5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Mon Aug 21 15:48:58 1995 ylo
21 /* Initializes the server options to their default values. */
23 void initialize_server_options(ServerOptions *options)
25 memset(options, 0, sizeof(*options));
27 options->listen_addr.s_addr = htonl(INADDR_ANY);
28 options->host_key_file = NULL;
29 options->server_key_bits = -1;
30 options->login_grace_time = -1;
31 options->key_regeneration_time = -1;
32 options->permit_root_login = -1;
33 options->ignore_rhosts = -1;
34 options->print_motd = -1;
35 options->check_mail = -1;
36 options->x11_forwarding = -1;
37 options->x11_display_offset = -1;
38 options->strict_modes = -1;
39 options->keepalives = -1;
40 options->log_facility = (SyslogFacility)-1;
41 options->log_level = (LogLevel)-1;
42 options->rhosts_authentication = -1;
43 options->rhosts_rsa_authentication = -1;
44 options->rsa_authentication = -1;
46 options->kerberos_authentication = -1;
47 options->kerberos_or_local_passwd = -1;
48 options->kerberos_ticket_cleanup = -1;
51 options->kerberos_tgt_passing = -1;
52 options->afs_token_passing = -1;
54 options->password_authentication = -1;
56 options->skey_authentication = -1;
58 options->permit_empty_passwd = -1;
59 options->use_login = -1;
60 options->num_allow_users = 0;
61 options->num_deny_users = 0;
62 options->num_allow_groups = 0;
63 options->num_deny_groups = 0;
66 void fill_default_server_options(ServerOptions *options)
68 if (options->port == -1)
72 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
74 options->port = ntohs(sp->s_port);
76 options->port = SSH_DEFAULT_PORT;
79 if (options->host_key_file == NULL)
80 options->host_key_file = HOST_KEY_FILE;
81 if (options->server_key_bits == -1)
82 options->server_key_bits = 768;
83 if (options->login_grace_time == -1)
84 options->login_grace_time = 600;
85 if (options->key_regeneration_time == -1)
86 options->key_regeneration_time = 3600;
87 if (options->permit_root_login == -1)
88 options->permit_root_login = 1; /* yes */
89 if (options->ignore_rhosts == -1)
90 options->ignore_rhosts = 0;
91 if (options->check_mail == -1)
92 options->check_mail = 0;
93 if (options->print_motd == -1)
94 options->print_motd = 1;
95 if (options->x11_forwarding == -1)
96 options->x11_forwarding = 1;
97 if (options->x11_display_offset == -1)
98 options->x11_display_offset = 1;
99 if (options->strict_modes == -1)
100 options->strict_modes = 1;
101 if (options->keepalives == -1)
102 options->keepalives = 1;
103 if (options->log_facility == (SyslogFacility)(-1))
104 options->log_facility = SYSLOG_FACILITY_AUTH;
105 if (options->log_level == (LogLevel)(-1))
106 options->log_level = SYSLOG_LEVEL_INFO;
107 if (options->rhosts_authentication == -1)
108 options->rhosts_authentication = 0;
109 if (options->rhosts_rsa_authentication == -1)
110 options->rhosts_rsa_authentication = 1;
111 if (options->rsa_authentication == -1)
112 options->rsa_authentication = 1;
114 if (options->kerberos_authentication == -1)
115 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
116 if (options->kerberos_or_local_passwd == -1)
117 options->kerberos_or_local_passwd = 1;
118 if (options->kerberos_ticket_cleanup == -1)
119 options->kerberos_ticket_cleanup = 1;
122 if (options->kerberos_tgt_passing == -1)
123 options->kerberos_tgt_passing = 0;
124 if (options->afs_token_passing == -1)
125 options->afs_token_passing = k_hasafs();
127 if (options->password_authentication == -1)
128 options->password_authentication = 1;
130 if (options->skey_authentication == -1)
131 options->skey_authentication = 1;
133 if (options->permit_empty_passwd == -1)
134 options->permit_empty_passwd = 1;
135 if (options->use_login == -1)
136 options->use_login = 0;
139 #define WHITESPACE " \t\r\n"
141 /* Keyword tokens. */
144 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
145 sPermitRootLogin, sLogFacility, sLogLevel,
146 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
