1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" |
13RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/servconf.c 137019 2004-10-28 16:11:31Z des $"); |
15 16#include "ssh.h" 17#include "log.h" 18#include "servconf.h" 19#include "xmalloc.h" 20#include "compat.h" 21#include "pathnames.h" |
22#include "misc.h" 23#include "cipher.h" 24#include "kex.h" 25#include "mac.h" 26 27static void add_listen_addr(ServerOptions *, char *, u_short); 28static void add_one_listen_addr(ServerOptions *, char *, u_short); 29 --- 60 unchanged lines hidden (view full) --- 90 options->ciphers = NULL; 91 options->macs = NULL; 92 options->protocol = SSH_PROTO_UNKNOWN; 93 options->gateway_ports = -1; 94 options->num_subsystems = 0; 95 options->max_startups_begin = -1; 96 options->max_startups_rate = -1; 97 options->max_startups = -1; |
98 options->max_authtries = -1; |
99 options->banner = NULL; 100 options->use_dns = -1; 101 options->client_alive_interval = -1; 102 options->client_alive_count_max = -1; 103 options->authorized_keys_file = NULL; 104 options->authorized_keys_file2 = NULL; |
105 options->num_accept_env = 0; |
106 107 /* Needs to be accessable in many places */ 108 use_privsep = -1; 109} 110 111void 112fill_default_server_options(ServerOptions *options) 113{ --- 97 unchanged lines hidden (view full) --- 211 if (options->gateway_ports == -1) 212 options->gateway_ports = 0; 213 if (options->max_startups == -1) 214 options->max_startups = 10; 215 if (options->max_startups_rate == -1) 216 options->max_startups_rate = 100; /* 100% */ 217 if (options->max_startups_begin == -1) 218 options->max_startups_begin = options->max_startups; |
219 if (options->max_authtries == -1) 220 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; |
221 if (options->use_dns == -1) 222 options->use_dns = 1; 223 if (options->client_alive_interval == -1) 224 options->client_alive_interval = 0; 225 if (options->client_alive_count_max == -1) 226 options->client_alive_count_max = 3; 227 if (options->authorized_keys_file2 == NULL) { 228 /* authorized_keys_file2 falls back to authorized_keys_file */ --- 34 unchanged lines hidden (view full) --- 263 sKerberosTgtPassing, sChallengeResponseAuthentication, 264 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, 265 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 266 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 267 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 268 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 269 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 270 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
271 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 272 sMaxStartups, sMaxAuthTries, |
273 sBanner, sUseDNS, sHostbasedAuthentication, 274 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 275 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
276 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, |
277 sUsePrivilegeSeparation, 278 sVersionAddendum, 279 sDeprecated, sUnsupported 280} ServerOpCodes; 281 282/* Textual representation of the tokens. */ 283static struct { 284 const char *name; --- 75 unchanged lines hidden (view full) --- 360 { "allowgroups", sAllowGroups }, 361 { "denygroups", sDenyGroups }, 362 { "ciphers", sCiphers }, 363 { "macs", sMacs }, 364 { "protocol", sProtocol }, 365 { "gatewayports", sGatewayPorts }, 366 { "subsystem", sSubsystem }, 367 { "maxstartups", sMaxStartups }, |
368 { "maxauthtries", sMaxAuthTries }, |
369 { "banner", sBanner }, 370 { "usedns", sUseDNS }, 371 { "verifyreversemapping", sDeprecated }, 372 { "reversemappingcheck", sDeprecated }, 373 { "clientaliveinterval", sClientAliveInterval }, 374 { "clientalivecountmax", sClientAliveCountMax }, 375 { "authorizedkeysfile", sAuthorizedKeysFile }, 376 { "authorizedkeysfile2", sAuthorizedKeysFile2 }, 377 { "useprivilegeseparation", sUsePrivilegeSeparation}, |
378 { "acceptenv", sAcceptEnv }, |
379 { "versionaddendum", sVersionAddendum }, 380 { NULL, sBadOption } 381}; 382 383/* 384 * Returns the number of the token pointed to by cp or sBadOption. 385 */ 386 --- 487 unchanged lines hidden (view full) --- 874 filename, linenum); 875 } else if (n != 1) 876 fatal("%s line %d: Illegal MaxStartups spec.", 877 filename, linenum); 878 else 879 options->max_startups = options->max_startups_begin; 880 break; 881 |
882 case sMaxAuthTries: 883 intptr = &options->max_authtries; 884 goto parse_int; 885 |
886 case sBanner: 887 charptr = &options->banner; 888 goto parse_filename; 889 /* 890 * These options can contain %X options expanded at 891 * connect time, so that you can specify paths like: 892 * 893 * AuthorizedKeysFile /etc/ssh_keys/%u --- 8 unchanged lines hidden (view full) --- 902 case sClientAliveInterval: 903 intptr = &options->client_alive_interval; 904 goto parse_time; 905 906 case sClientAliveCountMax: 907 intptr = &options->client_alive_count_max; 908 goto parse_int; 909 |
910 case sAcceptEnv: 911 while ((arg = strdelim(&cp)) && *arg != '\0') { 912 if (strchr(arg, '=') != NULL) 913 fatal("%s line %d: Invalid environment name.", 914 filename, linenum); 915 if (options->num_accept_env >= MAX_ACCEPT_ENV) 916 fatal("%s line %d: too many allow env.", 917 filename, linenum); 918 options->accept_env[options->num_accept_env++] = 919 xstrdup(arg); 920 } 921 break; 922 |
923 case sVersionAddendum: 924 ssh_version_set_addendum(strtok(cp, "\n")); 925 do { 926 arg = strdelim(&cp); 927 } while (arg != NULL && *arg != '\0'); 928 break; 929 930 case sDeprecated: --- 18 unchanged lines hidden (view full) --- 949 fatal("%s line %d: garbage at end of line; \"%.200s\".", 950 filename, linenum, arg); 951 return 0; 952} 953 954/* Reads the server configuration file. */ 955 956void |
957load_server_config(const char *filename, Buffer *conf) |
958{ |
959 char line[1024], *cp; |
960 FILE *f; 961 |
962 debug2("%s: filename %s", __func__, filename); 963 if ((f = fopen(filename, "r")) == NULL) { |
964 perror(filename); 965 exit(1); 966 } |
967 buffer_clear(conf); |
968 while (fgets(line, sizeof(line), f)) { |
969 /* 970 * Trim out comments and strip whitespace 971 * NB - preserve newlines, they are needed to reproduce 972 * line numbers later for error messages 973 */ 974 if ((cp = strchr(line, '#')) != NULL) 975 memcpy(cp, "\n", 2); 976 cp = line + strspn(line, " \t\r"); 977 978 buffer_append(conf, cp, strlen(cp)); |
979 } |
980 buffer_append(conf, "\0", 1); |
981 fclose(f); |
982 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 983} 984 985void 986parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) 987{ 988 int linenum, bad_options = 0; 989 char *cp, *obuf, *cbuf; 990 991 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 992 993 obuf = cbuf = xstrdup(buffer_ptr(conf)); 994 linenum = 1; 995 while((cp = strsep(&cbuf, "\n")) != NULL) { 996 if (process_server_config_line(options, cp, filename, 997 linenum++) != 0) 998 bad_options++; 999 } 1000 xfree(obuf); |
1001 if (bad_options > 0) 1002 fatal("%s: terminating, %d bad configuration options", 1003 filename, bad_options); 1004} |