blob: bdf39afb882ef51e1d2df88b99b8f6e35b297d0f [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10004 *
Damien Millere4340be2000-09-16 13:29:08 +11005 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110010 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100011
12#include "includes.h"
Ben Lindstrome1353632002-06-23 21:29:23 +000013RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
Ben Lindstrom226cfa02001-01-22 05:34:40 +000014
Damien Millerfd4c9ee2002-04-13 11:04:40 +100015#if defined(KRB4)
Ben Lindstrom226cfa02001-01-22 05:34:40 +000016#include <krb.h>
17#endif
Damien Millerfd4c9ee2002-04-13 11:04:40 +100018#if defined(KRB5)
19#ifdef HEIMDAL
20#include <krb.h>
21#else
22/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
23 * keytab */
24#define KEYFILE "/etc/krb5.keytab"
25#endif
26#endif
Ben Lindstromeb7a84c2001-07-04 04:48:36 +000027#ifdef AFS
28#include <kafs.h>
29#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +100030
31#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000032#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100033#include "servconf.h"
34#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100035#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000036#include "pathnames.h"
37#include "tildexpand.h"
38#include "misc.h"
39#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000040#include "kex.h"
41#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000042
Ben Lindstrombba81212001-06-25 05:01:22 +000043static void add_listen_addr(ServerOptions *, char *, u_short);
44static void add_one_listen_addr(ServerOptions *, char *, u_short);
Damien Miller34132e52000-01-14 15:45:46 +110045
Ben Lindstrom226cfa02001-01-22 05:34:40 +000046/* AF_UNSPEC or AF_INET or AF_INET6 */
47extern int IPv4or6;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +000048/* Use of privilege separation or not */
49extern int use_privsep;
Ben Lindstrom226cfa02001-01-22 05:34:40 +000050
Damien Millerd4a8b7e1999-10-27 13:42:43 +100051/* Initializes the server options to their default values. */
52
Damien Miller4af51302000-04-16 11:18:38 +100053void
Damien Miller95def091999-11-25 00:26:21 +110054initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055{
Damien Miller95def091999-11-25 00:26:21 +110056 memset(options, 0, sizeof(*options));
Damien Miller726273e2001-11-12 11:40:11 +110057
58 /* Portable-specific options */
59 options->pam_authentication_via_kbd_int = -1;
60
61 /* Standard Options */
Damien Miller34132e52000-01-14 15:45:46 +110062 options->num_ports = 0;
63 options->ports_from_cmdline = 0;
64 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +110065 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +100066 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +110067 options->server_key_bits = -1;
68 options->login_grace_time = -1;
69 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +000070 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110071 options->ignore_rhosts = -1;
72 options->ignore_user_known_hosts = -1;
73 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +000074 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +110075 options->x11_forwarding = -1;
76 options->x11_display_offset = -1;
Damien Miller95c249f2002-02-05 12:11:34 +110077 options->x11_use_localhost = -1;
Damien Millerd3a18572000-06-07 19:55:44 +100078 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +110079 options->strict_modes = -1;
80 options->keepalives = -1;
Damien Millerfcd93202002-02-05 12:26:34 +110081 options->log_facility = SYSLOG_FACILITY_NOT_SET;
82 options->log_level = SYSLOG_LEVEL_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110083 options->rhosts_authentication = -1;
84 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +000085 options->hostbased_authentication = -1;
86 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +110087 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +110088 options->pubkey_authentication = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +000089#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +110090 options->kerberos_authentication = -1;
91 options->kerberos_or_local_passwd = -1;
92 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100093#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +000094#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +110095 options->kerberos_tgt_passing = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +000096#endif
97#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +110098 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100099#endif
Damien Miller95def091999-11-25 00:26:21 +1100100 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +1100101 options->kbd_interactive_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000102 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100103 options->permit_empty_passwd = -1;
104 options->use_login = -1;
