servconf.h revision 106130
1145485Swpaul/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ 2145485Swpaul/* $FreeBSD: head/crypto/openssh/servconf.h 106130 2002-10-29 10:16:02Z des $ */ 3145485Swpaul 4145485Swpaul/* 5145485Swpaul * Author: Tatu Ylonen <ylo@cs.hut.fi> 6145485Swpaul * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7145485Swpaul * All rights reserved 8145485Swpaul * Definitions for server configuration data and for the functions reading it. 9145485Swpaul * 10145485Swpaul * As far as I am concerned, the code I have written for this software 11145485Swpaul * can be used freely for any purpose. Any derived versions of this 12145485Swpaul * software must be clearly marked as such, and if the derived work is 13145485Swpaul * incompatible with the protocol description in the RFC file, it must be 14145485Swpaul * called by a name other than "ssh" or "Secure Shell". 15145485Swpaul */ 16145485Swpaul 17145485Swpaul#ifndef SERVCONF_H 18145485Swpaul#define SERVCONF_H 19145485Swpaul 20145485Swpaul#define MAX_PORTS 256 /* Max # ports. */ 21145485Swpaul 22145485Swpaul#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ 23145485Swpaul#define MAX_DENY_USERS 256 /* Max # users on deny list. */ 24145485Swpaul#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ 25145485Swpaul#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ 26145485Swpaul#define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ 27145485Swpaul#define MAX_HOSTKEYS 256 /* Max # hostkeys. */ 28145485Swpaul 29145485Swpaul/* permit_root_login */ 30145485Swpaul#define PERMIT_NOT_SET -1 31145485Swpaul#define PERMIT_NO 0 32145485Swpaul#define PERMIT_FORCED_ONLY 1 33145485Swpaul#define PERMIT_NO_PASSWD 2 34145485Swpaul#define PERMIT_YES 3 35145485Swpaul 36145485Swpaul 37145485Swpaultypedef struct { 38145485Swpaul u_int num_ports; 39145485Swpaul u_int ports_from_cmdline; 40145485Swpaul u_short ports[MAX_PORTS]; /* Port number to listen on. */ 41145485Swpaul char *listen_addr; /* Address on which the server listens. */ 42145485Swpaul struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 43145485Swpaul char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ 44145485Swpaul int num_host_key_files; /* Number of files for host keys. */ 45145485Swpaul char *pid_file; /* Where to put our pid */ 46148281Sceri int server_key_bits;/* Size of the server key. */ 47145485Swpaul int login_grace_time; /* Disconnect if no auth in this time 48145485Swpaul * (sec). */ 49145485Swpaul int key_regeneration_time; /* Server key lifetime (seconds). */ 50145485Swpaul int permit_root_login; /* PERMIT_*, see above */ 51145485Swpaul int ignore_rhosts; /* Ignore .rhosts and .shosts. */ 52145485Swpaul int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts 53145485Swpaul * for RhostsRsaAuth */ 54145485Swpaul int print_motd; /* If true, print /etc/motd. */ 55145485Swpaul int print_lastlog; /* If true, print lastlog */ 56145485Swpaul int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ 57145485Swpaul int x11_display_offset; /* What DISPLAY number to start 58145485Swpaul * searching at */ 59145485Swpaul int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 60148279Sjkim char *xauth_location; /* Location of xauth program */ 61145485Swpaul int strict_modes; /* If true, require string home dir modes. */ 62145485Swpaul int keepalives; /* If true, set SO_KEEPALIVE. */ 63145485Swpaul char *ciphers; /* Supported SSH2 ciphers. */ 64145485Swpaul char *macs; /* Supported SSH2 macs. */ 65145485Swpaul int protocol; /* Supported protocol versions. */ 66145485Swpaul int gateway_ports; /* If true, allow remote connects to forwarded ports. */ 67145485Swpaul SyslogFacility log_facility; /* Facility for system logging. */ 68145485Swpaul