Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / ec95ed9b4ca014643a0272f6fa5b24ac9c70d263 / . / servconf.c
blob: 7dbf31834b1214fba6b8d9190523470bb726461e [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]1/*
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]4 *
Damien Millere4340be2000-09-16 13:29:08 +1100[diff] [blame]5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]10 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]11
12#include "includes.h"
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]13RCSID("$OpenBSD: servconf.c,v 1.85 2001/06/26 16:15:24 dugsong Exp $");
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]14
15#ifdef KRB4
16#include <krb.h>
17#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]18
19#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]20#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]21#include "servconf.h"
22#include "xmalloc.h"
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]23#include "compat.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]24#include "pathnames.h"
25#include "tildexpand.h"
26#include "misc.h"
27#include "cipher.h"
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]28#include "kex.h"
29#include "mac.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]30
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]31static void add_listen_addr(ServerOptions *, char *, u_short);
32static void add_one_listen_addr(ServerOptions *, char *, u_short);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]33
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]34/* AF_UNSPEC or AF_INET or AF_INET6 */
35extern int IPv4or6;
36
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]37/* Initializes the server options to their default values. */
38
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]39void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]40initialize_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]41{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]42 memset(options, 0, sizeof(*options));
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]43 options->num_ports = 0;
44 options->ports_from_cmdline = 0;
45 options->listen_addrs = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]46 options->num_host_key_files = 0;
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]47 options->pid_file = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]48 options->server_key_bits = -1;
49 options->login_grace_time = -1;
50 options->key_regeneration_time = -1;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]51 options->permit_root_login = PERMIT_NOT_SET;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]52 options->ignore_rhosts = -1;
53 options->ignore_user_known_hosts = -1;
54 options->print_motd = -1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]55 options->print_lastlog = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]56 options->check_mail = -1;
57 options->x11_forwarding = -1;
58 options->x11_display_offset = -1;
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]59 options->xauth_location = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]60 options->strict_modes = -1;
61 options->keepalives = -1;
62 options->log_facility = (SyslogFacility) - 1;
63 options->log_level = (LogLevel) - 1;
64 options->rhosts_authentication = -1;
65 options->rhosts_rsa_authentication = -1;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]66 options->hostbased_authentication = -1;
67 options->hostbased_uses_name_from_packet_only = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]68 options->rsa_authentication = -1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]69 options->pubkey_authentication = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]70#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]71 options->kerberos_authentication = -1;
72 options->kerberos_or_local_passwd = -1;
73 options->kerberos_ticket_cleanup = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]74#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]75#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]76 options->kerberos_tgt_passing = -1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]77#endif
78#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]79 options->afs_token_passing = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]80#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]81 options->password_authentication = -1;
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]82 options->kbd_interactive_authentication = -1;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]83 options->challenge_response_authentication = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]84 options->permit_empty_passwd = -1;
85 options->use_login = -1;
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]86 options->allow_tcp_forwarding = -1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]87 options->num_allow_users = 0;
88 options->num_deny_users = 0;
89 options->num_allow_groups = 0;
90 options->num_deny_groups = 0;
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]91 options->ciphers = NULL;
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]92 options->macs = NULL;
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]93 options->protocol = SSH_PROTO_UNKNOWN;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]94 options->gateway_ports = -1;
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]95 options->num_subsystems = 0;
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]98 options->max_startups = -1;
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]99 options->banner = NULL;
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]100 options->reverse_mapping_check = -1;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]101 options->client_alive_interval = -1;
102 options->client_alive_count_max = -1;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]103 options->authorized_keys_file = NULL;
104 options->authorized_keys_file2 = NULL;
Damien Millerf8154422001-04-25 22:44:14 +1000[diff] [blame]105 options->pam_authentication_via_kbd_int = -1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]106}
107
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]108void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]109fill_default_server_options(ServerOptions *options)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]110{
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]111 if (options->protocol == SSH_PROTO_UNKNOWN)
112 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
113 if (options->num_host_key_files == 0) {
114 /* fill default hostkeys for protocols */
