version 1.105.2.6, 2003/04/03 22:35:17 |
version 1.106, 2002/04/20 09:02:03 |
|
|
options->kbd_interactive_authentication = -1; |
options->kbd_interactive_authentication = -1; |
options->challenge_response_authentication = -1; |
options->challenge_response_authentication = -1; |
options->permit_empty_passwd = -1; |
options->permit_empty_passwd = -1; |
options->permit_user_env = -1; |
|
options->use_login = -1; |
options->use_login = -1; |
options->compression = -1; |
|
options->allow_tcp_forwarding = -1; |
options->allow_tcp_forwarding = -1; |
options->num_allow_users = 0; |
options->num_allow_users = 0; |
options->num_deny_users = 0; |
options->num_deny_users = 0; |
|
|
if (options->server_key_bits == -1) |
if (options->server_key_bits == -1) |
options->server_key_bits = 768; |
options->server_key_bits = 768; |
if (options->login_grace_time == -1) |
if (options->login_grace_time == -1) |
options->login_grace_time = 120; |
options->login_grace_time = 600; |
if (options->key_regeneration_time == -1) |
if (options->key_regeneration_time == -1) |
options->key_regeneration_time = 3600; |
options->key_regeneration_time = 3600; |
if (options->permit_root_login == PERMIT_NOT_SET) |
if (options->permit_root_login == PERMIT_NOT_SET) |
|
|
options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
#if defined(KRB4) || defined(KRB5) |
#if defined(KRB4) || defined(KRB5) |
if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
options->kerberos_authentication = 0; |
options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); |
if (options->kerberos_or_local_passwd == -1) |
if (options->kerberos_or_local_passwd == -1) |
options->kerberos_or_local_passwd = 1; |
options->kerberos_or_local_passwd = 1; |
if (options->kerberos_ticket_cleanup == -1) |
if (options->kerberos_ticket_cleanup == -1) |
|
|
options->challenge_response_authentication = 1; |
options->challenge_response_authentication = 1; |
if (options->permit_empty_passwd == -1) |
if (options->permit_empty_passwd == -1) |
options->permit_empty_passwd = 0; |
options->permit_empty_passwd = 0; |
if (options->permit_user_env == -1) |
|
options->permit_user_env = 0; |
|
if (options->use_login == -1) |
if (options->use_login == -1) |
options->use_login = 0; |
options->use_login = 0; |
if (options->compression == -1) |
|
options->compression = 1; |
|
if (options->allow_tcp_forwarding == -1) |
if (options->allow_tcp_forwarding == -1) |
options->allow_tcp_forwarding = 1; |
options->allow_tcp_forwarding = 1; |
if (options->gateway_ports == -1) |
if (options->gateway_ports == -1) |
|
|
if (options->authorized_keys_file == NULL) |
if (options->authorized_keys_file == NULL) |
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
|
|
/* Turn privilege separation on by default */ |
/* Turn privilege separation _off_ by default */ |
if (use_privsep == -1) |
if (use_privsep == -1) |
use_privsep = 1; |
use_privsep = 0; |
} |
} |
|
|
/* Keyword tokens. */ |
/* Keyword tokens. */ |
|
|
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sStrictModes, sEmptyPasswd, sKeepAlives, |
sStrictModes, sEmptyPasswd, sKeepAlives, |
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sUseLogin, sAllowTcpForwarding, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
|
|
{ "xauthlocation", sXAuthLocation }, |
{ "xauthlocation", sXAuthLocation }, |
{ "strictmodes", sStrictModes }, |
{ "strictmodes", sStrictModes }, |
{ "permitemptypasswords", sEmptyPasswd }, |
{ "permitemptypasswords", sEmptyPasswd }, |
