| servconf.c (126277) | servconf.c (137019) |
|---|---|
| 1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" | 1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 */ 11 12#include "includes.h" |
| 13RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/servconf.c 126277 2004-02-26 10:52:33Z des $"); | 13RCSID("$OpenBSD: servconf.c,v 1.137 2004/08/13 11:09:24 dtucker Exp $"); 14RCSID("$FreeBSD: head/crypto/openssh/servconf.c 137019 2004-10-28 16:11:31Z des $"); |
| 15 16#include "ssh.h" 17#include "log.h" 18#include "servconf.h" 19#include "xmalloc.h" 20#include "compat.h" 21#include "pathnames.h" | 15 16#include "ssh.h" 17#include "log.h" 18#include "servconf.h" 19#include "xmalloc.h" 20#include "compat.h" 21#include "pathnames.h" |
| 22#include "tildexpand.h" | |
| 23#include "misc.h" 24#include "cipher.h" 25#include "kex.h" 26#include "mac.h" 27 28static void add_listen_addr(ServerOptions *, char *, u_short); 29static void add_one_listen_addr(ServerOptions *, char *, u_short); 30 --- 60 unchanged lines hidden (view full) --- 91 options->ciphers = NULL; 92 options->macs = NULL; 93 options->protocol = SSH_PROTO_UNKNOWN; 94 options->gateway_ports = -1; 95 options->num_subsystems = 0; 96 options->max_startups_begin = -1; 97 options->max_startups_rate = -1; 98 options->max_startups = -1; | 22#include "misc.h" 23#include "cipher.h" 24#include "kex.h" 25#include "mac.h" 26 27static void add_listen_addr(ServerOptions *, char *, u_short); 28static void add_one_listen_addr(ServerOptions *, char *, u_short); 29 --- 60 unchanged lines hidden (view full) --- 90 options->ciphers = NULL; 91 options->macs = NULL; 92 options->protocol = SSH_PROTO_UNKNOWN; 93 options->gateway_ports = -1; 94 options->num_subsystems = 0; 95 options->max_startups_begin = -1; 96 options->max_startups_rate = -1; 97 options->max_startups = -1; |
| 98 options->max_authtries = -1; |
|
| 99 options->banner = NULL; 100 options->use_dns = -1; 101 options->client_alive_interval = -1; 102 options->client_alive_count_max = -1; 103 options->authorized_keys_file = NULL; 104 options->authorized_keys_file2 = NULL; | 99 options->banner = NULL; 100 options->use_dns = -1; 101 options->client_alive_interval = -1; 102 options->client_alive_count_max = -1; 103 options->authorized_keys_file = NULL; 104 options->authorized_keys_file2 = NULL; |
| 105 options->num_accept_env = 0; |
|
| 105 106 /* Needs to be accessable in many places */ 107 use_privsep = -1; 108} 109 110void 111fill_default_server_options(ServerOptions *options) 112{ --- 97 unchanged lines hidden (view full) --- 210 if (options->gateway_ports == -1) 211 options->gateway_ports = 0; 212 if (options->max_startups == -1) 213 options->max_startups = 10; 214 if (options->max_startups_rate == -1) 215 options->max_startups_rate = 100; /* 100% */ 216 if (options->max_startups_begin == -1) 217 options->max_startups_begin = options->max_startups; | 106 107 /* Needs to be accessable in many places */ 108 use_privsep = -1; 109} 110 111void 112fill_default_server_options(ServerOptions *options) 113{ --- 97 unchanged lines hidden (view full) --- 211 if (options->gateway_ports == -1) 212 options->gateway_ports = 0; 213 if (options->max_startups == -1) 214 options->max_startups = 10; 215 if (options->max_startups_rate == -1) 216 options->max_startups_rate = 100; /* 100% */ 217 if (options->max_startups_begin == -1) 218 options->max_startups_begin = options->max_startups; |
| 219 if (options->max_authtries == -1) 220 options->max_authtries = DEFAULT_AUTH_FAIL_MAX; |
|
| 218 if (options->use_dns == -1) 219 options->use_dns = 1; 220 if (options->client_alive_interval == -1) 221 options->client_alive_interval = 0; 222 if (options->client_alive_count_max == -1) 223 options->client_alive_count_max = 3; 224 if (options->authorized_keys_file2 == NULL) { 225 /* authorized_keys_file2 falls back to authorized_keys_file */ --- 34 unchanged lines hidden (view full) --- 260 sKerberosTgtPassing, sChallengeResponseAuthentication, 261 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, 262 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 263 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 264 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 265 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 266 