blob: 2510659ee4b916c9fb985c51e67deadb40cb3be8 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +10004 *
Damien Millere4340be2000-09-16 13:29:08 +11005 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110010 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100011
12#include "includes.h"
Damien Miller9f82c8f2003-02-24 12:04:33 +110013RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
Ben Lindstrom226cfa02001-01-22 05:34:40 +000014
Damien Millerfd4c9ee2002-04-13 11:04:40 +100015#if defined(KRB4)
Ben Lindstrom226cfa02001-01-22 05:34:40 +000016#include <krb.h>
17#endif
Damien Millerfd4c9ee2002-04-13 11:04:40 +100018#if defined(KRB5)
19#ifdef HEIMDAL
20#include <krb.h>
21#else
22/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
23 * keytab */
24#define KEYFILE "/etc/krb5.keytab"
25#endif
26#endif
Ben Lindstromeb7a84c2001-07-04 04:48:36 +000027#ifdef AFS
28#include <kafs.h>
29#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +100030
31#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000032#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100033#include "servconf.h"
34#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +100035#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000036#include "pathnames.h"
37#include "tildexpand.h"
38#include "misc.h"
39#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +000040#include "kex.h"
41#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000042
Ben Lindstrombba81212001-06-25 05:01:22 +000043static void add_listen_addr(ServerOptions *, char *, u_short);
44static void add_one_listen_addr(ServerOptions *, char *, u_short);
Damien Miller34132e52000-01-14 15:45:46 +110045
Ben Lindstrom226cfa02001-01-22 05:34:40 +000046/* AF_UNSPEC or AF_INET or AF_INET6 */
47extern int IPv4or6;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +000048/* Use of privilege separation or not */
49extern int use_privsep;
Ben Lindstrom226cfa02001-01-22 05:34:40 +000050
Damien Millerd4a8b7e1999-10-27 13:42:43 +100051/* Initializes the server options to their default values. */
52
Damien Miller4af51302000-04-16 11:18:38 +100053void
Damien Miller95def091999-11-25 00:26:21 +110054initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055{
Damien Miller95def091999-11-25 00:26:21 +110056 memset(options, 0, sizeof(*options));
Damien Miller726273e2001-11-12 11:40:11 +110057
58 /* Portable-specific options */
59 options->pam_authentication_via_kbd_int = -1;
60
61 /* Standard Options */
Damien Miller34132e52000-01-14 15:45:46 +110062 options->num_ports = 0;
63 options->ports_from_cmdline = 0;
64 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +110065 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +100066 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +110067 options->server_key_bits = -1;
68 options->login_grace_time = -1;
69 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +000070 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110071 options->ignore_rhosts = -1;
72 options->ignore_user_known_hosts = -1;
73 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +000074 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +110075 options->x11_forwarding = -1;
76 options->x11_display_offset = -1;
Damien Miller95c249f2002-02-05 12:11:34 +110077 options->x11_use_localhost = -1;
Damien Millerd3a18572000-06-07 19:55:44 +100078 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +110079 options->strict_modes = -1;
80 options->keepalives = -1;
Damien Millerfcd93202002-02-05 12:26:34 +110081 options->log_facility = SYSLOG_FACILITY_NOT_SET;
82 options->log_level = SYSLOG_LEVEL_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +110083 options->rhosts_authentication = -1;
84 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +000085 options->hostbased_authentication = -1;
86 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +110087 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +110088 options->pubkey_authentication = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +000089#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +110090 options->kerberos_authentication = -1;
91 options->kerberos_or_local_passwd = -1;
92 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100093#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +000094#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +110095 options->kerberos_tgt_passing = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +000096#endif
97#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +110098 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100099#endif
Damien Miller95def091999-11-25 00:26:21 +1100100 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +1100101 options->kbd_interactive_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000102 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100103 options->permit_empty_passwd = -1;
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000104 options->permit_user_env = -1;
Damien Miller95def091999-11-25 00:26:21 +1100105 options->use_login = -1;
