Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 726273e129a1a450de9c839d4635871af23bfb5e / . / servconf.c
blob: 8e362b04d28e4809dfabc4d72cd071b6719ad09b [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]1/*
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]4 *
Damien Millere4340be2000-09-16 13:29:08 +1100[diff] [blame]5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]10 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]11
12#include "includes.h"
Damien Miller75413ac2001-11-12 11:14:35 +1100[diff] [blame]13RCSID("$OpenBSD: servconf.c,v 1.90 2001/11/11 13:02:31 markus Exp $");
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]14
Damien Millerc4b7fea2001-07-14 12:20:32 +1000[diff] [blame]15#if defined(KRB4) || defined(KRB5)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]16#include <krb.h>
17#endif
Ben Lindstromeb7a84c2001-07-04 04:48:36 +0000[diff] [blame]18#ifdef AFS
19#include <kafs.h>
20#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]21
22#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]23#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]24#include "servconf.h"
25#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]26#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]31#include "kex.h"
32#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]33
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]34static void add_listen_addr(ServerOptions *, char *, u_short);
35static void add_one_listen_addr(ServerOptions *, char *, u_short);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]36
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]37/* AF_UNSPEC or AF_INET or AF_INET6 */
38extern int IPv4or6;
39
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]40/* Initializes the server options to their default values. */
41
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]42void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]43initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]44{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]45 memset(options, 0, sizeof(*options));
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]46
47 /* Portable-specific options */
48 options->pam_authentication_via_kbd_int = -1;
49
50 /* Standard Options */
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]51 options->num_ports = 0;
52 options->ports_from_cmdline = 0;
53 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]54 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]55 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]56 options->server_key_bits = -1;
57 options->login_grace_time = -1;
58 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]59 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]60 options->ignore_rhosts = -1;
61 options->ignore_user_known_hosts = -1;
62 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]63 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]64 options->x11_forwarding = -1;
65 options->x11_display_offset = -1;
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]66 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]67 options->strict_modes = -1;
68 options->keepalives = -1;
69 options->log_facility = (SyslogFacility) - 1;
70 options->log_level = (LogLevel) - 1;
71 options->rhosts_authentication = -1;
72 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]73 options->hostbased_authentication = -1;
74 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]75 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]76 options->pubkey_authentication = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]77#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]78 options->kerberos_authentication = -1;
79 options->kerberos_or_local_passwd = -1;
80 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]81#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]82#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]83 options->kerberos_tgt_passing = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]84#endif
85#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]86 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]87#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]88 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]89 options->kbd_interactive_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]90 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]91 options->permit_empty_passwd = -1;
92 options->use_login = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]93 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]94 options->num_allow_users = 0;
95 options->num_deny_users = 0;
96 options->num_allow_groups = 0;
97 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]98 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]99 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]100 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]101 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]102 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]103 options->max_startups_begin = -1;
104 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]105 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]106 options->banner = NULL;
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]107 options->reverse_mapping_check = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]108 options->client_alive_interval = -1;
109 options->client_alive_count_max = -1;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]110 options->authorized_keys_file = NULL;
111 options->authorized_keys_file2 = NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]112}
113
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]114void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]115fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]116{
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]117 /* Portable-specific options */
118 if (options->pam_authentication_via_kbd_int == -1)
119 options->pam_authentication_via_kbd_int = 0;
120
121 /* Standard Options */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]122 if (options->protocol == SSH_PROTO_UNKNOWN)
123 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
124 if (options->num_host_key_files == 0) {
125 /* fill default hostkeys for protocols */
