blob: 71e28b3cb06202d77c922b66c47f171aa1c72467 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10004 *
Damien Millere4340be2000-09-16 13:29:08 +11005 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110010 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100011
12#include "includes.h"
Damien Millerfb10e9a2003-09-02 22:58:22 +100013RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100014
15#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000016#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100017#include "servconf.h"
18#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100019#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000020#include "pathnames.h"
21#include "tildexpand.h"
22#include "misc.h"
23#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000024#include "kex.h"
25#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000026
Ben Lindstrombba81212001-06-25 05:01:22 +000027static void add_listen_addr(ServerOptions *, char *, u_short);
28static void add_one_listen_addr(ServerOptions *, char *, u_short);
Damien Miller34132e52000-01-14 15:45:46 +110029
Ben Lindstrom226cfa02001-01-22 05:34:40 +000030/* AF_UNSPEC or AF_INET or AF_INET6 */
31extern int IPv4or6;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +000032/* Use of privilege separation or not */
33extern int use_privsep;
Ben Lindstrom226cfa02001-01-22 05:34:40 +000034
Damien Millerd4a8b7e1999-10-27 13:42:43 +100035/* Initializes the server options to their default values. */
36
Damien Miller4af51302000-04-16 11:18:38 +100037void
Damien Miller95def091999-11-25 00:26:21 +110038initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100039{
Damien Miller95def091999-11-25 00:26:21 +110040 memset(options, 0, sizeof(*options));
Damien Miller726273e2001-11-12 11:40:11 +110041
42 /* Portable-specific options */
Damien Miller4e448a32003-05-14 15:11:48 +100043 options->use_pam = -1;
Damien Miller726273e2001-11-12 11:40:11 +110044
45 /* Standard Options */
Damien Miller34132e52000-01-14 15:45:46 +110046 options->num_ports = 0;
47 options->ports_from_cmdline = 0;
48 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +110049 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +100050 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +110051 options->server_key_bits = -1;
52 options->login_grace_time = -1;
53 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +000054 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110055 options->ignore_rhosts = -1;
56 options->ignore_user_known_hosts = -1;
57 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +000058 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +110059 options->x11_forwarding = -1;
60 options->x11_display_offset = -1;
Damien Miller95c249f2002-02-05 12:11:34 +110061 options->x11_use_localhost = -1;
Damien Millerd3a18572000-06-07 19:55:44 +100062 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +110063 options->strict_modes = -1;
64 options->keepalives = -1;
Damien Millerfcd93202002-02-05 12:26:34 +110065 options->log_facility = SYSLOG_FACILITY_NOT_SET;
66 options->log_level = SYSLOG_LEVEL_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110067 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +000068 options->hostbased_authentication = -1;
69 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +110070 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +110071 options->pubkey_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +110072 options->kerberos_authentication = -1;
73 options->kerberos_or_local_passwd = -1;
74 options->kerberos_ticket_cleanup = -1;
Darren Tucker0efd1552003-08-26 11:49:55 +100075 options->gss_authentication=-1;
76 options->gss_cleanup_creds = -1;
Damien Miller95def091999-11-25 00:26:21 +110077 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +110078 options->kbd_interactive_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +000079 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +110080 options->permit_empty_passwd = -1;
Ben Lindstrom5d860f02002-08-01 01:28:38 +000081 options->permit_user_env = -1;
Damien Miller95def091999-11-25 00:26:21 +110082 options->use_login = -1;
Ben Lindstrom23e0f662002-06-21 01:09:47 +000083 options->compression = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +110084 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +110085 options->num_allow_users = 0;
86 options->num_deny_users = 0;
87 options->num_allow_groups = 0;
88 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +100089 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000090 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +100091 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +100092 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +100093 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +100094 options->max_startups_begin = -1;
95 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +100096 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +000097 options->banner = NULL;
