xref: /freebsd/crypto/openssh/servconf.c (revision 42f71286cde4107ce6327244cc3c6442c5dc66a6) 
1511b41d2SMark Murray /*
2511b41d2SMark Murray  *
3511b41d2SMark Murray  * servconf.c
4511b41d2SMark Murray  *
5511b41d2SMark Murray  * Author: Tatu Ylonen <ylo@cs.hut.fi>
6511b41d2SMark Murray  *
7511b41d2SMark Murray  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8511b41d2SMark Murray  *                    All rights reserved
9511b41d2SMark Murray  *
10511b41d2SMark Murray  * Created: Mon Aug 21 15:48:58 1995 ylo
11511b41d2SMark Murray  *
1242f71286SMark Murray  * $FreeBSD$
13511b41d2SMark Murray  */
14511b41d2SMark Murray 
15511b41d2SMark Murray #include "includes.h"
16511b41d2SMark Murray RCSID("$Id: servconf.c,v 1.29 2000/01/04 00:07:59 markus Exp $");
17511b41d2SMark Murray 
18511b41d2SMark Murray #include "ssh.h"
19511b41d2SMark Murray #include "servconf.h"
20511b41d2SMark Murray #include "xmalloc.h"
21511b41d2SMark Murray 
22511b41d2SMark Murray /* add listen address */
23511b41d2SMark Murray void add_listen_addr(ServerOptions *options, char *addr);
24511b41d2SMark Murray 
25511b41d2SMark Murray /* Initializes the server options to their default values. */
26511b41d2SMark Murray 
27511b41d2SMark Murray void
28511b41d2SMark Murray initialize_server_options(ServerOptions *options)
29511b41d2SMark Murray {
30511b41d2SMark Murray 	memset(options, 0, sizeof(*options));
31511b41d2SMark Murray 	options->num_ports = 0;
32511b41d2SMark Murray 	options->ports_from_cmdline = 0;
33511b41d2SMark Murray 	options->listen_addrs = NULL;
34511b41d2SMark Murray 	options->host_key_file = NULL;
35511b41d2SMark Murray 	options->server_key_bits = -1;
36511b41d2SMark Murray 	options->login_grace_time = -1;
37511b41d2SMark Murray 	options->key_regeneration_time = -1;
38511b41d2SMark Murray 	options->permit_root_login = -1;
39511b41d2SMark Murray 	options->ignore_rhosts = -1;
40511b41d2SMark Murray 	options->ignore_user_known_hosts = -1;
41511b41d2SMark Murray 	options->print_motd = -1;
42511b41d2SMark Murray 	options->check_mail = -1;
43511b41d2SMark Murray 	options->x11_forwarding = -1;
44511b41d2SMark Murray 	options->x11_display_offset = -1;
45511b41d2SMark Murray 	options->strict_modes = -1;
46511b41d2SMark Murray 	options->keepalives = -1;
47511b41d2SMark Murray 	options->log_facility = (SyslogFacility) - 1;
48511b41d2SMark Murray 	options->log_level = (LogLevel) - 1;
49511b41d2SMark Murray 	options->rhosts_authentication = -1;
50511b41d2SMark Murray 	options->rhosts_rsa_authentication = -1;
51511b41d2SMark Murray 	options->rsa_authentication = -1;
52511b41d2SMark Murray #ifdef KRB4
53511b41d2SMark Murray 	options->kerberos_authentication = -1;
54511b41d2SMark Murray 	options->kerberos_or_local_passwd = -1;
55511b41d2SMark Murray 	options->kerberos_ticket_cleanup = -1;
56511b41d2SMark Murray #endif
57511b41d2SMark Murray #ifdef AFS
58511b41d2SMark Murray 	options->kerberos_tgt_passing = -1;
59511b41d2SMark Murray 	options->afs_token_passing = -1;
60511b41d2SMark Murray #endif
61511b41d2SMark Murray 	options->password_authentication = -1;
62511b41d2SMark Murray #ifdef SKEY
63511b41d2SMark Murray 	options->skey_authentication = -1;
64511b41d2SMark Murray #endif
65511b41d2SMark Murray 	options->permit_empty_passwd = -1;
66511b41d2SMark Murray 	options->use_login = -1;
67511b41d2SMark Murray 	options->num_allow_users = 0;
68511b41d2SMark Murray 	options->num_deny_users = 0;
69511b41d2SMark Murray 	options->num_allow_groups = 0;
70511b41d2SMark Murray 	options->num_deny_groups = 0;
7142f71286SMark Murray 	options->connections_per_period = 0;
7242f71286SMark Murray 	options->connections_period = 0;
73511b41d2SMark Murray }
74511b41d2SMark Murray 
