| version 1.78, 2001/04/15 21:28:35 |
version 1.78.2.2, 2001/11/15 22:51:15 |
|
|
| #include "includes.h" |
#include "includes.h" |
| RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
| |
|
| #ifdef KRB4 |
#if defined(KRB4) || defined(KRB5) |
| #include <krb.h> |
#include <krb.h> |
| #endif |
#endif |
| #ifdef AFS |
#ifdef AFS |
|
|
| #include "kex.h" |
#include "kex.h" |
| #include "mac.h" |
#include "mac.h" |
| |
|
| void add_listen_addr(ServerOptions *options, char *addr, u_short port); |
static void add_listen_addr(ServerOptions *, char *, u_short); |
| void add_one_listen_addr(ServerOptions *options, char *addr, u_short port); |
static void add_one_listen_addr(ServerOptions *, char *, u_short); |
| |
|
| /* AF_UNSPEC or AF_INET or AF_INET6 */ |
/* AF_UNSPEC or AF_INET or AF_INET6 */ |
| extern int IPv4or6; |
extern int IPv4or6; |
|
|
| options->ignore_user_known_hosts = -1; |
options->ignore_user_known_hosts = -1; |
| options->print_motd = -1; |
options->print_motd = -1; |
| options->print_lastlog = -1; |
options->print_lastlog = -1; |
| options->check_mail = -1; |
|
| options->x11_forwarding = -1; |
options->x11_forwarding = -1; |
| options->x11_display_offset = -1; |
options->x11_display_offset = -1; |
| options->xauth_location = NULL; |
options->xauth_location = NULL; |
|
|
| options->hostbased_uses_name_from_packet_only = -1; |
options->hostbased_uses_name_from_packet_only = -1; |
| options->rsa_authentication = -1; |
options->rsa_authentication = -1; |
| options->pubkey_authentication = -1; |
options->pubkey_authentication = -1; |
| #ifdef KRB4 |
#if defined(KRB4) || defined(KRB5) |
| options->kerberos_authentication = -1; |
options->kerberos_authentication = -1; |
| options->kerberos_or_local_passwd = -1; |
options->kerberos_or_local_passwd = -1; |
| options->kerberos_ticket_cleanup = -1; |
options->kerberos_ticket_cleanup = -1; |
| #endif |
#endif |
| #ifdef AFS |
#if defined(AFS) || defined(KRB5) |
| options->kerberos_tgt_passing = -1; |
options->kerberos_tgt_passing = -1; |
| |
#endif |
| |
#ifdef AFS |
| options->afs_token_passing = -1; |
options->afs_token_passing = -1; |
| #endif |
#endif |
| options->password_authentication = -1; |
options->password_authentication = -1; |
| options->kbd_interactive_authentication = -1; |
options->kbd_interactive_authentication = -1; |
| options->challenge_reponse_authentication = -1; |
options->challenge_response_authentication = -1; |
| options->permit_empty_passwd = -1; |
options->permit_empty_passwd = -1; |
| options->use_login = -1; |
options->use_login = -1; |
| options->allow_tcp_forwarding = -1; |
options->allow_tcp_forwarding = -1; |
|
|
| options->reverse_mapping_check = -1; |
options->reverse_mapping_check = -1; |
| options->client_alive_interval = -1; |
options->client_alive_interval = -1; |
| options->client_alive_count_max = -1; |
options->client_alive_count_max = -1; |
| |
options->authorized_keys_file = NULL; |
| |
options->authorized_keys_file2 = NULL; |
| } |
} |
| |
|
| void |
void |
|
|
| options->ignore_rhosts = 1; |
options->ignore_rhosts = 1; |
| if (options->ignore_user_known_hosts == -1) |
if (options->ignore_user_known_hosts == -1) |
| options->ignore_user_known_hosts = 0; |
options->ignore_user_known_hosts = 0; |
| if (options->check_mail == -1) |
|
| options->check_mail = 0; |
|
| if (options->print_motd == -1) |
if (options->print_motd == -1) |
| options->print_motd = 1; |