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000105 options->compression = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100106 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +1100107 options->num_allow_users = 0;
108 options->num_deny_users = 0;
109 options->num_allow_groups = 0;
110 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +1000111 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000112 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +1000113 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +1000114 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +1000115 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +1000116 options->max_startups_begin = -1;
117 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +1000118 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000119 options->banner = NULL;
Damien Millerc5d86352002-02-05 12:13:41 +1100120 options->verify_reverse_mapping = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000121 options->client_alive_interval = -1;
122 options->client_alive_count_max = -1;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000123 options->authorized_keys_file = NULL;
124 options->authorized_keys_file2 = NULL;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000125
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000126 /* Needs to be accessable in many places */
127 use_privsep = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000128}
129
Damien Miller4af51302000-04-16 11:18:38 +1000130void
Damien Miller95def091999-11-25 00:26:21 +1100131fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000132{
Damien Miller726273e2001-11-12 11:40:11 +1100133 /* Portable-specific options */
134 if (options->pam_authentication_via_kbd_int == -1)
135 options->pam_authentication_via_kbd_int = 0;
136
137 /* Standard Options */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100138 if (options->protocol == SSH_PROTO_UNKNOWN)
139 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
140 if (options->num_host_key_files == 0) {
141 /* fill default hostkeys for protocols */
142 if (options->protocol & SSH_PROTO_1)
Damien Miller7fc23732002-01-22 23:19:11 +1100143 options->host_key_files[options->num_host_key_files++] =
144 _PATH_HOST_KEY_FILE;
145 if (options->protocol & SSH_PROTO_2) {
146 options->host_key_files[options->num_host_key_files++] =
147 _PATH_HOST_RSA_KEY_FILE;
148 options->host_key_files[options->num_host_key_files++] =
149 _PATH_HOST_DSA_KEY_FILE;
150 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100151 }
Damien Miller34132e52000-01-14 15:45:46 +1100152 if (options->num_ports == 0)
153 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
154 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000155 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000156 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000157 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100158 if (options->server_key_bits == -1)
159 options->server_key_bits = 768;
160 if (options->login_grace_time == -1)
161 options->login_grace_time = 600;
162 if (options->key_regeneration_time == -1)
163 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000164 if (options->permit_root_login == PERMIT_NOT_SET)
165 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100166 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100167 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100168 if (options->ignore_user_known_hosts == -1)
169 options->ignore_user_known_hosts = 0;
Damien Miller95def091999-11-25 00:26:21 +1100170 if (options->print_motd == -1)
171 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000172 if (options->print_lastlog == -1)
173 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100174 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100175 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100176 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100177 options->x11_display_offset = 10;
Damien Miller95c249f2002-02-05 12:11:34 +1100178 if (options->x11_use_localhost == -1)
179 options->x11_use_localhost = 1;
Damien Millerd3a18572000-06-07 19:55:44 +1000180 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000181 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +1100182 if (options->strict_modes == -1)
183 options->strict_modes = 1;
184 if (options->keepalives == -1)
185 options->keepalives = 1;
Damien Millerfcd93202002-02-05 12:26:34 +1100186 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
Damien Miller95def091999-11-25 00:26:21 +1100187 options->log_facility = SYSLOG_FACILITY_AUTH;
Damien Millerfcd93202002-02-05 12:26:34 +1100188 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000189 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100190 if (options->rhosts_authentication == -1)
191 options->rhosts_authentication = 0;
192 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100193 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000194 if (options->hostbased_authentication == -1)
195 options->hostbased_authentication = 0;
196 if (options->hostbased_uses_name_from_packet_only == -1)
