]> andersk Git - openssh.git/blame_incremental - servconf.c
andersk / openssh.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/06/07 22:25:02
[openssh.git] / servconf.c
... / ...
CommitLineData
1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.82 2001/05/20 17:20:35 markus Exp $");
14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
21
22#include "ssh.h"
23#include "log.h"
24#include "servconf.h"
25#include "xmalloc.h"
26#include "compat.h"
27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31#include "kex.h"
32#include "mac.h"
33
34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
36
37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
40/* Initializes the server options to their default values. */
41
42void
43initialize_server_options(ServerOptions *options)
44{
45 memset(options, 0, sizeof(*options));
46 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
49 options->num_host_key_files = 0;
50 options->pid_file = NULL;
51 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
54 options->permit_root_login = PERMIT_NOT_SET;
55 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
58 options->print_lastlog = -1;
59 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
62 options->xauth_location = NULL;
63 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
69 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
71 options->rsa_authentication = -1;
72 options->pubkey_authentication = -1;
73#ifdef KRB4
74 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
77#endif
78#ifdef AFS
79 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
81#endif
82 options->password_authentication = -1;
83 options->kbd_interactive_authentication = -1;
84 options->challenge_response_authentication = -1;
85 options->permit_empty_passwd = -1;
86 options->use_login = -1;
87 options->allow_tcp_forwarding = -1;
88 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
92 options->ciphers = NULL;
93 options->macs = NULL;
94 options->protocol = SSH_PROTO_UNKNOWN;
95 options->gateway_ports = -1;
96 options->num_subsystems = 0;
97 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
99 options->max_startups = -1;
100 options->banner = NULL;
101 options->reverse_mapping_check = -1;
102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
104 options->authorized_keys_file = NULL;
105 options->authorized_keys_file2 = NULL;
106 options->pam_authentication_via_kbd_int = -1;
107}
108
109void
110fill_default_server_options(ServerOptions *options)
111{
112 if (options->protocol == SSH_PROTO_UNKNOWN)
113 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
114 if (options->num_host_key_files == 0) {
115 /* fill default hostkeys for protocols */
116 if (options->protocol & SSH_PROTO_1)
117 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
118 if (options->protocol & SSH_PROTO_2)
119 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
120 }
121 if (options->num_ports == 0)
122 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
123 if (options->listen_addrs == NULL)
124 add_listen_addr(options, NULL, 0);
125 if (options->pid_file == NULL)
126 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
127 if (options->server_key_bits == -1)
128 options->server_key_bits = 768;
129 if (options->login_grace_time == -1)
130 options->login_grace_time = 600;
131 if (options->key_regeneration_time == -1)
132 options->key_regeneration_time = 3600;
133 if (options->permit_root_login == PERMIT_NOT_SET)
134 options->permit_root_login = PERMIT_YES;
135 if (options->ignore_rhosts == -1)
136 options->ignore_rhosts = 1;
137 if (options->ignore_user_known_hosts == -1)
138 options->ignore_user_known_hosts = 0;
139 if (options->check_mail == -1)