Damien Miller3a961dc2003-06-03 10:25:48 +100098 options->use_dns = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +000099 options->client_alive_interval = -1;
100 options->client_alive_count_max = -1;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000101 options->authorized_keys_file = NULL;
102 options->authorized_keys_file2 = NULL;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000103
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000104 /* Needs to be accessable in many places */
105 use_privsep = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000106}
107
Damien Miller4af51302000-04-16 11:18:38 +1000108void
Damien Miller95def091999-11-25 00:26:21 +1100109fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000110{
Damien Miller726273e2001-11-12 11:40:11 +1100111 /* Portable-specific options */
Damien Miller4e448a32003-05-14 15:11:48 +1000112 if (options->use_pam == -1)
Damien Miller156cbe82003-05-15 14:16:41 +1000113 options->use_pam = 1;
Damien Miller726273e2001-11-12 11:40:11 +1100114
115 /* Standard Options */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100116 if (options->protocol == SSH_PROTO_UNKNOWN)
117 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
118 if (options->num_host_key_files == 0) {
119 /* fill default hostkeys for protocols */
120 if (options->protocol & SSH_PROTO_1)
Damien Miller7fc23732002-01-22 23:19:11 +1100121 options->host_key_files[options->num_host_key_files++] =
122 _PATH_HOST_KEY_FILE;
123 if (options->protocol & SSH_PROTO_2) {
124 options->host_key_files[options->num_host_key_files++] =
125 _PATH_HOST_RSA_KEY_FILE;
126 options->host_key_files[options->num_host_key_files++] =
127 _PATH_HOST_DSA_KEY_FILE;
128 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100129 }
Damien Miller34132e52000-01-14 15:45:46 +1100130 if (options->num_ports == 0)
131 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
132 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000133 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000134 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000135 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100136 if (options->server_key_bits == -1)
137 options->server_key_bits = 768;
138 if (options->login_grace_time == -1)
Damien Millerc1348632002-09-05 14:35:14 +1000139 options->login_grace_time = 120;
Damien Miller95def091999-11-25 00:26:21 +1100140 if (options->key_regeneration_time == -1)
141 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000142 if (options->permit_root_login == PERMIT_NOT_SET)
143 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100144 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100145 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100146 if (options->ignore_user_known_hosts == -1)
147 options->ignore_user_known_hosts = 0;
Damien Miller95def091999-11-25 00:26:21 +1100148 if (options->print_motd == -1)
149 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000150 if (options->print_lastlog == -1)
151 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100152 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100153 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100154 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100155 options->x11_display_offset = 10;
Damien Miller95c249f2002-02-05 12:11:34 +1100156 if (options->x11_use_localhost == -1)
157 options->x11_use_localhost = 1;
Damien Millerd3a18572000-06-07 19:55:44 +1000158 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000159 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +1100160 if (options->strict_modes == -1)
161 options->strict_modes = 1;
162 if (options->keepalives == -1)
163 options->keepalives = 1;
Damien Millerfcd93202002-02-05 12:26:34 +1100164 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
Damien Miller95def091999-11-25 00:26:21 +1100165 options->log_facility = SYSLOG_FACILITY_AUTH;
Damien Millerfcd93202002-02-05 12:26:34 +1100166 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000167 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100168 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100169 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000170 if (options->hostbased_authentication == -1)
171 options->hostbased_authentication = 0;
172 if (options->hostbased_uses_name_from_packet_only == -1)
173 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100174 if (options->rsa_authentication == -1)
175 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100176 if (options->pubkey_authentication == -1)
177 options->pubkey_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100178 if (options->kerberos_authentication == -1)
Damien Millerd7de14b2002-04-23 21:04:51 +1000179 options->kerberos_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100180 if (options->kerberos_or_local_passwd == -1)
181 options->kerberos_or_local_passwd = 1;
182 if (options->kerberos_ticket_cleanup == -1)
183 options->kerberos_ticket_cleanup = 1;
Darren Tucker0efd1552003-08-26 11:49:55 +1000184 if (options->gss_authentication == -1)
