blob: fb42d74ef165f1612ccf9ba5f8e2a61a52afe157 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10004 *
Damien Millere4340be2000-09-16 13:29:08 +11005 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110010 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100011
12#include "includes.h"
Ben Lindstrom48bd7c12001-01-09 00:35:42 +000013RCSID("$OpenBSD: servconf.c,v 1.57 2001/01/08 22:29:05 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100014
15#include "ssh.h"
16#include "servconf.h"
17#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100018#include "compat.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100019
Damien Miller34132e52000-01-14 15:45:46 +110020/* add listen address */
21void add_listen_addr(ServerOptions *options, char *addr);
22
Damien Millerd4a8b7e1999-10-27 13:42:43 +100023/* Initializes the server options to their default values. */
24
Damien Miller4af51302000-04-16 11:18:38 +100025void
Damien Miller95def091999-11-25 00:26:21 +110026initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100027{
Damien Miller95def091999-11-25 00:26:21 +110028 memset(options, 0, sizeof(*options));
Damien Miller34132e52000-01-14 15:45:46 +110029 options->num_ports = 0;
30 options->ports_from_cmdline = 0;
31 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +110032 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +100033 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +110034 options->server_key_bits = -1;
35 options->login_grace_time = -1;
36 options->key_regeneration_time = -1;
37 options->permit_root_login = -1;
38 options->ignore_rhosts = -1;
39 options->ignore_user_known_hosts = -1;
40 options->print_motd = -1;
41 options->check_mail = -1;
42 options->x11_forwarding = -1;
43 options->x11_display_offset = -1;
Damien Millerd3a18572000-06-07 19:55:44 +100044 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +110045 options->strict_modes = -1;
46 options->keepalives = -1;
47 options->log_facility = (SyslogFacility) - 1;
48 options->log_level = (LogLevel) - 1;
49 options->rhosts_authentication = -1;
50 options->rhosts_rsa_authentication = -1;
51 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +110052 options->pubkey_authentication = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100053#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +110054 options->kerberos_authentication = -1;
55 options->kerberos_or_local_passwd = -1;
56 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100057#endif
58#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +110059 options->kerberos_tgt_passing = -1;
60 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100061#endif
Damien Miller95def091999-11-25 00:26:21 +110062 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +110063 options->kbd_interactive_authentication = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +110065 options->skey_authentication = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100066#endif
Damien Miller95def091999-11-25 00:26:21 +110067 options->permit_empty_passwd = -1;
68 options->use_login = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +110069 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +110070 options->num_allow_users = 0;
71 options->num_deny_users = 0;
72 options->num_allow_groups = 0;
73 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +100074 options->ciphers = NULL;
75 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +100076 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +100077 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +100078 options->max_startups_begin = -1;
79 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +100080 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +000081 options->banner = NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100082}
83
Damien Miller4af51302000-04-16 11:18:38 +100084void
Damien Miller95def091999-11-25 00:26:21 +110085fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100086{
Damien Miller0bc1bd82000-11-13 22:57:25 +110087 if (options->protocol == SSH_PROTO_UNKNOWN)
88 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
89 if (options->num_host_key_files == 0) {
90 /* fill default hostkeys for protocols */
91 if (options->protocol & SSH_PROTO_1)
92 options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
93 if (options->protocol & SSH_PROTO_2)
94 options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
95 }
Damien Miller34132e52000-01-14 15:45:46 +110096 if (options->num_ports == 0)
97 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
98 if (options->listen_addrs == NULL)
99 add_listen_addr(options, NULL);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000100 if (options->pid_file == NULL)
101 options->pid_file = SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100102 if (options->server_key_bits == -1)