197 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100198 if (options->rsa_authentication == -1)
199 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100200 if (options->pubkey_authentication == -1)
201 options->pubkey_authentication = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000202#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100203 if (options->kerberos_authentication == -1)
Damien Millerd7de14b2002-04-23 21:04:51 +1000204 options->kerberos_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100205 if (options->kerberos_or_local_passwd == -1)
206 options->kerberos_or_local_passwd = 1;
207 if (options->kerberos_ticket_cleanup == -1)
208 options->kerberos_ticket_cleanup = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000209#endif
210#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100211 if (options->kerberos_tgt_passing == -1)
212 options->kerberos_tgt_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000213#endif
Damien Miller9f0f5c62001-12-21 14:45:46 +1100214#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100215 if (options->afs_token_passing == -1)
Damien Millere4ccf102002-04-23 20:40:28 +1000216 options->afs_token_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000217#endif
Damien Miller95def091999-11-25 00:26:21 +1100218 if (options->password_authentication == -1)
219 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100220 if (options->kbd_interactive_authentication == -1)
221 options->kbd_interactive_authentication = 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000222 if (options->challenge_response_authentication == -1)
223 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100224 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100225 options->permit_empty_passwd = 0;
Damien Miller95def091999-11-25 00:26:21 +1100226 if (options->use_login == -1)
227 options->use_login = 0;
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000228 if (options->compression == -1)
229 options->compression = 1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100230 if (options->allow_tcp_forwarding == -1)
231 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000232 if (options->gateway_ports == -1)
233 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000234 if (options->max_startups == -1)
235 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000236 if (options->max_startups_rate == -1)
237 options->max_startups_rate = 100; /* 100% */
238 if (options->max_startups_begin == -1)
239 options->max_startups_begin = options->max_startups;
Damien Millerc5d86352002-02-05 12:13:41 +1100240 if (options->verify_reverse_mapping == -1)
241 options->verify_reverse_mapping = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000242 if (options->client_alive_interval == -1)
Damien Miller9f0f5c62001-12-21 14:45:46 +1100243 options->client_alive_interval = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000244 if (options->client_alive_count_max == -1)
245 options->client_alive_count_max = 3;
Damien Miller75413ac2001-11-12 11:14:35 +1100246 if (options->authorized_keys_file2 == NULL) {
247 /* authorized_keys_file2 falls back to authorized_keys_file */
248 if (options->authorized_keys_file != NULL)
249 options->authorized_keys_file2 = options->authorized_keys_file;
250 else
251 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
252 }
253 if (options->authorized_keys_file == NULL)
254 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000255
Ben Lindstromfb62a692002-06-06 19:47:11 +0000256 /* Turn privilege separation on by default */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000257 if (use_privsep == -1)
Ben Lindstromfb62a692002-06-06 19:47:11 +0000258 use_privsep = 1;
Damien Miller4903eb42002-06-21 16:20:44 +1000259
Tim Rice40017b02002-07-14 13:36:49 -0700260#ifndef HAVE_MMAP
Damien Miller4903eb42002-06-21 16:20:44 +1000261 if (use_privsep && options->compression == 1) {
262 error("This platform does not support both privilege "
263 "separation and compression");
264 error("Compression disabled");
265 options->compression = 0;
266 }
267#endif
268
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000269}
270
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000271/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100272typedef enum {
273 sBadOption, /* == unknown option */
Damien Miller726273e2001-11-12 11:40:11 +1100274 /* Portable-specific options */
275 sPAMAuthenticationViaKbdInt,
276 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100277 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
278 sPermitRootLogin, sLogFacility, sLogLevel,
279 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Ben Lindstromec95ed92001-07-04 04:21:14 +0000280#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100281 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000282#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000283#if defined(AFS) || defined(KRB5)
284 sKerberosTgtPassing,