options->print_motd = 1; |
| if (options->print_lastlog == -1) |
if (options->print_lastlog == -1) |
|
|
| options->x11_forwarding = 0; |
options->x11_forwarding = 0; |
| if (options->x11_display_offset == -1) |
if (options->x11_display_offset == -1) |
| options->x11_display_offset = 10; |
options->x11_display_offset = 10; |
| #ifdef XAUTH_PATH |
#ifdef _PATH_XAUTH |
| if (options->xauth_location == NULL) |
if (options->xauth_location == NULL) |
| options->xauth_location = XAUTH_PATH; |
options->xauth_location = _PATH_XAUTH; |
| #endif /* XAUTH_PATH */ |
#endif |
| if (options->strict_modes == -1) |
if (options->strict_modes == -1) |
| options->strict_modes = 1; |
options->strict_modes = 1; |
| if (options->keepalives == -1) |
if (options->keepalives == -1) |
|
|
| options->rsa_authentication = 1; |
options->rsa_authentication = 1; |
| if (options->pubkey_authentication == -1) |
if (options->pubkey_authentication == -1) |
| options->pubkey_authentication = 1; |
options->pubkey_authentication = 1; |
| #ifdef KRB4 |
#if defined(KRB4) || defined(KRB5) |
| if (options->kerberos_authentication == -1) |
if (options->kerberos_authentication == -1) |
| options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); |
options->kerberos_authentication = (access(KEYFILE, R_OK) == 0); |
| if (options->kerberos_or_local_passwd == -1) |
if (options->kerberos_or_local_passwd == -1) |
| options->kerberos_or_local_passwd = 1; |
options->kerberos_or_local_passwd = 1; |
| if (options->kerberos_ticket_cleanup == -1) |
if (options->kerberos_ticket_cleanup == -1) |
| options->kerberos_ticket_cleanup = 1; |
options->kerberos_ticket_cleanup = 1; |
| #endif /* KRB4 */ |
#endif |
| #ifdef AFS |
#if defined(AFS) || defined(KRB5) |
| if (options->kerberos_tgt_passing == -1) |
if (options->kerberos_tgt_passing == -1) |
| options->kerberos_tgt_passing = 0; |
options->kerberos_tgt_passing = 0; |
| |
#endif |
| |
#ifdef AFS |
| if (options->afs_token_passing == -1) |
if (options->afs_token_passing == -1) |
| options->afs_token_passing = k_hasafs(); |
options->afs_token_passing = k_hasafs(); |
| #endif /* AFS */ |
#endif |
| if (options->password_authentication == -1) |
if (options->password_authentication == -1) |
| options->password_authentication = 1; |
options->password_authentication = 1; |
| if (options->kbd_interactive_authentication == -1) |
if (options->kbd_interactive_authentication == -1) |
| options->kbd_interactive_authentication = 0; |
options->kbd_interactive_authentication = 0; |
| if (options->challenge_reponse_authentication == -1) |
if (options->challenge_response_authentication == -1) |
| options->challenge_reponse_authentication = 1; |
options->challenge_response_authentication = 1; |
| if (options->permit_empty_passwd == -1) |
if (options->permit_empty_passwd == -1) |
| options->permit_empty_passwd = 0; |
options->permit_empty_passwd = 0; |
| if (options->use_login == -1) |
if (options->use_login == -1) |
|
|
| options->client_alive_interval = 0; |
options->client_alive_interval = 0; |
| if (options->client_alive_count_max == -1) |
if (options->client_alive_count_max == -1) |
| options->client_alive_count_max = 3; |
options->client_alive_count_max = 3; |
| |
if (options->authorized_keys_file2 == NULL) { |
| |
/* authorized_keys_file2 falls back to authorized_keys_file */ |
| |
if (options->authorized_keys_file != NULL) |
| |
options->authorized_keys_file2 = options->authorized_keys_file; |