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000106 options->compression = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100107 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +1100108 options->num_allow_users = 0;
109 options->num_deny_users = 0;
110 options->num_allow_groups = 0;
111 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +1000112 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000113 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +1000114 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +1000115 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +1000116 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +1000117 options->max_startups_begin = -1;
118 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +1000119 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000120 options->banner = NULL;
Damien Millerc5d86352002-02-05 12:13:41 +1100121 options->verify_reverse_mapping = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000122 options->client_alive_interval = -1;
123 options->client_alive_count_max = -1;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000124 options->authorized_keys_file = NULL;
125 options->authorized_keys_file2 = NULL;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000126
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000127 /* Needs to be accessable in many places */
128 use_privsep = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000129}
130
Damien Miller4af51302000-04-16 11:18:38 +1000131void
Damien Miller95def091999-11-25 00:26:21 +1100132fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000133{
Damien Miller726273e2001-11-12 11:40:11 +1100134 /* Portable-specific options */
135 if (options->pam_authentication_via_kbd_int == -1)
136 options->pam_authentication_via_kbd_int = 0;
137
138 /* Standard Options */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100139 if (options->protocol == SSH_PROTO_UNKNOWN)
140 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
141 if (options->num_host_key_files == 0) {
142 /* fill default hostkeys for protocols */
143 if (options->protocol & SSH_PROTO_1)
Damien Miller7fc23732002-01-22 23:19:11 +1100144 options->host_key_files[options->num_host_key_files++] =
145 _PATH_HOST_KEY_FILE;
146 if (options->protocol & SSH_PROTO_2) {
147 options->host_key_files[options->num_host_key_files++] =
148 _PATH_HOST_RSA_KEY_FILE;
149 options->host_key_files[options->num_host_key_files++] =
150 _PATH_HOST_DSA_KEY_FILE;
151 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100152 }
Damien Miller34132e52000-01-14 15:45:46 +1100153 if (options->num_ports == 0)
154 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
155 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000156 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000157 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000158 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100159 if (options->server_key_bits == -1)
160 options->server_key_bits = 768;
161 if (options->login_grace_time == -1)
Damien Millerc1348632002-09-05 14:35:14 +1000162 options->login_grace_time = 120;
Damien Miller95def091999-11-25 00:26:21 +1100163 if (options->key_regeneration_time == -1)
164 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000165 if (options->permit_root_login == PERMIT_NOT_SET)
166 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100167 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100168 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100169 if (options->ignore_user_known_hosts == -1)
170 options->ignore_user_known_hosts = 0;
Damien Miller95def091999-11-25 00:26:21 +1100171 if (options->print_motd == -1)
172 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000173 if (options->print_lastlog == -1)
174 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100175 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100176 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100177 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100178 options->x11_display_offset = 10;
Damien Miller95c249f2002-02-05 12:11:34 +1100179 if (options->x11_use_localhost == -1)
180 options->x11_use_localhost = 1;
Damien Millerd3a18572000-06-07 19:55:44 +1000181 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000182 options->xauth_location = _PATH_XAUTH;
Damien Miller95def091999-11-25 00:26:21 +1100183 if (options->strict_modes == -1)
184 options->strict_modes = 1;
185 if (options->keepalives == -1)
186 options->keepalives = 1;
Damien Millerfcd93202002-02-05 12:26:34 +1100187 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
Damien Miller95def091999-11-25 00:26:21 +1100188 options->log_facility = SYSLOG_FACILITY_AUTH;
Damien Millerfcd93202002-02-05 12:26:34 +1100189 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000190 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100191 if (options->rhosts_authentication == -1)
192 options->rhosts_authentication = 0;
193 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100194 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000195 if (options->hostbased_authentication == -1)
196 options->hostbased_authentication = 0;