126 if (options->protocol & SSH_PROTO_1)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]127 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]128 if (options->protocol & SSH_PROTO_2)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]129 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]130 }
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]131 if (options->num_ports == 0)
132 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
133 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]134 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]135 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]136 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]137 if (options->server_key_bits == -1)
138 options->server_key_bits = 768;
139 if (options->login_grace_time == -1)
140 options->login_grace_time = 600;
141 if (options->key_regeneration_time == -1)
142 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]143 if (options->permit_root_login == PERMIT_NOT_SET)
144 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]145 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]146 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]147 if (options->ignore_user_known_hosts == -1)
148 options->ignore_user_known_hosts = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]149 if (options->print_motd == -1)
150 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]151 if (options->print_lastlog == -1)
152 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]153 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]154 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]155 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]156 options->x11_display_offset = 10;
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000[diff] [blame]157#ifdef _PATH_XAUTH
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]158 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000[diff] [blame]159 options->xauth_location = _PATH_XAUTH;
160#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]161 if (options->strict_modes == -1)
162 options->strict_modes = 1;
163 if (options->keepalives == -1)
164 options->keepalives = 1;
165 if (options->log_facility == (SyslogFacility) (-1))
166 options->log_facility = SYSLOG_FACILITY_AUTH;
167 if (options->log_level == (LogLevel) (-1))
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000[diff] [blame]168 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]169 if (options->rhosts_authentication == -1)
170 options->rhosts_authentication = 0;
171 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]172 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]173 if (options->hostbased_authentication == -1)
174 options->hostbased_authentication = 0;
175 if (options->hostbased_uses_name_from_packet_only == -1)
176 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]177 if (options->rsa_authentication == -1)
178 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]179 if (options->pubkey_authentication == -1)
180 options->pubkey_authentication = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]181#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]182 if (options->kerberos_authentication == -1)
183 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
184 if (options->kerberos_or_local_passwd == -1)
185 options->kerberos_or_local_passwd = 1;
186 if (options->kerberos_ticket_cleanup == -1)
187 options->kerberos_ticket_cleanup = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]188#endif
189#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]190 if (options->kerberos_tgt_passing == -1)
191 options->kerberos_tgt_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]192#endif
193#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]194 if (options->afs_token_passing == -1)
195 options->afs_token_passing = k_hasafs();
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]196#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]197 if (options->password_authentication == -1)
198 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]199 if (options->kbd_interactive_authentication == -1)
200 options->kbd_interactive_authentication = 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]201 if (options->challenge_response_authentication == -1)
202 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]203 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]204 options->permit_empty_passwd = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]205 if (options->use_login == -1)
206 options->use_login = 0;
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]207 if (options->allow_tcp_forwarding == -1)
208 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]209 if (options->gateway_ports == -1)
210 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]211 if (options->max_startups == -1)
212 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]213 if (options->max_startups_rate == -1)
214 options->max_startups_rate = 100; /* 100% */
215 if (options->max_startups_begin == -1)
216 options->max_startups_begin = options->max_startups;
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]217 if (options->reverse_mapping_check == -1)
218 options->reverse_mapping_check = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]219 if (options->client_alive_interval == -1)
220 options->client_alive_interval = 0;
221 if (options->client_alive_count_max == -1)
222 options->client_alive_count_max = 3;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]223 if (options->authorized_keys_file == NULL)
Kevin Steves27fd1922001-07-04 18:29:14 +0000[diff] [blame]224 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
Damien Miller75413ac2001-11-12 11:14:35 +1100[diff] [blame]225 if (options->authorized_keys_file2 == NULL) {
226 /* authorized_keys_file2 falls back to authorized_keys_file */
227 if (options->authorized_keys_file != NULL)
228 options->authorized_keys_file2 = options->authorized_keys_file;
229 else
230 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
231 }
232 if (options->authorized_keys_file == NULL)
233 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]234}
235
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]236/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]237typedef enum {
238 sBadOption, /* == unknown option */
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]239 /* Portable-specific options */
240 sPAMAuthenticationViaKbdInt,