| |
else |
| |
options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; |
| |
} |
| |
if (options->authorized_keys_file == NULL) |
| |
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
| } |
} |
| |
|
| /* Keyword tokens. */ |
/* Keyword tokens. */ |
|
|
| sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| sPermitRootLogin, sLogFacility, sLogLevel, |
sPermitRootLogin, sLogFacility, sLogLevel, |
| sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
| #ifdef KRB4 |
#if defined(KRB4) || defined(KRB5) |
| sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
| #endif |
#endif |
| |
#if defined(AFS) || defined(KRB5) |
| |
sKerberosTgtPassing, |
| |
#endif |
| #ifdef AFS |
#ifdef AFS |
| sKerberosTgtPassing, sAFSTokenPassing, |
sAFSTokenPassing, |
| #endif |
#endif |
| sChallengeResponseAuthentication, |
sChallengeResponseAuthentication, |
| sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
| sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| sX11Forwarding, sX11DisplayOffset, |
sX11Forwarding, sX11DisplayOffset, |
| sStrictModes, sEmptyPasswd, sKeepAlives, sCheckMail, |
sStrictModes, sEmptyPasswd, sKeepAlives, |
| sUseLogin, sAllowTcpForwarding, |
sUseLogin, sAllowTcpForwarding, |
| sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
| sBanner, sReverseMappingCheck, sHostbasedAuthentication, |
sBanner, sReverseMappingCheck, sHostbasedAuthentication, |
| sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| sClientAliveCountMax |
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, |
| |
sDeprecated |
| } ServerOpCodes; |
} ServerOpCodes; |
| |
|
| /* Textual representation of the tokens. */ |
/* Textual representation of the tokens. */ |
|
|
| { "rsaauthentication", sRSAAuthentication }, |
{ "rsaauthentication", sRSAAuthentication }, |
| { "pubkeyauthentication", sPubkeyAuthentication }, |
{ "pubkeyauthentication", sPubkeyAuthentication }, |
| { "dsaauthentication", sPubkeyAuthentication }, /* alias */ |
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */ |
| #ifdef KRB4 |
#if defined(KRB4) || defined(KRB5) |
| { "kerberosauthentication", sKerberosAuthentication }, |
{ "kerberosauthentication", sKerberosAuthentication }, |
| { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
| { "kerberosticketcleanup", sKerberosTicketCleanup }, |
{ "kerberosticketcleanup", sKerberosTicketCleanup }, |
| #endif |
#endif |
| #ifdef AFS |
#if defined(AFS) || defined(KRB5) |
| { "kerberostgtpassing", sKerberosTgtPassing }, |
{ "kerberostgtpassing", sKerberosTgtPassing }, |
| |
#endif |
| |
#ifdef AFS |
| { "afstokenpassing", sAFSTokenPassing }, |
{ "afstokenpassing", sAFSTokenPassing }, |
| #endif |
#endif |
| { "passwordauthentication", sPasswordAuthentication }, |
{ "passwordauthentication", sPasswordAuthentication }, |
| { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
| { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
{ "challengeresponseauthentication", sChallengeResponseAuthentication }, |
| { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ |
{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ |
| { "checkmail", sCheckMail }, |
{ "checkmail", sDeprecated }, |
| { "listenaddress", sListenAddress }, |
{ "listenaddress", sListenAddress }, |
| { "printmotd", sPrintMotd }, |
{ "printmotd", sPrintMotd }, |
| { "printlastlog", sPrintLastLog }, |
{ "printlastlog", sPrintLastLog }, |
|
|
| { "reversemappingcheck", sReverseMappingCheck }, |
{ "reversemappingcheck", sReverseMappingCheck }, |
| { "clientaliveinterval", sClientAliveInterval }, |
{ "clientaliveinterval", sClientAliveInterval }, |
| { "clientalivecountmax", sClientAliveCountMax }, |
{ "clientalivecountmax", sClientAliveCountMax }, |
| |
{ "authorizedkeysfile", sAuthorizedKeysFile }, |
| |
{ "authorizedkeysfile2", sAuthorizedKeysFile2 }, |
| { NULL, 0 } |
{ NULL, 0 } |
| }; |
}; |
| |
|
|
|
| return sBadOption; |
return sBadOption; |
| } |
} |
| |
|
| void |
static void |
| add_listen_addr(ServerOptions *options, char *addr, u_short port) |
add_listen_addr(ServerOptions *options, char *addr, u_short port) |
| { |
{ |
| int i; |
int i; |
|
|
| add_one_listen_addr(options, addr, port); |
add_one_listen_addr(options, addr, port); |
| } |
} |
| |
|
| void |
static void |
| add_one_listen_addr(ServerOptions *options, char *addr, u_short port) |
add_one_listen_addr(ServerOptions *options, char *addr, u_short port) |
| { |
{ |
| struct addrinfo hints, *ai, *aitop; |
struct addrinfo hints, *ai, *aitop; |
|
|
| int linenum, *intptr, value; |
int linenum, *intptr, value; |
| int bad_options = 0; |
int bad_options = 0; |
| ServerOpCodes opcode; |
ServerOpCodes opcode; |
| int i; |
int i, n; |
| |
|
| f = fopen(filename, "r"); |
f = fopen(filename, "r"); |
| if (!f) { |
if (!f) { |
|
|
| continue; |
continue; |
| if (options->listen_addrs != NULL) |
if (options->listen_addrs != NULL) |
| fatal("%s line %d: ports must be specified before " |
fatal("%s line %d: ports must be specified before " |
| "ListenAdress.\n", filename, linenum); |
"ListenAdress.", filename, linenum); |
| if (options->num_ports >= MAX_PORTS) |
if (options->num_ports >= MAX_PORTS) |
| fatal("%s line %d: too many ports.", |
fatal("%s line %d: too many ports.", |
| filename, linenum); |
filename, linenum); |
|
|
| |
|
| case sLoginGraceTime: |
case sLoginGraceTime: |
| intptr = &options->login_grace_time; |
intptr = &options->login_grace_time; |
| goto parse_int; |
parse_time: |
| |
arg = strdelim(&cp); |
| |
if (!arg || *arg == '\0') |
| |
fatal("%s line %d: missing time value.", |
| |
filename, linenum); |
| |
if ((value = convtime(arg)) == -1) |
| |
fatal("%s line %d: invalid time value.", |
| |
filename, linenum); |
| |
if (*intptr == -1) |
| |
*intptr = value; |
| |
break; |
| |
|
| case sKeyRegenerationTime: |
case sKeyRegenerationTime: |
| intptr = &options->key_regeneration_time; |
intptr = &options->key_regeneration_time; |
| goto parse_int; |
goto parse_time; |
| |
|
| case sListenAddress: |
case sListenAddress: |
| arg = strdelim(&cp); |
arg = strdelim(&cp); |
|
|
| case sPubkeyAuthentication: |
case sPubkeyAuthentication: |
| intptr = &options->pubkey_authentication; |
intptr = &options->pubkey_authentication; |
| goto parse_flag; |
goto parse_flag; |
| |
#if defined(KRB4) || defined(KRB5) |
| #ifdef KRB4 |
|
| case sKerberosAuthentication: |
case sKerberosAuthentication: |
| intptr = &options->kerberos_authentication; |
intptr = &options->kerberos_authentication; |
| goto parse_flag; |
goto parse_flag; |
|
|
| intptr = &options->kerberos_ticket_cleanup; |
intptr = &options->kerberos_ticket_cleanup; |
| goto parse_flag; |
goto parse_flag; |
| #endif |
#endif |
| |
#if defined(AFS) || defined(KRB5) |
| #ifdef AFS |
|
| case sKerberosTgtPassing: |
case sKerberosTgtPassing: |
| intptr = &options->kerberos_tgt_passing; |