140 options->check_mail = 0;
141 if (options->print_motd == -1)
142 options->print_motd = 1;
143 if (options->print_lastlog == -1)
144 options->print_lastlog = 1;
145 if (options->x11_forwarding == -1)
146 options->x11_forwarding = 0;
147 if (options->x11_display_offset == -1)
148 options->x11_display_offset = 10;
149#ifdef XAUTH_PATH
150 if (options->xauth_location == NULL)
151 options->xauth_location = XAUTH_PATH;
152#endif /* XAUTH_PATH */
153 if (options->strict_modes == -1)
154 options->strict_modes = 1;
155 if (options->keepalives == -1)
156 options->keepalives = 1;
157 if (options->log_facility == (SyslogFacility) (-1))
158 options->log_facility = SYSLOG_FACILITY_AUTH;
159 if (options->log_level == (LogLevel) (-1))
160 options->log_level = SYSLOG_LEVEL_INFO;
161 if (options->rhosts_authentication == -1)
162 options->rhosts_authentication = 0;
163 if (options->rhosts_rsa_authentication == -1)
164 options->rhosts_rsa_authentication = 0;
165 if (options->hostbased_authentication == -1)
166 options->hostbased_authentication = 0;
167 if (options->hostbased_uses_name_from_packet_only == -1)
168 options->hostbased_uses_name_from_packet_only = 0;
169 if (options->rsa_authentication == -1)
170 options->rsa_authentication = 1;
171 if (options->pubkey_authentication == -1)
172 options->pubkey_authentication = 1;
173#ifdef KRB4
174 if (options->kerberos_authentication == -1)
175 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
176 if (options->kerberos_or_local_passwd == -1)
177 options->kerberos_or_local_passwd = 1;
178 if (options->kerberos_ticket_cleanup == -1)
179 options->kerberos_ticket_cleanup = 1;
180#endif /* KRB4 */
181#ifdef AFS
182 if (options->kerberos_tgt_passing == -1)
183 options->kerberos_tgt_passing = 0;
184 if (options->afs_token_passing == -1)
185 options->afs_token_passing = k_hasafs();
186#endif /* AFS */
187 if (options->password_authentication == -1)
188 options->password_authentication = 1;
189 if (options->kbd_interactive_authentication == -1)
190 options->kbd_interactive_authentication = 0;
191 if (options->challenge_response_authentication == -1)
192 options->challenge_response_authentication = 1;
193 if (options->permit_empty_passwd == -1)
194 options->permit_empty_passwd = 0;
195 if (options->use_login == -1)
196 options->use_login = 0;
197 if (options->allow_tcp_forwarding == -1)
198 options->allow_tcp_forwarding = 1;
199 if (options->gateway_ports == -1)
200 options->gateway_ports = 0;
201 if (options->max_startups == -1)
202 options->max_startups = 10;
203 if (options->max_startups_rate == -1)
204 options->max_startups_rate = 100; /* 100% */
205 if (options->max_startups_begin == -1)
206 options->max_startups_begin = options->max_startups;
207 if (options->reverse_mapping_check == -1)
208 options->reverse_mapping_check = 0;
209 if (options->client_alive_interval == -1)
210 options->client_alive_interval = 0;
211 if (options->client_alive_count_max == -1)
212 options->client_alive_count_max = 3;
213 if (options->authorized_keys_file == NULL)
214 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
215 if (options->authorized_keys_file2 == NULL)
216 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
217 if (options->pam_authentication_via_kbd_int == -1)
218 options->pam_authentication_via_kbd_int = 0;
219}
220
221/* Keyword tokens. */
222typedef enum {
223 sBadOption, /* == unknown option */
224 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
225 sPermitRootLogin, sLogFacility, sLogLevel,
226 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
227#ifdef KRB4
228 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
229#endif
230#ifdef AFS
231 sKerberosTgtPassing, sAFSTokenPassing,
232#endif
