servconf.h revision 106130
1106130Sdes/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ 2106130Sdes/* $FreeBSD: head/crypto/openssh/servconf.h 106130 2002-10-29 10:16:02Z des $ */ 392559Sdes 457429Smarkm/* 557429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi> 657429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 757429Smarkm * All rights reserved 857429Smarkm * Definitions for server configuration data and for the functions reading it. 960576Skris * 1065674Skris * As far as I am concerned, the code I have written for this software 1165674Skris * can be used freely for any purpose. Any derived versions of this 1265674Skris * software must be clearly marked as such, and if the derived work is 1365674Skris * incompatible with the protocol description in the RFC file, it must be 1465674Skris * called by a name other than "ssh" or "Secure Shell". 1557429Smarkm */ 1657429Smarkm 1757429Smarkm#ifndef SERVCONF_H 1857429Smarkm#define SERVCONF_H 1957429Smarkm 2057429Smarkm#define MAX_PORTS 256 /* Max # ports. */ 2157429Smarkm 2257429Smarkm#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ 2357429Smarkm#define MAX_DENY_USERS 256 /* Max # users on deny list. */ 2457429Smarkm#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ 2557429Smarkm#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ 2665674Skris#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 2776262Sgreen#define MAX_HOSTKEYS 256 /* Max # hostkeys. */ 2857429Smarkm 2976262Sgreen/* permit_root_login */ 3076262Sgreen#define PERMIT_NOT_SET -1 3176262Sgreen#define PERMIT_NO 0 3276262Sgreen#define PERMIT_FORCED_ONLY 1 3376262Sgreen#define PERMIT_NO_PASSWD 2 3476262Sgreen#define PERMIT_YES 3 3576262Sgreen 3676262Sgreen 3757429Smarkmtypedef struct { 3876262Sgreen u_int num_ports; 3976262Sgreen u_int ports_from_cmdline; 4057429Smarkm u_short ports[MAX_PORTS]; /* Port number to listen on. */ 4157429Smarkm char *listen_addr; /* Address on which the server listens. */ 4257429Smarkm struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 4376262Sgreen char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ 4476262Sgreen int num_host_key_files; /* Number of files for host keys. */ 4560576Skris char *pid_file; /* Where to put our pid */ 4657429Smarkm int server_key_bits;/* Size of the server key. */ 4757429Smarkm int login_grace_time; /* Disconnect if no auth in this time 4857429Smarkm * (sec). */ 4957429Smarkm int key_regeneration_time; /* Server key lifetime (seconds). */ 5076262Sgreen int permit_root_login; /* PERMIT_*, see above */ 5157429Smarkm int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 5257429Smarkm int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 5357429Smarkm * for RhostsRsaAuth */ 5457429Smarkm int print_motd; /* If true, print /etc/motd. */ 5576262Sgreen int print_lastlog; /* If true, print lastlog */ 5657429Smarkm int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 5757429Smarkm int x11_display_offset; /* What DISPLAY number to start 5857429Smarkm * searching at */ 5992559Sdes int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 6065674Skris char *xauth_location; /* Location of xauth program */ 6157429Smarkm int strict_modes; /* If true, require string home dir modes. */ 6257429Smarkm int keepalives; /* If true, set SO_KEEPALIVE. */ 6376262Sgreen char *ciphers; /* Supported SSH2 ciphers. */ 6476262Sgreen char *macs; /* Supported SSH2 macs. */ 6576262Sgreen int protocol; /* Supported protocol versions. */ 6660576Skris int gateway_ports; /* If true, allow remote connects to forwarded ports. */ 6757429Smarkm SyslogFacility log_facility; /* Facility