src/usr.bin/ssh/servconf.c - diff

Return to servconf.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/servconf.c between version 1.40 and 1.40.2.3

version 1.40, 2000/05/08 17:12:15

version 1.40.2.3, 2000/11/08 21:31:12

Line 1

* servconf.c

* Author: Tatu Ylonen <ylo@cs.hut.fi>

* Created: Mon Aug 21 15:48:58 1995 ylo

* As far as I am concerned, the code I have written for this software

* can be used freely for any purpose. Any derived versions of this

* software must be clearly marked as such, and if the derived work is

* incompatible with the protocol description in the RFC file, it must be

* called by a name other than "ssh" or "Secure Shell".

#include "includes.h"

RCSID("$Id$");

RCSID("$OpenBSD$");

#include "ssh.h"

#include "servconf.h"

Line 44

Line 42

options->check_mail = -1;

options->x11_forwarding = -1;

options->x11_display_offset = -1;

options->xauth_location = NULL;

options->strict_modes = -1;

options->keepalives = -1;

options->log_facility = (SyslogFacility) - 1;

Line 62

Line 61

options->afs_token_passing = -1;

#endif

options->password_authentication = -1;

options->kbd_interactive_authentication = -1;

#ifdef SKEY

options->skey_authentication = -1;

#endif

options->permit_empty_passwd = -1;

options->use_login = -1;

options->allow_tcp_forwarding = -1;

options->num_allow_users = 0;

options->num_deny_users = 0;

options->num_allow_groups = 0;

Line 74

Line 75

options->ciphers = NULL;

options->protocol = SSH_PROTO_UNKNOWN;

options->gateway_ports = -1;

options->num_subsystems = 0;

options->max_startups_begin = -1;

options->max_startups_rate = -1;

options->max_startups = -1;

}

void

Line 109

Line 114

options->x11_forwarding = 0;

if (options->x11_display_offset == -1)

options->x11_display_offset = 10;

#ifdef XAUTH_PATH

if (options->xauth_location == NULL)

options->xauth_location = XAUTH_PATH;

#endif /* XAUTH_PATH */

if (options->strict_modes == -1)

options->strict_modes = 1;

if (options->keepalives == -1)

Line 141

Line 150

#endif /* AFS */

if (options->password_authentication == -1)

options->password_authentication = 1;

if (options->kbd_interactive_authentication == -1)

options->kbd_interactive_authentication = 0;

#ifdef SKEY

if (options->skey_authentication == -1)

options->skey_authentication = 1;

Line 149

Line 160

options->permit_empty_passwd = 0;

if (options->use_login == -1)

options->use_login = 0;

if (options->allow_tcp_forwarding == -1)

options->allow_tcp_forwarding = 1;

if (options->protocol == SSH_PROTO_UNKNOWN)

options->protocol = SSH_PROTO_1|SSH_PROTO_2;

if (options->gateway_ports == -1)

options->gateway_ports = 0;

if (options->max_startups == -1)

options->max_startups = 10;

if (options->max_startups_rate == -1)

options->max_startups_rate = 100; /* 100% */

if (options->max_startups_begin == -1)

options->max_startups_begin = options->max_startups;

}

#define WHITESPACE " \t\r\n"

/* Keyword tokens. */

typedef enum {

sBadOption, /* == unknown option */

Line 172

Line 189

#ifdef SKEY

sSkeyAuthentication,

#endif

sPasswordAuthentication, sListenAddress,

sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,

sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,

sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,

sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,

sUseLogin, sAllowTcpForwarding,

sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,

sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,

sGatewayPorts, sDSAAuthentication

sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups

} ServerOpCodes;

/* Textual representation of the tokens. */

Line 209

Line 227

{ "afstokenpassing", sAFSTokenPassing },

#endif

{ "passwordauthentication", sPasswordAuthentication },

{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },

#ifdef SKEY

{ "skeyauthentication", sSkeyAuthentication },

#endif

Line 219

Line 238

{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },

{ "x11forwarding", sX11Forwarding },

{ "x11displayoffset", sX11DisplayOffset },

{ "xauthlocation", sXAuthLocation },

{ "strictmodes", sStrictModes },

{ "permitemptypasswords", sEmptyPasswd },

{ "uselogin", sUseLogin },

{ "randomseed", sRandomSeedFile },

{ "keepalive", sKeepAlives },

{ "allowtcpforwarding", sAllowTcpForwarding },

{ "allowusers", sAllowUsers },

{ "denyusers", sDenyUsers },

{ "allowgroups", sAllowGroups },

Line 231

Line 252

{ "ciphers", sCiphers },

{ "protocol", sProtocol },

{ "gatewayports", sGatewayPorts },

{ "subsystem", sSubsystem },

{ "maxstartups", sMaxStartups },

{ NULL, 0 }

};