285#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000286#ifdef AFS
Ben Lindstromec95ed92001-07-04 04:21:14 +0000287 sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000288#endif
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000289 sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100290 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000291 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
Damien Miller95c249f2002-02-05 12:11:34 +1100292 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
Ben Lindstrom91e98682001-09-12 16:32:14 +0000293 sStrictModes, sEmptyPasswd, sKeepAlives,
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000294 sUseLogin, sAllowTcpForwarding, sCompression,
Damien Miller50a41ed2000-10-16 12:14:42 +1100295 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000296 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100297 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Damien Millerc5d86352002-02-05 12:13:41 +1100298 sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100299 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000300 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Ben Lindstromc7431342002-03-22 03:11:49 +0000301 sUsePrivilegeSeparation,
Ben Lindstromade03f62001-12-06 18:22:17 +0000302 sDeprecated
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000303} ServerOpCodes;
304
305/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100306static struct {
307 const char *name;
308 ServerOpCodes opcode;
309} keywords[] = {
Damien Miller726273e2001-11-12 11:40:11 +1100310 /* Portable-specific options */
311 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
312 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100313 { "port", sPort },
314 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100315 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000316 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100317 { "serverkeybits", sServerKeyBits },
318 { "logingracetime", sLoginGraceTime },
319 { "keyregenerationinterval", sKeyRegenerationTime },
320 { "permitrootlogin", sPermitRootLogin },
321 { "syslogfacility", sLogFacility },
322 { "loglevel", sLogLevel },
323 { "rhostsauthentication", sRhostsAuthentication },
324 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000325 { "hostbasedauthentication", sHostbasedAuthentication },
326 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100327 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100328 { "pubkeyauthentication", sPubkeyAuthentication },
329 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Ben Lindstromec95ed92001-07-04 04:21:14 +0000330#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100331 { "kerberosauthentication", sKerberosAuthentication },
332 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
333 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000334#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000335#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100336 { "kerberostgtpassing", sKerberosTgtPassing },
Ben Lindstromec95ed92001-07-04 04:21:14 +0000337#endif
338#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100339 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000340#endif
Damien Miller95def091999-11-25 00:26:21 +1100341 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100342 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000343 { "challengeresponseauthentication", sChallengeResponseAuthentication },
344 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Ben Lindstrom91e98682001-09-12 16:32:14 +0000345 { "checkmail", sDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100346 { "listenaddress", sListenAddress },
347 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000348 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100349 { "ignorerhosts", sIgnoreRhosts },
350 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
351 { "x11forwarding", sX11Forwarding },
352 { "x11displayoffset", sX11DisplayOffset },
Damien Miller95c249f2002-02-05 12:11:34 +1100353 { "x11uselocalhost", sX11UseLocalhost },
Damien Millerd3a18572000-06-07 19:55:44 +1000354 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100355 { "strictmodes", sStrictModes },
356 { "permitemptypasswords", sEmptyPasswd },
357 { "uselogin", sUseLogin },
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000358 { "compression", sCompression },
Damien Miller95def091999-11-25 00:26:21 +1100359 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100360 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100361 { "allowusers", sAllowUsers },
362 { "denyusers", sDenyUsers },
363 { "allowgroups", sAllowGroups },
364 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000365 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000366 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000367 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000368 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000369 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000370 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000371 { "banner", sBanner },
