summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c935
1 files changed, 457 insertions, 478 deletions
diff --git a/servconf.c b/servconf.c
index 086bc0364..aa7d5b781 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,18 +1,18 @@
1/* 1/*
2 2 *
3servconf.c 3 * servconf.c
4 4 *
5Author: Tatu Ylonen <ylo@cs.hut.fi> 5 * Author: Tatu Ylonen <ylo@cs.hut.fi>
6 6 *
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 All rights reserved 8 * All rights reserved
9 9 *
10Created: Mon Aug 21 15:48:58 1995 ylo 10 * Created: Mon Aug 21 15:48:58 1995 ylo
11 11 *
12*/ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$Id: servconf.c,v 1.5 1999/11/21 02:23:53 damien Exp $"); 15RCSID("$Id: servconf.c,v 1.6 1999/11/24 13:26:22 damien Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "servconf.h" 18#include "servconf.h"
@@ -20,535 +20,514 @@ RCSID("$Id: servconf.c,v 1.5 1999/11/21 02:23:53 damien Exp $");
20 20
21/* Initializes the server options to their default values. */ 21/* Initializes the server options to their default values. */
22 22
23void initialize_server_options(ServerOptions *options) 23void
24initialize_server_options(ServerOptions *options)
24{ 25{
25 memset(options, 0, sizeof(*options)); 26 memset(options, 0, sizeof(*options));
26 options->port = -1; 27 options->port = -1;
27 options->listen_addr.s_addr = htonl(INADDR_ANY); 28 options->listen_addr.s_addr = htonl(INADDR_ANY);
28 options->host_key_file = NULL; 29 options->host_key_file = NULL;
29 options->server_key_bits = -1; 30 options->server_key_bits = -1;
30 options->login_grace_time = -1; 31 options->login_grace_time = -1;
31 options->key_regeneration_time = -1; 32 options->key_regeneration_time = -1;
32 options->permit_root_login = -1; 33 options->permit_root_login = -1;
33 options->ignore_rhosts = -1; 34 options->ignore_rhosts = -1;
34 options->ignore_user_known_hosts = -1; 35 options->ignore_user_known_hosts = -1;
35 options->print_motd = -1; 36 options->print_motd = -1;
36 options->check_mail = -1; 37 options->check_mail = -1;
37 options->x11_forwarding = -1; 38 options->x11_forwarding = -1;
38 options->x11_display_offset = -1; 39 options->x11_display_offset = -1;
39 options->strict_modes = -1; 40 options->strict_modes = -1;
40 options->keepalives = -1; 41 options->keepalives = -1;
41 options->log_facility = (SyslogFacility)-1; 42 options->log_facility = (SyslogFacility) - 1;
42 options->log_level = (LogLevel)-1; 43 options->log_level = (LogLevel) - 1;
43 options->rhosts_authentication = -1; 44 options->rhosts_authentication = -1;
44 options->rhosts_rsa_authentication = -1; 45 options->rhosts_rsa_authentication = -1;
45 options->rsa_authentication = -1; 46 options->rsa_authentication = -1;
46#ifdef KRB4 47#ifdef KRB4
47 options->kerberos_authentication = -1; 48 options->kerberos_authentication = -1;
48 options->kerberos_or_local_passwd = -1; 49 options->kerberos_or_local_passwd = -1;
49 options->kerberos_ticket_cleanup = -1; 50 options->kerberos_ticket_cleanup = -1;
50#endif 51#endif
51#ifdef AFS 52#ifdef AFS
52 options->kerberos_tgt_passing = -1; 53 options->kerberos_tgt_passing = -1;
53 options->afs_token_passing = -1; 54 options->afs_token_passing = -1;
54#endif 55#endif
55 options->password_authentication = -1; 56 options->password_authentication = -1;
56#ifdef SKEY 57#ifdef SKEY
57 options->skey_authentication = -1; 58 options->skey_authentication = -1;
58#endif 59#endif
59 options->permit_empty_passwd = -1; 60 options->permit_empty_passwd = -1;
60 options->use_login = -1; 61 options->use_login = -1;
61 options->num_allow_users = 0; 62 options->num_allow_users = 0;
62 options->num_deny_users = 0; 63 options->num_deny_users = 0;
63 options->num_allow_groups = 0; 64 options->num_allow_groups = 0;