103 options->server_key_bits = 768;
104 if (options->login_grace_time == -1)
105 options->login_grace_time = 600;
106 if (options->key_regeneration_time == -1)
107 options->key_regeneration_time = 3600;
108 if (options->permit_root_login == -1)
109 options->permit_root_login = 1; /* yes */
110 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100111 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100112 if (options->ignore_user_known_hosts == -1)
113 options->ignore_user_known_hosts = 0;
114 if (options->check_mail == -1)
115 options->check_mail = 0;
116 if (options->print_motd == -1)
117 options->print_motd = 1;
118 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100119 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100120 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100121 options->x11_display_offset = 10;
Damien Millerd3a18572000-06-07 19:55:44 +1000122#ifdef XAUTH_PATH
123 if (options->xauth_location == NULL)
124 options->xauth_location = XAUTH_PATH;
125#endif /* XAUTH_PATH */
Damien Miller95def091999-11-25 00:26:21 +1100126 if (options->strict_modes == -1)
127 options->strict_modes = 1;
128 if (options->keepalives == -1)
129 options->keepalives = 1;
130 if (options->log_facility == (SyslogFacility) (-1))
131 options->log_facility = SYSLOG_FACILITY_AUTH;
132 if (options->log_level == (LogLevel) (-1))
Ben Lindstroma383baa2001-01-08 06:13:41 +0000133 options->log_level = SYSLOG_LEVEL_NOTICE;
Damien Miller95def091999-11-25 00:26:21 +1100134 if (options->rhosts_authentication == -1)
135 options->rhosts_authentication = 0;
136 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100137 options->rhosts_rsa_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100138 if (options->rsa_authentication == -1)
139 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100140 if (options->pubkey_authentication == -1)
141 options->pubkey_authentication = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000142#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100143 if (options->kerberos_authentication == -1)
144 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
145 if (options->kerberos_or_local_passwd == -1)
146 options->kerberos_or_local_passwd = 1;
147 if (options->kerberos_ticket_cleanup == -1)
148 options->kerberos_ticket_cleanup = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000149#endif /* KRB4 */
150#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100151 if (options->kerberos_tgt_passing == -1)
152 options->kerberos_tgt_passing = 0;
153 if (options->afs_token_passing == -1)
154 options->afs_token_passing = k_hasafs();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000155#endif /* AFS */
Damien Miller95def091999-11-25 00:26:21 +1100156 if (options->password_authentication == -1)
157 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100158 if (options->kbd_interactive_authentication == -1)
159 options->kbd_interactive_authentication = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000160#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100161 if (options->skey_authentication == -1)
162 options->skey_authentication = 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000163#endif
Damien Miller95def091999-11-25 00:26:21 +1100164 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100165 options->permit_empty_passwd = 0;
Damien Miller95def091999-11-25 00:26:21 +1100166 if (options->use_login == -1)
167 options->use_login = 0;
Damien Miller50a41ed2000-10-16 12:14:42 +1100168 if (options->allow_tcp_forwarding == -1)
169 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000170 if (options->gateway_ports == -1)
171 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000172 if (options->max_startups == -1)
173 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000174 if (options->max_startups_rate == -1)
175 options->max_startups_rate = 100; /* 100% */
176 if (options->max_startups_begin == -1)
177 options->max_startups_begin = options->max_startups;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000178}
179
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000180/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100181typedef enum {
182 sBadOption, /* == unknown option */
183 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
184 sPermitRootLogin, sLogFacility, sLogLevel,
185 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000186#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100187 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000188#endif
189#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100190 sKerberosTgtPassing, sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000191#endif
