| version 1.130, 2003/12/23 16:12:10 |
version 1.130.2.2, 2005/03/10 17:15:04 |
|
|
| #include "xmalloc.h" |
#include "xmalloc.h" |
| #include "compat.h" |
#include "compat.h" |
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "tildexpand.h" |
|
| #include "misc.h" |
#include "misc.h" |
| #include "cipher.h" |
#include "cipher.h" |
| #include "kex.h" |
#include "kex.h" |
|
|
| static void add_listen_addr(ServerOptions *, char *, u_short); |
static void add_listen_addr(ServerOptions *, char *, u_short); |
| static void add_one_listen_addr(ServerOptions *, char *, u_short); |
static void add_one_listen_addr(ServerOptions *, char *, u_short); |
| |
|
| /* AF_UNSPEC or AF_INET or AF_INET6 */ |
|
| extern int IPv4or6; |
|
| /* Use of privilege separation or not */ |
/* Use of privilege separation or not */ |
| extern int use_privsep; |
extern int use_privsep; |
| |
|
|
|
| options->num_ports = 0; |
options->num_ports = 0; |
| options->ports_from_cmdline = 0; |
options->ports_from_cmdline = 0; |
| options->listen_addrs = NULL; |
options->listen_addrs = NULL; |
| |
options->address_family = -1; |
| options->num_host_key_files = 0; |
options->num_host_key_files = 0; |
| options->pid_file = NULL; |
options->pid_file = NULL; |
| options->server_key_bits = -1; |
options->server_key_bits = -1; |
|
|
| options->max_startups_begin = -1; |
options->max_startups_begin = -1; |
| options->max_startups_rate = -1; |
options->max_startups_rate = -1; |
| options->max_startups = -1; |
options->max_startups = -1; |
| |
options->max_authtries = -1; |
| options->banner = NULL; |
options->banner = NULL; |
| options->use_dns = -1; |
options->use_dns = -1; |
| options->client_alive_interval = -1; |
options->client_alive_interval = -1; |
| options->client_alive_count_max = -1; |
options->client_alive_count_max = -1; |
| options->authorized_keys_file = NULL; |
options->authorized_keys_file = NULL; |
| options->authorized_keys_file2 = NULL; |
options->authorized_keys_file2 = NULL; |
| |
options->num_accept_env = 0; |
| |
|
| /* Needs to be accessable in many places */ |
/* Needs to be accessable in many places */ |
| use_privsep = -1; |
use_privsep = -1; |
|
|
| options->max_startups_rate = 100; /* 100% */ |
options->max_startups_rate = 100; /* 100% */ |
| if (options->max_startups_begin == -1) |
if (options->max_startups_begin == -1) |
| options->max_startups_begin = options->max_startups; |
options->max_startups_begin = options->max_startups; |
| |
if (options->max_authtries == -1) |
| |
options->max_authtries = DEFAULT_AUTH_FAIL_MAX; |
| if (options->use_dns == -1) |
if (options->use_dns == -1) |
| options->use_dns = 1; |
options->use_dns = 1; |
| if (options->client_alive_interval == -1) |
if (options->client_alive_interval == -1) |
|
|
| sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
| sKerberosGetAFSToken, |
sKerberosGetAFSToken, |
| sKerberosTgtPassing, sChallengeResponseAuthentication, |
sKerberosTgtPassing, sChallengeResponseAuthentication, |
| sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
sPasswordAuthentication, sKbdInteractiveAuthentication, |
| |
sListenAddress, sAddressFamily, |
| sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
| sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, |
| |
sMaxStartups, sMaxAuthTries, |
| sBanner, sUseDNS, sHostbasedAuthentication, |
sBanner, sUseDNS, sHostbasedAuthentication, |
| sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| sGssAuthentication, sGssCleanupCreds, |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, |
| sUsePrivilegeSeparation, |
sUsePrivilegeSeparation, |
| sDeprecated, sUnsupported |
sDeprecated, sUnsupported |
| } ServerOpCodes; |
} ServerOpCodes; |
|
|
| { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ |
{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ |
| { "checkmail", sDeprecated }, |
{ "checkmail", sDeprecated }, |
| { "listenaddress", sListenAddress }, |
{ "listenaddress", sListenAddress }, |
| |
{ "addressfamily", sAddressFamily }, |
| { "printmotd", sPrintMotd }, |
{ "printmotd", sPrintMotd }, |
| { "printlastlog", sPrintLastLog }, |
{ "printlastlog", sPrintLastLog }, |
