Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 1 | /* |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 2 | * |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 3 | * servconf.c |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 4 | * |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 5 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 6 | * |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 7 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 8 | * All rights reserved |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 9 | * |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 10 | * Created: Mon Aug 21 15:48:58 1995 ylo |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 11 | * |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 12 | */ |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 13 | |
| 14 | #include "includes.h" |
Damien Miller | b1715dc | 2000-05-30 13:44:51 +1000 | [diff] [blame] | 15 | RCSID("$Id: servconf.c,v 1.17 2000/05/30 03:44:53 damien Exp $"); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 16 | |
| 17 | #include "ssh.h" |
| 18 | #include "servconf.h" |
| 19 | #include "xmalloc.h" |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 20 | #include "compat.h" |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 21 | |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 22 | /* add listen address */ |
| 23 | void add_listen_addr(ServerOptions *options, char *addr); |
| 24 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 25 | /* Initializes the server options to their default values. */ |
| 26 | |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 27 | void |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 28 | initialize_server_options(ServerOptions *options) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 29 | { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 30 | memset(options, 0, sizeof(*options)); |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 31 | options->num_ports = 0; |
| 32 | options->ports_from_cmdline = 0; |
| 33 | options->listen_addrs = NULL; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 34 | options->host_key_file = NULL; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 35 | options->host_dsa_key_file = NULL; |
Damien Miller | 6f83b8e | 2000-05-02 09:23:45 +1000 | [diff] [blame] | 36 | options->pid_file = NULL; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 37 | options->server_key_bits = -1; |
| 38 | options->login_grace_time = -1; |
| 39 | options->key_regeneration_time = -1; |
| 40 | options->permit_root_login = -1; |
| 41 | options->ignore_rhosts = -1; |
| 42 | options->ignore_user_known_hosts = -1; |
| 43 | options->print_motd = -1; |
| 44 | options->check_mail = -1; |
| 45 | options->x11_forwarding = -1; |
| 46 | options->x11_display_offset = -1; |
| 47 | options->strict_modes = -1; |
| 48 | options->keepalives = -1; |
| 49 | options->log_facility = (SyslogFacility) - 1; |
| 50 | options->log_level = (LogLevel) - 1; |
| 51 | options->rhosts_authentication = -1; |
| 52 | options->rhosts_rsa_authentication = -1; |
| 53 | options->rsa_authentication = -1; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 54 | options->dsa_authentication = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 55 | #ifdef KRB4 |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 56 | options->kerberos_authentication = -1; |
| 57 | options->kerberos_or_local_passwd = -1; |
| 58 | options->kerberos_ticket_cleanup = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 59 | #endif |
| 60 | #ifdef AFS |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 61 | options->kerberos_tgt_passing = -1; |
| 62 | options->afs_token_passing = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 63 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 64 | options->password_authentication = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 65 | #ifdef SKEY |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 66 | options->skey_authentication = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 67 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 68 | options->permit_empty_passwd = -1; |
| 69 | options->use_login = -1; |
| 70 | options->num_allow_users = 0; |
| 71 | options->num_deny_users = 0; |
| 72 | options->num_allow_groups = 0; |
| 73 | options->num_deny_groups = 0; |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 74 | options->ciphers = NULL; |
| 75 | options->protocol = SSH_PROTO_UNKNOWN; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 76 | options->gateway_ports = -1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 77 | } |