192#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100193 sSkeyAuthentication,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000194#endif
Damien Miller874d77b2000-10-14 16:23:11 +1100195 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Damien Miller95def091999-11-25 00:26:21 +1100196 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
197 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
Damien Miller50a41ed2000-10-16 12:14:42 +1100198 sUseLogin, sAllowTcpForwarding,
199 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100200 sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
201 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000202 sBanner
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000203} ServerOpCodes;
204
205/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100206static struct {
207 const char *name;
208 ServerOpCodes opcode;
209} keywords[] = {
210 { "port", sPort },
211 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100212 { "hostdsakey", sHostKeyFile }, /* alias */
Damien Miller6f83b8e2000-05-02 09:23:45 +1000213 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100214 { "serverkeybits", sServerKeyBits },
215 { "logingracetime", sLoginGraceTime },
216 { "keyregenerationinterval", sKeyRegenerationTime },
217 { "permitrootlogin", sPermitRootLogin },
218 { "syslogfacility", sLogFacility },
219 { "loglevel", sLogLevel },
220 { "rhostsauthentication", sRhostsAuthentication },
221 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
222 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100223 { "pubkeyauthentication", sPubkeyAuthentication },
224 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000225#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100226 { "kerberosauthentication", sKerberosAuthentication },
227 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
228 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000229#endif
230#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100231 { "kerberostgtpassing", sKerberosTgtPassing },
232 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000233#endif
Damien Miller95def091999-11-25 00:26:21 +1100234 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100235 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000236#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100237 { "skeyauthentication", sSkeyAuthentication },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000238#endif
Damien Miller95def091999-11-25 00:26:21 +1100239 { "checkmail", sCheckMail },
240 { "listenaddress", sListenAddress },
241 { "printmotd", sPrintMotd },
242 { "ignorerhosts", sIgnoreRhosts },
243 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
244 { "x11forwarding", sX11Forwarding },
245 { "x11displayoffset", sX11DisplayOffset },
Damien Millerd3a18572000-06-07 19:55:44 +1000246 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100247 { "strictmodes", sStrictModes },
248 { "permitemptypasswords", sEmptyPasswd },
249 { "uselogin", sUseLogin },
250 { "randomseed", sRandomSeedFile },
251 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100252 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100253 { "allowusers", sAllowUsers },
254 { "denyusers", sDenyUsers },
255 { "allowgroups", sAllowGroups },
256 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000257 { "ciphers", sCiphers },
258 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000259 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000260 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000261 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000262 { "banner", sBanner },
Damien Miller95def091999-11-25 00:26:21 +1100263 { NULL, 0 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000264};
265
Damien Miller5428f641999-11-25 11:54:57 +1100266/*
267 * Returns the number of the token pointed to by cp of length len. Never
268 * returns if the token is not known.
269 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000270
Damien Miller4af51302000-04-16 11:18:38 +1000271static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100272parse_token(const char *cp, const char *filename,
273 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000274{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000275 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000276
Damien Miller95def091999-11-25 00:26:21 +1100277 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100278 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100279 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000280
Damien Miller95def091999-11-25 00:26:21 +1100281 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
282 filename, linenum, cp);
283 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000284}
285
Damien Miller34132e52000-01-14 15:45:46 +1100286/*
287 * add listen address