233 sChallengeResponseAuthentication,
234 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
235 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
236 sX11Forwarding, sX11DisplayOffset,
237 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
238 sUseLogin, sAllowTcpForwarding,
239 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
240 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
241 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
242 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
243 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
244 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
245 sPAMAuthenticationViaKbdInt
246} ServerOpCodes;
247
248/* Textual representation of the tokens. */
249static struct {
250 const char *name;
251 ServerOpCodes opcode;
252} keywords[] = {
253 { "port", sPort },
254 { "hostkey", sHostKeyFile },
255 { "hostdsakey", sHostKeyFile }, /* alias */
256 { "pidfile", sPidFile },
257 { "serverkeybits", sServerKeyBits },
258 { "logingracetime", sLoginGraceTime },
259 { "keyregenerationinterval", sKeyRegenerationTime },
260 { "permitrootlogin", sPermitRootLogin },
261 { "syslogfacility", sLogFacility },
262 { "loglevel", sLogLevel },
263 { "rhostsauthentication", sRhostsAuthentication },
264 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
265 { "hostbasedauthentication", sHostbasedAuthentication },
266 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
267 { "rsaauthentication", sRSAAuthentication },
268 { "pubkeyauthentication", sPubkeyAuthentication },
269 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
270#ifdef KRB4
271 { "kerberosauthentication", sKerberosAuthentication },
272 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
273 { "kerberosticketcleanup", sKerberosTicketCleanup },
274#endif
275#ifdef AFS
276 { "kerberostgtpassing", sKerberosTgtPassing },
277 { "afstokenpassing", sAFSTokenPassing },
278#endif
279 { "passwordauthentication", sPasswordAuthentication },
280 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
281 { "challengeresponseauthentication", sChallengeResponseAuthentication },
282 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
283 { "checkmail", sCheckMail },
284 { "listenaddress", sListenAddress },
285 { "printmotd", sPrintMotd },
286 { "printlastlog", sPrintLastLog },
287 { "ignorerhosts", sIgnoreRhosts },
288 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
289 { "x11forwarding", sX11Forwarding },
290 { "x11displayoffset", sX11DisplayOffset },
291 { "xauthlocation", sXAuthLocation },
292 { "strictmodes", sStrictModes },
293 { "permitemptypasswords", sEmptyPasswd },
294 { "uselogin", sUseLogin },
295 { "keepalive", sKeepAlives },
296 { "allowtcpforwarding", sAllowTcpForwarding },
297 { "allowusers", sAllowUsers },
298 { "denyusers", sDenyUsers },
299 { "allowgroups", sAllowGroups },
300 { "denygroups", sDenyGroups },
301 { "ciphers", sCiphers },
302 { "macs", sMacs },
303 { "protocol", sProtocol },
304 { "gatewayports", sGatewayPorts },
305 { "subsystem", sSubsystem },
306 { "maxstartups", sMaxStartups },
307 { "banner", sBanner },
308 { "reversemappingcheck", sReverseMappingCheck },
309 { "clientaliveinterval", sClientAliveInterval },
310 { "clientalivecountmax", sClientAliveCountMax },
311 { "authorizedkeysfile", sAuthorizedKeysFile },
312 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
313 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
314 { NULL, 0 }
315};
316
317/*
318 * Returns the number of the token pointed to by cp or sBadOption.
319 */
320
321static ServerOpCodes
322parse_token(const char *cp, const char *filename,
323 int linenum)
324{
325 u_int i;
326
327 for (i = 0; keywords[i].name; i++)
