blob: 3d0c9efa6f2d28bcb214c2e9402ceaa828844f75 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10004 *
Damien Millere4340be2000-09-16 13:29:08 +11005 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110010 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100011
12#include "includes.h"
Ben Lindstromb5cdc662001-04-16 02:13:26 +000013RCSID("$OpenBSD: servconf.c,v 1.78 2001/04/15 21:28:35 stevesk Exp $");
Ben Lindstrom226cfa02001-01-22 05:34:40 +000014
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +100021
22#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000023#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100024#include "servconf.h"
25#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100026#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000027#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000031#include "kex.h"
32#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000033
Ben Lindstrom19066a12001-04-12 23:39:26 +000034void add_listen_addr(ServerOptions *options, char *addr, u_short port);
Ben Lindstromc510af42001-04-07 17:25:48 +000035void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
Damien Miller34132e52000-01-14 15:45:46 +110036
Ben Lindstrom226cfa02001-01-22 05:34:40 +000037/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
Damien Millerd4a8b7e1999-10-27 13:42:43 +100040/* Initializes the server options to their default values. */
41
Damien Miller4af51302000-04-16 11:18:38 +100042void
Damien Miller95def091999-11-25 00:26:21 +110043initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100044{
Damien Miller95def091999-11-25 00:26:21 +110045 memset(options, 0, sizeof(*options));
Damien Miller34132e52000-01-14 15:45:46 +110046 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +110049 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +100050 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +110051 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +000054 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110055 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +000058 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +110059 options->check_mail = -1;
60 options->x11_forwarding = -1;
61 options->x11_display_offset = -1;
Damien Millerd3a18572000-06-07 19:55:44 +100062 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +110063 options->strict_modes = -1;
64 options->keepalives = -1;
65 options->log_facility = (SyslogFacility) - 1;
66 options->log_level = (LogLevel) - 1;
67 options->rhosts_authentication = -1;
68 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +000069 options->hostbased_authentication = -1;
70 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +110071 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +110072 options->pubkey_authentication = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100073#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +110074 options->kerberos_authentication = -1;
75 options->kerberos_or_local_passwd = -1;
76 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100077#endif
78#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +110079 options->kerberos_tgt_passing = -1;
80 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100081#endif
Damien Miller95def091999-11-25 00:26:21 +110082 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +110083 options->kbd_interactive_authentication = -1;
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +000084 options->challenge_reponse_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +110085 options->permit_empty_passwd = -1;
86 options->use_login = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +110087 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +110088 options->num_allow_users = 0;
89 options->num_deny_users = 0;
90 options->num_allow_groups = 0;
91 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +100092 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000093 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +100094 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +100095 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +100096 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +100097 options->max_startups_begin = -1;
98 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +100099 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000100 options->banner = NULL;
Damien Miller33804262001-02-04 23:20:18 +1100101 options->reverse_mapping_check = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000102 options->client_alive_interval = -1;
103 options->client_alive_count_max = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000104}
105
Damien Miller4af51302000-04-16 11:18:38 +1000106void
Damien Miller95def091999-11-25 00:26:21 +1100107fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000108{
Damien Miller0bc1bd82000-11-13 22:57:25 +1100109 if (options->protocol == SSH_PROTO_UNKNOWN)
110 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
111 if (options->num_host_key_files == 0) {
112 /* fill default hostkeys for protocols */
113 if (options->protocol & SSH_PROTO_1)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000114 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100115 if (options->protocol & SSH_PROTO_2)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000116 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100117 }
Damien Miller34132e52000-01-14 15:45:46 +1100118 if (options->num_ports == 0)
119 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
