| servconf.c (962a3f4e8136f9fffe16b9e9964c18d2086be2f7) | servconf.c (a8f6863aa612ce6941e7bad9cf809a8d0608a7ca) |
|---|---|
| 1/* 2 * 3 * servconf.c 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Mon Aug 21 15:48:58 1995 ylo 11 * | 1/* 2 * 3 * servconf.c 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Mon Aug 21 15:48:58 1995 ylo 11 * |
| 12 * $FreeBSD$ | |
| 13 */ 14 15#include "includes.h" | 12 */ 13 14#include "includes.h" |
| 16RCSID("$Id: servconf.c,v 1.30 2000/02/24 18:22:16 markus Exp $"); | 15RCSID("$Id: servconf.c,v 1.31 2000/03/07 20:40:41 markus Exp $"); |
| 17 18#include "ssh.h" 19#include "servconf.h" 20#include "xmalloc.h" 21 22/* add listen address */ 23void add_listen_addr(ServerOptions *options, char *addr); 24 --- 20 unchanged lines hidden (view full) --- 45 options->strict_modes = -1; 46 options->keepalives = -1; 47 options->log_facility = (SyslogFacility) - 1; 48 options->log_level = (LogLevel) - 1; 49 options->rhosts_authentication = -1; 50 options->rhosts_rsa_authentication = -1; 51 options->rsa_authentication = -1; 52#ifdef KRB4 | 16 17#include "ssh.h" 18#include "servconf.h" 19#include "xmalloc.h" 20 21/* add listen address */ 22void add_listen_addr(ServerOptions *options, char *addr); 23 --- 20 unchanged lines hidden (view full) --- 44 options->strict_modes = -1; 45 options->keepalives = -1; 46 options->log_facility = (SyslogFacility) - 1; 47 options->log_level = (LogLevel) - 1; 48 options->rhosts_authentication = -1; 49 options->rhosts_rsa_authentication = -1; 50 options->rsa_authentication = -1; 51#ifdef KRB4 |
| 53 options->krb4_authentication = -1; 54 options->krb4_or_local_passwd = -1; 55 options->krb4_ticket_cleanup = -1; | 52 options->kerberos_authentication = -1; 53 options->kerberos_or_local_passwd = -1; 54 options->kerberos_ticket_cleanup = -1; |
| 56#endif | 55#endif |
| 57#ifdef KRB5 58 options->krb5_authentication = -1; 59 options->krb5_tgt_passing = -1; 60#endif /* KRB5 */ | |
| 61#ifdef AFS | 56#ifdef AFS |
| 62 options->krb4_tgt_passing = -1; | 57 options->kerberos_tgt_passing = -1; |
| 63 options->afs_token_passing = -1; 64#endif 65 options->password_authentication = -1; 66#ifdef SKEY 67 options->skey_authentication = -1; 68#endif 69 options->permit_empty_passwd = -1; 70 options->use_login = -1; 71 options->num_allow_users = 0; 72 options->num_deny_users = 0; 73 options->num_allow_groups = 0; 74 options->num_deny_groups = 0; | 58 options->afs_token_passing = -1; 59#endif 60 options->password_authentication = -1; 61#ifdef SKEY 62 options->skey_authentication = -1; 63#endif 64 options->permit_empty_passwd = -1; 65 options->use_login = -1; 66 options->num_allow_users = 0; 67 options->num_deny_users = 0; 68 options->num_allow_groups = 0; 69 options->num_deny_groups = 0; |
| 75 options->connections_per_period = 0; 76 options->connections_period = 0; | |
