1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Definitions for server configuration data and for the functions reading it. 6 * 7 * As far as I am concerned, the code I have written for this software 8 * can be used freely for any purpose. Any derived versions of this 9 * software must be clearly marked as such, and if the derived work is 10 * incompatible with the protocol description in the RFC file, it must be 11 * called by a name other than "ssh" or "Secure Shell". 12 */ 13 /* 14 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. 15 */ 16 17 /* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ 18 19 #ifndef _SERVCONF_H 20 #define _SERVCONF_H 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 #define MAX_PORTS 256 /* Max # ports. */ 27 28 #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ 29 #define MAX_DENY_USERS 256 /* Max # users on deny list. */ 30 #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ 31 #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ 32 #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 33 #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ 34 35 /* permit_root_login */ 36 #define PERMIT_NOT_SET -1 37 #define PERMIT_NO 0 38 #define PERMIT_FORCED_ONLY 1 39 #define PERMIT_NO_PASSWD 2 40 #define PERMIT_YES 3 41 42 /* Magic name for internal sftp-server */ 43 #define INTERNAL_SFTP_NAME "internal-sftp" 44 #define _SSH_PAM_SERVICE_PREFIX "sshd" 45 46 typedef struct { 47 u_int num_ports; 48 u_int ports_from_cmdline; 49 u_short ports[MAX_PORTS]; /* Port number to listen on. */ 50 char *listen_addr; /* Address on which the server listens. */ 51 struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 52 char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ 53 int num_host_key_files; /* Number of files for host keys. */ 54 char *pid_file; /* Where to put our pid */ 55 int server_key_bits;/* Size of the server key. */ 56 int login_grace_time; /* Disconnect if no auth in this time 57 * (sec). */ 58 int key_regeneration_time; /* Server key lifetime (seconds). */ 59 int permit_root_login; /* PERMIT_*, see above */ 60 int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 61 int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 62 * for RhostsRsaAuth */ 63 int print_motd; /* If true, print /etc/motd. */ 64 int print_lastlog; /* If true, print lastlog */ 65 int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 66 int x11_display_offset; /* What DISPLAY number to start 67 * searching at */ 68 int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 69 char *xauth_location; /* Location of xauth program */ 70 int strict_modes; /* If true, require string home dir modes. */ 71 int keepalives; /* If true, set SO_KEEPALIVE. */ 72 char *ciphers; /* Supported SSH2 ciphers. */ 73 char *macs; /* Supported SSH2 macs. */ 74 int protocol; /* Supported protocol versions. */ 75 int gateway_ports; /* If true, allow remote connects to forwarded ports. */ 76 SyslogFacility log_facility; /* Facility for system logging. */ 77 LogLevel log_level; /* Level for system logging. */ 78 int rhosts_authentication; /* If true, permit rhosts 79 * authentication. */ 80 int rhosts_rsa_authentication; /* If true, permit rhosts RSA 81 * authentication. */ 82 int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 83 int hostbased_uses_name_from_packet_only; /* experimental */ 84 int rsa_authentication; /* If true, permit RSA authentication. */ 85 int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 86 #ifdef GSSAPI 87 int gss_authentication; 88 int gss_keyex; 89 int gss_store_creds; 90 int gss_use_session_ccache; /* If true, delegated credentials are 91 * stored in a session specific cache */ 92 int gss_cleanup_creds; /* If true, destroy cred cache on logout */ 93 #endif /* GSSAPI */ 94 #if defined(KRB4) || defined(KRB5) 95 int kerberos_authentication; /* If true, permit Kerberos 96 * authentication. */ 97 int kerberos_or_local_passwd; /* If true, permit kerberos 98 * and any other password 99 * authentication mechanism, 100 * such as SecurID or 101 * /etc/passwd */ 102 int kerberos_ticket_cleanup; /* If true, destroy ticket 103 * file on logout. */ 104 #endif 105 #if defined(AFS) || defined(KRB5) 106 int kerberos_tgt_passing; /* If true, permit Kerberos TGT 107 * passing. */ 108 #endif 109 #ifdef AFS 110 int afs_token_passing; /* If true, permit AFS token passing. */ 111 #endif 112 int password_authentication; /* If true, permit password 113 * authentication. */ 114 int kbd_interactive_authentication; /* If true, permit */ 115 int challenge_response_authentication; 116 int permit_empty_passwd; /* If false, do not permit empty 117 * passwords. */ 118 int permit_user_env; /* If true, read ~/.ssh/environment */ 119 int use_login; /* If true, login(1) is used */ 120 int compression; /* If true, compression is allowed */ 121 int allow_tcp_forwarding; 122 123 u_int num_allow_users; 124 char *allow_users[MAX_ALLOW_USERS]; 125 u_int num_deny_users; 126 char *deny_users[MAX_DENY_USERS]; 127 u_int num_allow_groups; 128 char *allow_groups[MAX_ALLOW_GROUPS]; 129 u_int num_deny_groups; 130 char *deny_groups[MAX_DENY_GROUPS]; 131 132 u_int num_subsystems; 133 char *subsystem_name[MAX_SUBSYSTEMS]; 134 char *subsystem_command[MAX_SUBSYSTEMS]; 135 char *subsystem_args[MAX_SUBSYSTEMS]; 136 137 int max_startups_begin; 138 int max_startups_rate; 139 int max_startups; 140 char *banner; /* SSH-2 banner message */ 141 int verify_reverse_mapping; /* cross-check ip and dns */ 142 int client_alive_interval; /* 143 * poke the client this often to 144 * see if it's still there 145 */ 146 int client_alive_count_max; /* 147 * If the client is unresponsive 148 * for this many intervals above, 149 * disconnect the session 150 */ 151 152 char *authorized_keys_file; /* File containing public keys */ 153 char *authorized_keys_file2; 154 155 int pam_authentication_via_kbd_int; 156 157 int max_auth_tries; 158 int max_auth_tries_log; 159 160 int max_init_auth_tries; /* SUNW: /etc/default/login */ 161 int max_init_auth_tries_log; /* SUNW: /etc/default/login */ 162 163 int lookup_client_hostnames; 164 int use_openssl_engine; 165 char *chroot_directory; 166 char *pre_userauth_hook; 167 char *pam_service_prefix; 168 char *pam_service_name; 169 170 } ServerOptions; 171 172 void initialize_server_options(ServerOptions *); 173 void fill_default_server_options(ServerOptions *); 174 int process_server_config_line(ServerOptions *, char *, const char *, int, 175 int *, const char *, const char *, const char *); 176 void load_server_config(const char *, Buffer *); 177 void parse_server_config(ServerOptions *, const char *, Buffer *, 178 const char *, const char *, const char *); 179 void parse_server_match_config(ServerOptions *, const char *, const char *, 180 const char *); 181 void copy_set_server_options(ServerOptions *, ServerOptions *, int); 182 int chroot_requested(char *chroot_directory); 183 184 #ifdef __cplusplus 185 } 186 #endif 187 188 189 #endif /* _SERVCONF_H */ 190