148 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
151 sKerberosTgtPassing, sAFSTokenPassing,
156 sPasswordAuthentication, sListenAddress,
157 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
158 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
159 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
163 /* Textual representation of the tokens. */
167 ServerOpCodes opcode;
171 { "hostkey", sHostKeyFile },
172 { "serverkeybits", sServerKeyBits },
173 { "logingracetime", sLoginGraceTime },
174 { "keyregenerationinterval", sKeyRegenerationTime },
175 { "permitrootlogin", sPermitRootLogin },
176 { "syslogfacility", sLogFacility },
177 { "loglevel", sLogLevel },
178 { "rhostsauthentication", sRhostsAuthentication },
179 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
180 { "rsaauthentication", sRSAAuthentication },
182 { "kerberosauthentication", sKerberosAuthentication },
183 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
184 { "kerberosticketcleanup", sKerberosTicketCleanup },
187 { "kerberostgtpassing", sKerberosTgtPassing },
188 { "afstokenpassing", sAFSTokenPassing },
190 { "passwordauthentication", sPasswordAuthentication },
192 { "skeyauthentication", sSkeyAuthentication },
194 { "checkmail", sCheckMail },
195 { "listenaddress", sListenAddress },
196 { "printmotd", sPrintMotd },
197 { "ignorerhosts", sIgnoreRhosts },
198 { "x11forwarding", sX11Forwarding },
199 { "x11displayoffset", sX11DisplayOffset },
200 { "strictmodes", sStrictModes },
201 { "permitemptypasswords", sEmptyPasswd },
202 { "uselogin", sUseLogin },
203 { "randomseed", sRandomSeedFile },
204 { "keepalive", sKeepAlives },
205 { "allowusers", sAllowUsers },
206 { "denyusers", sDenyUsers },
207 { "allowgroups", sAllowGroups },
208 { "denygroups", sDenyGroups },
215 SyslogFacility facility;
218 { "DAEMON", SYSLOG_FACILITY_DAEMON },
219 { "USER", SYSLOG_FACILITY_USER },
220 { "AUTH", SYSLOG_FACILITY_AUTH },
221 { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
222 { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
223 { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
224 { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
225 { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
226 { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
227 { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
228 { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
238 { "QUIET", SYSLOG_LEVEL_QUIET },
239 { "FATAL", SYSLOG_LEVEL_FATAL },
240 { "ERROR", SYSLOG_LEVEL_ERROR },
241 { "INFO", SYSLOG_LEVEL_INFO },
242 { "CHAT", SYSLOG_LEVEL_CHAT },
243 { "DEBUG", SYSLOG_LEVEL_DEBUG },
247 /* Returns the number of the token pointed to by cp of length len.
248 Never returns if the token is not known. */
250 static ServerOpCodes parse_token(const char *cp, const char *filename,
255 for (i = 0; keywords[i].name; i++)
256 if (strcmp(cp, keywords[i].name) == 0)
257 return keywords[i].opcode;
259 fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
260 filename, linenum, cp);
264 /* Reads the server configuration file. */
266 void read_server_config(ServerOptions *options, const char *filename)
271 int linenum, *intptr, i, value;
272 ServerOpCodes opcode;
274 f = fopen(filename, "r");
282 while (fgets(line, sizeof(line), f))
285 cp = line + strspn(line, WHITESPACE);
286 if (!*cp || *cp == '#')
288 cp = strtok(cp, WHITESPACE);
292 if ('A' <= *t && *t <= 'Z')
293 *t = *t - 'A' + 'a'; /* tolower */
296 opcode = parse_token(cp, filename, linenum);
300 intptr = &options->port;
302 cp = strtok(NULL, WHITESPACE);
305 fprintf(stderr, "%s line %d: missing integer value.\n",
315 intptr = &options->server_key_bits;
318 case sLoginGraceTime:
319 intptr = &options->login_grace_time;
322 case sKeyRegenerationTime:
323 intptr = &options->key_regeneration_time;
327 cp = strtok(NULL, WHITESPACE);
330 fprintf(stderr, "%s line %d: missing inet addr.\n",
334 options->listen_addr.s_addr = inet_addr(cp);
338 charptr = &options->host_key_file;