75511b41d2SMark Murray void
76511b41d2SMark Murray fill_default_server_options(ServerOptions *options)
77511b41d2SMark Murray {
78511b41d2SMark Murray 	if (options->num_ports == 0)
79511b41d2SMark Murray 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
80511b41d2SMark Murray 	if (options->listen_addrs == NULL)
81511b41d2SMark Murray 		add_listen_addr(options, NULL);
82511b41d2SMark Murray 	if (options->host_key_file == NULL)
83511b41d2SMark Murray 		options->host_key_file = HOST_KEY_FILE;
84511b41d2SMark Murray 	if (options->server_key_bits == -1)
85511b41d2SMark Murray 		options->server_key_bits = 768;
86511b41d2SMark Murray 	if (options->login_grace_time == -1)
87511b41d2SMark Murray 		options->login_grace_time = 600;
88511b41d2SMark Murray 	if (options->key_regeneration_time == -1)
89511b41d2SMark Murray 		options->key_regeneration_time = 3600;
90511b41d2SMark Murray 	if (options->permit_root_login == -1)
91511b41d2SMark Murray 		options->permit_root_login = 1;			/* yes */
92511b41d2SMark Murray 	if (options->ignore_rhosts == -1)
93511b41d2SMark Murray 		options->ignore_rhosts = 0;
94511b41d2SMark Murray 	if (options->ignore_user_known_hosts == -1)
95511b41d2SMark Murray 		options->ignore_user_known_hosts = 0;
96511b41d2SMark Murray 	if (options->check_mail == -1)
97511b41d2SMark Murray 		options->check_mail = 0;
98511b41d2SMark Murray 	if (options->print_motd == -1)
99511b41d2SMark Murray 		options->print_motd = 1;
100511b41d2SMark Murray 	if (options->x11_forwarding == -1)
101511b41d2SMark Murray 		options->x11_forwarding = 1;
102511b41d2SMark Murray 	if (options->x11_display_offset == -1)
103511b41d2SMark Murray 		options->x11_display_offset = 1;
104511b41d2SMark Murray 	if (options->strict_modes == -1)
105511b41d2SMark Murray 		options->strict_modes = 1;
106511b41d2SMark Murray 	if (options->keepalives == -1)
107511b41d2SMark Murray 		options->keepalives = 1;
108511b41d2SMark Murray 	if (options->log_facility == (SyslogFacility) (-1))
109511b41d2SMark Murray 		options->log_facility = SYSLOG_FACILITY_AUTH;
110511b41d2SMark Murray 	if (options->log_level == (LogLevel) (-1))
111511b41d2SMark Murray 		options->log_level = SYSLOG_LEVEL_INFO;
112511b41d2SMark Murray 	if (options->rhosts_authentication == -1)
113511b41d2SMark Murray 		options->rhosts_authentication = 0;
114511b41d2SMark Murray 	if (options->rhosts_rsa_authentication == -1)
115511b41d2SMark Murray 		options->rhosts_rsa_authentication = 1;
116511b41d2SMark Murray 	if (options->rsa_authentication == -1)
117511b41d2SMark Murray 		options->rsa_authentication = 1;
118511b41d2SMark Murray #ifdef KRB4
119511b41d2SMark Murray 	if (options->kerberos_authentication == -1)
120511b41d2SMark Murray 		options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
121511b41d2SMark Murray 	if (options->kerberos_or_local_passwd == -1)
122511b41d2SMark Murray 		options->kerberos_or_local_passwd = 1;
123511b41d2SMark Murray 	if (options->kerberos_ticket_cleanup == -1)
124511b41d2SMark Murray 		options->kerberos_ticket_cleanup = 1;
125511b41d2SMark Murray #endif /* KRB4 */
126511b41d2SMark Murray #ifdef AFS
127511b41d2SMark Murray 	if (options->kerberos_tgt_passing == -1)
128511b41d2SMark Murray 		options->kerberos_tgt_passing = 0;
129511b41d2SMark Murray 	if (options->afs_token_passing == -1)
130511b41d2SMark Murray 		options->afs_token_passing = k_hasafs();
131511b41d2SMark Murray #endif /* AFS */
132511b41d2SMark Murray 	if (options->password_authentication == -1)
133511b41d2SMark Murray 		options->password_authentication = 1;
134511b41d2SMark Murray #ifdef SKEY
135511b41d2SMark Murray 	if (options->skey_authentication == -1)
136511b41d2SMark Murray 		options->skey_authentication = 1;