288 */
Damien Miller4af51302000-04-16 11:18:38 +1000289void
Damien Miller34132e52000-01-14 15:45:46 +1100290add_listen_addr(ServerOptions *options, char *addr)
291{
292 extern int IPv4or6;
293 struct addrinfo hints, *ai, *aitop;
294 char strport[NI_MAXSERV];
295 int gaierr;
296 int i;
297
298 if (options->num_ports == 0)
299 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
300 for (i = 0; i < options->num_ports; i++) {
301 memset(&hints, 0, sizeof(hints));
302 hints.ai_family = IPv4or6;
303 hints.ai_socktype = SOCK_STREAM;
304 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
305 snprintf(strport, sizeof strport, "%d", options->ports[i]);
306 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
307 fatal("bad addr or host: %s (%s)\n",
308 addr ? addr : "<NULL>",
309 gai_strerror(gaierr));
310 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
311 ;
312 ai->ai_next = options->listen_addrs;
313 options->listen_addrs = aitop;
314 }
315}
316
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000317/* Reads the server configuration file. */
318
Damien Miller4af51302000-04-16 11:18:38 +1000319void
Damien Miller95def091999-11-25 00:26:21 +1100320read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000321{
Damien Miller95def091999-11-25 00:26:21 +1100322 FILE *f;
323 char line[1024];
Damien Miller37023962000-07-11 17:31:38 +1000324 char *cp, **charptr, *arg;
Damien Miller95def091999-11-25 00:26:21 +1100325 int linenum, *intptr, value;
326 int bad_options = 0;
327 ServerOpCodes opcode;
Damien Millerf6d9e222000-06-18 14:50:44 +1000328 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000329
Damien Miller95def091999-11-25 00:26:21 +1100330 f = fopen(filename, "r");
331 if (!f) {
332 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000333 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100334 }
335 linenum = 0;
336 while (fgets(line, sizeof(line), f)) {
337 linenum++;
Damien Millerbe484b52000-07-15 14:14:16 +1000338 cp = line;
339 arg = strdelim(&cp);
340 /* Ignore leading whitespace */
341 if (*arg == '\0')
342 arg = strdelim(&cp);
343 if (!*arg || *arg == '#')
Damien Miller95def091999-11-25 00:26:21 +1100344 continue;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100345 intptr = NULL;
346 charptr = NULL;
Damien Miller37023962000-07-11 17:31:38 +1000347 opcode = parse_token(arg, filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100348 switch (opcode) {
349 case sBadOption:
350 bad_options++;
351 continue;
352 case sPort:
Damien Miller34132e52000-01-14 15:45:46 +1100353 /* ignore ports from configfile if cmdline specifies ports */
354 if (options->ports_from_cmdline)
355 continue;
356 if (options->listen_addrs != NULL)
357 fatal("%s line %d: ports must be specified before "
358 "ListenAdress.\n", filename, linenum);
359 if (options->num_ports >= MAX_PORTS)
360 fatal("%s line %d: too many ports.\n",
Damien Miller4af51302000-04-16 11:18:38 +1000361 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000362 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000363 if (!arg || *arg == '\0')
Damien Miller34132e52000-01-14 15:45:46 +1100364 fatal("%s line %d: missing port number.\n",
365 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000366 options->ports[options->num_ports++] = atoi(arg);
Damien Miller34132e52000-01-14 15:45:46 +1100367 break;
368
369 case sServerKeyBits:
370 intptr = &options->server_key_bits;
Damien Miller95def091999-11-25 00:26:21 +1100371parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000372 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000373 if (!arg || *arg == '\0') {
Damien Miller95def091999-11-25 00:26:21 +1100374 fprintf(stderr, "%s line %d: missing integer value.\n",
375 filename, linenum);
376 exit(1);
377 }
Damien Miller37023962000-07-11 17:31:38 +1000378 value = atoi(arg);
Damien Miller95def091999-11-25 00:26:21 +1100379 if (*intptr == -1)
380 *intptr = value;
381 break;
Damien Miller32265091999-11-12 11:33:04 +1100382
Damien Miller95def091999-11-25 00:26:21 +1100383 case sLoginGraceTime:
384 intptr = &options->login_grace_time;
385 goto parse_int;
386
387 case sKeyRegenerationTime:
388 intptr = &options->key_regeneration_time;
389 goto parse_int;
390
391 case sListenAddress:
Damien Millerbe484b52000-07-15 14:14:16 +1000392 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000393 if (!arg || *arg == '\0')
Damien Miller34132e52000-01-14 15:45:46 +1100394 fatal("%s line %d: missing inet addr.\n",
395 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000396 add_listen_addr(options, arg);
Damien Miller95def091999-11-25 00:26:21 +1100397 break;
398
399 case sHostKeyFile:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100400 intptr = &options->num_host_key_files;
401 if (*intptr >= MAX_HOSTKEYS) {