Damien Millerc5d86352002-02-05 12:13:41 +1100372 { "verifyreversemapping", sVerifyReverseMapping },
373 { "reversemappingcheck", sVerifyReverseMapping },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000374 { "clientaliveinterval", sClientAliveInterval },
375 { "clientalivecountmax", sClientAliveCountMax },
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000376 { "authorizedkeysfile", sAuthorizedKeysFile },
377 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000378 { "useprivilegeseparation", sUsePrivilegeSeparation},
Ben Lindstrom65366a82001-12-06 16:32:47 +0000379 { NULL, sBadOption }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000380};
381
Damien Miller5428f641999-11-25 11:54:57 +1100382/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000383 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100384 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000385
Damien Miller4af51302000-04-16 11:18:38 +1000386static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100387parse_token(const char *cp, const char *filename,
388 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000389{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000390 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000391
Damien Miller95def091999-11-25 00:26:21 +1100392 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100393 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100394 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000395
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000396 error("%s: line %d: Bad configuration option: %s",
397 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100398 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000399}
400
Ben Lindstrombba81212001-06-25 05:01:22 +0000401static void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000402add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100403{
Damien Miller34132e52000-01-14 15:45:46 +1100404 int i;
405
406 if (options->num_ports == 0)
407 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000408 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000409 for (i = 0; i < options->num_ports; i++)
410 add_one_listen_addr(options, addr, options->ports[i]);
411 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000412 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000413}
414
Ben Lindstrombba81212001-06-25 05:01:22 +0000415static void
Ben Lindstromc510af42001-04-07 17:25:48 +0000416add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
417{
418 struct addrinfo hints, *ai, *aitop;
419 char strport[NI_MAXSERV];
420 int gaierr;
421
422 memset(&hints, 0, sizeof(hints));
423 hints.ai_family = IPv4or6;
424 hints.ai_socktype = SOCK_STREAM;
425 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
Ben Lindstrome1353632002-06-23 21:29:23 +0000426 snprintf(strport, sizeof strport, "%u", port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000427 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
428 fatal("bad addr or host: %s (%s)",
429 addr ? addr : "<NULL>",
430 gai_strerror(gaierr));
431 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
432 ;
433 ai->ai_next = options->listen_addrs;
434 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100435}
436
Ben Lindstromade03f62001-12-06 18:22:17 +0000437int
438process_server_config_line(ServerOptions *options, char *line,
439 const char *filename, int linenum)
440{
441 char *cp, **charptr, *arg, *p;
Ben Lindstrome1353632002-06-23 21:29:23 +0000442 int *intptr, value, i, n;
Ben Lindstromade03f62001-12-06 18:22:17 +0000443 ServerOpCodes opcode;
Ben Lindstromade03f62001-12-06 18:22:17 +0000444
445 cp = line;
446 arg = strdelim(&cp);
447 /* Ignore leading whitespace */
448 if (*arg == '\0')
449 arg = strdelim(&cp);
450 if (!arg || !*arg || *arg == '#')
451 return 0;
452 intptr = NULL;
453 charptr = NULL;
454 opcode = parse_token(arg, filename, linenum);
455 switch (opcode) {
456 /* Portable-specific options */
457 case sPAMAuthenticationViaKbdInt:
458 intptr = &options->pam_authentication_via_kbd_int;
459 goto parse_flag;
460
461 /* Standard Options */
462 case sBadOption:
463 return -1;
464 case sPort:
465 /* ignore ports from configfile if cmdline specifies ports */
466 if (options->ports_from_cmdline)
467 return 0;
468 if (options->listen_addrs != NULL)
469 fatal("%s line %d: ports must be specified before "
Damien Miller4fbf08a2002-01-22 23:35:09 +1100470 "ListenAddress.", filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000471 if (options->num_ports >= MAX_PORTS)
472 fatal("%s line %d: too many ports.",
473 filename, linenum);
474 arg = strdelim(&cp);
475 if (!arg || *arg == '\0')
476 fatal("%s line %d: missing port number.",
477 filename, linenum);
478 options->ports[options->num_ports++] = a2port(arg);
479 if (options->ports[options->num_ports-1] == 0)
480 fatal("%s line %d: Badly formatted port number.",