137511b41d2SMark Murray #endif
138511b41d2SMark Murray 	if (options->permit_empty_passwd == -1)
139511b41d2SMark Murray 		options->permit_empty_passwd = 1;
140511b41d2SMark Murray 	if (options->use_login == -1)
141511b41d2SMark Murray 		options->use_login = 0;
142511b41d2SMark Murray }
143511b41d2SMark Murray 
144511b41d2SMark Murray #define WHITESPACE " \t\r\n"
145511b41d2SMark Murray 
146511b41d2SMark Murray /* Keyword tokens. */
147511b41d2SMark Murray typedef enum {
148511b41d2SMark Murray 	sBadOption,		/* == unknown option */
149511b41d2SMark Murray 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
150511b41d2SMark Murray 	sPermitRootLogin, sLogFacility, sLogLevel,
151511b41d2SMark Murray 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
152511b41d2SMark Murray #ifdef KRB4
153511b41d2SMark Murray 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
154511b41d2SMark Murray #endif
155511b41d2SMark Murray #ifdef AFS
156511b41d2SMark Murray 	sKerberosTgtPassing, sAFSTokenPassing,
157511b41d2SMark Murray #endif
158511b41d2SMark Murray #ifdef SKEY
159511b41d2SMark Murray 	sSkeyAuthentication,
160511b41d2SMark Murray #endif
161511b41d2SMark Murray 	sPasswordAuthentication, sListenAddress,
162511b41d2SMark Murray 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
163511b41d2SMark Murray 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
164511b41d2SMark Murray 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
16542f71286SMark Murray 	sIgnoreUserKnownHosts, sConnectionsPerPeriod
166511b41d2SMark Murray } ServerOpCodes;
167511b41d2SMark Murray 
168511b41d2SMark Murray /* Textual representation of the tokens. */
169511b41d2SMark Murray static struct {
170511b41d2SMark Murray 	const char *name;
171511b41d2SMark Murray 	ServerOpCodes opcode;
172511b41d2SMark Murray } keywords[] = {
173511b41d2SMark Murray 	{ "port", sPort },
174511b41d2SMark Murray 	{ "hostkey", sHostKeyFile },
175511b41d2SMark Murray 	{ "serverkeybits", sServerKeyBits },
176511b41d2SMark Murray 	{ "logingracetime", sLoginGraceTime },
177511b41d2SMark Murray 	{ "keyregenerationinterval", sKeyRegenerationTime },
178511b41d2SMark Murray 	{ "permitrootlogin", sPermitRootLogin },
179511b41d2SMark Murray 	{ "syslogfacility", sLogFacility },
180511b41d2SMark Murray 	{ "loglevel", sLogLevel },
181511b41d2SMark Murray 	{ "rhostsauthentication", sRhostsAuthentication },
182511b41d2SMark Murray 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
183511b41d2SMark Murray 	{ "rsaauthentication", sRSAAuthentication },
184511b41d2SMark Murray #ifdef KRB4
185511b41d2SMark Murray 	{ "kerberosauthentication", sKerberosAuthentication },
186511b41d2SMark Murray 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
187511b41d2SMark Murray 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
188511b41d2SMark Murray #endif
189511b41d2SMark Murray #ifdef AFS
190511b41d2SMark Murray 	{ "kerberostgtpassing", sKerberosTgtPassing },
191511b41d2SMark Murray 	{ "afstokenpassing", sAFSTokenPassing },
192511b41d2SMark Murray #endif
193511b41d2SMark Murray 	{ "passwordauthentication", sPasswordAuthentication },
194511b41d2SMark Murray #ifdef SKEY
195511b41d2SMark Murray 	{ "skeyauthentication", sSkeyAuthentication },
196511b41d2SMark Murray #endif
197511b41d2SMark Murray 	{ "checkmail", sCheckMail },
198511b41d2SMark Murray 	{ "listenaddress", sListenAddress },
199511b41d2SMark Murray 	{ "printmotd", sPrintMotd },
200511b41d2SMark Murray 	{ "ignorerhosts", sIgnoreRhosts },
201511b41d2SMark Murray 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
202511b41d2SMark Murray 	{ "x11forwarding", sX11Forwarding },
203511b41d2SMark Murray 	{ "x11displayoffset", sX11DisplayOffset },