185 options->gss_authentication = 0;
186 if (options->gss_cleanup_creds == -1)
187 options->gss_cleanup_creds = 1;
Damien Miller95def091999-11-25 00:26:21 +1100188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100194 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100195 options->permit_empty_passwd = 0;
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000196 if (options->permit_user_env == -1)
197 options->permit_user_env = 0;
Damien Miller95def091999-11-25 00:26:21 +1100198 if (options->use_login == -1)
199 options->use_login = 0;
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000200 if (options->compression == -1)
201 options->compression = 1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100202 if (options->allow_tcp_forwarding == -1)
203 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000204 if (options->gateway_ports == -1)
205 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000206 if (options->max_startups == -1)
207 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000208 if (options->max_startups_rate == -1)
209 options->max_startups_rate = 100; /* 100% */
210 if (options->max_startups_begin == -1)
211 options->max_startups_begin = options->max_startups;
Damien Miller3a961dc2003-06-03 10:25:48 +1000212 if (options->use_dns == -1)
213 options->use_dns = 1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000214 if (options->client_alive_interval == -1)
Damien Miller9f0f5c62001-12-21 14:45:46 +1100215 options->client_alive_interval = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000216 if (options->client_alive_count_max == -1)
217 options->client_alive_count_max = 3;
Damien Miller75413ac2001-11-12 11:14:35 +1100218 if (options->authorized_keys_file2 == NULL) {
219 /* authorized_keys_file2 falls back to authorized_keys_file */
220 if (options->authorized_keys_file != NULL)
221 options->authorized_keys_file2 = options->authorized_keys_file;
222 else
223 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
224 }
225 if (options->authorized_keys_file == NULL)
226 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000227
Ben Lindstromfb62a692002-06-06 19:47:11 +0000228 /* Turn privilege separation on by default */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000229 if (use_privsep == -1)
Ben Lindstromfb62a692002-06-06 19:47:11 +0000230 use_privsep = 1;
Damien Miller4903eb42002-06-21 16:20:44 +1000231
Tim Rice40017b02002-07-14 13:36:49 -0700232#ifndef HAVE_MMAP
Damien Miller4903eb42002-06-21 16:20:44 +1000233 if (use_privsep && options->compression == 1) {
234 error("This platform does not support both privilege "
235 "separation and compression");
236 error("Compression disabled");
237 options->compression = 0;
238 }
239#endif
240
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000241}
242
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000243/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100244typedef enum {
245 sBadOption, /* == unknown option */
Damien Miller726273e2001-11-12 11:40:11 +1100246 /* Portable-specific options */
Damien Miller4e448a32003-05-14 15:11:48 +1000247 sUsePAM,
Damien Miller726273e2001-11-12 11:40:11 +1100248 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100249 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
250 sPermitRootLogin, sLogFacility, sLogLevel,
Darren Tuckerec960f22003-08-13 20:37:05 +1000251 sRhostsRSAAuthentication, sRSAAuthentication,
Damien Miller95def091999-11-25 00:26:21 +1100252 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Darren Tucker6aaa58c2003-08-02 22:24:49 +1000253 sKerberosTgtPassing, sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100254 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000255 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
Damien Miller95c249f2002-02-05 12:11:34 +1100256 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
Ben Lindstrom91e98682001-09-12 16:32:14 +0000257 sStrictModes, sEmptyPasswd, sKeepAlives,
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000258 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
Damien Miller50a41ed2000-10-16 12:14:42 +1100259 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000260 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100261 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Damien Miller3a961dc2003-06-03 10:25:48 +1000262 sBanner, sUseDNS, sHostbasedAuthentication,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100263 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000264 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Darren Tucker0efd1552003-08-26 11:49:55 +1000265 sGssAuthentication, sGssCleanupCreds,
Ben Lindstromc7431342002-03-22 03:11:49 +0000266 sUsePrivilegeSeparation,
Damien Millerf9b3feb2003-05-16 11:38:32 +1000267 sDeprecated, sUnsupported
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000268} ServerOpCodes;
269
270/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100271static struct {
272 const char *name;
273 ServerOpCodes opcode;