328 if (strcasecmp(cp, keywords[i].name) == 0)
329 return keywords[i].opcode;
330
331 error("%s: line %d: Bad configuration option: %s",
332 filename, linenum, cp);
333 return sBadOption;
334}
335
336void
337add_listen_addr(ServerOptions *options, char *addr, u_short port)
338{
339 int i;
340
341 if (options->num_ports == 0)
342 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
343 if (port == 0)
344 for (i = 0; i < options->num_ports; i++)
345 add_one_listen_addr(options, addr, options->ports[i]);
346 else
347 add_one_listen_addr(options, addr, port);
348}
349
350void
351add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
352{
353 struct addrinfo hints, *ai, *aitop;
354 char strport[NI_MAXSERV];
355 int gaierr;
356
357 memset(&hints, 0, sizeof(hints));
358 hints.ai_family = IPv4or6;
359 hints.ai_socktype = SOCK_STREAM;
360 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
361 snprintf(strport, sizeof strport, "%d", port);
362 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
363 fatal("bad addr or host: %s (%s)",
364 addr ? addr : "<NULL>",
365 gai_strerror(gaierr));
366 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
367 ;
368 ai->ai_next = options->listen_addrs;
369 options->listen_addrs = aitop;
370}
371
372/* Reads the server configuration file. */
373
374void
375read_server_config(ServerOptions *options, const char *filename)
376{
377 FILE *f;
378 char line[1024];
379 char *cp, **charptr, *arg, *p;
380 int linenum, *intptr, value;
381 int bad_options = 0;
382 ServerOpCodes opcode;
383 int i;
384
385 f = fopen(filename, "r");
386 if (!f) {
387 perror(filename);
388 exit(1);
389 }
390 linenum = 0;
391 while (fgets(line, sizeof(line), f)) {
392 linenum++;
393 cp = line;
394 arg = strdelim(&cp);
395 /* Ignore leading whitespace */
396 if (*arg == '\0')
397 arg = strdelim(&cp);
398 if (!arg || !*arg || *arg == '#')
399 continue;
400 intptr = NULL;
401 charptr = NULL;
402 opcode = parse_token(arg, filename, linenum);
403 switch (opcode) {
404 case sBadOption:
405 bad_options++;
406 continue;
407 case sPort:
408 /* ignore ports from configfile if cmdline specifies ports */
409 if (options->ports_from_cmdline)
410 continue;
411 if (options->listen_addrs != NULL)
412 fatal("%s line %d: ports must be specified before "
413 "ListenAdress.", filename, linenum);
414 if (options->num_ports >= MAX_PORTS)
415 fatal("%s line %d: too many ports.",
416 filename, linenum);
417 arg = strdelim(&cp);
418 if (!arg || *arg == '\0')
419 fatal("%s line %d: missing port number.",
420 filename, linenum);
421 options->ports[options->num_ports++] = a2port(arg);
422 if (options->ports[options->num_ports-1] == 0)
423 fatal("%s line %d: Badly formatted port number.",
424 filename, linenum);
425 break;
426
427 case sServerKeyBits:
428 intptr = &options->server_key_bits;
429parse_int:
430 arg = strdelim(&cp);
431 if (!arg || *arg == '\0')
432 fatal("%s line %d: missing integer value.",
433 filename, linenum);
434 value = atoi(arg);
435 if (*intptr == -1)
436 *intptr = value;
437 break;
438
439 case sLoginGraceTime:
440 intptr = &options->login_grace_time;
441parse_time:
442 arg = strdelim(&cp);
443 if (!arg || *arg == '\0')
444 fatal("%s line %d: missing time value.",
445 filename, linenum);
446 if ((value = convtime(arg)) == -1)
447 fatal("%s line %d: invalid time value.",
448 filename, linenum);
449 if (*intptr == -1)
450 *intptr = value;
451 break;
452
453 case sKeyRegenerationTime:
454 intptr = &options->key_regeneration_time;
455 goto parse_time;
456
457 case sListenAddress:
458 arg = strdelim(&cp);
459 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
460 fatal("%s line %d: missing inet addr.",
461 filename, linenum);