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 267 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 221 if (options->use_dns == -1) 222 options->use_dns = 1; 223 if (options->client_alive_interval == -1) 224 options->client_alive_interval = 0; 225 if (options->client_alive_count_max == -1) 226 options->client_alive_count_max = 3; 227 if (options->authorized_keys_file2 == NULL) { 228 /* authorized_keys_file2 falls back to authorized_keys_file */ --- 34 unchanged lines hidden (view full) --- 263 sKerberosTgtPassing, sChallengeResponseAuthentication, 264 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, 265 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 266 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 267 sStrictModes, sEmptyPasswd, sTCPKeepAlive, 268 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 269 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 270 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| 268 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 271 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, 272 sMaxStartups, sMaxAuthTries, |
| 269 sBanner, sUseDNS, sHostbasedAuthentication, 270 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 271 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, | 273 sBanner, sUseDNS, sHostbasedAuthentication, 274 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 275 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| 272 sGssAuthentication, sGssCleanupCreds, | 276 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, |
| 273 sUsePrivilegeSeparation, 274 sVersionAddendum, 275 sDeprecated, sUnsupported 276} ServerOpCodes; 277 278/* Textual representation of the tokens. */ 279static struct { 280 const char *name; --- 75 unchanged lines hidden (view full) --- 356 { "allowgroups", sAllowGroups }, 357 { "denygroups", sDenyGroups }, 358 { "ciphers", sCiphers }, 359 { "macs", sMacs }, 360 { "protocol", sProtocol }, 361 { "gatewayports", sGatewayPorts }, 362 { "subsystem", sSubsystem }, 363 { "maxstartups", sMaxStartups }, | 277 sUsePrivilegeSeparation, 278 sVersionAddendum, 279 sDeprecated, sUnsupported 280} ServerOpCodes; 281 282/* Textual representation of the tokens. */ 283static struct { 284 const char *name; --- 75 unchanged lines hidden (view full) --- 360 { "allowgroups", sAllowGroups }, 361 { "denygroups", sDenyGroups }, 362 { "ciphers", sCiphers }, 363 { "macs", sMacs }, 364 { "protocol", sProtocol }, 365 { "gatewayports", sGatewayPorts }, 366 { "subsystem", sSubsystem }, 367 { "maxstartups", sMaxStartups }, |
| 368 { "maxauthtries", sMaxAuthTries }, |
|
| 364 { "banner", sBanner }, 365 { "usedns", sUseDNS }, 366 { "verifyreversemapping", sDeprecated }, 367 { "reversemappingcheck", sDeprecated }, 368 { "clientaliveinterval", sClientAliveInterval }, 369 { "clientalivecountmax", sClientAliveCountMax }, 370 { "authorizedkeysfile", sAuthorizedKeysFile }, 371 { "authorizedkeysfile2", sAuthorizedKeysFile2 }, 372 { "useprivilegeseparation", sUsePrivilegeSeparation}, | 369 { "banner", sBanner }, 370 { "usedns", sUseDNS }, 371 { "verifyreversemapping", sDeprecated }, 372 { "reversemappingcheck", sDeprecated }, 373 { "clientaliveinterval", sClientAliveInterval }, 374 { "clientalivecountmax", sClientAliveCountMax }, 375 { "authorizedkeysfile", sAuthorizedKeysFile }, 376 { "authorizedkeysfile2", sAuthorizedKeysFile2 }, 377 { "useprivilegeseparation", sUsePrivilegeSeparation}, |
| 378 { "acceptenv", sAcceptEnv }, |
|
| 373 { "versionaddendum", sVersionAddendum }, 374 { NULL, sBadOption } 375}; 376 377/* 378 * Returns the number of the token pointed to by cp or sBadOption. 379 */ 380 --- 487 unchanged lines hidden (view full) --- 868 filename, linenum); 869 } else if (n != 1) 870 fatal("%s line %d: Illegal MaxStartups spec.", 871 filename, linenum); 872 else 873 options->max_startups = options->max_startups_begin; 874 break; 875 | 379 { "versionaddendum", sVersionAddendum }, 380 { NULL, sBadOption } 381}; 382 383/* 384 * Returns the number of the token pointed to by cp or sBadOption. 385 */ 386 --- 487 unchanged lines hidden (view full) --- 874 filename, linenum); 875 } else if (n != 1) 876 fatal("%s line %d: Illegal MaxStartups spec.", 877 filename, linenum); 878 else 879 options->max_startups = options->max_startups_begin; 880 break; 881 |
| 882 case sMaxAuthTries: 883 intptr = &options->max_authtries; 884 goto parse_int; 885 |
|
| 876 case sBanner: 877 charptr = &options->banner; 878 goto parse_filename; 879 /* 880 * These options can contain %X options expanded at 881 * connect time, so that you can specify paths like: 882 * 883 * AuthorizedKeysFile /etc/ssh_keys/%u --- 8 unchanged lines hidden (view full) --- 892 case sClientAliveInterval: 893 intptr = &options->client_alive_interval; 894 goto parse_time; 895 896 case sClientAliveCountMax: 897 intptr = &options->client_alive_count_max; 898 goto parse_int; 899 | 886 case sBanner: 887 charptr = &options->banner; 888 goto parse_filename; 889 /* 890 * These options can contain %X options expanded at 891 * connect time, so that you can specify paths like: 892 * 893 * AuthorizedKeysFile /etc/ssh_keys/%u --- 8 unchanged lines hidden (view full) --- 902 case sClientAliveInterval: 903 intptr = &options->client_alive_interval; 904 goto parse_time; 905 906 case sClientAliveCountMax: 907 intptr = &options->client_alive_count_max; 908 goto parse_int; 909 |
| 910 case sAcceptEnv: 911 while ((arg = strdelim(&cp)) && *arg != '\0') { 912 if (strchr(arg, '=') != NULL) 913 fatal("%s line %d: Invalid environment name.", 914 filename, linenum); 915 if (options->num_accept_env >= MAX_ACCEPT_ENV) 916 fatal("%s line %d: too many allow env.", 917 filename, linenum); 918 options->accept_env[options->num_accept_env++] = 919 xstrdup(arg); 920 } 921 break; 922 |
|
| 900 case sVersionAddendum: 901 ssh_version_set_addendum(strtok(cp, "\n")); 902 do { 903 arg = strdelim(&cp); 904 } while (arg != NULL && *arg != '\0'); 905 break; 906 907 case sDeprecated: --- 18 unchanged lines hidden (view full) --- 926 fatal("%s line %d: garbage at end of line; \"%.200s\".", 927 filename, linenum, arg); 928 return 0; 929} 930 931/* Reads the server configuration file. */ 932 933void | 923 case sVersionAddendum: 924 ssh_version_set_addendum(strtok(cp, "\n")); 925 do { 926 arg = strdelim(&cp); 927 } while (arg != NULL && *arg != '\0'); 928 break; 929 930 case sDeprecated: --- 18 unchanged lines hidden (view full) --- 949 fatal("%s line %d: garbage at end of line; \"%.200s\".", 950 filename, linenum, arg); 951 return 0; 952} 953 954/* Reads the server configuration file. */ 955 956void |
| 934read_server_config(ServerOptions *options, const char *filename) | 957load_server_config(const char *filename, Buffer *conf) |
| 935{ | 958{ |
| 936 int linenum, bad_options = 0; 937 char line[1024]; | 959 char line[1024], *cp; |
| 938 FILE *f; 939 | 960 FILE *f; 961 |
| 940 debug2("read_server_config: filename %s", filename); 941 f = fopen(filename, "r"); 942 if (!f) { | 962 debug2("%s: filename %s", __func__, filename); 963 if ((f = fopen(filename, "r")) == NULL) { |
| 943 perror(filename); 944 exit(1); 945 } | 964 perror(filename); 965 exit(1); 966 } |
| 946 linenum = 0; | 967 buffer_clear(conf); |
| 947 while (fgets(line, sizeof(line), f)) { | 968 while (fgets(line, sizeof(line), f)) { |
| 948 /* Update line number counter. */ 949 linenum++; 950 if (process_server_config_line(options, line, filename, linenum) != 0) 951 bad_options++; | 969 /* 970 * Trim out comments and strip whitespace 971 * NB - preserve newlines, they are needed to reproduce 972 * line numbers later for error messages 973 */ 974 if ((cp = strchr(line, '#')) != NULL) 975 memcpy(cp, "\n", 2); 976 cp = line + strspn(line, " \t\r"); 977 978 buffer_append(conf, cp, strlen(cp)); |
| 952 } | 979 } |
| 980 buffer_append(conf, "\0", 1); |
|
| 953 fclose(f); | 981 fclose(f); |
| 982 debug2("%s: done config len = %d", __func__, buffer_len(conf)); 983} 984 985void 986parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) 987{ 988 int linenum, bad_options = 0; 989 char *cp, *obuf, *cbuf; 990 991 debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); 992 993 obuf = cbuf = xstrdup(buffer_ptr(conf)); 994 linenum = 1; 995 while((cp = strsep(&cbuf, "\n")) != NULL) { 996 if (process_server_config_line(options, cp, filename, 997 linenum++) != 0) 998 bad_options++; 999 } 1000 xfree(obuf); |
|
| 954 if (bad_options > 0) 955 fatal("%s: terminating, %d bad configuration options", 956 filename, bad_options); 957} | 1001 if (bad_options > 0) 1002 fatal("%s: terminating, %d bad configuration options", 1003 filename, bad_options); 1004} |