115 if (options->protocol & SSH_PROTO_1)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]116 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]117 if (options->protocol & SSH_PROTO_2)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]118 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]119 }
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]120 if (options->num_ports == 0)
121 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
122 if (options->listen_addrs == NULL)
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]123 add_listen_addr(options, NULL, 0);
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]124 if (options->pid_file == NULL)
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]125 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]126 if (options->server_key_bits == -1)
127 options->server_key_bits = 768;
128 if (options->login_grace_time == -1)
129 options->login_grace_time = 600;
130 if (options->key_regeneration_time == -1)
131 options->key_regeneration_time = 3600;
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]132 if (options->permit_root_login == PERMIT_NOT_SET)
133 options->permit_root_login = PERMIT_YES;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]134 if (options->ignore_rhosts == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]135 options->ignore_rhosts = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]136 if (options->ignore_user_known_hosts == -1)
137 options->ignore_user_known_hosts = 0;
138 if (options->check_mail == -1)
139 options->check_mail = 0;
140 if (options->print_motd == -1)
141 options->print_motd = 1;
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]142 if (options->print_lastlog == -1)
143 options->print_lastlog = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]144 if (options->x11_forwarding == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]145 options->x11_forwarding = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]146 if (options->x11_display_offset == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]147 options->x11_display_offset = 10;
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000[diff] [blame]148#ifdef _PATH_XAUTH
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]149 if (options->xauth_location == NULL)
Ben Lindstrom1bf11f62001-06-09 01:48:01 +0000[diff] [blame]150 options->xauth_location = _PATH_XAUTH;
151#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]152 if (options->strict_modes == -1)
153 options->strict_modes = 1;
154 if (options->keepalives == -1)
155 options->keepalives = 1;
156 if (options->log_facility == (SyslogFacility) (-1))
157 options->log_facility = SYSLOG_FACILITY_AUTH;
158 if (options->log_level == (LogLevel) (-1))
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000[diff] [blame]159 options->log_level = SYSLOG_LEVEL_INFO;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]160 if (options->rhosts_authentication == -1)
161 options->rhosts_authentication = 0;
162 if (options->rhosts_rsa_authentication == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]163 options->rhosts_rsa_authentication = 0;
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]164 if (options->hostbased_authentication == -1)
165 options->hostbased_authentication = 0;
166 if (options->hostbased_uses_name_from_packet_only == -1)
167 options->hostbased_uses_name_from_packet_only = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]168 if (options->rsa_authentication == -1)
169 options->rsa_authentication = 1;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]170 if (options->pubkey_authentication == -1)
171 options->pubkey_authentication = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]172#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]173 if (options->kerberos_authentication == -1)
174 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
175 if (options->kerberos_or_local_passwd == -1)
176 options->kerberos_or_local_passwd = 1;
177 if (options->kerberos_ticket_cleanup == -1)
178 options->kerberos_ticket_cleanup = 1;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]179#endif
180#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]181 if (options->kerberos_tgt_passing == -1)
182 options->kerberos_tgt_passing = 0;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]183#endif
184#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]185 if (options->afs_token_passing == -1)
186 options->afs_token_passing = k_hasafs();
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]187#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]188 if (options->password_authentication == -1)
189 options->password_authentication = 1;
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]190 if (options->kbd_interactive_authentication == -1)
191 options->kbd_interactive_authentication = 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]192 if (options->challenge_response_authentication == -1)
193 options->challenge_response_authentication = 1;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]194 if (options->permit_empty_passwd == -1)
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]195 options->permit_empty_passwd = 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]196 if (options->use_login == -1)
197 options->use_login = 0;
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]198 if (options->allow_tcp_forwarding == -1)
199 options->allow_tcp_forwarding = 1;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]200 if (options->gateway_ports == -1)
201 options->gateway_ports = 0;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]202 if (options->max_startups == -1)
203 options->max_startups = 10;
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]204 if (options->max_startups_rate == -1)
205 options->max_startups_rate = 100; /* 100% */
206 if (options->max_startups_begin == -1)
207 options->max_startups_begin = options->max_startups;
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]208 if (options->reverse_mapping_check == -1)
209 options->reverse_mapping_check = 0;
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]210 if (options->client_alive_interval == -1)
211 options->client_alive_interval = 0;
212 if (options->client_alive_count_max == -1)
213 options->client_alive_count_max = 3;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]214 if (options->authorized_keys_file == NULL)
215 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
216 if (options->authorized_keys_file2 == NULL)
217 options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
Damien Millerf8154422001-04-25 22:44:14 +1000[diff] [blame]218 if (options->pam_authentication_via_kbd_int == -1)