197 if (options->hostbased_uses_name_from_packet_only == -1)
198 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100199 if (options->rsa_authentication == -1)
200 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100201 if (options->pubkey_authentication == -1)
202 options->pubkey_authentication = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000203#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100204 if (options->kerberos_authentication == -1)
Damien Millerd7de14b2002-04-23 21:04:51 +1000205 options->kerberos_authentication = 0;
Damien Miller95def091999-11-25 00:26:21 +1100206 if (options->kerberos_or_local_passwd == -1)
207 options->kerberos_or_local_passwd = 1;
208 if (options->kerberos_ticket_cleanup == -1)
209 options->kerberos_ticket_cleanup = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000210#endif
211#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100212 if (options->kerberos_tgt_passing == -1)
213 options->kerberos_tgt_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000214#endif
Damien Miller9f0f5c62001-12-21 14:45:46 +1100215#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100216 if (options->afs_token_passing == -1)
Damien Millere4ccf102002-04-23 20:40:28 +1000217 options->afs_token_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000218#endif
Damien Miller95def091999-11-25 00:26:21 +1100219 if (options->password_authentication == -1)
220 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100221 if (options->kbd_interactive_authentication == -1)
222 options->kbd_interactive_authentication = 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000223 if (options->challenge_response_authentication == -1)
224 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100225 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100226 options->permit_empty_passwd = 0;
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000227 if (options->permit_user_env == -1)
228 options->permit_user_env = 0;
Damien Miller95def091999-11-25 00:26:21 +1100229 if (options->use_login == -1)
230 options->use_login = 0;
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000231 if (options->compression == -1)
232 options->compression = 1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100233 if (options->allow_tcp_forwarding == -1)
234 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000235 if (options->gateway_ports == -1)
236 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000237 if (options->max_startups == -1)
238 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000239 if (options->max_startups_rate == -1)
240 options->max_startups_rate = 100; /* 100% */
241 if (options->max_startups_begin == -1)
242 options->max_startups_begin = options->max_startups;
Damien Millerc5d86352002-02-05 12:13:41 +1100243 if (options->verify_reverse_mapping == -1)
244 options->verify_reverse_mapping = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000245 if (options->client_alive_interval == -1)
Damien Miller9f0f5c62001-12-21 14:45:46 +1100246 options->client_alive_interval = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000247 if (options->client_alive_count_max == -1)
248 options->client_alive_count_max = 3;
Damien Miller75413ac2001-11-12 11:14:35 +1100249 if (options->authorized_keys_file2 == NULL) {
250 /* authorized_keys_file2 falls back to authorized_keys_file */
251 if (options->authorized_keys_file != NULL)
252 options->authorized_keys_file2 = options->authorized_keys_file;
253 else
254 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
255 }
256 if (options->authorized_keys_file == NULL)
257 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000258
Ben Lindstromfb62a692002-06-06 19:47:11 +0000259 /* Turn privilege separation on by default */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000260 if (use_privsep == -1)
Ben Lindstromfb62a692002-06-06 19:47:11 +0000261 use_privsep = 1;
Damien Miller4903eb42002-06-21 16:20:44 +1000262
Tim Rice40017b02002-07-14 13:36:49 -0700263#ifndef HAVE_MMAP
Damien Miller4903eb42002-06-21 16:20:44 +1000264 if (use_privsep && options->compression == 1) {
265 error("This platform does not support both privilege "
266 "separation and compression");
267 error("Compression disabled");
268 options->compression = 0;
269 }
270#endif
271
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000272}
273
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000274/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100275typedef enum {
276 sBadOption, /* == unknown option */
Damien Miller726273e2001-11-12 11:40:11 +1100277 /* Portable-specific options */
278 sPAMAuthenticationViaKbdInt,
279 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100280 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
281 sPermitRootLogin, sLogFacility, sLogLevel,
282 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Ben Lindstromec95ed92001-07-04 04:21:14 +0000283#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100284 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000285#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000286#if defined(AFS) || defined(KRB5)