| 77} 78 79void 80fill_default_server_options(ServerOptions *options) 81{ 82 if (options->num_ports == 0) 83 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 84 if (options->listen_addrs == NULL) --- 12 unchanged lines hidden (view full) --- 97 options->ignore_rhosts = 1; 98 if (options->ignore_user_known_hosts == -1) 99 options->ignore_user_known_hosts = 0; 100 if (options->check_mail == -1) 101 options->check_mail = 0; 102 if (options->print_motd == -1) 103 options->print_motd = 1; 104 if (options->x11_forwarding == -1) | 70} 71 72void 73fill_default_server_options(ServerOptions *options) 74{ 75 if (options->num_ports == 0) 76 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 77 if (options->listen_addrs == NULL) --- 12 unchanged lines hidden (view full) --- 90 options->ignore_rhosts = 1; 91 if (options->ignore_user_known_hosts == -1) 92 options->ignore_user_known_hosts = 0; 93 if (options->check_mail == -1) 94 options->check_mail = 0; 95 if (options->print_motd == -1) 96 options->print_motd = 1; 97 if (options->x11_forwarding == -1) |
| 105 options->x11_forwarding = 1; | 98 options->x11_forwarding = 0; |
| 106 if (options->x11_display_offset == -1) 107 options->x11_display_offset = 10; 108 if (options->strict_modes == -1) 109 options->strict_modes = 1; 110 if (options->keepalives == -1) 111 options->keepalives = 1; 112 if (options->log_facility == (SyslogFacility) (-1)) 113 options->log_facility = SYSLOG_FACILITY_AUTH; 114 if (options->log_level == (LogLevel) (-1)) 115 options->log_level = SYSLOG_LEVEL_INFO; 116 if (options->rhosts_authentication == -1) 117 options->rhosts_authentication = 0; 118 if (options->rhosts_rsa_authentication == -1) 119 options->rhosts_rsa_authentication = 0; 120 if (options->rsa_authentication == -1) 121 options->rsa_authentication = 1; 122#ifdef KRB4 | 99 if (options->x11_display_offset == -1) 100 options->x11_display_offset = 10; 101 if (options->strict_modes == -1) 102 options->strict_modes = 1; 103 if (options->keepalives == -1) 104 options->keepalives = 1; 105 if (options->log_facility == (SyslogFacility) (-1)) 106 options->log_facility = SYSLOG_FACILITY_AUTH; 107 if (options->log_level == (LogLevel) (-1)) 108 options->log_level = SYSLOG_LEVEL_INFO; 109 if (options->rhosts_authentication == -1) 110 options->rhosts_authentication = 0; 111 if (options->rhosts_rsa_authentication == -1) 112 options->rhosts_rsa_authentication = 0; 113 if (options->rsa_authentication == -1) 114 options->rsa_authentication = 1; 115#ifdef KRB4 |
| 123 if (options->krb4_authentication == -1) 124 options->krb4_authentication = (access(KEYFILE, R_OK) == 0); 125 if (options->krb4_or_local_passwd == -1) 126 options->krb4_or_local_passwd = 1; 127 if (options->krb4_ticket_cleanup == -1) 128 options->krb4_ticket_cleanup = 1; | 116 if (options->kerberos_authentication == -1) 117 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); 118 if (options->kerberos_or_local_passwd == -1) 119 options->kerberos_or_local_passwd = 1; 120 if (options->kerberos_ticket_cleanup == -1) 121 options->kerberos_ticket_cleanup = 1; |
| 129#endif /* KRB4 */ | 122#endif /* KRB4 */ |
| 130#ifdef KRB5 131 if (options->krb5_authentication == -1) 132 options->krb5_authentication = 1; 133 if (options->krb5_tgt_passing == -1) 134 options->krb5_tgt_passing = 1; 135#endif /* KRB5 */ | |
| 136#ifdef AFS | 123#ifdef AFS |
| 137 if (options->krb4_tgt_passing == -1) 138 options->krb4_tgt_passing = 0; | 124 if (options->kerberos_tgt_passing == -1) 125 options->kerberos_tgt_passing = 0; |