| { "ignorerhosts", sIgnoreRhosts }, |
{ "ignorerhosts", sIgnoreRhosts }, |
|
|
| { "gatewayports", sGatewayPorts }, |
{ "gatewayports", sGatewayPorts }, |
| { "subsystem", sSubsystem }, |
{ "subsystem", sSubsystem }, |
| { "maxstartups", sMaxStartups }, |
{ "maxstartups", sMaxStartups }, |
| |
{ "maxauthtries", sMaxAuthTries }, |
| { "banner", sBanner }, |
{ "banner", sBanner }, |
| { "usedns", sUseDNS }, |
{ "usedns", sUseDNS }, |
| { "verifyreversemapping", sDeprecated }, |
{ "verifyreversemapping", sDeprecated }, |
|
|
| { "authorizedkeysfile", sAuthorizedKeysFile }, |
{ "authorizedkeysfile", sAuthorizedKeysFile }, |
| { "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
{ "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
| { "useprivilegeseparation", sUsePrivilegeSeparation}, |
{ "useprivilegeseparation", sUsePrivilegeSeparation}, |
| |
{ "acceptenv", sAcceptEnv }, |
| { NULL, sBadOption } |
{ NULL, sBadOption } |
| }; |
}; |
| |
|
|
|
| |
|
| if (options->num_ports == 0) |
if (options->num_ports == 0) |
| options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
| |
if (options->address_family == -1) |
| |
options->address_family = AF_UNSPEC; |
| if (port == 0) |
if (port == 0) |
| for (i = 0; i < options->num_ports; i++) |
for (i = 0; i < options->num_ports; i++) |
| add_one_listen_addr(options, addr, options->ports[i]); |
add_one_listen_addr(options, addr, options->ports[i]); |
|
|
| int gaierr; |
int gaierr; |
| |
|
| memset(&hints, 0, sizeof(hints)); |
memset(&hints, 0, sizeof(hints)); |
| hints.ai_family = IPv4or6; |
hints.ai_family = options->address_family; |
| hints.ai_socktype = SOCK_STREAM; |
hints.ai_socktype = SOCK_STREAM; |
| hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; |
| snprintf(strport, sizeof strport, "%u", port); |
snprintf(strport, sizeof strport, "%u", port); |
|
|
| char *cp, **charptr, *arg, *p; |
char *cp, **charptr, *arg, *p; |
| int *intptr, value, i, n; |
int *intptr, value, i, n; |
| ServerOpCodes opcode; |
ServerOpCodes opcode; |
| |
u_short port; |
| |
|
| cp = line; |
cp = line; |
| arg = strdelim(&cp); |
arg = strdelim(&cp); |
|
|
| |
|
| case sListenAddress: |
case sListenAddress: |
| arg = strdelim(&cp); |
arg = strdelim(&cp); |
| if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0) |
if (arg == NULL || *arg == '\0') |
| fatal("%s line %d: missing inet addr.", |
fatal("%s line %d: missing address", |
| filename, linenum); |
filename, linenum); |
| if (*arg == '[') { |
p = hpdelim(&arg); |
| if ((p = strchr(arg, ']')) == NULL) |
if (p == NULL) |
| fatal("%s line %d: bad ipv6 inet addr usage.", |
fatal("%s line %d: bad address:port usage", |
| filename, linenum); |
filename, linenum); |
| arg++; |
p = cleanhostname(p); |
| memmove(p, p+1, strlen(p+1)+1); |
if (arg == NULL) |
| } else if (((p = strchr(arg, ':')) == NULL) || |
port = 0; |
| (strchr(p+1, ':') != NULL)) { |
else if ((port = a2port(arg)) == 0) |
| add_listen_addr(options, arg, 0); |
fatal("%s line %d: bad port number", filename, linenum); |
| break; |
|
| } |
|
| if (*p == ':') { |
|
| u_short port; |
|
| |
|
| p++; |
add_listen_addr(options, p, port); |
| if (*p == '\0') |
|
| fatal("%s line %d: bad inet addr:port usage.", |
break; |
| filename, linenum); |
|
| else { |
case sAddressFamily: |
| *(p-1) = '\0'; |
arg = strdelim(&cp); |
| if ((port = a2port(p)) == 0) |
intptr = &options->address_family; |
| fatal("%s line %d: bad port number.", |
if (options->listen_addrs != NULL) |
| filename, linenum); |
fatal("%s line %d: address family must be specified before " |
| add_listen_addr(options, arg, port); |
"ListenAddress.", filename, linenum); |
| } |
if (strcasecmp(arg, "inet") == 0) |
| } else if (*p == '\0') |
value = AF_INET; |
| add_listen_addr(options, arg, 0); |
else if (strcasecmp(arg, "inet6") == 0) |
| |
value = AF_INET6; |
| |
else if (strcasecmp(arg, "any") == 0) |
| |
value = AF_UNSPEC; |
| else |
else |
| fatal("%s line %d: bad inet addr usage.", |
fatal("%s line %d: unsupported address family \"%s\".", |
| filename, linenum); |
filename, linenum, arg); |
| |
if (*intptr == -1) |
| |
*intptr = value; |
| break; |
break; |
| |
|