287 sKerberosTgtPassing,
288#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000289#ifdef AFS
Ben Lindstromec95ed92001-07-04 04:21:14 +0000290 sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000291#endif
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000292 sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100293 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000294 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
Damien Miller95c249f2002-02-05 12:11:34 +1100295 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
Ben Lindstrom91e98682001-09-12 16:32:14 +0000296 sStrictModes, sEmptyPasswd, sKeepAlives,
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000297 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
Damien Miller50a41ed2000-10-16 12:14:42 +1100298 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000299 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100300 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Damien Millerc5d86352002-02-05 12:13:41 +1100301 sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100302 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000303 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
Ben Lindstromc7431342002-03-22 03:11:49 +0000304 sUsePrivilegeSeparation,
Ben Lindstromade03f62001-12-06 18:22:17 +0000305 sDeprecated
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000306} ServerOpCodes;
307
308/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100309static struct {
310 const char *name;
311 ServerOpCodes opcode;
312} keywords[] = {
Damien Miller726273e2001-11-12 11:40:11 +1100313 /* Portable-specific options */
314 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
315 /* Standard Options */
Damien Miller95def091999-11-25 00:26:21 +1100316 { "port", sPort },
317 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100318 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000319 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100320 { "serverkeybits", sServerKeyBits },
321 { "logingracetime", sLoginGraceTime },
322 { "keyregenerationinterval", sKeyRegenerationTime },
323 { "permitrootlogin", sPermitRootLogin },
324 { "syslogfacility", sLogFacility },
325 { "loglevel", sLogLevel },
326 { "rhostsauthentication", sRhostsAuthentication },
327 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000328 { "hostbasedauthentication", sHostbasedAuthentication },
329 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100330 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100331 { "pubkeyauthentication", sPubkeyAuthentication },
332 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Ben Lindstromec95ed92001-07-04 04:21:14 +0000333#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100334 { "kerberosauthentication", sKerberosAuthentication },
335 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
336 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000337#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000338#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100339 { "kerberostgtpassing", sKerberosTgtPassing },
Ben Lindstromec95ed92001-07-04 04:21:14 +0000340#endif
341#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100342 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000343#endif
Damien Miller95def091999-11-25 00:26:21 +1100344 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100345 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000346 { "challengeresponseauthentication", sChallengeResponseAuthentication },
347 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Ben Lindstrom91e98682001-09-12 16:32:14 +0000348 { "checkmail", sDeprecated },
Damien Miller95def091999-11-25 00:26:21 +1100349 { "listenaddress", sListenAddress },
350 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000351 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100352 { "ignorerhosts", sIgnoreRhosts },
353 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
354 { "x11forwarding", sX11Forwarding },
355 { "x11displayoffset", sX11DisplayOffset },
Damien Miller95c249f2002-02-05 12:11:34 +1100356 { "x11uselocalhost", sX11UseLocalhost },
Damien Millerd3a18572000-06-07 19:55:44 +1000357 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100358 { "strictmodes", sStrictModes },
359 { "permitemptypasswords", sEmptyPasswd },
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000360 { "permituserenvironment", sPermitUserEnvironment },
Damien Miller95def091999-11-25 00:26:21 +1100361 { "uselogin", sUseLogin },
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000362 { "compression", sCompression },
Damien Miller95def091999-11-25 00:26:21 +1100363 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100364 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100365 { "allowusers", sAllowUsers },
366 { "denyusers", sDenyUsers },
367 { "allowgroups", sAllowGroups },