402 fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",
403 filename, linenum, MAX_HOSTKEYS);
404 exit(1);
405 }
406 charptr = &options->host_key_files[*intptr];
Damien Millerd3a18572000-06-07 19:55:44 +1000407parse_filename:
Damien Millerbe484b52000-07-15 14:14:16 +1000408 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000409 if (!arg || *arg == '\0') {
Damien Miller95def091999-11-25 00:26:21 +1100410 fprintf(stderr, "%s line %d: missing file name.\n",
Damien Miller6f83b8e2000-05-02 09:23:45 +1000411 filename, linenum);
412 exit(1);
413 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100414 if (*charptr == NULL) {
Damien Miller37023962000-07-11 17:31:38 +1000415 *charptr = tilde_expand_filename(arg, getuid());
Damien Miller0bc1bd82000-11-13 22:57:25 +1100416 /* increase optional counter */
417 if (intptr != NULL)
418 *intptr = *intptr + 1;
419 }
Damien Miller6f83b8e2000-05-02 09:23:45 +1000420 break;
421
422 case sPidFile:
423 charptr = &options->pid_file;
Damien Millerd3a18572000-06-07 19:55:44 +1000424 goto parse_filename;
Damien Miller95def091999-11-25 00:26:21 +1100425
426 case sRandomSeedFile:
427 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
428 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000429 arg = strdelim(&cp);
Damien Miller95def091999-11-25 00:26:21 +1100430 break;
431
432 case sPermitRootLogin:
433 intptr = &options->permit_root_login;
Damien Millerbe484b52000-07-15 14:14:16 +1000434 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000435 if (!arg || *arg == '\0') {
Damien Miller95def091999-11-25 00:26:21 +1100436 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
437 filename, linenum);
438 exit(1);
439 }
Damien Miller37023962000-07-11 17:31:38 +1000440 if (strcmp(arg, "without-password") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100441 value = 2;
Damien Miller37023962000-07-11 17:31:38 +1000442 else if (strcmp(arg, "yes") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100443 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000444 else if (strcmp(arg, "no") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100445 value = 0;
446 else {
447 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
Damien Miller37023962000-07-11 17:31:38 +1000448 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100449 exit(1);
450 }
451 if (*intptr == -1)
452 *intptr = value;
453 break;
454
455 case sIgnoreRhosts:
456 intptr = &options->ignore_rhosts;
457parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000458 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000459 if (!arg || *arg == '\0') {
Damien Miller95def091999-11-25 00:26:21 +1100460 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
461 filename, linenum);
462 exit(1);
463 }
Damien Miller37023962000-07-11 17:31:38 +1000464 if (strcmp(arg, "yes") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100465 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000466 else if (strcmp(arg, "no") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100467 value = 0;
468 else {
469 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
Damien Miller37023962000-07-11 17:31:38 +1000470 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100471 exit(1);
472 }
473 if (*intptr == -1)
474 *intptr = value;
475 break;
476
477 case sIgnoreUserKnownHosts:
478 intptr = &options->ignore_user_known_hosts;
Damien Miller98c7ad62000-03-09 21:27:49 +1100479 goto parse_flag;
Damien Miller95def091999-11-25 00:26:21 +1100480
481 case sRhostsAuthentication:
482 intptr = &options->rhosts_authentication;
483 goto parse_flag;
484
485 case sRhostsRSAAuthentication:
486 intptr = &options->rhosts_rsa_authentication;
487 goto parse_flag;
488
489 case sRSAAuthentication:
490 intptr = &options->rsa_authentication;
491 goto parse_flag;
492
Damien Miller0bc1bd82000-11-13 22:57:25 +1100493 case sPubkeyAuthentication:
494 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000495 goto parse_flag;
496
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000497#ifdef KRB4
Damien Miller95def091999-11-25 00:26:21 +1100498 case sKerberosAuthentication:
499 intptr = &options->kerberos_authentication;
500 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000501
Damien Miller95def091999-11-25 00:26:21 +1100502 case sKerberosOrLocalPasswd:
503 intptr = &options->kerberos_or_local_passwd;
504 goto parse_flag;
505
506 case sKerberosTicketCleanup:
507 intptr = &options->kerberos_ticket_cleanup;
508 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000509#endif
Damien Miller95def091999-11-25 00:26:21 +1100510
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000511#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100512 case sKerberosTgtPassing:
513 intptr = &options->kerberos_tgt_passing;
