]> andersk Git - openssh.git/blame - servconf.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (bal) Whitespace resync w/ OpenBSD for uidswap.c
[openssh.git] / servconf.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
6ae2364d 4 *
bcbf86ec 5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
5260325f 10 */
8efc0c15 11
12#include "includes.h"
b7c70970 13RCSID("$OpenBSD: servconf.c,v 1.78 2001/04/15 21:28:35 stevesk Exp $");
42f11eb2 14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
8efc0c15 21
22#include "ssh.h"
42f11eb2 23#include "log.h"
8efc0c15 24#include "servconf.h"
25#include "xmalloc.h"
a8be9f80 26#include "compat.h"
42f11eb2 27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
b2552997 31#include "kex.h"
32#include "mac.h"
42f11eb2 33
2d2a2c65 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
d11c1288 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
48e671d5 36
42f11eb2 37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
8efc0c15 40/* Initializes the server options to their default values. */
41
6ae2364d 42void
5260325f 43initialize_server_options(ServerOptions *options)
8efc0c15 44{
5260325f 45 memset(options, 0, sizeof(*options));
48e671d5 46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
fa08c86b 49 options->num_host_key_files = 0;
0fbe8c74 50 options->pid_file = NULL;
5260325f 51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
15853e93 54 options->permit_root_login = PERMIT_NOT_SET;
5260325f 55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
4f4648f9 58 options->print_lastlog = -1;
5260325f 59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
fa649821 62 options->xauth_location = NULL;
5260325f 63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
8002af61 69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
5260325f 71 options->rsa_authentication = -1;
fa08c86b 72 options->pubkey_authentication = -1;
8efc0c15 73#ifdef KRB4
5260325f 74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
8efc0c15 77#endif
78#ifdef AFS
5260325f 79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
8efc0c15 81#endif
5260325f 82 options->password_authentication = -1;
94ec8c6b 83 options->kbd_interactive_authentication = -1;
d464095c 84 options->challenge_reponse_authentication = -1;
5260325f 85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
33de75a3 87 options->allow_tcp_forwarding = -1;
5260325f 88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
a8be9f80 92 options->ciphers = NULL;
b2552997 93 options->macs = NULL;
a8be9f80 94 options->protocol = SSH_PROTO_UNKNOWN;
1d1ffb87 95 options->gateway_ports = -1;
38c295d6 96 options->num_subsystems = 0;
c345cf9d 97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
089fbbd2 99 options->max_startups = -1;
eea39c02 100 options->banner = NULL;
61e96248 101 options->reverse_mapping_check = -1;
3ffc6336 102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
8efc0c15 104}
105
6ae2364d 106void
5260325f 107fill_default_server_options(ServerOptions *options)
8efc0c15 108{
fa08c86b 109 if (options->protocol == SSH_PROTO_UNKNOWN)
110 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
111 if (options->num_host_key_files == 0) {
112 /* fill default hostkeys for protocols */
113 if (options->protocol & SSH_PROTO_1)
42f11eb2 114 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
fa08c86b 115 if (options->protocol & SSH_PROTO_2)
42f11eb2 116 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
fa08c86b 117 }
48e671d5 118 if (options->num_ports == 0)
119 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
120 if (options->listen_addrs == NULL)
2d2a2c65 121 add_listen_addr(options, NULL, 0);
0fbe8c74 122 if (options->pid_file == NULL)
42f11eb2 123 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
5260325f 124 if (options->server_key_bits == -1)
125 options->server_key_bits = 768;
126 if (options->login_grace_time == -1)
127 options->login_grace_time = 600;