219 options->pam_authentication_via_kbd_int = 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]220}
221
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]222/* Keyword tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]223typedef enum {
224 sBadOption, /* == unknown option */
225 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
226 sPermitRootLogin, sLogFacility, sLogLevel,
227 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]228#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]229 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]230#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]231#if defined(AFS) || defined(KRB5)
232 sKerberosTgtPassing,
233#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]234#ifdef AFS
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]235 sAFSTokenPassing,
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]236#endif
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]237 sChallengeResponseAuthentication,
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]238 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]239 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
240 sX11Forwarding, sX11DisplayOffset,
Ben Lindstromd9cae222001-03-05 07:42:03 +0000[diff] [blame]241 sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail,
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]242 sUseLogin, sAllowTcpForwarding,
243 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]244 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]245 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]246 sBanner, sReverseMappingCheck, sHostbasedAuthentication,
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]247 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]248 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
249 sPAMAuthenticationViaKbdInt
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]250} ServerOpCodes;
251
252/* Textual representation of the tokens. */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]253static struct {
254 const char *name;
255 ServerOpCodes opcode;
256} keywords[] = {
257 { "port", sPort },
258 { "hostkey", sHostKeyFile },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]259 { "hostdsakey", sHostKeyFile }, /* alias */
Kevin Stevesef4eea92001-02-05 12:42:17 +0000[diff] [blame]260 { "pidfile", sPidFile },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]261 { "serverkeybits", sServerKeyBits },
262 { "logingracetime", sLoginGraceTime },
263 { "keyregenerationinterval", sKeyRegenerationTime },
264 { "permitrootlogin", sPermitRootLogin },
265 { "syslogfacility", sLogFacility },
266 { "loglevel", sLogLevel },
267 { "rhostsauthentication", sRhostsAuthentication },
268 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]269 { "hostbasedauthentication", sHostbasedAuthentication },
270 { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]271 { "rsaauthentication", sRSAAuthentication },
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]272 { "pubkeyauthentication", sPubkeyAuthentication },
273 { "dsaauthentication", sPubkeyAuthentication }, /* alias */
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]274#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]275 { "kerberosauthentication", sKerberosAuthentication },
276 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
277 { "kerberosticketcleanup", sKerberosTicketCleanup },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]278#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]279#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]280 { "kerberostgtpassing", sKerberosTgtPassing },
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]281#endif
282#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]283 { "afstokenpassing", sAFSTokenPassing },
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]284#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]285 { "passwordauthentication", sPasswordAuthentication },
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]286 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]287 { "challengeresponseauthentication", sChallengeResponseAuthentication },
288 { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]289 { "checkmail", sCheckMail },
290 { "listenaddress", sListenAddress },
291 { "printmotd", sPrintMotd },
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]292 { "printlastlog", sPrintLastLog },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]293 { "ignorerhosts", sIgnoreRhosts },
294 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
295 { "x11forwarding", sX11Forwarding },
296 { "x11displayoffset", sX11DisplayOffset },
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]297 { "xauthlocation", sXAuthLocation },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]298 { "strictmodes", sStrictModes },
299 { "permitemptypasswords", sEmptyPasswd },
300 { "uselogin", sUseLogin },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]301 { "keepalive", sKeepAlives },
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]302 { "allowtcpforwarding", sAllowTcpForwarding },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]303 { "allowusers", sAllowUsers },
304 { "denyusers", sDenyUsers },
305 { "allowgroups", sAllowGroups },
306 { "denygroups", sDenyGroups },
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]307 { "ciphers", sCiphers },
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]308 { "macs", sMacs },
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]309 { "protocol", sProtocol },
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]310 { "gatewayports", sGatewayPorts },
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]311 { "subsystem", sSubsystem },
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]312 { "maxstartups", sMaxStartups },
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]313 { "banner", sBanner },
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]314 { "reversemappingcheck", sReverseMappingCheck },
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]315 { "clientaliveinterval", sClientAliveInterval },
316 { "clientalivecountmax", sClientAliveCountMax },
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]317 { "authorizedkeysfile", sAuthorizedKeysFile },
318 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
Damien Millerf8154422001-04-25 22:44:14 +1000[diff] [blame]319 { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]320 { NULL, 0 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]321};
322
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]323/*
Ben Lindstrom3704c262001-04-02 18:20:03 +0000[diff] [blame]324 * Returns the number of the token pointed to by cp or sBadOption.