481 filename, linenum);
482 break;
483
484 case sServerKeyBits:
485 intptr = &options->server_key_bits;
486parse_int:
487 arg = strdelim(&cp);
488 if (!arg || *arg == '\0')
489 fatal("%s line %d: missing integer value.",
490 filename, linenum);
491 value = atoi(arg);
492 if (*intptr == -1)
493 *intptr = value;
494 break;
495
496 case sLoginGraceTime:
497 intptr = &options->login_grace_time;
498parse_time:
499 arg = strdelim(&cp);
500 if (!arg || *arg == '\0')
501 fatal("%s line %d: missing time value.",
502 filename, linenum);
503 if ((value = convtime(arg)) == -1)
504 fatal("%s line %d: invalid time value.",
505 filename, linenum);
506 if (*intptr == -1)
507 *intptr = value;
508 break;
509
510 case sKeyRegenerationTime:
511 intptr = &options->key_regeneration_time;
512 goto parse_time;
513
514 case sListenAddress:
515 arg = strdelim(&cp);
516 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
517 fatal("%s line %d: missing inet addr.",
518 filename, linenum);
519 if (*arg == '[') {
520 if ((p = strchr(arg, ']')) == NULL)
521 fatal("%s line %d: bad ipv6 inet addr usage.",
522 filename, linenum);
523 arg++;
524 memmove(p, p+1, strlen(p+1)+1);
525 } else if (((p = strchr(arg, ':')) == NULL) ||
526 (strchr(p+1, ':') != NULL)) {
527 add_listen_addr(options, arg, 0);
528 break;
529 }
530 if (*p == ':') {
531 u_short port;
532
533 p++;
534 if (*p == '\0')
535 fatal("%s line %d: bad inet addr:port usage.",
536 filename, linenum);
537 else {
538 *(p-1) = '\0';
539 if ((port = a2port(p)) == 0)
540 fatal("%s line %d: bad port number.",
541 filename, linenum);
542 add_listen_addr(options, arg, port);
543 }
544 } else if (*p == '\0')
545 add_listen_addr(options, arg, 0);
546 else
547 fatal("%s line %d: bad inet addr usage.",
548 filename, linenum);
549 break;
550
551 case sHostKeyFile:
552 intptr = &options->num_host_key_files;
553 if (*intptr >= MAX_HOSTKEYS)
554 fatal("%s line %d: too many host keys specified (max %d).",
555 filename, linenum, MAX_HOSTKEYS);
556 charptr = &options->host_key_files[*intptr];
557parse_filename:
558 arg = strdelim(&cp);
559 if (!arg || *arg == '\0')
560 fatal("%s line %d: missing file name.",
561 filename, linenum);
562 if (*charptr == NULL) {
563 *charptr = tilde_expand_filename(arg, getuid());
564 /* increase optional counter */
565 if (intptr != NULL)
566 *intptr = *intptr + 1;
567 }
568 break;
569
570 case sPidFile:
571 charptr = &options->pid_file;
572 goto parse_filename;
573
574 case sPermitRootLogin:
575 intptr = &options->permit_root_login;
576 arg = strdelim(&cp);
577 if (!arg || *arg == '\0')
578 fatal("%s line %d: missing yes/"
579 "without-password/forced-commands-only/no "
580 "argument.", filename, linenum);
581 value = 0; /* silence compiler */
582 if (strcmp(arg, "without-password") == 0)
583 value = PERMIT_NO_PASSWD;
584 else if (strcmp(arg, "forced-commands-only") == 0)
585 value = PERMIT_FORCED_ONLY;
586 else if (strcmp(arg, "yes") == 0)
587 value = PERMIT_YES;
588 else if (strcmp(arg, "no") == 0)
589 value = PERMIT_NO;
590 else
591 fatal("%s line %d: Bad yes/"
592 "without-password/forced-commands-only/no "
593 "argument: %s", filename, linenum, arg);
594 if (*intptr == -1)
595 *intptr = value;
596 break;
597
598 case sIgnoreRhosts:
599 intptr = &options->ignore_rhosts;
600parse_flag:
601 arg = strdelim(&cp);
602 if (!arg || *arg == '\0')
603 fatal("%s line %d: missing yes/no argument.",
604 filename, linenum);
605 value = 0; /* silence compiler */
606 if (strcmp(arg, "yes") == 0)
607 value = 1;
608 else if (strcmp(arg, "no") == 0)
609 value = 0;
610 else
611 fatal("%s line %d: Bad yes/no argument: %s",
612 filename, linenum, arg);
613 if (*intptr == -1)
614 *intptr = value;
615 break;
616
617 case sIgnoreUserKnownHosts:
618 intptr = &options->ignore_user_known_hosts;
619 goto parse_flag;
620
621 case sRhostsAuthentication:
622 intptr = &options->rhosts_authentication;
623 goto parse_flag;
624
625 case sRhostsRSAAuthentication:
626 intptr = &options->rhosts_rsa_authentication;
627 goto parse_flag;
628
629 case sHostbasedAuthentication:
630 intptr = &options->hostbased_authentication;
631 goto parse_flag;
632
633 case sHostbasedUsesNameFromPacketOnly:
634 intptr = &options->hostbased_uses_name_from_packet_only;
635 goto parse_flag;
636
637 case sRSAAuthentication:
638 intptr = &options->rsa_authentication;
639 goto parse_flag;
640
641 case sPubkeyAuthentication:
642 intptr = &options->pubkey_authentication;
643 goto parse_flag;
644#if defined(KRB4) || defined(KRB5)
645 case sKerberosAuthentication:
646 intptr = &options->kerberos_authentication;
647 goto parse_flag;
648
649 case sKerberosOrLocalPasswd:
650 intptr = &options->kerberos_or_local_passwd;
651 goto parse_flag;
652
653 case sKerberosTicketCleanup:
654 intptr = &options->kerberos_ticket_cleanup;
655 goto parse_flag;
656#endif
657#if defined(AFS) || defined(KRB5)
658 case sKerberosTgtPassing:
659 intptr = &options->kerberos_tgt_passing;
660 goto parse_flag;
661#endif
662#ifdef AFS
663 case sAFSTokenPassing:
664 intptr = &options->afs_token_passing;
665 goto parse_flag;
666#endif
667
668 case sPasswordAuthentication:
669 intptr = &options->password_authentication;
670 goto parse_flag;
671
672 case sKbdInteractiveAuthentication:
673 intptr = &options->kbd_interactive_authentication;
674 goto parse_flag;
675
676 case sChallengeResponseAuthentication:
677 intptr = &options->challenge_response_authentication;
678 goto parse_flag;
679
680 case sPrintMotd:
681 intptr = &options->print_motd;
682 goto parse_flag;
683
684 case sPrintLastLog:
685 intptr = &options->print_lastlog;
686 goto parse_flag;
687
688 case sX11Forwarding:
689 intptr = &options->x11_forwarding;
690 goto parse_flag;
691
692 case sX11DisplayOffset:
693 intptr = &options->x11_display_offset;
694 goto parse_int;
695
Damien Miller95c249f2002-02-05 12:11:34 +1100696 case sX11UseLocalhost:
697 intptr = &options->x11_use_localhost;
698 goto parse_flag;
699
Ben Lindstromade03f62001-12-06 18:22:17 +0000700 case sXAuthLocation:
701 charptr = &options->xauth_location;
702 goto parse_filename;
703
704 case sStrictModes:
705 intptr = &options->strict_modes;
706 goto parse_flag;
707
708 case sKeepAlives:
709 intptr = &options->keepalives;
710 goto parse_flag;
711
712 case sEmptyPasswd:
713 intptr = &options->permit_empty_passwd;
714 goto parse_flag;
715
716 case sUseLogin:
717 intptr = &options->use_login;
718 goto parse_flag;
719
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000720 case sCompression:
721 intptr = &options->compression;
722 goto parse_flag;
723
Ben Lindstromade03f62001-12-06 18:22:17 +0000724 case sGatewayPorts:
725 intptr = &options->gateway_ports;
726 goto parse_flag;
727
Damien Millerc5d86352002-02-05 12:13:41 +1100728 case sVerifyReverseMapping:
729 intptr = &options->verify_reverse_mapping;
Ben Lindstromade03f62001-12-06 18:22:17 +0000730 goto parse_flag;
731
732 case sLogFacility:
733 intptr = (int *) &options->log_facility;
734 arg = strdelim(&cp);
735 value = log_facility_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100736 if (value == SYSLOG_FACILITY_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000737 fatal("%.200s line %d: unsupported log facility '%s'",
738 filename, linenum, arg ? arg : "<NONE>");
739 if (*intptr == -1)
740 *intptr = (SyslogFacility) value;
741 break;
742
743 case sLogLevel:
744 intptr = (int *) &options->log_level;
745 arg = strdelim(&cp);
746 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100747 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000748 fatal("%.200s line %d: unsupported log level '%s'",
749 filename, linenum, arg ? arg : "<NONE>");
750 if (*intptr == -1)
751 *intptr = (LogLevel) value;
752 break;
753
754 case sAllowTcpForwarding:
755 intptr = &options->allow_tcp_forwarding;
756 goto parse_flag;
757
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000758 case sUsePrivilegeSeparation:
759 intptr = &use_privsep;
760 goto parse_flag;
761
Ben Lindstromade03f62001-12-06 18:22:17 +0000762 case sAllowUsers:
763 while ((arg = strdelim(&cp)) && *arg != '\0') {
764 if (options->num_allow_users >= MAX_ALLOW_USERS)
765 fatal("%s line %d: too many allow users.",
766 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000767 options->allow_users[options->num_allow_users++] =
768 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000769 }
770 break;
771
772 case sDenyUsers:
773 while ((arg = strdelim(&cp)) && *arg != '\0') {
774 if (options->num_deny_users >= MAX_DENY_USERS)
775 fatal( "%s line %d: too many deny users.",
776 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000777 options->deny_users[options->num_deny_users++] =
778 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000779 }
780 break;
781
782 case sAllowGroups:
783 while ((arg = strdelim(&cp)) && *arg != '\0') {
784 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
785 fatal("%s line %d: too many allow groups.",
786 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000787 options->allow_groups[options->num_allow_groups++] =
788 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000789 }
790 break;
791
792 case sDenyGroups:
793 while ((arg = strdelim(&cp)) && *arg != '\0') {
794 if (options->num_deny_groups >= MAX_DENY_GROUPS)
795 fatal("%s line %d: too many deny groups.",
796 filename, linenum);
797 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
798 }
799 break;
800
801 case sCiphers:
802 arg = strdelim(&cp);
803 if (!arg || *arg == '\0')
804 fatal("%s line %d: Missing argument.", filename, linenum);
805 if (!ciphers_valid(arg))
806 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
807 filename, linenum, arg ? arg : "<NONE>");
808 if (options->ciphers == NULL)
809 options->ciphers = xstrdup(arg);
810 break;
811
812 case sMacs:
813 arg = strdelim(&cp);
814 if (!arg || *arg == '\0')
815 fatal("%s line %d: Missing argument.", filename, linenum);
816 if (!mac_valid(arg))
817 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
