5 Author: Tatu Ylonen <ylo@cs.hut.fi>
7 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 Created: Mon Aug 21 15:48:58 1995 ylo
21 /* Initializes the server options to their default values. */
23 void initialize_server_options(ServerOptions *options)
25 memset(options, 0, sizeof(*options));
27 options->listen_addr.s_addr = htonl(INADDR_ANY);
28 options->host_key_file = NULL;
29 options->server_key_bits = -1;
30 options->login_grace_time = -1;
31 options->key_regeneration_time = -1;
32 options->permit_root_login = -1;
33 options->ignore_rhosts = -1;
34 options->quiet_mode = -1;
35 options->fascist_logging = -1;
36 options->print_motd = -1;
37 options->check_mail = -1;
38 options->x11_forwarding = -1;
39 options->x11_display_offset = -1;
40 options->strict_modes = -1;
41 options->keepalives = -1;
42 options->log_facility = (SyslogFacility)-1;
43 options->rhosts_authentication = -1;
44 options->rhosts_rsa_authentication = -1;
45 options->rsa_authentication = -1;
47 options->kerberos_authentication = -1;
48 options->kerberos_or_local_passwd = -1;
49 options->kerberos_ticket_cleanup = -1;
52 options->kerberos_tgt_passing = -1;
53 options->afs_token_passing = -1;
55 options->password_authentication = -1;
57 options->skey_authentication = -1;
59 options->permit_empty_passwd = -1;
60 options->use_login = -1;
61 options->num_allow_users = 0;
62 options->num_deny_users = 0;
63 options->num_allow_groups = 0;
64 options->num_deny_groups = 0;
67 void fill_default_server_options(ServerOptions *options)
69 if (options->port == -1)
73 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
75 options->port = ntohs(sp->s_port);
77 options->port = SSH_DEFAULT_PORT;
80 if (options->host_key_file == NULL)
81 options->host_key_file = HOST_KEY_FILE;
82 if (options->server_key_bits == -1)
83 options->server_key_bits = 768;
84 if (options->login_grace_time == -1)
85 options->login_grace_time = 600;
86 if (options->key_regeneration_time == -1)
87 options->key_regeneration_time = 3600;
88 if (options->permit_root_login == -1)
89 options->permit_root_login = 1; /* yes */
90 if (options->ignore_rhosts == -1)
91 options->ignore_rhosts = 0;
92 if (options->quiet_mode == -1)
93 options->quiet_mode = 0;
94 if (options->check_mail == -1)
95 options->check_mail = 0;
96 if (options->fascist_logging == -1)
97 options->fascist_logging = 1;
98 if (options->print_motd == -1)
99 options->print_motd = 1;
100 if (options->x11_forwarding == -1)
101 options->x11_forwarding = 1;
102 if (options->x11_display_offset == -1)
103 options->x11_display_offset = 1;
104 if (options->strict_modes == -1)
105 options->strict_modes = 1;
106 if (options->keepalives == -1)
107 options->keepalives = 1;
108 if (options->log_facility == (SyslogFacility)(-1))
109 options->log_facility = SYSLOG_FACILITY_AUTH;
110 if (options->rhosts_authentication == -1)
111 options->rhosts_authentication = 0;
112 if (options->rhosts_rsa_authentication == -1)
113 options->rhosts_rsa_authentication = 1;
114 if (options->rsa_authentication == -1)
115 options->rsa_authentication = 1;
117 if (options->kerberos_authentication == -1)
118 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
119 if (options->kerberos_or_local_passwd == -1)
120 options->kerberos_or_local_passwd = 1;
121 if (options->kerberos_ticket_cleanup == -1)
122 options->kerberos_ticket_cleanup = 1;
125 if (options->kerberos_tgt_passing == -1)
126 options->kerberos_tgt_passing = 0;
127 if (options->afs_token_passing == -1)
128 options->afs_token_passing = k_hasafs();
130 if (options->password_authentication == -1)
131 options->password_authentication = 1;
133 if (options->skey_authentication == -1)
134 options->skey_authentication = 1;
136 if (options->permit_empty_passwd == -1)
137 options->permit_empty_passwd = 1;
138 if (options->use_login == -1)
139 options->use_login = 0;
