xref: /freebsd/crypto/openssh/servconf.c (revision fe5fd0173b1983e53ba8dbafb3229b37444e7986) 
1511b41d2SMark Murray /*
2511b41d2SMark Murray  *
3511b41d2SMark Murray  * servconf.c
4511b41d2SMark Murray  *
5511b41d2SMark Murray  * Author: Tatu Ylonen <ylo@cs.hut.fi>
6511b41d2SMark Murray  *
7511b41d2SMark Murray  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8511b41d2SMark Murray  *                    All rights reserved
9511b41d2SMark Murray  *
10511b41d2SMark Murray  * Created: Mon Aug 21 15:48:58 1995 ylo
11511b41d2SMark Murray  *
1242f71286SMark Murray  * $FreeBSD$
13511b41d2SMark Murray  */
14511b41d2SMark Murray 
15511b41d2SMark Murray #include "includes.h"
16fe5fd017SMark Murray RCSID("$Id: servconf.c,v 1.30 2000/02/24 18:22:16 markus Exp $");
17511b41d2SMark Murray 
18511b41d2SMark Murray #include "ssh.h"
19511b41d2SMark Murray #include "servconf.h"
20511b41d2SMark Murray #include "xmalloc.h"
21511b41d2SMark Murray 
22511b41d2SMark Murray /* add listen address */
23511b41d2SMark Murray void add_listen_addr(ServerOptions *options, char *addr);
24511b41d2SMark Murray 
25511b41d2SMark Murray /* Initializes the server options to their default values. */
26511b41d2SMark Murray 
27511b41d2SMark Murray void
28511b41d2SMark Murray initialize_server_options(ServerOptions *options)
29511b41d2SMark Murray {
30511b41d2SMark Murray 	memset(options, 0, sizeof(*options));
31511b41d2SMark Murray 	options->num_ports = 0;
32511b41d2SMark Murray 	options->ports_from_cmdline = 0;
33511b41d2SMark Murray 	options->listen_addrs = NULL;
34511b41d2SMark Murray 	options->host_key_file = NULL;
35511b41d2SMark Murray 	options->server_key_bits = -1;
36511b41d2SMark Murray 	options->login_grace_time = -1;
37511b41d2SMark Murray 	options->key_regeneration_time = -1;
38511b41d2SMark Murray 	options->permit_root_login = -1;
39511b41d2SMark Murray 	options->ignore_rhosts = -1;
40511b41d2SMark Murray 	options->ignore_user_known_hosts = -1;
41511b41d2SMark Murray 	options->print_motd = -1;
42511b41d2SMark Murray 	options->check_mail = -1;
43511b41d2SMark Murray 	options->x11_forwarding = -1;
44511b41d2SMark Murray 	options->x11_display_offset = -1;
45511b41d2SMark Murray 	options->strict_modes = -1;
46511b41d2SMark Murray 	options->keepalives = -1;
47511b41d2SMark Murray 	options->log_facility = (SyslogFacility) - 1;
48511b41d2SMark Murray 	options->log_level = (LogLevel) - 1;
49511b41d2SMark Murray 	options->rhosts_authentication = -1;
50511b41d2SMark Murray 	options->rhosts_rsa_authentication = -1;
51511b41d2SMark Murray 	options->rsa_authentication = -1;
52511b41d2SMark Murray #ifdef KRB4
53fe5fd017SMark Murray 	options->krb4_authentication = -1;
54fe5fd017SMark Murray 	options->krb4_or_local_passwd = -1;
55fe5fd017SMark Murray 	options->krb4_ticket_cleanup = -1;
56511b41d2SMark Murray #endif
57fe5fd017SMark Murray #ifdef KRB5
58fe5fd017SMark Murray 	options->krb5_authentication = -1;
59fe5fd017SMark Murray 	options->krb5_tgt_passing = -1;
60fe5fd017SMark Murray #endif /* KRB5 */
61511b41d2SMark Murray #ifdef AFS
62fe5fd017SMark Murray 	options->krb4_tgt_passing = -1;
63511b41d2SMark Murray 	options->afs_token_passing = -1;
64511b41d2SMark Murray #endif
65511b41d2SMark Murray 	options->password_authentication = -1;
66511b41d2SMark Murray #ifdef SKEY
67511b41d2SMark Murray 	options->skey_authentication = -1;
68511b41d2SMark Murray #endif
69511b41d2SMark Murray 	options->permit_empty_passwd = -1;
70511b41d2SMark Murray 	options->use_login = -1;
71511b41d2SMark Murray 	options->num_allow_users = 0;
72511b41d2SMark Murray 	options->num_deny_users = 0;
73511b41d2SMark Murray 	options->num_allow_groups = 0;
74511b41d2SMark Murray 	options->num_deny_groups = 0;
7542f71286SMark Murray 	options->connections_per_period = 0;
7642f71286SMark Murray 	options->connections_period = 0;
77511b41d2SMark Murray }
78511b41d2SMark Murray 