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]325 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]326
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]327static ServerOpCodes
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]328parse_token(const char *cp, const char *filename,
329 int linenum)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]330{
Ben Lindstrom46c16222000-12-22 01:43:59 +0000[diff] [blame]331 u_int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]332
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]333 for (i = 0; keywords[i].name; i++)
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]334 if (strcasecmp(cp, keywords[i].name) == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]335 return keywords[i].opcode;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]336
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]337 error("%s: line %d: Bad configuration option: %s",
338 filename, linenum, cp);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]339 return sBadOption;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]340}
341
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]342static void
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]343add_listen_addr(ServerOptions *options, char *addr, u_short port)
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]344{
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]345 int i;
346
347 if (options->num_ports == 0)
348 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]349 if (port == 0)
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]350 for (i = 0; i < options->num_ports; i++)
351 add_one_listen_addr(options, addr, options->ports[i]);
352 else
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]353 add_one_listen_addr(options, addr, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]354}
355
Ben Lindstrombba81212001-06-25 05:01:22 +0000[diff] [blame]356static void
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]357add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
358{
359 struct addrinfo hints, *ai, *aitop;
360 char strport[NI_MAXSERV];
361 int gaierr;
362
363 memset(&hints, 0, sizeof(hints));
364 hints.ai_family = IPv4or6;
365 hints.ai_socktype = SOCK_STREAM;
366 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
367 snprintf(strport, sizeof strport, "%d", port);
368 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
369 fatal("bad addr or host: %s (%s)",
370 addr ? addr : "<NULL>",
371 gai_strerror(gaierr));
372 for (ai = aitop; ai->ai_next; ai = ai->ai_next)
373 ;
374 ai->ai_next = options->listen_addrs;
375 options->listen_addrs = aitop;
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]376}
377
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]378/* Reads the server configuration file. */
379
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]380void
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]381read_server_config(ServerOptions *options, const char *filename)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]382{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]383 FILE *f;
384 char line[1024];
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]385 char *cp, **charptr, *arg, *p;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]386 int linenum, *intptr, value;
387 int bad_options = 0;
388 ServerOpCodes opcode;
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]389 int i;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]390
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]391 f = fopen(filename, "r");
392 if (!f) {
393 perror(filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]394 exit(1);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]395 }
396 linenum = 0;
397 while (fgets(line, sizeof(line), f)) {
398 linenum++;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]399 cp = line;
400 arg = strdelim(&cp);
401 /* Ignore leading whitespace */
402 if (*arg == '\0')
403 arg = strdelim(&cp);
Ben Lindstrom226cfa02001-01-22 05:34:40 +0000[diff] [blame]404 if (!arg || !*arg || *arg == '#')
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]405 continue;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]406 intptr = NULL;
407 charptr = NULL;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]408 opcode = parse_token(arg, filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]409 switch (opcode) {
410 case sBadOption:
411 bad_options++;
412 continue;
413 case sPort:
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]414 /* ignore ports from configfile if cmdline specifies ports */
415 if (options->ports_from_cmdline)
416 continue;
417 if (options->listen_addrs != NULL)
418 fatal("%s line %d: ports must be specified before "
Ben Lindstroma6218b82001-05-03 22:39:11 +0000[diff] [blame]419 "ListenAdress.", filename, linenum);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]420 if (options->num_ports >= MAX_PORTS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]421 fatal("%s line %d: too many ports.",
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]422 filename, linenum);
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]423 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]424 if (!arg || *arg == '\0')
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]425 fatal("%s line %d: missing port number.",
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]426 filename, linenum);