| 139 if (options->afs_token_passing == -1) 140 options->afs_token_passing = k_hasafs(); 141#endif /* AFS */ 142 if (options->password_authentication == -1) 143 options->password_authentication = 1; 144#ifdef SKEY 145 if (options->skey_authentication == -1) 146 options->skey_authentication = 1; --- 8 unchanged lines hidden (view full) --- 155 156/* Keyword tokens. */ 157typedef enum { 158 sBadOption, /* == unknown option */ 159 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 160 sPermitRootLogin, sLogFacility, sLogLevel, 161 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, 162#ifdef KRB4 | 126 if (options->afs_token_passing == -1) 127 options->afs_token_passing = k_hasafs(); 128#endif /* AFS */ 129 if (options->password_authentication == -1) 130 options->password_authentication = 1; 131#ifdef SKEY 132 if (options->skey_authentication == -1) 133 options->skey_authentication = 1; --- 8 unchanged lines hidden (view full) --- 142 143/* Keyword tokens. */ 144typedef enum { 145 sBadOption, /* == unknown option */ 146 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 147 sPermitRootLogin, sLogFacility, sLogLevel, 148 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, 149#ifdef KRB4 |
| 163 sKrb4Authentication, sKrb4OrLocalPasswd, sKrb4TicketCleanup, | 150 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
| 164#endif | 151#endif |
| 165#ifdef KRB5 166 sKrb5Authentication, sKrb5TgtPassing, 167#endif /* KRB5 */ | |
| 168#ifdef AFS | 152#ifdef AFS |
| 169 sKrb4TgtPassing, sAFSTokenPassing, | 153 sKerberosTgtPassing, sAFSTokenPassing, |
| 170#endif 171#ifdef SKEY 172 sSkeyAuthentication, 173#endif 174 sPasswordAuthentication, sListenAddress, 175 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, 176 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, 177 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 154#endif 155#ifdef SKEY 156 sSkeyAuthentication, 157#endif 158 sPasswordAuthentication, sListenAddress, 159 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, 160 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, 161 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 178 sIgnoreUserKnownHosts, sConnectionsPerPeriod | 162 sIgnoreUserKnownHosts |
| 179} ServerOpCodes; 180 181/* Textual representation of the tokens. */ 182static struct { 183 const char *name; 184 ServerOpCodes opcode; 185} keywords[] = { 186 { "port", sPort }, 187 { "hostkey", sHostKeyFile }, 188 { "serverkeybits", sServerKeyBits }, 189 { "logingracetime", sLoginGraceTime }, 190 { "keyregenerationinterval", sKeyRegenerationTime }, 191 { "permitrootlogin", sPermitRootLogin }, 192 { "syslogfacility", sLogFacility }, 193 { "loglevel", sLogLevel }, 194 { "rhostsauthentication", sRhostsAuthentication }, 195 { "rhostsrsaauthentication", sRhostsRSAAuthentication }, 196 { "rsaauthentication", sRSAAuthentication }, 197#ifdef KRB4 | 163} ServerOpCodes; 164 165/* Textual representation of the tokens. */ 166static struct { 167 const char *name; 168 ServerOpCodes opcode; 169} keywords[] = { 170 { "port", sPort }, 171 { "hostkey", sHostKeyFile }, 172 { "serverkeybits", sServerKeyBits }, 173 { "logingracetime", sLoginGraceTime }, 174 { "keyregenerationinterval", sKeyRegenerationTime }, 175 { "permitrootlogin", sPermitRootLogin }, 176 { "syslogfacility", sLogFacility }, 177 { "loglevel", sLogLevel }, 178 { "rhostsauthentication", sRhostsAuthentication }, 179 { "rhostsrsaauthentication", sRhostsRSAAuthentication }, 180 { "rsaauthentication", sRSAAuthentication }, 181#ifdef KRB4 |
| 198 { "kerberos4authentication", sKrb4Authentication }, 199 { "kerberos4orlocalpasswd", sKrb4OrLocalPasswd }, 200 { "kerberos4ticketcleanup", sKrb4TicketCleanup }, | 182 { "kerberosauthentication", sKerberosAuthentication }, 183 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, 184 { "kerberosticketcleanup", sKerberosTicketCleanup }, |
| 201#endif | 185#endif |
| 202#ifdef KRB5 203 { "kerberos5authentication", sKrb5Authentication }, 204 { "kerberos5tgtpassing", sKrb5TgtPassing }, 205#endif /* KRB5 */ | |
| 206#ifdef AFS | 186#ifdef AFS |
| 207 { "kerberos4tgtpassing", sKrb4TgtPassing }, | 187 { "kerberostgtpassing", sKerberosTgtPassing }, |
| 208 { "afstokenpassing", sAFSTokenPassing }, 209#endif 210 { "passwordauthentication", sPasswordAuthentication }, 211#ifdef SKEY 212 { "skeyauthentication", sSkeyAuthentication }, 213#endif 214 { "checkmail", sCheckMail }, 215 { "listenaddress", sListenAddress }, --- 6 unchanged lines hidden (view full) --- 222 { "permitemptypasswords", sEmptyPasswd }, 223 { "uselogin", sUseLogin }, 224 { "randomseed", sRandomSeedFile }, 225 { "keepalive", sKeepAlives }, 226 { "allowusers", sAllowUsers }, 227 { "denyusers", sDenyUsers }, 228 { "allowgroups", sAllowGroups }, 229 { "denygroups", sDenyGroups }, | 188 { "afstokenpassing", sAFSTokenPassing }, 189#endif 190 { "passwordauthentication", sPasswordAuthentication }, 191#ifdef SKEY 192 { "skeyauthentication", sSkeyAuthentication }, 193#endif 194 { "checkmail", sCheckMail }, 195 { "listenaddress", sListenAddress }, --- 6 unchanged lines hidden (view full) --- 202 { "permitemptypasswords", sEmptyPasswd }, 203 { "uselogin", sUseLogin }, 204 { "randomseed", sRandomSeedFile }, 205 { "keepalive", sKeepAlives }, 206 { "allowusers", sAllowUsers }, 207 { "denyusers", sDenyUsers }, 208 { "allowgroups", sAllowGroups }, 209 { "denygroups", sDenyGroups }, |
| 230 { "connectionsperperiod", sConnectionsPerPeriod }, | |
| 231 { NULL, 0 } 232}; 233 234/* 235 * Returns the number of the token pointed to by cp of length len. Never 236 * returns if the token is not known. 237 */ 238 --- 93 unchanged lines hidden (view full) --- 332 intptr = &options->server_key_bits; 333parse_int: 334 cp = strtok(NULL, WHITESPACE); 335 if (!cp) { 336 fprintf(stderr, "%s line %d: missing integer value.\n", 337 filename, linenum); 338 exit(1); 339 } | 210 { NULL, 0 } 211}; 212 213/* 214 * Returns the number of the token pointed to by cp of length len. Never 215 * returns if the token is not known. 216 */ 217 --- 93 unchanged lines hidden (view full) --- 311 intptr = &options->server_key_bits; 312parse_int: 313 cp = strtok(NULL, WHITESPACE); 314 if (!cp) { 315 fprintf(stderr, "%s line %d: missing integer value.\n", 316 filename, linenum); 317 exit(1); 318 } |
| 340 if (sscanf(cp, " %d ", &value) != 1) { 341 fprintf(stderr, "%s line %d: invalid integer value.\n", 342 filename, linenum); 343 exit(1); 344 } | 319 value = atoi(cp); |