128 if (options->key_regeneration_time == -1)
129 options->key_regeneration_time = 3600;
15853e93 130 if (options->permit_root_login == PERMIT_NOT_SET)
131 options->permit_root_login = PERMIT_YES;
5260325f 132 if (options->ignore_rhosts == -1)
c8d54615 133 options->ignore_rhosts = 1;
5260325f 134 if (options->ignore_user_known_hosts == -1)
135 options->ignore_user_known_hosts = 0;
136 if (options->check_mail == -1)
137 options->check_mail = 0;
138 if (options->print_motd == -1)
139 options->print_motd = 1;
4f4648f9 140 if (options->print_lastlog == -1)
141 options->print_lastlog = 1;
5260325f 142 if (options->x11_forwarding == -1)
c8d54615 143 options->x11_forwarding = 0;
5260325f 144 if (options->x11_display_offset == -1)
c8d54615 145 options->x11_display_offset = 10;
fa649821 146#ifdef XAUTH_PATH
147 if (options->xauth_location == NULL)
148 options->xauth_location = XAUTH_PATH;
149#endif /* XAUTH_PATH */
5260325f 150 if (options->strict_modes == -1)
151 options->strict_modes = 1;
152 if (options->keepalives == -1)
153 options->keepalives = 1;
154 if (options->log_facility == (SyslogFacility) (-1))
155 options->log_facility = SYSLOG_FACILITY_AUTH;
156 if (options->log_level == (LogLevel) (-1))
59c97189 157 options->log_level = SYSLOG_LEVEL_INFO;
5260325f 158 if (options->rhosts_authentication == -1)
159 options->rhosts_authentication = 0;
160 if (options->rhosts_rsa_authentication == -1)
c8d54615 161 options->rhosts_rsa_authentication = 0;
8002af61 162 if (options->hostbased_authentication == -1)
163 options->hostbased_authentication = 0;
164 if (options->hostbased_uses_name_from_packet_only == -1)
165 options->hostbased_uses_name_from_packet_only = 0;
5260325f 166 if (options->rsa_authentication == -1)
167 options->rsa_authentication = 1;
fa08c86b 168 if (options->pubkey_authentication == -1)
169 options->pubkey_authentication = 1;
8efc0c15 170#ifdef KRB4
5260325f 171 if (options->kerberos_authentication == -1)
172 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
173 if (options->kerberos_or_local_passwd == -1)
174 options->kerberos_or_local_passwd = 1;
175 if (options->kerberos_ticket_cleanup == -1)
176 options->kerberos_ticket_cleanup = 1;
8efc0c15 177#endif /* KRB4 */
178#ifdef AFS
5260325f 179 if (options->kerberos_tgt_passing == -1)
180 options->kerberos_tgt_passing = 0;
181 if (options->afs_token_passing == -1)
182 options->afs_token_passing = k_hasafs();
8efc0c15 183#endif /* AFS */
5260325f 184 if (options->password_authentication == -1)
185 options->password_authentication = 1;
94ec8c6b 186 if (options->kbd_interactive_authentication == -1)
187 options->kbd_interactive_authentication = 0;
d464095c 188 if (options->challenge_reponse_authentication == -1)
189 options->challenge_reponse_authentication = 1;
5260325f 190 if (options->permit_empty_passwd == -1)
c8d54615 191 options->permit_empty_passwd = 0;
5260325f 192 if (options->use_login == -1)
193 options->use_login = 0;
33de75a3 194 if (options->allow_tcp_forwarding == -1)
195 options->allow_tcp_forwarding = 1;
1d1ffb87 196 if (options->gateway_ports == -1)
197 options->gateway_ports = 0;
089fbbd2 198 if (options->max_startups == -1)
199 options->max_startups = 10;
c345cf9d 200 if (options->max_startups_rate == -1)
201 options->max_startups_rate = 100; /* 100% */
202 if (options->max_startups_begin == -1)
203 options->max_startups_begin = options->max_startups;
61e96248 204 if (options->reverse_mapping_check == -1)
205 options->reverse_mapping_check = 0;
3ffc6336 206 if (options->client_alive_interval == -1)
207 options->client_alive_interval = 0;
208 if (options->client_alive_count_max == -1)
209 options->client_alive_count_max = 3;
8efc0c15 210}
211
8efc0c15 212/* Keyword tokens. */
5260325f 213typedef enum {
214 sBadOption, /* == unknown option */
215 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
216 sPermitRootLogin, sLogFacility, sLogLevel,
217 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