204511b41d2SMark Murray 	{ "strictmodes", sStrictModes },
205511b41d2SMark Murray 	{ "permitemptypasswords", sEmptyPasswd },
206511b41d2SMark Murray 	{ "uselogin", sUseLogin },
207511b41d2SMark Murray 	{ "randomseed", sRandomSeedFile },
208511b41d2SMark Murray 	{ "keepalive", sKeepAlives },
209511b41d2SMark Murray 	{ "allowusers", sAllowUsers },
210511b41d2SMark Murray 	{ "denyusers", sDenyUsers },
211511b41d2SMark Murray 	{ "allowgroups", sAllowGroups },
212511b41d2SMark Murray 	{ "denygroups", sDenyGroups },
21342f71286SMark Murray 	{ "connectionsperperiod", sConnectionsPerPeriod },
214511b41d2SMark Murray 	{ NULL, 0 }
215511b41d2SMark Murray };
216511b41d2SMark Murray 
217511b41d2SMark Murray /*
218511b41d2SMark Murray  * Returns the number of the token pointed to by cp of length len. Never
219511b41d2SMark Murray  * returns if the token is not known.
220511b41d2SMark Murray  */
221511b41d2SMark Murray 
222511b41d2SMark Murray static ServerOpCodes
223511b41d2SMark Murray parse_token(const char *cp, const char *filename,
224511b41d2SMark Murray 	    int linenum)
225511b41d2SMark Murray {
226511b41d2SMark Murray 	unsigned int i;
227511b41d2SMark Murray 
228511b41d2SMark Murray 	for (i = 0; keywords[i].name; i++)
229511b41d2SMark Murray 		if (strcasecmp(cp, keywords[i].name) == 0)
230511b41d2SMark Murray 			return keywords[i].opcode;
231511b41d2SMark Murray 
232511b41d2SMark Murray 	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
233511b41d2SMark Murray 		filename, linenum, cp);
234511b41d2SMark Murray 	return sBadOption;
235511b41d2SMark Murray }
236511b41d2SMark Murray 
237511b41d2SMark Murray /*
238511b41d2SMark Murray  * add listen address
239511b41d2SMark Murray  */
240511b41d2SMark Murray void
241511b41d2SMark Murray add_listen_addr(ServerOptions *options, char *addr)
242511b41d2SMark Murray {
243511b41d2SMark Murray 	extern int IPv4or6;
244511b41d2SMark Murray 	struct addrinfo hints, *ai, *aitop;
245511b41d2SMark Murray 	char strport[NI_MAXSERV];
246511b41d2SMark Murray 	int gaierr;
247511b41d2SMark Murray 	int i;
248511b41d2SMark Murray 
249511b41d2SMark Murray 	if (options->num_ports == 0)
250511b41d2SMark Murray 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
251511b41d2SMark Murray 	for (i = 0; i < options->num_ports; i++) {
252511b41d2SMark Murray 		memset(&hints, 0, sizeof(hints));
253511b41d2SMark Murray 		hints.ai_family = IPv4or6;
254511b41d2SMark Murray 		hints.ai_socktype = SOCK_STREAM;
255511b41d2SMark Murray 		hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
256511b41d2SMark Murray 		snprintf(strport, sizeof strport, "%d", options->ports[i]);
257511b41d2SMark Murray 		if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
258511b41d2SMark Murray 			fatal("bad addr or host: %s (%s)\n",
259511b41d2SMark Murray 			    addr ? addr : "<NULL>",
260511b41d2SMark Murray 			    gai_strerror(gaierr));
261511b41d2SMark Murray 		for (ai = aitop; ai->ai_next; ai = ai->ai_next)
262511b41d2SMark Murray 			;
263511b41d2SMark Murray 		ai->ai_next = options->listen_addrs;
264511b41d2SMark Murray 		options->listen_addrs = aitop;
265511b41d2SMark Murray 	}
266511b41d2SMark Murray }
267511b41d2SMark Murray 
268511b41d2SMark Murray /* Reads the server configuration file. */
269511b41d2SMark Murray 
270511b41d2SMark Murray void
271511b41d2SMark Murray read_server_config(ServerOptions *options, const char *filename)
272511b41d2SMark Murray {
273511b41d2SMark Murray 	FILE *f;
274511b41d2SMark Murray 	char line[1024];
275511b41d2SMark Murray 	char *cp, **charptr;
276511b41d2SMark Murray 	int linenum, *intptr, value;
277511b41d2SMark Murray 	int bad_options = 0;
278511b41d2SMark Murray 	ServerOpCodes opcode;
279511b41d2SMark Murray 