79511b41d2SMark Murray void
80511b41d2SMark Murray fill_default_server_options(ServerOptions *options)
81511b41d2SMark Murray {
82511b41d2SMark Murray 	if (options->num_ports == 0)
83511b41d2SMark Murray 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
84511b41d2SMark Murray 	if (options->listen_addrs == NULL)
85511b41d2SMark Murray 		add_listen_addr(options, NULL);
86511b41d2SMark Murray 	if (options->host_key_file == NULL)
87511b41d2SMark Murray 		options->host_key_file = HOST_KEY_FILE;
88511b41d2SMark Murray 	if (options->server_key_bits == -1)
89511b41d2SMark Murray 		options->server_key_bits = 768;
90511b41d2SMark Murray 	if (options->login_grace_time == -1)
91511b41d2SMark Murray 		options->login_grace_time = 600;
92511b41d2SMark Murray 	if (options->key_regeneration_time == -1)
93511b41d2SMark Murray 		options->key_regeneration_time = 3600;
94511b41d2SMark Murray 	if (options->permit_root_login == -1)
95511b41d2SMark Murray 		options->permit_root_login = 1;			/* yes */
96511b41d2SMark Murray 	if (options->ignore_rhosts == -1)
97fe5fd017SMark Murray 		options->ignore_rhosts = 1;
98511b41d2SMark Murray 	if (options->ignore_user_known_hosts == -1)
99511b41d2SMark Murray 		options->ignore_user_known_hosts = 0;
100511b41d2SMark Murray 	if (options->check_mail == -1)
101511b41d2SMark Murray 		options->check_mail = 0;
102511b41d2SMark Murray 	if (options->print_motd == -1)
103511b41d2SMark Murray 		options->print_motd = 1;
104511b41d2SMark Murray 	if (options->x11_forwarding == -1)
105511b41d2SMark Murray 		options->x11_forwarding = 1;
106511b41d2SMark Murray 	if (options->x11_display_offset == -1)
107fe5fd017SMark Murray 		options->x11_display_offset = 10;
108511b41d2SMark Murray 	if (options->strict_modes == -1)
109511b41d2SMark Murray 		options->strict_modes = 1;
110511b41d2SMark Murray 	if (options->keepalives == -1)
111511b41d2SMark Murray 		options->keepalives = 1;
112511b41d2SMark Murray 	if (options->log_facility == (SyslogFacility) (-1))
113511b41d2SMark Murray 		options->log_facility = SYSLOG_FACILITY_AUTH;
114511b41d2SMark Murray 	if (options->log_level == (LogLevel) (-1))
115511b41d2SMark Murray 		options->log_level = SYSLOG_LEVEL_INFO;
116511b41d2SMark Murray 	if (options->rhosts_authentication == -1)
117511b41d2SMark Murray 		options->rhosts_authentication = 0;
118511b41d2SMark Murray 	if (options->rhosts_rsa_authentication == -1)
119fe5fd017SMark Murray 		options->rhosts_rsa_authentication = 0;
120511b41d2SMark Murray 	if (options->rsa_authentication == -1)
121511b41d2SMark Murray 		options->rsa_authentication = 1;
122511b41d2SMark Murray #ifdef KRB4
123fe5fd017SMark Murray 	if (options->krb4_authentication == -1)
124fe5fd017SMark Murray 		options->krb4_authentication = (access(KEYFILE, R_OK) == 0);
125fe5fd017SMark Murray 	if (options->krb4_or_local_passwd == -1)
126fe5fd017SMark Murray 		options->krb4_or_local_passwd = 1;
127fe5fd017SMark Murray 	if (options->krb4_ticket_cleanup == -1)
128fe5fd017SMark Murray 		options->krb4_ticket_cleanup = 1;
129511b41d2SMark Murray #endif /* KRB4 */
130fe5fd017SMark Murray #ifdef KRB5
131fe5fd017SMark Murray 	if (options->krb5_authentication == -1)
132fe5fd017SMark Murray 	  	options->krb5_authentication = 1;
133fe5fd017SMark Murray 	if (options->krb5_tgt_passing == -1)
134fe5fd017SMark Murray 	  	options->krb5_tgt_passing = 1;
135fe5fd017SMark Murray #endif /* KRB5 */
136511b41d2SMark Murray #ifdef AFS
137fe5fd017SMark Murray 	if (options->krb4_tgt_passing == -1)
138fe5fd017SMark Murray 		options->krb4_tgt_passing = 0;
139511b41d2SMark Murray 	if (options->afs_token_passing == -1)
140511b41d2SMark Murray 		options->afs_token_passing = k_hasafs();
141511b41d2SMark Murray #endif /* AFS */
142511b41d2SMark Murray 	if (options->password_authentication == -1)
143511b41d2SMark Murray 		options->password_authentication = 1;