8efc0c15 218#ifdef KRB4
5260325f 219 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
8efc0c15 220#endif
221#ifdef AFS
5260325f 222 sKerberosTgtPassing, sAFSTokenPassing,
8efc0c15 223#endif
d464095c 224 sChallengeResponseAuthentication,
94ec8c6b 225 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
4f4648f9 226 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
227 sX11Forwarding, sX11DisplayOffset,
9c81df4c 228 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
33de75a3 229 sUseLogin, sAllowTcpForwarding,
230 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
b2552997 231 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
fa08c86b 232 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
8002af61 233 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
3ffc6336 234 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
235 sClientAliveCountMax
8efc0c15 236} ServerOpCodes;
237
238/* Textual representation of the tokens. */
5260325f 239static struct {
240 const char *name;
241 ServerOpCodes opcode;
242} keywords[] = {
243 { "port", sPort },
244 { "hostkey", sHostKeyFile },
fa08c86b 245 { "hostdsakey", sHostKeyFile }, /* alias */
2b87da3b 246 { "pidfile", sPidFile },
5260325f 247 { "serverkeybits", sServerKeyBits },
248 { "logingracetime", sLoginGraceTime },
249 { "keyregenerationinterval", sKeyRegenerationTime },
250 { "permitrootlogin", sPermitRootLogin },
251 { "syslogfacility", sLogFacility },
252 { "loglevel", sLogLevel },
253 { "rhostsauthentication", sRhostsAuthentication },
254 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
8002af61 255 { "hostbasedauthentication", sHostbasedAuthentication },
256 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
5260325f 257 { "rsaauthentication", sRSAAuthentication },
fa08c86b 258 { "pubkeyauthentication", sPubkeyAuthentication },
259 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
8efc0c15 260#ifdef KRB4
5260325f 261 { "kerberosauthentication", sKerberosAuthentication },
262 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
263 { "kerberosticketcleanup", sKerberosTicketCleanup },
8efc0c15 264#endif
265#ifdef AFS
5260325f 266 { "kerberostgtpassing", sKerberosTgtPassing },
267 { "afstokenpassing", sAFSTokenPassing },
8efc0c15 268#endif
5260325f 269 { "passwordauthentication", sPasswordAuthentication },
94ec8c6b 270 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
d464095c 271 { "challengeresponseauthentication", sChallengeResponseAuthentication },
272 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
5260325f 273 { "checkmail", sCheckMail },
274 { "listenaddress", sListenAddress },
275 { "printmotd", sPrintMotd },
4f4648f9 276 { "printlastlog", sPrintLastLog },
5260325f 277 { "ignorerhosts", sIgnoreRhosts },
278 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
279 { "x11forwarding", sX11Forwarding },
280 { "x11displayoffset", sX11DisplayOffset },
fa649821 281 { "xauthlocation", sXAuthLocation },
5260325f 282 { "strictmodes", sStrictModes },
283 { "permitemptypasswords", sEmptyPasswd },
284 { "uselogin", sUseLogin },
5260325f 285 { "keepalive", sKeepAlives },
33de75a3 286 { "allowtcpforwarding", sAllowTcpForwarding },
5260325f 287 { "allowusers", sAllowUsers },
288 { "denyusers", sDenyUsers },
289 { "allowgroups", sAllowGroups },
290 { "denygroups", sDenyGroups },
a8be9f80 291 { "ciphers", sCiphers },
b2552997 292 { "macs", sMacs },
a8be9f80 293 { "protocol", sProtocol },
1d1ffb87 294 { "gatewayports", sGatewayPorts },
38c295d6 295 { "subsystem", sSubsystem },
089fbbd2 296 { "maxstartups", sMaxStartups },
eea39c02 297 { "banner", sBanner },
61e96248 298 { "reversemappingcheck", sReverseMappingCheck },
3ffc6336 299 { "clientaliveinterval", sClientAliveInterval },
300 { "clientalivecountmax", sClientAliveCountMax },
5260325f 301 { NULL, 0 }
8efc0c15 302};
303
aa3378df 304/*
6be9a5e8 305 * Returns the number of the token pointed to by cp or sBadOption.