368 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000369 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000370 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000371 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000372 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000373 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000374 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000375 { "banner", sBanner },
Damien Millerc5d86352002-02-05 12:13:41 +1100376 { "verifyreversemapping", sVerifyReverseMapping },
377 { "reversemappingcheck", sVerifyReverseMapping },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000378 { "clientaliveinterval", sClientAliveInterval },
379 { "clientalivecountmax", sClientAliveCountMax },
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000380 { "authorizedkeysfile", sAuthorizedKeysFile },
381 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000382 { "useprivilegeseparation", sUsePrivilegeSeparation},
Ben Lindstrom65366a82001-12-06 16:32:47 +0000383 { NULL, sBadOption }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000384};
385
Damien Miller5428f641999-11-25 11:54:57 +1100386/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000387 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100388 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000389
Damien Miller4af51302000-04-16 11:18:38 +1000390static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100391parse_token(const char *cp, const char *filename,
392 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000393{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000394 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000395
Damien Miller95def091999-11-25 00:26:21 +1100396 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100397 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100398 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000399
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000400 error("%s: line %d: Bad configuration option: %s",
401 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100402 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000403}
404
Ben Lindstrombba81212001-06-25 05:01:22 +0000405static void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000406add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100407{
Damien Miller34132e52000-01-14 15:45:46 +1100408 int i;
409
410 if (options->num_ports == 0)
411 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000412 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000413 for (i = 0; i < options->num_ports; i++)
414 add_one_listen_addr(options, addr, options->ports[i]);
415 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000416 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000417}
418
Ben Lindstrombba81212001-06-25 05:01:22 +0000419static void
Ben Lindstromc510af42001-04-07 17:25:48 +0000420add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
421{
422 struct addrinfo hints, *ai, *aitop;
423 char strport[NI_MAXSERV];
424 int gaierr;
425
426 memset(&hints, 0, sizeof(hints));
427 hints.ai_family = IPv4or6;
428 hints.ai_socktype = SOCK_STREAM;
429 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
Ben Lindstrome1353632002-06-23 21:29:23 +0000430 snprintf(strport, sizeof strport, "%u", port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000431 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
432 fatal("bad addr or host: %s (%s)",
433 addr ? addr : "<NULL>",
434 gai_strerror(gaierr));
435 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
436 ;
437 ai->ai_next = options->listen_addrs;
438 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100439}
440
Ben Lindstromade03f62001-12-06 18:22:17 +0000441int
442process_server_config_line(ServerOptions *options, char *line,
443 const char *filename, int linenum)
444{
445 char *cp, **charptr, *arg, *p;
Ben Lindstrome1353632002-06-23 21:29:23 +0000446 int *intptr, value, i, n;
Ben Lindstromade03f62001-12-06 18:22:17 +0000447 ServerOpCodes opcode;
Ben Lindstromade03f62001-12-06 18:22:17 +0000448
449 cp = line;
450 arg = strdelim(&cp);
451 /* Ignore leading whitespace */
452 if (*arg == '\0')
453 arg = strdelim(&cp);
454 if (!arg || !*arg || *arg == '#')
455 return 0;
456 intptr = NULL;
457 charptr = NULL;
458 opcode = parse_token(arg, filename, linenum);
459 switch (opcode) {
460 /* Portable-specific options */
461 case sPAMAuthenticationViaKbdInt:
462 intptr = &options->pam_authentication_via_kbd_int;
463 goto parse_flag;
464
465 /* Standard Options */
466 case sBadOption:
467 return -1;
468 case sPort:
469 /* ignore ports from configfile if cmdline specifies ports */
470 if (options->ports_from_cmdline)
471 return 0;
472 if (options->listen_addrs != NULL)
473 fatal("%s line %d: ports must be specified before "
Damien Miller4fbf08a2002-01-22 23:35:09 +1100474 "ListenAddress.", filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000475 if (options->num_ports >= MAX_PORTS)
476 fatal("%s line %d: too many ports.",
477 filename, linenum);
478 arg = strdelim(&cp);
479 if (!arg || *arg == '\0')
480 fatal("%s line %d: missing port number.",
481 filename, linenum);
482 options->ports[options->num_ports++] = a2port(arg);
483 if (options->ports[options->num_ports-1] == 0)