144511b41d2SMark Murray #ifdef SKEY
145511b41d2SMark Murray 	if (options->skey_authentication == -1)
146511b41d2SMark Murray 		options->skey_authentication = 1;
147511b41d2SMark Murray #endif
148511b41d2SMark Murray 	if (options->permit_empty_passwd == -1)
149fe5fd017SMark Murray 		options->permit_empty_passwd = 0;
150511b41d2SMark Murray 	if (options->use_login == -1)
151511b41d2SMark Murray 		options->use_login = 0;
152511b41d2SMark Murray }
153511b41d2SMark Murray 
154511b41d2SMark Murray #define WHITESPACE " \t\r\n"
155511b41d2SMark Murray 
156511b41d2SMark Murray /* Keyword tokens. */
157511b41d2SMark Murray typedef enum {
158511b41d2SMark Murray 	sBadOption,		/* == unknown option */
159511b41d2SMark Murray 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
160511b41d2SMark Murray 	sPermitRootLogin, sLogFacility, sLogLevel,
161511b41d2SMark Murray 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
162511b41d2SMark Murray #ifdef KRB4
163fe5fd017SMark Murray 	sKrb4Authentication, sKrb4OrLocalPasswd, sKrb4TicketCleanup,
164511b41d2SMark Murray #endif
165fe5fd017SMark Murray #ifdef KRB5
166fe5fd017SMark Murray 	sKrb5Authentication, sKrb5TgtPassing,
167fe5fd017SMark Murray #endif /* KRB5 */
168511b41d2SMark Murray #ifdef AFS
169fe5fd017SMark Murray 	sKrb4TgtPassing, sAFSTokenPassing,
170511b41d2SMark Murray #endif
171511b41d2SMark Murray #ifdef SKEY
172511b41d2SMark Murray 	sSkeyAuthentication,
173511b41d2SMark Murray #endif
174511b41d2SMark Murray 	sPasswordAuthentication, sListenAddress,
175511b41d2SMark Murray 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
176511b41d2SMark Murray 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
177511b41d2SMark Murray 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
17842f71286SMark Murray 	sIgnoreUserKnownHosts, sConnectionsPerPeriod
179511b41d2SMark Murray } ServerOpCodes;
180511b41d2SMark Murray 
181511b41d2SMark Murray /* Textual representation of the tokens. */
182511b41d2SMark Murray static struct {
183511b41d2SMark Murray 	const char *name;
184511b41d2SMark Murray 	ServerOpCodes opcode;
185511b41d2SMark Murray } keywords[] = {
186511b41d2SMark Murray 	{ "port", sPort },
187511b41d2SMark Murray 	{ "hostkey", sHostKeyFile },
188511b41d2SMark Murray 	{ "serverkeybits", sServerKeyBits },
189511b41d2SMark Murray 	{ "logingracetime", sLoginGraceTime },
190511b41d2SMark Murray 	{ "keyregenerationinterval", sKeyRegenerationTime },
191511b41d2SMark Murray 	{ "permitrootlogin", sPermitRootLogin },
192511b41d2SMark Murray 	{ "syslogfacility", sLogFacility },
193511b41d2SMark Murray 	{ "loglevel", sLogLevel },
194511b41d2SMark Murray 	{ "rhostsauthentication", sRhostsAuthentication },
195511b41d2SMark Murray 	{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
196511b41d2SMark Murray 	{ "rsaauthentication", sRSAAuthentication },
197511b41d2SMark Murray #ifdef KRB4
198fe5fd017SMark Murray 	{ "kerberos4authentication", sKrb4Authentication },
199fe5fd017SMark Murray 	{ "kerberos4orlocalpasswd", sKrb4OrLocalPasswd },
200fe5fd017SMark Murray 	{ "kerberos4ticketcleanup", sKrb4TicketCleanup },
201511b41d2SMark Murray #endif
202fe5fd017SMark Murray #ifdef KRB5
203fe5fd017SMark Murray 	{ "kerberos5authentication", sKrb5Authentication },
204fe5fd017SMark Murray 	{ "kerberos5tgtpassing", sKrb5TgtPassing },
205fe5fd017SMark Murray #endif /* KRB5 */
206511b41d2SMark Murray #ifdef AFS
207fe5fd017SMark Murray 	{ "kerberos4tgtpassing", sKrb4TgtPassing },
208511b41d2SMark Murray 	{ "afstokenpassing", sAFSTokenPassing },
209511b41d2SMark Murray #endif
210511b41d2SMark Murray 	{ "passwordauthentication", sPasswordAuthentication },
211511b41d2SMark Murray #ifdef SKEY
212511b41d2SMark Murray 	{ "skeyauthentication", sSkeyAuthentication },
213511b41d2SMark Murray #endif
214511b41d2SMark Murray 	{ "checkmail", sCheckMail },
215511b41d2SMark Murray 	{ "listenaddress", sListenAddress },
216511b41d2SMark Murray 	{ "printmotd", sPrintMotd },
217511b41d2SMark Murray 	{ "ignorerhosts", sIgnoreRhosts },
218511b41d2SMark Murray 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
219511b41d2SMark Murray 	{ "x11forwarding", sX11Forwarding },
220511b41d2SMark Murray 	{ "x11displayoffset", sX11DisplayOffset },
221511b41d2SMark Murray 	{ "strictmodes", sStrictModes },
222511b41d2SMark Murray 	{ "permitemptypasswords", sEmptyPasswd },
223511b41d2SMark Murray 	{ "uselogin", sUseLogin },
224511b41d2SMark Murray 	{ "randomseed", sRandomSeedFile },
225511b41d2SMark Murray 	{ "keepalive", sKeepAlives },
226511b41d2SMark Murray 	{ "allowusers", sAllowUsers },
227511b41d2SMark Murray 	{ "denyusers", sDenyUsers },
228511b41d2SMark Murray 	{ "allowgroups", sAllowGroups },
229511b41d2SMark Murray 	{ "denygroups", sDenyGroups },
23042f71286SMark Murray 	{ "connectionsperperiod", sConnectionsPerPeriod },
231511b41d2SMark Murray 	{ NULL, 0 }
232511b41d2SMark Murray };
233511b41d2SMark Murray 
234511b41d2SMark Murray /*
235511b41d2SMark Murray  * Returns the number of the token pointed to by cp of length len. Never
236511b41d2SMark Murray  * returns if the token is not known.
237511b41d2SMark Murray  */
238511b41d2SMark Murray 
239511b41d2SMark Murray static ServerOpCodes
240511b41d2SMark Murray parse_token(const char *cp, const char *filename,
241511b41d2SMark Murray 	    int linenum)
242511b41d2SMark Murray {
243511b41d2SMark Murray 	unsigned int i;
244511b41d2SMark Murray 
245511b41d2SMark Murray 	for (i = 0; keywords[i].name; i++)
246511b41d2SMark Murray 		if (strcasecmp(cp, keywords[i].name) == 0)
247511b41d2SMark Murray 			return keywords[i].opcode;
248511b41d2SMark Murray 
249511b41d2SMark Murray 	fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
250511b41d2SMark Murray 		filename, linenum, cp);
251511b41d2SMark Murray 	return sBadOption;
252511b41d2SMark Murray }
253511b41d2SMark Murray 
254511b41d2SMark Murray /*
255511b41d2SMark Murray  * add listen address
256511b41d2SMark Murray  */
257511b41d2SMark Murray void
258511b41d2SMark Murray add_listen_addr(ServerOptions *options, char *addr)
259511b41d2SMark Murray {
260511b41d2SMark Murray 	extern int IPv4or6;
261511b41d2SMark Murray 	struct addrinfo hints, *ai, *aitop;
262511b41d2SMark Murray 	char strport[NI_MAXSERV];
263511b41d2SMark Murray 	int gaierr;
264511b41d2SMark Murray 	int i;
265511b41d2SMark Murray 
266511b41d2SMark Murray 	if (options->num_ports == 0)
267511b41d2SMark Murray 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
268511b41d2SMark Murray 	for (i = 0; i < options->num_ports; i++) {
269511b41d2SMark Murray 		memset(&hints, 0, sizeof(hints));
270511b41d2SMark Murray 		hints.ai_family = IPv4or6;
271511b41d2SMark Murray 		hints.ai_socktype = SOCK_STREAM;
272511b41d2SMark Murray 		hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
273511b41d2SMark Murray 		snprintf(strport, sizeof strport, "%d", options->ports[i]);
274511b41d2SMark Murray 		if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
275511b41d2SMark Murray 			fatal("bad addr or host: %s (%s)\n",
276511b41d2SMark Murray 			    addr ? addr : "<NULL>",
277511b41d2SMark Murray 			    gai_strerror(gaierr));
278511b41d2SMark Murray 		for (ai = aitop; ai->ai_next; ai = ai->ai_next)
279511b41d2SMark Murray 			;
280511b41d2SMark Murray 		ai->ai_next = options->listen_addrs;
281511b41d2SMark Murray 		options->listen_addrs = aitop;
282511b41d2SMark Murray 	}
283511b41d2SMark Murray }
284511b41d2SMark Murray 
285511b41d2SMark Murray /* Reads the server configuration file. */
286511b41d2SMark Murray 
287511b41d2SMark Murray void
288511b41d2SMark Murray read_server_config(ServerOptions *options, const char *filename)
289511b41d2SMark Murray {
290511b41d2SMark Murray 	FILE *f;
291511b41d2SMark Murray 	char line[1024];