64 options->num_deny_groups = 0; 65 options->num_deny_groups = 0;
65} 66}
66 67
67void fill_default_server_options(ServerOptions *options) 68void
69fill_default_server_options(ServerOptions *options)
68{ 70{
69 if (options->port == -1) 71 if (options->port == -1) {
70 { 72 struct servent *sp;
71 struct servent *sp; 73
72 74 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
73 sp = getservbyname(SSH_SERVICE_NAME, "tcp"); 75 if (sp)
74 if (sp) 76 options->port = ntohs(sp->s_port);
75 options->port = ntohs(sp->s_port); 77 else
76 else 78 options->port = SSH_DEFAULT_PORT;
77 options->port = SSH_DEFAULT_PORT; 79 endservent();
78 endservent(); 80 }
79 } 81 if (options->host_key_file == NULL)
80 if (options->host_key_file == NULL) 82 options->host_key_file = HOST_KEY_FILE;
81 options->host_key_file = HOST_KEY_FILE; 83 if (options->server_key_bits == -1)
82 if (options->server_key_bits == -1) 84 options->server_key_bits = 768;
83 options->server_key_bits = 768; 85 if (options->login_grace_time == -1)
84 if (options->login_grace_time == -1) 86 options->login_grace_time = 600;
85 options->login_grace_time = 600; 87 if (options->key_regeneration_time == -1)
86 if (options->key_regeneration_time == -1) 88 options->key_regeneration_time = 3600;
87 options->key_regeneration_time = 3600; 89 if (options->permit_root_login == -1)
88 if (options->permit_root_login == -1) 90 options->permit_root_login = 1; /* yes */
89 options->permit_root_login = 1; /* yes */ 91 if (options->ignore_rhosts == -1)
90 if (options->ignore_rhosts == -1) 92 options->ignore_rhosts = 0;
91 options->ignore_rhosts = 0; 93 if (options->ignore_user_known_hosts == -1)
92 if (options->ignore_user_known_hosts == -1) 94 options->ignore_user_known_hosts = 0;
93 options->ignore_user_known_hosts = 0; 95 if (options->check_mail == -1)
94 if (options->check_mail == -1) 96 options->check_mail = 0;
95 options->check_mail = 0; 97 if (options->print_motd == -1)
96 if (options->print_motd == -1) 98 options->print_motd = 1;
97 options->print_motd = 1; 99 if (options->x11_forwarding == -1)
98 if (options->x11_forwarding == -1) 100 options->x11_forwarding = 1;
99 options->x11_forwarding = 1; 101 if (options->x11_display_offset == -1)
100 if (options->x11_display_offset == -1) 102 options->x11_display_offset = 1;
101 options->x11_display_offset = 1; 103 if (options->strict_modes == -1)
102 if (options->strict_modes == -1) 104 options->strict_modes = 1;
103 options->strict_modes = 1; 105 if (options->keepalives == -1)
104 if (options->keepalives == -1) 106 options->keepalives = 1;
105 options->keepalives = 1; 107 if (options->log_facility == (SyslogFacility) (-1))
106 if (options->log_facility == (SyslogFacility)(-1)) 108 options->log_facility = SYSLOG_FACILITY_AUTH;
107 options->log_facility = SYSLOG_FACILITY_AUTH; 109 if (options->log_level == (LogLevel) (-1))
108 if (options->log_level == (LogLevel)(-1)) 110 options->log_level = SYSLOG_LEVEL_INFO;
109 options->log_level = SYSLOG_LEVEL_INFO; 111 if (options->rhosts_authentication == -1)
110 if (options->rhosts_authentication == -1) 112 options->rhosts_authentication = 0;
111 options->rhosts_authentication = 0; 113 if (options->rhosts_rsa_authentication == -1)
112 if (options->rhosts_rsa_authentication == -1) 114 options->rhosts_rsa_authentication = 1;
113 options->rhosts_rsa_authentication = 1; 115 if (options->rsa_authentication == -1)
114 if (options->rsa_authentication == -1) 116 options->rsa_authentication = 1;
115 options->rsa_authentication = 1;
116#ifdef KRB4 117#ifdef KRB4
117 if (options->kerberos_authentication == -1) 118 if (options->kerberos_authentication == -1)
118 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); 119 options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