aa3378df 306 */
8efc0c15 307
6ae2364d 308static ServerOpCodes
5260325f 309parse_token(const char *cp, const char *filename,
310 int linenum)
8efc0c15 311{
1e3b8b07 312 u_int i;
8efc0c15 313
5260325f 314 for (i = 0; keywords[i].name; i++)
aa3378df 315 if (strcasecmp(cp, keywords[i].name) == 0)
5260325f 316 return keywords[i].opcode;
8efc0c15 317
b7c70970 318 error("%s: line %d: Bad configuration option: %s",
319 filename, linenum, cp);
5260325f 320 return sBadOption;
8efc0c15 321}
322
6ae2364d 323void
2d2a2c65 324add_listen_addr(ServerOptions *options, char *addr, u_short port)
48e671d5 325{
48e671d5 326 int i;
327
328 if (options->num_ports == 0)
329 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2d2a2c65 330 if (port == 0)
d11c1288 331 for (i = 0; i < options->num_ports; i++)
332 add_one_listen_addr(options, addr, options->ports[i]);
333 else
2d2a2c65 334 add_one_listen_addr(options, addr, port);
d11c1288 335}
336
337void
338add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
339{
340 struct addrinfo hints, *ai, *aitop;
341 char strport[NI_MAXSERV];
342 int gaierr;
343
344 memset(&hints, 0, sizeof(hints));
345 hints.ai_family = IPv4or6;
346 hints.ai_socktype = SOCK_STREAM;
347 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
348 snprintf(strport, sizeof strport, "%d", port);
349 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
350 fatal("bad addr or host: %s (%s)",
351 addr ? addr : "<NULL>",
352 gai_strerror(gaierr));
353 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
354 ;
355 ai->ai_next = options->listen_addrs;
356 options->listen_addrs = aitop;
48e671d5 357}
358
8efc0c15 359/* Reads the server configuration file. */
360
6ae2364d 361void
5260325f 362read_server_config(ServerOptions *options, const char *filename)
8efc0c15 363{
5260325f 364 FILE *f;
365 char line[1024];
d11c1288 366 char *cp, **charptr, *arg, *p;
5260325f 367 int linenum, *intptr, value;
368 int bad_options = 0;
369 ServerOpCodes opcode;
38c295d6 370 int i;
5260325f 371
372 f = fopen(filename, "r");
373 if (!f) {
374 perror(filename);
8efc0c15 375 exit(1);
5260325f 376 }
377 linenum = 0;
378 while (fgets(line, sizeof(line), f)) {
379 linenum++;
704b1659 380 cp = line;
381 arg = strdelim(&cp);
382 /* Ignore leading whitespace */
383 if (*arg == '\0')
384 arg = strdelim(&cp);
42f11eb2 385 if (!arg || !*arg || *arg == '#')
5260325f 386 continue;
fa08c86b 387 intptr = NULL;
388 charptr = NULL;
089fbbd2 389 opcode = parse_token(arg, filename, linenum);
5260325f 390 switch (opcode) {
391 case sBadOption:
392 bad_options++;
393 continue;
394 case sPort:
48e671d5 395 /* ignore ports from configfile if cmdline specifies ports */
396 if (options->ports_from_cmdline)
397 continue;
398 if (options->listen_addrs != NULL)
399 fatal("%s line %d: ports must be specified before "
400 "ListenAdress.\n", filename, linenum);
401 if (options->num_ports >= MAX_PORTS)
54b974dc 402 fatal("%s line %d: too many ports.",
6ae2364d 403 filename, linenum);
704b1659 404 arg = strdelim(&cp);
089fbbd2 405 if (!arg || *arg == '\0')
54b974dc 406 fatal("%s line %d: missing port number.",
48e671d5 407 filename, linenum);
2d2a2c65 408 options->ports[options->num_ports++] = a2port(arg);