462 if (*arg == '[') {
463 if ((p = strchr(arg, ']')) == NULL)
464 fatal("%s line %d: bad ipv6 inet addr usage.",
465 filename, linenum);
466 arg++;
467 memmove(p, p+1, strlen(p+1)+1);
468 } else if (((p = strchr(arg, ':')) == NULL) ||
469 (strchr(p+1, ':') != NULL)) {
470 add_listen_addr(options, arg, 0);
471 break;
472 }
473 if (*p == ':') {
474 u_short port;
475
476 p++;
477 if (*p == '\0')
478 fatal("%s line %d: bad inet addr:port usage.",
479 filename, linenum);
480 else {
481 *(p-1) = '\0';
482 if ((port = a2port(p)) == 0)
483 fatal("%s line %d: bad port number.",
484 filename, linenum);
485 add_listen_addr(options, arg, port);
486 }
487 } else if (*p == '\0')
488 add_listen_addr(options, arg, 0);
489 else
490 fatal("%s line %d: bad inet addr usage.",
491 filename, linenum);
492 break;
493
494 case sHostKeyFile:
495 intptr = &options->num_host_key_files;
496 if (*intptr >= MAX_HOSTKEYS)
497 fatal("%s line %d: too many host keys specified (max %d).",
498 filename, linenum, MAX_HOSTKEYS);
499 charptr = &options->host_key_files[*intptr];
500parse_filename:
501 arg = strdelim(&cp);
502 if (!arg || *arg == '\0')
503 fatal("%s line %d: missing file name.",
504 filename, linenum);
505 if (*charptr == NULL) {
506 *charptr = tilde_expand_filename(arg, getuid());
507 /* increase optional counter */
508 if (intptr != NULL)
509 *intptr = *intptr + 1;
510 }
511 break;
512
513 case sPidFile:
514 charptr = &options->pid_file;
515 goto parse_filename;
516
517 case sPermitRootLogin:
518 intptr = &options->permit_root_login;
519 arg = strdelim(&cp);
520 if (!arg || *arg == '\0')
521 fatal("%s line %d: missing yes/"
522 "without-password/forced-commands-only/no "
523 "argument.", filename, linenum);
524 value = 0; /* silence compiler */
525 if (strcmp(arg, "without-password") == 0)
526 value = PERMIT_NO_PASSWD;
527 else if (strcmp(arg, "forced-commands-only") == 0)
528 value = PERMIT_FORCED_ONLY;
529 else if (strcmp(arg, "yes") == 0)
530 value = PERMIT_YES;
531 else if (strcmp(arg, "no") == 0)
532 value = PERMIT_NO;
533 else
534 fatal("%s line %d: Bad yes/"
535 "without-password/forced-commands-only/no "
536 "argument: %s", filename, linenum, arg);
537 if (*intptr == -1)
538 *intptr = value;
539 break;
540
541 case sIgnoreRhosts:
542 intptr = &options->ignore_rhosts;
543parse_flag:
544 arg = strdelim(&cp);
545 if (!arg || *arg == '\0')
546 fatal("%s line %d: missing yes/no argument.",
547 filename, linenum);
548 value = 0; /* silence compiler */
549 if (strcmp(arg, "yes") == 0)
550 value = 1;
551 else if (strcmp(arg, "no") == 0)
552 value = 0;
553 else
554 fatal("%s line %d: Bad yes/no argument: %s",
555 filename, linenum, arg);
556 if (*intptr == -1)
557 *intptr = value;
558 break;
559
560 case sIgnoreUserKnownHosts:
561 intptr = &options->ignore_user_known_hosts;
562 goto parse_flag;
563
564 case sRhostsAuthentication:
565 intptr = &options->rhosts_authentication;
566 goto parse_flag;
567
568 case sRhostsRSAAuthentication:
569 intptr = &options->rhosts_rsa_authentication;
570 goto parse_flag;
571
572 case sHostbasedAuthentication:
573 intptr = &options->hostbased_authentication;
574 goto parse_flag;
575
576 case sHostbasedUsesNameFromPacketOnly:
577 intptr = &options->hostbased_uses_name_from_packet_only;
578 goto parse_flag;
579
580 case sRSAAuthentication:
581 intptr = &options->rsa_authentication;
582 goto parse_flag;
583
584 case sPubkeyAuthentication:
585 intptr = &options->pubkey_authentication;
586 goto parse_flag;
587
588#ifdef KRB4
589 case sKerberosAuthentication:
590 intptr = &options->kerberos_authentication;
591 goto parse_flag;
592
593 case sKerberosOrLocalPasswd:
594 intptr = &options->kerberos_or_local_passwd;
595 goto parse_flag;