484 fatal("%s line %d: Badly formatted port number.",
485 filename, linenum);
486 break;
487
488 case sServerKeyBits:
489 intptr = &options->server_key_bits;
490parse_int:
491 arg = strdelim(&cp);
492 if (!arg || *arg == '\0')
493 fatal("%s line %d: missing integer value.",
494 filename, linenum);
495 value = atoi(arg);
496 if (*intptr == -1)
497 *intptr = value;
498 break;
499
500 case sLoginGraceTime:
501 intptr = &options->login_grace_time;
502parse_time:
503 arg = strdelim(&cp);
504 if (!arg || *arg == '\0')
505 fatal("%s line %d: missing time value.",
506 filename, linenum);
507 if ((value = convtime(arg)) == -1)
508 fatal("%s line %d: invalid time value.",
509 filename, linenum);
510 if (*intptr == -1)
511 *intptr = value;
512 break;
513
514 case sKeyRegenerationTime:
515 intptr = &options->key_regeneration_time;
516 goto parse_time;
517
518 case sListenAddress:
519 arg = strdelim(&cp);
520 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
521 fatal("%s line %d: missing inet addr.",
522 filename, linenum);
523 if (*arg == '[') {
524 if ((p = strchr(arg, ']')) == NULL)
525 fatal("%s line %d: bad ipv6 inet addr usage.",
526 filename, linenum);
527 arg++;
528 memmove(p, p+1, strlen(p+1)+1);
529 } else if (((p = strchr(arg, ':')) == NULL) ||
530 (strchr(p+1, ':') != NULL)) {
531 add_listen_addr(options, arg, 0);
532 break;
533 }
534 if (*p == ':') {
535 u_short port;
536
537 p++;
538 if (*p == '\0')
539 fatal("%s line %d: bad inet addr:port usage.",
540 filename, linenum);
541 else {
542 *(p-1) = '\0';
543 if ((port = a2port(p)) == 0)
544 fatal("%s line %d: bad port number.",
545 filename, linenum);
546 add_listen_addr(options, arg, port);
547 }
548 } else if (*p == '\0')
549 add_listen_addr(options, arg, 0);
550 else
551 fatal("%s line %d: bad inet addr usage.",
552 filename, linenum);
553 break;
554
555 case sHostKeyFile:
556 intptr = &options->num_host_key_files;
557 if (*intptr >= MAX_HOSTKEYS)
558 fatal("%s line %d: too many host keys specified (max %d).",
559 filename, linenum, MAX_HOSTKEYS);
560 charptr = &options->host_key_files[*intptr];
561parse_filename:
562 arg = strdelim(&cp);
563 if (!arg || *arg == '\0')
564 fatal("%s line %d: missing file name.",
565 filename, linenum);
566 if (*charptr == NULL) {
567 *charptr = tilde_expand_filename(arg, getuid());
568 /* increase optional counter */
569 if (intptr != NULL)
570 *intptr = *intptr + 1;
571 }
572 break;
573
574 case sPidFile:
575 charptr = &options->pid_file;
576 goto parse_filename;
577
578 case sPermitRootLogin:
579 intptr = &options->permit_root_login;
580 arg = strdelim(&cp);
581 if (!arg || *arg == '\0')
582 fatal("%s line %d: missing yes/"
583 "without-password/forced-commands-only/no "
584 "argument.", filename, linenum);
585 value = 0; /* silence compiler */
586 if (strcmp(arg, "without-password") == 0)
587 value = PERMIT_NO_PASSWD;
588 else if (strcmp(arg, "forced-commands-only") == 0)
589 value = PERMIT_FORCED_ONLY;
590 else if (strcmp(arg, "yes") == 0)
591 value = PERMIT_YES;
592 else if (strcmp(arg, "no") == 0)
593 value = PERMIT_NO;
594 else
595 fatal("%s line %d: Bad yes/"
596 "without-password/forced-commands-only/no "
597 "argument: %s", filename, linenum, arg);
598 if (*intptr == -1)
599 *intptr = value;
600 break;
601
602 case sIgnoreRhosts:
603 intptr = &options->ignore_rhosts;
604parse_flag:
605 arg = strdelim(&cp);
606 if (!arg || *arg == '\0')
607 fatal("%s line %d: missing yes/no argument.",
608 filename, linenum);
609 value = 0; /* silence compiler */
610 if (strcmp(arg, "yes") == 0)
611 value = 1;
612 else if (strcmp(arg, "no") == 0)
613 value = 0;
614 else
615 fatal("%s line %d: Bad yes/no argument: %s",
616 filename, linenum, arg);
617 if (*intptr == -1)
618 *intptr = value;
619 break;
620
621 case sIgnoreUserKnownHosts:
622 intptr = &options->ignore_user_known_hosts;
623 goto parse_flag;
624
625 case sRhostsAuthentication:
626 intptr = &options->rhosts_authentication;
627 goto parse_flag;
628
629 case sRhostsRSAAuthentication:
630 intptr = &options->rhosts_rsa_authentication;
631 goto parse_flag;
632
633 case sHostbasedAuthentication:
634 intptr = &options->hostbased_authentication;
635 goto parse_flag;
636
637 case sHostbasedUsesNameFromPacketOnly:
638 intptr = &options->hostbased_uses_name_from_packet_only;
639 goto parse_flag;
640
641 case sRSAAuthentication:
642 intptr = &options->rsa_authentication;
643 goto parse_flag;
644
645 case sPubkeyAuthentication:
646 intptr = &options->pubkey_authentication;
647 goto parse_flag;
648#if defined(KRB4) || defined(KRB5)
649 case sKerberosAuthentication:
650 intptr = &options->kerberos_authentication;
651 goto parse_flag;
652
653 case sKerberosOrLocalPasswd:
654 intptr = &options->kerberos_or_local_passwd;
655 goto parse_flag;
656
657 case sKerberosTicketCleanup:
658 intptr = &options->kerberos_ticket_cleanup;
659 goto parse_flag;
660#endif
661#if defined(AFS) || defined(KRB5)
662 case sKerberosTgtPassing:
663 intptr = &options->kerberos_tgt_passing;
664 goto parse_flag;
665#endif
666#ifdef AFS
667 case sAFSTokenPassing:
668 intptr = &options->afs_token_passing;
669 goto parse_flag;
