1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $");
14RCSID("$FreeBSD: head/crypto/openssh/servconf.c 126277 2004-02-26 10:52:33Z des $");
15
16#include "ssh.h"
17#include "log.h"
18#include "servconf.h"
19#include "xmalloc.h"
20#include "compat.h"
21#include "pathnames.h"
22#include "tildexpand.h"
23#include "misc.h"
24#include "cipher.h"
25#include "kex.h"
26#include "mac.h"
27
28static void add_listen_addr(ServerOptions *, char *, u_short);
29static void add_one_listen_addr(ServerOptions *, char *, u_short);
30
--- 60 unchanged lines hidden (view full) ---
91 options->ciphers = NULL;
92 options->macs = NULL;
93 options->protocol = SSH_PROTO_UNKNOWN;
94 options->gateway_ports = -1;
95 options->num_subsystems = 0;
96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
98 options->max_startups = -1;
99 options->banner = NULL;
100 options->use_dns = -1;
101 options->client_alive_interval = -1;
102 options->client_alive_count_max = -1;
103 options->authorized_keys_file = NULL;
104 options->authorized_keys_file2 = NULL;
105
106 /* Needs to be accessable in many places */
107 use_privsep = -1;
108}
109
110void
111fill_default_server_options(ServerOptions *options)
112{
--- 97 unchanged lines hidden (view full) ---
210 if (options->gateway_ports == -1)
211 options->gateway_ports = 0;
212 if (options->max_startups == -1)
213 options->max_startups = 10;
214 if (options->max_startups_rate == -1)
215 options->max_startups_rate = 100; /* 100% */
216 if (options->max_startups_begin == -1)
217 options->max_startups_begin = options->max_startups;
218 if (options->use_dns == -1)
219 options->use_dns = 1;
220 if (options->client_alive_interval == -1)
221 options->client_alive_interval = 0;
222 if (options->client_alive_count_max == -1)
223 options->client_alive_count_max = 3;
224 if (options->authorized_keys_file2 == NULL) {
225 /* authorized_keys_file2 falls back to authorized_keys_file */
--- 34 unchanged lines hidden (view full) ---
260 sKerberosTgtPassing, sChallengeResponseAuthentication,
261 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
262 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
263 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
264 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
265 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
266 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
267 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
268 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
269 sBanner, sUseDNS, sHostbasedAuthentication,
270 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
271 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
272 sGssAuthentication, sGssCleanupCreds,
273 sUsePrivilegeSeparation,
274 sVersionAddendum,
275 sDeprecated, sUnsupported
276} ServerOpCodes;
277
278/* Textual representation of the tokens. */
279static struct {
280 const char *name;
--- 75 unchanged lines hidden (view full) ---
356 { "allowgroups", sAllowGroups },
357 { "denygroups", sDenyGroups },
358 { "ciphers", sCiphers },
359 { "macs", sMacs },
360 { "protocol", sProtocol },
361 { "gatewayports", sGatewayPorts },
362 { "subsystem", sSubsystem },
363 { "maxstartups", sMaxStartups },
364 { "banner", sBanner },
365 { "usedns", sUseDNS },
366 { "verifyreversemapping", sDeprecated },
367 { "reversemappingcheck", sDeprecated },
368 { "clientaliveinterval", sClientAliveInterval },
369 { "clientalivecountmax", sClientAliveCountMax },
370 { "authorizedkeysfile", sAuthorizedKeysFile },
371 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
372 { "useprivilegeseparation", sUsePrivilegeSeparation},
373 { "versionaddendum", sVersionAddendum },
374 { NULL, sBadOption }
375};
376
377/*
378 * Returns the number of the token pointed to by cp or sBadOption.
379 */
380
--- 487 unchanged lines hidden (view full) ---
868 filename, linenum);
869 } else if (n != 1)
870 fatal("%s line %d: Illegal MaxStartups spec.",
871 filename, linenum);
872 else
873 options->max_startups = options->max_startups_begin;
874 break;
875
876 case sBanner:
877 charptr = &options->banner;
878 goto parse_filename;
879 /*
880 * These options can contain %X options expanded at
881 * connect time, so that you can specify paths like:
882 *
883 * AuthorizedKeysFile /etc/ssh_keys/%u
--- 8 unchanged lines hidden (view full) ---
892 case sClientAliveInterval:
893 intptr = &options->client_alive_interval;
894 goto parse_time;
895
896 case sClientAliveCountMax:
897 intptr = &options->client_alive_count_max;
898 goto parse_int;
899
900 case sVersionAddendum:
901 ssh_version_set_addendum(strtok(cp, "\n"));
902 do {
903 arg = strdelim(&cp);
904 } while (arg != NULL && *arg != '\0');
905 break;
906
907 case sDeprecated:
--- 18 unchanged lines hidden (view full) ---
926 fatal("%s line %d: garbage at end of line; \"%.200s\".",
927 filename, linenum, arg);
928 return 0;
929}
930
931/* Reads the server configuration file. */
932
933void
934read_server_config(ServerOptions *options, const char *filename)
935{
936 int linenum, bad_options = 0;
937 char line[1024];
938 FILE *f;
939
940 debug2("read_server_config: filename %s", filename);
941 f = fopen(filename, "r");
942 if (!f) {
943 perror(filename);
944 exit(1);
945 }
946 linenum = 0;
947 while (fgets(line, sizeof(line), f)) {
948 /* Update line number counter. */
949 linenum++;
950 if (process_server_config_line(options, line, filename, linenum) != 0)
951 bad_options++;
952 }
953 fclose(f);
954 if (bad_options > 0)
955 fatal("%s: terminating, %d bad configuration options",
956 filename, bad_options);
957}
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $");
14RCSID("$FreeBSD: head/crypto/openssh/servconf.c 126277 2004-02-26 10:52:33Z des $");
15
16#include "ssh.h"
17#include "log.h"
18#include "servconf.h"
19#include "xmalloc.h"
20#include "compat.h"
21#include "pathnames.h"
22#include "tildexpand.h"
23#include "misc.h"
24#include "cipher.h"
25#include "kex.h"
26#include "mac.h"
27
28static void add_listen_addr(ServerOptions *, char *, u_short);
29static void add_one_listen_addr(ServerOptions *, char *, u_short);
30
--- 60 unchanged lines hidden (view full) ---
91 options->ciphers = NULL;
92 options->macs = NULL;
93 options->protocol = SSH_PROTO_UNKNOWN;
94 options->gateway_ports = -1;
95 options->num_subsystems = 0;
96 options->max_startups_begin = -1;
97 options->max_startups_rate = -1;
98 options->max_startups = -1;
99 options->banner = NULL;
100 options->use_dns = -1;
101 options->client_alive_interval = -1;
102 options->client_alive_count_max = -1;
103 options->authorized_keys_file = NULL;
104 options->authorized_keys_file2 = NULL;
105
106 /* Needs to be accessable in many places */
107 use_privsep = -1;
108}
109
110void
111fill_default_server_options(ServerOptions *options)
112{
--- 97 unchanged lines hidden (view full) ---
210 if (options->gateway_ports == -1)
211 options->gateway_ports = 0;
212 if (options->max_startups == -1)
213 options->max_startups = 10;
214 if (options->max_startups_rate == -1)
215 options->max_startups_rate = 100; /* 100% */
216 if (options->max_startups_begin == -1)
217 options->max_startups_begin = options->max_startups;
218 if (options->use_dns == -1)
219 options->use_dns = 1;
220 if (options->client_alive_interval == -1)
221 options->client_alive_interval = 0;
222 if (options->client_alive_count_max == -1)
223 options->client_alive_count_max = 3;
224 if (options->authorized_keys_file2 == NULL) {
225 /* authorized_keys_file2 falls back to authorized_keys_file */
--- 34 unchanged lines hidden (view full) ---
260 sKerberosTgtPassing, sChallengeResponseAuthentication,
261 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
262 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
263 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
264 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
265 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
266 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
267 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
268 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
269 sBanner, sUseDNS, sHostbasedAuthentication,
270 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
271 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
272 sGssAuthentication, sGssCleanupCreds,
273 sUsePrivilegeSeparation,
274 sVersionAddendum,
275 sDeprecated, sUnsupported
276} ServerOpCodes;
277
278/* Textual representation of the tokens. */
279static struct {
280 const char *name;
--- 75 unchanged lines hidden (view full) ---
356 { "allowgroups", sAllowGroups },
357 { "denygroups", sDenyGroups },
358 { "ciphers", sCiphers },
359 { "macs", sMacs },
360 { "protocol", sProtocol },
361 { "gatewayports", sGatewayPorts },
362 { "subsystem", sSubsystem },
363 { "maxstartups", sMaxStartups },
364 { "banner", sBanner },
365 { "usedns", sUseDNS },
366 { "verifyreversemapping", sDeprecated },
367 { "reversemappingcheck", sDeprecated },
368 { "clientaliveinterval", sClientAliveInterval },
369 { "clientalivecountmax", sClientAliveCountMax },
370 { "authorizedkeysfile", sAuthorizedKeysFile },
371 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
372 { "useprivilegeseparation", sUsePrivilegeSeparation},
373 { "versionaddendum", sVersionAddendum },
374 { NULL, sBadOption }
375};
376
377/*
378 * Returns the number of the token pointed to by cp or sBadOption.
379 */
380
--- 487 unchanged lines hidden (view full) ---
868 filename, linenum);
869 } else if (n != 1)
870 fatal("%s line %d: Illegal MaxStartups spec.",
871 filename, linenum);
872 else
873 options->max_startups = options->max_startups_begin;
874 break;
875
876 case sBanner:
877 charptr = &options->banner;
878 goto parse_filename;
879 /*
880 * These options can contain %X options expanded at
881 * connect time, so that you can specify paths like:
882 *
883 * AuthorizedKeysFile /etc/ssh_keys/%u
--- 8 unchanged lines hidden (view full) ---
892 case sClientAliveInterval:
893 intptr = &options->client_alive_interval;
894 goto parse_time;
895
896 case sClientAliveCountMax:
897 intptr = &options->client_alive_count_max;
898 goto parse_int;
899
900 case sVersionAddendum:
901 ssh_version_set_addendum(strtok(cp, "\n"));
902 do {
903 arg = strdelim(&cp);
904 } while (arg != NULL && *arg != '\0');
905 break;
906
907 case sDeprecated:
--- 18 unchanged lines hidden (view full) ---
926 fatal("%s line %d: garbage at end of line; \"%.200s\".",
927 filename, linenum, arg);
928 return 0;
929}
930
931/* Reads the server configuration file. */
932
933void
934read_server_config(ServerOptions *options, const char *filename)
935{
936 int linenum, bad_options = 0;
937 char line[1024];
938 FILE *f;
939
940 debug2("read_server_config: filename %s", filename);
941 f = fopen(filename, "r");
942 if (!f) {
943 perror(filename);
944 exit(1);
945 }
946 linenum = 0;
947 while (fgets(line, sizeof(line), f)) {
948 /* Update line number counter. */
949 linenum++;
950 if (process_server_config_line(options, line, filename, linenum) != 0)
951 bad_options++;
952 }
953 fclose(f);
954 if (bad_options > 0)
955 fatal("%s: terminating, %d bad configuration options",
956 filename, bad_options);
957}