| 345 if (*intptr == -1) 346 *intptr = value; 347 break; 348 349 case sLoginGraceTime: 350 intptr = &options->login_grace_time; 351 goto parse_int; 352 --- 84 unchanged lines hidden (view full) --- 437 intptr = &options->rhosts_rsa_authentication; 438 goto parse_flag; 439 440 case sRSAAuthentication: 441 intptr = &options->rsa_authentication; 442 goto parse_flag; 443 444#ifdef KRB4 | 320 if (*intptr == -1) 321 *intptr = value; 322 break; 323 324 case sLoginGraceTime: 325 intptr = &options->login_grace_time; 326 goto parse_int; 327 --- 84 unchanged lines hidden (view full) --- 412 intptr = &options->rhosts_rsa_authentication; 413 goto parse_flag; 414 415 case sRSAAuthentication: 416 intptr = &options->rsa_authentication; 417 goto parse_flag; 418 419#ifdef KRB4 |
| 445 case sKrb4Authentication: 446 intptr = &options->krb4_authentication; | 420 case sKerberosAuthentication: 421 intptr = &options->kerberos_authentication; |
| 447 goto parse_flag; 448 | 422 goto parse_flag; 423 |
| 449 case sKrb4OrLocalPasswd: 450 intptr = &options->krb4_or_local_passwd; | 424 case sKerberosOrLocalPasswd: 425 intptr = &options->kerberos_or_local_passwd; |
| 451 goto parse_flag; 452 | 426 goto parse_flag; 427 |
| 453 case sKrb4TicketCleanup: 454 intptr = &options->krb4_ticket_cleanup; | 428 case sKerberosTicketCleanup: 429 intptr = &options->kerberos_ticket_cleanup; |
| 455 goto parse_flag; 456#endif 457 | 430 goto parse_flag; 431#endif 432 |
| 458#ifdef KRB5 459 case sKrb5Authentication: 460 intptr = &options->krb5_authentication; 461 goto parse_flag; 462 463 case sKrb5TgtPassing: 464 intptr = &options->krb5_tgt_passing; 465 goto parse_flag; 466#endif /* KRB5 */ 467 | |
| 468#ifdef AFS | 433#ifdef AFS |
| 469 case sKrb4TgtPassing: 470 intptr = &options->krb4_tgt_passing; | 434 case sKerberosTgtPassing: 435 intptr = &options->kerberos_tgt_passing; |
| 471 goto parse_flag; 472 473 case sAFSTokenPassing: 474 intptr = &options->afs_token_passing; 475 goto parse_flag; 476#endif 477 478 case sPasswordAuthentication: --- 57 unchanged lines hidden (view full) --- 536 fatal("%.200s line %d: unsupported log level '%s'\n", 537 filename, linenum, cp ? cp : "<NONE>"); 538 if (*intptr == -1) 539 *intptr = (LogLevel) value; 540 break; 541 542 case sAllowUsers: 543 while ((cp = strtok(NULL, WHITESPACE))) { | 436 goto parse_flag; 437 438 case sAFSTokenPassing: 439 intptr = &options->afs_token_passing; 440 goto parse_flag; 441#endif 442 443 case sPasswordAuthentication: --- 57 unchanged lines hidden (view full) --- 501 fatal("%.200s line %d: unsupported log level '%s'\n", 502 filename, linenum, cp ? cp : "<NONE>"); 503 if (*intptr == -1) 504 *intptr = (LogLevel) value; 505 break; 506 507 case sAllowUsers: 508 while ((cp = strtok(NULL, WHITESPACE))) { |
| 544 if (options->num_allow_users >= MAX_ALLOW_USERS) 545 fatal("%.200s line %d: too many allow users.\n", filename, 546 linenum); | 509 if (options->num_allow_users >= MAX_ALLOW_USERS) { 510 fprintf(stderr, "%s line %d: too many allow users.\n", 511 filename, linenum); 512 exit(1); 513 } |
| 547 options->allow_users[options->num_allow_users++] = xstrdup(cp); 548 } 549 break; 550 551 case sDenyUsers: 552 while ((cp = strtok(NULL, WHITESPACE))) { | 514 options->allow_users[options->num_allow_users++] = xstrdup(cp); 515 } 516 break; 517 518 case sDenyUsers: 519 while ((cp = strtok(NULL, WHITESPACE))) { |