| 78 | |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 79 | void |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 80 | fill_default_server_options(ServerOptions *options) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 81 | { |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 82 | if (options->num_ports == 0) |
| 83 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
| 84 | if (options->listen_addrs == NULL) |
| 85 | add_listen_addr(options, NULL); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 86 | if (options->host_key_file == NULL) |
| 87 | options->host_key_file = HOST_KEY_FILE; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 88 | if (options->host_dsa_key_file == NULL) |
| 89 | options->host_dsa_key_file = HOST_DSA_KEY_FILE; |
Damien Miller | 6f83b8e | 2000-05-02 09:23:45 +1000 | [diff] [blame] | 90 | if (options->pid_file == NULL) |
| 91 | options->pid_file = SSH_DAEMON_PID_FILE; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 92 | if (options->server_key_bits == -1) |
| 93 | options->server_key_bits = 768; |
| 94 | if (options->login_grace_time == -1) |
| 95 | options->login_grace_time = 600; |
| 96 | if (options->key_regeneration_time == -1) |
| 97 | options->key_regeneration_time = 3600; |
| 98 | if (options->permit_root_login == -1) |
| 99 | options->permit_root_login = 1; /* yes */ |
| 100 | if (options->ignore_rhosts == -1) |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 101 | options->ignore_rhosts = 1; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 102 | if (options->ignore_user_known_hosts == -1) |
| 103 | options->ignore_user_known_hosts = 0; |
| 104 | if (options->check_mail == -1) |
| 105 | options->check_mail = 0; |
| 106 | if (options->print_motd == -1) |
| 107 | options->print_motd = 1; |
| 108 | if (options->x11_forwarding == -1) |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 109 | options->x11_forwarding = 0; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 110 | if (options->x11_display_offset == -1) |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 111 | options->x11_display_offset = 10; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 112 | if (options->strict_modes == -1) |
| 113 | options->strict_modes = 1; |
| 114 | if (options->keepalives == -1) |
| 115 | options->keepalives = 1; |
| 116 | if (options->log_facility == (SyslogFacility) (-1)) |
| 117 | options->log_facility = SYSLOG_FACILITY_AUTH; |
| 118 | if (options->log_level == (LogLevel) (-1)) |
| 119 | options->log_level = SYSLOG_LEVEL_INFO; |
| 120 | if (options->rhosts_authentication == -1) |
| 121 | options->rhosts_authentication = 0; |
| 122 | if (options->rhosts_rsa_authentication == -1) |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 123 | options->rhosts_rsa_authentication = 0; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 124 | if (options->rsa_authentication == -1) |
| 125 | options->rsa_authentication = 1; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 126 | if (options->dsa_authentication == -1) |
| 127 | options->dsa_authentication = 1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 128 | #ifdef KRB4 |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 129 | if (options->kerberos_authentication == -1) |
| 130 | options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); |
| 131 | if (options->kerberos_or_local_passwd == -1) |
| 132 | options->kerberos_or_local_passwd = 1; |
| 133 | if (options->kerberos_ticket_cleanup == -1) |
| 134 | options->kerberos_ticket_cleanup = 1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 135 | #endif /* KRB4 */ |
| 136 | #ifdef AFS |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 137 | if (options->kerberos_tgt_passing == -1) |
| 138 | options->kerberos_tgt_passing = 0; |
| 139 | if (options->afs_token_passing == -1) |
| 140 | options->afs_token_passing = k_hasafs(); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 141 | #endif /* AFS */ |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 142 | if (options->password_authentication == -1) |
| 143 | options->password_authentication = 1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 144 | #ifdef SKEY |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 145 | if (options->skey_authentication == -1) |
| 146 | options->skey_authentication = 1; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 147 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 148 | if (options->permit_empty_passwd == -1) |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 149 | options->permit_empty_passwd = 0; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 150 | if (options->use_login == -1) |
