diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 77 |
1 files changed, 62 insertions, 15 deletions
diff --git a/servconf.c b/servconf.c index a72246b6c..fae3c658e 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "log.h" | 16 | #include "log.h" |
@@ -18,7 +18,6 @@ RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); | |||
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
19 | #include "compat.h" | 19 | #include "compat.h" |
20 | #include "pathnames.h" | 20 | #include "pathnames.h" |
21 | #include "tildexpand.h" | ||
22 | #include "misc.h" | 21 | #include "misc.h" |
23 | #include "cipher.h" | 22 | #include "cipher.h" |
24 | #include "kex.h" | 23 | #include "kex.h" |
@@ -95,12 +94,14 @@ initialize_server_options(ServerOptions *options) | |||
95 | options->max_startups_begin = -1; | 94 | options->max_startups_begin = -1; |
96 | options->max_startups_rate = -1; | 95 | options->max_startups_rate = -1; |
97 | options->max_startups = -1; | 96 | options->max_startups = -1; |
97 | options->max_authtries = -1; | ||
98 | options->banner = NULL; | 98 | options->banner = NULL; |
99 | options->use_dns = -1; | 99 | options->use_dns = -1; |
100 | options->client_alive_interval = -1; | 100 | options->client_alive_interval = -1; |
101 | options->client_alive_count_max = -1; | 101 | options->client_alive_count_max = -1; |
102 | options->authorized_keys_file = NULL; | 102 | options->authorized_keys_file = NULL; |
103 | options->authorized_keys_file2 = NULL; | 103 | options->authorized_keys_file2 = NULL; |
104 | options->num_accept_env = 0; | ||
104 | 105 | ||
105 | /* Needs to be accessable in many places */ | 106 | /* Needs to be accessable in many places */ |
106 | use_privsep = -1; | 107 | use_privsep = -1; |
@@ -212,6 +213,8 @@ fill_default_server_options(ServerOptions *options) | |||
212 | options->max_startups_rate = 100; /* 100% */ | 213 | options->max_startups_rate = 100; /* 100% */ |
213 | if (options->max_startups_begin == -1) | 214 | if (options->max_startups_begin == -1) |
214 | options->max_startups_begin = options->max_startups; | 215 | options->max_startups_begin = options->max_startups; |
216 | if (options->max_authtries == -1) | ||
217 | options->max_authtries = DEFAULT_AUTH_FAIL_MAX; | ||
215 | if (options->use_dns == -1) | 218 | if (options->use_dns == -1) |
216 | options->use_dns = 1; | 219 | options->use_dns = 1; |
217 | if (options->client_alive_interval == -1) | 220 | if (options->client_alive_interval == -1) |
@@ -262,11 +265,12 @@ typedef enum { | |||
262 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 265 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
263 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 266 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
264 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 267 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
265 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 268 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, |
269 | sMaxStartups, sMaxAuthTries, | ||
266 | sBanner, sUseDNS, sHostbasedAuthentication, | 270 | sBanner, sUseDNS, sHostbasedAuthentication, |
267 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 271 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
268 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 272 | sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
269 | sGssAuthentication, sGssCleanupCreds, | 273 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, |
270 | sUsePrivilegeSeparation, | 274 | sUsePrivilegeSeparation, |
271 | sDeprecated, sUnsupported | 275 | sDeprecated, sUnsupported |
272 | } ServerOpCodes; | 276 | } ServerOpCodes; |
@@ -357,6 +361,7 @@ static struct { | |||
357 | { "gatewayports", sGatewayPorts }, | 361 | { "gatewayports", sGatewayPorts }, |
358 | { "subsystem", sSubsystem }, | 362 | { "subsystem", sSubsystem }, |
359 | { "maxstartups", sMaxStartups }, | 363 | { "maxstartups", sMaxStartups }, |
364 | { "maxauthtries", sMaxAuthTries }, | ||
360 | { "banner", sBanner }, | 365 | { "banner", sBanner }, |
361 | { "usedns", sUseDNS }, | 366 | { "usedns", sUseDNS }, |
362 | { "verifyreversemapping", sDeprecated }, | 367 | { "verifyreversemapping", sDeprecated }, |
@@ -366,6 +371,7 @@ static struct { | |||
366 | { "authorizedkeysfile", sAuthorizedKeysFile }, | 371 | { "authorizedkeysfile", sAuthorizedKeysFile }, |
367 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, | 372 | { "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
368 | { "useprivilegeseparation", sUsePrivilegeSeparation}, | 373 | { "useprivilegeseparation", sUsePrivilegeSeparation}, |
374 | { "acceptenv", sAcceptEnv }, | ||
369 | { NULL, sBadOption } | 375 | { NULL, sBadOption } |
370 | }; | 376 | }; |
371 | 377 | ||
@@ -868,6 +874,10 @@ parse_flag: | |||
868 | options->max_startups = options->max_startups_begin; | 874 | options->max_startups = options->max_startups_begin; |
869 | break; | 875 | break; |
870 | 876 | ||
877 | case sMaxAuthTries: | ||
878 | intptr = &options->max_authtries; | ||
879 | goto parse_int; | ||
880 | |||
871 | case sBanner: | 881 | case sBanner: |
872 | charptr = &options->banner; | 882 | charptr = &options->banner; |
873 | goto parse_filename; | 883 | goto parse_filename; |
@@ -892,6 +902,19 @@ parse_flag: | |||
892 | intptr = &options->client_alive_count_max; | 902 | intptr = &options->client_alive_count_max; |
893 | goto parse_int; | 903 | goto parse_int; |
894 | 904 | ||
905 | case sAcceptEnv: | ||
906 | while ((arg = strdelim(&cp)) && *arg != '\0') { | ||
907 | if (strchr(arg, '=') != NULL) | ||
908 | fatal("%s line %d: Invalid environment name.", | ||
909 | filename, linenum); | ||
910 | if (options->num_accept_env >= MAX_ACCEPT_ENV) | ||
911 | fatal("%s line %d: too many allow env.", | ||
912 | filename, linenum); | ||
913 | options->accept_env[options->num_accept_env++] = | ||
914 | xstrdup(arg); | ||
915 | } | ||
916 | break; | ||
917 | |||
895 | case sDeprecated: | 918 | case sDeprecated: |
896 | logit("%s line %d: Deprecated option %s", | 919 | logit("%s line %d: Deprecated option %s", |
897 | filename, linenum, arg); | 920 | filename, linenum, arg); |
@@ -919,26 +942,50 @@ parse_flag: | |||
919 | /* Reads the server configuration file. */ | 942 | /* Reads the server configuration file. */ |
920 | 943 | ||
921 | void | 944 | void |
922 | read_server_config(ServerOptions *options, const char *filename) | 945 | load_server_config(const char *filename, Buffer *conf) |
923 | { | 946 | { |
924 | int linenum, bad_options = 0; | 947 | char line[1024], *cp; |
925 | char line[1024]; | ||
926 | FILE *f; | 948 | FILE *f; |
927 | 949 | ||
928 | debug2("read_server_config: filename %s", filename); | 950 | debug2("%s: filename %s", __func__, filename); |
929 | f = fopen(filename, "r"); | 951 | if ((f = fopen(filename, "r")) == NULL) { |
930 | if (!f) { | ||
931 | perror(filename); | 952 | perror(filename); |
932 | exit(1); | 953 | exit(1); |
933 | } | 954 | } |
934 | linenum = 0; | 955 | buffer_clear(conf); |
935 | while (fgets(line, sizeof(line), f)) { | 956 | while (fgets(line, sizeof(line), f)) { |
936 | /* Update line number counter. */ | 957 | /* |
937 | linenum++; | 958 | * Trim out comments and strip whitespace |
938 | if (process_server_config_line(options, line, filename, linenum) != 0) | 959 | * NB - preserve newlines, they are needed to reproduce |
939 | bad_options++; | 960 | * line numbers later for error messages |
961 | */ | ||
962 | if ((cp = strchr(line, '#')) != NULL) | ||
963 | memcpy(cp, "\n", 2); | ||
964 | cp = line + strspn(line, " \t\r"); | ||
965 | |||
966 | buffer_append(conf, cp, strlen(cp)); | ||
940 | } | 967 | } |
968 | buffer_append(conf, "\0", 1); | ||
941 | fclose(f); | 969 | fclose(f); |
970 | debug2("%s: done config len = %d", __func__, buffer_len(conf)); | ||
971 | } | ||
972 | |||
973 | void | ||
974 | parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) | ||
975 | { | ||
976 | int linenum, bad_options = 0; | ||
977 | char *cp, *obuf, *cbuf; | ||
978 | |||
979 | debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); | ||
980 | |||
981 | obuf = cbuf = xstrdup(buffer_ptr(conf)); | ||
982 | linenum = 1; | ||
983 | while((cp = strsep(&cbuf, "\n")) != NULL) { | ||
984 | if (process_server_config_line(options, cp, filename, | ||
985 | linenum++) != 0) | ||
986 | bad_options++; | ||
987 | } | ||
988 | xfree(obuf); | ||
942 | if (bad_options > 0) | 989 | if (bad_options > 0) |
943 | fatal("%s: terminating, %d bad configuration options", | 990 | fatal("%s: terminating, %d bad configuration options", |
944 | filename, bad_options); | 991 | filename, bad_options); |