339 cp = strtok(NULL, WHITESPACE);
342 fprintf(stderr, "%s line %d: missing file name.\n",
346 if (*charptr == NULL)
347 *charptr = tilde_expand_filename(cp, getuid());
350 case sRandomSeedFile:
351 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
353 cp = strtok(NULL, WHITESPACE);
356 case sPermitRootLogin:
357 intptr = &options->permit_root_login;
358 cp = strtok(NULL, WHITESPACE);
361 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
365 if (strcmp(cp, "without-password") == 0)
367 else if (strcmp(cp, "yes") == 0)
369 else if (strcmp(cp, "no") == 0)
373 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
374 filename, linenum, cp);
382 intptr = &options->ignore_rhosts;
384 cp = strtok(NULL, WHITESPACE);
387 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
391 if (strcmp(cp, "yes") == 0)
394 if (strcmp(cp, "no") == 0)
398 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
399 filename, linenum, cp);
406 case sRhostsAuthentication:
407 intptr = &options->rhosts_authentication;
410 case sRhostsRSAAuthentication:
411 intptr = &options->rhosts_rsa_authentication;
414 case sRSAAuthentication:
415 intptr = &options->rsa_authentication;
419 case sKerberosAuthentication:
420 intptr = &options->kerberos_authentication;
423 case sKerberosOrLocalPasswd:
424 intptr = &options->kerberos_or_local_passwd;
427 case sKerberosTicketCleanup:
428 intptr = &options->kerberos_ticket_cleanup;
433 case sKerberosTgtPassing:
434 intptr = &options->kerberos_tgt_passing;
437 case sAFSTokenPassing:
438 intptr = &options->afs_token_passing;
442 case sPasswordAuthentication:
443 intptr = &options->password_authentication;
447 intptr = &options->check_mail;
451 case sSkeyAuthentication:
452 intptr = &options->skey_authentication;
457 intptr = &options->print_motd;
461 intptr = &options->x11_forwarding;
464 case sX11DisplayOffset:
465 intptr = &options->x11_display_offset;
469 intptr = &options->strict_modes;
473 intptr = &options->keepalives;
477 intptr = &options->permit_empty_passwd;
481 intptr = &options->use_login;
485 cp = strtok(NULL, WHITESPACE);
488 fprintf(stderr, "%s line %d: missing facility name.\n",
492 for (i = 0; log_facilities[i].name; i++)
493 if (strcasecmp(log_facilities[i].name, cp) == 0)
495 if (!log_facilities[i].name)
497 fprintf(stderr, "%s line %d: unsupported log facility %s\n",
498 filename, linenum, cp);
501 if (options->log_facility == (SyslogFacility)(-1))
502 options->log_facility = log_facilities[i].facility;
506 cp = strtok(NULL, WHITESPACE);
509 fprintf(stderr, "%s line %d: missing level name.\n",
513 for (i = 0; log_levels[i].name; i++)
514 if (strcasecmp(log_levels[i].name, cp) == 0)
516 if (!log_levels[i].name)
518 fprintf(stderr, "%s line %d: unsupported log level %s\n",
519 filename, linenum, cp);
522 if (options->log_level == (LogLevel)(-1))
523 options->log_level = log_levels[i].level;
527 while ((cp = strtok(NULL, WHITESPACE)))
529 if (options->num_allow_users >= MAX_ALLOW_USERS)
531 fprintf(stderr, "%s line %d: too many allow users.\n",
535 options->allow_users[options->num_allow_users++] = xstrdup(cp);
540 while ((cp = strtok(NULL, WHITESPACE)))
542 if (options->num_deny_users >= MAX_DENY_USERS)
544 fprintf(stderr, "%s line %d: too many deny users.\n",
548 options->deny_users[options->num_deny_users++] = xstrdup(cp);
553 while ((cp = strtok(NULL, WHITESPACE)))
555 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
557 fprintf(stderr, "%s line %d: too many allow groups.\n",
561 options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
566 while ((cp = strtok(NULL, WHITESPACE)))
568 if (options->num_deny_groups >= MAX_DENY_GROUPS)
570 fprintf(stderr, "%s line %d: too many deny groups.\n",
574 options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
579 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
580 filename, linenum, cp, opcode);
583 if (strtok(NULL, WHITESPACE) != NULL)
585 fprintf(stderr, "%s line %d: garbage at end of line.\n",