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]427 options->ports[options->num_ports++] = a2port(arg);
428 if (options->ports[options->num_ports-1] == 0)
429 fatal("%s line %d: Badly formatted port number.",
430 filename, linenum);
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]431 break;
432
433 case sServerKeyBits:
434 intptr = &options->server_key_bits;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]435parse_int:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]436 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]437 if (!arg || *arg == '\0')
438 fatal("%s line %d: missing integer value.",
439 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]440 value = atoi(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]441 if (*intptr == -1)
442 *intptr = value;
443 break;
Damien Miller32265091999-11-12 11:33:04 +1100[diff] [blame]444
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]445 case sLoginGraceTime:
446 intptr = &options->login_grace_time;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]447parse_time:
448 arg = strdelim(&cp);
449 if (!arg || *arg == '\0')
450 fatal("%s line %d: missing time value.",
451 filename, linenum);
452 if ((value = convtime(arg)) == -1)
453 fatal("%s line %d: invalid time value.",
454 filename, linenum);
455 if (*intptr == -1)
456 *intptr = value;
457 break;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]458
459 case sKeyRegenerationTime:
460 intptr = &options->key_regeneration_time;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]461 goto parse_time;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]462
463 case sListenAddress:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]464 arg = strdelim(&cp);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]465 if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]466 fatal("%s line %d: missing inet addr.",
Damien Miller34132e52000-01-14 15:45:46 +1100[diff] [blame]467 filename, linenum);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]468 if (*arg == '[') {
469 if ((p = strchr(arg, ']')) == NULL)
470 fatal("%s line %d: bad ipv6 inet addr usage.",
471 filename, linenum);
472 arg++;
473 memmove(p, p+1, strlen(p+1)+1);
474 } else if (((p = strchr(arg, ':')) == NULL) ||
475 (strchr(p+1, ':') != NULL)) {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]476 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]477 break;
478 }
479 if (*p == ':') {
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]480 u_short port;
481
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]482 p++;
483 if (*p == '\0')
484 fatal("%s line %d: bad inet addr:port usage.",
485 filename, linenum);
486 else {
487 *(p-1) = '\0';
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]488 if ((port = a2port(p)) == 0)
489 fatal("%s line %d: bad port number.",
490 filename, linenum);
491 add_listen_addr(options, arg, port);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]492 }
493 } else if (*p == '\0')
Ben Lindstrom19066a12001-04-12 23:39:26 +0000[diff] [blame]494 add_listen_addr(options, arg, 0);
Ben Lindstromc510af42001-04-07 17:25:48 +0000[diff] [blame]495 else
496 fatal("%s line %d: bad inet addr usage.",
497 filename, linenum);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]498 break;
499
500 case sHostKeyFile:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]501 intptr = &options->num_host_key_files;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]502 if (*intptr >= MAX_HOSTKEYS)
503 fatal("%s line %d: too many host keys specified (max %d).",
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]504 filename, linenum, MAX_HOSTKEYS);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]505 charptr = &options->host_key_files[*intptr];
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]506parse_filename:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]507 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]508 if (!arg || *arg == '\0')
509 fatal("%s line %d: missing file name.",
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]510 filename, linenum);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]511 if (*charptr == NULL) {
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]512 *charptr = tilde_expand_filename(arg, getuid());
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]513 /* increase optional counter */
514 if (intptr != NULL)
515 *intptr = *intptr + 1;
516 }
Damien Miller6f83b8e2000-05-02 09:23:45 +1000[diff] [blame]517 break;
518
519 case sPidFile:
520 charptr = &options->pid_file;
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]521 goto parse_filename;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]522
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]523 case sPermitRootLogin:
524 intptr = &options->permit_root_login;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]525 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]526 if (!arg || *arg == '\0')
527 fatal("%s line %d: missing yes/"
Ben Lindstrom35f1f4e2001-03-06 01:02:41 +0000[diff] [blame]528 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]529 "argument.", filename, linenum);
530 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]531 if (strcmp(arg, "without-password") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]532 value = PERMIT_NO_PASSWD;
533 else if (strcmp(arg, "forced-commands-only") == 0)