670#endif
671
672 case sPasswordAuthentication:
673 intptr = &options->password_authentication;
674 goto parse_flag;
675
676 case sKbdInteractiveAuthentication:
677 intptr = &options->kbd_interactive_authentication;
678 goto parse_flag;
679
680 case sChallengeResponseAuthentication:
681 intptr = &options->challenge_response_authentication;
682 goto parse_flag;
683
684 case sPrintMotd:
685 intptr = &options->print_motd;
686 goto parse_flag;
687
688 case sPrintLastLog:
689 intptr = &options->print_lastlog;
690 goto parse_flag;
691
692 case sX11Forwarding:
693 intptr = &options->x11_forwarding;
694 goto parse_flag;
695
696 case sX11DisplayOffset:
697 intptr = &options->x11_display_offset;
698 goto parse_int;
699
Damien Miller95c249f2002-02-05 12:11:34 +1100700 case sX11UseLocalhost:
701 intptr = &options->x11_use_localhost;
702 goto parse_flag;
703
Ben Lindstromade03f62001-12-06 18:22:17 +0000704 case sXAuthLocation:
705 charptr = &options->xauth_location;
706 goto parse_filename;
707
708 case sStrictModes:
709 intptr = &options->strict_modes;
710 goto parse_flag;
711
712 case sKeepAlives:
713 intptr = &options->keepalives;
714 goto parse_flag;
715
716 case sEmptyPasswd:
717 intptr = &options->permit_empty_passwd;
718 goto parse_flag;
719
Ben Lindstrom5d860f02002-08-01 01:28:38 +0000720 case sPermitUserEnvironment:
721 intptr = &options->permit_user_env;
722 goto parse_flag;
723
Ben Lindstromade03f62001-12-06 18:22:17 +0000724 case sUseLogin:
725 intptr = &options->use_login;
726 goto parse_flag;
727
Ben Lindstrom23e0f662002-06-21 01:09:47 +0000728 case sCompression:
729 intptr = &options->compression;
730 goto parse_flag;
731
Ben Lindstromade03f62001-12-06 18:22:17 +0000732 case sGatewayPorts:
733 intptr = &options->gateway_ports;
734 goto parse_flag;
735
Damien Millerc5d86352002-02-05 12:13:41 +1100736 case sVerifyReverseMapping:
737 intptr = &options->verify_reverse_mapping;
Ben Lindstromade03f62001-12-06 18:22:17 +0000738 goto parse_flag;
739
740 case sLogFacility:
741 intptr = (int *) &options->log_facility;
742 arg = strdelim(&cp);
743 value = log_facility_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100744 if (value == SYSLOG_FACILITY_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000745 fatal("%.200s line %d: unsupported log facility '%s'",
746 filename, linenum, arg ? arg : "<NONE>");
747 if (*intptr == -1)
748 *intptr = (SyslogFacility) value;
749 break;
750
751 case sLogLevel:
752 intptr = (int *) &options->log_level;
753 arg = strdelim(&cp);
754 value = log_level_number(arg);
Damien Millerfcd93202002-02-05 12:26:34 +1100755 if (value == SYSLOG_LEVEL_NOT_SET)
Ben Lindstromade03f62001-12-06 18:22:17 +0000756 fatal("%.200s line %d: unsupported log level '%s'",
757 filename, linenum, arg ? arg : "<NONE>");
758 if (*intptr == -1)
759 *intptr = (LogLevel) value;
760 break;
761
762 case sAllowTcpForwarding:
763 intptr = &options->allow_tcp_forwarding;
764 goto parse_flag;
765
Ben Lindstrom7a2073c2002-03-22 02:30:41 +0000766 case sUsePrivilegeSeparation:
767 intptr = &use_privsep;
768 goto parse_flag;
769
Ben Lindstromade03f62001-12-06 18:22:17 +0000770 case sAllowUsers:
771 while ((arg = strdelim(&cp)) && *arg != '\0') {
772 if (options->num_allow_users >= MAX_ALLOW_USERS)
773 fatal("%s line %d: too many allow users.",
774 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000775 options->allow_users[options->num_allow_users++] =
776 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000777 }
778 break;
779
780 case sDenyUsers:
781 while ((arg = strdelim(&cp)) && *arg != '\0') {
782 if (options->num_deny_users >= MAX_DENY_USERS)
783 fatal( "%s line %d: too many deny users.",
784 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000785 options->deny_users[options->num_deny_users++] =
786 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000787 }
788 break;
789
790 case sAllowGroups:
791 while ((arg = strdelim(&cp)) && *arg != '\0') {
792 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
793 fatal("%s line %d: too many allow groups.",
794 filename, linenum);
Ben Lindstrome1353632002-06-23 21:29:23 +0000795 options->allow_groups[options->num_allow_groups++] =
796 xstrdup(arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000797 }
798 break;
799
800 case sDenyGroups:
801 while ((arg = strdelim(&cp)) && *arg != '\0') {
802 if (options->num_deny_groups >= MAX_DENY_GROUPS)
803 fatal("%s line %d: too many deny groups.",
804 filename, linenum);
805 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
806 }
807 break;
808
809 case sCiphers:
810 arg = strdelim(&cp);
811 if (!arg || *arg == '\0')
812 fatal("%s line %d: Missing argument.", filename, linenum);
813 if (!ciphers_valid(arg))
814 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
815 filename, linenum, arg ? arg : "<NONE>");
816 if (options->ciphers == NULL)
817 options->ciphers = xstrdup(arg);
818 break;
819
820 case sMacs:
821 arg = strdelim(&cp);
822 if (!arg || *arg == '\0')
823 fatal("%s line %d: Missing argument.", filename, linenum);
824 if (!mac_valid(arg))
825 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