120 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000121 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000122 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000123 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100124 if (options->server_key_bits == -1)
125 options->server_key_bits = 768;
126 if (options->login_grace_time == -1)
127 options->login_grace_time = 600;
128 if (options->key_regeneration_time == -1)
129 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000130 if (options->permit_root_login == PERMIT_NOT_SET)
131 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100132 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100133 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100134 if (options->ignore_user_known_hosts == -1)
135 options->ignore_user_known_hosts = 0;
136 if (options->check_mail == -1)
137 options->check_mail = 0;
138 if (options->print_motd == -1)
139 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000140 if (options->print_lastlog == -1)
141 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100142 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100143 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100144 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100145 options->x11_display_offset = 10;
Damien Millerd3a18572000-06-07 19:55:44 +1000146#ifdef XAUTH_PATH
147 if (options->xauth_location == NULL)
148 options->xauth_location = XAUTH_PATH;
149#endif /* XAUTH_PATH */
Damien Miller95def091999-11-25 00:26:21 +1100150 if (options->strict_modes == -1)
151 options->strict_modes = 1;
152 if (options->keepalives == -1)
153 options->keepalives = 1;
154 if (options->log_facility == (SyslogFacility) (-1))
155 options->log_facility = SYSLOG_FACILITY_AUTH;
156 if (options->log_level == (LogLevel) (-1))
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000157 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100158 if (options->rhosts_authentication == -1)
159 options->rhosts_authentication = 0;
160 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100161 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000162 if (options->hostbased_authentication == -1)
163 options->hostbased_authentication = 0;
164 if (options->hostbased_uses_name_from_packet_only == -1)
165 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100166 if (options->rsa_authentication == -1)
167 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100168 if (options->pubkey_authentication == -1)
169 options->pubkey_authentication = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000170#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100171 if (options->kerberos_authentication == -1)
172 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
173 if (options->kerberos_or_local_passwd == -1)
174 options->kerberos_or_local_passwd = 1;
175 if (options->kerberos_ticket_cleanup == -1)
176 options->kerberos_ticket_cleanup = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000177#endif /* KRB4 */
178#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100179 if (options->kerberos_tgt_passing == -1)
180 options->kerberos_tgt_passing = 0;
181 if (options->afs_token_passing == -1)
182 options->afs_token_passing = k_hasafs();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000183#endif /* AFS */
Damien Miller95def091999-11-25 00:26:21 +1100184 if (options->password_authentication == -1)
185 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100186 if (options->kbd_interactive_authentication == -1)
187 options->kbd_interactive_authentication = 0;
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000188 if (options->challenge_reponse_authentication == -1)
189 options->challenge_reponse_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100190 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100191 options->permit_empty_passwd = 0;
Damien Miller95def091999-11-25 00:26:21 +1100192 if (options->use_login == -1)
193 options->use_login = 0;
Damien Miller50a41ed2000-10-16 12:14:42 +1100194 if (options->allow_tcp_forwarding == -1)
195 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000196 if (options->gateway_ports == -1)
197 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000198 if (options->max_startups == -1)
199 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000200 if (options->max_startups_rate == -1)
201 options->max_startups_rate = 100; /* 100% */
202 if (options->max_startups_begin == -1)
203 options->max_startups_begin = options->max_startups;
Damien Miller33804262001-02-04 23:20:18 +1100204 if (options->reverse_mapping_check == -1)
205 options->reverse_mapping_check = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000206 if (options->client_alive_interval == -1)
207 options->client_alive_interval = 0;
208 if (options->client_alive_count_max == -1)
209 options->client_alive_count_max = 3;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000210}
211
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000212/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100213typedef enum {
214 sBadOption, /* == unknown option */
215 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
216 sPermitRootLogin, sLogFacility, sLogLevel,
217 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000218#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100219 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000220#endif
221#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100222 sKerberosTgtPassing, sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000223#endif
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000224 sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100225 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000226 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
227 sX11Forwarding, sX11DisplayOffset,
Ben Lindstromd9cae222001-03-05 07:42:03 +0000228 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
Damien Miller50a41ed2000-10-16 12:14:42 +1100229 sUseLogin, sAllowTcpForwarding,
230 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000231 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100232 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000233 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000234 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
235 sClientAliveCountMax
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000236} ServerOpCodes;
237
238/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100239static struct {
240 const char *name;
241 ServerOpCodes opcode;
242} keywords[] = {
243 { "port", sPort },
244 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100245 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000246 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100247 { "serverkeybits", sServerKeyBits },
248 { "logingracetime", sLoginGraceTime },
249 { "keyregenerationinterval", sKeyRegenerationTime },
250 { "permitrootlogin", sPermitRootLogin },
251 { "syslogfacility", sLogFacility },
252 { "loglevel", sLogLevel },
253 { "rhostsauthentication", sRhostsAuthentication },
254 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000255 { "hostbasedauthentication", sHostbasedAuthentication },
256 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100257 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100258 { "pubkeyauthentication", sPubkeyAuthentication },
259 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000260#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100261 { "kerberosauthentication", sKerberosAuthentication },
262 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
263 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000264#endif
265#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100266 { "kerberostgtpassing", sKerberosTgtPassing },
267 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000268#endif
Damien Miller95def091999-11-25 00:26:21 +1100269 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100270 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000271 { "challengeresponseauthentication", sChallengeResponseAuthentication },
272 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Damien Miller95def091999-11-25 00:26:21 +1100273 { "checkmail", sCheckMail },
274 { "listenaddress", sListenAddress },
275 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000276 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100277 { "ignorerhosts", sIgnoreRhosts },
278 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
279 { "x11forwarding", sX11Forwarding },
280 { "x11displayoffset", sX11DisplayOffset },
Damien Millerd3a18572000-06-07 19:55:44 +1000281 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100282 { "strictmodes", sStrictModes },
283 { "permitemptypasswords", sEmptyPasswd },
284 { "uselogin", sUseLogin },
Damien Miller95def091999-11-25 00:26:21 +1100285 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100286 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100287 { "allowusers", sAllowUsers },
288 { "denyusers", sDenyUsers },
289 { "allowgroups", sAllowGroups },
290 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000291 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000292 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000293 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000294 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000295 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000296 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000297 { "banner", sBanner },
Damien Miller33804262001-02-04 23:20:18 +1100298 { "reversemappingcheck", sReverseMappingCheck },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000299 { "clientaliveinterval", sClientAliveInterval },
300 { "clientalivecountmax", sClientAliveCountMax },
Damien Miller95def091999-11-25 00:26:21 +1100301 { NULL, 0 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000302};
303
Damien Miller5428f641999-11-25 11:54:57 +1100304/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000305 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100306 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000307
Damien Miller4af51302000-04-16 11:18:38 +1000308static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100309parse_token(const char *cp, const char *filename,
310 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000311{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000312 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000313
Damien Miller95def091999-11-25 00:26:21 +1100314 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100315 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100316 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000317
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000318 error("%s: line %d: Bad configuration option: %s",
319 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100320 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000321}
322
Damien Miller4af51302000-04-16 11:18:38 +1000323void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000324add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100325{
Damien Miller34132e52000-01-14 15:45:46 +1100326 int i;
327
328 if (options->num_ports == 0)
329 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000330 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000331 for (i = 0; i < options->num_ports; i++)
332 add_one_listen_addr(options, addr, options->ports[i]);
333 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000334 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000335}
336
337void
338add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
339{
340 struct addrinfo hints, *ai, *aitop;
341 char strport[NI_MAXSERV];
342 int gaierr;
343
344 memset(&hints, 0, sizeof(hints));
345 hints.ai_family = IPv4or6;
346 hints.ai_socktype = SOCK_STREAM;
347 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
348 snprintf(strport, sizeof strport, "%d", port);
349 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
350 fatal("bad addr or host: %s (%s)",
351 addr ? addr : "<NULL>",
352 gai_strerror(gaierr));
353 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
354 ;
355 ai->ai_next = options->listen_addrs;
356 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100357}
358
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000359/* Reads the server configuration file. */
360
Damien Miller4af51302000-04-16 11:18:38 +1000361void
Damien Miller95def091999-11-25 00:26:21 +1100362read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000363{
Damien Miller95def091999-11-25 00:26:21 +1100364 FILE *f;
365 char line[1024];
Ben Lindstromc510af42001-04-07 17:25:48 +0000366 char *cp, **charptr, *arg, *p;
Damien Miller95def091999-11-25 00:26:21 +1100367 int linenum, *intptr, value;
368 int bad_options = 0;
369 ServerOpCodes opcode;
Damien Millerf6d9e222000-06-18 14:50:44 +1000370 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000371
Damien Miller95def091999-11-25 00:26:21 +1100372 f = fopen(filename, "r");
373 if (!f) {
374 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000375 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100376 }
377 linenum = 0;
378 while (fgets(line, sizeof(line), f)) {
379 linenum++;
Damien Millerbe484b52000-07-15 14:14:16 +1000380 cp = line;
381 arg = strdelim(&cp);
382 /* Ignore leading whitespace */
383 if (*arg == '\0')
384 arg = strdelim(&cp);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000385 if (!arg || !*arg || *arg == '#')
Damien Miller95def091999-11-25 00:26:21 +1100386 continue;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100387 intptr = NULL;
388 charptr = NULL;
Damien Miller37023962000-07-11 17:31:38 +1000389 opcode = parse_token(arg, filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100390 switch (opcode) {
391 case sBadOption:
392 bad_options++;
393 continue;
394 case sPort:
Damien Miller34132e52000-01-14 15:45:46 +1100395 /* ignore ports from configfile if cmdline specifies ports */
396 if (options->ports_from_cmdline)
397 continue;
398 if (options->listen_addrs != NULL)
399 fatal("%s line %d: ports must be specified before "
400 "ListenAdress.\n", filename, linenum);
401 if (options->num_ports >= MAX_PORTS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000402 fatal("%s line %d: too many ports.",
Damien Miller4af51302000-04-16 11:18:38 +1000403 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000404 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000405 if (!arg || *arg == '\0')
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000406 fatal("%s line %d: missing port number.",
Damien Miller34132e52000-01-14 15:45:46 +1100407 filename, linenum);
Ben Lindstrom19066a12001-04-12 23:39:26 +0000408 options->ports[options->num_ports++] = a2port(arg);
409 if (options->ports[options->num_ports-1] == 0)
410 fatal("%s line %d: Badly formatted port number.",
411 filename, linenum);
Damien Miller34132e52000-01-14 15:45:46 +1100412 break;
413
414 case sServerKeyBits:
415 intptr = &options->server_key_bits;
Damien Miller95def091999-11-25 00:26:21 +1100416parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000417 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000418 if (!arg || *arg == '\0')
419 fatal("%s line %d: missing integer value.",
420 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000421 value = atoi(arg);
Damien Miller95def091999-11-25 00:26:21 +1100422 if (*intptr == -1)
423 *intptr = value;
424 break;
Damien Miller32265091999-11-12 11:33:04 +1100425
Damien Miller95def091999-11-25 00:26:21 +1100426 case sLoginGraceTime:
427 intptr = &options->login_grace_time;
428 goto parse_int;
429
430 case sKeyRegenerationTime:
431 intptr = &options->key_regeneration_time;
432 goto parse_int;
433
434 case sListenAddress:
Damien Millerbe484b52000-07-15 14:14:16 +1000435 arg = strdelim(&cp);
Ben Lindstromc510af42001-04-07 17:25:48 +0000436 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000437 fatal("%s line %d: missing inet addr.",
Damien Miller34132e52000-01-14 15:45:46 +1100438 filename, linenum);
Ben Lindstromc510af42001-04-07 17:25:48 +0000439 if (*arg == '[') {
440 if ((p = strchr(arg, ']')) == NULL)
441 fatal("%s line %d: bad ipv6 inet addr usage.",
442 filename, linenum);
443 arg++;
444 memmove(p, p+1, strlen(p+1)+1);
445 } else if (((p = strchr(arg, ':')) == NULL) ||
446 (strchr(p+1, ':') != NULL)) {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000447 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000448 break;
449 }
450 if (*p == ':') {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000451 u_short port;
452
Ben Lindstromc510af42001-04-07 17:25:48 +0000453 p++;
454 if (*p == '\0')
455 fatal("%s line %d: bad inet addr:port usage.",
456 filename, linenum);
457 else {
458 *(p-1) = '\0';
Ben Lindstrom19066a12001-04-12 23:39:26 +0000459 if ((port = a2port(p)) == 0)
460 fatal("%s line %d: bad port number.",
461 filename, linenum);
462 add_listen_addr(options, arg, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000463 }
464 } else if (*p == '\0')
Ben Lindstrom19066a12001-04-12 23:39:26 +0000465 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000466 else
467 fatal("%s line %d: bad inet addr usage.",
468 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100469 break;
470
471 case sHostKeyFile:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100472 intptr = &options->num_host_key_files;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000473 if (*intptr >= MAX_HOSTKEYS)
474 fatal("%s line %d: too many host keys specified (max %d).",
Damien Miller0bc1bd82000-11-13 22:57:25 +1100475 filename, linenum, MAX_HOSTKEYS);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100476 charptr = &options->host_key_files[*intptr];
Damien Millerd3a18572000-06-07 19:55:44 +1000477parse_filename:
Damien Millerbe484b52000-07-15 14:14:16 +1000478 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000479 if (!arg || *arg == '\0')
480 fatal("%s line %d: missing file name.",
Damien Miller6f83b8e2000-05-02 09:23:45 +1000481 filename, linenum);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100482 if (*charptr == NULL) {
Damien Miller37023962000-07-11 17:31:38 +1000483 *charptr = tilde_expand_filename(arg, getuid());
Damien Miller0bc1bd82000-11-13 22:57:25 +1100484 /* increase optional counter */
485 if (intptr != NULL)
486 *intptr = *intptr + 1;
487 }
Damien Miller6f83b8e2000-05-02 09:23:45 +1000488 break;
489
490 case sPidFile:
491 charptr = &options->pid_file;
Damien Millerd3a18572000-06-07 19:55:44 +1000492 goto parse_filename;
Damien Miller95def091999-11-25 00:26:21 +1100493
Damien Miller95def091999-11-25 00:26:21 +1100494 case sPermitRootLogin:
495 intptr = &options->permit_root_login;
Damien Millerbe484b52000-07-15 14:14:16 +1000496 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000497 if (!arg || *arg == '\0')
498 fatal("%s line %d: missing yes/"
Ben Lindstrom35f1f4e2001-03-06 01:02:41 +0000499 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000500 "argument.", filename, linenum);
501 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000502 if (strcmp(arg, "without-password") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000503 value = PERMIT_NO_PASSWD;
504 else if (strcmp(arg, "forced-commands-only") == 0)
505 value = PERMIT_FORCED_ONLY;
Damien Miller37023962000-07-11 17:31:38 +1000506 else if (strcmp(arg, "yes") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000507 value = PERMIT_YES;
Damien Miller37023962000-07-11 17:31:38 +1000508 else if (strcmp(arg, "no") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000509 value = PERMIT_NO;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000510 else
511 fatal("%s line %d: Bad yes/"
Ben Lindstromd8a90212001-02-15 03:08:27 +0000512 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000513 "argument: %s", filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100514 if (*intptr == -1)
515 *intptr = value;
516 break;
517
518 case sIgnoreRhosts:
519 intptr = &options->ignore_rhosts;
520parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000521 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000522 if (!arg || *arg == '\0')
523 fatal("%s line %d: missing yes/no argument.",
524 filename, linenum);
525 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000526 if (strcmp(arg, "yes") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100527 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000528 else if (strcmp(arg, "no") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100529 value = 0;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000530 else
531 fatal("%s line %d: Bad yes/no argument: %s",
Damien Miller37023962000-07-11 17:31:38 +1000532 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100533 if (*intptr == -1)
534 *intptr = value;
535 break;
536
537 case sIgnoreUserKnownHosts:
538 intptr = &options->ignore_user_known_hosts;
Damien Miller98c7ad62000-03-09 21:27:49 +1100539 goto parse_flag;
Damien Miller95def091999-11-25 00:26:21 +1100540
541 case sRhostsAuthentication:
542 intptr = &options->rhosts_authentication;
543 goto parse_flag;
544
545 case sRhostsRSAAuthentication:
546 intptr = &options->rhosts_rsa_authentication;
547 goto parse_flag;
548
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000549 case sHostbasedAuthentication:
550 intptr = &options->hostbased_authentication;
551 goto parse_flag;
552
553 case sHostbasedUsesNameFromPacketOnly:
554 intptr = &options->hostbased_uses_name_from_packet_only;
555 goto parse_flag;
556
Damien Miller95def091999-11-25 00:26:21 +1100557 case sRSAAuthentication:
558 intptr = &options->rsa_authentication;
559 goto parse_flag;
560
Damien Miller0bc1bd82000-11-13 22:57:25 +1100561 case sPubkeyAuthentication:
562 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000563 goto parse_flag;
564
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000565#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100566 case sKerberosAuthentication:
567 intptr = &options->kerberos_authentication;
568 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000569
Damien Miller95def091999-11-25 00:26:21 +1100570 case sKerberosOrLocalPasswd:
571 intptr = &options->kerberos_or_local_passwd;
572 goto parse_flag;
573
574 case sKerberosTicketCleanup:
575 intptr = &options->kerberos_ticket_cleanup;
576 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000577#endif
Damien Miller95def091999-11-25 00:26:21 +1100578
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000579#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100580 case sKerberosTgtPassing:
581 intptr = &options->kerberos_tgt_passing;
582 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000583
Damien Miller95def091999-11-25 00:26:21 +1100584 case sAFSTokenPassing:
585 intptr = &options->afs_token_passing;
586 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000587#endif
588
Damien Miller95def091999-11-25 00:26:21 +1100589 case sPasswordAuthentication:
590 intptr = &options->password_authentication;
591 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000592
Damien Miller874d77b2000-10-14 16:23:11 +1100593 case sKbdInteractiveAuthentication:
594 intptr = &options->kbd_interactive_authentication;
595 goto parse_flag;
596
Damien Miller95def091999-11-25 00:26:21 +1100597 case sCheckMail:
598 intptr = &options->check_mail;
599 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000600
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000601 case sChallengeResponseAuthentication:
602 intptr = &options->challenge_reponse_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100603 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000604
Damien Miller95def091999-11-25 00:26:21 +1100605 case sPrintMotd:
606 intptr = &options->print_motd;
607 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000608
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000609 case sPrintLastLog:
610 intptr = &options->print_lastlog;
611 goto parse_flag;
612
Damien Miller95def091999-11-25 00:26:21 +1100613 case sX11Forwarding:
614 intptr = &options->x11_forwarding;
615 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000616
Damien Miller95def091999-11-25 00:26:21 +1100617 case sX11DisplayOffset:
618 intptr = &options->x11_display_offset;
619 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000620
Damien Millerd3a18572000-06-07 19:55:44 +1000621 case sXAuthLocation:
622 charptr = &options->xauth_location;
623 goto parse_filename;
Kevin Stevesef4eea92001-02-05 12:42:17 +0000624
Damien Miller95def091999-11-25 00:26:21 +1100625 case sStrictModes:
626 intptr = &options->strict_modes;
627 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000628
Damien Miller95def091999-11-25 00:26:21 +1100629 case sKeepAlives:
630 intptr = &options->keepalives;
631 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000632
Damien Miller95def091999-11-25 00:26:21 +1100633 case sEmptyPasswd:
634 intptr = &options->permit_empty_passwd;
635 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000636
Damien Miller95def091999-11-25 00:26:21 +1100637 case sUseLogin:
638 intptr = &options->use_login;
639 goto parse_flag;
Damien Miller5ce662a1999-11-11 17:57:39 +1100640
Damien Millere247cc42000-05-07 12:03:14 +1000641 case sGatewayPorts:
642 intptr = &options->gateway_ports;
643 goto parse_flag;
644
Damien Miller33804262001-02-04 23:20:18 +1100645 case sReverseMappingCheck:
646 intptr = &options->reverse_mapping_check;
647 goto parse_flag;
648
Damien Miller95def091999-11-25 00:26:21 +1100649 case sLogFacility:
650 intptr = (int *) &options->log_facility;
Damien Millerbe484b52000-07-15 14:14:16 +1000651 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000652 value = log_facility_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100653 if (value == (SyslogFacility) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000654 fatal("%.200s line %d: unsupported log facility '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000655 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100656 if (*intptr == -1)
657 *intptr = (SyslogFacility) value;
658 break;
659
660 case sLogLevel:
661 intptr = (int *) &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000662 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000663 value = log_level_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100664 if (value == (LogLevel) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000665 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000666 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100667 if (*intptr == -1)
668 *intptr = (LogLevel) value;
669 break;
670
Damien Miller50a41ed2000-10-16 12:14:42 +1100671 case sAllowTcpForwarding:
672 intptr = &options->allow_tcp_forwarding;
673 goto parse_flag;
674
Damien Miller95def091999-11-25 00:26:21 +1100675 case sAllowUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000676 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000677 if (options->num_allow_users >= MAX_ALLOW_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000678 fatal("%s line %d: too many allow users.",
Damien Miller78928792000-04-12 20:17:38 +1000679 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000680 options->allow_users[options->num_allow_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100681 }
682 break;
683
684 case sDenyUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000685 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000686 if (options->num_deny_users >= MAX_DENY_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000687 fatal( "%s line %d: too many deny users.",
Damien Miller78928792000-04-12 20:17:38 +1000688 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000689 options->deny_users[options->num_deny_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100690 }
691 break;
692
693 case sAllowGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000694 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000695 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000696 fatal("%s line %d: too many allow groups.",
Damien Miller78928792000-04-12 20:17:38 +1000697 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000698 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100699 }
700 break;
701
702 case sDenyGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000703 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000704 if (options->num_deny_groups >= MAX_DENY_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000705 fatal("%s line %d: too many deny groups.",
Damien Miller78928792000-04-12 20:17:38 +1000706 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000707 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100708 }
709 break;
710
Damien Miller78928792000-04-12 20:17:38 +1000711 case sCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000712 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000713 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000714 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000715 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000716 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000717 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000718 if (options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000719 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000720 break;
721
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000722 case sMacs:
723 arg = strdelim(&cp);
724 if (!arg || *arg == '\0')
725 fatal("%s line %d: Missing argument.", filename, linenum);
726 if (!mac_valid(arg))
727 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
728 filename, linenum, arg ? arg : "<NONE>");
729 if (options->macs == NULL)
730 options->macs = xstrdup(arg);
731 break;
732
Damien Miller78928792000-04-12 20:17:38 +1000733 case sProtocol:
734 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000735 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000736 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000737 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000738 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000739 if (value == SSH_PROTO_UNKNOWN)
740 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000741 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000742 if (*intptr == SSH_PROTO_UNKNOWN)
743 *intptr = value;
744 break;
745
Damien Millerf6d9e222000-06-18 14:50:44 +1000746 case sSubsystem:
747 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
748 fatal("%s line %d: too many subsystems defined.",
749 filename, linenum);
750 }
Damien Millerbe484b52000-07-15 14:14:16 +1000751 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000752 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000753 fatal("%s line %d: Missing subsystem name.",
754 filename, linenum);
755 for (i = 0; i < options->num_subsystems; i++)
Damien Miller37023962000-07-11 17:31:38 +1000756 if(strcmp(arg, options->subsystem_name[i]) == 0)
Damien Millerf6d9e222000-06-18 14:50:44 +1000757 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller37023962000-07-11 17:31:38 +1000758 filename, linenum, arg);
759 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
Damien Millerbe484b52000-07-15 14:14:16 +1000760 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000761 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000762 fatal("%s line %d: Missing subsystem command.",
763 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000764 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
Damien Millerf6d9e222000-06-18 14:50:44 +1000765 options->num_subsystems++;
766 break;
767
Damien Miller37023962000-07-11 17:31:38 +1000768 case sMaxStartups:
Damien Miller942da032000-08-18 13:59:06 +1000769 arg = strdelim(&cp);
770 if (!arg || *arg == '\0')
771 fatal("%s line %d: Missing MaxStartups spec.",
772 filename, linenum);
773 if (sscanf(arg, "%d:%d:%d",
774 &options->max_startups_begin,
775 &options->max_startups_rate,
776 &options->max_startups) == 3) {
777 if (options->max_startups_begin >
778 options->max_startups ||
779 options->max_startups_rate > 100 ||
780 options->max_startups_rate < 1)
781 fatal("%s line %d: Illegal MaxStartups spec.",
782 filename, linenum);
783 break;
784 }
Damien Miller37023962000-07-11 17:31:38 +1000785 intptr = &options->max_startups;
786 goto parse_int;
787
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000788 case sBanner:
789 charptr = &options->banner;
790 goto parse_filename;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000791 case sClientAliveInterval:
792 intptr = &options->client_alive_interval;
793 goto parse_int;
794 case sClientAliveCountMax:
795 intptr = &options->client_alive_count_max;
796 goto parse_int;
Damien Miller95def091999-11-25 00:26:21 +1100797 default:
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000798 fatal("%s line %d: Missing handler for opcode %s (%d)",
799 filename, linenum, arg, opcode);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000800 }
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000801 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
802 fatal("%s line %d: garbage at end of line; \"%.200s\".",
803 filename, linenum, arg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000804 }
Damien Miller95def091999-11-25 00:26:21 +1100805 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000806 if (bad_options > 0)
807 fatal("%s: terminating, %d bad configuration options",
808 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000809}