534 value = PERMIT_FORCED_ONLY;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]535 else if (strcmp(arg, "yes") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]536 value = PERMIT_YES;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]537 else if (strcmp(arg, "no") == 0)
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]538 value = PERMIT_NO;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]539 else
540 fatal("%s line %d: Bad yes/"
Ben Lindstromd8a90212001-02-15 03:08:27 +0000[diff] [blame]541 "without-password/forced-commands-only/no "
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]542 "argument: %s", filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]543 if (*intptr == -1)
544 *intptr = value;
545 break;
546
547 case sIgnoreRhosts:
548 intptr = &options->ignore_rhosts;
549parse_flag:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]550 arg = strdelim(&cp);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]551 if (!arg || *arg == '\0')
552 fatal("%s line %d: missing yes/no argument.",
553 filename, linenum);
554 value = 0; /* silence compiler */
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]555 if (strcmp(arg, "yes") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]556 value = 1;
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]557 else if (strcmp(arg, "no") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]558 value = 0;
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]559 else
560 fatal("%s line %d: Bad yes/no argument: %s",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]561 filename, linenum, arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]562 if (*intptr == -1)
563 *intptr = value;
564 break;
565
566 case sIgnoreUserKnownHosts:
567 intptr = &options->ignore_user_known_hosts;
Damien Miller98c7ad62000-03-09 21:27:49 +1100[diff] [blame]568 goto parse_flag;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]569
570 case sRhostsAuthentication:
571 intptr = &options->rhosts_authentication;
572 goto parse_flag;
573
574 case sRhostsRSAAuthentication:
575 intptr = &options->rhosts_rsa_authentication;
576 goto parse_flag;
577
Ben Lindstrom5eabda32001-04-12 23:34:34 +0000[diff] [blame]578 case sHostbasedAuthentication:
579 intptr = &options->hostbased_authentication;
580 goto parse_flag;
581
582 case sHostbasedUsesNameFromPacketOnly:
583 intptr = &options->hostbased_uses_name_from_packet_only;
584 goto parse_flag;
585
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]586 case sRSAAuthentication:
587 intptr = &options->rsa_authentication;
588 goto parse_flag;
589
Damien Miller0bc1bd82000-11-13 22:57:25 +1100[diff] [blame]590 case sPubkeyAuthentication:
591 intptr = &options->pubkey_authentication;
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]592 goto parse_flag;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]593#if defined(KRB4) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]594 case sKerberosAuthentication:
595 intptr = &options->kerberos_authentication;
596 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]597
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]598 case sKerberosOrLocalPasswd:
599 intptr = &options->kerberos_or_local_passwd;
600 goto parse_flag;
601
602 case sKerberosTicketCleanup:
603 intptr = &options->kerberos_ticket_cleanup;
604 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]605#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]606#if defined(AFS) || defined(KRB5)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]607 case sKerberosTgtPassing:
608 intptr = &options->kerberos_tgt_passing;
609 goto parse_flag;
Ben Lindstromec95ed92001-07-04 04:21:14 +0000[diff] [blame^]610#endif
611#ifdef AFS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]612 case sAFSTokenPassing:
613 intptr = &options->afs_token_passing;
614 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]615#endif
616
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]617 case sPasswordAuthentication:
618 intptr = &options->password_authentication;
619 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]620
Damien Miller874d77b2000-10-14 16:23:11 +1100[diff] [blame]621 case sKbdInteractiveAuthentication:
622 intptr = &options->kbd_interactive_authentication;
623 goto parse_flag;
624
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]625 case sCheckMail:
626 intptr = &options->check_mail;
627 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]628
Ben Lindstrom95fb2dd2001-01-23 03:12:10 +0000[diff] [blame]629 case sChallengeResponseAuthentication:
Ben Lindstrom551ea372001-06-05 18:56:16 +0000[diff] [blame]630 intptr = &options->challenge_response_authentication;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]631 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]632
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]633 case sPrintMotd:
634 intptr = &options->print_motd;
635 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]636
Ben Lindstrom7bfff362001-03-26 05:45:53 +0000[diff] [blame]637 case sPrintLastLog:
638 intptr = &options->print_lastlog;
639 goto parse_flag;
640
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]641 case sX11Forwarding:
642 intptr = &options->x11_forwarding;
643 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]644
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]645 case sX11DisplayOffset:
646 intptr = &options->x11_display_offset;
647 goto parse_int;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]648