409 if (options->ports[options->num_ports-1] == 0)
410 fatal("%s line %d: Badly formatted port number.",
411 filename, linenum);
48e671d5 412 break;
413
414 case sServerKeyBits:
415 intptr = &options->server_key_bits;
5260325f 416parse_int:
704b1659 417 arg = strdelim(&cp);
b7c70970 418 if (!arg || *arg == '\0')
419 fatal("%s line %d: missing integer value.",
420 filename, linenum);
089fbbd2 421 value = atoi(arg);
5260325f 422 if (*intptr == -1)
423 *intptr = value;
424 break;
425
5260325f 426 case sLoginGraceTime:
427 intptr = &options->login_grace_time;
428 goto parse_int;
429
430 case sKeyRegenerationTime:
431 intptr = &options->key_regeneration_time;
432 goto parse_int;
433
434 case sListenAddress:
704b1659 435 arg = strdelim(&cp);
d11c1288 436 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
54b974dc 437 fatal("%s line %d: missing inet addr.",
48e671d5 438 filename, linenum);
d11c1288 439 if (*arg == '[') {
440 if ((p = strchr(arg, ']')) == NULL)
441 fatal("%s line %d: bad ipv6 inet addr usage.",
442 filename, linenum);
443 arg++;
444 memmove(p, p+1, strlen(p+1)+1);
445 } else if (((p = strchr(arg, ':')) == NULL) ||
446 (strchr(p+1, ':') != NULL)) {
2d2a2c65 447 add_listen_addr(options, arg, 0);
d11c1288 448 break;
449 }
450 if (*p == ':') {
2d2a2c65 451 u_short port;
452
d11c1288 453 p++;
454 if (*p == '\0')
455 fatal("%s line %d: bad inet addr:port usage.",
456 filename, linenum);
457 else {
458 *(p-1) = '\0';
2d2a2c65 459 if ((port = a2port(p)) == 0)
460 fatal("%s line %d: bad port number.",
461 filename, linenum);
462 add_listen_addr(options, arg, port);
d11c1288 463 }
464 } else if (*p == '\0')
2d2a2c65 465 add_listen_addr(options, arg, 0);
d11c1288 466 else
467 fatal("%s line %d: bad inet addr usage.",
468 filename, linenum);
5260325f 469 break;
470
471 case sHostKeyFile:
fa08c86b 472 intptr = &options->num_host_key_files;
b7c70970 473 if (*intptr >= MAX_HOSTKEYS)
474 fatal("%s line %d: too many host keys specified (max %d).",
fa08c86b 475 filename, linenum, MAX_HOSTKEYS);
fa08c86b 476 charptr = &options->host_key_files[*intptr];
fa649821 477parse_filename:
704b1659 478 arg = strdelim(&cp);
b7c70970 479 if (!arg || *arg == '\0')
480 fatal("%s line %d: missing file name.",
0fbe8c74 481 filename, linenum);
fa08c86b 482 if (*charptr == NULL) {
089fbbd2 483 *charptr = tilde_expand_filename(arg, getuid());
fa08c86b 484 /* increase optional counter */
485 if (intptr != NULL)
486 *intptr = *intptr + 1;
487 }
0fbe8c74 488 break;
489
490 case sPidFile:
491 charptr = &options->pid_file;
fa649821 492 goto parse_filename;
5260325f 493
5260325f 494 case sPermitRootLogin:
495 intptr = &options->permit_root_login;
704b1659 496 arg = strdelim(&cp);
b7c70970 497 if (!arg || *arg == '\0')
498 fatal("%s line %d: missing yes/"
7c8f2a26 499 "without-password/forced-commands-only/no "
b7c70970 500 "argument.", filename, linenum);
501 value = 0; /* silence compiler */
089fbbd2 502 if (strcmp(arg, "without-password") == 0)
15853e93 503 value = PERMIT_NO_PASSWD;
504 else if (strcmp(arg, "forced-commands-only") == 0)
505 value = PERMIT_FORCED_ONLY;
089fbbd2 506 else if (strcmp(arg, "yes") == 0)
15853e93 507 value = PERMIT_YES;
089fbbd2 508 else if (strcmp(arg, "no") == 0)
15853e93 509 value = PERMIT_NO;
