summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c77
1 files changed, 62 insertions, 15 deletions
diff --git a/servconf.c b/servconf.c
index a72246b6c..fae3c658e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $");
14 14
15#include "ssh.h" 15#include "ssh.h"
16#include "log.h" 16#include "log.h"
@@ -18,7 +18,6 @@ RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $");
18#include "xmalloc.h" 18#include "xmalloc.h"
19#include "compat.h" 19#include "compat.h"
20#include "pathnames.h" 20#include "pathnames.h"
21#include "tildexpand.h"
22#include "misc.h" 21#include "misc.h"
23#include "cipher.h" 22#include "cipher.h"
24#include "kex.h" 23#include "kex.h"
@@ -95,12 +94,14 @@ initialize_server_options(ServerOptions *options)
95 options->max_startups_begin = -1; 94 options->max_startups_begin = -1;
96 options->max_startups_rate = -1; 95 options->max_startups_rate = -1;
97 options->max_startups = -1; 96 options->max_startups = -1;
97 options->max_authtries = -1;
98 options->banner = NULL; 98 options->banner = NULL;
99 options->use_dns = -1; 99 options->use_dns = -1;
100 options->client_alive_interval = -1; 100 options->client_alive_interval = -1;
101 options->client_alive_count_max = -1; 101 options->client_alive_count_max = -1;
102 options->authorized_keys_file = NULL; 102 options->authorized_keys_file = NULL;
103 options->authorized_keys_file2 = NULL; 103 options->authorized_keys_file2 = NULL;
104 options->num_accept_env = 0;
104 105
105 /* Needs to be accessable in many places */ 106 /* Needs to be accessable in many places */
106 use_privsep = -1; 107 use_privsep = -1;
@@ -212,6 +213,8 @@ fill_default_server_options(ServerOptions *options)
212 options->max_startups_rate = 100; /* 100% */ 213 options->max_startups_rate = 100; /* 100% */
213 if (options->max_startups_begin == -1) 214 if (options->max_startups_begin == -1)
214 options->max_startups_begin = options->max_startups; 215 options->max_startups_begin = options->max_startups;
216 if (options->max_authtries == -1)
217 options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
215 if (options->use_dns == -1) 218 if (options->use_dns == -1)
216 options->use_dns = 1; 219 options->use_dns = 1;
217 if (options->client_alive_interval == -1) 220 if (options->client_alive_interval == -1)
@@ -262,11 +265,12 @@ typedef enum {
262 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 265 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
263 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 266 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
264 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 267 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
265 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, 268 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
269 sMaxStartups, sMaxAuthTries,
266 sBanner, sUseDNS, sHostbasedAuthentication, 270 sBanner, sUseDNS, sHostbasedAuthentication,
267 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 271 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
268 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 272 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
269 sGssAuthentication, sGssCleanupCreds, 273 sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
270 sUsePrivilegeSeparation, 274 sUsePrivilegeSeparation,
271 sDeprecated, sUnsupported 275 sDeprecated, sUnsupported
272} ServerOpCodes; 276} ServerOpCodes;
@@ -357,6 +361,7 @@ static struct {
357 { "gatewayports", sGatewayPorts }, 361 { "gatewayports", sGatewayPorts },
358 { "subsystem", sSubsystem }, 362 { "subsystem", sSubsystem },
359 { "maxstartups", sMaxStartups }, 363 { "maxstartups", sMaxStartups },
364 { "maxauthtries", sMaxAuthTries },
360 { "banner", sBanner }, 365 { "banner", sBanner },
361 { "usedns", sUseDNS }, 366 { "usedns", sUseDNS },
362 { "verifyreversemapping", sDeprecated }, 367 { "verifyreversemapping", sDeprecated },
@@ -366,6 +371,7 @@ static struct {
366 { "authorizedkeysfile", sAuthorizedKeysFile }, 371 { "authorizedkeysfile", sAuthorizedKeysFile },
367 { "authorizedkeysfile2", sAuthorizedKeysFile2 }, 372 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
368 { "useprivilegeseparation", sUsePrivilegeSeparation}, 373 { "useprivilegeseparation", sUsePrivilegeSeparation},
374 { "acceptenv", sAcceptEnv },
369 { NULL, sBadOption } 375 { NULL, sBadOption }
370}; 376};
371 377
@@ -868,6 +874,10 @@ parse_flag:
868 options->max_startups = options->max_startups_begin; 874 options->max_startups = options->max_startups_begin;
869 break; 875 break;
870 876
877 case sMaxAuthTries:
878 intptr = &options->max_authtries;
879 goto parse_int;
880
871 case sBanner: 881 case sBanner:
872 charptr = &options->banner; 882 charptr = &options->banner;
873 goto parse_filename; 883 goto parse_filename;
@@ -892,6 +902,19 @@ parse_flag:
892 intptr = &options->client_alive_count_max; 902 intptr = &options->client_alive_count_max;
893 goto parse_int; 903 goto parse_int;
894 904
905 case sAcceptEnv:
906 while ((arg = strdelim(&cp)) && *arg != '\0') {
907 if (strchr(arg, '=') != NULL)
908 fatal("%s line %d: Invalid environment name.",
909 filename, linenum);
910 if (options->num_accept_env >= MAX_ACCEPT_ENV)
911 fatal("%s line %d: too many allow env.",
912 filename, linenum);
913 options->accept_env[options->num_accept_env++] =
914 xstrdup(arg);
915 }
916 break;
917
895 case sDeprecated: 918 case sDeprecated:
896 logit("%s line %d: Deprecated option %s", 919 logit("%s line %d: Deprecated option %s",
897 filename, linenum, arg); 920 filename, linenum, arg);
@@ -919,26 +942,50 @@ parse_flag:
919/* Reads the server configuration file. */ 942/* Reads the server configuration file. */
920 943
921void 944void
922read_server_config(ServerOptions *options, const char *filename) 945load_server_config(const char *filename, Buffer *conf)
923{ 946{
924 int linenum, bad_options = 0; 947 char line[1024], *cp;
925 char line[1024];
926 FILE *f; 948 FILE *f;
927 949
928 debug2("read_server_config: filename %s", filename); 950 debug2("%s: filename %s", __func__, filename);
929 f = fopen(filename, "r"); 951 if ((f = fopen(filename, "r")) == NULL) {
930 if (!f) {
931 perror(filename); 952 perror(filename);
932 exit(1); 953 exit(1);
933 } 954 }
934 linenum = 0; 955 buffer_clear(conf);
935 while (fgets(line, sizeof(line), f)) { 956 while (fgets(line, sizeof(line), f)) {
936 /* Update line number counter. */ 957 /*
937 linenum++; 958 * Trim out comments and strip whitespace
938 if (process_server_config_line(options, line, filename, linenum) != 0) 959 * NB - preserve newlines, they are needed to reproduce
939 bad_options++; 960 * line numbers later for error messages
961 */
962 if ((cp = strchr(line, '#')) != NULL)
963 memcpy(cp, "\n", 2);
964 cp = line + strspn(line, " \t\r");
965
966 buffer_append(conf, cp, strlen(cp));
940 } 967 }
968 buffer_append(conf, "\0", 1);
941 fclose(f); 969 fclose(f);
970 debug2("%s: done config len = %d", __func__, buffer_len(conf));
971}
972
973void
974parse_server_config(ServerOptions *options, const char *filename, Buffer *conf)
975{
976 int linenum, bad_options = 0;
977 char *cp, *obuf, *cbuf;
978
979 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
980
981 obuf = cbuf = xstrdup(buffer_ptr(conf));
982 linenum = 1;
983 while((cp = strsep(&cbuf, "\n")) != NULL) {
984 if (process_server_config_line(options, cp, filename,
985 linenum++) != 0)
986 bad_options++;
987 }
988 xfree(obuf);
942 if (bad_options > 0) 989 if (bad_options > 0)
943 fatal("%s: terminating, %d bad configuration options", 990 fatal("%s: terminating, %d bad configuration options",
944 filename, bad_options); 991 filename, bad_options);
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-04 10:08:08 +0000