Damien Millerd3a18572000-06-07 19:55:44 +1000[diff] [blame]649 case sXAuthLocation:
650 charptr = &options->xauth_location;
651 goto parse_filename;
Kevin Stevesef4eea92001-02-05 12:42:17 +0000[diff] [blame]652
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]653 case sStrictModes:
654 intptr = &options->strict_modes;
655 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]656
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]657 case sKeepAlives:
658 intptr = &options->keepalives;
659 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]660
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]661 case sEmptyPasswd:
662 intptr = &options->permit_empty_passwd;
663 goto parse_flag;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]664
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]665 case sUseLogin:
666 intptr = &options->use_login;
667 goto parse_flag;
Damien Miller5ce662a1999-11-11 17:57:39 +1100[diff] [blame]668
Damien Millere247cc42000-05-07 12:03:14 +1000[diff] [blame]669 case sGatewayPorts:
670 intptr = &options->gateway_ports;
671 goto parse_flag;
672
Damien Miller33804262001-02-04 23:20:18 +1100[diff] [blame]673 case sReverseMappingCheck:
674 intptr = &options->reverse_mapping_check;
675 goto parse_flag;
676
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]677 case sLogFacility:
678 intptr = (int *) &options->log_facility;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]679 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]680 value = log_facility_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]681 if (value == (SyslogFacility) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]682 fatal("%.200s line %d: unsupported log facility '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]683 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]684 if (*intptr == -1)
685 *intptr = (SyslogFacility) value;
686 break;
687
688 case sLogLevel:
689 intptr = (int *) &options->log_level;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]690 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]691 value = log_level_number(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]692 if (value == (LogLevel) - 1)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]693 fatal("%.200s line %d: unsupported log level '%s'",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]694 filename, linenum, arg ? arg : "<NONE>");
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]695 if (*intptr == -1)
696 *intptr = (LogLevel) value;
697 break;
698
Damien Miller50a41ed2000-10-16 12:14:42 +1100[diff] [blame]699 case sAllowTcpForwarding:
700 intptr = &options->allow_tcp_forwarding;
701 goto parse_flag;
702
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]703 case sAllowUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]704 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]705 if (options->num_allow_users >= MAX_ALLOW_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]706 fatal("%s line %d: too many allow users.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]707 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]708 options->allow_users[options->num_allow_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]709 }
710 break;
711
712 case sDenyUsers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]713 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]714 if (options->num_deny_users >= MAX_DENY_USERS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]715 fatal( "%s line %d: too many deny users.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]716 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]717 options->deny_users[options->num_deny_users++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]718 }
719 break;
720
721 case sAllowGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]722 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]723 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]724 fatal("%s line %d: too many allow groups.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]725 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]726 options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]727 }
728 break;
729
730 case sDenyGroups:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]731 while ((arg = strdelim(&cp)) && *arg != '\0') {
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]732 if (options->num_deny_groups >= MAX_DENY_GROUPS)
Ben Lindstrom6df8ef42001-03-05 07:47:23 +0000[diff] [blame]733 fatal("%s line %d: too many deny groups.",
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]734 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]735 options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]736 }
737 break;
738
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]739 case sCiphers:
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]740 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]741 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000[diff] [blame]742 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]743 if (!ciphers_valid(arg))
Damien Miller30c3d422000-05-09 11:02:59 +1000[diff] [blame]744 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]745 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]746 if (options->ciphers == NULL)
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]747 options->ciphers = xstrdup(arg);
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]748 break;
749