280511b41d2SMark Murray 	f = fopen(filename, "r");
281511b41d2SMark Murray 	if (!f) {
282511b41d2SMark Murray 		perror(filename);
283511b41d2SMark Murray 		exit(1);
284511b41d2SMark Murray 	}
285511b41d2SMark Murray 	linenum = 0;
286511b41d2SMark Murray 	while (fgets(line, sizeof(line), f)) {
287511b41d2SMark Murray 		linenum++;
288511b41d2SMark Murray 		cp = line + strspn(line, WHITESPACE);
289511b41d2SMark Murray 		if (!*cp || *cp == '#')
290511b41d2SMark Murray 			continue;
291511b41d2SMark Murray 		cp = strtok(cp, WHITESPACE);
292511b41d2SMark Murray 		opcode = parse_token(cp, filename, linenum);
293511b41d2SMark Murray 		switch (opcode) {
294511b41d2SMark Murray 		case sBadOption:
295511b41d2SMark Murray 			bad_options++;
296511b41d2SMark Murray 			continue;
297511b41d2SMark Murray 		case sPort:
298511b41d2SMark Murray 			/* ignore ports from configfile if cmdline specifies ports */
299511b41d2SMark Murray 			if (options->ports_from_cmdline)
300511b41d2SMark Murray 				continue;
301511b41d2SMark Murray 			if (options->listen_addrs != NULL)
302511b41d2SMark Murray 				fatal("%s line %d: ports must be specified before "
303511b41d2SMark Murray 				    "ListenAdress.\n", filename, linenum);
304511b41d2SMark Murray 			if (options->num_ports >= MAX_PORTS)
305511b41d2SMark Murray 				fatal("%s line %d: too many ports.\n",
306511b41d2SMark Murray 			            filename, linenum);
307511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
308511b41d2SMark Murray 			if (!cp)
309511b41d2SMark Murray 				fatal("%s line %d: missing port number.\n",
310511b41d2SMark Murray 				    filename, linenum);
311511b41d2SMark Murray 			options->ports[options->num_ports++] = atoi(cp);
312511b41d2SMark Murray 			break;
313511b41d2SMark Murray 
314511b41d2SMark Murray 		case sServerKeyBits:
315511b41d2SMark Murray 			intptr = &options->server_key_bits;
316511b41d2SMark Murray parse_int:
317511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
318511b41d2SMark Murray 			if (!cp) {
319511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing integer value.\n",
320511b41d2SMark Murray 					filename, linenum);
321511b41d2SMark Murray 				exit(1);
322511b41d2SMark Murray 			}
32342f71286SMark Murray 			if (sscanf(cp, " %d ", &value) != 1) {
32442f71286SMark Murray 				fprintf(stderr, "%s line %d: invalid integer value.\n",
32542f71286SMark Murray 					filename, linenum);
32642f71286SMark Murray 				exit(1);
32742f71286SMark Murray 			}
328511b41d2SMark Murray 			if (*intptr == -1)
329511b41d2SMark Murray 				*intptr = value;
330511b41d2SMark Murray 			break;
331511b41d2SMark Murray 
332511b41d2SMark Murray 		case sLoginGraceTime:
333511b41d2SMark Murray 			intptr = &options->login_grace_time;
334511b41d2SMark Murray 			goto parse_int;
335511b41d2SMark Murray 
336511b41d2SMark Murray 		case sKeyRegenerationTime:
337511b41d2SMark Murray 			intptr = &options->key_regeneration_time;
338511b41d2SMark Murray 			goto parse_int;
339511b41d2SMark Murray 
340511b41d2SMark Murray 		case sListenAddress:
341511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
342511b41d2SMark Murray 			if (!cp)
343511b41d2SMark Murray 				fatal("%s line %d: missing inet addr.\n",
344511b41d2SMark Murray 				    filename, linenum);
345511b41d2SMark Murray 			add_listen_addr(options, cp);
346511b41d2SMark Murray 			break;
347511b41d2SMark Murray 
348511b41d2SMark Murray 		case sHostKeyFile:
349511b41d2SMark Murray 			charptr = &options->host_key_file;
350511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
351511b41d2SMark Murray 			if (!cp) {
352511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing file name.\n",
353511b41d2SMark Murray 					filename, linenum);