for system logging. */ 6857429Smarkm LogLevel log_level; /* Level for system logging. */ 6957429Smarkm int rhosts_authentication; /* If true, permit rhosts 7057429Smarkm * authentication. */ 7157429Smarkm int rhosts_rsa_authentication; /* If true, permit rhosts RSA 7257429Smarkm * authentication. */ 7376262Sgreen int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 7476262Sgreen int hostbased_uses_name_from_packet_only; /* experimental */ 7557429Smarkm int rsa_authentication; /* If true, permit RSA authentication. */ 7692559Sdes int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 7773400Sassar#if defined(KRB4) || defined(KRB5) 7892559Sdes int kerberos_authentication; /* If true, permit Kerberos 7992559Sdes * authentication. */ 8092559Sdes int kerberos_or_local_passwd; /* If true, permit kerberos 8157429Smarkm * and any other password 8257429Smarkm * authentication mechanism, 8357429Smarkm * such as SecurID or 8457429Smarkm * /etc/passwd */ 8592559Sdes int kerberos_ticket_cleanup; /* If true, destroy ticket 8657429Smarkm * file on logout. */ 8757429Smarkm#endif 8892559Sdes#if defined(AFS) || defined(KRB5) 8992559Sdes int kerberos_tgt_passing; /* If true, permit Kerberos TGT 9092559Sdes * passing. */ 9192559Sdes#endif 9257429Smarkm#ifdef AFS 9357429Smarkm int afs_token_passing; /* If true, permit AFS token passing. */ 9457429Smarkm#endif 9557429Smarkm int password_authentication; /* If true, permit password 9657429Smarkm * authentication. */ 9769591Sgreen int kbd_interactive_authentication; /* If true, permit */ 9892559Sdes int challenge_response_authentication; 9957429Smarkm int permit_empty_passwd; /* If false, do not permit empty 10057429Smarkm * passwords. */ 101106130Sdes int permit_user_env; /* If true, read ~/.ssh/environment */ 10257429Smarkm int use_login; /* If true, login(1) is used */ 10398684Sdes int compression; /* If true, compression is allowed */ 10469591Sgreen int allow_tcp_forwarding; 10576262Sgreen u_int num_allow_users; 10657429Smarkm char *allow_users[MAX_ALLOW_USERS]; 10776262Sgreen u_int num_deny_users; 10857429Smarkm char *deny_users[MAX_DENY_USERS]; 10976262Sgreen u_int num_allow_groups; 11057429Smarkm char *allow_groups[MAX_ALLOW_GROUPS]; 11176262Sgreen u_int num_deny_groups; 11257429Smarkm char *deny_groups[MAX_DENY_GROUPS]; 11365674Skris 11476262Sgreen u_int num_subsystems; 11565674Skris char *subsystem_name[MAX_SUBSYSTEMS]; 11665674Skris char *subsystem_command[MAX_SUBSYSTEMS]; 11765674Skris 11865674Skris int max_startups_begin; 11965674Skris int max_startups_rate; 12065674Skris int max_startups; 12176262Sgreen char *banner; /* SSH-2 banner message */ 12292559Sdes int verify_reverse_mapping; /* cross-check ip and dns */ 12376262Sgreen int client_alive_interval; /* 12492559Sdes * poke the client this often to 12592559Sdes * see if it's still there 12676262Sgreen */ 12776262Sgreen int client_alive_count_max; /* 12892559Sdes * If the client is unresponsive 12992559Sdes * for this many intervals above, 13092559Sdes * disconnect the session 13176262Sgreen */ 13265674Skris 13392559Sdes char *authorized_keys_file; /* File containing public keys */ 13492559Sdes char *authorized_keys_file2; 13598941Sdes int pam_authentication_via_kbd_int; 13657429Smarkm} ServerOptions; 13757429Smarkm 13892559Sdesvoid initialize_server_options(ServerOptions *); 13992559Sdesvoid read_server_config(ServerOptions *, const char *); 14092559Sdesvoid fill_default_server_options(ServerOptions *); 14192559Sdesint process_server_config_line(ServerOptions *, char *, const char *, int); 14257429Smarkm 14357429Smarkm 14457429Smarkm#endif /* SERVCONF_H */ 145