5 * Author: Tatu Ylonen <ylo@cs.hut.fi>
7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 * Created: Mon Aug 21 15:48:58 1995 ylo
21 /* Initializes the server options to their default values. */
24 initialize_server_options(ServerOptions *options)
26 memset(options, 0, sizeof(*options));
28 options->listen_addr.s_addr = htonl(INADDR_ANY);
29 options->host_key_file = NULL;
30 options->server_key_bits = -1;
31 options->login_grace_time = -1;
32 options->key_regeneration_time = -1;
33 options->permit_root_login = -1;
34 options->ignore_rhosts = -1;
35 options->ignore_user_known_hosts = -1;
36 options->print_motd = -1;
37 options->check_mail = -1;
38 options->x11_forwarding = -1;
39 options->x11_display_offset = -1;
40 options->strict_modes = -1;
41 options->keepalives = -1;
42 options->log_facility = (SyslogFacility) - 1;
43 options->log_level = (LogLevel) - 1;
44 options->rhosts_authentication = -1;
45 options->rhosts_rsa_authentication = -1;
46 options->rsa_authentication = -1;
48 options->kerberos_authentication = -1;
49 options->kerberos_or_local_passwd = -1;
50 options->kerberos_ticket_cleanup = -1;
53 options->kerberos_tgt_passing = -1;
54 options->afs_token_passing = -1;
56 options->password_authentication = -1;
58 options->skey_authentication = -1;
60 options->permit_empty_passwd = -1;
61 options->use_login = -1;
62 options->num_allow_users = 0;
63 options->num_deny_users = 0;
64 options->num_allow_groups = 0;
65 options->num_deny_groups = 0;
69 fill_default_server_options(ServerOptions *options)
71 if (options->port == -1) {
74 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
76 options->port = ntohs(sp->s_port);
78 options->port = SSH_DEFAULT_PORT;
81 if (options->host_key_file == NULL)
82 options->host_key_file = HOST_KEY_FILE;
83 if (options->server_key_bits == -1)
84 options->server_key_bits = 768;
85 if (options->login_grace_time == -1)
86 options->login_grace_time = 600;
87 if (options->key_regeneration_time == -1)
88 options->key_regeneration_time = 3600;
89 if (options->permit_root_login == -1)
90 options->permit_root_login = 1; /* yes */
91 if (options->ignore_rhosts == -1)
92 options->ignore_rhosts = 0;
93 if (options->ignore_user_known_hosts == -1)
94 options->ignore_user_known_hosts = 0;
95 if (options->check_mail == -1)
96 options->check_mail = 0;
97 if (options->print_motd == -1)
98 options->print_motd = 1;
99 if (options->x11_forwarding == -1)
100 options->x11_forwarding = 1;
101 if (options->x11_display_offset == -1)
102 options->x11_display_offset = 1;
103 if (options->strict_modes == -1)
104 options->strict_modes = 1;
105 if (options->keepalives == -1)
106 options->keepalives = 1;
107 if (options->log_facility == (SyslogFacility) (-1))
108 options->log_facility = SYSLOG_FACILITY_AUTH;
109 if (options->log_level == (LogLevel) (-1))
110 options->log_level = SYSLOG_LEVEL_INFO;
111 if (options->rhosts_authentication == -1)
112 options->rhosts_authentication = 0;
113 if (options->rhosts_rsa_authentication == -1)
114 options->rhosts_rsa_authentication = 1;
115 if (options->rsa_authentication == -1)
116 options->rsa_authentication = 1;
118 if (options->kerberos_authentication == -1)
119 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
120 if (options->kerberos_or_local_passwd == -1)
121 options->kerberos_or_local_passwd = 1;
122 if (options->kerberos_ticket_cleanup == -1)
123 options->kerberos_ticket_cleanup = 1;
126 if (options->kerberos_tgt_passing == -1)
127 options->kerberos_tgt_passing = 0;
128 if (options->afs_token_passing == -1)
129 options->afs_token_passing = k_hasafs();
131 if (options->password_authentication == -1)
132 options->password_authentication = 1;
134 if (options->skey_authentication == -1)
135 options->skey_authentication = 1;