{ "permituserenvironment", sPermitUserEnvironment }, |
|
{ "uselogin", sUseLogin }, |
{ "uselogin", sUseLogin }, |
{ "compression", sCompression }, |
|
{ "keepalive", sKeepAlives }, |
{ "keepalive", sKeepAlives }, |
{ "allowtcpforwarding", sAllowTcpForwarding }, |
{ "allowtcpforwarding", sAllowTcpForwarding }, |
{ "allowusers", sAllowUsers }, |
{ "allowusers", sAllowUsers }, |
|
|
hints.ai_family = IPv4or6; |
hints.ai_family = IPv4or6; |
hints.ai_socktype = SOCK_STREAM; |
hints.ai_socktype = SOCK_STREAM; |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
snprintf(strport, sizeof strport, "%u", port); |
snprintf(strport, sizeof strport, "%d", port); |
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) |
fatal("bad addr or host: %s (%s)", |
fatal("bad addr or host: %s (%s)", |
addr ? addr : "<NULL>", |
addr ? addr : "<NULL>", |
|
|
const char *filename, int linenum) |
const char *filename, int linenum) |
{ |
{ |
char *cp, **charptr, *arg, *p; |
char *cp, **charptr, *arg, *p; |
int *intptr, value, i, n; |
int *intptr, value; |
ServerOpCodes opcode; |
ServerOpCodes opcode; |
|
int i, n; |
|
|
cp = line; |
cp = line; |
arg = strdelim(&cp); |
arg = strdelim(&cp); |
|
|
intptr = &options->permit_empty_passwd; |
intptr = &options->permit_empty_passwd; |
goto parse_flag; |
goto parse_flag; |
|
|
case sPermitUserEnvironment: |
|
intptr = &options->permit_user_env; |
|
goto parse_flag; |
|
|
|
case sUseLogin: |
case sUseLogin: |
intptr = &options->use_login; |
intptr = &options->use_login; |
goto parse_flag; |
goto parse_flag; |
|
|
case sCompression: |
|
intptr = &options->compression; |
|
goto parse_flag; |
|
|
|
case sGatewayPorts: |
case sGatewayPorts: |
intptr = &options->gateway_ports; |
intptr = &options->gateway_ports; |
goto parse_flag; |
goto parse_flag; |
|
|
if (options->num_allow_users >= MAX_ALLOW_USERS) |
if (options->num_allow_users >= MAX_ALLOW_USERS) |
fatal("%s line %d: too many allow users.", |
fatal("%s line %d: too many allow users.", |
filename, linenum); |
filename, linenum); |
options->allow_users[options->num_allow_users++] = |
options->allow_users[options->num_allow_users++] = xstrdup(arg); |
xstrdup(arg); |
|
} |
} |
break; |
break; |
|
|
|
|
if (options->num_deny_users >= MAX_DENY_USERS) |
if (options->num_deny_users >= MAX_DENY_USERS) |
fatal( "%s line %d: too many deny users.", |
fatal( "%s line %d: too many deny users.", |
filename, linenum); |
filename, linenum); |
options->deny_users[options->num_deny_users++] = |
options->deny_users[options->num_deny_users++] = xstrdup(arg); |
xstrdup(arg); |
|
} |
} |
break; |
break; |
|
|
|
|
if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
if (options->num_allow_groups >= MAX_ALLOW_GROUPS) |
fatal("%s line %d: too many allow groups.", |
fatal("%s line %d: too many allow groups.", |
filename, linenum); |
filename, linenum); |
options->allow_groups[options->num_allow_groups++] = |
options->allow_groups[options->num_allow_groups++] = xstrdup(arg); |
xstrdup(arg); |
|
} |
} |
break; |
break; |
|
|
|
|
void |
void |
read_server_config(ServerOptions *options, const char *filename) |
read_server_config(ServerOptions *options, const char *filename) |
{ |
{ |
int linenum, bad_options = 0; |
|
char line[1024]; |
|
FILE *f; |
FILE *f; |
|
char line[1024]; |
|
int linenum; |
|
int bad_options = 0; |
|
|
debug2("read_server_config: filename %s", filename); |
|
f = fopen(filename, "r"); |
f = fopen(filename, "r"); |
if (!f) { |
if (!f) { |
perror(filename); |
perror(filename); |