| 151 | options->use_login = 0; |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 152 | if (options->protocol == SSH_PROTO_UNKNOWN) |
Damien Miller | eba71ba | 2000-04-29 23:57:08 +1000 | [diff] [blame] | 153 | options->protocol = SSH_PROTO_1|SSH_PROTO_2; |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 154 | if (options->gateway_ports == -1) |
| 155 | options->gateway_ports = 0; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 156 | } |
| 157 | |
| 158 | #define WHITESPACE " \t\r\n" |
| 159 | |
| 160 | /* Keyword tokens. */ |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 161 | typedef enum { |
| 162 | sBadOption, /* == unknown option */ |
| 163 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| 164 | sPermitRootLogin, sLogFacility, sLogLevel, |
| 165 | sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 166 | #ifdef KRB4 |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 167 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 168 | #endif |
| 169 | #ifdef AFS |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 170 | sKerberosTgtPassing, sAFSTokenPassing, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 171 | #endif |
| 172 | #ifdef SKEY |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 173 | sSkeyAuthentication, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 174 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 175 | sPasswordAuthentication, sListenAddress, |
| 176 | sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, |
| 177 | sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, |
| 178 | sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 179 | sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, |
| 180 | sGatewayPorts, sDSAAuthentication |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 181 | } ServerOpCodes; |
| 182 | |
| 183 | /* Textual representation of the tokens. */ |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 184 | static struct { |
| 185 | const char *name; |
| 186 | ServerOpCodes opcode; |
| 187 | } keywords[] = { |
| 188 | { "port", sPort }, |
| 189 | { "hostkey", sHostKeyFile }, |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 190 | { "hostdsakey", sHostDSAKeyFile }, |
Damien Miller | 6f83b8e | 2000-05-02 09:23:45 +1000 | [diff] [blame] | 191 | { "pidfile", sPidFile }, |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 192 | { "serverkeybits", sServerKeyBits }, |
| 193 | { "logingracetime", sLoginGraceTime }, |
| 194 | { "keyregenerationinterval", sKeyRegenerationTime }, |
| 195 | { "permitrootlogin", sPermitRootLogin }, |
| 196 | { "syslogfacility", sLogFacility }, |
| 197 | { "loglevel", sLogLevel }, |
| 198 | { "rhostsauthentication", sRhostsAuthentication }, |
| 199 | { "rhostsrsaauthentication", sRhostsRSAAuthentication }, |
| 200 | { "rsaauthentication", sRSAAuthentication }, |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 201 | { "dsaauthentication", sDSAAuthentication }, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 202 | #ifdef KRB4 |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 203 | { "kerberosauthentication", sKerberosAuthentication }, |
| 204 | { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
| 205 | { "kerberosticketcleanup", sKerberosTicketCleanup }, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 206 | #endif |
| 207 | #ifdef AFS |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 208 | { "kerberostgtpassing", sKerberosTgtPassing }, |
| 209 | { "afstokenpassing", sAFSTokenPassing }, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 210 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 211 | { "passwordauthentication", sPasswordAuthentication }, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 212 | #ifdef SKEY |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 213 | { "skeyauthentication", sSkeyAuthentication }, |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 214 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 215 | { "checkmail", sCheckMail }, |
| 216 | { "listenaddress", sListenAddress }, |
| 217 | { "printmotd", sPrintMotd }, |
| 218 | { "ignorerhosts", sIgnoreRhosts }, |
| 219 | { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, |
| 220 | { "x11forwarding", sX11Forwarding }, |
| 221 | { "x11displayoffset", sX11DisplayOffset }, |
| 222 | { "strictmodes", sStrictModes }, |
| 223 | { "permitemptypasswords", sEmptyPasswd }, |
| 224 | { "uselogin", sUseLogin }, |
| 225 | { "randomseed", sRandomSeedFile }, |
| 226 | { "keepalive", sKeepAlives }, |
| 227 | { "allowusers", sAllowUsers }, |
| 228 | { "denyusers", sDenyUsers }, |
| 229 | { "allowgroups", sAllowGroups }, |
| 230 | { "denygroups", sDenyGroups }, |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 231 | { "ciphers", sCiphers }, |
| 232 | { "protocol", sProtocol }, |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 233 | { "gatewayports", sGatewayPorts }, |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 234 | { NULL, 0 } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 235 | }; |
| 236 | |
Damien Miller | 5428f64 | 1999-11-25 11:54:57 +1100 | [diff] [blame] | 237 | /* |
| 238 | * Returns the number of the token pointed to by cp of length len. Never |
| 239 | * returns if the token is not known. |
| 240 | */ |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 241 | |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 242 | static ServerOpCodes |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 243 | parse_token(const char *cp, const char *filename, |
| 244 | int linenum) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 245 | { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 246 | unsigned int i; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 247 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 248 | for (i = 0; keywords[i].name; i++) |
Damien Miller | 5428f64 | 1999-11-25 11:54:57 +1100 | [diff] [blame] | 249 | if (strcasecmp(cp, keywords[i].name) == 0) |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 250 | return keywords[i].opcode; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 251 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 252 | fprintf(stderr, "%s: line %d: Bad configuration option: %s\n", |
| 253 | filename, linenum, cp); |
| 254 | return sBadOption; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 255 | } |
| 256 | |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 257 | /* |
| 258 | * add listen address |
| 259 | */ |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 260 | void |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 261 | add_listen_addr(ServerOptions *options, char *addr) |
| 262 | { |
| 263 | extern int IPv4or6; |
| 264 | struct addrinfo hints, *ai, *aitop; |
| 265 | char strport[NI_MAXSERV]; |
| 266 | int gaierr; |
| 267 | int i; |
| 268 | |
| 269 | if (options->num_ports == 0) |
| 270 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
| 271 | for (i = 0; i < options->num_ports; i++) { |
| 272 | memset(&hints, 0, sizeof(hints)); |
| 273 | hints.ai_family = IPv4or6; |
| 274 | hints.ai_socktype = SOCK_STREAM; |
| 275 | hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
| 276 | snprintf(strport, sizeof strport, "%d", options->ports[i]); |
| 277 | if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
| 278 | fatal("bad addr or host: %s (%s)\n", |
| 279 | addr ? addr : "<NULL>", |
| 280 | gai_strerror(gaierr)); |
| 281 | for (ai = aitop; ai->ai_next; ai = ai->ai_next) |
| 282 | ; |
| 283 | ai->ai_next = options->listen_addrs; |
| 284 | options->listen_addrs = aitop; |
| 285 | } |
| 286 | } |
| 287 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 288 | /* Reads the server configuration file. */ |
| 289 | |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 290 | void |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 291 | read_server_config(ServerOptions *options, const char *filename) |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 292 | { |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 293 | FILE *f; |
| 294 | char line[1024]; |
| 295 | char *cp, **charptr; |
| 296 | int linenum, *intptr, value; |
| 297 | int bad_options = 0; |
| 298 | ServerOpCodes opcode; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 299 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 300 | f = fopen(filename, "r"); |
| 301 | if (!f) { |
| 302 | perror(filename); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 303 | exit(1); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 304 | } |
| 305 | linenum = 0; |
| 306 | while (fgets(line, sizeof(line), f)) { |
| 307 | linenum++; |
| 308 | cp = line + strspn(line, WHITESPACE); |
| 309 | if (!*cp || *cp == '#') |
| 310 | continue; |
| 311 | cp = strtok(cp, WHITESPACE); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 312 | opcode = parse_token(cp, filename, linenum); |
| 313 | switch (opcode) { |
| 314 | case sBadOption: |
| 315 | bad_options++; |
| 316 | continue; |
| 317 | case sPort: |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 318 | /* ignore ports from configfile if cmdline specifies ports */ |
| 319 | if (options->ports_from_cmdline) |
| 320 | continue; |
| 321 | if (options->listen_addrs != NULL) |
| 322 | fatal("%s line %d: ports must be specified before " |
| 323 | "ListenAdress.\n", filename, linenum); |
| 324 | if (options->num_ports >= MAX_PORTS) |
| 325 | fatal("%s line %d: too many ports.\n", |
Damien Miller | 4af5130 | 2000-04-16 11:18:38 +1000 | [diff] [blame] | 326 | filename, linenum); |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 327 | cp = strtok(NULL, WHITESPACE); |
| 328 | if (!cp) |
| 329 | fatal("%s line %d: missing port number.\n", |
| 330 | filename, linenum); |
| 331 | options->ports[options->num_ports++] = atoi(cp); |
| 332 | break; |
| 333 | |
| 334 | case sServerKeyBits: |
| 335 | intptr = &options->server_key_bits; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 336 | parse_int: |
| 337 | cp = strtok(NULL, WHITESPACE); |
| 338 | if (!cp) { |
| 339 | fprintf(stderr, "%s line %d: missing integer value.\n", |
| 340 | filename, linenum); |
| 341 | exit(1); |
| 342 | } |
| 343 | value = atoi(cp); |
| 344 | if (*intptr == -1) |
| 345 | *intptr = value; |
| 346 | break; |
Damien Miller | 3226509 | 1999-11-12 11:33:04 +1100 | [diff] [blame] | 347 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 348 | case sLoginGraceTime: |
| 349 | intptr = &options->login_grace_time; |
| 350 | goto parse_int; |
| 351 | |
| 352 | case sKeyRegenerationTime: |
| 353 | intptr = &options->key_regeneration_time; |
| 354 | goto parse_int; |
| 355 | |
| 356 | case sListenAddress: |
| 357 | cp = strtok(NULL, WHITESPACE); |
Damien Miller | 34132e5 | 2000-01-14 15:45:46 +1100 | [diff] [blame] | 358 | if (!cp) |
| 359 | fatal("%s line %d: missing inet addr.\n", |
| 360 | filename, linenum); |
| 361 | add_listen_addr(options, cp); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 362 | break; |
| 363 | |
| 364 | case sHostKeyFile: |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 365 | case sHostDSAKeyFile: |
Damien Miller | efb4afe | 2000-04-12 18:45:05 +1000 | [diff] [blame] | 366 | charptr = (opcode == sHostKeyFile ) ? |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 367 | &options->host_key_file : &options->host_dsa_key_file; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 368 | cp = strtok(NULL, WHITESPACE); |
| 369 | if (!cp) { |
| 370 | fprintf(stderr, "%s line %d: missing file name.\n", |
Damien Miller | 6f83b8e | 2000-05-02 09:23:45 +1000 | [diff] [blame] | 371 | filename, linenum); |
| 372 | exit(1); |
| 373 | } |
| 374 | if (*charptr == NULL) |
| 375 | *charptr = tilde_expand_filename(cp, getuid()); |
| 376 | break; |
| 377 | |
| 378 | case sPidFile: |
| 379 | charptr = &options->pid_file; |
| 380 | cp = strtok(NULL, WHITESPACE); |
| 381 | if (!cp) { |
| 382 | fprintf(stderr, "%s line %d: missing file name.\n", |
| 383 | filename, linenum); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 384 | exit(1); |
| 385 | } |
| 386 | if (*charptr == NULL) |
| 387 | *charptr = tilde_expand_filename(cp, getuid()); |
| 388 | break; |
| 389 | |
| 390 | case sRandomSeedFile: |
| 391 | fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n", |
| 392 | filename, linenum); |
| 393 | cp = strtok(NULL, WHITESPACE); |
| 394 | break; |
| 395 | |
| 396 | case sPermitRootLogin: |
| 397 | intptr = &options->permit_root_login; |
| 398 | cp = strtok(NULL, WHITESPACE); |
| 399 | if (!cp) { |
| 400 | fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n", |
| 401 | filename, linenum); |
| 402 | exit(1); |
| 403 | } |
| 404 | if (strcmp(cp, "without-password") == 0) |
| 405 | value = 2; |
| 406 | else if (strcmp(cp, "yes") == 0) |
| 407 | value = 1; |
| 408 | else if (strcmp(cp, "no") == 0) |
| 409 | value = 0; |
| 410 | else { |
| 411 | fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n", |
| 412 | filename, linenum, cp); |
| 413 | exit(1); |
| 414 | } |
| 415 | if (*intptr == -1) |
| 416 | *intptr = value; |
| 417 | break; |
| 418 | |
| 419 | case sIgnoreRhosts: |
| 420 | intptr = &options->ignore_rhosts; |
| 421 | parse_flag: |
| 422 | cp = strtok(NULL, WHITESPACE); |
| 423 | if (!cp) { |
| 424 | fprintf(stderr, "%s line %d: missing yes/no argument.\n", |
| 425 | filename, linenum); |
| 426 | exit(1); |
| 427 | } |
| 428 | if (strcmp(cp, "yes") == 0) |
| 429 | value = 1; |
| 430 | else if (strcmp(cp, "no") == 0) |
| 431 | value = 0; |
| 432 | else { |
| 433 | fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n", |
| 434 | filename, linenum, cp); |
| 435 | exit(1); |
| 436 | } |
| 437 | if (*intptr == -1) |
| 438 | *intptr = value; |
| 439 | break; |
| 440 | |
| 441 | case sIgnoreUserKnownHosts: |