b7c70970 510 else
511 fatal("%s line %d: Bad yes/"
15853e93 512 "without-password/forced-commands-only/no "
b7c70970 513 "argument: %s", filename, linenum, arg);
5260325f 514 if (*intptr == -1)
515 *intptr = value;
516 break;
517
518 case sIgnoreRhosts:
519 intptr = &options->ignore_rhosts;
520parse_flag:
704b1659 521 arg = strdelim(&cp);
b7c70970 522 if (!arg || *arg == '\0')
523 fatal("%s line %d: missing yes/no argument.",
524 filename, linenum);
525 value = 0; /* silence compiler */
089fbbd2 526 if (strcmp(arg, "yes") == 0)
5260325f 527 value = 1;
089fbbd2 528 else if (strcmp(arg, "no") == 0)
5260325f 529 value = 0;
b7c70970 530 else
531 fatal("%s line %d: Bad yes/no argument: %s",
089fbbd2 532 filename, linenum, arg);
5260325f 533 if (*intptr == -1)
534 *intptr = value;
535 break;
536
537 case sIgnoreUserKnownHosts:
538 intptr = &options->ignore_user_known_hosts;
c8d54615 539 goto parse_flag;
5260325f 540
541 case sRhostsAuthentication:
542 intptr = &options->rhosts_authentication;
543 goto parse_flag;
544
545 case sRhostsRSAAuthentication:
546 intptr = &options->rhosts_rsa_authentication;
547 goto parse_flag;
548
8002af61 549 case sHostbasedAuthentication:
550 intptr = &options->hostbased_authentication;
551 goto parse_flag;
552
553 case sHostbasedUsesNameFromPacketOnly:
554 intptr = &options->hostbased_uses_name_from_packet_only;
555 goto parse_flag;
556
5260325f 557 case sRSAAuthentication:
558 intptr = &options->rsa_authentication;
559 goto parse_flag;
560
fa08c86b 561 case sPubkeyAuthentication:
562 intptr = &options->pubkey_authentication;
1d1ffb87 563 goto parse_flag;
564
8efc0c15 565#ifdef KRB4
5260325f 566 case sKerberosAuthentication:
567 intptr = &options->kerberos_authentication;
568 goto parse_flag;
569
570 case sKerberosOrLocalPasswd:
571 intptr = &options->kerberos_or_local_passwd;
572 goto parse_flag;
573
574 case sKerberosTicketCleanup:
575 intptr = &options->kerberos_ticket_cleanup;
576 goto parse_flag;
8efc0c15 577#endif
5260325f 578
8efc0c15 579#ifdef AFS
5260325f 580 case sKerberosTgtPassing:
581 intptr = &options->kerberos_tgt_passing;
582 goto parse_flag;
8efc0c15 583
5260325f 584 case sAFSTokenPassing:
585 intptr = &options->afs_token_passing;
586 goto parse_flag;
8efc0c15 587#endif
588
5260325f 589 case sPasswordAuthentication:
590 intptr = &options->password_authentication;
591 goto parse_flag;
8efc0c15 592
94ec8c6b 593 case sKbdInteractiveAuthentication:
594 intptr = &options->kbd_interactive_authentication;
595 goto parse_flag;
596
5260325f 597 case sCheckMail:
598 intptr = &options->check_mail;
599 goto parse_flag;
8efc0c15 600
d464095c 601 case sChallengeResponseAuthentication:
602 intptr = &options->challenge_reponse_authentication;
5260325f 603 goto parse_flag;
8efc0c15 604
5260325f 605 case sPrintMotd:
606 intptr = &options->print_motd;
607 goto parse_flag;
608
4f4648f9 609 case sPrintLastLog:
610 intptr = &options->print_lastlog;
611 goto parse_flag;
612
5260325f 613 case sX11Forwarding:
614 intptr = &options->x11_forwarding;
615 goto parse_flag;
616
617 case sX11DisplayOffset:
618 intptr = &options->x11_display_offset;
619 goto parse_int;
620
fa649821 621 case sXAuthLocation:
622 charptr = &options->xauth_location;