137 if (options->permit_empty_passwd == -1)
138 options->permit_empty_passwd = 1;
139 if (options->use_login == -1)
140 options->use_login = 0;
143 #define WHITESPACE " \t\r\n"
145 /* Keyword tokens. */
147 sBadOption, /* == unknown option */
148 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
149 sPermitRootLogin, sLogFacility, sLogLevel,
150 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
152 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
155 sKerberosTgtPassing, sAFSTokenPassing,
160 sPasswordAuthentication, sListenAddress,
161 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
162 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
163 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
164 sIgnoreUserKnownHosts
167 /* Textual representation of the tokens. */
170 ServerOpCodes opcode;
173 { "hostkey", sHostKeyFile },
174 { "serverkeybits", sServerKeyBits },
175 { "logingracetime", sLoginGraceTime },
176 { "keyregenerationinterval", sKeyRegenerationTime },
177 { "permitrootlogin", sPermitRootLogin },
178 { "syslogfacility", sLogFacility },
179 { "loglevel", sLogLevel },
180 { "rhostsauthentication", sRhostsAuthentication },
181 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
182 { "rsaauthentication", sRSAAuthentication },
184 { "kerberosauthentication", sKerberosAuthentication },
185 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
186 { "kerberosticketcleanup", sKerberosTicketCleanup },
189 { "kerberostgtpassing", sKerberosTgtPassing },
190 { "afstokenpassing", sAFSTokenPassing },
192 { "passwordauthentication", sPasswordAuthentication },
194 { "skeyauthentication", sSkeyAuthentication },
196 { "checkmail", sCheckMail },
197 { "listenaddress", sListenAddress },
198 { "printmotd", sPrintMotd },
199 { "ignorerhosts", sIgnoreRhosts },
200 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
201 { "x11forwarding", sX11Forwarding },
202 { "x11displayoffset", sX11DisplayOffset },
203 { "strictmodes", sStrictModes },
204 { "permitemptypasswords", sEmptyPasswd },
205 { "uselogin", sUseLogin },
206 { "randomseed", sRandomSeedFile },
207 { "keepalive", sKeepAlives },
208 { "allowusers", sAllowUsers },
209 { "denyusers", sDenyUsers },
210 { "allowgroups", sAllowGroups },
211 { "denygroups", sDenyGroups },
216 * Returns the number of the token pointed to by cp of length len. Never
217 * returns if the token is not known.
221 parse_token(const char *cp, const char *filename,
226 for (i = 0; keywords[i].name; i++)
227 if (strcasecmp(cp, keywords[i].name) == 0)
228 return keywords[i].opcode;
230 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
231 filename, linenum, cp);
235 /* Reads the server configuration file. */
238 read_server_config(ServerOptions *options, const char *filename)
243 int linenum, *intptr, value;
245 ServerOpCodes opcode;
247 f = fopen(filename, "r");
253 while (fgets(line, sizeof(line), f)) {
255 cp = line + strspn(line, WHITESPACE);
256 if (!*cp || *cp == '#')
258 cp = strtok(cp, WHITESPACE);
259 opcode = parse_token(cp, filename, linenum);
265 intptr = &options->port;
267 cp = strtok(NULL, WHITESPACE);
269 fprintf(stderr, "%s line %d: missing integer value.\n",
279 intptr = &options->server_key_bits;
282 case sLoginGraceTime:
283 intptr = &options->login_grace_time;
286 case sKeyRegenerationTime:
287 intptr = &options->key_regeneration_time;
291 cp = strtok(NULL, WHITESPACE);
293 fprintf(stderr, "%s line %d: missing inet addr.\n",
297 options->listen_addr.s_addr = inet_addr(cp);
301 charptr = &options->host_key_file;
302 cp = strtok(NULL, WHITESPACE);
304 fprintf(stderr, "%s line %d: missing file name.\n",
308 if (*charptr == NULL)
309 *charptr = tilde_expand_filename(cp, getuid());
312 case sRandomSeedFile:
313 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
315 cp = strtok(NULL, WHITESPACE);
318 case sPermitRootLogin:
319 intptr = &options->permit_root_login;
320 cp = strtok(NULL, WHITESPACE);
322 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
326 if (strcmp(cp, "without-password") == 0)
328 else if (strcmp(cp, "yes") == 0)
330 else if (strcmp(cp, "no") == 0)
333 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
334 filename, linenum, cp);
342 intptr = &options->ignore_rhosts;
344 cp = strtok(NULL, WHITESPACE);
346 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
350 if (strcmp(cp, "yes") == 0)
352 else if (strcmp(cp, "no") == 0)
355 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
356 filename, linenum, cp);
363 case sIgnoreUserKnownHosts:
364 intptr = &options->ignore_user_known_hosts;
367 case sRhostsAuthentication:
368 intptr = &options->rhosts_authentication;
371 case sRhostsRSAAuthentication:
372 intptr = &options->rhosts_rsa_authentication;
375 case sRSAAuthentication:
376 intptr = &options->rsa_authentication;
380 case sKerberosAuthentication:
381 intptr = &options->kerberos_authentication;
384 case sKerberosOrLocalPasswd:
385 intptr = &options->kerberos_or_local_passwd;
388 case sKerberosTicketCleanup:
389 intptr = &options->kerberos_ticket_cleanup;
394 case sKerberosTgtPassing:
395 intptr = &options->kerberos_tgt_passing;
398 case sAFSTokenPassing:
399 intptr = &options->afs_token_passing;
403 case sPasswordAuthentication:
404 intptr = &options->password_authentication;
408 intptr = &options->check_mail;
412 case sSkeyAuthentication:
413 intptr = &options->skey_authentication;
418 intptr = &options->print_motd;
422 intptr = &options->x11_forwarding;
425 case sX11DisplayOffset:
426 intptr = &options->x11_display_offset;
430 intptr = &options->strict_modes;
434 intptr = &options->keepalives;
438 intptr = &options->permit_empty_passwd;
442 intptr = &options->use_login;
446 intptr = (int *) &options->log_facility;
447 cp = strtok(NULL, WHITESPACE);
448 value = log_facility_number(cp);
449 if (value == (SyslogFacility) - 1)
450 fatal("%.200s line %d: unsupported log facility '%s'\n",
451 filename, linenum, cp ? cp : "<NONE>");
453 *intptr = (SyslogFacility) value;
457 intptr = (int *) &options->log_level;
458 cp = strtok(NULL, WHITESPACE);
459 value = log_level_number(cp);
460 if (value == (LogLevel) - 1)
461 fatal("%.200s line %d: unsupported log level '%s'\n",
462 filename, linenum, cp ? cp : "<NONE>");
464 *intptr = (LogLevel) value;
468 while ((cp = strtok(NULL, WHITESPACE))) {
469 if (options->num_allow_users >= MAX_ALLOW_USERS) {
470 fprintf(stderr, "%s line %d: too many allow users.\n",
474 options->allow_users[options->num_allow_users++] = xstrdup(cp);
479 while ((cp = strtok(NULL, WHITESPACE))) {
480 if (options->num_deny_users >= MAX_DENY_USERS) {
481 fprintf(stderr, "%s line %d: too many deny users.\n",
485 options->deny_users[options->num_deny_users++] = xstrdup(cp);
490 while ((cp = strtok(NULL, WHITESPACE))) {
491 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
492 fprintf(stderr, "%s line %d: too many allow groups.\n",
496 options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
501 while ((cp = strtok(NULL, WHITESPACE))) {
502 if (options->num_deny_groups >= MAX_DENY_GROUPS) {
503 fprintf(stderr, "%s line %d: too many deny groups.\n",
507 options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
512 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
513 filename, linenum, cp, opcode);
516 if (strtok(NULL, WHITESPACE) != NULL) {
517 fprintf(stderr, "%s line %d: garbage at end of line.\n",
523 if (bad_options > 0) {
524 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
525 filename, bad_options);