing subsystem command.",
787 filename, linenum);
089fbbd2 788 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 789 options->num_subsystems++;
790 break;
791
089fbbd2 792 case sMaxStartups:
c345cf9d 793 arg = strdelim(&cp);
794 if (!arg || *arg == '\0')
795 fatal("%s line %d: Missing MaxStartups spec.",
796 filename, linenum);
97de229c 797 if ((n = sscanf(arg, "%d:%d:%d",
c345cf9d 798 &options->max_startups_begin,
799 &options->max_startups_rate,
97de229c 800 &options->max_startups)) == 3) {
c345cf9d 801 if (options->max_startups_begin >
802 options->max_startups ||
803 options->max_startups_rate > 100 ||
804 options->max_startups_rate < 1)
97de229c 805 fatal("%s line %d: Illegal MaxStartups spec.",
806 filename, linenum);
807 } else if (n != 1)
c345cf9d 808 fatal("%s line %d: Illegal MaxStartups spec.",
97de229c 809 filename, linenum);
810 else
811 options->max_startups = options->max_startups_begin;
812 break;
089fbbd2 813
eea39c02 814 case sBanner:
815 charptr = &options->banner;
816 goto parse_filename;
c8445989 817 /*
818 * These options can contain %X options expanded at
819 * connect time, so that you can specify paths like:
820 *
821 * AuthorizedKeysFile /etc/ssh_keys/%u
822 */
823 case sAuthorizedKeysFile:
824 case sAuthorizedKeysFile2:
825 charptr = (opcode == sAuthorizedKeysFile ) ?
826 &options->authorized_keys_file :
827 &options->authorized_keys_file2;
828 goto parse_filename;
e2b1fb42 829
3ffc6336 830 case sClientAliveInterval:
831 intptr = &options->client_alive_interval;
e2b1fb42 832 goto parse_time;
833
3ffc6336 834 case sClientAliveCountMax:
835 intptr = &options->client_alive_count_max;
836 goto parse_int;
e2b1fb42 837
5c53a31e 838 case sDeprecated:
839 log("%s line %d: Deprecated option %s",
840 filename, linenum, arg);
841 while(arg)
842 arg = strdelim(&cp);
843 break;
844
10f72868 845 case sPAMAuthenticationViaKbdInt:
846 intptr = &options->pam_authentication_via_kbd_int;
847 goto parse_flag;
848
5260325f 849 default:
b7c70970 850 fatal("%s line %d: Missing handler for opcode %s (%d)",
851 filename, linenum, arg, opcode);
8efc0c15 852 }
b7c70970 853 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
854 fatal("%s line %d: garbage at end of line; \"%.200s\".",
855 filename, linenum, arg);
8efc0c15 856 }
5260325f 857 fclose(f);
b7c70970 858 if (bad_options > 0)
859 fatal("%s: terminating, %d bad configuration options",
860 filename, bad_options);
8efc0c15 861}
git-cvsimport mirror of OpenSSH
This page took 0.732264 seconds and 5 git commands to generate.