623 goto parse_filename;
2b87da3b 624
5260325f 625 case sStrictModes:
626 intptr = &options->strict_modes;
627 goto parse_flag;
628
629 case sKeepAlives:
630 intptr = &options->keepalives;
631 goto parse_flag;
632
633 case sEmptyPasswd:
634 intptr = &options->permit_empty_passwd;
635 goto parse_flag;
636
637 case sUseLogin:
638 intptr = &options->use_login;
639 goto parse_flag;
640
1d1ffb87 641 case sGatewayPorts:
642 intptr = &options->gateway_ports;
643 goto parse_flag;
644
61e96248 645 case sReverseMappingCheck:
646 intptr = &options->reverse_mapping_check;
647 goto parse_flag;
648
5260325f 649 case sLogFacility:
650 intptr = (int *) &options->log_facility;
704b1659 651 arg = strdelim(&cp);
089fbbd2 652 value = log_facility_number(arg);
5260325f 653 if (value == (SyslogFacility) - 1)
54b974dc 654 fatal("%.200s line %d: unsupported log facility '%s'",
089fbbd2 655 filename, linenum, arg ? arg : "<NONE>");
5260325f 656 if (*intptr == -1)
657 *intptr = (SyslogFacility) value;
658 break;
659
660 case sLogLevel:
661 intptr = (int *) &options->log_level;
704b1659 662 arg = strdelim(&cp);
089fbbd2 663 value = log_level_number(arg);
5260325f 664 if (value == (LogLevel) - 1)
54b974dc 665 fatal("%.200s line %d: unsupported log level '%s'",
089fbbd2 666 filename, linenum, arg ? arg : "<NONE>");
5260325f 667 if (*intptr == -1)
668 *intptr = (LogLevel) value;
669 break;
670
33de75a3 671 case sAllowTcpForwarding:
672 intptr = &options->allow_tcp_forwarding;
673 goto parse_flag;
674
5260325f 675 case sAllowUsers:
704b1659 676 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 677 if (options->num_allow_users >= MAX_ALLOW_USERS)
54b974dc 678 fatal("%s line %d: too many allow users.",
a8be9f80 679 filename, linenum);
089fbbd2 680 options->allow_users[options->num_allow_users++] = xstrdup(arg);
5260325f 681 }
682 break;
683
684 case sDenyUsers:
704b1659 685 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 686 if (options->num_deny_users >= MAX_DENY_USERS)
54b974dc 687 fatal( "%s line %d: too many deny users.",
a8be9f80 688 filename, linenum);
089fbbd2 689 options->deny_users[options->num_deny_users++] = xstrdup(arg);
5260325f 690 }
691 break;
692
693 case sAllowGroups:
704b1659 694 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 695 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
54b974dc 696 fatal("%s line %d: too many allow groups.",
a8be9f80 697 filename, linenum);
089fbbd2 698 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
5260325f 699 }
700 break;
701
702 case sDenyGroups:
704b1659 703 while ((arg = strdelim(&cp)) && *arg != '\0') {
a8be9f80 704 if (options->num_deny_groups >= MAX_DENY_GROUPS)
54b974dc 705 fatal("%s line %d: too many deny groups.",
a8be9f80 706 filename, linenum);
089fbbd2 707 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
5260325f 708 }
709 break;
710
a8be9f80 711 case sCiphers:
704b1659 712 arg = strdelim(&cp);
089fbbd2 713 if (!arg || *arg == '\0')
71276795 714 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 715 if (!ciphers_valid(arg))
d0c832f3 716 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
089fbbd2 717 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 718 if (options->ciphers == NULL)