Ben Lindstrom06b33aa2001-02-15 03:01:59 +0000[diff] [blame]750 case sMacs:
751 arg = strdelim(&cp);
752 if (!arg || *arg == '\0')
753 fatal("%s line %d: Missing argument.", filename, linenum);
754 if (!mac_valid(arg))
755 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
756 filename, linenum, arg ? arg : "<NONE>");
757 if (options->macs == NULL)
758 options->macs = xstrdup(arg);
759 break;
760
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]761 case sProtocol:
762 intptr = &options->protocol;
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]763 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]764 if (!arg || *arg == '\0')
Damien Millerb1715dc2000-05-30 13:44:51 +1000[diff] [blame]765 fatal("%s line %d: Missing argument.", filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]766 value = proto_spec(arg);
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]767 if (value == SSH_PROTO_UNKNOWN)
768 fatal("%s line %d: Bad protocol spec '%s'.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]769 filename, linenum, arg ? arg : "<NONE>");
Damien Miller78928792000-04-12 20:17:38 +1000[diff] [blame]770 if (*intptr == SSH_PROTO_UNKNOWN)
771 *intptr = value;
772 break;
773
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]774 case sSubsystem:
775 if(options->num_subsystems >= MAX_SUBSYSTEMS) {
776 fatal("%s line %d: too many subsystems defined.",
777 filename, linenum);
778 }
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]779 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]780 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]781 fatal("%s line %d: Missing subsystem name.",
782 filename, linenum);
783 for (i = 0; i < options->num_subsystems; i++)
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]784 if(strcmp(arg, options->subsystem_name[i]) == 0)
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]785 fatal("%s line %d: Subsystem '%s' already defined.",
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]786 filename, linenum, arg);
787 options->subsystem_name[options->num_subsystems] = xstrdup(arg);
Damien Millerbe484b52000-07-15 14:14:16 +1000[diff] [blame]788 arg = strdelim(&cp);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]789 if (!arg || *arg == '\0')
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]790 fatal("%s line %d: Missing subsystem command.",
791 filename, linenum);
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]792 options->subsystem_command[options->num_subsystems] = xstrdup(arg);
Damien Millerf6d9e222000-06-18 14:50:44 +1000[diff] [blame]793 options->num_subsystems++;
794 break;
795
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]796 case sMaxStartups:
Damien Miller942da032000-08-18 13:59:06 +1000[diff] [blame]797 arg = strdelim(&cp);
798 if (!arg || *arg == '\0')
799 fatal("%s line %d: Missing MaxStartups spec.",
800 filename, linenum);
801 if (sscanf(arg, "%d:%d:%d",
802 &options->max_startups_begin,
803 &options->max_startups_rate,
804 &options->max_startups) == 3) {
805 if (options->max_startups_begin >
806 options->max_startups ||
807 options->max_startups_rate > 100 ||
808 options->max_startups_rate < 1)
809 fatal("%s line %d: Illegal MaxStartups spec.",
810 filename, linenum);
811 break;
812 }
Damien Miller37023962000-07-11 17:31:38 +1000[diff] [blame]813 intptr = &options->max_startups;
814 goto parse_int;
815
Ben Lindstrom48bd7c12001-01-09 00:35:42 +0000[diff] [blame]816 case sBanner:
817 charptr = &options->banner;
818 goto parse_filename;
Ben Lindstrombfb3a0e2001-06-05 20:25:05 +0000[diff] [blame]819 /*
820 * These options can contain %X options expanded at
821 * connect time, so that you can specify paths like:
822 *
823 * AuthorizedKeysFile /etc/ssh_keys/%u
824 */
825 case sAuthorizedKeysFile:
826 case sAuthorizedKeysFile2:
827 charptr = (opcode == sAuthorizedKeysFile ) ?
828 &options->authorized_keys_file :
829 &options->authorized_keys_file2;
830 goto parse_filename;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]831
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]832 case sClientAliveInterval:
833 intptr = &options->client_alive_interval;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]834 goto parse_time;
835
Ben Lindstrom5744dc42001-04-13 23:28:01 +0000[diff] [blame]836 case sClientAliveCountMax:
837 intptr = &options->client_alive_count_max;
838 goto parse_int;
Ben Lindstrom1bda4c82001-06-05 19:59:08 +0000[diff] [blame]839
Damien Millerf8154422001-04-25 22:44:14 +1000[diff] [blame]840 case sPAMAuthenticationViaKbdInt:
841 intptr = &options->pam_authentication_via_kbd_int;
842 goto parse_flag;
843
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]844 default:
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]845 fatal("%s line %d: Missing handler for opcode %s (%d)",
846 filename, linenum, arg, opcode);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]847 }
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]848 if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
849 fatal("%s line %d: garbage at end of line; \"%.200s\".",
850 filename, linenum, arg);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]851 }
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]852 fclose(f);
Ben Lindstromb5cdc662001-04-16 02:13:26 +0000[diff] [blame]853 if (bad_options > 0)
854 fatal("%s: terminating, %d bad configuration options",
855 filename, bad_options);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]856}