274} keywords[] = {
Damien Miller726273e2001-11-12 11:40:11 +1100275 /* Portable-specific options */
Damien Miller6ac2c482003-05-16 11:42:35 +1000276#ifdef USE_PAM
Damien Miller30912f72003-08-26 10:48:14 +1000277 { "usepam", sUsePAM },
Damien Miller6ac2c482003-05-16 11:42:35 +1000278#else
Damien Miller30912f72003-08-26 10:48:14 +1000279 { "usepam", sUnsupported },
Damien Miller6ac2c482003-05-16 11:42:35 +1000280#endif
Damien Miller30912f72003-08-26 10:48:14 +1000281 { "pamauthenticationviakbdint", sDeprecated },
Damien Miller726273e2001-11-12 11:40:11 +1100282 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100283 { "port", sPort },
284 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100285 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000286 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100287 { "serverkeybits", sServerKeyBits },
288 { "logingracetime", sLoginGraceTime },
289 { "keyregenerationinterval", sKeyRegenerationTime },
290 { "permitrootlogin", sPermitRootLogin },
291 { "syslogfacility", sLogFacility },
292 { "loglevel", sLogLevel },
Darren Tuckerec960f22003-08-13 20:37:05 +1000293 { "rhostsauthentication", sDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100294 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000295 { "hostbasedauthentication", sHostbasedAuthentication },
296 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100297 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100298 { "pubkeyauthentication", sPubkeyAuthentication },
299 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Darren Tucker6aaa58c2003-08-02 22:24:49 +1000300#ifdef KRB5
Damien Miller95def091999-11-25 00:26:21 +1100301 { "kerberosauthentication", sKerberosAuthentication },
302 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
303 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000304#else
305 { "kerberosauthentication", sUnsupported },
306 { "kerberosorlocalpasswd", sUnsupported },
307 { "kerberosticketcleanup", sUnsupported },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000308#endif
Damien Miller1a0c0b92003-09-02 22:51:17 +1000309 { "kerberostgtpassing", sUnsupported },
Damien Millerf9b3feb2003-05-16 11:38:32 +1000310 { "afstokenpassing", sUnsupported },
Darren Tucker0efd1552003-08-26 11:49:55 +1000311#ifdef GSSAPI
312 { "gssapiauthentication", sGssAuthentication },
313 { "gssapicleanupcreds", sGssCleanupCreds },
314#else
315 { "gssapiauthentication", sUnsupported },
316 { "gssapicleanupcreds", sUnsupported },
317#endif
Damien Miller95def091999-11-25 00:26:21 +1100318 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100319 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000320 { "challengeresponseauthentication", sChallengeResponseAuthentication },
321 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Ben Lindstrom91e98682001-09-12 16:32:14 +0000322 { "checkmail", sDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100323 { "listenaddress", sListenAddress },
324 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000325 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100326 { "ignorerhosts", sIgnoreRhosts },
327 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
328 { "x11forwarding", sX11Forwarding },
329 { "x11displayoffset", sX11DisplayOffset },
Damien Miller95c249f2002-02-05 12:11:34 +1100330 { "x11uselocalhost", sX11UseLocalhost },
Damien Millerd3a18572000-06-07 19:55:44 +1000331 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100332 { "strictmodes", sStrictModes },
333 { "permitemptypasswords", sEmptyPasswd },
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000334 { "permituserenvironment", sPermitUserEnvironment },
Damien Miller95def091999-11-25 00:26:21 +1100335 { "uselogin", sUseLogin },
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000336 { "compression", sCompression },
Damien Miller95def091999-11-25 00:26:21 +1100337 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100338 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100339 { "allowusers", sAllowUsers },
340 { "denyusers", sDenyUsers },
341 { "allowgroups", sAllowGroups },
342 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000343 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000344 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000345 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000346 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000347 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000348 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000349 { "banner", sBanner },
Damien Miller3a961dc2003-06-03 10:25:48 +1000350 { "usedns", sUseDNS },
351 { "verifyreversemapping", sDeprecated },
352 { "reversemappingcheck", sDeprecated },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000353 { "clientaliveinterval", sClientAliveInterval },
354 { "clientalivecountmax", sClientAliveCountMax },
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000355 { "authorizedkeysfile", sAuthorizedKeysFile },
356 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000357 { "useprivilegeseparation", sUsePrivilegeSeparation},
Ben Lindstrom65366a82001-12-06 16:32:47 +0000358 { NULL, sBadOption }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000359};
360
Damien Miller5428f641999-11-25 11:54:57 +1100361/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000362 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100363 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000364
Damien Miller4af51302000-04-16 11:18:38 +1000365static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100366parse_token(const char *cp, const char *filename,
367 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000368{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000369 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000370
Damien Miller95def091999-11-25 00:26:21 +1100371 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100372 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100373 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000374
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000375 error("%s: line %d: Bad configuration option: %s",
376 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100377 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000378}
379
Ben Lindstrombba81212001-06-25 05:01:22 +0000380static void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000381add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100382{
Damien Miller34132e52000-01-14 15:45:46 +1100383 int i;
384
385 if (options->num_ports == 0)
386 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000387 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000388 for (i = 0; i < options->num_ports; i++)
389 add_one_listen_addr(options, addr, options->ports[i]);
390 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000391 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000392}
393
Ben Lindstrombba81212001-06-25 05:01:22 +0000394static void
Ben Lindstromc510af42001-04-07 17:25:48 +0000395add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
396{
397 struct addrinfo hints, *ai, *aitop;
398 char strport[NI_MAXSERV];
399 int gaierr;
400
401 memset(&hints, 0, sizeof(hints));
402 hints.ai_family = IPv4or6;
403 hints.ai_socktype = SOCK_STREAM;
404 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
Ben Lindstrome1353632002-06-23 21:29:23 +0000405 snprintf(strport, sizeof strport, "%u", port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000406 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
407 fatal("bad addr or host: %s (%s)",
408 addr ? addr : "<NULL>",
409 gai_strerror(gaierr));
410 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
411 ;
412 ai->ai_next = options->listen_addrs;
413 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100414}
415
Ben Lindstromade03f62001-12-06 18:22:17 +0000416int
417process_server_config_line(ServerOptions *options, char *line,
418 const char *filename, int linenum)
419{
420 char *cp, **charptr, *arg, *p;
Ben Lindstrome1353632002-06-23 21:29:23 +0000421 int *intptr, value, i, n;
Ben Lindstromade03f62001-12-06 18:22:17 +0000422 ServerOpCodes opcode;
Ben Lindstromade03f62001-12-06 18:22:17 +0000423
424 cp = line;
425 arg = strdelim(&cp);
426 /* Ignore leading whitespace */
427 if (*arg == '\0')
428 arg = strdelim(&cp);
429 if (!arg || !*arg || *arg == '#')
430 return 0;
431 intptr = NULL;
432 charptr = NULL;
433 opcode = parse_token(arg, filename, linenum);
434 switch (opcode) {
435 /* Portable-specific options */
Damien Miller4e448a32003-05-14 15:11:48 +1000436 case sUsePAM:
437 intptr = &options->use_pam;
Ben Lindstromade03f62001-12-06 18:22:17 +0000438 goto parse_flag;
439
440 /* Standard Options */
441 case sBadOption:
442 return -1;
443 case sPort:
444 /* ignore ports from configfile if cmdline specifies ports */
445 if (options->ports_from_cmdline)
446 return 0;
447 if (options->listen_addrs != NULL)
448 fatal("%s line %d: ports must be specified before "
Damien Miller4fbf08a2002-01-22 23:35:09 +1100449 "ListenAddress.", filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000450 if (options->num_ports >= MAX_PORTS)
451 fatal("%s line %d: too many ports.",
452 filename, linenum);
453 arg = strdelim(&cp);
454 if (!arg || *arg == '\0')
455 fatal("%s line %d: missing port number.",
456 filename, linenum);
457 options->ports[options->num_ports++] = a2port(arg);
458 if (options->ports[options->num_ports-1] == 0)
459 fatal("%s line %d: Badly formatted port number.",
460 filename, linenum);
461 break;
462
463 case sServerKeyBits:
464 intptr = &options->server_key_bits;
465parse_int:
466 arg = strdelim(&cp);
467 if (!arg || *arg == '\0')
468 fatal("%s line %d: missing integer value.",
469 filename, linenum);
470 value = atoi(arg);
471 if (*intptr == -1)
472 *intptr = value;
473 break;
474
475 case sLoginGraceTime:
476 intptr = &options->login_grace_time;
477parse_time:
478 arg = strdelim(&cp);
479 if (!arg || *arg == '\0')
480 fatal("%s line %d: missing time value.",
481 filename, linenum);
482 if ((value = convtime(arg)) == -1)
483 fatal("%s line %d: invalid time value.",
484 filename, linenum);
485 if (*intptr == -1)
486 *intptr = value;
487 break;
488
489 case sKeyRegenerationTime:
490 intptr = &options->key_regeneration_time;
491 goto parse_time;
492
493 case sListenAddress:
494 arg = strdelim(&cp);
495 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
496 fatal("%s line %d: missing inet addr.",
497 filename, linenum);
498 if (*arg == '[') {
499 if ((p = strchr(arg, ']')) == NULL)
500 fatal("%s line %d: bad ipv6 inet addr usage.",
501 filename, linenum);
502 arg++;
503 memmove(p, p+1, strlen(p+1)+1);
504 } else if (((p = strchr(arg, ':')) == NULL) ||
505 (strchr(p+1, ':') != NULL)) {
506 add_listen_addr(options, arg, 0);
507 break;
508 }
509 if (*p == ':') {
510 u_short port;
511
512 p++;
513 if (*p == '\0')
514 fatal("%s line %d: bad inet addr:port usage.",
515 filename, linenum);
516 else {
517 *(p-1) = '\0';
518 if ((port = a2port(p)) == 0)
519 fatal("%s line %d: bad port number.",
520 filename, linenum);
521 add_listen_addr(options, arg, port);
522 }
523 } else if (*p == '\0')
524 add_listen_addr(options, arg, 0);
525 else
526 fatal("%s line %d: bad inet addr usage.",
527 filename, linenum);
528 break;
529
530 case sHostKeyFile:
531 intptr = &options->num_host_key_files;
532 if (*intptr >= MAX_HOSTKEYS)
533 fatal("%s line %d: too many host keys specified (max %d).",
534 filename, linenum, MAX_HOSTKEYS);
535 charptr = &options->host_key_files[*intptr];
536parse_filename:
537 arg = strdelim(&cp);
538 if (!arg || *arg == '\0')
539 fatal("%s line %d: missing file name.",
540 filename, linenum);
541 if (*charptr == NULL) {
542 *charptr = tilde_expand_filename(arg, getuid());
543 /* increase optional counter */
544 if (intptr != NULL)
545 *intptr = *intptr + 1;
546 }
547 break;
548
549 case sPidFile:
550 charptr = &options->pid_file;
551 goto parse_filename;
552
553 case sPermitRootLogin:
554 intptr = &options->permit_root_login;
555 arg = strdelim(&cp);
556 if (!arg || *arg == '\0')
557 fatal("%s line %d: missing yes/"
558 "without-password/forced-commands-only/no "
559 "argument.", filename, linenum);
560 value = 0; /* silence compiler */
561 if (strcmp(arg, "without-password") == 0)
562 value = PERMIT_NO_PASSWD;
563 else if (strcmp(arg, "forced-commands-only") == 0)
564 value = PERMIT_FORCED_ONLY;
565 else if (strcmp(arg, "yes") == 0)
566 value = PERMIT_YES;
567 else if (strcmp(arg, "no") == 0)
568 value = PERMIT_NO;
569 else
570 fatal("%s line %d: Bad yes/"
571 "without-password/forced-commands-only/no "
572 "argument: %s", filename, linenum, arg);
573 if (*intptr == -1)
574 *intptr = value;
575 break;
576
577 case sIgnoreRhosts:
578 intptr = &options->ignore_rhosts;
579parse_flag:
580 arg = strdelim(&cp);
581 if (!arg || *arg == '\0')
582 fatal("%s line %d: missing yes/no argument.",
583 filename, linenum);
584 value = 0; /* silence compiler */
585 if (strcmp(arg, "yes") == 0)
586 value = 1;
587 else if (strcmp(arg, "no") == 0)
588 value = 0;
589 else
590 fatal("%s line %d: Bad yes/no argument: %s",
591 filename, linenum, arg);
592 if (*intptr == -1)
593 *intptr = value;
594 break;
595
596 case sIgnoreUserKnownHosts:
597 intptr = &options->ignore_user_known_hosts;
598 goto parse_flag;
599
Ben Lindstromade03f62001-12-06 18:22:17 +0000600 case sRhostsRSAAuthentication:
601 intptr = &options->rhosts_rsa_authentication;
602 goto parse_flag;
603
604 case sHostbasedAuthentication:
605 intptr = &options->hostbased_authentication;
606 goto parse_flag;
607
608 case sHostbasedUsesNameFromPacketOnly:
609 intptr = &options->hostbased_uses_name_from_packet_only;
610 goto parse_flag;
611
612 case sRSAAuthentication:
613 intptr = &options->rsa_authentication;
614 goto parse_flag;
615
616 case sPubkeyAuthentication:
617 intptr = &options->pubkey_authentication;
618 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000619
Ben Lindstromade03f62001-12-06 18:22:17 +0000620 case sKerberosAuthentication:
621 intptr = &options->kerberos_authentication;
622 goto parse_flag;
623
624 case sKerberosOrLocalPasswd:
625 intptr = &options->kerberos_or_local_passwd;
626 goto parse_flag;
627
628 case sKerberosTicketCleanup:
629 intptr = &options->kerberos_ticket_cleanup;
630 goto parse_flag;
Damien Miller2aa0ab42003-05-15 12:05:28 +1000631
Darren Tucker0efd1552003-08-26 11:49:55 +1000632 case sGssAuthentication:
633 intptr = &options->gss_authentication;
634 goto parse_flag;
635
636 case sGssCleanupCreds:
637 intptr = &options->gss_cleanup_creds;
638 goto parse_flag;
639
Ben Lindstromade03f62001-12-06 18:22:17 +0000640 case sPasswordAuthentication:
641 intptr = &options->password_authentication;
642 goto parse_flag;
643
644 case sKbdInteractiveAuthentication:
645 intptr = &options->kbd_interactive_authentication;
646 goto parse_flag;
647
648 case sChallengeResponseAuthentication:
649 intptr = &options->challenge_response_authentication;
650 goto parse_flag;
651
652 case sPrintMotd:
653 intptr = &options->print_motd;
654 goto parse_flag;
655
656 case sPrintLastLog:
657 intptr = &options->print_lastlog;
658 goto parse_flag;
659
660 case sX11Forwarding:
661 intptr = &options->x11_forwarding;
662 goto parse_flag;
663
664 case sX11DisplayOffset:
665 intptr = &options->x11_display_offset;
666 goto parse_int;
667
Damien Miller95c249f2002-02-05 12:11:34 +1100668 case sX11UseLocalhost:
669 intptr = &options->x11_use_localhost;
670 goto parse_flag;
671
Ben Lindstromade03f62001-12-06 18:22:17 +0000672 case sXAuthLocation:
673 charptr = &options->xauth_location;
674 goto parse_filename;
675
676 case sStrictModes:
677 intptr = &options->strict_modes;
678 goto parse_flag;
679
680 case sKeepAlives:
681 intptr = &options->keepalives;
682 goto parse_flag;
683
684 case sEmptyPasswd:
685 intptr = &options->permit_empty_passwd;
686 goto parse_flag;
687
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000688 case sPermitUserEnvironment:
689 intptr = &options->permit_user_env;
690 goto parse_flag;
691
Ben Lindstromade03f62001-12-06 18:22:17 +0000692 case sUseLogin:
693 intptr = &options->use_login;
694 goto parse_flag;
695
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000696 case sCompression:
697 intptr = &options->compression;
698 goto parse_flag;
699
Ben Lindstromade03f62001-12-06 18:22:17 +0000700 case sGatewayPorts:
701 intptr = &options->gateway_ports;
702 goto parse_flag;
703
Damien Miller3a961dc2003-06-03 10:25:48 +1000704 case sUseDNS:
705 intptr = &options->use_dns;
Ben Lindstromade03f62001-12-06 18:22:17 +0000706 goto parse_flag;
707
708 case sLogFacility:
709 intptr = (int *) &options->log_facility;
710 arg = strdelim(&cp);
711 value = log_facility_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100712 if (value == SYSLOG_FACILITY_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000713 fatal("%.200s line %d: unsupported log facility '%s'",
714 filename, linenum, arg ? arg : "<NONE>");
715 if (*intptr == -1)
716 *intptr = (SyslogFacility) value;
717 break;
718
719 case sLogLevel:
720 intptr = (int *) &options->log_level;
721 arg = strdelim(&cp);
722 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100723 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000724 fatal("%.200s line %d: unsupported log level '%s'",
725 filename, linenum, arg ? arg : "<NONE>");
726 if (*intptr == -1)
727 *intptr = (LogLevel) value;
728 break;
729
730 case sAllowTcpForwarding:
731 intptr = &options->allow_tcp_forwarding;
732 goto parse_flag;
733
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000734 case sUsePrivilegeSeparation:
735 intptr = &use_privsep;
736 goto parse_flag;
737
Ben Lindstromade03f62001-12-06 18:22:17 +0000738 case sAllowUsers:
739 while ((arg = strdelim(&cp)) && *arg != '\0') {
740 if (options->num_allow_users >= MAX_ALLOW_USERS)
741 fatal("%s line %d: too many allow users.",
742 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000743 options->allow_users[options->num_allow_users++] =
744 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000745 }
746 break;
747
748 case sDenyUsers:
749 while ((arg = strdelim(&cp)) && *arg != '\0') {
750 if (options->num_deny_users >= MAX_DENY_USERS)
751 fatal( "%s line %d: too many deny users.",
752 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000753 options->deny_users[options->num_deny_users++] =
754 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000755 }
756 break;
757
758 case sAllowGroups:
759 while ((arg = strdelim(&cp)) && *arg != '\0') {
760 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
761 fatal("%s line %d: too many allow groups.",
762 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000763 options->allow_groups[options->num_allow_groups++] =
764 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000765 }
766 break;
767
768 case sDenyGroups:
769 while ((arg = strdelim(&cp)) && *arg != '\0') {
770 if (options->num_deny_groups >= MAX_DENY_GROUPS)
771 fatal("%s line %d: too many deny groups.",
772 filename, linenum);
773 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
774 }
775 break;
776
777 case sCiphers:
778 arg = strdelim(&cp);
779 if (!arg || *arg == '\0')
780 fatal("%s line %d: Missing argument.", filename, linenum);
781 if (!ciphers_valid(arg))
782 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
783 filename, linenum, arg ? arg : "<NONE>");
784 if (options->ciphers == NULL)
785 options->ciphers = xstrdup(arg);
786 break;
787
788 case sMacs:
789 arg = strdelim(&cp);
790 if (!arg || *arg == '\0')
791 fatal("%s line %d: Missing argument.", filename, linenum);
792 if (!mac_valid(arg))
793 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
794 filename, linenum, arg ? arg : "<NONE>");
795 if (options->macs == NULL)
796 options->macs = xstrdup(arg);
797 break;
798
799 case sProtocol:
800 intptr = &options->protocol;
801 arg = strdelim(&cp);
802 if (!arg || *arg == '\0')
803 fatal("%s line %d: Missing argument.", filename, linenum);
804 value = proto_spec(arg);
805 if (value == SSH_PROTO_UNKNOWN)
806 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100807 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstromade03f62001-12-06 18:22:17 +0000808 if (*intptr == SSH_PROTO_UNKNOWN)
809 *intptr = value;
810 break;
811
812 case sSubsystem:
813 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
814 fatal("%s line %d: too many subsystems defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100815 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000816 }
817 arg = strdelim(&cp);
818 if (!arg || *arg == '\0')
819 fatal("%s line %d: Missing subsystem name.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100820 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000821 for (i = 0; i < options->num_subsystems; i++)
822 if (strcmp(arg, options->subsystem_name[i]) == 0)
823 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100824 filename, linenum, arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000825 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
826 arg = strdelim(&cp);
827 if (!arg || *arg == '\0')
828 fatal("%s line %d: Missing subsystem command.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100829 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000830 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
831 options->num_subsystems++;
832 break;
833
834 case sMaxStartups:
835 arg = strdelim(&cp);
836 if (!arg || *arg == '\0')
837 fatal("%s line %d: Missing MaxStartups spec.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100838 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000839 if ((n = sscanf(arg, "%d:%d:%d",
840 &options->max_startups_begin,
841 &options->max_startups_rate,
842 &options->max_startups)) == 3) {
843 if (options->max_startups_begin >
844 options->max_startups ||
845 options->max_startups_rate > 100 ||
846 options->max_startups_rate < 1)
847 fatal("%s line %d: Illegal MaxStartups spec.",
848 filename, linenum);
849 } else if (n != 1)
850 fatal("%s line %d: Illegal MaxStartups spec.",
851 filename, linenum);
852 else
853 options->max_startups = options->max_startups_begin;
854 break;
855
856 case sBanner:
857 charptr = &options->banner;
858 goto parse_filename;
859 /*
860 * These options can contain %X options expanded at
861 * connect time, so that you can specify paths like:
862 *
863 * AuthorizedKeysFile /etc/ssh_keys/%u
864 */
865 case sAuthorizedKeysFile:
866 case sAuthorizedKeysFile2:
867 charptr = (opcode == sAuthorizedKeysFile ) ?
868 &options->authorized_keys_file :
869 &options->authorized_keys_file2;
870 goto parse_filename;
871
872 case sClientAliveInterval:
873 intptr = &options->client_alive_interval;
874 goto parse_time;
875
876 case sClientAliveCountMax:
877 intptr = &options->client_alive_count_max;
878 goto parse_int;
879
880 case sDeprecated:
Damien Miller996acd22003-04-09 20:59:48 +1000881 logit("%s line %d: Deprecated option %s",
Ben Lindstromade03f62001-12-06 18:22:17 +0000882 filename, linenum, arg);
883 while (arg)
884 arg = strdelim(&cp);
885 break;
886
Damien Millerf9b3feb2003-05-16 11:38:32 +1000887 case sUnsupported:
888 logit("%s line %d: Unsupported option %s",
889 filename, linenum, arg);
890 while (arg)
891 arg = strdelim(&cp);
892 break;
893
Ben Lindstromade03f62001-12-06 18:22:17 +0000894 default:
895 fatal("%s line %d: Missing handler for opcode %s (%d)",
896 filename, linenum, arg, opcode);
897 }
898 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
899 fatal("%s line %d: garbage at end of line; \"%.200s\".",
900 filename, linenum, arg);
901 return 0;
902}
903
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000904/* Reads the server configuration file. */
905
Damien Miller4af51302000-04-16 11:18:38 +1000906void
Damien Miller95def091999-11-25 00:26:21 +1100907read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000908{
Ben Lindstrome1353632002-06-23 21:29:23 +0000909 int linenum, bad_options = 0;
Damien Miller95def091999-11-25 00:26:21 +1100910 char line[1024];
Ben Lindstrome1353632002-06-23 21:29:23 +0000911 FILE *f;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000912
Damien Miller9f82c8f2003-02-24 12:04:33 +1100913 debug2("read_server_config: filename %s", filename);
Damien Miller95def091999-11-25 00:26:21 +1100914 f = fopen(filename, "r");
915 if (!f) {
916 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000917 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100918 }
919 linenum = 0;
920 while (fgets(line, sizeof(line), f)) {
Ben Lindstromade03f62001-12-06 18:22:17 +0000921 /* Update line number counter. */
Damien Miller95def091999-11-25 00:26:21 +1100922 linenum++;
Ben Lindstromade03f62001-12-06 18:22:17 +0000923 if (process_server_config_line(options, line, filename, linenum) != 0)
Damien Miller95def091999-11-25 00:26:21 +1100924 bad_options++;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000925 }
Damien Miller95def091999-11-25 00:26:21 +1100926 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000927 if (bad_options > 0)
928 fatal("%s: terminating, %d bad configuration options",
929 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000930}