intptr = &options->kerberos_tgt_passing; |
| goto parse_flag; |
goto parse_flag; |
| |
#endif |
| |
#ifdef AFS |
| case sAFSTokenPassing: |
case sAFSTokenPassing: |
| intptr = &options->afs_token_passing; |
intptr = &options->afs_token_passing; |
| goto parse_flag; |
goto parse_flag; |
|
|
| intptr = &options->kbd_interactive_authentication; |
intptr = &options->kbd_interactive_authentication; |
| goto parse_flag; |
goto parse_flag; |
| |
|
| case sCheckMail: |
|
| intptr = &options->check_mail; |
|
| goto parse_flag; |
|
| |
|
| case sChallengeResponseAuthentication: |
case sChallengeResponseAuthentication: |
| intptr = &options->challenge_reponse_authentication; |
intptr = &options->challenge_response_authentication; |
| goto parse_flag; |
goto parse_flag; |
| |
|
| case sPrintMotd: |
case sPrintMotd: |
|
|
| if (!arg || *arg == '\0') |
if (!arg || *arg == '\0') |
| fatal("%s line %d: Missing MaxStartups spec.", |
fatal("%s line %d: Missing MaxStartups spec.", |
| filename, linenum); |
filename, linenum); |
| if (sscanf(arg, "%d:%d:%d", |
if ((n = sscanf(arg, "%d:%d:%d", |
| &options->max_startups_begin, |
&options->max_startups_begin, |
| &options->max_startups_rate, |
&options->max_startups_rate, |
| &options->max_startups) == 3) { |
&options->max_startups)) == 3) { |
| if (options->max_startups_begin > |
if (options->max_startups_begin > |
| options->max_startups || |
options->max_startups || |
| options->max_startups_rate > 100 || |
options->max_startups_rate > 100 || |
| options->max_startups_rate < 1) |
options->max_startups_rate < 1) |
| |
fatal("%s line %d: Illegal MaxStartups spec.", |
| |
filename, linenum); |
| |
} else if (n != 1) |
| fatal("%s line %d: Illegal MaxStartups spec.", |
fatal("%s line %d: Illegal MaxStartups spec.", |
| filename, linenum); |
filename, linenum); |
| break; |
else |
| } |
options->max_startups = options->max_startups_begin; |
| intptr = &options->max_startups; |
break; |
| goto parse_int; |
|
| |
|
| case sBanner: |
case sBanner: |
| charptr = &options->banner; |
charptr = &options->banner; |
| goto parse_filename; |
goto parse_filename; |
| |
/* |
| |
* These options can contain %X options expanded at |
| |
* connect time, so that you can specify paths like: |
| |
* |
| |
* AuthorizedKeysFile /etc/ssh_keys/%u |
| |
*/ |
| |
case sAuthorizedKeysFile: |
| |
case sAuthorizedKeysFile2: |
| |
charptr = (opcode == sAuthorizedKeysFile ) ? |
| |
&options->authorized_keys_file : |
| |
&options->authorized_keys_file2; |
| |
goto parse_filename; |
| |
|
| case sClientAliveInterval: |
case sClientAliveInterval: |
| intptr = &options->client_alive_interval; |
intptr = &options->client_alive_interval; |
| goto parse_int; |
goto parse_time; |
| |
|
| case sClientAliveCountMax: |
case sClientAliveCountMax: |
| intptr = &options->client_alive_count_max; |
intptr = &options->client_alive_count_max; |
| goto parse_int; |
goto parse_int; |
| |
|
| |
case sDeprecated: |
| |
log("%s line %d: Deprecated option %s", |
| |
filename, linenum, arg); |
| |
while(arg) |
| |
arg = strdelim(&cp); |
| |
break; |
| |
|
| default: |
default: |
| fatal("%s line %d: Missing handler for opcode %s (%d)", |
fatal("%s line %d: Missing handler for opcode %s (%d)", |
| filename, linenum, arg, opcode); |
filename, linenum, arg, opcode); |
![[BACK]](/icons/back.gif){kind=icon}
Return to servconf.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh