servconf.h revision 181111
1181111Sdes/* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */ 292559Sdes 357429Smarkm/* 457429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi> 557429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 657429Smarkm * All rights reserved 757429Smarkm * Definitions for server configuration data and for the functions reading it. 860576Skris * 965674Skris * As far as I am concerned, the code I have written for this software 1065674Skris * can be used freely for any purpose. Any derived versions of this 1165674Skris * software must be clearly marked as such, and if the derived work is 1265674Skris * incompatible with the protocol description in the RFC file, it must be 1365674Skris * called by a name other than "ssh" or "Secure Shell". 1457429Smarkm */ 1557429Smarkm 1657429Smarkm#ifndef SERVCONF_H 1757429Smarkm#define SERVCONF_H 1857429Smarkm 1957429Smarkm#define MAX_PORTS 256 /* Max # ports. */ 2057429Smarkm 2157429Smarkm#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ 2257429Smarkm#define MAX_DENY_USERS 256 /* Max # users on deny list. */ 2357429Smarkm#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ 2457429Smarkm#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ 2565674Skris#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 2676262Sgreen#define MAX_HOSTKEYS 256 /* Max # hostkeys. */ 27137019Sdes#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ 28162856Sdes#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ 2957429Smarkm 3076262Sgreen/* permit_root_login */ 3176262Sgreen#define PERMIT_NOT_SET -1 3276262Sgreen#define PERMIT_NO 0 3376262Sgreen#define PERMIT_FORCED_ONLY 1 3476262Sgreen#define PERMIT_NO_PASSWD 2 3576262Sgreen#define PERMIT_YES 3 3676262Sgreen 37137019Sdes#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ 38181111Sdes#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ 3976262Sgreen 40181111Sdes/* Magic name for internal sftp-server */ 41181111Sdes#define INTERNAL_SFTP_NAME "internal-sftp" 42181111Sdes 4357429Smarkmtypedef struct { 4476262Sgreen u_int num_ports; 4576262Sgreen u_int ports_from_cmdline; 4657429Smarkm u_short ports[MAX_PORTS]; /* Port number to listen on. */ 4757429Smarkm char *listen_addr; /* Address on which the server listens. */ 4857429Smarkm struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 49147005Sdes int address_family; /* Address family used by the server. */ 5076262Sgreen char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ 5176262Sgreen int num_host_key_files; /* Number of files for host keys. */ 5260576Skris char *pid_file; /* Where to put our pid */ 5357429Smarkm int server_key_bits;/* Size of the server key. */ 5457429Smarkm int login_grace_time; /* Disconnect if no auth in this time 5557429Smarkm * (sec). */ 5657429Smarkm int key_regeneration_time; /* Server key lifetime (seconds). */ 5776262Sgreen int permit_root_login; /* PERMIT_*, see above */ 5857429Smarkm int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 5957429Smarkm int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 6057429Smarkm * for RhostsRsaAuth */ 6157429Smarkm int print_motd; /* If true, print /etc/motd. */ 6276262Sgreen int print_lastlog; /* If true, print lastlog */ 6357429Smarkm int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 6457429Smarkm int x11_display_offset; /* What DISPLAY number to start 6557429Smarkm * searching at */ 6692559Sdes int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 6765674Skris char *xauth_location; /* Location of xauth program */ 6857429Smarkm int strict_modes; /* If true, require string home dir modes. */ 69126277Sdes int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ 7076262Sgreen char *ciphers; /* Supported SSH2 ciphers. */ 7176262Sgreen char *macs; /* Supported SSH2 macs. */ 7276262Sgreen int protocol; /* Supported protocol versions. */ 7360576Skris int gateway_ports; /* If true, allow remote connects to forwarded ports. */ 7457429Smarkm SyslogFacility log_facility; /* Facility for system logging. */ 7557429Smarkm LogLevel log_level; /* Level for system logging. */ 7657429Smarkm int rhosts_rsa_authentication; /* If true, permit rhosts