354511b41d2SMark Murray 				exit(1);
355511b41d2SMark Murray 			}
356511b41d2SMark Murray 			if (*charptr == NULL)
357511b41d2SMark Murray 				*charptr = tilde_expand_filename(cp, getuid());
358511b41d2SMark Murray 			break;
359511b41d2SMark Murray 
360511b41d2SMark Murray 		case sRandomSeedFile:
361511b41d2SMark Murray 			fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
362511b41d2SMark Murray 				filename, linenum);
363511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
364511b41d2SMark Murray 			break;
365511b41d2SMark Murray 
366511b41d2SMark Murray 		case sPermitRootLogin:
367511b41d2SMark Murray 			intptr = &options->permit_root_login;
368511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
369511b41d2SMark Murray 			if (!cp) {
370511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
371511b41d2SMark Murray 					filename, linenum);
372511b41d2SMark Murray 				exit(1);
373511b41d2SMark Murray 			}
374511b41d2SMark Murray 			if (strcmp(cp, "without-password") == 0)
375511b41d2SMark Murray 				value = 2;
376511b41d2SMark Murray 			else if (strcmp(cp, "yes") == 0)
377511b41d2SMark Murray 				value = 1;
378511b41d2SMark Murray 			else if (strcmp(cp, "no") == 0)
379511b41d2SMark Murray 				value = 0;
380511b41d2SMark Murray 			else {
381511b41d2SMark Murray 				fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
382511b41d2SMark Murray 					filename, linenum, cp);
383511b41d2SMark Murray 				exit(1);
384511b41d2SMark Murray 			}
385511b41d2SMark Murray 			if (*intptr == -1)
386511b41d2SMark Murray 				*intptr = value;
387511b41d2SMark Murray 			break;
388511b41d2SMark Murray 
389511b41d2SMark Murray 		case sIgnoreRhosts:
390511b41d2SMark Murray 			intptr = &options->ignore_rhosts;
391511b41d2SMark Murray parse_flag:
392511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
393511b41d2SMark Murray 			if (!cp) {
394511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing yes/no argument.\n",
395511b41d2SMark Murray 					filename, linenum);
396511b41d2SMark Murray 				exit(1);
397511b41d2SMark Murray 			}
398511b41d2SMark Murray 			if (strcmp(cp, "yes") == 0)
399511b41d2SMark Murray 				value = 1;
400511b41d2SMark Murray 			else if (strcmp(cp, "no") == 0)
401511b41d2SMark Murray 				value = 0;
402511b41d2SMark Murray 			else {
403511b41d2SMark Murray 				fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
404511b41d2SMark Murray 					filename, linenum, cp);
405511b41d2SMark Murray 				exit(1);
406511b41d2SMark Murray 			}
407511b41d2SMark Murray 			if (*intptr == -1)
408511b41d2SMark Murray 				*intptr = value;
409511b41d2SMark Murray 			break;
410511b41d2SMark Murray 
411511b41d2SMark Murray 		case sIgnoreUserKnownHosts:
412511b41d2SMark Murray 			intptr = &options->ignore_user_known_hosts;
413511b41d2SMark Murray 			goto parse_int;
414511b41d2SMark Murray 
415511b41d2SMark Murray 		case sRhostsAuthentication:
416511b41d2SMark Murray 			intptr = &options->rhosts_authentication;
417511b41d2SMark Murray 			goto parse_flag;
418511b41d2SMark Murray 
419511b41d2SMark Murray 		case sRhostsRSAAuthentication:
420511b41d2SMark Murray 			intptr = &options->rhosts_rsa_authentication;
421511b41d2SMark Murray 			goto parse_flag;
422511b41d2SMark Murray 
423511b41d2SMark Murray 		case sRSAAuthentication:
424511b41d2SMark Murray 			intptr = &options->rsa_authentication;
425511b41d2SMark Murray 			goto parse_flag;
426511b41d2SMark Murray 
427511b41d2SMark Murray #ifdef KRB4
428511b41d2SMark Murray 		case sKerberosAuthentication:
429511b41d2SMark Murray 			intptr = &options->kerberos_authentication;
430511b41d2SMark Murray 			goto parse_flag;
431511b41d2SMark Murray 
432511b41d2SMark Murray 		case sKerberosOrLocalPasswd:
433511b41d2SMark Murray 			intptr = &options->kerberos_or_local_passwd;
434511b41d2SMark Murray 			goto parse_flag;
435511b41d2SMark Murray 
436511b41d2SMark Murray 		case sKerberosTicketCleanup:
437511b41d2SMark Murray 			intptr = &options->kerberos_ticket_cleanup;
438511b41d2SMark Murray 			goto parse_flag;
439511b41d2SMark Murray #endif
440511b41d2SMark Murray 
441511b41d2SMark Murray #ifdef AFS
442511b41d2SMark Murray 		case sKerberosTgtPassing:
443511b41d2SMark Murray 			intptr = &options->kerberos_tgt_passing;
444511b41d2SMark Murray 			goto parse_flag;
445511b41d2SMark Murray 
446511b41d2SMark Murray 		case sAFSTokenPassing:
447511b41d2SMark Murray 			intptr = &options->afs_token_passing;
448511b41d2SMark Murray 			goto parse_flag;
449511b41d2SMark Murray #endif
450511b41d2SMark Murray 
451511b41d2SMark Murray 		case sPasswordAuthentication:
452511b41d2SMark Murray 			intptr = &options->password_authentication;
453511b41d2SMark Murray 			goto parse_flag;
454511b41d2SMark Murray 
455511b41d2SMark Murray 		case sCheckMail:
456511b41d2SMark Murray 			intptr = &options->check_mail;
457511b41d2SMark Murray 			goto parse_flag;
458511b41d2SMark Murray 
459511b41d2SMark Murray #ifdef SKEY
460511b41d2SMark Murray 		case sSkeyAuthentication:
461511b41d2SMark Murray 			intptr = &options->skey_authentication;
462511b41d2SMark Murray 			goto parse_flag;
463511b41d2SMark Murray #endif
464511b41d2SMark Murray 
465511b41d2SMark Murray 		case sPrintMotd:
466511b41d2SMark Murray 			intptr = &options->print_motd;
467511b41d2SMark Murray 			goto parse_flag;
468511b41d2SMark Murray 
469511b41d2SMark Murray 		case sX11Forwarding:
470511b41d2SMark Murray 			intptr = &options->x11_forwarding;
471511b41d2SMark Murray 			goto parse_flag;
472511b41d2SMark Murray 
473511b41d2SMark Murray 		case sX11DisplayOffset:
474511b41d2SMark Murray 			intptr = &options->x11_display_offset;
475511b41d2SMark Murray 			goto parse_int;
476511b41d2SMark Murray 
477511b41d2SMark Murray 		case sStrictModes:
478511b41d2SMark Murray 			intptr = &options->strict_modes;
479511b41d2SMark Murray 			goto parse_flag;
480511b41d2SMark Murray 
481511b41d2SMark Murray 		case sKeepAlives:
482511b41d2SMark Murray 			intptr = &options->keepalives;
483511b41d2SMark Murray 			goto parse_flag;
484511b41d2SMark Murray 
485511b41d2SMark Murray 		case sEmptyPasswd:
486511b41d2SMark Murray 			intptr = &options->permit_empty_passwd;
487511b41d2SMark Murray 			goto parse_flag;
488511b41d2SMark Murray 
489511b41d2SMark Murray 		case sUseLogin:
490511b41d2SMark Murray 			intptr = &options->use_login;
491511b41d2SMark Murray 			goto parse_flag;
492511b41d2SMark Murray 
493511b41d2SMark Murray 		case sLogFacility:
494511b41d2SMark Murray 			intptr = (int *) &options->log_facility;
495511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
496511b41d2SMark Murray 			value = log_facility_number(cp);
497511b41d2SMark Murray 			if (value == (SyslogFacility) - 1)
498511b41d2SMark Murray 				fatal("%.200s line %d: unsupported log facility '%s'\n",
499511b41d2SMark Murray 				  filename, linenum, cp ? cp : "<NONE>");
500511b41d2SMark Murray 			if (*intptr == -1)
501511b41d2SMark Murray 				*intptr = (SyslogFacility) value;
502511b41d2SMark Murray 			break;
503511b41d2SMark Murray 
504511b41d2SMark Murray 		case sLogLevel:
505511b41d2SMark Murray 			intptr = (int *) &options->log_level;
506511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
507511b41d2SMark Murray 			value = log_level_number(cp);
508511b41d2SMark Murray 			if (value == (LogLevel) - 1)
509511b41d2SMark Murray 				fatal("%.200s line %d: unsupported log level '%s'\n",
510511b41d2SMark Murray 				  filename, linenum, cp ? cp : "<NONE>");
511511b41d2SMark Murray 			if (*intptr == -1)
512511b41d2SMark Murray 				*intptr = (LogLevel) value;
513511b41d2SMark Murray 			break;
514511b41d2SMark Murray 
515511b41d2SMark Murray 		case sAllowUsers:
516511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
51742f71286SMark Murray 				if (options->num_allow_users >= MAX_ALLOW_USERS)
51842f71286SMark Murray 					fatal("%.200s line %d: too many allow users.\n", filename,
51942f71286SMark Murray 					    linenum);
520511b41d2SMark Murray 				options->allow_users[options->num_allow_users++] = xstrdup(cp);
521511b41d2SMark Murray 			}
522511b41d2SMark Murray 			break;
523511b41d2SMark Murray 
524511b41d2SMark Murray 		case sDenyUsers:
525511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
52642f71286SMark Murray 				if (options->num_deny_users >= MAX_DENY_USERS)
52742f71286SMark Murray 					fatal("%.200s line %d: too many deny users.\n", filename,
52842f71286SMark Murray 					    linenum);
529511b41d2SMark Murray 				options->deny_users[options->num_deny_users++] = xstrdup(cp);
530511b41d2SMark Murray 			}
531511b41d2SMark Murray 			break;
532511b41d2SMark Murray 
533511b41d2SMark Murray 		case sAllowGroups:
534511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
53542f71286SMark Murray 				if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
53642f71286SMark Murray 					fatal("%.200s line %d: too many allow groups.\n", filename,
53742f71286SMark Murray 					    linenum);
538511b41d2SMark Murray 				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
539511b41d2SMark Murray 			}
540511b41d2SMark Murray 			break;
541511b41d2SMark Murray 
542511b41d2SMark Murray 		case sDenyGroups:
543511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
54442f71286SMark Murray 				if (options->num_deny_groups >= MAX_DENY_GROUPS)
54542f71286SMark Murray 					fatal("%.200s line %d: too many deny groups.\n", filename,
54642f71286SMark Murray 					    linenum);
547511b41d2SMark Murray 				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
548511b41d2SMark Murray 			}
549511b41d2SMark Murray 			break;
550511b41d2SMark Murray 
55142f71286SMark Murray 		case sConnectionsPerPeriod:
55242f71286SMark Murray 			cp = strtok(NULL, WHITESPACE);
55342f71286SMark Murray 			if (cp == NULL)
55442f71286SMark Murray 				fatal("%.200s line %d: missing (>= 0) number argument.\n",
555511b41d2SMark Murray 					filename, linenum);
55642f71286SMark Murray 			if (sscanf(cp, " %u/%u ", &options->connections_per_period,
55742f71286SMark Murray 			    &options->connections_period) != 2)
55842f71286SMark Murray 				fatal("%.200s line %d: invalid numerical argument(s).\n",
55942f71286SMark Murray 				    filename, linenum);
56042f71286SMark Murray 			if (options->connections_per_period != 0 &&
56142f71286SMark Murray 			    options->connections_period == 0)
56242f71286SMark Murray 				fatal("%.200s line %d: invalid connections period.\n",
56342f71286SMark Murray 				    filename, linenum);
56442f71286SMark Murray 			break;
56542f71286SMark Murray 
56642f71286SMark Murray 		default:
56742f71286SMark Murray 			fatal("%.200s line %d: Missing handler for opcode %s (%d)\n",
56842f71286SMark Murray 				filename, linenum, cp, opcode);
569511b41d2SMark Murray 		}
57042f71286SMark Murray 		if (strtok(NULL, WHITESPACE) != NULL)
57142f71286SMark Murray 			fatal("%.200s line %d: garbage at end of line.\n", filename,
57242f71286SMark Murray 			    linenum);
573511b41d2SMark Murray 	}
574511b41d2SMark Murray 	fclose(f);
57542f71286SMark Murray 	if (bad_options > 0)
57642f71286SMark Murray 		fatal("%.200s: terminating, %d bad configuration options\n",
577511b41d2SMark Murray 			filename, bad_options);
578511b41d2SMark Murray }
579