596
597 case sKerberosTicketCleanup:
598 intptr = &options->kerberos_ticket_cleanup;
599 goto parse_flag;
600#endif
601
602#ifdef AFS
603 case sKerberosTgtPassing:
604 intptr = &options->kerberos_tgt_passing;
605 goto parse_flag;
606
607 case sAFSTokenPassing:
608 intptr = &options->afs_token_passing;
609 goto parse_flag;
610#endif
611
612 case sPasswordAuthentication:
613 intptr = &options->password_authentication;
614 goto parse_flag;
615
616 case sKbdInteractiveAuthentication:
617 intptr = &options->kbd_interactive_authentication;
618 goto parse_flag;
619
620 case sCheckMail:
621 intptr = &options->check_mail;
622 goto parse_flag;
623
624 case sChallengeResponseAuthentication:
625 intptr = &options->challenge_response_authentication;
626 goto parse_flag;
627
628 case sPrintMotd:
629 intptr = &options->print_motd;
630 goto parse_flag;
631
632 case sPrintLastLog:
633 intptr = &options->print_lastlog;
634 goto parse_flag;
635
636 case sX11Forwarding:
637 intptr = &options->x11_forwarding;
638 goto parse_flag;
639
640 case sX11DisplayOffset:
641 intptr = &options->x11_display_offset;
642 goto parse_int;
643
644 case sXAuthLocation:
645 charptr = &options->xauth_location;
646 goto parse_filename;
647
648 case sStrictModes:
649 intptr = &options->strict_modes;
650 goto parse_flag;
651
652 case sKeepAlives:
653 intptr = &options->keepalives;
654 goto parse_flag;
655
656 case sEmptyPasswd:
657 intptr = &options->permit_empty_passwd;
658 goto parse_flag;
659
660 case sUseLogin:
661 intptr = &options->use_login;
662 goto parse_flag;
663
664 case sGatewayPorts:
665 intptr = &options->gateway_ports;
666 goto parse_flag;
667
668 case sReverseMappingCheck:
669 intptr = &options->reverse_mapping_check;
670 goto parse_flag;
671
672 case sLogFacility:
673 intptr = (int *) &options->log_facility;
674 arg = strdelim(&cp);
675 value = log_facility_number(arg);
676 if (value == (SyslogFacility) - 1)
677 fatal("%.200s line %d: unsupported log facility '%s'",
678 filename, linenum, arg ? arg : "<NONE>");
679 if (*intptr == -1)
680 *intptr = (SyslogFacility) value;
681 break;
682
683 case sLogLevel:
684 intptr = (int *) &options->log_level;
685 arg = strdelim(&cp);
686 value = log_level_number(arg);
687 if (value == (LogLevel) - 1)
688 fatal("%.200s line %d: unsupported log level '%s'",
689 filename, linenum, arg ? arg : "<NONE>");
690 if (*intptr == -1)
691 *intptr = (LogLevel) value;
692 break;
693
694 case sAllowTcpForwarding:
695 intptr = &options->allow_tcp_forwarding;
696 goto parse_flag;
697
698 case sAllowUsers:
699 while ((arg = strdelim(&cp)) && *arg != '\0') {
700 if (options->num_allow_users >= MAX_ALLOW_USERS)
701 fatal("%s line %d: too many allow users.",
702 filename, linenum);
703 options->allow_users[options->num_allow_users++] = xstrdup(arg);
704 }
705 break;
706
707 case sDenyUsers:
708 while ((arg = strdelim(&cp)) && *arg != '\0') {
709 if (options->num_deny_users >= MAX_DENY_USERS)
710 fatal( "%s line %d: too many deny users.",
711 filename, linenum);
712 options->deny_users[options->num_deny_users++] = xstrdup(arg);
713 }
714 break;
715
716 case sAllowGroups:
717 while ((arg = strdelim(&cp)) && *arg != '\0') {
718 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
719 fatal("%s line %d: too many allow groups.",
720 filename, linenum);
721 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
722 }
723 break;
724
725 case sDenyGroups:
726 while ((arg = strdelim(&cp)) && *arg != '\0') {
727 if (options->num_deny_groups >= MAX_DENY_GROUPS)
728 fatal("%s line %d: too many deny groups.",
729 filename, linenum);
730 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
731 }
732 break;
733
734 case sCiphers:
735 arg = strdelim(&cp);