RSA 7757429Smarkm * authentication. */ 7876262Sgreen int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 7976262Sgreen int hostbased_uses_name_from_packet_only; /* experimental */ 8057429Smarkm int rsa_authentication; /* If true, permit RSA authentication. */ 8192559Sdes int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 8292559Sdes int kerberos_authentication; /* If true, permit Kerberos 8392559Sdes * authentication. */ 8492559Sdes int kerberos_or_local_passwd; /* If true, permit kerberos 8557429Smarkm * and any other password 8657429Smarkm * authentication mechanism, 8757429Smarkm * such as SecurID or 8857429Smarkm * /etc/passwd */ 8992559Sdes int kerberos_ticket_cleanup; /* If true, destroy ticket 9057429Smarkm * file on logout. */ 91126277Sdes int kerberos_get_afs_token; /* If true, try to get AFS token if 92126277Sdes * authenticated with Kerberos. */ 93124211Sdes int gss_authentication; /* If true, permit GSSAPI authentication */ 94124211Sdes int gss_cleanup_creds; /* If true, destroy cred cache on logout */ 9557429Smarkm int password_authentication; /* If true, permit password 9657429Smarkm * authentication. */ 9769591Sgreen int kbd_interactive_authentication; /* If true, permit */ 9892559Sdes int challenge_response_authentication; 9957429Smarkm int permit_empty_passwd; /* If false, do not permit empty 10057429Smarkm * passwords. */ 101106130Sdes int permit_user_env; /* If true, read ~/.ssh/environment */ 10257429Smarkm int use_login; /* If true, login(1) is used */ 10398684Sdes int compression; /* If true, compression is allowed */ 10469591Sgreen int allow_tcp_forwarding; 105181111Sdes int allow_agent_forwarding; 10676262Sgreen u_int num_allow_users; 10757429Smarkm char *allow_users[MAX_ALLOW_USERS]; 10876262Sgreen u_int num_deny_users; 10957429Smarkm char *deny_users[MAX_DENY_USERS]; 11076262Sgreen u_int num_allow_groups; 11157429Smarkm char *allow_groups[MAX_ALLOW_GROUPS]; 11276262Sgreen u_int num_deny_groups; 11357429Smarkm char *deny_groups[MAX_DENY_GROUPS]; 11465674Skris 11576262Sgreen u_int num_subsystems; 11665674Skris char *subsystem_name[MAX_SUBSYSTEMS]; 11765674Skris char *subsystem_command[MAX_SUBSYSTEMS]; 118162856Sdes char *subsystem_args[MAX_SUBSYSTEMS]; 11965674Skris 120137019Sdes u_int num_accept_env; 121137019Sdes char *accept_env[MAX_ACCEPT_ENV]; 122137019Sdes 12365674Skris int max_startups_begin; 12465674Skris int max_startups_rate; 12565674Skris int max_startups; 126137019Sdes int max_authtries; 127181111Sdes int max_sessions; 12876262Sgreen char *banner; /* SSH-2 banner message */ 129124211Sdes int use_dns; 13076262Sgreen int client_alive_interval; /* 13192559Sdes * poke the client this often to 13292559Sdes * see if it's still there 13376262Sgreen */ 13476262Sgreen int client_alive_count_max; /* 13592559Sdes * If the client is unresponsive 13692559Sdes * for this many intervals above, 13792559Sdes * disconnect the session 13876262Sgreen */ 13965674Skris 14092559Sdes char *authorized_keys_file; /* File containing public keys */ 14192559Sdes char *authorized_keys_file2; 142157019Sdes 143162856Sdes char *adm_forced_command; 144162856Sdes 145124211Sdes int use_pam; /* Enable auth via PAM */ 146157019Sdes 147157019Sdes int permit_tun; 148162856Sdes 149162856Sdes int num_permitted_opens; 150181111Sdes 151181111Sdes char *chroot_directory; 15257429Smarkm} ServerOptions; 15357429Smarkm 15492559Sdesvoid initialize_server_options(ServerOptions *); 15592559Sdesvoid fill_default_server_options(ServerOptions *); 156162856Sdesint process_server_config_line(ServerOptions *, char *, const char *, int, 157162856Sdes int *, const char *, const char *, const char *); 158137019Sdesvoid load_server_config(const char *, Buffer *); 159162856Sdesvoid parse_server_config(ServerOptions *, const char *, Buffer *, 160162856Sdes const char *, const char *, const char *); 161162856Sdesvoid parse_server_match_config(ServerOptions *, const char *, const char *, 162162856Sdes const char *); 163181111Sdesvoid copy_set_server_options(ServerOptions *, ServerOptions *, int); 164181111Sdesvoid dump_config(ServerOptions *); 16557429Smarkm 16657429Smarkm#endif /* SERVCONF_H */ 167