| 553 if (options->num_deny_users >= MAX_DENY_USERS) 554 fatal("%.200s line %d: too many deny users.\n", filename, 555 linenum); | 520 if (options->num_deny_users >= MAX_DENY_USERS) { 521 fprintf(stderr, "%s line %d: too many deny users.\n", 522 filename, linenum); 523 exit(1); 524 } |
| 556 options->deny_users[options->num_deny_users++] = xstrdup(cp); 557 } 558 break; 559 560 case sAllowGroups: 561 while ((cp = strtok(NULL, WHITESPACE))) { | 525 options->deny_users[options->num_deny_users++] = xstrdup(cp); 526 } 527 break; 528 529 case sAllowGroups: 530 while ((cp = strtok(NULL, WHITESPACE))) { |
| 562 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) 563 fatal("%.200s line %d: too many allow groups.\n", filename, 564 linenum); | 531 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) { 532 fprintf(stderr, "%s line %d: too many allow groups.\n", 533 filename, linenum); 534 exit(1); 535 } |
| 565 options->allow_groups[options->num_allow_groups++] = xstrdup(cp); 566 } 567 break; 568 569 case sDenyGroups: 570 while ((cp = strtok(NULL, WHITESPACE))) { | 536 options->allow_groups[options->num_allow_groups++] = xstrdup(cp); 537 } 538 break; 539 540 case sDenyGroups: 541 while ((cp = strtok(NULL, WHITESPACE))) { |
| 571 if (options->num_deny_groups >= MAX_DENY_GROUPS) 572 fatal("%.200s line %d: too many deny groups.\n", filename, 573 linenum); | 542 if (options->num_deny_groups >= MAX_DENY_GROUPS) { 543 fprintf(stderr, "%s line %d: too many deny groups.\n", 544 filename, linenum); 545 exit(1); 546 } |
| 574 options->deny_groups[options->num_deny_groups++] = xstrdup(cp); 575 } 576 break; 577 | 547 options->deny_groups[options->num_deny_groups++] = xstrdup(cp); 548 } 549 break; 550 |
| 578 case sConnectionsPerPeriod: 579 cp = strtok(NULL, WHITESPACE); 580 if (cp == NULL) 581 fatal("%.200s line %d: missing (>= 0) number argument.\n", 582 filename, linenum); 583 if (sscanf(cp, " %u/%u ", &options->connections_per_period, 584 &options->connections_period) != 2) 585 fatal("%.200s line %d: invalid numerical argument(s).\n", 586 filename, linenum); 587 if (options->connections_per_period != 0 && 588 options->connections_period == 0) 589 fatal("%.200s line %d: invalid connections period.\n", 590 filename, linenum); 591 break; 592 | |
| 593 default: | 551 default: |
| 594 fatal("%.200s line %d: Missing handler for opcode %s (%d)\n", | 552 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n", |
| 595 filename, linenum, cp, opcode); | 553 filename, linenum, cp, opcode); |
| 554 exit(1); |
|
| 596 } | 555 } |
| 597 if (strtok(NULL, WHITESPACE) != NULL) 598 fatal("%.200s line %d: garbage at end of line.\n", filename, 599 linenum); | 556 if (strtok(NULL, WHITESPACE) != NULL) { 557 fprintf(stderr, "%s line %d: garbage at end of line.\n", 558 filename, linenum); 559 exit(1); 560 } |
| 600 } 601 fclose(f); | 561 } 562 fclose(f); |
| 602 if (bad_options > 0) 603 fatal("%.200s: terminating, %d bad configuration options\n", | 563 if (bad_options > 0) { 564 fprintf(stderr, "%s: terminating, %d bad configuration options\n", |
| 604 filename, bad_options); | 565 filename, bad_options); |
| 566 exit(1); 567 } |
|
| 605} | 568} |