736 if (!arg || *arg == '\0')
737 fatal("%s line %d: Missing argument.", filename, linenum);
738 if (!ciphers_valid(arg))
739 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
740 filename, linenum, arg ? arg : "<NONE>");
741 if (options->ciphers == NULL)
742 options->ciphers = xstrdup(arg);
743 break;
744
745 case sMacs:
746 arg = strdelim(&cp);
747 if (!arg || *arg == '\0')
748 fatal("%s line %d: Missing argument.", filename, linenum);
749 if (!mac_valid(arg))
750 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
751 filename, linenum, arg ? arg : "<NONE>");
752 if (options->macs == NULL)
753 options->macs = xstrdup(arg);
754 break;
755
756 case sProtocol:
757 intptr = &options->protocol;
758 arg = strdelim(&cp);
759 if (!arg || *arg == '\0')
760 fatal("%s line %d: Missing argument.", filename, linenum);
761 value = proto_spec(arg);
762 if (value == SSH_PROTO_UNKNOWN)
763 fatal("%s line %d: Bad protocol spec '%s'.",
764 filename, linenum, arg ? arg : "<NONE>");
765 if (*intptr == SSH_PROTO_UNKNOWN)
766 *intptr = value;
767 break;
768
769 case sSubsystem:
770 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
771 fatal("%s line %d: too many subsystems defined.",
772 filename, linenum);
773 }
774 arg = strdelim(&cp);
775 if (!arg || *arg == '\0')
776 fatal("%s line %d: Missing subsystem name.",
777 filename, linenum);
778 for (i = 0; i < options->num_subsystems; i++)
779 if(strcmp(arg, options->subsystem_name[i]) == 0)
780 fatal("%s line %d: Subsystem '%s' already defined.",
781 filename, linenum, arg);
782 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
783 arg = strdelim(&cp);
784 if (!arg || *arg == '\0')
785 fatal("%s line %d: Missing subsystem command.",
786 filename, linenum);
787 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
788 options->num_subsystems++;
789 break;
790
791 case sMaxStartups:
792 arg = strdelim(&cp);
793 if (!arg || *arg == '\0')
794 fatal("%s line %d: Missing MaxStartups spec.",
795 filename, linenum);
796 if (sscanf(arg, "%d:%d:%d",
797 &options->max_startups_begin,
798 &options->max_startups_rate,
799 &options->max_startups) == 3) {
800 if (options->max_startups_begin >
801 options->max_startups ||
802 options->max_startups_rate > 100 ||
803 options->max_startups_rate < 1)
804 fatal("%s line %d: Illegal MaxStartups spec.",
805 filename, linenum);
806 break;
807 }
808 intptr = &options->max_startups;
809 goto parse_int;
810
811 case sBanner:
812 charptr = &options->banner;
813 goto parse_filename;
814 /*
815 * These options can contain %X options expanded at
816 * connect time, so that you can specify paths like:
817 *
818 * AuthorizedKeysFile /etc/ssh_keys/%u
819 */
820 case sAuthorizedKeysFile:
821 case sAuthorizedKeysFile2:
822 charptr = (opcode == sAuthorizedKeysFile ) ?
823 &options->authorized_keys_file :
824 &options->authorized_keys_file2;
825 goto parse_filename;
826
827 case sClientAliveInterval:
828 intptr = &options->client_alive_interval;
829 goto parse_time;
830
831 case sClientAliveCountMax:
832 intptr = &options->client_alive_count_max;
833 goto parse_int;
834
835 case sPAMAuthenticationViaKbdInt:
836 intptr = &options->pam_authentication_via_kbd_int;
837 goto parse_flag;
838
839 default:
840 fatal("%s line %d: Missing handler for opcode %s (%d)",
841 filename, linenum, arg, opcode);
842 }
843 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
844 fatal("%s line %d: garbage at end of line; \"%.200s\".",
845 filename, linenum, arg);
846 }
847 fclose(f);
848 if (bad_options > 0)
849 fatal("%s: terminating, %d bad configuration options",
850 filename, bad_options);
851}
git-cvsimport mirror of OpenSSH
This page took 0.047084 seconds and 5 git commands to generate.