514 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000515
Damien Miller95def091999-11-25 00:26:21 +1100516 case sAFSTokenPassing:
517 intptr = &options->afs_token_passing;
518 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000519#endif
520
Damien Miller95def091999-11-25 00:26:21 +1100521 case sPasswordAuthentication:
522 intptr = &options->password_authentication;
523 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000524
Damien Miller874d77b2000-10-14 16:23:11 +1100525 case sKbdInteractiveAuthentication:
526 intptr = &options->kbd_interactive_authentication;
527 goto parse_flag;
528
Damien Miller95def091999-11-25 00:26:21 +1100529 case sCheckMail:
530 intptr = &options->check_mail;
531 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000532
533#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100534 case sSkeyAuthentication:
535 intptr = &options->skey_authentication;
536 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000537#endif
538
Damien Miller95def091999-11-25 00:26:21 +1100539 case sPrintMotd:
540 intptr = &options->print_motd;
541 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000542
Damien Miller95def091999-11-25 00:26:21 +1100543 case sX11Forwarding:
544 intptr = &options->x11_forwarding;
545 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000546
Damien Miller95def091999-11-25 00:26:21 +1100547 case sX11DisplayOffset:
548 intptr = &options->x11_display_offset;
549 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000550
Damien Millerd3a18572000-06-07 19:55:44 +1000551 case sXAuthLocation:
552 charptr = &options->xauth_location;
553 goto parse_filename;
554
Damien Miller95def091999-11-25 00:26:21 +1100555 case sStrictModes:
556 intptr = &options->strict_modes;
557 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000558
Damien Miller95def091999-11-25 00:26:21 +1100559 case sKeepAlives:
560 intptr = &options->keepalives;
561 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000562
Damien Miller95def091999-11-25 00:26:21 +1100563 case sEmptyPasswd:
564 intptr = &options->permit_empty_passwd;
565 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000566
Damien Miller95def091999-11-25 00:26:21 +1100567 case sUseLogin:
568 intptr = &options->use_login;
569 goto parse_flag;
Damien Miller5ce662a1999-11-11 17:57:39 +1100570
Damien Millere247cc42000-05-07 12:03:14 +1000571 case sGatewayPorts:
572 intptr = &options->gateway_ports;
573 goto parse_flag;
574
Damien Miller95def091999-11-25 00:26:21 +1100575 case sLogFacility:
576 intptr = (int *) &options->log_facility;
Damien Millerbe484b52000-07-15 14:14:16 +1000577 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000578 value = log_facility_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100579 if (value == (SyslogFacility) - 1)
580 fatal("%.200s line %d: unsupported log facility '%s'\n",
Damien Miller37023962000-07-11 17:31:38 +1000581 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100582 if (*intptr == -1)
583 *intptr = (SyslogFacility) value;
584 break;
585
586 case sLogLevel:
587 intptr = (int *) &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000588 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000589 value = log_level_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100590 if (value == (LogLevel) - 1)
591 fatal("%.200s line %d: unsupported log level '%s'\n",
Damien Miller37023962000-07-11 17:31:38 +1000592 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100593 if (*intptr == -1)
594 *intptr = (LogLevel) value;
595 break;
596
Damien Miller50a41ed2000-10-16 12:14:42 +1100597 case sAllowTcpForwarding:
598 intptr = &options->allow_tcp_forwarding;
599 goto parse_flag;
600
Damien Miller95def091999-11-25 00:26:21 +1100601 case sAllowUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000602 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000603 if (options->num_allow_users >= MAX_ALLOW_USERS)
604 fatal("%s line %d: too many allow users.\n",
605 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000606 options->allow_users[options->num_allow_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100607 }
608 break;
609
610 case sDenyUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000611 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000612 if (options->num_deny_users >= MAX_DENY_USERS)
613 fatal( "%s line %d: too many deny users.\n",
614 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000615 options->deny_users[options->num_deny_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100616 }
617 break;
618
619 case sAllowGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000620 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000621 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
622 fatal("%s line %d: too many allow groups.\n",
623 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000624 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100625 }
626 break;
627
628 case sDenyGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000629 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000630 if (options->num_deny_groups >= MAX_DENY_GROUPS)
631 fatal("%s line %d: too many deny groups.\n",
632 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000633 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100634 }
635 break;
636
Damien Miller78928792000-04-12 20:17:38 +1000637 case sCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000638 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000639 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000640 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000641 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000642 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000643 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000644 if (options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000645 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000646 break;
647
648 case sProtocol:
649 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000650 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000651 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000652 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000653 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000654 if (value == SSH_PROTO_UNKNOWN)
655 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000656 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000657 if (*intptr == SSH_PROTO_UNKNOWN)
658 *intptr = value;
659 break;
660
Damien Millerf6d9e222000-06-18 14:50:44 +1000661 case sSubsystem:
662 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
663 fatal("%s line %d: too many subsystems defined.",
664 filename, linenum);
665 }
Damien Millerbe484b52000-07-15 14:14:16 +1000666 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000667 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000668 fatal("%s line %d: Missing subsystem name.",
669 filename, linenum);
670 for (i = 0; i < options->num_subsystems; i++)
Damien Miller37023962000-07-11 17:31:38 +1000671 if(strcmp(arg, options->subsystem_name[i]) == 0)
Damien Millerf6d9e222000-06-18 14:50:44 +1000672 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller37023962000-07-11 17:31:38 +1000673 filename, linenum, arg);
674 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
Damien Millerbe484b52000-07-15 14:14:16 +1000675 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000676 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000677 fatal("%s line %d: Missing subsystem command.",
678 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000679 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
Damien Millerf6d9e222000-06-18 14:50:44 +1000680 options->num_subsystems++;
681 break;
682
Damien Miller37023962000-07-11 17:31:38 +1000683 case sMaxStartups:
Damien Miller942da032000-08-18 13:59:06 +1000684 arg = strdelim(&cp);
685 if (!arg || *arg == '\0')
686 fatal("%s line %d: Missing MaxStartups spec.",
687 filename, linenum);
688 if (sscanf(arg, "%d:%d:%d",
689 &options->max_startups_begin,
690 &options->max_startups_rate,
691 &options->max_startups) == 3) {
692 if (options->max_startups_begin >
693 options->max_startups ||
694 options->max_startups_rate > 100 ||
695 options->max_startups_rate < 1)
696 fatal("%s line %d: Illegal MaxStartups spec.",
697 filename, linenum);
698 break;
699 }
Damien Miller37023962000-07-11 17:31:38 +1000700 intptr = &options->max_startups;
701 goto parse_int;
702
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000703 case sBanner:
704 charptr = &options->banner;
705 goto parse_filename;
706
Damien Miller95def091999-11-25 00:26:21 +1100707 default:
708 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
Damien Miller37023962000-07-11 17:31:38 +1000709 filename, linenum, arg, opcode);
Damien Miller95def091999-11-25 00:26:21 +1100710 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000711 }
Damien Millerbe484b52000-07-15 14:14:16 +1000712 if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
Damien Miller37023962000-07-11 17:31:38 +1000713 fprintf(stderr,
714 "%s line %d: garbage at end of line; \"%.200s\".\n",
715 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100716 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000717 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000718 }
Damien Miller95def091999-11-25 00:26:21 +1100719 fclose(f);
720 if (bad_options > 0) {
721 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
722 filename, bad_options);
723 exit(1);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000724 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000725}