version 1.105, 2002/03/20 19:12:24 |
version 1.105.2.4, 2002/06/26 15:30:38 |
|
|
options->challenge_response_authentication = -1; |
options->challenge_response_authentication = -1; |
options->permit_empty_passwd = -1; |
options->permit_empty_passwd = -1; |
options->use_login = -1; |
options->use_login = -1; |
|
options->compression = -1; |
options->allow_tcp_forwarding = -1; |
options->allow_tcp_forwarding = -1; |
options->num_allow_users = 0; |
options->num_allow_users = 0; |
options->num_deny_users = 0; |
options->num_deny_users = 0; |
|
|
options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
#if defined(KRB4) || defined(KRB5) |
#if defined(KRB4) || defined(KRB5) |
if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); |
options->kerberos_authentication = 0; |
if (options->kerberos_or_local_passwd == -1) |
if (options->kerberos_or_local_passwd == -1) |
options->kerberos_or_local_passwd = 1; |
options->kerberos_or_local_passwd = 1; |
if (options->kerberos_ticket_cleanup == -1) |
if (options->kerberos_ticket_cleanup == -1) |
|
|
#endif |
#endif |
#ifdef AFS |
#ifdef AFS |
if (options->afs_token_passing == -1) |
if (options->afs_token_passing == -1) |
options->afs_token_passing = k_hasafs(); |
options->afs_token_passing = 0; |
#endif |
#endif |
if (options->password_authentication == -1) |
if (options->password_authentication == -1) |
options->password_authentication = 1; |
options->password_authentication = 1; |
|
|
options->permit_empty_passwd = 0; |
options->permit_empty_passwd = 0; |
if (options->use_login == -1) |
if (options->use_login == -1) |
options->use_login = 0; |
options->use_login = 0; |
|
if (options->compression == -1) |
|
options->compression = 1; |
if (options->allow_tcp_forwarding == -1) |
if (options->allow_tcp_forwarding == -1) |
options->allow_tcp_forwarding = 1; |
options->allow_tcp_forwarding = 1; |
if (options->gateway_ports == -1) |
if (options->gateway_ports == -1) |
|
|
if (options->authorized_keys_file == NULL) |
if (options->authorized_keys_file == NULL) |
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
|
|
/* Turn privilege separation _off_ by default */ |
/* Turn privilege separation on by default */ |
if (use_privsep == -1) |
if (use_privsep == -1) |
use_privsep = 0; |
use_privsep = 1; |
} |
} |
|
|
/* Keyword tokens. */ |
/* Keyword tokens. */ |
|
|
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sStrictModes, sEmptyPasswd, sKeepAlives, |
sStrictModes, sEmptyPasswd, sKeepAlives, |
sUseLogin, sAllowTcpForwarding, |
sUseLogin, sAllowTcpForwarding, sCompression, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
|
|
{ "strictmodes", sStrictModes }, |
{ "strictmodes", sStrictModes }, |
{ "permitemptypasswords", sEmptyPasswd }, |
{ "permitemptypasswords", sEmptyPasswd }, |
{ "uselogin", sUseLogin }, |
{ "uselogin", sUseLogin }, |
|
{ "compression", sCompression }, |
{ "keepalive", sKeepAlives }, |
{ "keepalive", sKeepAlives }, |
{ "allowtcpforwarding", sAllowTcpForwarding }, |
{ "allowtcpforwarding", sAllowTcpForwarding }, |
{ "allowusers", sAllowUsers }, |
{ "allowusers", sAllowUsers }, |
|
|
hints.ai_family = IPv4or6; |
hints.ai_family = IPv4or6; |
hints.ai_socktype = SOCK_STREAM; |
hints.ai_socktype = SOCK_STREAM; |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
snprintf(strport, sizeof strport, "%d", port); |
snprintf(strport, sizeof strport, "%u", port); |
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
fatal("bad addr or host: %s (%s)", |
fatal("bad addr or host: %s (%s)", |
addr ? addr : "<NULL>", |
addr ? addr : "<NULL>", |
|
|
const char *filename, int linenum) |
const char *filename, int linenum) |
{ |
{ |
char *cp, **charptr, *arg, *p; |
char *cp, **charptr, *arg, *p; |
int *intptr, value; |
int *intptr, value, i, n; |
ServerOpCodes opcode; |
ServerOpCodes opcode; |
int i, n; |
|
|
|
cp = line; |
cp = line; |
arg = strdelim(&cp); |
arg = strdelim(&cp); |
|
|
intptr = &options->use_login; |
intptr = &options->use_login; |
goto parse_flag; |
goto parse_flag; |
|
|
|
case sCompression: |
|
intptr = &options->compression; |
|
goto parse_flag; |
|
|
case sGatewayPorts: |
case sGatewayPorts: |
intptr = &options->gateway_ports; |
intptr = &options->gateway_ports; |
goto parse_flag; |
goto parse_flag; |
|
|
if (options->num_allow_users >= MAX_ALLOW_USERS) |
if (options->num_allow_users >= MAX_ALLOW_USERS) |
fatal("%s line %d: too many allow users.", |
fatal("%s line %d: too many allow users.", |
filename, linenum); |
filename, linenum); |
options->allow_users[options->num_allow_users++] = xstrdup(arg); |
options->allow_users[options->num_allow_users++] = |
|
xstrdup(arg); |
} |
} |
break; |
break; |
|
|
|
|
if (options->num_deny_users >= MAX_DENY_USERS) |
if (options->num_deny_users >= MAX_DENY_USERS) |
fatal( "%s line %d: too many deny users.", |
fatal( "%s line %d: too many deny users.", |
filename, linenum); |
filename, linenum); |
options->deny_users[options->num_deny_users++] = xstrdup(arg); |
options->deny_users[options->num_deny_users++] = |
|
xstrdup(arg); |
} |
} |
break; |
break; |
|
|
|
|
if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
fatal("%s line %d: too many allow groups.", |
fatal("%s line %d: too many allow groups.", |
filename, linenum); |
filename, linenum); |
options->allow_groups[options->num_allow_groups++] = xstrdup(arg); |
options->allow_groups[options->num_allow_groups++] = |
|
xstrdup(arg); |
} |
} |
break; |
break; |
|
|
|
|
void |
void |
read_server_config(ServerOptions *options, const char *filename) |
read_server_config(ServerOptions *options, const char *filename) |
{ |
{ |
FILE *f; |
int linenum, bad_options = 0; |
char line[1024]; |
char line[1024]; |
int linenum; |
FILE *f; |
int bad_options = 0; |
|
|
|
f = fopen(filename, "r"); |
f = fopen(filename, "r"); |
if (!f) { |
if (!f) { |