Line 292

Line 315

{

FILE *f;

char line[1024];

char *cp, **charptr;

char *cp, **charptr, *arg;

int linenum, *intptr, value;

int bad_options = 0;

ServerOpCodes opcode;

int i;

f = fopen(filename, "r");

if (!f) {

Line 305

Line 329

linenum = 0;

while (fgets(line, sizeof(line), f)) {

linenum++;

cp = line + strspn(line, WHITESPACE);

cp = line;

if (!*cp || *cp == '#')

arg = strdelim(&cp);

/* Ignore leading whitespace */

if (*arg == '\0')

arg = strdelim(&cp);

if (!*arg || *arg == '#')

continue;

cp = strtok(cp, WHITESPACE);

opcode = parse_token(arg, filename, linenum);

opcode = parse_token(cp, filename, linenum);

switch (opcode) {

case sBadOption:

bad_options++;

Line 324

Line 351

if (options->num_ports >= MAX_PORTS)

fatal("%s line %d: too many ports.\n",

filename, linenum);

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!cp)

if (!arg || *arg == '\0')

fatal("%s line %d: missing port number.\n",

filename, linenum);

options->ports[options->num_ports++] = atoi(cp);

options->ports[options->num_ports++] = atoi(arg);

break;

case sServerKeyBits:

intptr = &options->server_key_bits;

parse_int:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!cp) {

if (!arg || *arg == '\0') {

fprintf(stderr, "%s line %d: missing integer value.\n",

filename, linenum);

exit(1);

}

value = atoi(cp);

value = atoi(arg);

if (*intptr == -1)

*intptr = value;

break;

Line 354

Line 381

goto parse_int;

case sListenAddress:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!cp)

if (!arg || *arg == '\0')

fatal("%s line %d: missing inet addr.\n",

filename, linenum);

add_listen_addr(options, cp);

add_listen_addr(options, arg);

break;

case sHostKeyFile:

case sHostDSAKeyFile:

charptr = (opcode == sHostKeyFile ) ?

&options->host_key_file : &options->host_dsa_key_file;

cp = strtok(NULL, WHITESPACE);

parse_filename:

if (!cp) {

arg = strdelim(&cp);

if (!arg || *arg == '\0') {

fprintf(stderr, "%s line %d: missing file name.\n",

filename, linenum);

exit(1);

}

if (*charptr == NULL)

*charptr = tilde_expand_filename(cp, getuid());

*charptr = tilde_expand_filename(arg, getuid());

break;

case sPidFile:

charptr = &options->pid_file;

cp = strtok(NULL, WHITESPACE);

goto parse_filename;

if (!cp) {

fprintf(stderr, "%s line %d: missing file name.\n",

filename, linenum);

exit(1);

}

if (*charptr == NULL)

*charptr = tilde_expand_filename(cp, getuid());

break;

case sRandomSeedFile:

fprintf(stderr, "%s line %d: \"randomseed\" option is obsolete.\n",

filename, linenum);

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

break;

case sPermitRootLogin:

intptr = &options->permit_root_login;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!cp) {

if (!arg || *arg == '\0') {

fprintf(stderr, "%s line %d: missing yes/without-password/no argument.\n",

filename, linenum);

exit(1);

}

if (strcmp(cp, "without-password") == 0)

if (strcmp(arg, "without-password") == 0)

value = 2;

else if (strcmp(cp, "yes") == 0)

else if (strcmp(arg, "yes") == 0)

value = 1;

else if (strcmp(cp, "no") == 0)

else if (strcmp(arg, "no") == 0)

value = 0;

else {

fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",

filename, linenum, cp);

filename, linenum, arg);

exit(1);

}

if (*intptr == -1)

Line 419

Line 439

case sIgnoreRhosts:

intptr = &options->ignore_rhosts;

parse_flag:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!cp) {

if (!arg || *arg == '\0') {

fprintf(stderr, "%s line %d: missing yes/no argument.\n",

filename, linenum);

exit(1);

}

if (strcmp(cp, "yes") == 0)

if (strcmp(arg, "yes") == 0)

value = 1;

else if (strcmp(cp, "no") == 0)

else if (strcmp(arg, "no") == 0)

value = 0;

else {

fprintf(stderr, "%s line %d: Bad yes/no argument: %s\n",

filename, linenum, cp);

filename, linenum, arg);

exit(1);

}

if (*intptr == -1)

Line 486

Line 506

intptr = &options->password_authentication;

goto parse_flag;

case sKbdInteractiveAuthentication:

intptr = &options->kbd_interactive_authentication;

goto parse_flag;

case sCheckMail:

intptr = &options->check_mail;

goto parse_flag;

Line 508

Line 532

intptr = &options->x11_display_offset;

goto parse_int;

case sXAuthLocation:

charptr = &options->xauth_location;

goto parse_filename;

case sStrictModes:

intptr = &options->strict_modes;

goto parse_flag;

Line 530

Line 558

case sLogFacility:

intptr = (int *) &options->log_facility;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

value = log_facility_number(cp);

value = log_facility_number(arg);

if (value == (SyslogFacility) - 1)

fatal("%.200s line %d: unsupported log facility '%s'\n",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*intptr == -1)

*intptr = (SyslogFacility) value;

break;

case sLogLevel:

intptr = (int *) &options->log_level;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

value = log_level_number(cp);

value = log_level_number(arg);

if (value == (LogLevel) - 1)

fatal("%.200s line %d: unsupported log level '%s'\n",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*intptr == -1)

*intptr = (LogLevel) value;

break;

case sAllowTcpForwarding:

intptr = &options->allow_tcp_forwarding;

goto parse_flag;

case sAllowUsers:

while ((cp = strtok(NULL, WHITESPACE))) {

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_allow_users >= MAX_ALLOW_USERS)

fatal("%s line %d: too many allow users.\n",

filename, linenum);

options->allow_users[options->num_allow_users++] = xstrdup(cp);

options->allow_users[options->num_allow_users++] = xstrdup(arg);

}

break;

case sDenyUsers:

while ((cp = strtok(NULL, WHITESPACE))) {

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_deny_users >= MAX_DENY_USERS)

fatal( "%s line %d: too many deny users.\n",

filename, linenum);

options->deny_users[options->num_deny_users++] = xstrdup(cp);

options->deny_users[options->num_deny_users++] = xstrdup(arg);

}

break;

case sAllowGroups:

while ((cp = strtok(NULL, WHITESPACE))) {

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_allow_groups >= MAX_ALLOW_GROUPS)

fatal("%s line %d: too many allow groups.\n",

filename, linenum);

options->allow_groups[options->num_allow_groups++] = xstrdup(cp);

options->allow_groups[options->num_allow_groups++] = xstrdup(arg);

}

break;

case sDenyGroups:

while ((cp = strtok(NULL, WHITESPACE))) {

while ((arg = strdelim(&cp)) && *arg != '\0') {

if (options->num_deny_groups >= MAX_DENY_GROUPS)

fatal("%s line %d: too many deny groups.\n",

filename, linenum);

options->deny_groups[options->num_deny_groups++] = xstrdup(cp);

options->deny_groups[options->num_deny_groups++] = xstrdup(arg);

}

break;

case sCiphers:

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

if (!ciphers_valid(cp))

if (!arg || *arg == '\0')

fatal("%s line %d: Missing argument.", filename, linenum);

if (!ciphers_valid(arg))

fatal("%s line %d: Bad SSH2 cipher spec '%s'.",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (options->ciphers == NULL)

options->ciphers = xstrdup(cp);

options->ciphers = xstrdup(arg);

break;

case sProtocol:

intptr = &options->protocol;

cp = strtok(NULL, WHITESPACE);

arg = strdelim(&cp);

value = proto_spec(cp);

if (!arg || *arg == '\0')

fatal("%s line %d: Missing argument.", filename, linenum);

value = proto_spec(arg);

if (value == SSH_PROTO_UNKNOWN)

fatal("%s line %d: Bad protocol spec '%s'.",

filename, linenum, cp ? cp : "<NONE>");

filename, linenum, arg ? arg : "<NONE>");

if (*intptr == SSH_PROTO_UNKNOWN)

*intptr = value;

break;

case sSubsystem:

if(options->num_subsystems >= MAX_SUBSYSTEMS) {

fatal("%s line %d: too many subsystems defined.",

filename, linenum);

}

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: Missing subsystem name.",

filename, linenum);

for (i = 0; i < options->num_subsystems; i++)

if(strcmp(arg, options->subsystem_name[i]) == 0)

fatal("%s line %d: Subsystem '%s' already defined.",

filename, linenum, arg);

options->subsystem_name[options->num_subsystems] = xstrdup(arg);

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: Missing subsystem command.",

filename, linenum);

options->subsystem_command[options->num_subsystems] = xstrdup(arg);

options->num_subsystems++;

break;

case sMaxStartups:

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: Missing MaxStartups spec.",

filename, linenum);

if (sscanf(arg, "%d:%d:%d",

&options->max_startups_begin,

&options->max_startups_rate,

&options->max_startups) == 3) {

if (options->max_startups_begin >

options->max_startups ||

options->max_startups_rate > 100 ||

options->max_startups_rate < 1)

fatal("%s line %d: Illegal MaxStartups spec.",

filename, linenum);

break;

}

intptr = &options->max_startups;

goto parse_int;

default:

fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",

filename, linenum, cp, opcode);

filename, linenum, arg, opcode);

exit(1);

}

if (strtok(NULL, WHITESPACE) != NULL) {

if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {

fprintf(stderr, "%s line %d: garbage at end of line.\n",

fprintf(stderr,

filename, linenum);

"%s line %d: garbage at end of line; \"%.200s\".\n",

filename, linenum, arg);

exit(1);

}