src/usr.bin/ssh/servconf.c - diff

Return to servconf.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/servconf.c between version 1.53 and 1.53.2.1

version 1.53, 2000/10/14 12:12:09

version 1.53.2.1, 2001/02/16 20:13:12

Line 12

#include "includes.h"

RCSID("$OpenBSD$");

#ifdef KRB4

#include <krb.h>

#endif

#ifdef AFS

#include <kafs.h>

#endif

#include "ssh.h"

#include "log.h"

#include "servconf.h"

#include "xmalloc.h"

#include "compat.h"

#include "pathnames.h"

#include "tildexpand.h"

#include "misc.h"

#include "cipher.h"

#include "kex.h"

#include "mac.h"

/* add listen address */

void add_listen_addr(ServerOptions *options, char *addr);

/* AF_UNSPEC or AF_INET or AF_INET6 */

extern int IPv4or6;

/* Initializes the server options to their default values. */

void

Line 29

Line 46

options->num_ports = 0;

options->ports_from_cmdline = 0;

options->listen_addrs = NULL;

options->host_key_file = NULL;

options->num_host_key_files = 0;

options->host_dsa_key_file = NULL;

options->pid_file = NULL;

options->server_key_bits = -1;

options->login_grace_time = -1;

options->key_regeneration_time = -1;

options->permit_root_login = -1;

options->permit_root_login = PERMIT_NOT_SET;

options->ignore_rhosts = -1;

options->ignore_user_known_hosts = -1;

options->print_motd = -1;

Line 50

Line 66

options->rhosts_authentication = -1;

options->rhosts_rsa_authentication = -1;

options->rsa_authentication = -1;

options->dsa_authentication = -1;

options->pubkey_authentication = -1;

#ifdef KRB4

options->kerberos_authentication = -1;

options->kerberos_or_local_passwd = -1;

Line 62

Line 78

#endif

options->password_authentication = -1;

options->kbd_interactive_authentication = -1;

#ifdef SKEY

options->challenge_reponse_authentication = -1;

options->skey_authentication = -1;

#endif

options->permit_empty_passwd = -1;

options->use_login = -1;

options->allow_tcp_forwarding = -1;

Line 73

Line 87

options->num_allow_groups = 0;

options->num_deny_groups = 0;

options->ciphers = NULL;

options->macs = NULL;

options->protocol = SSH_PROTO_UNKNOWN;

options->gateway_ports = -1;

options->num_subsystems = 0;

options->max_startups_begin = -1;

options->max_startups_rate = -1;

options->max_startups = -1;

options->banner = NULL;

options->reverse_mapping_check = -1;

}

void

fill_default_server_options(ServerOptions *options)

{

if (options->protocol == SSH_PROTO_UNKNOWN)

options->protocol = SSH_PROTO_1|SSH_PROTO_2;

if (options->num_host_key_files == 0) {

/* fill default hostkeys for protocols */

if (options->protocol & SSH_PROTO_1)

options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;

if (options->protocol & SSH_PROTO_2)

options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;

}

if (options->num_ports == 0)

options->ports[options->num_ports++] = SSH_DEFAULT_PORT;

if (options->listen_addrs == NULL)

add_listen_addr(options, NULL);

if (options->host_key_file == NULL)

options->host_key_file = HOST_KEY_FILE;

if (options->host_dsa_key_file == NULL)

options->host_dsa_key_file = HOST_DSA_KEY_FILE;

if (options->pid_file == NULL)

options->pid_file = SSH_DAEMON_PID_FILE;

options->pid_file = _PATH_SSH_DAEMON_PID_FILE;

if (options->server_key_bits == -1)

options->server_key_bits = 768;

if (options->login_grace_time == -1)

options->login_grace_time = 600;

if (options->key_regeneration_time == -1)

options->key_regeneration_time = 3600;

if (options->permit_root_login == -1)

if (options->permit_root_login == PERMIT_NOT_SET)

options->permit_root_login = 1; /* yes */

options->permit_root_login = PERMIT_YES;

if (options->ignore_rhosts == -1)

options->ignore_rhosts = 1;

if (options->ignore_user_known_hosts == -1)

Line 132

Line 154

options->rhosts_rsa_authentication = 0;

if (options->rsa_authentication == -1)

options->rsa_authentication = 1;

if (options->dsa_authentication == -1)

if (options->pubkey_authentication == -1)

options->dsa_authentication = 1;

options->pubkey_authentication = 1;

#ifdef KRB4

if (options->kerberos_authentication == -1)

options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);

Line 152

Line 174

options->password_authentication = 1;

if (options->kbd_interactive_authentication == -1)

options->kbd_interactive_authentication = 0;

#ifdef SKEY

if (options->challenge_reponse_authentication == -1)

if (options->skey_authentication == -1)

options->challenge_reponse_authentication = 1;

options->skey_authentication = 1;

#endif

if (options->permit_empty_passwd == -1)

options->permit_empty_passwd = 0;

if (options->use_login == -1)

options->use_login = 0;

if (options->allow_tcp_forwarding == -1)

options->allow_tcp_forwarding = 1;

if (options->protocol == SSH_PROTO_UNKNOWN)

options->protocol = SSH_PROTO_1|SSH_PROTO_2;

if (options->gateway_ports == -1)

options->gateway_ports = 0;

if (options->max_startups == -1)

Line 172

Line 190

options->max_startups_rate = 100; /* 100% */

if (options->max_startups_begin == -1)

options->max_startups_begin = options->max_startups;

if (options->reverse_mapping_check == -1)

options->reverse_mapping_check = 0;

}

/* Keyword tokens. */

Line 186

Line 206

#ifdef AFS

sKerberosTgtPassing, sAFSTokenPassing,

#endif

#ifdef SKEY

sChallengeResponseAuthentication,

sSkeyAuthentication,

#endif

sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,

sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,

sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,

sUseLogin, sAllowTcpForwarding,

sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,

sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,

sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,

sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups

sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,

sBanner, sReverseMappingCheck

} ServerOpCodes;

/* Textual representation of the tokens. */

Line 205

Line 224

} keywords[] = {

{ "port", sPort },

{ "hostkey", sHostKeyFile },

{ "hostdsakey", sHostDSAKeyFile },

{ "hostdsakey", sHostKeyFile }, /* alias */

{ "pidfile", sPidFile },

{ "serverkeybits", sServerKeyBits },

{ "logingracetime", sLoginGraceTime },

{ "keyregenerationinterval", sKeyRegenerationTime },

Line 216

Line 235

{ "rhostsauthentication", sRhostsAuthentication },

{ "rhostsrsaauthentication", sRhostsRSAAuthentication },

{ "rsaauthentication", sRSAAuthentication },

{ "dsaauthentication", sDSAAuthentication },

{ "pubkeyauthentication", sPubkeyAuthentication },

{ "dsaauthentication", sPubkeyAuthentication }, /* alias */

#ifdef KRB4

{ "kerberosauthentication", sKerberosAuthentication },

{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },

Line 228

Line 248

#endif

{ "passwordauthentication", sPasswordAuthentication },

{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },

#ifdef SKEY

{ "challengeresponseauthentication", sChallengeResponseAuthentication },

{ "skeyauthentication", sSkeyAuthentication },

{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */

#endif

{ "checkmail", sCheckMail },

{ "listenaddress", sListenAddress },

{ "printmotd", sPrintMotd },

Line 250

Line 269

{ "allowgroups", sAllowGroups },

{ "denygroups", sDenyGroups },

{ "ciphers", sCiphers },

{ "macs", sMacs },

{ "protocol", sProtocol },

{ "gatewayports", sGatewayPorts },

{ "subsystem", sSubsystem },

{ "maxstartups", sMaxStartups },

{ "banner", sBanner },

{ "reversemappingcheck", sReverseMappingCheck },

{ NULL, 0 }

};

Line 266

Line 288

parse_token(const char *cp, const char *filename,

int linenum)

{

unsigned int i;

u_int i;

for (i = 0; keywords[i].name; i++)

if (strcasecmp(cp, keywords[i].name) == 0)

Line 283

Line 305

void

add_listen_addr(ServerOptions *options, char *addr)

{

extern int IPv4or6;

struct addrinfo hints, *ai, *aitop;

char strport[NI_MAXSERV];

int gaierr;

Line 334

Line 355

/* Ignore leading whitespace */

if (*arg == '\0')

arg = strdelim(&cp);

if (!*arg || *arg == '#')

if (!arg || !*arg || *arg == '#')

continue;

intptr = NULL;

charptr = NULL;

opcode = parse_token(arg, filename, linenum);

switch (opcode) {

case sBadOption:

Line 389

Line 412

break;

case sHostKeyFile:

case sHostDSAKeyFile:

intptr = &options->num_host_key_files;

charptr = (opcode == sHostKeyFile ) ?

if (*intptr >= MAX_HOSTKEYS) {

&options->host_key_file : &options->host_dsa_key_file;

fprintf(stderr, "%s line %d: to many host keys specified (max %d).\n",

filename, linenum, MAX_HOSTKEYS);

exit(1);

}

charptr = &options->host_key_files[*intptr];

parse_filename:

arg = strdelim(&cp);

if (!arg || *arg == '\0') {

Line 399

Line 426

filename, linenum);

exit(1);

}

if (*charptr == NULL)

if (*charptr == NULL) {

*charptr = tilde_expand_filename(arg, getuid());

/* increase optional counter */

if (intptr != NULL)

*intptr = *intptr + 1;

}

break;

case sPidFile:

Line 422

Line 453

exit(1);

}

if (strcmp(arg, "without-password") == 0)

value = 2;

value = PERMIT_NO_PASSWD;

else if (strcmp(arg, "forced-commands-only") == 0)

value = PERMIT_FORCED_ONLY;

else if (strcmp(arg, "yes") == 0)

value = 1;

value = PERMIT_YES;

else if (strcmp(arg, "no") == 0)

value = 0;

value = PERMIT_NO;

else {

fprintf(stderr, "%s line %d: Bad yes/without-password/no argument: %s\n",

fprintf(stderr, "%s line %d: Bad yes/"

filename, linenum, arg);

"without-password/forced-commands-only/no "

"argument: %s\n", filename, linenum, arg);

exit(1);

}

if (*intptr == -1)

Line 474

Line 508

intptr = &options->rsa_authentication;

goto parse_flag;

case sDSAAuthentication:

case sPubkeyAuthentication:

intptr = &options->dsa_authentication;

intptr = &options->pubkey_authentication;

goto parse_flag;

#ifdef KRB4

Line 514

Line 548

intptr = &options->check_mail;

goto parse_flag;

#ifdef SKEY

case sChallengeResponseAuthentication:

case sSkeyAuthentication:

intptr = &options->challenge_reponse_authentication;

intptr = &options->skey_authentication;

goto parse_flag;

#endif

case sPrintMotd:

intptr = &options->print_motd;

Line 535

Line 567

case sXAuthLocation:

charptr = &options->xauth_location;

goto parse_filename;

case sStrictModes:

intptr = &options->strict_modes;

goto parse_flag;

Line 556

Line 588

intptr = &options->gateway_ports;

goto parse_flag;

case sReverseMappingCheck:

intptr = &options->reverse_mapping_check;

goto parse_flag;

case sLogFacility:

intptr = (int *) &options->log_facility;

arg = strdelim(&cp);

Line 629

Line 665

options->ciphers = xstrdup(arg);

break;

case sMacs:

arg = strdelim(&cp);

if (!arg || *arg == '\0')

fatal("%s line %d: Missing argument.", filename, linenum);

if (!mac_valid(arg))

fatal("%s line %d: Bad SSH2 mac spec '%s'.",

filename, linenum, arg ? arg : "<NONE>");

if (options->macs == NULL)

options->macs = xstrdup(arg);

break;

case sProtocol:

intptr = &options->protocol;

arg = strdelim(&cp);

Line 684

Line 731

intptr = &options->max_startups;

goto parse_int;

case sBanner:

charptr = &options->banner;

goto parse_filename;

default:

fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",

filename, linenum, arg, opcode);

exit(1);

}

if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {

fprintf(stderr,

"%s line %d: garbage at end of line; \"%.200s\".\n",

filename, linenum, arg);

exit(1);