292511b41d2SMark Murray 	char *cp, **charptr;
293511b41d2SMark Murray 	int linenum, *intptr, value;
294511b41d2SMark Murray 	int bad_options = 0;
295511b41d2SMark Murray 	ServerOpCodes opcode;
296511b41d2SMark Murray 
297511b41d2SMark Murray 	f = fopen(filename, "r");
298511b41d2SMark Murray 	if (!f) {
299511b41d2SMark Murray 		perror(filename);
300511b41d2SMark Murray 		exit(1);
301511b41d2SMark Murray 	}
302511b41d2SMark Murray 	linenum = 0;
303511b41d2SMark Murray 	while (fgets(line, sizeof(line), f)) {
304511b41d2SMark Murray 		linenum++;
305511b41d2SMark Murray 		cp = line + strspn(line, WHITESPACE);
306511b41d2SMark Murray 		if (!*cp || *cp == '#')
307511b41d2SMark Murray 			continue;
308511b41d2SMark Murray 		cp = strtok(cp, WHITESPACE);
309511b41d2SMark Murray 		opcode = parse_token(cp, filename, linenum);
310511b41d2SMark Murray 		switch (opcode) {
311511b41d2SMark Murray 		case sBadOption:
312511b41d2SMark Murray 			bad_options++;
313511b41d2SMark Murray 			continue;
314511b41d2SMark Murray 		case sPort:
315511b41d2SMark Murray 			/* ignore ports from configfile if cmdline specifies ports */
316511b41d2SMark Murray 			if (options->ports_from_cmdline)
317511b41d2SMark Murray 				continue;
318511b41d2SMark Murray 			if (options->listen_addrs != NULL)
319511b41d2SMark Murray 				fatal("%s line %d: ports must be specified before "
320511b41d2SMark Murray 				    "ListenAdress.\n", filename, linenum);
321511b41d2SMark Murray 			if (options->num_ports >= MAX_PORTS)
322511b41d2SMark Murray 				fatal("%s line %d: too many ports.\n",
323511b41d2SMark Murray 			            filename, linenum);
324511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
325511b41d2SMark Murray 			if (!cp)
326511b41d2SMark Murray 				fatal("%s line %d: missing port number.\n",
327511b41d2SMark Murray 				    filename, linenum);
328511b41d2SMark Murray 			options->ports[options->num_ports++] = atoi(cp);
329511b41d2SMark Murray 			break;
330511b41d2SMark Murray 
331511b41d2SMark Murray 		case sServerKeyBits:
332511b41d2SMark Murray 			intptr = &options->server_key_bits;
333511b41d2SMark Murray parse_int:
334511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
335511b41d2SMark Murray 			if (!cp) {
336511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing integer value.\n",
337511b41d2SMark Murray 					filename, linenum);
338511b41d2SMark Murray 				exit(1);
339511b41d2SMark Murray 			}
34042f71286SMark Murray 			if (sscanf(cp, " %d ", &value) != 1) {
34142f71286SMark Murray 				fprintf(stderr, "%s line %d: invalid integer value.\n",
34242f71286SMark Murray 					filename, linenum);
34342f71286SMark Murray 				exit(1);
34442f71286SMark Murray 			}
345511b41d2SMark Murray 			if (*intptr == -1)
346511b41d2SMark Murray 				*intptr = value;
347511b41d2SMark Murray 			break;
348511b41d2SMark Murray 
349511b41d2SMark Murray 		case sLoginGraceTime:
350511b41d2SMark Murray 			intptr = &options->login_grace_time;
351511b41d2SMark Murray 			goto parse_int;
352511b41d2SMark Murray 
353511b41d2SMark Murray 		case sKeyRegenerationTime:
354511b41d2SMark Murray 			intptr = &options->key_regeneration_time;
355511b41d2SMark Murray 			goto parse_int;
356511b41d2SMark Murray 
357511b41d2SMark Murray 		case sListenAddress:
358511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
359511b41d2SMark Murray 			if (!cp)
360511b41d2SMark Murray 				fatal("%s line %d: missing inet addr.\n",
361511b41d2SMark Murray 				    filename, linenum);
362511b41d2SMark Murray 			add_listen_addr(options, cp);
363511b41d2SMark Murray 			break;
364511b41d2SMark Murray 
365511b41d2SMark Murray 		case sHostKeyFile:
366511b41d2SMark Murray 			charptr = &options->host_key_file;
367511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
368511b41d2SMark Murray 			if (!cp) {
369511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing file name.\n",