119 if (options->kerberos_or_local_passwd == -1) 120 if (options->kerberos_or_local_passwd == -1)
120 options->kerberos_or_local_passwd = 1; 121 options->kerberos_or_local_passwd = 1;
121 if (options->kerberos_ticket_cleanup == -1) 122 if (options->kerberos_ticket_cleanup == -1)
122 options->kerberos_ticket_cleanup = 1; 123 options->kerberos_ticket_cleanup = 1;
123#endif /* KRB4 */ 124#endif /* KRB4 */
124#ifdef AFS 125#ifdef AFS
125 if (options->kerberos_tgt_passing == -1) 126 if (options->kerberos_tgt_passing == -1)
126 options->kerberos_tgt_passing = 0; 127 options->kerberos_tgt_passing = 0;
127 if (options->afs_token_passing == -1) 128 if (options->afs_token_passing == -1)
128 options->afs_token_passing = k_hasafs(); 129 options->afs_token_passing = k_hasafs();
129#endif /* AFS */ 130#endif /* AFS */
130 if (options->password_authentication == -1) 131 if (options->password_authentication == -1)
131 options->password_authentication = 1; 132 options->password_authentication = 1;
132#ifdef SKEY 133#ifdef SKEY
133 if (options->skey_authentication == -1) 134 if (options->skey_authentication == -1)
134 options->skey_authentication = 1; 135 options->skey_authentication = 1;
135#endif 136#endif
136 if (options->permit_empty_passwd == -1) 137 if (options->permit_empty_passwd == -1)
137 options->permit_empty_passwd = 1; 138 options->permit_empty_passwd = 1;
138 if (options->use_login == -1) 139 if (options->use_login == -1)
139 options->use_login = 0; 140 options->use_login = 0;
140} 141}
141 142
142#define WHITESPACE " \t\r\n" 143#define WHITESPACE " \t\r\n"
143 144
144/* Keyword tokens. */ 145/* Keyword tokens. */
145typedef enum 146typedef enum {
146{ 147 sBadOption, /* == unknown option */
147 sBadOption, /* == unknown option */ 148 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
148 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 149 sPermitRootLogin, sLogFacility, sLogLevel,
149 sPermitRootLogin, sLogFacility, sLogLevel, 150 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
150 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
151#ifdef KRB4 151#ifdef KRB4
152 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, 152 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
153#endif 153#endif
154#ifdef AFS 154#ifdef AFS
155 sKerberosTgtPassing, sAFSTokenPassing, 155 sKerberosTgtPassing, sAFSTokenPassing,
156#endif 156#endif
157#ifdef SKEY 157#ifdef SKEY
158 sSkeyAuthentication, 158 sSkeyAuthentication,
159#endif 159#endif
160 sPasswordAuthentication, sListenAddress, 160 sPasswordAuthentication, sListenAddress,
161 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, 161 sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
162 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, 162 sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
163 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 163 sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
164 sIgnoreUserKnownHosts 164 sIgnoreUserKnownHosts
165} ServerOpCodes; 165} ServerOpCodes;
166 166
167/* Textual representation of the tokens. */ 167/* Textual representation of the tokens. */
168static struct 168static struct {
169{ 169 const char *name;
170 const char *name; 170 ServerOpCodes opcode;
171 ServerOpCodes opcode; 171} keywords[] = {
172} keywords[] = 172 { "port", sPort },
173{ 173 { "hostkey", sHostKeyFile },
174 { "port", sPort }, 174 { "serverkeybits", sServerKeyBits },
175 { "hostkey", sHostKeyFile }, 175 { "logingracetime", sLoginGraceTime },
176 { "serverkeybits", sServerKeyBits }, 176 { "keyregenerationinterval", sKeyRegenerationTime },
177 { "logingracetime", sLoginGraceTime }, 177 { "permitrootlogin", sPermitRootLogin },