| case sHostKeyFile: |
case sHostKeyFile: |
|
|
| |
|
| case sGatewayPorts: |
case sGatewayPorts: |
| intptr = &options->gateway_ports; |
intptr = &options->gateway_ports; |
| goto parse_flag; |
arg = strdelim(&cp); |
| |
if (!arg || *arg == '\0') |
| |
fatal("%s line %d: missing yes/no/clientspecified " |
| |
"argument.", filename, linenum); |
| |
value = 0; /* silence compiler */ |
| |
if (strcmp(arg, "clientspecified") == 0) |
| |
value = 2; |
| |
else if (strcmp(arg, "yes") == 0) |
| |
value = 1; |
| |
else if (strcmp(arg, "no") == 0) |
| |
value = 0; |
| |
else |
| |
fatal("%s line %d: Bad yes/no/clientspecified " |
| |
"argument: %s", filename, linenum, arg); |
| |
if (*intptr == -1) |
| |
*intptr = value; |
| |
break; |
| |
|
| case sUseDNS: |
case sUseDNS: |
| intptr = &options->use_dns; |
intptr = &options->use_dns; |
|
|
| options->max_startups = options->max_startups_begin; |
options->max_startups = options->max_startups_begin; |
| break; |
break; |
| |
|
| |
case sMaxAuthTries: |
| |
intptr = &options->max_authtries; |
| |
goto parse_int; |
| |
|
| case sBanner: |
case sBanner: |
| charptr = &options->banner; |
charptr = &options->banner; |
| goto parse_filename; |
goto parse_filename; |
|
|
| intptr = &options->client_alive_count_max; |
intptr = &options->client_alive_count_max; |
| goto parse_int; |
goto parse_int; |
| |
|
| |
case sAcceptEnv: |
| |
while ((arg = strdelim(&cp)) && *arg != '\0') { |
| |
if (strchr(arg, '=') != NULL) |
| |
fatal("%s line %d: Invalid environment name.", |
| |
filename, linenum); |
| |
if (options->num_accept_env >= MAX_ACCEPT_ENV) |
| |
fatal("%s line %d: too many allow env.", |
| |
filename, linenum); |
| |
options->accept_env[options->num_accept_env++] = |
| |
xstrdup(arg); |
| |
} |
| |
break; |
| |
|
| case sDeprecated: |
case sDeprecated: |
| logit("%s line %d: Deprecated option %s", |
logit("%s line %d: Deprecated option %s", |
| filename, linenum, arg); |
filename, linenum, arg); |
|
|
| /* Reads the server configuration file. */ |
/* Reads the server configuration file. */ |
| |
|
| void |
void |
| read_server_config(ServerOptions *options, const char *filename) |
load_server_config(const char *filename, Buffer *conf) |
| { |
{ |
| int linenum, bad_options = 0; |
char line[1024], *cp; |
| char line[1024]; |
|
| FILE *f; |
FILE *f; |
| |
|
| debug2("read_server_config: filename %s", filename); |
debug2("%s: filename %s", __func__, filename); |
| f = fopen(filename, "r"); |
if ((f = fopen(filename, "r")) == NULL) { |
| if (!f) { |
|
| perror(filename); |
perror(filename); |
| exit(1); |
exit(1); |
| } |
} |
| linenum = 0; |
buffer_clear(conf); |
| while (fgets(line, sizeof(line), f)) { |
while (fgets(line, sizeof(line), f)) { |
| /* Update line number counter. */ |
/* |
| linenum++; |
* Trim out comments and strip whitespace |
| if (process_server_config_line(options, line, filename, linenum) != 0) |
* NB - preserve newlines, they are needed to reproduce |
| bad_options++; |
* line numbers later for error messages |
| |
*/ |
| |
if ((cp = strchr(line, '#')) != NULL) |
| |
memcpy(cp, "\n", 2); |
| |
cp = line + strspn(line, " \t\r"); |
| |
|
| |
buffer_append(conf, cp, strlen(cp)); |
| } |
} |
| |
buffer_append(conf, "\0", 1); |
| fclose(f); |
fclose(f); |
| |
debug2("%s: done config len = %d", __func__, buffer_len(conf)); |
| |
} |
| |
|
| |
void |
| |
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) |
| |
{ |
| |
int linenum, bad_options = 0; |
| |
char *cp, *obuf, *cbuf; |
| |
|
| |
debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); |
| |
|
| |
obuf = cbuf = xstrdup(buffer_ptr(conf)); |
| |
linenum = 1; |
| |
while((cp = strsep(&cbuf, "\n")) != NULL) { |
| |
if (process_server_config_line(options, cp, filename, |
| |
linenum++) != 0) |
| |
bad_options++; |
| |
} |
| |
xfree(obuf); |
| if (bad_options > 0) |
if (bad_options > 0) |
| fatal("%s: terminating, %d bad configuration options", |
fatal("%s: terminating, %d bad configuration options", |
| filename, bad_options); |
filename, bad_options); |
![[BACK]](/icons/back.gif){kind=icon}
Return to servconf.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh