servconf.h revision 124211
1124211Sdes/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */ 2106130Sdes/* $FreeBSD: head/crypto/openssh/servconf.h 124211 2004-01-07 11:16:27Z des $ */ 392559Sdes 457429Smarkm/* 557429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi> 657429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 757429Smarkm * All rights reserved 857429Smarkm * Definitions for server configuration data and for the functions reading it. 960576Skris * 1065674Skris * As far as I am concerned, the code I have written for this software 1165674Skris * can be used freely for any purpose. Any derived versions of this 1265674Skris * software must be clearly marked as such, and if the derived work is 1365674Skris * incompatible with the protocol description in the RFC file, it must be 1465674Skris * called by a name other than "ssh" or "Secure Shell". 1557429Smarkm */ 1657429Smarkm 1757429Smarkm#ifndef SERVCONF_H 1857429Smarkm#define SERVCONF_H 1957429Smarkm 2057429Smarkm#define MAX_PORTS 256 /* Max # ports. */ 2157429Smarkm 2257429Smarkm#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ 2357429Smarkm#define MAX_DENY_USERS 256 /* Max # users on deny list. */ 2457429Smarkm#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ 2557429Smarkm#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ 2665674Skris#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 2776262Sgreen#define MAX_HOSTKEYS 256 /* Max # hostkeys. */ 2857429Smarkm 2976262Sgreen/* permit_root_login */ 3076262Sgreen#define PERMIT_NOT_SET -1 3176262Sgreen#define PERMIT_NO 0 3276262Sgreen#define PERMIT_FORCED_ONLY 1 3376262Sgreen#define PERMIT_NO_PASSWD 2 3476262Sgreen#define PERMIT_YES 3 3576262Sgreen 3676262Sgreen 3757429Smarkmtypedef struct { 3876262Sgreen u_int num_ports; 3976262Sgreen u_int ports_from_cmdline; 4057429Smarkm u_short ports[MAX_PORTS]; /* Port number to listen on. */ 4157429Smarkm char *listen_addr; /* Address on which the server listens. */ 4257429Smarkm struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 4376262Sgreen char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ 4476262Sgreen int num_host_key_files; /* Number of files for host keys. */ 4560576Skris char *pid_file; /* Where to put our pid */ 4657429Smarkm int server_key_bits;/* Size of the server key. */ 4757429Smarkm int login_grace_time; /* Disconnect if no auth in this time 4857429Smarkm * (sec). */ 4957429Smarkm int key_regeneration_time; /* Server key lifetime (seconds). */ 5076262Sgreen int permit_root_login; /* PERMIT_*, see above */ 5157429Smarkm int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 5257429Smarkm int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 5357429Smarkm * for RhostsRsaAuth */ 5457429Smarkm int print_motd; /* If true, print /etc/motd. */ 5576262Sgreen int print_lastlog; /* If true, print lastlog */ 5657429Smarkm int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 5757429Smarkm int x11_display_offset; /* What DISPLAY number to start 5857429Smarkm * searching at */ 5992559Sdes int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 6065674Skris char *xauth_location; /* Location of xauth program */ 6157429Smarkm int strict_modes; /* If true, require string home dir modes. */ 6257429Smarkm int keepalives; /* If true, set SO_KEEPALIVE. */ 6376262Sgreen char *ciphers; /* Supported SSH2 ciphers. */ 6476262Sgreen char *macs; /* Supported SSH2 macs. */ 6576262Sgreen int protocol; /* Supported protocol versions. */ 6660576Skris int gateway_ports; /* If true, allow remote connects to forwarded ports. */ 6757429Smarkm SyslogFacility log_facility; /* Facility for system logging. */ 6857429Smarkm LogLevel log_level; /* Level for system logging. */ 6957429Smarkm int rhosts_rsa_authentication; /* If true, permit rhosts RSA 7057429Smarkm * authentication. */ 7176262Sgreen int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 7276262Sgreen int hostbased_uses_name_from_packet_only; /* experimental */ 7357429Smarkm int rsa_authentication; /* If true, permit RSA authentication. */ 7492559Sdes int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 7592559Sdes int kerberos_authentication; /* If true, permit Kerberos 7692559Sdes * authentication. */ 7792559Sdes int kerberos_or_local_passwd; /* If true, permit kerberos 7857429Smarkm * and any other password 7957429Smarkm * authentication mechanism, 8057429Smarkm * such as SecurID or 8157429Smarkm * /etc/passwd */ 8292559Sdes int kerberos_ticket_cleanup; /* If true, destroy ticket 8357429Smarkm * file on logout. */ 84124211Sdes int gss_authentication; /* If true, permit GSSAPI authentication */ 85124211Sdes int gss_cleanup_creds; /* If true, destroy cred cache on logout */ 8657429Smarkm int password_authentication; /* If true, permit password 8757429Smarkm * authentication. */ 8869591Sgreen int kbd_interactive_authentication; /* If true, permit */ 8992559Sdes int challenge_response_authentication; 9057429Smarkm int permit_empty_passwd; /* If false, do not permit empty 9157429Smarkm * passwords. */ 92106130Sdes int permit_user_env; /* If true, read ~/.ssh/environment */ 9357429Smarkm int use_login; /* If true, login(1) is used */ 9498684Sdes int compression; /* If true, compression is allowed */ 9569591Sgreen int allow_tcp_forwarding; 9676262Sgreen u_int num_allow_users; 9757429Smarkm char *allow_users[MAX_ALLOW_USERS]; 9876262Sgreen u_int num_deny_users; 9957429Smarkm char *deny_users[MAX_DENY_USERS]; 10076262Sgreen u_int num_allow_groups; 10157429Smarkm char *allow_groups[MAX_ALLOW_GROUPS]; 10276262Sgreen u_int num_deny_groups; 10357429Smarkm char *deny_groups[MAX_DENY_GROUPS]; 10465674Skris 10576262Sgreen u_int num_subsystems; 10665674Skris char *subsystem_name[MAX_SUBSYSTEMS]; 10765674Skris char *subsystem_command[MAX_SUBSYSTEMS]; 10865674Skris 10965674Skris int max_startups_begin; 11065674Skris int max_startups_rate; 11165674Skris int max_startups; 11276262Sgreen char *banner; /* SSH-2 banner message */ 113124211Sdes int use_dns; 11476262Sgreen int client_alive_interval; /* 11592559Sdes * poke the client this often to 11692559Sdes * see if it's still there 11776262Sgreen */ 11876262Sgreen int client_alive_count_max; /* 11992559Sdes * If the client is unresponsive 12092559Sdes * for this many intervals above, 12192559Sdes * disconnect the session 12276262Sgreen */ 12365674Skris 12492559Sdes char *authorized_keys_file; /* File containing public keys */ 12592559Sdes char *authorized_keys_file2; 126124211Sdes int use_pam; /* Enable auth via PAM */ 12757429Smarkm} ServerOptions; 12857429Smarkm 12992559Sdesvoid initialize_server_options(ServerOptions *); 13092559Sdesvoid read_server_config(ServerOptions *, const char *); 13192559Sdesvoid fill_default_server_options(ServerOptions *); 13292559Sdesint process_server_config_line(ServerOptions *, char *, const char *, int); 13357429Smarkm 13457429Smarkm 13557429Smarkm#endif /* SERVCONF_H */ 136