178 { "keyregenerationinterval", sKeyRegenerationTime }, 178 { "syslogfacility", sLogFacility },
179 { "permitrootlogin", sPermitRootLogin }, 179 { "loglevel", sLogLevel },
180 { "syslogfacility", sLogFacility }, 180 { "rhostsauthentication", sRhostsAuthentication },
181 { "loglevel", sLogLevel }, 181 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
182 { "rhostsauthentication", sRhostsAuthentication }, 182 { "rsaauthentication", sRSAAuthentication },
183 { "rhostsrsaauthentication", sRhostsRSAAuthentication },
184 { "rsaauthentication", sRSAAuthentication },
185#ifdef KRB4 183#ifdef KRB4
186 { "kerberosauthentication", sKerberosAuthentication }, 184 { "kerberosauthentication", sKerberosAuthentication },
187 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, 185 { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
188 { "kerberosticketcleanup", sKerberosTicketCleanup }, 186 { "kerberosticketcleanup", sKerberosTicketCleanup },
189#endif 187#endif
190#ifdef AFS 188#ifdef AFS
191 { "kerberostgtpassing", sKerberosTgtPassing }, 189 { "kerberostgtpassing", sKerberosTgtPassing },
192 { "afstokenpassing", sAFSTokenPassing }, 190 { "afstokenpassing", sAFSTokenPassing },
193#endif 191#endif
194 { "passwordauthentication", sPasswordAuthentication }, 192 { "passwordauthentication", sPasswordAuthentication },
195#ifdef SKEY 193#ifdef SKEY
196 { "skeyauthentication", sSkeyAuthentication }, 194 { "skeyauthentication", sSkeyAuthentication },
197#endif 195#endif
198 { "checkmail", sCheckMail }, 196 { "checkmail", sCheckMail },
199 { "listenaddress", sListenAddress }, 197 { "listenaddress", sListenAddress },
200 { "printmotd", sPrintMotd }, 198 { "printmotd", sPrintMotd },
201 { "ignorerhosts", sIgnoreRhosts }, 199 { "ignorerhosts", sIgnoreRhosts },
202 { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, 200 { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
203 { "x11forwarding", sX11Forwarding }, 201 { "x11forwarding", sX11Forwarding },
204 { "x11displayoffset", sX11DisplayOffset }, 202 { "x11displayoffset", sX11DisplayOffset },
205 { "strictmodes", sStrictModes }, 203 { "strictmodes", sStrictModes },
206 { "permitemptypasswords", sEmptyPasswd }, 204 { "permitemptypasswords", sEmptyPasswd },
207 { "uselogin", sUseLogin }, 205 { "uselogin", sUseLogin },
208 { "randomseed", sRandomSeedFile }, 206 { "randomseed", sRandomSeedFile },
209 { "keepalive", sKeepAlives }, 207 { "keepalive", sKeepAlives },
210 { "allowusers", sAllowUsers }, 208 { "allowusers", sAllowUsers },
211 { "denyusers", sDenyUsers }, 209 { "denyusers", sDenyUsers },
212 { "allowgroups", sAllowGroups }, 210 { "allowgroups", sAllowGroups },
213 { "denygroups", sDenyGroups }, 211 { "denygroups", sDenyGroups },
214 { NULL, 0 } 212 { NULL, 0 }
215}; 213};
216 214
217/* Returns the number of the token pointed to by cp of length len. 215/* Returns the number of the token pointed to by cp of length len.
218 Never returns if the token is not known. */ 216 Never returns if the token is not known. */
219 217
220static ServerOpCodes parse_token(const char *cp, const char *filename, 218static ServerOpCodes
221 int linenum) 219parse_token(const char *cp, const char *filename,
220 int linenum)
222{ 221{
223 unsigned int i; 222 unsigned int i;
224 223
225 for (i = 0; keywords[i].name; i++) 224 for (i = 0; keywords[i].name; i++)
226 if (strcmp(cp, keywords[i].name) == 0) 225 if (strcmp(cp, keywords[i].name) == 0)
227 return keywords[i].opcode; 226 return keywords[i].opcode;
228 227
229 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n", 228 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
230 filename, linenum, cp); 229 filename, linenum, cp);
231 return sBadOption; 230 return sBadOption;
232} 231}
233 232
234/* Reads the server configuration file. */ 233/* Reads the server configuration file. */
235 234
236void read_server_config(ServerOptions *options, const char *filename) 235void
236read_server_config(ServerOptions *options, const char *filename)
237{ 237{
238 FILE *f; 238 FILE *f;
239 char line[1024]; 239 char line[1024];
240 char *cp, **charptr; 240 char *cp, **charptr;
241 int linenum, *intptr, value; 241 int linenum, *intptr, value;
242 int bad_options = 0; 242 int bad_options = 0;
243 ServerOpCodes opcode; 243 ServerOpCodes opcode;
244 244
245 f = fopen(filename, "r"); 245 f = fopen(filename, "r");
246 if (!f) 246 if (!f) {
247 { 247 perror(filename);
248 perror(filename);
249 exit(1);
250 }
251
252 linenum = 0;
253 while (fgets(line, sizeof(line), f))
254 {
255 linenum++;
256 cp = line + strspn(line, WHITESPACE);
257 if (!*cp || *cp == '#')
258 continue;
259 cp = strtok(cp, WHITESPACE);
260 {
261 char *t = cp;
262 for (; *t != 0; t++)
263 if ('A' <= *t && *t <= 'Z')
264 *t = *t - 'A' + 'a'; /* tolower */
265
266 }
267 opcode = parse_token(cp, filename, linenum);
268 switch (opcode)
269 {
270 case sBadOption:
271 bad_options++;
272 continue;
273 case sPort:
274 intptr = &options->port;
275 parse_int:
276 cp = strtok(NULL, WHITESPACE);
277 if (!cp)
278 {
279 fprintf(stderr, "%s line %d: missing integer value.\n",
280 filename, linenum);
281 exit(1);
282 }
283 value = atoi(cp);
284 if (*intptr == -1)
285 *intptr = value;
286 break;
287
288 case sServerKeyBits:
289 intptr = &options->server_key_bits;
290 goto parse_int;
291
292 case sLoginGraceTime:
293 intptr = &options->login_grace_time;
294 goto parse_int;
295
296 case sKeyRegenerationTime:
297 intptr = &options->key_regeneration_time;
298 goto parse_int;
299
300 case sListenAddress:
301 cp = strtok(NULL, WHITESPACE);
302 if (!cp)
303 {
304 fprintf(stderr, "%s line %d: missing inet addr.\n",
305 filename, linenum);
306 exit(1);
307 }
308 options->listen_addr.s_addr = inet_addr(cp);
309 break;
310
311 case sHostKeyFile:
312 charptr = &options->host_key_file;
313 cp = strtok(NULL, WHITESPACE);
314 if (!cp)
315 {
316 fprintf(stderr, "%s line %d: missing file name.\n",
317 filename, linenum);
318 exit(1);
319 }
320 if (*charptr == NULL)
321 *charptr = tilde_expand_filename(cp, getuid());
322 break;
323
324 case sRandomSeedFile:
325 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
326 filename, linenum);
327 cp = strtok(NULL, WHITESPACE);
328 break;
329
330 case sPermitRootLogin:
331 intptr = &options->permit_root_login;
332 cp = strtok(NULL, WHITESPACE);
333 if (!cp)
334 {
335 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
336 filename, linenum);
337 exit(1);
338 }
339 if (strcmp(cp, "without-password") == 0)
340 value = 2;
341 else if (strcmp(cp, "yes") == 0)
342 value = 1;
343 else if (strcmp(cp, "no") == 0)
344 value = 0;
345 else
346 {
347 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
348 filename, linenum, cp);
349 exit(1);
350 }
351 if (*intptr == -1)
352 *intptr = value;
353 break;
354
355 case sIgnoreRhosts:
356 intptr = &options->ignore_rhosts;
357 parse_flag:
358 cp = strtok(NULL, WHITESPACE);
359 if (!cp)
360 {
361 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
362 filename, linenum);
363 exit(1);
364 }
365 if (strcmp(cp, "yes") == 0)
366 value = 1;
367 else
368 if (strcmp(cp, "no") == 0)
369 value = 0;
370 else
371 {
372 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
373 filename, linenum, cp);
374 exit(1); 248 exit(1);
375 } 249 }
376 if (*intptr == -1) 250 linenum = 0;
377 *intptr = value; 251 while (fgets(line, sizeof(line), f)) {
378 break; 252 linenum++;
379 253 cp = line + strspn(line, WHITESPACE);
380 case sIgnoreUserKnownHosts: 254 if (!*cp || *cp == '#')
381 intptr = &options->ignore_user_known_hosts; 255 continue;
382 goto parse_int; 256 cp = strtok(cp, WHITESPACE);
383 257 {
384 case sRhostsAuthentication: 258 char *t = cp;
385 intptr = &options->rhosts_authentication; 259 for (; *t != 0; t++)
386 goto parse_flag; 260 if ('A' <= *t && *t <= 'Z')
387 261 *t = *t - 'A' + 'a'; /* tolower */
388 case sRhostsRSAAuthentication: 262
389 intptr = &options->rhosts_rsa_authentication; 263 }
390 goto parse_flag; 264 opcode = parse_token(cp, filename, linenum);
391 265 switch (opcode) {
392 case sRSAAuthentication: 266 case sBadOption:
393 intptr = &options->rsa_authentication; 267 bad_options++;
394 goto parse_flag; 268 continue;
395 269 case sPort:
270 intptr = &options->port;
271parse_int:
272 cp = strtok(NULL, WHITESPACE);
273 if (!cp) {
274 fprintf(stderr, "%s line %d: missing integer value.\n",
275 filename, linenum);
276 exit(1);
277 }
278 value = atoi(cp);
279 if (*intptr == -1)
280 *intptr = value;
281 break;
282
283 case sServerKeyBits:
284 intptr = &options->server_key_bits;
285 goto parse_int;
286
287 case sLoginGraceTime:
288 intptr = &options->login_grace_time;
289 goto parse_int;
290
291 case sKeyRegenerationTime:
292 intptr = &options->key_regeneration_time;
293 goto parse_int;
294
295 case sListenAddress:
296 cp = strtok(NULL, WHITESPACE);
297 if (!cp) {
298 fprintf(stderr, "%s line %d: missing inet addr.\n",
299 filename, linenum);
300 exit(1);
301 }
302 options->listen_addr.s_addr = inet_addr(cp);
303 break;
304
305 case sHostKeyFile:
306 charptr = &options->host_key_file;
307 cp = strtok(NULL, WHITESPACE);
308 if (!cp) {
309 fprintf(stderr, "%s line %d: missing file name.\n",
310 filename, linenum);
311 exit(1);
312 }
313 if (*charptr == NULL)
314 *charptr = tilde_expand_filename(cp, getuid());
315 break;
316
317 case sRandomSeedFile:
318 fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",
319 filename, linenum);
320 cp = strtok(NULL, WHITESPACE);
321 break;
322
323 case sPermitRootLogin:
324 intptr = &options->permit_root_login;
325 cp = strtok(NULL, WHITESPACE);
326 if (!cp) {
327 fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",
328 filename, linenum);
329 exit(1);
330 }
331 if (strcmp(cp, "without-password") == 0)
332 value = 2;
333 else if (strcmp(cp, "yes") == 0)
334 value = 1;
335 else if (strcmp(cp, "no") == 0)
336 value = 0;
337 else {
338 fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",
339 filename, linenum, cp);
340 exit(1);
341 }
342 if (*intptr == -1)
343 *intptr = value;
344 break;
345
346 case sIgnoreRhosts:
347 intptr = &options->ignore_rhosts;
348parse_flag:
349 cp = strtok(NULL, WHITESPACE);
350 if (!cp) {
351 fprintf(stderr, "%s line %d: missing yes/no argument.\n",
352 filename, linenum);
353 exit(1);
354 }
355 if (strcmp(cp, "yes") == 0)
356 value = 1;
357 else if (strcmp(cp, "no") == 0)
358 value = 0;
359 else {
360 fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",
361 filename, linenum, cp);
362 exit(1);
363 }
364 if (*intptr == -1)
365 *intptr = value;
366 break;
367
368 case sIgnoreUserKnownHosts:
369 intptr = &options->ignore_user_known_hosts;
370 goto parse_int;
371
372 case sRhostsAuthentication:
373 intptr = &options->rhosts_authentication;
374 goto parse_flag;
375
376 case sRhostsRSAAuthentication:
377 intptr = &options->rhosts_rsa_authentication;
378 goto parse_flag;
379
380 case sRSAAuthentication:
381 intptr = &options->rsa_authentication;
382 goto parse_flag;
383
396#ifdef KRB4 384#ifdef KRB4
397 case sKerberosAuthentication: 385 case sKerberosAuthentication:
398 intptr = &options->kerberos_authentication; 386 intptr = &options->kerberos_authentication;
399 goto parse_flag; 387 goto parse_flag;
400 388
401 case sKerberosOrLocalPasswd: 389 case sKerberosOrLocalPasswd:
402 intptr = &options->kerberos_or_local_passwd; 390 intptr = &options->kerberos_or_local_passwd;
403 goto parse_flag; 391 goto parse_flag;
404 392
405 case sKerberosTicketCleanup: 393 case sKerberosTicketCleanup:
406 intptr = &options->kerberos_ticket_cleanup; 394 intptr = &options->kerberos_ticket_cleanup;
407 goto parse_flag; 395 goto parse_flag;
408#endif 396#endif
409 397
410#ifdef AFS 398#ifdef AFS
411 case sKerberosTgtPassing: 399 case sKerberosTgtPassing:
412 intptr = &options->kerberos_tgt_passing; 400 intptr = &options->kerberos_tgt_passing;
413 goto parse_flag; 401 goto parse_flag;
414 402
415 case sAFSTokenPassing: 403 case sAFSTokenPassing:
416 intptr = &options->afs_token_passing; 404 intptr = &options->afs_token_passing;
417 goto parse_flag; 405 goto parse_flag;
418#endif 406#endif
419 407
420 case sPasswordAuthentication: 408 case sPasswordAuthentication:
421 intptr = &options->password_authentication; 409 intptr = &options->password_authentication;
422 goto parse_flag; 410 goto parse_flag;
423 411
424 case sCheckMail: 412 case sCheckMail:
425 intptr = &options->check_mail; 413 intptr = &options->check_mail;
426 goto parse_flag; 414 goto parse_flag;
427 415
428#ifdef SKEY 416#ifdef SKEY
429 case sSkeyAuthentication: 417 case sSkeyAuthentication:
430 intptr = &options->skey_authentication; 418 intptr = &options->skey_authentication;
431 goto parse_flag; 419 goto parse_flag;
432#endif 420#endif
433 421
434 case sPrintMotd: 422 case sPrintMotd:
435 intptr = &options->print_motd; 423 intptr = &options->print_motd;
436 goto parse_flag; 424 goto parse_flag;
437 425
438 case sX11Forwarding: 426 case sX11Forwarding:
439 intptr = &options->x11_forwarding; 427 intptr = &options->x11_forwarding;
440 goto parse_flag; 428 goto parse_flag;
441 429
442 case sX11DisplayOffset: 430 case sX11DisplayOffset:
443 intptr = &options->x11_display_offset; 431 intptr = &options->x11_display_offset;
444 goto parse_int; 432 goto parse_int;
445 433
446 case sStrictModes: 434 case sStrictModes:
447 intptr = &options->strict_modes; 435 intptr = &options->strict_modes;
448 goto parse_flag; 436 goto parse_flag;
449 437
450 case sKeepAlives: 438 case sKeepAlives:
451 intptr = &options->keepalives; 439 intptr = &options->keepalives;
452 goto parse_flag; 440 goto parse_flag;
453 441
454 case sEmptyPasswd: 442 case sEmptyPasswd:
455 intptr = &options->permit_empty_passwd; 443 intptr = &options->permit_empty_passwd;
456 goto parse_flag; 444 goto parse_flag;
457 445
458 case sUseLogin: 446 case sUseLogin:
459 intptr = &options->use_login; 447 intptr = &options->use_login;
460 goto parse_flag; 448 goto parse_flag;
461 449
462 case sLogFacility: 450 case sLogFacility:
463 intptr = (int *)&options->log_facility; 451 intptr = (int *) &options->log_facility;
464 cp = strtok(NULL, WHITESPACE); 452 cp = strtok(NULL, WHITESPACE);
465 value = log_facility_number(cp); 453 value = log_facility_number(cp);
466 if (value == (SyslogFacility)-1) 454 if (value == (SyslogFacility) - 1)
467 fatal("%.200s line %d: unsupported log facility '%s'\n", 455 fatal("%.200s line %d: unsupported log facility '%s'\n",
468 filename, linenum, cp ? cp : "<NONE>"); 456 filename, linenum, cp ? cp : "<NONE>");
469 if (*intptr == -1) 457 if (*intptr == -1)
470 *intptr = (SyslogFacility)value; 458 *intptr = (SyslogFacility) value;
471 break; 459 break;
472 460
473 case sLogLevel: 461 case sLogLevel:
474 intptr = (int *)&options->log_level; 462 intptr = (int *) &options->log_level;
475 cp = strtok(NULL, WHITESPACE); 463 cp = strtok(NULL, WHITESPACE);
476 value = log_level_number(cp); 464 value = log_level_number(cp);
477 if (value == (LogLevel)-1) 465 if (value == (LogLevel) - 1)
478 fatal("%.200s line %d: unsupported log level '%s'\n", 466 fatal("%.200s line %d: unsupported log level '%s'\n",