241 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]242 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
243 sPermitRootLogin, sLogFacility, sLogLevel,
244 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]245#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]246 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]247#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]248#if defined(AFS) || defined(KRB5)
249 sKerberosTgtPassing,
250#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]251#ifdef AFS
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]252 sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]253#endif
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]254 sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]255 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]256 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
257 sX11Forwarding, sX11DisplayOffset,
Ben Lindstrom91e98682001-09-12 16:32:14 +0000[diff] [blame]258 sStrictModes, sEmptyPasswd, sKeepAlives,
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]259 sUseLogin, sAllowTcpForwarding,
260 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]261 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]262 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]263 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]264 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]265 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]266 sDeprecated
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]267} ServerOpCodes;
268
269/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]270static struct {
271 const char *name;
272 ServerOpCodes opcode;
273} keywords[] = {
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]274 /* Portable-specific options */
275 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
276 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]277 { "port", sPort },
278 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]279 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000[diff] [blame]280 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]281 { "serverkeybits", sServerKeyBits },
282 { "logingracetime", sLoginGraceTime },
283 { "keyregenerationinterval", sKeyRegenerationTime },
284 { "permitrootlogin", sPermitRootLogin },
285 { "syslogfacility", sLogFacility },
286 { "loglevel", sLogLevel },
287 { "rhostsauthentication", sRhostsAuthentication },
288 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]289 { "hostbasedauthentication", sHostbasedAuthentication },
290 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]291 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]292 { "pubkeyauthentication", sPubkeyAuthentication },
293 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]294#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]295 { "kerberosauthentication", sKerberosAuthentication },
296 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
297 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]298#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]299#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]300 { "kerberostgtpassing", sKerberosTgtPassing },
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]301#endif
302#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]303 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]304#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]305 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]306 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]307 { "challengeresponseauthentication", sChallengeResponseAuthentication },
308 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Ben Lindstrom91e98682001-09-12 16:32:14 +0000[diff] [blame]309 { "checkmail", sDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]310 { "listenaddress", sListenAddress },
311 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]312 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]313 { "ignorerhosts", sIgnoreRhosts },
314 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
315 { "x11forwarding", sX11Forwarding },
316 { "x11displayoffset", sX11DisplayOffset },
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]317 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]318 { "strictmodes", sStrictModes },
319 { "permitemptypasswords", sEmptyPasswd },
320 { "uselogin", sUseLogin },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]321 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]322 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]323 { "allowusers", sAllowUsers },
324 { "denyusers", sDenyUsers },
325 { "allowgroups", sAllowGroups },
326 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]327 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]328 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]329 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]330 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]331 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]332 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]333 { "banner", sBanner },
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]334 { "reversemappingcheck", sReverseMappingCheck },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]335 { "clientaliveinterval", sClientAliveInterval },
336 { "clientalivecountmax", sClientAliveCountMax },
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]337 { "authorizedkeysfile", sAuthorizedKeysFile },
338 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]339 { NULL, 0 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]340};
341
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]342/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000[diff] [blame]343 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]344 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]345
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]346static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]347parse_token(const char *cp, const char *filename,
348 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]349{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000[diff] [blame]350 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]351
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]352 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]353 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]354 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]355
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]356 error("%s: line %d: Bad configuration option: %s",
357 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]358 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]359}
360
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]361static void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]362add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]363{
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]364 int i;
365
366 if (options->num_ports == 0)
367 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]368 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]369 for (i = 0; i < options->num_ports; i++)
370 add_one_listen_addr(options, addr, options->ports[i]);
371 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]372 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]373}
374
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]375static void
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]376add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
377{
378 struct addrinfo hints, *ai, *aitop;
379 char strport[NI_MAXSERV];
380 int gaierr;
381
382 memset(&hints, 0, sizeof(hints));
383 hints.ai_family = IPv4or6;
384 hints.ai_socktype = SOCK_STREAM;
385 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
386 snprintf(strport, sizeof strport, "%d", port);
387 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
388 fatal("bad addr or host: %s (%s)",
389 addr ? addr : "<NULL>",
390 gai_strerror(gaierr));
391 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
392 ;
393 ai->ai_next = options->listen_addrs;
394 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]395}
396
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]397/* Reads the server configuration file. */
398
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]399void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]400read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]401{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]402 FILE *f;
403 char line[1024];
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]404 char *cp, **charptr, *arg, *p;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]405 int linenum, *intptr, value;
406 int bad_options = 0;
407 ServerOpCodes opcode;
Damien Miller40857852001-07-14 12:17:33 +1000[diff] [blame]408 int i, n;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]409
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]410 f = fopen(filename, "r");
411 if (!f) {
412 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]413 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]414 }
415 linenum = 0;
416 while (fgets(line, sizeof(line), f)) {
417 linenum++;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]418 cp = line;
419 arg = strdelim(&cp);
420 /* Ignore leading whitespace */
421 if (*arg == '\0')
422 arg = strdelim(&cp);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]423 if (!arg || !*arg || *arg == '#')
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]424 continue;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]425 intptr = NULL;
426 charptr = NULL;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]427 opcode = parse_token(arg, filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]428 switch (opcode) {
429 case sBadOption:
430 bad_options++;
431 continue;
Damien Miller726273e2001-11-12 11:40:11 +1100[diff] [blame^]432
433 /* Portable-specific options */
434 case sPAMAuthenticationViaKbdInt:
435 intptr = &options->pam_authentication_via_kbd_int;
436 goto parse_flag;
437
438 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]439 case sPort:
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]440 /* ignore ports from configfile if cmdline specifies ports */
441 if (options->ports_from_cmdline)
442 continue;
443 if (options->listen_addrs != NULL)
444 fatal("%s line %d: ports must be specified before "
Ben Lindstroma6218b82001-05-03 22:39:11 +0000[diff] [blame]445 "ListenAdress.", filename, linenum);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]446 if (options->num_ports >= MAX_PORTS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]447 fatal("%s line %d: too many ports.",
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]448 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]449 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]450 if (!arg || *arg == '\0')
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]451 fatal("%s line %d: missing port number.",
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]452 filename, linenum);
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]453 options->ports[options->num_ports++] = a2port(arg);
454 if (options->ports[options->num_ports-1] == 0)
455 fatal("%s line %d: Badly formatted port number.",
456 filename, linenum);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]457 break;
458
459 case sServerKeyBits:
460 intptr = &options->server_key_bits;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]461parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]462 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]463 if (!arg || *arg == '\0')
464 fatal("%s line %d: missing integer value.",
465 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]466 value = atoi(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]467 if (*intptr == -1)
468 *intptr = value;
469 break;
Damien Miller32265091999-11-12 11:33:04 +1100[diff] [blame]470
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]471 case sLoginGraceTime:
472 intptr = &options->login_grace_time;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]473parse_time:
474 arg = strdelim(&cp);
475 if (!arg || *arg == '\0')
476 fatal("%s line %d: missing time value.",
477 filename, linenum);
478 if ((value = convtime(arg)) == -1)
479 fatal("%s line %d: invalid time value.",
480 filename, linenum);
481 if (*intptr == -1)
482 *intptr = value;
483 break;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]484
485 case sKeyRegenerationTime:
486 intptr = &options->key_regeneration_time;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]487 goto parse_time;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]488
489 case sListenAddress:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]490 arg = strdelim(&cp);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]491 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]492 fatal("%s line %d: missing inet addr.",
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]493 filename, linenum);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]494 if (*arg == '[') {
495 if ((p = strchr(arg, ']')) == NULL)
496 fatal("%s line %d: bad ipv6 inet addr usage.",
497 filename, linenum);
498 arg++;
499 memmove(p, p+1, strlen(p+1)+1);
500 } else if (((p = strchr(arg, ':')) == NULL) ||
501 (strchr(p+1, ':') != NULL)) {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]502 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]503 break;
504 }
505 if (*p == ':') {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]506 u_short port;
507
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]508 p++;
509 if (*p == '\0')
510 fatal("%s line %d: bad inet addr:port usage.",
511 filename, linenum);
512 else {
513 *(p-1) = '\0';
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]514 if ((port = a2port(p)) == 0)
515 fatal("%s line %d: bad port number.",
516 filename, linenum);
517 add_listen_addr(options, arg, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]518 }
519 } else if (*p == '\0')
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]520 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]521 else
522 fatal("%s line %d: bad inet addr usage.",
523 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]524 break;
525
526 case sHostKeyFile:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]527 intptr = &options->num_host_key_files;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]528 if (*intptr >= MAX_HOSTKEYS)
529 fatal("%s line %d: too many host keys specified (max %d).",
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]530 filename, linenum, MAX_HOSTKEYS);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]531 charptr = &options->host_key_files[*intptr];
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]532parse_filename:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]533 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]534 if (!arg || *arg == '\0')
535 fatal("%s line %d: missing file name.",
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]536 filename, linenum);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]537 if (*charptr == NULL) {
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]538 *charptr = tilde_expand_filename(arg, getuid());
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]539 /* increase optional counter */
540 if (intptr != NULL)
541 *intptr = *intptr + 1;
542 }
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]543 break;
544
545 case sPidFile:
546 charptr = &options->pid_file;
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]547 goto parse_filename;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]548
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]549 case sPermitRootLogin:
550 intptr = &options->permit_root_login;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]551 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]552 if (!arg || *arg == '\0')
553 fatal("%s line %d: missing yes/"
Ben Lindstrom35f1f4e2001-03-06 01:02:41 +0000[diff] [blame]554 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]555 "argument.", filename, linenum);
556 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]557 if (strcmp(arg, "without-password") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]558 value = PERMIT_NO_PASSWD;
559 else if (strcmp(arg, "forced-commands-only") == 0)
560 value = PERMIT_FORCED_ONLY;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]561 else if (strcmp(arg, "yes") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]562 value = PERMIT_YES;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]563 else if (strcmp(arg, "no") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]564 value = PERMIT_NO;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]565 else
566 fatal("%s line %d: Bad yes/"
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]567 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]568 "argument: %s", filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]569 if (*intptr == -1)
570 *intptr = value;
571 break;
572
573 case sIgnoreRhosts:
574 intptr = &options->ignore_rhosts;
575parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]576 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]577 if (!arg || *arg == '\0')
578 fatal("%s line %d: missing yes/no argument.",
579 filename, linenum);
580 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]581 if (strcmp(arg, "yes") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]582 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]583 else if (strcmp(arg, "no") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]584 value = 0;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]585 else
586 fatal("%s line %d: Bad yes/no argument: %s",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]587 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]588 if (*intptr == -1)
589 *intptr = value;
590 break;
591
592 case sIgnoreUserKnownHosts:
593 intptr = &options->ignore_user_known_hosts;
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]594 goto parse_flag;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]595
596 case sRhostsAuthentication:
597 intptr = &options->rhosts_authentication;
598 goto parse_flag;
599
600 case sRhostsRSAAuthentication:
601 intptr = &options->rhosts_rsa_authentication;
602 goto parse_flag;
603
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]604 case sHostbasedAuthentication:
605 intptr = &options->hostbased_authentication;
606 goto parse_flag;
607
608 case sHostbasedUsesNameFromPacketOnly:
609 intptr = &options->hostbased_uses_name_from_packet_only;
610 goto parse_flag;
611
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]612 case sRSAAuthentication:
613 intptr = &options->rsa_authentication;
614 goto parse_flag;
615
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]616 case sPubkeyAuthentication:
617 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]618 goto parse_flag;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]619#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]620 case sKerberosAuthentication:
621 intptr = &options->kerberos_authentication;
622 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]623