142 #define WHITESPACE " \t\r\n"
144 /* Keyword tokens. */
147 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
148 sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
149 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
151 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
154 sKerberosTgtPassing, sAFSTokenPassing,
159 sPasswordAuthentication, sListenAddress,
160 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
161 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
162 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups
166 /* Textual representation of the tokens. */
170 ServerOpCodes opcode;
174 { "hostkey", sHostKeyFile },
175 { "serverkeybits", sServerKeyBits },
176 { "logingracetime", sLoginGraceTime },
177 { "keyregenerationinterval", sKeyRegenerationTime },
178 { "permitrootlogin", sPermitRootLogin },
179 { "quietmode", sQuietMode },
180 { "fascistlogging", sFascistLogging },
181 { "syslogfacility", sLogFacility },
182 { "rhostsauthentication", sRhostsAuthentication },
183 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
184 { "rsaauthentication", sRSAAuthentication },
186 { "kerberosauthentication", sKerberosAuthentication },
187 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
188 { "kerberosticketcleanup", sKerberosTicketCleanup },
191 { "kerberostgtpassing", sKerberosTgtPassing },
192 { "afstokenpassing", sAFSTokenPassing },
194 { "passwordauthentication", sPasswordAuthentication },
196 { "skeyauthentication", sSkeyAuthentication },
198 { "checkmail", sCheckMail },
199 { "listenaddress", sListenAddress },
200 { "printmotd", sPrintMotd },
201 { "ignorerhosts", sIgnoreRhosts },
202 { "x11forwarding", sX11Forwarding },
203 { "x11displayoffset", sX11DisplayOffset },
204 { "strictmodes", sStrictModes },
205 { "permitemptypasswords", sEmptyPasswd },
206 { "uselogin", sUseLogin },
207 { "randomseed", sRandomSeedFile },
208 { "keepalive", sKeepAlives },
209 { "allowusers", sAllowUsers },
210 { "denyusers", sDenyUsers },
211 { "allowgroups", sAllowGroups },
212 { "denygroups", sDenyGroups },
219 SyslogFacility facility;
222 { "DAEMON", SYSLOG_FACILITY_DAEMON },
223 { "USER", SYSLOG_FACILITY_USER },
224 { "AUTH", SYSLOG_FACILITY_AUTH },
225 { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
226 { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
227 { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
228 { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
229 { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
230 { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
231 { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
232 { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
236 /* Returns the number of the token pointed to by cp of length len.
237 Never returns if the token is not known. */
239 static ServerOpCodes parse_token(const char *cp, const char *filename,
244 for (i = 0; keywords[i].name; i++)
245 if (strcmp(cp, keywords[i].name) == 0)
246 return keywords[i].opcode;
248 fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
249 filename, linenum, cp);
253 /* Reads the server configuration file. */
255 void read_server_config(ServerOptions *options, const char *filename)
260 int linenum, *intptr, i, value;
261 ServerOpCodes opcode;
263 f = fopen(filename, "r");
271 while (fgets(line, sizeof(line), f))
274 cp = line + strspn(line, WHITESPACE);
275 if (!*cp || *cp == '#')
277 cp = strtok(cp, WHITESPACE);
281 if ('A' <= *t && *t <= 'Z')
282 *t = *t - 'A' + 'a'; /* tolower */
285 opcode = parse_token(cp, filename, linenum);
289 intptr = &options->port;
291 cp = strtok(NULL, WHITESPACE);
294 fprintf(stderr, "%s line %d: missing integer value.\n",
304 intptr = &options->server_key_bits;
307 case sLoginGraceTime:
308 intptr = &options->login_grace_time;
311 case sKeyRegenerationTime:
312 intptr = &options->key_regeneration_time;