479 filename, linenum, cp ? cp : "<NONE>"); 467 filename, linenum, cp ? cp : "<NONE>");
480 if (*intptr == -1) 468 if (*intptr == -1)
481 *intptr = (LogLevel)value; 469 *intptr = (LogLevel) value;
482 break; 470 break;
483 471
484 case sAllowUsers: 472 case sAllowUsers:
485 while ((cp = strtok(NULL, WHITESPACE))) 473 while ((cp = strtok(NULL, WHITESPACE))) {
486 { 474 if (options->num_allow_users >= MAX_ALLOW_USERS) {
487 if (options->num_allow_users >= MAX_ALLOW_USERS) 475 fprintf(stderr, "%s line %d: too many allow users.\n",
488 { 476 filename, linenum);
489 fprintf(stderr, "%s line %d: too many allow users.\n", 477 exit(1);
490 filename, linenum); 478 }
491 exit(1); 479 options->allow_users[options->num_allow_users++] = xstrdup(cp);
480 }
481 break;
482
483 case sDenyUsers:
484 while ((cp = strtok(NULL, WHITESPACE))) {
485 if (options->num_deny_users >= MAX_DENY_USERS) {
486 fprintf(stderr, "%s line %d: too many deny users.\n",
487 filename, linenum);
488 exit(1);
489 }
490 options->deny_users[options->num_deny_users++] = xstrdup(cp);
491 }
492 break;
493
494 case sAllowGroups:
495 while ((cp = strtok(NULL, WHITESPACE))) {
496 if (options->num_allow_groups >= MAX_ALLOW_GROUPS) {
497 fprintf(stderr, "%s line %d: too many allow groups.\n",
498 filename, linenum);
499 exit(1);
500 }
501 options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
502 }
503 break;
504
505 case sDenyGroups:
506 while ((cp = strtok(NULL, WHITESPACE))) {
507 if (options->num_deny_groups >= MAX_DENY_GROUPS) {
508 fprintf(stderr, "%s line %d: too many deny groups.\n",
509 filename, linenum);
510 exit(1);
511 }
512 options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
513 }
514 break;
515
516 default:
517 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
518 filename, linenum, cp, opcode);
519 exit(1);
492 } 520 }
493 options->allow_users[options->num_allow_users++] = xstrdup(cp); 521 if (strtok(NULL, WHITESPACE) != NULL) {
494 } 522 fprintf(stderr, "%s line %d: garbage at end of line.\n",
495 break; 523 filename, linenum);
496 524 exit(1);
497 case sDenyUsers:
498 while ((cp = strtok(NULL, WHITESPACE)))
499 {
500 if (options->num_deny_users >= MAX_DENY_USERS)
501 {
502 fprintf(stderr, "%s line %d: too many deny users.\n",
503 filename, linenum);
504 exit(1);
505 }
506 options->deny_users[options->num_deny_users++] = xstrdup(cp);
507 }
508 break;
509
510 case sAllowGroups:
511 while ((cp = strtok(NULL, WHITESPACE)))
512 {
513 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
514 {
515 fprintf(stderr, "%s line %d: too many allow groups.\n",
516 filename, linenum);
517 exit(1);
518 } 525 }
519 options->allow_groups[options->num_allow_groups++] = xstrdup(cp);
520 }
521 break;
522
523 case sDenyGroups:
524 while ((cp = strtok(NULL, WHITESPACE)))
525 {
526 if (options->num_deny_groups >= MAX_DENY_GROUPS)
527 {
528 fprintf(stderr, "%s line %d: too many deny groups.\n",
529 filename, linenum);
530 exit(1);
531 }
532 options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
533 }
534 break;
535
536 default:
537 fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
538 filename, linenum, cp, opcode);
539 exit(1);
540 } 526 }
541 if (strtok(NULL, WHITESPACE) != NULL) 527 fclose(f);
542 { 528 if (bad_options > 0) {
543 fprintf(stderr, "%s line %d: garbage at end of line.\n", 529 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
544 filename, linenum); 530 filename, bad_options);
545 exit(1); 531 exit(1);
546 } 532 }
547 }
548 fclose(f);
549 if (bad_options > 0) {
550 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
551 filename, bad_options);
552 exit(1);
553 }
554} 533}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 01:17:09 +0000