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]624 case sKerberosOrLocalPasswd:
625 intptr = &options->kerberos_or_local_passwd;
626 goto parse_flag;
627
628 case sKerberosTicketCleanup:
629 intptr = &options->kerberos_ticket_cleanup;
630 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]631#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]632#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]633 case sKerberosTgtPassing:
634 intptr = &options->kerberos_tgt_passing;
635 goto parse_flag;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame]636#endif
637#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]638 case sAFSTokenPassing:
639 intptr = &options->afs_token_passing;
640 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]641#endif
642
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]643 case sPasswordAuthentication:
644 intptr = &options->password_authentication;
645 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]646
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]647 case sKbdInteractiveAuthentication:
648 intptr = &options->kbd_interactive_authentication;
649 goto parse_flag;
650
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]651 case sChallengeResponseAuthentication:
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]652 intptr = &options->challenge_response_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]653 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]654
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]655 case sPrintMotd:
656 intptr = &options->print_motd;
657 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]658
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]659 case sPrintLastLog:
660 intptr = &options->print_lastlog;
661 goto parse_flag;
662
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]663 case sX11Forwarding:
664 intptr = &options->x11_forwarding;
665 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]666
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]667 case sX11DisplayOffset:
668 intptr = &options->x11_display_offset;
669 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]670
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]671 case sXAuthLocation:
672 charptr = &options->xauth_location;
673 goto parse_filename;
Kevin Stevesef4eea92001-02-05 12:42:17 +0000[diff] [blame]674
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]675 case sStrictModes:
676 intptr = &options->strict_modes;
677 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]678
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]679 case sKeepAlives:
680 intptr = &options->keepalives;
681 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]682
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]683 case sEmptyPasswd:
684 intptr = &options->permit_empty_passwd;
685 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]686
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]687 case sUseLogin:
688 intptr = &options->use_login;
689 goto parse_flag;
Damien Miller5ce662a1999-11-11 17:57:39 +1100[diff] [blame]690
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]691 case sGatewayPorts:
692 intptr = &options->gateway_ports;
693 goto parse_flag;
694
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]695 case sReverseMappingCheck:
696 intptr = &options->reverse_mapping_check;
697 goto parse_flag;
698
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]699 case sLogFacility:
700 intptr = (int *) &options->log_facility;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]701 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]702 value = log_facility_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]703 if (value == (SyslogFacility) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]704 fatal("%.200s line %d: unsupported log facility '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]705 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]706 if (*intptr == -1)
707 *intptr = (SyslogFacility) value;
708 break;
709
710 case sLogLevel:
711 intptr = (int *) &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]712 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]713 value = log_level_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]714 if (value == (LogLevel) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]715 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]716 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]717 if (*intptr == -1)
718 *intptr = (LogLevel) value;
719 break;
720
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]721 case sAllowTcpForwarding:
722 intptr = &options->allow_tcp_forwarding;
723 goto parse_flag;
724
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]725 case sAllowUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]726 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]727 if (options->num_allow_users >= MAX_ALLOW_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]728 fatal("%s line %d: too many allow users.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]729 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]730 options->allow_users[options->num_allow_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]731 }
732 break;
733
734 case sDenyUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]735 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]736 if (options->num_deny_users >= MAX_DENY_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]737 fatal( "%s line %d: too many deny users.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]738 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]739 options->deny_users[options->num_deny_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]740 }
741 break;
742
743 case sAllowGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]744 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]745 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]746 fatal("%s line %d: too many allow groups.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]747 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]748 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]749 }
750 break;
751