316 cp = strtok(NULL, WHITESPACE);
319 fprintf(stderr, "%s line %d: missing inet addr.\n",
323 options->listen_addr.s_addr = inet_addr(cp);
327 charptr = &options->host_key_file;
328 cp = strtok(NULL, WHITESPACE);
331 fprintf(stderr, "%s line %d: missing file name.\n",
335 if (*charptr == NULL)
336 *charptr = tilde_expand_filename(cp, getuid());
339 case sRandomSeedFile:
340 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
342 cp = strtok(NULL, WHITESPACE);
345 case sPermitRootLogin:
346 intptr = &options->permit_root_login;
347 cp = strtok(NULL, WHITESPACE);
350 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
354 if (strcmp(cp, "without-password") == 0)
356 else if (strcmp(cp, "yes") == 0)
358 else if (strcmp(cp, "no") == 0)
362 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
363 filename, linenum, cp);
371 intptr = &options->ignore_rhosts;
373 cp = strtok(NULL, WHITESPACE);
376 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
380 if (strcmp(cp, "yes") == 0)
383 if (strcmp(cp, "no") == 0)
387 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
388 filename, linenum, cp);
396 intptr = &options->quiet_mode;
399 case sFascistLogging:
400 intptr = &options->fascist_logging;
403 case sRhostsAuthentication:
404 intptr = &options->rhosts_authentication;
407 case sRhostsRSAAuthentication:
408 intptr = &options->rhosts_rsa_authentication;
411 case sRSAAuthentication:
412 intptr = &options->rsa_authentication;
416 case sKerberosAuthentication:
417 intptr = &options->kerberos_authentication;
420 case sKerberosOrLocalPasswd:
421 intptr = &options->kerberos_or_local_passwd;
424 case sKerberosTicketCleanup:
425 intptr = &options->kerberos_ticket_cleanup;
430 case sKerberosTgtPassing:
431 intptr = &options->kerberos_tgt_passing;
434 case sAFSTokenPassing:
435 intptr = &options->afs_token_passing;
439 case sPasswordAuthentication:
440 intptr = &options->password_authentication;
444 intptr = &options->check_mail;
448 case sSkeyAuthentication:
449 intptr = &options->skey_authentication;
454 intptr = &options->print_motd;
458 intptr = &options->x11_forwarding;
461 case sX11DisplayOffset:
462 intptr = &options->x11_display_offset;
466 intptr = &options->strict_modes;
470 intptr = &options->keepalives;
474 intptr = &options->permit_empty_passwd;
478 intptr = &options->use_login;
482 cp = strtok(NULL, WHITESPACE);
485 fprintf(stderr, "%s line %d: missing facility name.\n",
489 for (i = 0; log_facilities[i].name; i++)
490 if (strcmp(log_facilities[i].name, cp) == 0)
492 if (!log_facilities[i].name)
494 fprintf(stderr, "%s line %d: unsupported log facility %s\n",
495 filename, linenum, cp);
498 if (options->log_facility == (SyslogFacility)(-1))
499 options->log_facility = log_facilities[i].facility;
503 while ((cp = strtok(NULL, WHITESPACE)))
505 if (options->num_allow_users >= MAX_ALLOW_USERS)
507 fprintf(stderr, "%s line %d: too many allow users.\n",
511 options->allow_users[options->num_allow_users++] = xstrdup(cp);
516 while ((cp = strtok(NULL, WHITESPACE)))
518 if (options->num_deny_users >= MAX_DENY_USERS)
520 fprintf(stderr, "%s line %d: too many deny users.\n",
524 options->deny_users[options->num_deny_users++] = xstrdup(cp);
529 while ((cp = strtok(NULL, WHITESPACE)))
531 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
533 fprintf(stderr, "%s line %d: too many allow groups.\n",
537 options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
542 while ((cp = strtok(NULL, WHITESPACE)))
544 if (options->num_deny_groups >= MAX_DENY_GROUPS)
546 fprintf(stderr, "%s line %d: too many deny groups.\n",
550 options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
555 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
556 filename, linenum, cp, opcode);
559 if (strtok(NULL, WHITESPACE) != NULL)
561 fprintf(stderr, "%s line %d: garbage at end of line.\n",