| 442 | intptr = &options->ignore_user_known_hosts; |
Damien Miller | 98c7ad6 | 2000-03-09 21:27:49 +1100 | [diff] [blame] | 443 | goto parse_flag; |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 444 | |
| 445 | case sRhostsAuthentication: |
| 446 | intptr = &options->rhosts_authentication; |
| 447 | goto parse_flag; |
| 448 | |
| 449 | case sRhostsRSAAuthentication: |
| 450 | intptr = &options->rhosts_rsa_authentication; |
| 451 | goto parse_flag; |
| 452 | |
| 453 | case sRSAAuthentication: |
| 454 | intptr = &options->rsa_authentication; |
| 455 | goto parse_flag; |
| 456 | |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 457 | case sDSAAuthentication: |
| 458 | intptr = &options->dsa_authentication; |
| 459 | goto parse_flag; |
| 460 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 461 | #ifdef KRB4 |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 462 | case sKerberosAuthentication: |
| 463 | intptr = &options->kerberos_authentication; |
| 464 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 465 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 466 | case sKerberosOrLocalPasswd: |
| 467 | intptr = &options->kerberos_or_local_passwd; |
| 468 | goto parse_flag; |
| 469 | |
| 470 | case sKerberosTicketCleanup: |
| 471 | intptr = &options->kerberos_ticket_cleanup; |
| 472 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 473 | #endif |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 474 | |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 475 | #ifdef AFS |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 476 | case sKerberosTgtPassing: |
| 477 | intptr = &options->kerberos_tgt_passing; |
| 478 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 479 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 480 | case sAFSTokenPassing: |
| 481 | intptr = &options->afs_token_passing; |
| 482 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 483 | #endif |
| 484 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 485 | case sPasswordAuthentication: |
| 486 | intptr = &options->password_authentication; |
| 487 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 488 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 489 | case sCheckMail: |
| 490 | intptr = &options->check_mail; |
| 491 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 492 | |
| 493 | #ifdef SKEY |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 494 | case sSkeyAuthentication: |
| 495 | intptr = &options->skey_authentication; |
| 496 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 497 | #endif |
| 498 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 499 | case sPrintMotd: |
| 500 | intptr = &options->print_motd; |
| 501 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 502 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 503 | case sX11Forwarding: |
| 504 | intptr = &options->x11_forwarding; |
| 505 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 506 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 507 | case sX11DisplayOffset: |
| 508 | intptr = &options->x11_display_offset; |
| 509 | goto parse_int; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 510 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 511 | case sStrictModes: |
| 512 | intptr = &options->strict_modes; |
| 513 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 514 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 515 | case sKeepAlives: |
| 516 | intptr = &options->keepalives; |
| 517 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 518 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 519 | case sEmptyPasswd: |
| 520 | intptr = &options->permit_empty_passwd; |
| 521 | goto parse_flag; |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 522 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 523 | case sUseLogin: |
| 524 | intptr = &options->use_login; |
| 525 | goto parse_flag; |
Damien Miller | 5ce662a | 1999-11-11 17:57:39 +1100 | [diff] [blame] | 526 | |
Damien Miller | e247cc4 | 2000-05-07 12:03:14 +1000 | [diff] [blame] | 527 | case sGatewayPorts: |
| 528 | intptr = &options->gateway_ports; |
| 529 | goto parse_flag; |
| 530 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 531 | case sLogFacility: |
| 532 | intptr = (int *) &options->log_facility; |
| 533 | cp = strtok(NULL, WHITESPACE); |
| 534 | value = log_facility_number(cp); |
| 535 | if (value == (SyslogFacility) - 1) |
| 536 | fatal("%.200s line %d: unsupported log facility '%s'\n", |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 537 | filename, linenum, cp ? cp : "<NONE>"); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 538 | if (*intptr == -1) |
| 539 | *intptr = (SyslogFacility) value; |
| 540 | break; |
| 541 | |
| 542 | case sLogLevel: |
| 543 | intptr = (int *) &options->log_level; |
| 544 | cp = strtok(NULL, WHITESPACE); |
| 545 | value = log_level_number(cp); |
| 546 | if (value == (LogLevel) - 1) |
| 547 | fatal("%.200s line %d: unsupported log level '%s'\n", |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 548 | filename, linenum, cp ? cp : "<NONE>"); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 549 | if (*intptr == -1) |
| 550 | *intptr = (LogLevel) value; |
| 551 | break; |
| 552 | |
| 553 | case sAllowUsers: |
| 554 | while ((cp = strtok(NULL, WHITESPACE))) { |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 555 | if (options->num_allow_users >= MAX_ALLOW_USERS) |
| 556 | fatal("%s line %d: too many allow users.\n", |
| 557 | filename, linenum); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 558 | options->allow_users[options->num_allow_users++] = xstrdup(cp); |
| 559 | } |
| 560 | break; |
| 561 | |
| 562 | case sDenyUsers: |
| 563 | while ((cp = strtok(NULL, WHITESPACE))) { |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 564 | if (options->num_deny_users >= MAX_DENY_USERS) |
| 565 | fatal( "%s line %d: too many deny users.\n", |
| 566 | filename, linenum); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 567 | options->deny_users[options->num_deny_users++] = xstrdup(cp); |
| 568 | } |
| 569 | break; |
| 570 | |
| 571 | case sAllowGroups: |
| 572 | while ((cp = strtok(NULL, WHITESPACE))) { |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 573 | if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
| 574 | fatal("%s line %d: too many allow groups.\n", |
| 575 | filename, linenum); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 576 | options->allow_groups[options->num_allow_groups++] = xstrdup(cp); |
| 577 | } |
| 578 | break; |
| 579 | |
| 580 | case sDenyGroups: |
| 581 | while ((cp = strtok(NULL, WHITESPACE))) { |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 582 | if (options->num_deny_groups >= MAX_DENY_GROUPS) |
| 583 | fatal("%s line %d: too many deny groups.\n", |
| 584 | filename, linenum); |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 585 | options->deny_groups[options->num_deny_groups++] = xstrdup(cp); |
| 586 | } |
| 587 | break; |
| 588 | |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 589 | case sCiphers: |
| 590 | cp = strtok(NULL, WHITESPACE); |
Damien Miller | b1715dc | 2000-05-30 13:44:51 +1000 | [diff] [blame] | 591 | if (!cp) |
| 592 | fatal("%s line %d: Missing argument.", filename, linenum); |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 593 | if (!ciphers_valid(cp)) |
Damien Miller | 30c3d42 | 2000-05-09 11:02:59 +1000 | [diff] [blame] | 594 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 595 | filename, linenum, cp ? cp : "<NONE>"); |
| 596 | if (options->ciphers == NULL) |
| 597 | options->ciphers = xstrdup(cp); |
| 598 | break; |
| 599 | |
| 600 | case sProtocol: |
| 601 | intptr = &options->protocol; |
| 602 | cp = strtok(NULL, WHITESPACE); |
Damien Miller | b1715dc | 2000-05-30 13:44:51 +1000 | [diff] [blame] | 603 | if (!cp) |
| 604 | fatal("%s line %d: Missing argument.", filename, linenum); |
Damien Miller | 7892879 | 2000-04-12 20:17:38 +1000 | [diff] [blame] | 605 | value = proto_spec(cp); |
| 606 | if (value == SSH_PROTO_UNKNOWN) |
| 607 | fatal("%s line %d: Bad protocol spec '%s'.", |
| 608 | filename, linenum, cp ? cp : "<NONE>"); |
| 609 | if (*intptr == SSH_PROTO_UNKNOWN) |
| 610 | *intptr = value; |
| 611 | break; |
| 612 | |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 613 | default: |
| 614 | fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n", |
| 615 | filename, linenum, cp, opcode); |
| 616 | exit(1); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 617 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 618 | if (strtok(NULL, WHITESPACE) != NULL) { |
| 619 | fprintf(stderr, "%s line %d: garbage at end of line.\n", |
| 620 | filename, linenum); |
| 621 | exit(1); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 622 | } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 623 | } |
Damien Miller | 95def09 | 1999-11-25 00:26:21 +1100 | [diff] [blame] | 624 | fclose(f); |
| 625 | if (bad_options > 0) { |
| 626 | fprintf(stderr, "%s: terminating, %d bad configuration options\n", |
| 627 | filename, bad_options); |
| 628 | exit(1); |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 629 | } |
Damien Miller | d4a8b7e | 1999-10-27 13:42:43 +1000 | [diff] [blame] | 630 | } |