752 case sDenyGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]753 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]754 if (options->num_deny_groups >= MAX_DENY_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]755 fatal("%s line %d: too many deny groups.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]756 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]757 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]758 }
759 break;
760
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]761 case sCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]762 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]763 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000[diff] [blame]764 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]765 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000[diff] [blame]766 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]767 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]768 if (options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]769 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]770 break;
771
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]772 case sMacs:
773 arg = strdelim(&cp);
774 if (!arg || *arg == '\0')
775 fatal("%s line %d: Missing argument.", filename, linenum);
776 if (!mac_valid(arg))
777 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
778 filename, linenum, arg ? arg : "<NONE>");
779 if (options->macs == NULL)
780 options->macs = xstrdup(arg);
781 break;
782
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]783 case sProtocol:
784 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]785 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]786 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000[diff] [blame]787 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]788 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]789 if (value == SSH_PROTO_UNKNOWN)
790 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]791 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]792 if (*intptr == SSH_PROTO_UNKNOWN)
793 *intptr = value;
794 break;
795
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]796 case sSubsystem:
797 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
798 fatal("%s line %d: too many subsystems defined.",
799 filename, linenum);
800 }
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]801 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]802 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]803 fatal("%s line %d: Missing subsystem name.",
804 filename, linenum);
805 for (i = 0; i < options->num_subsystems; i++)
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]806 if(strcmp(arg, options->subsystem_name[i]) == 0)
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]807 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]808 filename, linenum, arg);
809 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]810 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]811 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]812 fatal("%s line %d: Missing subsystem command.",
813 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]814 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]815 options->num_subsystems++;
816 break;
817
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]818 case sMaxStartups:
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]819 arg = strdelim(&cp);
820 if (!arg || *arg == '\0')
821 fatal("%s line %d: Missing MaxStartups spec.",
822 filename, linenum);
Damien Miller40857852001-07-14 12:17:33 +1000[diff] [blame]823 if ((n = sscanf(arg, "%d:%d:%d",
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]824 &options->max_startups_begin,
825 &options->max_startups_rate,
Damien Miller40857852001-07-14 12:17:33 +1000[diff] [blame]826 &options->max_startups)) == 3) {
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]827 if (options->max_startups_begin >
828 options->max_startups ||
829 options->max_startups_rate > 100 ||
830 options->max_startups_rate < 1)
Damien Miller40857852001-07-14 12:17:33 +1000[diff] [blame]831 fatal("%s line %d: Illegal MaxStartups spec.",
832 filename, linenum);
833 } else if (n != 1)
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]834 fatal("%s line %d: Illegal MaxStartups spec.",
Damien Miller40857852001-07-14 12:17:33 +1000[diff] [blame]835 filename, linenum);
836 else
837 options->max_startups = options->max_startups_begin;
838 break;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]839
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]840 case sBanner:
841 charptr = &options->banner;
842 goto parse_filename;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]843 /*
844 * These options can contain %X options expanded at
845 * connect time, so that you can specify paths like:
846 *
847 * AuthorizedKeysFile /etc/ssh_keys/%u
848 */
849 case sAuthorizedKeysFile:
850 case sAuthorizedKeysFile2:
851 charptr = (opcode == sAuthorizedKeysFile ) ?
852 &options->authorized_keys_file :
853 &options->authorized_keys_file2;
854 goto parse_filename;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]855
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]856 case sClientAliveInterval:
857 intptr = &options->client_alive_interval;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]858 goto parse_time;
859
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]860 case sClientAliveCountMax:
861 intptr = &options->client_alive_count_max;
862 goto parse_int;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]863
Ben Lindstrom91e98682001-09-12 16:32:14 +0000[diff] [blame]864 case sDeprecated:
865 log("%s line %d: Deprecated option %s",
866 filename, linenum, arg);
867 while(arg)
868 arg = strdelim(&cp);
869 break;
870
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]871 default:
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]872 fatal("%s line %d: Missing handler for opcode %s (%d)",
873 filename, linenum, arg, opcode);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]874 }
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]875 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
876 fatal("%s line %d: garbage at end of line; \"%.200s\".",
877 filename, linenum, arg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]878 }
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]879 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]880 if (bad_options > 0)
881 fatal("%s: terminating, %d bad configuration options",
882 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]883}