818 filename, linenum, arg ? arg : "<NONE>");
819 if (options->macs == NULL)
820 options->macs = xstrdup(arg);
821 break;
822
823 case sProtocol:
824 intptr = &options->protocol;
825 arg = strdelim(&cp);
826 if (!arg || *arg == '\0')
827 fatal("%s line %d: Missing argument.", filename, linenum);
828 value = proto_spec(arg);
829 if (value == SSH_PROTO_UNKNOWN)
830 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100831 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstromade03f62001-12-06 18:22:17 +0000832 if (*intptr == SSH_PROTO_UNKNOWN)
833 *intptr = value;
834 break;
835
836 case sSubsystem:
837 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
838 fatal("%s line %d: too many subsystems defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100839 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000840 }
841 arg = strdelim(&cp);
842 if (!arg || *arg == '\0')
843 fatal("%s line %d: Missing subsystem name.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100844 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000845 for (i = 0; i < options->num_subsystems; i++)
846 if (strcmp(arg, options->subsystem_name[i]) == 0)
847 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100848 filename, linenum, arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000849 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
850 arg = strdelim(&cp);
851 if (!arg || *arg == '\0')
852 fatal("%s line %d: Missing subsystem command.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100853 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000854 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
855 options->num_subsystems++;
856 break;
857
858 case sMaxStartups:
859 arg = strdelim(&cp);
860 if (!arg || *arg == '\0')
861 fatal("%s line %d: Missing MaxStartups spec.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100862 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000863 if ((n = sscanf(arg, "%d:%d:%d",
864 &options->max_startups_begin,
865 &options->max_startups_rate,
866 &options->max_startups)) == 3) {
867 if (options->max_startups_begin >
868 options->max_startups ||
869 options->max_startups_rate > 100 ||
870 options->max_startups_rate < 1)
871 fatal("%s line %d: Illegal MaxStartups spec.",
872 filename, linenum);
873 } else if (n != 1)
874 fatal("%s line %d: Illegal MaxStartups spec.",
875 filename, linenum);
876 else
877 options->max_startups = options->max_startups_begin;
878 break;
879
880 case sBanner:
881 charptr = &options->banner;
882 goto parse_filename;
883 /*
884 * These options can contain %X options expanded at
885 * connect time, so that you can specify paths like:
886 *
887 * AuthorizedKeysFile /etc/ssh_keys/%u
888 */
889 case sAuthorizedKeysFile:
890 case sAuthorizedKeysFile2:
891 charptr = (opcode == sAuthorizedKeysFile ) ?
892 &options->authorized_keys_file :
893 &options->authorized_keys_file2;
894 goto parse_filename;
895
896 case sClientAliveInterval:
897 intptr = &options->client_alive_interval;
898 goto parse_time;
899
900 case sClientAliveCountMax:
901 intptr = &options->client_alive_count_max;
902 goto parse_int;
903
904 case sDeprecated:
905 log("%s line %d: Deprecated option %s",
906 filename, linenum, arg);
907 while (arg)
908 arg = strdelim(&cp);
909 break;
910
911 default:
912 fatal("%s line %d: Missing handler for opcode %s (%d)",
913 filename, linenum, arg, opcode);
914 }
915 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
916 fatal("%s line %d: garbage at end of line; \"%.200s\".",
917 filename, linenum, arg);
918 return 0;
919}
920
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000921/* Reads the server configuration file. */
922
Damien Miller4af51302000-04-16 11:18:38 +1000923void
Damien Miller95def091999-11-25 00:26:21 +1100924read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000925{
Ben Lindstrome1353632002-06-23 21:29:23 +0000926 int linenum, bad_options = 0;
Damien Miller95def091999-11-25 00:26:21 +1100927 char line[1024];
Ben Lindstrome1353632002-06-23 21:29:23 +0000928 FILE *f;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000929
Damien Miller95def091999-11-25 00:26:21 +1100930 f = fopen(filename, "r");
931 if (!f) {
932 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000933 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100934 }
935 linenum = 0;
936 while (fgets(line, sizeof(line), f)) {
Ben Lindstromade03f62001-12-06 18:22:17 +0000937 /* Update line number counter. */
Damien Miller95def091999-11-25 00:26:21 +1100938 linenum++;
Ben Lindstromade03f62001-12-06 18:22:17 +0000939 if (process_server_config_line(options, line, filename, linenum) != 0)
Damien Miller95def091999-11-25 00:26:21 +1100940 bad_options++;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000941 }
Damien Miller95def091999-11-25 00:26:21 +1100942 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000943 if (bad_options > 0)
944 fatal("%s: terminating, %d bad configuration options",
945 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000946}