LogLevel log_level; /* Level for system logging. */ 69145485Swpaul int rhosts_authentication; /* If true, permit rhosts 70145485Swpaul * authentication. */ 71145485Swpaul int rhosts_rsa_authentication; /* If true, permit rhosts RSA 72145485Swpaul * authentication. */ 73145485Swpaul int hostbased_authentication; /* If true, permit ssh2 hostbased auth */ 74145485Swpaul int hostbased_uses_name_from_packet_only; /* experimental */ 75145485Swpaul int rsa_authentication; /* If true, permit RSA authentication. */ 76145485Swpaul int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ 77145485Swpaul#if defined(KRB4) || defined(KRB5) 78145485Swpaul int kerberos_authentication; /* If true, permit Kerberos 79145485Swpaul * authentication. */ 80145485Swpaul int kerberos_or_local_passwd; /* If true, permit kerberos 81145485Swpaul * and any other password 82148279Sjkim * authentication mechanism, 83145485Swpaul * such as SecurID or 84148279Sjkim * /etc/passwd */ 85145485Swpaul int kerberos_ticket_cleanup; /* If true, destroy ticket 86145485Swpaul * file on logout. */ 87145485Swpaul#endif 88145485Swpaul#if defined(AFS) || defined(KRB5) 89145485Swpaul int kerberos_tgt_passing; /* If true, permit Kerberos TGT 90145485Swpaul * passing. */ 91145485Swpaul#endif 92145485Swpaul#ifdef AFS 93145485Swpaul int afs_token_passing; /* If true, permit AFS token passing. */ 94145485Swpaul#endif 95145485Swpaul int password_authentication; /* If true, permit password 96145485Swpaul * authentication. */ 97148281Sceri int kbd_interactive_authentication; /* If true, permit */ 98145485Swpaul int challenge_response_authentication; 99145485Swpaul int permit_empty_passwd; /* If false, do not permit empty 100145485Swpaul * passwords. */ 101145485Swpaul int permit_user_env; /* If true, read ~/.ssh/environment */ 102145485Swpaul int use_login; /* If true, login(1) is used */ 103145485Swpaul int compression; /* If true, compression is allowed */ 104145485Swpaul int allow_tcp_forwarding; 105145485Swpaul u_int num_allow_users; 106145485Swpaul char *allow_users[MAX_ALLOW_USERS]; 107148279Sjkim u_int num_deny_users; 108145485Swpaul char *deny_users[MAX_DENY_USERS]; 109148279Sjkim u_int num_allow_groups; 110145485Swpaul char *allow_groups[MAX_ALLOW_GROUPS]; 111145485Swpaul u_int num_deny_groups; 112145485Swpaul char *deny_groups[MAX_DENY_GROUPS]; 113145485Swpaul 114145485Swpaul u_int num_subsystems; 115145485Swpaul char *subsystem_name[MAX_SUBSYSTEMS]; 116145485Swpaul char *subsystem_command[MAX_SUBSYSTEMS]; 117145485Swpaul 118145485Swpaul int max_startups_begin; 119148279Sjkim int max_startups_rate; 120145485Swpaul int max_startups; 121145485Swpaul char *banner; /* SSH-2 banner message */ 122148281Sceri int verify_reverse_mapping; /* cross-check ip and dns */ 123145485Swpaul int client_alive_interval; /* 124145485Swpaul * poke the client this often to 125145485Swpaul * see if it's still there 126145485Swpaul */ 127145485Swpaul int client_alive_count_max; /* 128145485Swpaul * If the client is unresponsive 129145485Swpaul * for this many intervals above, 130145485Swpaul * disconnect the session 131145485Swpaul */ 132148279Sjkim 133145485Swpaul char *authorized_keys_file; /* File containing public keys */ 134148279Sjkim char *authorized_keys_file2; 135145485Swpaul int pam_authentication_via_kbd_int; 136145485Swpaul} ServerOptions; 137145485Swpaul 138145485Swpaulvoid initialize_server_options(ServerOptions *); 139145485Swpaulvoid read_server_config(ServerOptions *, const char *); 140145485Swpaulvoid fill_default_server_options(ServerOptions *); 141145485Swpaulint process_server_config_line(ServerOptions *, char *, const char *, int); 142145485Swpaul 143145485Swpaul 144145485Swpaul#endif /* SERVCONF_H */ 145145485Swpaul