826 filename, linenum, arg ? arg : "<NONE>");
827 if (options->macs == NULL)
828 options->macs = xstrdup(arg);
829 break;
830
831 case sProtocol:
832 intptr = &options->protocol;
833 arg = strdelim(&cp);
834 if (!arg || *arg == '\0')
835 fatal("%s line %d: Missing argument.", filename, linenum);
836 value = proto_spec(arg);
837 if (value == SSH_PROTO_UNKNOWN)
838 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100839 filename, linenum, arg ? arg : "<NONE>");
Ben Lindstromade03f62001-12-06 18:22:17 +0000840 if (*intptr == SSH_PROTO_UNKNOWN)
841 *intptr = value;
842 break;
843
844 case sSubsystem:
845 if (options->num_subsystems >= MAX_SUBSYSTEMS) {
846 fatal("%s line %d: too many subsystems defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100847 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000848 }
849 arg = strdelim(&cp);
850 if (!arg || *arg == '\0')
851 fatal("%s line %d: Missing subsystem name.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100852 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000853 for (i = 0; i < options->num_subsystems; i++)
854 if (strcmp(arg, options->subsystem_name[i]) == 0)
855 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100856 filename, linenum, arg);
Ben Lindstromade03f62001-12-06 18:22:17 +0000857 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
858 arg = strdelim(&cp);
859 if (!arg || *arg == '\0')
860 fatal("%s line %d: Missing subsystem command.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100861 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000862 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
863 options->num_subsystems++;
864 break;
865
866 case sMaxStartups:
867 arg = strdelim(&cp);
868 if (!arg || *arg == '\0')
869 fatal("%s line %d: Missing MaxStartups spec.",
Damien Miller9f0f5c62001-12-21 14:45:46 +1100870 filename, linenum);
Ben Lindstromade03f62001-12-06 18:22:17 +0000871 if ((n = sscanf(arg, "%d:%d:%d",
872 &options->max_startups_begin,
873 &options->max_startups_rate,
874 &options->max_startups)) == 3) {
875 if (options->max_startups_begin >
876 options->max_startups ||
877 options->max_startups_rate > 100 ||
878 options->max_startups_rate < 1)
879 fatal("%s line %d: Illegal MaxStartups spec.",
880 filename, linenum);
881 } else if (n != 1)
882 fatal("%s line %d: Illegal MaxStartups spec.",
883 filename, linenum);
884 else
885 options->max_startups = options->max_startups_begin;
886 break;
887
888 case sBanner:
889 charptr = &options->banner;
890 goto parse_filename;
891 /*
892 * These options can contain %X options expanded at
893 * connect time, so that you can specify paths like:
894 *
895 * AuthorizedKeysFile /etc/ssh_keys/%u
896 */
897 case sAuthorizedKeysFile:
898 case sAuthorizedKeysFile2:
899 charptr = (opcode == sAuthorizedKeysFile ) ?
900 &options->authorized_keys_file :
901 &options->authorized_keys_file2;
902 goto parse_filename;
903
904 case sClientAliveInterval:
905 intptr = &options->client_alive_interval;
906 goto parse_time;
907
908 case sClientAliveCountMax:
909 intptr = &options->client_alive_count_max;
910 goto parse_int;
911
912 case sDeprecated:
913 log("%s line %d: Deprecated option %s",
914 filename, linenum, arg);
915 while (arg)
916 arg = strdelim(&cp);
917 break;
918
919 default:
920 fatal("%s line %d: Missing handler for opcode %s (%d)",
921 filename, linenum, arg, opcode);
922 }
923 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
924 fatal("%s line %d: garbage at end of line; \"%.200s\".",
925 filename, linenum, arg);
926 return 0;
927}
928
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000929/* Reads the server configuration file. */
930
Damien Miller4af51302000-04-16 11:18:38 +1000931void
Damien Miller95def091999-11-25 00:26:21 +1100932read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000933{
Ben Lindstrome1353632002-06-23 21:29:23 +0000934 int linenum, bad_options = 0;
Damien Miller95def091999-11-25 00:26:21 +1100935 char line[1024];
Ben Lindstrome1353632002-06-23 21:29:23 +0000936 FILE *f;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000937
Damien Miller9f82c8f2003-02-24 12:04:33 +1100938 debug2("read_server_config: filename %s", filename);
Damien Miller95def091999-11-25 00:26:21 +1100939 f = fopen(filename, "r");
940 if (!f) {
941 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000942 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100943 }
944 linenum = 0;
945 while (fgets(line, sizeof(line), f)) {
Ben Lindstromade03f62001-12-06 18:22:17 +0000946 /* Update line number counter. */
Damien Miller95def091999-11-25 00:26:21 +1100947 linenum++;
Ben Lindstromade03f62001-12-06 18:22:17 +0000948 if (process_server_config_line(options, line, filename, linenum) != 0)
Damien Miller95def091999-11-25 00:26:21 +1100949 bad_options++;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000950 }
Damien Miller95def091999-11-25 00:26:21 +1100951 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000952 if (bad_options > 0)
953 fatal("%s: terminating, %d bad configuration options",
954 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000955}