089fbbd2 719 options->ciphers = xstrdup(arg);
a8be9f80 720 break;
721
b2552997 722 case sMacs:
723 arg = strdelim(&cp);
724 if (!arg || *arg == '\0')
725 fatal("%s line %d: Missing argument.", filename, linenum);
726 if (!mac_valid(arg))
727 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
728 filename, linenum, arg ? arg : "<NONE>");
729 if (options->macs == NULL)
730 options->macs = xstrdup(arg);
731 break;
732
a8be9f80 733 case sProtocol:
734 intptr = &options->protocol;
704b1659 735 arg = strdelim(&cp);
089fbbd2 736 if (!arg || *arg == '\0')
71276795 737 fatal("%s line %d: Missing argument.", filename, linenum);
089fbbd2 738 value = proto_spec(arg);
a8be9f80 739 if (value == SSH_PROTO_UNKNOWN)
740 fatal("%s line %d: Bad protocol spec '%s'.",
089fbbd2 741 filename, linenum, arg ? arg : "<NONE>");
a8be9f80 742 if (*intptr == SSH_PROTO_UNKNOWN)
743 *intptr = value;
744 break;
745
38c295d6 746 case sSubsystem:
747 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
748 fatal("%s line %d: too many subsystems defined.",
749 filename, linenum);
750 }
704b1659 751 arg = strdelim(&cp);
089fbbd2 752 if (!arg || *arg == '\0')
38c295d6 753 fatal("%s line %d: Missing subsystem name.",
754 filename, linenum);
755 for (i = 0; i < options->num_subsystems; i++)
089fbbd2 756 if(strcmp(arg, options->subsystem_name[i]) == 0)
38c295d6 757 fatal("%s line %d: Subsystem '%s' already defined.",
089fbbd2 758 filename, linenum, arg);
759 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
704b1659 760 arg = strdelim(&cp);
089fbbd2 761 if (!arg || *arg == '\0')
38c295d6 762 fatal("%s line %d: Missing subsystem command.",
763 filename, linenum);
089fbbd2 764 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
38c295d6 765 options->num_subsystems++;
766 break;
767
089fbbd2 768 case sMaxStartups:
c345cf9d 769 arg = strdelim(&cp);
770 if (!arg || *arg == '\0')
771 fatal("%s line %d: Missing MaxStartups spec.",
772 filename, linenum);
773 if (sscanf(arg, "%d:%d:%d",
774 &options->max_startups_begin,
775 &options->max_startups_rate,
776 &options->max_startups) == 3) {
777 if (options->max_startups_begin >
778 options->max_startups ||
779 options->max_startups_rate > 100 ||
780 options->max_startups_rate < 1)
781 fatal("%s line %d: Illegal MaxStartups spec.",
782 filename, linenum);
783 break;
784 }
089fbbd2 785 intptr = &options->max_startups;
786 goto parse_int;
787
eea39c02 788 case sBanner:
789 charptr = &options->banner;
790 goto parse_filename;
3ffc6336 791 case sClientAliveInterval:
792 intptr = &options->client_alive_interval;
793 goto parse_int;
794 case sClientAliveCountMax:
795 intptr = &options->client_alive_count_max;
796 goto parse_int;
5260325f 797 default:
b7c70970 798 fatal("%s line %d: Missing handler for opcode %s (%d)",
799 filename, linenum, arg, opcode);
8efc0c15 800 }
b7c70970 801 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
802 fatal("%s line %d: garbage at end of line; \"%.200s\".",
803 filename, linenum, arg);
8efc0c15 804 }
5260325f 805 fclose(f);
b7c70970 806 if (bad_options > 0)
807 fatal("%s: terminating, %d bad configuration options",
808 filename, bad_options);
8efc0c15 809}
git-cvsimport mirror of OpenSSH
This page took 0.260848 seconds and 5 git commands to generate.