370511b41d2SMark Murray 					filename, linenum);
371511b41d2SMark Murray 				exit(1);
372511b41d2SMark Murray 			}
373511b41d2SMark Murray 			if (*charptr == NULL)
374511b41d2SMark Murray 				*charptr = tilde_expand_filename(cp, getuid());
375511b41d2SMark Murray 			break;
376511b41d2SMark Murray 
377511b41d2SMark Murray 		case sRandomSeedFile:
378511b41d2SMark Murray 			fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
379511b41d2SMark Murray 				filename, linenum);
380511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
381511b41d2SMark Murray 			break;
382511b41d2SMark Murray 
383511b41d2SMark Murray 		case sPermitRootLogin:
384511b41d2SMark Murray 			intptr = &options->permit_root_login;
385511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
386511b41d2SMark Murray 			if (!cp) {
387511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
388511b41d2SMark Murray 					filename, linenum);
389511b41d2SMark Murray 				exit(1);
390511b41d2SMark Murray 			}
391511b41d2SMark Murray 			if (strcmp(cp, "without-password") == 0)
392511b41d2SMark Murray 				value = 2;
393511b41d2SMark Murray 			else if (strcmp(cp, "yes") == 0)
394511b41d2SMark Murray 				value = 1;
395511b41d2SMark Murray 			else if (strcmp(cp, "no") == 0)
396511b41d2SMark Murray 				value = 0;
397511b41d2SMark Murray 			else {
398511b41d2SMark Murray 				fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
399511b41d2SMark Murray 					filename, linenum, cp);
400511b41d2SMark Murray 				exit(1);
401511b41d2SMark Murray 			}
402511b41d2SMark Murray 			if (*intptr == -1)
403511b41d2SMark Murray 				*intptr = value;
404511b41d2SMark Murray 			break;
405511b41d2SMark Murray 
406511b41d2SMark Murray 		case sIgnoreRhosts:
407511b41d2SMark Murray 			intptr = &options->ignore_rhosts;
408511b41d2SMark Murray parse_flag:
409511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
410511b41d2SMark Murray 			if (!cp) {
411511b41d2SMark Murray 				fprintf(stderr, "%s line %d: missing yes/no argument.\n",
412511b41d2SMark Murray 					filename, linenum);
413511b41d2SMark Murray 				exit(1);
414511b41d2SMark Murray 			}
415511b41d2SMark Murray 			if (strcmp(cp, "yes") == 0)
416511b41d2SMark Murray 				value = 1;
417511b41d2SMark Murray 			else if (strcmp(cp, "no") == 0)
418511b41d2SMark Murray 				value = 0;
419511b41d2SMark Murray 			else {
420511b41d2SMark Murray 				fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
421511b41d2SMark Murray 					filename, linenum, cp);
422511b41d2SMark Murray 				exit(1);
423511b41d2SMark Murray 			}
424511b41d2SMark Murray 			if (*intptr == -1)
425511b41d2SMark Murray 				*intptr = value;
426511b41d2SMark Murray 			break;
427511b41d2SMark Murray 
428511b41d2SMark Murray 		case sIgnoreUserKnownHosts:
429511b41d2SMark Murray 			intptr = &options->ignore_user_known_hosts;
430511b41d2SMark Murray 			goto parse_int;
431511b41d2SMark Murray 
432511b41d2SMark Murray 		case sRhostsAuthentication:
433511b41d2SMark Murray 			intptr = &options->rhosts_authentication;
434511b41d2SMark Murray 			goto parse_flag;
435511b41d2SMark Murray 
436511b41d2SMark Murray 		case sRhostsRSAAuthentication:
437511b41d2SMark Murray 			intptr = &options->rhosts_rsa_authentication;
438511b41d2SMark Murray 			goto parse_flag;
439511b41d2SMark Murray 
440511b41d2SMark Murray 		case sRSAAuthentication:
441511b41d2SMark Murray 			intptr = &options->rsa_authentication;
442511b41d2SMark Murray 			goto parse_flag;
443511b41d2SMark Murray 
444511b41d2SMark Murray #ifdef KRB4
445fe5fd017SMark Murray 		case sKrb4Authentication:
446fe5fd017SMark Murray 			intptr = &options->krb4_authentication;
447511b41d2SMark Murray 			goto parse_flag;
448511b41d2SMark Murray 
449fe5fd017SMark Murray 		case sKrb4OrLocalPasswd:
450fe5fd017SMark Murray 			intptr = &options->krb4_or_local_passwd;
451511b41d2SMark Murray 			goto parse_flag;
452511b41d2SMark Murray 
453fe5fd017SMark Murray 		case sKrb4TicketCleanup:
454fe5fd017SMark Murray 			intptr = &options->krb4_ticket_cleanup;
455511b41d2SMark Murray 			goto parse_flag;
456511b41d2SMark Murray #endif
457511b41d2SMark Murray 
458fe5fd017SMark Murray #ifdef KRB5
459fe5fd017SMark Murray 		case sKrb5Authentication:
460fe5fd017SMark Murray 			intptr = &options->krb5_authentication;
461fe5fd017SMark Murray 			goto parse_flag;
462fe5fd017SMark Murray 
463fe5fd017SMark Murray 		case sKrb5TgtPassing:
464fe5fd017SMark Murray 			intptr = &options->krb5_tgt_passing;
465fe5fd017SMark Murray 			goto parse_flag;
466fe5fd017SMark Murray #endif /* KRB5 */
467fe5fd017SMark Murray 
468511b41d2SMark Murray #ifdef AFS
469fe5fd017SMark Murray 		case sKrb4TgtPassing:
470fe5fd017SMark Murray 			intptr = &options->krb4_tgt_passing;
471511b41d2SMark Murray 			goto parse_flag;
472511b41d2SMark Murray 
473511b41d2SMark Murray 		case sAFSTokenPassing:
474511b41d2SMark Murray 			intptr = &options->afs_token_passing;
475511b41d2SMark Murray 			goto parse_flag;
476511b41d2SMark Murray #endif
477511b41d2SMark Murray 
478511b41d2SMark Murray 		case sPasswordAuthentication:
479511b41d2SMark Murray 			intptr = &options->password_authentication;
480511b41d2SMark Murray 			goto parse_flag;
481511b41d2SMark Murray 
482511b41d2SMark Murray 		case sCheckMail:
483511b41d2SMark Murray 			intptr = &options->check_mail;
484511b41d2SMark Murray 			goto parse_flag;
485511b41d2SMark Murray 
486511b41d2SMark Murray #ifdef SKEY
487511b41d2SMark Murray 		case sSkeyAuthentication:
488511b41d2SMark Murray 			intptr = &options->skey_authentication;
489511b41d2SMark Murray 			goto parse_flag;
490511b41d2SMark Murray #endif
491511b41d2SMark Murray 
492511b41d2SMark Murray 		case sPrintMotd:
493511b41d2SMark Murray 			intptr = &options->print_motd;
494511b41d2SMark Murray 			goto parse_flag;
495511b41d2SMark Murray 
496511b41d2SMark Murray 		case sX11Forwarding:
497511b41d2SMark Murray 			intptr = &options->x11_forwarding;
498511b41d2SMark Murray 			goto parse_flag;
499511b41d2SMark Murray 
500511b41d2SMark Murray 		case sX11DisplayOffset:
501511b41d2SMark Murray 			intptr = &options->x11_display_offset;
502511b41d2SMark Murray 			goto parse_int;
503511b41d2SMark Murray 
504511b41d2SMark Murray 		case sStrictModes:
505511b41d2SMark Murray 			intptr = &options->strict_modes;
506511b41d2SMark Murray 			goto parse_flag;
507511b41d2SMark Murray 
508511b41d2SMark Murray 		case sKeepAlives:
509511b41d2SMark Murray 			intptr = &options->keepalives;
510511b41d2SMark Murray 			goto parse_flag;
511511b41d2SMark Murray 
512511b41d2SMark Murray 		case sEmptyPasswd:
513511b41d2SMark Murray 			intptr = &options->permit_empty_passwd;
514511b41d2SMark Murray 			goto parse_flag;
515511b41d2SMark Murray 
516511b41d2SMark Murray 		case sUseLogin:
517511b41d2SMark Murray 			intptr = &options->use_login;
518511b41d2SMark Murray 			goto parse_flag;
519511b41d2SMark Murray 
520511b41d2SMark Murray 		case sLogFacility:
521511b41d2SMark Murray 			intptr = (int *) &options->log_facility;
522511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
523511b41d2SMark Murray 			value = log_facility_number(cp);
524511b41d2SMark Murray 			if (value == (SyslogFacility) - 1)
525511b41d2SMark Murray 				fatal("%.200s line %d: unsupported log facility '%s'\n",
526511b41d2SMark Murray 				  filename, linenum, cp ? cp : "<NONE>");
527511b41d2SMark Murray 			if (*intptr == -1)
528511b41d2SMark Murray 				*intptr = (SyslogFacility) value;
529511b41d2SMark Murray 			break;
530511b41d2SMark Murray 
531511b41d2SMark Murray 		case sLogLevel:
532511b41d2SMark Murray 			intptr = (int *) &options->log_level;
533511b41d2SMark Murray 			cp = strtok(NULL, WHITESPACE);
534511b41d2SMark Murray 			value = log_level_number(cp);
535511b41d2SMark Murray 			if (value == (LogLevel) - 1)
536511b41d2SMark Murray 				fatal("%.200s line %d: unsupported log level '%s'\n",
537511b41d2SMark Murray 				  filename, linenum, cp ? cp : "<NONE>");
538511b41d2SMark Murray 			if (*intptr == -1)
539511b41d2SMark Murray 				*intptr = (LogLevel) value;
540511b41d2SMark Murray 			break;
541511b41d2SMark Murray 
542511b41d2SMark Murray 		case sAllowUsers:
543511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
54442f71286SMark Murray 				if (options->num_allow_users >= MAX_ALLOW_USERS)
54542f71286SMark Murray 					fatal("%.200s line %d: too many allow users.\n", filename,
54642f71286SMark Murray 					    linenum);
547511b41d2SMark Murray 				options->allow_users[options->num_allow_users++] = xstrdup(cp);
548511b41d2SMark Murray 			}
549511b41d2SMark Murray 			break;
550511b41d2SMark Murray 
551511b41d2SMark Murray 		case sDenyUsers:
552511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
55342f71286SMark Murray 				if (options->num_deny_users >= MAX_DENY_USERS)
55442f71286SMark Murray 					fatal("%.200s line %d: too many deny users.\n", filename,
55542f71286SMark Murray 					    linenum);
556511b41d2SMark Murray 				options->deny_users[options->num_deny_users++] = xstrdup(cp);
557511b41d2SMark Murray 			}
558511b41d2SMark Murray 			break;
559511b41d2SMark Murray 
560511b41d2SMark Murray 		case sAllowGroups:
561511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
56242f71286SMark Murray 				if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
56342f71286SMark Murray 					fatal("%.200s line %d: too many allow groups.\n", filename,
56442f71286SMark Murray 					    linenum);
565511b41d2SMark Murray 				options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
566511b41d2SMark Murray 			}
567511b41d2SMark Murray 			break;
568511b41d2SMark Murray 
569511b41d2SMark Murray 		case sDenyGroups:
570511b41d2SMark Murray 			while ((cp = strtok(NULL, WHITESPACE))) {
57142f71286SMark Murray 				if (options->num_deny_groups >= MAX_DENY_GROUPS)
57242f71286SMark Murray 					fatal("%.200s line %d: too many deny groups.\n", filename,
57342f71286SMark Murray 					    linenum);
574511b41d2SMark Murray 				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
575511b41d2SMark Murray 			}
576511b41d2SMark Murray 			break;
577511b41d2SMark Murray 
57842f71286SMark Murray 		case sConnectionsPerPeriod:
57942f71286SMark Murray 			cp = strtok(NULL, WHITESPACE);
58042f71286SMark Murray 			if (cp == NULL)
58142f71286SMark Murray 				fatal("%.200s line %d: missing (>= 0) number argument.\n",
582511b41d2SMark Murray 					filename, linenum);
58342f71286SMark Murray 			if (sscanf(cp, " %u/%u ", &options->connections_per_period,
58442f71286SMark Murray 			    &options->connections_period) != 2)
58542f71286SMark Murray 				fatal("%.200s line %d: invalid numerical argument(s).\n",
58642f71286SMark Murray 				    filename, linenum);
58742f71286SMark Murray 			if (options->connections_per_period != 0 &&
58842f71286SMark Murray 			    options->connections_period == 0)
58942f71286SMark Murray 				fatal("%.200s line %d: invalid connections period.\n",
59042f71286SMark Murray 				    filename, linenum);
59142f71286SMark Murray 			break;
59242f71286SMark Murray 
59342f71286SMark Murray 		default:
59442f71286SMark Murray 			fatal("%.200s line %d: Missing handler for opcode %s (%d)\n",
59542f71286SMark Murray 				filename, linenum, cp, opcode);
596511b41d2SMark Murray 		}
59742f71286SMark Murray 		if (strtok(NULL, WHITESPACE) != NULL)
59842f71286SMark Murray 			fatal("%.200s line %d: garbage at end of line.\n", filename,
59942f71286SMark Murray 			    linenum);
600511b41d2SMark Murray 	}
601511b41d2SMark Murray 	fclose(f);
60242f71286SMark Murray 	if (bad_options > 0)
60342f71286SMark Murray 		fatal("%.200s: terminating, %d bad configuration options\n",
604511b41d2SMark Murray 			filename, bad_options);
605511b41d2SMark Murray }
606